3 files changed, 6 insertions, 116 deletions
diff --git a/meta-webserver/recipes-httpd/nginx/files/CVE-2021-3618.patch b/meta-webserver/recipes-httpd/nginx/files/CVE-2021-3618.patch
deleted file mode 100644
index be42a1ed5..000000000
--- a/meta-webserver/recipes-httpd/nginx/files/CVE-2021-3618.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From 6dafcdebde58577f4fcb190be46a0eb910cf1b96 Mon Sep 17 00:00:00 2001
-From: Maxim Dounin <mdounin@mdounin.ru>
-Date: Wed, 19 May 2021 03:13:31 +0300
-Subject: [PATCH 1/1] Mail: max_errors directive.
-Similarly to smtpd_hard_error_limit in Postfix and smtp_max_unknown_commands
-in Exim, specifies the number of errors after which the connection is closed.
--- end of original header ---
-CVE: CVE-2021-3618
-Upstream-Status: Backport
-                 https://github.com/nginx/nginx.git
-                 commit 173f16f736c10eae46cd15dd861b04b82d91a37a
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
---
- src/mail/ngx_mail.h             |  3 +++
- src/mail/ngx_mail_core_module.c | 10 ++++++++++
- src/mail/ngx_mail_handler.c     | 15 ++++++++++++++-
- 3 files changed, 27 insertions(+), 1 deletion(-)
-diff --git a/src/mail/ngx_mail.h b/src/mail/ngx_mail.h
-index b865a3b9..76cae37a 100644
--- a/src/mail/ngx_mail.h
-+++ b/src/mail/ngx_mail.h
-@@ -115,6 +115,8 @@ typedef struct {
-     ngx_msec_t              timeout;
-     ngx_msec_t              resolver_timeout;
- 
-+    ngx_uint_t              max_errors;
-+
-     ngx_str_t               server_name;
- 
-     u_char                 *file_name;
-@@ -231,6 +233,7 @@ typedef struct {
-     ngx_uint_t              command;
-     ngx_array_t             args;
- 
-+    ngx_uint_t              errors;
-     ngx_uint_t              login_attempt;
- 
-     /* used to parse POP3/IMAP/SMTP command */
-diff --git a/src/mail/ngx_mail_core_module.c b/src/mail/ngx_mail_core_module.c
-index 40831242..115671ca 100644
--- a/src/mail/ngx_mail_core_module.c
-+++ b/src/mail/ngx_mail_core_module.c
-@@ -85,6 +85,13 @@ static ngx_command_t  ngx_mail_core_commands[] = {
-       offsetof(ngx_mail_core_srv_conf_t, resolver_timeout),
-       NULL },
- 
-+    { ngx_string("max_errors"),
-+      NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
-+      ngx_conf_set_num_slot,
-+      NGX_MAIL_SRV_CONF_OFFSET,
-+      offsetof(ngx_mail_core_srv_conf_t, max_errors),
-+      NULL },
-+
-       ngx_null_command
- };
- 
-@@ -163,6 +170,8 @@ ngx_mail_core_create_srv_conf(ngx_conf_t *cf)
-     cscf->timeout = NGX_CONF_UNSET_MSEC;
-     cscf->resolver_timeout = NGX_CONF_UNSET_MSEC;
- 
-+    cscf->max_errors = NGX_CONF_UNSET_UINT;
-+
-     cscf->resolver = NGX_CONF_UNSET_PTR;
- 
-     cscf->file_name = cf->conf_file->file.name.data;
-@@ -182,6 +191,7 @@ ngx_mail_core_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
-     ngx_conf_merge_msec_value(conf->resolver_timeout, prev->resolver_timeout,
-                               30000);
- 
-+    ngx_conf_merge_uint_value(conf->max_errors, prev->max_errors, 5);
- 
-     ngx_conf_merge_str_value(conf->server_name, prev->server_name, "");
- 
-diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_handler.c
-index 0aaa0e78..71b81512 100644
--- a/src/mail/ngx_mail_handler.c
-+++ b/src/mail/ngx_mail_handler.c
-@@ -871,7 +871,20 @@ ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c)
-         return NGX_MAIL_PARSE_INVALID_COMMAND;
-     }
- 
-    if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
-+    if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
-+
-+        s->errors++;
-+
-+        if (s->errors >= cscf->max_errors) {
-+            ngx_log_error(NGX_LOG_INFO, c->log, 0,
-+                          "client sent too many invalid commands");
-+            s->quit = 1;
-+        }
-+
-+        return rc;
-+    }
-+
-+    if (rc == NGX_IMAP_NEXT) {
-         return rc;
-     }
- 
-- 
-2.25.1
diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb
deleted file mode 100644
index d686c627f..000000000
--- a/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb
+++ /dev/null
@@ -1,9 +0,0 @@
-require nginx.inc
-SRC_URI += "file://CVE-2021-3618.patch"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=206629dc7c7b3e87acb31162363ae505"
-SRC_URI[md5sum] = "8ca6edd5076bdfad30a69c9c9b41cc68"
-SRC_URI[sha256sum] = "e462e11533d5c30baa05df7652160ff5979591d291736cfa5edb9fd2edb48c49"
diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.23.3.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.23.3.bb
new file mode 100644
index 000000000..a8ffd9b93
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nginx/nginx_1.23.3.bb
@@ -0,0 +1,6 @@
+require nginx.inc
+LIC_FILES_CHKSUM = "file://LICENSE;md5=175abb631c799f54573dc481454c8632"
+SRC_URI[sha256sum] = "75cb5787dbb9fae18b14810f91cc4343f64ce4c24e27302136fb52498042ba54"

diff --git a/meta-webserver/recipes-httpd/nginx/files/CVE-2021-3618.patch b/meta-webserver/recipes-httpd/nginx/files/CVE-2021-3618.patch deleted file mode 100644 index be42a1ed5..000000000 --- a/meta-webserver/recipes-httpd/nginx/files/CVE-2021-3618.patch +++ /dev/null
@@ -1,107 +0,0 @@
1	From 6dafcdebde58577f4fcb190be46a0eb910cf1b96 Mon Sep 17 00:00:00 2001
2	From: Maxim Dounin <mdounin@mdounin.ru>
3	Date: Wed, 19 May 2021 03:13:31 +0300
4	Subject: [PATCH 1/1] Mail: max_errors directive.
5
6	Similarly to smtpd_hard_error_limit in Postfix and smtp_max_unknown_commands
7	in Exim, specifies the number of errors after which the connection is closed.
8	--- end of original header ---
9
10	CVE: CVE-2021-3618
11
12	Upstream-Status: Backport
13	https://github.com/nginx/nginx.git
14	commit 173f16f736c10eae46cd15dd861b04b82d91a37a
15
16	Signed-off-by: Joe Slater <joe.slater@windriver.com>
17	---
18	src/mail/ngx_mail.h \| 3 +++
19	src/mail/ngx_mail_core_module.c \| 10 ++++++++++
20	src/mail/ngx_mail_handler.c \| 15 ++++++++++++++-
21	3 files changed, 27 insertions(+), 1 deletion(-)
22
23	diff --git a/src/mail/ngx_mail.h b/src/mail/ngx_mail.h
24	index b865a3b9..76cae37a 100644
25	--- a/src/mail/ngx_mail.h
26	+++ b/src/mail/ngx_mail.h
27	@@ -115,6 +115,8 @@ typedef struct {
28	ngx_msec_t timeout;
29	ngx_msec_t resolver_timeout;
30
31	+ ngx_uint_t max_errors;
32	+
33	ngx_str_t server_name;
34
35	u_char *file_name;
36	@@ -231,6 +233,7 @@ typedef struct {
37	ngx_uint_t command;
38	ngx_array_t args;
39
40	+ ngx_uint_t errors;
41	ngx_uint_t login_attempt;
42
43	/* used to parse POP3/IMAP/SMTP command */
44	diff --git a/src/mail/ngx_mail_core_module.c b/src/mail/ngx_mail_core_module.c
45	index 40831242..115671ca 100644
46	--- a/src/mail/ngx_mail_core_module.c
47	+++ b/src/mail/ngx_mail_core_module.c
48	@@ -85,6 +85,13 @@ static ngx_command_t ngx_mail_core_commands[] = {
49	offsetof(ngx_mail_core_srv_conf_t, resolver_timeout),
50	NULL },
51
52	+ { ngx_string("max_errors"),
53	+ NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
54	+ ngx_conf_set_num_slot,
55	+ NGX_MAIL_SRV_CONF_OFFSET,
56	+ offsetof(ngx_mail_core_srv_conf_t, max_errors),
57	+ NULL },
58	+
59	ngx_null_command
60	};
61
62	@@ -163,6 +170,8 @@ ngx_mail_core_create_srv_conf(ngx_conf_t *cf)
63	cscf->timeout = NGX_CONF_UNSET_MSEC;
64	cscf->resolver_timeout = NGX_CONF_UNSET_MSEC;
65
66	+ cscf->max_errors = NGX_CONF_UNSET_UINT;
67	+
68	cscf->resolver = NGX_CONF_UNSET_PTR;
69
70	cscf->file_name = cf->conf_file->file.name.data;
71	@@ -182,6 +191,7 @@ ngx_mail_core_merge_srv_conf(ngx_conf_t cf, void parent, void *child)
72	ngx_conf_merge_msec_value(conf->resolver_timeout, prev->resolver_timeout,
73	30000);
74
75	+ ngx_conf_merge_uint_value(conf->max_errors, prev->max_errors, 5);
76
77	ngx_conf_merge_str_value(conf->server_name, prev->server_name, "");
78
79	diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_handler.c
80	index 0aaa0e78..71b81512 100644
81	--- a/src/mail/ngx_mail_handler.c
82	+++ b/src/mail/ngx_mail_handler.c
83	@@ -871,7 +871,20 @@ ngx_mail_read_command(ngx_mail_session_t s, ngx_connection_t c)
84	return NGX_MAIL_PARSE_INVALID_COMMAND;
85	}
86
87	- if (rc == NGX_IMAP_NEXT \|\| rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
88	+ if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
89	+
90	+ s->errors++;
91	+
92	+ if (s->errors >= cscf->max_errors) {
93	+ ngx_log_error(NGX_LOG_INFO, c->log, 0,
94	+ "client sent too many invalid commands");
95	+ s->quit = 1;
96	+ }
97	+
98	+ return rc;
99	+ }
100	+
101	+ if (rc == NGX_IMAP_NEXT) {
102	return rc;
103	}
104
105	--
106	2.25.1
107


diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb deleted file mode 100644 index d686c627f..000000000 --- a/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb +++ /dev/null
@@ -1,9 +0,0 @@
1	require nginx.inc
2
3	SRC_URI += "file://CVE-2021-3618.patch"
4
5	LIC_FILES_CHKSUM = "file://LICENSE;md5=206629dc7c7b3e87acb31162363ae505"
6
7	SRC_URI[md5sum] = "8ca6edd5076bdfad30a69c9c9b41cc68"
8	SRC_URI[sha256sum] = "e462e11533d5c30baa05df7652160ff5979591d291736cfa5edb9fd2edb48c49"
9


diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.23.3.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.23.3.bb new file mode 100644 index 000000000..a8ffd9b93 --- /dev/null +++ b/meta-webserver/recipes-httpd/nginx/nginx_1.23.3.bb
@@ -0,0 +1,6 @@
		1	require nginx.inc
		2
		3	LIC_FILES_CHKSUM = "file://LICENSE;md5=175abb631c799f54573dc481454c8632"
		4
		5	SRC_URI[sha256sum] = "75cb5787dbb9fae18b14810f91cc4343f64ce4c24e27302136fb52498042ba54"
		6