GNU bug report logs - #78302
[PATCH v2] Update nginx to 1.27.5, and add QUIC support

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix-patches; Reported by: Ashish SHUKLA <ashish.is@HIDDEN>; Keywords: patch; dated Wed, 7 May 2025 19:36:02 UTC; Maintainer for guix-patches is guix-patches@HIDDEN.
Changed bug title to '[PATCH v2] Update nginx to 1.27.5, and add QUIC support' from '[PATCH] Update nginx to 1.27.5, and add QUIC support [security-fixes]' Request was from "Ashish SHUKLA" <ashish.is@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at 78302 <at> debbugs.gnu.org:


Received: (at 78302) by debbugs.gnu.org; 11 Jun 2025 22:18:19 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Jun 11 18:18:19 2025
Received: from localhost ([127.0.0.1]:52884 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1uPTly-0002Dm-UU
	for submit <at> debbugs.gnu.org; Wed, 11 Jun 2025 18:18:19 -0400
Received: from anamika.lostca.se ([65.21.75.227]:41422)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <ashish.is@HIDDEN>)
 id 1uPTlw-0002Ca-Do
 for 78302 <at> debbugs.gnu.org; Wed, 11 Jun 2025 18:18:17 -0400
Received: from localhost.localdomain
 (2a02-9140-3881-5400-004b-3467-835f-7892.red-2a02-914.customerbaf.ipv6.rima-tde.net
 [IPv6:2a02:9140:3881:5400:4b:3467:835f:7892])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested) (Authenticated sender: abbe)
 by anamika.lostca.se (Postfix) with ESMTPSA id D6DE42886E;
 Wed, 11 Jun 2025 22:18:09 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lostca.se; s=anamika; 
 t=1749680290;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=f71+NugiB5c+j4oiOlD2HMqO33Myz28AbC/UeLb6QQc=;
 b=EUfqA3SRuZFvtD4OZtpxyN9iza2IKa9jv4tQkcwExGF8ATWmS/TL4txHa+oTHf9PMRY/H1
 vj8hHSiyZ3wBSoP4OlMKPIDBChAQOwTRjiu8JTWtH+dtrgyC7BwlWrbdaiNTeT3mYB4HYJ
 ZiPwcplLXMrSrrZuOx3nmkdMBnNxdIs=
From: Ashish SHUKLA <ashish.is@HIDDEN>
To: 78302 <at> debbugs.gnu.org
Subject: [PATCH v2 3/3] gnu: Add nginx-http3.
Date: Thu, 12 Jun 2025 00:17:42 +0200
Message-ID: <67fccf4293646c164ab3f9c01bb9de826f5a5caf.1749680261.git.ashish.is@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <253854a2ccc50abdc0d6d8f534843fd91d7673e8.1749680261.git.ashish.is@HIDDEN>
References: <253854a2ccc50abdc0d6d8f534843fd91d7673e8.1749680261.git.ashish.is@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 78302
Cc: Ashish SHUKLA <ashish.is@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

This package uses boringssl for QUIC support in nginx.

* gnu/packages/web.scm: Add nginx-http3.

Change-Id: I05348d57d5fcd4be661c3500b186df5e05f24160
---
This revision addresses the lint warnings.


 gnu/packages/web.scm | 48 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index cc1b8b5724..5725ba2b45 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -125,6 +125,7 @@ (define-module (gnu packages web)
   #:use-module (gnu packages build-tools)
   #:use-module (gnu packages certs)
   #:use-module (gnu packages check)
+  #:use-module (gnu packages cmake)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages cpp)
   #:use-module (gnu packages crates-crypto)
@@ -714,6 +715,53 @@ (define-public nginx-documentation
        "This package provides HTML documentation for the nginx web server.")
       (license license:bsd-2))))
 
+(define-public nginx-http3
+  (let*
+    ((boringssl-commit "864a235afcf4d2575b1eab8de96fbf0d84f6cda9")
+     (boringssl
+       (origin
+         (method git-fetch)
+         (uri
+           (git-reference
+             (url "https://boringssl.googlesource.com/boringssl")
+             (commit boringssl-commit)))
+         (file-name (git-file-name "boringssl" boringssl-commit))
+         (sha256
+           (base32 "0ayd3519zyrwn9ccmlch3j7qvkg80az7z278n2vhrrl977dakyny")))))
+    (package
+      (inherit nginx)
+      (name "nginx-http3")
+      (inputs
+        (modify-inputs (package-inputs nginx)
+          (replace "openssl" boringssl)))
+      (native-inputs
+        (modify-inputs (package-native-inputs nginx)
+          (append cmake-minimal)))
+      (arguments
+        (substitute-keyword-arguments (package-arguments nginx)
+          ((#:phases phases #~(list))
+           #~(modify-phases #$phases
+               (add-before 'configure 'build-boringssl
+                 (lambda* (#:key inputs parallel-build? #:allow-other-keys)
+                   (mkdir-p "boringssl-build")
+                   (let ((boringssl-build-dir (string-append (getcwd)
+                                                             "/boringssl-build")))
+                     (with-directory-excursion (assoc-ref inputs "openssl")
+                       (invoke "cmake" (string-append "-B" boringssl-build-dir)
+                               "-DCMAKE_BUILD_TYPE=RelWithDebInfo")
+                       (invoke "make" "-C" boringssl-build-dir
+                         (string-append "-j"
+                           (if parallel-build?
+                               (number->string (parallel-job-count))
+                               "1")))))))))
+
+          ((#:configure-flags flags #~(list))
+           #~(cons* "--with-http_v3_module"
+                    (string-append "--with-cc-opt=-I"
+                      (assoc-ref %build-inputs "openssl") "/include")
+                    (string-append "--with-ld-opt=-Lboringssl-build -lstdc++")
+                    #$flags)))))))
+
 (define-public nginx-accept-language-module
   ;; Upstream has never made a release; use current commit instead.
   (let ((commit "2f69842f83dac77f7d98b41a2b31b13b87aeaba7")
-- 
2.49.0





Information forwarded to guix-patches@HIDDEN:
bug#78302; Package guix-patches. Full text available.

Message received at 78302 <at> debbugs.gnu.org:


Received: (at 78302) by debbugs.gnu.org; 11 Jun 2025 22:18:06 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Jun 11 18:18:05 2025
Received: from localhost ([127.0.0.1]:52881 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1uPTll-0002BP-97
	for submit <at> debbugs.gnu.org; Wed, 11 Jun 2025 18:18:05 -0400
Received: from anamika.lostca.se ([2a01:4f9:3b:505c::2]:36552)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <ashish.is@HIDDEN>)
 id 1uPTlg-00029D-Tw
 for 78302 <at> debbugs.gnu.org; Wed, 11 Jun 2025 18:18:02 -0400
Received: from localhost.localdomain
 (2a02-9140-3881-5400-004b-3467-835f-7892.red-2a02-914.customerbaf.ipv6.rima-tde.net
 [IPv6:2a02:9140:3881:5400:4b:3467:835f:7892])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested) (Authenticated sender: abbe)
 by anamika.lostca.se (Postfix) with ESMTPSA id 0E2292886C;
 Wed, 11 Jun 2025 22:17:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lostca.se; s=anamika; 
 t=1749680274;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=cFUkcnfh2yarzuKosq4HbizQVV+h2WLV2VbimmTt1eM=;
 b=OOXYMmQs9bk0c0Mw52KgudnEbibtEXr/l5Dx90rZwRf8xKBsq4sqVY/A3J4Y7XHSMLu2yL
 dNGEuGHNIGFF9pZXIrshtS5YH+d1NKwnlD6pUK2g/Qq5WxKTxbYEPC3lJdj1LiAo0+9OHn
 rDXc+Kz3GmIEWFV4lJUh0sm+b4b6EcY=
From: Ashish SHUKLA <ashish.is@HIDDEN>
To: 78302 <at> debbugs.gnu.org
Subject: [PATCH v2 2/3] gnu: nginx-documentation: Update to 1.27.5.
Date: Thu, 12 Jun 2025 00:17:40 +0200
Message-ID: <3b9726ba32fbc5be9ade0003e3813ed19356ea4f.1749680261.git.ashish.is@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <253854a2ccc50abdc0d6d8f534843fd91d7673e8.1749680261.git.ashish.is@HIDDEN>
References: <253854a2ccc50abdc0d6d8f534843fd91d7673e8.1749680261.git.ashish.is@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 78302
Cc: Ashish SHUKLA <ashish.is@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* gnu/packages/web.scm (nginx-documentation): Update to 1.27.5.

Change-Id: I2cb7f9c67284e509cc7b21653882593ad2321324
---
 gnu/packages/web.scm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 94a29e2a86..cc1b8b5724 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -665,9 +665,9 @@ (define-public nginx
 
 (define-public nginx-documentation
   ;; This documentation should be relevant for the current nginx package.
-  (let ((version "1.27.3")
-        (revision 3156)
-        (changeset "5c6ef6def8bc"))
+  (let ((version "1.27.5")
+        (revision 3198)
+        (changeset "5b736526489f"))
     (package
       (name "nginx-documentation")
       (version (simple-format #f "~A-~A-~A" version revision changeset))
@@ -679,7 +679,7 @@ (define-public nginx-documentation
                (file-name (string-append name "-" version))
                (sha256
                 (base32
-                 "09wdvgvsr7ayjz3ypq8qsm12idb9z626j5ibmknc8phm10gh8cgk"))))
+                 "04qbi7rczv28k4ainnvnv7xxf48jmh5ydxpnlzr4zdpkl7fjz0j3"))))
       (build-system gnu-build-system)
       (arguments
        '(#:tests? #f                    ; no test suite
-- 
2.49.0





Information forwarded to guix-patches@HIDDEN:
bug#78302; Package guix-patches. Full text available.

Message received at 78302 <at> debbugs.gnu.org:


Received: (at 78302) by debbugs.gnu.org; 11 Jun 2025 22:18:03 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Jun 11 18:18:03 2025
Received: from localhost ([127.0.0.1]:52877 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1uPTlh-0002AT-Ij
	for submit <at> debbugs.gnu.org; Wed, 11 Jun 2025 18:18:03 -0400
Received: from anamika.lostca.se ([65.21.75.227]:48734)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <ashish.is@HIDDEN>)
 id 1uPTlc-00028R-94
 for 78302 <at> debbugs.gnu.org; Wed, 11 Jun 2025 18:17:59 -0400
Received: from localhost.localdomain
 (2a02-9140-3881-5400-004b-3467-835f-7892.red-2a02-914.customerbaf.ipv6.rima-tde.net
 [IPv6:2a02:9140:3881:5400:4b:3467:835f:7892])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested) (Authenticated sender: abbe)
 by anamika.lostca.se (Postfix) with ESMTPSA id 784A3288F0;
 Wed, 11 Jun 2025 22:17:49 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lostca.se; s=anamika; 
 t=1749680269;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=i1Cjc7tOMoWvdwOzaSiJdRlO6Mlme+UuBSjafMkzSmU=;
 b=oWUBL5XN0btxBe9rrCn0A3iik2meWS6Ky5EowZMmzz+L+XVjtNGI27T6TxhShskCpDwQgK
 bWz+xN8oQiDotUffEf7E6xxQBmDqssPKhNrViwXvuAUDNj7WcRW2P4lH6q024rNlE47fJF
 JiS+GLTiNAUhItO9bBomXGytVAXe+zw=
From: Ashish SHUKLA <ashish.is@HIDDEN>
To: 78302 <at> debbugs.gnu.org
Subject: [PATCH v2 1/3] gnu: nginx: Update to 1.27.5. [security fixes]
Date: Thu, 12 Jun 2025 00:17:39 +0200
Message-ID: <253854a2ccc50abdc0d6d8f534843fd91d7673e8.1749680261.git.ashish.is@HIDDEN>
X-Mailer: git-send-email 2.49.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 78302
Cc: Ashish SHUKLA <ashish.is@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

This release includes fix for (CVE-2025-23419).

* gnu/packages/web.scm (nginx): Update to 1.27.5.

Change-Id: I45e89fc97a3536843e5af80ffb072db705fb3f84
---
 gnu/packages/web.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 22369cd3f5..94a29e2a86 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -567,14 +567,14 @@ (define-public nginx
     ;; Track the ‘mainline’ branch.  Upstream considers it more reliable than
     ;; ’stable’ and recommends that “in general you deploy the NGINX mainline
     ;; branch at all times” (https://www.nginx.com/blog/nginx-1-6-1-7-released/)
-    (version "1.27.3")
+    (version "1.27.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://nginx.org/download/nginx-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "00vrkdx0a6fpy8n0n7m9xws0dfa7dbb9pqnh3jv3c824ixbaj8xs"))))
+                "03nxfik3f7lj9lnj71nm1h7q26xsxhr1ppf302hbhv9akjxwwsp9"))))
     (build-system gnu-build-system)
     (inputs (list libxcrypt libxml2 libxslt openssl pcre zlib))
     (arguments

base-commit: 60828ad981b9d0673704f7a57e01fb6269852007
-- 
2.49.0





Information forwarded to guix-patches@HIDDEN:
bug#78302; Package guix-patches. Full text available.

Message received at 78302 <at> debbugs.gnu.org:


Received: (at 78302) by debbugs.gnu.org; 7 May 2025 19:37:43 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed May 07 15:37:43 2025
Received: from localhost ([127.0.0.1]:48009 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1uCkaM-0001ZJ-AZ
	for submit <at> debbugs.gnu.org; Wed, 07 May 2025 15:37:43 -0400
Received: from anamika.lostca.se ([2a01:4f9:3b:505c::2]:53642)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <ashish.is@HIDDEN>)
 id 1uCkaF-0001YJ-NA
 for 78302 <at> debbugs.gnu.org; Wed, 07 May 2025 15:37:36 -0400
Received: from localhost.localdomain
 (2a02-9140-3881-3600-1869-abbf-d3fd-8ceb.red-2a02-914.customerbaf.ipv6.rima-tde.net
 [IPv6:2a02:9140:3881:3600:1869:abbf:d3fd:8ceb])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested) (Authenticated sender: abbe)
 by anamika.lostca.se (Postfix) with ESMTPSA id CFF471FD4C;
 Wed,  7 May 2025 19:37:27 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lostca.se; s=anamika; 
 t=1746646648;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=7Ca57ZSFuUgNlHysQwjfdljXA0weSqluHq/6TW5W0YY=;
 b=r7pdwaR0lvzgEXoOVpi9RsPKL9h/qlmt9ss8Ss9BS1xYOaoFztHmb7hfgx/+v+CTdgLfbM
 rROgGATRbvnUMd/qbJWeYD2bE4HqnmlU1G/iKj44wJskl2zS6NPsTlmdgjc+RFK3PF9mm7
 xm+eOVgzUvV+zrfMzcoMmDYETpxD0FM=
From: Ashish SHUKLA <ashish.is@HIDDEN>
To: 78302 <at> debbugs.gnu.org
Subject: [PATCH 3/3] gnu: Add nginx-http3.
Date: Wed,  7 May 2025 21:37:14 +0200
Message-ID: <14148955ed0a90c32ce2daedd3854e9cc8391a6d.1746646353.git.ashish.is@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1746646353.git.ashish.is@HIDDEN>
References: <cover.1746646353.git.ashish.is@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 78302
Cc: Ashish SHUKLA <ashish.is@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

This package uses boringssl for QUIC support in nginx.

* gnu/packages/web.scm: Add nginx-http3.

Change-Id: I05348d57d5fcd4be661c3500b186df5e05f24160
---
 gnu/packages/web.scm | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index cab378e582..b4b33fa2f4 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -123,6 +123,7 @@ (define-module (gnu packages web)
   #:use-module (gnu packages build-tools)
   #:use-module (gnu packages certs)
   #:use-module (gnu packages check)
+  #:use-module (gnu packages cmake)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages cpp)
   #:use-module (gnu packages crates-crypto)
@@ -712,6 +713,49 @@ (define-public nginx-documentation
        "This package provides HTML documentation for the nginx web server.")
       (license license:bsd-2))))
 
+(define-public nginx-http3
+  (let* ((boringssl-commit "864a235afcf4d2575b1eab8de96fbf0d84f6cda9")
+         (boringssl (origin
+                      (method git-fetch)
+                      (uri
+                        (git-reference
+                          (url "https://boringssl.googlesource.com/boringssl")
+                          (commit boringssl-commit)))
+                      (file-name (git-file-name "boringssl" boringssl-commit))
+                      (sha256 (base32 "0ayd3519zyrwn9ccmlch3j7qvkg80az7z278n2vhrrl977dakyny")))))
+    (package
+      (inherit nginx)
+      (name "nginx-http3")
+      (inputs
+        (modify-inputs (package-inputs nginx)
+          (replace "openssl" boringssl)))
+      (native-inputs
+        (modify-inputs (package-native-inputs nginx)
+          (append cmake-minimal)))
+      (arguments
+        (substitute-keyword-arguments (package-arguments nginx)
+          ((#:phases phases #~(list))
+           #~(modify-phases #$phases
+               (add-before 'configure 'build-boringssl
+                 (lambda* (#:key inputs parallel-build? #:allow-other-keys)
+                   (mkdir-p "boringssl-build")
+                   (let ((boringssl-build-dir (string-append (getcwd) "/boringssl-build")))
+                     (with-directory-excursion (assoc-ref inputs "openssl")
+                       (invoke "cmake" (string-append "-B" boringssl-build-dir)
+                               "-DCMAKE_BUILD_TYPE=RelWithDebInfo")
+                       (invoke "make" "-C" boringssl-build-dir
+                         (string-append "-j"
+                           (if parallel-build?
+                               (number->string (parallel-job-count))
+                               "1")))))))))
+
+          ((#:configure-flags flags #~(list))
+           #~(cons* "--with-http_v3_module"
+                    (string-append "--with-cc-opt=-I"
+                      (assoc-ref %build-inputs "openssl") "/include")
+                    (string-append "--with-ld-opt=-Lboringssl-build -lstdc++")
+                    #$flags)))))))
+
 (define-public nginx-accept-language-module
   ;; Upstream has never made a release; use current commit instead.
   (let ((commit "2f69842f83dac77f7d98b41a2b31b13b87aeaba7")
-- 
2.49.0





Information forwarded to guix-patches@HIDDEN:
bug#78302; Package guix-patches. Full text available.

Message received at 78302 <at> debbugs.gnu.org:


Received: (at 78302) by debbugs.gnu.org; 7 May 2025 19:37:42 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed May 07 15:37:42 2025
Received: from localhost ([127.0.0.1]:48007 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1uCkaL-0001Z5-OA
	for submit <at> debbugs.gnu.org; Wed, 07 May 2025 15:37:42 -0400
Received: from anamika.lostca.se ([65.21.75.227]:40092)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <ashish.is@HIDDEN>)
 id 1uCkaD-0001YH-QJ
 for 78302 <at> debbugs.gnu.org; Wed, 07 May 2025 15:37:35 -0400
Received: from localhost.localdomain
 (2a02-9140-3881-3600-1869-abbf-d3fd-8ceb.red-2a02-914.customerbaf.ipv6.rima-tde.net
 [IPv6:2a02:9140:3881:3600:1869:abbf:d3fd:8ceb])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested) (Authenticated sender: abbe)
 by anamika.lostca.se (Postfix) with ESMTPSA id 37A731FAEE;
 Wed,  7 May 2025 19:37:27 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lostca.se; s=anamika; 
 t=1746646647;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=myul0/uy02zSsrbpTIRP10ZJOygCGn22lyKgCPVFA8M=;
 b=K6lo1bQvoLr+6dY+xiy/rtAzwetlRju5Qa/U+cLy3dKbc9b+2/L21mdwqOLew1TOGZAI8E
 Sk24e45RmRsrtMiVjDTTtiifkOt4e7fdFzCbj6OqZ+v3wvCvI+4lA3uYu6L4ve6F6h6e/c
 OjIh+prtYtRUyODb4yV2xkWTgnbXwVI=
From: Ashish SHUKLA <ashish.is@HIDDEN>
To: 78302 <at> debbugs.gnu.org
Subject: [PATCH 2/3] gnu: nginx-documentation: Update to 1.27.5.
Date: Wed,  7 May 2025 21:37:13 +0200
Message-ID: <5abcd2523b269bd83f7b6f28c78cdbe77e7e6779.1746646353.git.ashish.is@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1746646353.git.ashish.is@HIDDEN>
References: <cover.1746646353.git.ashish.is@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 78302
Cc: Ashish SHUKLA <ashish.is@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* gnu/packages/web.scm (nginx-documentation): Update to 1.27.5.

Change-Id: I2cb7f9c67284e509cc7b21653882593ad2321324
---
 gnu/packages/web.scm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index df7d376d9a..cab378e582 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -663,9 +663,9 @@ (define-public nginx
 
 (define-public nginx-documentation
   ;; This documentation should be relevant for the current nginx package.
-  (let ((version "1.27.3")
-        (revision 3156)
-        (changeset "5c6ef6def8bc"))
+  (let ((version "1.27.5")
+        (revision 3198)
+        (changeset "5b736526489f"))
     (package
       (name "nginx-documentation")
       (version (simple-format #f "~A-~A-~A" version revision changeset))
@@ -677,7 +677,7 @@ (define-public nginx-documentation
                (file-name (string-append name "-" version))
                (sha256
                 (base32
-                 "09wdvgvsr7ayjz3ypq8qsm12idb9z626j5ibmknc8phm10gh8cgk"))))
+                 "04qbi7rczv28k4ainnvnv7xxf48jmh5ydxpnlzr4zdpkl7fjz0j3"))))
       (build-system gnu-build-system)
       (arguments
        '(#:tests? #f                    ; no test suite
-- 
2.49.0





Information forwarded to guix-patches@HIDDEN:
bug#78302; Package guix-patches. Full text available.

Message received at 78302 <at> debbugs.gnu.org:


Received: (at 78302) by debbugs.gnu.org; 7 May 2025 19:37:42 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed May 07 15:37:41 2025
Received: from localhost ([127.0.0.1]:48005 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1uCkaH-0001Yk-DR
	for submit <at> debbugs.gnu.org; Wed, 07 May 2025 15:37:41 -0400
Received: from anamika.lostca.se ([65.21.75.227]:40080)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <ashish.is@HIDDEN>)
 id 1uCkaD-0001YF-Px
 for 78302 <at> debbugs.gnu.org; Wed, 07 May 2025 15:37:34 -0400
Received: from localhost.localdomain
 (2a02-9140-3881-3600-1869-abbf-d3fd-8ceb.red-2a02-914.customerbaf.ipv6.rima-tde.net
 [IPv6:2a02:9140:3881:3600:1869:abbf:d3fd:8ceb])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested) (Authenticated sender: abbe)
 by anamika.lostca.se (Postfix) with ESMTPSA id 540141FD4A;
 Wed,  7 May 2025 19:37:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lostca.se; s=anamika; 
 t=1746646646;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=5IWTk9VRuBKWrUEP1q2uX+dG5iBmE23Aa3F8KPuepMk=;
 b=dquITkcvYin6tBNPHsWzb2NKBbpO6g5IdPMD4Pg+NCM1vqCBE1Ud/wJlgUyVqDOmevgV8K
 yLNWzdABF80Ni0yPkx+rUHDaT7X3hQj/dMiFlRGxUqdDs6t1i5YisTFY2JD/zhtaNV+/6g
 8mgtfO0RGQ/RJxw+qFW4wbcPsWJ5lG4=
From: Ashish SHUKLA <ashish.is@HIDDEN>
To: 78302 <at> debbugs.gnu.org
Subject: [PATCH 1/3] gnu: nginx: Update to 1.27.5. [security fixes]
Date: Wed,  7 May 2025 21:37:12 +0200
Message-ID: <87fe7bfc35852c873a499052bb5eaf4892f2a4dc.1746646353.git.ashish.is@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1746646353.git.ashish.is@HIDDEN>
References: <cover.1746646353.git.ashish.is@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 78302
Cc: Ashish SHUKLA <ashish.is@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

This release includes fix for (CVE-2025-23419).

* gnu/packages/web.scm (nginx): Update to 1.27.5.

Change-Id: I45e89fc97a3536843e5af80ffb072db705fb3f84
---
 gnu/packages/web.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index b3f998aca9..df7d376d9a 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -565,14 +565,14 @@ (define-public nginx
     ;; Track the ‘mainline’ branch.  Upstream considers it more reliable than
     ;; ’stable’ and recommends that “in general you deploy the NGINX mainline
     ;; branch at all times” (https://www.nginx.com/blog/nginx-1-6-1-7-released/)
-    (version "1.27.3")
+    (version "1.27.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://nginx.org/download/nginx-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "00vrkdx0a6fpy8n0n7m9xws0dfa7dbb9pqnh3jv3c824ixbaj8xs"))))
+                "03nxfik3f7lj9lnj71nm1h7q26xsxhr1ppf302hbhv9akjxwwsp9"))))
     (build-system gnu-build-system)
     (inputs (list libxcrypt libxml2 libxslt openssl pcre zlib))
     (arguments
-- 
2.49.0





Information forwarded to guix-patches@HIDDEN:
bug#78302; Package guix-patches. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 7 May 2025 19:35:45 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed May 07 15:35:45 2025
Received: from localhost ([127.0.0.1]:47984 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1uCkYT-0001T0-3v
	for submit <at> debbugs.gnu.org; Wed, 07 May 2025 15:35:45 -0400
Received: from lists.gnu.org ([2001:470:142::17]:51182)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <ashish.is@HIDDEN>)
 id 1uCkYO-0001Sj-5h
 for submit <at> debbugs.gnu.org; Wed, 07 May 2025 15:35:40 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ashish.is@HIDDEN>)
 id 1uCkYG-0005nY-NF
 for guix-patches@HIDDEN; Wed, 07 May 2025 15:35:33 -0400
Received: from anamika.lostca.se ([65.21.75.227])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <ashish.is@HIDDEN>)
 id 1uCkYA-0002PQ-F3
 for guix-patches@HIDDEN; Wed, 07 May 2025 15:35:32 -0400
Received: from localhost.localdomain
 (2a02-9140-3881-3600-1869-abbf-d3fd-8ceb.red-2a02-914.customerbaf.ipv6.rima-tde.net
 [IPv6:2a02:9140:3881:3600:1869:abbf:d3fd:8ceb])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested) (Authenticated sender: abbe)
 by anamika.lostca.se (Postfix) with ESMTPSA id 302611FD46;
 Wed,  7 May 2025 19:35:20 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lostca.se; s=anamika; 
 t=1746646520;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=ZGfMmgMwG9+ffR1uW2Clq2Jh3rJYMgeI3Y41gH0TvjM=;
 b=CC2CuDPfeV3vw887uDIIBGVeG171ZsG2++732DkMT0Le1fhHwI1uVJe5ig4l5J4pwDfW0z
 5Jmynhr3B1hNTLPZaILO5XEo5Xr+qd9qYhp21f3WqNpsU0Yr6u6Y21JSd6z81FhQyKL0Lv
 ZmWZhuGQ2FMYSe5Z15oQG6lT38uxrnw=
From: Ashish SHUKLA <ashish.is@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH] Update nginx to 1.27.5, and add QUIC support [security-fixes]
Date: Wed,  7 May 2025 21:35:10 +0200
Message-ID: <cover.1746646353.git.ashish.is@HIDDEN>
X-Mailer: git-send-email 2.49.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=65.21.75.227; envelope-from=ashish.is@HIDDEN;
 helo=anamika.lostca.se
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,
 SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.9 (/)
X-Debbugs-Envelope-To: submit
Cc: Ashish SHUKLA <ashish.is@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.1 (/)

This patch updates nginx to 1.27.5, and adds another package
"nginx-http3" for HTTP3/QUIC support[0].

References:
[0] https://issues.guix.gnu.org/77536

Ashish SHUKLA (3):
  gnu: nginx: Update to 1.27.5. [security fixes]
  gnu: nginx-documentation: Update to 1.27.5.
  gnu: Add nginx-http3.

 gnu/packages/web.scm | 56 +++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 50 insertions(+), 6 deletions(-)


base-commit: 295a35ba20257e965c4eba8488de99fce7bf027f
-- 
2.49.0





Acknowledgement sent to Ashish SHUKLA <ashish.is@HIDDEN>:
New bug report received and forwarded. Copy sent to guix-patches@HIDDEN. Full text available.
Report forwarded to guix-patches@HIDDEN:
bug#78302; Package guix-patches. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Wed, 11 Jun 2025 22:30:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.