Package nginx: Specfile

%define pcre_version 4.5

%def_with perl

Name: nginx
Version: 0.5.38
Release: alt0.M40.1

Summary: Fast HTTP server
License: BSD
Group: System/Servers

Url: http://sysoev.ru/nginx
Source: %url/%name-%version.tar.gz
Source1: %name.conf.in
Source2: %name.init
Source3: %name.logrotate.in
Source4: README.ALT
Source5: %name.sysconfig
Patch1: nginx-0.5.x-up-CVE-2009-3555.patch
Patch2: nginx-0.5.x-alt-ngx_http_perl_module.patch

BuildPreReq: perl-base >= 5.8.8-alt12
# Automatically added by buildreq on Mon May 07 2007
BuildRequires: libpcre-devel libssl-devel packages-info-i18n-common perl-devel zlib-devel

Requires(pre): shadow-utils

Requires(pre): perl-base >= 5.8.8-alt12
Requires: perl-base >= 5.8.8-alt12

%define nginx_user _nginx
%define nginx_group _nginx
%define nginx_etc %_sysconfdir/%name
%define nginx_spool %_spooldir/%name
%define nginx_log %_logdir/%name

%description
Fast HTTP server, extremely useful as an Apache frontend

%prep
%setup -q
%patch1
%patch2

%build
%ifarch i686
	CPU="-mtune=pentiumpro" \
%else # pentium4 athlon
	CPU="-mtune=%_arch" \
%endif
%ifarch i586
	CPU="" \
%endif
%ifnarch %ix86
	CPU="" \
%endif # for x86_64 TODO for amd64/nocona
# FIXME: %%configure?
CFLAGS="%optflags $CPU" ./configure \
	--prefix=%buildroot \
	--conf-path=%buildroot%nginx_etc/nginx.conf \
	--sbin-path=%buildroot%_sbindir \
	--error-log-path=%buildroot%nginx_log/nginx.error.log \
	--http-log-path=%buildroot%nginx_log/nginx.log \
	--http-client-body-temp-path=%nginx_spool/tmp/client \
	--http-proxy-temp-path=%nginx_spool/tmp/proxy \
	--http-fastcgi-temp-path=%nginx_spool/tmp/fastcgi \
	--pid-path=%buildroot%_var/run/nginx.pid \
	--user=%nginx_user \
	--group=%nginx_group \
	--with-http_ssl_module \
	--with-cc-opt="-I %_includedir/pcre/" \
	--with-rtsig_module	\
	--with-select_module    \
	--with-poll_module      \
	--with-mail \
	--with-mail_ssl_module \
	--with-imap \
	--with-imap_ssl_module \
	--with-md5=YES \
	--with-sha1=YES \
	--with-http_ssl_module  \
	--with-http_realip_module \
	--with-http_addition_module \
	--with-http_sub_module \
	--with-http_dav_module \
	--with-http_flv_module \
	--with-http_stub_status_module \
%if_with perl	
	--with-http_perl_module
%endif


subst s!%buildroot!!g objs/*.h
%make_build DESTDIR=%buildroot

%install
mkdir -p %buildroot{%nginx_etc,%_sysconfdir/logrotate.d,%_sbindir,%nginx_spool/tmp,%nginx_log}
mkdir -p %buildroot%_spooldir/nginx/tmp/{client,proxy,fastcgi}
mkdir -p %buildroot%_lockdir/%name
%makeinstall DESTDIR=%buildroot

rm -f %buildroot%nginx_etc/%name.conf
install -pD -m644 %SOURCE1 %buildroot%nginx_etc/%name.conf
install -pD -m755 %SOURCE2 %buildroot%_initdir/%name
install -pD -m644 %SOURCE3 %buildroot%_sysconfdir/logrotate.d/%name
install -pD -m644 %SOURCE5 %buildroot%_sysconfdir/sysconfig/%name

subst s!@nginx_user@!%nginx_user!g %buildroot{%_sysconfdir/logrotate.d/%name,%nginx_etc/%name.conf}
subst s!@nginx_etc@!%nginx_etc!g %buildroot{%_sysconfdir/logrotate.d/%name,%nginx_etc/%name.conf}
subst s!@nginx_spool@!%nginx_spool!g %buildroot{%_sysconfdir/logrotate.d/%name,%nginx_etc/%name.conf}
subst s!@nginx_log@!%nginx_log!g %buildroot{%_sysconfdir/logrotate.d/%name,%nginx_etc/%name.conf}

mkdir -p %buildroot%_docdir/%name-%version
cp -a %SOURCE4 CHANGES CHANGES.ru %buildroot%_docdir/%name-%version/

%if_with perl
rm -f %buildroot/usr/lib/perl5/*-linux/perllocal.pod
rmdir %buildroot/usr/lib/perl5/*-linux
rmdir %buildroot/usr/lib/perl5
mv %buildroot/usr/local/lib/* %buildroot/usr/lib/
mv %buildroot/usr/local/share/* %buildroot/usr/share/
mkdir -p  %buildroot/usr/lib/perl5/vendor_perl
mv %buildroot/usr/lib/perl5/site_perl/*/* %buildroot/usr/lib/perl5/vendor_perl/
%endif

%files
%_initdir/*
%_sbindir/*
%dir %nginx_etc
# these are private; should also confirm to SPP (#12647)
%attr(0700,root,root) %dir %_lockdir/%name
%attr(1770,root,%nginx_group) %dir %nginx_spool/tmp
%attr(1770,root,%nginx_group) %dir %nginx_spool/tmp/client
%attr(1770,root,%nginx_group) %dir %nginx_spool/tmp/proxy
%attr(1770,root,%nginx_group) %dir %nginx_spool/tmp/fastcgi
%attr(1770,root,%nginx_group) %dir %nginx_spool
%attr(1770,root,%nginx_group) %dir %nginx_log
%config(noreplace) %nginx_etc/mime.types
%config(noreplace) %nginx_etc/nginx.conf
%config(noreplace) %_sysconfdir/logrotate.d/%name
%config(noreplace) %_sysconfdir/sysconfig/%name
%nginx_etc/*.default
%nginx_etc/koi-win
%nginx_etc/koi-utf
%nginx_etc/win-utf
%_docdir/%name-%version
%if_with perl
%perl_vendor_privlib/*/nginx.pm
%perl_vendor_privlib/*/auto/nginx/nginx.so
%perl_vendor_man3dir/*
%endif

%pre
%_sbindir/groupadd -r -f %nginx_group ||:
%_sbindir/useradd -r -g %nginx_group -d /dev/null -s /dev/null -n %nginx_user \
	2> /dev/null > /dev/null ||:

%post
%post_service %name

%preun
%preun_service %name

%changelog
* Wed Dec 16 2009 Dmitry V. Levin <ldv@altlinux.org> 0.5.38-alt0.M40.1
- Updated to 0.5.38.
- Imported upstream fix for CVE-2009-3555.

* Wed Sep 16 2009 Michael Shigorin <mike@altlinux.org> 0.5.31-alt4.M40.2
- fixed package intersection

* Tue Sep 15 2009 Michael Shigorin <mike@altlinux.org> 0.5.31-alt4.M40.1
- major security fix for CVE-2009-2629, buffer overflow triggered by
  HTTP request with non-zero (low for sites with high request rate)
  arbitrary code execution probability (author's patch)

* Fri Aug 31 2007 Denis Smirnov <mithraen@altlinux.ru> 0.5.31-alt4
- rebuild

* Fri Aug 31 2007 Michael Shigorin <mike@altlinux.org> 0.5.31-alt3.1
- properly fixed #7441 (taking into accound ldv@'s objections)
- properly fixed #12655 (ditto)
- readability improvements to initscript
- added /etc/sysconfig/nginx (flexible ulimit setup)

* Fri Aug 31 2007 Denis Smirnov <mithraen@altlinux.ru> 0.5.31-alt3
- rebuild

* Thu Aug 30 2007 Michael Shigorin <mike@altlinux.org> 0.5.31-alt2.1
- fix back my thinko regarding /var/run/nginx/ directory
- rework upgrade() initscript action (and run it only for package upgrades,
  just do a restart for sysadmin's command) -- should fix #12655

* Thu Aug 30 2007 Denis Smirnov <mithraen@altlinux.ru> 0.5.31-alt2
- rebuild

* Thu Aug 30 2007 Michael Shigorin <mike@altlinux.org> 0.5.31-alt1.1
- NMU: moved remnants of directory creation and permissions setup 
  from initscript to specfile (seems like was a band-aid which is
  currently unneeded and non-elegant); see also #12647
- fixed #7441 (service nginx stop would leave children running)

* Fri Aug 17 2007 Denis Smirnov <mithraen@altlinux.ru> 0.5.31-alt1
- Feature: named locations.
- Feature: the "proxy_store" and "fastcgi_store" directives.
- Feature: the "proxy_store_access" and "fastcgi_store_access" directives.
- Feature: the $args variable can be set with the "set" directive.
- Feature: the $is_args variable.
- Bugfix: if a client has closed connection to mail proxy then nginx might not
  close connection to backend.
- Bugfix: now nginx escapes space in $memcached_key variable.
- Bugfix: a segmentation fault might occur in worker process when the HTTPS
  protocol was used in the "proxy_pass" directive.
- Bugfix: the perl $$ variable value in ngx_http_perl_module was equal to the
  master process identification number.
- Bugfix: fix building on Solaris/amd64 by Sun Studio 11 and early versions;
  bug appeared in 0.5.29.
- Feature: $nginx_version variable.  Thanks to Nick S. Grechukh.
- Bugfix: if the FastCGI header was split in records, then nginx passed garbage
  in the header to a client.
- Bugfix: Sun Studio compatibility on Solaris/amd64 and Solaris/sparc64.
  Thanks to Jiang Hong and Andrei Nigmatulin.
- Bugfix: of minor potential bugs.  Thanks to Coverity's Scan.
- Security: the "msie_refresh" directive allowed XSS.  Thanks to Maxim Boguk.
- Bugfix: a segmentation fault might occur in worker process if the
  "auth_http_header" directive was used.  Thanks to Maxim Dounin.
- Bugfix: a segmentation fault occurred in worker process if the CRAM-MD5
  authentication method was used, but it was not enabled.
- Bugfix: a segmentation fault might occur in worker process if the eventport
  method was used.
- Bugfix: if remote SSI subrequest was used, then posterior local file
  subrequest might transferred to client in wrong order.
- Bugfix: large SSI inclusions buffered in temporary files were truncated.

* Fri Jul 06 2007 Denis Smirnov <mithraen@altlinux.ru> 0.5.26-alt2
- More strict requires for perl-base version

* Fri Jun 22 2007 Denis Smirnov <mithraen@altlinux.ru> 0.5.26-alt1
- Remove nginx.perl.fix.patch (added to upstream)
- Drop nginx-0.5.14-gns-catchstderr.patch (added to upstream)
- Bugfix: in SSI parsing.
- Bugfix: nginx could not be built with the --without-http_rewrite_module
  parameter; bug appeared in 0.5.24.
- Security: the "ssl_verify_client" directive did not work if request was made
  using HTTP/0.9.
- Bugfix: a part of response body might be passed uncompressed if gzip was
  used; bug appeared in 0.5.23.

* Wed May 30 2007 Denis Smirnov <mithraen@altlinux.ru> 0.5.22-alt1
- update version to 0.5.22
- fix perl module (#11911)

* Mon May 28 2007 Denis Smirnov <mithraen@altlinux.ru> 0.5.20-alt3
- update mime.types (get it from Apache)

* Tue May 08 2007 Denis Smirnov <mithraen@altlinux.ru> 0.5.20-alt2
- fix x86_64 building

* Mon May 07 2007 Denis Smirnov <mithraen@altlinux.ru> 0.5.20-alt1
- update version to 0.5.20
- remove connection_pool_size option from config file (fix crash on x86_64)
- build with perl support (at@)
- Feature: the "sendfile_max_chunk" directive.
- Feature: the "$http_...", "$sent_http_...", and "$upstream_http_..."
  variables may be changed using the "set" directive.
- Bugfix: a segmentation fault might occur in worker process if the SSI command
  'if expr="$var = /"' was used.
- Bugfix: trailing boundary of multipart range response was transferred
  incorrectly.  Thanks to Evan Miller.

* Mon Apr 30 2007 Denis Smirnov <mithraen@altlinux.ru> 0.5.19-alt1
- update version to 0.5.19
- build --with-http_stub_status_module (gns@)
- fix mail proxy building
- Add Symbian sis/sisx files to mime.types (#11459)
- Add hints to config file (#11368)
- Make default config file more useful
- Add README.ALT
- Start more workers in default config (more DoS proof)
- Change: now the $request_time variable has millisecond precision.
- Feature: the $upstream_addr variable.
- Feature: the "proxy_headers_hash_max_size" and
  "proxy_headers_hash_bucket_size" directives.  Thanks to Volodymyr Kostyrko.
- Bugfix: the files more than 2G could not be transferred using sendfile on
  64-bit Linux.
- Feature: the ngx_http_sub_filter_module.
- Feature: the "$upstream_http_..." variables.
- Feature: now the $upstream_status and $upstream_response_time variables keep
  data about all upstreams before X-Accel-Redirect.

* Fri Apr 13 2007 Denis Smirnov <mithraen@altlinux.ru> 0.5.17-alt1
- update version to 0.5.17

* Sun Mar 18 2007 Denis Smirnov <mithraen@altlinux.ru> 0.5.14-alt1
- update version to 0.5.14

* Thu Dec 07 2006 Denis Smirnov <mithraen@altlinux.ru> 0.5.0-alt1
- update version to 0.5.0

* Fri Oct 27 2006 Denis Smirnov <mithraen@altlinux.ru> 0.4.11-alt1
- version update

* Fri Oct 20 2006 Denis Smirnov <mithraen@altlinux.ru> 0.4.9-alt2
- rebuild with http_browser_module

* Mon Oct 16 2006 Denis Smirnov <mithraen@altlinux.ru> 0.4.9-alt1
- version update

* Sat Aug 12 2006 Denis Smirnov <mithraen@altlinux.ru> 0.3.57-alt1
- version update

* Mon May 08 2006 Denis Smirnov <mithraen@altlinux.ru> 0.3.45-alt1
- version update
- authorize by client certifications added

* Mon Apr 17 2006 Denis Smirnov <mithraen@altlinux.ru> 0.3.38-alt1
- version update

* Sun Mar 12 2006 Denis Smirnov <mithraen@altlinux.ru> 0.3.32-alt1
- version update
- with realip

* Thu Mar 09 2006 Denis Smirnov <mithraen@altlinux.ru> 0.3.30-alt1
- version update;

* Fri Jan 13 2006 LAKostis <lakostis at altlinux.ru> 0.3.19-alt1
- NMU;
- version update;
- x86_64 fixes;
- default config updated;
- init script improvements;
- add logrotate script;
- update patches.

* Sun Nov 27 2005 Denis Smirnov <mithraen@altlinux.ru> 0.3.12-alt1
- version update

* Sun Oct 16 2005 Denis Smirnov <mithraen@altlinux.ru> 0.3.2-alt1
- version update
- create directories for temp files (client requests, fastcgi & proxy replies)

* Sat Sep 17 2005 Denis Smirnov <mithraen@altlinux.ru> 0.1.45-alt1
- version update

* Fri Aug 19 2005 Denis Smirnov <mithraen@altlinux.ru> 0.1.41-alt2
- added two patches (from lakostis@)
- build with optimization flags (from lakostis@)

* Wed Aug 03 2005 Denis Smirnov <mithraen@altlinux.ru> 0.1.41-alt1
- version update

* Sun Jul 24 2005 Denis Smirnov <mithraen@altlinux.ru> 0.1.40-alt1
- default_charset removed
- charset set reply codepage, source_charset -- source charset :)
- limit_rate supported with proxy and fastcgi
- X-Accel-Limit-Rate header from backend supported
- added: ssi_types
- added: autoindex_exact_size
- added: log_not_found
- added: break
- removed: post_accept_timeout
- build with imap
- many other fixes

* Thu Jun 09 2005 Denis Smirnov <mithraen@altlinux.ru> 0.1.35-alt1
- version update

* Sat May 28 2005 Denis Smirnov <mithraen@altlinux.ru> 0.1.34-alt1
- 0.1.34
- spec cleanup / macrification (mike@)
- changed "nginx" user/group to "_nginx" (mike@)

* Wed May 18 2005 Denis Smirnov <mithraen@altlinux.ru> 0.1.31-alt1
- version update
- some cleanups

* Sun Apr 17 2005 Denis Smirnov <mithraen@altlinux.ru> 0.1.28-alt1
- version update

* Sun Mar 27 2005 Denis Smirnov <mithraen@altlinux.ru> 0.1.26-alt2
- cleanup

* Sat Mar 26 2005 Denis Smirnov <mithraen@altlinux.ru> 0.1.26-alt1
- version update
- add ulimit -n 16384 to initscript

* Mon Mar 21 2005 Denis Smirnov <mithraen@altlinux.ru> 0.1.25-alt1
- version update
- cleanup
- tmp moved to /var/spool/nagios/tmp

* Thu Mar 17 2005 Denis Smirnov <mithraen@altlinux.ru> 0.1.24-alt1
- version update

* Sun Feb 06 2005 Denis Smirnov <mithraen@altlinux.ru> 0.1.17-alt1
- version update

* Sat Jan 29 2005 Denis Smirnov <mithraen@altlinux.ru> 0.1.16-alt1
- version update
- fastcgi support (upstream)

* Fri Dec 24 2004 Denis Smirnov <mithraen@altlinux.ru> 0.1.13-alt1
- version update
- OpenSSL-support builded
- rewrite and pcre support builded
- startup script
- useful default config-file

* Sat Nov 27 2004 Denis Smirnov <mithraen@altlinux.ru> 0.1.10-alt1
- version update

* Tue Oct 12 2004 Denis Smirnov <mithraen@altlinux.ru> 0.1.1-alt1
- first build