4 files changed, 28 insertions, 16 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 7d9f226aeacc..507458f9fc19 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,8 +1,8 @@
 # Generated by mksrcinfo v8
-# Tue Sep 12 17:38:33 UTC 2017
+# Sun Oct 15 19:22:37 UTC 2017
 pkgbase = nginx-devel
 	pkgdesc = Lightweight HTTP server and IMAP/POP3 proxy server - development version
-	pkgver = 1.13.5
+	pkgver = 1.13.6
 	pkgrel = 1
 	url = http://nginx.org
 	install = nginx.install
@@ -42,7 +42,7 @@ pkgbase = nginx-devel
 	backup = etc/nginx/naxsi.rules
 	backup = etc/nginx/naxsi_core.rules
 	backup = etc/logrotate.d/nginx
-	source = http://nginx.org/download/nginx-1.13.5.tar.gz
+	source = http://nginx.org/download/nginx-1.13.6.tar.gz
 	source = nginx.service
 	source = nginx.logrotate
 	source = naxsi.rules
@@ -54,8 +54,8 @@ pkgbase = nginx-devel
 	source = naxsi-0.55.3.tar.gz::https://github.com/nbs-system/naxsi/archive/0.55.3.tar.gz
 	source = sflow-0.9.10.tar.gz::https://github.com/m0zes/nginx-sflow-module/archive/release-0.9.10.tar.gz
 	source = concat-1.2.2.tar.gz::https://github.com/alibaba/nginx-http-concat/archive/1.2.2.tar.gz
-	sha256sums = 0e75b94429b3f745377aeba3aff97da77bf2b03fcb9ff15b3bad9b038db29f2e
-	sha256sums = 05fdc0c0483410944b988d7f4beabb00bec4a44a41bd13ebc9b78585da7d3f9b
+	sha256sums = 8512fc6f986a20af293b61f33b0e72f64a72ea5b1acbcc790c4c4e2d6f63f8f8
+	sha256sums = 65f5af0f27ce3c5263d99d70a57fd3b0cb62aa99df786205029e68563e41e1ee
 	sha256sums = 272907d3213d69dac3bd6024d6d150caa23cb67d4f121e4171f34ba5581f9e98
 	sha256sums = e299680e919a97c7ec06b62e4fabc3b5ead837fe486a5f87260bd16d0b51e112
 	sha256sums = 9174cfea524ed4839062dc267d1b561db9f512407682982be42979f98cbdfff7
diff --git a/PKGBUILD b/PKGBUILD
index 220a478340a3..98c83032d51b 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,7 +3,7 @@
 
 pkgname=nginx-devel
 _pkgname=nginx
-pkgver=1.13.5
+pkgver=1.13.6
 pkgrel=1
 pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server - development version'
 url="http://nginx.org"
@@ -140,8 +140,8 @@ ${_modulesURL[*]}
 )
 validpgpkeys=(
 )
-sha256sums=('0e75b94429b3f745377aeba3aff97da77bf2b03fcb9ff15b3bad9b038db29f2e'
-            '05fdc0c0483410944b988d7f4beabb00bec4a44a41bd13ebc9b78585da7d3f9b'
+sha256sums=('8512fc6f986a20af293b61f33b0e72f64a72ea5b1acbcc790c4c4e2d6f63f8f8'
+            '65f5af0f27ce3c5263d99d70a57fd3b0cb62aa99df786205029e68563e41e1ee'
             '272907d3213d69dac3bd6024d6d150caa23cb67d4f121e4171f34ba5581f9e98'
             'e299680e919a97c7ec06b62e4fabc3b5ead837fe486a5f87260bd16d0b51e112'
             '9174cfea524ed4839062dc267d1b561db9f512407682982be42979f98cbdfff7'
diff --git a/nginx.install b/nginx.install
index bbd0ce0d31e7..5ef1402ec6ef 100644
--- a/nginx.install
+++ b/nginx.install
@@ -1,8 +1,8 @@
 post_upgrade() {
-    if (( $(vercmp $2 1.2.7-4) <= 0 )); then
-        chmod 750 var/log/nginx
-        chown http:log var/log/nginx
+    if (( $(vercmp $2 1.11.8-2) < 0)); then
+        chown root:root var/log/nginx
     fi
+
     if (( $(vercmp $2 1.2.1-2) <= 0 )); then
         echo " >>> Since 1.2.1-2 several changes has been made in package:"
         echo "      - *.conf files have been moved to /etc/nginx"
@@ -12,14 +12,23 @@ post_upgrade() {
         echo "      - bundled *.html files have been moved to /usr/share/nginx/html"
         echo "      - /etc/nginx/{html,logs} symbolic links and *.default files have been removed"
     fi
+
     if (( $(vercmp $2 1.3.12-2) >= 0 )); then
         echo " >>> Since 1.3.12-2 several changes has been made in package:"
         echo "  - added optional systemd socket activation support, for more visit: http://trac.nginx.org/nginx/ticket/237"
         echo "  - /etc/rc.d/nginx has been removed"
     fi
+
     if (( $(vercmp $2 1.5.6-1) > 0 )); then
         echo 'Nginx now includes only upstream bundled modules.'
         echo 'Thus, passenger module support was dropped.'
         echo 'Also pagespeed module support was currently dropped.'
     fi
+
+    if (( $(vercmp $2 1.11.9-2) < 0 )); then
+        chmod 755 var/log/nginx
+        echo ':: Security notice:'
+        echo '     - When additional log directories are used in /var/log/nginx make sure they'
+        echo '       are owned by root:root and have 755 set as permission to mitigate CVE-2016-1247'
+    fi
 }
diff --git a/nginx.service b/nginx.service
index 29d3aa877aa9..365bc9568e0c 100644
--- a/nginx.service
+++ b/nginx.service
@@ -1,14 +1,17 @@
 [Unit]
 Description=A high performance web server and a reverse proxy server
-After=syslog.target network.target
+After=network.target network-online.target nss-lookup.target
 
 [Service]
 Type=forking
 PIDFile=/run/nginx.pid
-ExecStartPre=/usr/bin/nginx -t -q -g 'pid /run/nginx.pid; daemon on; master_process on;'
-ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; daemon on; master_process on;'
-ExecReload=/usr/bin/nginx -g 'pid /run/nginx.pid; daemon on; master_process on;' -s reload
-ExecStop=/usr/bin/nginx -g 'pid /run/nginx.pid;' -s quit
+PrivateDevices=yes
+SyslogLevel=err
+
+ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; error_log stderr;'
+ExecReload=/usr/bin/nginx -s reload
+KillSignal=SIGQUIT
+KillMode=mixed
 
 [Install]
 WantedBy=multi-user.target