Dear Fedorans,
Nginx 1.20.0 stable was just released and I took the opportunity to
squash some long standing open bugs while updating the package.
The new release is on it's way to updates-testing right now.
I would like to encourage some extra testing for this release as there
is one behaviour change, specific to Fedora/EPEL, that may affect some
use cases:
The ownership and mode of the log directory has changed to root:root and
700 respectively. Logrotate (if in use) no longer creates the logfiles
when rotating and leaves this to nginx which will create them as
root:root-owned.
This matches the behaviour of httpd in Fedora.
You may see the effects of this if you are using external tools to
process these logs that do not run as root, but as the nginx user instead.
The bugs relating to this are:
- BZ#1390183 CVE-2016-1247 nginx: Local privilege escalation via log
files [fedora-all]
- BZ#1683388 Log file ownership created by logrotate inconsistent with
the one created by systemd
In my local testing I have not seen any changes to behaviour but I would
like to make extra sure everything continues to work as expected for
users as this version of the package will make it's way to EPEL 7 as
well to replace the EOL version of nginx that is currently packaged there.
Quite a number of other bugs that I deem to have no effect on simple
upgrades have made it's way into this release of the package as well.
Specifically:
- BZ#1565377 Service reload should check configuration file
- BZ#1708799 Drop nginx requirement on nginx-all-modules
- BZ#1834452 Enable --with-compat configure option
- BZ#1869026 nginx.service fails to parse /run/nginx.pid
- BZ#1943779 nginx.service wants wrong network target - causes race
condition on boot
Here are the links to Bodhi for this update. Please test these releases
and provide feedback/karma.
Fedora 34: https://bodhi.fedoraproject.org/updates/FEDORA-2021-3aa9ac7fd1
Fedora 33: https://bodhi.fedoraproject.org/updates/FEDORA-2021-10c1cd4cba
Fedora 32: https://bodhi.fedoraproject.org/updates/FEDORA-2021-1556d440ba
Thanks a ton!
Regards,
Felix
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
