From 4cd44b85ecb86b3f3ac0909c9316ac5400a47044 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Fri, 26 Mar 2021 08:09:29 +0100
Subject: update to 1.23.0

---
 215.patch         | 42 ------------------------------------------
 unit-syspol.patch | 32 ++++++++++++++++++++++++++++++++
 unit.spec         | 13 +++++++++----
 3 files changed, 41 insertions(+), 46 deletions(-)
 delete mode 100644 215.patch
 create mode 100644 unit-syspol.patch

diff --git a/215.patch b/215.patch
deleted file mode 100644
index d98ecb3..0000000
--- a/215.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 41243ec789c0c9d5b625c76abbc401333d876ee5 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Wed, 16 Jan 2019 08:38:53 +0100
-Subject: [PATCH] prefer system crypto policy
-
----
- src/nxt_openssl.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c
-index 99dd207..6d9df48 100644
---- a/src/nxt_openssl.c
-+++ b/src/nxt_openssl.c
-@@ -248,7 +248,7 @@ nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf)
- {
-     SSL_CTX              *ctx;
-     nxt_fd_t             fd;
--    const char           *ciphers, *ca_certificate;
-+    const char           *ca_certificate;
-     STACK_OF(X509_NAME)  *list;
- 
-     ctx = SSL_CTX_new(SSLv23_server_method());
-@@ -303,13 +303,13 @@ nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf)
-         goto fail;
-     }
- */
--    ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5";
--
--    if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) {
--        nxt_openssl_log_error(task, NXT_LOG_ALERT,
-+    if (conf->ciphers) { /* else use system crypto policy */
-+        if (SSL_CTX_set_cipher_list(ctx, conf->ciphers) == 0) {
-+            nxt_openssl_log_error(task, NXT_LOG_ALERT,
-                               "SSL_CTX_set_cipher_list(\"%s\") failed",
--                              ciphers);
--        goto fail;
-+                              conf->ciphers);
-+            goto fail;
-+        }
-     }
- 
-     SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
diff --git a/unit-syspol.patch b/unit-syspol.patch
new file mode 100644
index 0000000..cff3889
--- /dev/null
+++ b/unit-syspol.patch
@@ -0,0 +1,32 @@
+diff -up ./src/nxt_openssl.c.syspol ./src/nxt_openssl.c
+--- ./src/nxt_openssl.c.syspol	2021-03-25 15:15:30.000000000 +0100
++++ ./src/nxt_openssl.c	2021-03-26 07:46:53.897688835 +0100
+@@ -261,7 +261,7 @@ nxt_openssl_server_init(nxt_task_t *task
+     nxt_mp_t *mp, nxt_bool_t last)
+ {
+     SSL_CTX                *ctx;
+-    const char             *ciphers, *ca_certificate;
++    const char             *ca_certificate;
+     STACK_OF(X509_NAME)    *list;
+     nxt_tls_bundle_conf_t  *bundle;
+ 
+@@ -318,13 +318,13 @@ nxt_openssl_server_init(nxt_task_t *task
+         goto fail;
+     }
+ */
+-    ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5";
+-
+-    if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) {
+-        nxt_openssl_log_error(task, NXT_LOG_ALERT,
++    if (conf->ciphers) { /* else use system crypto policy */
++        if (SSL_CTX_set_cipher_list(ctx, conf->ciphers) == 0) {
++            nxt_openssl_log_error(task, NXT_LOG_ALERT,
+                               "SSL_CTX_set_cipher_list(\"%s\") failed",
+-                              ciphers);
+-        goto fail;
++                              conf->ciphers);
++            goto fail;
++        }
+     }
+ 
+     SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
diff --git a/unit.spec b/unit.spec
index 05252f2..a5b802e 100644
--- a/unit.spec
+++ b/unit.spec
@@ -11,12 +11,12 @@
 
 %global gh_owner    nginx
 %global project     unit
-%global gh_commit   98228f8ac878799e8265658d990bbff94675856b
+%global gh_commit   71d3700951f04a8f69664b5671864c824874b18e
 %global gh_short    %(c=%{gh_commit}; echo ${c:0:7})
 
 Name:              unit
 Summary:           NGINX Unit application server
-Version:           1.22.0
+Version:           1.23.0
 Release:           1%{?dist}
 License:           ASL 2.0
 URL:               https://unit.nginx.org/
@@ -28,7 +28,8 @@ Source3:           unit.sysconf
 Source4:           unit.logrotate
 
 # Use system crypto policy
-Patch0:            https://github.com/nginx/unit/pull/215.patch
+# https://github.com/nginx/unit/pull/215
+Patch0:            %{project}-syspol.patch
 
 BuildRequires:     make
 BuildRequires:     gcc
@@ -101,7 +102,7 @@ make %{?_smp_mflags}
 
 
 %install
-DESTDIR=%{buildroot} make unitd-install libunit-install
+DESTDIR=%{buildroot} make unitd-install libunit-install manpage-install
 
 install -m755 build-debug/unitd     %{buildroot}%{_sbindir}/unitd-debug
 install -m644 build-debug/libunit.a %{buildroot}%{_libdir}/libunit-debug.a
@@ -171,6 +172,7 @@ BANNER
 %dir %{_sharedstatedir}/unit
 %dir %attr(0700,root,root) %{_localstatedir}/log/unit
 %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
+%{_mandir}/man8/unitd.8*
 
 %dir %{_sysconfdir}/systemd/system/%{name}.service.d
 %{_unitdir}/unit.service
@@ -185,6 +187,9 @@ BANNER
 
 
 %changelog
+* Fri Mar 26 2021 Remi Collet <remi@remirepo.net> - 1.23.0-1
+- update to 1.23.0
+
 * Fri Feb  5 2021 Remi Collet <remi@remirepo.net> - 1.22.0-1
 - update to 1.22.0
 
-- 
cgit