diff options
author | Allen Zhong | 2017-05-01 16:03:31 +0800 |
---|---|---|
committer | Allen Zhong | 2017-05-01 16:03:31 +0800 |
commit | 6ff4e0e4fa1599ebac45939129c348c62ffe4972 (patch) | |
tree | 31ea9e0fc9db273233b2dffedca3ffb3e1872f58 | |
parent | 38c9d11dc765a5fd0377c14f37ff511730aff0e9 (diff) | |
download | aur-6ff4e0e4fa1599ebac45939129c348c62ffe4972.tar.gz |
upgpkg: tengine-extra 2.2.0-2
* Use openssl-1.0 as tengine is not yet work with OpenSSL 1.1.x
> See: https://github.com/alibaba/tengine/issues/785
* Merge upstream commits from official nginx package
-rw-r--r-- | PKGBUILD | 12 | ||||
-rw-r--r-- | logrotate | 13 | ||||
-rw-r--r-- | tengine.install | 13 |
3 files changed, 21 insertions, 17 deletions
@@ -8,12 +8,12 @@ _tcp_module_gitname=nginx_tcp_proxy_module pkgname=tengine-extra pkgver=2.2.0 -pkgrel=1 +pkgrel=2 pkgdesc='A web server based on Nginx and has many advanced features, originated by Taobao. Some extra modules enabled.' arch=('i686' 'x86_64') url='http://tengine.taobao.org' license=('custom') -depends=('pcre' 'zlib' 'openssl' 'gperftools' 'geoip') +depends=('pcre' 'zlib' 'openssl-1.0' 'gperftools' 'geoip') makedepends=('hardening-wrapper' 'lua51') backup=('etc/tengine/fastcgi.conf' 'etc/tengine/fastcgi_params' @@ -36,7 +36,7 @@ source=($url/download/tengine-$pkgver.tar.gz logrotate) sha256sums=('af09cf35e5f978521c27a2fee8a2d5251f425cba2e39f6c6ea285541c5be6009' '7abffe0f1ba1ea4d6bd316350a03257cc840a9fbb2e1b640c11e0eb9351a9044' - '4e2a1835d1e65e6c18b0c76699ff76f8c905124143e66bb686e4795f6b770a8c') + '7d4bd60b9210e1dfb46bc52c344b069d5639e1ba08cd9951c0563360af238f97') prepare() { cd "$srcdir" @@ -65,6 +65,8 @@ build() { --dso-tool-path=/usr/bin/dso_tool \ --pid-path=/run/tengine.pid \ --lock-path=/run/lock/tengine.lock \ + --with-cc-opt="-I/usr/include/openssl-1.0" \ + --with-ld-opt="-L/usr/lib/openssl-1.0" \ --user=http \ --group=http \ --http-log-path=/var/log/tengine/access.log \ @@ -124,8 +126,8 @@ package() { install -d "$pkgdir"/var/lib/tengine install -dm700 "$pkgdir"/var/lib/tengine/proxy - chmod 750 "$pkgdir"/var/log/tengine - chown http:log "$pkgdir"/var/log/tengine + chmod 755 "$pkgdir"/var/log/tengine + chown root:root "$pkgdir"/var/log/tengine install -d "$pkgdir"/usr/share/tengine mv "$pkgdir"/etc/tengine/html/ "$pkgdir"/usr/share/tengine diff --git a/logrotate b/logrotate index 0ced9c6d36f1..9472c1c90670 100644 --- a/logrotate +++ b/logrotate @@ -1,10 +1,9 @@ /var/log/tengine/*log { - missingok + missingok create 640 http log - su http log - sharedscripts - compress - postrotate - test -r /run/tengine.pid && kill -USR1 `cat /run/tengine.pid` - endscript + sharedscripts + compress + postrotate + test -r /run/tengine.pid && kill -USR1 `cat /run/tengine.pid` + endscript } diff --git a/tengine.install b/tengine.install index 0e32ebaf1dd1..802938cc879a 100644 --- a/tengine.install +++ b/tengine.install @@ -1,12 +1,15 @@ post_upgrade() { - if [[ $(vercmp $2 1.4.3-3) -le 0 ]]; then - chmod 750 var/log/tengine - chown http:log var/log/tengine - fi - if [[ $(vercmp $2 2.0.3-3) -le 0 ]]; then if [ -f /etc/tengine/sbin ]; then rm -rf /etc/tengine/sbin fi fi + + if [[ $(vercmp $2 2.2.0-1) -le 0 ]]; then + chmod 755 var/log/tengine + chown root:root var/log/tengine + echo ':: Security notice:' + echo ' - When additional log directories are used in /var/log/nginx make sure they' + echo ' are owned by root:root and have 755 set as permission to mitigate CVE-2016-1247' + fi } |