pschichtel · October 14, 2017 16:30
diff --git a/0001-Update-to-latest-nginx-1.13.6-and-rtmp-module-1.2.0.patch b/0001-Update-to-latest-nginx-1.13.6-and-rtmp-module-1.2.0.patch
 From 4eef7f0ccc4a721655eefc638976c311aaa12e73 Mon Sep 17 00:00:00 2001
 From: Phillip Schichtel <[email protected]>
 Date: Sat, 14 Oct 2017 18:12:50 +0200
 Subject: [PATCH] Update to latest nginx 1.13.6 and rtmp module 1.2.0

 Additionally synced the PKGFILE with community/nginx-mainline
 ---
 .SRCINFO      | 20 ++++++++++----------
 PKGBUILD      | 38 +++++++++++++++++++++++---------------
 logrotate     |  2 +-
 nginx.install | 29 ++++++++++-------------------
 service       | 13 ++++++++-----
 5 files changed, 52 insertions(+), 50 deletions(-)

 diff --git a/.SRCINFO b/.SRCINFO
 index d9eed2b..8820821 100644
 --- a/.SRCINFO
 +++ b/.SRCINFO
 @@ -1,6 +1,8 @@
 +# Generated by mksrcinfo v8
 +# Sat Oct 14 16:27:34 UTC 2017
 pkgbase = nginx-mainline-rtmp
 	pkgdesc = Lightweight HTTP server and IMAP/POP3 proxy server, mainline-rtmp release
 -	pkgver = 1.11.8
 +	pkgver = 1.13.6.1.2.0
 	pkgrel = 1
 	url = https://nginx.org
 	install = nginx.install
 @@ -8,7 +10,6 @@ pkgbase = nginx-mainline-rtmp
 	arch = x86_64
 	arch = armv7h
 	license = custom
 -	makedepends = hardening-wrapper
 	depends = pcre
 	depends = zlib
 	depends = openssl
 @@ -26,19 +27,18 @@ pkgbase = nginx-mainline-rtmp
 	backup = etc/nginx/win-utf
 	backup = etc/logrotate.d/nginx
 	backup = usr/share/nginx/html/crossdomain.xml
 -	source = https://nginx.org/download/nginx-1.11.8.tar.gz
 -	source = https://nginx.org/download/nginx-1.11.8.tar.gz.asc
 -	source = https://github.com/arut/nginx-rtmp-module/archive/v1.1.10.tar.gz
 +	source = https://nginx.org/download/nginx-1.13.6.tar.gz
 +	source = https://nginx.org/download/nginx-1.13.6.tar.gz.asc
 +	source = https://github.com/arut/nginx-rtmp-module/archive/v1.2.0.tar.gz
 	source = service
 	source = logrotate
 	source = crossdomain.xml
 	source = nginx.conf
 -	validpgpkeys = B0F4253373F8F6F510D42178520A9993A1C052F8
 -	md5sums = 8f68f49b6db510e567bba9e0c271a3ac
 +	md5sums = f84d3f782c168bfdfb734700e51a929f
 	md5sums = SKIP
 -	md5sums = 2e82501ed423a901ab64bfe2228a0666
 -	md5sums = ce9a06bcaf66ec4a3c4eb59b636e0dfd
 -	md5sums = d6a6d4d819f03a675bacdfabd25aa37e
 +	md5sums = 1a47951b64f3f726a9d4620774643759
 +	md5sums = ef491e760e7c1ffec9ca25441a150c83
 +	md5sums = 6a01fb17af86f03707c8ae60f98a2dc2
 	md5sums = 4d2e9c834fa2e60cd8b23185b93d2e2e
 	md5sums = 35a9c62e780ab952fb89b613f0af97cd
 
 diff --git a/PKGBUILD b/PKGBUILD
 index 74b3134..ded51f0 100644
 --- a/PKGBUILD
 +++ b/PKGBUILD
 @@ -4,16 +4,18 @@
 # Contributor: Drew DeVault
 # Contributor: Florent Thiéry <[email protected]>
 # Contributor: moparisthebest <admin dot archlinux AT moparisthebest dot com>
 +# Contributer: Phillip Schichtel <[email protected]>
 
 +_nginx_version=1.13.6
 +_rtmp_version=1.2.0
 pkgname=nginx-mainline-rtmp
 -pkgver=1.11.8
 +pkgver="${_nginx_version}.${_rtmp_version}"
 pkgrel=1
 pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server, mainline-rtmp release'
 arch=('i686' 'x86_64' 'armv7h')
 url='https://nginx.org'
 license=('custom')
 depends=('pcre' 'zlib' 'openssl' 'geoip')
 -makedepends=('hardening-wrapper')
 backup=('etc/nginx/fastcgi.conf'
         'etc/nginx/fastcgi_params'
         'etc/nginx/koi-win'
 @@ -28,18 +30,18 @@ backup=('etc/nginx/fastcgi.conf'
 install=nginx.install
 provides=('nginx')
 conflicts=('nginx')
 -source=($url/download/nginx-$pkgver.tar.gz{,.asc}
 -        https://github.com/arut/nginx-rtmp-module/archive/v1.1.10.tar.gz
 +source=($url/download/nginx-${_nginx_version}.tar.gz{,.asc}
 +        https://github.com/arut/nginx-rtmp-module/archive/v${_rtmp_version}.tar.gz
         service
         logrotate
         crossdomain.xml
         nginx.conf)
 validpgpkeys=('B0F4253373F8F6F510D42178520A9993A1C052F8') # Maxim Dounin <[email protected]>
 -md5sums=('8f68f49b6db510e567bba9e0c271a3ac'
 +md5sums=('f84d3f782c168bfdfb734700e51a929f'
          'SKIP'
 -         '2e82501ed423a901ab64bfe2228a0666'
 -         'ce9a06bcaf66ec4a3c4eb59b636e0dfd'
 -         'd6a6d4d819f03a675bacdfabd25aa37e'
 +         '1a47951b64f3f726a9d4620774643759'
 +         'ef491e760e7c1ffec9ca25441a150c83'
 +         '6a01fb17af86f03707c8ae60f98a2dc2'
          '4d2e9c834fa2e60cd8b23185b93d2e2e'
          '35a9c62e780ab952fb89b613f0af97cd')
 
 @@ -64,10 +66,14 @@ _common_flags=(
   --with-http_v2_module
   --with-mail
   --with-mail_ssl_module
 +  --with-pcre-jit
   --with-stream
 +  --with-stream_geoip_module
 +  --with-stream_realip_module
   --with-stream_ssl_module
 +  --with-stream_ssl_preread_module
   --with-threads
 -  --add-module=../nginx-rtmp-module-1.1.10
 +  "--add-module=../nginx-rtmp-module-${_rtmp_version}"
 )
 
 _mainline_flags=(
 @@ -77,7 +83,7 @@ _mainline_flags=(
 )
 
 build() {
 -  cd $provides-$pkgver
 +  cd "$provides-${_nginx_version}"
   ./configure \
     --prefix=/etc/nginx \
     --conf-path=/etc/nginx/nginx.conf \
 @@ -93,6 +99,8 @@ build() {
     --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
     --http-scgi-temp-path=/var/lib/nginx/scgi \
     --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
 +    --with-cc-opt="$CFLAGS $CPPFLAGS" \
 +    --with-ld-opt="$LDFLAGS" \
     ${_common_flags[@]} \
     ${_mainline_flags[@]}
 
 @@ -100,7 +108,7 @@ build() {
 }
 
 package() {
 -  cd $provides-$pkgver
 +  cd "$provides-${_nginx_version}"
   make DESTDIR="$pkgdir" install
 
   sed -e 's|\<user\s\+\w\+;|user html;|g' \
 @@ -113,8 +121,8 @@ package() {
   install -d "$pkgdir"/var/lib/nginx
   install -dm700 "$pkgdir"/var/lib/nginx/proxy
 
 -  chmod 750 "$pkgdir"/var/log/nginx
 -  chown http:log "$pkgdir"/var/log/nginx
 +  chmod 755 "$pkgdir"/var/log/nginx
 +  chown root:root "$pkgdir"/var/log/nginx
 
   install -d "$pkgdir"/usr/share/nginx
   mv "$pkgdir"/etc/nginx/html/ "$pkgdir"/usr/share/nginx
 @@ -131,8 +139,8 @@ package() {
   gzip -9c man/nginx.8 > "$pkgdir"/usr/share/man/man8/nginx.8.gz
 
   for i in ftdetect indent syntax; do
 -    install -Dm644 contrib/vim/${i}/nginx.vim \
 -      "${pkgdir}/usr/share/vim/vimfiles/${i}/nginx.vim"
 +    install -Dm644 contrib/vim/$i/nginx.vim \
 +      "$pkgdir/usr/share/vim/vimfiles/$i/nginx.vim"
   done
 }
 
 diff --git a/logrotate b/logrotate
 index 6fcf558..e0afbb9 100644
 --- a/logrotate
 +++ b/logrotate
 @@ -5,6 +5,6 @@
 	sharedscripts
 	compress
 	postrotate
 -		test ! -r /var/run/nginx.pid || kill -USR1 `cat /var/run/nginx.pid`
 +		test ! -r /run/nginx.pid || kill -USR1 `cat /run/nginx.pid`
 	endscript
 }
 diff --git a/nginx.install b/nginx.install
 index 7c4adf1..90d24a5 100644
 --- a/nginx.install
 +++ b/nginx.install
 @@ -1,21 +1,12 @@
 post_upgrade() {
 -    if (( $(vercmp $2 1.2.7-4) <= 0 )); then
 -        chmod 750 var/log/nginx
 -        chown http:log var/log/nginx
 -    fi
 -    if (( $(vercmp $2 1.2.1-2) <= 0 )); then
 -        echo ' >>> Since 1.2.1-2 several changes has been made in package:'
 -        echo '      - *.conf files have been moved to /etc/nginx'
 -        echo '      - /etc/conf.d/nginx has been removed'
 -        echo '        Main configuration file is set to /etc/nginx/nginx.conf'
 -        echo '      - access.log and error.log can be found in /var/log/nginx by default'
 -        echo '      - bundled *.html files have been moved to /usr/share/nginx/html'
 -        echo '      - /etc/nginx/{html,logs} symbolic links and *.default files have been removed'
 -    fi
 -    if (( $(vercmp $2 1.4.2-4) < 0 )); then
 -        echo 'Nginx now includes only upstream bundled modules.'
 -        echo 'Thus, passenger module support was dropped.'
 -    fi
 -}
 +  if (( $(vercmp $2 1.11.8-2) < 0)); then
 +    chown root:root var/log/nginx
 +  fi
 
 -# vim:set ts=4 sw=4 et:
 +  if (( $(vercmp $2 1.11.9-2) < 0 )); then
 +    chmod 755 var/log/nginx
 +    echo ':: Security notice:'
 +    echo '     - When additional log directories are used in /var/log/nginx make sure they'
 +    echo '       are owned by root:root and have 755 set as permission to mitigate CVE-2016-1247'
 +  fi
 +}
 diff --git a/service b/service
 index 29d3aa8..365bc95 100644
 --- a/service
 +++ b/service
 @@ -1,14 +1,17 @@
 [Unit]
 Description=A high performance web server and a reverse proxy server
 -After=syslog.target network.target
 +After=network.target network-online.target nss-lookup.target
 
 [Service]
 Type=forking
 PIDFile=/run/nginx.pid
 -ExecStartPre=/usr/bin/nginx -t -q -g 'pid /run/nginx.pid; daemon on; master_process on;'
 -ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; daemon on; master_process on;'
 -ExecReload=/usr/bin/nginx -g 'pid /run/nginx.pid; daemon on; master_process on;' -s reload
 -ExecStop=/usr/bin/nginx -g 'pid /run/nginx.pid;' -s quit
 +PrivateDevices=yes
 +SyslogLevel=err
 +
 +ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; error_log stderr;'
 +ExecReload=/usr/bin/nginx -s reload
 +KillSignal=SIGQUIT
 +KillMode=mixed
 
 [Install]
 WantedBy=multi-user.target
 -- 
 2.14.2
	From 4eef7f0ccc4a721655eefc638976c311aaa12e73 Mon Sep 17 00:00:00 2001
	From: Phillip Schichtel <[email protected]>
	Date: Sat, 14 Oct 2017 18:12:50 +0200
	Subject: [PATCH] Update to latest nginx 1.13.6 and rtmp module 1.2.0

	Additionally synced the PKGFILE with community/nginx-mainline
	---
	.SRCINFO \| 20 ++++++++++----------
	PKGBUILD \| 38 +++++++++++++++++++++++---------------
	logrotate \| 2 +-
	nginx.install \| 29 ++++++++++-------------------
	service \| 13 ++++++++-----
	5 files changed, 52 insertions(+), 50 deletions(-)

	diff --git a/.SRCINFO b/.SRCINFO
	index d9eed2b..8820821 100644
	--- a/.SRCINFO
	+++ b/.SRCINFO
	@@ -1,6 +1,8 @@
	+# Generated by mksrcinfo v8
	+# Sat Oct 14 16:27:34 UTC 2017
	pkgbase = nginx-mainline-rtmp
	pkgdesc = Lightweight HTTP server and IMAP/POP3 proxy server, mainline-rtmp release
	- pkgver = 1.11.8
	+ pkgver = 1.13.6.1.2.0
	pkgrel = 1
	url = https://nginx.org
	install = nginx.install
	@@ -8,7 +10,6 @@ pkgbase = nginx-mainline-rtmp
	arch = x86_64
	arch = armv7h
	license = custom
	- makedepends = hardening-wrapper
	depends = pcre
	depends = zlib
	depends = openssl
	@@ -26,19 +27,18 @@ pkgbase = nginx-mainline-rtmp
	backup = etc/nginx/win-utf
	backup = etc/logrotate.d/nginx
	backup = usr/share/nginx/html/crossdomain.xml
	- source = https://nginx.org/download/nginx-1.11.8.tar.gz
	- source = https://nginx.org/download/nginx-1.11.8.tar.gz.asc
	- source = https://github.com/arut/nginx-rtmp-module/archive/v1.1.10.tar.gz
	+ source = https://nginx.org/download/nginx-1.13.6.tar.gz
	+ source = https://nginx.org/download/nginx-1.13.6.tar.gz.asc
	+ source = https://github.com/arut/nginx-rtmp-module/archive/v1.2.0.tar.gz
	source = service
	source = logrotate
	source = crossdomain.xml
	source = nginx.conf
	- validpgpkeys = B0F4253373F8F6F510D42178520A9993A1C052F8
	- md5sums = 8f68f49b6db510e567bba9e0c271a3ac
	+ md5sums = f84d3f782c168bfdfb734700e51a929f
	md5sums = SKIP
	- md5sums = 2e82501ed423a901ab64bfe2228a0666
	- md5sums = ce9a06bcaf66ec4a3c4eb59b636e0dfd
	- md5sums = d6a6d4d819f03a675bacdfabd25aa37e
	+ md5sums = 1a47951b64f3f726a9d4620774643759
	+ md5sums = ef491e760e7c1ffec9ca25441a150c83
	+ md5sums = 6a01fb17af86f03707c8ae60f98a2dc2
	md5sums = 4d2e9c834fa2e60cd8b23185b93d2e2e
	md5sums = 35a9c62e780ab952fb89b613f0af97cd

	diff --git a/PKGBUILD b/PKGBUILD
	index 74b3134..ded51f0 100644
	--- a/PKGBUILD
	+++ b/PKGBUILD
	@@ -4,16 +4,18 @@
	# Contributor: Drew DeVault
	# Contributor: Florent Thiéry <[email protected]>
	# Contributor: moparisthebest <admin dot archlinux AT moparisthebest dot com>
	+# Contributer: Phillip Schichtel <[email protected]>

	+_nginx_version=1.13.6
	+_rtmp_version=1.2.0
	pkgname=nginx-mainline-rtmp
	-pkgver=1.11.8
	+pkgver="${_nginx_version}.${_rtmp_version}"
	pkgrel=1
	pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server, mainline-rtmp release'
	arch=('i686' 'x86_64' 'armv7h')
	url='https://nginx.org'
	license=('custom')
	depends=('pcre' 'zlib' 'openssl' 'geoip')
	-makedepends=('hardening-wrapper')
	backup=('etc/nginx/fastcgi.conf'
	'etc/nginx/fastcgi_params'
	'etc/nginx/koi-win'
	@@ -28,18 +30,18 @@ backup=('etc/nginx/fastcgi.conf'
	install=nginx.install
	provides=('nginx')
	conflicts=('nginx')
	-source=($url/download/nginx-$pkgver.tar.gz{,.asc}
	- https://github.com/arut/nginx-rtmp-module/archive/v1.1.10.tar.gz
	+source=($url/download/nginx-${_nginx_version}.tar.gz{,.asc}
	+ https://github.com/arut/nginx-rtmp-module/archive/v${_rtmp_version}.tar.gz
	service
	logrotate
	crossdomain.xml
	nginx.conf)
	validpgpkeys=('B0F4253373F8F6F510D42178520A9993A1C052F8') # Maxim Dounin <[email protected]>
	-md5sums=('8f68f49b6db510e567bba9e0c271a3ac'
	+md5sums=('f84d3f782c168bfdfb734700e51a929f'
	'SKIP'
	- '2e82501ed423a901ab64bfe2228a0666'
	- 'ce9a06bcaf66ec4a3c4eb59b636e0dfd'
	- 'd6a6d4d819f03a675bacdfabd25aa37e'
	+ '1a47951b64f3f726a9d4620774643759'
	+ 'ef491e760e7c1ffec9ca25441a150c83'
	+ '6a01fb17af86f03707c8ae60f98a2dc2'
	'4d2e9c834fa2e60cd8b23185b93d2e2e'
	'35a9c62e780ab952fb89b613f0af97cd')

	@@ -64,10 +66,14 @@ _common_flags=(
	--with-http_v2_module
	--with-mail
	--with-mail_ssl_module
	+ --with-pcre-jit
	--with-stream
	+ --with-stream_geoip_module
	+ --with-stream_realip_module
	--with-stream_ssl_module
	+ --with-stream_ssl_preread_module
	--with-threads
	- --add-module=../nginx-rtmp-module-1.1.10
	+ "--add-module=../nginx-rtmp-module-${_rtmp_version}"
	)

	_mainline_flags=(
	@@ -77,7 +83,7 @@ _mainline_flags=(
	)

	build() {
	- cd $provides-$pkgver
	+ cd "$provides-${_nginx_version}"
	./configure \
	--prefix=/etc/nginx \
	--conf-path=/etc/nginx/nginx.conf \
	@@ -93,6 +99,8 @@ build() {
	--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
	--http-scgi-temp-path=/var/lib/nginx/scgi \
	--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
	+ --with-cc-opt="$CFLAGS $CPPFLAGS" \
	+ --with-ld-opt="$LDFLAGS" \
	${_common_flags[@]} \
	${_mainline_flags[@]}

	@@ -100,7 +108,7 @@ build() {
	}

	package() {
	- cd $provides-$pkgver
	+ cd "$provides-${_nginx_version}"
	make DESTDIR="$pkgdir" install

	sed -e 's\|\<user\s\+\w\+;\|user html;\|g' \
	@@ -113,8 +121,8 @@ package() {
	install -d "$pkgdir"/var/lib/nginx
	install -dm700 "$pkgdir"/var/lib/nginx/proxy

	- chmod 750 "$pkgdir"/var/log/nginx
	- chown http:log "$pkgdir"/var/log/nginx
	+ chmod 755 "$pkgdir"/var/log/nginx
	+ chown root:root "$pkgdir"/var/log/nginx

	install -d "$pkgdir"/usr/share/nginx
	mv "$pkgdir"/etc/nginx/html/ "$pkgdir"/usr/share/nginx
	@@ -131,8 +139,8 @@ package() {
	gzip -9c man/nginx.8 > "$pkgdir"/usr/share/man/man8/nginx.8.gz

	for i in ftdetect indent syntax; do
	- install -Dm644 contrib/vim/${i}/nginx.vim \
	- "${pkgdir}/usr/share/vim/vimfiles/${i}/nginx.vim"
	+ install -Dm644 contrib/vim/$i/nginx.vim \
	+ "$pkgdir/usr/share/vim/vimfiles/$i/nginx.vim"
	done
	}

	diff --git a/logrotate b/logrotate
	index 6fcf558..e0afbb9 100644
	--- a/logrotate
	+++ b/logrotate
	@@ -5,6 +5,6 @@
	sharedscripts
	compress
	postrotate
	- test ! -r /var/run/nginx.pid \|\| kill -USR1 `cat /var/run/nginx.pid`
	+ test ! -r /run/nginx.pid \|\| kill -USR1 `cat /run/nginx.pid`
	endscript
	}
	diff --git a/nginx.install b/nginx.install
	index 7c4adf1..90d24a5 100644
	--- a/nginx.install
	+++ b/nginx.install
	@@ -1,21 +1,12 @@
	post_upgrade() {
	- if (( $(vercmp $2 1.2.7-4) <= 0 )); then
	- chmod 750 var/log/nginx
	- chown http:log var/log/nginx
	- fi
	- if (( $(vercmp $2 1.2.1-2) <= 0 )); then
	- echo ' >>> Since 1.2.1-2 several changes has been made in package:'
	- echo ' - *.conf files have been moved to /etc/nginx'
	- echo ' - /etc/conf.d/nginx has been removed'
	- echo ' Main configuration file is set to /etc/nginx/nginx.conf'
	- echo ' - access.log and error.log can be found in /var/log/nginx by default'
	- echo ' - bundled *.html files have been moved to /usr/share/nginx/html'
	- echo ' - /etc/nginx/{html,logs} symbolic links and *.default files have been removed'
	- fi
	- if (( $(vercmp $2 1.4.2-4) < 0 )); then
	- echo 'Nginx now includes only upstream bundled modules.'
	- echo 'Thus, passenger module support was dropped.'
	- fi
	-}
	+ if (( $(vercmp $2 1.11.8-2) < 0)); then
	+ chown root:root var/log/nginx
	+ fi

	-# vim:set ts=4 sw=4 et:
	+ if (( $(vercmp $2 1.11.9-2) < 0 )); then
	+ chmod 755 var/log/nginx
	+ echo ':: Security notice:'
	+ echo ' - When additional log directories are used in /var/log/nginx make sure they'
	+ echo ' are owned by root:root and have 755 set as permission to mitigate CVE-2016-1247'
	+ fi
	+}
	diff --git a/service b/service
	index 29d3aa8..365bc95 100644
	--- a/service
	+++ b/service
	@@ -1,14 +1,17 @@
	[Unit]
	Description=A high performance web server and a reverse proxy server
	-After=syslog.target network.target
	+After=network.target network-online.target nss-lookup.target

	[Service]
	Type=forking
	PIDFile=/run/nginx.pid
	-ExecStartPre=/usr/bin/nginx -t -q -g 'pid /run/nginx.pid; daemon on; master_process on;'
	-ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; daemon on; master_process on;'
	-ExecReload=/usr/bin/nginx -g 'pid /run/nginx.pid; daemon on; master_process on;' -s reload
	-ExecStop=/usr/bin/nginx -g 'pid /run/nginx.pid;' -s quit
	+PrivateDevices=yes
	+SyslogLevel=err
	+
	+ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; error_log stderr;'
	+ExecReload=/usr/bin/nginx -s reload
	+KillSignal=SIGQUIT
	+KillMode=mixed

	[Install]
	WantedBy=multi-user.target
	--
	2.14.2