diff options
| author | Jakub Jirutka <jakub@jirutka.cz> | 2017-07-14 01:04:21 +0000 |
|---|---|---|
| committer | Jakub Jirutka <jakub@jirutka.cz> | 2017-07-14 03:04:46 +0200 |
| commit | 568c8a2d9824659603b97fe862a329e1022048b4 (patch) | |
| tree | 1ca2d1ea389c81703785194422cf4ea72c7f270a | |
| parent | 5bc4c8508af2005bd3b07fbc84e18ed4fb6f292c (diff) | |
| download | aports-568c8a2d9824659603b97fe862a329e1022048b4.tar.bz2 aports-568c8a2d9824659603b97fe862a329e1022048b4.tar.xz | |
main/nginx: fix CVE-2017-7529
| -rw-r--r-- | main/nginx/APKBUILD | 12 | ||||
| -rw-r--r-- | main/nginx/CVE-2017-7529.patch | 15 |
2 files changed, 23 insertions, 4 deletions
diff --git a/main/nginx/APKBUILD b/main/nginx/APKBUILD index 110cf35d5d..940d4f4f5a 100644 --- a/main/nginx/APKBUILD +++ b/main/nginx/APKBUILD @@ -5,7 +5,7 @@ pkgname=nginx pkgver=1.8.1 _nginxrtmpver=1.1.7 -pkgrel=1 +pkgrel=2 pkgdesc="lightweight HTTP and reverse proxy server" url="http://www.nginx.org" arch="all" @@ -21,6 +21,7 @@ source="http://nginx.org/download/$pkgname-$pkgver.tar.gz nginx-rtmp-module-$_nginxrtmpver.tar.gz::https://github.com/arut/nginx-rtmp-module/archive/v$_nginxrtmpver.tar.gz ipv6.patch CVE-2016-4450.patch + CVE-2017-7529.patch " _builddir="$srcdir"/$pkgname-$pkgver @@ -105,12 +106,15 @@ vim() { md5sums="2e91695074dbdfbf1bcec0ada9fda462 nginx-1.8.1.tar.gz 8006de2560db3e55bb15d110220076ac nginx-rtmp-module-1.1.7.tar.gz 801a87f7f9d27f8ad85b41a78b4c4461 ipv6.patch -8ccd9a9176c6718f2a037b7e255b9a40 CVE-2016-4450.patch" +8ccd9a9176c6718f2a037b7e255b9a40 CVE-2016-4450.patch +da216c02935756c43563273a59dd591b CVE-2017-7529.patch" sha256sums="8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 nginx-1.8.1.tar.gz 7922b0e3d5f3d9c4b275e4908cfb8f5fb1bfb3ac2df77f4c262cda56df21aab3 nginx-rtmp-module-1.1.7.tar.gz a24ef5843ae0afa538b00c37eb7da7870f9d7f146f52a9668678f7296cf71d9b ipv6.patch -146deeebe1e72933a1fef14c4739bf873ec4743d57d0c4a25cc70183dcdfe68c CVE-2016-4450.patch" +146deeebe1e72933a1fef14c4739bf873ec4743d57d0c4a25cc70183dcdfe68c CVE-2016-4450.patch +ee984cea34cbe56a575786e453b2b7125facaa9dd322704a4882d45f11060854 CVE-2017-7529.patch" sha512sums="546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 nginx-1.8.1.tar.gz 9883462a04683f1e7af175da04b86d259ff6d677864667588fb073143f7130969eb2a5a5a48ddceda7a555b908580f179bdcacb7f0111413d51db5bfe43b396e nginx-rtmp-module-1.1.7.tar.gz 68d64a84568ec2df0366925ab282a05ebe21a85044b6c7844a47573cfd8cc8ed119cc772358bc3fff36e2d4fdf583a730592825f5f98632993ca86d1f8438d5f ipv6.patch -67b87793d4fe00f72e7d619b3945afea8dc19e43ebf6dcd65b372fade608c9f92c365c01f2370f653b995d61cc06f89019ba204ce975b94548657e1a61a31bc5 CVE-2016-4450.patch" +67b87793d4fe00f72e7d619b3945afea8dc19e43ebf6dcd65b372fade608c9f92c365c01f2370f653b995d61cc06f89019ba204ce975b94548657e1a61a31bc5 CVE-2016-4450.patch +00609166cb25d8e175ad242da98f69762fc20e64542a8ca7702306b527a0e04ef936f584cd7fc2d8a5f42f0bc70cf9553bd29207f189b46b9fc8235da9e5eac3 CVE-2017-7529.patch" diff --git a/main/nginx/CVE-2017-7529.patch b/main/nginx/CVE-2017-7529.patch new file mode 100644 index 0000000000..cca8a45234 --- /dev/null +++ b/main/nginx/CVE-2017-7529.patch @@ -0,0 +1,15 @@ +Patch-Source: http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html + +--- a/src/http/modules/ngx_http_range_filter_module.c ++++ b/src/http/modules/ngx_http_range_filter_module.c +@@ -377,6 +377,10 @@ ngx_http_range_parse(ngx_http_request_t + range->start = start; + range->end = end; + ++ if (size > NGX_MAX_OFF_T_VALUE - (end - start)) { ++ return NGX_HTTP_RANGE_NOT_SATISFIABLE; ++ } ++ + size += end - start; + + if (ranges-- == 0) { |