From njs changelog: > Core: > > Bugfix: fixed heap-buffer-overflow in crypto.createHmac(). Upstream patch: https://hg.nginx.org/njs/rev/e99e0a7f4fae
Doesn't affect any stable ebuild.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27da4cba0ea86c7d562152c0df33c7315e8c8d06 commit 27da4cba0ea86c7d562152c0df33c7315e8c8d06 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-06-22 10:36:32 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-06-22 10:36:51 +0000 www-servers/nginx: security cleanup Bug: https://bugs.gentoo.org/658736 Package-Manager: Portage-2.3.40, Repoman-2.3.9 www-servers/nginx/Manifest | 5 - ...1.15-allow-compilation-without-HTTP-cache.patch | 42 - www-servers/nginx/nginx-1.13.12-r1.ebuild | 1064 -------------------- 3 files changed, 1111 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c0aeb860d0f7c3af255abb9705bdfab7c8247d5 commit 8c0aeb860d0f7c3af255abb9705bdfab7c8247d5 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-06-22 10:35:31 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-06-22 10:36:50 +0000 www-servers/nginx: rev bump - stable slot synchronized with changes from mainline slot: - This will add geoip2 support (introduced via commit c020ffdab8) - Bump some 3rd party modules (see commit 9484e13a for details) - HTTP VHost Traffic Status module bumped to v0.1.17 - nginScript module bumped to v0.2.2 [Bug 658736] - brotli module bumped to v0.1.2 Bug: https://bugs.gentoo.org/658736 Package-Manager: Portage-2.3.40, Repoman-2.3.9 www-servers/nginx/Manifest | 5 ++-- ...{nginx-1.14.0.ebuild => nginx-1.14.0-r1.ebuild} | 33 ++++++++++++++++------ ...inx-1.15.0-r1.ebuild => nginx-1.15.0-r2.ebuild} | 16 ++++------- 3 files changed, 32 insertions(+), 22 deletions(-)
Repository is clean, all done.
