Hello community, here is the log from the commit of package nginx-1.0 for openSUSE:12.1:Update:Test checked in at 2012-03-20 13:22:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update:Test/nginx-1.0 (Old) and /work/SRC/openSUSE:12.1:Update:Test/.nginx-1.0.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nginx-1.0", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:12.1:Update:Test/nginx-1.0/nginx-1.0.changes 2011-12-02 17:28:50.000000000 +0100 +++ /work/SRC/openSUSE:12.1:Update:Test/.nginx-1.0.new/nginx-1.0.changes 2012-03-20 13:22:21.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Mar 19 11:26:04 UTC 2012 - [email protected] + +- Fixed VUL-0: CVE-2012-1180 nginx: information leak + (bnc #752482) + +------------------------------------------------------------------- New: ---- nginx-CVE-2012-1180.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nginx-1.0.spec ++++++ --- /var/tmp/diff_new_pack.hdckS9/_old 2012-03-20 13:22:21.000000000 +0100 +++ /var/tmp/diff_new_pack.hdckS9/_new 2012-03-20 13:22:21.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package nginx-1.0 # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,6 +15,8 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + + Name: nginx-1.0 Version: 1.0.10 Release: 0 @@ -90,7 +92,10 @@ Patch3: nginx-0.4.0-perl_vendor_install.patch # PATCH-FIX-UPSTREAM nginx-1.0.4_default_config.patch Patch4: nginx-1.0.4_default_config.patch +# PATCH CVE-2012-1180 +Patch5: nginx-CVE-2012-1180.patch Summary: A HTTP server and IMAP/POP3 proxy server + %description nginx [engine x] is a HTTP server and IMAP/POP3 proxy server written by Igor Sysoev. It has been running on many heavily loaded Russian sites for more than two years. @@ -105,6 +110,7 @@ %patch2 %patch3 %patch4 +%patch5 perl -pi -e 's|\r\n|\n|g' contrib/geo2nginx.pl ++++++ nginx-CVE-2012-1180.patch ++++++ --- src/http/modules/ngx_http_fastcgi_module.c +++ src/http/modules/ngx_http_fastcgi_module.c @@ -1442,10 +1442,10 @@ h->lowcase_key = h->key.data + h->key.len + 1 + h->value.len + 1; - ngx_cpystrn(h->key.data, r->header_name_start, - h->key.len + 1); - ngx_cpystrn(h->value.data, r->header_start, - h->value.len + 1); + ngx_memcpy(h->key.data, r->header_name_start, h->key.len); + h->key.data[h->key.len] = '\0'; + ngx_memcpy(h->value.data, r->header_start, h->value.len); + h->value.data[h->value.len] = '\0'; } h->hash = r->header_hash; --- src/http/modules/ngx_http_proxy_module.c +++ src/http/modules/ngx_http_proxy_module.c @@ -1277,8 +1277,10 @@ h->value.data = h->key.data + h->key.len + 1; h->lowcase_key = h->key.data + h->key.len + 1 + h->value.len + 1; - ngx_cpystrn(h->key.data, r->header_name_start, h->key.len + 1); - ngx_cpystrn(h->value.data, r->header_start, h->value.len + 1); + ngx_memcpy(h->key.data, r->header_name_start, h->key.len); + h->key.data[h->key.len] = '\0'; + ngx_memcpy(h->value.data, r->header_start, h->value.len); + h->value.data[h->value.len] = '\0'; if (h->key.len == r->lowcase_index) { ngx_memcpy(h->lowcase_key, r->lowcase_header, h->key.len); --- src/http/modules/ngx_http_scgi_module.c +++ src/http/modules/ngx_http_scgi_module.c @@ -894,8 +894,10 @@ h->value.data = h->key.data + h->key.len + 1; h->lowcase_key = h->key.data + h->key.len + 1 + h->value.len + 1; - ngx_cpystrn(h->key.data, r->header_name_start, h->key.len + 1); - ngx_cpystrn(h->value.data, r->header_start, h->value.len + 1); + ngx_memcpy(h->key.data, r->header_name_start, h->key.len); + h->key.data[h->key.len] = '\0'; + ngx_memcpy(h->value.data, r->header_start, h->value.len); + h->value.data[h->value.len] = '\0'; if (h->key.len == r->lowcase_index) { ngx_memcpy(h->lowcase_key, r->lowcase_header, h->key.len); --- src/http/modules/ngx_http_uwsgi_module.c +++ src/http/modules/ngx_http_uwsgi_module.c @@ -944,8 +944,10 @@ h->value.data = h->key.data + h->key.len + 1; h->lowcase_key = h->key.data + h->key.len + 1 + h->value.len + 1; - ngx_cpystrn(h->key.data, r->header_name_start, h->key.len + 1); - ngx_cpystrn(h->value.data, r->header_start, h->value.len + 1); + ngx_memcpy(h->key.data, r->header_name_start, h->key.len); + h->key.data[h->key.len] = '\0'; + ngx_memcpy(h->value.data, r->header_start, h->value.len); + h->value.data[h->value.len] = '\0'; if (h->key.len == r->lowcase_index) { ngx_memcpy(h->lowcase_key, r->lowcase_header, h->key.len); --- src/http/ngx_http_parse.c +++ src/http/ngx_http_parse.c @@ -813,6 +813,10 @@ break; } + if (ch == '\0') { + return NGX_HTTP_PARSE_INVALID_HEADER; + } + r->invalid_header = 1; break; @@ -875,6 +879,10 @@ break; } + if (ch == '\0') { + return NGX_HTTP_PARSE_INVALID_HEADER; + } + r->invalid_header = 1; break; @@ -893,6 +901,8 @@ r->header_start = p; r->header_end = p; goto done; + case '\0': + return NGX_HTTP_PARSE_INVALID_HEADER; default: r->header_start = p; state = sw_value; @@ -914,6 +924,8 @@ case LF: r->header_end = p; goto done; + case '\0': + return NGX_HTTP_PARSE_INVALID_HEADER; } break; @@ -927,6 +939,8 @@ break; case LF: goto done; + case '\0': + return NGX_HTTP_PARSE_INVALID_HEADER; default: state = sw_value; break; -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
