import UBI nginx-1.26.3-9.module+el9.8.0+24288+e2e6d896

SOURCES/0009-Clarify-binding-behavior-of-t-option.patch

@@ -0,0 +1,37 @@
+From dc847f7aedf0b4f8bbf9d7f9ba983541c6ca88c9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
+Date: Tue, 20 Jan 2026 19:27:05 +0100
+Subject: [PATCH] Clarify binding behavior of -t option.
+
+Configuration testing includes binding to configured listen addresses
+when opening referenced files.
+---
+ man/nginx.8 | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/man/nginx.8 b/man/nginx.8
+index 10db3e6..64d9ae7 100644
+--- a/man/nginx.8
++++ b/man/nginx.8
+@@ -25,7 +25,7 @@
+ .\" SUCH DAMAGE.
+ .\"
+ .\"
+-.Dd November 5, 2020
++.Dd January 21, 2026
+ .Dt NGINX 8
+ .Os
+ .Sh NAME
+@@ -98,7 +98,8 @@ but additionally dump configuration files to standard output.
+ Do not run, just test the configuration file.
+ .Nm
+ checks the configuration file syntax and then tries to open files
+-referenced in the configuration file.
++referenced in the configuration file, including binding to configured
++listen addresses.
+ .It Fl V
+ Print the
+ .Nm
+-- 
+2.44.0
+

SOURCES/0015-Rewrite-fixed-escaping-and-possible-buffer-overrun.patch

@@ -0,0 +1,42 @@
+From c322092dbcbdc061a1dea461f4c2eecabb850d79 Mon Sep 17 00:00:00 2001
+From: Roman Arutyunyan <arut@nginx.com>
+Date: Wed, 22 Apr 2026 09:39:31 +0400
+Subject: [PATCH] Rewrite: fixed escaping and possible buffer overrun
+
+The following code resulted in incorrect escaping of $1 and possible
+segfault:
+
+    location / {
+        rewrite ^(.*) /new?c=1;
+        set $myvar $1;
+        return 200 $myvar;
+    }
+
+If there were arguments in a rewrite's replacement string, the is_args flag
+was set and incorrectly never cleared.  This resulted in escaping applied
+to any captures evaluated afterwards in set or if.  Additionally buffer was
+allocated by ngx_http_script_complex_value_code() without escaping expected,
+thus this also resulted in buffer overrun and possible segfault.
+
+A similar issue was fixed in 74d939974d43.
+
+Reported by Leo Lin.
+---
+ src/http/ngx_http_script.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/http/ngx_http_script.c b/src/http/ngx_http_script.c
+index a2b9f1b..2ea6113 100644
+--- a/src/http/ngx_http_script.c
++++ b/src/http/ngx_http_script.c
+@@ -1202,6 +1202,7 @@ ngx_http_script_regex_end_code(ngx_http_script_engine_t *e)
+ 
+     r = e->request;
+ 
++    e->is_args = 0;
+     e->quote = 0;
+ 
+     ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+-- 
+2.44.0
+

SOURCES/nginx.tmpfiles

@@ -0,0 +1,3 @@
+d /var/lib/nginx     770 nginx root -
+d /var/lib/nginx/tmp 770 nginx root -
+d /var/log/nginx     711 root  root -

SPECS/nginx.spec

@@ -1,6 +1,11 @@
 ## START: Set by rpmautospec
 ## (rpmautospec version 0.6.5)
-## RPMAUTOSPEC: autochangelog
+## RPMAUTOSPEC: autorelease, autochangelog
+%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
+    release_number = 9;
+    base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
+    print(release_number + base_release_number - 1);
+}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
 ## END: Set by rpmautospec
 
 %global  _hardened_build     1
@@ -67,7 +72,7 @@
 Name:              nginx
 Epoch:             2
 Version:           1.26.3
-Release:           2%{?dist}.1
+Release:           %autorelease
 
 Summary:           A high performance web server and reverse proxy server
 License:           BSD-2-Clause
@@ -91,6 +96,7 @@ Source16:          nginxmods.attr
 Source17:          nginx-ssl-pass-dialog
 Source18:          nginx@.service
 Source19:          nginx.sysusers
+Source20:          nginx.tmpfiles
 Source102:         nginx-logo.png
 Source200:         README.dynamic
 Source210:         UPGRADE-NOTES-1.6-to-1.10
@@ -123,27 +129,34 @@ Patch6:            0007-Support-loading-cert-hardware-token-PKC.patch
 # downstream patch - https://issues.redhat.com/browse/RHEL-40621
 Patch7:            0008-defer-ENGINE_finish-calls-to-a-cleanup.patch
 
+# https://issues.redhat.com/browse/RHEL-113229
+# upstream patch - https://github.com/nginx/nginx/pull/1089
+Patch8:            0009-Clarify-binding-behavior-of-t-option.patch
+
 # https://issues.redhat.com/browse/RHEL-146516
 # upstream patch - https://github.com/nginx/nginx/commit/784fa05025cb8cd0c770f99bc79d2794b9f85b6e
-Patch8:            0009-Upstream-detect-premature-plain-text-response-from-S.patch
+Patch9:            0010-Upstream-detect-premature-plain-text-response-from-S.patch
 
-# https://redhat.atlassian.net/browse/RHEL-159559
+# https://redhat.atlassian.net/browse/RHEL-159562
 # upstream patch - https://github.com/nginx/nginx/commit/a1d18284e0a17
 # whitespace were removed from the patch
-Patch9:            0010-Dav-destination-length-validation-for-COPY-and-MOVE.patch
+Patch10:           0011-Dav-destination-length-validation-for-COPY-and-MOVE.patch
 
-# https://redhat.atlassian.net/browse/RHEL-159538
+# https://redhat.atlassian.net/browse/RHEL-159541
 # upstream patch - https://github.com/nginx/nginx/commit/3568812cf98df
-Patch10:           0011-Mp4-fixed-possible-integer-overflow-on-32-bit-platfo.patch
+Patch11:           0012-Mp4-fixed-possible-integer-overflow-on-32-bit-platfo.patch
 
-# https://redhat.atlassian.net/browse/RHEL-159446
+# https://redhat.atlassian.net/browse/RHEL-159449
 # upstream patch - https://github.com/nginx/nginx/commit/9bc13718fe8a59a45
-Patch11:           0012-Mail-fixed-clearing-s-passwd-in-auth-http-requests.patch
+Patch12:           0013-Mail-fixed-clearing-s-passwd-in-auth-http-requests.patch
 
-# https://redhat.atlassian.net/browse/RHEL-157887
+# https://redhat.atlassian.net/browse/RHEL-157890
 # upstream patch - https://github.com/nginx/nginx/commit/7725c372c2f
-Patch12:           0013-Mp4-avoid-zero-size-buffers-in-output.patch
+Patch13:           0014-Mp4-avoid-zero-size-buffers-in-output.patch
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2026-42945
+# upstream patch - https://github.com/nginx/nginx/commit/524977e7
+Patch14:           0015-Rewrite-fixed-escaping-and-possible-buffer-overrun.patch
 
 BuildRequires:     make
 BuildRequires:     gcc
@@ -523,6 +536,10 @@ install -m755 $RPM_SOURCE_DIR/nginx-ssl-pass-dialog \
 # install sysusers file
 install -p -D -m 0644 %{SOURCE19} %{buildroot}%{_sysusersdir}/nginx.conf
 
+# tmpfiles.d configuration
+mkdir -p %{buildroot}%{_tmpfilesdir}
+install -m 644 -p %{SOURCE20} %{buildroot}%{_tmpfilesdir}/nginx.conf
+
 %pre filesystem
 %sysusers_create_compat %{SOURCE19}
 
@@ -612,6 +629,7 @@ fi
 %attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx
 %attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx/tmp
 %attr(711,root,root) %dir %{_localstatedir}/log/nginx
+%{_tmpfilesdir}/nginx.conf
 %ghost %attr(640,%{nginx_user},root) %{_localstatedir}/log/nginx/access.log
 %ghost %attr(640,%{nginx_user},root) %{_localstatedir}/log/nginx/error.log
 %dir %{nginx_moduledir}
@@ -666,26 +684,35 @@ fi
 
 %changelog
 ## START: Generated by rpmautospec
-* Wed Apr 01 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:1.26.3-6
-- Resolves: RHEL-157887 - CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of
-  Service or Code Execution via specially crafted MP4 files
+* Thu May 14 2026 Luboš Uhliarik <luhliari@redhat.com> - 2:1.26.3-9
+- Resolves: RHEL-176218 - nginx:1.26/nginx: NGINX: Arbitrary Code Execution
+  Vulnerability (CVE-2026-42945)
 
-* Wed Apr 01 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:1.26.3-5
-- Resolves: RHEL-159446 - CVE-2026-27651 nginx:1.26/nginx: NGINX: Denial of
-  Service via undisclosed requests when ngx_mail_auth_http_module is
-  enabled
+* Fri Mar 27 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:1.26.3-8
+- CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of Service or Code
+  Execution via specially crafted MP4 files
 
-* Wed Apr 01 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:1.26.3-4
-- Resolves: RHEL-159538 - CVE-2026-27784 nginx:1.26/nginx: NGINX: Denial of
-  Service due to memory corruption via crafted MP4 file
+* Fri Mar 27 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:1.26.3-7
+- CVE-2026-27651 nginx:1.26/nginx: NGINX: Denial of Service via undisclosed
+  requests when ngx_mail_auth_http_module is enabled
 
-* Wed Apr 01 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:1.26.3-3
-- Resolves: RHEL-159559 - CVE-2026-27654 nginx:1.26/nginx: NGINX: Denial of
-  Service or file modification via buffer overflow in ngx_http_dav_module
+* Fri Mar 27 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:1.26.3-6
+- CVE-2026-27784 nginx:1.26/nginx: NGINX: Denial of Service due to memory
+  corruption via crafted MP4 file
 
-* Thu Feb 19 2026 Luboš Uhliarik <luhliari@redhat.com> - 2:1.26.3-2
-- nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied
-  connections (CVE-2026-1642)
+* Fri Mar 27 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:1.26.3-5
+- CVE-2026-27654 nginx:1.26/nginx: NGINX: Denial of Service or file
+  modification via buffer overflow in ngx_http_dav_module
+
+* Tue Feb 17 2026 Luboš Uhliarik <luhliari@redhat.com> - 2:1.26.3-4
+- CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack
+  on TLS proxied connections
+
+* Mon Feb 16 2026 Luboš Uhliarik <luhliari@redhat.com> - 2:1.26.3-3
+- Resolves: RHEL-144454 - Clarify binding behavior of -t option
+
+* Wed Dec 03 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.26.3-2
+- Add tmpfiles.d rules for /var directories (bootc compatibility)
 
 * Fri Feb 07 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.26.3-1
 - New version 1.26.3