rpms/nginx
7
0
Fork 1
Code Issues Pull Requests Releases Activity

import Oracle_OSS nginx-1.20.1-24.0.1.el9_7.1

Browse Source
This commit is contained in:
AlmaLinux RelEng Bot 2026-03-26 02:53:19 -04:00
parent ddb418ac3f
commit cf5f6bdaee
9 changed files with 469 additions and 233 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
SOURCES/0013-SSL-use-of-the-SSL_OP_IGNORE_UNEXPECTED_EOF-option.patch → SOURCES/0011-SSL-use-of-the-SSL_OP_IGNORE_UNEXPECTED_EOF-option.patch
View File

0
SOURCES/0011-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch → SOURCES/0013-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch
View File

45
SOURCES/0014-Upstream-detect-premature-plain-text-response-from-S.patch Normal file
View File

@ -0,0 +1,45 @@
From 93ac6eae019e30fc22d2d5321acb28de549f73aa Mon Sep 17 00:00:00 2001
From: Roman Arutyunyan <arut@nginx.com>
Date: Thu, 29 Jan 2026 13:27:32 +0400
Subject: [PATCH] Upstream: detect premature plain text response from SSL
backend.
When connecting to a backend, the connection write event is triggered
first in most cases. However if a response arrives quickly enough, both
read and write events can be triggered together within the same event loop
iteration. In this case the read event handler is called first and the
write event handler is called after it.
SSL initialization for backend connections happens only in the write event
handler since SSL handshake starts with sending Client Hello. Previously,
if a backend sent a quick plain text response, it could be parsed by the
read event handler prior to starting SSL handshake on the connection.
The change adds protection against parsing such responses on SSL-enabled
connections.
---
src/http/ngx_http_upstream.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index 2ce9f21..70c3b46 100644
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -2461,6 +2461,15 @@ ngx_http_upstream_process_header(ngx_http_request_t *r, ngx_http_upstream_t *u)
return;
}
+#if (NGX_HTTP_SSL)
+ if (u->ssl && c->ssl == NULL) {
+ ngx_log_error(NGX_LOG_ERR, c->log, 0,
+ "upstream prematurely sent response");
+ ngx_http_upstream_next(r, u, NGX_HTTP_UPSTREAM_FT_ERROR);
+ return;
+ }
+#endif
+
u->state->bytes_received += n;
u->buffer.last += n;
--
2.44.0

230
SOURCES/404.html
View File

@ -1,120 +1,132 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>The page is not found</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
/*<![CDATA[*/
body {
background-color: #fff;
color: #000;
font-size: 0.9em;
font-family: sans-serif,helvetica;
margin: 0;
padding: 0;
}
:link {
color: #c00;
}
:visited {
color: #c00;
}
a:hover {
color: #f50;
}
h1 {
text-align: center;
margin: 0;
padding: 0.6em 2em 0.4em;
background-color: #900;
color: #fff;
font-weight: normal;
font-size: 1.75em;
border-bottom: 2px solid #000;
}
h1 strong {
font-weight: bold;
font-size: 1.5em;
}
h2 {
text-align: center;
background-color: #900;
font-size: 1.1em;
font-weight: bold;
color: #fff;
margin: 0;
padding: 0.5em;
border-bottom: 2px solid #000;
}
h3 {
text-align: center;
background-color: #ff0000;
padding: 0.5em;
color: #fff;
}
hr {
display: none;
}
.content {
padding: 1em 5em;
}
.alert {
border: 2px solid #000;
}
<head>
<title>The page is not found</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
/*<![CDATA[*/
body {
background-color: #fff;
color: #000;
font-size: 0.9em;
font-family: sans-serif, helvetica;
margin: 0;
padding: 0;
}
:link {
color: #c00;
}
:visited {
color: #c00;
}
a:hover {
color: #f50;
}
h1 {
text-align: center;
margin: 0;
padding: 0.6em 2em 0.4em;
background-color: #10B981;
color: #fff;
font-weight: normal;
font-size: 1.75em;
border-bottom: 2px solid #000;
}
h1 strong {
font-weight: bold;
font-size: 1.5em;
}
h2 {
text-align: center;
background-color: #10B981;
font-size: 1.1em;
font-weight: bold;
color: #fff;
margin: 0;
padding: 0.5em;
border-bottom: 2px solid #000;
}
h3 {
text-align: center;
background-color: #ff0000;
padding: 0.5em;
color: #fff;
}
hr {
display: none;
}
.content {
padding: 1em 5em;
}
.alert {
border: 2px solid #000;
}
img {
border: 2px solid #fff;
padding: 2px;
margin: 2px;
}
a:hover img {
border: 2px solid #294172;
}
.logos {
margin: 1em;
text-align: center;
}
/*]]>*/
</style>
</head>
img {
border: 2px solid #fff;
padding: 2px;
margin: 2px;
}
a:hover img {
border: 2px solid #294172;
}
.logos {
margin: 1em;
text-align: center;
}
/*]]>*/
</style>
</head>
<body>
<h1><strong>nginx error!</strong></h1>
<body>
<h1><strong>nginx error!</strong></h1>
<div class="content">
<h3>The page you are looking for is not found.</h3>
<div class="alert">
<h2>Website Administrator</h2>
<div class="content">
<p>
Something has triggered missing webpage on your website. This is the
default 404 error page for <strong>nginx</strong> that is
distributed with OpenELA. It is located
<tt>/usr/share/nginx/html/404.html</tt>
</p>
<h3>The page you are looking for is not found.</h3>
<p>
You should customize this error page for your own site or edit the
<tt>error_page</tt> directive in the
<strong>nginx</strong> configuration file
<tt>/etc/nginx/nginx.conf</tt>.
</p>
<div class="alert">
<h2>Website Administrator</h2>
<div class="content">
<p>Something has triggered missing webpage on your
website. This is the default 404 error page for
<strong>nginx</strong> that is distributed with
Red Hat Enterprise Linux. It is located
<tt>/usr/share/nginx/html/404.html</tt></p>
<p>You should customize this error page for your own
site or edit the <tt>error_page</tt> directive in
the <strong>nginx</strong> configuration file
<tt>/etc/nginx/nginx.conf</tt>.</p>
<p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
</div>
</div>
<div class="logos">
<a href="http://nginx.net/"><img
src="nginx-logo.png"
alt="[ Powered by nginx ]"
width="121" height="32" /></a>
<a href="http://www.redhat.com/"><img
src="poweredby.png"
alt="[ Powered by Red Hat Enterprise Linux ]"
width="88" height="31" /></a>
</div>
<p>
For information on OpenELA, please visit the
<a href="https://www.openela.org/">OpenELA website</a>. The
documentation for OpenELA is
<a href="https://www.openela.org/"
>available on the OpenELA website</a
>.
</p>
</div>
</body>
</div>
<div class="logos">
<a href="http://nginx.net/"
><img
src="nginx-logo.png"
alt="[ Powered by nginx ]"
width="121"
height="32"
/></a>
<a href="http://www.openela.org/"><img
src="poweredby.png"
alt="[ Powered by OpenELA ]"
width="32" height="32" /></a>
</div>
</div>
</body>
</html>

233
SOURCES/50x.html
View File

@ -1,120 +1,135 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>The page is temporarily unavailable</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
/*<![CDATA[*/
body {
background-color: #fff;
color: #000;
font-size: 0.9em;
font-family: sans-serif,helvetica;
margin: 0;
padding: 0;
}
:link {
color: #c00;
}
:visited {
color: #c00;
}
a:hover {
color: #f50;
}
h1 {
text-align: center;
margin: 0;
padding: 0.6em 2em 0.4em;
background-color: #900;
color: #fff;
font-weight: normal;
font-size: 1.75em;
border-bottom: 2px solid #000;
}
h1 strong {
font-weight: bold;
font-size: 1.5em;
}
h2 {
text-align: center;
background-color: #900;
font-size: 1.1em;
font-weight: bold;
color: #fff;
margin: 0;
padding: 0.5em;
border-bottom: 2px solid #000;
}
h3 {
text-align: center;
background-color: #ff0000;
padding: 0.5em;
color: #fff;
}
hr {
display: none;
}
.content {
padding: 1em 5em;
}
.alert {
border: 2px solid #000;
}
<head>
<title>The page is temporarily unavailable</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
/*<![CDATA[*/
body {
background-color: #fff;
color: #000;
font-size: 0.9em;
font-family: sans-serif, helvetica;
margin: 0;
padding: 0;
}
:link {
color: #c00;
}
:visited {
color: #c00;
}
a:hover {
color: #f50;
}
h1 {
text-align: center;
margin: 0;
padding: 0.6em 2em 0.4em;
background-color: #10B981;
color: #fff;
font-weight: normal;
font-size: 1.75em;
border-bottom: 2px solid #000;
}
h1 strong {
font-weight: bold;
font-size: 1.5em;
}
h2 {
text-align: center;
background-color: #10B981;
font-size: 1.1em;
font-weight: bold;
color: #fff;
margin: 0;
padding: 0.5em;
border-bottom: 2px solid #000;
}
h3 {
text-align: center;
background-color: #ff0000;
padding: 0.5em;
color: #fff;
}
hr {
display: none;
}
.content {
padding: 1em 5em;
}
.alert {
border: 2px solid #000;
}
img {
border: 2px solid #fff;
padding: 2px;
margin: 2px;
}
a:hover img {
border: 2px solid #294172;
}
.logos {
margin: 1em;
text-align: center;
}
/*]]>*/
</style>
</head>
img {
border: 2px solid #fff;
padding: 2px;
margin: 2px;
}
a:hover img {
border: 2px solid #294172;
}
.logos {
margin: 1em;
text-align: center;
}
/*]]>*/
</style>
</head>
<body>
<h1><strong>nginx error!</strong></h1>
<body>
<h1><strong>nginx error!</strong></h1>
<div class="content">
<h3>
The page you are looking for is temporarily unavailable. Please try
again later.
</h3>
<div class="alert">
<h2>Website Administrator</h2>
<div class="content">
<p>
Something has triggered missing webpage on your website. This is the
default error page for <strong>nginx</strong> that is distributed
with OpenELA. It is located
<tt>/usr/share/nginx/html/50x.html</tt>
</p>
<h3>The page you are looking for is temporarily unavailable. Please try again later.</h3>
<p>
You should customize this error page for your own site or edit the
<tt>error_page</tt> directive in the
<strong>nginx</strong> configuration file
<tt>/etc/nginx/nginx.conf</tt>.
</p>
<div class="alert">
<h2>Website Administrator</h2>
<div class="content">
<p>Something has triggered missing webpage on your
website. This is the default error page for
<strong>nginx</strong> that is distributed with
Red Hat Enterprise Linux. It is located
<tt>/usr/share/nginx/html/50x.html</tt></p>
<p>You should customize this error page for your own
site or edit the <tt>error_page</tt> directive in
the <strong>nginx</strong> configuration file
<tt>/etc/nginx/nginx.conf</tt>.</p>
<p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
</div>
</div>
<div class="logos">
<a href="http://nginx.net/"><img
src="nginx-logo.png"
alt="[ Powered by nginx ]"
width="121" height="32" /></a>
<a href="http://www.redhat.com/"><img
src="poweredby.png"
alt="[ Powered by Red Hat Enterprise Linux ]"
width="88" height="31" /></a>
</div>
<p>
For information on OpenELA, please visit the
<a href="https://www.openela.org/">OpenELA website</a>. The
documentation for OpenELA is
<a href="https://www.openela.org/"
>available on the OpenELA website</a
>.
</p>
</div>
</body>
</div>
<div class="logos">
<a href="http://nginx.net/"
><img
src="nginx-logo.png"
alt="[ Powered by nginx ]"
width="121"
height="32"
/></a>
<a href="http://www.openela.org/"><img
src="poweredby.png"
alt="[ Powered by OpenELA ]"
width="32" height="32" /></a>
</div>
</div>
</body>
</html>

0
SOURCES/nginx-upgrade Normal file → Executable file
View File

70
SOURCES/remove-redhat-404-references.patch Normal file
View File

@ -0,0 +1,70 @@
diff --git a/404.html b/404.html
index 5350e82..240c5c3 100644
--- a/404.html
+++ b/404.html
@@ -15,10 +15,10 @@
padding: 0;
}
:link {
- color: #c00;
+ color: #f00;
}
:visited {
- color: #c00;
+ color: #f00;
}
a:hover {
color: #f50;
@@ -27,7 +27,7 @@
text-align: center;
margin: 0;
padding: 0.6em 2em 0.4em;
- background-color: #10B981;
+ background-color: #ff0000;
color: #fff;
font-weight: normal;
font-size: 1.75em;
@@ -39,7 +39,7 @@
}
h2 {
text-align: center;
- background-color: #10B981;
+ background-color: #ff0000;
font-size: 1.1em;
font-weight: bold;
color: #fff;
@@ -91,7 +91,7 @@
<p>
Something has triggered missing webpage on your website. This is the
default 404 error page for <strong>nginx</strong> that is
- distributed with OpenELA. It is located
+ distributed with Oracle Linux. It is located
<tt>/usr/share/nginx/html/404.html</tt>
</p>
@@ -103,12 +103,7 @@
</p>
<p>
- For information on OpenELA, please visit the
- <a href="https://www.openela.org/">OpenELA website</a>. The
- documentation for OpenELA is
- <a href="https://www.openela.org/"
- >available on the OpenELA website</a
- >.
+ <p>For information on Oracle Linux, please visit the <a href="https://www.oracle.com/linux">Oracle Linux website</a>. The documentation for Oracle Linux is <a href="https://docs.oracle.com/en/operating-systems/oracle-linux/">available on the Oracle Linux website</a>.</p>
</p>
</div>
</div>
@@ -121,9 +116,9 @@
width="121"
height="32"
/></a>
- <a href="http://www.openela.org/"><img
+ <a href="https://www.oracle.com/"><img
src="poweredby.png"
- alt="[ Powered by OpenELA ]"
+ alt="[ Powered by Oracle Linux ]"
width="32" height="32" /></a>
</div>

77
SOURCES/remove-redhat-50x-references.patch Normal file
View File

@ -0,0 +1,77 @@
Signed-off-by: Alan Steinberg <alan.steinberg@oracle.com>
diff --git a/50x.html b/50x.html
index 5a9db82..b7d0b9a 100644
--- a/50x.html
+++ b/50x.html
@@ -15,10 +15,10 @@
padding: 0;
}
:link {
- color: #c00;
+ color: #f00;
}
:visited {
- color: #c00;
+ color: #f00;
}
a:hover {
color: #f50;
@@ -27,7 +27,7 @@
text-align: center;
margin: 0;
padding: 0.6em 2em 0.4em;
- background-color: #10B981;
+ background-color: #ff0000;
color: #fff;
font-weight: normal;
font-size: 1.75em;
@@ -39,7 +39,7 @@
}
h2 {
text-align: center;
- background-color: #10B981;
+ background-color: #ff0000;
font-size: 1.1em;
font-weight: bold;
color: #fff;
@@ -94,7 +94,7 @@
<p>
Something has triggered missing webpage on your website. This is the
default error page for <strong>nginx</strong> that is distributed
- with OpenELA. It is located
+ with Oracle Linux. It is located
<tt>/usr/share/nginx/html/50x.html</tt>
</p>
@@ -106,11 +106,11 @@
</p>
<p>
- For information on OpenELA, please visit the
- <a href="https://www.openela.org/">OpenELA website</a>. The
- documentation for OpenELA is
- <a href="https://www.openela.org/"
- >available on the OpenELA website</a
+ For information on Oracle Linux, please visit the
+ <a href="https://www.oracle.com/linux/">Oracle Linux website</a>. The
+ documentation for Oracle Linux is
+ <a href="https://docs.oracle.com/en/operating-systems/oracle-linux/"
+ >available on the Oracle Linux website</a
>.
</p>
</div>
@@ -124,11 +124,11 @@
width="121"
height="32"
/></a>
- <a href="http://www.openela.org/"><img
+ <a href="https://www.oracle.com/linux/"><img
src="poweredby.png"
- alt="[ Powered by OpenELA ]"
+ alt="[ Powered by Oracle Linux ]"
width="32" height="32" /></a>
-
+
</div>
</div>
</body>

47
SPECS/nginx.spec
View File

@ -41,7 +41,7 @@
Name: nginx
Epoch: 2
Version: 1.20.1
Release: 22%{?dist}.3
Release: 24.0.1%{?dist}.1
Summary: A high performance web server and reverse proxy server
# BSD License (two clause)
@ -68,6 +68,9 @@ Source103: 404.html
Source104: 50x.html
Source200: README.dynamic
Source210: UPGRADE-NOTES-1.6-to-1.10
# Oracle patches
Source1001: remove-redhat-404-references.patch
Source1002: remove-redhat-50x-references.patch
# removes -Werror in upstream build scripts. -Werror conflicts with
# -D_FORTIFY_SOURCE=2 causing warnings to turn into errors.
@ -104,19 +107,24 @@ Patch9: 0010-Optimized-chain-link-usage.patch
# upstream patch - https://issues.redhat.com/browse/RHEL-78236
Patch10: nginx-1.20.1-CVE-2025-23419.patch
# upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=2304966
Patch11: 0011-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch
# upstream patch - https://issues.redhat.com/browse/RHEL-6786
Patch11: 0011-SSL-use-of-the-SSL_OP_IGNORE_UNEXPECTED_EOF-option.patch
# upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=2141496
# - https://bugzilla.redhat.com/show_bug.cgi?id=2141495
Patch12: 0012-CVE-2022-41741-and-CVE-2022-41742-fix.patch
# upstream patch - https://issues.redhat.com/browse/RHEL-6786
Patch13: 0013-SSL-use-of-the-SSL_OP_IGNORE_UNEXPECTED_EOF-option.patch
# upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=2304966
Patch13: 0013-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch
# https://issues.redhat.com/browse/RHEL-146516
# upstream patch - https://github.com/nginx/nginx/commit/784fa05025cb8cd0c770f99bc79d2794b9f85b6e
Patch14: 0014-Upstream-detect-premature-plain-text-response-from-S.patch
BuildRequires: make
BuildRequires: gcc
BuildRequires: gnupg2
%if 0%{?with_gperftools}
BuildRequires: gperftools-devel
%endif
@ -131,7 +139,7 @@ BuildRequires: zlib-devel
Requires: nginx-filesystem = %{epoch}:%{version}-%{release}
%if 0%{?el7}
# centos-logos el7 does not provide 'system-indexhtml'
Requires: system-logos redhat-indexhtml
Requires: system-logos oracle-indexhtml
# need to remove epel7 geoip sub-package, doesn't work anymore
# https://bugzilla.redhat.com/show_bug.cgi?id=1576034
# https://bugzilla.redhat.com/show_bug.cgi?id=1664957
@ -433,6 +441,8 @@ ln -s ../../pixmaps/system-noindex-logo.png \
%{buildroot}%{_datadir}/nginx/html/system_noindex_logo.png
%endif
patch %{SOURCE103} %{SOURCE1001}
patch %{SOURCE104} %{SOURCE1002}
install -p -m 0644 %{SOURCE103} %{SOURCE104} \
%{buildroot}%{_datadir}/nginx/html
@ -623,19 +633,26 @@ fi
%changelog
* Wed May 14 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-22.3
- Resolves: RHEL-89991 - SSL-errors 0A000126 / NS_NET_ERROR_PARTIAL_TRANSFER at
nginx with reverse-proxy
* Tue Mar 24 2026 Alan Steinberg <alan.steinberg@oracle.com> - 1.20.1-24.0.1.el9_7.1
- Reference oracle-indexhtml within Requires [Orabug: 33802044]
- Remove Red Hat references [Orabug: 29498217]
- Update upstream references [Orabug: 36579090]
* Mon Mar 31 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-22.2
- Resolves: RHEL-85550 - nginx: Memory disclosure in the
* Thu Feb 19 2026 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-24.1
- Resolves: RHEL-146525 - nginx: NGINX: Data injection via man-in-the-middle
attack on TLS proxied connections (CVE-2026-1642)
* Wed May 14 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-24
- Resolves: RHEL-84477 - nginx: specially crafted MP4 file may cause
denial of service (CVE-2024-7347)
- Resolves: RHEL-85556 - nginx: Memory disclosure in the
ngx_http_mp4_module (CVE-2022-41742)
- Resolves: RHEL-85527 - nginx: Memory corruption in the
- Resolves: RHEL-91446 - nginx: Memory corruption in the
ngx_http_mp4_module (CVE-2022-41741)
* Fri Mar 21 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-22.1
- Resolves: RHEL-84339 - nginx: Nginx: Specially crafted file may cause
Denial of Service (CVE-2024-7347)
* Thu Apr 24 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-23
- Resolves: RHEL-6786 - SSL-errors 0A000126 / NS_NET_ERROR_PARTIAL_TRANSFER
at nginx with reverse-proxy
* Thu Feb 13 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-22
- Resolves: RHEL-78236 - nginx: TLS Session Resumption