aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--main/nginx/APKBUILD12
-rw-r--r--main/nginx/CVE-2017-7529.patch15
2 files changed, 23 insertions, 4 deletions
diff --git a/main/nginx/APKBUILD b/main/nginx/APKBUILD
index 110cf35d5d..940d4f4f5a 100644
--- a/main/nginx/APKBUILD
+++ b/main/nginx/APKBUILD
@@ -5,7 +5,7 @@
pkgname=nginx
pkgver=1.8.1
_nginxrtmpver=1.1.7
-pkgrel=1
+pkgrel=2
pkgdesc="lightweight HTTP and reverse proxy server"
url="http://www.nginx.org"
arch="all"
@@ -21,6 +21,7 @@ source="http://nginx.org/download/$pkgname-$pkgver.tar.gz
nginx-rtmp-module-$_nginxrtmpver.tar.gz::https://github.com/arut/nginx-rtmp-module/archive/v$_nginxrtmpver.tar.gz
ipv6.patch
CVE-2016-4450.patch
+ CVE-2017-7529.patch
"
_builddir="$srcdir"/$pkgname-$pkgver
@@ -105,12 +106,15 @@ vim() {
md5sums="2e91695074dbdfbf1bcec0ada9fda462 nginx-1.8.1.tar.gz
8006de2560db3e55bb15d110220076ac nginx-rtmp-module-1.1.7.tar.gz
801a87f7f9d27f8ad85b41a78b4c4461 ipv6.patch
-8ccd9a9176c6718f2a037b7e255b9a40 CVE-2016-4450.patch"
+8ccd9a9176c6718f2a037b7e255b9a40 CVE-2016-4450.patch
+da216c02935756c43563273a59dd591b CVE-2017-7529.patch"
sha256sums="8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 nginx-1.8.1.tar.gz
7922b0e3d5f3d9c4b275e4908cfb8f5fb1bfb3ac2df77f4c262cda56df21aab3 nginx-rtmp-module-1.1.7.tar.gz
a24ef5843ae0afa538b00c37eb7da7870f9d7f146f52a9668678f7296cf71d9b ipv6.patch
-146deeebe1e72933a1fef14c4739bf873ec4743d57d0c4a25cc70183dcdfe68c CVE-2016-4450.patch"
+146deeebe1e72933a1fef14c4739bf873ec4743d57d0c4a25cc70183dcdfe68c CVE-2016-4450.patch
+ee984cea34cbe56a575786e453b2b7125facaa9dd322704a4882d45f11060854 CVE-2017-7529.patch"
sha512sums="546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 nginx-1.8.1.tar.gz
9883462a04683f1e7af175da04b86d259ff6d677864667588fb073143f7130969eb2a5a5a48ddceda7a555b908580f179bdcacb7f0111413d51db5bfe43b396e nginx-rtmp-module-1.1.7.tar.gz
68d64a84568ec2df0366925ab282a05ebe21a85044b6c7844a47573cfd8cc8ed119cc772358bc3fff36e2d4fdf583a730592825f5f98632993ca86d1f8438d5f ipv6.patch
-67b87793d4fe00f72e7d619b3945afea8dc19e43ebf6dcd65b372fade608c9f92c365c01f2370f653b995d61cc06f89019ba204ce975b94548657e1a61a31bc5 CVE-2016-4450.patch"
+67b87793d4fe00f72e7d619b3945afea8dc19e43ebf6dcd65b372fade608c9f92c365c01f2370f653b995d61cc06f89019ba204ce975b94548657e1a61a31bc5 CVE-2016-4450.patch
+00609166cb25d8e175ad242da98f69762fc20e64542a8ca7702306b527a0e04ef936f584cd7fc2d8a5f42f0bc70cf9553bd29207f189b46b9fc8235da9e5eac3 CVE-2017-7529.patch"
diff --git a/main/nginx/CVE-2017-7529.patch b/main/nginx/CVE-2017-7529.patch
new file mode 100644
index 0000000000..cca8a45234
--- /dev/null
+++ b/main/nginx/CVE-2017-7529.patch
@@ -0,0 +1,15 @@
+Patch-Source: http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
+
+--- a/src/http/modules/ngx_http_range_filter_module.c
++++ b/src/http/modules/ngx_http_range_filter_module.c
+@@ -377,6 +377,10 @@ ngx_http_range_parse(ngx_http_request_t
+ range->start = start;
+ range->end = end;
+
++ if (size > NGX_MAX_OFF_T_VALUE - (end - start)) {
++ return NGX_HTTP_RANGE_NOT_SATISFIABLE;
++ }
++
+ size += end - start;
+
+ if (ranges-- == 0) {
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-12 21:37:31 +0000