wok-next view nginx/receipt @ rev 17237
postfix, apache lighttpd-ssl, nginx: CVE-2014-3566
author | Pascal Bellard <pascal.bellard@slitaz.org> |
---|---|
date | Sat Oct 18 14:11:33 2014 +0200 (2014-10-18) |
parents | 23c3aed67cd9 |
children | 54060e39ea40 |
line source
1 # SliTaz package receipt.
3 PACKAGE="nginx"
4 VERSION="0.7.65"
5 CATEGORY="network"
6 SHORT_DESC="Asynchronous HTTP server designed for heavy loads + mail proxy."
7 MAINTAINER="pascal.bellard@slitaz.org"
8 LICENSE="BSD"
9 SUGGESTED="php perl python"
10 TARBALL="$PACKAGE-$VERSION.tar.gz"
11 WEB_SITE="http://nginx.org/"
12 WGET_URL="${WEB_SITE}download//$TARBALL"
13 PROVIDE="lighttpd"
14 CONFIG_FILES="/etc/nginx"
16 DEPENDS="pcre openssl zlib"
17 BUILD_DEPENDS="pcre-dev openssl-dev zlib-dev"
19 # Rules to configure and make the package.
20 compile_rules()
21 {
22 cd $src
24 # --with-rtsig_module enable rtsig module
25 # --with-select_module enable select module
26 # --with-poll_module enable poll module
27 # --with-ipv6 enable ipv6 support
28 # --with-http_realip_module enable ngx_http_realip_module
29 # --with-http_addition_module enable ngx_http_addition_module
30 # --with-http_xslt_module enable ngx_http_xslt_module
31 # --with-http_image_filter_module enable ngx_http_image_filter_module
32 # --with-http_geoip_module enable ngx_http_geoip_module
33 # --with-http_sub_module enable ngx_http_sub_module
34 # --with-http_random_index_module enable ngx_http_random_index_module
35 # --with-http_secure_link_module enable ngx_http_secure_link_module
36 # --with-http_perl_module enable ngx_http_perl_module
37 # --with-google_perftools_module enable ngx_google_perftools_module
39 ./configure --prefix=/usr \
40 --conf-path=/etc/nginx/nginx.conf \
41 --pid-path=/var/run/nginx.pid \
42 --lock-path=/var/lock/nginx.lock \
43 --error-log-path=/var/log/nginx/error.log \
44 --http-log-path=/var/log/nginx/access.log \
45 --http-client-body-temp-path=/var/spool/nginx/body \
46 --http-proxy-temp-path=/var/spool/nginx/proxy \
47 --http-fastcgi-temp-path=/var/spool/nginx/fastcgi \
48 --with-http_stub_status_module \
49 --with-http_flv_module \
50 --with-http_ssl_module \
51 --with-http_dav_module \
52 --with-mail --with-mail_ssl_module \
53 --user=80 --group=80 &&
54 make &&
55 make DESTDIR=$DESTDIR install
56 }
58 # Rules to gen a SliTaz package suitable for Tazpkg.
59 # On SliTaz Lighttpd runs as user/group : www/www or 80/80.
60 genpkg_rules()
61 {
62 cp -a $install/* $fs/
63 rm -rf $fs/usr/html
64 cp -a stuff/* $fs
65 sed -i 's/#user nobody;/user www;/' $fs/etc/nginx/nginx.conf
66 # SSLv3 is unsafe, see CVE-2014-3566 POODLE
67 sed -i 's/ssl_protocols.* /ssl_protocols TLSv1 TLSv1.1 TLSv1.2;/' $fs/etc/nginx/nginx.conf
68 }
70 # Pre and post install commands for Tazpkg.
71 # We stop the server by default in case of upgarde.
72 pre_install()
73 {
74 echo "Processing pre-install commands..."
75 [ -f /etc/init.d/$PACKAGE ] && /etc/init.d/$PACKAGE stop
76 # Backup config file.
77 if [ -d $1/$CONFIG_FILES ]; then
78 cp -a $1/$CONFIG_FILES $1/$CONFIG_FILES.bak
79 fi
80 }
81 post_install()
82 {
83 echo "Processing post-install commands..."
84 mkdir -p /var/spool/nginx
85 # Restore original config.
86 if [ -d $1/$CONFIG_FILES.bak ]; then
87 rm -rf $1/$CONFIG_FILES
88 mv $1/$CONFIG_FILES.bak $1/$CONFIG_FILES
89 fi
90 # Just in case.
91 chown www.www $1/var/log/$PACKAGE
92 if [ -z "$1" ]; then
93 for i in apache lighttpd ; do
94 [ -f /etc/init.d/$i ] && /etc/init.d/$i stop
95 done
96 /etc/init.d/$PACKAGE start
97 fi
98 }