Merge pull request #66582 (nginx security updates)

This addresses CVE-2019-9511, CVE-2019-9513 and CVE-2019-9516. Details about these vulnerabilities can be found at: https://github.com/Netflix/security-bulletins/blob/216433296d3bc542496a8edae5b4ca39cfd892b1/advisories/third-party/2019-002.md Version 1.16.1 only includes the security fixes, however version 1.17.3 has two additional bugfixes: * "zero size buf" alerts might appear in logs when using gzipping; the bug had appeared in 1.17.2. * a segmentation fault might occur in a worker process if the "resolver" directive was used in SMTP proxy. I haven't extensively tested this, but from a quick test, nginx is still working and the NixOS tests also succeed. Thanks to @Izorkin for the pull request.
NixOS · Aug 14, 2019 · 3e78331 · 3e78331
2 parents 1af546a + 83381be
commit 3e78331
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/pkgs/servers/http/nginx/mainline.nix b/pkgs/servers/http/nginx/mainline.nix
@@ -1,6 +1,6 @@
 { callPackage, ... }@args:
 
 callPackage ./generic.nix (args // {
-  version = "1.17.2";
-  sha256 = "1v39gslwbvpfhqqv74q0lkfrhrwsp59xc8pwhvxns7af8s3kccsy";
+  version = "1.17.3";
+  sha256 = "0g0g9prwjy0rnv6n5smny5yl5dhnmflqdr3hwgyj5jpr5hfgx11v";
 })
diff --git a/pkgs/servers/http/nginx/stable.nix b/pkgs/servers/http/nginx/stable.nix
@@ -1,6 +1,6 @@
 { callPackage, ... } @ args:
 
 callPackage ./generic.nix (args // {
-  version = "1.16.0";
-  sha256 = "0i8krbi1pc39myspwlvb8ck969c8207hz84lh3qyg5w7syx7dlsg";
+  version = "1.16.1";
+  sha256 = "0az3vf463b538ajvaq94hsz9ipmjgnamfj1jy0v5flfks5njl77i";
 })