From fcda73e4a2a8707cfc71eefe09e62ce2348c36fe Mon Sep 17 00:00:00 2001 From: Felix Kaechele Date: Fri, 16 Aug 2019 11:28:24 -0400 Subject: [PATCH] update mainline to 1.17.3 fixes CVE-2019-9511, CVE-2019-9513, CVE-2019-9516 enable source file verification Signed-off-by: Felix Kaechele --- aalexeev.key | 30 ++++++++++++ is.key | 37 +++++++++++++++ maxim.key | 131 +++++++++++++++++++++++++++++++++++++++++++++++++++ mdounin.key | 33 +++++++++++++ nginx.spec | 18 ++++++- sb.key | 41 ++++++++++++++++ sources | 3 +- 7 files changed, 291 insertions(+), 2 deletions(-) create mode 100644 aalexeev.key create mode 100644 is.key create mode 100644 maxim.key create mode 100644 mdounin.key create mode 100644 sb.key diff --git a/aalexeev.key b/aalexeev.key new file mode 100644 index 0000000..156ad07 --- /dev/null +++ b/aalexeev.key @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (Darwin) + +mQENBE+EK6YBCAC/0pVOAUxCXwkOY/g6B7wAoIerb57lfMUqGUIpyZdRlD9ZADtF +kZLQxvsyFkXxfoCZa0zCXT4CCbkYIVtuM5dDnwN4NH6vLxVFT+WhCXoL9MfPfSTp +bQQIQxeYtl8Rm+9XoLYlrhGVeSOIPVTsziqR7RRKN1WSir0s8X6ky25hJHbvlWb8 +5MNKt8VAS9sOsMOl4RAAWeWWjPvc9ZHPwf6yXYOV9wsvBJGv3O4b+xu59a90Zq47 +UBXGkT0a6+xNNJNvXbupQAARJGyRBBaAylzOFNYKVi3tthqsyfWCoekYcCgq8zGG +aGUb2aQOR8/J/8v9/E1W3IeF7EKgNNd//hV3ABEBAAG0IUFuZHJldyBBbGV4ZWV2 +IDxhbmRyZXdAbmdpbnguY29tPokBOAQTAQIAIgUCT4QrpgIbAwYLCQgHAwIGFQgC +CQoLBBYCAwECHgECF4AACgkQq9TTs/WAa021cwgAqNutkLpXYsc3kqAMifiVjOSD +sehoq3a+yTW60wy7AZrXebL+lAeUTkDUvrC6O2wXBYrj66SGE+0yhNT/hFkfc9IU +9bdT8CiMfJURbRKMhz9YbolHlPvlPJ2FM171W3V8RWzYhezjBLaXcgcxEBYFlpGQ +HpSrzqoT6S0CPnxqiw1qesy+8MZE7c/59jzXqPIMOzw5v8aU7BRhvgduXjJV10XI +zaGFwDOmvU9dATHTDJyoIwZp3Dm9TiLuV9uQD4+uRb2tJQmPZDoGyFIyTusK+/bv +PJdnCSnOM05u1V5xFaMCZcscIPHFWQWwO//74SrRbXCHEzaVGyU3c6F6p+zy77kB +DQRPhCumAQgAtOhhcyrD+9PJFOJPYfU9vERP8YswV5RQPR75kAf2otHsy7qox2C3 +i5dNWzGtv2xDj5tjL23wTHl5yXYnEeP2sak3so1czhbWfzbI2TekU1ckPk6tokTO +C9Tn+3fJEnAQSdNEdN6ViO0uUGBAdDiz1S7zG2Rf8hmtebk70dvyGLw3LW3rGuKj +qCCgS6lNrwkRo7+2ZW45KKtJJkQvJ+rLZTzrZ27JFA+gSm5TGPOKGiwB428AaaAB +A/JmOt73XTi9fzuQbEov6Sl9Ej1qoMr2rWBayVsxKZSD7O2zqXZJ7FDi6khYlWcQ +dX0Sm2VAxDiL90oZVsorI2YILMs61a7ywwARAQABiQEfBBgBAgAJBQJPhCumAhsM +AAoJEKvU07P1gGtN3UAH/jWHaKVZLUrmSqlj/g0MKoj9t7EABx7gDRZ6bKfJ/GXL +yHDP4Ljrl2jZG6jf/NDq8CoAlwS8x5CpPItNelk9NLgMAi3p/H3LrrRnEBd3u046 +iz4Uce1dpEObokgFYL6qpy3v/CTw5DWpYuIohq2j77hEakSnWh3uRZyYtFCGG5jO +Ct4lWZA7DzSxj6/toNQpN0LzF56UwT+GrIVH82jU+vjulPFnAXu4NSC+vnyYGx9A +5xZj7so9KuPUDADz50yH8mMKcn96F3r9OahuzoYCQogHE+77FeEdJJ7RlsqMh3J8 +37/RI7/cLPgUmyYTOSRC1XyJErdwExrBQEvcQkySa5I= +=Qg0t +-----END PGP PUBLIC KEY BLOCK----- diff --git a/is.key b/is.key new file mode 100644 index 0000000..b4c8f92 --- /dev/null +++ b/is.key @@ -0,0 +1,37 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.11 (FreeBSD) + +mQGiBEqhKBQRBACyOVW0cliZfreT5AEPoXtZPZ6E8GUEkik8PUBskDkNxGh0Jgdj +CDYcJfd/ugTmhfZMB72essKaX9GauSVQCwcQn2AYX/zzGAcS5817xHcp9LPofGoF +0tvH5kS9I+OEVLsfmXkLvLcQBvwU2NtKRLAlRxVy4gi0ZBOwlbS+4s7y3wCgjQA2 +uIWVxNMJ300VycFiAPlddXcD/2R+KbLHSNLxRMXzrXmuTELdg9Xl1lvXo/DSCj6s +JeL9Hurto1VVFsrkFLdFxBIv3PxILx25PrOaEnKyJACKu0LVr4WSPoY58tPHoyzj +M+pkvqrE+bcYD1frBVId0AsbS9+Y1RXaNLM8TNzDs/AVJmRUcuHoeW4QhCPKDWOd +6LYBBACJoSjoWCba1xfWqQkZuX0MZeMJSliUmMii+FU2gB1NCPbEHQnr6DaOu9Ot +a+2BOOoMaO6wZBuFqBrW74tyCmpkQDBBJMedf3TQwTzL3eCrbDuws86R4yMqQo/2 +QksB0ItrBTezD0n39dkCnhiB0MFVPqt3OcWaiFpFdOhW6EhBmbQcSWdvciBTeXNv +ZXYgPGlnb3JAc3lzb2V2LnJ1PohGBBARAgAGBQJOTlzdAAoJEOzw6QssFyCDWEkA +oJPIUQzB/YTW2sBQ+CVmjKQXAWIQAJ9j/uCjOaaB6NZP6TH8sqMYctyui4hgBBMR +AgAgBQJKoSgUAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQqTdhOaUkxT5E +jACdFlnCTBEnDk7zAareC47UqKI9sOIAoIfI08Rss0JkCqGS7uMGfjNOqzsYiQEc +BBABAgAGBQJOl+2xAAoJEKZP1bF62zmoFEEH/Rv21ibzUZ8ZReWp9wvD4lK6C1Fr +OuJbcX4F3Fd2OzrkmEW2lcwXkIPGtiNfDHjJaibj8Zqk32IjBSYMlxhECCEyWyS4 +vfC0nulpLIPL486A1YGFyFQu2UWDtWNBPJrJ64rciX4oNwZxy6yIY+rRsPA+gKPi +wWtfXBY4RUvz+rMLnpPytSsKFzqbk1wI3TA0W72B+pki0r0T7eTnaseq66Wj4kGh +L8RYBepKFT8QHgEsyG9lRp8a/IMup4RVDGPoxl4RL0EjGhd6xCf+n32PTtNyLPVe +jUBiSfz1NaGhyUtQothEDgziCOvbQyrF8Tt26dBbrM0DqEWsqQh6st3AfLy5Ag0E +SqEoFBAIAM3cVw9XvxdaZQkxzAYKUsIxFuMvIxfiSNZmWe/IJZKBxlnJXtiHi2DY +BzCkobmsx4SY12EEazrX7gmlvQecOxcR/Fe6mFc+4HCbA9iYMQuAGSdv+G+a0X1G +PItCbMx8362b1jL2cUH3q0DFLUFS09Mvu3ZFT0TSvDHVLgeZdenJLLhHfiTTW9Oj +3hmFGUDRKIX+AMEY0AARqPmebvtAgKK92TF8FaC1OfwGTkkpACULhkwWAo+l53kP +b7paz9q8GJwAi2grA3lV4RF/AZ1n/G2z49pTe7v4iSiFkgIvSDX7YqqIrpxJd19G +a8VZ6RxACdAzhdrnz61GWzVm4Lbgti8AAwcIAI5C3Wtdo6tj9Xe/XTfW4gVvVD/y +dr+57hDjjpil0j5+v6BGrZ/OA4uee8wADR/OXGJVP6nKtVaY1h54ProAjG8fIZhF +SLokq7QVtFY8yyV7oAVAhB0vDE545d5TcTP29Wu6huJ7x94PQ2wuYmGV76m/05+3 +sTrfPRVe4d8uW238UPxUMFdT7XQ9lDS0bskkYgDOWKk+iZ5HPe5tuK3aUl1QN6TZ +5qaprppB8+CxM2R7BFZD1pU0WicRGqPPhtnXKfuh/DOSBcQPw+dIjsKqXcyde1iE +pVfrZ1V5YpxVckTU+Zg5VrBhfez7Vazxt8f+rRVXcLKbZ1Z5KquqdrUzhkCISQQY +EQIACQUCSqEoFAIbDAAKCRCpN2E5pSTFPvnqAKCKuPJRzq+NTHlsyLiJhM8tQe43 +ZgCeLScMWL6OD4W8wUkcEnEuw+6So80= +=bMVt +-----END PGP PUBLIC KEY BLOCK----- diff --git a/maxim.key b/maxim.key new file mode 100644 index 0000000..79dfefc --- /dev/null +++ b/maxim.key @@ -0,0 +1,131 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.11 (FreeBSD) + +mQGiBDzqHSERBACUPYN18/fnXdsI3CsH/UgX7CL1yLSgTCTbEA7p/jPA78svM0Kt +aHdZG+mhZH9u//SaPuKPoF6OST7pb5ee48bppzL8v1+zYIAUWib/ImR/ZEGi5SzM +mYtNCrK3YTblaHoeKKSrVwYvFi4HYQZWG3hcXaozhZRVQTnGnDdQYriSVwCg24Pl +UzXu1n8lw+4zDlW3eGIkxEMD/RpnH5n8maXO5MYRvuBpGGTF7x3iV0somnLhQ1Th +1WD/7OhRRzfRpXarG8ObyxyPx52et6tGV9IjSdO+uuVgtTUFRKsr6QYk/y49blnt +pGtd4kTHMy99Zt/GP/CBBWn7dQtMGABDobA0ZU5ILkSlZ+DHtZLEkIXljhxIyhbw +sIQzBACKTwIrcF0trhi2dibKMOWqy8RYP5iKe1vXy5SCdcU7HxicHGzI0oRdlCHT +jh0pik8YWI24d18UdHDhvWHxbF/QCBbW+RAyiNASzzdsiIswo9Zvras/NZbnagHB +tP80kBhLVC4udmO7GKYxKjpgsuqihaFJdcpoxx8J6mv2sTxK1rQjTWF4aW0gS29u +b3ZhbG92IDxtYXhpbUBGcmVlQlNELm9yZz6IRgQQEQIABgUCQLq0OQAKCRBmf70A +yq2sKARdAKCCX/8V9pvSCqAMXW2/VsIPt6vtjwCfYJC1J+Z7DcC3zd8h4Jq5G2Rc +55aIRgQQEQIABgUCQzo8dgAKCRCF1FBFa2kbA4MQAJ4vD1ZKa12n9miVnQT3TlMq +vX4QkgCdGVTUHDUPJhxsCtJxGdsXG9O2s3iIRgQQEQIABgUCQ6MncgAKCRBNyUvY +tx9gXfpNAJ4lQS8UtczYiwZtwotSQtFL94oofwCgmYu3FWzW34W2t0FgFcRJkGtP +UKOIRgQQEQIABgUCQ6NBhgAKCRBCsZN8yFUPTFajAJ4xZ78RfHJCHnDr/pQHtBaE +5IdrnACgnqW5wmGOLUgmoBoR32FhZVUZBW+IRgQQEQIABgUCQ6O9+QAKCRCvItzv +eM4QX75sAJ0YXxNJIn9AGpXU//vQ2f0bI0tL7QCcDjvLyTv3P9ikrWZhHUDQujy8 +a5aIRgQQEQIABgUCQ6PsWQAKCRBd5Nf+GUncgLNUAKCG0XUM3K/SRaZqmY5dGJSz +Hrhq5gCcDgCq/rJQCerIxCoUQAKuDFJ5hfCIRgQQEQIABgUCQ6Z6XAAKCRBEidDt +Z5uBGWJtAJ9b59VDCydXAkk1FdGE1ur9ovDNxACfdZrNlCKkA+wNM3VGS03iU1qu ++v+IRgQQEQIABgUCQ6Z+KQAKCRBEbQwwjJFkKNXVAKCC2Qr+jNiy7jWp5ZmFSG2h +tKh2UwCdED21xB9FeO/tUt3ngOc9g/Ku02qIRgQQEQIABgUCRKL15wAKCRCpF+nM +mW4UXkD5AJoDoYWcJLA4kL37bwKTeZWCKf7bvwCfQE7B5bPRR5QrLmGejixHMjMd +J/qIRgQQEQIABgUCRKMCOwAKCRBsA3Jjrf1cms1QAJ9lPxf+udM0vEvMe2IsirQ9 +D/OFiQCdEP5L08VNsWgUQ1GgqPVN6SiMwNmIRgQREQIABgUCPPI3MAAKCRDkwbNJ +gRZkufiYAKC1+gPcIAuGKejJc4wUxsatmEFdUACfSJKZMPMYb97PsiHFV/EOCuie +EtCIRgQSEQIABgUCPXS6+AAKCRDc/7Ca5SeztdOYAKCCGueg9cLJ1Nu7NMy+KEp/ +5gUy/QCgjAtcwytxl9UTtWKxk7ssco80CxmIRgQSEQIABgUCPjwGiAAKCRAL8GQS +YLofR/pYAKCPSGxgE79x3zJF64efsbZTLwhNcQCfWA9YPS2H9Xln7d68b3XNTjm1 +g6iIRgQSEQIABgUCPzuGSAAKCRATKEkZzwXRT8/QAJ0SXTPD/bTJlhL/a5DRFE5S +ozFgFwCfTwOd9LpDh5gAsmVJME4xClOH/c+IRgQSEQIABgUCQLhWxwAKCRA27/mq +pwtSB2w0AJwKFP3U3RfYoiFEwtoxZQqrEm82PwCbBTCNkrPJMrMMAILbizFQ5LSP +z9qIRgQTEQIABgUCPOo6IgAKCRD31D6TzwF+Vy2AAKCcEbkGhJ40HDgvxlTWyCb6 +KgzNugCgimtM6MBsqgTsk/UunizDvJDezqGIRgQTEQIABgUCPmtEjwAKCRBOOAZa +8Q9p15+sAJ9rodwYfiE/sfU5isW0CylV1YpiYgCeMog3y6TG2ZlTEGjpcf4CiaTt +sM6IRgQTEQIABgUCQL2cHQAKCRAGInZjpkL6mOzwAKC+gfd5IBOslPydmA6VSnL6 +eroqJwCfeFjYQUjyJdRle4C4jQbDWmh0MYuIRgQTEQIABgUCQL43FwAKCRDc/7Ca +5SeztYxbAJ9RGW7F9FC+7ajeWjdsXJBUq2rupACgnXxdlSKMLc9CZ+zRNizEhCMY +vdWIXAQTEQIAHAUCPOo0eQIbAwQLBwMCAxUCAwMWAgECHgECF4AACgkQ7PDpCywX +IIM2+ACeK4CYBq1j2b8lew7w9/gZqqfyx0MAn3D2ISNtUiseJw2gaKD4lnYzOhdo +iF8EExECAB8CGwMECwcDAgMVAgMDFgIBAh4BAheABQJDOVVrAhkBAAoJEOzw6Qss +FyCDUG0An2SMwEVMpfhzWJehjbfnI6Fflo9LAKDPDb/tIFI4TOKV8gUyC5QPd+Uh +NohkBBMRAgAcBQI86jR5AhsDBAsHAwIDFQIDAxYCAQIeAQIXgAASCRDs8OkLLBcg +gwdlR1BHAAEBNvgAniuAmAatY9m/JXsO8Pf4Gaqn8sdDAJ9w9iEjbVIrHicNoGig ++JZ2MzoXaIicBBMBAQAGBQI86jp6AAoJECJGDGoDwvstnBYEAIbMNUUVHnlBJyyl +GD9ILRi+6hM43OVjUMtSi3+wWxSX8iLnC8wfSUClEcbhEsgLo88IH9KARIMRP5GV +Zd4IdfQ944ACO64TgKe+Gywk5LW5BwVJOMpXLlrZ13nEM48hoiLipn5c4sx7fKBT +JKQkz1KOrNfhIvL1t+wZ4XMUCDiWiQEcBBABAgAGBQJKzAe6AAoJEJBXh4mJ2FR+ +iI8H/2YY4nf3wOsO03V2lVNg2nM84QR036FlMy7LbGgfyjoNyJsjUskf+SF2Oj8k +0ijr11DQvQSI+J30iemxCeVgWSpKQWxf5+GGbMZjo3V+4BT4AAwL6fryQBP0n5E8 +8SgMvFIxkinmONqDjlaO7vi5jnGxaQfY1VTPboJ6innpOtin4fH9T1PvNu+caEgv +fVQ9KKv0HkKH9zp/e6XkB2THM60ih8fkdNBKTp2LxBZ+G69L3hjihnG0Dag30evN +0bgePY4cS6wze6pmdNOruiShdsmyaYszL/AWiCEc6j/PLDydMwz/+2UcVdw8UtRC +ZqgJG39yocpGjbYzBhiMShunrqGIRgQQEQIABgUCTk5f+gAKCRCpN2E5pSTFPoXk +AJ9kg/OLFF9pFl2pi+f+8FyrBRH0FgCbB2B4vEu7rd+/D0Ae2rTKiBLs6vm0I01h +eGltIEtvbm92YWxvdiA8bWF4aW1AbWFjb21uZXQucnU+iEYEEBECAAYFAkC6tCQA +CgkQZn+9AMqtrCjZUQCgkylmChMzJKSRLHD4X/CrRs596EgAn15ppMvhYDqOwDIZ ++HiAfZQZXKYdiEYEEBECAAYFAkM6PHsACgkQhdRQRWtpGwPE1wCbBBi6IH8PPIAq +o3ATWDg9QS6GXOkAn2lXXnKroLVE71Y82qFjaxMwrDeliEYEEBECAAYFAkOjJ3gA +CgkQTclL2LcfYF0GdgCfbcXWgXhFwLE3XE+ae/JHzp9VvUAAn2t/UFTVlRfpsonT +YzS7/NjR3TnoiEYEEBECAAYFAkOjQZQACgkQQrGTfMhVD0zcUgCgpCQl7HMkRxGF +o/l2WlmGodedZ9YAn29t0RAhJGsk04mII8spj7ds0XumiEYEEBECAAYFAkOmfiwA +CgkQRG0MMIyRZChGSACfYiZFXu7KM/JvDQCk7aTZKNAjPsQAnjTOoPmFHd0BXJbw +XIholgYay7nqiEYEEBECAAYFAkSi9eoACgkQqRfpzJluFF7vjgCfRdrt2IY2MT6Z +XqNkYM9C7khOowMAn2uEvJH07qDz/ShMpiTFR2m5vv0MiEYEEBECAAYFAkSjAkUA +CgkQbANyY639XJrUkQCeJKUvH6kvY+GtbWG5zeYc1NW1qb0AnAhMA4dvmHoCqbaT +aOYMoGW9MypgiEYEERECAAYFAjzyNy0ACgkQ5MGzSYEWZLkiFwCdERENcWOjhb1i +y2O77T4UpBG7FyYAniV2lXO/ugP5fz+0RiaFQNmqqkq8iEYEERECAAYFAjzyNzAA +CgkQ5MGzSYEWZLn4mACgtfoD3CALhinoyXOMFMbGrZhBXVAAn0iSmTDzGG/ez7Ih +xVfxDgronhLQiEYEEhECAAYFAj10uvEACgkQ3P+wmuUns7UDWwCfV802QUOsGF9F +ClbY/BOV/AlUzJkAmgP4mbvJImy32hTz0nk46HIIUnc3iEYEEhECAAYFAj10uvgA +CgkQ3P+wmuUns7XTmACgghrnoPXCydTbuzTMvihKf+YFMv0AoIwLXMMrcZfVE7Vi +sZO7LHKPNAsZiEYEEhECAAYFAj48BoAACgkQC/BkEmC6H0fKdQCfTS7QWQnaXafK +Buu7Eg/RBpN/oVkAoPypFIxxplUhpkFNgPgl/DDfNJUiiEYEEhECAAYFAj48BogA +CgkQC/BkEmC6H0f6WACgj0hsYBO/cd8yReuHn7G2Uy8ITXEAn1gPWD0th/V5Z+3e +vG91zU45tYOoiEYEEhECAAYFAj87hmMACgkQEyhJGc8F0U+4rgCfQla+Mpfvpsuz +2otGGZoy0sQ/frwAni4DN0eSNykCpbuM7kEo+ue5EAaziEYEExECAAYFAjzqOh8A +CgkQ99Q+k88BflfVWwCdGpavsOw+aeo5OvQKXRb+qlh2fKUAoJSoU0ZvXf+/DYGW +cVz8k2N6mALNiEYEExECAAYFAjzqOiIACgkQ99Q+k88BflctgACgnBG5BoSeNBw4 +L8ZU1sgm+ioMzboAoIprTOjAbKoE7JP1Lp4sw7yQ3s6hiEYEExECAAYFAj5rRIwA +CgkQTjgGWvEPadfVFgCeNpCSKQxhfvz6Ep2dpCl3r+j8HdMAn36Dxm3ZBQ5+FNUJ +B9S3wUtX82fbiEYEExECAAYFAkC9nCAACgkQBiJ2Y6ZC+piPlQCgoE5ydx4u8PWv +YC5wdpE7/T1BEQ8AoICYkv3FT4Ie1huBpNHgnFwX8/Y0iEYEExECAAYFAkC+Nx0A +CgkQ3P+wmuUns7X1kACfdjFR1K++J5kmkZPL0jpyguI1EFgAn03190UYzJsV+1qu +9W7B2lPoTrZKiFkEExECABkFAjzqHSEECwcDAgMVAgMDFgIBAh4BAheAAAoJEOzw +6QssFyCDr/QAn3QBzqXAJrRqzQe3+9wyGI2UkbfvAJ42ImigidpWaY/W+CRGuwtr +iKBVSYhcBBMRAgAcBQI86jR5AhsDBAsHAwIDFQIDAxYCAQIeAQIXgAAKCRDs8OkL +LBcggzb4AJ4rgJgGrWPZvyV7DvD3+Bmqp/LHQwCfcPYhI21SKx4nDaBooPiWdjM6 +F2iIYQQTEQIAGQUCPOodIQQLBwMCAxUCAwMWAgECHgECF4AAEgkQ7PDpCywXIIMH +ZUdQRwABAa/0AJ90Ac6lwCa0as0Ht/vcMhiNlJG37wCeNiJooInaVmmP1vgkRrsL +a4igVUmInAQTAQEABgUCPOo6dwAKCRAiRgxqA8L7LcmeA/46MgqPcasZkPwtcTuY +r75aICqVXILv3HmDbyrXYRSRljMsYiQa7Pj80DfBx6V3kbp29X7skTMR/ewBPv+J +RwiBiEh6kRYURSGeC82GL6p/8WpW5P1tjPhSQcQvZnZKjGCT9b433XhKAtaJIoT6 +EKUPg2Ow3+HWtP+QDeQQwpGTDoicBBMBAQAGBQI86jp6AAoJECJGDGoDwvstnBYE +AIbMNUUVHnlBJyylGD9ILRi+6hM43OVjUMtSi3+wWxSX8iLnC8wfSUClEcbhEsgL +o88IH9KARIMRP5GVZd4IdfQ944ACO64TgKe+Gywk5LW5BwVJOMpXLlrZ13nEM48h +oiLipn5c4sx7fKBTJKQkz1KOrNfhIvL1t+wZ4XMUCDiWiQEcBBABAgAGBQJKzAe6 +AAoJEJBXh4mJ2FR+vXEH/0tDdlST54Vqn/7IoJJqJdHS2G5KeX8c+HEwTDQvlyEw +9r/9UWqoqqbU9h8nHjZj+MHD7WT905uWv512N95Iggvw2SGRcmlH6eoX8Z0C5vfn +Uvxz10sGUKdzynnOhpFXX6d3Kaqv222LKQ8aV+mBSaz7lUlAF+yOmc2wLtzBfPbv +24gW/IumIObmW/nScWfQpNmzZpCcyhnUOKFjoXs0Hoq8jfMJ1Cu+mCTcaMxgH8ow +Rn+SSf1b0H0NZj0HBQoJXJrFwnrXBUCId4S59NT2+0Jr8jfd10WAVA16/Ctsn54a ++hG0Pbk23cVolXR3kvhEIyyjaEuhC6efldKO3Wy4IWG0J01heGltIEtvbm92YWxv +diAoTVRVIEludGVsKSA8a21AbXR1LnJ1PoheBBMRAgAeBQJBNsIKAhsDBgsJCAcD +AgMVAgMDFgIBAh4BAheAAAoJEOzw6QssFyCDkiYAoLdsZvJW/E/A/m7WWr0TlFv1 +W3OBAJwKHaET0k3+9KO8+cbxTYQc2Tm0TYhmBDARAgAmBQJDOVkcHx0ASSBkbyBu +b3QgbmVlZCB0aGlzIElEIHJlYWxseS4ACgkQ7PDpCywXIIMc6ACeO5hWlTCXsL+J +9na+7u4BKppCi/AAni6BD83wsjzhQ0k8H32/1EJhJjjztDBNYXhpbSBLb25vdmFs +b3YgKHRlc3QgdWlkKSA8bWF4aW1AZnJlZXNoZWxsLm9yZz6IRgQQEQIABgUCQLq0 +OQAKCRBmf70Ayq2sKARdAKCCX/8V9pvSCqAMXW2/VsIPt6vtjwCfYJC1J+Z7DcC3 +zd8h4Jq5G2Rc55aIRgQQEQIABgUCQ6MncgAKCRBNyUvYtx9gXfpNAJ4lQS8UtczY +iwZtwotSQtFL94oofwCgmYu3FWzW34W2t0FgFcRJkGtPUKOIRgQQEQIABgUCQ6O9 ++QAKCRCvItzveM4QX75sAJ0YXxNJIn9AGpXU//vQ2f0bI0tL7QCcDjvLyTv3P9ik +rWZhHUDQujy8a5aIRgQSEQIABgUCPzuGSAAKCRATKEkZzwXRT8/QAJ0SXTPD/bTJ +lhL/a5DRFE5SozFgFwCfTwOd9LpDh5gAsmVJME4xClOH/c+ISQQwEQIACQUCQ6Pp +jQIdAAAKCRDs8OkLLBcgg2TfAJ9wB3Wp7IcAD8ne40Y2Y9UOMkVEZgCdGwIDgAz7 +QgZE4CzHLUZ3gphh1QWIXgQTEQIAHgUCQ6PozQIbAwYLCQgHAwIDFQIDAxYCAQIe +AQIXgAAKCRDs8OkLLBcgg/u0AJ0c8m85xbSvaCeIGVR+E5RN+iispgCfeYGsz72s +iouBxJcrVoXzlpd/o1G5AQ0EPOodJBAEAIJ56cYgBMjzG65gRZfhD7pEPrwJjx7F +iUeAEq6DiuSM0W75LsWOELOSXIIni3F0t8QcjyupO8fnqdBP9JECzih5PIYmhHEf +4684rRIwka5J256A0Q9HrBKF2AlywSZ56psa5mNbFr2nv1uIP2t5ZcISEWsaPABk +MswMm+hYC75rAAMGA/46xGEdPWv494Pa1YD/HbAAyB948bZ8QjZBCDQFm3IQr40E +Dm5YVllNBSo7Yw8Y7Gp8Ao+WYEET60kEBtATXr4jNcln4NS/UmGVX79va8kMPc5z +AQloiT78hCkOQZHC15691HENN+ppEjXVdsNjAzi7Zok9OPHJcfFeJX0/r3CuZIhO +BBgRAgAGBQI86h0kABIJEOzw6QssFyCDB2VHUEcAAQFCNgCgxAU2CBSYytZ08F0W +HxxMeInrYi0An2zFJGYtLghVu9Q0P8Okqu2blMIC +=52bu +-----END PGP PUBLIC KEY BLOCK----- diff --git a/mdounin.key b/mdounin.key new file mode 100644 index 0000000..bbf2ca1 --- /dev/null +++ b/mdounin.key @@ -0,0 +1,33 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.11 (FreeBSD) + +mQENBE7SKu8BCADQo6x4ZQfAcPlJMLmL8zBEBUS6GyKMMMDtrTh3Yaq481HB54oR +0cpKL05Ff9upjrIzLD5TJUCzYYM9GQOhguDUP8+ZU9JpSz3yO2TvH7WBbUZ8FADf +hblmmUBLNgOWgLo3W+FYhl3mz1GFS2Fvid6Tfn02L8CBAj7jxbjL1Qj/OA/WmLLc +m6BMTqI7IBlYW2vyIOIHasISGiAwZfp0ucMeXXvTtt14LGa8qXVcFnJTdwbf03AS +ljhYrQnKnpl3VpDAoQt8C68YCwjaNJW59hKqWB+XeIJ9CW98+EOAxLAFszSyGanp +rCqPd0numj9TIddjcRkTA/ZbmCWK+xjpVBGXABEBAAG0IU1heGltIERvdW5pbiA8 +bWRvdW5pbkBtZG91bmluLnJ1PokBOAQTAQIAIgUCTtIq7wIbAwYLCQgHAwIGFQgC +CQoLBBYCAwECHgECF4AACgkQUgqZk6HAUvj+iwf/b4FS6zVzJ5T0v1vcQGD4ZzXe +D5xMC4BJW414wVMU15rfX7aCdtoCYBNiApPxEd7SwiyxWRhRA9bikUq87JEgmnyV +0iYbHZvCvc1jOkx4WR7E45t1Mi29KBoPaFXA9X5adZkYcOQLDxa2Z8m6LGXnlF6N +tJkxQ8APrjZsdrbDvo3HxU9muPcq49ydzhgwfLwpUs11LYkwB0An9WRPuv3jporZ +/XgI6RfPMZ5NIx+FRRCjn6DnfHboY9rNF6NzrOReJRBhXCi6I+KkHHEnMoyg8XET +9lVkfHTOl81aIZqrAloX3/00TkYWyM2zO9oYpOg6eUFCX/Lw4MJZsTcT5EKVxIhG +BBARAgAGBQJO01Y/AAoJEOzw6QssFyCDVyQAn3qwTZlcZgyyzWu9Cs8gJ0CXREaS +AJ92QjGLT9DijTcbB+q9OS/nl16Z/IhGBBARAgAGBQJO02JDAAoJEKk3YTmlJMU+ +P64AnjCKEXFelSVMtgefJk3+vpyt3QX1AKCH9M3MbTWPeDUL+MpULlfdyfvjj7kB +DQRO0irvAQgA0LjCc8S6oZzjiap2MjRNhRFA5BYjXZRZBdKF2VP74avt2/RELq8G +W0n7JWmKn6vvrXabEGLyfkCngAhTq9tJ/K7LPx/bmlO5+jboO/1inH2BTtLiHjAX +vicXZk3oaZt2Sotx5mMI3yzpFQRVqZXsi0LpUTPJEh3oS8IdYRjslQh1A7P5hfCZ +wtzwb/hKm8upODe/ITUMuXeWfLuQj/uEU6wMzmfMHb+jlYMWtb+v98aJa2FODeKP +mWCXLa7bliXp1SSeBOEfIgEAmjM6QGlDx5sZhr2Ss2xSPRdZ8DqD7oiRVzmstX1Y +oxEzC0yXfaefC7SgM0nMnaTvYEOYJ9CH3wARAQABiQEfBBgBAgAJBQJO0irvAhsM +AAoJEFIKmZOhwFL4844H/jo8icCcS6eOWvnen7lg0FcCo1fIm4wW3tEmkQdchSHE +CJDq7pgTloN65pwB5tBoT47cyYNZA9eTfJVgRc74q5cexKOYrMC3KuAqWbwqXhkV +s0nkWxnOIidTHSXvBZfDFA4Idwte94Thrzf8Pn8UESudTiqrWoCBXk2UyVsl03gJ +blSJAeJGYPPeo+Yj6m63OWe2+/S2VTgmbPS/RObn0Aeg7yuff0n5+ytEt2KL51gO +QE2uIxTCawHr12PsllPkbqPk/PagIttfEJqn9b0CrqPC3HREePb2aMJ/Ctw/76CO +wn0mtXeIXLCTvBmznXfaMKllsqbsy2nCJ2P2uJjOntw= +=Tavt +-----END PGP PUBLIC KEY BLOCK----- diff --git a/nginx.spec b/nginx.spec index de1dc5c..e407b7c 100644 --- a/nginx.spec +++ b/nginx.spec @@ -22,7 +22,7 @@ Name: nginx Epoch: 1 -Version: 1.17.2 +Version: 1.17.3 Release: 1%{?dist} Summary: A high performance web server and reverse proxy server @@ -32,6 +32,13 @@ License: BSD URL: http://nginx.org/ Source0: https://nginx.org/download/nginx-%{version}.tar.gz +Source1: https://nginx.org/download/nginx-%{version}.tar.gz.asc +# Keys are found here: http://nginx.org/en/pgp_keys.html +Source2: http://nginx.org/keys/aalexeev.key +Source3: http://nginx.org/keys/is.key +Source4: http://nginx.org/keys/maxim.key +Source5: http://nginx.org/keys/mdounin.key +Source6: http://nginx.org/keys/sb.key Source10: nginx.service Source11: nginx.logrotate Source12: nginx.conf @@ -52,6 +59,7 @@ Patch0: nginx-auto-cc-gcc.patch Patch2: nginx-1.12.1-logs-perm.patch BuildRequires: gcc +BuildRequires: gnupg2 %if 0%{?with_gperftools} BuildRequires: gperftools-devel %endif @@ -169,6 +177,9 @@ Requires: nginx %prep +# Combine all keys from upstream into one file +cat %{S:2} %{S:3} %{S:4} %{S:5} %{S:6} > %{_builddir}/%{name}.gpg +%{gpgverify} --keyring='%{_builddir}/%{name}.gpg' --signature='%{SOURCE1}' --data='%{SOURCE0}' %setup -q %patch0 -p0 %patch2 -p1 @@ -459,6 +470,11 @@ fi %changelog +* Fri Aug 16 2019 Felix Kaechele - 1:1.17.3-1 +- update mainline to 1.17.3 +- fixes CVE-2019-9511, CVE-2019-9513, CVE-2019-9516 +- enable source file verification + * Wed Jul 24 2019 Felix Kaechele - 1:1.17.2-1 - update mainline to 1.17.2 diff --git a/sb.key b/sb.key new file mode 100644 index 0000000..16c68c9 --- /dev/null +++ b/sb.key @@ -0,0 +1,41 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.11 (FreeBSD) + +mQENBE5E4vkBCADPkWWzk7W5cXOqeZ1ULNSj8nt5azbYjfQ8OyR2AaDW8J7oazYH +reIHKid5uZVJxwr1uLoMloGiYTdy4XYIF2WcOfDnjNGumrAT0Nd4Kdax/pHr5Pdp +jFsO4BkHyWk/5/zDCijyoGYLBR6I8hqn+WDuLG/sTtVuTWkUeOlfxb2eZdLyZ3oP +5T5FXtWTpKvr2y7RGshmS6EJnjiVvvErdbNItFXghqvBBaFOJaS2PRBEO9RfKpti +i+eS/cmlrm+Tjv44EPfQyLtAmCQ8uqfL50uIKEp6/dsC/OVJ6JlJOYl4j90DX7vB +TJaOyUm4s+BLF2BK+Ow8+s+B6jQ5noa/o16NABEBAAG0IFNlcmdleSBCdWRuZXZp +dGNoIDxzYkBuZ2lueC5jb20+iQE+BBMBAgAoBQJOROQ6AhsDBQkJZgGABgsJCAcD +AgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCmT9Wxets5qEQgB/43Mxmiy7DjXEbxIYkC +9xPC4kf1X+bHkJ9BtAgaYDQewjtQ7vS98TKJBibm3l4egmBjFWjCpL8845n966+u +XDqrDWJtOPUXvSEQNXGlijDGSxxpdK2dxDOKIOC8nIlZq/Xz/Uqjb2ZrszmYK2LD +IHI1mN9HdI6aTt41QbtG0nkaPPgv3MEvxSMVCzVddroyPXvf/ErT4OSYU+dqJhH+ +SBIezuF0suzH/siCksbSBZHIst5rggpjsZvijP5YFH/hpEsR+tKXo9EFk49xn9Ou +WdmpOEs7CKDbTApkh9XN/Pk5nJQ/HIDuW8pkgzf2wxNWlMSYw6xnozDkeIqpJcDD +4niqiEYEEBECAAYFAk5OYocACgkQ7PDpCywXIIMKtQCfaAl2rvbEImu6MnDR32KG +HTDH2TEAoNeWrSlavyFzbSQka53E9Gs6gF63tCBTZXJnZXkgQnVkbmV2aXRjaCA8 +c2JAd2FlbWUubmV0PokBQQQTAQIAKwIbAwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYC +AwECHgECF4AFAk5OR38CGQEACgkQpk/VsXrbOagPmAf/QmIEDkkiovc1MgQ81lh4 +eeHfvtptb+U4GVCu07DQUR9kEtN6Jqi65gKb95fEztI14PpX+euiWrc/RlnsxWc0 +jYF0UmyacWLN6oHPoxlCK5+7zyoz5UTNrYGkTfWfcNtTU509CEZRClBNjMZOTZjP +QhdR+Ce6tngRcQvMGNaLjJkKuY7vPh6FjT5oqxpnEIRTsWq6bUaeCXm7j9x0as1Z +w1E5D5it3Ug3VlAe58jFJmRgatOsWznKuNoLRjQ2Chp2ce+dLgXriuJMrvEsn5S4 +dImUGL5DVYWDVZNG+r85XnOhMfKG308pZby1uzFvD+j3P6yMj1tpaCAAi5lUkHh6 +bIhGBBARAgAGBQJOTmJ/AAoJEOzw6QssFyCDH50AoMyJPvPDTYXK5KHOlPYPZQ5M +OuCAAJ9zQ/3hKedm3xCLGl4Y6hjxJNlUTbkBDQROROL5AQgAuGIfx9aVOOXVdj8b +XvjBQt+UkBURYGACHFQ69w71Aupsg9pZ7FgwgVKxnoNlmRag8sInjQbs3M/lS0sB +dg75zZ7Ph7aPev8RAqdtX5+xxvujv1cmkFBExFuC5Wp/Yfzk/lPWZR4vXZrTpRiF +PLMlRu0CEJFqoqPPygGFar02Q7rO+da35pxAuYrOWGM7MNr8H/vk13+GiqniBQCa +uSoWwZQzaEdG5VGgm/vAwPzO+Cbam3r+Hs7OieykAy8fv+B+qhHn8Vc/520iGvdO +IAKpxl6oZrkbNL/wozOOLZni7iWl30C43ujxPiGRlg/YotHmhlnMic85QKyakXCS +WXI/JQARAQABiQElBBgBAgAPBQJOROL5AhsMBQkJZgGAAAoJEKZP1bF62zmoGCwH +/2a6zlu4Jwmv21vuroaAzECV8gp1luBeagn23EgMMukYhkbwLtL/0twAHmZlkpzl +atfq/EH2PgOasl2biJixqp7o9V7Uw6PS5JoY+1IrLEurG+FU2TN/Ysp12al4Z0Hh +p4yBRSEikISO9gkeUThixDPX1PjCpx8G/ZYqk+8jRCcDgWsUc/WV3VGPht68oDd7 +56/hfQYc/V3eJmm5WYLVGV7Q69tGtp6D09SpoeqCD2K77auEBRVJ4jaT4B2/EfSb +x6y7Dy4Oxm8TBOQ2EZw2vEixKxtEt86/oBtLUkqVockPq/Ek9AL+KzT6VR1xU+Cm +CoHAyoqJeb/xLBwuKWg0/4U= +=iFlP +-----END PGP PUBLIC KEY BLOCK----- diff --git a/sources b/sources index a3900c8..ebc555d 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ -SHA512 (nginx-1.17.2.tar.gz) = 9bb48b7b271f30cfb4d35c86a57eae2a5aeece6be755c1f55b7d4cded73d1dbb8dc89087cac279144c8c25a2624e7fbd71cc55ada4aef932143e3a16c601452b +SHA512 (nginx-1.17.3.tar.gz) = b81e75c4c8c03ca2f0b40b9c2a1812cf168cb2319d7246b9b0cce838ef7dba81f3cd57a213ec8d58e457a0fa6b912adff2e5597e5ada7258cfe27f55b05205e2 +SHA512 (nginx-1.17.3.tar.gz.asc) = 07c3600fdac851dc5c790f9647a4929f68fbdb68133a433db3fcd6edfa6f68945ca3e0c8849143a874976265b939cbb1398ca2a769b424b67835d5806f697bad