git: 186e88aeb1d0 - main - www/nginx-devel: security update from 1.23.1 to 1.23.2

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Sergey A. Osokin <osa_at_FreeBSD.org>
Date: Wed, 19 Oct 2022 13:56:10 UTC
The branch main has been updated by osa:

URL: https://cgit.FreeBSD.org/ports/commit/?id=186e88aeb1d055bf812a4d03f7ffd03bf16930c3

commit 186e88aeb1d055bf812a4d03f7ffd03bf16930c3
Author:     Sergey A. Osokin <osa@FreeBSD.org>
AuthorDate: 2022-10-19 13:55:28 +0000
Commit:     Sergey A. Osokin <osa@FreeBSD.org>
CommitDate: 2022-10-19 13:55:28 +0000

    www/nginx-devel: security update from 1.23.1 to 1.23.2
    
    <Changelog>
    
    *) Security: processing of a specially crafted mp4 file by the
       ngx_http_mp4_module might cause a worker process crash, worker
       process memory disclosure, or might have potential other impact
       (CVE-2022-41741, CVE-2022-41742).
    
    *) Feature: the "$proxy_protocol_tlv_..." variables.
    
    *) Feature: TLS session tickets encryption keys are now automatically
       rotated when using shared memory in the "ssl_session_cache"
       directive.
    
    *) Change: the logging level of the "bad record type" SSL errors has
       been lowered from "crit" to "info".
       Thanks to Murilo Andrade.
    
    *) Change: now when using shared memory in the "ssl_session_cache"
       directive the "could not allocate new session" errors are logged at
       the "warn" level instead of "alert" and not more often than once per
       second.
    
    *) Bugfix: nginx/Windows could not be built with OpenSSL 3.0.x.
    
    *) Bugfix: in logging of the PROXY protocol errors.
       Thanks to Sergey Brester.
    
    *) Workaround: shared memory from the "ssl_session_cache" directive was
       spent on sessions using TLS session tickets when using TLSv1.3 with
       OpenSSL.
    
    *) Workaround: timeout specified with the "ssl_session_timeout"
       directive did not work when using TLSv1.3 with OpenSSL or BoringSSL.
    
    </Changelog>
---
 www/nginx-devel/Makefile | 3 +--
 www/nginx-devel/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/www/nginx-devel/Makefile b/www/nginx-devel/Makefile
index 436c7c2fc69a..2a42f7fa9678 100644
--- a/www/nginx-devel/Makefile
+++ b/www/nginx-devel/Makefile
@@ -1,6 +1,5 @@
 PORTNAME?=	nginx
-PORTVERSION=	1.23.1
-PORTREVISION=	9
+PORTVERSION=	1.23.2
 CATEGORIES=	www
 MASTER_SITES=	https://nginx.org/download/ \
 		LOCAL/osa
diff --git a/www/nginx-devel/distinfo b/www/nginx-devel/distinfo
index 3570524d69ef..ccff05ca16c3 100644
--- a/www/nginx-devel/distinfo
+++ b/www/nginx-devel/distinfo
@@ -1,6 +1,6 @@
-TIMESTAMP = 1664902607
-SHA256 (nginx-1.23.1.tar.gz) = 5eee1bd1c23e3b9477a45532f1f36ae6178b43d571a9607e6953cef26d5df1e2
-SIZE (nginx-1.23.1.tar.gz) = 1104352
+TIMESTAMP = 1666186414
+SHA256 (nginx-1.23.2.tar.gz) = a80cc272d3d72aaee70aa8b517b4862a635c0256790434dbfc4d618a999b0b46
+SIZE (nginx-1.23.2.tar.gz) = 1108243
 SHA256 (nginx_mogilefs_module-1.0.4.tar.gz) = 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae
 SIZE (nginx_mogilefs_module-1.0.4.tar.gz) = 11208
 SHA256 (nginx_mod_h264_streaming-2.2.7.tar.gz) = 6d974ba630cef59de1f60996c66b401264a345d25988a76037c2856cec756c19