On 2026-02-25 02:45, xumouren225588 via Cygwin-apps wrote:
Changes with nginx 1.28.2 04 Feb 2026
*) Security: an attacker might inject plain text data in the response from an
SSL backend (CVE-2026-1642).
*) Bugfix: use-after-free might occur after switching to the next gRPC or
HTTP/2 backend.
*) Bugfix: fixed warning when compiling with MSVC 2022 x86.
Please follow the processes linked below, using info elsewhere on that page:
https://cygwin.com/packaging-contributors-guide.html#adopt
https://cygwin.com/packaging-contributors-guide.html#submitting
You may simplify things if you check out repo:
https://cygwin.com/git/cygwin-packages/nginx
branch playground and make your cygport updates, then push to playground branch,
which will submit and run a job on GitHub Scallywag CI, which you can use to
reference your work.
From the source package summary page, the current release is 1.29.5, which may
be your ultimate target for stable release on branch main:
https://cygwin.com/packages/summary/nginx-src.html
Packaging policy follows Fedora guidelines, so reviewing nginx.spec and
accompanying patches under:
https://src.fedoraproject.org/rpms/nginx/blob/main/f/nginx.spec
https://src.fedoraproject.org/rpms/nginx/blob/rawhide/f/nginx.spec
https://src.fedoraproject.org/rpms/nginx/blob/stream-mainline/f/nginx.spec
and perhaps applying some of those patches may improve the result.
For use in organizations mandating security such as government, federal agencies
and contractors, and regulated industries including education, finance, health,
energy, and others, FIPS compliance is important and often supported in Fedora
packages or stream versions; see also:
https://docs.nginx.com/nginx/fips-compliance-nginx-plus/#ciphers-disabled-in-fips-mode
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retrancher but when there is no more to cut
-- Antoine de Saint-Exupéry
