Gentoo.LinuxHowtos.org howtos, tips&tricks and tutorials for gentoo linux

from small one page howto to huge articles all in one place

Other .linuxhowtos.org sites: www.linuxhowtos.org
toolsntoys.linuxhowtos.org

Last additions:

How to make X listen on port 6000

words:

views:

81554

userrating:

average rating: 1.2 (52 votes) (1=very good 6=terrible)

May, 25th 2007:

Words

496

why adblockers are bad

April, 26th 2007:

Words

Website translation planned

Apr, 10th. 2007:

Words

Compile Time Estimator integrated into genlop

You are here: Portage

Details of www-servers/nginx:

available versions:

releases	alpha	amd64	arm	hppa	ia64	mips	ppc	ppc64	ppc macos	s390	sh	sparc	x86	USE-Flags	dependencies	ebuild warnings
nginx-9999	-	-	-	-	-	-	-	-	-	-	-	-	-	none	show	show
nginx-1.29.1-r2	-	~	~	-	-	-	~	~	-	-	-	-	~	none	show	show
nginx-1.29.0-r4	-	~	~	-	-	-	~	~	-	-	-	-	~	none	show	show
nginx-1.28.0-r2	-	~	~	-	-	-	~	~	-	-	-	-	~	none	show	show
nginx-1.27.5-r1	-	~	~	-	-	-	~	~	-	-	-	-	~	$IUSE nginx_modules_http_spdy	show	GCC 4.1+ features built-in atomic operations. Using libatomic_ops is only needed if using a different compiler or a GCC prior to 4.1 You are building custom modules via \$NGINX_ADD_MODULES! This nginx installation is not supported! Make sure you can reproduce the bug without those modules _before_ reporting bugs. To actually disable all http-functionality you also have to disable all nginx http modules. EXTRA_ECONF applied. Now you are on your own, good luck! In nginx 1.9.5 the spdy module was superseded by http2. Update your configs and package.use accordingly. While you can build lua 3rd party module against ${P} the author warns that >=${PN}-1.11.11 is still not an officially supported target yet. You are on your own. Expect runtime failures, memory leaks and other problems! Lua 3rd party module author warns against using ${P} with NGINX_MODULES_HTTP=\ Replacing multiple ${PN}' versions is unsupported! The world-readable bit (if set) has been removed from the following directories to mitigate a security bug (CVE-2013-0337, bug #458726): ${EPREFIX}/var/log/nginx ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} Check if this is correct for your setup before restarting nginx! This is a one-time change and will not happen on subsequent updates. Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}' The permissions on the following directory have been reset in order to mitigate a security bug (CVE-2016-1247, bug #605008): ${EPREFIX}/var/log/nginx Check if this is correct for your setup before restarting nginx! Also ensure that no other log directory used by any of your vhost(s) is not writeable for nginx user. Any of your log files used by nginx can be abused to escalate privileges! This is a one-time change and will not happen on subsequent updates. *********************************************************** *********** W A R N I N G *********** ********************************************************* The one-time only attempt to adjust permissions of the existing nginx installation failed. Be aware that we will not try to adjust the same permissions again because now you are using a nginx version where we expect that the permissions are already adjusted or that you know what you are doing and want to keep custom permissions. ********************************************************* *********** W A R N I N G *********** *********************************************************** Looks like your installation is vulnerable to CVE-2016-1247 (bug #605008) because nginx user is able to create files in ${EPREFIX}/var/log/nginx Also ensure that no other log directory used by any of your vhost(s) is not writeable for nginx user. Any of your log files used by nginx can be abused to escalate privileges! This nginx installation comes with a mitigation for the HTTPoxy vulnerability for FastCGI, SCGI and uWSGI applications by setting the HTTP_PROXY parameter to an empty string per default when you are sourcing one of the default - 'fastcgi_params' or 'fastcgi.conf' - 'scgi_params' - 'uwsgi_params' files in your server block(s). If this is causing any problems for you make sure that you are sourcing the default parameters _before_ you set your own values. If you are relying on user-supplied proxy values you have to remove the correlating lines from the file(s) mentioned above. show
nginx-1.26.3-r2	-	+	+	-	-	-	~	~	-	-	-	-	+	$IUSE nginx_modules_http_spdy	show	GCC 4.1+ features built-in atomic operations. Using libatomic_ops is only needed if using a different compiler or a GCC prior to 4.1 You are building custom modules via \$NGINX_ADD_MODULES! This nginx installation is not supported! Make sure you can reproduce the bug without those modules _before_ reporting bugs. To actually disable all http-functionality you also have to disable all nginx http modules. EXTRA_ECONF applied. Now you are on your own, good luck! In nginx 1.9.5 the spdy module was superseded by http2. Update your configs and package.use accordingly. While you can build lua 3rd party module against ${P} the author warns that >=${PN}-1.11.11 is still not an officially supported target yet. You are on your own. Expect runtime failures, memory leaks and other problems! Lua 3rd party module author warns against using ${P} with NGINX_MODULES_HTTP=\ Replacing multiple ${PN}' versions is unsupported! The world-readable bit (if set) has been removed from the following directories to mitigate a security bug (CVE-2013-0337, bug #458726): ${EPREFIX}/var/log/nginx ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} Check if this is correct for your setup before restarting nginx! This is a one-time change and will not happen on subsequent updates. Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}' The permissions on the following directory have been reset in order to mitigate a security bug (CVE-2016-1247, bug #605008): ${EPREFIX}/var/log/nginx Check if this is correct for your setup before restarting nginx! Also ensure that no other log directory used by any of your vhost(s) is not writeable for nginx user. Any of your log files used by nginx can be abused to escalate privileges! This is a one-time change and will not happen on subsequent updates. *********************************************************** *********** W A R N I N G *********** ********************************************************* The one-time only attempt to adjust permissions of the existing nginx installation failed. Be aware that we will not try to adjust the same permissions again because now you are using a nginx version where we expect that the permissions are already adjusted or that you know what you are doing and want to keep custom permissions. ********************************************************* *********** W A R N I N G *********** *********************************************************** Looks like your installation is vulnerable to CVE-2016-1247 (bug #605008) because nginx user is able to create files in ${EPREFIX}/var/log/nginx Also ensure that no other log directory used by any of your vhost(s) is not writeable for nginx user. Any of your log files used by nginx can be abused to escalate privileges! This nginx installation comes with a mitigation for the HTTPoxy vulnerability for FastCGI, SCGI and uWSGI applications by setting the HTTP_PROXY parameter to an empty string per default when you are sourcing one of the default - 'fastcgi_params' or 'fastcgi.conf' - 'scgi_params' - 'uwsgi_params' files in your server block(s). If this is causing any problems for you make sure that you are sourcing the default parameters _before_ you set your own values. If you are relying on user-supplied proxy values you have to remove the correlating lines from the file(s) mentioned above. show