summaryrefslogtreecommitdiffstats
path: root/meta-webserver/recipes-httpd
diff options
context:
space:
mode:
authorWang Mingyu <wangmy@fujitsu.com>2023-03-10 14:15:37 +0800
committerKhem Raj <raj.khem@gmail.com>2023-03-09 23:45:17 -0800
commit1e48109bc57b047312055178995e796e6e0aca96 (patch)
tree8e09920545cd63b832436182b29efd128247e22a /meta-webserver/recipes-httpd
parent85587d42a2ae6562ab2f695fec4107a8c2ce52a8 (diff)
downloadmeta-openembedded-1e48109bc57b047312055178995e796e6e0aca96.tar.gz
nginx: upgrade 1.20.1 -> 1.23.3
CVE-2021-3618.patch removed since it's included in 1.23.3 Changelog: ========== *) Bugfix: an error might occur when reading PROXY protocol version 2 header with large number of TLVs. *) Bugfix: a segmentation fault might occur in a worker process if SSI was used to process subrequests created by other modules. Thanks to Ciel Zhao. *) Workaround: when a hostname used in the "listen" directive resolves to multiple addresses, nginx now ignores duplicates within these addresses. *) Bugfix: nginx might hog CPU during unbuffered proxying if SSL connections to backends were used. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-webserver/recipes-httpd')
-rw-r--r--meta-webserver/recipes-httpd/nginx/files/CVE-2021-3618.patch107
-rw-r--r--meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb9
-rw-r--r--meta-webserver/recipes-httpd/nginx/nginx_1.23.3.bb6
3 files changed, 6 insertions, 116 deletions
diff --git a/meta-webserver/recipes-httpd/nginx/files/CVE-2021-3618.patch b/meta-webserver/recipes-httpd/nginx/files/CVE-2021-3618.patch
deleted file mode 100644
index be42a1ed5..000000000
--- a/meta-webserver/recipes-httpd/nginx/files/CVE-2021-3618.patch
+++ /dev/null
@@ -1,107 +0,0 @@
1From 6dafcdebde58577f4fcb190be46a0eb910cf1b96 Mon Sep 17 00:00:00 2001
2From: Maxim Dounin <mdounin@mdounin.ru>
3Date: Wed, 19 May 2021 03:13:31 +0300
4Subject: [PATCH 1/1] Mail: max_errors directive.
5
6Similarly to smtpd_hard_error_limit in Postfix and smtp_max_unknown_commands
7in Exim, specifies the number of errors after which the connection is closed.
8--- end of original header ---
9
10CVE: CVE-2021-3618
11
12Upstream-Status: Backport
13 https://github.com/nginx/nginx.git
14 commit 173f16f736c10eae46cd15dd861b04b82d91a37a
15
16Signed-off-by: Joe Slater <joe.slater@windriver.com>
17---
18 src/mail/ngx_mail.h | 3 +++
19 src/mail/ngx_mail_core_module.c | 10 ++++++++++
20 src/mail/ngx_mail_handler.c | 15 ++++++++++++++-
21 3 files changed, 27 insertions(+), 1 deletion(-)
22
23diff --git a/src/mail/ngx_mail.h b/src/mail/ngx_mail.h
24index b865a3b9..76cae37a 100644
25--- a/src/mail/ngx_mail.h
26+++ b/src/mail/ngx_mail.h
27@@ -115,6 +115,8 @@ typedef struct {
28 ngx_msec_t timeout;
29 ngx_msec_t resolver_timeout;
30
31+ ngx_uint_t max_errors;
32+
33 ngx_str_t server_name;
34
35 u_char *file_name;
36@@ -231,6 +233,7 @@ typedef struct {
37 ngx_uint_t command;
38 ngx_array_t args;
39
40+ ngx_uint_t errors;
41 ngx_uint_t login_attempt;
42
43 /* used to parse POP3/IMAP/SMTP command */
44diff --git a/src/mail/ngx_mail_core_module.c b/src/mail/ngx_mail_core_module.c
45index 40831242..115671ca 100644
46--- a/src/mail/ngx_mail_core_module.c
47+++ b/src/mail/ngx_mail_core_module.c
48@@ -85,6 +85,13 @@ static ngx_command_t ngx_mail_core_commands[] = {
49 offsetof(ngx_mail_core_srv_conf_t, resolver_timeout),
50 NULL },
51
52+ { ngx_string("max_errors"),
53+ NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
54+ ngx_conf_set_num_slot,
55+ NGX_MAIL_SRV_CONF_OFFSET,
56+ offsetof(ngx_mail_core_srv_conf_t, max_errors),
57+ NULL },
58+
59 ngx_null_command
60 };
61
62@@ -163,6 +170,8 @@ ngx_mail_core_create_srv_conf(ngx_conf_t *cf)
63 cscf->timeout = NGX_CONF_UNSET_MSEC;
64 cscf->resolver_timeout = NGX_CONF_UNSET_MSEC;
65
66+ cscf->max_errors = NGX_CONF_UNSET_UINT;
67+
68 cscf->resolver = NGX_CONF_UNSET_PTR;
69
70 cscf->file_name = cf->conf_file->file.name.data;
71@@ -182,6 +191,7 @@ ngx_mail_core_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
72 ngx_conf_merge_msec_value(conf->resolver_timeout, prev->resolver_timeout,
73 30000);
74
75+ ngx_conf_merge_uint_value(conf->max_errors, prev->max_errors, 5);
76
77 ngx_conf_merge_str_value(conf->server_name, prev->server_name, "");
78
79diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_handler.c
80index 0aaa0e78..71b81512 100644
81--- a/src/mail/ngx_mail_handler.c
82+++ b/src/mail/ngx_mail_handler.c
83@@ -871,7 +871,20 @@ ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c)
84 return NGX_MAIL_PARSE_INVALID_COMMAND;
85 }
86
87- if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
88+ if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
89+
90+ s->errors++;
91+
92+ if (s->errors >= cscf->max_errors) {
93+ ngx_log_error(NGX_LOG_INFO, c->log, 0,
94+ "client sent too many invalid commands");
95+ s->quit = 1;
96+ }
97+
98+ return rc;
99+ }
100+
101+ if (rc == NGX_IMAP_NEXT) {
102 return rc;
103 }
104
105--
1062.25.1
107
diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb
deleted file mode 100644
index d686c627f..000000000
--- a/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb
+++ /dev/null
@@ -1,9 +0,0 @@
1require nginx.inc
2
3SRC_URI += "file://CVE-2021-3618.patch"
4
5LIC_FILES_CHKSUM = "file://LICENSE;md5=206629dc7c7b3e87acb31162363ae505"
6
7SRC_URI[md5sum] = "8ca6edd5076bdfad30a69c9c9b41cc68"
8SRC_URI[sha256sum] = "e462e11533d5c30baa05df7652160ff5979591d291736cfa5edb9fd2edb48c49"
9
diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.23.3.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.23.3.bb
new file mode 100644
index 000000000..a8ffd9b93
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nginx/nginx_1.23.3.bb
@@ -0,0 +1,6 @@
1require nginx.inc
2
3LIC_FILES_CHKSUM = "file://LICENSE;md5=175abb631c799f54573dc481454c8632"
4
5SRC_URI[sha256sum] = "75cb5787dbb9fae18b14810f91cc4343f64ce4c24e27302136fb52498042ba54"
6