pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/nginx Upgrade to nginx-1.6.2 to fix security vulne...

details:   https://anonhg.NetBSD.org/pkgsrc/rev/f2760427df36
branches:  trunk
changeset: 639723:f2760427df36
user:      kim <kim%pkgsrc.org@localhost>
date:      Wed Sep 24 05:42:48 2014 +0000

description:
Upgrade to nginx-1.6.2 to fix security vulnerability CVE-2014-3616.
Restore module checksums that were lost in last update.

Changes with nginx 1.6.2                                         16 Sep 2014

    *) Security: it was possible to reuse SSL sessions in unrelated contexts
       if a shared SSL session cache or the same TLS session ticket key was
       used for multiple "server" blocks (CVE-2014-3616).
       Thanks to Antoine Delignat-Lavaud.

    *) Bugfix: requests might hang if resolver was used and a DNS server
       returned a malformed response; the bug had appeared in 1.5.8.

    *) Bugfix: requests might hang if resolver was used and a timeout
       occurred during a DNS request.

diffstat:

 www/nginx/Makefile |   4 ++--
 www/nginx/distinfo |  41 +++++++++++++++++++++++++++++++++++++----
 2 files changed, 39 insertions(+), 6 deletions(-)

diffs (60 lines):

diff -r 4a8bdfe58928 -r f2760427df36 www/nginx/Makefile
--- a/www/nginx/Makefile        Wed Sep 24 01:07:19 2014 +0000
+++ b/www/nginx/Makefile        Wed Sep 24 05:42:48 2014 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.56 2014/08/07 05:05:50 rodent Exp $
+# $NetBSD: Makefile,v 1.57 2014/09/24 05:42:48 kim Exp $
 
-DISTNAME=              nginx-1.6.1
+DISTNAME=              nginx-1.6.2
 MAINTAINER=            joerg%NetBSD.org@localhost
 
 .include "../../www/nginx/Makefile.common"
diff -r 4a8bdfe58928 -r f2760427df36 www/nginx/distinfo
--- a/www/nginx/distinfo        Wed Sep 24 01:07:19 2014 +0000
+++ b/www/nginx/distinfo        Wed Sep 24 05:42:48 2014 +0000
@@ -1,7 +1,40 @@
-$NetBSD: distinfo,v 1.43 2014/08/07 05:05:50 rodent Exp $
+$NetBSD: distinfo,v 1.44 2014/09/24 05:42:48 kim Exp $
 
-SHA1 (nginx-1.6.1.tar.gz) = e58c865f67b580541ed4eadf69d1676762bf50ab
-RMD160 (nginx-1.6.1.tar.gz) = ee8b8ed7c670cb950b8bb59432fd04d65f7656a6
-Size (nginx-1.6.1.tar.gz) = 803301 bytes
+SHA1 (array-var-nginx-module-0.03.tar.gz) = b2666aa3c092060fcd3931a6d45798a5745c1ad6
+RMD160 (array-var-nginx-module-0.03.tar.gz) = 171c2d9bd02d7a7ede9f87ab348ef035cea14aec
+Size (array-var-nginx-module-0.03.tar.gz) = 9520 bytes
+SHA1 (echo-nginx-module-0.51.tar.gz) = 127d011f146a7e611f328cd4f2f29cdde1227f07
+RMD160 (echo-nginx-module-0.51.tar.gz) = 79bb11c34735381a5a90176eb4d07dec8b469ab4
+Size (echo-nginx-module-0.51.tar.gz) = 63460 bytes
+SHA1 (encrypted-session-nginx-module-0.03.tar.gz) = b33a74b83a200299fe80a2441b4cc014fab02a6a
+RMD160 (encrypted-session-nginx-module-0.03.tar.gz) = 89cab2054f95e1017c109238d399afe23ce499e6
+Size (encrypted-session-nginx-module-0.03.tar.gz) = 8949 bytes
+SHA1 (form-input-nginx-module-0.07.tar.gz) = 4f68ad4b6b19f313582523585aee4e4473666ea3
+RMD160 (form-input-nginx-module-0.07.tar.gz) = 1d543c15c1ced82497987b7fd71d79d7c818b9bf
+Size (form-input-nginx-module-0.07.tar.gz) = 10563 bytes
+SHA1 (headers-more-nginx-module-0.25.tar.gz) = 514bc3df30b24eb0a06533f1ebaa579b898990f5
+RMD160 (headers-more-nginx-module-0.25.tar.gz) = 8270edae05b2cf24f1d46fb1b217d4943bf56372
+Size (headers-more-nginx-module-0.25.tar.gz) = 27973 bytes
+SHA1 (lua-nginx-module-0.9.5.tar.gz) = c9c752461f407ccae40870d4cabfbf2bd8c81bac
+RMD160 (lua-nginx-module-0.9.5.tar.gz) = 180331a69680278bac26f0a9ccd0de52fd88a7ea
+Size (lua-nginx-module-0.9.5.tar.gz) = 476124 bytes
+SHA1 (naxsi-0.53-2.tar.gz) = e29101b3193f434e4ec503671c41d0bacc64ff39
+RMD160 (naxsi-0.53-2.tar.gz) = 198ff9d2faf55ce3ed72332615f9e555e3afc155
+Size (naxsi-0.53-2.tar.gz) = 165690 bytes
+SHA1 (nginx-1.6.2.tar.gz) = 1a5458bc15acf90eea16353a1dd17285cf97ec35
+RMD160 (nginx-1.6.2.tar.gz) = 58704be748781db2bcd67e5bad842f5ff8c55326
+Size (nginx-1.6.2.tar.gz) = 804164 bytes
+SHA1 (nginx_http_push_module-0.692.tar.gz) = 72103084cad8f4d3d9a49a6b04cf780e4541605d
+RMD160 (nginx_http_push_module-0.692.tar.gz) = 9d2be16074cf28115af0f1d8f3646937cda649ad
+Size (nginx_http_push_module-0.692.tar.gz) = 29119 bytes
+SHA1 (nginx_upload_module-2.2.0.tar.gz) = 93d6e83e613a0ce2ed057a434b344fa1b6609b47
+RMD160 (nginx_upload_module-2.2.0.tar.gz) = 5734af837be3fe8ec444a7e5e7f6707118594098
+Size (nginx_upload_module-2.2.0.tar.gz) = 25796 bytes
+SHA1 (ngx_devel_kit-0.2.19.tar.gz) = 888635e80a8a0e6242b8e9b684ff60ffa70845a2
+RMD160 (ngx_devel_kit-0.2.19.tar.gz) = 64d3737bc4cc948c1363cce80d70e5260878811e
+Size (ngx_devel_kit-0.2.19.tar.gz) = 65029 bytes
+SHA1 (set-misc-nginx-module-0.24.tar.gz) = da404a7dac5fa4a0a86f42b4ec7648b607f4cd66
+RMD160 (set-misc-nginx-module-0.24.tar.gz) = 07d0bb8f2a0840534a82a2d18394163342393cef
+Size (set-misc-nginx-module-0.24.tar.gz) = 40397 bytes
 SHA1 (patch-aa) = 47f0c19b47b115f00ea6e9432d5bb12058c3bc1c
 SHA1 (patch-ab) = 0925a163db1ec36142fc3c32545f0abc1c5545c8
Home | Main Index | Thread Index | Old Index