AU: 1 updated - nginx-service

[skip ci] https://gist.github.com/1b0f0584554f6e98b14aca7f2fec2230/ec730a47cb0c951fbccea6bb8551b5132f3a3a2a

nginx-service/nginx-service.nuspec

@@ -4,7 +4,7 @@
   <metadata>
 	<!-- == PACKAGE SPECIFIC SECTION == -->
     <id>nginx-service</id>
-    <version>1.22.0</version>
+    <version>1.22.1</version>
     <packageSourceUrl>https://github.com/Pilskalns/choco-au-packages/tree/master/nginx-service</packageSourceUrl>
     <owners>Andzs Pilskalns</owners>
 	<!-- == SOFTWARE SPECIFIC SECTION == -->
@@ -57,7 +57,10 @@ On default, the service will autostart with Windows. To disable this use Service
 
 See the [nginx.org](https://nginx.org) for more detailed documentation.
 ]]></description>
-	<releaseNotes><![CDATA[*) 1.22.x stable branch.]]></releaseNotes>
+	<releaseNotes><![CDATA[*) Security: processing of a specially crafted mp4 file by the
+   ngx_http_mp4_module might cause a worker process crash, worker
+   process memory disclosure, or might have potential other impact
+   (CVE-2022-41741, CVE-2022-41742).]]></releaseNotes>
     <dependencies>
 		  <dependency id="nssm" version="2.24.0" />
     </dependencies>

nginx-service/nginx-service.nuspec.mainline

@@ -4,7 +4,7 @@
   <metadata>
 	<!-- == PACKAGE SPECIFIC SECTION == -->
     <id>nginx-service</id>
-    <version>1.21.6-mainline</version>
+    <version>1.23.2-mainline</version>
     <packageSourceUrl>https://github.com/Pilskalns/choco-au-packages/tree/master/nginx-service</packageSourceUrl>
     <owners>Andzs Pilskalns</owners>
 	<!-- == SOFTWARE SPECIFIC SECTION == -->
@@ -57,13 +57,37 @@ On default, the service will autostart with Windows. To disable this use Service
 
 See the [nginx.org](https://nginx.org) for more detailed documentation.
 ]]></description>
-	<releaseNotes><![CDATA[*) Bugfix: when using EPOLLEXCLUSIVE on Linux client connections were
-   unevenly distributed among worker processes.
+	<releaseNotes><![CDATA[*) Security: processing of a specially crafted mp4 file by the
+   ngx_http_mp4_module might cause a worker process crash, worker
+   process memory disclosure, or might have potential other impact
+   (CVE-2022-41741, CVE-2022-41742).
 
-*) Bugfix: nginx returned the "Connection: keep-alive" header line in
-   responses during graceful shutdown of old worker processes.
+*) Feature: the "$proxy_protocol_tlv_..." variables.
 
-*) Bugfix: in the "ssl_session_ticket_key" when using TLSv1.3.]]></releaseNotes>
+*) Feature: TLS session tickets encryption keys are now automatically
+   rotated when using shared memory in the "ssl_session_cache"
+   directive.
+
+*) Change: the logging level of the "bad record type" SSL errors has
+   been lowered from "crit" to "info".
+   Thanks to Murilo Andrade.
+
+*) Change: now when using shared memory in the "ssl_session_cache"
+   directive the "could not allocate new session" errors are logged at
+   the "warn" level instead of "alert" and not more often than once per
+   second.
+
+*) Bugfix: nginx/Windows could not be built with OpenSSL 3.0.x.
+
+*) Bugfix: in logging of the PROXY protocol errors.
+   Thanks to Sergey Brester.
+
+*) Workaround: shared memory from the "ssl_session_cache" directive was
+   spent on sessions using TLS session tickets when using TLSv1.3 with
+   OpenSSL.
+
+*) Workaround: timeout specified with the "ssl_session_timeout"
+   directive did not work when using TLSv1.3 with OpenSSL or BoringSSL.]]></releaseNotes>
     <dependencies>
 		  <dependency id="nssm" version="2.24.0" />
     </dependencies>

nginx-service/nginx-service.nuspec.stable

@@ -4,7 +4,7 @@
   <metadata>
 	<!-- == PACKAGE SPECIFIC SECTION == -->
     <id>nginx-service</id>
-    <version>1.22.0</version>
+    <version>1.22.1</version>
     <packageSourceUrl>https://github.com/Pilskalns/choco-au-packages/tree/master/nginx-service</packageSourceUrl>
     <owners>Andzs Pilskalns</owners>
 	<!-- == SOFTWARE SPECIFIC SECTION == -->
@@ -57,7 +57,10 @@ On default, the service will autostart with Windows. To disable this use Service
 
 See the [nginx.org](https://nginx.org) for more detailed documentation.
 ]]></description>
-	<releaseNotes><![CDATA[*) 1.22.x stable branch.]]></releaseNotes>
+	<releaseNotes><![CDATA[*) Security: processing of a specially crafted mp4 file by the
+   ngx_http_mp4_module might cause a worker process crash, worker
+   process memory disclosure, or might have potential other impact
+   (CVE-2022-41741, CVE-2022-41742).]]></releaseNotes>
     <dependencies>
 		  <dependency id="nssm" version="2.24.0" />
     </dependencies>

nginx-service/tools/VERIFICATION.ps1

@@ -18,7 +18,7 @@ Invoke-WebRequest "https://nginx.org/keys/mdounin.key" -UseBasicParsing -OutFile
 
 # Get original signature from
 # https://nginx.org/en/download.html
-Invoke-WebRequest "https://nginx.org/download/nginx-1.22.0.zip.asc" -UseBasicParsing -OutFile "$toolsDir\..\bin\nginx-1.22.0.zip.asc"
+Invoke-WebRequest "https://nginx.org/download/nginx-1.22.1.zip.asc" -UseBasicParsing -OutFile "$toolsDir\..\bin\nginx-1.22.1.zip.asc"
 
 ### Preperation
 # Check that we have GPG 
@@ -27,4 +27,4 @@ choco install gpg4win -y | out-null
 ### Verify
 # Import keys and verify ZIP file against the signature
 gpg --import "$toolsDir\..\bin\mdounin.key"
-gpg --verify "$toolsDir\..\bin\nginx-1.22.0.zip.asc" "$toolsDir\..\bin\nginx.zip"
+gpg --verify "$toolsDir\..\bin\nginx-1.22.1.zip.asc" "$toolsDir\..\bin\nginx.zip"

nginx-service/tools/VERIFICATION.txt

@@ -3,12 +3,12 @@ VERIFICATION
 Nginx for each release provide a ZIP file and .asc signature file.
 Files are listed on the official page http://nginx.org/en/download.html
 
-This package bin\ content includes the release ZIP file, obtained from https://nginx.org/download/nginx-1.22.0.zip
+This package bin\ content includes the release ZIP file, obtained from https://nginx.org/download/nginx-1.22.1.zip
 
 Package also includes VERIFICATION.ps1, which essentially does the following:
 
     1. Downloads Maxim Dounin’s publick key from https://nginx.org/en/pgp_keys.html
-    2. Downloads signature for this release: https://nginx.org/download/nginx-1.22.0.zip.asc
+    2. Downloads signature for this release: https://nginx.org/download/nginx-1.22.1.zip.asc
     3. Verifies signature authenticity against bin\nginx.zip
 
 File 'LICENSE.txt' is obtained from <https://nginx.org/LICENSE>