--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-1556d440ba
2021-04-29 01:21:37.105123
--------------------------------------------------------------------------------
Name : nginx
Product : Fedora 32
Version : 1.20.0
Release : 2.fc32
URL :
https://nginx.org
Summary : A high performance web server and reverse proxy server
Description :
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and low
memory usage.
--------------------------------------------------------------------------------
Update Information:
Note that the ownership of log files has changed to `root:root` and the mode
changed to `700` (from `770`) to address CVE-2016-1247. This should not affect
general operation, as this is the default for log directories and also what
httpd uses but if you use external tools to process the log files you may want
to check continued operation after this update. Upstream changelog:
[
nginx-1.20.0](http://nginx.org/en/download.html) stable version has been
released, incorporating new features and bug fixes from the 1.19.x mainline
branch ��� including [OCSP
validation](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ocsp) of
client SSL certificates, the [
ssl_reject_handshake](http://nginx.org/en/docs/htt
p/ngx_http_ssl_module.html#ssl_reject_handshake) and [ssl_conf_command](http://n
ginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_conf_command) directives,
simplified and improved handling of HTTP/2 connections with the [lingering_close
](http://nginx.org/en/docs/http/ngx_http_core_module.html#lingering_close), [kee
palive_timeout](http://nginx.org/en/docs/http/ngx_http_core_module.html#k...
e_timeout), and [
keepalive_requests](http://nginx.org/en/docs/http/ngx_http_core
_module.html#keepalive_requests) directives, the [keepalive_time](http://nginx.o
rg/en/docs/http/ngx_http_core_module.html#keepalive_time) directive, stricter
handling of upstream server responses, [cookie
flags](http://nginx.org/en/docs/h
ttp/ngx_http_proxy_module.html#proxy_cookie_flags) handling, cache clearing
based on the [minimum amount of free
space](http://nginx.org/en/docs/http/ngx_ht
tp_proxy_module.html#proxy_cache_path_max_size), PROXY protocol support [from
clients](http://nginx.org/en/docs/mail/ngx_mail_core_module.html#proxy_pr...
and [to backend
servers](http://nginx.org/en/docs/mail/ngx_mail_proxy_module.htm
l#proxy_protocol) in the mail proxy, [proxying SMTP authentication](http://nginx
.org/en/docs/mail/ngx_mail_proxy_module.html#proxy_smtp_auth), the
[
set](http://nginx.org/en/docs/stream/ngx_stream_set_module.html) directive in
the stream module, and more. ----
[
nginx-1.20.0](http://nginx.org/en/download.html) stable version has been
released, incorporating new features and bug fixes from the 1.19.x mainline
branch ��� including [OCSP
validation](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ocsp) of
client SSL certificates, the [
ssl_reject_handshake](http://nginx.org/en/docs/htt
p/ngx_http_ssl_module.html#ssl_reject_handshake) and [ssl_conf_command](http://n
ginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_conf_command) directives,
simplified and improved handling of HTTP/2 connections with the [lingering_close
](http://nginx.org/en/docs/http/ngx_http_core_module.html#lingering_close), [kee
palive_timeout](http://nginx.org/en/docs/http/ngx_http_core_module.html#k...
e_timeout), and [
keepalive_requests](http://nginx.org/en/docs/http/ngx_http_core
_module.html#keepalive_requests) directives, the [keepalive_time](http://nginx.o
rg/en/docs/http/ngx_http_core_module.html#keepalive_time) directive, stricter
handling of upstream server responses, [cookie
flags](http://nginx.org/en/docs/h
ttp/ngx_http_proxy_module.html#proxy_cookie_flags) handling, cache clearing
based on the [minimum amount of free
space](http://nginx.org/en/docs/http/ngx_ht
tp_proxy_module.html#proxy_cache_path_max_size), PROXY protocol support [from
clients](http://nginx.org/en/docs/mail/ngx_mail_core_module.html#proxy_pr...
and [to backend
servers](http://nginx.org/en/docs/mail/ngx_mail_proxy_module.htm
l#proxy_protocol) in the mail proxy, [proxying SMTP authentication](http://nginx
.org/en/docs/mail/ngx_mail_proxy_module.html#proxy_smtp_auth), the
[
set](http://nginx.org/en/docs/stream/ngx_stream_set_module.html) directive in
the stream module, and more.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 21 2021 Felix Kaechele <heffer(a)fedoraproject.org> - 1:1.20.0-2
- sync rawhide and EPEL7 spec files again
- systemd service reload now checks config file (rhbz#1565377)
- drop nginx requirement on nginx-all-modules (rhbz#1708799)
- let nginx handle log creation on logrotate (rhbz#1683388)
- have log directory owned by root (rhbz#1390183, CVE-2016-1247)
- remove obsolete --with-ipv6 (src PR#8)
- correction: pcre2 is actually not supported by nginx, reintroduce pcre
* Wed Apr 21 2021 Felix Kaechele <heffer(a)fedoraproject.org> - 1:1.20.0-1
- update to 1.20.0
- sync with mainline spec file
- order configure options alphabetically for easier comparinggit
- add --with-compat option (rhbz#1834452)
- add patch to fix PIDFile race condition (rhbz#1869026)
- use pcre2 instead of pcre (rhbz#1938984)
- add Wants=network-online.target to systemd unit (rhbz#1943779)
* Mon Feb 22 2021 Lubos Uhliarik <luhliari(a)redhat.com> - 1:1.18.0-5
- Resolves: #1931402 - drop gperftools module
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:1.18.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:1.18.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jun 22 2020 Jitka Plesnikova <jplesnik(a)redhat.com> - 1:1.18.0-2
- Perl 5.32 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1390183 - CVE-2016-1247 nginx: Local privilege escalation via log files
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1390183
[ 2 ] Bug #1565377 - Service reload should check configuration file
https://bugzilla.redhat.com/show_bug.cgi?id=1565377
[ 3 ] Bug #1683388 - Log file ownership created by logrotate inconsistent with the one
created by systemd
https://bugzilla.redhat.com/show_bug.cgi?id=1683388
[ 4 ] Bug #1708799 - Drop nginx requirement on nginx-all-modules
https://bugzilla.redhat.com/show_bug.cgi?id=1708799
[ 5 ] Bug #1834452 - Enable --with-compat configure option
https://bugzilla.redhat.com/show_bug.cgi?id=1834452
[ 6 ] Bug #1869026 - nginx.service fails to parse /run/nginx.pid
https://bugzilla.redhat.com/show_bug.cgi?id=1869026
[ 7 ] Bug #1943779 - nginx.service wants wrong network target - causes race condition on
boot
https://bugzilla.redhat.com/show_bug.cgi?id=1943779
[ 8 ] Bug #1944738 - nginx-1.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1944738
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-1556d440ba' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------