DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update base nginx (#7552)

Browse source 
* upgrade alpine

* use nginx 1.19.9 and corresponding patches from openresty

* include openresty CVE-2021-23017 patch too
This commit is contained in:
Elvin Efendi 2021-08-27 10:20:05 -04:00 committed by GitHub
parent 4c4013904a
commit c6bc9870f1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
38 changed files with 1681 additions and 59 deletions
Download patch file Download diff file Expand all files Collapse all files

20
images/nginx/rootfs/patches/nginx-1.19.9-hash_overflow.patch Normal file
View file

@ -0,0 +1,20 @@
# HG changeset patch
# User Yichun Zhang <agentzh@gmail.com>
# Date 1412276417 25200
# Thu Oct 02 12:00:17 2014 -0700
# Node ID 4032b992f23b054c1a2cfb0be879330d2c6708e5
# Parent 1ff0f68d9376e3d184d65814a6372856bf65cfcd
Hash: buffer overflow might happen when exceeding the pre-configured limits.
diff -r 1ff0f68d9376 -r 4032b992f23b src/core/ngx_hash.c
--- a/src/core/ngx_hash.c Tue Sep 30 15:50:28 2014 -0700
+++ b/src/core/ngx_hash.c Thu Oct 02 12:00:17 2014 -0700
@@ -312,6 +312,8 @@ ngx_hash_init(ngx_hash_init_t *hinit, ng
continue;
}
+ size--;
+
ngx_log_error(NGX_LOG_WARN, hinit->pool->log, 0,
"could not build optimal %s, you should increase "
"either %s_max_size: %i or %s_bucket_size: %i; "