I noticed an odd thing. Our download.freebsd.org server cannot sort large files by size:
works, largest first, FreeBSD 9.3
not working (smallest first), FreeBSD 11.1
largest first, FreeBSD 11.1
The FreeBSD 9.3 release has only files <2GB, the later releases have bigger files.
Reassign to services, I guess clusteradm can fix this better than docs.
We're running nginx-1.12.2_1 from ports with the HTTP_FANCYINDEX option set. This option causes the package to be built with fancyindex 0.4.1 from https://github.com/aperezdc/ngx-fancyindex.
Looking at https://github.com/aperezdc/ngx-fancyindex/releases it appears that 0.4.2 has the fix for this already, so the port needs updating. Upstream "strongly encourages" users to upgrade to that version - there's a crashing bug it also fixes. Once that's updated, we'll pull the new version in on the next refresh.
Over to maintainer
Created attachment 188727 [details]
patch to update fancyindex
May I commit this patch? Note that is is kind of important as it can cause Nginx to crash. See the release notes for more information: https://github.com/aperezdc/ngx-fancyindex/releases
I'm confused. Is this an update to Nginx in this PR? Or to download large files from download.freebsd.org?
The original report was about an integer overflow (INT_MAX) in the index sort function. Pretty harmless. Downloading of the big files works fine, but you cannot sort them by size.
It turns out that the bug is already fixed in a newer version of ngx-fancyindex 0.4.2. Also, this release contains a critical bug fix. We need to upgrade ASAP.
See the patch attached to the PR.
A commit references this bug:
Date: Thu Dec 14 10:07:05 UTC 2017
New revision: 456286
www/nginx: Update fancyindex to 0.4.2
This release contains an important fix which can cause Nginx
to crash when a directory contains zero-sized (empty) files.
This bug has been present in all previous releases,
and all users are strongly encouraged to update to version 0.4.2.
Submitted by: wosch
Approved by: tz (mentor)
Differential Revision: https://reviews.freebsd.org/D13486