Avoid CVE-2016-4450 (NULL dereference while saving client body to

temporary file). Bump revision.

2 files changed, 19 insertions, 2 deletions

diff --git a/www/nginx/Makefile b/www/nginx/Makefile
index 1e0365dc22e..68482ad6605 100644
--- a/www/nginx/Makefile
+++ b/www/nginx/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.63 2016/03/05 11:29:38 jperkin Exp $
+# $NetBSD: Makefile,v 1.64 2016/05/31 19:44:47 joerg Exp $
 
 DISTNAME=		nginx-1.8.1
 MAINTAINER=		joerg@NetBSD.org
 
-PKGREVISION= 1
+PKGREVISION= 2
 .include "../../www/nginx/Makefile.common"
diff --git a/www/nginx/patches/patch-src_os_unix_ngx__files.c b/www/nginx/patches/patch-src_os_unix_ngx__files.c
new file mode 100644
index 00000000000..0585c479649
--- /dev/null
+++ b/www/nginx/patches/patch-src_os_unix_ngx__files.c
@@ -0,0 +1,17 @@
+$NetBSD: patch-src_os_unix_ngx__files.c,v 1.1 2016/05/31 19:44:47 joerg Exp $
+
+--- src/os/unix/ngx_files.c.orig	2016-01-26 14:39:33.000000000 +0000
++++ src/os/unix/ngx_files.c
+@@ -292,6 +292,12 @@ ngx_write_chain_to_file(ngx_file_t *file
+         /* create the iovec and coalesce the neighbouring bufs */
+ 
+         while (cl && vec.nelts < IOV_MAX) {
++
++            if (ngx_buf_special(cl->buf)) {
++                cl = cl->next;
++                continue;
++            }
++
+             if (prev == cl->buf->pos) {
+                 iov->iov_len += cl->buf->last - cl->buf->pos;
+