diff options
-rw-r--r-- | .SRCINFO | 10 | ||||
-rw-r--r-- | PKGBUILD | 6 | ||||
-rw-r--r-- | nginx.install | 15 | ||||
-rw-r--r-- | nginx.service | 13 |
4 files changed, 28 insertions, 16 deletions
@@ -1,8 +1,8 @@ # Generated by mksrcinfo v8 -# Tue Sep 12 17:38:33 UTC 2017 +# Sun Oct 15 19:22:37 UTC 2017 pkgbase = nginx-devel pkgdesc = Lightweight HTTP server and IMAP/POP3 proxy server - development version - pkgver = 1.13.5 + pkgver = 1.13.6 pkgrel = 1 url = http://nginx.org install = nginx.install @@ -42,7 +42,7 @@ pkgbase = nginx-devel backup = etc/nginx/naxsi.rules backup = etc/nginx/naxsi_core.rules backup = etc/logrotate.d/nginx - source = http://nginx.org/download/nginx-1.13.5.tar.gz + source = http://nginx.org/download/nginx-1.13.6.tar.gz source = nginx.service source = nginx.logrotate source = naxsi.rules @@ -54,8 +54,8 @@ pkgbase = nginx-devel source = naxsi-0.55.3.tar.gz::https://github.com/nbs-system/naxsi/archive/0.55.3.tar.gz source = sflow-0.9.10.tar.gz::https://github.com/m0zes/nginx-sflow-module/archive/release-0.9.10.tar.gz source = concat-1.2.2.tar.gz::https://github.com/alibaba/nginx-http-concat/archive/1.2.2.tar.gz - sha256sums = 0e75b94429b3f745377aeba3aff97da77bf2b03fcb9ff15b3bad9b038db29f2e - sha256sums = 05fdc0c0483410944b988d7f4beabb00bec4a44a41bd13ebc9b78585da7d3f9b + sha256sums = 8512fc6f986a20af293b61f33b0e72f64a72ea5b1acbcc790c4c4e2d6f63f8f8 + sha256sums = 65f5af0f27ce3c5263d99d70a57fd3b0cb62aa99df786205029e68563e41e1ee sha256sums = 272907d3213d69dac3bd6024d6d150caa23cb67d4f121e4171f34ba5581f9e98 sha256sums = e299680e919a97c7ec06b62e4fabc3b5ead837fe486a5f87260bd16d0b51e112 sha256sums = 9174cfea524ed4839062dc267d1b561db9f512407682982be42979f98cbdfff7 @@ -3,7 +3,7 @@ pkgname=nginx-devel _pkgname=nginx -pkgver=1.13.5 +pkgver=1.13.6 pkgrel=1 pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server - development version' url="http://nginx.org" @@ -140,8 +140,8 @@ ${_modulesURL[*]} ) validpgpkeys=( ) -sha256sums=('0e75b94429b3f745377aeba3aff97da77bf2b03fcb9ff15b3bad9b038db29f2e' - '05fdc0c0483410944b988d7f4beabb00bec4a44a41bd13ebc9b78585da7d3f9b' +sha256sums=('8512fc6f986a20af293b61f33b0e72f64a72ea5b1acbcc790c4c4e2d6f63f8f8' + '65f5af0f27ce3c5263d99d70a57fd3b0cb62aa99df786205029e68563e41e1ee' '272907d3213d69dac3bd6024d6d150caa23cb67d4f121e4171f34ba5581f9e98' 'e299680e919a97c7ec06b62e4fabc3b5ead837fe486a5f87260bd16d0b51e112' '9174cfea524ed4839062dc267d1b561db9f512407682982be42979f98cbdfff7' diff --git a/nginx.install b/nginx.install index bbd0ce0d31e7..5ef1402ec6ef 100644 --- a/nginx.install +++ b/nginx.install @@ -1,8 +1,8 @@ post_upgrade() { - if (( $(vercmp $2 1.2.7-4) <= 0 )); then - chmod 750 var/log/nginx - chown http:log var/log/nginx + if (( $(vercmp $2 1.11.8-2) < 0)); then + chown root:root var/log/nginx fi + if (( $(vercmp $2 1.2.1-2) <= 0 )); then echo " >>> Since 1.2.1-2 several changes has been made in package:" echo " - *.conf files have been moved to /etc/nginx" @@ -12,14 +12,23 @@ post_upgrade() { echo " - bundled *.html files have been moved to /usr/share/nginx/html" echo " - /etc/nginx/{html,logs} symbolic links and *.default files have been removed" fi + if (( $(vercmp $2 1.3.12-2) >= 0 )); then echo " >>> Since 1.3.12-2 several changes has been made in package:" echo " - added optional systemd socket activation support, for more visit: http://trac.nginx.org/nginx/ticket/237" echo " - /etc/rc.d/nginx has been removed" fi + if (( $(vercmp $2 1.5.6-1) > 0 )); then echo 'Nginx now includes only upstream bundled modules.' echo 'Thus, passenger module support was dropped.' echo 'Also pagespeed module support was currently dropped.' fi + + if (( $(vercmp $2 1.11.9-2) < 0 )); then + chmod 755 var/log/nginx + echo ':: Security notice:' + echo ' - When additional log directories are used in /var/log/nginx make sure they' + echo ' are owned by root:root and have 755 set as permission to mitigate CVE-2016-1247' + fi } diff --git a/nginx.service b/nginx.service index 29d3aa877aa9..365bc9568e0c 100644 --- a/nginx.service +++ b/nginx.service @@ -1,14 +1,17 @@ [Unit] Description=A high performance web server and a reverse proxy server -After=syslog.target network.target +After=network.target network-online.target nss-lookup.target [Service] Type=forking PIDFile=/run/nginx.pid -ExecStartPre=/usr/bin/nginx -t -q -g 'pid /run/nginx.pid; daemon on; master_process on;' -ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; daemon on; master_process on;' -ExecReload=/usr/bin/nginx -g 'pid /run/nginx.pid; daemon on; master_process on;' -s reload -ExecStop=/usr/bin/nginx -g 'pid /run/nginx.pid;' -s quit +PrivateDevices=yes +SyslogLevel=err + +ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; error_log stderr;' +ExecReload=/usr/bin/nginx -s reload +KillSignal=SIGQUIT +KillMode=mixed [Install] WantedBy=multi-user.target |