commit nginx for openSUSE:Factory

Mon, 01 Jul 2013 06:59:12 -0700 

Hello community,

here is the log from the commit of package nginx for openSUSE:Factory checked 
in at 2013-07-01 15:58:40
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nginx (Old)
 and      /work/SRC/openSUSE:Factory/.nginx.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "nginx"

Changes:
--------
--- /work/SRC/openSUSE:Factory/nginx/nginx.changes      2013-04-23 
17:22:52.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.nginx.new/nginx.changes 2013-07-01 
15:58:41.000000000 +0200
@@ -1,0 +2,14 @@
+Wed Jun 26 12:37:22 UTC 2013 - co...@suse.com
+
+- since passenger 4.0 the nginx extensions does not build, so disable 
+  it
+
+-------------------------------------------------------------------
+Fri May 24 12:24:35 UTC 2013 - s...@ammler.ch
+
+- update to 1.2.9
+  *) Security: contents of worker process memory might be sent to a client
+     if HTTP backend returned specially crafted response (CVE-2013-2070);
+     the bug had appeared in 1.1.4. (bnc#821184)
+
+-------------------------------------------------------------------

Old:
----
  nginx-1.2.8.tar.gz

New:
----
  nginx-1.2.9.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ nginx.spec ++++++
--- /var/tmp/diff_new_pack.cnzvpw/_old  2013-07-01 15:58:42.000000000 +0200
+++ /var/tmp/diff_new_pack.cnzvpw/_new  2013-07-01 15:58:42.000000000 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           nginx
-Version:        1.2.8
+Version:        1.2.9
 Release:        0
 #
 %define pkg_name nginx
@@ -42,16 +42,14 @@
 %define with_google_perftools 0
 %if 0%{?suse_version} >= 1110
 # passenger is required by webyast
-%define with_passenger 1
+%define with_passenger 0
 %define with_libatomic 1
 %endif
 #
 #
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-%if 0%{?with_cpp_test}
-BuildRequires:  gcc-c++
-%endif
 BuildRequires:  GeoIP-devel
+BuildRequires:  gcc-c++
 BuildRequires:  gd-devel
 %if 0%{?with_google_perftools}
 BuildRequires:  google-perftools-devel
@@ -123,7 +121,7 @@
 
 %build
 %if 0%{?with_passenger}
-ln -s %{_libdir}/ruby/gems/%{rb_ver}/gems/passenger-* passenger
+cp -a %{_libdir}/ruby/gems/%{rb_ver}/gems/passenger-* passenger
 %endif
 ./configure                                    \
   --prefix=%{ngx_prefix}/                      \

++++++ nginx-1.2.8.tar.gz -> nginx-1.2.9.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.2.8/CHANGES new/nginx-1.2.9/CHANGES
--- old/nginx-1.2.8/CHANGES     2013-04-02 14:35:19.000000000 +0200
+++ new/nginx-1.2.9/CHANGES     2013-05-13 12:43:31.000000000 +0200
@@ -1,4 +1,11 @@
 
+Changes with nginx 1.2.9                                         13 May 2013
+
+    *) Security: contents of worker process memory might be sent to a client
+       if HTTP backend returned specially crafted response (CVE-2013-2070);
+       the bug had appeared in 1.1.4.
+
+
 Changes with nginx 1.2.8                                         02 Apr 2013
 
     *) Bugfix: new sessions were not always stored if the "ssl_session_cache
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.2.8/CHANGES.ru new/nginx-1.2.9/CHANGES.ru
--- old/nginx-1.2.8/CHANGES.ru  2013-04-02 14:35:17.000000000 +0200
+++ new/nginx-1.2.9/CHANGES.ru  2013-05-13 12:43:30.000000000 +0200
@@ -1,4 +1,11 @@
 
+Изменения в nginx 1.2.9                                           13.05.2013
+
+    *) Безопасность: содержимое памяти рабочего процесса могло быть
+       отправлено клиенту, если HTTP-бэкенд возвращал специально созданный
+       ответ (CVE-2013-2070); ошибка появилась в 1.1.4.
+
+
 Изменения в nginx 1.2.8                                           02.04.2013
 
     *) Исправление: при использовании директивы "ssl_session_cache shared"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.2.8/src/core/nginx.h 
new/nginx-1.2.9/src/core/nginx.h
--- old/nginx-1.2.8/src/core/nginx.h    2013-03-29 16:29:29.000000000 +0100
+++ new/nginx-1.2.9/src/core/nginx.h    2013-05-13 12:43:27.000000000 +0200
@@ -9,8 +9,8 @@
 #define _NGINX_H_INCLUDED_
 
 
-#define nginx_version      1002008
-#define NGINX_VERSION      "1.2.8"
+#define nginx_version      1002009
+#define NGINX_VERSION      "1.2.9"
 #define NGINX_VER          "nginx/" NGINX_VERSION
 
 #define NGINX_VAR          "NGINX"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.2.8/src/http/modules/ngx_http_proxy_module.c 
new/nginx-1.2.9/src/http/modules/ngx_http_proxy_module.c
--- old/nginx-1.2.8/src/http/modules/ngx_http_proxy_module.c    2013-02-11 
16:31:10.000000000 +0100
+++ new/nginx-1.2.9/src/http/modules/ngx_http_proxy_module.c    2013-05-13 
12:43:28.000000000 +0200
@@ -1865,6 +1865,10 @@
 
     }
 
+    if (ctx->size < 0 || ctx->length < 0) {
+        goto invalid;
+    }
+
     return rc;
 
 done:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.2.8/src/http/modules/perl/nginx.pm 
new/nginx-1.2.9/src/http/modules/perl/nginx.pm
--- old/nginx-1.2.8/src/http/modules/perl/nginx.pm      2013-03-29 
16:29:29.000000000 +0100
+++ new/nginx-1.2.9/src/http/modules/perl/nginx.pm      2013-05-13 
12:43:28.000000000 +0200
@@ -50,7 +50,7 @@
     HTTP_INSUFFICIENT_STORAGE
 );
 
-our $VERSION = '1.2.8';
+our $VERSION = '1.2.9';
 
 require XSLoader;
 XSLoader::load('nginx', $VERSION);

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

Reply via email to