[arch-commits] Commit in nginx/trunk (PKGBUILD logrotate)
Date: Wednesday, January 18, 2017 @ 12:12:44
Author: anthraxx
Revision: 286910
upgpkg: nginx 1.10.2-4 (fix logrotate regression)
Logrotate currently fails and exits unclean as the http user
lost access to the log directory to fix CVE-2016-1247.
We remove the 'su' specification for logrotate and let the root
user do the job, the 'create' option is responsible for the uid/gid
of the new files after rotation. As rotate preserves the uid/gid
this just works without behaviour change without being http.
Modified:
nginx/trunk/PKGBUILD
nginx/trunk/logrotate
---+
PKGBUILD |4 ++--
logrotate |1 -
2 files changed, 2 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===
--- PKGBUILD2017-01-18 08:05:14 UTC (rev 286909)
+++ PKGBUILD2017-01-18 12:12:44 UTC (rev 286910)
@@ -7,7 +7,7 @@
pkgname=nginx
pkgver=1.10.2
-pkgrel=3
+pkgrel=4
pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server'
arch=('i686' 'x86_64')
url='https://nginx.org'
@@ -32,7 +32,7 @@
md5sums=('e8f5f4beed041e63eb97f9f4f55f3085'
'SKIP'
'5dd4d09914a4403b9df778ec1d66167c'
- '83ffd315fed235b8fff40a7cfa23a16d')
+ '6a01fb17af86f03707c8ae60f98a2dc2')
_common_flags=(
--with-pcre-jit
Modified: logrotate
===
--- logrotate 2017-01-18 08:05:14 UTC (rev 286909)
+++ logrotate 2017-01-18 12:12:44 UTC (rev 286910)
@@ -2,7 +2,6 @@
missingok
notifempty
create 640 http log
- su http log
sharedscripts
compress
postrotate
[arch-commits] Commit in nginx/trunk (PKGBUILD logrotate)
Date: Friday, November 18, 2016 @ 20:16:25
Author: bpiotrowski
Revision: 281212
upgpkg: nginx 1.10.2-2
- add notifempty directive to logrotate config file (FS#51721)
- enable ngx_stream_ssl_preread_module
Modified:
nginx/trunk/PKGBUILD
nginx/trunk/logrotate
---+
PKGBUILD |5 +++--
logrotate |1 +
2 files changed, 4 insertions(+), 2 deletions(-)
Modified: PKGBUILD
===
--- PKGBUILD2016-11-18 20:06:32 UTC (rev 281211)
+++ PKGBUILD2016-11-18 20:16:25 UTC (rev 281212)
@@ -7,7 +7,7 @@
pkgname=nginx
pkgver=1.10.2
-pkgrel=1
+pkgrel=2
pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server'
arch=('i686' 'x86_64')
url='https://nginx.org'
@@ -32,7 +32,7 @@
md5sums=('e8f5f4beed041e63eb97f9f4f55f3085'
'SKIP'
'5dd4d09914a4403b9df778ec1d66167c'
- '19a26a61c8afe78defb8b4544f79a9a0')
+ '83ffd315fed235b8fff40a7cfa23a16d')
_common_flags=(
--with-ipv6
@@ -49,6 +49,7 @@
--with-http_mp4_module
--with-http_realip_module
--with-http_secure_link_module
+ --with-http_slice_module
--with-http_ssl_module
--with-http_stub_status_module
--with-http_sub_module
Modified: logrotate
===
--- logrotate 2016-11-18 20:06:32 UTC (rev 281211)
+++ logrotate 2016-11-18 20:16:25 UTC (rev 281212)
@@ -1,5 +1,6 @@
/var/log/nginx/*log {
missingok
+ notifempty
create 640 http log
su http log
sharedscripts
[arch-commits] Commit in nginx/trunk (PKGBUILD logrotate)
Date: Monday, October 13, 2014 @ 08:55:44
Author: bpiotrowski
Revision: 224257
upgpkg: nginx 1.6.2-2
use http:log for log rotation (FS#42169)
Modified:
nginx/trunk/PKGBUILD
nginx/trunk/logrotate
---+
PKGBUILD |4 ++--
logrotate |3 ++-
2 files changed, 4 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===
--- PKGBUILD2014-10-13 06:36:07 UTC (rev 224256)
+++ PKGBUILD2014-10-13 06:55:44 UTC (rev 224257)
@@ -7,7 +7,7 @@
pkgname=nginx
pkgver=1.6.2
-pkgrel=1
+pkgrel=2
pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server'
arch=('i686' 'x86_64')
url='http://nginx.org'
@@ -30,7 +30,7 @@
logrotate)
md5sums=('d1b55031ae6e4bce37f8776b94d8b930'
'5dd4d09914a4403b9df778ec1d66167c'
- '3441ce77cdd1aab6f0ab7e212698a8a7')
+ '19a26a61c8afe78defb8b4544f79a9a0')
build() {
cd $pkgname-$pkgver
Modified: logrotate
===
--- logrotate 2014-10-13 06:36:07 UTC (rev 224256)
+++ logrotate 2014-10-13 06:55:44 UTC (rev 224257)
@@ -1,9 +1,10 @@
/var/log/nginx/*log {
missingok
create 640 http log
+ su http log
sharedscripts
compress
postrotate
- test ! -r /var/run/nginx.pid || kill -USR1 `cat
/var/run/nginx.pid`
+ test ! -r /run/nginx.pid || kill -USR1 `cat /run/nginx.pid`
endscript
}
[arch-commits] Commit in nginx/trunk (PKGBUILD logrotate)
Date: Monday, August 5, 2013 @ 22:01:16
Author: seblu
Revision: 95117
- fix FS#36239
- update maintainers
- comestics
Modified:
nginx/trunk/PKGBUILD
nginx/trunk/logrotate
---+
PKGBUILD | 51 ---
logrotate |2 +-
2 files changed, 25 insertions(+), 28 deletions(-)
Modified: PKGBUILD
===
--- PKGBUILD2013-08-05 19:08:49 UTC (rev 95116)
+++ PKGBUILD2013-08-05 20:01:16 UTC (rev 95117)
@@ -1,31 +1,28 @@
# $Id$
-# Maintainer: Sergej Pupykin pupykin.s+a...@gmail.com
-# Maintainer: Bartłomiej Piotrowski nos...@bpiotrowski.pl
+# Maintainer: Bartłomiej Piotrowski nos...@bpiotrowski.pl
+# Maintainer: Sébastien Luttringer
+# Contributor: Sergej Pupykin pupykin.s+a...@gmail.com
# Contributor: Miroslaw Szot m...@czlug.icis.pcz.pl
-# Contributor: Sébastien Luttringer
-_cfgdir=/etc/nginx
-_tmpdir=/var/lib/nginx
-
pkgbase=nginx
pkgname=(nginx nginx-extra)
pkgver=1.4.2
-pkgrel=1.1
+pkgrel=1.2
arch=('i686' 'x86_64')
makedepends=('pcre' 'zlib' 'openssl' 'gd' 'geoip' 'passenger')
url='http://nginx.org'
license=('custom')
install=nginx.install
-backup=(${_cfgdir:1}/fastcgi.conf
-${_cfgdir:1}/fastcgi_params
-${_cfgdir:1}/koi-win
-${_cfgdir:1}/koi-utf
-${_cfgdir:1}/mime.types
-${_cfgdir:1}/nginx.conf
-${_cfgdir:1}/scgi_params
-${_cfgdir:1}/uwsgi_params
-${_cfgdir:1}/win-utf
-etc/logrotate.d/nginx)
+backup=('etc/nginx/fastcgi.conf'
+'etc/nginx/fastcgi_params'
+'etc/nginx/koi-win'
+'etc/nginx/koi-utf'
+'etc/nginx/mime.types'
+'etc/nginx/nginx.conf'
+'etc/nginx/scgi_params'
+'etc/nginx/uwsgi_params'
+'etc/nginx/win-utf'
+'etc/logrotate.d/nginx')
source=(http://nginx.org/download/nginx-$pkgver.tar.gz;
'http://web.iti.upv.es/~sto/nginx/ngx_http_auth_pam_module-1.2.tar.gz'
'service'
@@ -33,11 +30,11 @@
sha256sums=('5361ffb7b0ebf8b1a04369bc3d1295eaed091680c1c58115f88d56c8e51f3611'
'5a85970ba61a99f55a26d2536a11d512b39bbd622f5737d25a9a8c10db81efa9'
'05fdc0c0483410944b988d7f4beabb00bec4a44a41bd13ebc9b78585da7d3f9b'
-'9523a1fdd5eb61bf62f3049f6ee088b198e36d5edcce2d9b08bbeb2930aa5a16')
+'272907d3213d69dac3bd6024d6d150caa23cb67d4f121e4171f34ba5581f9e98')
_base_options=(
---prefix=$_cfgdir
---conf-path=$_cfgdir/nginx.conf
+'--prefix=/etc/nginx'
+'--conf-path=/etc/nginx/nginx.conf'
'--sbin-path=/usr/bin/nginx'
'--pid-path=/run/nginx.pid'
'--lock-path=/run/lock/nginx.lock'
@@ -45,11 +42,11 @@
'--group=http'
'--http-log-path=/var/log/nginx/access.log'
'--error-log-path=/var/log/nginx/error.log'
---http-client-body-temp-path=$_tmpdir/client-body
---http-proxy-temp-path=$_tmpdir/proxy
---http-fastcgi-temp-path=$_tmpdir/fastcgi
---http-scgi-temp-path=$_tmpdir/scgi
---http-uwsgi-temp-path=$_tmpdir/uwsgi
+'--http-client-body-temp-path=/var/lib/nginx/client-body'
+'--http-proxy-temp-path=/var/lib/nginx/proxy'
+'--http-fastcgi-temp-path=/var/lib/nginx/fastcgi'
+'--http-scgi-temp-path=/var/lib/nginx/scgi'
+'--http-uwsgi-temp-path=/var/lib/nginx/uwsgi'
'--with-imap'
'--with-imap_ssl_module'
'--with-ipv6'
@@ -104,8 +101,8 @@
-i $pkgdir/etc/nginx/nginx.conf
rm $pkgdir/etc/nginx/*.default
-install -d $pkgdir/$_tmpdir
-install -dm700 $pkgdir/$_tmpdir/proxy
+install -d $pkgdir/var/lib/nginx
+install -dm700 $pkgdir/var/lib/nginx/proxy
chmod 750 $pkgdir/var/log/nginx
chown http:log $pkgdir/var/log/nginx
Modified: logrotate
===
--- logrotate 2013-08-05 19:08:49 UTC (rev 95116)
+++ logrotate 2013-08-05 20:01:16 UTC (rev 95117)
@@ -4,6 +4,6 @@
sharedscripts
compress
postrotate
- test -r /var/run/nginx.pid kill -USR1 `cat
/var/run/nginx.pid`
+ test ! -r /var/run/nginx.pid || kill -USR1 `cat
/var/run/nginx.pid`
endscript
}
[arch-commits] Commit in nginx/trunk (PKGBUILD logrotate nginx.install)
Date: Friday, March 22, 2013 @ 21:04:36
Author: foutrelis
Revision: 86845
upgpkg: nginx 1.2.7-5
Change ownership of /var/log/nginx to http so nginx worker processes
can rotate their logs; set permissions of /var/log/nginx in package()
and drop post_install() to avoid pacman warning about different
filesystem permissions.
Modified:
nginx/trunk/PKGBUILD
nginx/trunk/logrotate
nginx/trunk/nginx.install
---+
PKGBUILD |9 ++---
logrotate |2 +-
nginx.install | 10 +++---
3 files changed, 10 insertions(+), 11 deletions(-)
Modified: PKGBUILD
===
--- PKGBUILD2013-03-22 19:37:29 UTC (rev 86844)
+++ PKGBUILD2013-03-22 20:04:36 UTC (rev 86845)
@@ -8,7 +8,7 @@
pkgname=nginx
pkgver=1.2.7
-pkgrel=4
+pkgrel=5
pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server'
arch=('i686' 'x86_64')
depends=('pcre' 'zlib' 'openssl' 'geoip')
@@ -31,7 +31,7 @@
logrotate)
sha256sums=('2457a878943fb409ec4fcb46b43af222d06a584f93228e17a4f02b0e7bfc9de3'
'77da8ce4d8378048606a25e09270ee187d6b226ee750b6cb4313af5549f5156a'
-'a21b564eaf83b4b4ce3a436e895bd37e000677fb314b89818f89f30caca6e6d9')
+'9523a1fdd5eb61bf62f3049f6ee088b198e36d5edcce2d9b08bbeb2930aa5a16')
build() {
cd $srcdir/$pkgname-$pkgver
@@ -87,9 +87,12 @@
install -d $pkgdir/$_tmpdir
install -dm700 $pkgdir/$_tmpdir/proxy
+ chmod 750 $pkgdir/var/log/nginx
+ chown http:log $pkgdir/var/log/nginx
+
install -d $pkgdir/usr/share/nginx
mv $pkgdir/etc/nginx/html/ $pkgdir/usr/share/nginx
-
+
install -Dm644 $srcdir/logrotate $pkgdir/etc/logrotate.d/nginx
install -Dm644 $srcdir/service
$pkgdir/usr/lib/systemd/system/nginx.service
install -Dm644 LICENSE $pkgdir/usr/share/licenses/nginx/LICENSE
Modified: logrotate
===
--- logrotate 2013-03-22 19:37:29 UTC (rev 86844)
+++ logrotate 2013-03-22 20:04:36 UTC (rev 86845)
@@ -1,6 +1,6 @@
/var/log/nginx/*log {
missingok
- create 640 root log
+ create 640 http log
sharedscripts
compress
postrotate
Modified: nginx.install
===
--- nginx.install 2013-03-22 19:37:29 UTC (rev 86844)
+++ nginx.install 2013-03-22 20:04:36 UTC (rev 86845)
@@ -1,12 +1,8 @@
-post_install() {
-if [[ -e var/log/nginx ]]; then
+post_upgrade() {
+if [[ $(vercmp $2 1.2.7-4) -le 0 ]]; then
chmod 750 var/log/nginx
-chown root:log var/log/nginx
+chown http:log var/log/nginx
fi
-}
-
-post_upgrade() {
-[[ $(vercmp $2 1.2.7-3) -le 0 ]] post_install
if [[ $(vercmp $2 1.2.1-2) -le 0 ]]; then
echo Since 1.2.1-2 several changes has been made in package:
echo - *.conf files have been moved to /etc/nginx
[arch-commits] Commit in nginx/trunk (PKGBUILD logrotate nginx.install)
Date: Saturday, February 23, 2013 @ 21:47:17
Author: bpiotrowski
Revision: 84729
upgpkg: nginx 1.2.7-3
I definitely wanted 640 here.
Modified:
nginx/trunk/PKGBUILD
nginx/trunk/logrotate
nginx/trunk/nginx.install
---+
PKGBUILD |4 ++--
logrotate |2 +-
nginx.install |4 ++--
3 files changed, 5 insertions(+), 5 deletions(-)
Modified: PKGBUILD
===
--- PKGBUILD2013-02-23 17:57:52 UTC (rev 84728)
+++ PKGBUILD2013-02-23 20:47:17 UTC (rev 84729)
@@ -8,7 +8,7 @@
pkgname=nginx
pkgver=1.2.7
-pkgrel=2
+pkgrel=3
pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server'
arch=('i686' 'x86_64')
depends=('pcre' 'zlib' 'openssl' 'geoip')
@@ -31,7 +31,7 @@
logrotate)
sha256sums=('2457a878943fb409ec4fcb46b43af222d06a584f93228e17a4f02b0e7bfc9de3'
'77da8ce4d8378048606a25e09270ee187d6b226ee750b6cb4313af5549f5156a'
-'b0ef6c00e0e94926588242ed910b387922e513d5152fcdb651dc06e2b84e7d85')
+'a21b564eaf83b4b4ce3a436e895bd37e000677fb314b89818f89f30caca6e6d9')
build() {
cd $srcdir/$pkgname-$pkgver
Modified: logrotate
===
--- logrotate 2013-02-23 17:57:52 UTC (rev 84728)
+++ logrotate 2013-02-23 20:47:17 UTC (rev 84729)
@@ -1,6 +1,6 @@
/var/log/nginx/*log {
missingok
- create 750 root log
+ create 640 root log
sharedscripts
compress
postrotate
Modified: nginx.install
===
--- nginx.install 2013-02-23 17:57:52 UTC (rev 84728)
+++ nginx.install 2013-02-23 20:47:17 UTC (rev 84729)
@@ -1,12 +1,12 @@
post_install() {
if [[ -e var/log/nginx ]]; then
-chmod 750 var/log/nginx
+chmod 640 var/log/nginx
chown root:log var/log/nginx
fi
}
post_upgrade() {
-[[ $(vercmp $2 1.2.7-1) -le 0 ]] post_install
+[[ $(vercmp $2 1.2.7-2) -le 0 ]] post_install
if [[ $(vercmp $2 1.2.1-2) -le 0 ]]; then
echo Since 1.2.1-2 several changes has been made in package:
echo - *.conf files have been moved to /etc/nginx
