upgpkg: tengine-extra 2.2.0-2

* Use openssl-1.0 as tengine is not yet work with OpenSSL 1.1.x > See: https://github.com/alibaba/tengine/issues/785 * Merge upstream commits from official nginx package
author: Allen Zhong 2017-05-01 16:03:31 +0800
committer: Allen Zhong 2017-05-01 16:03:31 +0800
commit: 6ff4e0e4fa1599ebac45939129c348c62ffe4972 (patch)
tree: 31ea9e0fc9db273233b2dffedca3ffb3e1872f58
parent: 38c9d11dc765a5fd0377c14f37ff511730aff0e9 (diff)
download: aur-6ff4e0e4fa1599ebac45939129c348c62ffe4972.tar.gz
3 files changed, 21 insertions, 17 deletions
diff --git a/PKGBUILD b/PKGBUILD
index 4121d8ea895a..b79337581f84 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -8,12 +8,12 @@
 _tcp_module_gitname=nginx_tcp_proxy_module
 pkgname=tengine-extra
 pkgver=2.2.0
-pkgrel=1
+pkgrel=2
 pkgdesc='A web server based on Nginx and has many advanced features, originated by Taobao. Some extra modules enabled.'
 arch=('i686' 'x86_64')
 url='http://tengine.taobao.org'
 license=('custom')
-depends=('pcre' 'zlib' 'openssl' 'gperftools' 'geoip')
+depends=('pcre' 'zlib' 'openssl-1.0' 'gperftools' 'geoip')
 makedepends=('hardening-wrapper' 'lua51')
 backup=('etc/tengine/fastcgi.conf'
         'etc/tengine/fastcgi_params'
@@ -36,7 +36,7 @@ source=($url/download/tengine-$pkgver.tar.gz
         logrotate)
 sha256sums=('af09cf35e5f978521c27a2fee8a2d5251f425cba2e39f6c6ea285541c5be6009'
             '7abffe0f1ba1ea4d6bd316350a03257cc840a9fbb2e1b640c11e0eb9351a9044'
-            '4e2a1835d1e65e6c18b0c76699ff76f8c905124143e66bb686e4795f6b770a8c')
+            '7d4bd60b9210e1dfb46bc52c344b069d5639e1ba08cd9951c0563360af238f97')
 
 prepare() {
     cd "$srcdir"
@@ -65,6 +65,8 @@ build() {
         --dso-tool-path=/usr/bin/dso_tool \
         --pid-path=/run/tengine.pid \
         --lock-path=/run/lock/tengine.lock \
+        --with-cc-opt="-I/usr/include/openssl-1.0" \
+        --with-ld-opt="-L/usr/lib/openssl-1.0" \
         --user=http \
         --group=http \
         --http-log-path=/var/log/tengine/access.log \
@@ -124,8 +126,8 @@ package() {
     install -d "$pkgdir"/var/lib/tengine
     install -dm700 "$pkgdir"/var/lib/tengine/proxy
 
-    chmod 750 "$pkgdir"/var/log/tengine
-    chown http:log "$pkgdir"/var/log/tengine
+    chmod 755 "$pkgdir"/var/log/tengine
+    chown root:root "$pkgdir"/var/log/tengine
 
     install -d "$pkgdir"/usr/share/tengine
     mv "$pkgdir"/etc/tengine/html/ "$pkgdir"/usr/share/tengine
diff --git a/logrotate b/logrotate
index 0ced9c6d36f1..9472c1c90670 100644
--- a/logrotate
+++ b/logrotate
@@ -1,10 +1,9 @@
 /var/log/tengine/*log {
-	missingok
+    missingok
     create 640 http log
-    su http log
-	sharedscripts
-	compress
-	postrotate
-		test -r /run/tengine.pid && kill -USR1 `cat /run/tengine.pid`
-	endscript
+    sharedscripts
+    compress
+    postrotate
+        test -r /run/tengine.pid && kill -USR1 `cat /run/tengine.pid`
+    endscript
 }
diff --git a/tengine.install b/tengine.install
index 0e32ebaf1dd1..802938cc879a 100644
--- a/tengine.install
+++ b/tengine.install
@@ -1,12 +1,15 @@
 post_upgrade() {
-    if [[ $(vercmp $2 1.4.3-3) -le 0 ]]; then
-        chmod 750 var/log/tengine
-        chown http:log var/log/tengine
-    fi
-
     if [[ $(vercmp $2 2.0.3-3) -le 0 ]]; then
         if [ -f /etc/tengine/sbin ]; then
             rm -rf /etc/tengine/sbin
         fi
     fi
+
+    if [[ $(vercmp $2 2.2.0-1) -le 0 ]]; then
+        chmod 755 var/log/tengine
+        chown root:root var/log/tengine
+        echo ':: Security notice:'
+        echo '     - When additional log directories are used in /var/log/nginx make sure they'
+        echo '       are owned by root:root and have 755 set as permission to mitigate CVE-2016-1247'
+    fi
 }
author	Allen Zhong	2017-05-01 16:03:31 +0800
committer	Allen Zhong	2017-05-01 16:03:31 +0800
commit	6ff4e0e4fa1599ebac45939129c348c62ffe4972 (patch)
tree	31ea9e0fc9db273233b2dffedca3ffb3e1872f58
parent	38c9d11dc765a5fd0377c14f37ff511730aff0e9 (diff)
download	aur-6ff4e0e4fa1599ebac45939129c348c62ffe4972.tar.gz