Subject: CVS commit: pkgsrc/www/nginx
From: Kimmo Suominen
Date: 2014-09-24 07:42:48
Message id: 20140924054248.47ABE98@cvs.netbsd.org
Log Message:
Upgrade to nginx-1.6.2 to fix security vulnerability CVE-2014-3616.
Restore module checksums that were lost in last update.

Changes with nginx 1.6.2                                         16 Sep 2014

    *) Security: it was possible to reuse SSL sessions in unrelated contexts
       if a shared SSL session cache or the same TLS session ticket key was
       used for multiple "server" blocks (CVE-2014-3616).
       Thanks to Antoine Delignat-Lavaud.

    *) Bugfix: requests might hang if resolver was used and a DNS server
       returned a malformed response; the bug had appeared in 1.5.8.

    *) Bugfix: requests might hang if resolver was used and a timeout
       occurred during a DNS request.
Files:
RevisionActionfile
1.57modifypkgsrc/www/nginx/Makefile
1.44modifypkgsrc/www/nginx/distinfo