chn/nixpkgs
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixpkgs.git synced 2026-01-11 18:32:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

nginxMainline: 1.27.5 -> 1.29.1

Browse Source 
Fixes CVE-2025-53859

Changes:
```
Changes with nginx 1.29.1                                        13 Aug 2025

    *) Security: processing of a specially crafted login/password when using
       the "none" authentication method in the ngx_mail_smtp_module might
       cause worker process memory disclosure to the authentication server
       (CVE-2025-53859).

    *) Change: now TLSv1.3 certificate compression is disabled by default.

    *) Feature: the "ssl_certificate_compression" directive.

    *) Feature: support for 0-RTT in QUIC when using OpenSSL 3.5.1 or newer.

    *) Bugfix: the 103 response might be buffered when using HTTP/2 and the
       "early_hints" directive.

    *) Bugfix: in handling "Host" and ":authority" header lines with equal
       values when using HTTP/2; the bug had appeared in 1.17.9.

    *) Bugfix: in handling "Host" header lines with a port when using
       HTTP/3.

    *) Bugfix: nginx could not be built on NetBSD 10.0.

    *) Bugfix: in the "none" parameter of the "smtp_auth" directive.

Changes with nginx 1.29.0                                        24 Jun 2025

    *) Feature: support for response code 103 from proxy and gRPC backends;
       the "early_hints" directive.

    *) Feature: loading of secret keys from hardware tokens with OpenSSL
       provider.

    *) Feature: support for the "so_keepalive" parameter of the "listen"
       directive on macOS.

    *) Change: the logging level of SSL errors in a QUIC handshake has been
       changed from "error" to "crit" for critical errors, and to "info" for
       the rest; the logging level of unsupported QUIC transport parameters
       has been lowered from "info" to "debug".

    *) Change: the native nginx/Windows binary release is now built using
       Windows SDK 10.

    *) Bugfix: nginx could not be built by gcc 15 if ngx_http_v2_module or
       ngx_http_v3_module modules were used.

    *) Bugfix: nginx might not be built by gcc 14 or newer with -O3 -flto
       optimization if ngx_http_v3_module was used.

    *) Bugfixes and improvements in HTTP/3.
```

(cherry picked from commit a93581ee44)
This commit is contained in:
Thomas Gerbet
2025-08-14 10:48:12 +02:00
committed by github-actions[bot]
parent c3a6f30dea
commit 83a1d90baf
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkgs/servers/http/nginx/mainline.nix
View File

@@ -1,6 +1,6 @@
{ callPackage, ... }@args:
callPackage ./generic.nix args {
version = "1.27.5";
hash = "sha256-6WrOu5wqbbigAMPdGzLsuhuBDwzVhiMtTZIeN2Z03Q4=";
version = "1.29.1";
hash = "sha256-xYn35+2AHdvZBK+/PeJq4k6wzOJ8dxei6U33+xLWrSc=";
}