diff --git a/SOURCES/0012-CVE-2022-41741-and-CVE-2022-41742-fix.patch b/SOURCES/0012-CVE-2022-41741-and-CVE-2022-41742-fix.patch new file mode 100644 index 0000000..7c5d2bd --- /dev/null +++ b/SOURCES/0012-CVE-2022-41741-and-CVE-2022-41742-fix.patch @@ -0,0 +1,312 @@ +From cd2d74e054ec89de05a61a78d76f3ac55d696440 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= +Date: Mon, 31 Mar 2025 17:40:54 +0200 +Subject: [PATCH] CVE-2022-41741 and CVE-2022-41742 fix + +Fixes CVE-2022-41742 nginx: Memory disclosure in the ngx_http_mp4_module +and CVE-2022-41741 nginx: Memory corruption in the ngx_http_mp4_module +--- + src/http/modules/ngx_http_mp4_module.c | 147 +++++++++++++++++++++++++ + 1 file changed, 147 insertions(+) + +diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c +index a6e3e80..f6c8c58 100644 +--- a/src/http/modules/ngx_http_mp4_module.c ++++ b/src/http/modules/ngx_http_mp4_module.c +@@ -1070,6 +1070,12 @@ ngx_http_mp4_read_ftyp_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + return NGX_ERROR; + } + ++ if (mp4->ftyp_atom.buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 ftyp atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size; + + ftyp_atom = ngx_palloc(mp4->request->pool, atom_size); +@@ -1128,6 +1134,12 @@ ngx_http_mp4_read_moov_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + return NGX_DECLINED; + } + ++ if (mp4->moov_atom.buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 moov atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + conf = ngx_http_get_module_loc_conf(mp4->request, ngx_http_mp4_module); + + if (atom_data_size > mp4->buffer_size) { +@@ -1195,6 +1207,12 @@ ngx_http_mp4_read_mdat_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mdat atom"); + ++ if (mp4->mdat_atom.buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 mdat atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + data = &mp4->mdat_data_buf; + data->file = &mp4->file; + data->in_file = 1; +@@ -1321,6 +1339,12 @@ ngx_http_mp4_read_mvhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mvhd atom"); + ++ if (mp4->mvhd_atom.buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 mvhd atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom_header = ngx_mp4_atom_header(mp4); + mvhd_atom = (ngx_mp4_mvhd_atom_t *) atom_header; + mvhd64_atom = (ngx_mp4_mvhd64_atom_t *) atom_header; +@@ -1586,6 +1610,13 @@ ngx_http_mp4_read_tkhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size; + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_TKHD_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 tkhd atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->tkhd_size = atom_size; + + ngx_mp4_set_32value(tkhd_atom->size, atom_size); +@@ -1624,6 +1655,12 @@ ngx_http_mp4_read_mdia_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_MDIA_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 mdia atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->mdia_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -1747,6 +1784,13 @@ ngx_http_mp4_read_mdhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size; + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_MDHD_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 mdhd atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->mdhd_size = atom_size; + trak->timescale = timescale; + +@@ -1789,6 +1833,12 @@ ngx_http_mp4_read_hdlr_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_HDLR_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 hdlr atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->hdlr_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -1817,6 +1867,12 @@ ngx_http_mp4_read_minf_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_MINF_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 minf atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->minf_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -1860,6 +1916,15 @@ ngx_http_mp4_read_vmhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_VMHD_ATOM].buf ++ || trak->out[NGX_HTTP_MP4_SMHD_ATOM].buf) ++ { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 vmhd/smhd atom in \"%s\"", ++ mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->vmhd_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -1891,6 +1956,15 @@ ngx_http_mp4_read_smhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_VMHD_ATOM].buf ++ || trak->out[NGX_HTTP_MP4_SMHD_ATOM].buf) ++ { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 vmhd/smhd atom in \"%s\"", ++ mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->smhd_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -1922,6 +1996,12 @@ ngx_http_mp4_read_dinf_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_DINF_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 dinf atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->dinf_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -1950,6 +2030,12 @@ ngx_http_mp4_read_stbl_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_STBL_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stbl atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->stbl_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -2018,6 +2104,12 @@ ngx_http_mp4_read_stsd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_STSD_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stsd atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->stsd_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -2086,6 +2178,13 @@ ngx_http_mp4_read_stts_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_end = atom_table + entries * sizeof(ngx_mp4_stts_entry_t); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STTS_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stts atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->time_to_sample_entries = entries; + + atom = &trak->stts_atom_buf; +@@ -2291,6 +2390,13 @@ ngx_http_mp4_read_stss_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + "sync sample entries:%uD", entries); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STSS_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stss atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->sync_samples_entries = entries; + + atom_table = atom_header + sizeof(ngx_http_mp4_stss_atom_t); +@@ -2489,6 +2595,13 @@ ngx_http_mp4_read_ctts_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + "composition offset entries:%uD", entries); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_CTTS_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 ctts atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->composition_offset_entries = entries; + + atom_table = atom_header + sizeof(ngx_mp4_ctts_atom_t); +@@ -2692,6 +2805,13 @@ ngx_http_mp4_read_stsc_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_end = atom_table + entries * sizeof(ngx_mp4_stsc_entry_t); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STSC_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stsc atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->sample_to_chunk_entries = entries; + + atom = &trak->stsc_atom_buf; +@@ -3032,6 +3152,13 @@ ngx_http_mp4_read_stsz_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + "sample uniform size:%uD, entries:%uD", size, entries); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STSZ_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stsz atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->sample_sizes_entries = entries; + + atom_table = atom_header + sizeof(ngx_mp4_stsz_atom_t); +@@ -3215,6 +3342,16 @@ ngx_http_mp4_read_stco_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_end = atom_table + entries * sizeof(uint32_t); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STCO_ATOM].buf ++ || trak->out[NGX_HTTP_MP4_CO64_ATOM].buf) ++ { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stco/co64 atom in \"%s\"", ++ mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->chunks = entries; + + atom = &trak->stco_atom_buf; +@@ -3421,6 +3558,16 @@ ngx_http_mp4_read_co64_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_end = atom_table + entries * sizeof(uint64_t); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STCO_ATOM].buf ++ || trak->out[NGX_HTTP_MP4_CO64_ATOM].buf) ++ { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stco/co64 atom in \"%s\"", ++ mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->chunks = entries; + + atom = &trak->co64_atom_buf; +-- +2.44.0 + diff --git a/SOURCES/0013-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch b/SOURCES/0013-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch new file mode 100644 index 0000000..13cfa31 --- /dev/null +++ b/SOURCES/0013-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch @@ -0,0 +1,56 @@ +From b7e3c8bcfbee27061efdd40ffb3a8479a9bcd9c8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= +Date: Fri, 21 Mar 2025 04:12:14 +0100 +Subject: [PATCH] CVE-2024-7347: Buffer overread in the mp4 module + +--- + src/http/modules/ngx_http_mp4_module.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c +index 0e93fbd..a6e3e80 100644 +--- a/src/http/modules/ngx_http_mp4_module.c ++++ b/src/http/modules/ngx_http_mp4_module.c +@@ -2789,7 +2789,8 @@ static ngx_int_t + ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4, + ngx_http_mp4_trak_t *trak, ngx_uint_t start) + { +- uint32_t start_sample, chunk, samples, id, next_chunk, n, ++ uint64_t n; ++ uint32_t start_sample, chunk, samples, id, next_chunk, + prev_samples; + ngx_buf_t *data, *buf; + ngx_uint_t entries, target_chunk, chunk_samples; +@@ -2845,12 +2846,19 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4, + + next_chunk = ngx_mp4_get_32value(entry->chunk); + ++ if (next_chunk < chunk) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "unordered mp4 stsc chunks in \"%s\"", ++ mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + ngx_log_debug5(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, + "sample:%uD, chunk:%uD, chunks:%uD, " + "samples:%uD, id:%uD", + start_sample, chunk, next_chunk - chunk, samples, id); + +- n = (next_chunk - chunk) * samples; ++ n = (uint64_t) (next_chunk - chunk) * samples; + + if (start_sample < n) { + goto found; +@@ -2872,7 +2880,7 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4, + "sample:%uD, chunk:%uD, chunks:%uD, samples:%uD", + start_sample, chunk, next_chunk - chunk, samples); + +- n = (next_chunk - chunk) * samples; ++ n = (uint64_t) (next_chunk - chunk) * samples; + + if (start_sample > n) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, +-- +2.44.0 + diff --git a/SOURCES/0014-Clarify-binding-behavior-of-t-option.patch b/SOURCES/0014-Clarify-binding-behavior-of-t-option.patch new file mode 100644 index 0000000..dee159f --- /dev/null +++ b/SOURCES/0014-Clarify-binding-behavior-of-t-option.patch @@ -0,0 +1,37 @@ +From dc847f7aedf0b4f8bbf9d7f9ba983541c6ca88c9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= +Date: Tue, 20 Jan 2026 19:27:05 +0100 +Subject: [PATCH] Clarify binding behavior of -t option. + +Configuration testing includes binding to configured listen addresses +when opening referenced files. +--- + man/nginx.8 | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/man/nginx.8 b/man/nginx.8 +index 10db3e6..64d9ae7 100644 +--- a/man/nginx.8 ++++ b/man/nginx.8 +@@ -25,7 +25,7 @@ + .\" SUCH DAMAGE. + .\" + .\" +-.Dd November 5, 2020 ++.Dd January 21, 2026 + .Dt NGINX 8 + .Os + .Sh NAME +@@ -98,7 +98,8 @@ but additionally dump configuration files to standard output. + Do not run, just test the configuration file. + .Nm + checks the configuration file syntax and then tries to open files +-referenced in the configuration file. ++referenced in the configuration file, including binding to configured ++listen addresses. + .It Fl V + Print the + .Nm +-- +2.44.0 + diff --git a/SOURCES/0015-Upstream-detect-premature-plain-text-response-from-S.patch b/SOURCES/0015-Upstream-detect-premature-plain-text-response-from-S.patch new file mode 100644 index 0000000..ba85cc4 --- /dev/null +++ b/SOURCES/0015-Upstream-detect-premature-plain-text-response-from-S.patch @@ -0,0 +1,45 @@ +From 93ac6eae019e30fc22d2d5321acb28de549f73aa Mon Sep 17 00:00:00 2001 +From: Roman Arutyunyan +Date: Thu, 29 Jan 2026 13:27:32 +0400 +Subject: [PATCH] Upstream: detect premature plain text response from SSL + backend. + +When connecting to a backend, the connection write event is triggered +first in most cases. However if a response arrives quickly enough, both +read and write events can be triggered together within the same event loop +iteration. In this case the read event handler is called first and the +write event handler is called after it. + +SSL initialization for backend connections happens only in the write event +handler since SSL handshake starts with sending Client Hello. Previously, +if a backend sent a quick plain text response, it could be parsed by the +read event handler prior to starting SSL handshake on the connection. +The change adds protection against parsing such responses on SSL-enabled +connections. +--- + src/http/ngx_http_upstream.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c +index 2ce9f21..70c3b46 100644 +--- a/src/http/ngx_http_upstream.c ++++ b/src/http/ngx_http_upstream.c +@@ -2461,6 +2461,15 @@ ngx_http_upstream_process_header(ngx_http_request_t *r, ngx_http_upstream_t *u) + return; + } + ++#if (NGX_HTTP_SSL) ++ if (u->ssl && c->ssl == NULL) { ++ ngx_log_error(NGX_LOG_ERR, c->log, 0, ++ "upstream prematurely sent response"); ++ ngx_http_upstream_next(r, u, NGX_HTTP_UPSTREAM_FT_ERROR); ++ return; ++ } ++#endif ++ + u->state->bytes_received += n; + + u->buffer.last += n; +-- +2.44.0 + diff --git a/SOURCES/nginx.tmpfiles b/SOURCES/nginx.tmpfiles new file mode 100644 index 0000000..74cc467 --- /dev/null +++ b/SOURCES/nginx.tmpfiles @@ -0,0 +1,4 @@ +d /var/lib/nginx 770 nginx root - +d /var/lib/nginx/tmp 770 nginx root - +d /var/log/nginx 711 root root - + diff --git a/SPECS/nginx.spec b/SPECS/nginx.spec index 38afcda..2c47dda 100644 --- a/SPECS/nginx.spec +++ b/SPECS/nginx.spec @@ -41,7 +41,7 @@ Name: nginx Epoch: 2 Version: 1.20.1 -Release: 23%{?dist} +Release: 28%{?dist} Summary: A high performance web server and reverse proxy server # BSD License (two clause) @@ -63,6 +63,7 @@ Source14: nginx-upgrade.8 Source15: macros.nginxmods.in Source16: nginxmods.attr Source17: nginx.sysusers +Source18: nginx.tmpfiles Source102: nginx-logo.png Source103: 404.html Source104: 50x.html @@ -107,6 +108,21 @@ Patch10: nginx-1.20.1-CVE-2025-23419.patch # upstream patch - https://issues.redhat.com/browse/RHEL-6786 Patch11: 0011-SSL-use-of-the-SSL_OP_IGNORE_UNEXPECTED_EOF-option.patch +# upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=2141496 +# - https://bugzilla.redhat.com/show_bug.cgi?id=2141495 +Patch12: 0012-CVE-2022-41741-and-CVE-2022-41742-fix.patch + +# upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=2304966 +Patch13: 0013-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch + +# https://issues.redhat.com/browse/RHEL-113229 +# upstream patch - https://github.com/nginx/nginx/pull/1089 +Patch14: 0014-Clarify-binding-behavior-of-t-option.patch + +# https://issues.redhat.com/browse/RHEL-146516 +# upstream patch - https://github.com/nginx/nginx/commit/784fa05025cb8cd0c770f99bc79d2794b9f85b6e +Patch15: 0015-Upstream-detect-premature-plain-text-response-from-S.patch + BuildRequires: make BuildRequires: gcc BuildRequires: gnupg2 @@ -401,6 +417,8 @@ install -p -m 0644 ./nginx.conf \ %{buildroot}%{_sysconfdir}/nginx rm -f %{buildroot}%{_datadir}/nginx/html/index.html +rm -f %{buildroot}%{_datadir}/nginx/html/50x.html + %if 0%{?el7} ln -s ../../doc/HTML/index.html \ %{buildroot}%{_datadir}/nginx/html/index.html @@ -476,6 +494,10 @@ install -Dpm0644 -t %{buildroot}%{_fileattrsdir} %{SOURCE16} # install sysusers file install -p -D -m 0644 %{SOURCE17} %{buildroot}%{_sysusersdir}/nginx.conf +# tmpfiles.d configuration +mkdir -p %{buildroot}%{_tmpfilesdir} +install -m 644 -p %{SOURCE18} %{buildroot}%{_tmpfilesdir}/nginx.conf + %pre filesystem %sysusers_create_compat %{SOURCE17} @@ -563,6 +585,7 @@ fi %attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx %attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx/tmp %attr(711,root,root) %dir %{_localstatedir}/log/nginx +%{_tmpfilesdir}/nginx.conf %ghost %attr(640,%{nginx_user},root) %{_localstatedir}/log/nginx/access.log %ghost %attr(640,%{nginx_user},root) %{_localstatedir}/log/nginx/error.log %dir %{nginx_moduledir} @@ -616,6 +639,28 @@ fi %changelog +* Tue Feb 17 2026 Luboš Uhliarik - 2:1.20.1-28 +- Resolves: RHEL-146528 - CVE-2026-1642 nginx: NGINX: Data injection via + man-in-the-middle attack on TLS proxied connection + +* Thu Jan 29 2026 Luboš Uhliarik - 2:1.20.1-27 +- Resolves: RHEL-145177 - Clarify binding behavior of -t option + +* Thu Nov 20 2025 Luboš Uhliarik - 2:1.20.1-26 +- Resolves: RHEL-102548 - Remove 50x.html for nginx 1.26 + +* Wed Nov 19 2025 Luboš Uhliarik - 2:1.20.1-25 +- Resolves: RHEL-114935 - Image mode: The dir /var/lib and /var/log + is not created when updating system in image mode + +* Wed May 14 2025 Luboš Uhliarik - 2:1.20.1-24 +- Resolves: RHEL-84477 - nginx: specially crafted MP4 file may cause + denial of service (CVE-2024-7347) +- Resolves: RHEL-85556 - nginx: Memory disclosure in the + ngx_http_mp4_module (CVE-2022-41742) +- Resolves: RHEL-91446 - nginx: Memory corruption in the + ngx_http_mp4_module (CVE-2022-41741) + * Thu Apr 24 2025 Luboš Uhliarik - 2:1.20.1-23 - Resolves: RHEL-6786 - SSL-errors 0A000126 / NS_NET_ERROR_PARTIAL_TRANSFER at nginx with reverse-proxy