From f11ad5288d59a4a3984b8ea2c5b940265897e8fd Mon Sep 17 00:00:00 2001
From: Andrei Belov <defan@nginx.com>
Date: Fri, 26 Mar 2021 18:28:59 +0300
Subject: Corrected man page permissions in manpage-install.

Found by rpmlint.
---
 auto/make | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'auto')

diff --git a/auto/make b/auto/make
index 18d23917..757e24db 100644
--- a/auto/make
+++ b/auto/make
@@ -368,7 +368,7 @@ ${NXT_DAEMON}-install: $NXT_DAEMON install-check
 
 manpage-install: manpage install-check
 	install -d \$(DESTDIR)$NXT_MANDIR/man8
-	install -p $NXT_BUILD_DIR/unitd.8 \$(DESTDIR)$NXT_MANDIR/man8/
+	install -p -m644 $NXT_BUILD_DIR/unitd.8 \$(DESTDIR)$NXT_MANDIR/man8/
 
 .PHONY: uninstall ${NXT_DAEMON}-uninstall manpage-uninstall
 
-- 
cgit 


From 53279af5d44dce2b679399d6a36eb46292928175 Mon Sep 17 00:00:00 2001
From: Zhidao HONG <z.hong@f5.com>
Date: Thu, 29 Apr 2021 22:04:34 +0800
Subject: Static: support for openat2() features.

Support for chrooting, rejecting symlinks, and rejecting crossing mounting
points on a per-request basis during static file serving.
---
 auto/files | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

(limited to 'auto')

diff --git a/auto/files b/auto/files
index d99e93d7..591c5ee1 100644
--- a/auto/files
+++ b/auto/files
@@ -49,3 +49,35 @@ nxt_feature_test="#include <fcntl.h>
                       return 0;
                   }"
 . auto/feature
+
+
+nxt_feature="openat2()"
+nxt_feature_name=NXT_HAVE_OPENAT2
+nxt_feature_run=
+nxt_feature_incs=
+nxt_feature_libs=
+nxt_feature_test="#include <fcntl.h>
+                  #include <unistd.h>
+                  #include <sys/syscall.h>
+                  #include <linux/openat2.h>
+                  #include <string.h>
+
+                  int main() {
+                      struct open_how  how;
+
+                      memset(&how, 0, sizeof(how));
+
+                      how.flags = O_RDONLY;
+                      how.mode = O_NONBLOCK;
+                      how.resolve = RESOLVE_IN_ROOT
+                                    | RESOLVE_NO_SYMLINKS
+                                    | RESOLVE_NO_XDEV;
+
+                      int fd = syscall(SYS_openat2, AT_FDCWD, \".\",
+                                       &how, sizeof(how));
+                      if (fd == -1)
+                          return 1;
+
+                      return 0;
+                  }"
+. auto/feature
-- 
cgit 


From 155e22da05f01eb51b9dc082e9c8e8bff9b5ec8d Mon Sep 17 00:00:00 2001
From: Max Romanov <max.romanov@nginx.com>
Date: Tue, 25 May 2021 18:00:59 +0300
Subject: Go: fixing tests for Go 1.16.

In Go 1.16, the module-aware mode is enabled by default; to fall back to
previous behavior, the GO111MODULE environment variable should be set to
'auto'.

Details: https://golang.org/doc/go1.16
---
 auto/modules/go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'auto')

diff --git a/auto/modules/go b/auto/modules/go
index 8bb9216e..7324ffbe 100644
--- a/auto/modules/go
+++ b/auto/modules/go
@@ -111,7 +111,7 @@ install: ${NXT_GO}-install
 ${NXT_GO}:
 
 ${NXT_GO}-install: ${NXT_GO}-install-src ${NXT_GO}-install-env
-	GOPATH=\$(DESTDIR)\$(GOPATH) ${NXT_GO} build ${NXT_GO_PKG}
+	GOPATH=\$(DESTDIR)\$(GOPATH) GO111MODULE=auto ${NXT_GO} build ${NXT_GO_PKG}
 
 ${NXT_GO}-install-src:
 	install -d \$(DESTDIR)\$(NXT_GO_DST)/src/${NXT_GO_PKG}
-- 
cgit 


From 3f7ccf142ff4d1a11b807a344bcb1e3cb6c3284b Mon Sep 17 00:00:00 2001
From: Andrey Suvorov <a.suvorov@f5.com>
Date: Wed, 26 May 2021 11:19:47 -0700
Subject: Enabling SSL_CTX configuration by using SSL_CONF_cmd().

To perform various configuration operations on SSL_CTX, OpenSSL provides
SSL_CONF_cmd().  Specifically, to configure ciphers for a listener,
"CipherString" and "Ciphersuites" file commands are used:
https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html


This feature can be configured in the "tls/conf_commands" section.
---
 auto/ssltls | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'auto')

diff --git a/auto/ssltls b/auto/ssltls
index f034b758..f9363dde 100644
--- a/auto/ssltls
+++ b/auto/ssltls
@@ -52,6 +52,20 @@ if [ $NXT_OPENSSL = YES ]; then
         $echo
         exit 1;
     fi
+
+
+    nxt_feature="OpenSSL SSL_CONF_cmd()"
+    nxt_feature_name=NXT_HAVE_OPENSSL_CONF_CMD
+    nxt_feature_run=
+    nxt_feature_incs=
+    nxt_feature_libs="$NXT_OPENSSL_LIBS"
+    nxt_feature_test="#include <openssl/ssl.h>
+
+                      int main() {
+                          SSL_CONF_cmd(NULL, NULL, NULL);
+                          return 0;
+                      }"
+    . auto/feature
 fi
 
 
-- 
cgit