[arch-commits] Commit in nginx/trunk (PKGBUILD logrotate)
Date: Wednesday, January 18, 2017 @ 12:12:44 Author: anthraxx Revision: 286910 upgpkg: nginx 1.10.2-4 (fix logrotate regression) Logrotate currently fails and exits unclean as the http user lost access to the log directory to fix CVE-2016-1247. We remove the 'su' specification for logrotate and let the root user do the job, the 'create' option is responsible for the uid/gid of the new files after rotation. As rotate preserves the uid/gid this just works without behaviour change without being http. Modified: nginx/trunk/PKGBUILD nginx/trunk/logrotate ---+ PKGBUILD |4 ++-- logrotate |1 - 2 files changed, 2 insertions(+), 3 deletions(-) Modified: PKGBUILD === --- PKGBUILD2017-01-18 08:05:14 UTC (rev 286909) +++ PKGBUILD2017-01-18 12:12:44 UTC (rev 286910) @@ -7,7 +7,7 @@ pkgname=nginx pkgver=1.10.2 -pkgrel=3 +pkgrel=4 pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server' arch=('i686' 'x86_64') url='https://nginx.org' @@ -32,7 +32,7 @@ md5sums=('e8f5f4beed041e63eb97f9f4f55f3085' 'SKIP' '5dd4d09914a4403b9df778ec1d66167c' - '83ffd315fed235b8fff40a7cfa23a16d') + '6a01fb17af86f03707c8ae60f98a2dc2') _common_flags=( --with-pcre-jit Modified: logrotate === --- logrotate 2017-01-18 08:05:14 UTC (rev 286909) +++ logrotate 2017-01-18 12:12:44 UTC (rev 286910) @@ -2,7 +2,6 @@ missingok notifempty create 640 http log - su http log sharedscripts compress postrotate
[arch-commits] Commit in nginx/trunk (PKGBUILD logrotate)
Date: Friday, November 18, 2016 @ 20:16:25 Author: bpiotrowski Revision: 281212 upgpkg: nginx 1.10.2-2 - add notifempty directive to logrotate config file (FS#51721) - enable ngx_stream_ssl_preread_module Modified: nginx/trunk/PKGBUILD nginx/trunk/logrotate ---+ PKGBUILD |5 +++-- logrotate |1 + 2 files changed, 4 insertions(+), 2 deletions(-) Modified: PKGBUILD === --- PKGBUILD2016-11-18 20:06:32 UTC (rev 281211) +++ PKGBUILD2016-11-18 20:16:25 UTC (rev 281212) @@ -7,7 +7,7 @@ pkgname=nginx pkgver=1.10.2 -pkgrel=1 +pkgrel=2 pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server' arch=('i686' 'x86_64') url='https://nginx.org' @@ -32,7 +32,7 @@ md5sums=('e8f5f4beed041e63eb97f9f4f55f3085' 'SKIP' '5dd4d09914a4403b9df778ec1d66167c' - '19a26a61c8afe78defb8b4544f79a9a0') + '83ffd315fed235b8fff40a7cfa23a16d') _common_flags=( --with-ipv6 @@ -49,6 +49,7 @@ --with-http_mp4_module --with-http_realip_module --with-http_secure_link_module + --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module Modified: logrotate === --- logrotate 2016-11-18 20:06:32 UTC (rev 281211) +++ logrotate 2016-11-18 20:16:25 UTC (rev 281212) @@ -1,5 +1,6 @@ /var/log/nginx/*log { missingok + notifempty create 640 http log su http log sharedscripts
[arch-commits] Commit in nginx/trunk (PKGBUILD logrotate)
Date: Monday, October 13, 2014 @ 08:55:44 Author: bpiotrowski Revision: 224257 upgpkg: nginx 1.6.2-2 use http:log for log rotation (FS#42169) Modified: nginx/trunk/PKGBUILD nginx/trunk/logrotate ---+ PKGBUILD |4 ++-- logrotate |3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) Modified: PKGBUILD === --- PKGBUILD2014-10-13 06:36:07 UTC (rev 224256) +++ PKGBUILD2014-10-13 06:55:44 UTC (rev 224257) @@ -7,7 +7,7 @@ pkgname=nginx pkgver=1.6.2 -pkgrel=1 +pkgrel=2 pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server' arch=('i686' 'x86_64') url='http://nginx.org' @@ -30,7 +30,7 @@ logrotate) md5sums=('d1b55031ae6e4bce37f8776b94d8b930' '5dd4d09914a4403b9df778ec1d66167c' - '3441ce77cdd1aab6f0ab7e212698a8a7') + '19a26a61c8afe78defb8b4544f79a9a0') build() { cd $pkgname-$pkgver Modified: logrotate === --- logrotate 2014-10-13 06:36:07 UTC (rev 224256) +++ logrotate 2014-10-13 06:55:44 UTC (rev 224257) @@ -1,9 +1,10 @@ /var/log/nginx/*log { missingok create 640 http log + su http log sharedscripts compress postrotate - test ! -r /var/run/nginx.pid || kill -USR1 `cat /var/run/nginx.pid` + test ! -r /run/nginx.pid || kill -USR1 `cat /run/nginx.pid` endscript }
[arch-commits] Commit in nginx/trunk (PKGBUILD logrotate)
Date: Monday, August 5, 2013 @ 22:01:16 Author: seblu Revision: 95117 - fix FS#36239 - update maintainers - comestics Modified: nginx/trunk/PKGBUILD nginx/trunk/logrotate ---+ PKGBUILD | 51 --- logrotate |2 +- 2 files changed, 25 insertions(+), 28 deletions(-) Modified: PKGBUILD === --- PKGBUILD2013-08-05 19:08:49 UTC (rev 95116) +++ PKGBUILD2013-08-05 20:01:16 UTC (rev 95117) @@ -1,31 +1,28 @@ # $Id$ -# Maintainer: Sergej Pupykin pupykin.s+a...@gmail.com -# Maintainer: Bartłomiej Piotrowski nos...@bpiotrowski.pl +# Maintainer: Bartłomiej Piotrowski nos...@bpiotrowski.pl +# Maintainer: Sébastien Luttringer +# Contributor: Sergej Pupykin pupykin.s+a...@gmail.com # Contributor: Miroslaw Szot m...@czlug.icis.pcz.pl -# Contributor: Sébastien Luttringer -_cfgdir=/etc/nginx -_tmpdir=/var/lib/nginx - pkgbase=nginx pkgname=(nginx nginx-extra) pkgver=1.4.2 -pkgrel=1.1 +pkgrel=1.2 arch=('i686' 'x86_64') makedepends=('pcre' 'zlib' 'openssl' 'gd' 'geoip' 'passenger') url='http://nginx.org' license=('custom') install=nginx.install -backup=(${_cfgdir:1}/fastcgi.conf -${_cfgdir:1}/fastcgi_params -${_cfgdir:1}/koi-win -${_cfgdir:1}/koi-utf -${_cfgdir:1}/mime.types -${_cfgdir:1}/nginx.conf -${_cfgdir:1}/scgi_params -${_cfgdir:1}/uwsgi_params -${_cfgdir:1}/win-utf -etc/logrotate.d/nginx) +backup=('etc/nginx/fastcgi.conf' +'etc/nginx/fastcgi_params' +'etc/nginx/koi-win' +'etc/nginx/koi-utf' +'etc/nginx/mime.types' +'etc/nginx/nginx.conf' +'etc/nginx/scgi_params' +'etc/nginx/uwsgi_params' +'etc/nginx/win-utf' +'etc/logrotate.d/nginx') source=(http://nginx.org/download/nginx-$pkgver.tar.gz; 'http://web.iti.upv.es/~sto/nginx/ngx_http_auth_pam_module-1.2.tar.gz' 'service' @@ -33,11 +30,11 @@ sha256sums=('5361ffb7b0ebf8b1a04369bc3d1295eaed091680c1c58115f88d56c8e51f3611' '5a85970ba61a99f55a26d2536a11d512b39bbd622f5737d25a9a8c10db81efa9' '05fdc0c0483410944b988d7f4beabb00bec4a44a41bd13ebc9b78585da7d3f9b' -'9523a1fdd5eb61bf62f3049f6ee088b198e36d5edcce2d9b08bbeb2930aa5a16') +'272907d3213d69dac3bd6024d6d150caa23cb67d4f121e4171f34ba5581f9e98') _base_options=( ---prefix=$_cfgdir ---conf-path=$_cfgdir/nginx.conf +'--prefix=/etc/nginx' +'--conf-path=/etc/nginx/nginx.conf' '--sbin-path=/usr/bin/nginx' '--pid-path=/run/nginx.pid' '--lock-path=/run/lock/nginx.lock' @@ -45,11 +42,11 @@ '--group=http' '--http-log-path=/var/log/nginx/access.log' '--error-log-path=/var/log/nginx/error.log' ---http-client-body-temp-path=$_tmpdir/client-body ---http-proxy-temp-path=$_tmpdir/proxy ---http-fastcgi-temp-path=$_tmpdir/fastcgi ---http-scgi-temp-path=$_tmpdir/scgi ---http-uwsgi-temp-path=$_tmpdir/uwsgi +'--http-client-body-temp-path=/var/lib/nginx/client-body' +'--http-proxy-temp-path=/var/lib/nginx/proxy' +'--http-fastcgi-temp-path=/var/lib/nginx/fastcgi' +'--http-scgi-temp-path=/var/lib/nginx/scgi' +'--http-uwsgi-temp-path=/var/lib/nginx/uwsgi' '--with-imap' '--with-imap_ssl_module' '--with-ipv6' @@ -104,8 +101,8 @@ -i $pkgdir/etc/nginx/nginx.conf rm $pkgdir/etc/nginx/*.default -install -d $pkgdir/$_tmpdir -install -dm700 $pkgdir/$_tmpdir/proxy +install -d $pkgdir/var/lib/nginx +install -dm700 $pkgdir/var/lib/nginx/proxy chmod 750 $pkgdir/var/log/nginx chown http:log $pkgdir/var/log/nginx Modified: logrotate === --- logrotate 2013-08-05 19:08:49 UTC (rev 95116) +++ logrotate 2013-08-05 20:01:16 UTC (rev 95117) @@ -4,6 +4,6 @@ sharedscripts compress postrotate - test -r /var/run/nginx.pid kill -USR1 `cat /var/run/nginx.pid` + test ! -r /var/run/nginx.pid || kill -USR1 `cat /var/run/nginx.pid` endscript }
[arch-commits] Commit in nginx/trunk (PKGBUILD logrotate nginx.install)
Date: Friday, March 22, 2013 @ 21:04:36 Author: foutrelis Revision: 86845 upgpkg: nginx 1.2.7-5 Change ownership of /var/log/nginx to http so nginx worker processes can rotate their logs; set permissions of /var/log/nginx in package() and drop post_install() to avoid pacman warning about different filesystem permissions. Modified: nginx/trunk/PKGBUILD nginx/trunk/logrotate nginx/trunk/nginx.install ---+ PKGBUILD |9 ++--- logrotate |2 +- nginx.install | 10 +++--- 3 files changed, 10 insertions(+), 11 deletions(-) Modified: PKGBUILD === --- PKGBUILD2013-03-22 19:37:29 UTC (rev 86844) +++ PKGBUILD2013-03-22 20:04:36 UTC (rev 86845) @@ -8,7 +8,7 @@ pkgname=nginx pkgver=1.2.7 -pkgrel=4 +pkgrel=5 pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server' arch=('i686' 'x86_64') depends=('pcre' 'zlib' 'openssl' 'geoip') @@ -31,7 +31,7 @@ logrotate) sha256sums=('2457a878943fb409ec4fcb46b43af222d06a584f93228e17a4f02b0e7bfc9de3' '77da8ce4d8378048606a25e09270ee187d6b226ee750b6cb4313af5549f5156a' -'a21b564eaf83b4b4ce3a436e895bd37e000677fb314b89818f89f30caca6e6d9') +'9523a1fdd5eb61bf62f3049f6ee088b198e36d5edcce2d9b08bbeb2930aa5a16') build() { cd $srcdir/$pkgname-$pkgver @@ -87,9 +87,12 @@ install -d $pkgdir/$_tmpdir install -dm700 $pkgdir/$_tmpdir/proxy + chmod 750 $pkgdir/var/log/nginx + chown http:log $pkgdir/var/log/nginx + install -d $pkgdir/usr/share/nginx mv $pkgdir/etc/nginx/html/ $pkgdir/usr/share/nginx - + install -Dm644 $srcdir/logrotate $pkgdir/etc/logrotate.d/nginx install -Dm644 $srcdir/service $pkgdir/usr/lib/systemd/system/nginx.service install -Dm644 LICENSE $pkgdir/usr/share/licenses/nginx/LICENSE Modified: logrotate === --- logrotate 2013-03-22 19:37:29 UTC (rev 86844) +++ logrotate 2013-03-22 20:04:36 UTC (rev 86845) @@ -1,6 +1,6 @@ /var/log/nginx/*log { missingok - create 640 root log + create 640 http log sharedscripts compress postrotate Modified: nginx.install === --- nginx.install 2013-03-22 19:37:29 UTC (rev 86844) +++ nginx.install 2013-03-22 20:04:36 UTC (rev 86845) @@ -1,12 +1,8 @@ -post_install() { -if [[ -e var/log/nginx ]]; then +post_upgrade() { +if [[ $(vercmp $2 1.2.7-4) -le 0 ]]; then chmod 750 var/log/nginx -chown root:log var/log/nginx +chown http:log var/log/nginx fi -} - -post_upgrade() { -[[ $(vercmp $2 1.2.7-3) -le 0 ]] post_install if [[ $(vercmp $2 1.2.1-2) -le 0 ]]; then echo Since 1.2.1-2 several changes has been made in package: echo - *.conf files have been moved to /etc/nginx
[arch-commits] Commit in nginx/trunk (PKGBUILD logrotate nginx.install)
Date: Saturday, February 23, 2013 @ 21:47:17 Author: bpiotrowski Revision: 84729 upgpkg: nginx 1.2.7-3 I definitely wanted 640 here. Modified: nginx/trunk/PKGBUILD nginx/trunk/logrotate nginx/trunk/nginx.install ---+ PKGBUILD |4 ++-- logrotate |2 +- nginx.install |4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) Modified: PKGBUILD === --- PKGBUILD2013-02-23 17:57:52 UTC (rev 84728) +++ PKGBUILD2013-02-23 20:47:17 UTC (rev 84729) @@ -8,7 +8,7 @@ pkgname=nginx pkgver=1.2.7 -pkgrel=2 +pkgrel=3 pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server' arch=('i686' 'x86_64') depends=('pcre' 'zlib' 'openssl' 'geoip') @@ -31,7 +31,7 @@ logrotate) sha256sums=('2457a878943fb409ec4fcb46b43af222d06a584f93228e17a4f02b0e7bfc9de3' '77da8ce4d8378048606a25e09270ee187d6b226ee750b6cb4313af5549f5156a' -'b0ef6c00e0e94926588242ed910b387922e513d5152fcdb651dc06e2b84e7d85') +'a21b564eaf83b4b4ce3a436e895bd37e000677fb314b89818f89f30caca6e6d9') build() { cd $srcdir/$pkgname-$pkgver Modified: logrotate === --- logrotate 2013-02-23 17:57:52 UTC (rev 84728) +++ logrotate 2013-02-23 20:47:17 UTC (rev 84729) @@ -1,6 +1,6 @@ /var/log/nginx/*log { missingok - create 750 root log + create 640 root log sharedscripts compress postrotate Modified: nginx.install === --- nginx.install 2013-02-23 17:57:52 UTC (rev 84728) +++ nginx.install 2013-02-23 20:47:17 UTC (rev 84729) @@ -1,12 +1,12 @@ post_install() { if [[ -e var/log/nginx ]]; then -chmod 750 var/log/nginx +chmod 640 var/log/nginx chown root:log var/log/nginx fi } post_upgrade() { -[[ $(vercmp $2 1.2.7-1) -le 0 ]] post_install +[[ $(vercmp $2 1.2.7-2) -le 0 ]] post_install if [[ $(vercmp $2 1.2.1-2) -le 0 ]]; then echo Since 1.2.1-2 several changes has been made in package: echo - *.conf files have been moved to /etc/nginx