From 85399eaf83e90f756f6859a62faf20b921000230 Mon Sep 17 00:00:00 2001
From: Arti Zirk <arti.zirk@gmail.com>
Date: Fri, 14 Apr 2017 16:51:33 +0300
Subject: [PATCH] Merge changes from ABS

---
 PKGBUILD      | 27 +++++++++++++--------------
 logrotate     |  2 +-
 nginx.install |  7 +++++++
 service       | 13 ++++++++-----
 4 files changed, 29 insertions(+), 20 deletions(-)

diff --git a/PKGBUILD b/PKGBUILD
index 3f9d77e..f7860a9 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,12 +1,12 @@
-# $Id: PKGBUILD 286484 2017-01-15 13:03:24Z bpiotrowski $
+# $Id: PKGBUILD 292654 2017-04-13 06:50:26Z bpiotrowski $
 # Maintainer:  Bartłomiej Piotrowski <bpiotrowski@archlinux.org>
 # Contributor: Sébastien Luttringer
 # Contributor: Drew DeVault
 # Contributor: Arti Zirk <arti.zirk@gmail.com>
 
 pkgname=nginx-ilves
-pkgver=1.11.10
-pkgrel=2
+pkgver=1.12.0
+pkgrel=1
 pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server, mainline release'
 arch=('i686' 'x86_64')
 url='https://nginx.org'
@@ -34,17 +34,17 @@ source=($url/download/nginx-$pkgver.tar.gz{,.asc}
         ngx_fancyindex.tar.gz::https://github.com/aperezdc/ngx-fancyindex/archive/v0.4.1.tar.gz
         ngx_headers_more.tar.gz::https://github.com/openresty/headers-more-nginx-module/archive/v0.32.tar.gz)
 validpgpkeys=('B0F4253373F8F6F510D42178520A9993A1C052F8') # Maxim Dounin <mdounin@mdounin.ru>
-md5sums=('6fb10f579055d27a2240d51c7d85c190'
+md5sums=('995eb0a140455cf0cfc497e5bd7f94b3'
          'SKIP'
-         'ce9a06bcaf66ec4a3c4eb59b636e0dfd'
-         'd6a6d4d819f03a675bacdfabd25aa37e'
+         '09862c34cd9593bc40da81f88c5fc4b2'
+         '6a01fb17af86f03707c8ae60f98a2dc2'
          '2cb502dbda335be4ebd5fed0b3182bae'
          '16c5dbad002ae88eadb66aa1a13389c2'
          'e1dd79f0ec82415bbf8a1cb938988955'
          '5ce112f12afe155749e2c504997861f7')
 
 _common_flags=(
-  --with-pcre-jit
+  --with-compat
   --with-file-aio
   --with-http_addition_module
   --with-http_auth_request_module
@@ -64,15 +64,16 @@ _common_flags=(
   --with-http_v2_module
   --with-mail
   --with-mail_ssl_module
+  --with-pcre-jit
   --with-stream
+  --with-stream_geoip_module
+  --with-stream_realip_module
   --with-stream_ssl_module
+  --with-stream_ssl_preread_module
   --with-threads
 )
 
 _mainline_flags=(
-  --with-stream_ssl_preread_module
-  --with-stream_geoip_module
-  --with-stream_realip_module
 )
 
 build() {
@@ -138,9 +139,7 @@ package() {
   gzip -9c man/nginx.8 > "$pkgdir"/usr/share/man/man8/nginx.8.gz
 
   for i in ftdetect indent syntax; do
-    install -Dm644 contrib/vim/${i}/nginx.vim \
-      "${pkgdir}/usr/share/vim/vimfiles/${i}/nginx.vim"
+    install -Dm644 contrib/vim/$i/nginx.vim \
+      "$pkgdir/usr/share/vim/vimfiles/$i/nginx.vim"
   done
 }
-
-# vim:set ts=2 sw=2 et:
diff --git a/logrotate b/logrotate
index 6fcf558..e0afbb9 100644
--- a/logrotate
+++ b/logrotate
@@ -5,6 +5,6 @@
 	sharedscripts
 	compress
 	postrotate
-		test ! -r /var/run/nginx.pid || kill -USR1 `cat /var/run/nginx.pid`
+		test ! -r /run/nginx.pid || kill -USR1 `cat /run/nginx.pid`
 	endscript
 }
diff --git a/nginx.install b/nginx.install
index 27a860d..90d24a5 100644
--- a/nginx.install
+++ b/nginx.install
@@ -2,4 +2,11 @@ post_upgrade() {
   if (( $(vercmp $2 1.11.8-2) < 0)); then
     chown root:root var/log/nginx
   fi
+
+  if (( $(vercmp $2 1.11.9-2) < 0 )); then
+    chmod 755 var/log/nginx
+    echo ':: Security notice:'
+    echo '     - When additional log directories are used in /var/log/nginx make sure they'
+    echo '       are owned by root:root and have 755 set as permission to mitigate CVE-2016-1247'
+  fi
 }
diff --git a/service b/service
index 29d3aa8..28c1163 100644
--- a/service
+++ b/service
@@ -1,14 +1,17 @@
 [Unit]
 Description=A high performance web server and a reverse proxy server
-After=syslog.target network.target
+After=network.target
 
 [Service]
 Type=forking
 PIDFile=/run/nginx.pid
-ExecStartPre=/usr/bin/nginx -t -q -g 'pid /run/nginx.pid; daemon on; master_process on;'
-ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; daemon on; master_process on;'
-ExecReload=/usr/bin/nginx -g 'pid /run/nginx.pid; daemon on; master_process on;' -s reload
-ExecStop=/usr/bin/nginx -g 'pid /run/nginx.pid;' -s quit
+PrivateDevices=yes
+SyslogLevel=err
+
+ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; error_log stderr;'
+ExecReload=/usr/bin/nginx -s reload
+KillSignal=SIGQUIT
+KillMode=mixed
 
 [Install]
 WantedBy=multi-user.target