[nginx/el6] Resolve CVE-2011-431
Keiran Smith
affix at fedoraproject.org
Thu Nov 17 17:36:44 UTC 2011
commit c10a27bb9785308c3c334d27ed8f1f36d2107aeb
Author: Affix <affix at affix.me>
Date: Thu Nov 17 17:36:26 2011 +0000
Resolve CVE-2011-431
.gitignore | 1 +
nginx.spec | 52 +++++++++++++++++++++++++++++++++++++++++++---------
sources | 2 +-
3 files changed, 45 insertions(+), 10 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 0138327..dfa18e7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@ x86_64/
*.rpm
/nginx-1.0.5.tar.gz
/nginx-1.0.8.tar.gz
+/nginx-1.0.10.tar.gz
diff --git a/nginx.spec b/nginx.spec
index 1b3aa34..f29e058 100644
--- a/nginx.spec
+++ b/nginx.spec
@@ -8,7 +8,7 @@
%define nginx_webroot %{nginx_datadir}/html
Name: nginx
-Version: 1.0.8
+Version: 1.0.10
Release: 1%{?dist}
Summary: Robust, small and high performance HTTP and reverse proxy server
Group: System Environment/Daemons
@@ -23,7 +23,6 @@ BuildRequires: pcre-devel,zlib-devel,openssl-devel,perl-devel,perl(ExtUtils
BuildRequires: libxslt-devel,GeoIP-devel,gd-devel
Requires: pcre,openssl,GeoIP,gd
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
-Requires: kernel >= 2.6.18-181
# for /usr/sbin/useradd
Requires(pre): shadow-utils
Requires(post): chkconfig
@@ -32,13 +31,14 @@ Requires(preun): chkconfig, initscripts
Requires(postun): initscripts
Provides: webserver
-Source0: http://sysoev.ru/nginx/nginx-%{version}.tar.gz
+Source0: http://nginx.org/download/nginx-%{version}.tar.gz
Source1: %{name}.init
Source2: %{name}.logrotate
Source3: virtual.conf
Source4: ssl.conf
Source5: %{name}.sysconfig
Source6: nginx.conf
+Source7: default.conf
Source100: index.html
Source101: poweredby.png
Source102: nginx-logo.png
@@ -100,7 +100,7 @@ export DESTDIR=%{buildroot}
--with-mail_ssl_module \
--with-ipv6 \
--with-cc-opt="%{optflags} $(pcre-config --cflags)" \
- --with-cc-opt="%{optflags} $(pcre-config --cflags)"
+ --with-ld-opt="-Wl,-E" # so the perl module finds its symbols
make %{?_smp_mflags}
%install
@@ -116,7 +116,7 @@ chmod 0755 %{buildroot}%{_sbindir}/nginx
%{__install} -p -D -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
%{__install} -p -D -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
%{__install} -p -d -m 0755 %{buildroot}%{nginx_confdir}/conf.d
-%{__install} -p -m 0644 %{SOURCE3} %{SOURCE4} %{buildroot}%{nginx_confdir}/conf.d
+%{__install} -p -m 0644 %{SOURCE3} %{SOURCE4} %{SOURCE7} %{buildroot}%{nginx_confdir}/conf.d
%{__install} -p -m 0644 %{SOURCE6} %{buildroot}%{nginx_confdir}
%{__install} -p -d -m 0755 %{buildroot}%{nginx_home_tmp}
%{__install} -p -d -m 0755 %{buildroot}%{nginx_logdir}
@@ -191,22 +191,56 @@ fi
%changelog
+* Thu Nov 17 2011 Keiran "Affix" Smith <fedora at affix.me> - 1.0.10-1
+- Bugfix: a segmentation fault might occur in a worker process if resolver got a big DNS response. Thanks to Ben Hawkes.
+- Bugfix: in cache key calculation if internal MD5 implementation wasused; the bug had appeared in 1.0.4.
+- Bugfix: the module ngx_http_mp4_module sent incorrect "Content-Length" response header line if the "start" argument was used. Thanks to Piotr Sikora.
* Thu Oct 27 2011 Keiran "Affix" Smith <fedora at affix.me> - 1.0.8-1
- Update to new 1.0.8 stable release
-* Wed Apr 27 2011 Keiran "Affix" Smith <fedora at affix.me> - 1.0.5-1
-- Update to new 1.0.5 stable release
+* Fri Aug 26 2011 Keiran "Affix" Smith <fedora at affix.me> - 1.0.5-1
+- Update nginx to Latest Stable Release
-* Wed Apr 27 2011 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.54-1
-- Update to new legacy stable 0.8.54
+* Fri Jun 17 2011 Marcela Mašláňová <mmaslano at redhat.com> - 1.0.0-3
+- Perl mass rebuild
+
+* Thu Jun 09 2011 Marcela Mašláňová <mmaslano at redhat.com> - 1.0.0-2
+- Perl 5.14 mass rebuild
+
+* Wed Apr 27 2011 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.0.0-1
+- Update to 1.0.0
+
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.8.53-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53.5
+- Extract out default config into its own file (bug #635776)
+
+* Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-4
+- Revert ownership of log dir
+
+* Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-3
+- Change ownership of /var/log/nginx to be 0700 nginx:nginx
+- update init script to use killproc -p
+- add reopen_logs command to init script
+- update init script to use nginx -q option
+
+* Sun Oct 31 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-2
+- Fix linking of perl module
* Sun Oct 31 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-1
- Update to new stable 0.8.53
+* Sat Jul 31 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.67-2
+- add Provides: webserver (bug #619693)
+
* Sun Jun 20 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.67-1
- Update to new stable 0.7.67
- fix bugzilla #591543
+* Tue Jun 01 2010 Marcela Maslanova <mmaslano at redhat.com> - 0.7.65-2
+- Mass rebuild with perl-5.12.0
+
* Mon Feb 15 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.65-1
- Update to new stable 0.7.65
- change ownership of logdir to root:root
diff --git a/sources b/sources
index 8fa4de5..50a2f05 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-1049e5fc6e80339f6ba8668fadfb75f9 nginx-1.0.8.tar.gz
+930b297b00fa1018fb0a1dd3e6b7e17e nginx-1.0.10.tar.gz
More information about the scm-commits
mailing list