Debian Patches

Status for nginx/1.28.1-3

Patch Description Author Forwarded Bugs Origin Last update
nginx-fix-pidfile.patch Fix NGINX pidfile handling Tj <ubuntu@iam.tj> no debian 2020-06-24
nginx-ssl_cert_cb_yield.patch # HG changeset patch
# User Yichun Zhang <agentzh@openresty.org>
# Date 1451762084 28800
# Sat Jan 02 11:14:44 2016 -0800
# Node ID 449f0461859c16e95bdb18e8be6b94401545d3dd
# Parent 78b4e10b4367b31367aad3c83c9c3acdd42397c4

OpenSSL 1.0.2+ introduces SSL_CTX_set_cert_cb() to allow custom
callbacks to serve the SSL certificiates and private keys dynamically
and lazily. The callbacks may yield for nonblocking I/O or sleeping.
Here we added support for such usage in NGINX 3rd-party modules
(like ngx_lua) in NGINX's event handlers for downstream SSL
connections.

===================================================================		 no https://github.com/openresty/openresty/blob/master/patches/nginx-1.21.4-ssl_cert_cb_yield.patch
override-uname.patch Override uname probing during configure Miao Wang <shankerwangmiao@gmail.com> no 2025-02-13
CVE-2026-1642.patch Upstream: detect premature plain text response from SSL backend.
When connecting to a backend, the connection write event is triggered
first in most cases. However if a response arrives quickly enough, both
read and write events can be triggered together within the same event loop
iteration. In this case the read event handler is called first and the
write event handler is called after it.

SSL initialization for backend connections happens only in the write event
handler since SSL handshake starts with sending Client Hello. Previously,
if a backend sent a quick plain text response, it could be parsed by the
read event handler prior to starting SSL handshake on the connection.
The change adds protection against parsing such responses on SSL-enabled
connections.		 Roman Arutyunyan <arut@nginx.com> no https://github.com/nginx/nginx/commit/784fa05025cb8cd0c770f99bc79d2794b9f85b6e 2026-01-29

All known versions for source package 'nginx'

Links