Summary: | www/nginx: fancyindex cannot sort large files | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Wolfram Schneider <wosch> | ||||
Component: | Individual Port(s) | Assignee: | Jochen Neumeister <joneum> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Only Me | CC: | bcr, brd, gavin, joneum | ||||
Priority: | --- | ||||||
Version: | Latest | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
Wolfram Schneider
2017-12-11 08:28:24 UTC
Reassign to services, I guess clusteradm can fix this better than docs. We're running nginx-1.12.2_1 from ports with the HTTP_FANCYINDEX option set. This option causes the package to be built with fancyindex 0.4.1 from https://github.com/aperezdc/ngx-fancyindex. Looking at https://github.com/aperezdc/ngx-fancyindex/releases it appears that 0.4.2 has the fix for this already, so the port needs updating. Upstream "strongly encourages" users to upgrade to that version - there's a crashing bug it also fixes. Once that's updated, we'll pull the new version in on the next refresh. Gavin Over to maintainer Created attachment 188727 [details]
patch to update fancyindex
May I commit this patch? Note that is is kind of important as it can cause Nginx to crash. See the release notes for more information: https://github.com/aperezdc/ngx-fancyindex/releases I'm confused. Is this an update to Nginx in this PR? Or to download large files from download.freebsd.org? The original report was about an integer overflow (INT_MAX) in the index sort function. Pretty harmless. Downloading of the big files works fine, but you cannot sort them by size. It turns out that the bug is already fixed in a newer version of ngx-fancyindex 0.4.2. Also, this release contains a critical bug fix. We need to upgrade ASAP. See the patch attached to the PR. A commit references this bug: Author: joneum Date: Thu Dec 14 10:07:05 UTC 2017 New revision: 456286 URL: https://svnweb.freebsd.org/changeset/ports/456286 Log: www/nginx: Update fancyindex to 0.4.2 This release contains an important fix which can cause Nginx to crash when a directory contains zero-sized (empty) files. This bug has been present in all previous releases, and all users are strongly encouraged to update to version 0.4.2. PR: 224237 Submitted by: wosch Approved by: tz (mentor) MFH: 2017Q4 Differential Revision: https://reviews.freebsd.org/D13486 Changes: head/www/nginx/Makefile head/www/nginx/distinfo |