diff mbox series

[meta-webserver,2/2] nginx: upgrade 1.29.6 -> 1.29.7

Message ID 20260328073021.1895690-2-skandigraun@gmail.com
State Under Review
Headers show
Series [meta-webserver,1/2] nginx: upgrade 1.28.2 -> 1.28.3 | expand

Commit Message

Gyorgy Sarvari March 28, 2026, 7:30 a.m. UTC 
Changes:
*) Security: a buffer overflow might occur while handling a COPY or MOVE
   request in a location with "alias", allowing an attacker to modify
   the source or destination path outside of the document root
   (CVE-2026-27654).

*) Security: processing of a specially crafted mp4 file by the
   ngx_http_mp4_module on 32-bit platforms might cause a worker process
   crash, or might have potential other impact (CVE-2026-27784).

*) Security: processing of a specially crafted mp4 file by the
   ngx_http_mp4_module might cause a worker process crash, or might have
   potential other impact (CVE-2026-32647).

*) Security: a segmentation fault might occur in a worker process if the
   CRAM-MD5 or APOP authentication methods were used and authentication
   retry was enabled (CVE-2026-27651).

*) Security: an attacker might use PTR DNS records to inject data in
   auth_http requests, as well as in the XCLIENT command in the backend
   SMTP connection (CVE-2026-28753).

*) Security: SSL handshake might succeed despite OCSP rejecting a client
   certificate in the stream module (CVE-2026-28755).

*) Feature: the "multipath" parameter of the "listen" directive.

*) Feature: the "local" parameter of the "keepalive" directive in the
   "upstream" block.
*) Change: now the "keepalive" directive in the "upstream" block is
   enabled by default.
*) Change: now ngx_http_proxy_module supports keepalive by default; the
   default value for "proxy_http_version" is "1.1"; the "Connection"
   proxy header is not sent by default anymore.
*) Bugfix: an invalid HTTP/2 request might be sent after switching to
   the next upstream if buffered body was used in the
   ngx_http_grpc_module.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../recipes-httpd/nginx/{nginx_1.29.6.bb => nginx_1.29.7.bb}    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-webserver/recipes-httpd/nginx/{nginx_1.29.6.bb => nginx_1.29.7.bb} (74%)
diff mbox series

Patch

diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.29.6.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.29.7.bb
similarity index 74%
rename from meta-webserver/recipes-httpd/nginx/nginx_1.29.6.bb
rename to meta-webserver/recipes-httpd/nginx/nginx_1.29.7.bb
index a1e39b6e36..4d884fcbb3 100644
--- a/meta-webserver/recipes-httpd/nginx/nginx_1.29.6.bb
+++ b/meta-webserver/recipes-httpd/nginx/nginx_1.29.7.bb
@@ -6,5 +6,5 @@  DEFAULT_PREFERENCE = "-1"
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=79da1c70d587d3a199af9255ad393f99"
 
-SRC_URI[sha256sum] = "316f298cd9f061d6d0679696152710285b72f75d88eb1f7e323f40c5c52fe0d7"
+SRC_URI[sha256sum] = "673f8fb8c0961c44fbd9410d6161831453609b44063d3f2948253fc2b5692139"