No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

nginx.spec 32KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919
  1. %global _hardened_build 1
  2. %global nginx_user nginx
  3. %define lua_version 0.10.14
  4. %define ndk_version 0.3.0
  5. %define modsecurity_version 1.0.0
  6. %define naxsi_version 0.56
  7. # gperftools exist only on selected arches
  8. %ifnarch s390 s390x
  9. %global with_gperftools 1
  10. %endif
  11. %global with_aio 1
  12. %if 0%{?fedora} > 22
  13. %global with_mailcap_mimetypes 1
  14. %endif
  15. Name: nginx
  16. Epoch: 1
  17. Version: 1.15.9
  18. Release: 1%{?dist}
  19. Summary: A high performance web server and reverse proxy server
  20. Group: System Environment/Daemons
  21. # BSD License (two clause)
  22. # http://www.freebsd.org/copyright/freebsd-license.html
  23. License: BSD
  24. URL: http://nginx.org/
  25. Source0: http://nginx.org/download/nginx-%{version}.tar.gz
  26. Source1: http://nginx.org/download/nginx-%{version}.tar.gz.asc
  27. Source10: nginx.service
  28. Source11: nginx.logrotate
  29. Source12: nginx.conf
  30. Source13: nginx-upgrade
  31. Source14: nginx-upgrade.8
  32. Source100: index.html
  33. Source101: poweredby.png
  34. Source102: nginx-logo.png
  35. Source103: 404.html
  36. Source104: 50x.html
  37. Source200: README.dynamic
  38. Source210: UPGRADE-NOTES-1.6-to-1.10
  39. Source300: lua-nginx-module-%{lua_version}.tar.gz
  40. Source301: ngx_devel_kit-%{ndk_version}.tar.gz
  41. Source302: modsecurity-nginx-v%{modsecurity_version}.tar.gz
  42. Source303: naxsi-%{naxsi_version}.tar.gz
  43. # removes -Werror in upstream build scripts. -Werror conflicts with
  44. # -D_FORTIFY_SOURCE=2 causing warnings to turn into errors.
  45. Patch0: nginx-auto-cc-gcc.patch
  46. %if 0%{?with_gperftools}
  47. BuildRequires: gperftools-devel
  48. %endif
  49. BuildRequires: openssl-devel
  50. BuildRequires: pcre-devel
  51. BuildRequires: zlib-devel
  52. Requires: nginx-filesystem = %{epoch}:%{version}-%{release}
  53. %if 0%{?rhel} || 0%{?fedora} < 24
  54. # Introduced at 1:1.10.0-1 to ease upgrade path. To be removed later.
  55. Requires: nginx-all-modules = %{epoch}:%{version}-%{release}
  56. %endif
  57. Requires: openssl
  58. Requires: pcre
  59. Requires(pre): nginx-filesystem
  60. %if 0%{?with_mailcap_mimetypes}
  61. Requires: nginx-mimetypes
  62. %endif
  63. Provides: webserver
  64. BuildRequires: systemd
  65. Requires(post): systemd
  66. Requires(preun): systemd
  67. Requires(postun): systemd
  68. %description
  69. Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
  70. IMAP protocols, with a strong focus on high concurrency, performance and low
  71. memory usage.
  72. %package all-modules
  73. Group: System Environment/Daemons
  74. Summary: A meta package that installs all available Nginx modules
  75. BuildArch: noarch
  76. Requires: nginx-mod-http-geoip = %{epoch}:%{version}-%{release}
  77. Requires: nginx-mod-http-image-filter = %{epoch}:%{version}-%{release}
  78. Requires: nginx-mod-http-perl = %{epoch}:%{version}-%{release}
  79. Requires: nginx-mod-http-xslt-filter = %{epoch}:%{version}-%{release}
  80. Requires: nginx-mod-mail = %{epoch}:%{version}-%{release}
  81. Requires: nginx-mod-stream = %{epoch}:%{version}-%{release}
  82. %description all-modules
  83. %{summary}.
  84. %if 0%{?rhel}
  85. The main nginx package depends on this to ease the upgrade path. After a grace
  86. period of several months, modules will become optional.
  87. %endif
  88. %if 0%{?fedora} && 0%{?fedora} < 24
  89. The main nginx package depends on this to ease the upgrade path. Starting from
  90. Fedora 24, modules are optional.
  91. %endif
  92. %package filesystem
  93. Group: System Environment/Daemons
  94. Summary: The basic directory layout for the Nginx server
  95. BuildArch: noarch
  96. Requires(pre): shadow-utils
  97. %description filesystem
  98. The nginx-filesystem package contains the basic directory layout
  99. for the Nginx server including the correct permissions for the
  100. directories.
  101. %package mod-http-geoip
  102. Group: System Environment/Daemons
  103. Summary: Nginx HTTP geoip module
  104. BuildRequires: GeoIP-devel
  105. Requires: nginx
  106. Requires: GeoIP
  107. %description mod-http-geoip
  108. %{summary}.
  109. %package mod-http-image-filter
  110. Group: System Environment/Daemons
  111. Summary: Nginx HTTP image filter module
  112. BuildRequires: gd-devel
  113. Requires: nginx
  114. Requires: gd
  115. %description mod-http-image-filter
  116. %{summary}.
  117. %package mod-http-perl
  118. Group: System Environment/Daemons
  119. Summary: Nginx HTTP perl module
  120. BuildRequires: perl-devel
  121. %if 0%{?fedora} >= 24
  122. BuildRequires: perl-generators
  123. %endif
  124. BuildRequires: perl(ExtUtils::Embed)
  125. Requires: nginx
  126. Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
  127. %description mod-http-perl
  128. %{summary}.
  129. %package mod-http-xslt-filter
  130. Group: System Environment/Daemons
  131. Summary: Nginx XSLT module
  132. BuildRequires: libxslt-devel
  133. Requires: nginx
  134. %description mod-http-xslt-filter
  135. %{summary}.
  136. %package mod-mail
  137. Group: System Environment/Daemons
  138. Summary: Nginx mail modules
  139. Requires: nginx
  140. %description mod-mail
  141. %{summary}.
  142. %package mod-stream
  143. Group: System Environment/Daemons
  144. Summary: Nginx stream modules
  145. Requires: nginx
  146. %description mod-stream
  147. %{summary}.
  148. %package mod-http-lua
  149. Summary: nginx lua dynamic modules
  150. URL: https://github.com/openresty/lua-nginx-module
  151. Group: System Environment/Daemons
  152. License: BSD license
  153. BuildRequires: luajit-devel
  154. Requires: luajit
  155. Requires: nginx-mod-ndk
  156. Requires: nginx == %{?epoch:%{epoch}:}%{version}
  157. %description mod-http-lua
  158. %{summary}.
  159. %package mod-ndk
  160. Summary: nginx ndk dynamic modules
  161. URL: https://github.com/simpl/ngx_devel_kit
  162. Group: System Environment/Daemons
  163. License: The BSD 3-Clause License
  164. Requires: nginx == %{?epoch:%{epoch}:}%{version}
  165. %description mod-ndk
  166. %{summary}.
  167. %package mod-http-modsecurity
  168. Summary: nginx modsecurity dynamic module
  169. URL: https://github.com/SpiderLabs/ModSecurity-nginx
  170. Group: System Environment/Daemons
  171. License: Apache License 2.0
  172. BuildRequires: libmodsecurity-devel
  173. Requires: nginx == %{?epoch:%{epoch}:}%{version}
  174. Requires: libmodsecurity
  175. %description mod-http-modsecurity
  176. %{summary}.
  177. %package mod-http-naxsi
  178. Summary: nginx naxsi dynamic module
  179. URL: https://github.com/nbs-system/naxsi/
  180. Group: System Environment/Daemons
  181. License: GNU GPL v3
  182. Requires: nginx == %{?epoch:%{epoch}:}%{version}
  183. %description mod-http-naxsi
  184. %{summary}.
  185. %prep
  186. %setup -q
  187. %setup -q -T -D -a 300
  188. %setup -q -T -D -a 301
  189. %setup -q -T -D -a 302
  190. %setup -q -T -D -a 303
  191. %patch0 -p0
  192. cp %{SOURCE200} .
  193. cp %{SOURCE210} .
  194. %if 0%{?rhel} < 8
  195. sed -i -e 's#KillMode=.*#KillMode=process#g' %{SOURCE10}
  196. sed -i -e 's#PROFILE=SYSTEM#HIGH:!aNULL:!MD5#' %{SOURCE12}
  197. %endif
  198. %build
  199. # nginx does not utilize a standard configure script. It has its own
  200. # and the standard configure options cause the nginx configure script
  201. # to error out. This is is also the reason for the DESTDIR environment
  202. # variable.
  203. export DESTDIR=%{buildroot}
  204. ./configure \
  205. --prefix=%{_datadir}/nginx \
  206. --sbin-path=%{_sbindir}/nginx \
  207. --modules-path=%{_libdir}/nginx/modules \
  208. --conf-path=%{_sysconfdir}/nginx/nginx.conf \
  209. --error-log-path=%{_localstatedir}/log/nginx/error.log \
  210. --http-log-path=%{_localstatedir}/log/nginx/access.log \
  211. --http-client-body-temp-path=%{_localstatedir}/lib/nginx/tmp/client_body \
  212. --http-proxy-temp-path=%{_localstatedir}/lib/nginx/tmp/proxy \
  213. --http-fastcgi-temp-path=%{_localstatedir}/lib/nginx/tmp/fastcgi \
  214. --http-uwsgi-temp-path=%{_localstatedir}/lib/nginx/tmp/uwsgi \
  215. --http-scgi-temp-path=%{_localstatedir}/lib/nginx/tmp/scgi \
  216. --pid-path=/run/nginx.pid \
  217. --lock-path=/run/lock/subsys/nginx \
  218. --user=%{nginx_user} \
  219. --group=%{nginx_user} \
  220. %if 0%{?with_aio}
  221. --with-file-aio \
  222. %endif
  223. --with-ipv6 \
  224. --with-http_auth_request_module \
  225. --with-http_ssl_module \
  226. --with-http_v2_module \
  227. --with-http_realip_module \
  228. --with-http_addition_module \
  229. --with-http_xslt_module=dynamic \
  230. --with-http_image_filter_module=dynamic \
  231. --with-http_geoip_module=dynamic \
  232. --with-http_sub_module \
  233. --with-http_dav_module \
  234. --with-http_flv_module \
  235. --with-http_mp4_module \
  236. --with-http_gunzip_module \
  237. --with-http_gzip_static_module \
  238. --with-http_random_index_module \
  239. --with-http_secure_link_module \
  240. --with-http_degradation_module \
  241. --with-http_slice_module \
  242. --with-http_stub_status_module \
  243. --with-http_perl_module=dynamic \
  244. --with-mail=dynamic \
  245. --with-mail_ssl_module \
  246. --with-pcre \
  247. --with-pcre-jit \
  248. --with-stream=dynamic \
  249. --with-stream_ssl_module \
  250. %if 0%{?with_gperftools}
  251. --with-google_perftools_module \
  252. %endif
  253. --with-debug \
  254. --with-cc-opt="%{optflags} $(pcre-config --cflags)" \
  255. --with-ld-opt="$RPM_LD_FLAGS -Wl,-E" \
  256. --add-dynamic-module=lua-nginx-module-%{lua_version} \
  257. --add-dynamic-module=ngx_devel_kit-%{ndk_version} \
  258. --add-dynamic-module=modsecurity-nginx-v%{modsecurity_version} \
  259. --add-dynamic-module=naxsi-%{naxsi_version}/naxsi_src
  260. make %{?_smp_mflags}
  261. %install
  262. make install DESTDIR=%{buildroot} INSTALLDIRS=vendor
  263. find %{buildroot} -type f -name .packlist -exec rm -f '{}' \;
  264. find %{buildroot} -type f -name perllocal.pod -exec rm -f '{}' \;
  265. find %{buildroot} -type f -empty -exec rm -f '{}' \;
  266. find %{buildroot} -type f -iname '*.so' -exec chmod 0755 '{}' \;
  267. install -p -D -m 0644 %{SOURCE10} \
  268. %{buildroot}%{_unitdir}/nginx.service
  269. install -p -D -m 0644 %{SOURCE11} \
  270. %{buildroot}%{_sysconfdir}/logrotate.d/nginx
  271. install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/conf.d
  272. install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/default.d
  273. install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx
  274. install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx/tmp
  275. install -p -d -m 0700 %{buildroot}%{_localstatedir}/log/nginx
  276. install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/html
  277. install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/modules
  278. install -p -d -m 0755 %{buildroot}%{_libdir}/nginx/modules
  279. install -p -m 0644 %{SOURCE12} \
  280. %{buildroot}%{_sysconfdir}/nginx
  281. install -p -m 0644 %{SOURCE100} \
  282. %{buildroot}%{_datadir}/nginx/html
  283. install -p -m 0644 %{SOURCE101} %{SOURCE102} \
  284. %{buildroot}%{_datadir}/nginx/html
  285. install -p -m 0644 %{SOURCE103} %{SOURCE104} \
  286. %{buildroot}%{_datadir}/nginx/html
  287. %if 0%{?with_mailcap_mimetypes}
  288. rm -f %{buildroot}%{_sysconfdir}/nginx/mime.types
  289. %endif
  290. install -p -D -m 0644 %{_builddir}/nginx-%{version}/man/nginx.8 \
  291. %{buildroot}%{_mandir}/man8/nginx.8
  292. install -p -D -m 0755 %{SOURCE13} %{buildroot}%{_bindir}/nginx-upgrade
  293. install -p -D -m 0644 %{SOURCE14} %{buildroot}%{_mandir}/man8/nginx-upgrade.8
  294. for i in ftdetect indent syntax; do
  295. install -p -D -m644 contrib/vim/${i}/nginx.vim \
  296. %{buildroot}%{_datadir}/vim/vimfiles/${i}/nginx.vim
  297. done
  298. install -p -D -m 0644 naxsi-%{naxsi_version}/naxsi_config/naxsi_core.rules \
  299. %{buildroot}%{_sysconfdir}/nginx/naxsi_core.rules
  300. echo 'load_module "%{_libdir}/nginx/modules/ngx_http_geoip_module.so";' \
  301. > %{buildroot}%{_datadir}/nginx/modules/mod-http-geoip.conf
  302. echo 'load_module "%{_libdir}/nginx/modules/ngx_http_image_filter_module.so";' \
  303. > %{buildroot}%{_datadir}/nginx/modules/mod-http-image-filter.conf
  304. echo 'load_module "%{_libdir}/nginx/modules/ngx_http_perl_module.so";' \
  305. > %{buildroot}%{_datadir}/nginx/modules/mod-http-perl.conf
  306. echo 'load_module "%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so";' \
  307. > %{buildroot}%{_datadir}/nginx/modules/mod-http-xslt-filter.conf
  308. echo 'load_module "%{_libdir}/nginx/modules/ngx_mail_module.so";' \
  309. > %{buildroot}%{_datadir}/nginx/modules/mod-mail.conf
  310. echo 'load_module "%{_libdir}/nginx/modules/ngx_stream_module.so";' \
  311. > %{buildroot}%{_datadir}/nginx/modules/mod-stream.conf
  312. echo 'load_module "%{_libdir}/nginx/modules/ndk_http_module.so";' \
  313. > %{buildroot}%{_datadir}/nginx/modules/mod-ndk.conf
  314. echo 'load_module "%{_libdir}/nginx/modules/ngx_http_lua_module.so";' \
  315. > %{buildroot}%{_datadir}/nginx/modules/mod-lua.conf
  316. echo 'load_module "%{_libdir}/nginx/modules/ngx_http_modsecurity_module.so";' \
  317. > %{buildroot}%{_datadir}/nginx/modules/mod-modsecurity.conf
  318. echo 'load_module "%{_libdir}/nginx/modules/ngx_http_naxsi_module.so";' \
  319. > %{buildroot}%{_datadir}/nginx/modules/mod-naxsi.conf
  320. %pre filesystem
  321. getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user}
  322. getent passwd %{nginx_user} > /dev/null || \
  323. useradd -r -d %{_localstatedir}/lib/nginx -g %{nginx_user} \
  324. -s /sbin/nologin -c "Nginx web server" %{nginx_user}
  325. exit 0
  326. %post
  327. %systemd_post nginx.service
  328. %post mod-http-geoip
  329. if [ $1 -eq 1 ]; then
  330. /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
  331. fi
  332. %post mod-http-image-filter
  333. if [ $1 -eq 1 ]; then
  334. /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
  335. fi
  336. %post mod-http-perl
  337. if [ $1 -eq 1 ]; then
  338. /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
  339. fi
  340. %post mod-http-xslt-filter
  341. if [ $1 -eq 1 ]; then
  342. /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
  343. fi
  344. %post mod-mail
  345. if [ $1 -eq 1 ]; then
  346. /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
  347. fi
  348. %post mod-stream
  349. if [ $1 -eq 1 ]; then
  350. /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
  351. fi
  352. %post mod-http-lua
  353. if [ $1 -eq 1 ]; then
  354. /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
  355. fi
  356. %post mod-ndk
  357. if [ $1 -eq 1 ]; then
  358. /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
  359. fi
  360. %post mod-http-modsecurity
  361. if [ $1 -eq 1 ]; then
  362. /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
  363. fi
  364. %post mod-http-naxsi
  365. if [ $1 -eq 1 ]; then
  366. /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
  367. fi
  368. %preun
  369. %systemd_preun nginx.service
  370. %postun
  371. %systemd_postun nginx.service
  372. if [ $1 -ge 1 ]; then
  373. /usr/bin/nginx-upgrade >/dev/null 2>&1 || :
  374. fi
  375. %files
  376. %license LICENSE
  377. %doc CHANGES README README.dynamic
  378. %if 0%{?rhel} == 7
  379. %doc UPGRADE-NOTES-1.6-to-1.10
  380. %endif
  381. %{_datadir}/nginx/html/*
  382. %{_bindir}/nginx-upgrade
  383. %{_sbindir}/nginx
  384. %{_datadir}/vim/vimfiles/ftdetect/nginx.vim
  385. %{_datadir}/vim/vimfiles/syntax/nginx.vim
  386. %{_datadir}/vim/vimfiles/indent/nginx.vim
  387. %{_mandir}/man3/nginx.3pm*
  388. %{_mandir}/man8/nginx.8*
  389. %{_mandir}/man8/nginx-upgrade.8*
  390. %{_unitdir}/nginx.service
  391. %config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf
  392. %config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf.default
  393. %config(noreplace) %{_sysconfdir}/nginx/fastcgi_params
  394. %config(noreplace) %{_sysconfdir}/nginx/fastcgi_params.default
  395. %config(noreplace) %{_sysconfdir}/nginx/koi-utf
  396. %config(noreplace) %{_sysconfdir}/nginx/koi-win
  397. %if ! 0%{?with_mailcap_mimetypes}
  398. %config(noreplace) %{_sysconfdir}/nginx/mime.types
  399. %endif
  400. %config(noreplace) %{_sysconfdir}/nginx/mime.types.default
  401. %config(noreplace) %{_sysconfdir}/nginx/nginx.conf
  402. %config(noreplace) %{_sysconfdir}/nginx/nginx.conf.default
  403. %config(noreplace) %{_sysconfdir}/nginx/scgi_params
  404. %config(noreplace) %{_sysconfdir}/nginx/scgi_params.default
  405. %config(noreplace) %{_sysconfdir}/nginx/uwsgi_params
  406. %config(noreplace) %{_sysconfdir}/nginx/uwsgi_params.default
  407. %config(noreplace) %{_sysconfdir}/nginx/win-utf
  408. %config(noreplace) %{_sysconfdir}/logrotate.d/nginx
  409. %attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/lib/nginx
  410. %attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/lib/nginx/tmp
  411. %attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/log/nginx
  412. %dir %{_libdir}/nginx/modules
  413. %files all-modules
  414. %files filesystem
  415. %dir %{_datadir}/nginx
  416. %dir %{_datadir}/nginx/html
  417. %dir %{_sysconfdir}/nginx
  418. %dir %{_sysconfdir}/nginx/conf.d
  419. %dir %{_sysconfdir}/nginx/default.d
  420. %files mod-http-geoip
  421. %{_datadir}/nginx/modules/mod-http-geoip.conf
  422. %{_libdir}/nginx/modules/ngx_http_geoip_module.so
  423. %files mod-http-image-filter
  424. %{_datadir}/nginx/modules/mod-http-image-filter.conf
  425. %{_libdir}/nginx/modules/ngx_http_image_filter_module.so
  426. %files mod-http-perl
  427. %{_datadir}/nginx/modules/mod-http-perl.conf
  428. %{_libdir}/nginx/modules/ngx_http_perl_module.so
  429. %dir %{perl_vendorarch}/auto/nginx
  430. %{perl_vendorarch}/nginx.pm
  431. %{perl_vendorarch}/auto/nginx/nginx.so
  432. %files mod-http-xslt-filter
  433. %{_datadir}/nginx/modules/mod-http-xslt-filter.conf
  434. %{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so
  435. %files mod-mail
  436. %{_datadir}/nginx/modules/mod-mail.conf
  437. %{_libdir}/nginx/modules/ngx_mail_module.so
  438. %files mod-stream
  439. %{_datadir}/nginx/modules/mod-stream.conf
  440. %{_libdir}/nginx/modules/ngx_stream_module.so
  441. %files mod-http-lua
  442. %{_datadir}/nginx/modules/mod-lua.conf
  443. %{_libdir}/nginx/modules/ngx_http_lua_module.so
  444. %files mod-ndk
  445. %{_datadir}/nginx/modules/mod-ndk.conf
  446. %{_libdir}/nginx/modules/ndk_http_module.so
  447. %files mod-http-modsecurity
  448. %{_datadir}/nginx/modules/mod-modsecurity.conf
  449. %{_libdir}/nginx/modules/ngx_http_modsecurity_module.so
  450. %files mod-http-naxsi
  451. %{_datadir}/nginx/modules/mod-naxsi.conf
  452. %{_libdir}/nginx/modules/ngx_http_naxsi_module.so
  453. %config(noreplace) %{_sysconfdir}/nginx/naxsi_core.rules
  454. %changelog
  455. * Thu Feb 28 2019 Daniel Berteaud <daniel@firewall-services.com> 1.15.9-1
  456. - Add missing pgp sig (daniel@firewall-services.com)
  457. * Thu Feb 28 2019 Daniel Berteaud <daniel@firewall-services.com> 1.15.9-0.beta1
  458. - Update nginx to 1.15.9 and lua mod to 0.10.14 (daniel@firewall-services.com)
  459. * Mon Dec 03 2018 Daniel Berteaud <daniel@firewall-services.com> 1.15.7-1
  460. - Switch to lfs to track archives and update to 1.15.7 (daniel@firewall-
  461. services.com)
  462. * Tue Nov 06 2018 Daniel Berteaud <daniel@firewall-services.com> 1.15.6-1
  463. - Fork from EL7 package
  464. - Update to 1.15.6
  465. - Build with lua, modsecurity and naxsi modules
  466. * Tue Mar 6 2018 Tadej Janež <tadej.j@nez.si> - 1:1.12.2-2
  467. - enable building the ngx_http_auth_request_module module (RHBZ #1471107)
  468. * Wed Oct 18 2017 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.2-1
  469. - update to upstream release 1.12.2
  470. - Resolves: #1468584 - (CVE-2017-7529) CVE-2017-7529 nginx: Integer
  471. overflow in nginx range filter module leading to memory disclosure
  472. * Mon Sep 18 2017 Luboš Uhliarik <luhliari@redhat.com> - 1:1.10.2-2
  473. - Resolves: #1478662 - rebuild for ALPN support
  474. * Mon Oct 31 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.2-1
  475. - update to upstream release 1.10.2
  476. * Tue May 31 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.1-1
  477. - update to upstream release 1.10.1
  478. * Sun May 15 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.10.0-4
  479. - Perl 5.24 rebuild
  480. * Sun May 8 2016 Peter Robinson <pbrobinson@fedoraproject.org> 1:1.10.0-3
  481. - Enable AIO on aarch64 (rhbz 1258414)
  482. * Wed Apr 27 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.0-2
  483. - only Require nginx-all-modules for EPEL and current Fedora releases
  484. * Wed Apr 27 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.0-1
  485. - update to upstream release 1.10.0
  486. - split dynamic modules into subpackages
  487. - spec file cleanup
  488. * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.8.1-2
  489. - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
  490. * Tue Jan 26 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.1-1
  491. - update to upstream release 1.8.1
  492. - CVE-2016-0747: Insufficient limits of CNAME resolution in resolver
  493. - CVE-2016-0746: Use-after-free during CNAME response processing in resolver
  494. - CVE-2016-0742: Invalid pointer dereference in resolver
  495. * Sun Oct 04 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-14
  496. - consistently use '%%global with_foo' style of logic
  497. - remove PID file before starting nginx (#1268621)
  498. * Fri Sep 25 2015 Ville Skyttä <ville.skytta@iki.fi> - 1:1.8.0-13
  499. - Use nginx-mimetypes from mailcap (#1248736)
  500. - Mark LICENSE as %%license
  501. * Thu Sep 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-12
  502. - also build with gperftools on aarch64 (#1258412)
  503. * Wed Aug 12 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 1:1.8.0-11
  504. - nginx.conf: added commented-out SSL configuration directives (#1179232)
  505. * Fri Jul 03 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-10
  506. - switch back to /bin/kill in logrotate script due to SELinux denials
  507. * Tue Jun 16 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-9
  508. - fix path to png in error pages (#1232277)
  509. - optimize png images with optipng
  510. * Sun Jun 14 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-8
  511. - replace /bin/kill with /usr/bin/systemctl kill in logrotate script (#1231543)
  512. - remove After=syslog.target in nginx.service (#1231543)
  513. - replace ExecStop with KillSignal=SIGQUIT in nginx.service (#1231543)
  514. * Wed Jun 03 2015 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.8.0-7
  515. - Perl 5.22 rebuild
  516. * Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-6
  517. - revert previous change
  518. * Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-5
  519. - move default server to default.conf (#1220094)
  520. * Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-4
  521. - add TimeoutStopSec=5 and KillMode=mixed to nginx.service
  522. - set worker_processes to auto
  523. - add some common options to the http block in nginx.conf
  524. - run nginx-upgrade on package update
  525. - remove some redundant scriptlet commands
  526. - listen on ipv6 for default server (#1217081)
  527. * Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-3
  528. - improve nginx-upgrade script
  529. * Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-2
  530. - add --with-pcre-jit
  531. * Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-1
  532. - update to upstream release 1.8.0
  533. * Thu Apr 09 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.7.12-1
  534. - update to upstream release 1.7.12
  535. * Sun Feb 15 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.7.10-1
  536. - update to upstream release 1.7.10
  537. - remove systemd conditionals
  538. * Wed Oct 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-4
  539. - fix package ownership of directories
  540. * Wed Oct 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-3
  541. - add vim files (#1142849)
  542. * Mon Sep 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-2
  543. - create nginx-filesystem subpackage (patch from Remi Collet)
  544. - create /etc/nginx/default.d as a drop-in directory for configuration files
  545. for the default server block
  546. - clean up nginx.conf
  547. * Wed Sep 17 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-1
  548. - update to upstream release 1.6.2
  549. - CVE-2014-3616 nginx: virtual host confusion (#1142573)
  550. * Wed Aug 27 2014 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.6.1-4
  551. - Perl 5.20 rebuild
  552. * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.6.1-3
  553. - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
  554. * Tue Aug 05 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.1-2
  555. - add logic for EPEL 7
  556. * Tue Aug 05 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.1-1
  557. - update to upstream release 1.6.1
  558. - (#1126891) CVE-2014-3556: SMTP STARTTLS plaintext injection flaw
  559. * Wed Jul 02 2014 Yaakov Selkowitz <yselkowi@redhat.com> - 1:1.6.0-3
  560. - Fix FTBFS on aarch64 (#1115559)
  561. * Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.6.0-2
  562. - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
  563. * Sat Apr 26 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.0-1
  564. - update to upstream release 1.6.0
  565. * Tue Mar 18 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.7-1
  566. - update to upstream release 1.4.7
  567. * Wed Mar 05 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.6-1
  568. - update to upstream release 1.4.6
  569. * Sun Feb 16 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.5-2
  570. - avoid multiple index directives (#1065488)
  571. * Sun Feb 16 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.5-1
  572. - update to upstream release 1.4.5
  573. * Wed Nov 20 2013 Peter Borsa <peter.borsa@gmail.com> - 1:1.4.4-1
  574. - Update to upstream release 1.4.4
  575. - Security fix BZ 1032267
  576. * Sun Nov 03 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.3-1
  577. - update to upstream release 1.4.3
  578. * Fri Aug 09 2013 Jonathan Steffan <jsteffan@fedoraproject.org> - 1:1.4.2-3
  579. - Add in conditionals to build for non-systemd targets
  580. * Sat Aug 03 2013 Petr Pisar <ppisar@redhat.com> - 1:1.4.2-2
  581. - Perl 5.18 rebuild
  582. * Fri Jul 19 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.2-1
  583. - update to upstream release 1.4.2
  584. * Wed Jul 17 2013 Petr Pisar <ppisar@redhat.com> - 1:1.4.1-3
  585. - Perl 5.18 rebuild
  586. * Tue Jun 11 2013 Remi Collet <rcollet@redhat.com> - 1:1.4.1-2
  587. - rebuild for new GD 2.1.0
  588. * Tue May 07 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.1-1
  589. - update to upstream release 1.4.1 (#960605, #960606):
  590. CVE-2013-2028 stack-based buffer overflow when handling certain chunked
  591. transfer encoding requests
  592. * Sun Apr 28 2013 Dan Horák <dan[at]danny.cz> - 1:1.4.0-2
  593. - gperftools exist only on selected arches
  594. * Fri Apr 26 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.0-1
  595. - update to upstream release 1.4.0
  596. - enable SPDY module (new in this version)
  597. - enable http gunzip module (new in this version)
  598. - enable google perftools module and add gperftools-devel to BR
  599. - enable debugging (#956845)
  600. - trim changelog
  601. * Tue Apr 02 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.8-1
  602. - update to upstream release 1.2.8
  603. * Fri Feb 22 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.7-2
  604. - make sure nginx directories are not world readable (#913724, #913735)
  605. * Sat Feb 16 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.7-1
  606. - update to upstream release 1.2.7
  607. - add .asc file
  608. * Tue Feb 05 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-6
  609. - use 'kill' instead of 'systemctl' when rotating log files to workaround
  610. SELinux issue (#889151)
  611. * Wed Jan 23 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-5
  612. - uncomment "include /etc/nginx/conf.d/*.conf by default but leave the
  613. conf.d directory empty (#903065)
  614. * Wed Jan 23 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-4
  615. - add comment in nginx.conf regarding "include /etc/nginf/conf.d/*.conf"
  616. (#903065)
  617. * Wed Dec 19 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-3
  618. - use correct file ownership when rotating log files
  619. * Tue Dec 18 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-2
  620. - send correct kill signal and use correct file permissions when rotating
  621. log files (#888225)
  622. - send correct kill signal in nginx-upgrade
  623. * Tue Dec 11 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-1
  624. - update to upstream release 1.2.6
  625. * Sat Nov 17 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.5-1
  626. - update to upstream release 1.2.5
  627. * Sun Oct 28 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.4-1
  628. - update to upstream release 1.2.4
  629. - introduce new systemd-rpm macros (#850228)
  630. - link to official documentation not the community wiki (#870733)
  631. - do not run systemctl try-restart after package upgrade to allow the
  632. administrator to run nginx-upgrade and avoid downtime
  633. - add nginx man page (#870738)
  634. - add nginx-upgrade man page and remove README.fedora
  635. - remove chkconfig from Requires(post/preun)
  636. - remove initscripts from Requires(preun/postun)
  637. - remove separate configuration files in "/etc/nginx/conf.d" directory
  638. and revert to upstream default of a centralized nginx.conf file
  639. (#803635) (#842738)
  640. * Fri Sep 21 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.3-1
  641. - update to upstream release 1.2.3
  642. * Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.2.1-3
  643. - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
  644. * Thu Jun 28 2012 Petr Pisar <ppisar@redhat.com> - 1:1.2.1-2
  645. - Perl 5.16 rebuild
  646. * Sun Jun 10 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.1-1
  647. - update to upstream release 1.2.1
  648. * Fri Jun 08 2012 Petr Pisar <ppisar@redhat.com> - 1:1.2.0-2
  649. - Perl 5.16 rebuild
  650. * Wed May 16 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.0-1
  651. - update to upstream release 1.2.0
  652. * Wed May 16 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-4
  653. - add nginx-upgrade to replace functionality from the nginx initscript
  654. that was lost after migration to systemd
  655. - add README.fedora to describe usage of nginx-upgrade
  656. - nginx.logrotate: use built-in systemd kill command in postrotate script
  657. - nginx.service: start after syslog.target and network.target
  658. - nginx.service: remove unnecessary references to config file location
  659. - nginx.service: use /bin/kill instead of "/usr/sbin/nginx -s" following
  660. advice from nginx-devel
  661. - nginx.service: use private /tmp
  662. * Mon May 14 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-3
  663. - fix incorrect postrotate script in nginx.logrotate
  664. * Thu Apr 19 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-2
  665. - renable auto-cc-gcc patch due to warnings on rawhide
  666. * Sat Apr 14 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-1
  667. - update to upstream release 1.0.15
  668. - no need to apply auto-cc-gcc patch
  669. - add %%global _hardened_build 1
  670. * Thu Mar 15 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.14-1
  671. - update to upstream release 1.0.14
  672. - amend some %%changelog formatting
  673. * Tue Mar 06 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.13-1
  674. - update to upstream release 1.0.13
  675. - amend --pid-path and --log-path
  676. * Sun Mar 04 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.12-5
  677. - change pid path in nginx.conf to match systemd service file
  678. * Sun Mar 04 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.12-3
  679. - fix %%pre scriptlet
  680. * Mon Feb 20 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.12-2
  681. - update upstream URL
  682. - replace %%define with %%global
  683. - remove obsolete BuildRoot tag, %%clean section and %%defattr
  684. - remove various unnecessary commands
  685. - add systemd service file and update scriptlets
  686. - add Epoch to accommodate %%triggerun as part of systemd migration
  687. * Sun Feb 19 2012 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.0.12-1
  688. - Update to 1.0.12
  689. * Thu Nov 17 2011 Keiran "Affix" Smith <fedora@affix.me> - 1.0.10-1
  690. - Bugfix: a segmentation fault might occur in a worker process if resolver got a big DNS response. Thanks to Ben Hawkes.
  691. - Bugfix: in cache key calculation if internal MD5 implementation wasused; the bug had appeared in 1.0.4.
  692. - Bugfix: the module ngx_http_mp4_module sent incorrect "Content-Length" response header line if the "start" argument was used. Thanks to Piotr Sikora.
  693. * Thu Oct 27 2011 Keiran "Affix" Smith <fedora@affix.me> - 1.0.8-1
  694. - Update to new 1.0.8 stable release
  695. * Fri Aug 26 2011 Keiran "Affix" Smith <fedora@affix.me> - 1.0.5-1
  696. - Update nginx to Latest Stable Release
  697. * Fri Jun 17 2011 Marcela Mašláňová <mmaslano@redhat.com> - 1.0.0-3
  698. - Perl mass rebuild
  699. * Thu Jun 09 2011 Marcela Mašláňová <mmaslano@redhat.com> - 1.0.0-2
  700. - Perl 5.14 mass rebuild
  701. * Wed Apr 27 2011 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.0.0-1
  702. - Update to 1.0.0
  703. * Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.53-6
  704. - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
  705. * Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53.5
  706. - Extract out default config into its own file (bug #635776)
  707. * Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-4
  708. - Revert ownership of log dir
  709. * Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-3
  710. - Change ownership of /var/log/nginx to be 0700 nginx:nginx
  711. - update init script to use killproc -p
  712. - add reopen_logs command to init script
  713. - update init script to use nginx -q option
  714. * Sun Oct 31 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-2
  715. - Fix linking of perl module
  716. * Sun Oct 31 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-1
  717. - Update to new stable 0.8.53
  718. * Sat Jul 31 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.67-2
  719. - add Provides: webserver (bug #619693)
  720. * Sun Jun 20 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.67-1
  721. - Update to new stable 0.7.67
  722. - fix bugzilla #591543
  723. * Tue Jun 01 2010 Marcela Maslanova <mmaslano@redhat.com> - 0.7.65-2
  724. - Mass rebuild with perl-5.12.0
  725. * Mon Feb 15 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.65-1
  726. - Update to new stable 0.7.65
  727. - change ownership of logdir to root:root
  728. - add support for ipv6 (bug #561248)
  729. - add random_index_module
  730. - add secure_link_module
  731. * Fri Dec 04 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.64-1
  732. - Update to new stable 0.7.64