patch: added security patch for ngx_http_mp4_module (CVE-2018-16845).

Bumped release number to v1.13.6.3.

patches/patch.2018.mp4.txt

@@ -0,0 +1,16 @@
+--- src/http/modules/ngx_http_mp4_module.c
++++ src/http/modules/ngx_http_mp4_module.c
+@@ -942,6 +942,13 @@ ngx_http_mp4_read_atom(ngx_http_mp4_file
+                 atom_size = ngx_mp4_get_64value(atom_header + 8);
+                 atom_header_size = sizeof(ngx_mp4_atom_header64_t);
+ 
++                if (atom_size < sizeof(ngx_mp4_atom_header64_t)) {
++                    ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                                  "\"%s\" mp4 atom is too small:%uL",
++                                  mp4->file.name.data, atom_size);
++                    return NGX_ERROR;
++                }
++
+             } else {
+                 ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+                               "\"%s\" mp4 atom is too small:%uL",

util/mirror-tarballs

@@ -396,6 +396,20 @@ if [ "$main_ver" = "1.13.6" ]; then
     echo
 fi
 
+answer=`$root/util/ver-ge "$main_ver" 1.14.1`
+if [ "$answer" = "N" ]; then
+    echo "$info_txt applying the patch for nginx security advisory (CVE-2018-16845)"
+    patch -p0 < $root/patches/patch.2018.mp4.txt || exit 1
+    echo
+else
+    answer=`$root/util/ver-ge "$main_ver" 1.15.6`
+    if [ "$answer" = "N" ]; then
+        echo "$info_txt applying the patch for nginx security advisory (CVE-2018-16845)"
+        patch -p0 < $root/patches/patch.2018.mp4.txt || exit 1
+        echo
+    fi
+fi
+
 rm -f *.patch || exit 1
 
 echo "$info_txt applying the always_enable_cc_feature_tests patch to nginx"

util/ver

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 main_ver=1.13.6
-minor_ver=2
+minor_ver=3
 version=$main_ver.$minor_ver
 echo $version