stable
FEDORA-EPEL-2021-8c50b78c57 created by heffer a year ago for Fedora EPEL 7

Fix log permissions issue


nginx 1.20.1 for EPEL 7

Changes

Log file ownership (potential user impact)

Note that the ownership of log files has changed to root:root and the mode changed to 700 (from 770) to address CVE-2016-1247. This should not affect general operation, as this is the default for log directories and also what httpd uses but if you use external tools to process the log files you may want to check continued operation after this update.

OpenSSL 1.1

nginx in EPEL 7 is now built against OpenSSL 1.1 to allow the use of TLSv1.3.

Default Config changes

Dropped default_server and location / directives so that it can be overridden in conf.d without needing to touch the default config. Note that the first server (as defined in the default config) and root will continue to serve the default index.html as long as no other server is defined.

Logrotate

nginx now handles creation of new log files to ensure correct permissions.

Installation

nginx no longer requires nginx-all-modules to allow for a leaner install.

Service start

The systemd unit will now wait for the network-online.target. Previously, start up could fail if DNS names were used for some config options (such as proxy_pass) and these names were not resolvable at service start time.

Service reload

The systemd unit now uses nginx -s to only reload the service if the configuration is valid. In previous versions an invalid configuration could take down nginx upon reload.

Please consult http://nginx.org/en/CHANGES-1.20 for all changes to nginx since the current EPEL 7 release of 1.16.1.

This update has been submitted for testing by heffer.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update has obsoleted nginx-1.20.1-1.el7, and has inherited its bugs and notes.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has been pushed to testing.

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
BZ#1964821 CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name [epel-7]
0
0
BZ#1966367 nginx doesn't reopen the log file
0
0

Automated Test Results