pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2019Q4]: pkgsrc/www/nginx Pullup ticket #6120 - requested by kim
details: https://anonhg.NetBSD.org/pkgsrc/rev/d987c133a722
branches: pkgsrc-2019Q4
changeset: 419722:d987c133a722
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Mon Jan 27 09:35:13 2020 +0000
description:
Pullup ticket #6120 - requested by kim
www/nginx: security fix
Revisions pulled up:
- www/nginx/Makefile 1.87
- www/nginx/distinfo 1.71-1.72
- www/nginx/patches/patch-src_http_ngx__http__special__response.c 1.1-1.2
---
Module Name: pkgsrc
Committed By: kim
Date: Sun Jan 19 07:28:36 UTC 2020
Modified Files:
pkgsrc/www/nginx: Makefile distinfo
Added Files:
pkgsrc/www/nginx/patches: patch-src_http_ngx__http__special__response.c
Log Message:
Add patch from upstream to address CVE-2019-20372. Bump revision.
---
Module Name: pkgsrc
Committed By: kim
Date: Sun Jan 19 07:42:42 UTC 2020
Modified Files:
pkgsrc/www/nginx: distinfo
pkgsrc/www/nginx/patches: patch-src_http_ngx__http__special__response.c
Log Message:
Mention CVE-2019-20372 in the patch file as well.
diffstat:
www/nginx/distinfo | 3 +-
www/nginx/patches/patch-src_http_ngx__http__special__response.c | 23 ++++++++++
2 files changed, 25 insertions(+), 1 deletions(-)
diffs (41 lines):
diff -r 5bf3799eb5a4 -r d987c133a722 www/nginx/distinfo
--- a/www/nginx/distinfo Sat Jan 18 22:29:04 2020 +0000
+++ b/www/nginx/distinfo Mon Jan 27 09:35:13 2020 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.70 2019/08/15 08:06:29 adam Exp $
+$NetBSD: distinfo,v 1.70.6.1 2020/01/27 09:35:13 bsiegert Exp $
SHA1 (array-var-nginx-module-0.05.tar.gz) = c69fac77814947009ab783a471783b3c95a63a26
RMD160 (array-var-nginx-module-0.05.tar.gz) = 89bd4efc04864e3e90781588a337338951ec8733
@@ -53,3 +53,4 @@
SHA1 (patch-auto_cc_conf) = 5e6a479ba419cd16dedeb3b4c47dc685d126ef6a
SHA1 (patch-auto_lib_pcre_conf) = 8cf03fe38e7f75ef6892cc8b93be5cb18c381e97
SHA1 (patch-src_event_modules_ngx__eventport__module.c) = c8e919f48d68bd5bffc4ad11d9c79dc6da3a0de2
+SHA1 (patch-src_http_ngx__http__special__response.c) = 7ac84762cc42932c43dc5191888fbe33c2125c3b
diff -r 5bf3799eb5a4 -r d987c133a722 www/nginx/patches/patch-src_http_ngx__http__special__response.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/nginx/patches/patch-src_http_ngx__http__special__response.c Mon Jan 27 09:35:13 2020 +0000
@@ -0,0 +1,23 @@
+$NetBSD$
+
+Discard request body when redirecting to a URL via error_page.
+
+Fixes CVE-2019-20372.
+
+https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e.patch
+
+--- src/http/ngx_http_special_response.c
++++ src/http/ngx_http_special_response.c
+@@ -623,6 +623,12 @@ ngx_http_send_error_page(ngx_http_request_t *r, ngx_http_err_page_t *err_page)
+ return ngx_http_named_location(r, &uri);
+ }
+
++ r->expect_tested = 1;
++
++ if (ngx_http_discard_request_body(r) != NGX_OK) {
++ r->keepalive = 0;
++ }
++
+ location = ngx_list_push(&r->headers_out.headers);
+
+ if (location == NULL) {
Home |
Main Index |
Thread Index |
Old Index