From 888f002e3903bd0e6c1188f1d45bb96271908b54 Mon Sep 17 00:00:00 2001 From: AlmaLinux RelEng Bot Date: Fri, 10 Apr 2026 02:25:39 -0400 Subject: [PATCH] import Oracle_OSS nginx-1.20.1-24.0.1.el9_7.2 --- ...-length-validation-for-COPY-and-MOVE.patch | 31 +++ ...le-integer-overflow-on-32-bit-platfo.patch | 84 +++++++ ...aring-s-passwd-in-auth-http-requests.patch | 31 +++ ...p4-avoid-zero-size-buffers-in-output.patch | 74 ++++++ SOURCES/404.html | 230 +++++++++-------- SOURCES/50x.html | 233 ++++++++++-------- SOURCES/nginx-upgrade | 0 SOURCES/remove-redhat-404-references.patch | 70 ++++++ SOURCES/remove-redhat-50x-references.patch | 77 ++++++ SPECS/nginx.spec | 38 ++- 10 files changed, 648 insertions(+), 220 deletions(-) create mode 100644 SOURCES/0015-Dav-destination-length-validation-for-COPY-and-MOVE.patch create mode 100644 SOURCES/0016-Mp4-fixed-possible-integer-overflow-on-32-bit-platfo.patch create mode 100644 SOURCES/0017-Mail-fixed-clearing-s-passwd-in-auth-http-requests.patch create mode 100644 SOURCES/0018-Mp4-avoid-zero-size-buffers-in-output.patch mode change 100644 => 100755 SOURCES/nginx-upgrade create mode 100644 SOURCES/remove-redhat-404-references.patch create mode 100644 SOURCES/remove-redhat-50x-references.patch diff --git a/SOURCES/0015-Dav-destination-length-validation-for-COPY-and-MOVE.patch b/SOURCES/0015-Dav-destination-length-validation-for-COPY-and-MOVE.patch new file mode 100644 index 0000000..615a70b --- /dev/null +++ b/SOURCES/0015-Dav-destination-length-validation-for-COPY-and-MOVE.patch @@ -0,0 +1,31 @@ +diff --git a/src/http/modules/ngx_http_dav_module.c b/src/http/modules/ngx_http_dav_module.c +index cfb9892..6bf438a 100644 +--- a/src/http/modules/ngx_http_dav_module.c ++++ b/src/http/modules/ngx_http_dav_module.c +@@ -548,6 +548,7 @@ ngx_http_dav_copy_move_handler(ngx_http_request_t *r) + ngx_ext_rename_file_t ext; + ngx_http_dav_copy_ctx_t copy; + ngx_http_dav_loc_conf_t *dlcf; ++ ngx_http_core_loc_conf_t *clcf; + + if (r->headers_in.content_length_n > 0 || r->headers_in.chunked) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, +@@ -644,6 +645,18 @@ destination_done: + return NGX_HTTP_CONFLICT; + } + ++ clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); ++ ++ if (clcf->alias ++ && clcf->alias != NGX_MAX_SIZE_T_VALUE ++ && duri.len < clcf->alias) ++ { ++ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, ++ "client sent invalid \"Destination\" header: \"%V\"", ++ &dest->value); ++ return NGX_HTTP_BAD_REQUEST; ++ } ++ + depth = ngx_http_dav_depth(r, NGX_HTTP_DAV_INFINITY_DEPTH); + + if (depth != NGX_HTTP_DAV_INFINITY_DEPTH) { diff --git a/SOURCES/0016-Mp4-fixed-possible-integer-overflow-on-32-bit-platfo.patch b/SOURCES/0016-Mp4-fixed-possible-integer-overflow-on-32-bit-platfo.patch new file mode 100644 index 0000000..2dd1718 --- /dev/null +++ b/SOURCES/0016-Mp4-fixed-possible-integer-overflow-on-32-bit-platfo.patch @@ -0,0 +1,84 @@ +From 3568812cf98dfd7661cd7516ecf9b398c134ab3c Mon Sep 17 00:00:00 2001 +From: Roman Arutyunyan +Date: Mon, 2 Mar 2026 21:12:34 +0400 +Subject: [PATCH] Mp4: fixed possible integer overflow on 32-bit platforms. + +Previously, a 32-bit overflow could happen while validating atom entries +count. This allowed processing of an invalid atom with entrires beyond +its boundaries with reads and writes outside of the allocated mp4 buffer. + +Reported by Prabhav Srinath (sprabhav7). +--- + src/http/modules/ngx_http_mp4_module.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c +index 173d8ad54..678d6296c 100644 +--- a/src/http/modules/ngx_http_mp4_module.c ++++ b/src/http/modules/ngx_http_mp4_module.c +@@ -2297,7 +2297,7 @@ ngx_http_mp4_read_stts_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + "mp4 time-to-sample entries:%uD", entries); + + if (ngx_mp4_atom_data_size(ngx_mp4_stts_atom_t) +- + entries * sizeof(ngx_mp4_stts_entry_t) > atom_data_size) ++ + (uint64_t) entries * sizeof(ngx_mp4_stts_entry_t) > atom_data_size) + { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "\"%s\" mp4 stts atom too small", mp4->file.name.data); +@@ -2612,7 +2612,7 @@ ngx_http_mp4_read_stss_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom->last = atom_table; + + if (ngx_mp4_atom_data_size(ngx_http_mp4_stss_atom_t) +- + entries * sizeof(uint32_t) > atom_data_size) ++ + (uint64_t) entries * sizeof(uint32_t) > atom_data_size) + { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "\"%s\" mp4 stss atom too small", mp4->file.name.data); +@@ -2817,7 +2817,7 @@ ngx_http_mp4_read_ctts_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom->last = atom_table; + + if (ngx_mp4_atom_data_size(ngx_mp4_ctts_atom_t) +- + entries * sizeof(ngx_mp4_ctts_entry_t) > atom_data_size) ++ + (uint64_t) entries * sizeof(ngx_mp4_ctts_entry_t) > atom_data_size) + { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "\"%s\" mp4 ctts atom too small", mp4->file.name.data); +@@ -2999,7 +2999,7 @@ ngx_http_mp4_read_stsc_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + "sample-to-chunk entries:%uD", entries); + + if (ngx_mp4_atom_data_size(ngx_mp4_stsc_atom_t) +- + entries * sizeof(ngx_mp4_stsc_entry_t) > atom_data_size) ++ + (uint64_t) entries * sizeof(ngx_mp4_stsc_entry_t) > atom_data_size) + { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "\"%s\" mp4 stsc atom too small", mp4->file.name.data); +@@ -3393,7 +3393,7 @@ ngx_http_mp4_read_stsz_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + if (size == 0) { + if (ngx_mp4_atom_data_size(ngx_mp4_stsz_atom_t) +- + entries * sizeof(uint32_t) > atom_data_size) ++ + (uint64_t) entries * sizeof(uint32_t) > atom_data_size) + { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "\"%s\" mp4 stsz atom too small", +@@ -3552,7 +3552,7 @@ ngx_http_mp4_read_stco_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "chunks:%uD", entries); + + if (ngx_mp4_atom_data_size(ngx_mp4_stco_atom_t) +- + entries * sizeof(uint32_t) > atom_data_size) ++ + (uint64_t) entries * sizeof(uint32_t) > atom_data_size) + { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "\"%s\" mp4 stco atom too small", mp4->file.name.data); +@@ -3768,7 +3768,7 @@ ngx_http_mp4_read_co64_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "chunks:%uD", entries); + + if (ngx_mp4_atom_data_size(ngx_mp4_co64_atom_t) +- + entries * sizeof(uint64_t) > atom_data_size) ++ + (uint64_t) entries * sizeof(uint64_t) > atom_data_size) + { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "\"%s\" mp4 co64 atom too small", mp4->file.name.data); +-- +2.53.0 + diff --git a/SOURCES/0017-Mail-fixed-clearing-s-passwd-in-auth-http-requests.patch b/SOURCES/0017-Mail-fixed-clearing-s-passwd-in-auth-http-requests.patch new file mode 100644 index 0000000..1f6476a --- /dev/null +++ b/SOURCES/0017-Mail-fixed-clearing-s-passwd-in-auth-http-requests.patch @@ -0,0 +1,31 @@ +From 9bc13718fe8a59a4538805516be7e141070c22d6 Mon Sep 17 00:00:00 2001 +From: Sergey Kandaurov +Date: Wed, 18 Mar 2026 16:39:37 +0400 +Subject: [PATCH] Mail: fixed clearing s->passwd in auth http requests. + +Previously, it was not properly cleared retaining length as part of +authenticating with CRAM-MD5 and APOP methods that expect to receive +password in auth response. This resulted in null pointer dereference +and worker process crash in subsequent auth attempts with CRAM-MD5. + +Reported by Arkadi Vainbrand. +--- + src/mail/ngx_mail_auth_http_module.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/mail/ngx_mail_auth_http_module.c b/src/mail/ngx_mail_auth_http_module.c +index 4ca6d6e24..3e5095a2d 100644 +--- a/src/mail/ngx_mail_auth_http_module.c ++++ b/src/mail/ngx_mail_auth_http_module.c +@@ -1328,7 +1328,7 @@ ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool, + b->last = ngx_cpymem(b->last, "Auth-Salt: ", sizeof("Auth-Salt: ") - 1); + b->last = ngx_copy(b->last, s->salt.data, s->salt.len); + +- s->passwd.data = NULL; ++ ngx_str_null(&s->passwd); + } + + b->last = ngx_cpymem(b->last, "Auth-Protocol: ", +-- +2.53.0 + diff --git a/SOURCES/0018-Mp4-avoid-zero-size-buffers-in-output.patch b/SOURCES/0018-Mp4-avoid-zero-size-buffers-in-output.patch new file mode 100644 index 0000000..f4edbf9 --- /dev/null +++ b/SOURCES/0018-Mp4-avoid-zero-size-buffers-in-output.patch @@ -0,0 +1,74 @@ +From 7725c372c2fe11ff908b1d6138be219ad694c42f Mon Sep 17 00:00:00 2001 +From: Roman Arutyunyan +Date: Sat, 21 Feb 2026 12:04:36 +0400 +Subject: [PATCH] Mp4: avoid zero size buffers in output. + +Previously, data validation checks did not cover the cases when the output +contained empty buffers. Such buffers are considered illegal and produce +"zero size buf in output" alerts. The change rejects the mp4 files which +produce such alerts. + +Also, the change fixes possible buffer overread and overwrite that could +happen while processing empty stco and co64 atoms, as reported by +Pavel Kohout (Aisle Research) and Tim Becker. +--- + src/http/modules/ngx_http_mp4_module.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c +index 445fab1cd..173d8ad54 100644 +--- a/src/http/modules/ngx_http_mp4_module.c ++++ b/src/http/modules/ngx_http_mp4_module.c +@@ -901,8 +901,11 @@ ngx_http_mp4_process(ngx_http_mp4_file_t *mp4) + } + } + +- if (end_offset < start_offset) { +- end_offset = start_offset; ++ if (end_offset <= start_offset) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "no data between start time and end time in \"%s\"", ++ mp4->file.name.data); ++ return NGX_ERROR; + } + + mp4->moov_size += 8; +@@ -913,7 +916,7 @@ ngx_http_mp4_process(ngx_http_mp4_file_t *mp4) + + *prev = &mp4->mdat_atom; + +- if (start_offset > mp4->mdat_data.buf->file_last) { ++ if (start_offset >= mp4->mdat_data.buf->file_last) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "start time is out mp4 mdat atom in \"%s\"", + mp4->file.name.data); +@@ -3444,7 +3447,7 @@ ngx_http_mp4_update_stsz_atom(ngx_http_mp4_file_t *mp4, + if (data) { + entries = trak->sample_sizes_entries; + +- if (trak->start_sample > entries) { ++ if (trak->start_sample >= entries) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "start time is out mp4 stsz samples in \"%s\"", + mp4->file.name.data); +@@ -3619,7 +3622,7 @@ ngx_http_mp4_update_stco_atom(ngx_http_mp4_file_t *mp4, + return NGX_ERROR; + } + +- if (trak->start_chunk > trak->chunks) { ++ if (trak->start_chunk >= trak->chunks) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "start time is out mp4 stco chunks in \"%s\"", + mp4->file.name.data); +@@ -3834,7 +3837,7 @@ ngx_http_mp4_update_co64_atom(ngx_http_mp4_file_t *mp4, + return NGX_ERROR; + } + +- if (trak->start_chunk > trak->chunks) { ++ if (trak->start_chunk >= trak->chunks) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "start time is out mp4 co64 chunks in \"%s\"", + mp4->file.name.data); +-- +2.53.0 + diff --git a/SOURCES/404.html b/SOURCES/404.html index c6014a7..5350e82 100644 --- a/SOURCES/404.html +++ b/SOURCES/404.html @@ -1,120 +1,132 @@ - - The page is not found - - - + img { + border: 2px solid #fff; + padding: 2px; + margin: 2px; + } + a:hover img { + border: 2px solid #294172; + } + .logos { + margin: 1em; + text-align: center; + } + /*]]>*/ + + - -

nginx error!

+ +

nginx error!

+
+

The page you are looking for is not found.

+ +
+

Website Administrator

+

+ Something has triggered missing webpage on your website. This is the + default 404 error page for nginx that is + distributed with OpenELA. It is located + /usr/share/nginx/html/404.html +

-

The page you are looking for is not found.

+

+ You should customize this error page for your own site or edit the + error_page directive in the + nginx configuration file + /etc/nginx/nginx.conf. +

-
-

Website Administrator

-
-

Something has triggered missing webpage on your - website. This is the default 404 error page for - nginx that is distributed with - Red Hat Enterprise Linux. It is located - /usr/share/nginx/html/404.html

- -

You should customize this error page for your own - site or edit the error_page directive in - the nginx configuration file - /etc/nginx/nginx.conf.

- -

For information on Red Hat Enterprise Linux, please visit the Red Hat, Inc. website. The documentation for Red Hat Enterprise Linux is available on the Red Hat, Inc. website.

- -
-
- -
- [ Powered by nginx ] - [ Powered by Red Hat Enterprise Linux ] -
+

+ For information on OpenELA, please visit the + OpenELA website. The + documentation for OpenELA is + available on the OpenELA website. +

- +
+ +
+ [ Powered by nginx ] + [ Powered by OpenELA ] + +
+
+ diff --git a/SOURCES/50x.html b/SOURCES/50x.html index 5d8d957..5a9db82 100644 --- a/SOURCES/50x.html +++ b/SOURCES/50x.html @@ -1,120 +1,135 @@ - - The page is temporarily unavailable - - - + img { + border: 2px solid #fff; + padding: 2px; + margin: 2px; + } + a:hover img { + border: 2px solid #294172; + } + .logos { + margin: 1em; + text-align: center; + } + /*]]>*/ + + - -

nginx error!

+ +

nginx error!

+
+

+ The page you are looking for is temporarily unavailable. Please try + again later. +

+ +
+

Website Administrator

+

+ Something has triggered missing webpage on your website. This is the + default error page for nginx that is distributed + with OpenELA. It is located + /usr/share/nginx/html/50x.html +

-

The page you are looking for is temporarily unavailable. Please try again later.

+

+ You should customize this error page for your own site or edit the + error_page directive in the + nginx configuration file + /etc/nginx/nginx.conf. +

-
-

Website Administrator

-
-

Something has triggered missing webpage on your - website. This is the default error page for - nginx that is distributed with - Red Hat Enterprise Linux. It is located - /usr/share/nginx/html/50x.html

- -

You should customize this error page for your own - site or edit the error_page directive in - the nginx configuration file - /etc/nginx/nginx.conf.

- -

For information on Red Hat Enterprise Linux, please visit the Red Hat, Inc. website. The documentation for Red Hat Enterprise Linux is available on the Red Hat, Inc. website.

- -
-
- -
- [ Powered by nginx ] - [ Powered by Red Hat Enterprise Linux ] -
+

+ For information on OpenELA, please visit the + OpenELA website. The + documentation for OpenELA is + available on the OpenELA website. +

- +
+ +
+ [ Powered by nginx ] + [ Powered by OpenELA ] + +
+
+ diff --git a/SOURCES/nginx-upgrade b/SOURCES/nginx-upgrade old mode 100644 new mode 100755 diff --git a/SOURCES/remove-redhat-404-references.patch b/SOURCES/remove-redhat-404-references.patch new file mode 100644 index 0000000..5973d65 --- /dev/null +++ b/SOURCES/remove-redhat-404-references.patch @@ -0,0 +1,70 @@ +diff --git a/404.html b/404.html +index 5350e82..240c5c3 100644 +--- a/404.html ++++ b/404.html +@@ -15,10 +15,10 @@ + padding: 0; + } + :link { +- color: #c00; ++ color: #f00; + } + :visited { +- color: #c00; ++ color: #f00; + } + a:hover { + color: #f50; +@@ -27,7 +27,7 @@ + text-align: center; + margin: 0; + padding: 0.6em 2em 0.4em; +- background-color: #10B981; ++ background-color: #ff0000; + color: #fff; + font-weight: normal; + font-size: 1.75em; +@@ -39,7 +39,7 @@ + } + h2 { + text-align: center; +- background-color: #10B981; ++ background-color: #ff0000; + font-size: 1.1em; + font-weight: bold; + color: #fff; +@@ -91,7 +91,7 @@ +

+ Something has triggered missing webpage on your website. This is the + default 404 error page for nginx that is +- distributed with OpenELA. It is located ++ distributed with Oracle Linux. It is located + /usr/share/nginx/html/404.html +

+ +@@ -103,12 +103,7 @@ +

+ +

+- For information on OpenELA, please visit the +- OpenELA website. The +- documentation for OpenELA is +- available on the OpenELA website. ++

For information on Oracle Linux, please visit the Oracle Linux website. The documentation for Oracle Linux is available on the Oracle Linux website.

+

+ + +@@ -121,9 +116,9 @@ + width="121" + height="32" + /> +- [ Powered by OpenELA ] + + diff --git a/SOURCES/remove-redhat-50x-references.patch b/SOURCES/remove-redhat-50x-references.patch new file mode 100644 index 0000000..df3d81b --- /dev/null +++ b/SOURCES/remove-redhat-50x-references.patch @@ -0,0 +1,77 @@ +Signed-off-by: Alan Steinberg +diff --git a/50x.html b/50x.html +index 5a9db82..b7d0b9a 100644 +--- a/50x.html ++++ b/50x.html +@@ -15,10 +15,10 @@ + padding: 0; + } + :link { +- color: #c00; ++ color: #f00; + } + :visited { +- color: #c00; ++ color: #f00; + } + a:hover { + color: #f50; +@@ -27,7 +27,7 @@ + text-align: center; + margin: 0; + padding: 0.6em 2em 0.4em; +- background-color: #10B981; ++ background-color: #ff0000; + color: #fff; + font-weight: normal; + font-size: 1.75em; +@@ -39,7 +39,7 @@ + } + h2 { + text-align: center; +- background-color: #10B981; ++ background-color: #ff0000; + font-size: 1.1em; + font-weight: bold; + color: #fff; +@@ -94,7 +94,7 @@ +

+ Something has triggered missing webpage on your website. This is the + default error page for nginx that is distributed +- with OpenELA. It is located ++ with Oracle Linux. It is located + /usr/share/nginx/html/50x.html +

+ +@@ -106,11 +106,11 @@ +

+ +

+- For information on OpenELA, please visit the +- OpenELA website. The +- documentation for OpenELA is +- available on the OpenELA websiteOracle Linux website. The ++ documentation for Oracle Linux is ++ available on the Oracle Linux website. +

+ +@@ -124,11 +124,11 @@ + width="121" + height="32" + /> +- [ Powered by OpenELA ] +- ++ + + + diff --git a/SPECS/nginx.spec b/SPECS/nginx.spec index b9f007d..9815a9f 100644 --- a/SPECS/nginx.spec +++ b/SPECS/nginx.spec @@ -41,7 +41,7 @@ Name: nginx Epoch: 2 Version: 1.20.1 -Release: 24%{?dist}.1 +Release: 24.0.1%{?dist}.2 Summary: A high performance web server and reverse proxy server # BSD License (two clause) @@ -68,6 +68,9 @@ Source103: 404.html Source104: 50x.html Source200: README.dynamic Source210: UPGRADE-NOTES-1.6-to-1.10 +# Oracle patches +Source1001: remove-redhat-404-references.patch +Source1002: remove-redhat-50x-references.patch # removes -Werror in upstream build scripts. -Werror conflicts with # -D_FORTIFY_SOURCE=2 causing warnings to turn into errors. @@ -118,9 +121,27 @@ Patch13: 0013-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch # upstream patch - https://github.com/nginx/nginx/commit/784fa05025cb8cd0c770f99bc79d2794b9f85b6e Patch14: 0014-Upstream-detect-premature-plain-text-response-from-S.patch +# https://redhat.atlassian.net/browse/RHEL-159557 +# upstream patch - https://github.com/nginx/nginx/commit/a1d18284e0a17 +# whitespace were removed from the patch +Patch15: 0015-Dav-destination-length-validation-for-COPY-and-MOVE.patch + +# https://redhat.atlassian.net/browse/RHEL-159536 +# upstream patch - https://github.com/nginx/nginx/commit/3568812cf98df +Patch16: 0016-Mp4-fixed-possible-integer-overflow-on-32-bit-platfo.patch + +# https://redhat.atlassian.net/browse/RHEL-159444 +# upstream patch - https://github.com/nginx/nginx/commit/9bc13718fe8a59a45 +Patch17: 0017-Mail-fixed-clearing-s-passwd-in-auth-http-requests.patch + +# https://redhat.atlassian.net/browse/RHEL-157885 +# upstream patch - https://github.com/nginx/nginx/commit/7725c372c2f +Patch18: 0018-Mp4-avoid-zero-size-buffers-in-output.patch + BuildRequires: make BuildRequires: gcc BuildRequires: gnupg2 + %if 0%{?with_gperftools} BuildRequires: gperftools-devel %endif @@ -135,7 +156,7 @@ BuildRequires: zlib-devel Requires: nginx-filesystem = %{epoch}:%{version}-%{release} %if 0%{?el7} # centos-logos el7 does not provide 'system-indexhtml' -Requires: system-logos redhat-indexhtml +Requires: system-logos oracle-indexhtml # need to remove epel7 geoip sub-package, doesn't work anymore # https://bugzilla.redhat.com/show_bug.cgi?id=1576034 # https://bugzilla.redhat.com/show_bug.cgi?id=1664957 @@ -437,6 +458,8 @@ ln -s ../../pixmaps/system-noindex-logo.png \ %{buildroot}%{_datadir}/nginx/html/system_noindex_logo.png %endif +patch %{SOURCE103} %{SOURCE1001} +patch %{SOURCE104} %{SOURCE1002} install -p -m 0644 %{SOURCE103} %{SOURCE104} \ %{buildroot}%{_datadir}/nginx/html @@ -627,6 +650,17 @@ fi %changelog +* Wed Apr 08 2026 EL Errata - 1.20.1-24.0.1.el9_7.2 +- Reference oracle-indexhtml within Requires [Orabug: 33802044] +- Remove Red Hat references [Orabug: 29498217] +- Update upstream references [Orabug: 36579090] + +* Tue Mar 31 2026 Zdenek Dohnal - 2:1.20.1-24.2 +- Resolves: RHEL-159557 - CVE-2026-27654 nginx: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module +- Resolves: RHEL-159536 - CVE-2026-27784 nginx: NGINX: Denial of Service due to memory corruption via crafted MP4 file +- Resolves: RHEL-159444 - CVE-2026-27651 nginx: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled +- Resolves: RHEL-157885 - CVE-2026-32647 nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files + * Thu Feb 19 2026 Luboš Uhliarik - 2:1.20.1-24.1 - Resolves: RHEL-146525 - nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)