Hello community, here is the log from the commit of package nginx for openSUSE:Factory checked in at 2016-06-07 23:47:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nginx (Old) and /work/SRC/openSUSE:Factory/.nginx.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nginx" Changes: -------- --- /work/SRC/openSUSE:Factory/nginx/nginx.changes 2016-05-24 09:35:18.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.nginx.new/nginx.changes 2016-06-07 23:47:01.000000000 +0200 @@ -1,0 +2,51 @@ +Thu Jun 2 11:55:19 UTC 2016 - [email protected] + +- in the sysvinit script use the pid file in /var/run + +------------------------------------------------------------------- +Wed Jun 1 12:33:55 UTC 2016 - [email protected] + +- update to 1.10.1 (bsc# 982505) + Security: a segmentation fault might occur in a worker process + while writing a specially crafted request body to a temporary + file (CVE-2016-4450); the bug had appeared in 1.3.9. + +------------------------------------------------------------------- +Sun May 15 11:03:18 UTC 2016 - [email protected] + +- improve conditionals + - merge the 12.2 and 12.1 based conditionals into 1 as both of + them are out of support now. + - enable pcre JIT + - make use if libatomic_ops on Leap + +------------------------------------------------------------------- +Sun May 15 10:36:19 UTC 2016 - [email protected] + +- enable dynamic modules for intree modules. The following modules + are built as loadable modules now: + + ngx_http_geoip_module.so + ngx_http_image_filter_module.so + ngx_http_perl_module.so + ngx_http_xslt_filter_module.so + ngx_mail_module.so + ngx_stream_module.so + + You will have to load those modules with load_module. + http://nginx.org/en/docs/ngx_core_module.html#load_module + + The correct syntax for this package is: + + # For 64bit machines: + load_module lib64/nginx/modules/ngx_http_geoip_module.so; + + # For 32bit machines: + load_module lib/nginx/modules/ngx_http_geoip_module.so; + + Examples for all the intree modules have been added to the + default nginx.conf +- patches updated: + nginx-1.6.1-default_config.patch - added load_module example + +------------------------------------------------------------------- Old: ---- nginx-1.10.0.tar.gz New: ---- nginx-1.10.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nginx.spec ++++++ --- /var/tmp/diff_new_pack.qTrzV9/_old 2016-06-07 23:47:02.000000000 +0200 +++ /var/tmp/diff_new_pack.qTrzV9/_new 2016-06-07 23:47:02.000000000 +0200 @@ -20,7 +20,7 @@ %bcond_with google_perftools %bcond_without fancyindex -%if 0%{?suse_version} != 1315 +%if 0%{?suse_version} != 1315 || 0%{?is_opensuse} %bcond_without libatomic %else %bcond_with libatomic @@ -28,19 +28,18 @@ %if 0%{?suse_version} > 1220 %bcond_without http2 -%else -%bcond_with http2 -%endif - -%if 0%{?suse_version} >= 1210 +%bcond_without pcre_jit %bcond_without systemd %else +%bcond_with http2 +%bcond_with pcre_jit %bcond_with systemd %endif %define pkg_name nginx %define ngx_prefix %{_prefix} %define ngx_sbin_path %{_sbindir}/nginx +%define ngx_module_dir %{_libdir}/nginx/modules %define ngx_conf_dir %{_sysconfdir}/nginx %define ngx_conf_path %{ngx_conf_dir}/nginx.conf %define ngx_log_dir %{_localstatedir}/log/nginx @@ -63,7 +62,7 @@ %endif # Name: nginx -Version: 1.10.0 +Version: 1.10.1 Release: 0 %define fancyindex_version 0.3.5 Summary: A HTTP server and IMAP/POP3 proxy server @@ -135,6 +134,8 @@ %patch4 -p1 perl -pi -e 's|\r\n|\n|g' contrib/geo2nginx.pl +# we just use lib here because nginx loads them relative to _prefix +perl -pi -e 's|#LIBDIR#|%{_lib}|g' conf/nginx.conf %if %{with fancyindex} mkdir -p ngx-fancyindex-%{fancyindex_version} @@ -151,6 +152,7 @@ ./configure \ --prefix=%{ngx_prefix}/ \ --sbin-path=%{ngx_sbin_path} \ + --modules-path=%{ngx_module_dir} \ --conf-path=%{ngx_conf_path} \ --error-log-path=%{ngx_error_log} \ --http-log-path=%{ngx_access_log} \ @@ -173,9 +175,9 @@ %endif --with-http_realip_module \ --with-http_addition_module \ - --with-http_xslt_module \ - --with-http_image_filter_module \ - --with-http_geoip_module \ + --with-http_xslt_module=dynamic \ + --with-http_image_filter_module=dynamic \ + --with-http_geoip_module=dynamic \ --with-http_sub_module \ --with-http_dav_module \ --with-http_flv_module \ @@ -188,12 +190,15 @@ --with-http_degradation_module \ --with-http_slice_module \ --with-http_stub_status_module \ - --with-http_perl_module \ + --with-http_perl_module=dynamic \ --with-perl=%{_bindir}/perl \ - --with-mail \ - --with-stream \ + --with-mail=dynamic \ + --with-stream=dynamic \ --with-mail_ssl_module \ --with-pcre \ + %if %{with pcre_jit} + --with-pcre-jit \ + %endif %if %{with libatomic} --with-libatomic \ %endif @@ -209,7 +214,7 @@ --with-md5=%{_prefix} \ --with-sha1=%{_prefix} \ %if 0%{?suse_version} > 1220 - --with-cc-opt="%{optflags} -fPIE -D_GNU_SOURCE -std=gnu99 -fstack-protector" \ + --with-cc-opt="%{optflags} -fPIC -D_GNU_SOURCE -std=gnu99 -fstack-protector" \ --with-ld-opt="-Wl,-z,relro,-z,now -pie" %else --with-cc-opt="%{optflags}" @@ -285,6 +290,14 @@ %{perl_vendorarch}/auto/nginx/ %{perl_vendorarch}/nginx.pm %{ngx_sbin_path} +%dir %{_libdir}/nginx/ +%dir %{ngx_module_dir}/ +%{ngx_module_dir}/ngx_http_geoip_module.so +%{ngx_module_dir}/ngx_http_image_filter_module.so +%{ngx_module_dir}/ngx_http_perl_module.so +%{ngx_module_dir}/ngx_http_xslt_filter_module.so +%{ngx_module_dir}/ngx_mail_module.so +%{ngx_module_dir}/ngx_stream_module.so %{_mandir}/man3/nginx.3pm* /srv/www/htdocs/50x.html %if 0%{?suse_version} && 0%{?suse_version} < 1140 ++++++ nginx-1.10.0.tar.gz -> nginx-1.10.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.10.0/CHANGES new/nginx-1.10.1/CHANGES --- old/nginx-1.10.0/CHANGES 2016-04-26 15:31:24.000000000 +0200 +++ new/nginx-1.10.1/CHANGES 2016-05-31 15:47:07.000000000 +0200 @@ -1,4 +1,11 @@ +Changes with nginx 1.10.1 31 May 2016 + + *) Security: a segmentation fault might occur in a worker process while + writing a specially crafted request body to a temporary file + (CVE-2016-4450); the bug had appeared in 1.3.9. + + Changes with nginx 1.10.0 26 Apr 2016 *) 1.10.x stable branch. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.10.0/CHANGES.ru new/nginx-1.10.1/CHANGES.ru --- old/nginx-1.10.0/CHANGES.ru 2016-04-26 15:31:22.000000000 +0200 +++ new/nginx-1.10.1/CHANGES.ru 2016-05-31 15:47:05.000000000 +0200 @@ -1,4 +1,11 @@ +Изменения в nginx 1.10.1 31.05.2016 + + *) Безопасность: при записи тела специально созданного запроса во + временный файл в рабочем процессе мог происходить segmentation fault + (CVE-2016-4450); ошибка появилась в 1.3.9. + + Изменения в nginx 1.10.0 26.04.2016 *) Стабильная ветка 1.10.x. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.10.0/src/core/nginx.h new/nginx-1.10.1/src/core/nginx.h --- old/nginx-1.10.0/src/core/nginx.h 2016-04-26 15:31:19.000000000 +0200 +++ new/nginx-1.10.1/src/core/nginx.h 2016-05-31 15:47:02.000000000 +0200 @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1010000 -#define NGINX_VERSION "1.10.0" +#define nginx_version 1010001 +#define NGINX_VERSION "1.10.1" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.10.0/src/os/unix/ngx_files.c new/nginx-1.10.1/src/os/unix/ngx_files.c --- old/nginx-1.10.0/src/os/unix/ngx_files.c 2016-04-26 15:31:20.000000000 +0200 +++ new/nginx-1.10.1/src/os/unix/ngx_files.c 2016-05-31 15:47:02.000000000 +0200 @@ -356,6 +356,11 @@ n = 0; for ( /* void */ ; cl; cl = cl->next) { + + if (ngx_buf_special(cl->buf)) { + continue; + } + size = cl->buf->last - cl->buf->pos; if (prev == cl->buf->pos) { ++++++ nginx-1.6.1-default_config.patch ++++++ --- /var/tmp/diff_new_pack.qTrzV9/_old 2016-06-07 23:47:02.000000000 +0200 +++ /var/tmp/diff_new_pack.qTrzV9/_new 2016-06-07 23:47:02.000000000 +0200 @@ -1,8 +1,8 @@ Index: conf/nginx.conf =================================================================== ---- conf.orig/nginx.conf +--- conf/nginx.conf.orig +++ conf/nginx.conf -@@ -1,16 +1,17 @@ +@@ -1,16 +1,24 @@ -#user nobody; +#user nginx; @@ -11,6 +11,13 @@ -#error_log logs/error.log; -#error_log logs/error.log notice; -#error_log logs/error.log info; ++# load_module #LIBDIR#/nginx/modules/ngx_http_geoip_module.so; ++# load_module #LIBDIR#/nginx/modules/ngx_http_image_filter_module.so; ++# load_module #LIBDIR#/nginx/modules/ngx_http_perl_module.so; ++# load_module #LIBDIR#/nginx/modules/ngx_http_xslt_filter_module.so; ++# load_module #LIBDIR#/nginx/modules/ngx_mail_module.so; ++# load_module #LIBDIR#/nginx/modules/ngx_stream_module.so; ++ +#error_log /var/log/nginx/error.log; +#error_log /var/log/nginx/error.log notice; +#error_log /var/log/nginx/error.log info; @@ -25,7 +32,7 @@ } -@@ -22,7 +23,7 @@ http { +@@ -22,7 +30,7 @@ http { # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; @@ -34,7 +41,7 @@ sendfile on; #tcp_nopush on; -@@ -32,16 +33,18 @@ http { +@@ -32,16 +40,18 @@ http { #gzip on; @@ -55,7 +62,7 @@ index index.html index.htm; } -@@ -51,7 +54,7 @@ http { +@@ -51,7 +61,7 @@ http { # error_page 500 502 503 504 /50x.html; location = /50x.html { @@ -64,7 +71,7 @@ } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 -@@ -63,7 +66,7 @@ http { +@@ -63,7 +73,7 @@ http { # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { @@ -73,7 +80,7 @@ # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; -@@ -87,7 +90,7 @@ http { +@@ -87,7 +97,7 @@ http { # server_name somename alias another.alias; # location / { @@ -82,7 +89,7 @@ # index index.html index.htm; # } #} -@@ -109,9 +112,11 @@ http { +@@ -109,9 +119,11 @@ http { # ssl_prefer_server_ciphers on; # location / { ++++++ nginx.init ++++++ --- /var/tmp/diff_new_pack.qTrzV9/_old 2016-06-07 23:47:02.000000000 +0200 +++ /var/tmp/diff_new_pack.qTrzV9/_new 2016-06-07 23:47:02.000000000 +0200 @@ -115,7 +115,7 @@ test -x $NGINX_BIN || { echo "$NGINX_BIN not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } -NGINX_PID=/run/nginx.pid +NGINX_PID=/var/run/nginx.pid # Check for existence of needed config file and read it #NGINX_CONFIG=/etc/sysconfig/nginx
