caboose

Nginx just released a vulnerability fix. It's a nasty one, since it allows remote execution. Since RPMs don't exist yet, here's a quick-and-dirty way to roll your own on Fedora-based systems. I basically followed these guides: http://www.linuxweblog.com/patch-rebuild-rpm and http://perso.b2b2c.ca/sarrazip/dev/rpm-building-crash-course.html

Since on this server I'm running 0.6.3x, I'll be updating to that version. The fixed version is 0.6.39.

While they do the building from their own user account, a commenter suggests setting up an account specifically for building RPMs. The latter is probably preferable, but we're going to ignore that in the interests of expediency.

Assuming you never built an RPM before:

1. Install RPM build tools and setup your environment

   # yum install rpm-build

   Now, create ~/.rpmmacros with this line

   %topdir /home/youruserid/rpm

   And create a bunch of directories

   $ mkdir ~/rpm $ cd ~/rpm $ mkdir SOURCES SPECS BUILD SRPMS

2. Find the most recent nginx source package on rpmfind.net. This will give you a working recent RPM to fix.

3. Install the .src.rpm package with rpm -i nginx-0.6.38-1.src.rpm which installs the necessary files into ~/rpm/SOURCES

4. Here's the hacky part. Download nginx-0.6.39.tar.gz and copy it to ~/rpm/SOURCES. Then, edit the ~/rpm/SPECS/nginx.spec file and replace "6.38" with "6.39" wherever it occurs (just once, I believe).

   Now, build the RPM with rpmbuild -ba SPECS/nginx.spec

   On my system, I had to also install (with yum) pcre, pcre-devel, and perl-ExtUtils-Embed before nginx would build.

   Now, wait while it builds.

5. You now should have nginx-0.6.39-1.fc8.x86_64.rpm (or whatever your system is.)

   # rpm -Uvh nginx-0.6.39-1.fc8.x86_64.rpm

   # /etc/init.d/nginx restart

Done!