From 37ba2b1015ca465d98c6d989514a0bbf0550b76c Mon Sep 17 00:00:00 2001
From: "Yichun Zhang (agentzh)" <agentzh@gmail.com>
Date: Wed, 19 Mar 2014 17:37:47 -0700
Subject: [PATCH] backported the patch to the nginx core for the latest SPDY
 security vulnerability (CVE-2014-0133).

---
 patches/patch.2014.spdy2.txt | 11 +++++++++++
 util/mirror-tarballs         |  4 ++++
 util/ver                     |  2 +-
 3 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 patches/patch.2014.spdy2.txt

diff --git a/patches/patch.2014.spdy2.txt b/patches/patch.2014.spdy2.txt
new file mode 100644
index 0000000..6d86351
--- /dev/null
+++ b/patches/patch.2014.spdy2.txt
@@ -0,0 +1,11 @@
+--- src/http/ngx_http_spdy.c
++++ src/http/ngx_http_spdy.c
+@@ -1849,7 +1849,7 @@ static u_char *
+ ngx_http_spdy_state_save(ngx_http_spdy_connection_t *sc,
+     u_char *pos, u_char *end, ngx_http_spdy_handler_pt handler)
+ {
+-#if (NGX_DEBUG)
++#if 1
+     if (end - pos > NGX_SPDY_STATE_BUFFER_SIZE) {
+         ngx_log_error(NGX_LOG_ALERT, sc->connection->log, 0,
+                       "spdy state buffer overflow: "
diff --git a/util/mirror-tarballs b/util/mirror-tarballs
index 16d8ef9..43a2867 100755
--- a/util/mirror-tarballs
+++ b/util/mirror-tarballs
@@ -32,6 +32,10 @@ cd nginx-$ver || exit 1
 
 # patch the patch
 
+echo "$info_txt applying the patch for nginx security advisory (CVE-2014-0133)"
+patch -p0 < $root/patches/patch.2014.spdy2.txt || exit 1
+echo
+
 echo "$info_txt applying the upstream-pipelining patch for nginx"
 patch -p1 < $root/patches/nginx-$main_ver-upstream_pipelining.patch || exit 1
 echo
diff --git a/util/ver b/util/ver
index 496ef35..4ba57bc 100755
--- a/util/ver
+++ b/util/ver
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 main_ver=1.5.11
-minor_ver=1rc2
+minor_ver=1rc3
 version=$main_ver.$minor_ver
 echo $version