Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package nginx for openSUSE:Factory checked in at 2021-06-02 22:10:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nginx (Old) and /work/SRC/openSUSE:Factory/.nginx.new.1898 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nginx" Wed Jun 2 22:10:29 2021 rev:65 rq:895782 version:1.20.1 Changes: -------- --- /work/SRC/openSUSE:Factory/nginx/nginx.changes 2021-04-29 22:44:54.320164316 +0200 +++ /work/SRC/openSUSE:Factory/.nginx.new.1898/nginx.changes 2021-06-02 22:10:37.292127086 +0200 @@ -1,0 +2,10 @@ +Wed May 26 02:44:27 UTC 2021 - ???????? ???????????? <i...@ilya.pp.ua> + +- Update to 1.20.1 + * https://nginx.org/en/CHANGES + * 1-byte memory overwrite might occur during DNS server response processing + if the "resolver" directive was used, allowing an attacker who is able to + forge UDP packets from the DNS server to cause worker process crash or, + potentially, arbitrary code execution (CVE-2021-23017, boo#1186126). + +------------------------------------------------------------------- Old: ---- nginx-1.20.0.tar.gz nginx-1.20.0.tar.gz.asc New: ---- nginx-1.20.1.tar.gz nginx-1.20.1.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nginx.spec ++++++ --- /var/tmp/diff_new_pack.7HO9hY/_old 2021-06-02 22:10:37.984127030 +0200 +++ /var/tmp/diff_new_pack.7HO9hY/_new 2021-06-02 22:10:37.988127029 +0200 @@ -23,7 +23,7 @@ %bcond_with ngx_google_perftools # Name: nginx -Version: 1.20.0 +Version: 1.20.1 Release: 0 Summary: A HTTP server and IMAP/POP3 proxy server License: BSD-2-Clause @@ -83,8 +83,8 @@ Summary: VIM support for nginx config files Group: Productivity/Text/Editors %requires_eq vim -BuildArch: noarch Supplements: (nginx and vim_client) +BuildArch: noarch %description -n vim-plugin-nginx nginx [engine x] is a HTTP server and IMAP/POP3 proxy server written by Igor Sysoev. ++++++ nginx-1.20.0.tar.gz -> nginx-1.20.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.20.0/CHANGES new/nginx-1.20.1/CHANGES --- old/nginx-1.20.0/CHANGES 2021-04-20 15:35:55.000000000 +0200 +++ new/nginx-1.20.1/CHANGES 2021-05-25 14:35:44.000000000 +0200 @@ -1,4 +1,13 @@ +Changes with nginx 1.20.1 25 May 2021 + + *) Security: 1-byte memory overwrite might occur during DNS server + response processing if the "resolver" directive was used, allowing an + attacker who is able to forge UDP packets from the DNS server to + cause worker process crash or, potentially, arbitrary code execution + (CVE-2021-23017). + + Changes with nginx 1.20.0 20 Apr 2021 *) 1.20.x stable branch. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.20.0/CHANGES.ru new/nginx-1.20.1/CHANGES.ru --- old/nginx-1.20.0/CHANGES.ru 2021-04-20 15:35:52.000000000 +0200 +++ new/nginx-1.20.1/CHANGES.ru 2021-05-25 14:35:42.000000000 +0200 @@ -1,4 +1,13 @@ +?????????????????? ?? nginx 1.20.1 25.05.2021 + + *) ????????????????????????: ?????? ?????????????????????????? ?????????????????? resolver ???? ?????????? ?????????????????? + ???????????? DNS-?????????????? ?????????? ?????????????????????? ???????????????????? ???????????? ?????????? ????????????, + ?????? ?????????????????? ????????????????????, ???????????????? ?????????????????????? ?????????????????????? UDP-???????????? + ???? DNS-??????????????, ?????????????? ?????????????? ???????????????? ???????????????? ??????, ????????????????????????, + ???????????????????? ?????????????????????????? ???????? (CVE-2021-23017). + + ?????????????????? ?? nginx 1.20.0 20.04.2021 *) ???????????????????? ?????????? 1.20.x. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.20.0/src/core/nginx.h new/nginx-1.20.1/src/core/nginx.h --- old/nginx-1.20.0/src/core/nginx.h 2021-04-20 15:35:47.000000000 +0200 +++ new/nginx-1.20.1/src/core/nginx.h 2021-05-25 14:35:38.000000000 +0200 @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1020000 -#define NGINX_VERSION "1.20.0" +#define nginx_version 1020001 +#define NGINX_VERSION "1.20.1" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.20.0/src/core/ngx_resolver.c new/nginx-1.20.1/src/core/ngx_resolver.c --- old/nginx-1.20.0/src/core/ngx_resolver.c 2021-04-20 15:35:47.000000000 +0200 +++ new/nginx-1.20.1/src/core/ngx_resolver.c 2021-05-25 14:35:38.000000000 +0200 @@ -1798,6 +1798,12 @@ i = sizeof(ngx_resolver_hdr_t); while (i < (ngx_uint_t) n) { + + if (buf[i] & 0xc0) { + err = "unexpected compression pointer in DNS response"; + goto done; + } + if (buf[i] == '\0') { goto found; } @@ -3939,11 +3945,11 @@ { char *err; u_char *p, *dst; - ssize_t len; + size_t len; ngx_uint_t i, n; p = src; - len = -1; + len = 0; /* * compression pointers allow to create endless loop, so we set limit; @@ -3958,6 +3964,16 @@ } if (n & 0xc0) { + if ((n & 0xc0) != 0xc0) { + err = "invalid label type in DNS response"; + goto invalid; + } + + if (p >= last) { + err = "name is out of DNS response"; + goto invalid; + } + n = ((n & 0x3f) << 8) + *p; p = &buf[n]; @@ -3986,7 +4002,7 @@ return NGX_OK; } - if (len == -1) { + if (len == 0) { ngx_str_null(name); return NGX_OK; } @@ -3998,30 +4014,23 @@ name->data = dst; - n = *src++; - for ( ;; ) { + n = *src++; + + if (n == 0) { + name->len = dst - name->data - 1; + return NGX_OK; + } + if (n & 0xc0) { n = ((n & 0x3f) << 8) + *src; src = &buf[n]; - n = *src++; - } else { ngx_strlow(dst, src, n); dst += n; src += n; - - n = *src++; - - if (n != 0) { - *dst++ = '.'; - } - } - - if (n == 0) { - name->len = dst - name->data; - return NGX_OK; + *dst++ = '.'; } } }
