|
@@ -33,10 +33,10 @@ Summary: Robust, small and high performance http and reverse proxy server
|
|
Summary(ja): 堅牢・軽量・高性能な HTTP およびリバースプロキシサーバ
|
|
Summary(ja): 堅牢・軽量・高性能な HTTP およびリバースプロキシサーバ
|
|
Name: nginx
|
|
Name: nginx
|
|
Group: servers
|
|
Group: servers
|
|
-%global nginx_version 1.24.0
|
|
|
|
|
|
+%global nginx_version 1.26.2
|
|
Version: %{nginx_version}
|
|
Version: %{nginx_version}
|
|
# do not reset or decrease.
|
|
# do not reset or decrease.
|
|
-Release: 22%{?_dist_release}%{?with_systemd:.systemd}
|
|
|
|
|
|
+Release: 23%{?_dist_release}%{?with_systemd:.systemd}
|
|
Vendor: Project Vine
|
|
Vendor: Project Vine
|
|
Distribution: Vine Linux
|
|
Distribution: Vine Linux
|
|
Packager: daisuke
|
|
Packager: daisuke
|
|
@@ -63,15 +63,17 @@ Source102: nginx-logo.png
|
|
Source103: nginx-50x.html
|
|
Source103: nginx-50x.html
|
|
Source104: nginx-404.html
|
|
Source104: nginx-404.html
|
|
|
|
|
|
-%define ngx_fancyindex_version 0.4.3
|
|
|
|
-Source1000: ngx-fancyindex-%{ngx_fancyindex_version}.tar.gz
|
|
|
|
|
|
+%define ngx_fancyindex_version 0.5.2
|
|
|
|
+Source1000: https://github.com/aperezdc/ngx-fancyindex/releases/download/v%{ngx_fancyindex_version}/ngx-fancyindex-0.5.2.tar.xz
|
|
|
|
|
|
|
|
+# https://github.com/giom/nginx_accept_language_module
|
|
%define nginx_accept_language_module_version 2f69842
|
|
%define nginx_accept_language_module_version 2f69842
|
|
Source1010: giom-nginx_accept_language_module-%{nginx_accept_language_module_version}.tar.gz
|
|
Source1010: giom-nginx_accept_language_module-%{nginx_accept_language_module_version}.tar.gz
|
|
|
|
|
|
-%define passenger_version 6.0.17
|
|
|
|
|
|
+%define passenger_version 6.0.23
|
|
Source1020: https://github.com/phusion/passenger/releases/download/release-%{passenger_version}/passenger-%{passenger_version}.tar.gz
|
|
Source1020: https://github.com/phusion/passenger/releases/download/release-%{passenger_version}/passenger-%{passenger_version}.tar.gz
|
|
|
|
|
|
|
|
+# https://github.com/gnosek/nginx-upstream-fair
|
|
%define upstream_fair_version a18b409
|
|
%define upstream_fair_version a18b409
|
|
Source1030: gnosek-nginx-upstream-fair-%{upstream_fair_version}.tar.gz
|
|
Source1030: gnosek-nginx-upstream-fair-%{upstream_fair_version}.tar.gz
|
|
|
|
|
|
@@ -98,13 +100,15 @@ Source2030: https://github.com/leev/ngx_http_geoip2_module/archive/%{geoip2_
|
|
%if %{with modsecurity}
|
|
%if %{with modsecurity}
|
|
%global with_modsecurity 1
|
|
%global with_modsecurity 1
|
|
%global modsecurity_version 1.0.3
|
|
%global modsecurity_version 1.0.3
|
|
-Source2040: https://github.com/SpiderLabs/ModSecurity-nginx/releases/download/v%{modsecurity_version}/modsecurity-nginx-v%{modsecurity_version}.tar.gz
|
|
|
|
|
|
+%global modsecurity_hash ef64996aedd4bb5fa1831631361244813d48b82f
|
|
|
|
+#Source2040: https://github.com/SpiderLabs/ModSecurity-nginx/releases/download/v%{modsecurity_version}/modsecurity-nginx-v%{modsecurity_version}.tar.gz
|
|
|
|
+Source2040: https://github.com/SpiderLabs/ModSecurity-nginx/archive/%{modsecurity_hash}.tar.gz
|
|
%endif
|
|
%endif
|
|
|
|
|
|
%if %{with brotli}
|
|
%if %{with brotli}
|
|
%global with_brotli 1
|
|
%global with_brotli 1
|
|
%global brotli_version 1.0.0~rc
|
|
%global brotli_version 1.0.0~rc
|
|
-%global brotli_commit 6e975bcb015f62e1f303054897783355e2a877dc
|
|
|
|
|
|
+%global brotli_commit a71f9312c2deb28875acc7bacfdd5695a111aa53
|
|
Source2050: https://github.com/google/ngx_brotli/archive/%{brotli_commit}.tar.gz#/ngx_brotli-%{brotli_commit}.tar.gz
|
|
Source2050: https://github.com/google/ngx_brotli/archive/%{brotli_commit}.tar.gz#/ngx_brotli-%{brotli_commit}.tar.gz
|
|
%endif
|
|
%endif
|
|
|
|
|
|
@@ -119,8 +123,6 @@ Patch1: 0002-fix-PIDFile-handling.patch
|
|
# to fix https://github.com/gnosek/nginx-upstream-fair/pull/23
|
|
# to fix https://github.com/gnosek/nginx-upstream-fair/pull/23
|
|
Patch101: gnosek-nginx-upstream-fair-pull-23.patch
|
|
Patch101: gnosek-nginx-upstream-fair-pull-23.patch
|
|
|
|
|
|
-Patch10000: CVE-2023-44487.patch
|
|
|
|
-
|
|
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
|
|
|
|
|
BuildRequires: libboost-devel
|
|
BuildRequires: libboost-devel
|
|
@@ -365,8 +367,6 @@ ngx_brotli is a set of two nginx modules:
|
|
%prep
|
|
%prep
|
|
%setup -q -a 1000 -a 1010 -a 1020 -a 1030 %{?with_wsgi:-a 2000} -a 2010 %{?with_naxsi:-a 2020} %{?with_geoip2:-a 2030} %{?with_modsecurity:-a 2040} %{?with_brotli:-a 2050}
|
|
%setup -q -a 1000 -a 1010 -a 1020 -a 1030 %{?with_wsgi:-a 2000} -a 2010 %{?with_naxsi:-a 2020} %{?with_geoip2:-a 2030} %{?with_modsecurity:-a 2040} %{?with_brotli:-a 2050}
|
|
|
|
|
|
-%patch10000 -p1
|
|
|
|
-
|
|
|
|
%patch0 -p1
|
|
%patch0 -p1
|
|
%patch1 -p1
|
|
%patch1 -p1
|
|
|
|
|
|
@@ -383,11 +383,16 @@ pushd passenger-%{passenger_version}
|
|
popd
|
|
popd
|
|
|
|
|
|
%if %{with modsecurity}
|
|
%if %{with modsecurity}
|
|
-pushd modsecurity-nginx-v%{modsecurity_version}
|
|
|
|
|
|
+rm -rf modsecurity-doc
|
|
|
|
+mkdir -p modsecurity-doc
|
|
|
|
+pushd ModSecurity-nginx-%{modsecurity_hash}
|
|
|
|
+cp LICENSE README.md ../modsecurity-doc/
|
|
|
|
+popd
|
|
%endif
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%build
|
|
%build
|
|
|
|
+%set_build_flags
|
|
# nginx does not utilize a standard configure script. It has its own
|
|
# nginx does not utilize a standard configure script. It has its own
|
|
# and the standard configure options cause the nginx configure script
|
|
# and the standard configure options cause the nginx configure script
|
|
# to error out. This is is also the reason for the DESTDIR environment
|
|
# to error out. This is is also the reason for the DESTDIR environment
|
|
@@ -450,7 +455,7 @@ CONFIGOPTS="\
|
|
--add-dynamic-module=ngx_http_geoip2_module-%{geoip2_version} \
|
|
--add-dynamic-module=ngx_http_geoip2_module-%{geoip2_version} \
|
|
%endif
|
|
%endif
|
|
%if %{with modsecurity}
|
|
%if %{with modsecurity}
|
|
- --add-dynamic-module=modsecurity-nginx-v%{modsecurity_version} \
|
|
|
|
|
|
+ --add-dynamic-module=ModSecurity-nginx-%{modsecurity_hash} \
|
|
%endif
|
|
%endif
|
|
%if %{with brotli}
|
|
%if %{with brotli}
|
|
--with-compat \
|
|
--with-compat \
|
|
@@ -469,12 +474,12 @@ CONFIGOPTS="\
|
|
$CONFIGOPTS \
|
|
$CONFIGOPTS \
|
|
--with-cc-opt="%{optflags}"
|
|
--with-cc-opt="%{optflags}"
|
|
|
|
|
|
-make %{?_smp_mflags}
|
|
|
|
|
|
+%make_build
|
|
|
|
|
|
|
|
|
|
%install
|
|
%install
|
|
rm -rf %{buildroot}
|
|
rm -rf %{buildroot}
|
|
-make install DESTDIR=%{buildroot} INSTALLDIRS=vendor
|
|
|
|
|
|
+%make_install INSTALLDIRS=vendor
|
|
find %{buildroot} -type f -name .packlist -exec rm -f {} \;
|
|
find %{buildroot} -type f -name .packlist -exec rm -f {} \;
|
|
find %{buildroot} -type f -name perllocal.pod -exec rm -f {} \;
|
|
find %{buildroot} -type f -name perllocal.pod -exec rm -f {} \;
|
|
find %{buildroot} -type f -empty -exec rm -f {} \;
|
|
find %{buildroot} -type f -empty -exec rm -f {} \;
|
|
@@ -835,8 +840,8 @@ fi
|
|
%if %{with modsecurity}
|
|
%if %{with modsecurity}
|
|
%files modsecurity
|
|
%files modsecurity
|
|
%defattr(-,root,root,-)
|
|
%defattr(-,root,root,-)
|
|
-%license modsecurity-nginx-v%{modsecurity_version}/LICENSE
|
|
|
|
-%doc modsecurity-nginx-v%{modsecurity_version}/README.md
|
|
|
|
|
|
+%license modsecurity-doc/LICENSE
|
|
|
|
+%doc modsecurity-doc/README.md
|
|
%{nginx_modulesdir}/ngx_http_modsecurity_module.so
|
|
%{nginx_modulesdir}/ngx_http_modsecurity_module.so
|
|
%config(noreplace) %{nginx_modconfdir}/modsecurity.conf
|
|
%config(noreplace) %{nginx_modconfdir}/modsecurity.conf
|
|
%endif
|
|
%endif
|
|
@@ -850,6 +855,9 @@ fi
|
|
|
|
|
|
|
|
|
|
%changelog
|
|
%changelog
|
|
|
|
+* Fri Aug 16 2024 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.26.2-23
|
|
|
|
+- updated to 1.26.2.
|
|
|
|
+
|
|
* Mon Oct 16 2023 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.24.0-22
|
|
* Mon Oct 16 2023 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.24.0-22
|
|
- added Patch10000 to fix CVE-2023-44487.
|
|
- added Patch10000 to fix CVE-2023-44487.
|
|
|
|
|