From a34e0639cc5a6404d39c0b0540216812653b7298 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jun 07 2021 10:04:09 +0000 Subject: import nginx-1.18.0-3.module+el8.4.0+11152+f736ed63.1 --- diff --git a/SOURCES/nginx-1.18.0-CVE-2021-23017.patch b/SOURCES/nginx-1.18.0-CVE-2021-23017.patch new file mode 100644 index 0000000..26d01ff --- /dev/null +++ b/SOURCES/nginx-1.18.0-CVE-2021-23017.patch @@ -0,0 +1,24 @@ +diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c +index e51712c..4e75ab8 100644 +--- a/src/core/ngx_resolver.c ++++ b/src/core/ngx_resolver.c +@@ -3993,15 +3993,15 @@ done: + n = *src++; + + } else { ++ if (dst != name->data) { ++ *dst++ = '.'; ++ } ++ + ngx_strlow(dst, src, n); + dst += n; + src += n; + + n = *src++; +- +- if (n != 0) { +- *dst++ = '.'; +- } + } + + if (n == 0) { diff --git a/SPECS/nginx.spec b/SPECS/nginx.spec index 1a98009..e5ee179 100644 --- a/SPECS/nginx.spec +++ b/SPECS/nginx.spec @@ -19,7 +19,7 @@ Name: nginx Epoch: 1 Version: 1.18.0 -Release: 3%{?dist} +Release: 3%{?dist}.1 Summary: A high performance web server and reverse proxy server Group: System Environment/Daemons @@ -60,6 +60,9 @@ Patch4: nginx-1.16.0-enable-tls1v3-by-default.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1668717 Patch5: nginx-1.18.0-pkcs11-cert.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1963121 +Patch6: nginx-1.18.0-CVE-2021-23017.patch + %if 0%{?with_gperftools} BuildRequires: gperftools-devel %endif @@ -192,6 +195,7 @@ Requires: nginx %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} . @@ -473,6 +477,11 @@ fi %changelog +* Tue May 25 2021 Luboš Uhliarik - 1:1.18.0-3.1 +- Resolves: #1963178 - CVE-2021-23017 nginx:1.18/nginx: Off-by-one in + ngx_resolver_copy() when labels are followed by a pointer to a root + domain name + * Thu Nov 12 2020 Lubos Uhliarik - 1:1.18.0-3 - Resolves: #1651377 - centralizing default index.html on nginx - Resolves: #1825683 - Outdated Red Hat branding used in nginx default pages