GNU bug report logs -
#78765
[PATCH v2 1/3] gnu: nginx: Update to 1.27.5. [security fixes]
Previous Next
Reported by: Ashish SHUKLA <ashish.is <at> lostca.se>
Date: Wed, 11 Jun 2025 22:15:03 UTC
Severity: normal
Tags: patch
Done: "Ashish SHUKLA" <ashish.is <at> lostca.se>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 78765 in the body.
You can then email your comments to 78765 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#78765; Package
guix-patches.
(Wed, 11 Jun 2025 22:15:03 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Ashish SHUKLA <ashish.is <at> lostca.se>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Wed, 11 Jun 2025 22:15:03 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
This release includes fix for (CVE-2025-23419).
* gnu/packages/web.scm (nginx): Update to 1.27.5.
Change-Id: I45e89fc97a3536843e5af80ffb072db705fb3f84
---
gnu/packages/web.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 22369cd3f5..94a29e2a86 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -567,14 +567,14 @@ (define-public nginx
;; Track the ‘mainline’ branch. Upstream considers it more reliable than
;; ’stable’ and recommends that “in general you deploy the NGINX mainline
;; branch at all times” (https://www.nginx.com/blog/nginx-1-6-1-7-released/)
- (version "1.27.3")
+ (version "1.27.5")
(source (origin
(method url-fetch)
(uri (string-append "https://nginx.org/download/nginx-"
version ".tar.gz"))
(sha256
(base32
- "00vrkdx0a6fpy8n0n7m9xws0dfa7dbb9pqnh3jv3c824ixbaj8xs"))))
+ "03nxfik3f7lj9lnj71nm1h7q26xsxhr1ppf302hbhv9akjxwwsp9"))))
(build-system gnu-build-system)
(inputs (list libxcrypt libxml2 libxslt openssl pcre zlib))
(arguments
base-commit: 60828ad981b9d0673704f7a57e01fb6269852007
--
2.49.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#78765; Package
guix-patches.
(Wed, 11 Jun 2025 22:16:02 GMT)
Full text and
rfc822 format available.
Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/web.scm (nginx-documentation): Update to 1.27.5.
Change-Id: I2cb7f9c67284e509cc7b21653882593ad2321324
---
gnu/packages/web.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 94a29e2a86..cc1b8b5724 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -665,9 +665,9 @@ (define-public nginx
(define-public nginx-documentation
;; This documentation should be relevant for the current nginx package.
- (let ((version "1.27.3")
- (revision 3156)
- (changeset "5c6ef6def8bc"))
+ (let ((version "1.27.5")
+ (revision 3198)
+ (changeset "5b736526489f"))
(package
(name "nginx-documentation")
(version (simple-format #f "~A-~A-~A" version revision changeset))
@@ -679,7 +679,7 @@ (define-public nginx-documentation
(file-name (string-append name "-" version))
(sha256
(base32
- "09wdvgvsr7ayjz3ypq8qsm12idb9z626j5ibmknc8phm10gh8cgk"))))
+ "04qbi7rczv28k4ainnvnv7xxf48jmh5ydxpnlzr4zdpkl7fjz0j3"))))
(build-system gnu-build-system)
(arguments
'(#:tests? #f ; no test suite
--
2.49.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#78765; Package
guix-patches.
(Wed, 11 Jun 2025 22:16:03 GMT)
Full text and
rfc822 format available.
Message #11 received at submit <at> debbugs.gnu.org (full text, mbox):
This package uses boringssl for QUIC support in nginx.
* gnu/packages/web.scm: Add nginx-http3.
Change-Id: I05348d57d5fcd4be661c3500b186df5e05f24160
---
This revision addresses the lint warnings.
gnu/packages/web.scm | 48 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 48 insertions(+)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index cc1b8b5724..5725ba2b45 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -125,6 +125,7 @@ (define-module (gnu packages web)
#:use-module (gnu packages build-tools)
#:use-module (gnu packages certs)
#:use-module (gnu packages check)
+ #:use-module (gnu packages cmake)
#:use-module (gnu packages compression)
#:use-module (gnu packages cpp)
#:use-module (gnu packages crates-crypto)
@@ -714,6 +715,53 @@ (define-public nginx-documentation
"This package provides HTML documentation for the nginx web server.")
(license license:bsd-2))))
+(define-public nginx-http3
+ (let*
+ ((boringssl-commit "864a235afcf4d2575b1eab8de96fbf0d84f6cda9")
+ (boringssl
+ (origin
+ (method git-fetch)
+ (uri
+ (git-reference
+ (url "https://boringssl.googlesource.com/boringssl")
+ (commit boringssl-commit)))
+ (file-name (git-file-name "boringssl" boringssl-commit))
+ (sha256
+ (base32 "0ayd3519zyrwn9ccmlch3j7qvkg80az7z278n2vhrrl977dakyny")))))
+ (package
+ (inherit nginx)
+ (name "nginx-http3")
+ (inputs
+ (modify-inputs (package-inputs nginx)
+ (replace "openssl" boringssl)))
+ (native-inputs
+ (modify-inputs (package-native-inputs nginx)
+ (append cmake-minimal)))
+ (arguments
+ (substitute-keyword-arguments (package-arguments nginx)
+ ((#:phases phases #~(list))
+ #~(modify-phases #$phases
+ (add-before 'configure 'build-boringssl
+ (lambda* (#:key inputs parallel-build? #:allow-other-keys)
+ (mkdir-p "boringssl-build")
+ (let ((boringssl-build-dir (string-append (getcwd)
+ "/boringssl-build")))
+ (with-directory-excursion (assoc-ref inputs "openssl")
+ (invoke "cmake" (string-append "-B" boringssl-build-dir)
+ "-DCMAKE_BUILD_TYPE=RelWithDebInfo")
+ (invoke "make" "-C" boringssl-build-dir
+ (string-append "-j"
+ (if parallel-build?
+ (number->string (parallel-job-count))
+ "1")))))))))
+
+ ((#:configure-flags flags #~(list))
+ #~(cons* "--with-http_v3_module"
+ (string-append "--with-cc-opt=-I"
+ (assoc-ref %build-inputs "openssl") "/include")
+ (string-append "--with-ld-opt=-Lboringssl-build -lstdc++")
+ #$flags)))))))
+
(define-public nginx-accept-language-module
;; Upstream has never made a release; use current commit instead.
(let ((commit "2f69842f83dac77f7d98b41a2b31b13b87aeaba7")
--
2.49.0
bug closed, send any further explanations to
78765 <at> debbugs.gnu.org and Ashish SHUKLA <ashish.is <at> lostca.se>
Request was from
"Ashish SHUKLA" <ashish.is <at> lostca.se>
to
control <at> debbugs.gnu.org.
(Wed, 11 Jun 2025 22:22:03 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Thu, 10 Jul 2025 11:24:11 GMT)
Full text and
rfc822 format available.
This bug report was last modified 35 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.