aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2020-01-17 13:37:55 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2020-01-17 13:37:59 +0000
commit17143c4ab9960948114150119256c856dabd1ccb (patch)
treea4ce66b7f1fc61698aa76859678d735249012e7c
parent58d7b94f0134f00815145d95ee720d36d645c72e (diff)
downloadaports-17143c4ab9960948114150119256c856dabd1ccb.tar.gz
aports-17143c4ab9960948114150119256c856dabd1ccb.tar.bz2
aports-17143c4ab9960948114150119256c856dabd1ccb.tar.xz
main/nginx: security fix (CVE-2019-20372)
ref #11134
-rw-r--r--main/nginx/APKBUILD7
-rw-r--r--main/nginx/CVE-2019-20372.patch28
2 files changed, 34 insertions, 1 deletions
diff --git a/main/nginx/APKBUILD b/main/nginx/APKBUILD
index 5f456125e6..7d3e58afd5 100644
--- a/main/nginx/APKBUILD
+++ b/main/nginx/APKBUILD
@@ -4,6 +4,8 @@
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
+# 1.16.1-r2:
+# - CVE-2019-20372
# 1.16.1-r0:
# - CVE-2019-9511
# - CVE-2019-9513
@@ -19,7 +21,7 @@ pkgname=nginx
# NOTE: Upgrade only to even-numbered versions (e.g. 1.14.z, 1.16.z)!
# Odd-numbered versions are mainline (development) versions.
pkgver=1.16.1
-pkgrel=1
+pkgrel=2
# Revision of nginx-tests to use for check().
_tests_hgrev=2be630357aa7
_njs_ver=0.3.1
@@ -66,6 +68,8 @@ source="https://nginx.org/download/$pkgname-$pkgver.tar.gz
default.conf
$pkgname.logrotate
$pkgname.initd
+
+ CVE-2019-20372.patch
"
builddir="$srcdir/$pkgname-$pkgver"
@@ -331,6 +335,7 @@ ac7e3153ab698b4cde077f0d5d7ac0a58897927eb36cf3b58cb01268ca0296f1d589c0a5b4f889b9
0907f69dc2d3dc1bad3a04fb6673f741f1a8be964e22b306ef9ae2f8e736e1f5733a8884bfe54f3553fff5132a0e5336716250f54272c3fec2177d6ba16986f3 default.conf
09b110693e3f4377349ccea3c43cb8199c8579ee351eae34283299be99fdf764b0c1bddd552e13e4d671b194501618b29c822e1ad53b34101a73a63954363dbb nginx.logrotate
eb183860cd511361346e4079c1fcf470985e1c3b2a034a57f8b2a92ba851fed99256261f9b779770a5f57e3750e9e71bd1550a9d19ad9bf3a4d288864f0374a2 nginx.initd
+3d70fecd28a3c7b126aa06404ebb3a0fa71659abb710ecf441208b6735bda80493265410bebb4cecbb2fffa589fede75897b7f7d2da9def2482c75ac85b02b30 CVE-2019-20372.patch
558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 ngx_devel_kit-0.3.0.tar.gz
1f6c15b148856e5d258ed804b8340ae286e8ef925128ba230c59c24c3412c60e58952be4511e8360695cb5301268a9a3407760b0887323e6f46ccc9e81a73642 ngx_cache_purge-2.5.tar.gz
c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b echo-nginx-module-0.61.tar.gz
diff --git a/main/nginx/CVE-2019-20372.patch b/main/nginx/CVE-2019-20372.patch
new file mode 100644
index 0000000000..7329261e55
--- /dev/null
+++ b/main/nginx/CVE-2019-20372.patch
@@ -0,0 +1,28 @@
+From c1be55f97211d38b69ac0c2027e6812ab8b1b94e Mon Sep 17 00:00:00 2001
+From: Ruslan Ermilov <ru@nginx.com>
+Date: Mon, 23 Dec 2019 15:45:46 +0300
+Subject: [PATCH] Discard request body when redirecting to a URL via
+ error_page.
+
+Reported by Bert JW Regeer and Francisco Oca Gonzalez.
+---
+ src/http/ngx_http_special_response.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c
+index 4ffb2cc8ad..76e6705889 100644
+--- a/src/http/ngx_http_special_response.c
++++ b/src/http/ngx_http_special_response.c
+@@ -623,6 +623,12 @@ ngx_http_send_error_page(ngx_http_request_t *r, ngx_http_err_page_t *err_page)
+ return ngx_http_named_location(r, &uri);
+ }
+
++ r->expect_tested = 1;
++
++ if (ngx_http_discard_request_body(r) != NGX_OK) {
++ r->keepalive = 0;
++ }
++
+ location = ngx_list_push(&r->headers_out.headers);
+
+ if (location == NULL) {