-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2021-8c50b78c57 2021-06-18 00:31:25.541344 --------------------------------------------------------------------------------

Name : nginx Product : Fedora EPEL 7 Version : 1.20.1 Release : 2.el7 URL : https://nginx.org Summary : A high performance web server and reverse proxy server Description : Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage.

-------------------------------------------------------------------------------- Update Information:

Fix log permissions issue ---- # nginx 1.20.1 for EPEL 7 ## Changes ### Log file ownership (potential user impact) **Note** that the ownership of log files has changed to `root:root` and the mode changed to `700` (from `770`) to address CVE-2016-1247. This should not affect general operation, as this is the default for log directories and also what httpd uses but if you use external tools to process the log files you may want to check continued operation after this update. ### OpenSSL 1.1 nginx in EPEL 7 is now built against OpenSSL 1.1 to allow the use of TLSv1.3. ### Default Config changes Dropped `default_server` and `location /` directives so that it can be overridden in `conf.d` without needing to touch the default config. Note that the first `server` (as defined in the default config) and `root` will continue to serve the default `index.html` as long as no other `server` is defined. ### Logrotate nginx now handles creation of new log files to ensure correct permissions. ### Installation nginx no longer requires `nginx-all-modules` to allow for a leaner install. ### Service start The systemd unit will now wait for the `network-online.target`. Previously, start up could fail if DNS names were used for some config options (such as `proxy_pass`) and these names were not resolvable at service start time. ### Service reload The systemd unit now uses `nginx -s` to only reload the service if the configuration is valid. In previous versions an invalid configuration could take down nginx upon reload. Please consult http://nginx.org/en/CHANGES-1.20 for all changes to nginx since the current EPEL 7 release of 1.16.1. -------------------------------------------------------------------------------- ChangeLog:

* Tue Jun 1 2021 Felix Kaechele heffer@fedoraproject.org - 1:1.20.1-2 - use different fix for rhbz#1683388 as it introduced permissions issues in 1:1.20.0-2 * Tue May 25 2021 Felix Kaechele heffer@fedoraproject.org - 1:1.20.1-1 - update to 1.20.1 (fixes CVE-2021-23017) * Fri May 21 2021 Jitka Plesnikova jplesnik@redhat.com - 1:1.20.0-4 - Perl 5.34 rebuild * Fri Apr 30 2021 Lubos Uhliarik luhliari@redhat.com - 1:1.20.0-3 - Related: #1636235 - centralizing default index.html on nginx * Wed Apr 21 2021 Felix Kaechele heffer@fedoraproject.org - 1:1.20.0-2 - sync rawhide and EPEL7 spec files again - systemd service reload now checks config file (rhbz#1565377) - drop nginx requirement on nginx-all-modules (rhbz#1708799) - let nginx handle log creation on logrotate (rhbz#1683388) - have log directory owned by root (rhbz#1390183, CVE-2016-1247) - remove obsolete --with-ipv6 (src PR#8) - correction: pcre2 is actually not supported by nginx, reintroduce pcre * Wed Apr 21 2021 Felix Kaechele heffer@fedoraproject.org - 1:1.20.0-1 - update to 1.20.0 - sync with mainline spec file - order configure options alphabetically for easier comparinggit - add --with-compat option (rhbz#1834452) - add patch to fix PIDFile race condition (rhbz#1869026) - use pcre2 instead of pcre (rhbz#1938984) - add Wants=network-online.target to systemd unit (rhbz#1943779) * Mon Feb 22 2021 Lubos Uhliarik luhliari@redhat.com - 1:1.18.0-5 - Resolves: #1931402 - drop gperftools module * Tue Jan 26 2021 Fedora Release Engineering releng@fedoraproject.org - 1:1.18.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1964821 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1964821 [ 2 ] Bug #1966367 - nginx doesn't reopen the log file https://bugzilla.redhat.com/show_bug.cgi?id=1966367 --------------------------------------------------------------------------------

This update can be installed with the "yum" update programs. Use su -c 'yum update nginx' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7%5C /html/System_Administrators_Guide/ch-yum.html

All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------