Debrand for AlmaLinux
This commit is contained in:
Eduard Abdullin
root
commit
9fe288829e
@ -1,4 +1,4 @@
|
||||
From 524977e7c534e87e5b55739fa74601c9f1102686 Mon Sep 17 00:00:00 2001
|
||||
From 63301166f15b8e696e25a63e3b8fc1984f5e630e Mon Sep 17 00:00:00 2001
|
||||
From: Roman Arutyunyan <arut@nginx.com>
|
||||
Date: Wed, 22 Apr 2026 09:39:31 +0400
|
||||
Subject: [PATCH] Rewrite: fixed escaping and possible buffer overrun
|
||||
@ -26,17 +26,17 @@ Reported by Leo Lin.
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/http/ngx_http_script.c b/src/http/ngx_http_script.c
|
||||
index a2b9f1b7bf..2ea6113735 100644
|
||||
index 13c57d6..302f842 100644
|
||||
--- a/src/http/ngx_http_script.c
|
||||
+++ b/src/http/ngx_http_script.c
|
||||
@@ -1202,6 +1202,7 @@ ngx_http_script_regex_end_code(ngx_http_script_engine_t *e)
|
||||
|
||||
@@ -1164,6 +1164,7 @@ ngx_http_script_regex_end_code(ngx_http_script_engine_t *e)
|
||||
|
||||
r = e->request;
|
||||
|
||||
|
||||
+ e->is_args = 0;
|
||||
e->quote = 0;
|
||||
|
||||
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
|
||||
--
|
||||
2.53.0
|
||||
--
|
||||
2.44.0
|
||||
|
||||
|
||||
@ -41,7 +41,7 @@
|
||||
Name: nginx
|
||||
Epoch: 2
|
||||
Version: 1.20.1
|
||||
Release: 24%{?dist}.2.alma.2
|
||||
Release: 24%{?dist}.3.alma.1
|
||||
|
||||
Summary: A high performance web server and reverse proxy server
|
||||
# BSD License (two clause)
|
||||
@ -135,8 +135,8 @@ Patch17: 0017-Mail-fixed-clearing-s-passwd-in-auth-http-requests.patch
|
||||
# upstream patch - https://github.com/nginx/nginx/commit/7725c372c2f
|
||||
Patch18: 0018-Mp4-avoid-zero-size-buffers-in-output.patch
|
||||
|
||||
# CVE-2026-42945
|
||||
# upstream patch - https://github.com/nginx/nginx/commit/524977e7c534e87e5b55739fa74601c9f1102686
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2026-42945
|
||||
# upstream patch - https://github.com/nginx/nginx/commit/524977e7
|
||||
Patch19: 0019-Rewrite-fixed-escaping-and-possible-buffer-overrun.patch
|
||||
|
||||
BuildRequires: make
|
||||
@ -648,13 +648,13 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed May 13 2026 Jonathan Wright <jonathan@almalinux.org> - 2:1.20.1-24.2.alma.2
|
||||
- Fix CVE-2026-42945 nginx: NGINX: Buffer overrun in rewrite module via
|
||||
arguments in replacement strings
|
||||
|
||||
* Fri Apr 10 2026 Eduard Abdullin <eabdullin@almalinux.org> - 2:1.20.1-24.2.alma.1
|
||||
* Mon May 18 2026 Eduard Abdullin <eabdullin@almalinux.org> - 2:1.20.1-24.3.alma.1
|
||||
- Debrand for AlmaLinux
|
||||
|
||||
* Thu May 14 2026 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-24.3
|
||||
- Resolves: RHEL-176230 - nginx: NGINX: Arbitrary Code Execution
|
||||
Vulnerability (CVE-2026-42945)
|
||||
|
||||
* Tue Mar 31 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:1.20.1-24.2
|
||||
- Resolves: RHEL-159557 - CVE-2026-27654 nginx: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module
|
||||
- Resolves: RHEL-159536 - CVE-2026-27784 nginx: NGINX: Denial of Service due to memory corruption via crafted MP4 file
|
||||
|
||||
Loading…
Reference in New Issue
Block a user