Commit 25e4a15f authored by Thomas Gerbet's avatar Thomas Gerbet
Browse files

nginx: 1.26.0 -> 1.26.1 

Fixes CVE-2024-32760, CVE-2024-31079, CVE-2024-35200 and CVE-2024-34161.
Note that the `nginxQuic` derivation rely on `nginxMainline`.

Changes:
```
Changes with nginx 1.26.1                                        29 May 2024

    *) Security: when using HTTP/3, processing of a specially crafted QUIC
       session might cause a worker process crash, worker process memory
       disclosure on systems with MTU larger than 4096 bytes, or might have
       potential other impact (CVE-2024-32760, CVE-2024-31079,
       CVE-2024-35200, CVE-2024-34161).
       Thanks to Nils Bars of CISPA.

    *) Bugfix: reduced memory consumption for long-lived requests if "gzip",
       "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.

    *) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
       option was used.
       Thanks to Edgar Bonet.

    *) Bugfix: in HTTP/3.

```
parent c7e65c09

pkgs/servers/http/nginx/stable.nix

+2 −2
Original line number Diff line number Diff line 
{ callPackage, ... } @ args:



callPackage ./generic.nix args {

  version = "1.26.0";

  hash = "sha256-0ubIQ51sbbUBXY6qskcKtSrvhae/NjGCh5l34IQ3BJc=";

  version = "1.26.1";

  hash = "sha256-+Rh0aP8usVkmC/1Thnwl/44zRyYjes8ie56HDlPT42s=";

}