nginx: security bump to version 1.8.1

Fixes:

CVE-2016-0742 - invalid pointer dereference might occur during DNS
server response processing if the "resolver" directive was used,
allowing anattacker who is able to forge UDP packets from the DNS server
to cause segmentation fault in a worker process.

CVE-2016-0746 - use-after-free condition might occur during CNAME
response processing if the "resolver" directive was used, allowing an
attacker who is able to trigger name resolution to cause segmentation
fault in a worker process, or might have potential other impact.

CVE-2016-0747 - CNAME resolution was insufficiently limited if the
"resolver" directive was used, allowing an attacker who is able to
trigger arbitrary name resolution to cause excessive resource
consumption in worker processes.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

diff --git a/package/nginx/nginx.hash b/package/nginx/nginx.hash
index 7e0dc5e1fff2d0303cc0d28d06ab25a7f1914223..fe4d6b2f01f0857729194f88859cec15d5dee6ad 100644 (file)
--- a/package/nginx/nginx.hash
+++ b/package/nginx/nginx.hash
@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256 23cca1239990c818d8f6da118320c4979aadf5386deda691b1b7c2c96b9df3d5        nginx-1.8.0.tar.gz
+sha256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7        nginx-1.8.1.tar.gz

diff --git a/package/nginx/nginx.mk b/package/nginx/nginx.mk
index 8e23bd8e10dfb2323ab0b6cd312665074affb3bc..7348e485ef41cef0cbcf5e748b695af95111e74d 100644 (file)
--- a/package/nginx/nginx.mk
+++ b/package/nginx/nginx.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-NGINX_VERSION = 1.8.0
+NGINX_VERSION = 1.8.1
 NGINX_SITE = http://nginx.org/download
 NGINX_LICENSE = BSD-2c
 NGINX_LICENSE_FILES = LICENSE