HomeFreeBSD

www/nginx-devel: security update to 1.21.0.

Description

www/nginx-devel: security update to 1.21.0.

Security: 0882f019-bd60-11eb-9bdd-8c164567ca3c
Security: CVE-2021-23017

<Changelog>

*) Security: 1-byte memory overwrite might occur during DNS server

response processing if the "resolver" directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server to
cause worker process crash or, potentially, arbitrary code execution
(CVE-2021-23017).

*) Feature: variables support in the "proxy_ssl_certificate",

"proxy_ssl_certificate_key" "grpc_ssl_certificate",
"grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and
"uwsgi_ssl_certificate_key" directives.

*) Feature: the "max_errors" directive in the mail proxy module.

*) Feature: the mail proxy module supports POP3 and IMAP pipelining.

*) Feature: the "fastopen" parameter of the "listen" directive in the

stream module.
Thanks to Anbang Wen.

*) Bugfix: special characters were not escaped during automatic redirect

with appended trailing slash.

*) Bugfix: connections with clients in the mail proxy module might be

closed unexpectedly when using SMTP pipelining.

</Changelog>

(cherry picked from commit 07d1217a854d49123e013cb0f485de8b6a04f9a6)

Details

Provenance
osaAuthored on May 25 2021, 3:49 PM
Parents
R11:3b0f68ffad72: www/firefox: update to 89.0 (rc1)
Branches
Unknown
Tags
Unknown