%global  _hardened_build     1

%global  nginx_user          nginx

# Disable strict symbol checks in the link editor.

# See: https://src.fedoraproject.org/rpms/redhat-rpm-config/c/078af19

%undefine _strict_symbol_defs_build

%global with_gperftools 0

%bcond_with geoip

%global with_aio 1

%if 0%{?fedora} > 22

%global with_mailcap_mimetypes 1

%endif

Name:              nginx

Epoch:             1

Version:           1.18.0

Release:           3%{?dist}

Summary:           A high performance web server and reverse proxy server

Group:             System Environment/Daemons

# BSD License (two clause)

# http://www.freebsd.org/copyright/freebsd-license.html

License:           BSD

URL:               http://nginx.org/

Source0:           https://nginx.org/download/nginx-%{version}.tar.gz

Source10:          nginx.service

Source11:          nginx.logrotate

Source12:          nginx.conf

Source13:          nginx-upgrade

Source14:          nginx-upgrade.8

Source102:         nginx-logo.png

Source103:         404.html

Source104:         50x.html

Source200:         README.dynamic

Source210:         UPGRADE-NOTES-1.6-to-1.10

# removes -Werror in upstream build scripts.  -Werror conflicts with

# -D_FORTIFY_SOURCE=2 causing warnings to turn into errors.

Patch0:            nginx-auto-cc-gcc.patch

# downstream patch - changing logs permissions to 664 instead

# previous 644

Patch1:            nginx-1.14.0-logs-perm.patch

# PKCS#11 engine fix

Patch2:            nginx-1.16.0-pkcs11.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1655530

Patch3:            nginx-1.14.1-perl-module-hardening.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1643647

Patch4:            nginx-1.16.0-enable-tls1v3-by-default.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1668717

Patch5:            nginx-1.18.0-pkcs11-cert.patch

%if 0%{?with_gperftools}

BuildRequires:     gperftools-devel

%endif

BuildRequires:     openssl-devel

BuildRequires:     pcre-devel

BuildRequires:     zlib-devel

Requires:          nginx-filesystem = %{epoch}:%{version}-%{release}

Requires:          system-logos-httpd >= 82.0

%if 0%{?rhel} > 0 && 0%{?rhel} < 8

# Introduced at 1:1.10.0-1 to ease upgrade path. To be removed later.

Requires:          nginx-all-modules = %{epoch}:%{version}-%{release}

%endif

Requires:          openssl

Requires:          pcre

Requires(pre):     nginx-filesystem

%if 0%{?with_mailcap_mimetypes}

Requires:          nginx-mimetypes

%endif

Provides:          webserver

BuildRequires:     systemd

Requires(post):    systemd

Requires(preun):   systemd

Requires(postun):  systemd

%description

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and

IMAP protocols, with a strong focus on high concurrency, performance and low

memory usage.

%package all-modules

Group:             System Environment/Daemons

Summary:           A meta package that installs all available Nginx modules

BuildArch:         noarch

%if %{with geoip}

Requires:          nginx-mod-http-geoip = %{epoch}:%{version}-%{release}

%endif

Requires:          nginx-mod-http-image-filter = %{epoch}:%{version}-%{release}

Requires:          nginx-mod-http-perl = %{epoch}:%{version}-%{release}

Requires:          nginx-mod-http-xslt-filter = %{epoch}:%{version}-%{release}

Requires:          nginx-mod-mail = %{epoch}:%{version}-%{release}

Requires:          nginx-mod-stream = %{epoch}:%{version}-%{release}

%description all-modules

A meta package that installs all available Nginx modules.

%package filesystem

Group:             System Environment/Daemons

Summary:           The basic directory layout for the Nginx server

BuildArch:         noarch

Requires(pre):     shadow-utils

%description filesystem

The nginx-filesystem package contains the basic directory layout

for the Nginx server including the correct permissions for the

directories.

%if %{with geoip}

%package mod-http-geoip

Group:             System Environment/Daemons

Summary:           Nginx HTTP geoip module

BuildRequires:     GeoIP-devel

Requires:          nginx

Requires:          GeoIP

%description mod-http-geoip

%{summary}.

%endif

%package mod-http-image-filter

Group:             System Environment/Daemons

Summary:           Nginx HTTP image filter module

BuildRequires:     gd-devel

Requires:          nginx

Requires:          gd

%description mod-http-image-filter

%{summary}.

%package mod-http-perl

Group:             System Environment/Daemons

Summary:           Nginx HTTP perl module

BuildRequires:     perl-devel

%if 0%{?fedora} >= 24

BuildRequires:     perl-generators

%endif

BuildRequires:     perl(ExtUtils::Embed)

Requires:          nginx

Requires:          perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))

Requires:          perl(constant)

%description mod-http-perl

%{summary}.

%package mod-http-xslt-filter

Group:             System Environment/Daemons

Summary:           Nginx XSLT module

BuildRequires:     libxslt-devel

Requires:          nginx

%description mod-http-xslt-filter

%{summary}.

%package mod-mail

Group:             System Environment/Daemons

Summary:           Nginx mail modules

Requires:          nginx

%description mod-mail

%{summary}.

%package mod-stream

Group:             System Environment/Daemons

Summary:           Nginx stream modules

Requires:          nginx

%description mod-stream

%{summary}.

%prep

%setup -q

%patch0 -p0

%patch1 -p1

%patch2 -p1

%patch3 -p1

%patch4 -p1

%patch5 -p1

cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} .

%if 0%{?rhel} > 0 && 0%{?rhel} < 8

sed -i -e 's#KillMode=.*#KillMode=process#g' nginx.service

sed -i -e 's#PROFILE=SYSTEM#HIGH:!aNULL:!MD5#' nginx.conf

%endif

%build

# nginx does not utilize a standard configure script.  It has its own

# and the standard configure options cause the nginx configure script

# to error out.  This is is also the reason for the DESTDIR environment

# variable.

export DESTDIR=%{buildroot}

./configure \

    --prefix=%{_datadir}/nginx \

    --sbin-path=%{_sbindir}/nginx \

    --modules-path=%{_libdir}/nginx/modules \

    --conf-path=%{_sysconfdir}/nginx/nginx.conf \

    --error-log-path=%{_localstatedir}/log/nginx/error.log \

    --http-log-path=%{_localstatedir}/log/nginx/access.log \

    --http-client-body-temp-path=%{_localstatedir}/lib/nginx/tmp/client_body \

    --http-proxy-temp-path=%{_localstatedir}/lib/nginx/tmp/proxy \

    --http-fastcgi-temp-path=%{_localstatedir}/lib/nginx/tmp/fastcgi \

    --http-uwsgi-temp-path=%{_localstatedir}/lib/nginx/tmp/uwsgi \

    --http-scgi-temp-path=%{_localstatedir}/lib/nginx/tmp/scgi \

    --pid-path=/run/nginx.pid \

    --lock-path=/run/lock/subsys/nginx \

    --user=%{nginx_user} \

    --group=%{nginx_user} \

%if 0%{?with_aio}

    --with-file-aio \

%endif

    --with-ipv6 \

    --with-http_ssl_module \

    --with-http_v2_module \

    --with-http_realip_module \

    --with-stream_ssl_preread_module \

    --with-http_addition_module \

    --with-http_xslt_module=dynamic \

    --with-http_image_filter_module=dynamic \

%if %{with geoip}

    --with-http_geoip_module=dynamic \

%endif

    --with-http_sub_module \

    --with-http_dav_module \

    --with-http_flv_module \

    --with-http_mp4_module \

    --with-http_gunzip_module \

    --with-http_gzip_static_module \

    --with-http_random_index_module \

    --with-http_secure_link_module \

    --with-http_degradation_module \

    --with-http_slice_module \

    --with-http_stub_status_module \

    --with-http_perl_module=dynamic \

    --with-http_auth_request_module \

    --with-mail=dynamic \

    --with-mail_ssl_module \

    --with-pcre \

    --with-pcre-jit \

    --with-stream=dynamic \

    --with-stream_ssl_module \

%if 0%{?with_gperftools}

    --with-google_perftools_module \

%endif

    --with-debug \

    --with-cc-opt="%{optflags} $(pcre-config --cflags)" \

    --with-ld-opt="$RPM_LD_FLAGS -Wl,-E" # so the perl module finds its symbols

make %{?_smp_mflags}

%install

make install DESTDIR=%{buildroot} INSTALLDIRS=vendor

find %{buildroot} -type f -name .packlist -exec rm -f '{}' \;

find %{buildroot} -type f -name perllocal.pod -exec rm -f '{}' \;

find %{buildroot} -type f -empty -exec rm -f '{}' \;

find %{buildroot} -type f -iname '*.so' -exec chmod 0755 '{}' \;

install -p -D -m 0644 ./nginx.service \

    %{buildroot}%{_unitdir}/nginx.service

install -p -D -m 0644 %{SOURCE11} \

    %{buildroot}%{_sysconfdir}/logrotate.d/nginx

install -p -d -m 0755 %{buildroot}%{_sysconfdir}/systemd/system/nginx.service.d

install -p -d -m 0755 %{buildroot}%{_unitdir}/nginx.service.d

install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/conf.d

install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/default.d

install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx

install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx/tmp

install -p -d -m 0700 %{buildroot}%{_localstatedir}/log/nginx

install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/html

install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/modules

install -p -d -m 0755 %{buildroot}%{_libdir}/nginx/modules

install -p -m 0644 ./nginx.conf \

    %{buildroot}%{_sysconfdir}/nginx

rm -f %{buildroot}%{_datadir}/nginx/html/index.html

ln -s ../../testpage/index.html \

    %{buildroot}%{_datadir}/nginx/html/index.html

install -p -m 0644 %{SOURCE102} \

    %{buildroot}%{_datadir}/nginx/html

ln -s nginx-logo.png %{buildroot}%{_datadir}/nginx/html/poweredby.png

mkdir -p %{buildroot}%{_datadir}/nginx/html/icons

# Symlink for the powered-by-$DISTRO image:

ln -s ../../../pixmaps/poweredby.png \

    %{buildroot}%{_datadir}/nginx/html/icons/poweredby.png

install -p -m 0644 %{SOURCE103} %{SOURCE104} \

    %{buildroot}%{_datadir}/nginx/html

%if 0%{?with_mailcap_mimetypes}

rm -f %{buildroot}%{_sysconfdir}/nginx/mime.types

%endif

install -p -D -m 0644 %{_builddir}/nginx-%{version}/objs/nginx.8 \

    %{buildroot}%{_mandir}/man8/nginx.8

install -p -D -m 0755 %{SOURCE13} %{buildroot}%{_bindir}/nginx-upgrade

install -p -D -m 0644 %{SOURCE14} %{buildroot}%{_mandir}/man8/nginx-upgrade.8

for i in ftdetect indent syntax; do

    install -p -D -m644 contrib/vim/${i}/nginx.vim \

        %{buildroot}%{_datadir}/vim/vimfiles/${i}/nginx.vim

done

%if %{with geoip}

echo 'load_module "%{_libdir}/nginx/modules/ngx_http_geoip_module.so";' \

    > %{buildroot}%{_datadir}/nginx/modules/mod-http-geoip.conf

%endif

echo 'load_module "%{_libdir}/nginx/modules/ngx_http_image_filter_module.so";' \

    > %{buildroot}%{_datadir}/nginx/modules/mod-http-image-filter.conf

echo 'load_module "%{_libdir}/nginx/modules/ngx_http_perl_module.so";' \

    > %{buildroot}%{_datadir}/nginx/modules/mod-http-perl.conf

echo 'load_module "%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so";' \

    > %{buildroot}%{_datadir}/nginx/modules/mod-http-xslt-filter.conf

echo 'load_module "%{_libdir}/nginx/modules/ngx_mail_module.so";' \

    > %{buildroot}%{_datadir}/nginx/modules/mod-mail.conf

echo 'load_module "%{_libdir}/nginx/modules/ngx_stream_module.so";' \

    > %{buildroot}%{_datadir}/nginx/modules/mod-stream.conf

%pre filesystem

getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user}

getent passwd %{nginx_user} > /dev/null || \

    useradd -r -d %{_localstatedir}/lib/nginx -g %{nginx_user} \

    -s /sbin/nologin -c "Nginx web server" %{nginx_user}

exit 0

%post

%systemd_post nginx.service

%if %{with geoip}

%post mod-http-geoip

if [ $1 -eq 1 ]; then

    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :

fi

%endif

%post mod-http-image-filter

if [ $1 -eq 1 ]; then

    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :

fi

%post mod-http-perl

if [ $1 -eq 1 ]; then

    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :

fi

%post mod-http-xslt-filter

if [ $1 -eq 1 ]; then

    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :

fi

%post mod-mail

if [ $1 -eq 1 ]; then

    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :

fi

%post mod-stream

if [ $1 -eq 1 ]; then

    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :

fi

%preun

%systemd_preun nginx.service

%postun

%systemd_postun nginx.service

if [ $1 -ge 1 ]; then

    /usr/bin/nginx-upgrade >/dev/null 2>&1 || :

fi

%files

%license LICENSE

%doc CHANGES README README.dynamic

%if 0%{?rhel} == 7

%doc UPGRADE-NOTES-1.6-to-1.10

%endif

%{_datadir}/nginx/html/*

%{_bindir}/nginx-upgrade

%{_sbindir}/nginx

%{_datadir}/vim/vimfiles/ftdetect/nginx.vim

%{_datadir}/vim/vimfiles/syntax/nginx.vim

%{_datadir}/vim/vimfiles/indent/nginx.vim

%{_mandir}/man3/nginx.3pm*

%{_mandir}/man8/nginx.8*

%{_mandir}/man8/nginx-upgrade.8*

%{_unitdir}/nginx.service

%config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf

%config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf.default

%config(noreplace) %{_sysconfdir}/nginx/fastcgi_params

%config(noreplace) %{_sysconfdir}/nginx/fastcgi_params.default

%config(noreplace) %{_sysconfdir}/nginx/koi-utf

%config(noreplace) %{_sysconfdir}/nginx/koi-win

%if ! 0%{?with_mailcap_mimetypes}

%config(noreplace) %{_sysconfdir}/nginx/mime.types

%endif

%config(noreplace) %{_sysconfdir}/nginx/mime.types.default

%config(noreplace) %{_sysconfdir}/nginx/nginx.conf

%config(noreplace) %{_sysconfdir}/nginx/nginx.conf.default

%config(noreplace) %{_sysconfdir}/nginx/scgi_params

%config(noreplace) %{_sysconfdir}/nginx/scgi_params.default

%config(noreplace) %{_sysconfdir}/nginx/uwsgi_params

%config(noreplace) %{_sysconfdir}/nginx/uwsgi_params.default

%config(noreplace) %{_sysconfdir}/nginx/win-utf

%config(noreplace) %{_sysconfdir}/logrotate.d/nginx

%attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx

%attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx/tmp

%attr(770,%{nginx_user},root) %dir %{_localstatedir}/log/nginx

%dir %{_libdir}/nginx/modules

%files all-modules

%files filesystem

%dir %{_datadir}/nginx

%dir %{_datadir}/nginx/html

%dir %{_sysconfdir}/nginx

%dir %{_sysconfdir}/nginx/conf.d

%dir %{_sysconfdir}/nginx/default.d

%dir %{_sysconfdir}/systemd/system/nginx.service.d

%dir %{_unitdir}/nginx.service.d

%if %{with geoip}

%files mod-http-geoip

%{_datadir}/nginx/modules/mod-http-geoip.conf

%{_libdir}/nginx/modules/ngx_http_geoip_module.so

%endif

%files mod-http-image-filter

%{_datadir}/nginx/modules/mod-http-image-filter.conf

%{_libdir}/nginx/modules/ngx_http_image_filter_module.so

%files mod-http-perl

%{_datadir}/nginx/modules/mod-http-perl.conf

%{_libdir}/nginx/modules/ngx_http_perl_module.so

%dir %{perl_vendorarch}/auto/nginx

%{perl_vendorarch}/nginx.pm

%{perl_vendorarch}/auto/nginx/nginx.so

%files mod-http-xslt-filter

%{_datadir}/nginx/modules/mod-http-xslt-filter.conf

%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so

%files mod-mail

%{_datadir}/nginx/modules/mod-mail.conf

%{_libdir}/nginx/modules/ngx_mail_module.so

%files mod-stream

%{_datadir}/nginx/modules/mod-stream.conf

%{_libdir}/nginx/modules/ngx_stream_module.so

%changelog

* Thu Nov 12 2020 Lubos Uhliarik <luhliari@redhat.com> - 1:1.18.0-3

- Resolves: #1651377 - centralizing default index.html on nginx

- Resolves: #1825683 - Outdated Red Hat branding used in nginx default pages

* Wed Apr 22 2020 Lubos Uhliarik <luhliari@redhat.com> - 1:1.18.0-2

- new version 1.18.0

- Resolves: #1668717 - [RFE] Support loading certificates from hardware token

  (PKCS#11)

- Increased types_hash_max_size to 4096 in default config

- Drop location / from default config (rhbz#1564768)

- Drop default_sever from default config (rhbz#1373822)

* Thu Aug 29 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.1-1

- update to 1.16.1

- Resolves: #1745697 - CVE-2019-9511 nginx:1.16/nginx: HTTP/2: large amount

  of data request leads to denial of service

- Resolves: #1745690 - CVE-2019-9513 nginx:1.16/nginx: HTTP/2: flood using

  PRIORITY frames resulting in excessive resource consumption

- Resolves: #1745645 - CVE-2019-9516 nginx:1.16/nginx: HTTP/2: 0-length

  headers leads to denial of service

* Wed Jun 26 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.0-2

- Resolves: #1718929 - ssl_protocols config option has faulty behavior

  in nginx:1.16

* Mon May 06 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.0-1

- new version 1.16.0

- enable ngx_stream_ssl_preread module

- main package does NOT require all-modules package

* Wed Dec 12 2018 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.1-8

- enable TLS 1.3 by default (#1643647)

- TLSv1.0 and TLSv1.1 can be enabled now (#1644746)

* Tue Dec 11 2018 Joe Orton <jorton@redhat.com> - 1:1.14.1-3

- fix unexpanded paths in nginx(8) (#1643069)

* Mon Dec 03 2018 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.1-2

- Resolves: #1655530 - Hardening tests fail for nginx

* Mon Nov 19 2018 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.1-1

- new version 1.14.1

- Resolves: #1647257 - CVE-2018-16845 nginx: Denial of service and

  memory disclosure via mp4 module

- Resolves: #1647262 - CVE-2018-16844 nginx: Excessive CPU usage

  via flaw in HTTP/2 implementation

- Resolves: #1647263 - CVE-2018-16843 nginx: Excessive memory consumption

  via flaw in HTTP/2 implementation

* Wed Aug  8 2018 Joe Orton <jorton@redhat.com> - 1:1.14.0-3

- fix PKCS#11 support (Anderson Sasaki, #1545526)

* Mon Aug 06 2018 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.0-2

- add dependency on perl(constant)

* Mon Jul 30 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.14.0-1

- Resolves: #1558420 - directory permissions are now correct after processing

  USR1 signal

- Resolves: #1601414 - nginx: drop GeoIP support

* Thu Jul 19 2018 Joe Orton <jorton@redhat.com> - 1:1.12.1-12

- add build conditional for geoip support

* Thu May 03 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.14.0-1

- new version 1.14.0

* Wed Apr 25 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.1-9

- changed directory permissions (#1558420)

* Fri Mar 23 2018 Joe Orton <jorton@redhat.com> - 1:1.12.1-8

- disable gperftools (#1496868)

* Thu Mar 22 2018 Joe Orton <jorton@redhat.com> - 1:1.12.1-7

- update branding (#1512565)

* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.1-6

- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Wed Jan 24 2018 Björn Esser <besser82@fedoraproject.org> - 1:1.12.1-5

- Add patch to apply glibc bugfix if really needed only

- Disable strict symbol checks in the link editor

* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 1:1.12.1-4

- Rebuilt for switch to libxcrypt

* Tue Oct 24 2017 Joe Orton <jorton@redhat.com> - 1:1.12.1-3

- rebuild

* Tue Sep 19 2017 Remi Collet <remi@fedoraproject.org> - 1:1.12.1-2

- own system drop-in directories #1493036

* Tue Aug 15 2017 Joe Orton <jorton@redhat.com> - 1:1.12.1-1

- update to 1.12.1 (#1469924)

- enable http_auth_request_module (Tim Niemueller, #1471106)

* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.0-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.0-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

* Sun Jun 04 2017 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.12.0-2

- Perl 5.26 rebuild

* Tue May 30 2017 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.0-1

- new version 1.12.0

* Wed Feb  8 2017 Joe Orton <jorton@redhat.com> - 1:1.10.3-1

- update to upstream release 1.10.3

* Mon Oct 31 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.2-1

- update to upstream release 1.10.2

* Tue May 31 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.1-1

- update to upstream release 1.10.1

* Sun May 15 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.10.0-4

- Perl 5.24 rebuild

* Sun May  8 2016 Peter Robinson <pbrobinson@fedoraproject.org> 1:1.10.0-3

- Enable AIO on aarch64 (rhbz 1258414)

* Wed Apr 27 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.0-2

- only Require nginx-all-modules for EPEL and current Fedora releases

* Wed Apr 27 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.0-1

- update to upstream release 1.10.0

- split dynamic modules into subpackages

- spec file cleanup

* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.8.1-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

* Tue Jan 26 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.1-1

- update to upstream release 1.8.1

- CVE-2016-0747: Insufficient limits of CNAME resolution in resolver

- CVE-2016-0746: Use-after-free during CNAME response processing in resolver

- CVE-2016-0742: Invalid pointer dereference in resolver

* Sun Oct 04 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-14

- consistently use '%%global with_foo' style of logic

- remove PID file before starting nginx (#1268621)

* Fri Sep 25 2015 Ville Skyttä <ville.skytta@iki.fi> - 1:1.8.0-13

- Use nginx-mimetypes from mailcap (#1248736)

- Mark LICENSE as %%license

* Thu Sep 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-12

- also build with gperftools on aarch64 (#1258412)

* Wed Aug 12 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 1:1.8.0-11

- nginx.conf: added commented-out SSL configuration directives (#1179232)

* Fri Jul 03 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-10

- switch back to /bin/kill in logrotate script due to SELinux denials

* Tue Jun 16 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-9

- fix path to png in error pages (#1232277)

- optimize png images with optipng

* Sun Jun 14 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-8

- replace /bin/kill with /usr/bin/systemctl kill in logrotate script (#1231543)

- remove After=syslog.target in nginx.service (#1231543)

- replace ExecStop with KillSignal=SIGQUIT in nginx.service (#1231543)

* Wed Jun 03 2015 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.8.0-7

- Perl 5.22 rebuild

* Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-6

- revert previous change

* Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-5

- move default server to default.conf (#1220094)

* Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-4

- add TimeoutStopSec=5 and KillMode=mixed to nginx.service

- set worker_processes to auto

- add some common options to the http block in nginx.conf

- run nginx-upgrade on package update

- remove some redundant scriptlet commands

- listen on ipv6 for default server (#1217081)

* Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-3

- improve nginx-upgrade script

* Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-2

- add --with-pcre-jit

* Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-1

- update to upstream release 1.8.0

* Thu Apr 09 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.7.12-1

- update to upstream release 1.7.12

* Sun Feb 15 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.7.10-1

- update to upstream release 1.7.10

- remove systemd conditionals

* Wed Oct 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-4

- fix package ownership of directories

* Wed Oct 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-3

- add vim files (#1142849)

* Mon Sep 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-2

- create nginx-filesystem subpackage (patch from Remi Collet)

- create /etc/nginx/default.d as a drop-in directory for configuration files

  for the default server block

- clean up nginx.conf

* Wed Sep 17 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-1

- update to upstream release 1.6.2

- CVE-2014-3616 nginx: virtual host confusion (#1142573)

* Wed Aug 27 2014 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.6.1-4

- Perl 5.20 rebuild

* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.6.1-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

* Tue Aug 05 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.1-2

- add logic for EPEL 7

* Tue Aug 05 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.1-1

- update to upstream release 1.6.1

- (#1126891) CVE-2014-3556: SMTP STARTTLS plaintext injection flaw

* Wed Jul 02 2014 Yaakov Selkowitz <yselkowi@redhat.com> - 1:1.6.0-3

- Fix FTBFS on aarch64 (#1115559)

* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.6.0-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Sat Apr 26 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.0-1

- update to upstream release 1.6.0

* Tue Mar 18 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.7-1

- update to upstream release 1.4.7

* Wed Mar 05 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.6-1

- update to upstream release 1.4.6

* Sun Feb 16 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.5-2