another week, another bugfix release... trivial diff inline below, ok ?
https://nginx.org/en/CHANGES-1.30
*) Security: a heap memory buffer overflow might occur in a worker
process when using a configuration with "ignore_invalid_headers off;"
and "large_client_header_buffers" with large configured values when
proxying a specially crafted request to HTTP/2 or gRPC backend,
allowing an attacker to cause worker process memory corruption or
segmentation fault in a worker process (CVE-2026-42055).
Thanks to Mufeed VH of Winfunc Research.
*) Security: a heap memory buffer overread might occur in a worker
process while handling a specially sent response with decoding from
UTF-8 via the "charset_map" directive, allowing an attacker to cause
a limited disclosure of worker proccess memory or segmentation fault
in a worker process (CVE-2026-48142).
Thanks to Han Yan of Xiaomi and p4p3r of CYBERONE.
Index: Makefile
===================================================================
RCS file: /cvs/ports/www/nginx/Makefile,v
diff -u -r1.204 Makefile
--- Makefile 25 May 2026 17:28:01 -0000 1.204
+++ Makefile 18 Jun 2026 05:51:33 -0000
@@ -19,7 +19,7 @@
COMMENT-stream= nginx TCP/UDP proxy module
COMMENT-xslt= nginx XSLT filter module
-VERSION= 1.30.2
+VERSION= 1.30.3
DISTNAME= nginx-${VERSION}
CATEGORIES= www
Index: distinfo
===================================================================
RCS file: /cvs/ports/www/nginx/distinfo,v
diff -u -r1.99 distinfo
--- distinfo 25 May 2026 17:28:01 -0000 1.99
+++ distinfo 18 Jun 2026 05:51:33 -0000
@@ -4,7 +4,7 @@
SHA256 (leev-ngx_http_geoip2_module-3.4.tar.gz) =
rXL8IzSNcVozCZSYRTH6ubNgbhYEgyNnN/mkppV9lFI=
SHA256 (nbs-system-naxsi-d714f1636ea49a9a9f4f06dba14aee003e970834.tar.gz) =
2+IXdBFFfxy6mO5Gc84xh2mUrQa9zl7MDuZjhO8OQg4=
SHA256 (nginx-1.30.0-chroot.patch) =
verI7zwpFLZwG4rOIswpPlZUB1if66TDGL3HN2/RUAU=
-SHA256 (nginx-1.30.2.tar.gz) = ffMJCQf8o8wORW1twAzrIw2nTqiAJs7/Cv/CnbvZrEw=
+SHA256 (nginx-1.30.3.tar.gz) = 5YI9xvRWEJk975Pr9s/OaCZK9JWMd+h0t9IPNwkAG48=
SHA256
(nginx-modules-ngx_http_hmac_secure_link_module-48c4625fbbf51ed5a95bfec23fa444f6c3702e50.tar.gz)
= ZXpA2rODS1enIREzlD1OqWwpWcv3NOUXH4eUOgOAmqg=
SHA256 (nginx-njs-0.9.1.tar.gz) = YTZe6mnGhi/IpbXfUxUDrklJn2vNWvkySWuEhQooJKQ=
SHA256 (openresty-headers-more-nginx-module-v0.34.tar.gz) =
DA0s7SzolbP0XrKyMM2QUIqyp3MpnxU94UpD5EwSCbM=
@@ -17,7 +17,7 @@
SIZE (leev-ngx_http_geoip2_module-3.4.tar.gz) = 8877
SIZE (nbs-system-naxsi-d714f1636ea49a9a9f4f06dba14aee003e970834.tar.gz) =
237272
SIZE (nginx-1.30.0-chroot.patch) = 8217
-SIZE (nginx-1.30.2.tar.gz) = 1325247
+SIZE (nginx-1.30.3.tar.gz) = 1325830
SIZE
(nginx-modules-ngx_http_hmac_secure_link_module-48c4625fbbf51ed5a95bfec23fa444f6c3702e50.tar.gz)
= 6159
SIZE (nginx-njs-0.9.1.tar.gz) = 966480
SIZE (openresty-headers-more-nginx-module-v0.34.tar.gz) = 28827