diff options
| author | Gyorgy Sarvari <skandigraun@gmail.com> | 2026-03-28 08:30:21 +0100 |
|---|---|---|
| committer | Khem Raj <khem.raj@oss.qualcomm.com> | 2026-03-28 08:32:48 -0700 |
| commit | 81e1926faffdc13555f94422c722ab5fcbee6b61 (patch) | |
| tree | 22f0d964950acf700f3911c1e95b27026c419bb4 | |
| parent | 34b3d0f4917169c5cd568cdb13796a2d75f1fbf1 (diff) | |
| download | meta-openembedded-81e1926faffdc13555f94422c722ab5fcbee6b61.tar.gz | |
nginx: upgrade 1.29.6 -> 1.29.7
Changes:
*) Security: a buffer overflow might occur while handling a COPY or MOVE
request in a location with "alias", allowing an attacker to modify
the source or destination path outside of the document root
(CVE-2026-27654).
*) Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module on 32-bit platforms might cause a worker process
crash, or might have potential other impact (CVE-2026-27784).
*) Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash, or might have
potential other impact (CVE-2026-32647).
*) Security: a segmentation fault might occur in a worker process if the
CRAM-MD5 or APOP authentication methods were used and authentication
retry was enabled (CVE-2026-27651).
*) Security: an attacker might use PTR DNS records to inject data in
auth_http requests, as well as in the XCLIENT command in the backend
SMTP connection (CVE-2026-28753).
*) Security: SSL handshake might succeed despite OCSP rejecting a client
certificate in the stream module (CVE-2026-28755).
*) Feature: the "multipath" parameter of the "listen" directive.
*) Feature: the "local" parameter of the "keepalive" directive in the
"upstream" block.
*) Change: now the "keepalive" directive in the "upstream" block is
enabled by default.
*) Change: now ngx_http_proxy_module supports keepalive by default; the
default value for "proxy_http_version" is "1.1"; the "Connection"
proxy header is not sent by default anymore.
*) Bugfix: an invalid HTTP/2 request might be sent after switching to
the next upstream if buffered body was used in the
ngx_http_grpc_module.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
| -rw-r--r-- | meta-webserver/recipes-httpd/nginx/nginx_1.29.7.bb (renamed from meta-webserver/recipes-httpd/nginx/nginx_1.29.6.bb) | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.29.6.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.29.7.bb index a1e39b6e36..4d884fcbb3 100644 --- a/meta-webserver/recipes-httpd/nginx/nginx_1.29.6.bb +++ b/meta-webserver/recipes-httpd/nginx/nginx_1.29.7.bb | |||
| @@ -6,5 +6,5 @@ DEFAULT_PREFERENCE = "-1" | |||
| 6 | 6 | ||
| 7 | LIC_FILES_CHKSUM = "file://LICENSE;md5=79da1c70d587d3a199af9255ad393f99" | 7 | LIC_FILES_CHKSUM = "file://LICENSE;md5=79da1c70d587d3a199af9255ad393f99" |
| 8 | 8 | ||
| 9 | SRC_URI[sha256sum] = "316f298cd9f061d6d0679696152710285b72f75d88eb1f7e323f40c5c52fe0d7" | 9 | SRC_URI[sha256sum] = "673f8fb8c0961c44fbd9410d6161831453609b44063d3f2948253fc2b5692139" |
| 10 | 10 | ||