Hello community, here is the log from the commit of package nginx for openSUSE:Factory checked in at 2013-07-01 15:58:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nginx (Old) and /work/SRC/openSUSE:Factory/.nginx.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nginx" Changes: -------- --- /work/SRC/openSUSE:Factory/nginx/nginx.changes 2013-04-23 17:22:52.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.nginx.new/nginx.changes 2013-07-01 15:58:41.000000000 +0200 @@ -1,0 +2,14 @@ +Wed Jun 26 12:37:22 UTC 2013 - co...@suse.com + +- since passenger 4.0 the nginx extensions does not build, so disable + it + +------------------------------------------------------------------- +Fri May 24 12:24:35 UTC 2013 - s...@ammler.ch + +- update to 1.2.9 + *) Security: contents of worker process memory might be sent to a client + if HTTP backend returned specially crafted response (CVE-2013-2070); + the bug had appeared in 1.1.4. (bnc#821184) + +------------------------------------------------------------------- Old: ---- nginx-1.2.8.tar.gz New: ---- nginx-1.2.9.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nginx.spec ++++++ --- /var/tmp/diff_new_pack.cnzvpw/_old 2013-07-01 15:58:42.000000000 +0200 +++ /var/tmp/diff_new_pack.cnzvpw/_new 2013-07-01 15:58:42.000000000 +0200 @@ -17,7 +17,7 @@ Name: nginx -Version: 1.2.8 +Version: 1.2.9 Release: 0 # %define pkg_name nginx @@ -42,16 +42,14 @@ %define with_google_perftools 0 %if 0%{?suse_version} >= 1110 # passenger is required by webyast -%define with_passenger 1 +%define with_passenger 0 %define with_libatomic 1 %endif # # BuildRoot: %{_tmppath}/%{name}-%{version}-build -%if 0%{?with_cpp_test} -BuildRequires: gcc-c++ -%endif BuildRequires: GeoIP-devel +BuildRequires: gcc-c++ BuildRequires: gd-devel %if 0%{?with_google_perftools} BuildRequires: google-perftools-devel @@ -123,7 +121,7 @@ %build %if 0%{?with_passenger} -ln -s %{_libdir}/ruby/gems/%{rb_ver}/gems/passenger-* passenger +cp -a %{_libdir}/ruby/gems/%{rb_ver}/gems/passenger-* passenger %endif ./configure \ --prefix=%{ngx_prefix}/ \ ++++++ nginx-1.2.8.tar.gz -> nginx-1.2.9.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.2.8/CHANGES new/nginx-1.2.9/CHANGES --- old/nginx-1.2.8/CHANGES 2013-04-02 14:35:19.000000000 +0200 +++ new/nginx-1.2.9/CHANGES 2013-05-13 12:43:31.000000000 +0200 @@ -1,4 +1,11 @@ +Changes with nginx 1.2.9 13 May 2013 + + *) Security: contents of worker process memory might be sent to a client + if HTTP backend returned specially crafted response (CVE-2013-2070); + the bug had appeared in 1.1.4. + + Changes with nginx 1.2.8 02 Apr 2013 *) Bugfix: new sessions were not always stored if the "ssl_session_cache diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.2.8/CHANGES.ru new/nginx-1.2.9/CHANGES.ru --- old/nginx-1.2.8/CHANGES.ru 2013-04-02 14:35:17.000000000 +0200 +++ new/nginx-1.2.9/CHANGES.ru 2013-05-13 12:43:30.000000000 +0200 @@ -1,4 +1,11 @@ +Изменения в nginx 1.2.9 13.05.2013 + + *) Безопасность: содержимое памяти рабочего процесса могло быть + отправлено клиенту, если HTTP-бэкенд возвращал специально созданный + ответ (CVE-2013-2070); ошибка появилась в 1.1.4. + + Изменения в nginx 1.2.8 02.04.2013 *) Исправление: при использовании директивы "ssl_session_cache shared" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.2.8/src/core/nginx.h new/nginx-1.2.9/src/core/nginx.h --- old/nginx-1.2.8/src/core/nginx.h 2013-03-29 16:29:29.000000000 +0100 +++ new/nginx-1.2.9/src/core/nginx.h 2013-05-13 12:43:27.000000000 +0200 @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1002008 -#define NGINX_VERSION "1.2.8" +#define nginx_version 1002009 +#define NGINX_VERSION "1.2.9" #define NGINX_VER "nginx/" NGINX_VERSION #define NGINX_VAR "NGINX" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.2.8/src/http/modules/ngx_http_proxy_module.c new/nginx-1.2.9/src/http/modules/ngx_http_proxy_module.c --- old/nginx-1.2.8/src/http/modules/ngx_http_proxy_module.c 2013-02-11 16:31:10.000000000 +0100 +++ new/nginx-1.2.9/src/http/modules/ngx_http_proxy_module.c 2013-05-13 12:43:28.000000000 +0200 @@ -1865,6 +1865,10 @@ } + if (ctx->size < 0 || ctx->length < 0) { + goto invalid; + } + return rc; done: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.2.8/src/http/modules/perl/nginx.pm new/nginx-1.2.9/src/http/modules/perl/nginx.pm --- old/nginx-1.2.8/src/http/modules/perl/nginx.pm 2013-03-29 16:29:29.000000000 +0100 +++ new/nginx-1.2.9/src/http/modules/perl/nginx.pm 2013-05-13 12:43:28.000000000 +0200 @@ -50,7 +50,7 @@ HTTP_INSUFFICIENT_STORAGE ); -our $VERSION = '1.2.8'; +our $VERSION = '1.2.9'; require XSLoader; XSLoader::load('nginx', $VERSION); -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org