Fix CVE-2025-23419 by upgrading nginx from 1.25.4 to 1.25.5, which allows the
upstream fix to be applied cleanly.
It appears that the CVE-2025-23419.patch for 1.24.0 can be applied to 1.25.4,
however this patch is a modified
version of the upstream patch. By upgrading 1.25.4 to 1.25.5, we are able
cleanly apply the upstream fix.
Since 1.25.x is not the default preference, I assume upgrading one patch
version is acceptable.
Colin Pinnell McAllister (2):
nginx: upgrade 1.25.4 -> 1.25.5
nginx: Fix CVE-2025-23419 for 1.25.5
.../nginx/nginx-1.25.5/CVE-2025-23419.patch | 119 ++++++++++++++++++
meta-webserver/recipes-httpd/nginx/nginx.inc | 1 +
.../recipes-httpd/nginx/nginx_1.24.0.bb | 3 +-
.../{nginx_1.25.4.bb => nginx_1.25.5.bb} | 2 +-
4 files changed, 122 insertions(+), 3 deletions(-)
create mode 100644
meta-webserver/recipes-httpd/nginx/nginx-1.25.5/CVE-2025-23419.patch
rename meta-webserver/recipes-httpd/nginx/{nginx_1.25.4.bb => nginx_1.25.5.bb}
(74%)
--
2.52.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#123078):
https://lists.openembedded.org/g/openembedded-devel/message/123078
Mute This Topic: https://lists.openembedded.org/mt/117013061/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
