Wednesday, October 19, 2022

security update www/nginx to 1.22.1

Index: Makefile
===================================================================
RCS file: /cvs/ports/www/nginx/Makefile,v
retrieving revision 1.164
diff -u -p -r1.164 Makefile
--- Makefile 29 Aug 2022 19:15:18 -0000 1.164
+++ Makefile 19 Oct 2022 16:22:00 -0000
@@ -15,7 +15,7 @@ COMMENT-passenger= nginx passenger (ruby
COMMENT-rtmp= nginx module for RTMP streaming
COMMENT-securelink= nginx HMAC secure link module

-VERSION= 1.22.0
+VERSION= 1.22.1
DISTNAME= nginx-${VERSION}
CATEGORIES= www

Index: distinfo
===================================================================
RCS file: /cvs/ports/www/nginx/distinfo,v
retrieving revision 1.79
diff -u -p -r1.79 distinfo
--- distinfo 30 May 2022 08:17:34 -0000 1.79
+++ distinfo 19 Oct 2022 16:22:00 -0000
@@ -2,7 +2,7 @@ SHA256 (headers-more-nginx-module-v0.33.
SHA256 (lua-nginx-module-v0.10.11.tar.gz) = wPuR/P0cbn3sNMpkgm74H/66/e9hdNJURnY284BWZiY=
SHA256 (naxsi-1.3.tar.gz) = Q5yGdzctJZe0Ngu8wQvIZJDeH8dWlbGTrV3xVKIU1ig=
SHA256 (nginx-1.20.1-chroot.patch) = SS1TB0j8N4/dn5pUTGT6WvkN3aAUuKz5+R0Nt+MG0gk=
-SHA256 (nginx-1.22.0.tar.gz) = sz1Wmm8RoBQzpXzhfoOTXpU61Nx3zdTUD4lsiKwm61M=
+SHA256 (nginx-1.22.1.tar.gz) = nrszOp6CuVKs0+K0rrHU/2QG9ySRurbNn+afDepzfzE=
SHA256 (nginx-auth-ldap-83c059b73566c2ee9cbda920d91b66657cf120b7.tar.gz) = aQxOW9sq4ZsP7nXNNW0YATRo20cmFrYJeloLvjRshGQ=
SHA256 (nginx-rtmp-module-v1.2.1.tar.gz) = h6pZdACwtaBSdO4tI9jLgiThJoYiegq+MdeDs6ZF6jc=
SHA256 (ngx_devel_kit-v0.3.0.tar.gz) = iOBamainQZBm9a51lm+x78QJutRSLRSYbaB0VUrmFhk=
@@ -12,7 +12,7 @@ SIZE (headers-more-nginx-module-v0.33.ta
SIZE (lua-nginx-module-v0.10.11.tar.gz) = 616653
SIZE (naxsi-1.3.tar.gz) = 235626
SIZE (nginx-1.20.1-chroot.patch) = 8783
-SIZE (nginx-1.22.0.tar.gz) = 1073322
+SIZE (nginx-1.22.1.tar.gz) = 1073948
SIZE (nginx-auth-ldap-83c059b73566c2ee9cbda920d91b66657cf120b7.tar.gz) = 18542
SIZE (nginx-rtmp-module-v1.2.1.tar.gz) = 519919
SIZE (ngx_devel_kit-v0.3.0.tar.gz) = 66455
Hi,

could you please review the following changes for the security
update www/nginx to the recent stable version, 1.22.1.

Here's the commit message.
---------------------------------------------------------------
www/nginx: security update 1.22.0 -> 1.22.1

<ChangeLog>

*) Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash, worker
process memory disclosure, or might have potential other impact
(CVE-2022-41741, CVE-2022-41742).

</ChangeLog>
---------------------------------------------------------------

Thank you.

--
Sergey A. Osokin

No comments:

Post a Comment