From 0682d5f299c77236eab3bc6a978bb8af407553ce Mon Sep 17 00:00:00 2001 From: jackeyji Date: Mon, 23 Sep 2024 17:38:09 +0800 Subject: [PATCH] upgrade to 1.26.2 to fix CVE-2024-31079 CVE-2024-32760 CVE-2024-34161 and CVE-2024-35200 Signed-off-by: jackeyji --- fix-CVE-2024-7347.patch | 43 ----------------------------------------- nginx.spec | 11 ++++++----- sources | 2 +- 3 files changed, 7 insertions(+), 49 deletions(-) delete mode 100644 fix-CVE-2024-7347.patch diff --git a/fix-CVE-2024-7347.patch b/fix-CVE-2024-7347.patch deleted file mode 100644 index d4e44c8..0000000 --- a/fix-CVE-2024-7347.patch +++ /dev/null @@ -1,43 +0,0 @@ -diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c ---- a/src/http/modules/ngx_http_mp4_module.c -+++ b/src/http/modules/ngx_http_mp4_module.c -@@ -3099,7 +3099,8 @@ static ngx_int_t - ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4, - ngx_http_mp4_trak_t *trak, ngx_uint_t start) - { -- uint32_t start_sample, chunk, samples, id, next_chunk, n, -+ uint64_t n; -+ uint32_t start_sample, chunk, samples, id, next_chunk, - prev_samples; - ngx_buf_t *data, *buf; - ngx_uint_t entries, target_chunk, chunk_samples; -@@ -3155,12 +3156,19 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4 - - next_chunk = ngx_mp4_get_32value(entry->chunk); - -+ if (next_chunk < chunk) { -+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, -+ "unordered mp4 stsc chunks in \"%s\"", -+ mp4->file.name.data); -+ return NGX_ERROR; -+ } -+ - ngx_log_debug5(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, - "sample:%uD, chunk:%uD, chunks:%uD, " - "samples:%uD, id:%uD", - start_sample, chunk, next_chunk - chunk, samples, id); - -- n = (next_chunk - chunk) * samples; -+ n = (uint64_t) (next_chunk - chunk) * samples; - - if (start_sample < n) { - goto found; -@@ -3182,7 +3190,7 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4 - "sample:%uD, chunk:%uD, chunks:%uD, samples:%uD", - start_sample, chunk, next_chunk - chunk, samples); - -- n = (next_chunk - chunk) * samples; -+ n = (uint64_t) (next_chunk - chunk) * samples; - - if (start_sample > n) { - ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, diff --git a/nginx.spec b/nginx.spec index ff1375d..8bab175 100644 --- a/nginx.spec +++ b/nginx.spec @@ -23,8 +23,8 @@ Name: nginx -Version: 1.25.4 -Release: 3%{?dist} +Version: 1.26.2 +Release: 1%{?dist} Summary: A high performance web server and reverse proxy server License: BSD URL: https://nginx.org @@ -47,9 +47,6 @@ Source104: 50x.html Source200: README.dynamic Source210: UPGRADE-NOTES-1.6-to-1.10 -#upstream:https://nginx.org/download/patch.2024.mp4.txt -Patch0001: fix-CVE-2024-7347.patch - BuildRequires: make, gcc BuildRequires: openssl-devel, pcre2-devel, zlib-devel, systemd %if 0%{?with_gperftools} @@ -490,6 +487,10 @@ fi %changelog +* Mon Sep 23 2024 jackeyji - 1.26.2-1 +- [Type] security +- [DESC] upgrade to 1.26.2 to fix CVE-2024-31079 CVE-2024-32760 CVE-2024-34161 and CVE-2024-35200 + * Fri Sep 20 2024 jackeyji - 1.25.4-3 - [Type] security - [DESC] fix CVE-2024-7347 diff --git a/sources b/sources index 4694d9f..ec298c7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (nginx-1.25.4.tar.gz) = 72a4aa8ed675f5a27ac723a73e556bbb5ae979a2fe79f9c2f4fb20bd7e719c797af8e2868044b7f2cf58be2a351a268599c8eb1e66719098d4142abab7632bb5 +SHA512 (nginx-1.26.2.tar.gz) = 470efe9ae5d6150ecbf133979c6c36415679a2156499a3b6820a85eb8f3038a8aa06f7b28ddd834cffb0e982f3ddc89e4b1649d536eba4f84019a72d4cfa3539 -- Gitee