{"id":2230831,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2230831/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/patch/20260430054033.8599-1-chakrabortyshubham66@gmail.com/","project":{"id":27,"url":"http://patchwork.ozlabs.org/api/1.1/projects/27/?format=json","name":"Buildroot development","link_name":"buildroot","list_id":"buildroot.buildroot.org","list_email":"buildroot@buildroot.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260430054033.8599-1-chakrabortyshubham66@gmail.com>","date":"2026-04-30T05:40:32","name":"[v2] package/nginx: security bump to version 1.28.3","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"39f75f887309a7afe49f94b7d1d88c4b7ca3335a","submitter":{"id":92564,"url":"http://patchwork.ozlabs.org/api/1.1/people/92564/?format=json","name":"Shubham Chakraborty","email":"chakrabortyshubham66@gmail.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/buildroot/patch/20260430054033.8599-1-chakrabortyshubham66@gmail.com/mbox/","series":[{"id":502203,"url":"http://patchwork.ozlabs.org/api/1.1/series/502203/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/list/?series=502203","date":"2026-04-30T05:40:32","name":"[v2] package/nginx: security bump to version 1.28.3","version":2,"mbox":"http://patchwork.ozlabs.org/series/502203/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2230831/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2230831/checks/","tags":{},"headers":{"Return-Path":"<buildroot-bounces@buildroot.org>","X-Original-To":["incoming-buildroot@patchwork.ozlabs.org","buildroot@buildroot.org"],"Delivered-To":["patchwork-incoming-buildroot@legolas.ozlabs.org","buildroot@buildroot.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=O4tstWeR;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=140.211.166.136; helo=smtp3.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)"],"Received":["from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g5jhH4mJ5z1yGq\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Thu, 30 Apr 2026 15:41:01 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby smtp3.osuosl.org (Postfix) with ESMTP id 953F761B73;\n\tThu, 30 Apr 2026 05:40:58 +0000 (UTC)","from smtp3.osuosl.org ([127.0.0.1])\n by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id rdCULRQB8PP5; Thu, 30 Apr 2026 05:40:57 +0000 (UTC)","from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp3.osuosl.org (Postfix) with ESMTP id BDE0861B70;\n\tThu, 30 Apr 2026 05:40:57 +0000 (UTC)","from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])\n by lists1.osuosl.org (Postfix) with ESMTP id 0BFDB18F\n for <buildroot@buildroot.org>; Thu, 30 Apr 2026 05:40:57 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n by smtp2.osuosl.org (Postfix) with ESMTP id E5ADD4235F\n for <buildroot@buildroot.org>; Thu, 30 Apr 2026 05:40:56 +0000 (UTC)","from smtp2.osuosl.org ([127.0.0.1])\n by localhost (smtp2.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id K3mXwjf0KdBU for <buildroot@buildroot.org>;\n Thu, 30 Apr 2026 05:40:55 +0000 (UTC)","from mail-pl1-x635.google.com (mail-pl1-x635.google.com\n [IPv6:2607:f8b0:4864:20::635])\n by smtp2.osuosl.org (Postfix) with ESMTPS id 8C2FD4208F\n for <buildroot@buildroot.org>; Thu, 30 Apr 2026 05:40:55 +0000 (UTC)","by mail-pl1-x635.google.com with SMTP id\n d9443c01a7336-2b788a98557so4231965ad.2\n for <buildroot@buildroot.org>; Wed, 29 Apr 2026 22:40:55 -0700 (PDT)","from fedora ([2409:40e5:1178:1c37:1cfb:6a83:ee5f:eeda])\n by smtp.gmail.com with ESMTPSA id\n d9443c01a7336-2b98893f5bcsm39532125ad.54.2026.04.29.22.40.46\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Wed, 29 Apr 2026 22:40:53 -0700 (PDT)"],"X-Virus-Scanned":["amavis at osuosl.org","amavis at osuosl.org"],"X-Comment":"SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ","DKIM-Filter":["OpenDKIM Filter v2.11.0 smtp3.osuosl.org BDE0861B70","OpenDKIM Filter v2.11.0 smtp2.osuosl.org 8C2FD4208F"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1777527657;\n\tbh=boaPRJLLBsKzYrNb9GgMnl32yjDMP+UbiIo1yFXe1zc=;\n\th=From:To:Cc:Date:In-Reply-To:References:Subject:List-Id:\n\t List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:\n\t From;\n\tb=O4tstWeRJYtP/IFPIvg6DAtTZ4oATuJYUsFmPWfuhkP9oG2hlGo7U5TtmEQG42/AF\n\t x3mF29REMLMmQFVAk72WdU13jndOpg5WbudCOKu54w+zM1RkRNQtR9HH5r0fQ+u9XP\n\t 71XVRsGnM+7fqUUM4b59ZAbMqMG/58SePTsnZQoMLackqNh24yrvAeJCFi/d6BhSAr\n\t 6R+F2tJ0V/C/dsSar9lf3g5PJaVZ0c8VXbcxlDbzJ65yWt7IvtP+fqeTGtOv+vVyZq\n\t ZpBTStfCYpeVJoOknoLY3iKjz5okDovvFy0Nu9S6ElDO3qtQzQCJ271n5pY1HPkP4P\n\t 6ILFHNS5usl7g==","Received-SPF":"Pass (mailfrom) identity=mailfrom;\n client-ip=2607:f8b0:4864:20::635; helo=mail-pl1-x635.google.com;\n envelope-from=chakrabortyshubham66@gmail.com; receiver=<UNKNOWN>","DMARC-Filter":"OpenDMARC Filter v1.4.2 smtp2.osuosl.org 8C2FD4208F","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1777527654; x=1778132454;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=ARcpwadYno0RUv1/55OtTPOZ7/OiXp22bEgE97rZVQc=;\n b=pb6f/N8SeZtPV8M6uVngEDpW+4kpCNzhE83fK7YNevR6j6qdP7kjmS33OBv487OzLd\n C7PlAZPKUm4ZNq2YUV0yLD/dVEwvXg3SRLHel8kxP9DfJzSx+21Uj9xlvwG5m/oUk0NO\n QwbsuWZb5LOFiFkZQXCCYxk9oNcuGk80AKlFdsu0GYzTihd+dmnyQKZOi70jiGGBNYIl\n ir0ffV+i+auXA+zZmRJTD1w8JLYz4sh6CctQyvSjtio7MJAcPElOxfapz9HO3PspX3yy\n ItPZ050dEnFSAUnJOjnZb97pQBg26vIDp9fGENM480B0DPdPt07y91oiUG9DaNp2/Aub\n PQzQ==","X-Gm-Message-State":"AOJu0Ywfczzpsnh4LbAObXDQgccLIjXCwylGi5y9UrTIM+4idIAMseub\n CsyANeNiNR/1TDFkrhQqm+ldsGoCDg8n44CoNq96WvUTBXdqzhma1SULoM7ODKCu","X-Gm-Gg":"AeBDieuV6gatPJY3NivOjkX6IknhSKf0VJloj8ate4nUBSf6BnYYBGpoTyCEuj6mcE1\n AoUXNUxyhVG49+gnfuv/nzVfYfSAiD0GqtUyB2Czbbdjj8IgoUcUbXVI//AskMBb3in1qhrLI53\n AA0mG23ZLTmDVQMov3+smyIfcJLO99FpqfJ/p/ZfCWzFuQljw47N5Mcw3/NQXhTKC7FVAFc5HCS\n 0fPXjlRPBdnvJYz14SXiY+r4I823MJxt07RgsdECTby9VuhQc0dTENVa3ayks6uT7hm4lhO4ACR\n p0Z8roSZdugGgE0CJZ6RQa/eqLn1t/VL68SGdDgGYRESTfAluQHk8Y0DEb5jD7scb+MPmBz5aj0\n RejMx29/zPHwZb7BvOI0IHbGaOsX8Kg4sxqBUULoNEClI3t3fIaP2J4MEkjcA7zsaX1V+YVJxIc\n TPnTE6DG8/pH19VRjDwJrsZpf7qxMzLiH3rTlGVXdP5RNt","X-Received":"by 2002:a17:903:1111:b0:2b4:5c20:ec7 with SMTP id\n d9443c01a7336-2b9a2877c96mr14599225ad.41.1777527653943;\n Wed, 29 Apr 2026 22:40:53 -0700 (PDT)","From":"Shubham Chakraborty <chakrabortyshubham66@gmail.com>","To":"buildroot@buildroot.org","Cc":"Shubham Chakraborty <chakrabortyshubham66@gmail.com>","Date":"Thu, 30 Apr 2026 11:10:32 +0530","Message-ID":"<20260430054033.8599-1-chakrabortyshubham66@gmail.com>","X-Mailer":"git-send-email 2.54.0","In-Reply-To":"<20260429170808.1144652-1-chakrabortyshubham66@gmail.com>","References":"<20260429170808.1144652-1-chakrabortyshubham66@gmail.com>","MIME-Version":"1.0","X-Mailman-Original-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1777527654; x=1778132454; darn=buildroot.org;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=ARcpwadYno0RUv1/55OtTPOZ7/OiXp22bEgE97rZVQc=;\n b=F9xj3F5t4MO2hz4NMyTyxgMxse792G2U2uAg2/bgI4dW8yMzMrO3D347AL0A0wPcqR\n AurRjNhZK84OVHIh/nfqp7KAMfU8q1lSpYsrBreks6zVbAK/QJVjK9ym2RgbHLeVFoOn\n rtG4KzojoNqs6UyoG+AkzgML2g4x7+J4bMrL3HOPKuzKorV0zrRljqWDBXpHQ7JNVmOb\n NH7wZjG22qzt4VLaTCICMO3RbQhUs/7LQK4nSxSrwyfxbngN/ahCgmdUIL0o1yXpyQQk\n 8/lqVOjH+UMW3868dwKZaZEo15V9ig802OYBvRlrZcEg1ehj/sIRoICJ3F7cbuoXbQ5Q\n 4YEQ==","X-Mailman-Original-Authentication-Results":["smtp2.osuosl.org;\n dmarc=pass (p=none dis=none)\n header.from=gmail.com","smtp2.osuosl.org;\n dkim=pass (2048-bit key,\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=F9xj3F5t"],"Subject":"[Buildroot] [PATCH v2] package/nginx: security bump to version\n 1.28.3","X-BeenThere":"buildroot@buildroot.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Discussion and development of buildroot <buildroot.buildroot.org>","List-Unsubscribe":"<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>","List-Archive":"<http://lists.buildroot.org/pipermail/buildroot/>","List-Post":"<mailto:buildroot@buildroot.org>","List-Help":"<mailto:buildroot-request@buildroot.org?subject=help>","List-Subscribe":"<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@buildroot.org","Sender":"\"buildroot\" <buildroot-bounces@buildroot.org>"},"content":"Fixes the following security issues:\n- CVE-2026-27654: Buffer overflow in ngx_http_dav_module when using the\n  alias directive with WebDAV COPY or MOVE requests.\n- CVE-2026-27784 & CVE-2026-32647: Buffer overflows in ngx_http_mp4_module\n  when processing specially crafted MP4 files.\n- CVE-2026-27651: NULL pointer dereference in the mail proxy module\n  during CRAM-MD5 or APOP authentication retries.\n- CVE-2026-28753: DNS PTR record manipulation in auth_http or SMTP proxy.\n- CVE-2026-28755: OCSP certificate check bypass in the stream module.\n\nFor a full list of changes, see:\nhttps://nginx.org/en/CHANGES-1.28\n\n---\nv1 -> v2:\n  - Bump to 1.28.3 (stable) instead of 1.29.7 (mainline) as requested\n    by Marcus Hoffmann.\n  - Highlight security fixes in the commit message.\n\nSigned-off-by: Shubham Chakraborty <chakrabortyshubham66@gmail.com>\n---\n package/nginx/nginx.hash | 2 +-\n package/nginx/nginx.mk   | 2 +-\n 2 files changed, 2 insertions(+), 2 deletions(-)","diff":"diff --git a/package/nginx/nginx.hash b/package/nginx/nginx.hash\nindex 7b79036b20..1d11937987 100644\n--- a/package/nginx/nginx.hash\n+++ b/package/nginx/nginx.hash\n@@ -1,4 +1,4 @@\n # Locally calculated after checking pgp signature\n-sha256  40e7a0916d121e8905ef50f2a738b675599e42b2224a582dd938603fed15788e  nginx-1.28.1.tar.gz\n+sha256  2c96a946bfb0882a21744ed429770a2123ae1828c7c48665092993ddee91a918  nginx-1.28.3.tar.gz\n # License files, locally calculated\n sha256  77c01620abf36ed747b7eca4bd271e49023fe3a8e2b3525bcf4b09c8e3aa28e4  LICENSE\ndiff --git a/package/nginx/nginx.mk b/package/nginx/nginx.mk\nindex 41490caee2..a8b7ee7319 100644\n--- a/package/nginx/nginx.mk\n+++ b/package/nginx/nginx.mk\n@@ -4,7 +4,7 @@\n #\n ################################################################################\n \n-NGINX_VERSION = 1.28.1\n+NGINX_VERSION = 1.28.3\n NGINX_SITE = https://nginx.org/download\n NGINX_LICENSE = BSD-2-Clause\n NGINX_LICENSE_FILES = LICENSE\n","prefixes":["v2"]}