rpms/nginx
7
0
Fork 1
Code Issues Pull Requests Releases Activity

import CS git nginx-1.24.0-2.el8

Browse Source
This commit is contained in:
AlmaLinux RelEng Bot 2026-03-24 08:37:20 -04:00
parent 5fdef562d3
commit 3d6d5d9f0e
4 changed files with 82 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
SOURCES/0007-Upstream-detect-premature-plain-text-response-from-S.patch Normal file
View File

@ -0,0 +1,45 @@
From bad28aaf4bc2e882b2d006387d79c354579a2a9a Mon Sep 17 00:00:00 2001
From: Roman Arutyunyan <arut@nginx.com>
Date: Thu, 29 Jan 2026 13:27:32 +0400
Subject: [PATCH] Upstream: detect premature plain text response from SSL
backend.
When connecting to a backend, the connection write event is triggered
first in most cases. However if a response arrives quickly enough, both
read and write events can be triggered together within the same event loop
iteration. In this case the read event handler is called first and the
write event handler is called after it.
SSL initialization for backend connections happens only in the write event
handler since SSL handshake starts with sending Client Hello. Previously,
if a backend sent a quick plain text response, it could be parsed by the
read event handler prior to starting SSL handshake on the connection.
The change adds protection against parsing such responses on SSL-enabled
connections.
---
src/http/ngx_http_upstream.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index 3ae822b..6c310d8 100644
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -2441,6 +2441,15 @@ ngx_http_upstream_process_header(ngx_http_request_t *r, ngx_http_upstream_t *u)
return;
}
+#if (NGX_HTTP_SSL)
+ if (u->ssl && c->ssl == NULL) {
+ ngx_log_error(NGX_LOG_ERR, c->log, 0,
+ "upstream prematurely sent response");
+ ngx_http_upstream_next(r, u, NGX_HTTP_UPSTREAM_FT_ERROR);
+ return;
+ }
+#endif
+
u->state->bytes_received += n;
u->buffer.last += n;
--
2.44.0

28
SOURCES/404.html
View File

@ -7,7 +7,7 @@
<style type="text/css">
/*<![CDATA[*/
body {
background-color: #FAF5F5;
background-color: #fff;
color: #000;
font-size: 0.9em;
font-family: sans-serif,helvetica;
@ -15,19 +15,19 @@
padding: 0;
}
:link {
color: #0B2335;
color: #c00;
}
:visited {
color: #0B2335;
color: #c00;
}
a:hover {
color: #0069DA;
color: #f50;
}
h1 {
text-align: center;
margin: 0;
padding: 0.6em 2em 0.4em;
background-color: #0B2335;
background-color: #900;
color: #fff;
font-weight: normal;
font-size: 1.75em;
@ -39,7 +39,7 @@
}
h2 {
text-align: center;
background-color: #0B2335;
background-color: #900;
font-size: 1.1em;
font-weight: bold;
color: #fff;
@ -64,7 +64,7 @@
}
img {
border: 2px solid #FAF5F5;
border: 2px solid #fff;
padding: 2px;
margin: 2px;
}
@ -92,7 +92,7 @@
<p>Something has triggered missing webpage on your
website. This is the default 404 error page for
<strong>nginx</strong> that is distributed with
AlmaLinux. It is located
Red Hat Enterprise Linux. It is located
<tt>/usr/share/nginx/html/404.html</tt></p>
<p>You should customize this error page for your own
@ -100,20 +100,20 @@
the <strong>nginx</strong> configuration file
<tt>/etc/nginx/nginx.conf</tt>.</p>
<p>For information on AlmaLinux, please visit the <a href="http://www.almalinux.org/">AlmaLinux website</a>.</p>
<p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
</div>
</div>
<div class="logos">
<a href="http://nginx.net/"><img
src="nginx-logo.png"
src="nginx-logo.png"
alt="[ Powered by nginx ]"
width="121" height="32" /></a>
<a href="http://www.almalinux.org/"><img
src="/icons/poweredby.png"
alt="[ Powered by AlmaLinux ]"
width="124" height="32" /></a>
<a href="http://www.redhat.com/"><img
src="poweredby.png"
alt="[ Powered by Red Hat Enterprise Linux ]"
width="88" height="31" /></a>
</div>
</div>
</body>

28
SOURCES/50x.html
View File

@ -7,7 +7,7 @@
<style type="text/css">
/*<![CDATA[*/
body {
background-color: #FAF5F5;
background-color: #fff;
color: #000;
font-size: 0.9em;
font-family: sans-serif,helvetica;
@ -15,19 +15,19 @@
padding: 0;
}
:link {
color: #0B2335;
color: #c00;
}
:visited {
color: #0B2335;
color: #c00;
}
a:hover {
color: #0069DA;
color: #f50;
}
h1 {
text-align: center;
margin: 0;
padding: 0.6em 2em 0.4em;
background-color: #0B2335;
background-color: #900;
color: #fff;
font-weight: normal;
font-size: 1.75em;
@ -39,7 +39,7 @@
}
h2 {
text-align: center;
background-color: #0B2335;
background-color: #900;
font-size: 1.1em;
font-weight: bold;
color: #fff;
@ -64,7 +64,7 @@
}
img {
border: 2px solid #FAF5F5;
border: 2px solid #fff;
padding: 2px;
margin: 2px;
}
@ -92,7 +92,7 @@
<p>Something has triggered missing webpage on your
website. This is the default error page for
<strong>nginx</strong> that is distributed with
AlmaLinux. It is located
Red Hat Enterprise Linux. It is located
<tt>/usr/share/nginx/html/50x.html</tt></p>
<p>You should customize this error page for your own
@ -100,20 +100,20 @@
the <strong>nginx</strong> configuration file
<tt>/etc/nginx/nginx.conf</tt>.</p>
<p>For information on AlmaLinux, please visit the <a href="http://www.almalinux.org/">AlmaLinux website</a>.</p>
<p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
</div>
</div>
<div class="logos">
<a href="http://nginx.net/"><img
src="nginx-logo.png"
src="nginx-logo.png"
alt="[ Powered by nginx ]"
width="121" height="32" /></a>
<a href="http://www.almalinux.org/"><img
src="/icons/poweredby.png"
alt="[ Powered by AlmaLinux ]"
width="124" height="32" /></a>
<a href="http://www.redhat.com/"><img
src="poweredby.png"
alt="[ Powered by Red Hat Enterprise Linux ]"
width="88" height="31" /></a>
</div>
</div>
</body>

12
SPECS/nginx.spec
View File

@ -30,7 +30,7 @@
Name: nginx
Epoch: 1
Version: 1.24.0
Release: 1%{?dist}.alma.1
Release: 2%{?dist}
Summary: A high performance web server and reverse proxy server
Group: System Environment/Daemons
@ -77,6 +77,10 @@ Patch5: nginx-1.18.0-pkcs11-cert.patch
# https://issues.redhat.com/browse/RHEL-12728
Patch6: nginx-1.22-CVE-2023-44487.patch
# https://issues.redhat.com/browse/RHEL-146516
# upstream patch - https://github.com/nginx/nginx/commit/784fa05025cb8cd0c770f99bc79d2794b9f85b6e
Patch7: 0007-Upstream-detect-premature-plain-text-response-from-S.patch
%if 0%{?with_gperftools}
BuildRequires: gperftools-devel
%endif
@ -234,6 +238,7 @@ Requires: zlib-devel
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} .
@ -546,8 +551,9 @@ fi
%{nginx_srcdir}/
%changelog
* Wed Apr 03 2024 Eduard Abdullin <eabdullin@almalinux.org> - 1:1.24.0-1.alma.1
- Debrand for AlmaLinux
* Sun Feb 22 2026 Luboš Uhliarik <luhliari@redhat.com> - 1:1.24.0-2
- Resolves: RHEL-146517 - nginx:1.24/nginx: NGINX: Data injection via
man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)
* Thu Jan 18 2024 Luboš Uhliarik <luhliari@redhat.com> - 1:1.24.0-1
- Resolves: RHEL-14714 - add nginx:1.24 to RHEL 8.10