| from small one page howto to huge articles all in one place
Last additions:
May, 25th 2007:
April, 26th 2007:
Apr, 10th. 2007:
| 
. 
Details of www-servers/nginx:
available versions:
| releases | alpha | amd64 | arm | hppa | ia64 | mips | ppc | ppc64 | ppc macos | s390 | sh | sparc | x86 | USE-Flags | dependencies | ebuild warnings |
|---|
| nginx-9999 |
- | - | - | - | - | - | - | - | - | - | - | - | - | none | show | show | | nginx-1.29.3-r3 |
- | + | + | - | - | - | ~ | ~ | - | - | - | - | + | none | show | show | | nginx-1.28.0-r5 |
- | + | + | - | - | - | ~ | ~ | - | - | - | - | + | none | show | show | | nginx-1.27.5-r1 |
- | ~ | ~ | - | - | - | ~ | ~ | - | - | - | - | ~ | $IUSE
nginx_modules_http_spdy
| show | GCC 4.1+ features built-in atomic operations.
Using libatomic_ops is only needed if using
a different compiler or a GCC prior to 4.1
You are building custom modules via \$NGINX_ADD_MODULES!
This nginx installation is not supported!
Make sure you can reproduce the bug without those modules
_before_ reporting bugs.
To actually disable all http-functionality you also have to disable
all nginx http modules.
EXTRA_ECONF applied. Now you are on your own, good luck!
In nginx 1.9.5 the spdy module was superseded by http2.
Update your configs and package.use accordingly.
While you can build lua 3rd party module against ${P}
the author warns that >=${PN}-1.11.11 is still not an
officially supported target yet. You are on your own.
Expect runtime failures, memory leaks and other problems!
Lua 3rd party module author warns against using ${P} with
NGINX_MODULES_HTTP=\
Replacing multiple ${PN}' versions is unsupported!
The world-readable bit (if set) has been removed from the
following directories to mitigate a security bug
(CVE-2013-0337, bug #458726):
${EPREFIX}/var/log/nginx
${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}
Check if this is correct for your setup before restarting nginx!
This is a one-time change and will not happen on subsequent updates.
Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'
The permissions on the following directory have been reset in
order to mitigate a security bug (CVE-2016-1247, bug #605008):
${EPREFIX}/var/log/nginx
Check if this is correct for your setup before restarting nginx!
Also ensure that no other log directory used by any of your
vhost(s) is not writeable for nginx user. Any of your log files
used by nginx can be abused to escalate privileges!
This is a one-time change and will not happen on subsequent updates.
*************************************************************
*************** W A R N I N G ***************
*************************************************************
The one-time only attempt to adjust permissions of the
existing nginx installation failed. Be aware that we will not
try to adjust the same permissions again because now you are
using a nginx version where we expect that the permissions
are already adjusted or that you know what you are doing and
want to keep custom permissions.
*************************************************************
*************** W A R N I N G ***************
*************************************************************
Looks like your installation is vulnerable to CVE-2016-1247
(bug #605008) because nginx user is able to create files in
${EPREFIX}/var/log/nginx
Also ensure that no other log directory used by any of your
vhost(s) is not writeable for nginx user. Any of your log files
used by nginx can be abused to escalate privileges!
This nginx installation comes with a mitigation for the HTTPoxy
vulnerability for FastCGI, SCGI and uWSGI applications by setting
the HTTP_PROXY parameter to an empty string per default when you
are sourcing one of the default
- 'fastcgi_params' or 'fastcgi.conf'
- 'scgi_params'
- 'uwsgi_params'
files in your server block(s).
If this is causing any problems for you make sure that you are sourcing the
default parameters _before_ you set your own values.
If you are relying on user-supplied proxy values you have to remove the
correlating lines from the file(s) mentioned above.
| | nginx-1.26.3-r2 |
- | + | + | - | - | - | ~ | ~ | - | - | - | - | + | $IUSE
nginx_modules_http_spdy
| show | GCC 4.1+ features built-in atomic operations.
Using libatomic_ops is only needed if using
a different compiler or a GCC prior to 4.1
You are building custom modules via \$NGINX_ADD_MODULES!
This nginx installation is not supported!
Make sure you can reproduce the bug without those modules
_before_ reporting bugs.
To actually disable all http-functionality you also have to disable
all nginx http modules.
EXTRA_ECONF applied. Now you are on your own, good luck!
In nginx 1.9.5 the spdy module was superseded by http2.
Update your configs and package.use accordingly.
While you can build lua 3rd party module against ${P}
the author warns that >=${PN}-1.11.11 is still not an
officially supported target yet. You are on your own.
Expect runtime failures, memory leaks and other problems!
Lua 3rd party module author warns against using ${P} with
NGINX_MODULES_HTTP=\
Replacing multiple ${PN}' versions is unsupported!
The world-readable bit (if set) has been removed from the
following directories to mitigate a security bug
(CVE-2013-0337, bug #458726):
${EPREFIX}/var/log/nginx
${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}
Check if this is correct for your setup before restarting nginx!
This is a one-time change and will not happen on subsequent updates.
Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'
The permissions on the following directory have been reset in
order to mitigate a security bug (CVE-2016-1247, bug #605008):
${EPREFIX}/var/log/nginx
Check if this is correct for your setup before restarting nginx!
Also ensure that no other log directory used by any of your
vhost(s) is not writeable for nginx user. Any of your log files
used by nginx can be abused to escalate privileges!
This is a one-time change and will not happen on subsequent updates.
*************************************************************
*************** W A R N I N G ***************
*************************************************************
The one-time only attempt to adjust permissions of the
existing nginx installation failed. Be aware that we will not
try to adjust the same permissions again because now you are
using a nginx version where we expect that the permissions
are already adjusted or that you know what you are doing and
want to keep custom permissions.
*************************************************************
*************** W A R N I N G ***************
*************************************************************
Looks like your installation is vulnerable to CVE-2016-1247
(bug #605008) because nginx user is able to create files in
${EPREFIX}/var/log/nginx
Also ensure that no other log directory used by any of your
vhost(s) is not writeable for nginx user. Any of your log files
used by nginx can be abused to escalate privileges!
This nginx installation comes with a mitigation for the HTTPoxy
vulnerability for FastCGI, SCGI and uWSGI applications by setting
the HTTP_PROXY parameter to an empty string per default when you
are sourcing one of the default
- 'fastcgi_params' or 'fastcgi.conf'
- 'scgi_params'
- 'uwsgi_params'
files in your server block(s).
If this is causing any problems for you make sure that you are sourcing the
default parameters _before_ you set your own values.
If you are relying on user-supplied proxy values you have to remove the
correlating lines from the file(s) mentioned above.
|
Legend: + stable~ testing- not availablesome ebuild warning depend on specific use-flags or architectures, all ebuild-warnings are shown. Known bugs:
| bug ID | component | assigned to | status | description | last change |
|---|
| 397587 | Applications | hollow | UNCONFIRMED | www-servers/nginx - add Naxsi web application firewall support | 2013-02-21 09:09:26 |
| 401397 | Server | hollow | UNCONFIRMED | www-servers/nginx: add automatic minification module (jitify) | 2012-11-26 08:02:58 |
| 427194 | Applications | hollow | UNCONFIRMED | www-servers/nginx: add rtmp module support | 2012-11-26 08:04:35 |
| 436062 | Development | robbat2 | UNCONFIRMED | app-portage/g-cpan - perl-gcpan/RT-Extension-Nginx-0.02 - mkdir /usr/etc: Permission denied at /usr/ | 2012-09-24 11:14:58 |
| 442610 | Server | hollow | UNCONFIRMED | www-servers/nginx - Feature support request for dav-ext-module. | 2012-11-26 20:05:19 |
| 444660 | Ebuilds | sci-geosciences | UNCONFIRMED | sci-geosciences/mapserver - add www-servers/nginx support(?) | 2012-12-02 12:31:33 |
| 446734 | Ebuilds | hollow | UNCONFIRMED | www-servers/nginx - init script changes owner and mode of /var/log/nginx on each startup/restart | 2013-01-21 03:28:06 |
| 456752 | Keywording and Stabilization | hollow | UNCONFIRMED | =www-servers/nginx-1.2.6-r1 keyword request | 2013-02-11 11:36:03 |
| 
| 
| 
