diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2012-05-03 06:42:01 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2012-05-03 06:44:57 +0000 |
| commit | 6de4e4da7319dd03ea63802ac9ee9be17da17c21 (patch) | |
| tree | 0891c02c038e2a732929ce35418f51ecbfec36cb /main/nginx | |
| parent | 6efa33e8289cde944d8f52b72249dc9c0310c6a6 (diff) | |
| download | aports-6de4e4da7319dd03ea63802ac9ee9be17da17c21.tar.bz2 aports-6de4e4da7319dd03ea63802ac9ee9be17da17c21.tar.xz | |
main/nginx: upgrade to 0.8.55 and fix CVE-2012-1180
fixes #1057
Diffstat (limited to 'main/nginx')
| -rw-r--r-- | main/nginx/APKBUILD | 11 | ||||
| -rw-r--r-- | main/nginx/patch.2012.memory.txt | 113 |
2 files changed, 120 insertions, 4 deletions
diff --git a/main/nginx/APKBUILD b/main/nginx/APKBUILD index c188a76e26..78a215c373 100644 --- a/main/nginx/APKBUILD +++ b/main/nginx/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Cameron Banta <cbanta@gmail.com> # Maintainer: Cameron Banta <cbanta@gmail.com> pkgname=nginx -pkgver=0.8.54 -pkgrel=1 +pkgver=0.8.55 +pkgrel=0 pkgdesc="nginx [engine x] is a HTTP and reverse proxy server" url="http://www.nginx.org" arch="all" @@ -16,6 +16,7 @@ source="http://nginx.org/download/$pkgname-$pkgver.tar.gz nginx.initd nginx.logrotate $install + patch.2012.memory.txt " @@ -24,6 +25,7 @@ _builddir="$srcdir"/$pkgname-$pkgver prepare() { cd "$_builddir" # apply patches here + patch -p0 -i "$srcdir"/patch.2012.memory.txt || return 1 } build() { @@ -55,6 +57,7 @@ package() { install -m644 -D LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE } -md5sums="44df4eb6a22d725021288c570789046f nginx-0.8.54.tar.gz +md5sums="10ea2cd34f894631bf4b306b7139195b nginx-0.8.55.tar.gz b06f6e23753385be0076539ba1806cb6 nginx.initd -8823274a834332d3db4f62bf7dd1fb7d nginx.logrotate" +8823274a834332d3db4f62bf7dd1fb7d nginx.logrotate +2c873883b0c6793ea0af79c2bdab7940 patch.2012.memory.txt" diff --git a/main/nginx/patch.2012.memory.txt b/main/nginx/patch.2012.memory.txt new file mode 100644 index 0000000000..940d1cef47 --- /dev/null +++ b/main/nginx/patch.2012.memory.txt @@ -0,0 +1,113 @@ +--- src/http/modules/ngx_http_fastcgi_module.c ++++ src/http/modules/ngx_http_fastcgi_module.c +@@ -1501,10 +1501,10 @@ ngx_http_fastcgi_process_header(ngx_http + h->lowcase_key = h->key.data + h->key.len + 1 + + h->value.len + 1; + +- ngx_cpystrn(h->key.data, r->header_name_start, +- h->key.len + 1); +- ngx_cpystrn(h->value.data, r->header_start, +- h->value.len + 1); ++ ngx_memcpy(h->key.data, r->header_name_start, h->key.len); ++ h->key.data[h->key.len] = '\0'; ++ ngx_memcpy(h->value.data, r->header_start, h->value.len); ++ h->value.data[h->value.len] = '\0'; + } + + h->hash = r->header_hash; +--- src/http/modules/ngx_http_proxy_module.c ++++ src/http/modules/ngx_http_proxy_module.c +@@ -1381,8 +1381,10 @@ ngx_http_proxy_process_header(ngx_http_r + h->value.data = h->key.data + h->key.len + 1; + h->lowcase_key = h->key.data + h->key.len + 1 + h->value.len + 1; + +- ngx_cpystrn(h->key.data, r->header_name_start, h->key.len + 1); +- ngx_cpystrn(h->value.data, r->header_start, h->value.len + 1); ++ ngx_memcpy(h->key.data, r->header_name_start, h->key.len); ++ h->key.data[h->key.len] = '\0'; ++ ngx_memcpy(h->value.data, r->header_start, h->value.len); ++ h->value.data[h->value.len] = '\0'; + + if (h->key.len == r->lowcase_index) { + ngx_memcpy(h->lowcase_key, r->lowcase_header, h->key.len); +--- src/http/modules/ngx_http_scgi_module.c ++++ src/http/modules/ngx_http_scgi_module.c +@@ -941,8 +941,10 @@ ngx_http_scgi_process_header(ngx_http_re + h->value.data = h->key.data + h->key.len + 1; + h->lowcase_key = h->key.data + h->key.len + 1 + h->value.len + 1; + +- ngx_cpystrn(h->key.data, r->header_name_start, h->key.len + 1); +- ngx_cpystrn(h->value.data, r->header_start, h->value.len + 1); ++ ngx_memcpy(h->key.data, r->header_name_start, h->key.len); ++ h->key.data[h->key.len] = '\0'; ++ ngx_memcpy(h->value.data, r->header_start, h->value.len); ++ h->value.data[h->value.len] = '\0'; + + if (h->key.len == r->lowcase_index) { + ngx_memcpy(h->lowcase_key, r->lowcase_header, h->key.len); +--- src/http/modules/ngx_http_uwsgi_module.c ++++ src/http/modules/ngx_http_uwsgi_module.c +@@ -985,8 +985,10 @@ ngx_http_uwsgi_process_header(ngx_http_r + h->value.data = h->key.data + h->key.len + 1; + h->lowcase_key = h->key.data + h->key.len + 1 + h->value.len + 1; + +- ngx_cpystrn(h->key.data, r->header_name_start, h->key.len + 1); +- ngx_cpystrn(h->value.data, r->header_start, h->value.len + 1); ++ ngx_memcpy(h->key.data, r->header_name_start, h->key.len); ++ h->key.data[h->key.len] = '\0'; ++ ngx_memcpy(h->value.data, r->header_start, h->value.len); ++ h->value.data[h->value.len] = '\0'; + + if (h->key.len == r->lowcase_index) { + ngx_memcpy(h->lowcase_key, r->lowcase_header, h->key.len); +--- src/http/ngx_http_parse.c ++++ src/http/ngx_http_parse.c +@@ -874,6 +874,10 @@ ngx_http_parse_header_line(ngx_http_requ + break; + } + ++ if (ch == '\0') { ++ return NGX_HTTP_PARSE_INVALID_HEADER; ++ } ++ + r->invalid_header = 1; + + break; +@@ -936,6 +940,10 @@ ngx_http_parse_header_line(ngx_http_requ + break; + } + ++ if (ch == '\0') { ++ return NGX_HTTP_PARSE_INVALID_HEADER; ++ } ++ + r->invalid_header = 1; + + break; +@@ -954,6 +962,8 @@ ngx_http_parse_header_line(ngx_http_requ + r->header_start = p; + r->header_end = p; + goto done; ++ case '\0': ++ return NGX_HTTP_PARSE_INVALID_HEADER; + default: + r->header_start = p; + state = sw_value; +@@ -975,6 +985,8 @@ ngx_http_parse_header_line(ngx_http_requ + case LF: + r->header_end = p; + goto done; ++ case '\0': ++ return NGX_HTTP_PARSE_INVALID_HEADER; + } + break; + +@@ -988,6 +1000,8 @@ ngx_http_parse_header_line(ngx_http_requ + break; + case LF: + goto done; ++ case '\0': ++ return NGX_HTTP_PARSE_INVALID_HEADER; + default: + state = sw_value; + break; |