folkslinux
/
CBL-Mariner
mirror of https://github.com/microsoft/CBL-Mariner.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[dev] Update httpd and nginx (#632) 

* save changes for htppd

* save changes to httpd and nginx

* update httpd

* remove useless file and update httpd

* apply spec-cleaning

* remove httpd-filesystem and nginx-filesystem

* remove unneeded changes

* update httpd signature and remove unnecessary Requires

* update signature.json

Co-authored-by: Henry Li <lihl@microsoft.com>
This commit is contained in:
Henry Li 2021-02-12 17:01:13 -08:00 committed by GitHub
parent e55c54e786
commit 24bd3e163a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 128 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

139
SPECS/httpd/httpd.spec
View File

@ -1,65 +1,69 @@
%define mmn 20120211
%define _confdir %{_sysconfdir}
Summary: The Apache HTTP Server
Name: httpd
Version: 2.4.46
Release: 3%{?dist}
Release: 4%{?dist}
License: ASL 2.0
URL: https://httpd.apache.org/
Group: Applications/System
Vendor: Microsoft Corporation
Distribution: Mariner
Group: Applications/System
URL: https://httpd.apache.org/
Source0: https://archive.apache.org/dist/%{name}/%{name}-%{version}.tar.bz2
Patch0: httpd-blfs_layout-1.patch
Patch1: httpd-uncomment-ServerName.patch
# CVE-1999-0236 must be mitigated by the user. See "Server Side Includes" at https://httpd.apache.org/docs/2.4/misc/security_tips.html
Patch100: CVE-1999-0236.nopatch
Patch100: CVE-1999-0236.nopatch
# CVE-1999-1412 applies only to MacOS X
Patch101: CVE-1999-1412.nopatch
Patch101: CVE-1999-1412.nopatch
# CVE-2007-0086 has been disputed to not be a vulnerability since 2007 due to default system configurations securing against it.
Patch102: CVE-2007-0086.nopatch
BuildRequires: openssl
BuildRequires: openssl-devel
BuildRequires: pcre-devel
Patch102: CVE-2007-0086.nopatch
BuildRequires: apr
BuildRequires: apr-util
BuildRequires: apr-util-devel
BuildRequires: openldap
BuildRequires: expat-devel
BuildRequires: lua-devel
Requires: pcre
BuildRequires: openldap
BuildRequires: openssl
BuildRequires: openssl-devel
BuildRequires: pcre-devel
Requires: apr-util
Requires: openssl
Requires: openldap
Requires: lua
Requires(pre): /usr/sbin/useradd /usr/sbin/groupadd
Requires(postun):/usr/sbin/userdel /usr/sbin/groupdel
Requires: openldap
Requires: openssl
Requires: pcre
Requires(postun): %{_sbindir}/groupdel
Requires(postun): %{_sbindir}/userdel
Requires(pre): %{_sbindir}/groupadd
Requires(pre): %{_sbindir}/useradd
Provides: apache2
%define _confdir %{_sysconfdir}
Provides: %{name}-mmn = %{version}-%{release}
Provides: %{name}-filesystem = %{version}-%{release}
%description
The Apache HTTP Server.
%package devel
Summary: Header files for httpd
Group: Applications/System
Requires: httpd
Summary: Header files for httpd
Group: Applications/System
Requires: apr-devel
Requires: apr-util-devel
Requires: httpd
%description devel
These are the header files of httpd.
%package docs
Summary: Help files for httpd
Group: Applications/System
Requires: httpd
Summary: Help files for httpd
Group: Applications/System
Requires: httpd
%description docs
These are the help files of httpd.
%package tools
Group: System Environment/Daemons
Summary: Tools for httpd
Summary: Tools for httpd
Group: System Environment/Daemons
%description tools
The httpd-tools of httpd.
@ -86,31 +90,31 @@ make %{?_smp_mflags}
%install
make DESTDIR=%{buildroot} install
install -vdm755 %{buildroot}/usr/lib/systemd/system
install -vdm755 %{buildroot}/etc/httpd/logs
install -vdm755 %{buildroot}%{_libdir}/systemd/system
install -vdm755 %{buildroot}%{_sysconfdir}/httpd/logs
cat << EOF >> %{buildroot}/usr/lib/systemd/system/httpd.service
cat << EOF >> %{buildroot}%{_libdir}/systemd/system/httpd.service
[Unit]
Description=The Apache HTTP Server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/var/run/httpd/httpd.pid
ExecStart=/usr/sbin/httpd -k start
ExecStop=/usr/sbin/httpd -k stop
ExecReload=/usr/sbin/httpd -k graceful
PIDFile=%{_var}/run/httpd/httpd.pid
ExecStart=%{_sbindir}/httpd -k start
ExecStop=%{_sbindir}/httpd -k stop
ExecReload=%{_sbindir}/httpd -k graceful
[Install]
WantedBy=multi-user.target
EOF
install -vdm755 %{buildroot}/usr/lib/systemd/system-preset
echo "disable httpd.service" > %{buildroot}/usr/lib/systemd/system-preset/50-httpd.preset
install -vdm755 %{buildroot}%{_libdir}/systemd/system-preset
echo "disable httpd.service" > %{buildroot}%{_libdir}/systemd/system-preset/50-httpd.preset
ln -s /usr/sbin/httpd %{buildroot}/usr/sbin/apache2
ln -s /etc/httpd/conf/httpd.conf %{buildroot}/etc/httpd/httpd.conf
ln -s %{_sbindir}/httpd %{buildroot}%{_sbindir}/apache2
ln -s %{_sysconfdir}/httpd/conf/httpd.conf %{buildroot}%{_sysconfdir}/httpd/httpd.conf
%post
/sbin/ldconfig
@ -124,13 +128,13 @@ if [ $1 -eq 1 ]; then
-s /bin/false -u 25 apache
fi
if [ -h /etc/mime.types ]; then
mv /etc/mime.types /etc/mime.types.orig
if [ -h %{_sysconfdir}/mime.types ]; then
mv %{_sysconfdir}/mime.types %{_sysconfdir}/mime.types.orig
fi
fi
ln -sf /etc/httpd/conf/mime.types /etc/mime.types
mkdir -p /var/run/httpd
ln -sf %{_sysconfdir}/httpd/conf/mime.types %{_sysconfdir}/mime.types
mkdir -p %{_var}/run/httpd
%systemd_post httpd.service
%preun
@ -147,8 +151,8 @@ if [ $1 -eq 0 ]; then
groupdel apache
fi
if [ -f /etc/mime.types.orig ]; then
mv /etc/mime.types.orig /etc/mime.types
if [ -f %{_sysconfdir}/mime.types.orig ]; then
mv %{_sysconfdir}/mime.types.orig %{_sysconfdir}/mime.types
fi
fi
%systemd_postun_with_restart httpd.service
@ -156,6 +160,9 @@ fi
%files devel
%defattr(-,root,root)
%license LICENSE
%{_bindir}/apxs
%{_bindir}/dbmmanage
%{_mandir}/man1/apxs.1*
%{_includedir}/*
%files docs
@ -188,71 +195,107 @@ fi
%files tools
%defattr(-,root,root)
%{_bindir}/apxs
%{_bindir}/dbmmanage
%{_bindir}/*
%{_mandir}/man1/*
%license LICENSE
%doc NOTICE
%exclude %{_bindir}/apxs
%exclude %{_mandir}/man1/apxs.1*
%changelog
* Tue Feb 09 2021 Henry Li <lihl@microsoft.com> - 2.4.46-4
- Add Provides for httpd-mmn and httpd-filesystem from httpd
- Fix files section for httpd-devel and httpd-tools
* Tue Oct 06 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 2.4.46-3
- Mark CVE-2007-0086 as nopatch
* Mon Sep 28 2020 Daniel McIlvaney <damcilva@microsoft.com> 2.4.46-2
- Mark CVE-1999-0236 CVE-1999-1412 as nopatch
* Tue Aug 18 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 2.4.46-1
- Updated to 2.4.46 to resolve CVE-2020-11984.
* Tue May 19 2020 Ruying Chen <v-ruyche@microsoft.com> 2.4.43-1
- Updated to 2.4.43 to resolve the following CVEs
- CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10097
- CVE-2019-10098, CVE-2020-1927, CVE-2020-1934
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> 2.4.39-4
- Added %%license line automatically
* Tue Apr 07 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 2.4.39-3
- Updated and verified 'Source0', 'Patch0' and 'URL' tags.
- License verified.
- Removed '%%define sha1' line.
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 2.4.39-2
- Initial CBL-Mariner import from Photon (license: Apache2).
* Tue Apr 16 2019 Dweep Advani <dadvani@vmware.com> 2.4.39-1
- Upgrading to 2.4.39 for fixing multiple CVEs
- (1) CVE-2018-17189 (2) CVE-2018-17199 (3) CVE-2019-0190
- (4) CVE-2019-0211 (5) CVE-2019-0215 (6) CVE-2019-0217
* Thu Jan 24 2019 Dweep Advani <dadvani@vmware.com> 2.4.34-2
- Fixed CVE-2018-11763
* Wed Aug 29 2018 Tapas Kundu <tkundu@vmware.com> 2.4.34-1
- Updated to version 2.4.34, fix CVE-2018-1333
* Mon Oct 02 2017 Xiaolin Li <xiaolinl@vmware.com> 2.4.28-1
- Updated to version 2.4.28
* Mon Sep 18 2017 Alexey Makhalov <amakhalov@vmware.com> 2.4.27-3
- Remove shadow from requires and use explicit tools for post actions
* Mon Aug 07 2017 Anish Swaminathan <anishs@vmware.com> 2.4.27-2
- Add shadow to requires for useradd/groupadd
* Mon Jul 24 2017 Anish Swaminathan <anishs@vmware.com> 2.4.27-1
- Updated to version 2.4.27 - Fixes CVE-2017-3167
* Wed May 31 2017 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 2.4.25-3
- Provide preset file to disable service by default.
* Fri Mar 31 2017 Dheeraj Shetty <dheerajs@vmware.com> 2.4.25-2
- Fixing httpd.pid file write issue
* Fri Mar 31 2017 Dheeraj Shetty <dheerajs@vmware.com> 2.4.25-1
- Updated to version 2.4.25
* Tue Dec 27 2016 Xiaolin Li <xiaolinl@vmware.com> 2.4.18-8
- BuildRequires lua, Requires lua.
* Wed Dec 21 2016 Anish Swaminathan <anishs@vmware.com> 2.4.18-7
- Change config file properties for httpd.conf
* Thu Jul 28 2016 Divya Thaluru <dthaluru@vmware.com> 2.4.18-6
- Removed packaging of debug files
* Wed Jul 27 2016 Divya Thaluru <dthaluru@vmware.com> 2.4.18-5
- Added patch for CVE-2016-5387
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.4.18-4
- GA - Bump release of all rpms
* Thu May 05 2016 Kumar Kaushik <kaushikk@vmware.com> 2.4.18-3
- Adding upgrade support in pre/post/un script.
* Mon Mar 21 2016 Mahmoud Bassiouny <mbassiouny@vmware.com> 2.4.18-2
- Fixing systemd service
* Fri Jan 22 2016 Xiaolin Li <xiaolinl@vmware.com> 2.4.18-1
- Updated to version 2.4.18
* Mon Nov 23 2015 Sharath George <sharathg@vmware.com> 2.4.12-4
- Add /etc/mime.types
* Tue Sep 29 2015 Xiaolin Li <xiaolinl@vmware.com> 2.4.12-3
- Move perl script to tools package.
* Thu Jul 16 2015 Touseef Liaqat <tliaqat@vmware.com> 2.4.12-2
- Added service file. Changed installation paths.
* Wed May 20 2015 Touseef Liaqat <tliaqat@vmware.com> 2.4.12-1
- Initial build. First version

51
SPECS/nginx/nginx.spec
View File

@ -1,19 +1,21 @@
%define sha1 nginx-njs=fd8c3f2d219f175be958796e3beaa17f3b465126
Summary: High-performance HTTP server and reverse proxy
Name: nginx
Version: 1.16.1
Release: 2%{?dist}
Release: 3%{?dist}
License: BSD 2-Clause
URL: http://nginx.org/
Group: Applications/System
Vendor: Microsoft Corporation
Distribution: Mariner
Group: Applications/System
URL: https://nginx.org/
Source0: https://nginx.org/download/%{name}-%{version}.tar.gz
Source1: nginx.service
Source2: nginx-njs-0.2.1.tar.gz
%define sha1 nginx-njs=fd8c3f2d219f175be958796e3beaa17f3b465126
BuildRequires: openssl-devel
BuildRequires: pcre-devel
BuildRequires: which
Provides: %{name}-filesystem = %{version}-%{release}
%description
NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server.
@ -27,12 +29,12 @@ popd
%build
sh configure \
--prefix=%{_sysconfdir}//nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--sbin-path=%{_sbindir}/nginx \
--conf-path=%{_sysconfdir}/nginx/nginx.conf \
--pid-path=%{_var}/run/nginx.pid \
--lock-path=%{_var}/run/nginx.lock \
--error-log-path=%{_var}/log/nginx/error.log \
--http-log-path=%{_var}/log/nginx/access.log \
--add-module=../nginx-njs/njs-0.2.1/nginx \
--with-http_ssl_module \
--with-pcre \
@ -43,13 +45,14 @@ sh configure \
--with-http_stub_status_module
make %{?_smp_mflags}
%install
make DESTDIR=%{buildroot} install
install -vdm755 %{buildroot}/usr/lib/systemd/system
install -vdm755 %{buildroot}%{_libdir}/systemd/system
install -vdm755 %{buildroot}%{_var}/log
install -vdm755 %{buildroot}%{_var}/opt/nginx/log
ln -sfv %{_var}/opt/nginx/log %{buildroot}%{_var}/log/nginx
install -p -m 0644 %{SOURCE1} %{buildroot}/usr/lib/systemd/system/nginx.service
install -p -m 0644 %{SOURCE1} %{buildroot}%{_libdir}/systemd/system/nginx.service
%files
%defattr(-,root,root)
@ -76,42 +79,62 @@ install -p -m 0644 %{SOURCE1} %{buildroot}/usr/lib/systemd/system/nginx.service
%{_var}/log/nginx
%changelog
* Sat May 09 00:21:09 PST 2020 Nick Samson <nisamson@microsoft.com> - 1.16.1-2
- Added %%license line automatically
* Wed Feb 10 2021 Henry Li <lihl@microsoft.com> - 1.16.1-3
- Add Provides for nginx-filesystem from nginx
* Sat May 09 00:21:09 PST 2020 Nick Samson <nisamson@microsoft.com> - 1.16.1-2
- Added %%license line automatically
* Fri Mar 13 2020 Paul Monson <paulmon@microsoft.com> 1.16.1-1
- Update to version 1.16.1. License verified.
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 1.15.3-5
- Initial CBL-Mariner import from Photon (license: Apache2).
* Fri Mar 15 2019 Keerthana K <keerthanak@vmware.com> 1.15.3-4
- Enable http_stub_status_module.
* Wed Nov 07 2018 Ajay Kaher <akaher@vmware.com> 1.15.3-3
- mark config files as non replaceable on upgrade.
* Mon Sep 17 2018 Keerthana K <keerthanak@vmware.com> 1.15.3-2
- Adding http_auth_request_module and http_sub_module.
* Fri Sep 7 2018 Him Kalyan Bordoloi <bordoloih@vmware.com> 1.15.3-1
- Upgrade to version 1.15.3
* Fri Jul 20 2018 Keerthana K <keerthanak@vmware.com> 1.13.8-3
- Restarting nginx on failure.
* Fri Jun 08 2018 Dheeraj Shetty <dheerajs@vmware.com> 1.13.8-2
- adding module njs.
* Fri May 18 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 1.13.8-1
- Update to version 1.13.8 to support nginx-ingress
* Thu Dec 28 2017 Divya Thaluru <dthaluru@vmware.com> 1.13.5-2
- Fixed the log file directory structure
* Wed Oct 04 2017 Xiaolin Li <xiaolinl@vmware.com> 1.13.5-1
- Update to version 1.13.5
* Mon May 01 2017 Dheeraj Shetty <dheerajs@vmware.com> 1.11.13-2
- adding module stream to nginx.
* Wed Apr 05 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 1.11.13-1
- update to 1.11.13
* Fri Nov 18 2016 Anish Swaminathan <anishs@vmware.com> 1.10.0-5
- Add patch for CVE-2016-4450
* Wed Jul 27 2016 Divya Thaluru<dthaluru@vmware.com> 1.10.0-4
- Removed packaging of debug files
* Fri Jul 8 2016 Divya Thaluru<dthaluru@vmware.com> 1.10.0-3
- Modified default pid filepath and fixed nginx systemd service
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 1.10.0-2
- GA - Bump release of all rpms
* Mon May 16 2016 Xiaolin Li <xiaolinl@vmware.com> 1.10.0-1
- Initial build. First version