diff --git a/SOURCES/nginx-1.18.0-CVE-2021-23017.patch b/SOURCES/nginx-1.18.0-CVE-2021-23017.patch new file mode 100644 index 0000000..26d01ff --- /dev/null +++ b/SOURCES/nginx-1.18.0-CVE-2021-23017.patch @@ -0,0 +1,24 @@ +diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c +index e51712c..4e75ab8 100644 +--- a/src/core/ngx_resolver.c ++++ b/src/core/ngx_resolver.c +@@ -3993,15 +3993,15 @@ done: + n = *src++; + + } else { ++ if (dst != name->data) { ++ *dst++ = '.'; ++ } ++ + ngx_strlow(dst, src, n); + dst += n; + src += n; + + n = *src++; +- +- if (n != 0) { +- *dst++ = '.'; +- } + } + + if (n == 0) { diff --git a/SPECS/nginx.spec b/SPECS/nginx.spec index 4b74443..1d73ca2 100644 --- a/SPECS/nginx.spec +++ b/SPECS/nginx.spec @@ -41,7 +41,7 @@ Name: %{?scl:%scl_prefix}nginx Epoch: 1 Version: 1.18.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: A high performance web server and reverse proxy server Group: System Environment/Daemons # BSD License (two clause) @@ -78,6 +78,9 @@ Patch2: nginx-1.16.0-pkcs11.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1655530 Patch3: nginx-1.14.1-perl-module-hardening.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1963121 +Patch4: nginx-1.18.0-CVE-2021-23017.patch + BuildRequires: gd-devel %if 0%{?with_gperftools} @@ -183,6 +186,7 @@ Requires: %{?scl:%scl_prefix}nginx %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 cp %{SOURCE200} . %build @@ -622,6 +626,11 @@ fi %{_libdir}/nginx/modules/ngx_stream_module.so %changelog +* Tue May 25 2021 Luboš Uhliarik - 1:1.18.0-3 +- Resolves: #1963183 - CVE-2021-23017 rh-nginx118-nginx: nginx: Off-by-one + in ngx_resolver_copy() when labels are followed by a pointer to a root + domain name + * Wed Sep 16 2020 Lubos Uhliarik - 1:1.18.0-2 - switch rh-nginx118 to rh-perl530