Accepting request 356414 from home:MargueriteSu:branches:server:http

security release

OBS-URL: https://build.opensuse.org/request/show/356414
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=57

nginx-1.8.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:23cca1239990c818d8f6da118320c4979aadf5386deda691b1b7c2c96b9df3d5
-size 832104

nginx-1.8.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7
+size 833473

nginx.changes

@@ -1,3 +1,41 @@
+-------------------------------------------------------------------
+Thu Jan 28 01:36:01 UTC 2016 - i@marguerite.su
+
+- update version 1.8.1 stable
+  * Security: invalid pointer dereference might occur during DNS server
+    response processing if the "resolver" directive was used, allowing an
+    attacker who is able to forge UDP packets from the DNS server to
+    cause segmentation fault in a worker process (CVE-2016-0742).
+　* Security: use-after-free condition might occur during CNAME response
+    processing if the "resolver" directive was used, allowing an attacker
+    who is able to trigger name resolution to cause segmentation fault in
+    a worker process, or might have potential other impact
+    (CVE-2016-0746).
+　* Security: CNAME resolution was insufficiently limited if the
+    "resolver" directive was used, allowing an attacker who is able to
+    trigger arbitrary name resolution to cause excessive resource
+    consumption in worker processes (CVE-2016-0747).
+　* Bugfix: the "proxy_protocol" parameter of the "listen" directive did
+    not work if not specified in the first "listen" directive for a
+    listen socket.
+  * Bugfix: nginx might fail to start on some old Linux variants; the bug
+    had appeared in 1.7.11.
+  * Bugfix: a segmentation fault might occur in a worker process if the
+    "try_files" and "alias" directives were used inside a location given
+    by a regular expression; the bug had appeared in 1.7.1.
+  * Bugfix: the "try_files" directive inside a nested location given by a
+    regular expression worked incorrectly if the "alias" directive was
+    used in the outer location.
+  * Bugfix: "header already sent" alerts might appear in logs when using
+    cache; the bug had appeared in 1.7.5.
+  * Bugfix: a segmentation fault might occur in a worker process if
+    different ssl_session_cache settings were used in different virtual
+    servers.
+  * Bugfix: the "expires" directive might not work when using variables.
+  * Bugfix: if nginx was built with the ngx_http_spdy_module it was
+    possible to use the SPDY protocol even if the "spdy" parameter of the
+    "listen" directive was not specified.
+
 -------------------------------------------------------------------
 Fri Oct 16 15:17:30 UTC 2015 - mrueckert@suse.de
 

nginx.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package nginx
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -15,6 +15,7 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
+
 %bcond_with    cpp_test
 %bcond_with    google_perftools
 %bcond_without fancyindex
@@ -62,7 +63,7 @@
 %endif
 #
 Name:           nginx
-Version:        1.8.0
+Version:        1.8.1
 Release:        0
 %define fancyindex_version 0.3.5
 Summary:        A HTTP server and IMAP/POP3 proxy server