fix CVE-2020-1971 again

Dockerfile

@@ -23,7 +23,7 @@ COPY prepare.sh /tmp/prepare.sh
 RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
 
 # Fix CVE-2020-28928, CVE-2020-8231 & CVE-2020-1971
-RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0"
+RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
 
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache
 

Dockerfile-amd64

@@ -23,7 +23,7 @@ COPY prepare.sh /tmp/prepare.sh
 RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
 
 # Fix CVE-2020-28928, CVE-2020-8231 & CVE-2020-1971
-RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0"
+RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
 
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache
 

Dockerfile-arm32v7

@@ -30,7 +30,7 @@ COPY prepare.sh /tmp/prepare.sh
 RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
 
 # Fix CVE-2020-28928, CVE-2020-8231 & CVE-2020-1971
-RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0"
+RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
 
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache
 

Dockerfile-arm64v8

@@ -30,7 +30,7 @@ COPY prepare.sh /tmp/prepare.sh
 RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
 
 # Fix CVE-2020-28928, CVE-2020-8231 & CVE-2020-1971
-RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0"
+RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
 
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache
 

Dockerfile-i386

@@ -23,7 +23,7 @@ COPY prepare.sh /tmp/prepare.sh
 RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
 
 # Fix CVE-2020-28928, CVE-2020-8231 & CVE-2020-1971
-RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0"
+RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
 
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache
 

autoconf/Dockerfile

@@ -11,7 +11,7 @@ COPY autoconf/* /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
 # Fix CVE-2020-1971
-RUN apk add "libcrypto1.1>1.1.1g-r0"
+RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
 
 VOLUME /etc/nginx
 

autoconf/Dockerfile-amd64

@@ -11,7 +11,7 @@ COPY autoconf/* /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
 # Fix CVE-2020-1971
-RUN apk add "libcrypto1.1>1.1.1g-r0"
+RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
 
 VOLUME /etc/nginx
 

autoconf/Dockerfile-arm32v7

@@ -18,7 +18,7 @@ COPY autoconf/* /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
 # Fix CVE-2020-1971
-RUN apk add "libcrypto1.1>1.1.1g-r0"
+RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
 
 VOLUME /etc/nginx
 

autoconf/Dockerfile-arm64v8

@@ -18,7 +18,7 @@ COPY autoconf/* /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
 # Fix CVE-2020-1971
-RUN apk add "libcrypto1.1>1.1.1g-r0"
+RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
 
 VOLUME /etc/nginx
 

autoconf/Dockerfile-i386

@@ -11,7 +11,7 @@ COPY autoconf/* /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
 # Fix CVE-2020-1971
-RUN apk add "libcrypto1.1>1.1.1g-r0"
+RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
 
 VOLUME /etc/nginx
 

scripts/certbot-renew-hook.sh

@@ -1,5 +1,6 @@
 #!/bin/sh
 
+# load some functions
 . /opt/scripts/utils.sh
 
 job_log "[CERTBOT] certificates have been renewed"

scripts/certbot-renew.sh

@@ -1,5 +1,6 @@
 #!/bin/sh
 
+# load some functions
 . /opt/scripts/utils.sh
 
 # ask new certificates if needed
@@ -10,13 +11,3 @@ if [ "$?" -eq 0 ] ; then
 else
 	job_log "[CERTBOT] renew operation failed"
 fi
-
-# fix rights
-chown -R root:nginx /etc/letsencrypt
-chmod -R 740 /etc/letsencrypt
-find /etc/letsencrypt -type d -exec chmod 750 {} \;
-
-# reload nginx
-if [ -f /tmp/nginx.pid ] ; then
-	/usr/sbin/nginx -s reload > /dev/null 2>&1
-fi

scripts/referrers.sh

@@ -38,7 +38,6 @@ if [ "$lines" -gt 1 ] ; then
 	fi
 else
 	job_log "[BLACKLIST] can't update referrers list"
-
 fi
 
 rm -f /tmp/map-referrer.conf 2> /dev/null

scripts/user-agents.sh

@@ -40,7 +40,6 @@ if [ "$lines" -gt 1 ] ; then
 	fi
 else
 	job_log "[BLACKLIST] can't update user-agent list"
-
 fi
 
 rm -f /tmp/map-user-agent.conf 2> /dev/null

ui/Dockerfile

@@ -11,7 +11,7 @@ COPY ui/ /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
 # Fix CVE-2020-1971
-RUN apk add "libcrypto1.1>1.1.1g-r0"
+RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
 
 VOLUME /etc/nginx
 

ui/Dockerfile-amd64

@@ -11,7 +11,7 @@ COPY ui/ /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
 # Fix CVE-2020-1971
-RUN apk add "libcrypto1.1>1.1.1g-r0"
+RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
 
 VOLUME /etc/nginx
 

ui/Dockerfile-arm32v7

@@ -18,7 +18,7 @@ COPY ui/ /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
 # Fix CVE-2020-1971
-RUN apk add "libcrypto1.1>1.1.1g-r0"
+RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
 
 VOLUME /etc/nginx
 

ui/Dockerfile-arm64v8

@@ -18,7 +18,7 @@ COPY ui/ /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
 # Fix CVE-2020-1971
-RUN apk add "libcrypto1.1>1.1.1g-r0"
+RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
 
 VOLUME /etc/nginx
 

ui/Dockerfile-i386

@@ -11,7 +11,7 @@ COPY ui/ /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
 # Fix CVE-2020-1971
-RUN apk add "libcrypto1.1>1.1.1g-r0"
+RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
 
 VOLUME /etc/nginx