From 35c696f49f8e6d562babbd1a270784836b2487ce Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Fri, 31 May 2024 11:32:40 +0200
Subject: [PATCH] nginxMainline: 1.25.4 -> 1.27.0

Fixes CVE-2024-32760, CVE-2024-31079, CVE-2024-35200 and CVE-2024-34161.

Changes:
```

Changes with nginx 1.27.0                                        29 May 2024

    *) Security: when using HTTP/3, processing of a specially crafted QUIC
       session might cause a worker process crash, worker process memory
       disclosure on systems with MTU larger than 4096 bytes, or might have
       potential other impact (CVE-2024-32760, CVE-2024-31079,
       CVE-2024-35200, CVE-2024-34161).
       Thanks to Nils Bars of CISPA.

    *) Feature: variables support in the "proxy_limit_rate",
       "fastcgi_limit_rate", "scgi_limit_rate", and "uwsgi_limit_rate"
       directives.

    *) Bugfix: reduced memory consumption for long-lived requests if "gzip",
       "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.

    *) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
       option was used.
       Thanks to Edgar Bonet.

    *) Bugfixes in HTTP/3.

Changes with nginx 1.25.5                                        16 Apr 2024

    *) Feature: virtual servers in the stream module.

    *) Feature: the ngx_stream_pass_module.

    *) Feature: the "deferred", "accept_filter", and "setfib" parameters of
       the "listen" directive in the stream module.

    *) Feature: cache line size detection for some architectures.
       Thanks to Piotr Sikora.

    *) Feature: support for Homebrew on Apple Silicon.
       Thanks to Piotr Sikora.

    *) Bugfix: Windows cross-compilation bugfixes and improvements.
       Thanks to Piotr Sikora.

    *) Bugfix: unexpected connection closure while using 0-RTT in QUIC.
       Thanks to Vladimir Khomutov.
```
---
 pkgs/servers/http/nginx/mainline.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/http/nginx/mainline.nix b/pkgs/servers/http/nginx/mainline.nix
index ddb9c14740bb..669eb6532364 100644
--- a/pkgs/servers/http/nginx/mainline.nix
+++ b/pkgs/servers/http/nginx/mainline.nix
@@ -1,6 +1,6 @@
 { callPackage, ... }@args:
 
 callPackage ./generic.nix args {
-  version = "1.25.4";
-  hash = "sha256-dgcpkBrLqlF5luaB7m6iWQMpheN8J2i+74DfOod97tk=";
+  version = "1.27.0";
+  hash = "sha256-tyMOPPh+qi1LC8VqrckgqWDHhzuZkaG2b/zAj8ZQEpw=";
 }