Changes - j0ke.net Open Build Service

Changes of Revision 65

[-] [+]	Changed	nginx.spec
@@ -85,8 +85,6 @@ Patch0: nginx-auto-cc-gcc.patch Patch1: nginx-conf-0.7.x.patch Patch2: check_1.7.5+.patch -Patch3: ngx-detect-heartbleed.patch -Patch4: nginx_sysguard_1.3.9.patch Patch5: openssl-rc4tilt.patch %description @@ -98,7 +96,7 @@ %prep %setup -q -#%patch0 -p0 +%patch0 -p0 %patch1 -p0 %patch2 -p1 %{__tar} zxvf %{SOURCE5} @@ -179,16 +177,16 @@ --with-http_stub_status_module \ --with-debug \ --with-ipv6 \ - --with-openssl=%{_builddir}/nginx-%{version}/openssl-%{openssl_version} \ - --add-module=%{_builddir}/nginx-%{version}/nginx-upstream-fair \ - --add-module=%{_builddir}/nginx-%{version}/nginx_upstream_check_module \ -%if 0%{with_rtmp_ext} - --add-module=%{_builddir}/nginx-%{version}/%{rtmp} \ -%endif - --add-module=%{_builddir}/nginx-%{version}/Nginx-limit-traffic-rate-module \ -%if 0%{?rhel_version} == 700 \|\| 0%{?centos_version} == 700 - --add-module=%{_builddir}/nginx-%{version}/ngx_pagespeed-release-%{nps_version}-beta \ -%endif +# --with-openssl=%{_builddir}/nginx-%{version}/openssl-%{openssl_version} \ +# --add-module=%{_builddir}/nginx-%{version}/nginx-upstream-fair \ +# --add-module=%{_builddir}/nginx-%{version}/nginx_upstream_check_module \ +#%if 0%{with_rtmp_ext} +# --add-module=%{_builddir}/nginx-%{version}/%{rtmp} \ +#%endif +# --add-module=%{_builddir}/nginx-%{version}/Nginx-limit-traffic-rate-module \ +#%if 0%{?rhel_version} == 700 \|\| 0%{?centos_version} == 700 +# --add-module=%{_builddir}/nginx-%{version}/ngx_pagespeed-release-%{nps_version}-beta \ +#%endif # --add-module=%{_builddir}/nginx-%{version}/modsecurity-%{waf_version}/nginx/modsecurity \ # --with-file-aio \ # --with-poll_module \ @@ -196,7 +194,7 @@ --without-mail_imap_module \ --without-mail_smtp_module -make %{?_smp_mflags} +make mv nginx-upstream-fair/README nginx-upstream-fair/README.nginx-upstream-fair
[-] [+]	Deleted	nginx_sysguard_1.3.9.patch ^
@@ -1,12 +0,0 @@ -diff --git a/src/http/ngx_http_request.h b/src/http/ngx_http_request.h -index f234840..b7665e9 100644 ---- a/src/http/ngx_http_request.h -+++ b/src/http/ngx_http_request.h -@@ -489,6 +489,7 @@ struct ngx_http_request_s { - */ - unsigned limit_conn_set:1; - unsigned limit_req_set:1; -+ unsigned sysguard_set:1; - - #if 0 - unsigned cacheable:1;
[-] [+]	Deleted	ngx-detect-heartbleed.patch ^
@@ -1,44 +0,0 @@ ---- src/event/ngx_event_openssl.c -+++ src/event/ngx_event_openssl.c -@@ -18,6 +18,9 @@ typedef struct { - static int ngx_ssl_verify_callback(int ok, X509_STORE_CTX x509_store); - static void ngx_ssl_info_callback(const ngx_ssl_conn_t ssl_conn, int where, - int ret); -+static void ngx_ssl_msg_callback( -+ int write_p, int version, int content_type, -+ const void buf, size_t len, SSL ssl, void log); - static void ngx_ssl_handshake_handler(ngx_event_t ev); - static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t c, int n); - static void ngx_ssl_write_handler(ngx_event_t wev); -@@ -244,6 +247,8 @@ ngx_ssl_create(ngx_ssl_t ssl, ngx_uint_t protocols, void data) - SSL_CTX_set_read_ahead(ssl->ctx, 1); - - SSL_CTX_set_info_callback(ssl->ctx, ngx_ssl_info_callback); -+ SSL_CTX_set_msg_callback(ssl->ctx, ngx_ssl_msg_callback); -+ SSL_CTX_set_msg_callback_arg(ssl->ctx, ssl->log); - - return NGX_OK; - } -@@ -532,6 +537,22 @@ ngx_ssl_verify_callback(int ok, X509_STORE_CTX x509_store) - return 1; - } - -+static void ngx_ssl_msg_callback( -+ int write_p, int version, int content_type, -+ const void buf, size_t len, ngx_ssl_conn_t ssl, void log) -+{ -+ if (write_p == 0 && content_type == TLS1_RT_HEARTBEAT) { -+ unsigned char p = buf; -+ unsigned int payload; -+ -+ payload = (((unsigned int)(p[1])) << 8) \| ((unsigned int)(p[2])); -+ if (1 + 2 + payload + 16 > len) { -+ ngx_log_error(NGX_LOG_ALERT, ((ngx_log_t)log), 0, "Heartbleed attack detected"); -+ } -+ } -+ -+} -+ - - static void - ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where, int ret) \ No newline at end of file
	Deleted	nginx-http-sysguard.tar.gz ^