bugfix: applied nginx's official security fix for an issue in the range filter (CVE-2017-7529).

Author: agentzh

patches/patch.2017.ranges.txt

@@ -0,0 +1,14 @@
+diffsrc/http/modules/ngx_http_range_filter_module.c b/src/http/modules/ngx_http_range_filter_module.c
+--- src/http/modules/ngx_http_range_filter_module.c
++++ src/http/modules/ngx_http_range_filter_module.c
+@@ -377,6 +377,10 @@ ngx_http_range_parse(ngx_http_request_t 
+             range->start = start;
+             range->end = end;
+ 
++            if (size > NGX_MAX_OFF_T_VALUE - (end - start)) {
++                return NGX_HTTP_RANGE_NOT_SATISFIABLE;
++            }
++
+             size += end - start;
+ 
+             if (ranges-- == 0) {

util/mirror-tarballs

@@ -34,6 +34,13 @@ cd nginx-$ver || exit 1
 
 # patch the patch
 
+answer=`$root/util/ver-ge "$main_ver" 1.13.3`
+if [ "$answer" = "N" ]; then
+    echo "$info_txt applying the patch for nginx security advisory (CVE-2017-7529)"
+    patch -p0 < $root/patches/patch.2017.ranges.txt || exit 1
+    echo
+fi
+
 answer=`$root/util/ver-ge "$main_ver" 1.5.12`
 if [ "$answer" = "N" ]; then
     echo "$info_txt applying the patch for nginx security advisory (CVE-2014-0133)"

util/ver

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 main_ver=1.11.2
-minor_ver=3
+minor_ver=4
 version=$main_ver.$minor_ver
 echo $version