[packages/nginx] Up to 1.19.2, headers to 0.38, mod security to 1.0.4; nginx fixes CVE-2025-53859

arekm arekm at pld-linux.org
Thu Aug 14 00:32:57 CEST 2025 

commit e70e38a220c9eaa6a7615f3adfc75680cb3ae263
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Thu Aug 14 00:32:44 2025 +0200

    Up to 1.19.2, headers to 0.38, mod security to 1.0.4; nginx fixes CVE-2025-53859

 modsecurity-gcc14.patch | 23 -----------------------
 nginx.spec              | 18 ++++++++----------
 2 files changed, 8 insertions(+), 33 deletions(-)
---
diff --git a/nginx.spec b/nginx.spec
index bbbf427..c54a46b 100644
--- a/nginx.spec
+++ b/nginx.spec
@@ -40,8 +40,8 @@
 %define		ssl_version	1.0.2
 %define		rtmp_version	1.2.2
 %define		vts_version	0.2.4
-%define		headers_more_version	0.38
-%define		modsecurity_version	1.0.3
+%define		headers_more_version	0.39
+%define		modsecurity_version	1.0.4
 %define		http_cache_purge_version	2.5.3
 
 Summary:	High perfomance HTTP and reverse proxy server
@@ -49,12 +49,12 @@ Summary(pl.UTF-8):	Serwer HTTP i odwrotne proxy o wysokiej wydajności
 # nginx mainline is recommended by nginx team: https://www.nginx.com/blog/nginx-1-6-1-7-released/
 # http://nginx.org/en/download.html
 Name:		nginx
-Version:	1.28.0
-Release:	3
+Version:	1.29.1
+Release:	1
 License:	BSD-like
 Group:		Networking/Daemons/HTTP
 Source0:	https://nginx.org/download/%{name}-%{version}.tar.gz
-# Source0-md5:	1ad2b6606c3709ed1268ca32ae447c21
+# Source0-md5:	060fdcccf3a825719319e2d9fa42d14d
 Source1:	https://nginx.org/favicon.ico
 # Source1-md5:	72e228c3809db53da8a884b6676ed36a
 Source2:	proxy.conf
@@ -66,18 +66,17 @@ Source14:	%{name}.conf
 Source17:	%{name}-mime.types.sh
 Source18:	%{name}.service
 Source33:	https://github.com/SpiderLabs/ModSecurity-nginx/releases/download/v%{modsecurity_version}/modsecurity-%{name}-v%{modsecurity_version}.tar.gz
-# Source33-md5:	b85e1996f81b51a06a32e73b3be4709d
+# Source33-md5:	500c37fefb2e3c8afa1245fff3b0d86d
 Source101:	https://github.com/arut/nginx-rtmp-module/archive/v%{rtmp_version}/%{name}-rtmp-module-%{rtmp_version}.tar.gz
 # Source101-md5:	9bb7a06aede38d9e36ad13dc1354d8f9
 Source102:	https://github.com/vozlt/nginx-module-vts/archive/v%{vts_version}.tar.gz
 # Source102-md5:	ed27608606c25d49d5facb56bc8d5256
 Source103:	https://github.com/openresty/headers-more-nginx-module/archive/v%{headers_more_version}.tar.gz
-# Source103-md5:	520e4099ea40b62069ec92534d723627
+# Source103-md5:	b4f2092439252e6a4ebd5c1741cffe42
 # https://github.com/nginx-modules/ngx_cache_purge
 Source104:	https://github.com/nginx-modules/ngx_cache_purge/archive/refs/tags/%{http_cache_purge_version}.tar.gz
 # Source104-md5:	bf92baae08e4c850825a8543c7d4aaa8
 Patch0:		%{name}-no-Werror.patch
-Patch1:		modsecurity-gcc14.patch
 URL:		https://nginx.org/
 BuildRequires:	mailcap
 BuildRequires:	pcre2-8-devel
@@ -306,7 +305,6 @@ Plik monitrc do monitorowania serwera WWW nginx.
 %prep
 %setup -q %{?with_rtmp:-a101} %{?with_modsecurity:-a33} %{?with_vts:-a102} %{?with_headers_more:-a103} -a104
 %patch -P0 -p0
-%{?with_modsecurity:%patch -P1 -p1 -d modsecurity-nginx-v%{modsecurity_version}}
 
 %if %{with rtmp}
 mv nginx-rtmp-module-%{rtmp_version} nginx-rtmp-module
@@ -382,7 +380,7 @@ cp -f configure auto/
 	%{?with_threads:--with-threads} \
 	%{?with_http2:--with-http_v2_module} \
 	%{?with_http3:--with-http_v3_module} \
-	%{?with_modsecurity:--add-dynamic-module=modsecurity-nginx-v%{modsecurity_version}} \
+	%{?with_modsecurity:--add-dynamic-module=ModSecurity-nginx-v%{modsecurity_version}} \
 	--with-http_secure_link_module \
 	%{?with_file_aio:--with-file-aio} \
 	%{nil}
diff --git a/modsecurity-gcc14.patch b/modsecurity-gcc14.patch
deleted file mode 100644
index 6e13b82..0000000
--- a/modsecurity-gcc14.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From 7d37ace7431ea9704faa98f29876bcd72ef4b1ff Mon Sep 17 00:00:00 2001
-From: Ervin Hegedus <airween at gmail.com>
-Date: Tue, 23 Apr 2024 21:42:02 +0200
-Subject: [PATCH] fix: Added missing header for conftest
-
----
- config | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/config b/config
-index c6e7467..3bf06a8 100644
---- a/config
-+++ b/config
-@@ -10,7 +10,8 @@
- 
- ngx_feature_name=
- ngx_feature_run=no
--ngx_feature_incs="#include <modsecurity/modsecurity.h>"
-+ngx_feature_incs="#include <modsecurity/modsecurity.h>
-+#include <stdio.h>"
- ngx_feature_libs="-lmodsecurity"
- ngx_feature_test='printf("hello");'
- ngx_modsecurity_opt_I=
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/nginx.git/commitdiff/e70e38a220c9eaa6a7615f3adfc75680cb3ae263

More information about the pld-cvs-commit mailing list