packages/nginx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!52 Upgrade to 1.21.5 version for fix CVE-2021-3618

Browse Source 
From: @houyingchao 
Reviewed-by: @licihua 
Signed-off-by: @licihua
This commit is contained in:
openeuler-ci-bot 2022-04-25 03:50:02 +00:00 committed by Gitee
commit d55097bbf4
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
6 changed files with 11 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
CVE-2019-20372.patch
View File

@ -1,28 +0,0 @@
From c1be55f97211d38b69ac0c2027e6812ab8b1b94e Mon Sep 17 00:00:00 2001
From: Ruslan Ermilov <ru@nginx.com>
Date: Mon, 23 Dec 2019 15:45:46 +0300
Subject: [PATCH] Discard request body when redirecting to a URL via
error_page.
Reported by Bert JW Regeer and Francisco Oca Gonzalez.
---
src/http/ngx_http_special_response.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c
index 4ffb2cc8ad..76e6705889 100644
--- a/src/http/ngx_http_special_response.c
+++ b/src/http/ngx_http_special_response.c
@@ -606,6 +606,12 @@ ngx_http_send_error_page(ngx_http_request_t *r, ngx_http_err_page_t *err_page)
return ngx_http_named_location(r, &uri);
}
+ r->expect_tested = 1;
+
+ if (ngx_http_discard_request_body(r) != NGX_OK) {
+ r->keepalive = 0;
+ }
+
location = ngx_list_push(&r->headers_out.headers);
if (location == NULL) {

34
CVE-2021-23017.patch
View File

@ -1,34 +0,0 @@
From 7199ebc203f74fd9e44595474de6bdc41740c5cf Mon Sep 17 00:00:00 2001
From: Maxim Dounin <mdounin@mdounin.ru>
Date: Tue, 25 May 2021 15:17:36 +0300
Subject: [PATCH] Resolver: fixed off-by-one write in ngx_resolver_copy().
Reported by Luis Merino, Markus Vervier, Eric Sesterhenn, X41 D-Sec GmbH.
---
src/core/ngx_resolver.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
index 7939070102..63b26193df 100644
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -4008,15 +4008,15 @@ ngx_resolver_copy(ngx_resolver_t *r, ngx_str_t *name, u_char *buf, u_char *src,
n = *src++;
} else {
+ if (dst != name->data) {
+ *dst++ = '.';
+ }
+
ngx_strlow(dst, src, n);
dst += n;
src += n;
n = *src++;
-
- if (n != 0) {
- *dst++ = '.';
- }
}
if (n == 0) {

BIN
nginx-1.16.1.tar.gz
View File

Binary file not shown.

BIN
nginx-1.21.5.tar.gz Normal file
View File

Binary file not shown.

16
nginx.conf
View File

@ -25,7 +25,7 @@ http {
tcp_nopush on; tcp_nopush on;
tcp_nodelay on; tcp_nodelay on;
keepalive_timeout 65; keepalive_timeout 65;
types_hash_max_size 2048; types_hash_max_size 4096;
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
default_type application/octet-stream; default_type application/octet-stream;
@ -36,17 +36,14 @@ http {
include /etc/nginx/conf.d/*.conf; include /etc/nginx/conf.d/*.conf;
server { server {
listen 80 default_server; listen 80;
listen [::]:80 default_server; listen [::]:80;
server_name _; server_name _;
root /usr/share/nginx/html; root /usr/share/nginx/html;
# Load configuration files for the default server block. # Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf; include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html; error_page 404 /404.html;
location = /40x.html { location = /40x.html {
} }
@ -59,8 +56,8 @@ http {
# Settings for a TLS enabled server. # Settings for a TLS enabled server.
# #
# server { # server {
# listen 443 ssl http2 default_server; # listen 443 ssl http2;
# listen [::]:443 ssl http2 default_server; # listen [::]:443 ssl http2;
# server_name _; # server_name _;
# root /usr/share/nginx/html; # root /usr/share/nginx/html;
# #
@ -74,9 +71,6 @@ http {
# # Load configuration files for the default server block. # # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf; # include /etc/nginx/default.d/*.conf;
# #
# location / {
# }
#
# error_page 404 /404.html; # error_page 404 /404.html;
# location = /40x.html { # location = /40x.html {
# } # }

10
nginx.spec
View File

@ -13,8 +13,8 @@
Name: nginx Name: nginx
Epoch: 1 Epoch: 1
Version: 1.16.1 Version: 1.21.5
Release: 11 Release: 1
Summary: A HTTP server, reverse proxy and mail proxy server Summary: A HTTP server, reverse proxy and mail proxy server
License: BSD License: BSD
URL: http://nginx.org/ URL: http://nginx.org/
@ -33,9 +33,7 @@ Source210: UPGRADE-NOTES-1.6-to-1.10
Patch0: nginx-auto-cc-gcc.patch Patch0: nginx-auto-cc-gcc.patch
Patch2: nginx-1.12.1-logs-perm.patch Patch2: nginx-1.12.1-logs-perm.patch
Patch3: CVE-2019-20372.patch
Patch4: nginx-fix-pidfile.patch Patch4: nginx-fix-pidfile.patch
Patch5: CVE-2021-23017.patch
BuildRequires: gcc openssl-devel pcre-devel zlib-devel systemd gperftools-devel BuildRequires: gcc openssl-devel pcre-devel zlib-devel systemd gperftools-devel
Requires: nginx-filesystem = %{epoch}:%{version}-%{release} openssl pcre Requires: nginx-filesystem = %{epoch}:%{version}-%{release} openssl pcre
@ -347,6 +345,10 @@ fi
%changelog %changelog
* Mon Apr 25 2022 houyingchao <houyingchao@h-partners.com> - 1:1.21.5-1
- Upgrade to 1.21.5
- Fix CVE-2021-3618
* Tue Jun 15 2021 yanglu <yanglu72@huawei.com> - 1:1.16.1-11 * Tue Jun 15 2021 yanglu <yanglu72@huawei.com> - 1:1.16.1-11
- Fix CVE-2021-23017 - Fix CVE-2021-23017