Changes - j0ke.net Open Build Service

Changes of Revision 53

[-] [+]	Changed	nginx.spec
@@ -14,7 +14,7 @@ %define sticky_module_version 1.1 Name: nginx -Version: 1.4.6 +Version: 1.4.7 Release: 2 Summary: Robust, small and high performance http and reverse proxy server Group: System Environment/Daemons @@ -212,6 +212,9 @@ %changelog +* Tue Mar 18 2014 Carsten Schoene <cs@linux-administrator.com> - 1.4.7-1 +- update nginx to 1.4.7 + * Fri Mar 07 2014 Carsten Schoene <cs@linux-administrator.com> - 1.4.6-1 - update nginx to 1.4.6 x 1 @@ -14,7 +14,7 @@ 2 %define sticky_module_version 1.1 3 4 Name: nginx 5 -Version: 1.4.6 6 +Version: 1.4.7 7 Release: 2 8 Summary: Robust, small and high performance http and reverse proxy server 9 Group: System Environment/Daemons 10 @@ -212,6 +212,9 @@ 11 12 13 %changelog 14 +* Tue Mar 18 2014 Carsten Schoene <cs@linux-administrator.com> - 1.4.7-1 15 +- update nginx to 1.4.7 16 + 17 * Fri Mar 07 2014 Carsten Schoene <cs@linux-administrator.com> - 1.4.6-1 18 - update nginx to 1.4.6 19 20
[-] [+]	Changed	nginx-1.4.7.tar.bz2/CHANGES ^
@@ -1,4 +1,17 @@ +Changes with nginx 1.4.7 18 Mar 2014 + + ) Security: a heap memory buffer overflow might occur in a worker + process while handling a specially crafted request by + ngx_http_spdy_module, potentially resulting in arbitrary code + execution (CVE-2014-0133). + Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr. + Manuel Sadosky, Buenos Aires, Argentina. + + ) Bugfix: in the "fastcgi_next_upstream" directive. + Thanks to Lucas Molas. + + Changes with nginx 1.4.6 04 Mar 2014 *) Bugfix: the "client_max_body_size" directive might not work when
[-] [+]	Changed	nginx-1.4.7.tar.bz2/CHANGES.ru ^
@@ -1,4 +1,17 @@ +Изменения в nginx 1.4.7 18.03.2014 + + ) Безопасность: при обработке специально созданного запроса модулем + ngx_http_spdy_module могло происходить переполнение буфера в рабочем + процессе, что потенциально могло приводить к выполнению произвольного + кода (CVE-2014-0133). + Спасибо Lucas Molas из Programa STIC, Fundación Dr. Manuel Sadosky, + Buenos Aires, Argentina. + + ) Исправление: в директиве fastcgi_next_upstream. + Спасибо Lucas Molas. + + Изменения в nginx 1.4.6 04.03.2014 *) Исправление: директива client_max_body_size могла не работать при
[-] [+]	Changed	nginx-1.4.7.tar.bz2/src/core/nginx.h ^
@@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1004006 -#define NGINX_VERSION "1.4.6" +#define nginx_version 1004007 +#define NGINX_VERSION "1.4.7" #define NGINX_VER "nginx/" NGINX_VERSION #define NGINX_VAR "NGINX"
[-] [+]	Changed	nginx-1.4.7.tar.bz2/src/http/modules/ngx_http_fastcgi_module.c ^
@@ -1195,6 +1195,10 @@ f->fastcgi_stdout = 0; f->large_stderr = 0; + if (f->split_parts) { + f->split_parts->nelts = 0; + } + r->state = 0; return NGX_OK; @@ -1475,6 +1479,13 @@ rc = ngx_http_parse_header_line(r, &buf, 1); + if (rc != NGX_OK) { + ngx_log_error(NGX_LOG_ALERT, r->connection->log, 0, + "invalid header after joining " + "FastCGI records"); + return NGX_ERROR; + } + h->key.len = r->header_name_end - r->header_name_start; h->key.data = r->header_name_start; h->key.data[h->key.len] = '\0';
[-] [+]	Changed	nginx-1.4.7.tar.bz2/src/http/ngx_http_spdy.c ^
@@ -1465,7 +1465,7 @@ ngx_http_spdy_state_save(ngx_http_spdy_connection_t sc, u_char pos, u_char *end, ngx_http_spdy_handler_pt handler) { -#if (NGX_DEBUG) +#if 1 if (end - pos > NGX_SPDY_STATE_BUFFER_SIZE) { ngx_log_error(NGX_LOG_ALERT, sc->connection->log, 0, "spdy state buffer overflow: "