https://www.mediawiki.org/wiki/Special:Code/MediaWiki/115068
Revision: 115068
Author: faidon
Date: 2012-04-26 21:45:13 +0000 (Thu, 26 Apr 2012)
Log Message:
-----------
Import nginx 0.7.65-1ubuntu2.1 & 0.7.65-1ubuntu2.2
Incorporate a security & a serious fix from Ubuntu into our own 5wmf1 version
of nginx. Three-way merge of debian/changelog, altering history a bit (which
still resides in our svn history, though).
Modified Paths:
--------------
trunk/debs/nginx/debian/changelog
trunk/debs/nginx/debian/patches/series
Added Paths:
-----------
trunk/debs/nginx/debian/patches/LP-902223.patch
trunk/debs/nginx/debian/patches/nginx-null_byte_in_urls.patch
Modified: trunk/debs/nginx/debian/changelog
===================================================================
--- trunk/debs/nginx/debian/changelog 2012-04-26 21:36:27 UTC (rev 115067)
+++ trunk/debs/nginx/debian/changelog 2012-04-26 21:45:13 UTC (rev 115068)
@@ -23,6 +23,22 @@
-- Ryan Lane <rl...@wikimedia.org> Thu, 23 Jun 2011 20:22:09 +0000
+nginx (0.7.65-1ubuntu2.2) lucid-proposed; urgency=low
+
+ * debian/patches/LP-902223.patch: Patch to fix reloading
+ IPv6 addresses, patch derived from Debian. (LP: #902223)
+
+ -- Mahyuddin Susanto <udi...@ubuntu.com> Thu, 12 Jan 2012 14:45:20 +0700
+
+nginx (0.7.65-1ubuntu2.1) lucid-security; urgency=low
+
+ * SECURITY UPDATE:
+ - debian/patches/nginx-null_byte_in_urls.patch: Merge r3528 from
+ upstream repository to mitigate potential null byte vulnerability
+ (LP: #783508)
+
+ -- Neal Poole <n...@nealpoole.com> Fri, 17 Jun 2011 20:44:44 -0400
+
nginx (0.7.65-1ubuntu2) lucid; urgency=low
* Re-enable http_realip_module (debian/rules).
Added: trunk/debs/nginx/debian/patches/LP-902223.patch
===================================================================
--- trunk/debs/nginx/debian/patches/LP-902223.patch
(rev 0)
+++ trunk/debs/nginx/debian/patches/LP-902223.patch 2012-04-26 21:45:13 UTC
(rev 115068)
@@ -0,0 +1,18 @@
+Description: Patch to fix reloading IPv6 addresses
+Author: Matthias-Christian Ott <o...@mirix.org>
+Bug-Debian: http://bugs.debian.org/577456
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/902223
+
+Index: nginx-0.7.65/src/core/ngx_cycle.c
+===================================================================
+--- nginx-0.7.65.orig/src/core/ngx_cycle.c 2009-10-26 23:22:24.000000000
+0700
++++ nginx-0.7.65/src/core/ngx_cycle.c 2012-01-12 14:38:22.717490960 +0700
+@@ -847,7 +847,7 @@
+ sin61 = (struct sockaddr_in6 *) sa1;
+ sin62 = (struct sockaddr_in6 *) sa2;
+
+- if (sin61->sin6_port != sin61->sin6_port) {
++ if (sin61->sin6_port != sin62->sin6_port) {
+ return NGX_DECLINED;
+ }
+
Added: trunk/debs/nginx/debian/patches/nginx-null_byte_in_urls.patch
===================================================================
--- trunk/debs/nginx/debian/patches/nginx-null_byte_in_urls.patch
(rev 0)
+++ trunk/debs/nginx/debian/patches/nginx-null_byte_in_urls.patch
2012-04-26 21:45:13 UTC (rev 115068)
@@ -0,0 +1,279 @@
+Description: Upstream changes introduced in version 0.7.65-1ubuntu3
+ This patch has been created by dpkg-source during the package build.
+ Here's the last changelog entry, hopefully it gives details on why
+ those changes were made:
+ .
+ nginx (0.7.65-1ubuntu3) lucid; urgency=low
+ .
+ * Merge r3528 from upstream repository to mitigate potential
+ null byte vulnerability (LP: #783508)
+ .
+ The person named in the Author field signed this changelog entry.
+Author: Neal Poole <n...@nealpoole.com>
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/783508
+Origin: svn://svn.nginx.org/nginx/ rev 3528
+
+--- nginx-0.7.65.orig/src/http/ngx_http_special_response.c
++++ nginx-0.7.65/src/http/ngx_http_special_response.c
+@@ -517,8 +517,6 @@ ngx_http_send_error_page(ngx_http_reques
+
+ r->err_status = overwrite;
+
+- r->zero_in_uri = 0;
+-
+ if (ngx_http_complex_value(r, &err_page->value, &uri) != NGX_OK) {
+ return NGX_ERROR;
+ }
+--- nginx-0.7.65.orig/src/http/ngx_http_request.h
++++ nginx-0.7.65/src/http/ngx_http_request.h
+@@ -57,7 +57,7 @@
+ #define NGX_HTTP_PARSE_INVALID_HEADER 13
+
+
+-#define NGX_HTTP_ZERO_IN_URI 1
++/* unused 1 */
+ #define NGX_HTTP_SUBREQUEST_IN_MEMORY 2
+ #define NGX_HTTP_SUBREQUEST_WAITED 4
+ #define NGX_HTTP_LOG_UNSAFE 8
+@@ -428,9 +428,6 @@ struct ngx_http_request_s {
+ /* URI with "+" */
+ unsigned plus_in_uri:1;
+
+- /* URI with "\0" or "%00" */
+- unsigned zero_in_uri:1;
+-
+ unsigned invalid_header:1;
+
+ unsigned valid_location:1;
+--- nginx-0.7.65.orig/src/http/ngx_http_upstream.c
++++ nginx-0.7.65/src/http/ngx_http_upstream.c
+@@ -1775,10 +1775,6 @@ ngx_http_upstream_process_headers(ngx_ht
+ return NGX_DONE;
+ }
+
+- if (flags & NGX_HTTP_ZERO_IN_URI) {
+- r->zero_in_uri = 1;
+- }
+-
+ if (r->method != NGX_HTTP_HEAD) {
+ r->method = NGX_HTTP_GET;
+ }
+--- nginx-0.7.65.orig/src/http/ngx_http_parse.c
++++ nginx-0.7.65/src/http/ngx_http_parse.c
+@@ -438,8 +438,7 @@ ngx_http_parse_request_line(ngx_http_req
+ r->plus_in_uri = 1;
+ break;
+ case '\0':
+- r->zero_in_uri = 1;
+- break;
++ return NGX_HTTP_PARSE_INVALID_REQUEST;
+ default:
+ state = sw_check_uri;
+ break;
+@@ -496,8 +495,7 @@ ngx_http_parse_request_line(ngx_http_req
+ r->plus_in_uri = 1;
+ break;
+ case '\0':
+- r->zero_in_uri = 1;
+- break;
++ return NGX_HTTP_PARSE_INVALID_REQUEST;
+ }
+ break;
+
+@@ -526,8 +524,7 @@ ngx_http_parse_request_line(ngx_http_req
+ r->complex_uri = 1;
+ break;
+ case '\0':
+- r->zero_in_uri = 1;
+- break;
++ return NGX_HTTP_PARSE_INVALID_REQUEST;
+ }
+ break;
+
+@@ -1202,7 +1199,7 @@ ngx_http_parse_complex_uri(ngx_http_requ
+ ch = *p++;
+
+ } else if (ch == '\0') {
+- r->zero_in_uri = 1;
++ return NGX_HTTP_PARSE_INVALID_REQUEST;
+ }
+
+ state = quoted_state;
+@@ -1304,8 +1301,7 @@ ngx_http_parse_unsafe_uri(ngx_http_reque
+ }
+
+ if (ch == '\0') {
+- *flags |= NGX_HTTP_ZERO_IN_URI;
+- continue;
++ goto unsafe;
+ }
+
+ if (ngx_path_separator(ch) && len > 2) {
+@@ -1449,34 +1445,19 @@ ngx_http_arg(ngx_http_request_t *r, u_ch
+ void
+ ngx_http_split_args(ngx_http_request_t *r, ngx_str_t *uri, ngx_str_t *args)
+ {
+- u_char ch, *p, *last;
+-
+- p = uri->data;
+-
+- last = p + uri->len;
+-
+- args->len = 0;
+-
+- while (p < last) {
+-
+- ch = *p++;
++ u_char *p, *last;
+
+- if (ch == '?') {
+- args->len = last - p;
+- args->data = p;
++ last = uri->data + uri->len;
+
+- uri->len = p - 1 - uri->data;
++ p = ngx_strlchr(uri->data, last, '?');
+
+- if (ngx_strlchr(p, last, '\0') != NULL) {
+- r->zero_in_uri = 1;
+- }
++ if (p) {
++ uri->len = p - uri->data;
++ p++;
++ args->len = last - p;
++ args->data = p;
+
+- return;
+- }
+-
+- if (ch == '\0') {
+- r->zero_in_uri = 1;
+- continue;
+- }
++ } else {
++ args->len = 0;
+ }
+ }
+--- nginx-0.7.65.orig/src/http/ngx_http_core_module.c
++++ nginx-0.7.65/src/http/ngx_http_core_module.c
+@@ -1288,7 +1288,7 @@ ngx_http_core_content_phase(ngx_http_req
+
+ /* no content handler was found */
+
+- if (r->uri.data[r->uri.len - 1] == '/' && !r->zero_in_uri) {
++ if (r->uri.data[r->uri.len - 1] == '/') {
+
+ if (ngx_http_map_uri_to_path(r, &path, &root, 0) != NULL) {
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+@@ -2076,7 +2076,6 @@ ngx_http_subrequest(ngx_http_request_t *
+ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0,
+ "http subrequest \"%V?%V\"", uri, &sr->args);
+
+- sr->zero_in_uri = (flags & NGX_HTTP_ZERO_IN_URI) != 0;
+ sr->subrequest_in_memory = (flags & NGX_HTTP_SUBREQUEST_IN_MEMORY) != 0;
+ sr->waited = (flags & NGX_HTTP_SUBREQUEST_WAITED) != 0;
+
+--- nginx-0.7.65.orig/src/http/modules/ngx_http_gzip_static_module.c
++++ nginx-0.7.65/src/http/modules/ngx_http_gzip_static_module.c
+@@ -89,10 +89,6 @@ ngx_http_gzip_static_handler(ngx_http_re
+ return NGX_DECLINED;
+ }
+
+- if (r->zero_in_uri) {
+- return NGX_DECLINED;
+- }
+-
+ gzcf = ngx_http_get_module_loc_conf(r, ngx_http_gzip_static_module);
+
+ if (!gzcf->enable) {
+--- nginx-0.7.65.orig/src/http/modules/ngx_http_flv_module.c
++++ nginx-0.7.65/src/http/modules/ngx_http_flv_module.c
+@@ -80,10 +80,6 @@ ngx_http_flv_handler(ngx_http_request_t
+ return NGX_DECLINED;
+ }
+
+- if (r->zero_in_uri) {
+- return NGX_DECLINED;
+- }
+-
+ rc = ngx_http_discard_request_body(r);
+
+ if (rc != NGX_OK) {
+--- nginx-0.7.65.orig/src/http/modules/ngx_http_static_module.c
++++ nginx-0.7.65/src/http/modules/ngx_http_static_module.c
+@@ -66,10 +66,6 @@ ngx_http_static_handler(ngx_http_request
+ return NGX_DECLINED;
+ }
+
+- if (r->zero_in_uri) {
+- return NGX_DECLINED;
+- }
+-
+ log = r->connection->log;
+
+ /*
+--- nginx-0.7.65.orig/src/http/modules/ngx_http_dav_module.c
++++ nginx-0.7.65/src/http/modules/ngx_http_dav_module.c
+@@ -146,10 +146,6 @@ ngx_http_dav_handler(ngx_http_request_t
+ ngx_int_t rc;
+ ngx_http_dav_loc_conf_t *dlcf;
+
+- if (r->zero_in_uri) {
+- return NGX_DECLINED;
+- }
+-
+ dlcf = ngx_http_get_module_loc_conf(r, ngx_http_dav_module);
+
+ if (!(r->method & dlcf->methods)) {
+--- nginx-0.7.65.orig/src/http/modules/ngx_http_autoindex_module.c
++++ nginx-0.7.65/src/http/modules/ngx_http_autoindex_module.c
+@@ -160,10 +160,6 @@ ngx_http_autoindex_handler(ngx_http_requ
+ return NGX_DECLINED;
+ }
+
+- if (r->zero_in_uri) {
+- return NGX_DECLINED;
+- }
+-
+ if (!(r->method & (NGX_HTTP_GET|NGX_HTTP_HEAD))) {
+ return NGX_DECLINED;
+ }
+--- nginx-0.7.65.orig/src/http/modules/ngx_http_random_index_module.c
++++ nginx-0.7.65/src/http/modules/ngx_http_random_index_module.c
+@@ -86,10 +86,6 @@ ngx_http_random_index_handler(ngx_http_r
+ return NGX_DECLINED;
+ }
+
+- if (r->zero_in_uri) {
+- return NGX_DECLINED;
+- }
+-
+ if (!(r->method & (NGX_HTTP_GET|NGX_HTTP_HEAD|NGX_HTTP_POST))) {
+ return NGX_DECLINED;
+ }
+--- nginx-0.7.65.orig/src/http/modules/ngx_http_index_module.c
++++ nginx-0.7.65/src/http/modules/ngx_http_index_module.c
+@@ -116,10 +116,6 @@ ngx_http_index_handler(ngx_http_request_
+ return NGX_DECLINED;
+ }
+
+- if (r->zero_in_uri) {
+- return NGX_DECLINED;
+- }
+-
+ ilcf = ngx_http_get_module_loc_conf(r, ngx_http_index_module);
+ clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
+
+--- nginx-0.7.65.orig/src/http/modules/perl/ngx_http_perl_module.c
++++ nginx-0.7.65/src/http/modules/perl/ngx_http_perl_module.c
+@@ -174,10 +174,6 @@ ngx_http_perl_xs_init(pTHX)
+ static ngx_int_t
+ ngx_http_perl_handler(ngx_http_request_t *r)
+ {
+- if (r->zero_in_uri) {
+- return NGX_HTTP_NOT_FOUND;
+- }
+-
+ ngx_http_perl_handle_request(r);
+
+ return NGX_DONE;
Modified: trunk/debs/nginx/debian/patches/series
===================================================================
--- trunk/debs/nginx/debian/patches/series 2012-04-26 21:36:27 UTC (rev
115067)
+++ trunk/debs/nginx/debian/patches/series 2012-04-26 21:45:13 UTC (rev
115068)
@@ -1,3 +1,5 @@
nginx-upstream-fair.diff
dlopen.diff
+nginx-null_byte_in_urls.patch
+LP-902223.patch
udplog.diff
_______________________________________________
MediaWiki-CVS mailing list
MediaWiki-CVS@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
