bugfix: applied the patch for nginx security advisory (CVE-2016-4450) to the nginx 1.9.15 core.

2016-05-31 15:45:49 -07:00 · 2016-05-31 15:45:49 -07:00 · c47aef193f
parent d6a8907fc0
commit c47aef193f
2 changed files with 21 additions and 0 deletions
--- a/patches/patch.2016.write.txt
+++ b/patches/patch.2016.write.txt
@ -0,0 +1,14 @@
+--- src/os/unix/ngx_files.c
+++ src/os/unix/ngx_files.c
+@@ -356,6 +356,11 @@
+     n = 0;
+ 
+     for ( /* void */ ; cl; cl = cl->next) {
+
+        if (ngx_buf_special(cl->buf)) {
+            continue;
+        }
+
+         size = cl->buf->last - cl->buf->pos;
+ 
+         if (prev == cl->buf->pos) {
--- a/util/mirror-tarballs
+++ b/util/mirror-tarballs
@ -46,6 +46,13 @@ if [ "$answer" = "N" ]; then
    echo "$info_txt applying the patch for nginx security advisory (CVE-2016-4450)"
    patch -p0 < $root/patches/patch.2016.write2.txt || exit 1
    echo
+else
+    answer=`$root/util/ver-ge "$main_ver" 1.10.1`
+    if [ "$answer" = "N" ]; then
+        echo "$info_txt applying the patch for nginx security advisory (CVE-2016-4450)"
+        patch -p0 < $root/patches/patch.2016.write.txt || exit 1
+        echo
+    fi
 fi

 echo "$info_txt applying the upstream-pipelining patch for nginx"