Index | Thread | Search

From:
"Sergey A. Osokin" <osa@freebsd.org>
Subject:
Re: [PATCH] fix CVE-2025-53859 for www/nginx
To:
ports@openbsd.org
Cc:
Robert Nagy <robert@openbsd.org>
Date:
Sun, 17 Aug 2025 11:58:13 +0000

Download raw body.

Thread 
Hi,

a quick update: I've found a way to simplify the patch, it's
needful to defined vendor's SITES.v equals to the original one.
Also, no need to define PATCH_DIST_STRIP once again, it's already
in place.

Could you please review and apply.

Thank you.

-- 
Sergey A. Osokin

On Sat, Aug 16, 2025 at 04:48:08PM +0000, Sergey A. Osokin wrote:
> Hi,
> 
> here's the update for the www/nginx port, it fixes the
> CVE-2025-53859 security issue with the product.

[skipped previous version of the patch]
Index: Makefile
===================================================================
RCS file: /cvs/ports/www/nginx/Makefile,v
diff -u -p -r1.193 Makefile
--- Makefile	24 Jul 2025 23:20:36 -0000	1.193
+++ Makefile	17 Aug 2025 11:57:07 -0000
@@ -21,9 +21,9 @@ COMMENT-stream=		nginx TCP/UDP proxy mod
 COMMENT-xslt=		nginx XSLT filter module
 
 VERSION=	1.28.0
-REVISION=	1
-REVISION-njs=		2
-REVISION-passenger=	2
+REVISION=	2
+REVISION-njs=		3
+REVISION-passenger=	3
 DISTNAME=	nginx-${VERSION}
 CATEGORIES=	www
 
@@ -157,6 +157,8 @@ CFLAGS+=	-Wall -Wpointer-arith \
 		-I "${LOCALBASE}/include"
 LDFLAGS+=	-L ${LOCALBASE}/lib -L ${X11BASE}/lib
 CONFIGURE_ENV+=	LDFLAGS="${LDFLAGS}"
+
+PATCHFILES+=		patch.2025.smtp.txt
 
 PATCHFILES.p+=		nginx-1.20.1-chroot.patch
 PATCH_DIST_STRIP=	-p1
Index: distinfo
===================================================================
RCS file: /cvs/ports/www/nginx/distinfo,v
diff -u -p -r1.93 distinfo
--- distinfo	24 Jul 2025 23:20:36 -0000	1.93
+++ distinfo	17 Aug 2025 11:57:07 -0000
@@ -10,6 +10,7 @@ SHA256 (nginx-njs-0.9.1.tar.gz) = YTZe6m
 SHA256 (openresty-headers-more-nginx-module-v0.34.tar.gz) = DA0s7SzolbP0XrKyMM2QUIqyp3MpnxU94UpD5EwSCbM=
 SHA256 (openresty-lua-nginx-module-v0.10.11.tar.gz) = wPuR/P0cbn3sNMpkgm74H/66/e9hdNJURnY284BWZiY=
 SHA256 (owasp-modsecurity-ModSecurity-nginx-v1.0.3.tar.gz) = MqQiVmFsxnTcokyGVDlzkK3/FbiIt363TgaH8CPIdRs=
+SHA256 (patch.2025.smtp.txt) = Gjg4BMXyUOgyJ0Qu8caCZ1sNhokmnK1dYH8fk6sFTb0=
 SHA256 (vision5-ngx_devel_kit-v0.3.3.tar.gz) = +qL81RaLEHZNNQgTVlEdX4TbXFJqGqS2rdLblLaFOys=
 SIZE (FRiCKLE-ngx_cache_purge-2.3.tar.gz) = 11717
 SIZE (arut-nginx-rtmp-module-v1.2.2.tar.gz) = 519934
@@ -23,4 +24,5 @@ SIZE (nginx-njs-0.9.1.tar.gz) = 966480
 SIZE (openresty-headers-more-nginx-module-v0.34.tar.gz) = 28827
 SIZE (openresty-lua-nginx-module-v0.10.11.tar.gz) = 616653
 SIZE (owasp-modsecurity-ModSecurity-nginx-v1.0.3.tar.gz) = 34063
+SIZE (patch.2025.smtp.txt) = 4220
 SIZE (vision5-ngx_devel_kit-v0.3.3.tar.gz) = 66561