applied the official patch for the nginx security vulnerability CVE-2…

…013-2070.
openresty · May 13, 2013 · 07fbdad · 07fbdad
1 parent 090060c
commit 07fbdad
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 1 deletion.
diff --git a/patches/nginx-1.2.7-cve-2013-2070.patch b/patches/nginx-1.2.7-cve-2013-2070.patch
@@ -0,0 +1,13 @@
+--- src/http/modules/ngx_http_proxy_module.c
++++ src/http/modules/ngx_http_proxy_module.c
+@@ -1865,6 +1865,10 @@ data:
+
+     }
+
++    if (ctx->size < 0 || ctx->length < 0) {
++        goto invalid;
++    }
++
+     return rc;
+
+ done:
diff --git a/patches/nginx-1.2.8-cve-2013-2070.patch b/patches/nginx-1.2.8-cve-2013-2070.patch
@@ -0,0 +1,13 @@
+--- src/http/modules/ngx_http_proxy_module.c
++++ src/http/modules/ngx_http_proxy_module.c
+@@ -1865,6 +1865,10 @@ data:
+
+     }
+
++    if (ctx->size < 0 || ctx->length < 0) {
++        goto invalid;
++    }
++
+     return rc;
+
+ done:
diff --git a/util/mirror-tarballs b/util/mirror-tarballs
@@ -146,6 +146,10 @@ if [ "$answer" = "N" ]; then
     echo
 fi
 
+echo "$info_txt applying patches/nginx-$main_ver-cve-2013-2070.patch for nginx"
+patch -p0 < $root/patches/nginx-$main_ver-cve-2013-2070.patch || exit 1
+echo
+
 rm -f *.patch || exit 1
 
 cd .. || exit 1

diff --git a/util/ver b/util/ver
@@ -2,7 +2,7 @@
 
 #main_ver=1.3.11
 main_ver=1.2.8
-minor_ver=1
+minor_ver=3
 version=$main_ver.$minor_ver
 echo $version