Context Navigation

← Previous Ticket
Next Ticket →

#620 closed defect (fixed)

NGINX binary for windows needs to be relinked with OpenSSL 1.0.1i

Reported by:	Tim Mackenzie	Owned by:
Priority:	major	Milestone:
Component:	nginx-core	Version:	1.6.x
Keywords:	vulnerability	Cc:
uname -a:	C:\Users\timm\Downloads\nginx-1.6.1\nginx-1.6.1>uname -a 'uname' is not recognized as an internal or external command, operable program or batch file.
nginx -V:	C:\Users\timm\Downloads\nginx-1.6.1\nginx-1.6.1>nginx.exe -V nginx version: nginx/1.6.1 TLS SNI support enabled configure arguments: --with-cc=cl --builddir=objs.msvc8 --with-debug --prefix= - -conf-path=conf/nginx.conf --pid-path=logs/nginx.pid --http-log-path=logs/access .log --error-log-path=logs/error.log --sbin-path=nginx.exe --http-client-body-te mp-path=temp/client_body_temp --http-proxy-temp-path=temp/proxy_temp --http-fast cgi-temp-path=temp/fastcgi_temp --http-scgi-temp-path=temp/scgi_temp --http-uwsg i-temp-path=temp/uwsgi_temp --with-cc-opt=-DFD_SETSIZE=1024 --with-pcre=objs.msv c8/lib/pcre-8.35 --with-zlib=objs.msvc8/lib/zlib-1.2.8 --with-select_module --wi th-http_realip_module --with-http_addition_module --with-http_sub_module --with- http_dav_module --with-http_stub_status_module --with-http_flv_module --with-htt p_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-htt p_auth_request_module --with-http_random_index_module --with-http_secure_link_mo dule --with-mail --with-openssl=objs.msvc8/lib/openssl-1.0.1h --with-openssl-opt =enable-tlsext --with-http_ssl_module --with-mail_ssl_module --with-ipv6

Description

Hi Nginx support,

OpenSSL released a new release of its 1.0.1 version on August 6, 2014 to correct a number of security vulnerabilities (see https://www.openssl.org/news/secadv_20140806.txt). The last time this happened, the nginx 1.6.0 windows binaries were relinked to use the newly released openssl (see blog http://nginx.com/blog/nginx-05-june-2014-openssl-security-advisory). Will this be done again for the August 6, 2014 vulnerabilty fixes? Or is there a reason that this has not been done?

Thanks for your help,

Tim

Change History (1)

comment:1 by Maxim Dounin, 10 years ago

Resolution:	→ fixed
Status:	new → closed

The nginx 1.7.5 and nginx 1.6.2 was released, win32 binaries are compiled against latest OpenSSL.

Note: See TracTickets for help on using tickets.

Download in other formats: