You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

nginx.spec 33KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929
  1. %global _hardened_build 1
  2. %global nginx_user nginx
  3. %define lua_version 0.10.14
  4. %define ndk_version 0.3.0
  5. %define modsecurity_version 1.0.0
  6. %define naxsi_version 0.56
  7. # gperftools exist only on selected arches
  8. %ifnarch s390 s390x
  9. %global with_gperftools 1
  10. %endif
  11. %global with_aio 1
  12. %if 0%{?fedora} > 22
  13. %global with_mailcap_mimetypes 1
  14. %endif
  15. Name: nginx
  16. Epoch: 1
  17. Version: 1.15.12
  18. Release: 1%{?dist}
  19. Summary: A high performance web server and reverse proxy server
  20. Group: System Environment/Daemons
  21. # BSD License (two clause)
  22. # http://www.freebsd.org/copyright/freebsd-license.html
  23. License: BSD
  24. URL: http://nginx.org/
  25. Source0: http://nginx.org/download/nginx-%{version}.tar.gz
  26. Source1: http://nginx.org/download/nginx-%{version}.tar.gz.asc
  27. Source10: nginx.service
  28. Source11: nginx.logrotate
  29. Source12: nginx.conf
  30. Source13: nginx-upgrade
  31. Source14: nginx-upgrade.8
  32. Source100: index.html
  33. Source101: poweredby.png
  34. Source102: nginx-logo.png
  35. Source103: 404.html
  36. Source104: 50x.html
  37. Source200: README.dynamic
  38. Source210: UPGRADE-NOTES-1.6-to-1.10
  39. Source300: lua-nginx-module-%{lua_version}.tar.gz
  40. Source301: ngx_devel_kit-%{ndk_version}.tar.gz
  41. Source302: modsecurity-nginx-v%{modsecurity_version}.tar.gz
  42. Source303: naxsi-%{naxsi_version}.tar.gz
  43. # removes -Werror in upstream build scripts. -Werror conflicts with
  44. # -D_FORTIFY_SOURCE=2 causing warnings to turn into errors.
  45. Patch0: nginx-auto-cc-gcc.patch
  46. %if 0%{?with_gperftools}
  47. BuildRequires: gperftools-devel
  48. %endif
  49. BuildRequires: openssl-devel
  50. BuildRequires: pcre-devel
  51. BuildRequires: zlib-devel
  52. Requires: nginx-filesystem = %{epoch}:%{version}-%{release}
  53. %if 0%{?rhel} || 0%{?fedora} < 24
  54. # Introduced at 1:1.10.0-1 to ease upgrade path. To be removed later.
  55. Requires: nginx-all-modules = %{epoch}:%{version}-%{release}
  56. %endif
  57. Requires: openssl
  58. Requires: pcre
  59. Requires(pre): nginx-filesystem
  60. %if 0%{?with_mailcap_mimetypes}
  61. Requires: nginx-mimetypes
  62. %endif
  63. Provides: webserver
  64. BuildRequires: systemd
  65. Requires(post): systemd
  66. Requires(preun): systemd
  67. Requires(postun): systemd
  68. %description
  69. Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
  70. IMAP protocols, with a strong focus on high concurrency, performance and low
  71. memory usage.
  72. %package all-modules
  73. Group: System Environment/Daemons
  74. Summary: A meta package that installs all available Nginx modules
  75. BuildArch: noarch
  76. Requires: nginx-mod-http-geoip = %{epoch}:%{version}-%{release}
  77. Requires: nginx-mod-http-image-filter = %{epoch}:%{version}-%{release}
  78. Requires: nginx-mod-http-perl = %{epoch}:%{version}-%{release}
  79. Requires: nginx-mod-http-xslt-filter = %{epoch}:%{version}-%{release}
  80. Requires: nginx-mod-mail = %{epoch}:%{version}-%{release}
  81. Requires: nginx-mod-stream = %{epoch}:%{version}-%{release}
  82. %description all-modules
  83. %{summary}.
  84. %if 0%{?rhel}
  85. The main nginx package depends on this to ease the upgrade path. After a grace
  86. period of several months, modules will become optional.
  87. %endif
  88. %if 0%{?fedora} && 0%{?fedora} < 24
  89. The main nginx package depends on this to ease the upgrade path. Starting from
  90. Fedora 24, modules are optional.
  91. %endif
  92. %package filesystem
  93. Group: System Environment/Daemons
  94. Summary: The basic directory layout for the Nginx server
  95. BuildArch: noarch
  96. Requires(pre): shadow-utils
  97. %description filesystem
  98. The nginx-filesystem package contains the basic directory layout
  99. for the Nginx server including the correct permissions for the
  100. directories.
  101. %package mod-http-geoip
  102. Group: System Environment/Daemons
  103. Summary: Nginx HTTP geoip module
  104. BuildRequires: GeoIP-devel
  105. Requires: nginx
  106. Requires: GeoIP
  107. %description mod-http-geoip
  108. %{summary}.
  109. %package mod-http-image-filter
  110. Group: System Environment/Daemons
  111. Summary: Nginx HTTP image filter module
  112. BuildRequires: gd-devel
  113. Requires: nginx
  114. Requires: gd
  115. %description mod-http-image-filter
  116. %{summary}.
  117. %package mod-http-perl
  118. Group: System Environment/Daemons
  119. Summary: Nginx HTTP perl module
  120. BuildRequires: perl-devel
  121. %if 0%{?fedora} >= 24
  122. BuildRequires: perl-generators
  123. %endif
  124. BuildRequires: perl(ExtUtils::Embed)
  125. Requires: nginx
  126. Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
  127. %description mod-http-perl
  128. %{summary}.
  129. %package mod-http-xslt-filter
  130. Group: System Environment/Daemons
  131. Summary: Nginx XSLT module
  132. BuildRequires: libxslt-devel
  133. Requires: nginx
  134. %description mod-http-xslt-filter
  135. %{summary}.
  136. %package mod-mail
  137. Group: System Environment/Daemons
  138. Summary: Nginx mail modules
  139. Requires: nginx
  140. %description mod-mail
  141. %{summary}.
  142. %package mod-stream
  143. Group: System Environment/Daemons
  144. Summary: Nginx stream modules
  145. Requires: nginx
  146. %description mod-stream
  147. %{summary}.
  148. %package mod-http-lua
  149. Summary: nginx lua dynamic modules
  150. URL: https://github.com/openresty/lua-nginx-module
  151. Group: System Environment/Daemons
  152. License: BSD license
  153. BuildRequires: luajit-devel
  154. Requires: luajit
  155. Requires: nginx-mod-ndk
  156. Requires: nginx == %{?epoch:%{epoch}:}%{version}
  157. %description mod-http-lua
  158. %{summary}.
  159. %package mod-ndk
  160. Summary: nginx ndk dynamic modules
  161. URL: https://github.com/simpl/ngx_devel_kit
  162. Group: System Environment/Daemons
  163. License: The BSD 3-Clause License
  164. Requires: nginx == %{?epoch:%{epoch}:}%{version}
  165. %description mod-ndk
  166. %{summary}.
  167. %package mod-http-modsecurity
  168. Summary: nginx modsecurity dynamic module
  169. URL: https://github.com/SpiderLabs/ModSecurity-nginx
  170. Group: System Environment/Daemons
  171. License: Apache License 2.0
  172. BuildRequires: libmodsecurity-devel
  173. Requires: nginx == %{?epoch:%{epoch}:}%{version}
  174. Requires: libmodsecurity
  175. %description mod-http-modsecurity
  176. %{summary}.
  177. %package mod-http-naxsi
  178. Summary: nginx naxsi dynamic module
  179. URL: https://github.com/nbs-system/naxsi/
  180. Group: System Environment/Daemons
  181. License: GNU GPL v3
  182. Requires: nginx == %{?epoch:%{epoch}:}%{version}
  183. %description mod-http-naxsi
  184. %{summary}.
  185. %prep
  186. %setup -q
  187. %setup -q -T -D -a 300
  188. %setup -q -T -D -a 301
  189. %setup -q -T -D -a 302
  190. %setup -q -T -D -a 303
  191. %patch0 -p0
  192. cp %{SOURCE200} .
  193. cp %{SOURCE210} .
  194. %if 0%{?rhel} < 8
  195. sed -i -e 's#KillMode=.*#KillMode=process#g' %{SOURCE10}
  196. sed -i -e 's#PROFILE=SYSTEM#HIGH:!aNULL:!MD5#' %{SOURCE12}
  197. %endif
  198. %build
  199. # nginx does not utilize a standard configure script. It has its own
  200. # and the standard configure options cause the nginx configure script
  201. # to error out. This is is also the reason for the DESTDIR environment
  202. # variable.
  203. export DESTDIR=%{buildroot}
  204. ./configure \
  205. --prefix=%{_datadir}/nginx \
  206. --sbin-path=%{_sbindir}/nginx \
  207. --modules-path=%{_libdir}/nginx/modules \
  208. --conf-path=%{_sysconfdir}/nginx/nginx.conf \
  209. --error-log-path=%{_localstatedir}/log/nginx/error.log \
  210. --http-log-path=%{_localstatedir}/log/nginx/access.log \
  211. --http-client-body-temp-path=%{_localstatedir}/lib/nginx/tmp/client_body \
  212. --http-proxy-temp-path=%{_localstatedir}/lib/nginx/tmp/proxy \
  213. --http-fastcgi-temp-path=%{_localstatedir}/lib/nginx/tmp/fastcgi \
  214. --http-uwsgi-temp-path=%{_localstatedir}/lib/nginx/tmp/uwsgi \
  215. --http-scgi-temp-path=%{_localstatedir}/lib/nginx/tmp/scgi \
  216. --pid-path=/run/nginx.pid \
  217. --lock-path=/run/lock/subsys/nginx \
  218. --user=%{nginx_user} \
  219. --group=%{nginx_user} \
  220. %if 0%{?with_aio}
  221. --with-file-aio \
  222. %endif
  223. --with-ipv6 \
  224. --with-http_auth_request_module \
  225. --with-http_ssl_module \
  226. --with-http_v2_module \
  227. --with-http_realip_module \
  228. --with-http_addition_module \
  229. --with-http_xslt_module=dynamic \
  230. --with-http_image_filter_module=dynamic \
  231. --with-http_geoip_module=dynamic \
  232. --with-http_sub_module \
  233. --with-http_dav_module \
  234. --with-http_flv_module \
  235. --with-http_mp4_module \
  236. --with-http_gunzip_module \
  237. --with-http_gzip_static_module \
  238. --with-http_random_index_module \
  239. --with-http_secure_link_module \
  240. --with-http_degradation_module \
  241. --with-http_slice_module \
  242. --with-http_stub_status_module \
  243. --with-http_perl_module=dynamic \
  244. --with-mail=dynamic \
  245. --with-mail_ssl_module \
  246. --with-pcre \
  247. --with-pcre-jit \
  248. --with-stream=dynamic \
  249. --with-stream_ssl_module \
  250. %if 0%{?with_gperftools}
  251. --with-google_perftools_module \
  252. %endif
  253. --with-debug \
  254. --with-cc-opt="%{optflags} $(pcre-config --cflags)" \
  255. --with-ld-opt="$RPM_LD_FLAGS -Wl,-E" \
  256. --add-dynamic-module=lua-nginx-module-%{lua_version} \
  257. --add-dynamic-module=ngx_devel_kit-%{ndk_version} \
  258. --add-dynamic-module=modsecurity-nginx-v%{modsecurity_version} \
  259. --add-dynamic-module=naxsi-%{naxsi_version}/naxsi_src
  260. make %{?_smp_mflags}
  261. %install
  262. make install DESTDIR=%{buildroot} INSTALLDIRS=vendor
  263. find %{buildroot} -type f -name .packlist -exec rm -f '{}' \;
  264. find %{buildroot} -type f -name perllocal.pod -exec rm -f '{}' \;
  265. find %{buildroot} -type f -empty -exec rm -f '{}' \;
  266. find %{buildroot} -type f -iname '*.so' -exec chmod 0755 '{}' \;
  267. install -p -D -m 0644 %{SOURCE10} \
  268. %{buildroot}%{_unitdir}/nginx.service
  269. install -p -D -m 0644 %{SOURCE11} \
  270. %{buildroot}%{_sysconfdir}/logrotate.d/nginx
  271. install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/conf.d
  272. install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/default.d
  273. install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx
  274. install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx/tmp
  275. install -p -d -m 0700 %{buildroot}%{_localstatedir}/log/nginx
  276. install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/html
  277. install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/modules
  278. install -p -d -m 0755 %{buildroot}%{_libdir}/nginx/modules
  279. install -p -m 0644 %{SOURCE12} \
  280. %{buildroot}%{_sysconfdir}/nginx
  281. install -p -m 0644 %{SOURCE100} \
  282. %{buildroot}%{_datadir}/nginx/html
  283. install -p -m 0644 %{SOURCE101} %{SOURCE102} \
  284. %{buildroot}%{_datadir}/nginx/html
  285. install -p -m 0644 %{SOURCE103} %{SOURCE104} \
  286. %{buildroot}%{_datadir}/nginx/html
  287. %if 0%{?with_mailcap_mimetypes}
  288. rm -f %{buildroot}%{_sysconfdir}/nginx/mime.types
  289. %endif
  290. install -p -D -m 0644 %{_builddir}/nginx-%{version}/man/nginx.8 \
  291. %{buildroot}%{_mandir}/man8/nginx.8
  292. install -p -D -m 0755 %{SOURCE13} %{buildroot}%{_bindir}/nginx-upgrade
  293. install -p -D -m 0644 %{SOURCE14} %{buildroot}%{_mandir}/man8/nginx-upgrade.8
  294. for i in ftdetect indent syntax; do
  295. install -p -D -m644 contrib/vim/${i}/nginx.vim \
  296. %{buildroot}%{_datadir}/vim/vimfiles/${i}/nginx.vim
  297. done
  298. install -p -D -m 0644 naxsi-%{naxsi_version}/naxsi_config/naxsi_core.rules \
  299. %{buildroot}%{_sysconfdir}/nginx/naxsi_core.rules
  300. echo 'load_module "%{_libdir}/nginx/modules/ngx_http_geoip_module.so";' \
  301. > %{buildroot}%{_datadir}/nginx/modules/mod-http-geoip.conf
  302. echo 'load_module "%{_libdir}/nginx/modules/ngx_http_image_filter_module.so";' \
  303. > %{buildroot}%{_datadir}/nginx/modules/mod-http-image-filter.conf
  304. echo 'load_module "%{_libdir}/nginx/modules/ngx_http_perl_module.so";' \
  305. > %{buildroot}%{_datadir}/nginx/modules/mod-http-perl.conf
  306. echo 'load_module "%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so";' \
  307. > %{buildroot}%{_datadir}/nginx/modules/mod-http-xslt-filter.conf
  308. echo 'load_module "%{_libdir}/nginx/modules/ngx_mail_module.so";' \
  309. > %{buildroot}%{_datadir}/nginx/modules/mod-mail.conf
  310. echo 'load_module "%{_libdir}/nginx/modules/ngx_stream_module.so";' \
  311. > %{buildroot}%{_datadir}/nginx/modules/mod-stream.conf
  312. echo 'load_module "%{_libdir}/nginx/modules/ndk_http_module.so";' \
  313. > %{buildroot}%{_datadir}/nginx/modules/mod-ndk.conf
  314. echo 'load_module "%{_libdir}/nginx/modules/ngx_http_lua_module.so";' \
  315. > %{buildroot}%{_datadir}/nginx/modules/mod-lua.conf
  316. echo 'load_module "%{_libdir}/nginx/modules/ngx_http_modsecurity_module.so";' \
  317. > %{buildroot}%{_datadir}/nginx/modules/mod-modsecurity.conf
  318. echo 'load_module "%{_libdir}/nginx/modules/ngx_http_naxsi_module.so";' \
  319. > %{buildroot}%{_datadir}/nginx/modules/mod-naxsi.conf
  320. %pre filesystem
  321. getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user}
  322. getent passwd %{nginx_user} > /dev/null || \
  323. useradd -r -d %{_localstatedir}/lib/nginx -g %{nginx_user} \
  324. -s /sbin/nologin -c "Nginx web server" %{nginx_user}
  325. exit 0
  326. %post
  327. %systemd_post nginx.service
  328. %post mod-http-geoip
  329. if [ $1 -eq 1 ]; then
  330. /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
  331. fi
  332. %post mod-http-image-filter
  333. if [ $1 -eq 1 ]; then
  334. /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
  335. fi
  336. %post mod-http-perl
  337. if [ $1 -eq 1 ]; then
  338. /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
  339. fi
  340. %post mod-http-xslt-filter
  341. if [ $1 -eq 1 ]; then
  342. /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
  343. fi
  344. %post mod-mail
  345. if [ $1 -eq 1 ]; then
  346. /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
  347. fi
  348. %post mod-stream
  349. if [ $1 -eq 1 ]; then
  350. /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
  351. fi
  352. %post mod-http-lua
  353. if [ $1 -eq 1 ]; then
  354. /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
  355. fi
  356. %post mod-ndk
  357. if [ $1 -eq 1 ]; then
  358. /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
  359. fi
  360. %post mod-http-modsecurity
  361. if [ $1 -eq 1 ]; then
  362. /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
  363. fi
  364. %post mod-http-naxsi
  365. if [ $1 -eq 1 ]; then
  366. /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
  367. fi
  368. %preun
  369. %systemd_preun nginx.service
  370. %postun
  371. %systemd_postun nginx.service
  372. if [ $1 -ge 1 ]; then
  373. /usr/bin/nginx-upgrade >/dev/null 2>&1 || :
  374. fi
  375. %files
  376. %license LICENSE
  377. %doc CHANGES README README.dynamic
  378. %if 0%{?rhel} == 7
  379. %doc UPGRADE-NOTES-1.6-to-1.10
  380. %endif
  381. %{_datadir}/nginx/html/*
  382. %{_bindir}/nginx-upgrade
  383. %{_sbindir}/nginx
  384. %{_datadir}/vim/vimfiles/ftdetect/nginx.vim
  385. %{_datadir}/vim/vimfiles/syntax/nginx.vim
  386. %{_datadir}/vim/vimfiles/indent/nginx.vim
  387. %{_mandir}/man3/nginx.3pm*
  388. %{_mandir}/man8/nginx.8*
  389. %{_mandir}/man8/nginx-upgrade.8*
  390. %{_unitdir}/nginx.service
  391. %config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf
  392. %config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf.default
  393. %config(noreplace) %{_sysconfdir}/nginx/fastcgi_params
  394. %config(noreplace) %{_sysconfdir}/nginx/fastcgi_params.default
  395. %config(noreplace) %{_sysconfdir}/nginx/koi-utf
  396. %config(noreplace) %{_sysconfdir}/nginx/koi-win
  397. %if ! 0%{?with_mailcap_mimetypes}
  398. %config(noreplace) %{_sysconfdir}/nginx/mime.types
  399. %endif
  400. %config(noreplace) %{_sysconfdir}/nginx/mime.types.default
  401. %config(noreplace) %{_sysconfdir}/nginx/nginx.conf
  402. %config(noreplace) %{_sysconfdir}/nginx/nginx.conf.default
  403. %config(noreplace) %{_sysconfdir}/nginx/scgi_params
  404. %config(noreplace) %{_sysconfdir}/nginx/scgi_params.default
  405. %config(noreplace) %{_sysconfdir}/nginx/uwsgi_params
  406. %config(noreplace) %{_sysconfdir}/nginx/uwsgi_params.default
  407. %config(noreplace) %{_sysconfdir}/nginx/win-utf
  408. %config(noreplace) %{_sysconfdir}/logrotate.d/nginx
  409. %attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/lib/nginx
  410. %attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/lib/nginx/tmp
  411. %attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/log/nginx
  412. %dir %{_libdir}/nginx/modules
  413. %files all-modules
  414. %files filesystem
  415. %dir %{_datadir}/nginx
  416. %dir %{_datadir}/nginx/html
  417. %dir %{_sysconfdir}/nginx
  418. %dir %{_sysconfdir}/nginx/conf.d
  419. %dir %{_sysconfdir}/nginx/default.d
  420. %files mod-http-geoip
  421. %{_datadir}/nginx/modules/mod-http-geoip.conf
  422. %{_libdir}/nginx/modules/ngx_http_geoip_module.so
  423. %files mod-http-image-filter
  424. %{_datadir}/nginx/modules/mod-http-image-filter.conf
  425. %{_libdir}/nginx/modules/ngx_http_image_filter_module.so
  426. %files mod-http-perl
  427. %{_datadir}/nginx/modules/mod-http-perl.conf
  428. %{_libdir}/nginx/modules/ngx_http_perl_module.so
  429. %dir %{perl_vendorarch}/auto/nginx
  430. %{perl_vendorarch}/nginx.pm
  431. %{perl_vendorarch}/auto/nginx/nginx.so
  432. %files mod-http-xslt-filter
  433. %{_datadir}/nginx/modules/mod-http-xslt-filter.conf
  434. %{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so
  435. %files mod-mail
  436. %{_datadir}/nginx/modules/mod-mail.conf
  437. %{_libdir}/nginx/modules/ngx_mail_module.so
  438. %files mod-stream
  439. %{_datadir}/nginx/modules/mod-stream.conf
  440. %{_libdir}/nginx/modules/ngx_stream_module.so
  441. %files mod-http-lua
  442. %{_datadir}/nginx/modules/mod-lua.conf
  443. %{_libdir}/nginx/modules/ngx_http_lua_module.so
  444. %files mod-ndk
  445. %{_datadir}/nginx/modules/mod-ndk.conf
  446. %{_libdir}/nginx/modules/ndk_http_module.so
  447. %files mod-http-modsecurity
  448. %{_datadir}/nginx/modules/mod-modsecurity.conf
  449. %{_libdir}/nginx/modules/ngx_http_modsecurity_module.so
  450. %files mod-http-naxsi
  451. %{_datadir}/nginx/modules/mod-naxsi.conf
  452. %{_libdir}/nginx/modules/ngx_http_naxsi_module.so
  453. %config(noreplace) %{_sysconfdir}/nginx/naxsi_core.rules
  454. %changelog
  455. * Wed Apr 17 2019 Daniel Berteaud <daniel@firewall-services.com> 1.15.12-1
  456. - Update to 1.15.12 (daniel@firewall-services.com)
  457. * Thu Apr 11 2019 Daniel Berteaud <daniel@firewall-services.com> 1.15.11-1
  458. - Update to 1.15.11 (daniel@firewall-services.com)
  459. * Wed Mar 27 2019 Daniel Berteaud <daniel@firewall-services.com> 1.15.10-1
  460. - Remove 1.15.9 tarball (daniel@firewall-services.com)
  461. - Update to 1.15.10 (daniel@firewall-services.com)
  462. * Thu Feb 28 2019 Daniel Berteaud <daniel@firewall-services.com> 1.15.9-1
  463. - Add missing pgp sig (daniel@firewall-services.com)
  464. * Thu Feb 28 2019 Daniel Berteaud <daniel@firewall-services.com> 1.15.9-0.beta1
  465. - Update nginx to 1.15.9 and lua mod to 0.10.14 (daniel@firewall-services.com)
  466. * Mon Dec 03 2018 Daniel Berteaud <daniel@firewall-services.com> 1.15.7-1
  467. - Switch to lfs to track archives and update to 1.15.7 (daniel@firewall-
  468. services.com)
  469. * Tue Nov 06 2018 Daniel Berteaud <daniel@firewall-services.com> 1.15.6-1
  470. - Fork from EL7 package
  471. - Update to 1.15.6
  472. - Build with lua, modsecurity and naxsi modules
  473. * Tue Mar 6 2018 Tadej Janež <tadej.j@nez.si> - 1:1.12.2-2
  474. - enable building the ngx_http_auth_request_module module (RHBZ #1471107)
  475. * Wed Oct 18 2017 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.2-1
  476. - update to upstream release 1.12.2
  477. - Resolves: #1468584 - (CVE-2017-7529) CVE-2017-7529 nginx: Integer
  478. overflow in nginx range filter module leading to memory disclosure
  479. * Mon Sep 18 2017 Luboš Uhliarik <luhliari@redhat.com> - 1:1.10.2-2
  480. - Resolves: #1478662 - rebuild for ALPN support
  481. * Mon Oct 31 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.2-1
  482. - update to upstream release 1.10.2
  483. * Tue May 31 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.1-1
  484. - update to upstream release 1.10.1
  485. * Sun May 15 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.10.0-4
  486. - Perl 5.24 rebuild
  487. * Sun May 8 2016 Peter Robinson <pbrobinson@fedoraproject.org> 1:1.10.0-3
  488. - Enable AIO on aarch64 (rhbz 1258414)
  489. * Wed Apr 27 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.0-2
  490. - only Require nginx-all-modules for EPEL and current Fedora releases
  491. * Wed Apr 27 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.0-1
  492. - update to upstream release 1.10.0
  493. - split dynamic modules into subpackages
  494. - spec file cleanup
  495. * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.8.1-2
  496. - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
  497. * Tue Jan 26 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.1-1
  498. - update to upstream release 1.8.1
  499. - CVE-2016-0747: Insufficient limits of CNAME resolution in resolver
  500. - CVE-2016-0746: Use-after-free during CNAME response processing in resolver
  501. - CVE-2016-0742: Invalid pointer dereference in resolver
  502. * Sun Oct 04 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-14
  503. - consistently use '%%global with_foo' style of logic
  504. - remove PID file before starting nginx (#1268621)
  505. * Fri Sep 25 2015 Ville Skyttä <ville.skytta@iki.fi> - 1:1.8.0-13
  506. - Use nginx-mimetypes from mailcap (#1248736)
  507. - Mark LICENSE as %%license
  508. * Thu Sep 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-12
  509. - also build with gperftools on aarch64 (#1258412)
  510. * Wed Aug 12 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 1:1.8.0-11
  511. - nginx.conf: added commented-out SSL configuration directives (#1179232)
  512. * Fri Jul 03 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-10
  513. - switch back to /bin/kill in logrotate script due to SELinux denials
  514. * Tue Jun 16 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-9
  515. - fix path to png in error pages (#1232277)
  516. - optimize png images with optipng
  517. * Sun Jun 14 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-8
  518. - replace /bin/kill with /usr/bin/systemctl kill in logrotate script (#1231543)
  519. - remove After=syslog.target in nginx.service (#1231543)
  520. - replace ExecStop with KillSignal=SIGQUIT in nginx.service (#1231543)
  521. * Wed Jun 03 2015 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.8.0-7
  522. - Perl 5.22 rebuild
  523. * Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-6
  524. - revert previous change
  525. * Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-5
  526. - move default server to default.conf (#1220094)
  527. * Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-4
  528. - add TimeoutStopSec=5 and KillMode=mixed to nginx.service
  529. - set worker_processes to auto
  530. - add some common options to the http block in nginx.conf
  531. - run nginx-upgrade on package update
  532. - remove some redundant scriptlet commands
  533. - listen on ipv6 for default server (#1217081)
  534. * Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-3
  535. - improve nginx-upgrade script
  536. * Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-2
  537. - add --with-pcre-jit
  538. * Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-1
  539. - update to upstream release 1.8.0
  540. * Thu Apr 09 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.7.12-1
  541. - update to upstream release 1.7.12
  542. * Sun Feb 15 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.7.10-1
  543. - update to upstream release 1.7.10
  544. - remove systemd conditionals
  545. * Wed Oct 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-4
  546. - fix package ownership of directories
  547. * Wed Oct 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-3
  548. - add vim files (#1142849)
  549. * Mon Sep 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-2
  550. - create nginx-filesystem subpackage (patch from Remi Collet)
  551. - create /etc/nginx/default.d as a drop-in directory for configuration files
  552. for the default server block
  553. - clean up nginx.conf
  554. * Wed Sep 17 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-1
  555. - update to upstream release 1.6.2
  556. - CVE-2014-3616 nginx: virtual host confusion (#1142573)
  557. * Wed Aug 27 2014 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.6.1-4
  558. - Perl 5.20 rebuild
  559. * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.6.1-3
  560. - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
  561. * Tue Aug 05 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.1-2
  562. - add logic for EPEL 7
  563. * Tue Aug 05 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.1-1
  564. - update to upstream release 1.6.1
  565. - (#1126891) CVE-2014-3556: SMTP STARTTLS plaintext injection flaw
  566. * Wed Jul 02 2014 Yaakov Selkowitz <yselkowi@redhat.com> - 1:1.6.0-3
  567. - Fix FTBFS on aarch64 (#1115559)
  568. * Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.6.0-2
  569. - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
  570. * Sat Apr 26 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.0-1
  571. - update to upstream release 1.6.0
  572. * Tue Mar 18 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.7-1
  573. - update to upstream release 1.4.7
  574. * Wed Mar 05 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.6-1
  575. - update to upstream release 1.4.6
  576. * Sun Feb 16 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.5-2
  577. - avoid multiple index directives (#1065488)
  578. * Sun Feb 16 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.5-1
  579. - update to upstream release 1.4.5
  580. * Wed Nov 20 2013 Peter Borsa <peter.borsa@gmail.com> - 1:1.4.4-1
  581. - Update to upstream release 1.4.4
  582. - Security fix BZ 1032267
  583. * Sun Nov 03 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.3-1
  584. - update to upstream release 1.4.3
  585. * Fri Aug 09 2013 Jonathan Steffan <jsteffan@fedoraproject.org> - 1:1.4.2-3
  586. - Add in conditionals to build for non-systemd targets
  587. * Sat Aug 03 2013 Petr Pisar <ppisar@redhat.com> - 1:1.4.2-2
  588. - Perl 5.18 rebuild
  589. * Fri Jul 19 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.2-1
  590. - update to upstream release 1.4.2
  591. * Wed Jul 17 2013 Petr Pisar <ppisar@redhat.com> - 1:1.4.1-3
  592. - Perl 5.18 rebuild
  593. * Tue Jun 11 2013 Remi Collet <rcollet@redhat.com> - 1:1.4.1-2
  594. - rebuild for new GD 2.1.0
  595. * Tue May 07 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.1-1
  596. - update to upstream release 1.4.1 (#960605, #960606):
  597. CVE-2013-2028 stack-based buffer overflow when handling certain chunked
  598. transfer encoding requests
  599. * Sun Apr 28 2013 Dan Horák <dan[at]danny.cz> - 1:1.4.0-2
  600. - gperftools exist only on selected arches
  601. * Fri Apr 26 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.0-1
  602. - update to upstream release 1.4.0
  603. - enable SPDY module (new in this version)
  604. - enable http gunzip module (new in this version)
  605. - enable google perftools module and add gperftools-devel to BR
  606. - enable debugging (#956845)
  607. - trim changelog
  608. * Tue Apr 02 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.8-1
  609. - update to upstream release 1.2.8
  610. * Fri Feb 22 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.7-2
  611. - make sure nginx directories are not world readable (#913724, #913735)
  612. * Sat Feb 16 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.7-1
  613. - update to upstream release 1.2.7
  614. - add .asc file
  615. * Tue Feb 05 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-6
  616. - use 'kill' instead of 'systemctl' when rotating log files to workaround
  617. SELinux issue (#889151)
  618. * Wed Jan 23 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-5
  619. - uncomment "include /etc/nginx/conf.d/*.conf by default but leave the
  620. conf.d directory empty (#903065)
  621. * Wed Jan 23 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-4
  622. - add comment in nginx.conf regarding "include /etc/nginf/conf.d/*.conf"
  623. (#903065)
  624. * Wed Dec 19 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-3
  625. - use correct file ownership when rotating log files
  626. * Tue Dec 18 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-2
  627. - send correct kill signal and use correct file permissions when rotating
  628. log files (#888225)
  629. - send correct kill signal in nginx-upgrade
  630. * Tue Dec 11 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-1
  631. - update to upstream release 1.2.6
  632. * Sat Nov 17 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.5-1
  633. - update to upstream release 1.2.5
  634. * Sun Oct 28 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.4-1
  635. - update to upstream release 1.2.4
  636. - introduce new systemd-rpm macros (#850228)
  637. - link to official documentation not the community wiki (#870733)
  638. - do not run systemctl try-restart after package upgrade to allow the
  639. administrator to run nginx-upgrade and avoid downtime
  640. - add nginx man page (#870738)
  641. - add nginx-upgrade man page and remove README.fedora
  642. - remove chkconfig from Requires(post/preun)
  643. - remove initscripts from Requires(preun/postun)
  644. - remove separate configuration files in "/etc/nginx/conf.d" directory
  645. and revert to upstream default of a centralized nginx.conf file
  646. (#803635) (#842738)
  647. * Fri Sep 21 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.3-1
  648. - update to upstream release 1.2.3
  649. * Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.2.1-3
  650. - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
  651. * Thu Jun 28 2012 Petr Pisar <ppisar@redhat.com> - 1:1.2.1-2
  652. - Perl 5.16 rebuild
  653. * Sun Jun 10 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.1-1
  654. - update to upstream release 1.2.1
  655. * Fri Jun 08 2012 Petr Pisar <ppisar@redhat.com> - 1:1.2.0-2
  656. - Perl 5.16 rebuild
  657. * Wed May 16 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.0-1
  658. - update to upstream release 1.2.0
  659. * Wed May 16 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-4
  660. - add nginx-upgrade to replace functionality from the nginx initscript
  661. that was lost after migration to systemd
  662. - add README.fedora to describe usage of nginx-upgrade
  663. - nginx.logrotate: use built-in systemd kill command in postrotate script
  664. - nginx.service: start after syslog.target and network.target
  665. - nginx.service: remove unnecessary references to config file location
  666. - nginx.service: use /bin/kill instead of "/usr/sbin/nginx -s" following
  667. advice from nginx-devel
  668. - nginx.service: use private /tmp
  669. * Mon May 14 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-3
  670. - fix incorrect postrotate script in nginx.logrotate
  671. * Thu Apr 19 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-2
  672. - renable auto-cc-gcc patch due to warnings on rawhide
  673. * Sat Apr 14 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-1
  674. - update to upstream release 1.0.15
  675. - no need to apply auto-cc-gcc patch
  676. - add %%global _hardened_build 1
  677. * Thu Mar 15 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.14-1
  678. - update to upstream release 1.0.14
  679. - amend some %%changelog formatting
  680. * Tue Mar 06 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.13-1
  681. - update to upstream release 1.0.13
  682. - amend --pid-path and --log-path
  683. * Sun Mar 04 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.12-5
  684. - change pid path in nginx.conf to match systemd service file
  685. * Sun Mar 04 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.12-3
  686. - fix %%pre scriptlet
  687. * Mon Feb 20 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.12-2
  688. - update upstream URL
  689. - replace %%define with %%global
  690. - remove obsolete BuildRoot tag, %%clean section and %%defattr
  691. - remove various unnecessary commands
  692. - add systemd service file and update scriptlets
  693. - add Epoch to accommodate %%triggerun as part of systemd migration
  694. * Sun Feb 19 2012 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.0.12-1
  695. - Update to 1.0.12
  696. * Thu Nov 17 2011 Keiran "Affix" Smith <fedora@affix.me> - 1.0.10-1
  697. - Bugfix: a segmentation fault might occur in a worker process if resolver got a big DNS response. Thanks to Ben Hawkes.
  698. - Bugfix: in cache key calculation if internal MD5 implementation wasused; the bug had appeared in 1.0.4.
  699. - Bugfix: the module ngx_http_mp4_module sent incorrect "Content-Length" response header line if the "start" argument was used. Thanks to Piotr Sikora.
  700. * Thu Oct 27 2011 Keiran "Affix" Smith <fedora@affix.me> - 1.0.8-1
  701. - Update to new 1.0.8 stable release
  702. * Fri Aug 26 2011 Keiran "Affix" Smith <fedora@affix.me> - 1.0.5-1
  703. - Update nginx to Latest Stable Release
  704. * Fri Jun 17 2011 Marcela Mašláňová <mmaslano@redhat.com> - 1.0.0-3
  705. - Perl mass rebuild
  706. * Thu Jun 09 2011 Marcela Mašláňová <mmaslano@redhat.com> - 1.0.0-2
  707. - Perl 5.14 mass rebuild
  708. * Wed Apr 27 2011 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.0.0-1
  709. - Update to 1.0.0
  710. * Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.53-6
  711. - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
  712. * Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53.5
  713. - Extract out default config into its own file (bug #635776)
  714. * Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-4
  715. - Revert ownership of log dir
  716. * Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-3
  717. - Change ownership of /var/log/nginx to be 0700 nginx:nginx
  718. - update init script to use killproc -p
  719. - add reopen_logs command to init script
  720. - update init script to use nginx -q option
  721. * Sun Oct 31 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-2
  722. - Fix linking of perl module
  723. * Sun Oct 31 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-1
  724. - Update to new stable 0.8.53
  725. * Sat Jul 31 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.67-2
  726. - add Provides: webserver (bug #619693)
  727. * Sun Jun 20 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.67-1
  728. - Update to new stable 0.7.67
  729. - fix bugzilla #591543
  730. * Tue Jun 01 2010 Marcela Maslanova <mmaslano@redhat.com> - 0.7.65-2
  731. - Mass rebuild with perl-5.12.0
  732. * Mon Feb 15 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.65-1
  733. - Update to new stable 0.7.65
  734. - change ownership of logdir to root:root
  735. - add support for ipv6 (bug #561248)
  736. - add random_index_module
  737. - add secure_link_module
  738. * Fri Dec 04 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.64-1
  739. - Update to new stable 0.7.64