import nginx-1.22.1-5.module+el9.4.0+21951+1a8059c8.1

i9c-stream-1.22 changed/i9c-stream-1.22/nginx-1.22.1-5.module+el9.4.0+21951+1a8059c8.1
MSVSphere Packaging Team 5 months ago
parent f6f73aea3d
commit df537546ef

@ -1,8 +1,29 @@
From c0f75dac24544bdae1ccfccf3d6a05c1b9243d8a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Thu, 23 May 2024 14:09:05 +0200
Subject: [PATCH] Add ssl-pass-phrase-dialog
---
contrib/vim/syntax/nginx.vim | 1 +
src/event/ngx_event_openssl.c | 133 ++++++++++++++++++++---
src/event/ngx_event_openssl.h | 15 ++-
src/http/modules/ngx_http_grpc_module.c | 2 +-
src/http/modules/ngx_http_proxy_module.c | 2 +-
src/http/modules/ngx_http_ssl_module.c | 76 ++++++++++++-
src/http/modules/ngx_http_ssl_module.h | 2 +
src/http/modules/ngx_http_uwsgi_module.c | 2 +-
src/mail/ngx_mail_ssl_module.c | 68 +++++++++++-
src/mail/ngx_mail_ssl_module.h | 2 +
src/stream/ngx_stream_proxy_module.c | 2 +-
src/stream/ngx_stream_ssl_module.c | 62 ++++++++++-
src/stream/ngx_stream_ssl_module.h | 2 +
13 files changed, 344 insertions(+), 25 deletions(-)
diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim
index 7d587fc..15b21e2 100644 index 6828cd3..9df0a53 100644
--- a/contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim
+++ b/contrib/vim/syntax/nginx.vim +++ b/contrib/vim/syntax/nginx.vim
@@ -617,6 +617,7 @@ syn keyword ngxDirective contained ssl_ocsp @@ -624,6 +624,7 @@ syn keyword ngxDirective contained ssl_ocsp
syn keyword ngxDirective contained ssl_ocsp_cache syn keyword ngxDirective contained ssl_ocsp_cache
syn keyword ngxDirective contained ssl_ocsp_responder syn keyword ngxDirective contained ssl_ocsp_responder
syn keyword ngxDirective contained ssl_password_file syn keyword ngxDirective contained ssl_password_file
@ -11,7 +32,7 @@ index 7d587fc..15b21e2 100644
syn keyword ngxDirective contained ssl_preread syn keyword ngxDirective contained ssl_preread
syn keyword ngxDirective contained ssl_protocols syn keyword ngxDirective contained ssl_protocols
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 104e8da..8cf777e 100644 index d6fe5bc..fb05ab9 100644
--- a/src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c
@@ -9,9 +9,8 @@ @@ -9,9 +9,8 @@
@ -36,7 +57,7 @@ index 104e8da..8cf777e 100644
static int ngx_ssl_password_callback(char *buf, int size, int rwflag, static int ngx_ssl_password_callback(char *buf, int size, int rwflag,
void *userdata); void *userdata);
static int ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store); static int ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store);
@@ -88,6 +87,12 @@ static time_t ngx_ssl_parse_time( @@ -87,6 +86,12 @@ static time_t ngx_ssl_parse_time(
#endif #endif
ASN1_TIME *asn1time, ngx_log_t *log); ASN1_TIME *asn1time, ngx_log_t *log);
@ -49,7 +70,7 @@ index 104e8da..8cf777e 100644
static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); static void *ngx_openssl_create_conf(ngx_cycle_t *cycle);
static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
static void ngx_openssl_exit(ngx_cycle_t *cycle); static void ngx_openssl_exit(ngx_cycle_t *cycle);
@@ -398,7 +403,7 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data) @@ -404,7 +409,7 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
ngx_int_t ngx_int_t
ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs, ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs,
@ -58,7 +79,7 @@ index 104e8da..8cf777e 100644
{ {
ngx_str_t *cert, *key; ngx_str_t *cert, *key;
ngx_uint_t i; ngx_uint_t i;
@@ -408,7 +413,7 @@ ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs, @@ -414,7 +419,7 @@ ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs,
for (i = 0; i < certs->nelts; i++) { for (i = 0; i < certs->nelts; i++) {
@ -67,7 +88,7 @@ index 104e8da..8cf777e 100644
!= NGX_OK) != NGX_OK)
{ {
return NGX_ERROR; return NGX_ERROR;
@@ -421,12 +426,13 @@ ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs, @@ -427,12 +432,13 @@ ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs,
ngx_int_t ngx_int_t
ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
@ -82,7 +103,7 @@ index 104e8da..8cf777e 100644
x509 = ngx_ssl_load_certificate(cf->pool, &err, cert, &chain); x509 = ngx_ssl_load_certificate(cf->pool, &err, cert, &chain);
if (x509 == NULL) { if (x509 == NULL) {
@@ -516,8 +522,19 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, @@ -522,8 +528,23 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
} }
#endif #endif
@ -94,7 +115,11 @@ index 104e8da..8cf777e 100644
+ "X509_get_pubkey() failed"); + "X509_get_pubkey() failed");
+ return NGX_ERROR; + return NGX_ERROR;
+ } + }
+ dlg->cryptosystem = EVP_PKEY_get_base_id(pubkey); +
+ if (dlg) {
+ dlg->cryptosystem = EVP_PKEY_get_base_id(pubkey);
+ }
+
+ EVP_PKEY_free(pubkey); + EVP_PKEY_free(pubkey);
+ +
+ pkey = ngx_ssl_load_certificate_key(cf->pool, &err, key, passwords, dlg); + pkey = ngx_ssl_load_certificate_key(cf->pool, &err, key, passwords, dlg);
@ -104,7 +129,7 @@ index 104e8da..8cf777e 100644
if (err != NULL) { if (err != NULL) {
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"cannot load certificate key \"%s\": %s", "cannot load certificate key \"%s\": %s",
@@ -587,7 +604,7 @@ ngx_ssl_connection_certificate(ngx_connection_t *c, ngx_pool_t *pool, @@ -593,7 +614,7 @@ ngx_ssl_connection_certificate(ngx_connection_t *c, ngx_pool_t *pool,
#endif #endif
@ -113,7 +138,7 @@ index 104e8da..8cf777e 100644
if (pkey == NULL) { if (pkey == NULL) {
if (err != NULL) { if (err != NULL) {
ngx_ssl_error(NGX_LOG_ERR, c->log, 0, ngx_ssl_error(NGX_LOG_ERR, c->log, 0,
@@ -700,10 +717,81 @@ ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert, @@ -771,10 +792,81 @@ ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert,
return x509; return x509;
} }
@ -197,7 +222,7 @@ index 104e8da..8cf777e 100644
{ {
BIO *bio; BIO *bio;
EVP_PKEY *pkey; EVP_PKEY *pkey;
@@ -791,11 +879,26 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err, @@ -870,11 +962,26 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
tries = 1; tries = 1;
pwd = NULL; pwd = NULL;
cb = NULL; cb = NULL;
@ -226,7 +251,7 @@ index 104e8da..8cf777e 100644
break; break;
} }
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index 860ea26..41f4501 100644 index eb3288b..b275a38 100644
--- a/src/event/ngx_event_openssl.h --- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h
@@ -74,9 +74,19 @@ @@ -74,9 +74,19 @@
@ -270,10 +295,10 @@ index 860ea26..41f4501 100644
ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords); ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords);
diff --git a/src/http/modules/ngx_http_grpc_module.c b/src/http/modules/ngx_http_grpc_module.c diff --git a/src/http/modules/ngx_http_grpc_module.c b/src/http/modules/ngx_http_grpc_module.c
index dfe49c5..904263d 100644 index 864fc4f..c1b5fb4 100644
--- a/src/http/modules/ngx_http_grpc_module.c --- a/src/http/modules/ngx_http_grpc_module.c
+++ b/src/http/modules/ngx_http_grpc_module.c +++ b/src/http/modules/ngx_http_grpc_module.c
@@ -4983,7 +4983,7 @@ ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf) @@ -4925,7 +4925,7 @@ ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf)
if (ngx_ssl_certificate(cf, glcf->upstream.ssl, if (ngx_ssl_certificate(cf, glcf->upstream.ssl,
&glcf->upstream.ssl_certificate->value, &glcf->upstream.ssl_certificate->value,
&glcf->upstream.ssl_certificate_key->value, &glcf->upstream.ssl_certificate_key->value,
@ -283,10 +308,10 @@ index dfe49c5..904263d 100644
{ {
return NGX_ERROR; return NGX_ERROR;
diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
index 9cc202c..2c938d7 100644 index 7c4061c..e971396 100644
--- a/src/http/modules/ngx_http_proxy_module.c --- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c +++ b/src/http/modules/ngx_http_proxy_module.c
@@ -5032,7 +5032,7 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf) @@ -4974,7 +4974,7 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
if (ngx_ssl_certificate(cf, plcf->upstream.ssl, if (ngx_ssl_certificate(cf, plcf->upstream.ssl,
&plcf->upstream.ssl_certificate->value, &plcf->upstream.ssl_certificate->value,
&plcf->upstream.ssl_certificate_key->value, &plcf->upstream.ssl_certificate_key->value,
@ -296,7 +321,7 @@ index 9cc202c..2c938d7 100644
{ {
return NGX_ERROR; return NGX_ERROR;
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
index 4c4a598..a147054 100644 index e765a50..6af69d1 100644
--- a/src/http/modules/ngx_http_ssl_module.c --- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c
@@ -17,8 +17,9 @@ typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, @@ -17,8 +17,9 @@ typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c,
@ -361,7 +386,7 @@ index 4c4a598..a147054 100644
ngx_pool_cleanup_t *cln; ngx_pool_cleanup_t *cln;
@@ -674,6 +689,9 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) @@ -672,6 +687,9 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_str_value(conf->stapling_responder, ngx_conf_merge_str_value(conf->stapling_responder,
prev->stapling_responder, ""); prev->stapling_responder, "");
@ -371,7 +396,7 @@ index 4c4a598..a147054 100644
conf->ssl.log = cf->log; conf->ssl.log = cf->log;
if (conf->enable) { if (conf->enable) {
@@ -736,6 +754,30 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) @@ -734,6 +752,30 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
cln->handler = ngx_ssl_cleanup_ctx; cln->handler = ngx_ssl_cleanup_ctx;
cln->data = &conf->ssl; cln->data = &conf->ssl;
@ -402,7 +427,7 @@ index 4c4a598..a147054 100644
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx, if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
@@ -786,7 +828,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) @@ -784,7 +826,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
/* configure certificates */ /* configure certificates */
if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates, if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates,
@ -411,7 +436,7 @@ index 4c4a598..a147054 100644
!= NGX_OK) != NGX_OK)
{ {
return NGX_CONF_ERROR; return NGX_CONF_ERROR;
@@ -1335,3 +1377,31 @@ ngx_http_ssl_init(ngx_conf_t *cf) @@ -1333,3 +1375,31 @@ ngx_http_ssl_init(ngx_conf_t *cf)
return NGX_OK; return NGX_OK;
} }
@ -457,10 +482,10 @@ index 7ab0f7e..2f83d75 100644
diff --git a/src/http/modules/ngx_http_uwsgi_module.c b/src/http/modules/ngx_http_uwsgi_module.c diff --git a/src/http/modules/ngx_http_uwsgi_module.c b/src/http/modules/ngx_http_uwsgi_module.c
index e4f721b..61efa99 100644 index d46741a..d728874 100644
--- a/src/http/modules/ngx_http_uwsgi_module.c --- a/src/http/modules/ngx_http_uwsgi_module.c
+++ b/src/http/modules/ngx_http_uwsgi_module.c +++ b/src/http/modules/ngx_http_uwsgi_module.c
@@ -2564,7 +2564,7 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf) @@ -2461,7 +2461,7 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf)
if (ngx_ssl_certificate(cf, uwcf->upstream.ssl, if (ngx_ssl_certificate(cf, uwcf->upstream.ssl,
&uwcf->upstream.ssl_certificate->value, &uwcf->upstream.ssl_certificate->value,
&uwcf->upstream.ssl_certificate_key->value, &uwcf->upstream.ssl_certificate_key->value,
@ -470,7 +495,7 @@ index e4f721b..61efa99 100644
{ {
return NGX_ERROR; return NGX_ERROR;
diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c
index 28737ac..728181d 100644 index 63af775..b3cd38e 100644
--- a/src/mail/ngx_mail_ssl_module.c --- a/src/mail/ngx_mail_ssl_module.c
+++ b/src/mail/ngx_mail_ssl_module.c +++ b/src/mail/ngx_mail_ssl_module.c
@@ -13,6 +13,7 @@ @@ -13,6 +13,7 @@
@ -513,7 +538,7 @@ index 28737ac..728181d 100644
char *mode; char *mode;
ngx_pool_cleanup_t *cln; ngx_pool_cleanup_t *cln;
@@ -388,6 +400,8 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) @@ -386,6 +398,8 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_ptr_value(conf->conf_commands, prev->conf_commands, NULL); ngx_conf_merge_ptr_value(conf->conf_commands, prev->conf_commands, NULL);
@ -522,7 +547,7 @@ index 28737ac..728181d 100644
conf->ssl.log = cf->log; conf->ssl.log = cf->log;
@@ -449,6 +463,29 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) @@ -447,6 +461,29 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
cln->handler = ngx_ssl_cleanup_ctx; cln->handler = ngx_ssl_cleanup_ctx;
cln->data = &conf->ssl; cln->data = &conf->ssl;
@ -552,7 +577,7 @@ index 28737ac..728181d 100644
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
SSL_CTX_set_alpn_select_cb(conf->ssl.ctx, ngx_mail_ssl_alpn_select, NULL); SSL_CTX_set_alpn_select_cb(conf->ssl.ctx, ngx_mail_ssl_alpn_select, NULL);
#endif #endif
@@ -461,7 +498,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) @@ -459,7 +496,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
} }
if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates, if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates,
@ -561,7 +586,7 @@ index 28737ac..728181d 100644
!= NGX_OK) != NGX_OK)
{ {
return NGX_CONF_ERROR; return NGX_CONF_ERROR;
@@ -745,3 +782,32 @@ ngx_mail_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data) @@ -743,3 +780,32 @@ ngx_mail_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data)
return NGX_CONF_OK; return NGX_CONF_OK;
#endif #endif
} }
@ -608,10 +633,10 @@ index a0a6113..3d87d50 100644
diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c
index ed275c0..1747aed 100644 index 934e7d8..34d0195 100644
--- a/src/stream/ngx_stream_proxy_module.c --- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c +++ b/src/stream/ngx_stream_proxy_module.c
@@ -2305,7 +2305,7 @@ ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf) @@ -2248,7 +2248,7 @@ ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf)
if (ngx_ssl_certificate(cf, pscf->ssl, if (ngx_ssl_certificate(cf, pscf->ssl,
&pscf->ssl_certificate->value, &pscf->ssl_certificate->value,
&pscf->ssl_certificate_key->value, &pscf->ssl_certificate_key->value,
@ -621,7 +646,7 @@ index ed275c0..1747aed 100644
{ {
return NGX_ERROR; return NGX_ERROR;
diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c
index 1ba1825..ba70547 100644 index f922ac4..66b4b67 100644
--- a/src/stream/ngx_stream_ssl_module.c --- a/src/stream/ngx_stream_ssl_module.c
+++ b/src/stream/ngx_stream_ssl_module.c +++ b/src/stream/ngx_stream_ssl_module.c
@@ -17,6 +17,8 @@ typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, @@ -17,6 +17,8 @@ typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c,
@ -665,7 +690,7 @@ index 1ba1825..ba70547 100644
ngx_pool_cleanup_t *cln; ngx_pool_cleanup_t *cln;
@@ -732,6 +745,8 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) @@ -730,6 +743,8 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_ptr_value(conf->conf_commands, prev->conf_commands, NULL); ngx_conf_merge_ptr_value(conf->conf_commands, prev->conf_commands, NULL);
@ -674,7 +699,7 @@ index 1ba1825..ba70547 100644
conf->ssl.log = cf->log; conf->ssl.log = cf->log;
@@ -779,6 +794,23 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) @@ -777,6 +792,23 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
cln->handler = ngx_ssl_cleanup_ctx; cln->handler = ngx_ssl_cleanup_ctx;
cln->data = &conf->ssl; cln->data = &conf->ssl;
@ -698,7 +723,7 @@ index 1ba1825..ba70547 100644
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx, SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
ngx_stream_ssl_servername); ngx_stream_ssl_servername);
@@ -823,7 +855,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) @@ -821,7 +853,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
/* configure certificates */ /* configure certificates */
if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates, if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates,
@ -707,7 +732,7 @@ index 1ba1825..ba70547 100644
!= NGX_OK) != NGX_OK)
{ {
return NGX_CONF_ERROR; return NGX_CONF_ERROR;
@@ -1209,3 +1241,31 @@ ngx_stream_ssl_init(ngx_conf_t *cf) @@ -1207,3 +1239,31 @@ ngx_stream_ssl_init(ngx_conf_t *cf)
return NGX_OK; return NGX_OK;
} }
@ -752,3 +777,6 @@ index e7c825e..d80daa4 100644
} ngx_stream_ssl_conf_t; } ngx_stream_ssl_conf_t;
--
2.44.0

@ -56,7 +56,7 @@
Name: nginx Name: nginx
Epoch: 1 Epoch: 1
Version: 1.22.1 Version: 1.22.1
Release: 5%{?dist} Release: 5%{?dist}.1
Summary: A high performance web server and reverse proxy server Summary: A high performance web server and reverse proxy server
# BSD License (two clause) # BSD License (two clause)
@ -111,7 +111,7 @@ Patch5: 0007-Enable-TLSv1.3-by-default.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2170808 # https://bugzilla.redhat.com/show_bug.cgi?id=2170808
Patch6: 0008-add-ssl-pass-phrase-dialog.patch Patch6: 0008-add-ssl-pass-phrase-dialog.patch
# security fix - https://issues.redhat.com/browse/RHEL-12736 # security fix - https://issues.redhat.com/browse/RHEL-12737
Patch7: 0009-CVE-2023-44487-HTTP-2-per-iteration-stream-handling.patch Patch7: 0009-CVE-2023-44487-HTTP-2-per-iteration-stream-handling.patch
BuildRequires: make BuildRequires: make
@ -626,8 +626,11 @@ fi
%changelog %changelog
* Mon Oct 17 2023 Luboš Uhliarik <luhliari@redhat.com> - 1:1.22.1-5 * Wed May 29 2024 Luboš Uhliarik <luhliari@redhat.com> - 1:1.22.1-5.1
- Resolves: RHEL-12736 - nginx:1.22/nginx: HTTP/2: Multiple HTTP/2 enabled web - Resolves: RHEL-39334 - Nginx seg faults when proxy_ssl_certificate is set
* Mon Oct 16 2023 Luboš Uhliarik <luhliari@redhat.com> - 1:1.22.1-5
- Resolves: RHEL-12737 - nginx:1.22/nginx: HTTP/2: Multiple HTTP/2 enabled web
servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* Mon Aug 07 2023 Luboš Uhliarik <luhliari@redhat.com> - 1:1.22.1-4 * Mon Aug 07 2023 Luboš Uhliarik <luhliari@redhat.com> - 1:1.22.1-4

Loading…
Cancel
Save