diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2020-01-16 16:03:50 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2020-01-16 21:28:57 +0100 |
commit | dd81abbcbedbddfc50c0d20af4559ecc142d2278 (patch) | |
tree | eb2ec1506f9713c81f76b57b45173724d514acb2 | |
parent | 0883c9ddd66fa981fe993434cb3bab2593e299e4 (diff) | |
download | alpine_aports-dd81abbcbedbddfc50c0d20af4559ecc142d2278.tar.bz2 alpine_aports-dd81abbcbedbddfc50c0d20af4559ecc142d2278.tar.xz alpine_aports-dd81abbcbedbddfc50c0d20af4559ecc142d2278.zip |
main/nginx: fix CVE-2019-20372
fixes #11134
skip pkgrel=5 due to bad commit 732a2a015029 (main/nginx: fix
CVE-2019-20372) in master.
-rw-r--r-- | main/nginx/APKBUILD | 6 | ||||
-rw-r--r-- | main/nginx/CVE-2019-20372.patch | 28 |
2 files changed, 33 insertions, 1 deletions
diff --git a/main/nginx/APKBUILD b/main/nginx/APKBUILD index d51ff8cba6..661ffc38f0 100644 --- a/main/nginx/APKBUILD +++ b/main/nginx/APKBUILD | |||
@@ -4,6 +4,8 @@ | |||
4 | # Contributor: Jakub Jirutka <jakub@jirutka.cz> | 4 | # Contributor: Jakub Jirutka <jakub@jirutka.cz> |
5 | # | 5 | # |
6 | # secfixes: | 6 | # secfixes: |
7 | # 1.16.1-r6: | ||
8 | # - CVE-2019-20372 | ||
7 | # 1.16.1-r0: | 9 | # 1.16.1-r0: |
8 | # - CVE-2019-9511 | 10 | # - CVE-2019-9511 |
9 | # - CVE-2019-9513 | 11 | # - CVE-2019-9513 |
@@ -19,7 +21,7 @@ pkgname=nginx | |||
19 | # NOTE: Upgrade only to even-numbered versions (e.g. 1.14.z, 1.16.z)! | 21 | # NOTE: Upgrade only to even-numbered versions (e.g. 1.14.z, 1.16.z)! |
20 | # Odd-numbered versions are mainline (development) versions. | 22 | # Odd-numbered versions are mainline (development) versions. |
21 | pkgver=1.16.1 | 23 | pkgver=1.16.1 |
22 | pkgrel=4 | 24 | pkgrel=6 |
23 | # Revision of nginx-tests to use for check(). | 25 | # Revision of nginx-tests to use for check(). |
24 | _tests_hgrev=40e5f2a0a238 | 26 | _tests_hgrev=40e5f2a0a238 |
25 | _njs_ver=0.3.5 | 27 | _njs_ver=0.3.5 |
@@ -62,6 +64,7 @@ replaces="$pkgname-common $pkgname-initscripts $pkgname-lua $pkgname-rtmp" | |||
62 | source="https://nginx.org/download/$pkgname-$pkgver.tar.gz | 64 | source="https://nginx.org/download/$pkgname-$pkgver.tar.gz |
63 | $pkgname-tests-$_tests_hgrev.tar.gz::https://hg.nginx.org/nginx-tests/archive/$_tests_hgrev.tar.gz | 65 | $pkgname-tests-$_tests_hgrev.tar.gz::https://hg.nginx.org/nginx-tests/archive/$_tests_hgrev.tar.gz |
64 | $pkgname-njs-$_njs_ver.tar.gz::https://hg.nginx.org/njs/archive/$_njs_ver.tar.gz | 66 | $pkgname-njs-$_njs_ver.tar.gz::https://hg.nginx.org/njs/archive/$_njs_ver.tar.gz |
67 | CVE-2019-20372.patch | ||
65 | nginx.conf | 68 | nginx.conf |
66 | default.conf | 69 | default.conf |
67 | $pkgname.logrotate | 70 | $pkgname.logrotate |
@@ -350,6 +353,7 @@ _module() { | |||
350 | sha512sums="17e95b43fa47d4fef5e652dea587518e16ab5ec562c9c94355c356440166d4b6a6a41ee520d406e5a34791a327d2e3c46b3f9b105ac9ce07afdd495c49eca437 nginx-1.16.1.tar.gz | 353 | sha512sums="17e95b43fa47d4fef5e652dea587518e16ab5ec562c9c94355c356440166d4b6a6a41ee520d406e5a34791a327d2e3c46b3f9b105ac9ce07afdd495c49eca437 nginx-1.16.1.tar.gz |
351 | 69ebc81dba60c062e3a0e1ba0a7e1f2c2bf74f38f2bbd4dd0c5608e6c6965b819dc3c57fe21b596c1faceef61bc4a1c804eb9634f8824d62bc9293d17cd2bab2 nginx-tests-40e5f2a0a238.tar.gz | 354 | 69ebc81dba60c062e3a0e1ba0a7e1f2c2bf74f38f2bbd4dd0c5608e6c6965b819dc3c57fe21b596c1faceef61bc4a1c804eb9634f8824d62bc9293d17cd2bab2 nginx-tests-40e5f2a0a238.tar.gz |
352 | e7e11b5ed8703adac1d4fb3b8e82731f868eb6c1cad405e9664f3761733ebfaa9a122517ac78cf4ef93d8d78cdb58d36bdbd96dff164079a3a18e9eba60f4aae nginx-njs-0.3.5.tar.gz | 355 | e7e11b5ed8703adac1d4fb3b8e82731f868eb6c1cad405e9664f3761733ebfaa9a122517ac78cf4ef93d8d78cdb58d36bdbd96dff164079a3a18e9eba60f4aae nginx-njs-0.3.5.tar.gz |
356 | 3d70fecd28a3c7b126aa06404ebb3a0fa71659abb710ecf441208b6735bda80493265410bebb4cecbb2fffa589fede75897b7f7d2da9def2482c75ac85b02b30 CVE-2019-20372.patch | ||
353 | ac7e3153ab698b4cde077f0d5d7ac0a58897927eb36cf3b58cb01268ca0296f1d589c0a5b4f889b96b5b4a57bef05b17c59be59a9d7c4d7a3d3be58f101f7f41 nginx.conf | 357 | ac7e3153ab698b4cde077f0d5d7ac0a58897927eb36cf3b58cb01268ca0296f1d589c0a5b4f889b96b5b4a57bef05b17c59be59a9d7c4d7a3d3be58f101f7f41 nginx.conf |
354 | 0907f69dc2d3dc1bad3a04fb6673f741f1a8be964e22b306ef9ae2f8e736e1f5733a8884bfe54f3553fff5132a0e5336716250f54272c3fec2177d6ba16986f3 default.conf | 358 | 0907f69dc2d3dc1bad3a04fb6673f741f1a8be964e22b306ef9ae2f8e736e1f5733a8884bfe54f3553fff5132a0e5336716250f54272c3fec2177d6ba16986f3 default.conf |
355 | 09b110693e3f4377349ccea3c43cb8199c8579ee351eae34283299be99fdf764b0c1bddd552e13e4d671b194501618b29c822e1ad53b34101a73a63954363dbb nginx.logrotate | 359 | 09b110693e3f4377349ccea3c43cb8199c8579ee351eae34283299be99fdf764b0c1bddd552e13e4d671b194501618b29c822e1ad53b34101a73a63954363dbb nginx.logrotate |
diff --git a/main/nginx/CVE-2019-20372.patch b/main/nginx/CVE-2019-20372.patch new file mode 100644 index 0000000000..7329261e55 --- /dev/null +++ b/main/nginx/CVE-2019-20372.patch | |||
@@ -0,0 +1,28 @@ | |||
1 | From c1be55f97211d38b69ac0c2027e6812ab8b1b94e Mon Sep 17 00:00:00 2001 | ||
2 | From: Ruslan Ermilov <ru@nginx.com> | ||
3 | Date: Mon, 23 Dec 2019 15:45:46 +0300 | ||
4 | Subject: [PATCH] Discard request body when redirecting to a URL via | ||
5 | error_page. | ||
6 | |||
7 | Reported by Bert JW Regeer and Francisco Oca Gonzalez. | ||
8 | --- | ||
9 | src/http/ngx_http_special_response.c | 6 ++++++ | ||
10 | 1 file changed, 6 insertions(+) | ||
11 | |||
12 | diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c | ||
13 | index 4ffb2cc8ad..76e6705889 100644 | ||
14 | --- a/src/http/ngx_http_special_response.c | ||
15 | +++ b/src/http/ngx_http_special_response.c | ||
16 | @@ -623,6 +623,12 @@ ngx_http_send_error_page(ngx_http_request_t *r, ngx_http_err_page_t *err_page) | ||
17 | return ngx_http_named_location(r, &uri); | ||
18 | } | ||
19 | |||
20 | + r->expect_tested = 1; | ||
21 | + | ||
22 | + if (ngx_http_discard_request_body(r) != NGX_OK) { | ||
23 | + r->keepalive = 0; | ||
24 | + } | ||
25 | + | ||
26 | location = ngx_list_push(&r->headers_out.headers); | ||
27 | |||
28 | if (location == NULL) { | ||