On Sat, May 23, 2026 at 11:18:38AM +0200, Mark Patruck wrote: > Update to www/nginx 1.30.2 released yesterday fixing > > - CVE-2026-9256 (buffer overflow in ngx_http_rewrite_module)
Thanks Mark. Your diff doesn't apply, your MUA likely mangled it - see format=flowed. The diff below does apply. I'll likely commit it later today unless robert@ beats me to it (ok jca@). The issue affects versions 0.1.17-1.31.0 according to https://nginx.org/en/security_advisories.html so I guess something ought to be done for 7.9 which is still at 1.28.3. Index: Makefile =================================================================== RCS file: /home/cvs/ports/www/nginx/Makefile,v diff -u -p -r1.203 Makefile --- Makefile 14 May 2026 06:57:09 -0000 1.203 +++ Makefile 25 May 2026 09:57:35 -0000 @@ -19,7 +19,7 @@ COMMENT-securelink= nginx HMAC secure li COMMENT-stream= nginx TCP/UDP proxy module COMMENT-xslt= nginx XSLT filter module -VERSION= 1.30.1 +VERSION= 1.30.2 DISTNAME= nginx-${VERSION} CATEGORIES= www Index: distinfo =================================================================== RCS file: /home/cvs/ports/www/nginx/distinfo,v diff -u -p -r1.98 distinfo --- distinfo 14 May 2026 06:57:09 -0000 1.98 +++ distinfo 25 May 2026 09:57:35 -0000 @@ -4,7 +4,7 @@ SHA256 (kvspb-nginx-auth-ldap-83c059b735 SHA256 (leev-ngx_http_geoip2_module-3.4.tar.gz) = rXL8IzSNcVozCZSYRTH6ubNgbhYEgyNnN/mkppV9lFI= SHA256 (nbs-system-naxsi-d714f1636ea49a9a9f4f06dba14aee003e970834.tar.gz) = 2+IXdBFFfxy6mO5Gc84xh2mUrQa9zl7MDuZjhO8OQg4= SHA256 (nginx-1.30.0-chroot.patch) = verI7zwpFLZwG4rOIswpPlZUB1if66TDGL3HN2/RUAU= -SHA256 (nginx-1.30.1.tar.gz) = mXZQANl0iWsxyliC2MJ5zj/n729cb58Kln7X/TQH+cw= +SHA256 (nginx-1.30.2.tar.gz) = ffMJCQf8o8wORW1twAzrIw2nTqiAJs7/Cv/CnbvZrEw= SHA256 (nginx-modules-ngx_http_hmac_secure_link_module-48c4625fbbf51ed5a95bfec23fa444f6c3702e50.tar.gz) = ZXpA2rODS1enIREzlD1OqWwpWcv3NOUXH4eUOgOAmqg= SHA256 (nginx-njs-0.9.1.tar.gz) = YTZe6mnGhi/IpbXfUxUDrklJn2vNWvkySWuEhQooJKQ= SHA256 (openresty-headers-more-nginx-module-v0.34.tar.gz) = DA0s7SzolbP0XrKyMM2QUIqyp3MpnxU94UpD5EwSCbM= @@ -17,7 +17,7 @@ SIZE (kvspb-nginx-auth-ldap-83c059b73566 SIZE (leev-ngx_http_geoip2_module-3.4.tar.gz) = 8877 SIZE (nbs-system-naxsi-d714f1636ea49a9a9f4f06dba14aee003e970834.tar.gz) = 237272 SIZE (nginx-1.30.0-chroot.patch) = 8217 -SIZE (nginx-1.30.1.tar.gz) = 1325173 +SIZE (nginx-1.30.2.tar.gz) = 1325247 SIZE (nginx-modules-ngx_http_hmac_secure_link_module-48c4625fbbf51ed5a95bfec23fa444f6c3702e50.tar.gz) = 6159 SIZE (nginx-njs-0.9.1.tar.gz) = 966480 SIZE (openresty-headers-more-nginx-module-v0.34.tar.gz) = 28827 -- jca
