diff --git a/SOURCES/0006-Fix-ALPACA-security-issue.patch b/SOURCES/0006-Fix-ALPACA-security-issue.patch
new file mode 100644
index 0000000..754e8cc
--- /dev/null
+++ b/SOURCES/0006-Fix-ALPACA-security-issue.patch
@@ -0,0 +1,96 @@
+From ee8ea4f1c88a0393206769cd30a545dc3375f868 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
+Date: Wed, 2 Feb 2022 20:14:55 +0100
+Subject: [PATCH] Fix ALPACA security issue
+
+---
+ src/mail/ngx_mail.h | 3 +++
+ src/mail/ngx_mail_core_module.c | 10 ++++++++++
+ src/mail/ngx_mail_handler.c | 15 ++++++++++++++-
+ 3 files changed, 27 insertions(+), 1 deletion(-)
+
+diff --git a/src/mail/ngx_mail.h b/src/mail/ngx_mail.h
+index b865a3b..76cae37 100644
+--- a/src/mail/ngx_mail.h
++++ b/src/mail/ngx_mail.h
+@@ -115,6 +115,8 @@ typedef struct {
+ ngx_msec_t timeout;
+ ngx_msec_t resolver_timeout;
+
++ ngx_uint_t max_errors;
++
+ ngx_str_t server_name;
+
+ u_char *file_name;
+@@ -231,6 +233,7 @@ typedef struct {
+ ngx_uint_t command;
+ ngx_array_t args;
+
++ ngx_uint_t errors;
+ ngx_uint_t login_attempt;
+
+ /* used to parse POP3/IMAP/SMTP command */
+diff --git a/src/mail/ngx_mail_core_module.c b/src/mail/ngx_mail_core_module.c
+index 4083124..115671c 100644
+--- a/src/mail/ngx_mail_core_module.c
++++ b/src/mail/ngx_mail_core_module.c
+@@ -85,6 +85,13 @@ static ngx_command_t ngx_mail_core_commands[] = {
+ offsetof(ngx_mail_core_srv_conf_t, resolver_timeout),
+ NULL },
+
++ { ngx_string("max_errors"),
++ NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
++ ngx_conf_set_num_slot,
++ NGX_MAIL_SRV_CONF_OFFSET,
++ offsetof(ngx_mail_core_srv_conf_t, max_errors),
++ NULL },
++
+ ngx_null_command
+ };
+
+@@ -163,6 +170,8 @@ ngx_mail_core_create_srv_conf(ngx_conf_t *cf)
+ cscf->timeout = NGX_CONF_UNSET_MSEC;
+ cscf->resolver_timeout = NGX_CONF_UNSET_MSEC;
+
++ cscf->max_errors = NGX_CONF_UNSET_UINT;
++
+ cscf->resolver = NGX_CONF_UNSET_PTR;
+
+ cscf->file_name = cf->conf_file->file.name.data;
+@@ -182,6 +191,7 @@ ngx_mail_core_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
+ ngx_conf_merge_msec_value(conf->resolver_timeout, prev->resolver_timeout,
+ 30000);
+
++ ngx_conf_merge_uint_value(conf->max_errors, prev->max_errors, 5);
+
+ ngx_conf_merge_str_value(conf->server_name, prev->server_name, "");
+
+diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_handler.c
+index 0aaa0e7..71b8151 100644
+--- a/src/mail/ngx_mail_handler.c
++++ b/src/mail/ngx_mail_handler.c
+@@ -871,7 +871,20 @@ ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c)
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+
+- if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
++ if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
++
++ s->errors++;
++
++ if (s->errors >= cscf->max_errors) {
++ ngx_log_error(NGX_LOG_INFO, c->log, 0,
++ "client sent too many invalid commands");
++ s->quit = 1;
++ }
++
++ return rc;
++ }
++
++ if (rc == NGX_IMAP_NEXT) {
+ return rc;
+ }
+
+--
+2.31.1
+
diff --git a/SPECS/nginx.spec b/SPECS/nginx.spec
index 0d369a0..a9093bd 100644
--- a/SPECS/nginx.spec
+++ b/SPECS/nginx.spec
@@ -41,7 +41,7 @@
Name: nginx
Epoch: 1
Version: 1.20.1
-Release: 9%{?dist}
+Release: 10%{?dist}
Summary: A high performance web server and reverse proxy server
# BSD License (two clause)
@@ -85,6 +85,9 @@ Patch3: 0004-Set-proper-compiler-optimalization-level-O2-for-perl.pat
# downstream patch for RHEL - https://bugzilla.redhat.com/show_bug.cgi?id=2006420
Patch4: 0005-Init-openssl-engine-properly.patch
+# upstream patch - fixing ALPACA(CVE-2021-3618) security issue - https://bugzilla.redhat.com/show_bug.cgi?id=1975623
+Patch5: 0006-Fix-ALPACA-security-issue.patch
+
BuildRequires: make
BuildRequires: gcc
BuildRequires: gnupg2
@@ -584,6 +587,10 @@ fi
%changelog
+* Wed Feb 02 2022 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-10
+- Resolves: #1975747 - CVE-2021-3618 nginx: ALPACA: Application Layer Protocol
+ Confusion - Analyzing and Mitigating Cracks in TLS Authentication
+
* Thu Dec 2 2021 Joe Orton <jorton@redhat.com> - 1:1.20.1-9
- add delaycompress to logrotate config (#2015250)