Request 1030027: Submit nginx - openSUSE Build Service

Overview

Request 1030027 accepted

- Updated to 1.23.2
* Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash, worker
process memory disclosure, or might have potential other impact
(CVE-2022-41741, CVE-2022-41742).
* Feature: the "$proxy_protocol_tlv_..." variables.
* Feature: TLS session tickets encryption keys are now automatically
rotated when using shared memory in the "ssl_session_cache"
directive.
* Change: the logging level of the "bad record type" SSL errors has
been lowered from "crit" to "info".
* Change: now when using shared memory in the "ssl_session_cache"
directive the "could not allocate new session" errors are logged at
the "warn" level instead of "alert" and not more often than once per second.
* Bugfix: nginx/Windows could not be built with OpenSSL 3.0.x.
* Bugfix: in logging of the PROXY protocol errors.
* Workaround: shared memory from the "ssl_session_cache" directive was
spent on sessions using TLS session tickets when using TLSv1.3 with OpenSSL.
* Workaround: timeout specified with the "ssl_session_timeout"
directive did not work when using TLSv1.3 with OpenSSL or BoringSSL.

Created by 13ilya over 1 year ago
In state accepted

Submit nginx

Comments for request 1030027 0

Login required, please login in order to comment

Request History

13ilya created request over 1 year ago

- Updated to 1.23.2
* Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash, worker
process memory disclosure, or might have potential other impact
(CVE-2022-41741, CVE-2022-41742).
* Feature: the "$proxy_protocol_tlv_..." variables.
* Feature: TLS session tickets encryption keys are now automatically
rotated when using shared memory in the "ssl_session_cache"
directive.
* Change: the logging level of the "bad record type" SSL errors has
been lowered from "crit" to "info".
* Change: now when using shared memory in the "ssl_session_cache"
directive the "could not allocate new session" errors are logged at
the "warn" level instead of "alert" and not more often than once per second.
* Bugfix: nginx/Windows could not be built with OpenSSL 3.0.x.
* Bugfix: in logging of the PROXY protocol errors.
* Workaround: shared memory from the "ssl_session_cache" directive was
spent on sessions using TLS session tickets when using TLSv1.3 with OpenSSL.
* Workaround: timeout specified with the "ssl_session_timeout"
directive did not work when using TLSv1.3 with OpenSSL or BoringSSL.

factory-auto added opensuse-review-team as a reviewer over 1 year ago

Please review sources

factory-auto accepted review over 1 year ago

Check script succeeded

licensedigger accepted review over 1 year ago

ok

dimstar accepted review over 1 year ago

dimstar_suse set openSUSE:Factory:Staging:D as a staging project over 1 year ago

Being evaluated by staging project "openSUSE:Factory:Staging:D"

dimstar_suse accepted review over 1 year ago

Picked "openSUSE:Factory:Staging:D"

dimstar_suse accepted review over 1 year ago

Staging Project openSUSE:Factory:Staging:D got accepted.

dimstar_suse approved review over 1 year ago

Staging Project openSUSE:Factory:Staging:D got accepted.

dimstar_suse accepted request over 1 year ago

Staging Project openSUSE:Factory:Staging:D got accepted.

openSUSE Build Service is sponsored by