hey, i have already committed an update

On 18/06/26 07:54 +0200, Landry Breuil wrote:
> another week, another bugfix release... trivial diff inline below, ok ?
> 
> https://nginx.org/en/CHANGES-1.30
> 
>     *) Security: a heap memory buffer overflow might occur in a worker
>        process when using a configuration with "ignore_invalid_headers off;"
>        and "large_client_header_buffers" with large configured values when
>        proxying a specially crafted request to HTTP/2 or gRPC backend,
>        allowing an attacker to cause worker process memory corruption or
>        segmentation fault in a worker process (CVE-2026-42055).
>        Thanks to Mufeed VH of Winfunc Research.
> 
>     *) Security: a heap memory buffer overread might occur in a worker
>        process while handling a specially sent response with decoding from
>        UTF-8 via the "charset_map" directive, allowing an attacker to cause
>        a limited disclosure of worker proccess memory or segmentation fault
>        in a worker process (CVE-2026-48142).
>        Thanks to Han Yan of Xiaomi and p4p3r of CYBERONE.
> 
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/www/nginx/Makefile,v
> diff -u -r1.204 Makefile
> --- Makefile    25 May 2026 17:28:01 -0000      1.204
> +++ Makefile    18 Jun 2026 05:51:33 -0000
> @@ -19,7 +19,7 @@
>  COMMENT-stream=                nginx TCP/UDP proxy module
>  COMMENT-xslt=          nginx XSLT filter module
>  
> -VERSION=       1.30.2
> +VERSION=       1.30.3
>  DISTNAME=      nginx-${VERSION}
>  CATEGORIES=    www
>  
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/www/nginx/distinfo,v
> diff -u -r1.99 distinfo
> --- distinfo    25 May 2026 17:28:01 -0000      1.99
> +++ distinfo    18 Jun 2026 05:51:33 -0000
> @@ -4,7 +4,7 @@
>  SHA256 (leev-ngx_http_geoip2_module-3.4.tar.gz) = 
> rXL8IzSNcVozCZSYRTH6ubNgbhYEgyNnN/mkppV9lFI=
>  SHA256 (nbs-system-naxsi-d714f1636ea49a9a9f4f06dba14aee003e970834.tar.gz) = 
> 2+IXdBFFfxy6mO5Gc84xh2mUrQa9zl7MDuZjhO8OQg4=
>  SHA256 (nginx-1.30.0-chroot.patch) = 
> verI7zwpFLZwG4rOIswpPlZUB1if66TDGL3HN2/RUAU=
> -SHA256 (nginx-1.30.2.tar.gz) = ffMJCQf8o8wORW1twAzrIw2nTqiAJs7/Cv/CnbvZrEw=
> +SHA256 (nginx-1.30.3.tar.gz) = 5YI9xvRWEJk975Pr9s/OaCZK9JWMd+h0t9IPNwkAG48=
>  SHA256 
> (nginx-modules-ngx_http_hmac_secure_link_module-48c4625fbbf51ed5a95bfec23fa444f6c3702e50.tar.gz)
>  = ZXpA2rODS1enIREzlD1OqWwpWcv3NOUXH4eUOgOAmqg=
>  SHA256 (nginx-njs-0.9.1.tar.gz) = 
> YTZe6mnGhi/IpbXfUxUDrklJn2vNWvkySWuEhQooJKQ=
>  SHA256 (openresty-headers-more-nginx-module-v0.34.tar.gz) = 
> DA0s7SzolbP0XrKyMM2QUIqyp3MpnxU94UpD5EwSCbM=
> @@ -17,7 +17,7 @@
>  SIZE (leev-ngx_http_geoip2_module-3.4.tar.gz) = 8877
>  SIZE (nbs-system-naxsi-d714f1636ea49a9a9f4f06dba14aee003e970834.tar.gz) = 
> 237272
>  SIZE (nginx-1.30.0-chroot.patch) = 8217
> -SIZE (nginx-1.30.2.tar.gz) = 1325247
> +SIZE (nginx-1.30.3.tar.gz) = 1325830
>  SIZE 
> (nginx-modules-ngx_http_hmac_secure_link_module-48c4625fbbf51ed5a95bfec23fa444f6c3702e50.tar.gz)
>  = 6159
>  SIZE (nginx-njs-0.9.1.tar.gz) = 966480
>  SIZE (openresty-headers-more-nginx-module-v0.34.tar.gz) = 28827

-- 
Regards,
Robert Nagy

Reply via email to