Hi,
OFFLIST as it's not directly pertinent to your specific distro pkgs.
but, since you're packaging, fwiw, I take a very different approach than
distro-pkgd atm,
https://download.copr.fedorainfracloud.org/results/pgfed/nginx-mainline/fedora-33-x86_64/02142389-nginx/nginx.spec
that puts runtime service files under /run/nginx and logs under /var/log/nginx,
both chown'd as wwwrun:www.
personally, I find it a lot cleaner, easier to manage. my $0.02, anyway.
that said, I'm very clear 'my' pkg'ing is not even close to release canonical
... i.e., just fyi.
On 4/21/21 1:25 PM, Felix Kaechele via devel wrote:
Dear Fedorans,
Nginx 1.20.0 stable was just released and I took the opportunity to squash some
long standing open bugs while updating the package.
The new release is on it's way to updates-testing right now.
I would like to encourage some extra testing for this release as there is one
behaviour change, specific to Fedora/EPEL, that may affect some use cases:
The ownership and mode of the log directory has changed to root:root and 700
respectively. Logrotate (if in use) no longer creates the logfiles when
rotating and leaves this to nginx which will create them as root:root-owned.
This matches the behaviour of httpd in Fedora.
You may see the effects of this if you are using external tools to process
these logs that do not run as root, but as the nginx user instead.
The bugs relating to this are:
- BZ#1390183 CVE-2016-1247 nginx: Local privilege escalation via log files
[fedora-all]
- BZ#1683388 Log file ownership created by logrotate inconsistent with the one
created by systemd
In my local testing I have not seen any changes to behaviour but I would like
to make extra sure everything continues to work as expected for users as this
version of the package will make it's way to EPEL 7 as well to replace the EOL
version of nginx that is currently packaged there.
Quite a number of other bugs that I deem to have no effect on simple upgrades
have made it's way into this release of the package as well. Specifically:
- BZ#1565377 Service reload should check configuration file
- BZ#1708799 Drop nginx requirement on nginx-all-modules
- BZ#1834452 Enable --with-compat configure option
- BZ#1869026 nginx.service fails to parse /run/nginx.pid
- BZ#1943779 nginx.service wants wrong network target - causes race condition
on boot
Here are the links to Bodhi for this update. Please test these releases and
provide feedback/karma.
Fedora 34: https://bodhi.fedoraproject.org/updates/FEDORA-2021-3aa9ac7fd1
Fedora 33: https://bodhi.fedoraproject.org/updates/FEDORA-2021-10c1cd4cba
Fedora 32: https://bodhi.fedoraproject.org/updates/FEDORA-2021-1556d440ba
Thanks a ton!
Regards,
Felix
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure