From c5673d6641d5529c24f809eae36240ceb2627717 Mon Sep 17 00:00:00 2001 From: Xinwei Hu Date: Sat, 29 Jul 2023 09:58:37 +0800 Subject: [PATCH 1/2] fix typo %openEuler in spec file --- openresty.spec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/openresty.spec b/openresty.spec index 16fa620..fd92dea 100644 --- a/openresty.spec +++ b/openresty.spec @@ -117,7 +117,7 @@ Group: Development/Tools Requires: perl, openresty >= %{version}-%{release} Requires: perl(File::Spec), perl(FindBin), perl(List::Util), perl(Getopt::Long), perl(File::Temp), perl(POSIX), perl(Time::HiRes) -%if 0%{?fedora} >= 10 || 0%{?rhel} >= 6 || 0%{?centos} >= 6 || 0%{?%openEuler} >= 2 +%if 0%{?fedora} >= 10 || 0%{?rhel} >= 6 || 0%{?centos} >= 6 || 0%{?openEuler} >= 2 BuildArch: noarch %endif @@ -144,13 +144,13 @@ Requires: perl, perl(Getopt::Std), perl(File::Spec), perl(FindBin), perl(C Requires: groff %endif -%if (0%{?rhel} && 0%{?rhel} >= 7) || 0%{?fedora} || 0%{?%openEuler} >= 2 +%if (0%{?rhel} && 0%{?rhel} >= 7) || 0%{?fedora} || 0%{?openEuler} >= 2 Requires: groff-base %endif Provides: restydoc, restydoc-index, md2pod.pl -%if 0%{?fedora} >= 10 || 0%{?rhel} >= 6 || 0%{?centos} >= 6 || 0%{?%openEuler} >= 2 +%if 0%{?fedora} >= 10 || 0%{?rhel} >= 6 || 0%{?centos} >= 6 || 0%{?openEuler} >= 2 BuildArch: noarch %endif -- Gitee From 0451720d798ec606fc4fcbca67dc01d5baeae41b Mon Sep 17 00:00:00 2001 From: Xinwei Hu Date: Sat, 29 Jul 2023 10:00:35 +0800 Subject: [PATCH 2/2] fix cve 2021 23017 --- fix-cve-2021-23017.patch | 23 +++++++++++++++++++++++ openresty.spec | 7 ++++++- 2 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 fix-cve-2021-23017.patch diff --git a/fix-cve-2021-23017.patch b/fix-cve-2021-23017.patch new file mode 100644 index 0000000..3ce4a16 --- /dev/null +++ b/fix-cve-2021-23017.patch @@ -0,0 +1,23 @@ +--- bundle/nginx-1.19.3/src/core/ngx_resolver.c.orig 2023-07-29 09:46:00.929124573 +0800 ++++ bundle/nginx-1.19.3/src/core/ngx_resolver.c 2023-07-29 09:47:34.318660989 +0800 +@@ -4232,15 +4232,16 @@ + n = *src++; + + } else { ++ ++ if (dst != name->data) { ++ *dst++ = '.'; ++ } ++ + ngx_strlow(dst, src, n); + dst += n; + src += n; + + n = *src++; +- +- if (n != 0) { +- *dst++ = '.'; +- } + } + + if (n == 0) { diff --git a/openresty.spec b/openresty.spec index fd92dea..bf5ae13 100644 --- a/openresty.spec +++ b/openresty.spec @@ -1,6 +1,6 @@ Name: openresty Version: 1.19.3.1 -Release: 2 +Release: 3 Summary: OpenResty, scalable web platform by extending NGINX with Lua Group: System Environment/Daemons @@ -20,6 +20,7 @@ Source1: openresty.service Source2: openresty.init Patch1: 0001-add-option-out-dir-on-configure.patch +Patch2: fix-cve-2021-23017.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -225,6 +226,7 @@ a single box. %setup -q -n "openresty-%{version}" %patch1 -p1 +%patch2 %build ./configure \ @@ -443,6 +445,9 @@ fi %{orprefix_debug}/COPYRIGHT %changelog +* Sat Jul 29 2023 Xinwei Hu - 1.19.3.1-3 +- Fix CVE 2021-23017 for nginx + * Thu Mar 24 2022 Ge Wang 1.19.3.1-2 - Modify release number -- Gitee