diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..4dfd66f
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+SOURCES/nginx-1.18.0.tar.gz
+SOURCES/poweredby.png
diff --git a/.nginx.metadata b/.nginx.metadata
new file mode 100644
index 0000000..e483707
--- /dev/null
+++ b/.nginx.metadata
@@ -0,0 +1,2 @@
+47b2c5ccd12e2a7088b03d629ff6b9ab18215180 SOURCES/nginx-1.18.0.tar.gz
+2ec82988cd0d9b1304c95a16b28eff70f0f69abc SOURCES/poweredby.png
diff --git a/SOURCES/404.html b/SOURCES/404.html
new file mode 100644
index 0000000..c6014a7
--- /dev/null
+++ b/SOURCES/404.html
@@ -0,0 +1,120 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+ <head>
+ <title>The page is not found</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <style type="text/css">
+ /*<![CDATA[*/
+ body {
+ background-color: #fff;
+ color: #000;
+ font-size: 0.9em;
+ font-family: sans-serif,helvetica;
+ margin: 0;
+ padding: 0;
+ }
+ :link {
+ color: #c00;
+ }
+ :visited {
+ color: #c00;
+ }
+ a:hover {
+ color: #f50;
+ }
+ h1 {
+ text-align: center;
+ margin: 0;
+ padding: 0.6em 2em 0.4em;
+ background-color: #900;
+ color: #fff;
+ font-weight: normal;
+ font-size: 1.75em;
+ border-bottom: 2px solid #000;
+ }
+ h1 strong {
+ font-weight: bold;
+ font-size: 1.5em;
+ }
+ h2 {
+ text-align: center;
+ background-color: #900;
+ font-size: 1.1em;
+ font-weight: bold;
+ color: #fff;
+ margin: 0;
+ padding: 0.5em;
+ border-bottom: 2px solid #000;
+ }
+ h3 {
+ text-align: center;
+ background-color: #ff0000;
+ padding: 0.5em;
+ color: #fff;
+ }
+ hr {
+ display: none;
+ }
+ .content {
+ padding: 1em 5em;
+ }
+ .alert {
+ border: 2px solid #000;
+ }
+
+ img {
+ border: 2px solid #fff;
+ padding: 2px;
+ margin: 2px;
+ }
+ a:hover img {
+ border: 2px solid #294172;
+ }
+ .logos {
+ margin: 1em;
+ text-align: center;
+ }
+ /*]]>*/
+ </style>
+ </head>
+
+ <body>
+ <h1><strong>nginx error!</strong></h1>
+
+ <div class="content">
+
+ <h3>The page you are looking for is not found.</h3>
+
+ <div class="alert">
+ <h2>Website Administrator</h2>
+ <div class="content">
+ <p>Something has triggered missing webpage on your
+ website. This is the default 404 error page for
+ <strong>nginx</strong> that is distributed with
+ Red Hat Enterprise Linux. It is located
+ <tt>/usr/share/nginx/html/404.html</tt></p>
+
+ <p>You should customize this error page for your own
+ site or edit the <tt>error_page</tt> directive in
+ the <strong>nginx</strong> configuration file
+ <tt>/etc/nginx/nginx.conf</tt>.</p>
+
+ <p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
+
+ </div>
+ </div>
+
+ <div class="logos">
+ <a href="http://nginx.net/"><img
+ src="nginx-logo.png"
+ alt="[ Powered by nginx ]"
+ width="121" height="32" /></a>
+ <a href="http://www.redhat.com/"><img
+ src="poweredby.png"
+ alt="[ Powered by Red Hat Enterprise Linux ]"
+ width="88" height="31" /></a>
+ </div>
+ </div>
+ </body>
+</html>
diff --git a/SOURCES/50x.html b/SOURCES/50x.html
new file mode 100644
index 0000000..5d8d957
--- /dev/null
+++ b/SOURCES/50x.html
@@ -0,0 +1,120 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+ <head>
+ <title>The page is temporarily unavailable</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <style type="text/css">
+ /*<![CDATA[*/
+ body {
+ background-color: #fff;
+ color: #000;
+ font-size: 0.9em;
+ font-family: sans-serif,helvetica;
+ margin: 0;
+ padding: 0;
+ }
+ :link {
+ color: #c00;
+ }
+ :visited {
+ color: #c00;
+ }
+ a:hover {
+ color: #f50;
+ }
+ h1 {
+ text-align: center;
+ margin: 0;
+ padding: 0.6em 2em 0.4em;
+ background-color: #900;
+ color: #fff;
+ font-weight: normal;
+ font-size: 1.75em;
+ border-bottom: 2px solid #000;
+ }
+ h1 strong {
+ font-weight: bold;
+ font-size: 1.5em;
+ }
+ h2 {
+ text-align: center;
+ background-color: #900;
+ font-size: 1.1em;
+ font-weight: bold;
+ color: #fff;
+ margin: 0;
+ padding: 0.5em;
+ border-bottom: 2px solid #000;
+ }
+ h3 {
+ text-align: center;
+ background-color: #ff0000;
+ padding: 0.5em;
+ color: #fff;
+ }
+ hr {
+ display: none;
+ }
+ .content {
+ padding: 1em 5em;
+ }
+ .alert {
+ border: 2px solid #000;
+ }
+
+ img {
+ border: 2px solid #fff;
+ padding: 2px;
+ margin: 2px;
+ }
+ a:hover img {
+ border: 2px solid #294172;
+ }
+ .logos {
+ margin: 1em;
+ text-align: center;
+ }
+ /*]]>*/
+ </style>
+ </head>
+
+ <body>
+ <h1><strong>nginx error!</strong></h1>
+
+ <div class="content">
+
+ <h3>The page you are looking for is temporarily unavailable. Please try again later.</h3>
+
+ <div class="alert">
+ <h2>Website Administrator</h2>
+ <div class="content">
+ <p>Something has triggered missing webpage on your
+ website. This is the default error page for
+ <strong>nginx</strong> that is distributed with
+ Red Hat Enterprise Linux. It is located
+ <tt>/usr/share/nginx/html/50x.html</tt></p>
+
+ <p>You should customize this error page for your own
+ site or edit the <tt>error_page</tt> directive in
+ the <strong>nginx</strong> configuration file
+ <tt>/etc/nginx/nginx.conf</tt>.</p>
+
+ <p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
+
+ </div>
+ </div>
+
+ <div class="logos">
+ <a href="http://nginx.net/"><img
+ src="nginx-logo.png"
+ alt="[ Powered by nginx ]"
+ width="121" height="32" /></a>
+ <a href="http://www.redhat.com/"><img
+ src="poweredby.png"
+ alt="[ Powered by Red Hat Enterprise Linux ]"
+ width="88" height="31" /></a>
+ </div>
+ </div>
+ </body>
+</html>
diff --git a/SOURCES/README.dynamic b/SOURCES/README.dynamic
new file mode 100644
index 0000000..59f03f6
--- /dev/null
+++ b/SOURCES/README.dynamic
@@ -0,0 +1,20 @@
+###############
+Dynamic modules
+###############
+
+Dynamic modules are loaded using the "load_modules" directive. The RPM package
+for each module has a '.conf' file in the /usr/share/nginx/modules directory.
+The '.conf' file contains a single "load_modules" directive.
+
+This means that whenever a new dynamic module is installed, it will
+automatically be enabled and Nginx will be reloaded.
+
+--------------------------------------------------------
+Prevent dynamic modules from being enabled automatically
+--------------------------------------------------------
+
+You may want to avoid dynamic modules being enabled automatically. Simply
+remove this line from the top of /etc/nginx/nginx.conf:
+
+ include /usr/lib64/nginx/modules/*.conf;
+
diff --git a/SOURCES/UPGRADE-NOTES-1.6-to-1.10 b/SOURCES/UPGRADE-NOTES-1.6-to-1.10
new file mode 100644
index 0000000..65760bf
--- /dev/null
+++ b/SOURCES/UPGRADE-NOTES-1.6-to-1.10
@@ -0,0 +1,88 @@
+#############
+Upgrade notes
+#############
+
+To resolve numerous security flaws, the nginx package was updated to 1.10.x.
+
+You should review your configuration files in /etc/nginx to determine if there
+are any incompatibilities. Below is a summary of the main incompatible changes.
+Some nginx directives have been changed or removed, so you may need to modify
+your configuration.
+
+Please see upstream release notes for a complete list of new features,
+bug fixes, and changes: http://nginx.org/en/CHANGES-1.10
+One notable feature is support for HTTP/2.
+
+Nginx gained support for dynamic modules. As part of this update, dynamic
+modules have been split into subpackages. For the time being these are hard
+dependencies to aid the upgrade path. When you install nginx, all of these
+modules are installed and enabled by default:
+ - nginx-mod-http-geoip
+ - nginx-mod-http-image-filter
+ - nginx-mod-http-perl
+ - nginx-mod-http-xslt-filter
+ - nginx-mod-mail
+ - nginx-mod-stream
+
+Changes with nginx 1.10.x
+
+ *) Change: non-idempotent requests (POST, LOCK, PATCH) are no longer
+ passed to the next server by default if a request has been sent to a
+ backend; the "non_idempotent" parameter of the "proxy_next_upstream"
+ directive explicitly allows retrying such requests.
+
+ *) Change: now the "output_buffers" directive uses two buffers by
+ default.
+
+ *) Change: now nginx limits subrequests recursion, not simultaneous
+ subrequests.
+
+ *) Change: now nginx checks the whole cache key when returning a
+ response from cache.
+ Thanks to Gena Makhomed and Sergey Brester.
+
+ *) Change: the "proxy_downstream_buffer" and "proxy_upstream_buffer"
+ directives of the stream module are replaced with the
+ "proxy_buffer_size" directive.
+
+ *) Change: duplicate "http", "mail", and "stream" blocks are now
+ disallowed.
+
+ *) Change: now SSLv3 protocol is disabled by default.
+
+ *) Change: some long deprecated directives are not supported anymore.
+
+ *) Change: obsolete aio and rtsig event methods have been removed.
+
+Changes with nginx 1.8.x
+
+ *) Change: the "sendfile" parameter of the "aio" directive is
+ deprecated; now nginx automatically uses AIO to pre-load data for
+ sendfile if both "aio" and "sendfile" directives are used.
+
+ *) Change: now the "If-Modified-Since", "If-Range", etc. client request
+ header lines are passed to a backend while caching if nginx knows in
+ advance that the response will not be cached (e.g., when using
+ proxy_cache_min_uses).
+
+ *) Change: now after proxy_cache_lock_timeout nginx sends a request to a
+ backend with caching disabled; the new directives
+ "proxy_cache_lock_age", "fastcgi_cache_lock_age",
+ "scgi_cache_lock_age", and "uwsgi_cache_lock_age" specify a time
+ after which the lock will be released and another attempt to cache a
+ response will be made.
+
+ *) Change: the "log_format" directive can now be used only at http
+ level.
+
+ *) Change: now nginx takes into account the "Vary" header line in a
+ backend response while caching.
+
+ *) Change: the deprecated "limit_zone" directive is not supported
+ anymore.
+
+ *) Change: now the "stub_status" directive does not require a parameter.
+
+ *) Change: URI escaping now uses uppercase hexadecimal digits.
+ Thanks to Piotr Sikora.
+
diff --git a/SOURCES/index.html b/SOURCES/index.html
new file mode 100644
index 0000000..7756222
--- /dev/null
+++ b/SOURCES/index.html
@@ -0,0 +1,117 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+ <head>
+ <title>Test Page for the Nginx HTTP Server on Red Hat Enterprise Linux</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <style type="text/css">
+ /*<![CDATA[*/
+ body {
+ background-color: #fff;
+ color: #000;
+ font-size: 0.9em;
+ font-family: sans-serif,helvetica;
+ margin: 0;
+ padding: 0;
+ }
+ :link {
+ color: #c00;
+ }
+ :visited {
+ color: #c00;
+ }
+ a:hover {
+ color: #f50;
+ }
+ h1 {
+ text-align: center;
+ margin: 0;
+ padding: 0.6em 2em 0.4em;
+ background-color: #900;
+ color: #fff;
+ font-weight: normal;
+ font-size: 1.75em;
+ border-bottom: 2px solid #000;
+ }
+ h1 strong {
+ font-weight: bold;
+ font-size: 1.5em;
+ }
+ h2 {
+ text-align: center;
+ background-color: #900;
+ font-size: 1.1em;
+ font-weight: bold;
+ color: #fff;
+ margin: 0;
+ padding: 0.5em;
+ border-bottom: 2px solid #000;
+ }
+ hr {
+ display: none;
+ }
+ .content {
+ padding: 1em 5em;
+ }
+ .alert {
+ border: 2px solid #000;
+ }
+
+ img {
+ border: 2px solid #fff;
+ padding: 2px;
+ margin: 2px;
+ }
+ a:hover img {
+ border: 2px solid #294172;
+ }
+ .logos {
+ margin: 1em;
+ text-align: center;
+ }
+ /*]]>*/
+ </style>
+ </head>
+
+ <body>
+ <h1>Welcome to <strong>nginx</strong> on Red Hat Enterprise Linux!</h1>
+
+ <div class="content">
+ <p>This page is used to test the proper operation of the
+ <strong>nginx</strong> HTTP server after it has been
+ installed. If you can read this page, it means that the
+ web server installed at this site is working
+ properly.</p>
+
+ <div class="alert">
+ <h2>Website Administrator</h2>
+ <div class="content">
+ <p>This is the default <tt>index.html</tt> page that
+ is distributed with <strong>nginx</strong> on
+ Red Hat Enterprise Linux. It is located in
+ <tt>/usr/share/nginx/html</tt>.</p>
+
+ <p>You should now put your content in a location of
+ your choice and edit the <tt>root</tt> configuration
+ directive in the <strong>nginx</strong>
+ configuration file
+ <tt>/etc/nginx/nginx.conf</tt>.</p>
+
+ <p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
+
+ </div>
+ </div>
+
+ <div class="logos">
+ <a href="http://nginx.net/"><img
+ src="nginx-logo.png"
+ alt="[ Powered by nginx ]"
+ width="121" height="32" /></a>
+ <a href="http://www.redhat.com/"><img
+ src="poweredby.png"
+ alt="[ Powered by Red Hat Enterprise Linux ]"
+ width="88" height="31" /></a>
+ </div>
+ </div>
+ </body>
+</html>
diff --git a/SOURCES/nginx-1.14.0-logs-perm.patch b/SOURCES/nginx-1.14.0-logs-perm.patch
new file mode 100644
index 0000000..4884a84
--- /dev/null
+++ b/SOURCES/nginx-1.14.0-logs-perm.patch
@@ -0,0 +1,13 @@
+diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c
+index aee7a58..bcceecb 100644
+--- a/src/core/ngx_cycle.c
++++ b/src/core/ngx_cycle.c
+@@ -1108,7 +1108,7 @@ ngx_reopen_files(ngx_cycle_t *cycle, ngx_uid_t user)
+ }
+
+ fd = ngx_open_file(file[i].name.data, NGX_FILE_APPEND,
+- NGX_FILE_CREATE_OR_OPEN, NGX_FILE_DEFAULT_ACCESS);
++ NGX_FILE_CREATE_OR_OPEN, NGX_FILE_DEFAULT_ACCESS | 0220);
+
+ ngx_log_debug3(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
+ "reopen file \"%s\", old:%d new:%d",
diff --git a/SOURCES/nginx-1.14.1-perl-module-hardening.patch b/SOURCES/nginx-1.14.1-perl-module-hardening.patch
new file mode 100644
index 0000000..1915ebe
--- /dev/null
+++ b/SOURCES/nginx-1.14.1-perl-module-hardening.patch
@@ -0,0 +1,13 @@
+diff --git a/src/http/modules/perl/Makefile.PL b/src/http/modules/perl/Makefile.PL
+index 7edadcb..2ebb7c4 100644
+--- a/src/http/modules/perl/Makefile.PL
++++ b/src/http/modules/perl/Makefile.PL
+@@ -14,7 +14,7 @@ WriteMakefile(
+ AUTHOR => 'Igor Sysoev',
+
+ CCFLAGS => "$ENV{NGX_PM_CFLAGS}",
+- OPTIMIZE => '-O',
++ OPTIMIZE => '-O2',
+
+ LDDLFLAGS => "$ENV{NGX_PM_LDFLAGS}",
+
diff --git a/SOURCES/nginx-1.16.0-enable-tls1v3-by-default.patch b/SOURCES/nginx-1.16.0-enable-tls1v3-by-default.patch
new file mode 100644
index 0000000..553ea79
--- /dev/null
+++ b/SOURCES/nginx-1.16.0-enable-tls1v3-by-default.patch
@@ -0,0 +1,157 @@
+diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
+index 345914f..d23967f 100644
+--- a/src/event/ngx_event_openssl.c
++++ b/src/event/ngx_event_openssl.c
+@@ -252,6 +252,8 @@ ngx_ssl_init(ngx_log_t *log)
+ ngx_int_t
+ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
+ {
++ ngx_uint_t prot = NGX_SSL_NO_PROT;
++
+ ssl->ctx = SSL_CTX_new(SSLv23_method());
+
+ if (ssl->ctx == NULL) {
+@@ -316,49 +318,54 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
+
+ SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE);
+
+-#if OPENSSL_VERSION_NUMBER >= 0x009080dfL
+- /* only in 0.9.8m+ */
+- SSL_CTX_clear_options(ssl->ctx,
+- SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1);
+-#endif
+-
+- if (!(protocols & NGX_SSL_SSLv2)) {
+- SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv2);
+- }
+- if (!(protocols & NGX_SSL_SSLv3)) {
+- SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv3);
+- }
+- if (!(protocols & NGX_SSL_TLSv1)) {
+- SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1);
+- }
+-#ifdef SSL_OP_NO_TLSv1_1
+- SSL_CTX_clear_options(ssl->ctx, SSL_OP_NO_TLSv1_1);
+- if (!(protocols & NGX_SSL_TLSv1_1)) {
+- SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_1);
+- }
++ if (protocols){
++#ifdef SSL_OP_NO_TLSv1_3
++ if (protocols & NGX_SSL_TLSv1_3) {
++ prot = TLS1_3_VERSION;
++ } else
+ #endif
+ #ifdef SSL_OP_NO_TLSv1_2
+- SSL_CTX_clear_options(ssl->ctx, SSL_OP_NO_TLSv1_2);
+- if (!(protocols & NGX_SSL_TLSv1_2)) {
+- SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_2);
+- }
++ if (protocols & NGX_SSL_TLSv1_2) {
++ prot = TLS1_2_VERSION;
++ } else
+ #endif
+-#ifdef SSL_OP_NO_TLSv1_3
+- SSL_CTX_clear_options(ssl->ctx, SSL_OP_NO_TLSv1_3);
+- if (!(protocols & NGX_SSL_TLSv1_3)) {
+- SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_3);
+- }
++#ifdef SSL_OP_NO_TLSv1_1
++ if (protocols & NGX_SSL_TLSv1_1) {
++ prot = TLS1_1_VERSION;
++ } else
+ #endif
++ if (protocols & NGX_SSL_TLSv1) {
++ prot = TLS1_VERSION;
++ }
++
++ if (prot == NGX_SSL_NO_PROT) {
++ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
++ "No SSL protocols available [hint: ssl_protocols]");
++ return NGX_ERROR;
++ }
+
+-#ifdef SSL_CTX_set_min_proto_version
+- SSL_CTX_set_min_proto_version(ssl->ctx, 0);
+- SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_2_VERSION);
++ SSL_CTX_set_max_proto_version(ssl->ctx, prot);
++
++ /* Now, we have to scan for minimal protocol version,
++ *without allowing holes between min and max*/
++#if SSL_OP_NO_TLSv1_3
++ if ((prot == TLS1_3_VERSION) && (protocols & NGX_SSL_TLSv1_2)) {
++ prot = TLS1_2_VERSION;
++ }
+ #endif
+
+-#ifdef TLS1_3_VERSION
+- SSL_CTX_set_min_proto_version(ssl->ctx, 0);
+- SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_3_VERSION);
++#ifdef SSL_OP_NO_TLSv1_1
++ if ((prot == TLS1_2_VERSION) && (protocols & NGX_SSL_TLSv1_1)) {
++ prot = TLS1_1_VERSION;
++ }
++#endif
++#ifdef SSL_OP_NO_TLSv1_2
++ if ((prot == TLS1_1_VERSION) && (protocols & NGX_SSL_TLSv1)) {
++ prot = TLS1_VERSION;
++ }
+ #endif
++ SSL_CTX_set_min_proto_version(ssl->ctx, prot);
++ }
+
+ #ifdef SSL_OP_NO_COMPRESSION
+ SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION);
+diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
+index 61da0c5..fa7ac41 100644
+--- a/src/event/ngx_event_openssl.h
++++ b/src/event/ngx_event_openssl.h
+@@ -145,6 +145,7 @@ typedef struct {
+ #endif
+
+
++#define NGX_SSL_NO_PROT 0x0000
+ #define NGX_SSL_SSLv2 0x0002
+ #define NGX_SSL_SSLv3 0x0004
+ #define NGX_SSL_TLSv1 0x0008
+diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
+index b3f8f47..8340a12 100644
+--- a/src/http/modules/ngx_http_ssl_module.c
++++ b/src/http/modules/ngx_http_ssl_module.c
+@@ -613,8 +613,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
+ ngx_conf_merge_value(conf->early_data, prev->early_data, 0);
+
+ ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
+- (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
+- |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
++ 0)
+
+ ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size,
+ NGX_SSL_BUFSIZE);
+diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c
+index 5544f75..3316a4b 100644
+--- a/src/mail/ngx_mail_ssl_module.c
++++ b/src/mail/ngx_mail_ssl_module.c
+@@ -291,8 +291,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
+ prev->prefer_server_ciphers, 0);
+
+ ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
+- (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
+- |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
++ 0);
+
+ ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
+ ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
+diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c
+index ec9524e..37af046 100644
+--- a/src/stream/ngx_stream_ssl_module.c
++++ b/src/stream/ngx_stream_ssl_module.c
+@@ -625,8 +625,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
+ prev->prefer_server_ciphers, 0);
+
+ ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
+- (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
+- |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
++ 0);
+
+ ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
+ ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
diff --git a/SOURCES/nginx-1.16.0-pkcs11.patch b/SOURCES/nginx-1.16.0-pkcs11.patch
new file mode 100644
index 0000000..b367d5b
--- /dev/null
+++ b/SOURCES/nginx-1.16.0-pkcs11.patch
@@ -0,0 +1,29 @@
+diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
+index 7be4fb4..ab3865a 100644
+--- a/src/event/ngx_event_openssl.c
++++ b/src/event/ngx_event_openssl.c
+@@ -727,16 +727,24 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
+ return NULL;
+ }
+
++ if (!ENGINE_init(engine)) {
++ *err = "ENGINE_init() failed";
++ ENGINE_free(engine);
++ return NULL;
++ }
++
+ *last++ = ':';
+
+ pkey = ENGINE_load_private_key(engine, (char *) last, 0, 0);
+
+ if (pkey == NULL) {
+ *err = "ENGINE_load_private_key() failed";
++ ENGINE_finish(engine);
+ ENGINE_free(engine);
+ return NULL;
+ }
+
++ ENGINE_finish(engine);
+ ENGINE_free(engine);
+
+ return pkey;
diff --git a/SOURCES/nginx-1.18.0-pkcs11-cert.patch b/SOURCES/nginx-1.18.0-pkcs11-cert.patch
new file mode 100644
index 0000000..c862515
--- /dev/null
+++ b/SOURCES/nginx-1.18.0-pkcs11-cert.patch
@@ -0,0 +1,76 @@
+diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
+index 0a2f260..606b6e2 100644
+--- a/src/event/ngx_event_openssl.c
++++ b/src/event/ngx_event_openssl.c
+@@ -616,6 +616,71 @@ ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert,
+ X509 *x509, *temp;
+ u_long n;
+
++ if (ngx_strncmp(cert->data, "engine:", sizeof("engine:") - 1) == 0) {
++
++#ifndef OPENSSL_NO_ENGINE
++
++ u_char *p, *last;
++ ENGINE *engine;
++
++ p = cert->data + sizeof("engine:") - 1;
++ last = (u_char *) ngx_strchr(p, ':');
++
++ if (last == NULL) {
++ *err = "invalid syntax";
++ return NULL;
++ }
++
++ *last = '\0';
++
++ engine = ENGINE_by_id((char *) p);
++
++ if (engine == NULL) {
++ *err = "ENGINE_by_id() failed";
++ return NULL;
++ }
++
++ if (!ENGINE_init(engine)) {
++ *err = "ENGINE_init() failed";
++ ENGINE_free(engine);
++ return NULL;
++ }
++
++ *last++ = ':';
++
++ struct {
++ const char *cert_id;
++ X509 *cert;
++ } params = { (char *) last, NULL };
++
++ if (!ENGINE_ctrl_cmd(engine, "LOAD_CERT_CTRL", 0, ¶ms, NULL, 1)) {
++ *err = "ENGINE_ctrl_cmd() failed - Unable to get the certificate";
++ ENGINE_free(engine);
++ return NULL;
++ }
++
++ ENGINE_finish(engine);
++ ENGINE_free(engine);
++
++ /* set chain to null */
++
++ *chain = sk_X509_new_null();
++ if (*chain == NULL) {
++ *err = "sk_X509_new_null() failed";
++ X509_free(params.cert);
++ return NULL;
++ }
++
++ return params.cert;
++
++#else
++
++ *err = "loading \"engine:...\" certificate is not supported";
++ return NULL;
++
++#endif
++ }
++
+ if (ngx_strncmp(cert->data, "data:", sizeof("data:") - 1) == 0) {
+
+ bio = BIO_new_mem_buf(cert->data + sizeof("data:") - 1,
diff --git a/SOURCES/nginx-auto-cc-gcc.patch b/SOURCES/nginx-auto-cc-gcc.patch
new file mode 100644
index 0000000..ff693dc
--- /dev/null
+++ b/SOURCES/nginx-auto-cc-gcc.patch
@@ -0,0 +1,13 @@
+--- auto/cc/gcc.orig 2007-03-22 08:34:53.000000000 -0600
++++ auto/cc/gcc 2007-03-22 08:58:47.000000000 -0600
+@@ -172,7 +172,9 @@
+
+
+ # stop on warning
+-CFLAGS="$CFLAGS -Werror"
++# This combined with Fedora's FORTIFY_SOURCE=2 option causes it nginx
++# to not compile.
++#CFLAGS="$CFLAGS -Werror"
+
+ # debug
+ CFLAGS="$CFLAGS -g"
diff --git a/SOURCES/nginx-logo.png b/SOURCES/nginx-logo.png
new file mode 100644
index 0000000..638b499
Binary files /dev/null and b/SOURCES/nginx-logo.png differ
diff --git a/SOURCES/nginx-upgrade b/SOURCES/nginx-upgrade
new file mode 100644
index 0000000..f84d91a
--- /dev/null
+++ b/SOURCES/nginx-upgrade
@@ -0,0 +1,19 @@
+#!/bin/sh
+[ ! -f /run/nginx.pid ] && exit 1
+echo "Start new nginx master..."
+/bin/systemctl kill --signal=SIGUSR2 nginx.service
+sleep 5
+[ ! -f /run/nginx.pid.oldbin ] && sleep 10
+if [ ! -f /run/nginx.pid.oldbin ]; then
+ echo "Failed to start new nginx master."
+ exit 1
+fi
+echo "Stop old nginx master gracefully..."
+oldpid=`/usr/bin/cat /run/nginx.pid.oldbin 2>/dev/null`
+/bin/kill -s QUIT $oldpid 2>/dev/null
+sleep 5
+[ -f /run/nginx.pid.oldbin ] && sleep 10
+if [ -f /run/nginx.pid.oldbin ]; then
+ echo "Failed to stop old nginx master."
+ exit 1
+fi
diff --git a/SOURCES/nginx-upgrade.8 b/SOURCES/nginx-upgrade.8
new file mode 100644
index 0000000..2a435ab
--- /dev/null
+++ b/SOURCES/nginx-upgrade.8
@@ -0,0 +1,151 @@
+.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "NGINX-UPGRADE 8"
+.TH NGINX-UPGRADE 8 "2012-10-28" " " " "
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+nginx\-upgrade \- tool to upgrade nginx without any downtime
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fInginx-upgrade\fR
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+This downstream shell script updates nginx without any downtime. After
+upgrading nginx via the package manager, running this script will create
+a new nginx master. This master takes over all new requests. The old
+masters and workers are then gracefully shutdown without breaking any
+existing connections.
+.PP
+For further information, see: <http://nginx.org/en/docs/control.html>
+.SH "BUGS"
+.IX Header "BUGS"
+If you find any bugs, please send an email to the author.
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Jamie Nguyen <jamielinux@fedoraproject.org>
diff --git a/SOURCES/nginx.conf b/SOURCES/nginx.conf
new file mode 100644
index 0000000..f85920a
--- /dev/null
+++ b/SOURCES/nginx.conf
@@ -0,0 +1,84 @@
+# For more information on configuration, see:
+# * Official English Documentation: http://nginx.org/en/docs/
+# * Official Russian Documentation: http://nginx.org/ru/docs/
+
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+ worker_connections 1024;
+}
+
+http {
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ access_log /var/log/nginx/access.log main;
+
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 65;
+ types_hash_max_size 4096;
+
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ # Load modular configuration files from the /etc/nginx/conf.d directory.
+ # See http://nginx.org/en/docs/ngx_core_module.html#include
+ # for more information.
+ include /etc/nginx/conf.d/*.conf;
+
+ server {
+ listen 80;
+ listen [::]:80;
+ server_name _;
+ root /usr/share/nginx/html;
+
+ # Load configuration files for the default server block.
+ include /etc/nginx/default.d/*.conf;
+
+ error_page 404 /404.html;
+ location = /40x.html {
+ }
+
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ }
+ }
+
+# Settings for a TLS enabled server.
+#
+# server {
+# listen 443 ssl http2;
+# listen [::]:443 ssl http2;
+# server_name _;
+# root /usr/share/nginx/html;
+#
+# ssl_certificate "/etc/pki/nginx/server.crt";
+# ssl_certificate_key "/etc/pki/nginx/private/server.key";
+# ssl_session_cache shared:SSL:1m;
+# ssl_session_timeout 10m;
+# ssl_ciphers PROFILE=SYSTEM;
+# ssl_prefer_server_ciphers on;
+#
+# # Load configuration files for the default server block.
+# include /etc/nginx/default.d/*.conf;
+#
+# error_page 404 /404.html;
+# location = /40x.html {
+# }
+#
+# error_page 500 502 503 504 /50x.html;
+# location = /50x.html {
+# }
+# }
+
+}
+
diff --git a/SOURCES/nginx.logrotate b/SOURCES/nginx.logrotate
new file mode 100644
index 0000000..353da6e
--- /dev/null
+++ b/SOURCES/nginx.logrotate
@@ -0,0 +1,13 @@
+/var/log/nginx/*log {
+ create 0664 nginx root
+ daily
+ rotate 10
+ missingok
+ notifempty
+ compress
+ sharedscripts
+ postrotate
+ /bin/kill -USR1 `cat /run/nginx.pid 2>/dev/null` 2>/dev/null || true
+ endscript
+}
+
diff --git a/SOURCES/nginx.service b/SOURCES/nginx.service
new file mode 100644
index 0000000..8597eb4
--- /dev/null
+++ b/SOURCES/nginx.service
@@ -0,0 +1,21 @@
+[Unit]
+Description=The nginx HTTP and reverse proxy server
+After=network.target remote-fs.target nss-lookup.target
+
+[Service]
+Type=forking
+PIDFile=/run/nginx.pid
+# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
+# SELinux context. This might happen when running `nginx -t` from the cmdline.
+# https://bugzilla.redhat.com/show_bug.cgi?id=1268621
+ExecStartPre=/usr/bin/rm -f /run/nginx.pid
+ExecStartPre=/usr/sbin/nginx -t
+ExecStart=/usr/sbin/nginx
+ExecReload=/bin/kill -s HUP $MAINPID
+KillSignal=SIGQUIT
+TimeoutStopSec=5
+KillMode=mixed
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/SPECS/nginx.spec b/SPECS/nginx.spec
new file mode 100644
index 0000000..04a67c7
--- /dev/null
+++ b/SPECS/nginx.spec
@@ -0,0 +1,924 @@
+%global _hardened_build 1
+%global nginx_user nginx
+
+# Disable strict symbol checks in the link editor.
+# See: https://src.fedoraproject.org/rpms/redhat-rpm-config/c/078af19
+%undefine _strict_symbol_defs_build
+
+%global with_gperftools 0
+
+%bcond_with geoip
+
+
+%global with_aio 1
+
+%if 0%{?fedora} > 22
+%global with_mailcap_mimetypes 1
+%endif
+
+Name: nginx
+Epoch: 1
+Version: 1.18.0
+Release: 2%{?dist}
+
+Summary: A high performance web server and reverse proxy server
+Group: System Environment/Daemons
+# BSD License (two clause)
+# http://www.freebsd.org/copyright/freebsd-license.html
+License: BSD
+URL: http://nginx.org/
+
+Source0: https://nginx.org/download/nginx-%{version}.tar.gz
+Source10: nginx.service
+Source11: nginx.logrotate
+Source12: nginx.conf
+Source13: nginx-upgrade
+Source14: nginx-upgrade.8
+Source100: index.html
+Source101: poweredby.png
+Source102: nginx-logo.png
+Source103: 404.html
+Source104: 50x.html
+Source200: README.dynamic
+Source210: UPGRADE-NOTES-1.6-to-1.10
+
+# removes -Werror in upstream build scripts. -Werror conflicts with
+# -D_FORTIFY_SOURCE=2 causing warnings to turn into errors.
+Patch0: nginx-auto-cc-gcc.patch
+
+# downstream patch - changing logs permissions to 664 instead
+# previous 644
+Patch1: nginx-1.14.0-logs-perm.patch
+
+# PKCS#11 engine fix
+Patch2: nginx-1.16.0-pkcs11.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1655530
+Patch3: nginx-1.14.1-perl-module-hardening.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1643647
+Patch4: nginx-1.16.0-enable-tls1v3-by-default.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1668717
+Patch5: nginx-1.18.0-pkcs11-cert.patch
+
+%if 0%{?with_gperftools}
+BuildRequires: gperftools-devel
+%endif
+BuildRequires: openssl-devel
+BuildRequires: pcre-devel
+BuildRequires: zlib-devel
+
+Requires: nginx-filesystem = %{epoch}:%{version}-%{release}
+
+%if 0%{?rhel} > 0 && 0%{?rhel} < 8
+# Introduced at 1:1.10.0-1 to ease upgrade path. To be removed later.
+Requires: nginx-all-modules = %{epoch}:%{version}-%{release}
+%endif
+
+Requires: openssl
+Requires: pcre
+Requires(pre): nginx-filesystem
+%if 0%{?with_mailcap_mimetypes}
+Requires: nginx-mimetypes
+%endif
+Provides: webserver
+
+BuildRequires: systemd
+Requires(post): systemd
+Requires(preun): systemd
+Requires(postun): systemd
+
+%description
+Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
+IMAP protocols, with a strong focus on high concurrency, performance and low
+memory usage.
+
+%package all-modules
+Group: System Environment/Daemons
+Summary: A meta package that installs all available Nginx modules
+BuildArch: noarch
+
+%if %{with geoip}
+Requires: nginx-mod-http-geoip = %{epoch}:%{version}-%{release}
+%endif
+Requires: nginx-mod-http-image-filter = %{epoch}:%{version}-%{release}
+Requires: nginx-mod-http-perl = %{epoch}:%{version}-%{release}
+Requires: nginx-mod-http-xslt-filter = %{epoch}:%{version}-%{release}
+Requires: nginx-mod-mail = %{epoch}:%{version}-%{release}
+Requires: nginx-mod-stream = %{epoch}:%{version}-%{release}
+
+%description all-modules
+A meta package that installs all available Nginx modules.
+
+%package filesystem
+Group: System Environment/Daemons
+Summary: The basic directory layout for the Nginx server
+BuildArch: noarch
+Requires(pre): shadow-utils
+
+%description filesystem
+The nginx-filesystem package contains the basic directory layout
+for the Nginx server including the correct permissions for the
+directories.
+
+%if %{with geoip}
+%package mod-http-geoip
+Group: System Environment/Daemons
+Summary: Nginx HTTP geoip module
+BuildRequires: GeoIP-devel
+Requires: nginx
+Requires: GeoIP
+
+%description mod-http-geoip
+%{summary}.
+%endif
+
+%package mod-http-image-filter
+Group: System Environment/Daemons
+Summary: Nginx HTTP image filter module
+BuildRequires: gd-devel
+Requires: nginx
+Requires: gd
+
+%description mod-http-image-filter
+%{summary}.
+
+%package mod-http-perl
+Group: System Environment/Daemons
+Summary: Nginx HTTP perl module
+BuildRequires: perl-devel
+%if 0%{?fedora} >= 24
+BuildRequires: perl-generators
+%endif
+BuildRequires: perl(ExtUtils::Embed)
+Requires: nginx
+Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
+Requires: perl(constant)
+
+%description mod-http-perl
+%{summary}.
+
+%package mod-http-xslt-filter
+Group: System Environment/Daemons
+Summary: Nginx XSLT module
+BuildRequires: libxslt-devel
+Requires: nginx
+
+%description mod-http-xslt-filter
+%{summary}.
+
+%package mod-mail
+Group: System Environment/Daemons
+Summary: Nginx mail modules
+Requires: nginx
+
+%description mod-mail
+%{summary}.
+
+%package mod-stream
+Group: System Environment/Daemons
+Summary: Nginx stream modules
+Requires: nginx
+
+%description mod-stream
+%{summary}.
+
+
+%prep
+%setup -q
+%patch0 -p0
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+
+cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} .
+
+%if 0%{?rhel} > 0 && 0%{?rhel} < 8
+sed -i -e 's#KillMode=.*#KillMode=process#g' nginx.service
+sed -i -e 's#PROFILE=SYSTEM#HIGH:!aNULL:!MD5#' nginx.conf
+%endif
+
+
+%build
+# nginx does not utilize a standard configure script. It has its own
+# and the standard configure options cause the nginx configure script
+# to error out. This is is also the reason for the DESTDIR environment
+# variable.
+export DESTDIR=%{buildroot}
+./configure \
+ --prefix=%{_datadir}/nginx \
+ --sbin-path=%{_sbindir}/nginx \
+ --modules-path=%{_libdir}/nginx/modules \
+ --conf-path=%{_sysconfdir}/nginx/nginx.conf \
+ --error-log-path=%{_localstatedir}/log/nginx/error.log \
+ --http-log-path=%{_localstatedir}/log/nginx/access.log \
+ --http-client-body-temp-path=%{_localstatedir}/lib/nginx/tmp/client_body \
+ --http-proxy-temp-path=%{_localstatedir}/lib/nginx/tmp/proxy \
+ --http-fastcgi-temp-path=%{_localstatedir}/lib/nginx/tmp/fastcgi \
+ --http-uwsgi-temp-path=%{_localstatedir}/lib/nginx/tmp/uwsgi \
+ --http-scgi-temp-path=%{_localstatedir}/lib/nginx/tmp/scgi \
+ --pid-path=/run/nginx.pid \
+ --lock-path=/run/lock/subsys/nginx \
+ --user=%{nginx_user} \
+ --group=%{nginx_user} \
+%if 0%{?with_aio}
+ --with-file-aio \
+%endif
+ --with-ipv6 \
+ --with-http_ssl_module \
+ --with-http_v2_module \
+ --with-http_realip_module \
+ --with-stream_ssl_preread_module \
+ --with-http_addition_module \
+ --with-http_xslt_module=dynamic \
+ --with-http_image_filter_module=dynamic \
+%if %{with geoip}
+ --with-http_geoip_module=dynamic \
+%endif
+ --with-http_sub_module \
+ --with-http_dav_module \
+ --with-http_flv_module \
+ --with-http_mp4_module \
+ --with-http_gunzip_module \
+ --with-http_gzip_static_module \
+ --with-http_random_index_module \
+ --with-http_secure_link_module \
+ --with-http_degradation_module \
+ --with-http_slice_module \
+ --with-http_stub_status_module \
+ --with-http_perl_module=dynamic \
+ --with-http_auth_request_module \
+ --with-mail=dynamic \
+ --with-mail_ssl_module \
+ --with-pcre \
+ --with-pcre-jit \
+ --with-stream=dynamic \
+ --with-stream_ssl_module \
+%if 0%{?with_gperftools}
+ --with-google_perftools_module \
+%endif
+ --with-debug \
+ --with-cc-opt="%{optflags} $(pcre-config --cflags)" \
+ --with-ld-opt="$RPM_LD_FLAGS -Wl,-E" # so the perl module finds its symbols
+
+make %{?_smp_mflags}
+
+
+%install
+make install DESTDIR=%{buildroot} INSTALLDIRS=vendor
+
+find %{buildroot} -type f -name .packlist -exec rm -f '{}' \;
+find %{buildroot} -type f -name perllocal.pod -exec rm -f '{}' \;
+find %{buildroot} -type f -empty -exec rm -f '{}' \;
+find %{buildroot} -type f -iname '*.so' -exec chmod 0755 '{}' \;
+
+install -p -D -m 0644 ./nginx.service \
+ %{buildroot}%{_unitdir}/nginx.service
+install -p -D -m 0644 %{SOURCE11} \
+ %{buildroot}%{_sysconfdir}/logrotate.d/nginx
+
+install -p -d -m 0755 %{buildroot}%{_sysconfdir}/systemd/system/nginx.service.d
+install -p -d -m 0755 %{buildroot}%{_unitdir}/nginx.service.d
+
+install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/conf.d
+install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/default.d
+
+install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx
+install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx/tmp
+install -p -d -m 0700 %{buildroot}%{_localstatedir}/log/nginx
+
+install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/html
+install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/modules
+install -p -d -m 0755 %{buildroot}%{_libdir}/nginx/modules
+
+install -p -m 0644 ./nginx.conf \
+ %{buildroot}%{_sysconfdir}/nginx
+install -p -m 0644 %{SOURCE100} \
+ %{buildroot}%{_datadir}/nginx/html
+install -p -m 0644 %{SOURCE101} %{SOURCE102} \
+ %{buildroot}%{_datadir}/nginx/html
+install -p -m 0644 %{SOURCE103} %{SOURCE104} \
+ %{buildroot}%{_datadir}/nginx/html
+
+%if 0%{?with_mailcap_mimetypes}
+rm -f %{buildroot}%{_sysconfdir}/nginx/mime.types
+%endif
+
+install -p -D -m 0644 %{_builddir}/nginx-%{version}/objs/nginx.8 \
+ %{buildroot}%{_mandir}/man8/nginx.8
+
+install -p -D -m 0755 %{SOURCE13} %{buildroot}%{_bindir}/nginx-upgrade
+install -p -D -m 0644 %{SOURCE14} %{buildroot}%{_mandir}/man8/nginx-upgrade.8
+
+for i in ftdetect indent syntax; do
+ install -p -D -m644 contrib/vim/${i}/nginx.vim \
+ %{buildroot}%{_datadir}/vim/vimfiles/${i}/nginx.vim
+done
+
+%if %{with geoip}
+echo 'load_module "%{_libdir}/nginx/modules/ngx_http_geoip_module.so";' \
+ > %{buildroot}%{_datadir}/nginx/modules/mod-http-geoip.conf
+%endif
+echo 'load_module "%{_libdir}/nginx/modules/ngx_http_image_filter_module.so";' \
+ > %{buildroot}%{_datadir}/nginx/modules/mod-http-image-filter.conf
+echo 'load_module "%{_libdir}/nginx/modules/ngx_http_perl_module.so";' \
+ > %{buildroot}%{_datadir}/nginx/modules/mod-http-perl.conf
+echo 'load_module "%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so";' \
+ > %{buildroot}%{_datadir}/nginx/modules/mod-http-xslt-filter.conf
+echo 'load_module "%{_libdir}/nginx/modules/ngx_mail_module.so";' \
+ > %{buildroot}%{_datadir}/nginx/modules/mod-mail.conf
+echo 'load_module "%{_libdir}/nginx/modules/ngx_stream_module.so";' \
+ > %{buildroot}%{_datadir}/nginx/modules/mod-stream.conf
+
+%pre filesystem
+getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user}
+getent passwd %{nginx_user} > /dev/null || \
+ useradd -r -d %{_localstatedir}/lib/nginx -g %{nginx_user} \
+ -s /sbin/nologin -c "Nginx web server" %{nginx_user}
+exit 0
+
+%post
+%systemd_post nginx.service
+
+%if %{with geoip}
+%post mod-http-geoip
+if [ $1 -eq 1 ]; then
+ /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
+fi
+%endif
+
+%post mod-http-image-filter
+if [ $1 -eq 1 ]; then
+ /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
+fi
+
+%post mod-http-perl
+if [ $1 -eq 1 ]; then
+ /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
+fi
+
+%post mod-http-xslt-filter
+if [ $1 -eq 1 ]; then
+ /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
+fi
+
+%post mod-mail
+if [ $1 -eq 1 ]; then
+ /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
+fi
+
+%post mod-stream
+if [ $1 -eq 1 ]; then
+ /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
+fi
+
+%preun
+%systemd_preun nginx.service
+
+%postun
+%systemd_postun nginx.service
+if [ $1 -ge 1 ]; then
+ /usr/bin/nginx-upgrade >/dev/null 2>&1 || :
+fi
+
+%files
+%license LICENSE
+%doc CHANGES README README.dynamic
+%if 0%{?rhel} == 7
+%doc UPGRADE-NOTES-1.6-to-1.10
+%endif
+%{_datadir}/nginx/html/*
+%{_bindir}/nginx-upgrade
+%{_sbindir}/nginx
+%{_datadir}/vim/vimfiles/ftdetect/nginx.vim
+%{_datadir}/vim/vimfiles/syntax/nginx.vim
+%{_datadir}/vim/vimfiles/indent/nginx.vim
+%{_mandir}/man3/nginx.3pm*
+%{_mandir}/man8/nginx.8*
+%{_mandir}/man8/nginx-upgrade.8*
+%{_unitdir}/nginx.service
+%config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf
+%config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf.default
+%config(noreplace) %{_sysconfdir}/nginx/fastcgi_params
+%config(noreplace) %{_sysconfdir}/nginx/fastcgi_params.default
+%config(noreplace) %{_sysconfdir}/nginx/koi-utf
+%config(noreplace) %{_sysconfdir}/nginx/koi-win
+%if ! 0%{?with_mailcap_mimetypes}
+%config(noreplace) %{_sysconfdir}/nginx/mime.types
+%endif
+%config(noreplace) %{_sysconfdir}/nginx/mime.types.default
+%config(noreplace) %{_sysconfdir}/nginx/nginx.conf
+%config(noreplace) %{_sysconfdir}/nginx/nginx.conf.default
+%config(noreplace) %{_sysconfdir}/nginx/scgi_params
+%config(noreplace) %{_sysconfdir}/nginx/scgi_params.default
+%config(noreplace) %{_sysconfdir}/nginx/uwsgi_params
+%config(noreplace) %{_sysconfdir}/nginx/uwsgi_params.default
+%config(noreplace) %{_sysconfdir}/nginx/win-utf
+%config(noreplace) %{_sysconfdir}/logrotate.d/nginx
+%attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx
+%attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx/tmp
+%attr(770,%{nginx_user},root) %dir %{_localstatedir}/log/nginx
+%dir %{_libdir}/nginx/modules
+
+%files all-modules
+
+%files filesystem
+%dir %{_datadir}/nginx
+%dir %{_datadir}/nginx/html
+%dir %{_sysconfdir}/nginx
+%dir %{_sysconfdir}/nginx/conf.d
+%dir %{_sysconfdir}/nginx/default.d
+%dir %{_sysconfdir}/systemd/system/nginx.service.d
+%dir %{_unitdir}/nginx.service.d
+
+%if %{with geoip}
+%files mod-http-geoip
+%{_datadir}/nginx/modules/mod-http-geoip.conf
+%{_libdir}/nginx/modules/ngx_http_geoip_module.so
+%endif
+
+%files mod-http-image-filter
+%{_datadir}/nginx/modules/mod-http-image-filter.conf
+%{_libdir}/nginx/modules/ngx_http_image_filter_module.so
+
+%files mod-http-perl
+%{_datadir}/nginx/modules/mod-http-perl.conf
+%{_libdir}/nginx/modules/ngx_http_perl_module.so
+%dir %{perl_vendorarch}/auto/nginx
+%{perl_vendorarch}/nginx.pm
+%{perl_vendorarch}/auto/nginx/nginx.so
+
+%files mod-http-xslt-filter
+%{_datadir}/nginx/modules/mod-http-xslt-filter.conf
+%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so
+
+%files mod-mail
+%{_datadir}/nginx/modules/mod-mail.conf
+%{_libdir}/nginx/modules/ngx_mail_module.so
+
+%files mod-stream
+%{_datadir}/nginx/modules/mod-stream.conf
+%{_libdir}/nginx/modules/ngx_stream_module.so
+
+
+%changelog
+* Wed Apr 22 2020 Lubos Uhliarik <luhliari@redhat.com> - 1:1.18.0-2
+- new version 1.18.0
+- Resolves: #1668717 - [RFE] Support loading certificates from hardware token
+ (PKCS#11)
+- Increased types_hash_max_size to 4096 in default config
+- Drop location / from default config (rhbz#1564768)
+- Drop default_sever from default config (rhbz#1373822)
+
+* Thu Aug 29 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.1-1
+- update to 1.16.1
+- Resolves: #1745697 - CVE-2019-9511 nginx:1.16/nginx: HTTP/2: large amount
+ of data request leads to denial of service
+- Resolves: #1745690 - CVE-2019-9513 nginx:1.16/nginx: HTTP/2: flood using
+ PRIORITY frames resulting in excessive resource consumption
+- Resolves: #1745645 - CVE-2019-9516 nginx:1.16/nginx: HTTP/2: 0-length
+ headers leads to denial of service
+
+* Wed Jun 26 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.0-2
+- Resolves: #1718929 - ssl_protocols config option has faulty behavior
+ in nginx:1.16
+
+* Mon May 06 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.0-1
+- new version 1.16.0
+- enable ngx_stream_ssl_preread module
+- main package does NOT require all-modules package
+
+* Wed Dec 12 2018 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.1-8
+- enable TLS 1.3 by default (#1643647)
+- TLSv1.0 and TLSv1.1 can be enabled now (#1644746)
+
+* Tue Dec 11 2018 Joe Orton <jorton@redhat.com> - 1:1.14.1-3
+- fix unexpanded paths in nginx(8) (#1643069)
+
+* Mon Dec 03 2018 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.1-2
+- Resolves: #1655530 - Hardening tests fail for nginx
+
+* Mon Nov 19 2018 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.1-1
+- new version 1.14.1
+- Resolves: #1647257 - CVE-2018-16845 nginx: Denial of service and
+ memory disclosure via mp4 module
+- Resolves: #1647262 - CVE-2018-16844 nginx: Excessive CPU usage
+ via flaw in HTTP/2 implementation
+- Resolves: #1647263 - CVE-2018-16843 nginx: Excessive memory consumption
+ via flaw in HTTP/2 implementation
+
+* Wed Aug 8 2018 Joe Orton <jorton@redhat.com> - 1:1.14.0-3
+- fix PKCS#11 support (Anderson Sasaki, #1545526)
+
+* Mon Aug 06 2018 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.0-2
+- add dependency on perl(constant)
+
+* Mon Jul 30 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.14.0-1
+- Resolves: #1558420 - directory permissions are now correct after processing
+ USR1 signal
+- Resolves: #1601414 - nginx: drop GeoIP support
+
+* Thu Jul 19 2018 Joe Orton <jorton@redhat.com> - 1:1.12.1-12
+- add build conditional for geoip support
+
+* Thu May 03 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.14.0-1
+- new version 1.14.0
+
+* Wed Apr 25 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.1-9
+- changed directory permissions (#1558420)
+
+* Fri Mar 23 2018 Joe Orton <jorton@redhat.com> - 1:1.12.1-8
+- disable gperftools (#1496868)
+
+* Thu Mar 22 2018 Joe Orton <jorton@redhat.com> - 1:1.12.1-7
+- update branding (#1512565)
+
+* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.1-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Wed Jan 24 2018 Björn Esser <besser82@fedoraproject.org> - 1:1.12.1-5
+- Add patch to apply glibc bugfix if really needed only
+- Disable strict symbol checks in the link editor
+
+* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 1:1.12.1-4
+- Rebuilt for switch to libxcrypt
+
+* Tue Oct 24 2017 Joe Orton <jorton@redhat.com> - 1:1.12.1-3
+- rebuild
+
+* Tue Sep 19 2017 Remi Collet <remi@fedoraproject.org> - 1:1.12.1-2
+- own system drop-in directories #1493036
+
+* Tue Aug 15 2017 Joe Orton <jorton@redhat.com> - 1:1.12.1-1
+- update to 1.12.1 (#1469924)
+- enable http_auth_request_module (Tim Niemueller, #1471106)
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Sun Jun 04 2017 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.12.0-2
+- Perl 5.26 rebuild
+
+* Tue May 30 2017 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.0-1
+- new version 1.12.0
+
+* Wed Feb 8 2017 Joe Orton <jorton@redhat.com> - 1:1.10.3-1
+- update to upstream release 1.10.3
+
+* Mon Oct 31 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.2-1
+- update to upstream release 1.10.2
+
+* Tue May 31 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.1-1
+- update to upstream release 1.10.1
+
+* Sun May 15 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.10.0-4
+- Perl 5.24 rebuild
+
+* Sun May 8 2016 Peter Robinson <pbrobinson@fedoraproject.org> 1:1.10.0-3
+- Enable AIO on aarch64 (rhbz 1258414)
+
+* Wed Apr 27 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.0-2
+- only Require nginx-all-modules for EPEL and current Fedora releases
+
+* Wed Apr 27 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.0-1
+- update to upstream release 1.10.0
+- split dynamic modules into subpackages
+- spec file cleanup
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.8.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Tue Jan 26 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.1-1
+- update to upstream release 1.8.1
+- CVE-2016-0747: Insufficient limits of CNAME resolution in resolver
+- CVE-2016-0746: Use-after-free during CNAME response processing in resolver
+- CVE-2016-0742: Invalid pointer dereference in resolver
+
+* Sun Oct 04 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-14
+- consistently use '%%global with_foo' style of logic
+- remove PID file before starting nginx (#1268621)
+
+* Fri Sep 25 2015 Ville Skyttä <ville.skytta@iki.fi> - 1:1.8.0-13
+- Use nginx-mimetypes from mailcap (#1248736)
+- Mark LICENSE as %%license
+
+* Thu Sep 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-12
+- also build with gperftools on aarch64 (#1258412)
+
+* Wed Aug 12 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 1:1.8.0-11
+- nginx.conf: added commented-out SSL configuration directives (#1179232)
+
+* Fri Jul 03 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-10
+- switch back to /bin/kill in logrotate script due to SELinux denials
+
+* Tue Jun 16 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-9
+- fix path to png in error pages (#1232277)
+- optimize png images with optipng
+
+* Sun Jun 14 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-8
+- replace /bin/kill with /usr/bin/systemctl kill in logrotate script (#1231543)
+- remove After=syslog.target in nginx.service (#1231543)
+- replace ExecStop with KillSignal=SIGQUIT in nginx.service (#1231543)
+
+* Wed Jun 03 2015 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.8.0-7
+- Perl 5.22 rebuild
+
+* Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-6
+- revert previous change
+
+* Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-5
+- move default server to default.conf (#1220094)
+
+* Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-4
+- add TimeoutStopSec=5 and KillMode=mixed to nginx.service
+- set worker_processes to auto
+- add some common options to the http block in nginx.conf
+- run nginx-upgrade on package update
+- remove some redundant scriptlet commands
+- listen on ipv6 for default server (#1217081)
+
+* Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-3
+- improve nginx-upgrade script
+
+* Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-2
+- add --with-pcre-jit
+
+* Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-1
+- update to upstream release 1.8.0
+
+* Thu Apr 09 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.7.12-1
+- update to upstream release 1.7.12
+
+* Sun Feb 15 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.7.10-1
+- update to upstream release 1.7.10
+- remove systemd conditionals
+
+* Wed Oct 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-4
+- fix package ownership of directories
+
+* Wed Oct 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-3
+- add vim files (#1142849)
+
+* Mon Sep 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-2
+- create nginx-filesystem subpackage (patch from Remi Collet)
+- create /etc/nginx/default.d as a drop-in directory for configuration files
+ for the default server block
+- clean up nginx.conf
+
+* Wed Sep 17 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-1
+- update to upstream release 1.6.2
+- CVE-2014-3616 nginx: virtual host confusion (#1142573)
+
+* Wed Aug 27 2014 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.6.1-4
+- Perl 5.20 rebuild
+
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.6.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Tue Aug 05 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.1-2
+- add logic for EPEL 7
+
+* Tue Aug 05 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.1-1
+- update to upstream release 1.6.1
+- (#1126891) CVE-2014-3556: SMTP STARTTLS plaintext injection flaw
+
+* Wed Jul 02 2014 Yaakov Selkowitz <yselkowi@redhat.com> - 1:1.6.0-3
+- Fix FTBFS on aarch64 (#1115559)
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.6.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Sat Apr 26 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.0-1
+- update to upstream release 1.6.0
+
+* Tue Mar 18 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.7-1
+- update to upstream release 1.4.7
+
+* Wed Mar 05 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.6-1
+- update to upstream release 1.4.6
+
+* Sun Feb 16 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.5-2
+- avoid multiple index directives (#1065488)
+
+* Sun Feb 16 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.5-1
+- update to upstream release 1.4.5
+
+* Wed Nov 20 2013 Peter Borsa <peter.borsa@gmail.com> - 1:1.4.4-1
+- Update to upstream release 1.4.4
+- Security fix BZ 1032267
+
+* Sun Nov 03 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.3-1
+- update to upstream release 1.4.3
+
+* Fri Aug 09 2013 Jonathan Steffan <jsteffan@fedoraproject.org> - 1:1.4.2-3
+- Add in conditionals to build for non-systemd targets
+
+* Sat Aug 03 2013 Petr Pisar <ppisar@redhat.com> - 1:1.4.2-2
+- Perl 5.18 rebuild
+
+* Fri Jul 19 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.2-1
+- update to upstream release 1.4.2
+
+* Wed Jul 17 2013 Petr Pisar <ppisar@redhat.com> - 1:1.4.1-3
+- Perl 5.18 rebuild
+
+* Tue Jun 11 2013 Remi Collet <rcollet@redhat.com> - 1:1.4.1-2
+- rebuild for new GD 2.1.0
+
+* Tue May 07 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.1-1
+- update to upstream release 1.4.1 (#960605, #960606):
+ CVE-2013-2028 stack-based buffer overflow when handling certain chunked
+ transfer encoding requests
+
+* Sun Apr 28 2013 Dan Horák <dan[at]danny.cz> - 1:1.4.0-2
+- gperftools exist only on selected arches
+
+* Fri Apr 26 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.0-1
+- update to upstream release 1.4.0
+- enable SPDY module (new in this version)
+- enable http gunzip module (new in this version)
+- enable google perftools module and add gperftools-devel to BR
+- enable debugging (#956845)
+- trim changelog
+
+* Tue Apr 02 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.8-1
+- update to upstream release 1.2.8
+
+* Fri Feb 22 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.7-2
+- make sure nginx directories are not world readable (#913724, #913735)
+
+* Sat Feb 16 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.7-1
+- update to upstream release 1.2.7
+- add .asc file
+
+* Tue Feb 05 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-6
+- use 'kill' instead of 'systemctl' when rotating log files to workaround
+ SELinux issue (#889151)
+
+* Wed Jan 23 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-5
+- uncomment "include /etc/nginx/conf.d/*.conf by default but leave the
+ conf.d directory empty (#903065)
+
+* Wed Jan 23 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-4
+- add comment in nginx.conf regarding "include /etc/nginf/conf.d/*.conf"
+ (#903065)
+
+* Wed Dec 19 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-3
+- use correct file ownership when rotating log files
+
+* Tue Dec 18 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-2
+- send correct kill signal and use correct file permissions when rotating
+ log files (#888225)
+- send correct kill signal in nginx-upgrade
+
+* Tue Dec 11 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-1
+- update to upstream release 1.2.6
+
+* Sat Nov 17 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.5-1
+- update to upstream release 1.2.5
+
+* Sun Oct 28 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.4-1
+- update to upstream release 1.2.4
+- introduce new systemd-rpm macros (#850228)
+- link to official documentation not the community wiki (#870733)
+- do not run systemctl try-restart after package upgrade to allow the
+ administrator to run nginx-upgrade and avoid downtime
+- add nginx man page (#870738)
+- add nginx-upgrade man page and remove README.fedora
+- remove chkconfig from Requires(post/preun)
+- remove initscripts from Requires(preun/postun)
+- remove separate configuration files in "/etc/nginx/conf.d" directory
+ and revert to upstream default of a centralized nginx.conf file
+ (#803635) (#842738)
+
+* Fri Sep 21 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.3-1
+- update to upstream release 1.2.3
+
+* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.2.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Thu Jun 28 2012 Petr Pisar <ppisar@redhat.com> - 1:1.2.1-2
+- Perl 5.16 rebuild
+
+* Sun Jun 10 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.1-1
+- update to upstream release 1.2.1
+
+* Fri Jun 08 2012 Petr Pisar <ppisar@redhat.com> - 1:1.2.0-2
+- Perl 5.16 rebuild
+
+* Wed May 16 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.0-1
+- update to upstream release 1.2.0
+
+* Wed May 16 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-4
+- add nginx-upgrade to replace functionality from the nginx initscript
+ that was lost after migration to systemd
+- add README.fedora to describe usage of nginx-upgrade
+- nginx.logrotate: use built-in systemd kill command in postrotate script
+- nginx.service: start after syslog.target and network.target
+- nginx.service: remove unnecessary references to config file location
+- nginx.service: use /bin/kill instead of "/usr/sbin/nginx -s" following
+ advice from nginx-devel
+- nginx.service: use private /tmp
+
+* Mon May 14 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-3
+- fix incorrect postrotate script in nginx.logrotate
+
+* Thu Apr 19 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-2
+- renable auto-cc-gcc patch due to warnings on rawhide
+
+* Sat Apr 14 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-1
+- update to upstream release 1.0.15
+- no need to apply auto-cc-gcc patch
+- add %%global _hardened_build 1
+
+* Thu Mar 15 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.14-1
+- update to upstream release 1.0.14
+- amend some %%changelog formatting
+
+* Tue Mar 06 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.13-1
+- update to upstream release 1.0.13
+- amend --pid-path and --log-path
+
+* Sun Mar 04 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.12-5
+- change pid path in nginx.conf to match systemd service file
+
+* Sun Mar 04 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.12-3
+- fix %%pre scriptlet
+
+* Mon Feb 20 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.12-2
+- update upstream URL
+- replace %%define with %%global
+- remove obsolete BuildRoot tag, %%clean section and %%defattr
+- remove various unnecessary commands
+- add systemd service file and update scriptlets
+- add Epoch to accommodate %%triggerun as part of systemd migration
+
+* Sun Feb 19 2012 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.0.12-1
+- Update to 1.0.12
+
+* Thu Nov 17 2011 Keiran "Affix" Smith <fedora@affix.me> - 1.0.10-1
+- Bugfix: a segmentation fault might occur in a worker process if resolver got a big DNS response. Thanks to Ben Hawkes.
+- Bugfix: in cache key calculation if internal MD5 implementation wasused; the bug had appeared in 1.0.4.
+- Bugfix: the module ngx_http_mp4_module sent incorrect "Content-Length" response header line if the "start" argument was used. Thanks to Piotr Sikora.
+
+* Thu Oct 27 2011 Keiran "Affix" Smith <fedora@affix.me> - 1.0.8-1
+- Update to new 1.0.8 stable release
+
+* Fri Aug 26 2011 Keiran "Affix" Smith <fedora@affix.me> - 1.0.5-1
+- Update nginx to Latest Stable Release
+
+* Fri Jun 17 2011 Marcela Mašláňová <mmaslano@redhat.com> - 1.0.0-3
+- Perl mass rebuild
+
+* Thu Jun 09 2011 Marcela Mašláňová <mmaslano@redhat.com> - 1.0.0-2
+- Perl 5.14 mass rebuild
+
+* Wed Apr 27 2011 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.0.0-1
+- Update to 1.0.0
+
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.53-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53.5
+- Extract out default config into its own file (bug #635776)
+
+* Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-4
+- Revert ownership of log dir
+
+* Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-3
+- Change ownership of /var/log/nginx to be 0700 nginx:nginx
+- update init script to use killproc -p
+- add reopen_logs command to init script
+- update init script to use nginx -q option
+
+* Sun Oct 31 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-2
+- Fix linking of perl module
+
+* Sun Oct 31 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-1
+- Update to new stable 0.8.53
+
+* Sat Jul 31 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.67-2
+- add Provides: webserver (bug #619693)
+
+* Sun Jun 20 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.67-1
+- Update to new stable 0.7.67
+- fix bugzilla #591543
+
+* Tue Jun 01 2010 Marcela Maslanova <mmaslano@redhat.com> - 0.7.65-2
+- Mass rebuild with perl-5.12.0
+
+* Mon Feb 15 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.65-1
+- Update to new stable 0.7.65
+- change ownership of logdir to root:root
+- add support for ipv6 (bug #561248)
+- add random_index_module
+- add secure_link_module
+
+* Fri Dec 04 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.64-1
+- Update to new stable 0.7.64