Commit c01d93e5 authored by J0WI's avatar J0WI
Browse files

main/nginx: patch CVE-2021-23017

parent 44b0396c
Pipeline #82838 passed with stages
in 10 minutes and 18 seconds
......@@ -4,6 +4,8 @@
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
# 1.18.0-r2:
# - CVE-2021-23017
# 1.16.1-r6:
# - CVE-2019-20372
# 1.16.1-r0:
......@@ -65,6 +67,7 @@ replaces="$pkgname-common $pkgname-initscripts $pkgname-lua $pkgname-rtmp"
source="https://nginx.org/download/$pkgname-$pkgver.tar.gz
$pkgname-tests-$_tests_hgrev.tar.gz::https://hg.nginx.org/nginx-tests/archive/$_tests_hgrev.tar.gz
$pkgname-njs-$_njs_ver.tar.gz::https://hg.nginx.org/njs/archive/$_njs_ver.tar.gz
CVE-2021-23017.patch
nginx.conf
default.conf
$pkgname.logrotate
......@@ -349,9 +352,11 @@ _module() {
esac
}
sha512sums="8c21eeb62ab6e32e436932500f700bd2fb99fd2d29e43c08a5bfed4714c189c29c7141db551fcd5d2437303b7439f71758f7407dfd3e801e704e45e7daa78ddb nginx-1.18.0.tar.gz
sha512sums="
8c21eeb62ab6e32e436932500f700bd2fb99fd2d29e43c08a5bfed4714c189c29c7141db551fcd5d2437303b7439f71758f7407dfd3e801e704e45e7daa78ddb nginx-1.18.0.tar.gz
34b112d0cad5b6aeca58a7cfccbbb7626f2ae295e76e39048a226e5c375bf0371175d3fec2b893634d94b52ce4ba37b8079ecfefb4d435da84b24688fe374384 nginx-tests-c1d167a13c24.tar.gz
e9e96c8e2daf9e6007d9b878eebae9f7f7ab7622edf81d9561688844379aae461fe2e30a103d5bdc0564330f804cd40e6654141933cd7f7ec292849653ebc560 nginx-njs-0.3.8.tar.gz
85a826997c5a42d50804b800fddc346b639fc5420b332bd4bfd8420b0ac665f49528b612135dbe4830e53ad29918f2f29c9f2fa8698f2c480a4f4e7e369154fd CVE-2021-23017.patch
ac7e3153ab698b4cde077f0d5d7ac0a58897927eb36cf3b58cb01268ca0296f1d589c0a5b4f889b96b5b4a57bef05b17c59be59a9d7c4d7a3d3be58f101f7f41 nginx.conf
0907f69dc2d3dc1bad3a04fb6673f741f1a8be964e22b306ef9ae2f8e736e1f5733a8884bfe54f3553fff5132a0e5336716250f54272c3fec2177d6ba16986f3 default.conf
09b110693e3f4377349ccea3c43cb8199c8579ee351eae34283299be99fdf764b0c1bddd552e13e4d671b194501618b29c822e1ad53b34101a73a63954363dbb nginx.logrotate
......@@ -373,4 +378,5 @@ c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7
8adb7453c27748f4e685e3352e9b318b408da818754dc5b6244e908423941a8ba337561104f6e481f2553cbc0e334dcea73b57f8e810a9d6e974bb69ff8859e5 nginx-upstream-fair-0.1.3.tar.gz
4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922 nginx-rtmp-module-1.2.1.tar.gz
11a97ffa28d6078aa57ad1821421928f6e2a05235a2f384cd2b498e7998f1025edc1ee163a900937ee251b49bd9381813e71248e67d537531b91a998b1610c56 nginx-vod-module-1.25.tar.gz
06963b598c54e22d75ce837fb222f5aa6c9494c29e558ff46f1205d7159fc305414bfac4ed3288c836dcbf7628d92f26458e1992d34fc2f4b73275a32847bdc0 ngx_http_geoip2_module-3.3.tar.gz"
06963b598c54e22d75ce837fb222f5aa6c9494c29e558ff46f1205d7159fc305414bfac4ed3288c836dcbf7628d92f26458e1992d34fc2f4b73275a32847bdc0 ngx_http_geoip2_module-3.3.tar.gz
"
diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -4008,15 +4008,15 @@ done:
n = *src++;
} else {
+ if (dst != name->data) {
+ *dst++ = '.';
+ }
+
ngx_strlow(dst, src, n);
dst += n;
src += n;
n = *src++;
-
- if (n != 0) {
- *dst++ = '.';
- }
}
if (n == 0) {
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment