meta-openembedded

mirrors/meta-openembedded

Fork 0

mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-05-30 13:00:02 +00:00

Commit Graph

Author	SHA1	Message	Date
Ankur Tyagi	d98d888df6	nginx: upgrade 1.29.7 -> 1.30.0 1.30.0 stable version has been released, incorporating new features and bug fixes from the 1.29.x mainline branch (https://nginx.org/en/CHANGES-1.30) Also dropped v1.28 support. Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>	2026-05-13 00:17:25 -07:00
Gyorgy Sarvari	34b3d0f491	nginx: upgrade 1.28.2 -> 1.28.3 Changes: ) Security: a buffer overflow might occur while handling a COPY or MOVE request in a location with "alias", allowing an attacker to modify the source or destination path outside of the document root (CVE-2026-27654). ) Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module on 32-bit platforms might cause a worker process crash, or might have potential other impact (CVE-2026-27784). ) Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash, or might have potential other impact (CVE-2026-32647). ) Security: a segmentation fault might occur in a worker process if the CRAM-MD5 or APOP authentication methods were used and authentication retry was enabled (CVE-2026-27651). ) Security: an attacker might use PTR DNS records to inject data in auth_http requests, as well as in the XCLIENT command in the backend SMTP connection (CVE-2026-28753). ) Security: SSL handshake might succeed despite OCSP rejecting a client certificate in the stream module (CVE-2026-28755). ) Change: now nginx limits the size and rate of QUIC stateless reset packets. ) Bugfix: receiving a QUIC packet by a wrong worker process could cause the connection to terminate. *) Bugfix: in the ngx_http_mp4_module. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>	2026-03-28 08:32:48 -07:00

Author

SHA1

Message

Date

Ankur Tyagi

d98d888df6

nginx: upgrade 1.29.7 -> 1.30.0

1.30.0 stable version has been released, incorporating new features and bug
fixes from the 1.29.x mainline branch (https://nginx.org/en/CHANGES-1.30)

Also dropped v1.28 support.

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>

2026-05-13 00:17:25 -07:00

Gyorgy Sarvari

34b3d0f491

nginx: upgrade 1.28.2 -> 1.28.3

Changes:
*) Security: a buffer overflow might occur while handling a COPY or MOVE
   request in a location with "alias", allowing an attacker to modify
   the source or destination path outside of the document root
   (CVE-2026-27654).

*) Security: processing of a specially crafted mp4 file by the
   ngx_http_mp4_module on 32-bit platforms might cause a worker process
   crash, or might have potential other impact (CVE-2026-27784).

*) Security: processing of a specially crafted mp4 file by the
   ngx_http_mp4_module might cause a worker process crash, or might have
   potential other impact (CVE-2026-32647).

*) Security: a segmentation fault might occur in a worker process if the
   CRAM-MD5 or APOP authentication methods were used and authentication
   retry was enabled (CVE-2026-27651).

*) Security: an attacker might use PTR DNS records to inject data in
   auth_http requests, as well as in the XCLIENT command in the backend
   SMTP connection (CVE-2026-28753).

*) Security: SSL handshake might succeed despite OCSP rejecting a client
   certificate in the stream module (CVE-2026-28755).

*) Change: now nginx limits the size and rate of QUIC stateless reset
   packets.

*) Bugfix: receiving a QUIC packet by a wrong worker process could cause
   the connection to terminate.

*) Bugfix: in the ngx_http_mp4_module.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>

2026-03-28 08:32:48 -07:00

2 Commits