dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

nginx: 1.26.0 -> 1.26.1

Browse Source 
Fixes CVE-2024-32760, CVE-2024-31079, CVE-2024-35200 and CVE-2024-34161.
Note that the `nginxQuic` derivation rely on `nginxMainline`.

Changes:
```
Changes with nginx 1.26.1                                        29 May 2024

    *) Security: when using HTTP/3, processing of a specially crafted QUIC
       session might cause a worker process crash, worker process memory
       disclosure on systems with MTU larger than 4096 bytes, or might have
       potential other impact (CVE-2024-32760, CVE-2024-31079,
       CVE-2024-35200, CVE-2024-34161).
       Thanks to Nils Bars of CISPA.

    *) Bugfix: reduced memory consumption for long-lived requests if "gzip",
       "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.

    *) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
       option was used.
       Thanks to Edgar Bonet.

    *) Bugfix: in HTTP/3.

```
This commit is contained in:
Thomas Gerbet 2024-05-31 11:30:28 +02:00
parent c7e65c09b0
commit 25e4a15f2a
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkgs/servers/http/nginx/stable.nix
View File

@ -1,6 +1,6 @@
{ callPackage, ... } @ args:
callPackage ./generic.nix args {
version = "1.26.0";
hash = "sha256-0ubIQ51sbbUBXY6qskcKtSrvhae/NjGCh5l34IQ3BJc=";
version = "1.26.1";
hash = "sha256-+Rh0aP8usVkmC/1Thnwl/44zRyYjes8ie56HDlPT42s=";
}