Hi, OFFLIST as it's not directly pertinent to your specific distro pkgs.
but, since you're packaging, fwiw, I take a very different approach than distro-pkgd atm, https://download.copr.fedorainfracloud.org/results/pgfed/nginx-mainline/fedora-33-x86_64/02142389-nginx/nginx.spec that puts runtime service files under /run/nginx and logs under /var/log/nginx, both chown'd as wwwrun:www. personally, I find it a lot cleaner, easier to manage. my $0.02, anyway. that said, I'm very clear 'my' pkg'ing is not even close to release canonical ... i.e., just fyi. On 4/21/21 1:25 PM, Felix Kaechele via devel wrote:
Dear Fedorans, Nginx 1.20.0 stable was just released and I took the opportunity to squash some long standing open bugs while updating the package. The new release is on it's way to updates-testing right now. I would like to encourage some extra testing for this release as there is one behaviour change, specific to Fedora/EPEL, that may affect some use cases: The ownership and mode of the log directory has changed to root:root and 700 respectively. Logrotate (if in use) no longer creates the logfiles when rotating and leaves this to nginx which will create them as root:root-owned. This matches the behaviour of httpd in Fedora. You may see the effects of this if you are using external tools to process these logs that do not run as root, but as the nginx user instead. The bugs relating to this are: - BZ#1390183 CVE-2016-1247 nginx: Local privilege escalation via log files [fedora-all] - BZ#1683388 Log file ownership created by logrotate inconsistent with the one created by systemd In my local testing I have not seen any changes to behaviour but I would like to make extra sure everything continues to work as expected for users as this version of the package will make it's way to EPEL 7 as well to replace the EOL version of nginx that is currently packaged there. Quite a number of other bugs that I deem to have no effect on simple upgrades have made it's way into this release of the package as well. Specifically: - BZ#1565377 Service reload should check configuration file - BZ#1708799 Drop nginx requirement on nginx-all-modules - BZ#1834452 Enable --with-compat configure option - BZ#1869026 nginx.service fails to parse /run/nginx.pid - BZ#1943779 nginx.service wants wrong network target - causes race condition on boot Here are the links to Bodhi for this update. Please test these releases and provide feedback/karma. Fedora 34: https://bodhi.fedoraproject.org/updates/FEDORA-2021-3aa9ac7fd1 Fedora 33: https://bodhi.fedoraproject.org/updates/FEDORA-2021-10c1cd4cba Fedora 32: https://bodhi.fedoraproject.org/updates/FEDORA-2021-1556d440ba Thanks a ton! Regards, Felix _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
