Bug 224237 - www/nginx: fancyindex cannot sort large files
Summary: www/nginx: fancyindex cannot sort large files
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Jochen Neumeister
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-12-11 08:28 UTC by Wolfram Schneider
Modified: 2018-01-02 16:31 UTC (History)
4 users (show)

See Also:

Attachments
patch to update fancyindex (1.55 KB, patch)
2017-12-11 18:55 UTC, Brad Davis 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfram Schneider freebsd_committer freebsd_triage 2017-12-11 08:28:24 UTC 
I noticed an odd thing. Our download.freebsd.org server cannot sort large files by size:

works, largest first, FreeBSD 9.3
https://download.freebsd.org/ftp/releases/ISO-IMAGES/9.3/?C=S&O=D

not working (smallest first), FreeBSD 11.1
https://download.freebsd.org/ftp/releases/ISO-IMAGES/11.1/?C=S&O=A

largest first, FreeBSD 11.1
https://download.freebsd.org/ftp/releases/ISO-IMAGES/11.1/?C=S&O=D

The FreeBSD 9.3 release has only files <2GB, the later releases have bigger files.
Comment 1 Benedict Reuschling freebsd_committer freebsd_triage 2017-12-11 09:03:05 UTC 
Reassign to services, I guess clusteradm can fix this better than docs.
Comment 2 Gavin Atkinson freebsd_committer freebsd_triage 2017-12-11 16:26:51 UTC 
We're running nginx-1.12.2_1 from ports with the HTTP_FANCYINDEX option set.  This option causes the package to be built with fancyindex 0.4.1 from https://github.com/aperezdc/ngx-fancyindex.

Looking at https://github.com/aperezdc/ngx-fancyindex/releases it appears that 0.4.2 has the fix for this already, so the port needs updating.  Upstream "strongly encourages" users to upgrade to that version - there's a crashing bug it also fixes.  Once that's updated, we'll pull the new version in on the next refresh.

Gavin
Comment 3 Gavin Atkinson freebsd_committer freebsd_triage 2017-12-11 16:28:12 UTC 
Over to maintainer
Comment 4 Brad Davis freebsd_committer freebsd_triage 2017-12-11 18:55:19 UTC 
Created attachment 188727 [details]
patch to update fancyindex
Comment 5 Brad Davis freebsd_committer freebsd_triage 2017-12-11 18:57:09 UTC 
May I commit this patch?  Note that is is kind of important as it can cause Nginx to crash.  See the release notes for more information: https://github.com/aperezdc/ngx-fancyindex/releases
Comment 6 Jochen Neumeister freebsd_committer freebsd_triage 2017-12-13 19:36:21 UTC 
I'm confused. Is this an update to Nginx in this PR? Or to download large files from download.freebsd.org?
Comment 7 Wolfram Schneider freebsd_committer freebsd_triage 2017-12-13 21:20:00 UTC 
The original report was about an integer overflow (INT_MAX) in the index sort function. Pretty harmless. Downloading of the big files works fine, but you cannot sort them by size.

It turns out that the bug is already fixed in a newer version of ngx-fancyindex 0.4.2. Also, this release contains a critical bug fix. We need to upgrade ASAP.
Comment 8 Brad Davis freebsd_committer freebsd_triage 2017-12-13 21:28:54 UTC 
See the patch attached to the PR.
Comment 9 commit-hook freebsd_committer freebsd_triage 2017-12-14 10:07:58 UTC 
A commit references this bug:

Author: joneum
Date: Thu Dec 14 10:07:05 UTC 2017
New revision: 456286
URL: https://svnweb.freebsd.org/changeset/ports/456286

Log:
  www/nginx: Update fancyindex to 0.4.2

  This release contains an important fix which can cause Nginx
  to crash when a directory contains zero-sized (empty) files.
  This bug has been present in all previous releases,
  and all users are strongly encouraged to update to version 0.4.2.

  PR:		224237
  Submitted by:	wosch
  Approved by:	tz (mentor)
  MFH:		2017Q4
  Differential Revision:	https://reviews.freebsd.org/D13486

Changes:
  head/www/nginx/Makefile
  head/www/nginx/distinfo