build-win32.sh: upgraded openssl to 1.1.1k.

patches/patch.2021.resolver.txt

@@ -0,0 +1,23 @@
+diff --git src/core/ngx_resolver.c src/core/ngx_resolver.c
+--- src/core/ngx_resolver.c
++++ src/core/ngx_resolver.c
+@@ -4008,15 +4008,15 @@ done:
+             n = *src++;
+ 
+         } else {
++            if (dst != name->data) {
++                *dst++ = '.';
++            }
++
+             ngx_strlow(dst, src, n);
+             dst += n;
+             src += n;
+ 
+             n = *src++;
+-
+-            if (n != 0) {
+-                *dst++ = '.';
+-            }
+         }
+ 
+         if (n == 0) {

util/build-win32.sh

@@ -2,8 +2,8 @@
 
 PCRE=pcre-8.44
 ZLIB=zlib-1.2.11
-OPENSSL=openssl-1.1.1g
-JOBS=12
+OPENSSL=openssl-1.1.1k
+JOBS=8
 
 # wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz
 # wget http://zlib.net/zlib-1.2.11.tar.gz

util/mirror-tarballs

@@ -469,6 +469,16 @@ else
     echo
 fi
 
+answer=`$root/util/ver-ge "$main_ver" 0.6.18`
+if [ "$answer" = "Y" ]; then
+    answer=`$root/util/ver-ge "$main_ver" 1.20.1`
+    if [ "$answer" = "N" ]; then
+        echo "$info_txt applying the patch for nginx security advisory (CVE-2021-23017)"
+        patch -p0 < $root/patches/patch.2021.resolver.txt || exit 1
+        echo
+    fi
+fi
+
 echo "$info_txt applying the upstream_timeout_fields patch for nginx"
 patch -p1 < $root/patches/nginx-$main_ver-upstream_timeout_fields.patch || exit 1
 echo

util/ver

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 main_ver=1.19.3
-minor_ver=1
+minor_ver=2
 version=$main_ver.$minor_ver
 echo $version