mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00

History

Changqing Li 6c9f1f8d45 nginx: fix CVE-2025-23419

CVE-2025-23419:
When multiple server blocks are configured to share the same IP address
and port, an attacker can use session resumption to bypass client
certificate authentication requirements on these servers. This
vulnerability arises when TLS Session Tickets
https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key
are used and/or the SSL session cache
https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache
are used in the default server and the default server is performing
client certificate authentication.   Note: Software versions which have
reached End of Technical Support (EoTS) are not evaluated.

Refer:
https://nvd.nist.gov/vuln/detail/CVE-2025-23419

This partially cherry picked from commit
13935cf9fdc3c8d8278c70716417d3b71c36140e, the original patch had 2
parts. One fixed problem in `http/ngx_http_request` module and the
second fixed problem in `stream/ngx_stream_ssl_module` module.  The fix
for `stream/ngx_stream_ssl_module can't be aplied because, the 'stream
virtual servers' funcionality was added later in this commit:
d21675228a.
Therefore only `http/ngx_http_request` part was backported.

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

2025-03-03 08:09:03 -05:00

conf

reproducibility: move repro excludes from AB config.json to meta-oe

2024-04-30 11:00:33 -07:00

files

static-id: add missing netdata group

2023-11-15 09:51:46 -08:00

licenses

OML: move license file from meta-oe to meta-webserver

2016-01-04 14:56:23 +01:00

recipes-core

images: Rename <layer>-image to <layer>-image-all

2023-10-06 08:37:21 -07:00

recipes-httpd

nginx: fix CVE-2025-23419

2025-03-03 08:09:03 -05:00

recipes-php

xdebug: upgrade 3.2.0 -> 3.2.2

2023-11-11 09:26:41 -08:00

recipes-support

spawn-fcgi: upgrade 1.6.4 -> 1.6.5

2023-03-09 23:45:17 -08:00

recipes-webadmin

netdata: version bump 1.43.2 -> 1.44.3

2024-02-21 19:59:52 -08:00

COPYING.MIT

Add meta-webserver layer

2012-10-03 13:34:32 +01:00

README.md

meta-openemnedded: Add myself as scarthgap maintainer

2024-03-27 20:07:53 -07:00

README.md

meta-webserver

This layer provides support for building web servers, web-based applications and related software.

Dependencies

This layer depends on:

URI: git://git.openembedded.org/openembedded-core subdirectory: meta branch: scarthgap

For some recipes, the meta-oe layer is required:

URI: git://git.openembedded.org/meta-openembedded subdirectory: meta-oe branch: scarthgap

Layout

recipes-httpd/ Web servers
recipes-php/ PHP applications
recipes-support/ Miscellaneous support recipes
recipes-webadmin/ Standalone web administration interfaces

Notes

This layer used to provide a modphp recipe that built mod_php, but this is now built as part of the php recipe in meta-oe. However, since apache2 is required to build mod_php, and apache2 recipe is in this layer and recipes in meta-oe can't depend on it, mod_php is not built by default. If you do wish to use mod_php, you need to add "apache2" to the PACKAGECONFIG value for the php recipe in order to enable it. See here for info on how to do that:

http://www.yoctoproject.org/docs/current/ref-manual/ref-manual.html#var-PACKAGECONFIG

Maintenance

Send patches / pull requests to openembedded-devel@lists.openembedded.org with '[meta-webserver][scarthgap]' in the subject.

When sending single patches, please using something like: git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-webserver][scarthgap][PATCH'

Layer maintainer: Armin Kuster akuster808@gmail.com

License

All metadata is MIT licensed unless otherwise stated. Source code included in tree for individual recipes is under the LICENSE stated in each recipe (.bb file) unless otherwise stated.