rpms/nginx
6
0
Fork 1
Code Issues Pull Requests Releases Activity

import UBI nginx-1.20.1-22.el9_6.2

Browse Source
This commit is contained in:
eabdullin 2025-05-13 15:04:23 +00:00
parent 490a0e4d5e
commit 987eaf24d0
5 changed files with 453 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
SOURCES/0011-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch Normal file
View File

@ -0,0 +1,56 @@
From b7e3c8bcfbee27061efdd40ffb3a8479a9bcd9c8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Fri, 21 Mar 2025 04:12:14 +0100
Subject: [PATCH] CVE-2024-7347: Buffer overread in the mp4 module
---
src/http/modules/ngx_http_mp4_module.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c
index 0e93fbd..a6e3e80 100644
--- a/src/http/modules/ngx_http_mp4_module.c
+++ b/src/http/modules/ngx_http_mp4_module.c
@@ -2789,7 +2789,8 @@ static ngx_int_t
ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4,
ngx_http_mp4_trak_t *trak, ngx_uint_t start)
{
- uint32_t start_sample, chunk, samples, id, next_chunk, n,
+ uint64_t n;
+ uint32_t start_sample, chunk, samples, id, next_chunk,
prev_samples;
ngx_buf_t *data, *buf;
ngx_uint_t entries, target_chunk, chunk_samples;
@@ -2845,12 +2846,19 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4,
next_chunk = ngx_mp4_get_32value(entry->chunk);
+ if (next_chunk < chunk) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "unordered mp4 stsc chunks in \"%s\"",
+ mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
ngx_log_debug5(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0,
"sample:%uD, chunk:%uD, chunks:%uD, "
"samples:%uD, id:%uD",
start_sample, chunk, next_chunk - chunk, samples, id);
- n = (next_chunk - chunk) * samples;
+ n = (uint64_t) (next_chunk - chunk) * samples;
if (start_sample < n) {
goto found;
@@ -2872,7 +2880,7 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4,
"sample:%uD, chunk:%uD, chunks:%uD, samples:%uD",
start_sample, chunk, next_chunk - chunk, samples);
- n = (next_chunk - chunk) * samples;
+ n = (uint64_t) (next_chunk - chunk) * samples;
if (start_sample > n) {
ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
--
2.44.0

312
SOURCES/0012-CVE-2022-41741-and-CVE-2022-41742-fix.patch Normal file
View File

@ -0,0 +1,312 @@
From cd2d74e054ec89de05a61a78d76f3ac55d696440 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Mon, 31 Mar 2025 17:40:54 +0200
Subject: [PATCH] CVE-2022-41741 and CVE-2022-41742 fix
Fixes CVE-2022-41742 nginx: Memory disclosure in the ngx_http_mp4_module
and CVE-2022-41741 nginx: Memory corruption in the ngx_http_mp4_module
---
src/http/modules/ngx_http_mp4_module.c | 147 +++++++++++++++++++++++++
1 file changed, 147 insertions(+)
diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c
index a6e3e80..f6c8c58 100644
--- a/src/http/modules/ngx_http_mp4_module.c
+++ b/src/http/modules/ngx_http_mp4_module.c
@@ -1070,6 +1070,12 @@ ngx_http_mp4_read_ftyp_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
return NGX_ERROR;
}
+ if (mp4->ftyp_atom.buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 ftyp atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size;
ftyp_atom = ngx_palloc(mp4->request->pool, atom_size);
@@ -1128,6 +1134,12 @@ ngx_http_mp4_read_moov_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
return NGX_DECLINED;
}
+ if (mp4->moov_atom.buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 moov atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
conf = ngx_http_get_module_loc_conf(mp4->request, ngx_http_mp4_module);
if (atom_data_size > mp4->buffer_size) {
@@ -1195,6 +1207,12 @@ ngx_http_mp4_read_mdat_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mdat atom");
+ if (mp4->mdat_atom.buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 mdat atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
data = &mp4->mdat_data_buf;
data->file = &mp4->file;
data->in_file = 1;
@@ -1321,6 +1339,12 @@ ngx_http_mp4_read_mvhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mvhd atom");
+ if (mp4->mvhd_atom.buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 mvhd atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
atom_header = ngx_mp4_atom_header(mp4);
mvhd_atom = (ngx_mp4_mvhd_atom_t *) atom_header;
mvhd64_atom = (ngx_mp4_mvhd64_atom_t *) atom_header;
@@ -1586,6 +1610,13 @@ ngx_http_mp4_read_tkhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size;
trak = ngx_mp4_last_trak(mp4);
+
+ if (trak->out[NGX_HTTP_MP4_TKHD_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 tkhd atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
trak->tkhd_size = atom_size;
ngx_mp4_set_32value(tkhd_atom->size, atom_size);
@@ -1624,6 +1655,12 @@ ngx_http_mp4_read_mdia_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
trak = ngx_mp4_last_trak(mp4);
+ if (trak->out[NGX_HTTP_MP4_MDIA_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 mdia atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
atom = &trak->mdia_atom_buf;
atom->temporary = 1;
atom->pos = atom_header;
@@ -1747,6 +1784,13 @@ ngx_http_mp4_read_mdhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size;
trak = ngx_mp4_last_trak(mp4);
+
+ if (trak->out[NGX_HTTP_MP4_MDHD_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 mdhd atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
trak->mdhd_size = atom_size;
trak->timescale = timescale;
@@ -1789,6 +1833,12 @@ ngx_http_mp4_read_hdlr_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
trak = ngx_mp4_last_trak(mp4);
+ if (trak->out[NGX_HTTP_MP4_HDLR_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 hdlr atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
atom = &trak->hdlr_atom_buf;
atom->temporary = 1;
atom->pos = atom_header;
@@ -1817,6 +1867,12 @@ ngx_http_mp4_read_minf_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
trak = ngx_mp4_last_trak(mp4);
+ if (trak->out[NGX_HTTP_MP4_MINF_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 minf atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
atom = &trak->minf_atom_buf;
atom->temporary = 1;
atom->pos = atom_header;
@@ -1860,6 +1916,15 @@ ngx_http_mp4_read_vmhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
trak = ngx_mp4_last_trak(mp4);
+ if (trak->out[NGX_HTTP_MP4_VMHD_ATOM].buf
+ || trak->out[NGX_HTTP_MP4_SMHD_ATOM].buf)
+ {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 vmhd/smhd atom in \"%s\"",
+ mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
atom = &trak->vmhd_atom_buf;
atom->temporary = 1;
atom->pos = atom_header;
@@ -1891,6 +1956,15 @@ ngx_http_mp4_read_smhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
trak = ngx_mp4_last_trak(mp4);
+ if (trak->out[NGX_HTTP_MP4_VMHD_ATOM].buf
+ || trak->out[NGX_HTTP_MP4_SMHD_ATOM].buf)
+ {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 vmhd/smhd atom in \"%s\"",
+ mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
atom = &trak->smhd_atom_buf;
atom->temporary = 1;
atom->pos = atom_header;
@@ -1922,6 +1996,12 @@ ngx_http_mp4_read_dinf_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
trak = ngx_mp4_last_trak(mp4);
+ if (trak->out[NGX_HTTP_MP4_DINF_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 dinf atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
atom = &trak->dinf_atom_buf;
atom->temporary = 1;
atom->pos = atom_header;
@@ -1950,6 +2030,12 @@ ngx_http_mp4_read_stbl_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
trak = ngx_mp4_last_trak(mp4);
+ if (trak->out[NGX_HTTP_MP4_STBL_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 stbl atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
atom = &trak->stbl_atom_buf;
atom->temporary = 1;
atom->pos = atom_header;
@@ -2018,6 +2104,12 @@ ngx_http_mp4_read_stsd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
trak = ngx_mp4_last_trak(mp4);
+ if (trak->out[NGX_HTTP_MP4_STSD_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 stsd atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
atom = &trak->stsd_atom_buf;
atom->temporary = 1;
atom->pos = atom_header;
@@ -2086,6 +2178,13 @@ ngx_http_mp4_read_stts_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
atom_end = atom_table + entries * sizeof(ngx_mp4_stts_entry_t);
trak = ngx_mp4_last_trak(mp4);
+
+ if (trak->out[NGX_HTTP_MP4_STTS_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 stts atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
trak->time_to_sample_entries = entries;
atom = &trak->stts_atom_buf;
@@ -2291,6 +2390,13 @@ ngx_http_mp4_read_stss_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
"sync sample entries:%uD", entries);
trak = ngx_mp4_last_trak(mp4);
+
+ if (trak->out[NGX_HTTP_MP4_STSS_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 stss atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
trak->sync_samples_entries = entries;
atom_table = atom_header + sizeof(ngx_http_mp4_stss_atom_t);
@@ -2489,6 +2595,13 @@ ngx_http_mp4_read_ctts_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
"composition offset entries:%uD", entries);
trak = ngx_mp4_last_trak(mp4);
+
+ if (trak->out[NGX_HTTP_MP4_CTTS_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 ctts atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
trak->composition_offset_entries = entries;
atom_table = atom_header + sizeof(ngx_mp4_ctts_atom_t);
@@ -2692,6 +2805,13 @@ ngx_http_mp4_read_stsc_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
atom_end = atom_table + entries * sizeof(ngx_mp4_stsc_entry_t);
trak = ngx_mp4_last_trak(mp4);
+
+ if (trak->out[NGX_HTTP_MP4_STSC_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 stsc atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
trak->sample_to_chunk_entries = entries;
atom = &trak->stsc_atom_buf;
@@ -3032,6 +3152,13 @@ ngx_http_mp4_read_stsz_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
"sample uniform size:%uD, entries:%uD", size, entries);
trak = ngx_mp4_last_trak(mp4);
+
+ if (trak->out[NGX_HTTP_MP4_STSZ_ATOM].buf) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 stsz atom in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
trak->sample_sizes_entries = entries;
atom_table = atom_header + sizeof(ngx_mp4_stsz_atom_t);
@@ -3215,6 +3342,16 @@ ngx_http_mp4_read_stco_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
atom_end = atom_table + entries * sizeof(uint32_t);
trak = ngx_mp4_last_trak(mp4);
+
+ if (trak->out[NGX_HTTP_MP4_STCO_ATOM].buf
+ || trak->out[NGX_HTTP_MP4_CO64_ATOM].buf)
+ {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 stco/co64 atom in \"%s\"",
+ mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
trak->chunks = entries;
atom = &trak->stco_atom_buf;
@@ -3421,6 +3558,16 @@ ngx_http_mp4_read_co64_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
atom_end = atom_table + entries * sizeof(uint64_t);
trak = ngx_mp4_last_trak(mp4);
+
+ if (trak->out[NGX_HTTP_MP4_STCO_ATOM].buf
+ || trak->out[NGX_HTTP_MP4_CO64_ATOM].buf)
+ {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 stco/co64 atom in \"%s\"",
+ mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
trak->chunks = entries;
atom = &trak->co64_atom_buf;
--
2.44.0

45
SOURCES/nginx-1.20.1-CVE-2025-23419.patch Normal file
View File

@ -0,0 +1,45 @@
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 684fabd..404aa77 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -921,6 +921,31 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
goto done;
}
+ sscf = ngx_http_get_module_srv_conf(cscf->ctx, ngx_http_ssl_module);
+
+#if (defined TLS1_3_VERSION \
+ && !defined LIBRESSL_VERSION_NUMBER && !defined OPENSSL_IS_BORINGSSL)
+
+ /*
+ * SSL_SESSION_get0_hostname() is only available in OpenSSL 1.1.1+,
+ * but servername being negotiated in every TLSv1.3 handshake
+ * is only returned in OpenSSL 1.1.1+ as well
+ */
+
+ if (sscf->verify) {
+ const char *hostname;
+
+ hostname = SSL_SESSION_get0_hostname(SSL_get0_session(ssl_conn));
+
+ if (hostname != NULL && ngx_strcmp(hostname, servername) != 0) {
+ c->ssl->handshake_rejected = 1;
+ *ad = SSL_AD_ACCESS_DENIED;
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
+ }
+ }
+
+#endif
+
hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t));
if (hc->ssl_servername == NULL) {
goto error;
@@ -934,8 +959,6 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
ngx_set_connection_log(c, clcf->error_log);
- sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);
-
c->ssl->buffer_size = sscf->buffer_size;
if (sscf->ssl.ctx) {

3
SOURCES/nginx.sysusers Normal file
View File

@ -0,0 +1,3 @@
#Type Name ID GECOS Home directory Shell
g nginx -
u nginx - "Nginx web server" /var/lib/nginx /sbin/nologin

48
SPECS/nginx.spec
View File

@ -41,7 +41,7 @@
Name: nginx
Epoch: 2
Version: 1.20.1
Release: 20%{?dist}
Release: 22%{?dist}.2
Summary: A high performance web server and reverse proxy server
# BSD License (two clause)
@ -62,6 +62,7 @@ Source13: nginx-upgrade
Source14: nginx-upgrade.8
Source15: macros.nginxmods.in
Source16: nginxmods.attr
Source17: nginx.sysusers
Source102: nginx-logo.png
Source103: 404.html
Source104: 50x.html
@ -100,6 +101,16 @@ Patch8: 0009-defer-ENGINE_finish-calls-to-a-cleanup.patch
# upstream patch - https://issues.redhat.com/browse/RHEL-40075
Patch9: 0010-Optimized-chain-link-usage.patch
# upstream patch - https://issues.redhat.com/browse/RHEL-78236
Patch10: nginx-1.20.1-CVE-2025-23419.patch
# upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=2304966
Patch11: 0011-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch
# upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=2141496
# - https://bugzilla.redhat.com/show_bug.cgi?id=2141495
Patch12: 0012-CVE-2022-41741-and-CVE-2022-41742-fix.patch
BuildRequires: make
BuildRequires: gcc
BuildRequires: gnupg2
@ -134,9 +145,9 @@ Recommends: logrotate
Requires: %{name}-core = %{epoch}:%{version}-%{release}
BuildRequires: systemd
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
BuildRequires: systemd-rpm-macros
%{?systemd_requires}
# For external nginx modules
Provides: nginx(abi) = %{nginx_abiversion}
@ -176,7 +187,7 @@ Meta package that installs all available nginx modules.
%package filesystem
Summary: The basic directory layout for the Nginx server
BuildArch: noarch
Requires(pre): shadow-utils
%{?sysusers_requires_compat}
%description filesystem
The nginx-filesystem package contains the basic directory layout
@ -466,14 +477,11 @@ sed -e "s|@@NGINX_ABIVERSION@@|%{nginx_abiversion}|g" \
## Install dependency generator
install -Dpm0644 -t %{buildroot}%{_fileattrsdir} %{SOURCE16}
# install sysusers file
install -p -D -m 0644 %{SOURCE17} %{buildroot}%{_sysusersdir}/nginx.conf
%pre filesystem
getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user}
getent passwd %{nginx_user} > /dev/null || \
useradd -r -d %{_localstatedir}/lib/nginx -g %{nginx_user} \
-s /sbin/nologin -c "Nginx web server" %{nginx_user}
exit 0
%sysusers_create_compat %{SOURCE17}
%post
%systemd_post nginx.service
@ -574,6 +582,7 @@ fi
%dir %{_sysconfdir}/nginx/default.d
%dir %{_sysconfdir}/systemd/system/nginx.service.d
%dir %{_unitdir}/nginx.service.d
%{_sysusersdir}/nginx.conf
%if %{with geoip}
%files mod-http-geoip
@ -611,6 +620,23 @@ fi
%changelog
* Mon Mar 31 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-22.2
- Resolves: RHEL-85550 - nginx: Memory disclosure in the
ngx_http_mp4_module (CVE-2022-41742)
- Resolves: RHEL-85527 - nginx: Memory corruption in the
ngx_http_mp4_module (CVE-2022-41741)
* Fri Mar 21 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-22.1
- Resolves: RHEL-84339 - nginx: Nginx: Specially crafted file may cause
Denial of Service (CVE-2024-7347)
* Thu Feb 13 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-22
- Resolves: RHEL-78236 - nginx: TLS Session Resumption
Vulnerability (CVE-2025-23419)
* Wed Feb 05 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-21
- Resolves: RHEL-77486 - [RFE] nginx use systemd-sysusers
* Mon Jul 15 2024 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-20
- Resolves: RHEL-40075 - nginx worker processes memory leak