bugfix: applied the patch for nginx security advisory (CVE-2016-4450).

agentzh · agentzh · commit bf47ba9529b6 · 2016-05-31T13:19:28.000-07:00
also bumped version to 1.9.7.5.
diff --git a/patches/patch.2016.write2.txt b/patches/patch.2016.write2.txt
@@ -0,0 +1,15 @@
+--- src/os/unix/ngx_files.c
++++ src/os/unix/ngx_files.c
+@@ -183,6 +183,12 @@ ngx_write_chain_to_file(ngx_file_t *file
+         /* create the iovec and coalesce the neighbouring bufs */
+ 
+         while (cl && vec.nelts < IOV_MAX) {
++
++            if (ngx_buf_special(cl->buf)) {
++                cl = cl->next;
++                continue;
++            }
++
+             if (prev == cl->buf->pos) {
+                 iov->iov_len += cl->buf->last - cl->buf->pos;
+ 
diff --git a/util/mirror-tarballs b/util/mirror-tarballs
@@ -39,6 +39,13 @@ if [ "$answer" = "N" ]; then
     echo
 fi
 
+answer=`$root/util/ver-ge "$main_ver" 1.9.12`
+if [ "$answer" = "N" ]; then
+    echo "$info_txt applying the patch for nginx security advisory (CVE-2016-4450)"
+    patch -p0 < $root/patches/patch.2016.write2.txt || exit 1
+    echo
+fi
+
 echo "$info_txt applying the upstream-pipelining patch for nginx"
 patch -p1 < $root/patches/nginx-$main_ver-upstream_pipelining.patch || exit 1
 echo
diff --git a/util/ver b/util/ver
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 main_ver=1.9.7
-minor_ver=4
+minor_ver=5
 version=$main_ver.$minor_ver
 echo $version
 
