diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2020-02-10 21:05:55 +0000 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2020-02-10 21:05:55 +0000 |
| commit | 71deace00d1a2b091313fe137ab7092418c6f87c (patch) | |
| tree | 9f1f0dee23e13658e52f49437befe78427148c51 /www-servers/nginx/nginx-1.17.8.ebuild | |
| parent | 29aabba0ea759c6a2864ff5631735b67ee38e5e0 (diff) | |
gentoo resync : 10.02.2020
Diffstat (limited to 'www-servers/nginx/nginx-1.17.8.ebuild')
| -rw-r--r-- | www-servers/nginx/nginx-1.17.8.ebuild | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/www-servers/nginx/nginx-1.17.8.ebuild b/www-servers/nginx/nginx-1.17.8.ebuild index fe0559cad19b..e950633e242e 100644 --- a/www-servers/nginx/nginx-1.17.8.ebuild +++ b/www-servers/nginx/nginx-1.17.8.ebuild @@ -996,15 +996,15 @@ pkg_postinst() { ewarn "following directories to mitigate a security bug" ewarn "(CVE-2013-0337, bug #458726):" ewarn "" - ewarn " ${EPREFIX%/}/var/log/nginx" - ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}" + ewarn " ${EPREFIX}/var/log/nginx" + ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}" ewarn "" ewarn "Check if this is correct for your setup before restarting nginx!" ewarn "This is a one-time change and will not happen on subsequent updates." - ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'" + ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'" chmod o-rwx \ - "${EPREFIX%/}"/var/log/nginx \ - "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \ + "${EPREFIX}"/var/log/nginx \ + "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \ _has_to_show_permission_warning=1 fi @@ -1013,15 +1013,15 @@ pkg_postinst() { ewarn "The permissions on the following directory have been reset in" ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):" ewarn "" - ewarn " ${EPREFIX%/}/var/log/nginx" + ewarn " ${EPREFIX}/var/log/nginx" ewarn "" ewarn "Check if this is correct for your setup before restarting nginx!" ewarn "Also ensure that no other log directory used by any of your" ewarn "vhost(s) is not writeable for nginx user. Any of your log files" ewarn "used by nginx can be abused to escalate privileges!" ewarn "This is a one-time change and will not happen on subsequent updates." - chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1 - chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1 + chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1 + chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1 fi if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then @@ -1046,7 +1046,7 @@ pkg_postinst() { # unmerged a affected installation on purpose in the past leaving # /var/log/nginx on their system due to keepdir/non-empty folder # and are now installing the package again. - local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX) + local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX) su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null if [ $? -eq 0 ] ; then # Cleanup -- no reason to die here! @@ -1059,7 +1059,7 @@ pkg_postinst() { ewarn "Looks like your installation is vulnerable to CVE-2016-1247" ewarn "(bug #605008) because nginx user is able to create files in" ewarn "" - ewarn " ${EPREFIX%/}/var/log/nginx" + ewarn " ${EPREFIX}/var/log/nginx" ewarn "" ewarn "Also ensure that no other log directory used by any of your" ewarn "vhost(s) is not writeable for nginx user. Any of your log files" |