hi, update www/nginx to 1.015. * fix for CVE-2012-2089 - Buffer overflow in the ngx_http_mp4_module (http://nginx.org/en/security_advisories.html)
btw be default this module isnt enabled in our base tree. this bug dont affect the OpenBSD base src/usr.sbin/nginx. Changelog: Changes with nginx 1.0.15 12 Apr 2012 *) Security: specially crafted mp4 file might allow to overwrite memory locations in a worker process if the ngx_http_mp4_module was used, potentially resulting in arbitrary code execution (CVE-2012-2089). Thanks to Matthew Daley. *) Bugfix: in the ngx_http_mp4_module. OK ?
Index: Makefile =================================================================== RCS file: /cvs/ports/www/nginx/Makefile,v retrieving revision 1.51 diff -u -p -r1.51 Makefile --- Makefile 16 Mar 2012 00:44:06 -0000 1.51 +++ Makefile 15 Apr 2012 14:46:40 -0000 @@ -2,7 +2,7 @@ COMMENT= robust and small HTTP server and mail proxy server -DISTNAME= nginx-1.0.14 +DISTNAME= nginx-1.0.15 CATEGORIES= www HOMEPAGE= http://nginx.org/ Index: distinfo =================================================================== RCS file: /cvs/ports/www/nginx/distinfo,v retrieving revision 1.30 diff -u -p -r1.30 distinfo --- distinfo 16 Mar 2012 00:44:06 -0000 1.30 +++ distinfo 15 Apr 2012 14:46:40 -0000 @@ -1,5 +1,5 @@ -MD5 (nginx-1.0.14.tar.gz) = AZhE5Iw0lSJTyibdbijDXA== -RMD160 (nginx-1.0.14.tar.gz) = 5vWa2RJkZ+9KKuWAyJdrSIQKupA= -SHA1 (nginx-1.0.14.tar.gz) = 90y9pPcmMnhBq+BmdsYDQZhCfOk= -SHA256 (nginx-1.0.14.tar.gz) = mOSDkl2rg2g3YtsywhoeLsaF15opjC4y54WvDMS6468= -SIZE (nginx-1.0.14.tar.gz) = 692465 +MD5 (nginx-1.0.15.tar.gz) = F9pIAiCbg9m+uw8O3Zdd/A== +RMD160 (nginx-1.0.15.tar.gz) = mWU0mZFrgfsPWEJ1VISYNgbOpew= +SHA1 (nginx-1.0.15.tar.gz) = 5QazAeqEn1jy77SZ13uBn+Ve6po= +SHA256 (nginx-1.0.15.tar.gz) = Ha85UGI8kLCE5+zrEEBxWWBgrKXHIb+JBUn8KZCx6+Y= +SIZE (nginx-1.0.15.tar.gz) = 693025
