-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-1556d440ba 2021-04-29 01:21:37.105123 -------------------------------------------------------------------------------- Name : nginx Product : Fedora 32 Version : 1.20.0 Release : 2.fc32 URL : https://nginx.org Summary : A high performance web server and reverse proxy server Description : Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. -------------------------------------------------------------------------------- Update Information: Note that the ownership of log files has changed to `root:root` and the mode changed to `700` (from `770`) to address CVE-2016-1247. This should not affect general operation, as this is the default for log directories and also what httpd uses but if you use external tools to process the log files you may want to check continued operation after this update. Upstream changelog: [nginx-1.20.0](http://nginx.org/en/download.html) stable version has been released, incorporating new features and bug fixes from the 1.19.x mainline branch ��� including [OCSP validation](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ocsp) of client SSL certificates, the [ssl_reject_handshake](http://nginx.org/en/docs/htt p/ngx_http_ssl_module.html#ssl_reject_handshake) and [ssl_conf_command](http://n ginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_conf_command) directives, simplified and improved handling of HTTP/2 connections with the [lingering_close ](http://nginx.org/en/docs/http/ngx_http_core_module.html#lingering_close), [kee palive_timeout](http://nginx.org/en/docs/http/ngx_http_core_module.html#k... e_timeout), and [keepalive_requests](http://nginx.org/en/docs/http/ngx_http_core _module.html#keepalive_requests) directives, the [keepalive_time](http://nginx.o rg/en/docs/http/ngx_http_core_module.html#keepalive_time) directive, stricter handling of upstream server responses, [cookie flags](http://nginx.org/en/docs/h ttp/ngx_http_proxy_module.html#proxy_cookie_flags) handling, cache clearing based on the [minimum amount of free space](http://nginx.org/en/docs/http/ngx_ht tp_proxy_module.html#proxy_cache_path_max_size), PROXY protocol support [from clients](http://nginx.org/en/docs/mail/ngx_mail_core_module.html#proxy_pr... and [to backend servers](http://nginx.org/en/docs/mail/ngx_mail_proxy_module.htm l#proxy_protocol) in the mail proxy, [proxying SMTP authentication](http://nginx .org/en/docs/mail/ngx_mail_proxy_module.html#proxy_smtp_auth), the [set](http://nginx.org/en/docs/stream/ngx_stream_set_module.html) directive in the stream module, and more. ---- [nginx-1.20.0](http://nginx.org/en/download.html) stable version has been released, incorporating new features and bug fixes from the 1.19.x mainline branch ��� including [OCSP validation](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ocsp) of client SSL certificates, the [ssl_reject_handshake](http://nginx.org/en/docs/htt p/ngx_http_ssl_module.html#ssl_reject_handshake) and [ssl_conf_command](http://n ginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_conf_command) directives, simplified and improved handling of HTTP/2 connections with the [lingering_close ](http://nginx.org/en/docs/http/ngx_http_core_module.html#lingering_close), [kee palive_timeout](http://nginx.org/en/docs/http/ngx_http_core_module.html#k... e_timeout), and [keepalive_requests](http://nginx.org/en/docs/http/ngx_http_core _module.html#keepalive_requests) directives, the [keepalive_time](http://nginx.o rg/en/docs/http/ngx_http_core_module.html#keepalive_time) directive, stricter handling of upstream server responses, [cookie flags](http://nginx.org/en/docs/h ttp/ngx_http_proxy_module.html#proxy_cookie_flags) handling, cache clearing based on the [minimum amount of free space](http://nginx.org/en/docs/http/ngx_ht tp_proxy_module.html#proxy_cache_path_max_size), PROXY protocol support [from clients](http://nginx.org/en/docs/mail/ngx_mail_core_module.html#proxy_pr... and [to backend servers](http://nginx.org/en/docs/mail/ngx_mail_proxy_module.htm l#proxy_protocol) in the mail proxy, [proxying SMTP authentication](http://nginx .org/en/docs/mail/ngx_mail_proxy_module.html#proxy_smtp_auth), the [set](http://nginx.org/en/docs/stream/ngx_stream_set_module.html) directive in the stream module, and more. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 21 2021 Felix Kaechele <heffer(a)fedoraproject.org&gt; - 1:1.20.0-2 - sync rawhide and EPEL7 spec files again - systemd service reload now checks config file (rhbz#1565377) - drop nginx requirement on nginx-all-modules (rhbz#1708799) - let nginx handle log creation on logrotate (rhbz#1683388) - have log directory owned by root (rhbz#1390183, CVE-2016-1247) - remove obsolete --with-ipv6 (src PR#8) - correction: pcre2 is actually not supported by nginx, reintroduce pcre * Wed Apr 21 2021 Felix Kaechele <heffer(a)fedoraproject.org&gt; - 1:1.20.0-1 - update to 1.20.0 - sync with mainline spec file - order configure options alphabetically for easier comparinggit - add --with-compat option (rhbz#1834452) - add patch to fix PIDFile race condition (rhbz#1869026) - use pcre2 instead of pcre (rhbz#1938984) - add Wants=network-online.target to systemd unit (rhbz#1943779) * Mon Feb 22 2021 Lubos Uhliarik <luhliari(a)redhat.com&gt; - 1:1.18.0-5 - Resolves: #1931402 - drop gperftools module * Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org&gt; - 1:1.18.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org&gt; - 1:1.18.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jun 22 2020 Jitka Plesnikova <jplesnik(a)redhat.com&gt; - 1:1.18.0-2 - Perl 5.32 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1390183 - CVE-2016-1247 nginx: Local privilege escalation via log files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1390183 [ 2 ] Bug #1565377 - Service reload should check configuration file https://bugzilla.redhat.com/show_bug.cgi?id=1565377 [ 3 ] Bug #1683388 - Log file ownership created by logrotate inconsistent with the one created by systemd https://bugzilla.redhat.com/show_bug.cgi?id=1683388 [ 4 ] Bug #1708799 - Drop nginx requirement on nginx-all-modules https://bugzilla.redhat.com/show_bug.cgi?id=1708799 [ 5 ] Bug #1834452 - Enable --with-compat configure option https://bugzilla.redhat.com/show_bug.cgi?id=1834452 [ 6 ] Bug #1869026 - nginx.service fails to parse /run/nginx.pid https://bugzilla.redhat.com/show_bug.cgi?id=1869026 [ 7 ] Bug #1943779 - nginx.service wants wrong network target - causes race condition on boot https://bugzilla.redhat.com/show_bug.cgi?id=1943779 [ 8 ] Bug #1944738 - nginx-1.20.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1944738 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-1556d440ba' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------