Hello community,
here is the log from the commit of package nginx-0.8 for
openSUSE:11.4:Update:Test checked in at 2012-03-26 15:40:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:11.4:Update:Test/nginx-0.8 (Old)
and /work/SRC/openSUSE:11.4:Update:Test/.nginx-0.8.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nginx-0.8", Maintainer is "sch...@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:11.4:Update:Test/nginx-0.8/nginx-0.8.changes
2012-03-19 17:46:55.000000000 +0100
+++ /work/SRC/openSUSE:11.4:Update:Test/.nginx-0.8.new/nginx-0.8.changes
2012-03-26 15:40:57.000000000 +0200
@@ -1,0 +2,6 @@
+Mon Mar 19 14:36:56 UTC 2012 - sch...@suse.com
+
+- Fixed VUL-0: CVE-2012-1180 nginx: information leak
+ (bnc #752482)
+
+-------------------------------------------------------------------
New:
----
nginx-CVE-2012-1180.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ nginx-0.8.spec ++++++
--- /var/tmp/diff_new_pack.5ceOk8/_old 2012-03-26 15:40:57.000000000 +0200
+++ /var/tmp/diff_new_pack.5ceOk8/_new 2012-03-26 15:40:57.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package nginx-0.8
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -59,6 +59,8 @@
Patch4: nginx-0.6.31_default_config.patch
# PATCH-FIX-UPSTREAM
Patch5: nginx_heap_overflow_4315.patch
+# PATCH CVE-2012-1180
+Patch6: nginx-CVE-2012-1180.patch
BuildRequires: dos2unix
BuildRequires: gd-devel
@@ -97,6 +99,7 @@
%patch3
%patch4
%patch5
+%patch6
dos2unix contrib/geo2nginx.pl
%build
++++++ nginx-CVE-2012-1180.patch ++++++
--- src/http/modules/ngx_http_fastcgi_module.c
+++ src/http/modules/ngx_http_fastcgi_module.c
@@ -1438,10 +1438,11 @@
h->lowcase_key = h->key.data + h->key.len + 1
+ h->value.len + 1;
- ngx_cpystrn(h->key.data, r->header_name_start,
- h->key.len + 1);
- ngx_cpystrn(h->value.data, r->header_start,
- h->value.len + 1);
+ ngx_memcpy(h->key.data, r->header_name_start, h->key.len);
+ h->key.data[h->key.len] = '\0';
+ ngx_memcpy(h->value.data, r->header_start, h->value.len);
+ h->value.data[h->value.len] = '\0';
+
}
h->hash = r->header_hash;
--- src/http/modules/ngx_http_proxy_module.c
+++ src/http/modules/ngx_http_proxy_module.c
@@ -1276,8 +1276,10 @@
h->value.data = h->key.data + h->key.len + 1;
h->lowcase_key = h->key.data + h->key.len + 1 + h->value.len + 1;
- ngx_cpystrn(h->key.data, r->header_name_start, h->key.len + 1);
- ngx_cpystrn(h->value.data, r->header_start, h->value.len + 1);
+ ngx_memcpy(h->key.data, r->header_name_start, h->key.len);
+ h->key.data[h->key.len] = '\0';
+ ngx_memcpy(h->value.data, r->header_start, h->value.len);
+ h->value.data[h->value.len] = '\0';
if (h->key.len == r->lowcase_index) {
ngx_memcpy(h->lowcase_key, r->lowcase_header, h->key.len);
--- src/http/modules/ngx_http_scgi_module.c
+++ src/http/modules/ngx_http_scgi_module.c
@@ -884,8 +884,10 @@
h->value.data = h->key.data + h->key.len + 1;
h->lowcase_key = h->key.data + h->key.len + 1 + h->value.len + 1;
- ngx_cpystrn(h->key.data, r->header_name_start, h->key.len + 1);
- ngx_cpystrn(h->value.data, r->header_start, h->value.len + 1);
+ ngx_memcpy(h->key.data, r->header_name_start, h->key.len);
+ h->key.data[h->key.len] = '\0';
+ ngx_memcpy(h->value.data, r->header_start, h->value.len);
+ h->value.data[h->value.len] = '\0';
if (h->key.len == r->lowcase_index) {
ngx_memcpy(h->lowcase_key, r->lowcase_header, h->key.len);
--- src/http/modules/ngx_http_uwsgi_module.c
+++ src/http/modules/ngx_http_uwsgi_module.c
@@ -934,8 +934,10 @@
h->value.data = h->key.data + h->key.len + 1;
h->lowcase_key = h->key.data + h->key.len + 1 + h->value.len + 1;
- ngx_cpystrn(h->key.data, r->header_name_start, h->key.len + 1);
- ngx_cpystrn(h->value.data, r->header_start, h->value.len + 1);
+ ngx_memcpy(h->key.data, r->header_name_start, h->key.len);
+ h->key.data[h->key.len] = '\0';
+ ngx_memcpy(h->value.data, r->header_start, h->value.len);
+ h->value.data[h->value.len] = '\0';
if (h->key.len == r->lowcase_index) {
ngx_memcpy(h->lowcase_key, r->lowcase_header, h->key.len);
--- src/http/ngx_http_parse.c
+++ src/http/ngx_http_parse.c
@@ -813,6 +813,10 @@
break;
}
+ if (ch == '\0') {
+ return NGX_HTTP_PARSE_INVALID_HEADER;
+ }
+
r->invalid_header = 1;
break;
@@ -875,6 +879,9 @@
break;
}
+ if (ch == '\0') {
+ return NGX_HTTP_PARSE_INVALID_HEADER;
+ }
r->invalid_header = 1;
break;
@@ -893,6 +900,8 @@
r->header_start = p;
r->header_end = p;
goto done;
+ case '\0':
+ return NGX_HTTP_PARSE_INVALID_HEADER;
default:
r->header_start = p;
state = sw_value;
@@ -914,6 +923,8 @@
case LF:
r->header_end = p;
goto done;
+ case '\0':
+ return NGX_HTTP_PARSE_INVALID_HEADER;
}
break;
@@ -927,6 +938,8 @@
break;
case LF:
goto done;
+ case '\0':
+ return NGX_HTTP_PARSE_INVALID_HEADER;
default:
state = sw_value;
break;
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
