Merge pull request 'change NGX_HTTP_AUTOINDEX_NAME_LEN' (#2) from samoylikdv/nginx:i9 into i9

Reviewed-on: #2
i9
Arkady L. Shane 3 months ago
commit b0ab8d19d2

@ -0,0 +1,25 @@
From 6a08ad4a381f8c2e6fcf1299fd19f6482a55d922 Mon Sep 17 00:00:00 2001
From: Dmitry Samoylik <Dmitriy.Samoylik@softline.com>
Date: Tue, 13 Aug 2024 14:13:16 +0300
Subject: [PATCH] change NGX_HTTP_AUTOINDEX_NAME_LEN
---
src/http/modules/ngx_http_autoindex_module.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/http/modules/ngx_http_autoindex_module.c b/src/http/modules/ngx_http_autoindex_module.c
index 082bcb5..097a765 100644
--- a/src/http/modules/ngx_http_autoindex_module.c
+++ b/src/http/modules/ngx_http_autoindex_module.c
@@ -52,7 +52,7 @@ typedef struct {
#define NGX_HTTP_AUTOINDEX_PREALLOCATE 50
-#define NGX_HTTP_AUTOINDEX_NAME_LEN 50
+#define NGX_HTTP_AUTOINDEX_NAME_LEN 250
static ngx_buf_t *ngx_http_autoindex_html(ngx_http_request_t *r,
--
2.43.5

@ -41,7 +41,7 @@
Name: nginx
Epoch: 1
Version: 1.20.1
Release: 14%{?dist}.1.inferit
Release: 14%{?dist}.1.inferit.1
Summary: A high performance web server and reverse proxy server
# BSD License (two clause)
@ -94,6 +94,8 @@ Patch6: 0007-Enable-TLSv1.3-by-default.patch
# security fix - https://issues.redhat.com/browse/RHEL-12516
Patch7: 0008-CVE-2023-44487-HTTP-2-per-iteration-stream-handling.patch
Patch8: 0009-change-NGX_HTTP_AUTOINDEX_NAME_LEN.patch
BuildRequires: make
BuildRequires: gcc
BuildRequires: gnupg2
@ -608,6 +610,9 @@ fi
%changelog
* Tue Aug 13 2024 Dmitry Samoylik <Dmitriy.Samoylik@softline.com> - 1:1.20.1-14.1.inferit.1
- change NGX_HTTP_AUTOINDEX_NAME_LEN
* Wed Oct 11 2023 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-14.1.inferit
- Resolves: RHEL-12516 - nginx: HTTP/2: Multiple HTTP/2 enabled web
servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

Loading…
Cancel
Save