[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

Tue, 23 Dec 2025 19:38:51 -0800 

commit:     f4fc919dee84f5ce33916bebef026121e3a7bd6d
Author:     Zurab Kvachadze <zurabid2016 <AT> gmail <DOT> com>
AuthorDate: Tue Dec 23 21:21:18 2025 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Dec 24 03:37:38 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4fc919d

www-servers/nginx: add 1.28.1, CVE-2025-53859

Bugfix release. One of the fixes is the fix for CVE-2025-53859[1], quoting
the CHANGELOG[2]:

    Security: processing of a specially crafted login/password when
    using the "none" authentication method in the ngx_mail_smtp_module
    might cause worker process memory disclosure to the authentication
    server (CVE-2025-53859).

[1]: https://www.cve.org/CVERecord?id=CVE-2025-53859
[2]: https://nginx.org/en/CHANGES-1.28

Bug: https://bugs.gentoo.org/967910
Signed-off-by: Zurab Kvachadze <zurabid2016 <AT> gmail.com>
Part-of: https://github.com/gentoo/gentoo/pull/45143
Closes: https://github.com/gentoo/gentoo/pull/45143
Signed-off-by: Sam James <sam <AT> gentoo.org>

 www-servers/nginx/Manifest            |  2 ++
 www-servers/nginx/nginx-1.28.1.ebuild | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index a0184b9530cb..502e6187372c 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,11 +2,13 @@ DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 
859a29eb7f67d53a818578f1008f0d
 DIST nginx-1.26.3.tar.gz 1260179 BLAKE2B 
4ef731070e986d98fc1984717dec7fb766ed1a02b196c3ae9a69deea7093d17253b46c06f4eb812a19187be49e42c1a485a54ba3e2e639b5084ef2b0e2287212
 SHA512 
cd780e495796bf7413e54a6730d11d55127b0ca6563acf5c75eb2698f62cddbbf5ba61820c57b2316c0bb789fcfd17f98a27a84b525ed50f304d1b1043ffa05d
 DIST nginx-1.27.5.tar.gz 1279891 BLAKE2B 
6d7fd563d201e8ed985810e418f9981fd0adedf7b40bb3cf8278819a88ecaea148df7df69ff0240cfd028df86d92734e9d20449c2178d3e4b82e78bb0cef3e36
 SHA512 
5130bc2ec08a962b631ceb741ecb3dc0d84423ca50afb713d9c52c13af1e1bf5e2b0be226936d6dfbc7c2a45b44726ba478a571c6032099bc8ece85fe015ccbc
 DIST nginx-1.28.0.tar.gz 1280111 BLAKE2B 
abc8d3c83286cbb6bc4ba770809db8c300d7f469012cbf43b622131a2f9b8bb0415579575693a00de91830d5d0f9a615f50b1fc789c26bd6376c6f652dc80be5
 SHA512 
07d1ef078a73009c2aff0a5729a57f58f26512b71377715ef72cecdb249ef2ff69dd44df3d755a1de2a2721ee604e8a6cfac30a4cf8a45f0890b1746b68ee4d5
+DIST nginx-1.28.1.tar.gz 1282057 BLAKE2B 
dee5bb808bbde27049e6e87147930db97d2f97af1a327808a89ab2012ca156169c1254a62105a943d834f8895c5d69728760516e157377f02e306207266d2604
 SHA512 
5c540d8f6aa87bc1abc75b99baa9c7b203a3df3f31596682ed94bdd6ce90adbd723f087a1479a5f2760d9e0221c823c14ae161a17f272268ef424829f218c827
 DIST nginx-1.29.3.tar.gz 1289818 BLAKE2B 
64cdda889f0f468fadc44b3bd9a489c64e15b31fdfc714cf0d5e58f54c395f015ce7a89791a72830ef1fb035ab4cafdc5747414c328ed2236cdbb3453aee45ee
 SHA512 
5c317bd34d7246245ff8c1b6f11cc870aea48e813ab65d16cf173a69783b050b9bfb232c33dc4e360661405aa5f80dc544480600d1330509e09d27c502a21e73
 DIST nginx-1.29.4.tar.gz 1309500 BLAKE2B 
57f1856c201e9035495e04e4b49d6f070521d5213b1c32301ed888e8a974a4ca8ad58e2fc1033789d136f9165b8560780cdea0da1fbae29bc6468e0ce7512cfa
 SHA512 
8aedaef4e220442c2e0f974e6ac8b9cc236f27e7505145821099cee4ad5e067e8edae2ffc088cc02580ab8e601c2d6f57ccbc84aa950345f86b441dcedcbae52
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 
BLAKE2B 
22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333
 SHA512 
ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx-tests-06a36245e134eac985cdfc5fac982cb149f61412.tar.gz 315462 
BLAKE2B 
9c633ff0567c76e86593401262b7a4ff6cb6bbec991a1bcb4fd83322cdff93d9daae8911251a4581f475f05de465d3a1560ea83e643e9ba285cedc64a5dce2ec
 SHA512 
8835869ad3d8b8f0169eda0e00f871dfac90fdb4a396747d6d9a0d2aa02c1ec1dbb2c9c717860bf08de63c25e441b6072be13029208a0f7f0e95ed2c7b697341
 DIST nginx-tests-0b5ec15c62ed.tar.gz 282652 BLAKE2B 
af41397f88f7aa969749c6dd9a77c58d1835bca24fe764dd0af328d621817f5fb89b3f5b5c0fbd1e7db53d51365e9098b020005e27a531649bd8a51a05b3cbb0
 SHA512 
c376d23c7001c5203428b664c388e97956cdda8365eb7df57db0da5146d0806f5c35cd1352260d6803d55542f46a90da4a604ebf971055caa77dd6106930558e
+DIST nginx-tests-0fccfcef1278263416043e0bbb3e0116b84026e4.tar.gz 327867 
BLAKE2B 
347af6c5c88a704ee73355e7f31c0c3dd227d774f74728ccb08da32ffa8cb7a9bc96b756bdc238f5a21e734ca473b7f751fe82e3fe07e5b31879ed84d0957e57
 SHA512 
26936f517739e1e361a2dc10b4e21a37655be527e4b87e8578d97264b27f12abceffe5f90a57ab84f5fefbeccf12cf67a2866aa846bb9519a1e9e013d7d11b28
 DIST nginx-vod-module-1.33.tar.gz 471858 BLAKE2B 
fa5cb9fd185b30c5c53b25a6f103213b3d04dac5d2d81db72f9749a51548e09e3e17dccc636d748aff8d21c6623484c77fdeb10d70854480759665d140d42e0e
 SHA512 
29ef77f1bbdb2410ff317ebdd7434f31b8ec370ae6b617b92e745e87c11bc820b451181d1d2b57156b414348da14ac448b689b32b17ab418144292eda094512d
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B 
d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570
 SHA512 
6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
 DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 
450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c
 SHA512 
05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d

diff --git a/www-servers/nginx/nginx-1.28.1.ebuild 
b/www-servers/nginx/nginx-1.28.1.ebuild
new file mode 100644
index 000000000000..40c88269b812
--- /dev/null
+++ b/www-servers/nginx/nginx-1.28.1.ebuild
@@ -0,0 +1,34 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+NGINX_SUBSYSTEMS=(+http stream mail)
+NGINX_MODULES=(
+       
+http_{charset,gzip,ssi,userid,access,auth_basic,mirror,autoindex,geo,map}
+       +http_{split_clients,referer,rewrite,proxy,fastcgi,uwsgi,scgi,grpc}
+       +http_{memcached,limit_conn,limit_req,empty_gif,browser,upstream_hash}
+       +http_{upstream_ip_hash,upstream_least_conn,upstream_random}
+       +http_{upstream_keepalive,upstream_zone}
+       http_{ssl,v2,v3,realip,addition,xslt,image_filter,geoip,sub,dav,flv,mp4}
+       
http_{gunzip,gzip_static,auth_request,random_index,secure_link,degradation}
+       http_{slice,stub_status,perl}
+       +mail_{pop3,imap,smtp}
+       mail_ssl
+       +stream_{limit_conn,access,geo,map,split_clients,return,pass,set}
+       
+stream_{upstream_hash,upstream_least_conn,upstream_random,upstream_zone}
+       stream_{ssl,realip,geoip,ssl_preread}
+)
+NGINX_UPDATE_STREAM=stable
+NGINX_TESTS_COMMIT=0fccfcef1278263416043e0bbb3e0116b84026e4
+NGINX_MISC_FILES=(
+       nginx-{r2.logrotate,r2.service,r4.conf,r6.initd,r1.confd,r1.tmpfiles}
+)
+
+inherit nginx
+
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86"
+
+PATCHES=(
+       "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+)

Reply via email to