Hello community,

here is the log from the commit of package nginx for openSUSE:Factory checked 
in at 2016-06-07 23:47:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nginx (Old)
 and      /work/SRC/openSUSE:Factory/.nginx.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "nginx"

Changes:
--------
--- /work/SRC/openSUSE:Factory/nginx/nginx.changes      2016-05-24 
09:35:18.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.nginx.new/nginx.changes 2016-06-07 
23:47:01.000000000 +0200
@@ -1,0 +2,51 @@
+Thu Jun  2 11:55:19 UTC 2016 - [email protected]
+
+- in the sysvinit script use the pid file in /var/run
+
+-------------------------------------------------------------------
+Wed Jun  1 12:33:55 UTC 2016 - [email protected]
+
+- update to 1.10.1 (bsc# 982505)
+  Security: a segmentation fault might occur in a worker process
+  while writing a specially crafted request body to a temporary
+  file (CVE-2016-4450); the bug had appeared in 1.3.9.
+
+-------------------------------------------------------------------
+Sun May 15 11:03:18 UTC 2016 - [email protected]
+
+- improve conditionals
+  - merge the 12.2 and 12.1 based conditionals into 1 as both of
+    them are out of support now.
+  - enable pcre JIT
+  - make use if libatomic_ops on Leap
+
+-------------------------------------------------------------------
+Sun May 15 10:36:19 UTC 2016 - [email protected]
+
+- enable dynamic modules for intree modules. The following modules
+  are built as loadable modules now:
+
+  ngx_http_geoip_module.so
+  ngx_http_image_filter_module.so
+  ngx_http_perl_module.so
+  ngx_http_xslt_filter_module.so
+  ngx_mail_module.so
+  ngx_stream_module.so
+
+  You will have to load those modules with load_module.
+  http://nginx.org/en/docs/ngx_core_module.html#load_module
+
+  The correct syntax for this package is:
+
+  # For 64bit machines:
+  load_module lib64/nginx/modules/ngx_http_geoip_module.so;
+
+  # For 32bit machines:
+  load_module lib/nginx/modules/ngx_http_geoip_module.so;
+
+  Examples for all the intree modules have been added to the
+  default nginx.conf
+- patches updated:
+  nginx-1.6.1-default_config.patch - added load_module example
+
+-------------------------------------------------------------------

Old:
----
  nginx-1.10.0.tar.gz

New:
----
  nginx-1.10.1.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ nginx.spec ++++++
--- /var/tmp/diff_new_pack.qTrzV9/_old  2016-06-07 23:47:02.000000000 +0200
+++ /var/tmp/diff_new_pack.qTrzV9/_new  2016-06-07 23:47:02.000000000 +0200
@@ -20,7 +20,7 @@
 %bcond_with    google_perftools
 %bcond_without fancyindex
 
-%if 0%{?suse_version} != 1315
+%if 0%{?suse_version} != 1315 || 0%{?is_opensuse}
 %bcond_without libatomic
 %else
 %bcond_with    libatomic
@@ -28,19 +28,18 @@
 
 %if 0%{?suse_version} > 1220
 %bcond_without http2
-%else
-%bcond_with    http2
-%endif
-
-%if 0%{?suse_version} >= 1210
+%bcond_without pcre_jit
 %bcond_without systemd
 %else
+%bcond_with    http2
+%bcond_with    pcre_jit
 %bcond_with systemd
 %endif
 
 %define pkg_name nginx
 %define ngx_prefix     %{_prefix}
 %define ngx_sbin_path  %{_sbindir}/nginx
+%define ngx_module_dir %{_libdir}/nginx/modules
 %define ngx_conf_dir   %{_sysconfdir}/nginx
 %define ngx_conf_path  %{ngx_conf_dir}/nginx.conf
 %define ngx_log_dir    %{_localstatedir}/log/nginx
@@ -63,7 +62,7 @@
 %endif
 #
 Name:           nginx
-Version:        1.10.0
+Version:        1.10.1
 Release:        0
 %define fancyindex_version 0.3.5
 Summary:        A HTTP server and IMAP/POP3 proxy server
@@ -135,6 +134,8 @@
 %patch4 -p1
 
 perl -pi -e 's|\r\n|\n|g' contrib/geo2nginx.pl
+# we just use lib here because nginx loads them relative to _prefix
+perl -pi -e 's|#LIBDIR#|%{_lib}|g' conf/nginx.conf
 
 %if %{with fancyindex}
 mkdir -p ngx-fancyindex-%{fancyindex_version}
@@ -151,6 +152,7 @@
 ./configure                                    \
   --prefix=%{ngx_prefix}/                      \
   --sbin-path=%{ngx_sbin_path}                 \
+  --modules-path=%{ngx_module_dir}             \
   --conf-path=%{ngx_conf_path}                 \
   --error-log-path=%{ngx_error_log}            \
   --http-log-path=%{ngx_access_log}            \
@@ -173,9 +175,9 @@
   %endif
   --with-http_realip_module                    \
   --with-http_addition_module                  \
-  --with-http_xslt_module                      \
-  --with-http_image_filter_module              \
-  --with-http_geoip_module                     \
+  --with-http_xslt_module=dynamic              \
+  --with-http_image_filter_module=dynamic      \
+  --with-http_geoip_module=dynamic             \
   --with-http_sub_module                       \
   --with-http_dav_module                       \
   --with-http_flv_module                       \
@@ -188,12 +190,15 @@
   --with-http_degradation_module               \
   --with-http_slice_module                     \
   --with-http_stub_status_module               \
-  --with-http_perl_module                      \
+  --with-http_perl_module=dynamic              \
   --with-perl=%{_bindir}/perl                  \
-  --with-mail                                  \
-  --with-stream                                \
+  --with-mail=dynamic                          \
+  --with-stream=dynamic                        \
   --with-mail_ssl_module                       \
   --with-pcre                                  \
+  %if %{with pcre_jit}
+  --with-pcre-jit                              \
+  %endif
   %if %{with libatomic}
   --with-libatomic                             \
   %endif
@@ -209,7 +214,7 @@
   --with-md5=%{_prefix}                              \
   --with-sha1=%{_prefix}                             \
 %if 0%{?suse_version} > 1220
-  --with-cc-opt="%{optflags} -fPIE -D_GNU_SOURCE -std=gnu99 -fstack-protector" 
\
+  --with-cc-opt="%{optflags} -fPIC -D_GNU_SOURCE -std=gnu99 -fstack-protector" 
\
   --with-ld-opt="-Wl,-z,relro,-z,now -pie"
 %else
   --with-cc-opt="%{optflags}"
@@ -285,6 +290,14 @@
 %{perl_vendorarch}/auto/nginx/
 %{perl_vendorarch}/nginx.pm
 %{ngx_sbin_path}
+%dir %{_libdir}/nginx/
+%dir %{ngx_module_dir}/
+%{ngx_module_dir}/ngx_http_geoip_module.so
+%{ngx_module_dir}/ngx_http_image_filter_module.so
+%{ngx_module_dir}/ngx_http_perl_module.so
+%{ngx_module_dir}/ngx_http_xslt_filter_module.so
+%{ngx_module_dir}/ngx_mail_module.so
+%{ngx_module_dir}/ngx_stream_module.so
 %{_mandir}/man3/nginx.3pm*
 /srv/www/htdocs/50x.html
 %if 0%{?suse_version} && 0%{?suse_version} < 1140

++++++ nginx-1.10.0.tar.gz -> nginx-1.10.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.10.0/CHANGES new/nginx-1.10.1/CHANGES
--- old/nginx-1.10.0/CHANGES    2016-04-26 15:31:24.000000000 +0200
+++ new/nginx-1.10.1/CHANGES    2016-05-31 15:47:07.000000000 +0200
@@ -1,4 +1,11 @@
 
+Changes with nginx 1.10.1                                        31 May 2016
+
+    *) Security: a segmentation fault might occur in a worker process while
+       writing a specially crafted request body to a temporary file
+       (CVE-2016-4450); the bug had appeared in 1.3.9.
+
+
 Changes with nginx 1.10.0                                        26 Apr 2016
 
     *) 1.10.x stable branch.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.10.0/CHANGES.ru new/nginx-1.10.1/CHANGES.ru
--- old/nginx-1.10.0/CHANGES.ru 2016-04-26 15:31:22.000000000 +0200
+++ new/nginx-1.10.1/CHANGES.ru 2016-05-31 15:47:05.000000000 +0200
@@ -1,4 +1,11 @@
 
+Изменения в nginx 1.10.1                                          31.05.2016
+
+    *) Безопасность: при записи тела специально созданного запроса во
+       временный файл в рабочем процессе мог происходить segmentation fault
+       (CVE-2016-4450); ошибка появилась в 1.3.9.
+
+
 Изменения в nginx 1.10.0                                          26.04.2016
 
     *) Стабильная ветка 1.10.x.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.10.0/src/core/nginx.h 
new/nginx-1.10.1/src/core/nginx.h
--- old/nginx-1.10.0/src/core/nginx.h   2016-04-26 15:31:19.000000000 +0200
+++ new/nginx-1.10.1/src/core/nginx.h   2016-05-31 15:47:02.000000000 +0200
@@ -9,8 +9,8 @@
 #define _NGINX_H_INCLUDED_
 
 
-#define nginx_version      1010000
-#define NGINX_VERSION      "1.10.0"
+#define nginx_version      1010001
+#define NGINX_VERSION      "1.10.1"
 #define NGINX_VER          "nginx/" NGINX_VERSION
 
 #ifdef NGX_BUILD
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.10.0/src/os/unix/ngx_files.c 
new/nginx-1.10.1/src/os/unix/ngx_files.c
--- old/nginx-1.10.0/src/os/unix/ngx_files.c    2016-04-26 15:31:20.000000000 
+0200
+++ new/nginx-1.10.1/src/os/unix/ngx_files.c    2016-05-31 15:47:02.000000000 
+0200
@@ -356,6 +356,11 @@
     n = 0;
 
     for ( /* void */ ; cl; cl = cl->next) {
+
+        if (ngx_buf_special(cl->buf)) {
+            continue;
+        }
+
         size = cl->buf->last - cl->buf->pos;
 
         if (prev == cl->buf->pos) {

++++++ nginx-1.6.1-default_config.patch ++++++
--- /var/tmp/diff_new_pack.qTrzV9/_old  2016-06-07 23:47:02.000000000 +0200
+++ /var/tmp/diff_new_pack.qTrzV9/_new  2016-06-07 23:47:02.000000000 +0200
@@ -1,8 +1,8 @@
 Index: conf/nginx.conf
 ===================================================================
---- conf.orig/nginx.conf
+--- conf/nginx.conf.orig
 +++ conf/nginx.conf
-@@ -1,16 +1,17 @@
+@@ -1,16 +1,24 @@
  
 -#user  nobody;
 +#user  nginx;
@@ -11,6 +11,13 @@
 -#error_log  logs/error.log;
 -#error_log  logs/error.log  notice;
 -#error_log  logs/error.log  info;
++# load_module #LIBDIR#/nginx/modules/ngx_http_geoip_module.so;
++# load_module #LIBDIR#/nginx/modules/ngx_http_image_filter_module.so;
++# load_module #LIBDIR#/nginx/modules/ngx_http_perl_module.so;
++# load_module #LIBDIR#/nginx/modules/ngx_http_xslt_filter_module.so;
++# load_module #LIBDIR#/nginx/modules/ngx_mail_module.so;
++# load_module #LIBDIR#/nginx/modules/ngx_stream_module.so;
++
 +#error_log  /var/log/nginx/error.log;
 +#error_log  /var/log/nginx/error.log  notice;
 +#error_log  /var/log/nginx/error.log  info;
@@ -25,7 +32,7 @@
  }
  
  
-@@ -22,7 +23,7 @@ http {
+@@ -22,7 +30,7 @@ http {
      #                  '$status $body_bytes_sent "$http_referer" '
      #                  '"$http_user_agent" "$http_x_forwarded_for"';
  
@@ -34,7 +41,7 @@
  
      sendfile        on;
      #tcp_nopush     on;
-@@ -32,16 +33,18 @@ http {
+@@ -32,16 +40,18 @@ http {
  
      #gzip  on;
  
@@ -55,7 +62,7 @@
              index  index.html index.htm;
          }
  
-@@ -51,7 +54,7 @@ http {
+@@ -51,7 +61,7 @@ http {
          #
          error_page   500 502 503 504  /50x.html;
          location = /50x.html {
@@ -64,7 +71,7 @@
          }
  
          # proxy the PHP scripts to Apache listening on 127.0.0.1:80
-@@ -63,7 +66,7 @@ http {
+@@ -63,7 +73,7 @@ http {
          # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
          #
          #location ~ \.php$ {
@@ -73,7 +80,7 @@
          #    fastcgi_pass   127.0.0.1:9000;
          #    fastcgi_index  index.php;
          #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
-@@ -87,7 +90,7 @@ http {
+@@ -87,7 +97,7 @@ http {
      #    server_name  somename  alias  another.alias;
  
      #    location / {
@@ -82,7 +89,7 @@
      #        index  index.html index.htm;
      #    }
      #}
-@@ -109,9 +112,11 @@ http {
+@@ -109,9 +119,11 @@ http {
      #    ssl_prefer_server_ciphers  on;
  
      #    location / {

++++++ nginx.init ++++++
--- /var/tmp/diff_new_pack.qTrzV9/_old  2016-06-07 23:47:02.000000000 +0200
+++ /var/tmp/diff_new_pack.qTrzV9/_new  2016-06-07 23:47:02.000000000 +0200
@@ -115,7 +115,7 @@
 test -x $NGINX_BIN || { echo "$NGINX_BIN not installed"; 
        if [ "$1" = "stop" ]; then exit 0;
        else exit 5; fi; }
-NGINX_PID=/run/nginx.pid
+NGINX_PID=/var/run/nginx.pid
 
 # Check for existence of needed config file and read it
 #NGINX_CONFIG=/etc/sysconfig/nginx


Reply via email to