2 files changed, 25 insertions, 1 deletions

diff --git a/www/nginx/distinfo b/www/nginx/distinfo
index c81acd97888..0615cd4c004 100644
--- a/www/nginx/distinfo
+++ b/www/nginx/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.70 2019/08/15 08:06:29 adam Exp $
+$NetBSD: distinfo,v 1.70.6.1 2020/01/27 09:35:13 bsiegert Exp $
 
 SHA1 (array-var-nginx-module-0.05.tar.gz) = c69fac77814947009ab783a471783b3c95a63a26
 RMD160 (array-var-nginx-module-0.05.tar.gz) = 89bd4efc04864e3e90781588a337338951ec8733
@@ -53,3 +53,4 @@ SHA1 (patch-ab) = 7d126a4372aa8575ef01a4bfd9aec9898861c763
 SHA1 (patch-auto_cc_conf) = 5e6a479ba419cd16dedeb3b4c47dc685d126ef6a
 SHA1 (patch-auto_lib_pcre_conf) = 8cf03fe38e7f75ef6892cc8b93be5cb18c381e97
 SHA1 (patch-src_event_modules_ngx__eventport__module.c) = c8e919f48d68bd5bffc4ad11d9c79dc6da3a0de2
+SHA1 (patch-src_http_ngx__http__special__response.c) = 7ac84762cc42932c43dc5191888fbe33c2125c3b
diff --git a/www/nginx/patches/patch-src_http_ngx__http__special__response.c b/www/nginx/patches/patch-src_http_ngx__http__special__response.c
new file mode 100644
index 00000000000..3902c4a6f66
--- /dev/null
+++ b/www/nginx/patches/patch-src_http_ngx__http__special__response.c
@@ -0,0 +1,23 @@
+$NetBSD$
+
+Discard request body when redirecting to a URL via error_page.
+
+Fixes CVE-2019-20372.
+
+https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e.patch
+
+--- src/http/ngx_http_special_response.c
++++ src/http/ngx_http_special_response.c
+@@ -623,6 +623,12 @@ ngx_http_send_error_page(ngx_http_request_t *r, ngx_http_err_page_t *err_page)
+         return ngx_http_named_location(r, &uri);
+     }
+ 
++    r->expect_tested = 1;
++
++    if (ngx_http_discard_request_body(r) != NGX_OK) {
++        r->keepalive = 0;
++    }
++
+     location = ngx_list_push(&r->headers_out.headers);
+ 
+     if (location == NULL) {