From 37ba2b1015ca465d98c6d989514a0bbf0550b76c Mon Sep 17 00:00:00 2001 From: "Yichun Zhang (agentzh)" Date: Wed, 19 Mar 2014 17:37:47 -0700 Subject: [PATCH] backported the patch to the nginx core for the latest SPDY security vulnerability (CVE-2014-0133). --- patches/patch.2014.spdy2.txt | 11 +++++++++++ util/mirror-tarballs | 4 ++++ util/ver | 2 +- 3 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 patches/patch.2014.spdy2.txt diff --git a/patches/patch.2014.spdy2.txt b/patches/patch.2014.spdy2.txt new file mode 100644 index 0000000..6d86351 --- /dev/null +++ b/patches/patch.2014.spdy2.txt @@ -0,0 +1,11 @@ +--- src/http/ngx_http_spdy.c ++++ src/http/ngx_http_spdy.c +@@ -1849,7 +1849,7 @@ static u_char * + ngx_http_spdy_state_save(ngx_http_spdy_connection_t *sc, + u_char *pos, u_char *end, ngx_http_spdy_handler_pt handler) + { +-#if (NGX_DEBUG) ++#if 1 + if (end - pos > NGX_SPDY_STATE_BUFFER_SIZE) { + ngx_log_error(NGX_LOG_ALERT, sc->connection->log, 0, + "spdy state buffer overflow: " diff --git a/util/mirror-tarballs b/util/mirror-tarballs index 16d8ef9..43a2867 100755 --- a/util/mirror-tarballs +++ b/util/mirror-tarballs @@ -32,6 +32,10 @@ cd nginx-$ver || exit 1 # patch the patch +echo "$info_txt applying the patch for nginx security advisory (CVE-2014-0133)" +patch -p0 < $root/patches/patch.2014.spdy2.txt || exit 1 +echo + echo "$info_txt applying the upstream-pipelining patch for nginx" patch -p1 < $root/patches/nginx-$main_ver-upstream_pipelining.patch || exit 1 echo diff --git a/util/ver b/util/ver index 496ef35..4ba57bc 100755 --- a/util/ver +++ b/util/ver @@ -1,7 +1,7 @@ #!/bin/bash main_ver=1.5.11 -minor_ver=1rc2 +minor_ver=1rc3 version=$main_ver.$minor_ver echo $version