From f2be1069f18e0f7c0f87cffae0f304c118231231 Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Thu, 12 Feb 2026 15:10:21 +0100 Subject: nginx: upgrade 1.28.1 -> 1.28.2 Changelog: - Security: an attacker might inject plain text data in the response from an SSL backend (CVE-2026-1642). - Bugfix: use-after-free might occur after switching to the next gRPC or HTTP/2 backend. - Bugfix: fixed warning when compiling with MSVC 2022 x86. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --- meta-webserver/recipes-httpd/nginx/nginx_1.28.1.bb | 7 ------- meta-webserver/recipes-httpd/nginx/nginx_1.28.2.bb | 7 +++++++ 2 files changed, 7 insertions(+), 7 deletions(-) delete mode 100644 meta-webserver/recipes-httpd/nginx/nginx_1.28.1.bb create mode 100644 meta-webserver/recipes-httpd/nginx/nginx_1.28.2.bb (limited to 'meta-webserver/recipes-httpd') diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.28.1.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.28.1.bb deleted file mode 100644 index eaaf2b75e9..0000000000 --- a/meta-webserver/recipes-httpd/nginx/nginx_1.28.1.bb +++ /dev/null @@ -1,7 +0,0 @@ -require nginx.inc - -LIC_FILES_CHKSUM = "file://LICENSE;md5=3dc49537b08b14c8b66ad247bb4c4593" - -SRC_URI[sha256sum] = "40e7a0916d121e8905ef50f2a738b675599e42b2224a582dd938603fed15788e" - -CVE_STATUS[CVE-2025-53859] = "cpe-stable-backport: Fix is included in 1.28.1" diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.28.2.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.28.2.bb new file mode 100644 index 0000000000..9699b7189d --- /dev/null +++ b/meta-webserver/recipes-httpd/nginx/nginx_1.28.2.bb @@ -0,0 +1,7 @@ +require nginx.inc + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3dc49537b08b14c8b66ad247bb4c4593" + +SRC_URI[sha256sum] = "20e5e0f2c917acfb51120eec2fba9a4ba4e1e10fd28465067cc87a7d81a829a3" + +CVE_STATUS[CVE-2025-53859] = "cpe-stable-backport: Fix is included in 1.28.1" -- cgit v1.2.3-54-g00ecf