From 4cd44b85ecb86b3f3ac0909c9316ac5400a47044 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Fri, 26 Mar 2021 08:09:29 +0100 Subject: update to 1.23.0 --- 215.patch | 42 ------------------------------------------ unit-syspol.patch | 32 ++++++++++++++++++++++++++++++++ unit.spec | 13 +++++++++---- 3 files changed, 41 insertions(+), 46 deletions(-) delete mode 100644 215.patch create mode 100644 unit-syspol.patch diff --git a/215.patch b/215.patch deleted file mode 100644 index d98ecb3..0000000 --- a/215.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 41243ec789c0c9d5b625c76abbc401333d876ee5 Mon Sep 17 00:00:00 2001 -From: Remi Collet -Date: Wed, 16 Jan 2019 08:38:53 +0100 -Subject: [PATCH] prefer system crypto policy - ---- - src/nxt_openssl.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c -index 99dd207..6d9df48 100644 ---- a/src/nxt_openssl.c -+++ b/src/nxt_openssl.c -@@ -248,7 +248,7 @@ nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf) - { - SSL_CTX *ctx; - nxt_fd_t fd; -- const char *ciphers, *ca_certificate; -+ const char *ca_certificate; - STACK_OF(X509_NAME) *list; - - ctx = SSL_CTX_new(SSLv23_server_method()); -@@ -303,13 +303,13 @@ nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf) - goto fail; - } - */ -- ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5"; -- -- if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) { -- nxt_openssl_log_error(task, NXT_LOG_ALERT, -+ if (conf->ciphers) { /* else use system crypto policy */ -+ if (SSL_CTX_set_cipher_list(ctx, conf->ciphers) == 0) { -+ nxt_openssl_log_error(task, NXT_LOG_ALERT, - "SSL_CTX_set_cipher_list(\"%s\") failed", -- ciphers); -- goto fail; -+ conf->ciphers); -+ goto fail; -+ } - } - - SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); diff --git a/unit-syspol.patch b/unit-syspol.patch new file mode 100644 index 0000000..cff3889 --- /dev/null +++ b/unit-syspol.patch @@ -0,0 +1,32 @@ +diff -up ./src/nxt_openssl.c.syspol ./src/nxt_openssl.c +--- ./src/nxt_openssl.c.syspol 2021-03-25 15:15:30.000000000 +0100 ++++ ./src/nxt_openssl.c 2021-03-26 07:46:53.897688835 +0100 +@@ -261,7 +261,7 @@ nxt_openssl_server_init(nxt_task_t *task + nxt_mp_t *mp, nxt_bool_t last) + { + SSL_CTX *ctx; +- const char *ciphers, *ca_certificate; ++ const char *ca_certificate; + STACK_OF(X509_NAME) *list; + nxt_tls_bundle_conf_t *bundle; + +@@ -318,13 +318,13 @@ nxt_openssl_server_init(nxt_task_t *task + goto fail; + } + */ +- ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5"; +- +- if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) { +- nxt_openssl_log_error(task, NXT_LOG_ALERT, ++ if (conf->ciphers) { /* else use system crypto policy */ ++ if (SSL_CTX_set_cipher_list(ctx, conf->ciphers) == 0) { ++ nxt_openssl_log_error(task, NXT_LOG_ALERT, + "SSL_CTX_set_cipher_list(\"%s\") failed", +- ciphers); +- goto fail; ++ conf->ciphers); ++ goto fail; ++ } + } + + SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); diff --git a/unit.spec b/unit.spec index 05252f2..a5b802e 100644 --- a/unit.spec +++ b/unit.spec @@ -11,12 +11,12 @@ %global gh_owner nginx %global project unit -%global gh_commit 98228f8ac878799e8265658d990bbff94675856b +%global gh_commit 71d3700951f04a8f69664b5671864c824874b18e %global gh_short %(c=%{gh_commit}; echo ${c:0:7}) Name: unit Summary: NGINX Unit application server -Version: 1.22.0 +Version: 1.23.0 Release: 1%{?dist} License: ASL 2.0 URL: https://unit.nginx.org/ @@ -28,7 +28,8 @@ Source3: unit.sysconf Source4: unit.logrotate # Use system crypto policy -Patch0: https://github.com/nginx/unit/pull/215.patch +# https://github.com/nginx/unit/pull/215 +Patch0: %{project}-syspol.patch BuildRequires: make BuildRequires: gcc @@ -101,7 +102,7 @@ make %{?_smp_mflags} %install -DESTDIR=%{buildroot} make unitd-install libunit-install +DESTDIR=%{buildroot} make unitd-install libunit-install manpage-install install -m755 build-debug/unitd %{buildroot}%{_sbindir}/unitd-debug install -m644 build-debug/libunit.a %{buildroot}%{_libdir}/libunit-debug.a @@ -171,6 +172,7 @@ BANNER %dir %{_sharedstatedir}/unit %dir %attr(0700,root,root) %{_localstatedir}/log/unit %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} +%{_mandir}/man8/unitd.8* %dir %{_sysconfdir}/systemd/system/%{name}.service.d %{_unitdir}/unit.service @@ -185,6 +187,9 @@ BANNER %changelog +* Fri Mar 26 2021 Remi Collet - 1.23.0-1 +- update to 1.23.0 + * Fri Feb 5 2021 Remi Collet - 1.22.0-1 - update to 1.22.0 -- cgit