pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/nginx-devel www/nginx-devel: security update 1.23....

details:   https://anonhg.NetBSD.org/pkgsrc/rev/33d7e6769f6b
branches:  trunk
changeset: 387004:33d7e6769f6b
user:      osa <osa%pkgsrc.org@localhost>
date:      Wed Oct 19 14:10:24 2022 +0000

description:
www/nginx-devel: security update 1.23.1 -> 1.23.2

<ChangeLog>

*) Security: processing of a specially crafted mp4 file by the
   ngx_http_mp4_module might cause a worker process crash, worker
   process memory disclosure, or might have potential other impact
   (CVE-2022-41741, CVE-2022-41742).

*) Feature: the "$proxy_protocol_tlv_..." variables.

*) Feature: TLS session tickets encryption keys are now automatically
   rotated when using shared memory in the "ssl_session_cache"
   directive.

*) Change: the logging level of the "bad record type" SSL errors has
   been lowered from "crit" to "info".
   Thanks to Murilo Andrade.

*) Change: now when using shared memory in the "ssl_session_cache"
   directive the "could not allocate new session" errors are logged at
   the "warn" level instead of "alert" and not more often than once per
   second.

*) Bugfix: nginx/Windows could not be built with OpenSSL 3.0.x.

*) Bugfix: in logging of the PROXY protocol errors.
   Thanks to Sergey Brester.

*) Workaround: shared memory from the "ssl_session_cache" directive was
   spent on sessions using TLS session tickets when using TLSv1.3 with
   OpenSSL.

*) Workaround: timeout specified with the "ssl_session_timeout"
   directive did not work when using TLSv1.3 with OpenSSL or BoringSSL.

</ChangeLog>

diffstat:

 www/nginx-devel/Makefile |  5 ++---
 www/nginx-devel/distinfo |  8 ++++----
 2 files changed, 6 insertions(+), 7 deletions(-)

diffs (35 lines):

diff -r acf367b731a4 -r 33d7e6769f6b www/nginx-devel/Makefile
--- a/www/nginx-devel/Makefile  Wed Oct 19 14:10:03 2022 +0000
+++ b/www/nginx-devel/Makefile  Wed Oct 19 14:10:24 2022 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.90 2022/09/25 15:10:11 osa Exp $
+# $NetBSD: Makefile,v 1.91 2022/10/19 14:10:24 osa Exp $
 
-DISTNAME=      nginx-1.23.1
-PKGREVISION=   2
+DISTNAME=      nginx-1.23.2
 PKGNAME=       ${DISTNAME:S/-/-devel-/1}
 CATEGORIES=    www
 MASTER_SITES=  https://nginx.org/download/
diff -r acf367b731a4 -r 33d7e6769f6b www/nginx-devel/distinfo
--- a/www/nginx-devel/distinfo  Wed Oct 19 14:10:03 2022 +0000
+++ b/www/nginx-devel/distinfo  Wed Oct 19 14:10:24 2022 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.84 2022/09/25 15:10:11 osa Exp $
+$NetBSD: distinfo,v 1.85 2022/10/19 14:10:24 osa Exp $
 
 BLAKE2s (array-var-nginx-module-0.05.tar.gz) = 2f9af1e0eb209b7c20aa58cd8ec2afb1eb1cc122c5f4ea169e34131c463c1c26
 SHA512 (array-var-nginx-module-0.05.tar.gz) = 7c9fa9b76bc7cd2473ceae6d5ffb8de26993be9293ea967908d6c4550e086affa7016df4c936fb0b79f1142dc0aa1a5f2058d417e6433b5a3497a45d7e866e84
@@ -21,9 +21,9 @@
 BLAKE2s (nchan-1.3.0.tar.gz) = fd45ccebd86c9808522dabefb8c202747f428ed04b46225282f344fbfd52f0b2
 SHA512 (nchan-1.3.0.tar.gz) = c8cd3eb0b06fc0f17b5a9013d32f5a6d5a8252015b3ac27fbf74a7a1b97bc7ae78c5c8cdd7372e36f5f9d137b59635f007d836746282c85c4a972b6984ba2bef
 Size (nchan-1.3.0.tar.gz) = 745161 bytes
-BLAKE2s (nginx-1.23.1.tar.gz) = c4703fa30a7e41510b2dba8381adc1ec49b8219b4d6856a3267bb7005f433ed2
-SHA512 (nginx-1.23.1.tar.gz) = 62d6b3d5282f4e4cc23adf23b3dc26e06fc4574cae3c18381c406d0cf0f8c68e7dfa86af0c3c1c1485214c548f3b45015eb219e62bfe04e0aaa5edaad82e6706
-Size (nginx-1.23.1.tar.gz) = 1104352 bytes
+BLAKE2s (nginx-1.23.2.tar.gz) = d566d6b784d87843372aedf282ba1137bf1a07113ee882892ab05b7775f8c637
+SHA512 (nginx-1.23.2.tar.gz) = 4a5413c0ec251c02fb73dfb4d351045f857a36d45ebb7ae2c29f4a4f320a6543d0a049b147b08318de0b7b0406773c329dbf43bf98bb088f76e506ea532cd8ef
+Size (nginx-1.23.2.tar.gz) = 1108243 bytes
 BLAKE2s (nginx-dav-ext-module-3.0.0.tar.gz) = 8e823ffd605d4fca00eb3ca92a0954ca35fb178397e0b990fea7d47580ee582f
 SHA512 (nginx-dav-ext-module-3.0.0.tar.gz) = d0193ba90f1ef46c4e470630c4394bdf99d94fd2e3bd8be6cb2ba1655ec59944b1269025f032b79dc2c6dad366e54389ef6a6da2ddeb91d535a4027f2162fbde
 Size (nginx-dav-ext-module-3.0.0.tar.gz) = 14558 bytes
Home | Main Index | Thread Index | Old Index