Package: nginx / 1.10.3-1+deb9u1~bpo8+2
Metadata
Package | Version | Patches format |
---|---|---|
nginx | 1.10.3-1+deb9u1~bpo8+2 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
perl use dpkg buildflags.patch | (download) |
src/http/modules/perl/Makefile.PL |
4 4 + 0 - 0 ! |
use linker flags from environment for perl (dpkg-buildflags). Necessary for hardening flags. |
0002 Make sure signature stays the same in all nginx buil.patch | (download) |
configure |
4 4 + 0 - 0 ! |
make sure signature stays the same in all nginx builds NGX_HTTP_HEADERS is part of nginx signature. When a dyn modules is loaded the signature of the module is compared to the one of the nginx binary. dyn modules are build from nginx-full, so in order to make them loadable in other flavors we need to make sure all the binaries share the same signature. |
0003 define_gnu_source on other glibc based platforms.patch | (download) |
src/os/unix/ngx_posix_config.h |
5 4 + 1 - 0 ! |
use _gnu_source on gnu/kfreebsd Define _GNU_SOURCE not only on GNU/Hurd, but also other glibc-based platforms including GNU/kFreeBSD. |
0004 SSL error messages style.patch | (download) |
src/event/ngx_event_openssl.c |
4 2 + 2 - 0 ! |
ssl: error messages style. |
0005 SSL style.patch | (download) |
src/event/ngx_event_openssl.c |
8 4 + 4 - 0 ! |
ssl: style. |
0006 SSL support for multiple curves ticket 885.patch | (download) |
src/event/ngx_event_openssl.c |
53 48 + 5 - 0 ! |
ssl: support for multiple curves (ticket #885). OpenSSL 1.0.2+ allows configuring a curve list instead of a single curve |
CVE 2017 7529 Range filter.patch | (download) |
src/http/modules/ngx_http_range_filter_module.c |
4 4 + 0 - 0 ! |
[patch] range filter: protect from total size overflows. The overflow can be used to circumvent the restriction on total size of ranges introduced in c2a91088b0c0 (1.1.2). Additionally, overflow allows producing ranges with negative start (such ranges can be created by using a suffix, "bytes=-100"; normally this results in 200 due to the total size check). These can result in the following errors in logs: [crit] ... pread() ... failed (22: Invalid argument) [alert] ... sendfile() failed (22: Invalid argument) When using cache, it can be also used to reveal cache file header. It is believed that there are no other negative effects, at least with standard nginx modules. In theory, this can also result in memory disclosure and/or segmentation faults if multiple ranges are allowed, and the response is returned in a single in-memory buffer. This never happens with standard nginx modules though, as well as known 3rd party modules. Fix is to properly protect from possible overflow when incrementing size. |