commit nginx-0.8 for openSUSE:11.4

Mon, 21 Nov 2011 09:35:06 -0800 

Hello community,

here is the log from the commit of package nginx-0.8 for openSUSE:11.4
checked in at Mon Nov 21 18:35:02 CET 2011.



--------
--- old-versions/11.4/all/nginx-0.8/nginx-0.8.changes   2011-02-09 
11:43:40.000000000 +0100
+++ 11.4/nginx-0.8/nginx-0.8.changes    2011-11-21 16:19:07.000000000 +0100
@@ -1,0 +2,6 @@
+Mon Nov 21 15:17:45 UTC 2011 - [email protected]
+
+- Fixed VUL-0: CVE-2011-4315: nginx: heap overflow (bnc #731084)
+  nginx_heap_overflow_4315.patch 
+
+-------------------------------------------------------------------

Package does not exist at destination yet. Using Fallback 
old-versions/11.4/all/nginx-0.8
Destination is old-versions/11.4/UPDATES/all/nginx-0.8
calling whatdependson for 11.4-i586


New:
----
  nginx_heap_overflow_4315.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ nginx-0.8.spec ++++++
--- /var/tmp/diff_new_pack.AwJhqE/_old  2011-11-21 18:34:01.000000000 +0100
+++ /var/tmp/diff_new_pack.AwJhqE/_new  2011-11-21 18:34:01.000000000 +0100
@@ -19,7 +19,7 @@
 
 Name:           nginx-0.8
 Version:        0.8.53
-Release:        4.<RELEASE3>
+Release:        4.<RELEASE9>
 #
 %define pkg_name nginx
 #
@@ -57,6 +57,9 @@
 Patch3:         nginx-0.4.0-perl_vendor_install.patch
 # PATCH-FIX-UPSTREAM nginx-0.6.31_default_config.patch
 Patch4:         nginx-0.6.31_default_config.patch
+# PATCH-FIX-UPSTREAM
+Patch5:         nginx_heap_overflow_4315.patch
+
 BuildRequires:  dos2unix
 BuildRequires:  gd-devel
 BuildRequires:  libxslt-devel
@@ -93,6 +96,7 @@
 %patch2
 %patch3
 %patch4
+%patch5
 dos2unix contrib/geo2nginx.pl
 
 %build

++++++ nginx_heap_overflow_4315.patch ++++++
--- src/core/ngx_resolver.c
+++ src/core/ngx_resolver.c
@@ -1922,7 +1922,12 @@
     n = *src++;
 
     for ( ;; ) {
-        if (n != 0xc0) {
+        if (n & 0xc0) {
+            n = ((n & 0x3f) << 8) + *src;
+            src = &buf[n];
+
+            n = *src++;
+        } else {
             ngx_memcpy(dst, src, n);
             dst += n;
             src += n;
@@ -1932,12 +1937,6 @@
             if (n != 0) {
                 *dst++ = '.';
             }
-
-        } else {
-            n = ((n & 0x3f) << 8) + *src;
-            src = &buf[n];
-
-            n = *src++;
         }
 
         if (n == 0) {
continue with "q"...



Remember to have fun...

-- 
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to