Date: Sun, 9 Feb 2020 11:19:01 +0000 (UTC) From: Jochen Neumeister <joneum@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r525648 - in branches/2020Q1/www/nginx: . files Message-ID: <202002091119.019BJ1RL072402@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: joneum Date: Sun Feb 9 11:19:01 2020 New Revision: 525648 URL: https://svnweb.freebsd.org/changeset/ports/525648 Log: MFH: r525647 Add patch for CVE-2019-20372 NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20372 PR: 243952 Reported by: koobs and many more Security: c1202de8-4b29-11ea-9673-4c72b94353b5 Sponsored by: Netzkommune GmbH Approved by: ports-secteam (with hat) Added: branches/2020Q1/www/nginx/files/patch-CVE-2019-20372 - copied unchanged from r525647, head/www/nginx/files/patch-CVE-2019-20372 Modified: branches/2020Q1/www/nginx/Makefile Directory Properties: branches/2020Q1/ (props changed) Modified: branches/2020Q1/www/nginx/Makefile ============================================================================== --- branches/2020Q1/www/nginx/Makefile Sun Feb 9 11:16:40 2020 (r525647) +++ branches/2020Q1/www/nginx/Makefile Sun Feb 9 11:19:01 2020 (r525648) @@ -3,7 +3,7 @@ PORTNAME= nginx PORTVERSION= 1.16.1 -PORTREVISION?= 8 +PORTREVISION?= 11 PORTEPOCH= 2 CATEGORIES= www MASTER_SITES= https://nginx.org/download/ \ Copied: branches/2020Q1/www/nginx/files/patch-CVE-2019-20372 (from r525647, head/www/nginx/files/patch-CVE-2019-20372) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2020Q1/www/nginx/files/patch-CVE-2019-20372 Sun Feb 9 11:19:01 2020 (r525648, copy of r525647, head/www/nginx/files/patch-CVE-2019-20372) @@ -0,0 +1,28 @@ +From 8bffc01d084b4881e3eed2052c115b8f04268cb9 Mon Sep 17 00:00:00 2001 +From: Ruslan Ermilov <ru@nginx.com> +Date: Mon, 23 Dec 2019 15:45:46 +0300 +Subject: [PATCH] Discard request body when redirecting to a URL via + error_page. + +Reported by Bert JW Regeer and Francisco Oca Gonzalez. +--- + src/http/ngx_http_special_response.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c +index 2c1ff174..e2a5e9dc 100644 +--- src/http/ngx_http_special_response.c ++++ src/http/ngx_http_special_response.c +@@ -623,6 +623,12 @@ ngx_http_send_error_page(ngx_http_request_t *r, ngx_http_err_page_t *err_page) + return ngx_http_named_location(r, &uri); + } + ++ r->expect_tested = 1; ++ ++ if (ngx_http_discard_request_body(r) != NGX_OK) { ++ r->keepalive = 0; ++ } ++ + location = ngx_list_push(&r->headers_out.headers); + + if (location == NULL) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202002091119.019BJ1RL072402>