From 4b5ec7edd78616f544abc194308e0cf4b788725b Mon Sep 17 00:00:00 2001
From: Johnny Wang <wangjiahao@openresty.com>
Date: Fri, 28 May 2021 10:25:01 +0800
Subject: [PATCH] bugfix: applied the patch for security advisory to NGINX
 cores >= 0.6.18 and <= 1.20.0 (CVE-2021-23017). (#739)

---
 patches/patch.2021.resolver.txt | 23 +++++++++++++++++++++++
 util/mirror-tarballs            | 10 ++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 patches/patch.2021.resolver.txt

diff --git a/patches/patch.2021.resolver.txt b/patches/patch.2021.resolver.txt
new file mode 100644
index 0000000..6c895e6
--- /dev/null
+++ b/patches/patch.2021.resolver.txt
@@ -0,0 +1,23 @@
+diff --git src/core/ngx_resolver.c src/core/ngx_resolver.c
+--- src/core/ngx_resolver.c
++++ src/core/ngx_resolver.c
+@@ -4008,15 +4008,15 @@ done:
+             n = *src++;
+ 
+         } else {
++            if (dst != name->data) {
++                *dst++ = '.';
++            }
++
+             ngx_strlow(dst, src, n);
+             dst += n;
+             src += n;
+ 
+             n = *src++;
+-
+-            if (n != 0) {
+-                *dst++ = '.';
+-            }
+         }
+ 
+         if (n == 0) {
diff --git a/util/mirror-tarballs b/util/mirror-tarballs
index d755112..736b139 100755
--- a/util/mirror-tarballs
+++ b/util/mirror-tarballs
@@ -469,6 +469,16 @@ else
     echo
 fi
 
+answer=`$root/util/ver-ge "$main_ver" 0.6.18`
+if [ "$answer" = "Y" ]; then
+    answer=`$root/util/ver-ge "$main_ver" 1.20.1`
+    if [ "$answer" = "N" ]; then
+        echo "$info_txt applying the patch for nginx security advisory (CVE-2021-23017)"
+        patch -p0 < $root/patches/patch.2021.resolver.txt || exit 1
+        echo
+    fi
+fi
+
 echo "$info_txt applying the upstream_timeout_fields patch for nginx"
 patch -p1 < $root/patches/nginx-$main_ver-upstream_timeout_fields.patch || exit 1
 echo