rpms/nginx
7
0
Fork 1
Code Issues Pull Requests Releases Activity

import CS nginx-1.20.1-28.el9

Browse Source
This commit is contained in:
AlmaLinux RelEng Bot 2026-03-30 10:47:50 -04:00
parent 2f6d0963ab
commit f9504ac6bd
6 changed files with 500 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

312
SOURCES/0012-CVE-2022-41741-and-CVE-2022-41742-fix.patch Normal file
View File

@ -0,0 +1,312 @@
From cd2d74e054ec89de05a61a78d76f3ac55d696440 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Mon, 31 Mar 2025 17:40:54 +0200
Subject: [PATCH] CVE-2022-41741 and CVE-2022-41742 fix
Fixes CVE-2022-41742 nginx: Memory disclosure in the ngx_http_mp4_module
and CVE-2022-41741 nginx: Memory corruption in the ngx_http_mp4_module
---
src/http/modules/ngx_http_mp4_module.c | 147 +++++++++++++++++++++++++
1 file changed, 147 insertions(+)
diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c
index a6e3e80..f6c8c58 100644
--- a/src/http/modules/ngx_http_mp4_module.c
+++ b/src/http/modules/ngx_http_mp4_module.c
@@ -1070,6 +1070,12 @@ ngx_http_mp4_read_ftyp_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
return NGX_ERROR;
}
+ if (mp4->ftyp_atom.buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 ftyp atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size;
ftyp_atom = ngx_palloc(mp4->request->pool, atom_size);
@@ -1128,6 +1134,12 @@ ngx_http_mp4_read_moov_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
return NGX_DECLINED;
}
+ if (mp4->moov_atom.buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 moov atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
conf = ngx_http_get_module_loc_conf(mp4->request, ngx_http_mp4_module);
if (atom_data_size > mp4->buffer_size) {
@@ -1195,6 +1207,12 @@ ngx_http_mp4_read_mdat_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mdat atom");
+ if (mp4->mdat_atom.buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 mdat atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
data = &mp4->mdat_data_buf;
data->file = &mp4->file;
data->in_file = 1;
@@ -1321,6 +1339,12 @@ ngx_http_mp4_read_mvhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mvhd atom");
+ if (mp4->mvhd_atom.buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 mvhd atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
atom_header = ngx_mp4_atom_header(mp4);
mvhd_atom = (ngx_mp4_mvhd_atom_t *) atom_header;
mvhd64_atom = (ngx_mp4_mvhd64_atom_t *) atom_header;
@@ -1586,6 +1610,13 @@ ngx_http_mp4_read_tkhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size;
trak = ngx_mp4_last_trak(mp4);
+
+ if (trak->out[NGX_HTTP_MP4_TKHD_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 tkhd atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
trak->tkhd_size = atom_size;
ngx_mp4_set_32value(tkhd_atom->size, atom_size);
@@ -1624,6 +1655,12 @@ ngx_http_mp4_read_mdia_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
trak = ngx_mp4_last_trak(mp4);
+ if (trak->out[NGX_HTTP_MP4_MDIA_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 mdia atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
atom = &trak->mdia_atom_buf;
atom->temporary = 1;
atom->pos = atom_header;
@@ -1747,6 +1784,13 @@ ngx_http_mp4_read_mdhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size;
trak = ngx_mp4_last_trak(mp4);
+
+ if (trak->out[NGX_HTTP_MP4_MDHD_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 mdhd atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
trak->mdhd_size = atom_size;
trak->timescale = timescale;
@@ -1789,6 +1833,12 @@ ngx_http_mp4_read_hdlr_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
trak = ngx_mp4_last_trak(mp4);
+ if (trak->out[NGX_HTTP_MP4_HDLR_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 hdlr atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
atom = &trak->hdlr_atom_buf;
atom->temporary = 1;
atom->pos = atom_header;
@@ -1817,6 +1867,12 @@ ngx_http_mp4_read_minf_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
trak = ngx_mp4_last_trak(mp4);
+ if (trak->out[NGX_HTTP_MP4_MINF_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 minf atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
atom = &trak->minf_atom_buf;
atom->temporary = 1;
atom->pos = atom_header;
@@ -1860,6 +1916,15 @@ ngx_http_mp4_read_vmhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
trak = ngx_mp4_last_trak(mp4);
+ if (trak->out[NGX_HTTP_MP4_VMHD_ATOM].buf
+ || trak->out[NGX_HTTP_MP4_SMHD_ATOM].buf)
+ {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 vmhd/smhd atom in \"%s\"",
+ mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
atom = &trak->vmhd_atom_buf;
atom->temporary = 1;
atom->pos = atom_header;
@@ -1891,6 +1956,15 @@ ngx_http_mp4_read_smhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
trak = ngx_mp4_last_trak(mp4);
+ if (trak->out[NGX_HTTP_MP4_VMHD_ATOM].buf
+ || trak->out[NGX_HTTP_MP4_SMHD_ATOM].buf)
+ {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 vmhd/smhd atom in \"%s\"",
+ mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
atom = &trak->smhd_atom_buf;
atom->temporary = 1;
atom->pos = atom_header;
@@ -1922,6 +1996,12 @@ ngx_http_mp4_read_dinf_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
trak = ngx_mp4_last_trak(mp4);
+ if (trak->out[NGX_HTTP_MP4_DINF_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 dinf atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
atom = &trak->dinf_atom_buf;
atom->temporary = 1;
atom->pos = atom_header;
@@ -1950,6 +2030,12 @@ ngx_http_mp4_read_stbl_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
trak = ngx_mp4_last_trak(mp4);
+ if (trak->out[NGX_HTTP_MP4_STBL_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 stbl atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
atom = &trak->stbl_atom_buf;
atom->temporary = 1;
atom->pos = atom_header;
@@ -2018,6 +2104,12 @@ ngx_http_mp4_read_stsd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
trak = ngx_mp4_last_trak(mp4);
+ if (trak->out[NGX_HTTP_MP4_STSD_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 stsd atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
atom = &trak->stsd_atom_buf;
atom->temporary = 1;
atom->pos = atom_header;
@@ -2086,6 +2178,13 @@ ngx_http_mp4_read_stts_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
atom_end = atom_table + entries * sizeof(ngx_mp4_stts_entry_t);
trak = ngx_mp4_last_trak(mp4);
+
+ if (trak->out[NGX_HTTP_MP4_STTS_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 stts atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
trak->time_to_sample_entries = entries;
atom = &trak->stts_atom_buf;
@@ -2291,6 +2390,13 @@ ngx_http_mp4_read_stss_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
"sync sample entries:%uD", entries);
trak = ngx_mp4_last_trak(mp4);
+
+ if (trak->out[NGX_HTTP_MP4_STSS_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 stss atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
trak->sync_samples_entries = entries;
atom_table = atom_header + sizeof(ngx_http_mp4_stss_atom_t);
@@ -2489,6 +2595,13 @@ ngx_http_mp4_read_ctts_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
"composition offset entries:%uD", entries);
trak = ngx_mp4_last_trak(mp4);
+
+ if (trak->out[NGX_HTTP_MP4_CTTS_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 ctts atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
trak->composition_offset_entries = entries;
atom_table = atom_header + sizeof(ngx_mp4_ctts_atom_t);
@@ -2692,6 +2805,13 @@ ngx_http_mp4_read_stsc_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
atom_end = atom_table + entries * sizeof(ngx_mp4_stsc_entry_t);
trak = ngx_mp4_last_trak(mp4);
+
+ if (trak->out[NGX_HTTP_MP4_STSC_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 stsc atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
trak->sample_to_chunk_entries = entries;
atom = &trak->stsc_atom_buf;
@@ -3032,6 +3152,13 @@ ngx_http_mp4_read_stsz_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
"sample uniform size:%uD, entries:%uD", size, entries);
trak = ngx_mp4_last_trak(mp4);
+
+ if (trak->out[NGX_HTTP_MP4_STSZ_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 stsz atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
trak->sample_sizes_entries = entries;
atom_table = atom_header + sizeof(ngx_mp4_stsz_atom_t);
@@ -3215,6 +3342,16 @@ ngx_http_mp4_read_stco_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
atom_end = atom_table + entries * sizeof(uint32_t);
trak = ngx_mp4_last_trak(mp4);
+
+ if (trak->out[NGX_HTTP_MP4_STCO_ATOM].buf
+ || trak->out[NGX_HTTP_MP4_CO64_ATOM].buf)
+ {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 stco/co64 atom in \"%s\"",
+ mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
trak->chunks = entries;
atom = &trak->stco_atom_buf;
@@ -3421,6 +3558,16 @@ ngx_http_mp4_read_co64_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
atom_end = atom_table + entries * sizeof(uint64_t);
trak = ngx_mp4_last_trak(mp4);
+
+ if (trak->out[NGX_HTTP_MP4_STCO_ATOM].buf
+ || trak->out[NGX_HTTP_MP4_CO64_ATOM].buf)
+ {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 stco/co64 atom in \"%s\"",
+ mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
trak->chunks = entries;
atom = &trak->co64_atom_buf;
--
2.44.0

56
SOURCES/0013-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch Normal file
View File

@ -0,0 +1,56 @@
From b7e3c8bcfbee27061efdd40ffb3a8479a9bcd9c8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Fri, 21 Mar 2025 04:12:14 +0100
Subject: [PATCH] CVE-2024-7347: Buffer overread in the mp4 module
---
src/http/modules/ngx_http_mp4_module.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c
index 0e93fbd..a6e3e80 100644
--- a/src/http/modules/ngx_http_mp4_module.c
+++ b/src/http/modules/ngx_http_mp4_module.c
@@ -2789,7 +2789,8 @@ static ngx_int_t
ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4,
ngx_http_mp4_trak_t *trak, ngx_uint_t start)
{
- uint32_t start_sample, chunk, samples, id, next_chunk, n,
+ uint64_t n;
+ uint32_t start_sample, chunk, samples, id, next_chunk,
prev_samples;
ngx_buf_t *data, *buf;
ngx_uint_t entries, target_chunk, chunk_samples;
@@ -2845,12 +2846,19 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4,
next_chunk = ngx_mp4_get_32value(entry->chunk);
+ if (next_chunk < chunk) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "unordered mp4 stsc chunks in \"%s\"",
+ mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
ngx_log_debug5(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0,
"sample:%uD, chunk:%uD, chunks:%uD, "
"samples:%uD, id:%uD",
start_sample, chunk, next_chunk - chunk, samples, id);
- n = (next_chunk - chunk) * samples;
+ n = (uint64_t) (next_chunk - chunk) * samples;
if (start_sample < n) {
goto found;
@@ -2872,7 +2880,7 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4,
"sample:%uD, chunk:%uD, chunks:%uD, samples:%uD",
start_sample, chunk, next_chunk - chunk, samples);
- n = (next_chunk - chunk) * samples;
+ n = (uint64_t) (next_chunk - chunk) * samples;
if (start_sample > n) {
ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
--
2.44.0

37
SOURCES/0014-Clarify-binding-behavior-of-t-option.patch Normal file
View File

@ -0,0 +1,37 @@
From dc847f7aedf0b4f8bbf9d7f9ba983541c6ca88c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Tue, 20 Jan 2026 19:27:05 +0100
Subject: [PATCH] Clarify binding behavior of -t option.
Configuration testing includes binding to configured listen addresses
when opening referenced files.
---
man/nginx.8 | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/man/nginx.8 b/man/nginx.8
index 10db3e6..64d9ae7 100644
--- a/man/nginx.8
+++ b/man/nginx.8
@@ -25,7 +25,7 @@
.\" SUCH DAMAGE.
.\"
.\"
-.Dd November 5, 2020
+.Dd January 21, 2026
.Dt NGINX 8
.Os
.Sh NAME
@@ -98,7 +98,8 @@ but additionally dump configuration files to standard output.
Do not run, just test the configuration file.
.Nm
checks the configuration file syntax and then tries to open files
-referenced in the configuration file.
+referenced in the configuration file, including binding to configured
+listen addresses.
.It Fl V
Print the
.Nm
--
2.44.0

45
SOURCES/0015-Upstream-detect-premature-plain-text-response-from-S.patch Normal file
View File

@ -0,0 +1,45 @@
From 93ac6eae019e30fc22d2d5321acb28de549f73aa Mon Sep 17 00:00:00 2001
From: Roman Arutyunyan <arut@nginx.com>
Date: Thu, 29 Jan 2026 13:27:32 +0400
Subject: [PATCH] Upstream: detect premature plain text response from SSL
backend.
When connecting to a backend, the connection write event is triggered
first in most cases. However if a response arrives quickly enough, both
read and write events can be triggered together within the same event loop
iteration. In this case the read event handler is called first and the
write event handler is called after it.
SSL initialization for backend connections happens only in the write event
handler since SSL handshake starts with sending Client Hello. Previously,
if a backend sent a quick plain text response, it could be parsed by the
read event handler prior to starting SSL handshake on the connection.
The change adds protection against parsing such responses on SSL-enabled
connections.
---
src/http/ngx_http_upstream.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index 2ce9f21..70c3b46 100644
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -2461,6 +2461,15 @@ ngx_http_upstream_process_header(ngx_http_request_t *r, ngx_http_upstream_t *u)
return;
}
+#if (NGX_HTTP_SSL)
+ if (u->ssl && c->ssl == NULL) {
+ ngx_log_error(NGX_LOG_ERR, c->log, 0,
+ "upstream prematurely sent response");
+ ngx_http_upstream_next(r, u, NGX_HTTP_UPSTREAM_FT_ERROR);
+ return;
+ }
+#endif
+
u->state->bytes_received += n;
u->buffer.last += n;
--
2.44.0

4
SOURCES/nginx.tmpfiles Normal file
View File

@ -0,0 +1,4 @@
d /var/lib/nginx 770 nginx root -
d /var/lib/nginx/tmp 770 nginx root -
d /var/log/nginx 711 root root -

47
SPECS/nginx.spec
View File

@ -41,7 +41,7 @@
Name: nginx
Epoch: 2
Version: 1.20.1
Release: 23%{?dist}
Release: 28%{?dist}
Summary: A high performance web server and reverse proxy server
# BSD License (two clause)
@ -63,6 +63,7 @@ Source14: nginx-upgrade.8
Source15: macros.nginxmods.in
Source16: nginxmods.attr
Source17: nginx.sysusers
Source18: nginx.tmpfiles
Source102: nginx-logo.png
Source103: 404.html
Source104: 50x.html
@ -107,6 +108,21 @@ Patch10: nginx-1.20.1-CVE-2025-23419.patch
# upstream patch - https://issues.redhat.com/browse/RHEL-6786
Patch11: 0011-SSL-use-of-the-SSL_OP_IGNORE_UNEXPECTED_EOF-option.patch
# upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=2141496
# - https://bugzilla.redhat.com/show_bug.cgi?id=2141495
Patch12: 0012-CVE-2022-41741-and-CVE-2022-41742-fix.patch
# upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=2304966
Patch13: 0013-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch
# https://issues.redhat.com/browse/RHEL-113229
# upstream patch - https://github.com/nginx/nginx/pull/1089
Patch14: 0014-Clarify-binding-behavior-of-t-option.patch
# https://issues.redhat.com/browse/RHEL-146516
# upstream patch - https://github.com/nginx/nginx/commit/784fa05025cb8cd0c770f99bc79d2794b9f85b6e
Patch15: 0015-Upstream-detect-premature-plain-text-response-from-S.patch
BuildRequires: make
BuildRequires: gcc
BuildRequires: gnupg2
@ -401,6 +417,8 @@ install -p -m 0644 ./nginx.conf \
%{buildroot}%{_sysconfdir}/nginx
rm -f %{buildroot}%{_datadir}/nginx/html/index.html
rm -f %{buildroot}%{_datadir}/nginx/html/50x.html
%if 0%{?el7}
ln -s ../../doc/HTML/index.html \
%{buildroot}%{_datadir}/nginx/html/index.html
@ -476,6 +494,10 @@ install -Dpm0644 -t %{buildroot}%{_fileattrsdir} %{SOURCE16}
# install sysusers file
install -p -D -m 0644 %{SOURCE17} %{buildroot}%{_sysusersdir}/nginx.conf
# tmpfiles.d configuration
mkdir -p %{buildroot}%{_tmpfilesdir}
install -m 644 -p %{SOURCE18} %{buildroot}%{_tmpfilesdir}/nginx.conf
%pre filesystem
%sysusers_create_compat %{SOURCE17}
@ -563,6 +585,7 @@ fi
%attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx
%attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx/tmp
%attr(711,root,root) %dir %{_localstatedir}/log/nginx
%{_tmpfilesdir}/nginx.conf
%ghost %attr(640,%{nginx_user},root) %{_localstatedir}/log/nginx/access.log
%ghost %attr(640,%{nginx_user},root) %{_localstatedir}/log/nginx/error.log
%dir %{nginx_moduledir}
@ -616,6 +639,28 @@ fi
%changelog
* Tue Feb 17 2026 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-28
- Resolves: RHEL-146528 - CVE-2026-1642 nginx: NGINX: Data injection via
man-in-the-middle attack on TLS proxied connection
* Thu Jan 29 2026 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-27
- Resolves: RHEL-145177 - Clarify binding behavior of -t option
* Thu Nov 20 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-26
- Resolves: RHEL-102548 - Remove 50x.html for nginx 1.26
* Wed Nov 19 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-25
- Resolves: RHEL-114935 - Image mode: The dir /var/lib and /var/log
is not created when updating system in image mode
* Wed May 14 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-24
- Resolves: RHEL-84477 - nginx: specially crafted MP4 file may cause
denial of service (CVE-2024-7347)
- Resolves: RHEL-85556 - nginx: Memory disclosure in the
ngx_http_mp4_module (CVE-2022-41742)
- Resolves: RHEL-91446 - nginx: Memory corruption in the
ngx_http_mp4_module (CVE-2022-41741)
* Thu Apr 24 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-23
- Resolves: RHEL-6786 - SSL-errors 0A000126 / NS_NET_ERROR_PARTIAL_TRANSFER
at nginx with reverse-proxy