Merge pull request #66582 (nginx security updates)

This addresses CVE-2019-9511, CVE-2019-9513 and CVE-2019-9516. Details
about these vulnerabilities can be found at:

https://github.com/Netflix/security-bulletins/blob/216433296d3bc542496a8edae5b4ca39cfd892b1/advisories/third-party/2019-002.md

Version 1.16.1 only includes the security fixes, however version 1.17.3
has two additional bugfixes:

  * "zero size buf" alerts might appear in logs when using gzipping; the
    bug had appeared in 1.17.2.
  * a segmentation fault might occur in a worker process if the
    "resolver" directive was used in SMTP proxy.

I haven't extensively tested this, but from a quick test, nginx is still
working and the NixOS tests also succeed.

Thanks to @Izorkin for the pull request.

2 files changed, 4 insertions, 4 deletions

diff --git a/pkgs/servers/http/nginx/mainline.nix b/pkgs/servers/http/nginx/mainline.nix
index 47082bbeba0d1..c5e0b47e238c1 100644
--- a/pkgs/servers/http/nginx/mainline.nix
+++ b/pkgs/servers/http/nginx/mainline.nix
@@ -1,6 +1,6 @@
 { callPackage, ... }@args:
 
 callPackage ./generic.nix (args // {
-  version = "1.17.2";
-  sha256 = "1v39gslwbvpfhqqv74q0lkfrhrwsp59xc8pwhvxns7af8s3kccsy";
+  version = "1.17.3";
+  sha256 = "0g0g9prwjy0rnv6n5smny5yl5dhnmflqdr3hwgyj5jpr5hfgx11v";
 })
diff --git a/pkgs/servers/http/nginx/stable.nix b/pkgs/servers/http/nginx/stable.nix
index ffc6f81fdc24f..31aeaa6f08436 100644
--- a/pkgs/servers/http/nginx/stable.nix
+++ b/pkgs/servers/http/nginx/stable.nix
@@ -1,6 +1,6 @@
 { callPackage, ... } @ args:
 
 callPackage ./generic.nix (args // {
-  version = "1.16.0";
-  sha256 = "0i8krbi1pc39myspwlvb8ck969c8207hz84lh3qyg5w7syx7dlsg";
+  version = "1.16.1";
+  sha256 = "0az3vf463b538ajvaq94hsz9ipmjgnamfj1jy0v5flfks5njl77i";
 })