aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJ0WI <J0WI@users.noreply.github.com>2021-05-26 01:57:15 +0200
committerJakub Jirutka <jakub@jirutka.cz>2021-05-26 18:22:33 +0200
commitca087996b58a77a9e3c1aaee70ad8645a7caa612 (patch)
tree5c61ec12fd5fa62e7f8706599be02dd65f1e9e33
parent0d11c584713acc2df89ac81abaf87d0414a8a82d (diff)
downloadaports-ca087996b58a77a9e3c1aaee70ad8645a7caa612.tar.gz
aports-ca087996b58a77a9e3c1aaee70ad8645a7caa612.tar.bz2
aports-ca087996b58a77a9e3c1aaee70ad8645a7caa612.tar.xz
main/nginx: patch CVE-2021-23017
See http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html
-rw-r--r--main/nginx/APKBUILD6
-rw-r--r--main/nginx/CVE-2021-23017.patch25
2 files changed, 30 insertions, 1 deletions
diff --git a/main/nginx/APKBUILD b/main/nginx/APKBUILD
index 7d3e58afd5..1339d3754b 100644
--- a/main/nginx/APKBUILD
+++ b/main/nginx/APKBUILD
@@ -4,6 +4,8 @@
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
+# 1.16.1-r3:
+# - CVE-2021-23017
# 1.16.1-r2:
# - CVE-2019-20372
# 1.16.1-r0:
@@ -21,7 +23,7 @@ pkgname=nginx
# NOTE: Upgrade only to even-numbered versions (e.g. 1.14.z, 1.16.z)!
# Odd-numbered versions are mainline (development) versions.
pkgver=1.16.1
-pkgrel=2
+pkgrel=3
# Revision of nginx-tests to use for check().
_tests_hgrev=2be630357aa7
_njs_ver=0.3.1
@@ -64,6 +66,7 @@ replaces="$pkgname-common $pkgname-initscripts $pkgname-lua $pkgname-rtmp"
source="https://nginx.org/download/$pkgname-$pkgver.tar.gz
$pkgname-tests-$_tests_hgrev.tar.gz::https://hg.nginx.org/nginx-tests/archive/$_tests_hgrev.tar.gz
$pkgname-njs-$_njs_ver.tar.gz::https://hg.nginx.org/njs/archive/$_njs_ver.tar.gz
+ CVE-2021-23017.patch
nginx.conf
default.conf
$pkgname.logrotate
@@ -331,6 +334,7 @@ _module() {
sha512sums="17e95b43fa47d4fef5e652dea587518e16ab5ec562c9c94355c356440166d4b6a6a41ee520d406e5a34791a327d2e3c46b3f9b105ac9ce07afdd495c49eca437 nginx-1.16.1.tar.gz
dfc558537847ab322d9e88f9b3141edc7f4391b42f672358f10ddba31b90d4e271b73c79b437cfc45d4db3932049379a1c3269953bdaafb7b4e24e436b46e4bf nginx-tests-2be630357aa7.tar.gz
d6fddcfee8e9fdbc4bdc7c945721d5751c22075da35cadc27689069bbf5d763ed1630050daecc2fa22606a0bcd3990aea4ce16bbc85581d685888f3d009789fb nginx-njs-0.3.1.tar.gz
+b8ed5dedc55f4e1c60f3c0b97836096e83a9f928b13c125fe568f5d369bb35535224c7def05677f04adc9733a983ac9cc8aa2c7af94468085eb3121c1817dc45 CVE-2021-23017.patch
ac7e3153ab698b4cde077f0d5d7ac0a58897927eb36cf3b58cb01268ca0296f1d589c0a5b4f889b96b5b4a57bef05b17c59be59a9d7c4d7a3d3be58f101f7f41 nginx.conf
0907f69dc2d3dc1bad3a04fb6673f741f1a8be964e22b306ef9ae2f8e736e1f5733a8884bfe54f3553fff5132a0e5336716250f54272c3fec2177d6ba16986f3 default.conf
09b110693e3f4377349ccea3c43cb8199c8579ee351eae34283299be99fdf764b0c1bddd552e13e4d671b194501618b29c822e1ad53b34101a73a63954363dbb nginx.logrotate
diff --git a/main/nginx/CVE-2021-23017.patch b/main/nginx/CVE-2021-23017.patch
new file mode 100644
index 0000000000..9d551c26d6
--- /dev/null
+++ b/main/nginx/CVE-2021-23017.patch
@@ -0,0 +1,25 @@
+Patch-Source: http://nginx.org/download/patch.2021.resolver.txt
+
+diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
+--- a/src/core/ngx_resolver.c
++++ b/src/core/ngx_resolver.c
+@@ -4008,15 +4008,15 @@ done:
+ n = *src++;
+
+ } else {
++ if (dst != name->data) {
++ *dst++ = '.';
++ }
++
+ ngx_strlow(dst, src, n);
+ dst += n;
+ src += n;
+
+ n = *src++;
+-
+- if (n != 0) {
+- *dst++ = '.';
+- }
+ }
+
+ if (n == 0) {