main/nginx: patch CVE-2021-23017

See http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html

main/nginx: patch CVE-2021-23017
See http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html
ca087996 · J0WI · Jakub Jirutka · 0d11c584 · ca087996 · ca087996
Commit ca087996 authored May 26, 2021 by J0WI Committed by Jakub Jirutka May 26, 2021
--- a/main/nginx/APKBUILD
+++ b/main/nginx/APKBUILD
@@ -4,6 +4,8 @@
 # Contributor: Jakub Jirutka <jakub@jirutka.cz>
 #
 # secfixes:
+#   1.16.1-r3:
+#     - CVE-2021-23017
 #   1.16.1-r2:
 #     - CVE-2019-20372
 #   1.16.1-r0:
@@ -21,7 +23,7 @@ pkgname=nginx
 # NOTE: Upgrade only to even-numbered versions (e.g. 1.14.z, 1.16.z)!
 # Odd-numbered versions are mainline (development) versions.
 pkgver=1.16.1
-pkgrel=2
+pkgrel=3
 # Revision of nginx-tests to use for check().
 _tests_hgrev=2be630357aa7
 _njs_ver=0.3.1
@@ -64,6 +66,7 @@ replaces="$pkgname-common $pkgname-initscripts $pkgname-lua $pkgname-rtmp"
 source="https://nginx.org/download/$pkgname-$pkgver.tar.gz
 	$pkgname-tests-$_tests_hgrev.tar.gz::https://hg.nginx.org/nginx-tests/archive/$_tests_hgrev.tar.gz
 	$pkgname-njs-$_njs_ver.tar.gz::https://hg.nginx.org/njs/archive/$_njs_ver.tar.gz
+	CVE-2021-23017.patch
 	nginx.conf
 	default.conf
 	$pkgname.logrotate
@@ -331,6 +334,7 @@ _module() {
 sha512sums="17e95b43fa47d4fef5e652dea587518e16ab5ec562c9c94355c356440166d4b6a6a41ee520d406e5a34791a327d2e3c46b3f9b105ac9ce07afdd495c49eca437  nginx-1.16.1.tar.gz
 dfc558537847ab322d9e88f9b3141edc7f4391b42f672358f10ddba31b90d4e271b73c79b437cfc45d4db3932049379a1c3269953bdaafb7b4e24e436b46e4bf  nginx-tests-2be630357aa7.tar.gz
 d6fddcfee8e9fdbc4bdc7c945721d5751c22075da35cadc27689069bbf5d763ed1630050daecc2fa22606a0bcd3990aea4ce16bbc85581d685888f3d009789fb  nginx-njs-0.3.1.tar.gz
+b8ed5dedc55f4e1c60f3c0b97836096e83a9f928b13c125fe568f5d369bb35535224c7def05677f04adc9733a983ac9cc8aa2c7af94468085eb3121c1817dc45  CVE-2021-23017.patch
 ac7e3153ab698b4cde077f0d5d7ac0a58897927eb36cf3b58cb01268ca0296f1d589c0a5b4f889b96b5b4a57bef05b17c59be59a9d7c4d7a3d3be58f101f7f41  nginx.conf
 0907f69dc2d3dc1bad3a04fb6673f741f1a8be964e22b306ef9ae2f8e736e1f5733a8884bfe54f3553fff5132a0e5336716250f54272c3fec2177d6ba16986f3  default.conf
 09b110693e3f4377349ccea3c43cb8199c8579ee351eae34283299be99fdf764b0c1bddd552e13e4d671b194501618b29c822e1ad53b34101a73a63954363dbb  nginx.logrotate

--- a/main/nginx/CVE-2021-23017.patch
+++ b/main/nginx/CVE-2021-23017.patch
+Patch-Source: http://nginx.org/download/patch.2021.resolver.txt
+
+diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
+--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
+@@ -4008,15 +4008,15 @@ done:
+             n = *src++;
+ 
+         } else {
+            if (dst != name->data) {
+                *dst++ = '.';
+            }
+
+             ngx_strlow(dst, src, n);
+             dst += n;
+             src += n;
+ 
+             n = *src++;
+-
+-            if (n != 0) {
+-                *dst++ = '.';
+-            }
+         }
+ 
+         if (n == 0) {