[Backport release-25.05] nginx: apply patch for CVE-2025-53859 (#433792)

2026-01-12 02:40:31 +08:00 · 2025-08-15 09:38:48 +02:00
parent 4a931a7a7c 02aa795323
commit c3a6f30dea
1 changed files with 7 additions and 0 deletions
--- a/pkgs/servers/http/nginx/generic.nix
+++ b/pkgs/servers/http/nginx/generic.nix
@@ -218,6 +218,13 @@ stdenv.mkDerivation {
        ./nix-etag-1.15.4.patch
        ./nix-skip-check-logs-path.patch
      ]
+      ++ lib.optionals (!lib.versionAtLeast version "1.29.1") [
+        (fetchpatch {
+          name = "CVE-2025-53859.patch";
+          url = "https://nginx.org/download/patch.2025.smtp.txt";
+          hash = "sha256-v49sLskFNMoKuG8HQISw8ST7ga6DS+ngJiL0D3sUyGk=";
+        })
+      ]
      ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
        (fetchpatch {
          url = "https://raw.githubusercontent.com/openwrt/packages/c057dfb09c7027287c7862afab965a4cd95293a3/net/nginx/patches/102-sizeof_test_fix.patch";