diff --git a/.gitignore b/.gitignore index 4dfd66f..269354d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/nginx-1.18.0.tar.gz -SOURCES/poweredby.png +SOURCES/nginx-logo.png diff --git a/.nginx.metadata b/.nginx.metadata index e483707..e5c19c7 100644 --- a/.nginx.metadata +++ b/.nginx.metadata @@ -1,2 +1,2 @@ 47b2c5ccd12e2a7088b03d629ff6b9ab18215180 SOURCES/nginx-1.18.0.tar.gz -2ec82988cd0d9b1304c95a16b28eff70f0f69abc SOURCES/poweredby.png +e28dd656984cc2894d8124c5278789c656f6a9cb SOURCES/nginx-logo.png diff --git a/SOURCES/index.html b/SOURCES/index.html deleted file mode 100644 index 7756222..0000000 --- a/SOURCES/index.html +++ /dev/null @@ -1,117 +0,0 @@ - - - - - Test Page for the Nginx HTTP Server on Red Hat Enterprise Linux - - - - - -

Welcome to nginx on Red Hat Enterprise Linux!

- -
-

This page is used to test the proper operation of the - nginx HTTP server after it has been - installed. If you can read this page, it means that the - web server installed at this site is working - properly.

- -
-

Website Administrator

-
-

This is the default index.html page that - is distributed with nginx on - Red Hat Enterprise Linux. It is located in - /usr/share/nginx/html.

- -

You should now put your content in a location of - your choice and edit the root configuration - directive in the nginx - configuration file - /etc/nginx/nginx.conf.

- -

For information on Red Hat Enterprise Linux, please visit the Red Hat, Inc. website. The documentation for Red Hat Enterprise Linux is available on the Red Hat, Inc. website.

- -
-
- -
- [ Powered by nginx ] - [ Powered by Red Hat Enterprise Linux ] -
-
- - diff --git a/SOURCES/nginx-1.18.0-CVE-2021-23017.patch b/SOURCES/nginx-1.18.0-CVE-2021-23017.patch new file mode 100644 index 0000000..26d01ff --- /dev/null +++ b/SOURCES/nginx-1.18.0-CVE-2021-23017.patch @@ -0,0 +1,24 @@ +diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c +index e51712c..4e75ab8 100644 +--- a/src/core/ngx_resolver.c ++++ b/src/core/ngx_resolver.c +@@ -3993,15 +3993,15 @@ done: + n = *src++; + + } else { ++ if (dst != name->data) { ++ *dst++ = '.'; ++ } ++ + ngx_strlow(dst, src, n); + dst += n; + src += n; + + n = *src++; +- +- if (n != 0) { +- *dst++ = '.'; +- } + } + + if (n == 0) { diff --git a/SOURCES/nginx-logo.png b/SOURCES/nginx-logo.png deleted file mode 100644 index 638b499..0000000 Binary files a/SOURCES/nginx-logo.png and /dev/null differ diff --git a/SPECS/nginx.spec b/SPECS/nginx.spec index 04a67c7..e5ee179 100644 --- a/SPECS/nginx.spec +++ b/SPECS/nginx.spec @@ -19,7 +19,7 @@ Name: nginx Epoch: 1 Version: 1.18.0 -Release: 2%{?dist} +Release: 3%{?dist}.1 Summary: A high performance web server and reverse proxy server Group: System Environment/Daemons @@ -34,8 +34,6 @@ Source11: nginx.logrotate Source12: nginx.conf Source13: nginx-upgrade Source14: nginx-upgrade.8 -Source100: index.html -Source101: poweredby.png Source102: nginx-logo.png Source103: 404.html Source104: 50x.html @@ -62,6 +60,9 @@ Patch4: nginx-1.16.0-enable-tls1v3-by-default.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1668717 Patch5: nginx-1.18.0-pkcs11-cert.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1963121 +Patch6: nginx-1.18.0-CVE-2021-23017.patch + %if 0%{?with_gperftools} BuildRequires: gperftools-devel %endif @@ -70,6 +71,7 @@ BuildRequires: pcre-devel BuildRequires: zlib-devel Requires: nginx-filesystem = %{epoch}:%{version}-%{release} +Requires: system-logos-httpd >= 82.0 %if 0%{?rhel} > 0 && 0%{?rhel} < 8 # Introduced at 1:1.10.0-1 to ease upgrade path. To be removed later. @@ -193,6 +195,7 @@ Requires: nginx %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} . @@ -296,10 +299,19 @@ install -p -d -m 0755 %{buildroot}%{_libdir}/nginx/modules install -p -m 0644 ./nginx.conf \ %{buildroot}%{_sysconfdir}/nginx -install -p -m 0644 %{SOURCE100} \ - %{buildroot}%{_datadir}/nginx/html -install -p -m 0644 %{SOURCE101} %{SOURCE102} \ + +rm -f %{buildroot}%{_datadir}/nginx/html/index.html +ln -s ../../testpage/index.html \ + %{buildroot}%{_datadir}/nginx/html/index.html +install -p -m 0644 %{SOURCE102} \ %{buildroot}%{_datadir}/nginx/html +ln -s nginx-logo.png %{buildroot}%{_datadir}/nginx/html/poweredby.png +mkdir -p %{buildroot}%{_datadir}/nginx/html/icons + +# Symlink for the powered-by-$DISTRO image: +ln -s ../../../pixmaps/poweredby.png \ + %{buildroot}%{_datadir}/nginx/html/icons/poweredby.png + install -p -m 0644 %{SOURCE103} %{SOURCE104} \ %{buildroot}%{_datadir}/nginx/html @@ -465,6 +477,15 @@ fi %changelog +* Tue May 25 2021 Luboš Uhliarik - 1:1.18.0-3.1 +- Resolves: #1963178 - CVE-2021-23017 nginx:1.18/nginx: Off-by-one in + ngx_resolver_copy() when labels are followed by a pointer to a root + domain name + +* Thu Nov 12 2020 Lubos Uhliarik - 1:1.18.0-3 +- Resolves: #1651377 - centralizing default index.html on nginx +- Resolves: #1825683 - Outdated Red Hat branding used in nginx default pages + * Wed Apr 22 2020 Lubos Uhliarik - 1:1.18.0-2 - new version 1.18.0 - Resolves: #1668717 - [RFE] Support loading certificates from hardware token