AU: 1 updated - nginx-service

[skip ci] https://gist.github.com/1b0f0584554f6e98b14aca7f2fec2230/55b3d0fbcbcd8bffcb2250e40884d87141ad9350
Pilskalns · Aug 14, 2019 · be3d0ce · be3d0ce
1 parent ba05c84
commit be3d0ce
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 12 deletions.
diff --git a/nginx-service/nginx-service.nuspec b/nginx-service/nginx-service.nuspec
@@ -4,7 +4,7 @@
   <metadata>
 	<!-- == PACKAGE SPECIFIC SECTION == -->
     <id>nginx-service</id>
-    <version>1.16.0</version>
+    <version>1.16.1</version>
     <packageSourceUrl>https://github.com/Pilskalns/choco-au-packages/tree/master/nginx-service</packageSourceUrl>
     <owners>Andzs Pilskalns</owners>
 	<!-- == SOFTWARE SPECIFIC SECTION == -->
@@ -57,7 +57,9 @@ On default, the service will autostart with Windows. To disable this use Service
 
 See the [nginx.org](https://nginx.org) for more detailed documentation.
 ]]></description>
-	<releaseNotes><![CDATA[*) 1.16.x stable branch.]]></releaseNotes>
+	<releaseNotes><![CDATA[*) Security: when using HTTP/2 a client might cause excessive memory
+   consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
+   CVE-2019-9516).]]></releaseNotes>
     <dependencies>
 		  <dependency id="nssm" version="2.24.0" />
     </dependencies>

diff --git a/nginx-service/nginx-service.nuspec.mainline b/nginx-service/nginx-service.nuspec.mainline
@@ -4,7 +4,7 @@
   <metadata>
 	<!-- == PACKAGE SPECIFIC SECTION == -->
     <id>nginx-service</id>
-    <version>1.15.12-mainline</version>
+    <version>1.17.3-mainline</version>
     <packageSourceUrl>https://github.com/Pilskalns/choco-au-packages/tree/master/nginx-service</packageSourceUrl>
     <owners>Andzs Pilskalns</owners>
 	<!-- == SOFTWARE SPECIFIC SECTION == -->
@@ -57,9 +57,15 @@ On default, the service will autostart with Windows. To disable this use Service
 
 See the [nginx.org](https://nginx.org) for more detailed documentation.
 ]]></description>
-	<releaseNotes><![CDATA[*) Bugfix: a segmentation fault might occur in a worker process if
-   variables were used in the "ssl_certificate" or "ssl_certificate_key"
-   directives and OCSP stapling was enabled.]]></releaseNotes>
+	<releaseNotes><![CDATA[*) Security: when using HTTP/2 a client might cause excessive memory
+   consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
+   CVE-2019-9516).
+
+*) Bugfix: "zero size buf" alerts might appear in logs when using
+   gzipping; the bug had appeared in 1.17.2.
+
+*) Bugfix: a segmentation fault might occur in a worker process if the
+   "resolver" directive was used in SMTP proxy.]]></releaseNotes>
     <dependencies>
 		  <dependency id="nssm" version="2.24.0" />
     </dependencies>

diff --git a/nginx-service/nginx-service.nuspec.stable b/nginx-service/nginx-service.nuspec.stable
@@ -4,7 +4,7 @@
   <metadata>
 	<!-- == PACKAGE SPECIFIC SECTION == -->
     <id>nginx-service</id>
-    <version>1.16.0</version>
+    <version>1.16.1</version>
     <packageSourceUrl>https://github.com/Pilskalns/choco-au-packages/tree/master/nginx-service</packageSourceUrl>
     <owners>Andzs Pilskalns</owners>
 	<!-- == SOFTWARE SPECIFIC SECTION == -->
@@ -57,7 +57,9 @@ On default, the service will autostart with Windows. To disable this use Service
 
 See the [nginx.org](https://nginx.org) for more detailed documentation.
 ]]></description>
-	<releaseNotes><![CDATA[*) 1.16.x stable branch.]]></releaseNotes>
+	<releaseNotes><![CDATA[*) Security: when using HTTP/2 a client might cause excessive memory
+   consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
+   CVE-2019-9516).]]></releaseNotes>
     <dependencies>
 		  <dependency id="nssm" version="2.24.0" />
     </dependencies>

diff --git a/nginx-service/tools/VERIFICATION.ps1 b/nginx-service/tools/VERIFICATION.ps1
@@ -18,7 +18,7 @@ Invoke-WebRequest "https://nginx.org/keys/mdounin.key" -UseBasicParsing -OutFile
 
 # Get original signature from
 # https://nginx.org/en/download.html
-Invoke-WebRequest "https://nginx.org/download/nginx-1.16.0.zip.asc" -UseBasicParsing -OutFile "$toolsDir\..\bin\nginx-1.16.0.zip.asc"
+Invoke-WebRequest "https://nginx.org/download/nginx-1.16.1.zip.asc" -UseBasicParsing -OutFile "$toolsDir\..\bin\nginx-1.16.1.zip.asc"
 
 ### Preperation
 # Check that we have GPG 
@@ -27,4 +27,4 @@ choco install gpg4win -y | out-null
 ### Verify
 # Import keys and verify ZIP file against the signature
 gpg --import "$toolsDir\..\bin\mdounin.key"
-gpg --verify "$toolsDir\..\bin\nginx-1.16.0.zip.asc" "$toolsDir\..\bin\nginx.zip"
+gpg --verify "$toolsDir\..\bin\nginx-1.16.1.zip.asc" "$toolsDir\..\bin\nginx.zip"
diff --git a/nginx-service/tools/VERIFICATION.txt b/nginx-service/tools/VERIFICATION.txt
@@ -3,12 +3,12 @@ VERIFICATION
 Nginx for each release provide a ZIP file and .asc signature file.
 Files are listed on the official page http://nginx.org/en/download.html
 
-This package bin\ content includes the release ZIP file, obtained from https://nginx.org/download/nginx-1.16.0.zip
+This package bin\ content includes the release ZIP file, obtained from https://nginx.org/download/nginx-1.16.1.zip
 
 Package also includes VERIFICATION.ps1, which essentially does the following:
 
     1. Downloads Maxim Dounin’s publick key from https://nginx.org/en/pgp_keys.html
-    2. Downloads signature for this release: https://nginx.org/download/nginx-1.16.0.zip.asc
+    2. Downloads signature for this release: https://nginx.org/download/nginx-1.16.1.zip.asc
     3. Verifies signature authenticity against bin\nginx.zip
 
 File 'LICENSE.txt' is obtained from <https://nginx.org/LICENSE>