[oe] [meta-webserver][PATCH] nginx: upgrade 1.28.0 -> 1.28.1

Sun, 04 Jan 2026 10:58:31 -0800 

Drop CVE patch which has been integrated into this new version.

Solves:
* CVE-2025-53859

CHANGES:
https://nginx.org/en/CHANGES-1.28

Signed-off-by: Jason Schonberg <[email protected]>
---
 .../nginx/files/CVE-2025-53859.patch          | 131 ------------------
 .../recipes-httpd/nginx/nginx_1.28.0.bb       |   7 -
 .../recipes-httpd/nginx/nginx_1.28.1.bb       |   5 +
 3 files changed, 5 insertions(+), 138 deletions(-)
 delete mode 100755 
meta-webserver/recipes-httpd/nginx/files/CVE-2025-53859.patch
 delete mode 100644 meta-webserver/recipes-httpd/nginx/nginx_1.28.0.bb
 create mode 100644 meta-webserver/recipes-httpd/nginx/nginx_1.28.1.bb

diff --git a/meta-webserver/recipes-httpd/nginx/files/CVE-2025-53859.patch 
b/meta-webserver/recipes-httpd/nginx/files/CVE-2025-53859.patch
deleted file mode 100755
index 6f689938f4..0000000000
--- a/meta-webserver/recipes-httpd/nginx/files/CVE-2025-53859.patch
+++ /dev/null
@@ -1,131 +0,0 @@
-CVE: CVE-2025-53859
-Upstream-Status: Backport [https://nginx.org/download/patch.2025.smtp.txt]
-Signed-off-by: Peter Marko <[email protected]>
-
-diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_handler.c
-index 1167df3fb..d3be7f3b3 100644
---- a/src/mail/ngx_mail_handler.c
-+++ b/src/mail/ngx_mail_handler.c
-@@ -523,7 +523,7 @@ ngx_mail_starttls_only(ngx_mail_session_t *s, 
ngx_connection_t *c)
- ngx_int_t
- ngx_mail_auth_plain(ngx_mail_session_t *s, ngx_connection_t *c, ngx_uint_t n)
- {
--    u_char     *p, *last;
-+    u_char     *p, *pos, *last;
-     ngx_str_t  *arg, plain;
- 
-     arg = s->args.elts;
-@@ -555,7 +555,7 @@ ngx_mail_auth_plain(ngx_mail_session_t *s, 
ngx_connection_t *c, ngx_uint_t n)
-         return NGX_MAIL_PARSE_INVALID_COMMAND;
-     }
- 
--    s->login.data = p;
-+    pos = p;
- 
-     while (p < last && *p) { p++; }
- 
-@@ -565,7 +565,8 @@ ngx_mail_auth_plain(ngx_mail_session_t *s, 
ngx_connection_t *c, ngx_uint_t n)
-         return NGX_MAIL_PARSE_INVALID_COMMAND;
-     }
- 
--    s->login.len = p++ - s->login.data;
-+    s->login.len = p++ - pos;
-+    s->login.data = pos;
- 
-     s->passwd.len = last - p;
-     s->passwd.data = p;
-@@ -583,24 +584,26 @@ ngx_int_t
- ngx_mail_auth_login_username(ngx_mail_session_t *s, ngx_connection_t *c,
-     ngx_uint_t n)
- {
--    ngx_str_t  *arg;
-+    ngx_str_t  *arg, login;
- 
-     arg = s->args.elts;
- 
-     ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
-                    "mail auth login username: \"%V\"", &arg[n]);
- 
--    s->login.data = ngx_pnalloc(c->pool, 
ngx_base64_decoded_length(arg[n].len));
--    if (s->login.data == NULL) {
-+    login.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[n].len));
-+    if (login.data == NULL) {
-         return NGX_ERROR;
-     }
- 
--    if (ngx_decode_base64(&s->login, &arg[n]) != NGX_OK) {
-+    if (ngx_decode_base64(&login, &arg[n]) != NGX_OK) {
-         ngx_log_error(NGX_LOG_INFO, c->log, 0,
-             "client sent invalid base64 encoding in AUTH LOGIN command");
-         return NGX_MAIL_PARSE_INVALID_COMMAND;
-     }
- 
-+    s->login = login;
-+
-     ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
-                    "mail auth login username: \"%V\"", &s->login);
- 
-@@ -611,7 +614,7 @@ ngx_mail_auth_login_username(ngx_mail_session_t *s, 
ngx_connection_t *c,
- ngx_int_t
- ngx_mail_auth_login_password(ngx_mail_session_t *s, ngx_connection_t *c)
- {
--    ngx_str_t  *arg;
-+    ngx_str_t  *arg, passwd;
- 
-     arg = s->args.elts;
- 
-@@ -620,18 +623,19 @@ ngx_mail_auth_login_password(ngx_mail_session_t *s, 
ngx_connection_t *c)
-                    "mail auth login password: \"%V\"", &arg[0]);
- #endif
- 
--    s->passwd.data = ngx_pnalloc(c->pool,
--                                 ngx_base64_decoded_length(arg[0].len));
--    if (s->passwd.data == NULL) {
-+    passwd.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[0].len));
-+    if (passwd.data == NULL) {
-         return NGX_ERROR;
-     }
- 
--    if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
-+    if (ngx_decode_base64(&passwd, &arg[0]) != NGX_OK) {
-         ngx_log_error(NGX_LOG_INFO, c->log, 0,
-             "client sent invalid base64 encoding in AUTH LOGIN command");
-         return NGX_MAIL_PARSE_INVALID_COMMAND;
-     }
- 
-+    s->passwd = passwd;
-+
- #if (NGX_DEBUG_MAIL_PASSWD)
-     ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
-                    "mail auth login password: \"%V\"", &s->passwd);
-@@ -674,24 +678,26 @@ ngx_int_t
- ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c)
- {
-     u_char     *p, *last;
--    ngx_str_t  *arg;
-+    ngx_str_t  *arg, login;
- 
-     arg = s->args.elts;
- 
-     ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
-                    "mail auth cram-md5: \"%V\"", &arg[0]);
- 
--    s->login.data = ngx_pnalloc(c->pool, 
ngx_base64_decoded_length(arg[0].len));
--    if (s->login.data == NULL) {
-+    login.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[0].len));
-+    if (login.data == NULL) {
-         return NGX_ERROR;
-     }
- 
--    if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
-+    if (ngx_decode_base64(&login, &arg[0]) != NGX_OK) {
-         ngx_log_error(NGX_LOG_INFO, c->log, 0,
-             "client sent invalid base64 encoding in AUTH CRAM-MD5 command");
-         return NGX_MAIL_PARSE_INVALID_COMMAND;
-     }
- 
-+    s->login = login;
-+
-     p = s->login.data;
-     last = p + s->login.len;
- 
diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.28.0.bb 
b/meta-webserver/recipes-httpd/nginx/nginx_1.28.0.bb
deleted file mode 100644
index 84fc08b5fb..0000000000
--- a/meta-webserver/recipes-httpd/nginx/nginx_1.28.0.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require nginx.inc
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=3dc49537b08b14c8b66ad247bb4c4593"
-
-SRC_URI[sha256sum] = 
"c6b5c6b086c0df9d3ca3ff5e084c1d0ef909e6038279c71c1c3e985f576ff76a"
-
-SRC_URI += "file://CVE-2025-53859.patch"
diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.28.1.bb 
b/meta-webserver/recipes-httpd/nginx/nginx_1.28.1.bb
new file mode 100644
index 0000000000..b34b81b9b2
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nginx/nginx_1.28.1.bb
@@ -0,0 +1,5 @@
+require nginx.inc
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=3dc49537b08b14c8b66ad247bb4c4593"
+
+SRC_URI[sha256sum] = 
"40e7a0916d121e8905ef50f2a738b675599e42b2224a582dd938603fed15788e"
-- 
2.43.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#123119): 
https://lists.openembedded.org/g/openembedded-devel/message/123119
Mute This Topic: https://lists.openembedded.org/mt/117074714/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to