Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: 364e1a8ca917
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: 1a6eb4677170
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Aug 14, 2019

  1. nginx: apply patches from 1.16.1 for HTTP/2 vulnerabilities

    When using HTTP/2 a client might cause excessive memory consumption
    and CPU usage (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516). The
    problems have been patched upstream in 1.16.1 and 1.17.2, but no patch
    is available for 1.14.2 and 1.15.10. The patches from 1.16.1 applies
    without any issue.
    
    See #66582 for the update in master.
    vincentbernat committed Aug 14, 2019
    Copy the full SHA
    d16d738 View commit details
    Browse the repository at this point in the history
  2. Merge pull request #66605 (nginx security fixes)

    This applies a series of patches to fix CVE-2019-9511, CVE-2019-9513 and
    CVE-2019-9516 affecting HTTP/2 protocol, all of those can possibly lead
    to DoS.
    
    Details about these vulnerabilities can be found at:
    
    https://github.com/Netflix/security-bulletins/blob/216433296d3bc542496a8edae5b4ca39cfd892b1/advisories/third-party/2019-002.md
    
    I haven't extensively tested this, but from a quick test, nginx is still
    working and the NixOS tests also succeed.
    
    Thanks to @vincentbernat for the pull request.
    aszlig committed Aug 14, 2019
    Copy the full SHA
    1a6eb46 View commit details
    Browse the repository at this point in the history