%global _hardened_build 1 %global nginx_user compat-nginx %undefine _strict_symbol_defs_build %bcond_with geoip %global with_gperftools 1 %global with_mailcap_mimetypes 0 %global with_aio 1 %global __provides_exclude_from ^%{_usrsrc}/%{name}-%{version}-%{release}/.*$ %global __requires_exclude_from ^%{_usrsrc}/%{name}-%{version}-%{release}/.*$ Name: compat-nginx Epoch: 1 Version: 1.24.0 Release: 5 Summary: A HTTP server, reverse proxy and mail proxy server License: BSD URL: http://nginx.org/ Source0: https://nginx.org/download/nginx-%{version}.tar.gz Source10: nginx.service Source11: nginx.logrotate Source12: nginx.conf Source13: nginx-upgrade Source14: macros.nginxmods.in Source15: nginxmods.attr Source100: index.html Source102: nginx-logo.png Source103: 404.html Source104: 50x.html Source200: README.dynamic Source210: UPGRADE-NOTES-1.6-to-1.10 Patch0: nginx-auto-cc-gcc.patch Patch1: nginx-1.12.1-logs-perm.patch Patch2: nginx-fix-pidfile.patch Patch3: backport-CVE-2023-44487.patch # https://nginx.org/download/patch.2024.mp4.txt Patch4: backport-CVE-2024-7347.patch Patch5: backport-CVE-2025-23419.patch Patch6: backport-Fixed-segfault-if-regex-studies-list-allocation-fails.patch Patch7: backport-Core-fixed-memory-leak-on-configuration-reload-with-PCRE2.patch BuildRequires: gcc compat-openssl11-devel pcre2-devel zlib-devel systemd gperftools-devel Requires: %{name}-filesystem = %{epoch}:%{version}-%{release} compat-openssl11-libs Requires: %{name}-all-modules = %{epoch}:%{version}-%{release} %if 0%{?with_mailcap_mimetypes} Requires: %{name}-mimetypes %endif Requires(pre): %{name}-filesystem Requires(post): systemd Requires(preun): systemd Requires(postun): systemd Provides: webserver Provides: %{name}(abi) = %{version} Recommends: logrotate %description NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. %package all-modules Summary: Nginx modules BuildArch: noarch %if %{with geoip} Requires: %{name}-mod-http-geoip = %{epoch}:%{version}-%{release} %endif Requires: %{name}-mod-http-image-filter = %{epoch}:%{version}-%{release} Requires: %{name}-mod-http-perl = %{epoch}:%{version}-%{release} Requires: %{name}-mod-http-xslt-filter = %{epoch}:%{version}-%{release} Requires: %{name}-mod-mail = %{epoch}:%{version}-%{release} Requires: %{name}-mod-stream = %{epoch}:%{version}-%{release} %description all-modules NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. This package is a meta package that installs all available Nginx modules. %package filesystem Summary: Filesystem for the Nginx server BuildArch: noarch Requires(pre): shadow-utils %description filesystem NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. The package contains the basic directory layout for the Nginx server. %if %{with geoip} %package mod-http-geoip Summary: HTTP geoip module for nginx BuildRequires: GeoIP-devel Requires: %{name}(abi) = %{version} GeoIP %description mod-http-geoip The package is the Nginx HTTP geoip module. %endif %package mod-http-image-filter Summary: HTTP image filter module for nginx BuildRequires: gd-devel Requires: %{name}(abi) = %{version} gd %description mod-http-image-filter Nginx HTTP image filter module. %package mod-http-perl Summary: HTTP perl module for nginx BuildRequires: perl-devel perl(ExtUtils::Embed) Requires: %{name}(abi) = %{version} perl(constant) Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) %description mod-http-perl Nginx HTTP perl module. %package mod-http-xslt-filter Summary: XSLT module for nginx BuildRequires: libxslt-devel Requires: %{name}(abi) = %{version} %description mod-http-xslt-filter Nginx XSLT module. %package mod-mail Summary: mail modules for nginx Requires: %{name}(abi) = %{version} %description mod-mail Nginx mail modules %package mod-stream Summary: stream modules for nginx Requires: %{name}(abi) = %{version} %description mod-stream Nginx stream modules. %package_help %prep %autosetup -n nginx-%{version} -p1 cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} . sed -i "6,$ s/nginx/compat-nginx/g" nginx.service sed -i "5,$ s/nginx/compat-nginx/g" nginx.conf sed -i "33s/compat-nginx/nginx/g" nginx.conf %build export DESTDIR=%{buildroot} nginx_ldopts="$RPM_LD_FLAGS -Wl,-E" if ! ./configure \ --prefix=%{_datadir}/%{name} --sbin-path=%{_sbindir}/%{name} --modules-path=%{_libdir}/%{name}/modules \ --conf-path=%{_sysconfdir}/%{name}/%{name}.conf --error-log-path=%{_localstatedir}/log/%{name}/error.log \ --http-log-path=%{_localstatedir}/log/%{name}/access.log \ --http-client-body-temp-path=%{_localstatedir}/lib/%{name}/tmp/client_body \ --http-fastcgi-temp-path=%{_localstatedir}/lib/%{name}/tmp/fastcgi \ --http-proxy-temp-path=%{_localstatedir}/lib/%{name}/tmp/proxy \ --http-scgi-temp-path=%{_localstatedir}/lib/%{name}/tmp/scgi \ --http-uwsgi-temp-path=%{_localstatedir}/lib/%{name}/tmp/uwsgi \ --pid-path=/run/%{name}.pid --lock-path=/run/lock/subsys/%{name} \ --user=%{nginx_user} --group=%{nginx_user} \ %if 0%{?with_aio} --with-file-aio \ %endif --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module \ --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic \ %if %{with geoip} --with-http_geoip_module=dynamic \ %endif --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module \ --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module \ --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module \ --with-http_perl_module=dynamic --with-http_auth_request_module \ --with-mail=dynamic --with-mail_ssl_module --with-openssl-opt=yes --with-pcre --with-pcre-jit --with-stream=dynamic \ --with-stream_ssl_module --with-google_perftools_module --with-debug \ --with-cc-opt="%{optflags} $(pcre2-config --cflags)" --with-ld-opt="$nginx_ldopts"; then : configure failed cat objs/autoconf.err exit 1 fi %make_build %install %make_install INSTALLDIRS=vendor find %{buildroot} -type f -empty -exec rm -f '{}' \; find %{buildroot} -type f -name .packlist -exec rm -f '{}' \; find %{buildroot} -type f -name perllocal.pod -exec rm -f '{}' \; find %{buildroot} -type f -iname '*.so' -exec chmod 0755 '{}' \; pushd %{buildroot} install -p -D -m 0644 %{_builddir}/nginx-%{version}/nginx.service .%{_unitdir}/%{name}.service install -p -D -m 0644 %{SOURCE11} .%{_sysconfdir}/logrotate.d/%{name} install -p -d -m 0755 .%{_sysconfdir}/systemd/system/%{name}.service.d install -p -d -m 0755 .%{_unitdir}/%{name}.service.d install -p -d -m 0755 .%{_sysconfdir}/%{name}/conf.d install -p -d -m 0755 .%{_sysconfdir}/%{name}/default.d install -p -d -m 0700 .%{_localstatedir}/lib/%{name} install -p -d -m 0700 .%{_localstatedir}/lib/%{name}/tmp install -p -d -m 0700 .%{_localstatedir}/log/%{name} install -p -d -m 0755 .%{_datadir}/%{name}/html install -p -d -m 0755 .%{_datadir}/%{name}/modules install -p -d -m 0755 .%{_libdir}/%{name}/modules install -p -m 0644 %{_builddir}/nginx-%{version}/nginx.conf .%{_sysconfdir}/%{name} install -p -m 0644 %{SOURCE100} .%{_datadir}/%{name}/html install -p -m 0644 %{SOURCE102} .%{_datadir}/%{name}/html install -p -m 0644 %{SOURCE103} %{SOURCE104} .%{_datadir}/%{name}/html sed -i "s\etc/nginx/nginx\etc/compat-nginx/compat-nginx\g" .%{_datadir}/%{name}/html/*.html sed -i "s\share/nginx\share/compat-nginx\g" .%{_datadir}/%{name}/html/*.html sed -i "s/nginx/compat-nginx/g" .%{_sysconfdir}/logrotate.d/%{name} %if 0%{?with_mailcap_mimetypes} rm -f .%{_sysconfdir}/%{name}/mime.types %endif install -p -D -m 0644 %{_builddir}/nginx-%{version}/man/nginx.8 .%{_mandir}/man8/%{name}.8 install -p -D -m 0755 %{SOURCE13} .%{_bindir}/%{name}-upgrade sed -i "s/nginx/compat-nginx/g" .%{_bindir}/%{name}-upgrade popd for i in ftdetect indent syntax; do install -p -D -m644 contrib/vim/${i}/nginx.vim %{buildroot}%{_datadir}/vim/vimfiles/${i}/%{name}.vim done %if %{with geoip} echo 'load_module "%{_libdir}/%{name}/modules/ngx_http_geoip_module.so";' \ > %{buildroot}%{_datadir}/%{name}/modules/mod-http-geoip.conf %endif pushd %{buildroot} echo 'load_module "%{_libdir}/%{name}/modules/ngx_http_image_filter_module.so";' \ > .%{_datadir}/%{name}/modules/mod-http-image-filter.conf echo 'load_module "%{_libdir}/%{name}/modules/ngx_http_perl_module.so";' \ > .%{_datadir}/%{name}/modules/mod-http-perl.conf echo 'load_module "%{_libdir}/%{name}/modules/ngx_http_xslt_filter_module.so";' \ > .%{_datadir}/%{name}/modules/mod-http-xslt-filter.conf echo 'load_module "%{_libdir}/%{name}/modules/ngx_mail_module.so";' \ > .%{_datadir}/%{name}/modules/mod-mail.conf echo 'load_module "%{_libdir}/%{name}/modules/ngx_stream_module.so";' \ > .%{_datadir}/%{name}/modules/mod-stream.conf popd find %{buildroot} -name nginx.so | xargs rm -rf %pre filesystem getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user} getent passwd %{nginx_user} > /dev/null || useradd -r -d %{_localstatedir}/lib/%{name} -g %{nginx_user} \ -s /sbin/nologin -c "Nginx web server" %{nginx_user} exit 0 %post %systemd_post %{name}.service %if %{with geoip} %post mod-http-geoip if [ $1 -eq 1 ]; then systemctl reload %{name}.service >/dev/null 2>&1 || : fi %endif %post mod-http-image-filter if [ $1 -eq 1 ]; then systemctl reload %{name}.service >/dev/null 2>&1 || : fi %post mod-http-perl if [ $1 -eq 1 ]; then systemctl reload %{name}.service >/dev/null 2>&1 || : fi %post mod-http-xslt-filter if [ $1 -eq 1 ]; then systemctl reload %{name}.service >/dev/null 2>&1 || : fi %post mod-mail if [ $1 -eq 1 ]; then systemctl reload %{name}.service >/dev/null 2>&1 || : fi %post mod-stream if [ $1 -eq 1 ]; then systemctl reload %{name}.service >/dev/null 2>&1 || : fi %preun %systemd_preun %{name}.service %postun %systemd_postun %{name}.service if [ $1 -ge 1 ]; then /usr/bin/%{name}-upgrade >/dev/null 2>&1 || : fi %files %defattr(-,root,root) %license LICENSE %config(noreplace) %{_sysconfdir}/%{name}/* %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %exclude %{_sysconfdir}/%{name}/conf.d %exclude %{_sysconfdir}/%{name}/default.d %if 0%{?with_mailcap_mimetypes} %exclude %{_sysconfdir}/%{name}/mime.types %endif %{_bindir}/%{name}-upgrade %{_sbindir}/%{name} %dir %{_libdir}/%{name}/modules %dir %{_datadir}/%{name}/modules %attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/%{name} %attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/%{name}/tmp %{_unitdir}/%{name}.service %{_datadir}/%{name}/html/* %{_datadir}/vim/vimfiles/ftdetect/%{name}.vim %{_datadir}/vim/vimfiles/syntax/%{name}.vim %{_datadir}/vim/vimfiles/indent/%{name}.vim %attr(770,%{nginx_user},root) %dir %{_localstatedir}/log/%{name} %files all-modules %files filesystem %dir %{_sysconfdir}/%{name} %dir %{_sysconfdir}/%{name}/{conf.d,default.d} %dir %{_sysconfdir}/systemd/system/%{name}.service.d %dir %{_unitdir}/%{name}.service.d %dir %{_datadir}/%{name} %dir %{_datadir}/%{name}/html %if %{with geoip} %files mod-http-geoip %{_libdir}/%{name}/modules/ngx_http_geoip_module.so %{_datadir}/%{name}/modules/mod-http-geoip.conf %endif %files mod-http-image-filter %{_libdir}/%{name}/modules/ngx_http_image_filter_module.so %{_datadir}/%{name}/modules/mod-http-image-filter.conf %files mod-http-perl %{_libdir}/%{name}/modules/ngx_http_perl_module.so %{_datadir}/%{name}/modules/mod-http-perl.conf %dir %{perl_vendorarch}/auto/nginx %{perl_vendorarch}/nginx.pm %files mod-http-xslt-filter %{_libdir}/%{name}/modules/ngx_http_xslt_filter_module.so %{_datadir}/%{name}/modules/mod-http-xslt-filter.conf %files mod-mail %{_libdir}/%{name}/modules/ngx_mail_module.so %{_datadir}/%{name}/modules/mod-mail.conf %files mod-stream %{_libdir}/%{name}/modules/ngx_stream_module.so %{_datadir}/%{name}/modules/mod-stream.conf %files help %defattr(-,root,root) %doc CHANGES README README.dynamic %{_mandir}/man3/nginx.3pm* %{_mandir}/man8/%{name}.8* %changelog * Wed Apr 02 2025 gaihuiying - 1:1.24.0-5 - backport upstreams to fix memory leak and possible segfault * Mon Feb 10 2025 gaihuiying - 1:1.24.0-4 - fix CVE-2025-23419 * Mon Dec 16 2024 Wang Kui - 1:1.24.0-3 - add compat-nginx.spec