diff --git a/patches/patch.2021.resolver.txt b/patches/patch.2021.resolver.txt new file mode 100644 index 0000000..6c895e6 --- /dev/null +++ b/patches/patch.2021.resolver.txt @@ -0,0 +1,23 @@ +diff --git src/core/ngx_resolver.c src/core/ngx_resolver.c +--- src/core/ngx_resolver.c ++++ src/core/ngx_resolver.c +@@ -4008,15 +4008,15 @@ done: + n = *src++; + + } else { ++ if (dst != name->data) { ++ *dst++ = '.'; ++ } ++ + ngx_strlow(dst, src, n); + dst += n; + src += n; + + n = *src++; +- +- if (n != 0) { +- *dst++ = '.'; +- } + } + + if (n == 0) { diff --git a/util/mirror-tarballs b/util/mirror-tarballs index d755112..736b139 100755 --- a/util/mirror-tarballs +++ b/util/mirror-tarballs @@ -469,6 +469,16 @@ else echo fi +answer=`$root/util/ver-ge "$main_ver" 0.6.18` +if [ "$answer" = "Y" ]; then + answer=`$root/util/ver-ge "$main_ver" 1.20.1` + if [ "$answer" = "N" ]; then + echo "$info_txt applying the patch for nginx security advisory (CVE-2021-23017)" + patch -p0 < $root/patches/patch.2021.resolver.txt || exit 1 + echo + fi +fi + echo "$info_txt applying the upstream_timeout_fields patch for nginx" patch -p1 < $root/patches/nginx-$main_ver-upstream_timeout_fields.patch || exit 1 echo