From: "Sergey A. Osokin" Subject: Re: [PATCH] fix CVE-2025-53859 for www/nginx To: ports@openbsd.org Cc: Robert Nagy Date: Sun, 17 Aug 2025 11:58:13 +0000 Hi, a quick update: I've found a way to simplify the patch, it's needful to defined vendor's SITES.v equals to the original one. Also, no need to define PATCH_DIST_STRIP once again, it's already in place. Could you please review and apply. Thank you. -- Sergey A. Osokin On Sat, Aug 16, 2025 at 04:48:08PM +0000, Sergey A. Osokin wrote: > Hi, > > here's the update for the www/nginx port, it fixes the > CVE-2025-53859 security issue with the product. [skipped previous version of the patch] Index: Makefile =================================================================== RCS file: /cvs/ports/www/nginx/Makefile,v diff -u -p -r1.193 Makefile --- Makefile 24 Jul 2025 23:20:36 -0000 1.193 +++ Makefile 17 Aug 2025 11:57:07 -0000 @@ -21,9 +21,9 @@ COMMENT-stream= nginx TCP/UDP proxy mod COMMENT-xslt= nginx XSLT filter module VERSION= 1.28.0 -REVISION= 1 -REVISION-njs= 2 -REVISION-passenger= 2 +REVISION= 2 +REVISION-njs= 3 +REVISION-passenger= 3 DISTNAME= nginx-${VERSION} CATEGORIES= www @@ -157,6 +157,8 @@ CFLAGS+= -Wall -Wpointer-arith \ -I "${LOCALBASE}/include" LDFLAGS+= -L ${LOCALBASE}/lib -L ${X11BASE}/lib CONFIGURE_ENV+= LDFLAGS="${LDFLAGS}" + +PATCHFILES+= patch.2025.smtp.txt PATCHFILES.p+= nginx-1.20.1-chroot.patch PATCH_DIST_STRIP= -p1 Index: distinfo =================================================================== RCS file: /cvs/ports/www/nginx/distinfo,v diff -u -p -r1.93 distinfo --- distinfo 24 Jul 2025 23:20:36 -0000 1.93 +++ distinfo 17 Aug 2025 11:57:07 -0000 @@ -10,6 +10,7 @@ SHA256 (nginx-njs-0.9.1.tar.gz) = YTZe6m SHA256 (openresty-headers-more-nginx-module-v0.34.tar.gz) = DA0s7SzolbP0XrKyMM2QUIqyp3MpnxU94UpD5EwSCbM= SHA256 (openresty-lua-nginx-module-v0.10.11.tar.gz) = wPuR/P0cbn3sNMpkgm74H/66/e9hdNJURnY284BWZiY= SHA256 (owasp-modsecurity-ModSecurity-nginx-v1.0.3.tar.gz) = MqQiVmFsxnTcokyGVDlzkK3/FbiIt363TgaH8CPIdRs= +SHA256 (patch.2025.smtp.txt) = Gjg4BMXyUOgyJ0Qu8caCZ1sNhokmnK1dYH8fk6sFTb0= SHA256 (vision5-ngx_devel_kit-v0.3.3.tar.gz) = +qL81RaLEHZNNQgTVlEdX4TbXFJqGqS2rdLblLaFOys= SIZE (FRiCKLE-ngx_cache_purge-2.3.tar.gz) = 11717 SIZE (arut-nginx-rtmp-module-v1.2.2.tar.gz) = 519934 @@ -23,4 +24,5 @@ SIZE (nginx-njs-0.9.1.tar.gz) = 966480 SIZE (openresty-headers-more-nginx-module-v0.34.tar.gz) = 28827 SIZE (openresty-lua-nginx-module-v0.10.11.tar.gz) = 616653 SIZE (owasp-modsecurity-ModSecurity-nginx-v1.0.3.tar.gz) = 34063 +SIZE (patch.2025.smtp.txt) = 4220 SIZE (vision5-ngx_devel_kit-v0.3.3.tar.gz) = 66561