Browse code
Fix for CVE-2016-4450 - nginx
Change-Id: Iec061829576977265e592cafff1fd758f92585bb
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/1759
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Sharath George
suezzelur authored on 2016/11/29 07:02:57Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,15 @@ |
| 0 |
+--- src/os/unix/ngx_files.c |
|
| 1 |
+@@ -356,6 +356,11 @@ |
|
| 2 |
+ n = 0; |
|
| 3 |
+ |
|
| 4 |
+ for ( /* void */ ; cl; cl = cl->next) {
|
|
| 5 |
++ |
|
| 6 |
++ if (ngx_buf_special(cl->buf)) {
|
|
| 7 |
++ continue; |
|
| 8 |
++ } |
|
| 9 |
++ |
|
| 10 |
+ size = cl->buf->last - cl->buf->pos; |
|
| 11 |
+ |
|
| 12 |
+ if (prev == cl->buf->pos) {
|
|
| 13 |
+ |
| ... | ... |
@@ -1,31 +1,33 @@ |
| 1 |
-Summary: High-performance HTTP server and reverse proxy |
|
| 2 |
-Name: nginx |
|
| 3 |
-Version: 1.10.0 |
|
| 4 |
-Release: 4%{?dist}
|
|
| 5 |
-License: BSD-2-Clause |
|
| 6 |
-URL: http://nginx.org/download/nginx-1.10.0.tar.gz |
|
| 7 |
-Group: Applications/System |
|
| 8 |
-Vendor: VMware, Inc. |
|
| 1 |
+Summary: High-performance HTTP server and reverse proxy |
|
| 2 |
+Name: nginx |
|
| 3 |
+Version: 1.10.0 |
|
| 4 |
+Release: 5%{?dist}
|
|
| 5 |
+License: BSD-2-Clause |
|
| 6 |
+URL: http://nginx.org/download/nginx-1.10.0.tar.gz |
|
| 7 |
+Group: Applications/System |
|
| 8 |
+Vendor: VMware, Inc. |
|
| 9 | 9 |
Distribution: Photon |
| 10 |
-Source0: %{name}-%{version}.tar.gz
|
|
| 10 |
+Source0: %{name}-%{version}.tar.gz
|
|
| 11 | 11 |
%define sha1 nginx=7a452cfe37e4134481442dbfa3fbdac6f484c5bc |
| 12 |
-Source1: nginx.service |
|
| 13 |
-BuildRequires: openssl-devel |
|
| 12 |
+Source1: nginx.service |
|
| 13 |
+Patch0: nginx-CVE-2016-4450.patch |
|
| 14 |
+BuildRequires: openssl-devel |
|
| 14 | 15 |
BuildRequires: pcre-devel |
| 15 | 16 |
%description |
| 16 | 17 |
NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. |
| 17 | 18 |
|
| 18 | 19 |
%prep |
| 19 | 20 |
%setup -q |
| 21 |
+%patch0 |
|
| 20 | 22 |
%build |
| 21 | 23 |
./configure \ |
| 22 |
- --prefix=%{_sysconfdir}//nginx \
|
|
| 23 |
- --sbin-path=/usr/sbin/nginx \ |
|
| 24 |
- --conf-path=/etc/nginx/nginx.conf \ |
|
| 25 |
- --pid-path=/var/run/nginx.pid \ |
|
| 26 |
- --lock-path=/var/run/nginx.lock \ |
|
| 27 |
- --error-log-path=/var/log/nginx/error.log \ |
|
| 28 |
- --http-log-path=/var/log/nginx/access.log \ |
|
| 24 |
+ --prefix=%{_sysconfdir}//nginx \
|
|
| 25 |
+ --sbin-path=/usr/sbin/nginx \ |
|
| 26 |
+ --conf-path=/etc/nginx/nginx.conf \ |
|
| 27 |
+ --pid-path=/var/run/nginx.pid \ |
|
| 28 |
+ --lock-path=/var/run/nginx.lock \ |
|
| 29 |
+ --error-log-path=/var/log/nginx/error.log \ |
|
| 30 |
+ --http-log-path=/var/log/nginx/access.log \ |
|
| 29 | 31 |
--with-http_ssl_module \ |
| 30 | 32 |
--with-pcre \ |
| 31 | 33 |
--with-ipv6 |
| ... | ... |
@@ -45,11 +47,13 @@ install -p -m 0644 %{SOURCE1} %{buildroot}/usr/lib/systemd/system/nginx.service
|
| 45 | 45 |
%dir %{_var}/log/nginx
|
| 46 | 46 |
|
| 47 | 47 |
%changelog |
| 48 |
+* Fri Nov 18 2016 Anish Swaminathan <anishs@vmware.com> 1.10.0-5 |
|
| 49 |
+- Add patch for CVE-2016-4450 |
|
| 48 | 50 |
* Wed Jul 27 2016 Divya Thaluru<dthaluru@vmware.com> 1.10.0-4 |
| 49 | 51 |
- Removed packaging of debug files |
| 50 | 52 |
* Fri Jul 8 2016 Divya Thaluru<dthaluru@vmware.com> 1.10.0-3 |
| 51 | 53 |
- Modified default pid filepath and fixed nginx systemd service |
| 52 |
-* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 1.10.0-2 |
|
| 53 |
-- GA - Bump release of all rpms |
|
| 54 |
+* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 1.10.0-2 |
|
| 55 |
+- GA - Bump release of all rpms |
|
| 54 | 56 |
* Mon May 16 2016 Xiaolin Li <xiaolinl@vmware.com> 1.10.0-1 |
| 55 |
-- Initial build. First version |
|
| 57 |
+- Initial build. First version |