Bug 224237 - www/nginx: fancyindex cannot sort large files
Summary: www/nginx: fancyindex cannot sort large files
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Jochen Neumeister
Depends on:
Reported: 2017-12-11 08:28 UTC by Wolfram Schneider
Modified: 2018-01-02 16:31 UTC (History)
4 users (show)

See Also:

patch to update fancyindex (1.55 KB, patch)
2017-12-11 18:55 UTC, Brad Davis
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfram Schneider freebsd_committer 2017-12-11 08:28:24 UTC
I noticed an odd thing. Our download.freebsd.org server cannot sort large files by size:

works, largest first, FreeBSD 9.3

not working (smallest first), FreeBSD 11.1

largest first, FreeBSD 11.1

The FreeBSD 9.3 release has only files <2GB, the later releases have bigger files.
Comment 1 Benedict Reuschling freebsd_committer 2017-12-11 09:03:05 UTC
Reassign to services, I guess clusteradm can fix this better than docs.
Comment 2 Gavin Atkinson freebsd_committer freebsd_triage 2017-12-11 16:26:51 UTC
We're running nginx-1.12.2_1 from ports with the HTTP_FANCYINDEX option set.  This option causes the package to be built with fancyindex 0.4.1 from https://github.com/aperezdc/ngx-fancyindex.

Looking at https://github.com/aperezdc/ngx-fancyindex/releases it appears that 0.4.2 has the fix for this already, so the port needs updating.  Upstream "strongly encourages" users to upgrade to that version - there's a crashing bug it also fixes.  Once that's updated, we'll pull the new version in on the next refresh.

Comment 3 Gavin Atkinson freebsd_committer freebsd_triage 2017-12-11 16:28:12 UTC
Over to maintainer
Comment 4 Brad Davis freebsd_committer 2017-12-11 18:55:19 UTC
Created attachment 188727 [details]
patch to update fancyindex
Comment 5 Brad Davis freebsd_committer 2017-12-11 18:57:09 UTC
May I commit this patch?  Note that is is kind of important as it can cause Nginx to crash.  See the release notes for more information: https://github.com/aperezdc/ngx-fancyindex/releases
Comment 6 Jochen Neumeister freebsd_committer 2017-12-13 19:36:21 UTC
I'm confused. Is this an update to Nginx in this PR? Or to download large files from download.freebsd.org?
Comment 7 Wolfram Schneider freebsd_committer 2017-12-13 21:20:00 UTC
The original report was about an integer overflow (INT_MAX) in the index sort function. Pretty harmless. Downloading of the big files works fine, but you cannot sort them by size.

It turns out that the bug is already fixed in a newer version of ngx-fancyindex 0.4.2. Also, this release contains a critical bug fix. We need to upgrade ASAP.
Comment 8 Brad Davis freebsd_committer 2017-12-13 21:28:54 UTC
See the patch attached to the PR.
Comment 9 commit-hook freebsd_committer 2017-12-14 10:07:58 UTC
A commit references this bug:

Author: joneum
Date: Thu Dec 14 10:07:05 UTC 2017
New revision: 456286
URL: https://svnweb.freebsd.org/changeset/ports/456286

  www/nginx: Update fancyindex to 0.4.2

  This release contains an important fix which can cause Nginx
  to crash when a directory contains zero-sized (empty) files.
  This bug has been present in all previous releases,
  and all users are strongly encouraged to update to version 0.4.2.

  PR:		224237
  Submitted by:	wosch
  Approved by:	tz (mentor)
  MFH:		2017Q4
  Differential Revision:	https://reviews.freebsd.org/D13486