From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] nginx: Update to version 1.26.1 Date: Sun, 21 Jul 2024 13:41:22 +0200 Message-ID: <20240721114122.3447601-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2779724361254730433==" List-Id: --===============2779724361254730433== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable - Update from version 1.24.0 to 1.26.1 - Update of rootfile not required - Version 1.24.0 is now a legacy version, no longer being supported. Stable v= ersion has changed to 1.26.x series. - Various CVE fixes in 1.26.1 and in 1.25.4, the development branch that beca= me 1.26.0, that the legacy version 1.24.0 is also vulnerable to. - Changelog 1.26.1 *) Security: when using HTTP/3, processing of a specially crafted QUIC session might cause a worker process crash, worker process memory disclosure on systems with MTU larger than 4096 bytes, or might have potential other impact (CVE-2024-32760, CVE-2024-31079, CVE-2024-35200, CVE-2024-34161). *) Bugfix: reduced memory consumption for long-lived requests if "gzip", "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used. *) Bugfix: nginx could not be built by gcc 14 if the --with-atomic option was used. *) Bugfix: in HTTP/3. 1.26.0 *) 1.26.x stable branch. 1.25.5 *) Feature: virtual servers in the stream module. *) Feature: the ngx_stream_pass_module. *) Feature: the "deferred", "accept_filter", and "setfib" parameters of the "listen" directive in the stream module. *) Feature: cache line size detection for some architectures. *) Feature: support for Homebrew on Apple Silicon. *) Bugfix: Windows cross-compilation bugfixes and improvements. *) Bugfix: unexpected connection closure while using 0-RTT in QUIC. 1.25.4 *) Security: when using HTTP/3 a segmentation fault might occur in a worker process while processing a specially crafted QUIC session (CVE-2024-24989, CVE-2024-24990). *) Bugfix: connections with pending AIO operations might be closed prematurely during graceful shutdown of old worker processes. *) Bugfix: socket leak alerts no longer logged when fast shutdown was requested after graceful shutdown of old worker processes. *) Bugfix: a socket descriptor error, a socket leak, or a segmentation fault in a worker process (for SSL proxying) might occur if AIO was used in a subrequest. *) Bugfix: a segmentation fault might occur in a worker process if SSL proxying was used along with the "image_filter" directive and errors with code 415 were redirected with the "error_page" directive. *) Bugfixes and improvements in HTTP/3. 1.25.3 *) Change: improved detection of misbehaving clients when using HTTP/2. *) Feature: startup speedup when using a large number of locations. Thanks to Yusuke Nojima. *) Bugfix: a segmentation fault might occur in a worker process when using HTTP/2 without SSL; the bug had appeared in 1.25.1. *) Bugfix: the "Status" backend response header line with an empty reason phrase was handled incorrectly. *) Bugfix: memory leak during reconfiguration when using the PCRE2 library. *) Bugfixes and improvements in HTTP/3. 1.25.2 *) Feature: path MTU discovery when using HTTP/3. *) Feature: TLS_AES_128_CCM_SHA256 cipher suite support when using HTTP/3. *) Change: now nginx uses appname "nginx" when loading OpenSSL configuration. *) Change: now nginx does not try to load OpenSSL configuration if the --with-openssl option was used to built OpenSSL and the OPENSSL_CONF environment variable is not set. *) Bugfix: in the $body_bytes_sent variable when using HTTP/3. *) Bugfix: in HTTP/3. 1.25.1 *) Feature: the "http2" directive, which enables HTTP/2 on a per-server basis; the "http2" parameter of the "listen" directive is now deprecated. *) Change: HTTP/2 server push support has been removed. *) Change: the deprecated "ssl" directive is not supported anymore. *) Bugfix: in HTTP/3 when using OpenSSL. 1.25.0 *) Feature: experimental HTTP/3 support. Signed-off-by: Adolf Belka --- lfs/nginx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lfs/nginx b/lfs/nginx index ef314a177..c344b2955 100644 --- a/lfs/nginx +++ b/lfs/nginx @@ -1,7 +1,7 @@ ############################################################################= ### # = # # IPFire.org - A linux based firewall = # -# Copyright (C) 2007-2023 IPFire Team = # +# Copyright (C) 2007-2024 IPFire Team = # # = # # This program is free software: you can redistribute it and/or modify = # # it under the terms of the GNU General Public License as published by = # @@ -25,7 +25,7 @@ include Config =20 SUMMARY =3D A HTTP server and IMAP/POP3 proxy server -VER =3D 1.24.0 +VER =3D 1.26.1 =20 THISAPP =3D nginx-$(VER) DL_FILE =3D $(THISAPP).tar.gz @@ -33,7 +33,7 @@ DL_FROM =3D $(URL_IPFIRE) DIR_APP =3D $(DIR_SRC)/$(THISAPP) TARGET =3D $(DIR_INFO)/$(THISAPP) PROG =3D nginx -PAK_VER =3D 15 +PAK_VER =3D 16 =20 DEPS =3D =20 @@ -47,7 +47,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_BLAKE2 =3D 7f671c57666dec822bff72fcf0e4eec35ecf981b8f1e489827f9bb= bf9179036f61c9fdc7e497c076ccaeb35b9ba3dfe7684e4fc91ee9cae52601f68859bb034d +$(DL_FILE)_BLAKE2 =3D 5df95f6771a93009f5bd1a4038857c29af580d18af841e8cffe073= 339578b3ae0492d3a4cc797cac03a1039096ac5206ed1fa01da11c98591bce2cc4b2d18679 =20 install : $(TARGET) =20 --=20 2.45.2 --===============2779724361254730433==--