diff -Nru --exclude changelog --exclude changelog nginx-1.0.5/debian/modules/nginx-lua/.gitmodules nginx-1.0.5/debian/modules/nginx-lua/.gitmodules --- nginx-1.0.5/debian/modules/nginx-lua/.gitmodules 2011-03-21 23:13:46.000000000 -0400 +++ nginx-1.0.5/debian/modules/nginx-lua/.gitmodules 1969-12-31 19:00:00.000000000 -0500 @@ -1,3 +0,0 @@ -[submodule "deps/ngx_devel_kit"] - path = deps/ngx_devel_kit - url = git://github.com/simpl/ngx_devel_kit.git diff -Nru --exclude changelog --exclude changelog nginx-1.0.5/debian/patches/cve-2011-4315.patch nginx-1.0.5/debian/patches/cve-2011-4315.patch --- nginx-1.0.5/debian/patches/cve-2011-4315.patch 1969-12-31 19:00:00.000000000 -0500 +++ nginx-1.0.5/debian/patches/cve-2011-4315.patch 2012-05-19 14:16:10.000000000 -0400 @@ -0,0 +1,30 @@ +--- a/src/core/ngx_resolver.c ++++ b/src/core/ngx_resolver.c +@@ -1922,7 +1922,13 @@ + n = *src++; + + for ( ;; ) { +- if (n != 0xc0) { ++ if (n & 0xc0) { ++ n = ((n & 0x3f) << 8) + *src; ++ src = &buf[n]; ++ ++ n = *src++; ++ ++ } else { + ngx_memcpy(dst, src, n); + dst += n; + src += n; +@@ -1932,12 +1938,6 @@ + if (n != 0) { + *dst++ = '.'; + } +- +- } else { +- n = ((n & 0x3f) << 8) + *src; +- src = &buf[n]; +- +- n = *src++; + } + + if (n == 0) { diff -Nru --exclude changelog --exclude changelog nginx-1.0.5/debian/patches/cve-2012-1180.patch nginx-1.0.5/debian/patches/cve-2012-1180.patch --- nginx-1.0.5/debian/patches/cve-2012-1180.patch 1969-12-31 19:00:00.000000000 -0500 +++ nginx-1.0.5/debian/patches/cve-2012-1180.patch 2012-05-19 17:49:46.000000000 -0400 @@ -0,0 +1,114 @@ +--- a/src/http/modules/ngx_http_fastcgi_module.c ++++ b/src/http/modules/ngx_http_fastcgi_module.c +@@ -1433,11 +1433,10 @@ + h->value.data = h->key.data + h->key.len + 1; + h->lowcase_key = h->key.data + h->key.len + 1 + + h->value.len + 1; +- +- ngx_cpystrn(h->key.data, r->header_name_start, +- h->key.len + 1); +- ngx_cpystrn(h->value.data, r->header_start, +- h->value.len + 1); ++ ngx_memcpy(h->key.data, r->header_name_start, h->key.len); ++ h->key.data[h->key.len] = '\0'; ++ ngx_memcpy(h->value.data, r->header_start, h->value.len); ++ h->value.data[h->value.len] = '\0'; + } + + h->hash = r->header_hash; +--- a/src/http/modules/ngx_http_proxy_module.c ++++ b/src/http/modules/ngx_http_proxy_module.c +@@ -1276,8 +1276,10 @@ + h->value.data = h->key.data + h->key.len + 1; + h->lowcase_key = h->key.data + h->key.len + 1 + h->value.len + 1; + +- ngx_cpystrn(h->key.data, r->header_name_start, h->key.len + 1); +- ngx_cpystrn(h->value.data, r->header_start, h->value.len + 1); ++ ngx_memcpy(h->key.data, r->header_name_start, h->key.len); ++ h->key.data[h->key.len] = '\0'; ++ ngx_memcpy(h->value.data, r->header_start, h->value.len); ++ h->value.data[h->value.len] = '\0'; + + if (h->key.len == r->lowcase_index) { + ngx_memcpy(h->lowcase_key, r->lowcase_header, h->key.len); +--- a/src/http/modules/ngx_http_scgi_module.c ++++ b/src/http/modules/ngx_http_scgi_module.c +@@ -879,8 +879,10 @@ + h->value.data = h->key.data + h->key.len + 1; + h->lowcase_key = h->key.data + h->key.len + 1 + h->value.len + 1; + +- ngx_cpystrn(h->key.data, r->header_name_start, h->key.len + 1); +- ngx_cpystrn(h->value.data, r->header_start, h->value.len + 1); ++ ngx_memcpy(h->key.data, r->header_name_start, h->key.len); ++ h->key.data[h->key.len] = '\0'; ++ ngx_memcpy(h->value.data, r->header_start, h->value.len); ++ h->value.data[h->value.len] = '\0'; + + if (h->key.len == r->lowcase_index) { + ngx_memcpy(h->lowcase_key, r->lowcase_header, h->key.len); +--- a/src/http/modules/ngx_http_uwsgi_module.c ++++ b/src/http/modules/ngx_http_uwsgi_module.c +@@ -929,8 +929,10 @@ + h->value.data = h->key.data + h->key.len + 1; + h->lowcase_key = h->key.data + h->key.len + 1 + h->value.len + 1; + +- ngx_cpystrn(h->key.data, r->header_name_start, h->key.len + 1); +- ngx_cpystrn(h->value.data, r->header_start, h->value.len + 1); ++ ngx_memcpy(h->key.data, r->header_name_start, h->key.len); ++ h->key.data[h->key.len] = '\0'; ++ ngx_memcpy(h->value.data, r->header_start, h->value.len); ++ h->value.data[h->value.len] = '\0'; + + if (h->key.len == r->lowcase_index) { + ngx_memcpy(h->lowcase_key, r->lowcase_header, h->key.len); +--- a/src/http/ngx_http_parse.c ++++ b/src/http/ngx_http_parse.c +@@ -813,6 +813,10 @@ + break; + } + ++ if (ch == '\0') { ++ return NGX_HTTP_PARSE_INVALID_HEADER; ++ } ++ + r->invalid_header = 1; + + break; +@@ -875,6 +879,10 @@ + break; + } + ++ if (ch == '\0') { ++ return NGX_HTTP_PARSE_INVALID_HEADER; ++ } ++ + r->invalid_header = 1; + + break; +@@ -893,6 +901,8 @@ + r->header_start = p; + r->header_end = p; + goto done; ++ case '\0': ++ return NGX_HTTP_PARSE_INVALID_HEADER; + default: + r->header_start = p; + state = sw_value; +@@ -914,6 +924,8 @@ + case LF: + r->header_end = p; + goto done; ++ case '\0': ++ return NGX_HTTP_PARSE_INVALID_HEADER; + } + break; + +@@ -927,6 +939,8 @@ + break; + case LF: + goto done; ++ case '\0': ++ return NGX_HTTP_PARSE_INVALID_HEADER; + default: + state = sw_value; + break; diff -Nru --exclude changelog --exclude changelog nginx-1.0.5/debian/patches/series nginx-1.0.5/debian/patches/series --- nginx-1.0.5/debian/patches/series 2011-04-12 14:43:22.000000000 -0400 +++ nginx-1.0.5/debian/patches/series 2012-05-19 14:18:36.000000000 -0400 @@ -1 +1,3 @@ 607418-ipv6-addresses.diff +cve-2011-4315.patch +cve-2012-1180.patch