From patchwork Mon Jan 19 10:27:45 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 79065 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 20073CCF2DA for ; Mon, 19 Jan 2026 10:28:10 +0000 (UTC) Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.32479.1768818481016942685 for ; Mon, 19 Jan 2026 02:28:01 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=PHldCdN9; spf=pass (domain: gmail.com, ip: 209.85.214.170, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-2a12ed4d205so24737915ad.0 for ; Mon, 19 Jan 2026 02:28:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768818480; x=1769423280; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=DcFIBh0VCVFNdSCFTqvrw+HFYAgx3fms0T/fbqajzak=; b=PHldCdN99K16wyALUo7dfNwuTK9uPv2ys3oAI5XnX2jNYIiPFS/jDVEfMVqaGf6rpG ye91icJKxQUnxz4LaM26Xs8oknb4rLkE58AkZsEbWcboEAIbEaMFjoEhgcyzdBK9x7R7 GBPT1a8EBL6cVALzBma4zZK9onCTxkdphyzw1UN6XoGy0oU+YnLd7Bxu9jQJdb31Zefo ax8JE+lkFPdnNoWAow9HUVgFY6s2gee5I2sVThBu3JjhteAiIIrg9tq5edZ/36IVdLr5 yd6FAJfxy4AdXnQZwk98botQrARJtjUWExp3HxLYQuSaZgnOyMdqXnMfeZTHU3IR3dGc RL/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768818480; x=1769423280; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=DcFIBh0VCVFNdSCFTqvrw+HFYAgx3fms0T/fbqajzak=; b=YSRalUK5CTLJY3X/Ib74vtyxHgvDB75fVlH0/nFw1INFurgcjHBEUulQhFcE9fREzS 1MfZ9vofEBi45zhQSxaWu9DZzcZgkGh9gEZgy71+DSD+BrvCBzBwHe8n27tpNiT9+Z0j aefSms1sgsUbJ674lWp/6ek0IOIij9g138epp8NWzMiGEukTIUlpB8pQ75Z7eVzPt6+p 7gf0y+kBgzJf1LzeSNR6ZqNpIQ/IOFC67kL2MhWaNQw3Ax0ug6+zRbPgTp0/53IrHfD8 l18fFtB9pZwNydS8vTrsGEM2CVuo11Ib4HciKZxAcWuAiOQlvhrvKaYuF0wpxXjcXcab LOMQ== X-Gm-Message-State: AOJu0Yy1uvEc8ER79pIb4e4TM1JzV+3zEFiACDND1t5KxgyYUwppCQq+ G0tvKNwH0vrHdjVi5rnzCIU9jthFAM4zUTySeFIhOp41J8jvmMixc9CTqCkJuw== X-Gm-Gg: AZuq6aKZHHqyDpdRu2cPE99O2cEVG5yYZxsa80CrO4We3c0XBif17oK4YDB2aKQVdTU Qz+q/0JuV/C/cUTPNNvO8dDo2/4MWrsRHlGCMO6IEVkRa/XjmzhwoQmM0NsIymCj8Y5tKqlTOOh 2FGiy77d7nSaKWSVfkMg+woS091OXcN0VfrYnI0XU8o/C18IcLtvrbq03gokt6d/2GKZSsSsdf6 0AbdaEr7KJjvFCs4rHq6QKaTLpzmKrJVoU9mJatP2VQgLvPHPHgdD9OWs2ylMoHZauIcYWy03jq leJWa+4ne77c8bOdyesM1/ogCMsLRRIOl3BKOSxOJD/GM8LZOtNGT/5zKI2RX6h/xt1Y8T5QMov CfCqKF4xz+HSzKNMpwJXdiGKeojUb3cpUiqg72TADWJYd0d2Ng/hZVZGwSqifVEZ7c3f1vPIPwe WjOttxhSSHyNPAWDlrxm0QL5g= X-Received: by 2002:a17:903:38cc:b0:295:5668:2f27 with SMTP id d9443c01a7336-2a71885a0c4mr80758595ad.9.1768818480126; Mon, 19 Jan 2026 02:28:00 -0800 (PST) Received: from NVAPF55DW0D-IPD.. ([147.161.217.27]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2a71941e3b6sm93628465ad.97.2026.01.19.02.27.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Jan 2026 02:27:59 -0800 (PST) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Jason Schonberg , Khem Raj , Ankur Tyagi Subject: [oe][meta-webserver][whinlatter][PATCH 1/3] nginx: upgrade 1.28.0 -> 1.28.1 Date: Mon, 19 Jan 2026 23:27:45 +1300 Message-ID: <20260119102747.125302-1-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 19 Jan 2026 10:28:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123630 From: Jason Schonberg Drop CVE patch which has been integrated into this new version. Solves: * CVE-2025-53859 CHANGES: https://nginx.org/en/CHANGES-1.28 Signed-off-by: Jason Schonberg Signed-off-by: Khem Raj (cherry picked from commit 222c6425644a39c9b7757792b47e500ca55f85b0) Signed-off-by: Ankur Tyagi --- .../nginx/files/CVE-2025-53859.patch | 131 ------------------ .../recipes-httpd/nginx/nginx_1.28.0.bb | 7 - .../recipes-httpd/nginx/nginx_1.28.1.bb | 5 + 3 files changed, 5 insertions(+), 138 deletions(-) delete mode 100755 meta-webserver/recipes-httpd/nginx/files/CVE-2025-53859.patch delete mode 100644 meta-webserver/recipes-httpd/nginx/nginx_1.28.0.bb create mode 100644 meta-webserver/recipes-httpd/nginx/nginx_1.28.1.bb diff --git a/meta-webserver/recipes-httpd/nginx/files/CVE-2025-53859.patch b/meta-webserver/recipes-httpd/nginx/files/CVE-2025-53859.patch deleted file mode 100755 index 6f689938f4..0000000000 --- a/meta-webserver/recipes-httpd/nginx/files/CVE-2025-53859.patch +++ /dev/null @@ -1,131 +0,0 @@ -CVE: CVE-2025-53859 -Upstream-Status: Backport [https://nginx.org/download/patch.2025.smtp.txt] -Signed-off-by: Peter Marko - -diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_handler.c -index 1167df3fb..d3be7f3b3 100644 ---- a/src/mail/ngx_mail_handler.c -+++ b/src/mail/ngx_mail_handler.c -@@ -523,7 +523,7 @@ ngx_mail_starttls_only(ngx_mail_session_t *s, ngx_connection_t *c) - ngx_int_t - ngx_mail_auth_plain(ngx_mail_session_t *s, ngx_connection_t *c, ngx_uint_t n) - { -- u_char *p, *last; -+ u_char *p, *pos, *last; - ngx_str_t *arg, plain; - - arg = s->args.elts; -@@ -555,7 +555,7 @@ ngx_mail_auth_plain(ngx_mail_session_t *s, ngx_connection_t *c, ngx_uint_t n) - return NGX_MAIL_PARSE_INVALID_COMMAND; - } - -- s->login.data = p; -+ pos = p; - - while (p < last && *p) { p++; } - -@@ -565,7 +565,8 @@ ngx_mail_auth_plain(ngx_mail_session_t *s, ngx_connection_t *c, ngx_uint_t n) - return NGX_MAIL_PARSE_INVALID_COMMAND; - } - -- s->login.len = p++ - s->login.data; -+ s->login.len = p++ - pos; -+ s->login.data = pos; - - s->passwd.len = last - p; - s->passwd.data = p; -@@ -583,24 +584,26 @@ ngx_int_t - ngx_mail_auth_login_username(ngx_mail_session_t *s, ngx_connection_t *c, - ngx_uint_t n) - { -- ngx_str_t *arg; -+ ngx_str_t *arg, login; - - arg = s->args.elts; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "mail auth login username: \"%V\"", &arg[n]); - -- s->login.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[n].len)); -- if (s->login.data == NULL) { -+ login.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[n].len)); -+ if (login.data == NULL) { - return NGX_ERROR; - } - -- if (ngx_decode_base64(&s->login, &arg[n]) != NGX_OK) { -+ if (ngx_decode_base64(&login, &arg[n]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding in AUTH LOGIN command"); - return NGX_MAIL_PARSE_INVALID_COMMAND; - } - -+ s->login = login; -+ - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "mail auth login username: \"%V\"", &s->login); - -@@ -611,7 +614,7 @@ ngx_mail_auth_login_username(ngx_mail_session_t *s, ngx_connection_t *c, - ngx_int_t - ngx_mail_auth_login_password(ngx_mail_session_t *s, ngx_connection_t *c) - { -- ngx_str_t *arg; -+ ngx_str_t *arg, passwd; - - arg = s->args.elts; - -@@ -620,18 +623,19 @@ ngx_mail_auth_login_password(ngx_mail_session_t *s, ngx_connection_t *c) - "mail auth login password: \"%V\"", &arg[0]); - #endif - -- s->passwd.data = ngx_pnalloc(c->pool, -- ngx_base64_decoded_length(arg[0].len)); -- if (s->passwd.data == NULL) { -+ passwd.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[0].len)); -+ if (passwd.data == NULL) { - return NGX_ERROR; - } - -- if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) { -+ if (ngx_decode_base64(&passwd, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding in AUTH LOGIN command"); - return NGX_MAIL_PARSE_INVALID_COMMAND; - } - -+ s->passwd = passwd; -+ - #if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "mail auth login password: \"%V\"", &s->passwd); -@@ -674,24 +678,26 @@ ngx_int_t - ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c) - { - u_char *p, *last; -- ngx_str_t *arg; -+ ngx_str_t *arg, login; - - arg = s->args.elts; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "mail auth cram-md5: \"%V\"", &arg[0]); - -- s->login.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[0].len)); -- if (s->login.data == NULL) { -+ login.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[0].len)); -+ if (login.data == NULL) { - return NGX_ERROR; - } - -- if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { -+ if (ngx_decode_base64(&login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding in AUTH CRAM-MD5 command"); - return NGX_MAIL_PARSE_INVALID_COMMAND; - } - -+ s->login = login; -+ - p = s->login.data; - last = p + s->login.len; - diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.28.0.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.28.0.bb deleted file mode 100644 index 84fc08b5fb..0000000000 --- a/meta-webserver/recipes-httpd/nginx/nginx_1.28.0.bb +++ /dev/null @@ -1,7 +0,0 @@ -require nginx.inc - -LIC_FILES_CHKSUM = "file://LICENSE;md5=3dc49537b08b14c8b66ad247bb4c4593" - -SRC_URI[sha256sum] = "c6b5c6b086c0df9d3ca3ff5e084c1d0ef909e6038279c71c1c3e985f576ff76a" - -SRC_URI += "file://CVE-2025-53859.patch" diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.28.1.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.28.1.bb new file mode 100644 index 0000000000..b34b81b9b2 --- /dev/null +++ b/meta-webserver/recipes-httpd/nginx/nginx_1.28.1.bb @@ -0,0 +1,5 @@ +require nginx.inc + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3dc49537b08b14c8b66ad247bb4c4593" + +SRC_URI[sha256sum] = "40e7a0916d121e8905ef50f2a738b675599e42b2224a582dd938603fed15788e" From patchwork Mon Jan 19 10:27:46 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 79064 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2AAFDCCF2DC for ; Mon, 19 Jan 2026 10:28:10 +0000 (UTC) Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.32481.1768818486150600303 for ; Mon, 19 Jan 2026 02:28:06 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=BURqULys; spf=pass (domain: gmail.com, ip: 209.85.214.179, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-2a137692691so26895355ad.0 for ; Mon, 19 Jan 2026 02:28:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768818485; x=1769423285; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1JiM4wx44sc1k7RNi+PcRYeQzlLtELnm2+a83r2iZmI=; b=BURqULysHqbT9SdnDTe1x3Yht0vLlBzHGjDriWONW1RO5K7jsmCrAKDdUtZQdmrwOf tnnuU0/rpe88bHJoYREWsV/4H++0bx/7VdJLX6Xn5XYLcRBjLUKTAwQ5Hu6Mim1pWbLA KsGSaqWMDgysOkKB3k4EjYABAZZChsPXXchrOeVMy763Z/f6Ba+Z+H48yCafsIr0H+1k V/MP20oBWUQyLNuulxxHmk9fkWNfW0w8LVFvR/sNXDLy9HLCYew3Sslm6UOWmdGzO7XU +pOgvsKswbc7XQcjS2yo6CtZ+FQdLA4nEKaQFp60cZQRoEY0TKTXCL6Vg59g028Wable U5AQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768818485; x=1769423285; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=1JiM4wx44sc1k7RNi+PcRYeQzlLtELnm2+a83r2iZmI=; b=FOl/Wpx7gwAjK/CjON4Qn0+axSaA1SzMc0uT2upfsi/ze6SwJSrZeBfBnRMpz0acEs pxfbfKqNkWqPr1YpwjfoE3RLP8MedcFZsJ8Krvbt46EwPdyr+ArwxmQitYM8D+KgMR9g U3SAU9IRBMRz1u01xSQ77loCi2c8749gg8gn9kdYtzEWBGc1z2XUoGZZTW7i8dFaiGrK DoD4V0pSbBk4q6seZM/6s+ne8yKAQO2eY4srSCoIW1UCUhmNCeO2UpnxQVOPDSoxbYb/ zdwEpHwP2HeTxgogwOLogCb8nLzW1+tcUhOvfB1g/L30LA4NXfrGpA6I2df46lluhkBv fvIg== X-Gm-Message-State: AOJu0YxQyRd7QKohvE8sCk29keE9NiltUNxz5yUIpTiMdpg8jpo8HNt6 QzjaUWEoCPJAMVOeaScIlam9/FRHNCp/6pVrBUzFx5EQUFN7CKjXqmQ5eL63kQ== X-Gm-Gg: AZuq6aLjjVTRivjluZSsE7Y49F7l1GwGS40ZfeNWJorL+JTLBmNhmnZWZOMWlb8QbWV vfxUYvJzcly0yqYEOOPp42WkYEXdlvvKKc5X53X0/Gb9XBaG4ZaLlq3fJ6mOjglqmEwJrbrxidA pCuX52I5CS/GwQHBCP9fKpPMbb4RvzwuEvhBAQ3XBjvmuGqZdR2XbedI+snMyjKK1KIp5iaPutJ BXRwc/FSGItQmM2FYY3U21A+bBwxym10ivUxNtMqAkGP8nMKPXzo3kzLoFPniPh6GnSf/pbBYQI h+jPWndJlQNT3IrJqVUwNToOe69j7R3sZm/c0+q8EG0Ap2w4LferALtxv+YE3a1MO9gYarVdv8m L+ttXk0Eujfd4RA0AFxqnl1vjOQEQuMvG8QRKlg9qPKsu+z9Wj+DMbATrcpeRLit6bWXbqXj5TG ORGadfIdxztEeMsTBU6j456+4= X-Received: by 2002:a17:903:2341:b0:2a0:a9f8:48f7 with SMTP id d9443c01a7336-2a7177df9bcmr91892645ad.55.1768818485343; Mon, 19 Jan 2026 02:28:05 -0800 (PST) Received: from NVAPF55DW0D-IPD.. ([147.161.217.27]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2a71941e3b6sm93628465ad.97.2026.01.19.02.28.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Jan 2026 02:28:04 -0800 (PST) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Gyorgy Sarvari , Khem Raj , Ankur Tyagi Subject: [oe][meta-webserver][whinlatter][PATCH 2/3] nginx: set CVE_PRODUCT Date: Mon, 19 Jan 2026 23:27:46 +1300 Message-ID: <20260119102747.125302-2-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260119102747.125302-1-ankur.tyagi85@gmail.com> References: <20260119102747.125302-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 19 Jan 2026 10:28:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123631 From: Gyorgy Sarvari nginx has a long history, and has used multiple CPEs over time. Set CVE_PRODUCT to reflect current and historic vendor:product pairs. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj (cherry picked from commit d25aadbbb53d54382b4b82b1f78a69d4d117fd28) Signed-off-by: Ankur Tyagi --- meta-webserver/recipes-httpd/nginx/nginx.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-webserver/recipes-httpd/nginx/nginx.inc b/meta-webserver/recipes-httpd/nginx/nginx.inc index bcc384bd8a..20db23d6c0 100644 --- a/meta-webserver/recipes-httpd/nginx/nginx.inc +++ b/meta-webserver/recipes-httpd/nginx/nginx.inc @@ -202,3 +202,5 @@ USERADD_PARAM:${PN} = " \ --groups www-data \ --shell ${base_sbindir}/nologin \ --user-group ${NGINX_USER}" + +CVE_PRODUCT = "nginx:nginx f5:nginx_open_source f5:nginx" From patchwork Mon Jan 19 10:27:47 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 79066 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F2BE0CCF2DB for ; Mon, 19 Jan 2026 10:28:19 +0000 (UTC) Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.32745.1768818490032432034 for ; Mon, 19 Jan 2026 02:28:10 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=JCSgOq+O; spf=pass (domain: gmail.com, ip: 209.85.214.176, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-2a0f3f74587so26341525ad.2 for ; Mon, 19 Jan 2026 02:28:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768818489; x=1769423289; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=K7WhecDJh2teRz7Bm7SScB8IpXxQ7bXd66LHBcMmlpE=; b=JCSgOq+OB3TFRV3qs0EAWpG9f0a1TuUSWnnEzL2Fz+L/5Flw6aZ00Ploo4XXbDyYHG YaMgTTPRvt87NjTV8IavtruPOnkdx49KL85+ftaDBWcuyqCO5IfJqSs0PdZXCgYUzYgX 2oiB+uXXw9SMZrsdVhuaTGCjZY1rAsYPNxTEP767Pek1CEH0LJZGzI0Ezjv3+FxpzuDY VbqWSlbmH4cXQ/eDqNqYCx1CChBZ6tVrSsk5TvsF8loBqa+oHPSoLmlSJzyQ2wTWIpG4 8s9YH3pxupo37OSOrvlk72rAtrzc7+Pq5evOBukgOixk/E9oRhKY5SVS2bsdxOfXLToB d6tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768818489; x=1769423289; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=K7WhecDJh2teRz7Bm7SScB8IpXxQ7bXd66LHBcMmlpE=; b=RuVmnDzqunbjKMcV0hO7F3Bf07bmlMU5T8FBueKev3m3+eNGxTaoFESkW8/ZnQINJZ xE0t+TIMllFrsYGYO0888Dgv2aM2EWu64MZ2rah7qWVpvGLQpQa6GVzrO1cRC6vy7I8a 9yIcszvS8y3+fFZhJHLsWlqBqh3A3jcizaDZmESkqqRfV4sAF4OfvZG0gIw2HcUM8Cfk /zCJWl7gqDb3a0sbcscJOPjbCKKfuVe5owYx4AyK+stNgOhuEEEWL0/c8OxTDmvwf5u+ 9a6YgqYc/15ESLXBrBQ8Pgduu1CBJx1bW5YwvE2FmNFWNo99fGyj5dXiYUpF88fQ2JqY y9Sg== X-Gm-Message-State: AOJu0Yzy/55a/80aRQWxVSin6LD/S9OdDYmkhM7voMAjUCItzuazpG3z qin5rqg87dJufyL8mOMnxjBgx9Fs2iWQj0yHDB/B/IfTKPXDYIZecWSYmBxz4A== X-Gm-Gg: AZuq6aL71FRNcedWdOQHkKhdstc2r4PjH1Xloi/veIErmP0XM9e0ALSX8DisTADM/AH MsioRp96Jwpl1iKTA/d1tL+GsZPBFN82gQtXowXtgqlOc8wkCEPkbrUJ56XpfU1Mn2vBS/11x3i Edfdmxk+LcKmwV1ZMCQB0lhTwgkm2LS7xlBJ11E4MHOfO+aTA3a3mWM2IsxhpmJVGu6EH4Nw+BZ 2QESfvfN1ZtXJtaA7adNUMDSSoWs5XkKekS0X8dDq0iusvYkVvlNNg9uJ5EyupfEwigYfUTB5SL 08+ogrmrZkYD07lPrvyues0qxHvVQ3PIKPgQAdXOWeRdtwyc8QEaNH1xFlpIv81n6qQOXk01GWT MPsJBzeUJDSczeYnECH7tzd8tNSz3HNSFml88R71SoMk1PiaJNHSPLqPQ4efd5HSKi7pJd4qExD EvCxKQaufL8EWsjyZeeemXvdg= X-Received: by 2002:a17:902:d503:b0:267:a5df:9b07 with SMTP id d9443c01a7336-2a7175189a1mr90175155ad.12.1768818489156; Mon, 19 Jan 2026 02:28:09 -0800 (PST) Received: from NVAPF55DW0D-IPD.. ([147.161.217.27]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2a71941e3b6sm93628465ad.97.2026.01.19.02.28.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Jan 2026 02:28:08 -0800 (PST) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Peter Marko , Khem Raj , Ankur Tyagi Subject: [oe][meta-webserver][whinlatter][PATCH 3/3] nginx: ignore CVE-2025-53859 for 1.28.1 Date: Mon, 19 Jan 2026 23:27:47 +1300 Message-ID: <20260119102747.125302-3-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260119102747.125302-1-ankur.tyagi85@gmail.com> References: <20260119102747.125302-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 19 Jan 2026 10:28:19 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123632 From: Peter Marko Fix is included via commit [1]. [1] https://github.com/nginx/nginx/commit/fbbbf189dadf3bd59c2462af68c16f2c2874d4ee Signed-off-by: Peter Marko Signed-off-by: Khem Raj (cherry picked from commit 5d3936d5dd0489a984e37cc00b59e6a05d9541ac) Signed-off-by: Ankur Tyagi --- meta-webserver/recipes-httpd/nginx/nginx_1.28.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.28.1.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.28.1.bb index b34b81b9b2..eaaf2b75e9 100644 --- a/meta-webserver/recipes-httpd/nginx/nginx_1.28.1.bb +++ b/meta-webserver/recipes-httpd/nginx/nginx_1.28.1.bb @@ -3,3 +3,5 @@ require nginx.inc LIC_FILES_CHKSUM = "file://LICENSE;md5=3dc49537b08b14c8b66ad247bb4c4593" SRC_URI[sha256sum] = "40e7a0916d121e8905ef50f2a738b675599e42b2224a582dd938603fed15788e" + +CVE_STATUS[CVE-2025-53859] = "cpe-stable-backport: Fix is included in 1.28.1"