another week, another bugfix release... trivial diff inline below, ok ?

https://nginx.org/en/CHANGES-1.30

    *) Security: a heap memory buffer overflow might occur in a worker
       process when using a configuration with "ignore_invalid_headers off;"
       and "large_client_header_buffers" with large configured values when
       proxying a specially crafted request to HTTP/2 or gRPC backend,
       allowing an attacker to cause worker process memory corruption or
       segmentation fault in a worker process (CVE-2026-42055).
       Thanks to Mufeed VH of Winfunc Research.

    *) Security: a heap memory buffer overread might occur in a worker
       process while handling a specially sent response with decoding from
       UTF-8 via the "charset_map" directive, allowing an attacker to cause
       a limited disclosure of worker proccess memory or segmentation fault
       in a worker process (CVE-2026-48142).
       Thanks to Han Yan of Xiaomi and p4p3r of CYBERONE.

Index: Makefile
===================================================================
RCS file: /cvs/ports/www/nginx/Makefile,v
diff -u -r1.204 Makefile
--- Makefile    25 May 2026 17:28:01 -0000      1.204
+++ Makefile    18 Jun 2026 05:51:33 -0000
@@ -19,7 +19,7 @@
 COMMENT-stream=                nginx TCP/UDP proxy module
 COMMENT-xslt=          nginx XSLT filter module
 
-VERSION=       1.30.2
+VERSION=       1.30.3
 DISTNAME=      nginx-${VERSION}
 CATEGORIES=    www
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/www/nginx/distinfo,v
diff -u -r1.99 distinfo
--- distinfo    25 May 2026 17:28:01 -0000      1.99
+++ distinfo    18 Jun 2026 05:51:33 -0000
@@ -4,7 +4,7 @@
 SHA256 (leev-ngx_http_geoip2_module-3.4.tar.gz) = 
rXL8IzSNcVozCZSYRTH6ubNgbhYEgyNnN/mkppV9lFI=
 SHA256 (nbs-system-naxsi-d714f1636ea49a9a9f4f06dba14aee003e970834.tar.gz) = 
2+IXdBFFfxy6mO5Gc84xh2mUrQa9zl7MDuZjhO8OQg4=
 SHA256 (nginx-1.30.0-chroot.patch) = 
verI7zwpFLZwG4rOIswpPlZUB1if66TDGL3HN2/RUAU=
-SHA256 (nginx-1.30.2.tar.gz) = ffMJCQf8o8wORW1twAzrIw2nTqiAJs7/Cv/CnbvZrEw=
+SHA256 (nginx-1.30.3.tar.gz) = 5YI9xvRWEJk975Pr9s/OaCZK9JWMd+h0t9IPNwkAG48=
 SHA256 
(nginx-modules-ngx_http_hmac_secure_link_module-48c4625fbbf51ed5a95bfec23fa444f6c3702e50.tar.gz)
 = ZXpA2rODS1enIREzlD1OqWwpWcv3NOUXH4eUOgOAmqg=
 SHA256 (nginx-njs-0.9.1.tar.gz) = YTZe6mnGhi/IpbXfUxUDrklJn2vNWvkySWuEhQooJKQ=
 SHA256 (openresty-headers-more-nginx-module-v0.34.tar.gz) = 
DA0s7SzolbP0XrKyMM2QUIqyp3MpnxU94UpD5EwSCbM=
@@ -17,7 +17,7 @@
 SIZE (leev-ngx_http_geoip2_module-3.4.tar.gz) = 8877
 SIZE (nbs-system-naxsi-d714f1636ea49a9a9f4f06dba14aee003e970834.tar.gz) = 
237272
 SIZE (nginx-1.30.0-chroot.patch) = 8217
-SIZE (nginx-1.30.2.tar.gz) = 1325247
+SIZE (nginx-1.30.3.tar.gz) = 1325830
 SIZE 
(nginx-modules-ngx_http_hmac_secure_link_module-48c4625fbbf51ed5a95bfec23fa444f6c3702e50.tar.gz)
 = 6159
 SIZE (nginx-njs-0.9.1.tar.gz) = 966480
 SIZE (openresty-headers-more-nginx-module-v0.34.tar.gz) = 28827

Reply via email to