[pkgsrc/pkgsrc-2016Q1]: pkgsrc/www Pullup ticket #5038 - requested by joerg

[spz <spz%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/9e0e9d664379
branches:  pkgsrc-2016Q1
changeset: 408917:9e0e9d664379
user:      spz <spz%pkgsrc.org@localhost>
date:      Sat Jun 11 10:06:37 2016 +0000

description:
Pullup ticket #5038 - requested by joerg
www/nginx: security patch
www/nginx-devel: security patch

Revisions pulled up:
- www/nginx-devel/Makefile                                      1.20
- www/nginx-devel/distinfo                                      1.20
- www/nginx-devel/patches/patch-src_os_unix_ngx__files.c        1.1
- www/nginx/Makefile                                            1.64
- www/nginx/patches/patch-src_os_unix_ngx__files.c              1.1

-------------------------------------------------------------------
   Module Name: pkgsrc
   Committed By:        joerg
   Date:                Tue May 31 19:44:47 UTC 2016

   Modified Files:
        pkgsrc/www/nginx: Makefile
   Added Files:
        pkgsrc/www/nginx/patches: patch-src_os_unix_ngx__files.c

   Log Message:
   Avoid CVE-2016-4450 (NULL dereference while saving client body to
   temporary file). Bump revision.


   To generate a diff of this commit:
   cvs rdiff -u -r1.63 -r1.64 pkgsrc/www/nginx/Makefile
   cvs rdiff -u -r0 -r1.1 \
       pkgsrc/www/nginx/patches/patch-src_os_unix_ngx__files.c

-------------------------------------------------------------------
   Module Name: pkgsrc
   Committed By:        joerg
   Date:                Tue May 31 19:54:43 UTC 2016

   Modified Files:
        pkgsrc/www/nginx-devel: Makefile distinfo
   Added Files:
        pkgsrc/www/nginx-devel/patches: patch-src_os_unix_ngx__files.c

   Log Message:
   Avoid CVE-2016-4450 (NULL dereference while saving client body to
   temporary file). Bump revision.


   To generate a diff of this commit:
   cvs rdiff -u -r1.19 -r1.20 pkgsrc/www/nginx-devel/Makefile \
       pkgsrc/www/nginx-devel/distinfo
   cvs rdiff -u -r0 -r1.1 \
       pkgsrc/www/nginx-devel/patches/patch-src_os_unix_ngx__files.c

diffstat:

 www/nginx-devel/Makefile                               |   3 ++-
 www/nginx-devel/distinfo                               |   3 ++-
 www/nginx-devel/patches/patch-src_os_unix_ngx__files.c |  17 +++++++++++++++++
 www/nginx/Makefile                                     |   4 ++--
 www/nginx/patches/patch-src_os_unix_ngx__files.c       |  17 +++++++++++++++++
 5 files changed, 40 insertions(+), 4 deletions(-)

diffs (81 lines):

diff -r 6503383d670b -r 9e0e9d664379 www/nginx-devel/Makefile
--- a/www/nginx-devel/Makefile  Sat Jun 11 09:53:06 2016 +0000
+++ b/www/nginx-devel/Makefile  Sat Jun 11 10:06:37 2016 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.19 2016/01/26 17:59:13 joerg Exp $
+# $NetBSD: Makefile,v 1.19.2.1 2016/06/11 10:06:37 spz Exp $
 
 DISTNAME=              nginx-1.9.10
+PKGREVISION=           1
 MAINTAINER=            imil%NetBSD.org@localhost
 NGINX_HTTP_V2=         yes
 
diff -r 6503383d670b -r 9e0e9d664379 www/nginx-devel/distinfo
--- a/www/nginx-devel/distinfo  Sat Jun 11 09:53:06 2016 +0000
+++ b/www/nginx-devel/distinfo  Sat Jun 11 10:06:37 2016 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.19 2016/01/26 17:59:13 joerg Exp $
+$NetBSD: distinfo,v 1.19.2.1 2016/06/11 10:06:37 spz Exp $
 
 SHA1 (array-var-nginx-module-0.04.tar.gz) = 1fd3bdd05c2d1d7667ed6f7baa612ddf7f630df3
 RMD160 (array-var-nginx-module-0.04.tar.gz) = a751a2ce87dcfb88d072779097b4df9f42a415e4
@@ -46,3 +46,4 @@
 Size (set-misc-nginx-module-0.29.tar.gz) = 35495 bytes
 SHA1 (patch-auto_install) = 723e2ae222146775ae66aed7815bf3f911dd1cd7
 SHA1 (patch-conf_nginx.conf) = ee9fbc3838cc006f6e1cddddadf6603f4941d171
+SHA1 (patch-src_os_unix_ngx__files.c) = e6159893bbdf6b991dd3b3ee6fae32d304374995
diff -r 6503383d670b -r 9e0e9d664379 www/nginx-devel/patches/patch-src_os_unix_ngx__files.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/nginx-devel/patches/patch-src_os_unix_ngx__files.c    Sat Jun 11 10:06:37 2016 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-src_os_unix_ngx__files.c,v 1.1.2.2 2016/06/11 10:06:37 spz Exp $
+
+--- src/os/unix/ngx_files.c.orig       2016-01-26 14:27:43.000000000 +0000
++++ src/os/unix/ngx_files.c
+@@ -313,6 +313,12 @@ ngx_write_chain_to_file(ngx_file_t *file
+         /* create the iovec and coalesce the neighbouring bufs */
+ 
+         while (cl && vec.nelts < IOV_MAX) {
++
++            if (ngx_buf_special(cl->buf)) {
++                cl = cl->next;
++                continue;
++            }
++
+             if (prev == cl->buf->pos) {
+                 iov->iov_len += cl->buf->last - cl->buf->pos;
+ 
diff -r 6503383d670b -r 9e0e9d664379 www/nginx/Makefile
--- a/www/nginx/Makefile        Sat Jun 11 09:53:06 2016 +0000
+++ b/www/nginx/Makefile        Sat Jun 11 10:06:37 2016 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.63 2016/03/05 11:29:38 jperkin Exp $
+# $NetBSD: Makefile,v 1.63.2.1 2016/06/11 10:06:37 spz Exp $
 
 DISTNAME=              nginx-1.8.1
 MAINTAINER=            joerg%NetBSD.org@localhost
 
-PKGREVISION= 1
+PKGREVISION= 2
 .include "../../www/nginx/Makefile.common"
diff -r 6503383d670b -r 9e0e9d664379 www/nginx/patches/patch-src_os_unix_ngx__files.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/nginx/patches/patch-src_os_unix_ngx__files.c  Sat Jun 11 10:06:37 2016 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-src_os_unix_ngx__files.c,v 1.1.2.2 2016/06/11 10:06:37 spz Exp $
+
+--- src/os/unix/ngx_files.c.orig       2016-01-26 14:39:33.000000000 +0000
++++ src/os/unix/ngx_files.c
+@@ -292,6 +292,12 @@ ngx_write_chain_to_file(ngx_file_t *file
+         /* create the iovec and coalesce the neighbouring bufs */
+ 
+         while (cl && vec.nelts < IOV_MAX) {
++
++            if (ngx_buf_special(cl->buf)) {
++                cl = cl->next;
++                continue;
++            }
++
+             if (prev == cl->buf->pos) {
+                 iov->iov_len += cl->buf->last - cl->buf->pos;
+