From cf5f6bdaeef536af1f5e9dac0ee0540d28d156aa Mon Sep 17 00:00:00 2001 From: AlmaLinux RelEng Bot Date: Thu, 26 Mar 2026 02:53:19 -0400 Subject: [PATCH] import Oracle_OSS nginx-1.20.1-24.0.1.el9_7.1 --- ...SSL_OP_IGNORE_UNEXPECTED_EOF-option.patch} | 0 ...7-Buffer-overread-in-the-mp4-module.patch} | 0 ...premature-plain-text-response-from-S.patch | 45 ++++ SOURCES/404.html | 230 +++++++++-------- SOURCES/50x.html | 233 ++++++++++-------- SOURCES/nginx-upgrade | 0 SOURCES/remove-redhat-404-references.patch | 70 ++++++ SOURCES/remove-redhat-50x-references.patch | 77 ++++++ SPECS/nginx.spec | 47 ++-- 9 files changed, 469 insertions(+), 233 deletions(-) rename SOURCES/{0013-SSL-use-of-the-SSL_OP_IGNORE_UNEXPECTED_EOF-option.patch => 0011-SSL-use-of-the-SSL_OP_IGNORE_UNEXPECTED_EOF-option.patch} (100%) rename SOURCES/{0011-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch => 0013-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch} (100%) create mode 100644 SOURCES/0014-Upstream-detect-premature-plain-text-response-from-S.patch mode change 100644 => 100755 SOURCES/nginx-upgrade create mode 100644 SOURCES/remove-redhat-404-references.patch create mode 100644 SOURCES/remove-redhat-50x-references.patch diff --git a/SOURCES/0013-SSL-use-of-the-SSL_OP_IGNORE_UNEXPECTED_EOF-option.patch b/SOURCES/0011-SSL-use-of-the-SSL_OP_IGNORE_UNEXPECTED_EOF-option.patch similarity index 100% rename from SOURCES/0013-SSL-use-of-the-SSL_OP_IGNORE_UNEXPECTED_EOF-option.patch rename to SOURCES/0011-SSL-use-of-the-SSL_OP_IGNORE_UNEXPECTED_EOF-option.patch diff --git a/SOURCES/0011-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch b/SOURCES/0013-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch similarity index 100% rename from SOURCES/0011-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch rename to SOURCES/0013-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch diff --git a/SOURCES/0014-Upstream-detect-premature-plain-text-response-from-S.patch b/SOURCES/0014-Upstream-detect-premature-plain-text-response-from-S.patch new file mode 100644 index 0000000..ba85cc4 --- /dev/null +++ b/SOURCES/0014-Upstream-detect-premature-plain-text-response-from-S.patch @@ -0,0 +1,45 @@ +From 93ac6eae019e30fc22d2d5321acb28de549f73aa Mon Sep 17 00:00:00 2001 +From: Roman Arutyunyan +Date: Thu, 29 Jan 2026 13:27:32 +0400 +Subject: [PATCH] Upstream: detect premature plain text response from SSL + backend. + +When connecting to a backend, the connection write event is triggered +first in most cases. However if a response arrives quickly enough, both +read and write events can be triggered together within the same event loop +iteration. In this case the read event handler is called first and the +write event handler is called after it. + +SSL initialization for backend connections happens only in the write event +handler since SSL handshake starts with sending Client Hello. Previously, +if a backend sent a quick plain text response, it could be parsed by the +read event handler prior to starting SSL handshake on the connection. +The change adds protection against parsing such responses on SSL-enabled +connections. +--- + src/http/ngx_http_upstream.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c +index 2ce9f21..70c3b46 100644 +--- a/src/http/ngx_http_upstream.c ++++ b/src/http/ngx_http_upstream.c +@@ -2461,6 +2461,15 @@ ngx_http_upstream_process_header(ngx_http_request_t *r, ngx_http_upstream_t *u) + return; + } + ++#if (NGX_HTTP_SSL) ++ if (u->ssl && c->ssl == NULL) { ++ ngx_log_error(NGX_LOG_ERR, c->log, 0, ++ "upstream prematurely sent response"); ++ ngx_http_upstream_next(r, u, NGX_HTTP_UPSTREAM_FT_ERROR); ++ return; ++ } ++#endif ++ + u->state->bytes_received += n; + + u->buffer.last += n; +-- +2.44.0 + diff --git a/SOURCES/404.html b/SOURCES/404.html index c6014a7..5350e82 100644 --- a/SOURCES/404.html +++ b/SOURCES/404.html @@ -1,120 +1,132 @@ - - The page is not found - - - + img { + border: 2px solid #fff; + padding: 2px; + margin: 2px; + } + a:hover img { + border: 2px solid #294172; + } + .logos { + margin: 1em; + text-align: center; + } + /*]]>*/ + + - -

nginx error!

+ +

nginx error!

+
+

The page you are looking for is not found.

+ +
+

Website Administrator

+

+ Something has triggered missing webpage on your website. This is the + default 404 error page for nginx that is + distributed with OpenELA. It is located + /usr/share/nginx/html/404.html +

-

The page you are looking for is not found.

+

+ You should customize this error page for your own site or edit the + error_page directive in the + nginx configuration file + /etc/nginx/nginx.conf. +

-
-

Website Administrator

-
-

Something has triggered missing webpage on your - website. This is the default 404 error page for - nginx that is distributed with - Red Hat Enterprise Linux. It is located - /usr/share/nginx/html/404.html

- -

You should customize this error page for your own - site or edit the error_page directive in - the nginx configuration file - /etc/nginx/nginx.conf.

- -

For information on Red Hat Enterprise Linux, please visit the Red Hat, Inc. website. The documentation for Red Hat Enterprise Linux is available on the Red Hat, Inc. website.

- -
-
- -
- [ Powered by nginx ] - [ Powered by Red Hat Enterprise Linux ] -
+

+ For information on OpenELA, please visit the + OpenELA website. The + documentation for OpenELA is + available on the OpenELA website. +

- +
+ +
+ [ Powered by nginx ] + [ Powered by OpenELA ] + +
+
+ diff --git a/SOURCES/50x.html b/SOURCES/50x.html index 5d8d957..5a9db82 100644 --- a/SOURCES/50x.html +++ b/SOURCES/50x.html @@ -1,120 +1,135 @@ - - The page is temporarily unavailable - - - + img { + border: 2px solid #fff; + padding: 2px; + margin: 2px; + } + a:hover img { + border: 2px solid #294172; + } + .logos { + margin: 1em; + text-align: center; + } + /*]]>*/ + + - -

nginx error!

+ +

nginx error!

+
+

+ The page you are looking for is temporarily unavailable. Please try + again later. +

+ +
+

Website Administrator

+

+ Something has triggered missing webpage on your website. This is the + default error page for nginx that is distributed + with OpenELA. It is located + /usr/share/nginx/html/50x.html +

-

The page you are looking for is temporarily unavailable. Please try again later.

+

+ You should customize this error page for your own site or edit the + error_page directive in the + nginx configuration file + /etc/nginx/nginx.conf. +

-
-

Website Administrator

-
-

Something has triggered missing webpage on your - website. This is the default error page for - nginx that is distributed with - Red Hat Enterprise Linux. It is located - /usr/share/nginx/html/50x.html

- -

You should customize this error page for your own - site or edit the error_page directive in - the nginx configuration file - /etc/nginx/nginx.conf.

- -

For information on Red Hat Enterprise Linux, please visit the Red Hat, Inc. website. The documentation for Red Hat Enterprise Linux is available on the Red Hat, Inc. website.

- -
-
- -
- [ Powered by nginx ] - [ Powered by Red Hat Enterprise Linux ] -
+

+ For information on OpenELA, please visit the + OpenELA website. The + documentation for OpenELA is + available on the OpenELA website. +

- +
+ +
+ [ Powered by nginx ] + [ Powered by OpenELA ] + +
+
+ diff --git a/SOURCES/nginx-upgrade b/SOURCES/nginx-upgrade old mode 100644 new mode 100755 diff --git a/SOURCES/remove-redhat-404-references.patch b/SOURCES/remove-redhat-404-references.patch new file mode 100644 index 0000000..5973d65 --- /dev/null +++ b/SOURCES/remove-redhat-404-references.patch @@ -0,0 +1,70 @@ +diff --git a/404.html b/404.html +index 5350e82..240c5c3 100644 +--- a/404.html ++++ b/404.html +@@ -15,10 +15,10 @@ + padding: 0; + } + :link { +- color: #c00; ++ color: #f00; + } + :visited { +- color: #c00; ++ color: #f00; + } + a:hover { + color: #f50; +@@ -27,7 +27,7 @@ + text-align: center; + margin: 0; + padding: 0.6em 2em 0.4em; +- background-color: #10B981; ++ background-color: #ff0000; + color: #fff; + font-weight: normal; + font-size: 1.75em; +@@ -39,7 +39,7 @@ + } + h2 { + text-align: center; +- background-color: #10B981; ++ background-color: #ff0000; + font-size: 1.1em; + font-weight: bold; + color: #fff; +@@ -91,7 +91,7 @@ +

+ Something has triggered missing webpage on your website. This is the + default 404 error page for nginx that is +- distributed with OpenELA. It is located ++ distributed with Oracle Linux. It is located + /usr/share/nginx/html/404.html +

+ +@@ -103,12 +103,7 @@ +

+ +

+- For information on OpenELA, please visit the +- OpenELA website. The +- documentation for OpenELA is +- available on the OpenELA website. ++

For information on Oracle Linux, please visit the Oracle Linux website. The documentation for Oracle Linux is available on the Oracle Linux website.

+

+ + +@@ -121,9 +116,9 @@ + width="121" + height="32" + /> +- [ Powered by OpenELA ] + + diff --git a/SOURCES/remove-redhat-50x-references.patch b/SOURCES/remove-redhat-50x-references.patch new file mode 100644 index 0000000..df3d81b --- /dev/null +++ b/SOURCES/remove-redhat-50x-references.patch @@ -0,0 +1,77 @@ +Signed-off-by: Alan Steinberg +diff --git a/50x.html b/50x.html +index 5a9db82..b7d0b9a 100644 +--- a/50x.html ++++ b/50x.html +@@ -15,10 +15,10 @@ + padding: 0; + } + :link { +- color: #c00; ++ color: #f00; + } + :visited { +- color: #c00; ++ color: #f00; + } + a:hover { + color: #f50; +@@ -27,7 +27,7 @@ + text-align: center; + margin: 0; + padding: 0.6em 2em 0.4em; +- background-color: #10B981; ++ background-color: #ff0000; + color: #fff; + font-weight: normal; + font-size: 1.75em; +@@ -39,7 +39,7 @@ + } + h2 { + text-align: center; +- background-color: #10B981; ++ background-color: #ff0000; + font-size: 1.1em; + font-weight: bold; + color: #fff; +@@ -94,7 +94,7 @@ +

+ Something has triggered missing webpage on your website. This is the + default error page for nginx that is distributed +- with OpenELA. It is located ++ with Oracle Linux. It is located + /usr/share/nginx/html/50x.html +

+ +@@ -106,11 +106,11 @@ +

+ +

+- For information on OpenELA, please visit the +- OpenELA website. The +- documentation for OpenELA is +- available on the OpenELA websiteOracle Linux website. The ++ documentation for Oracle Linux is ++ available on the Oracle Linux website. +

+ +@@ -124,11 +124,11 @@ + width="121" + height="32" + /> +- [ Powered by OpenELA ] +- ++ + + + diff --git a/SPECS/nginx.spec b/SPECS/nginx.spec index 40a8850..7a920bb 100644 --- a/SPECS/nginx.spec +++ b/SPECS/nginx.spec @@ -41,7 +41,7 @@ Name: nginx Epoch: 2 Version: 1.20.1 -Release: 22%{?dist}.3 +Release: 24.0.1%{?dist}.1 Summary: A high performance web server and reverse proxy server # BSD License (two clause) @@ -68,6 +68,9 @@ Source103: 404.html Source104: 50x.html Source200: README.dynamic Source210: UPGRADE-NOTES-1.6-to-1.10 +# Oracle patches +Source1001: remove-redhat-404-references.patch +Source1002: remove-redhat-50x-references.patch # removes -Werror in upstream build scripts. -Werror conflicts with # -D_FORTIFY_SOURCE=2 causing warnings to turn into errors. @@ -104,19 +107,24 @@ Patch9: 0010-Optimized-chain-link-usage.patch # upstream patch - https://issues.redhat.com/browse/RHEL-78236 Patch10: nginx-1.20.1-CVE-2025-23419.patch -# upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=2304966 -Patch11: 0011-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch +# upstream patch - https://issues.redhat.com/browse/RHEL-6786 +Patch11: 0011-SSL-use-of-the-SSL_OP_IGNORE_UNEXPECTED_EOF-option.patch # upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=2141496 # - https://bugzilla.redhat.com/show_bug.cgi?id=2141495 Patch12: 0012-CVE-2022-41741-and-CVE-2022-41742-fix.patch -# upstream patch - https://issues.redhat.com/browse/RHEL-6786 -Patch13: 0013-SSL-use-of-the-SSL_OP_IGNORE_UNEXPECTED_EOF-option.patch +# upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=2304966 +Patch13: 0013-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch + +# https://issues.redhat.com/browse/RHEL-146516 +# upstream patch - https://github.com/nginx/nginx/commit/784fa05025cb8cd0c770f99bc79d2794b9f85b6e +Patch14: 0014-Upstream-detect-premature-plain-text-response-from-S.patch BuildRequires: make BuildRequires: gcc BuildRequires: gnupg2 + %if 0%{?with_gperftools} BuildRequires: gperftools-devel %endif @@ -131,7 +139,7 @@ BuildRequires: zlib-devel Requires: nginx-filesystem = %{epoch}:%{version}-%{release} %if 0%{?el7} # centos-logos el7 does not provide 'system-indexhtml' -Requires: system-logos redhat-indexhtml +Requires: system-logos oracle-indexhtml # need to remove epel7 geoip sub-package, doesn't work anymore # https://bugzilla.redhat.com/show_bug.cgi?id=1576034 # https://bugzilla.redhat.com/show_bug.cgi?id=1664957 @@ -433,6 +441,8 @@ ln -s ../../pixmaps/system-noindex-logo.png \ %{buildroot}%{_datadir}/nginx/html/system_noindex_logo.png %endif +patch %{SOURCE103} %{SOURCE1001} +patch %{SOURCE104} %{SOURCE1002} install -p -m 0644 %{SOURCE103} %{SOURCE104} \ %{buildroot}%{_datadir}/nginx/html @@ -623,19 +633,26 @@ fi %changelog -* Wed May 14 2025 Luboš Uhliarik - 2:1.20.1-22.3 -- Resolves: RHEL-89991 - SSL-errors 0A000126 / NS_NET_ERROR_PARTIAL_TRANSFER at - nginx with reverse-proxy +* Tue Mar 24 2026 Alan Steinberg - 1.20.1-24.0.1.el9_7.1 +- Reference oracle-indexhtml within Requires [Orabug: 33802044] +- Remove Red Hat references [Orabug: 29498217] +- Update upstream references [Orabug: 36579090] -* Mon Mar 31 2025 Luboš Uhliarik - 2:1.20.1-22.2 -- Resolves: RHEL-85550 - nginx: Memory disclosure in the +* Thu Feb 19 2026 Luboš Uhliarik - 2:1.20.1-24.1 +- Resolves: RHEL-146525 - nginx: NGINX: Data injection via man-in-the-middle + attack on TLS proxied connections (CVE-2026-1642) + +* Wed May 14 2025 Luboš Uhliarik - 2:1.20.1-24 +- Resolves: RHEL-84477 - nginx: specially crafted MP4 file may cause + denial of service (CVE-2024-7347) +- Resolves: RHEL-85556 - nginx: Memory disclosure in the ngx_http_mp4_module (CVE-2022-41742) -- Resolves: RHEL-85527 - nginx: Memory corruption in the +- Resolves: RHEL-91446 - nginx: Memory corruption in the ngx_http_mp4_module (CVE-2022-41741) -* Fri Mar 21 2025 Luboš Uhliarik - 2:1.20.1-22.1 -- Resolves: RHEL-84339 - nginx: Nginx: Specially crafted file may cause - Denial of Service (CVE-2024-7347) +* Thu Apr 24 2025 Luboš Uhliarik - 2:1.20.1-23 +- Resolves: RHEL-6786 - SSL-errors 0A000126 / NS_NET_ERROR_PARTIAL_TRANSFER + at nginx with reverse-proxy * Thu Feb 13 2025 Luboš Uhliarik - 2:1.20.1-22 - Resolves: RHEL-78236 - nginx: TLS Session Resumption