Date: Thu, 18 Jun 2026 16:12:03 +0000 From: Jochen Neumeister <joneum@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: fa2d9148c35e - main - www/nginx-devel: Update to 1.31.2 Message-ID: <6a3418d3.46f02.7e5f3809@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by joneum: URL: https://cgit.FreeBSD.org/ports/commit/?id=fa2d9148c35ea341b0f21b4646764cfd4e8527a1 commit fa2d9148c35ea341b0f21b4646764cfd4e8527a1 Author: Jochen Neumeister <joneum@FreeBSD.org> AuthorDate: 2026-06-18 16:10:59 +0000 Commit: Jochen Neumeister <joneum@FreeBSD.org> CommitDate: 2026-06-18 16:10:59 +0000 www/nginx-devel: Update to 1.31.2 Changes with nginx 1.31.2 17 Jun 2026 *) Security: use-after-free might occur when using HTTP/3 and processing a specially crafted QUIC session, allowing an attacker to cause worker process memory corruption or segmentation fault in a worker process (CVE-2026-42530). Thanks to Trung Nguyen of CyStack. *) Security: a heap memory buffer overflow might occur in a worker process when using a configuration with "ignore_invalid_headers off;" and "large_client_header_buffers" with large configured values when proxying a specially crafted request to HTTP/2 or gRPC backend, allowing an attacker to cause worker process memory corruption or segmentation fault in a worker process (CVE-2026-42055). Thanks to Mufeed VH of Winfunc Research. *) Security: a heap memory buffer overread might occur in a worker process while handling a specially sent response with decoding from UTF-8 via the "charset_map" directive, allowing an attacker to cause a limited disclosure of worker proccess memory or segmentation fault in a worker process (CVE-2026-48142). Thanks to Han Yan of Xiaomi and p4p3r of CYBERONE. *) Change: now the $request_id variable uses SipHash-2-4. *) Feature: the $ssl_sigalgs variable. *) Bugfix: a variable defined by the "split_clients" directive might be empty if all percentages were specified explicitly and summed up to 100%. *) Bugfix: constant time "secure_link" hash comparison. Thanks to kodareef5. Sponsored by: Netzkommune GmbH --- www/nginx-acme/Makefile | 2 +- www/nginx-acme/distinfo | 6 +++--- www/nginx-devel/Makefile | 2 +- www/nginx-devel/distinfo | 6 +++--- www/nginx-devel/version.mk | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/www/nginx-acme/Makefile b/www/nginx-acme/Makefile index b0396799a512..b9c3335dc626 100644 --- a/www/nginx-acme/Makefile +++ b/www/nginx-acme/Makefile @@ -1,6 +1,6 @@ PORTNAME= acme PORTVERSION= 0.3.1 -PORTREVISION= 7 +PORTREVISION= 8 CATEGORIES= www MASTER_SITES= https://github.com/nginx/nginx-${PORTNAME}/releases/download/v${PORTVERSION}/:acme \ https://nginx.org/download/:nginx diff --git a/www/nginx-acme/distinfo b/www/nginx-acme/distinfo index 64f0927902a8..8b96017ba8b2 100644 --- a/www/nginx-acme/distinfo +++ b/www/nginx-acme/distinfo @@ -1,10 +1,10 @@ -TIMESTAMP = 1781796317 +TIMESTAMP = 1781798762 SHA256 (nginx-acme-0.3.1.tar.gz) = be3d3d10f042930a3bf348731698eadb7003d224a863c53b719ccd28721572c3 SIZE (nginx-acme-0.3.1.tar.gz) = 99486 SHA256 (nginx-1.30.3.tar.gz) = e5823dc6f45610993def93ebf6cfce68264af4958c77e874b7d20f3709001b8f SIZE (nginx-1.30.3.tar.gz) = 1325830 -SHA256 (nginx-1.31.0.tar.gz) = 6d5b00d45393af2e4e7c52a442d2a198f0ccbc7678ed062a46f403edd833ebaa -SIZE (nginx-1.31.0.tar.gz) = 1337335 +SHA256 (nginx-1.31.2.tar.gz) = af2a957c41da636ddc4f883e4523c6d140b4784dbce42000c364ae5092aa473c +SIZE (nginx-1.31.2.tar.gz) = 1339618 SHA256 (rust/crates/aho-corasick-1.1.4.crate) = ddd31a130427c27518df266943a5308ed92d4b226cc639f5a8f1002816174301 SIZE (rust/crates/aho-corasick-1.1.4.crate) = 184015 SHA256 (rust/crates/allocator-api2-0.3.1.crate) = c583acf993cf4245c4acb0a2cc2ab1f9cc097de73411bb6d3647ff6af2b1013d diff --git a/www/nginx-devel/Makefile b/www/nginx-devel/Makefile index dc887fdbb75b..7949bb6a3328 100644 --- a/www/nginx-devel/Makefile +++ b/www/nginx-devel/Makefile @@ -1,7 +1,7 @@ PORTNAME?= nginx PORTVERSION= ${NGINX_VERSION} .include "version.mk" -PORTREVISION= 3 +PORTREVISION= 0 CATEGORIES= www MASTER_SITES= https://nginx.org/download/ \ LOCAL/osa diff --git a/www/nginx-devel/distinfo b/www/nginx-devel/distinfo index 55355dcdaf6d..47d72b1f51c2 100644 --- a/www/nginx-devel/distinfo +++ b/www/nginx-devel/distinfo @@ -1,6 +1,6 @@ -TIMESTAMP = 1781448913 -SHA256 (nginx-1.31.0.tar.gz) = 6d5b00d45393af2e4e7c52a442d2a198f0ccbc7678ed062a46f403edd833ebaa -SIZE (nginx-1.31.0.tar.gz) = 1337335 +TIMESTAMP = 1781798737 +SHA256 (nginx-1.31.2.tar.gz) = af2a957c41da636ddc4f883e4523c6d140b4784dbce42000c364ae5092aa473c +SIZE (nginx-1.31.2.tar.gz) = 1339618 SHA256 (nginx_mogilefs_module-1.0.4.tar.gz) = 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae SIZE (nginx_mogilefs_module-1.0.4.tar.gz) = 11208 SHA256 (passenger-6.1.2.tar.gz) = 94400a52e536cfdd8acf2accb47badb7a67dc309452f1b05600da67343f25bf8 diff --git a/www/nginx-devel/version.mk b/www/nginx-devel/version.mk index 7f62669fe9b4..97d18ade9f33 100644 --- a/www/nginx-devel/version.mk +++ b/www/nginx-devel/version.mk @@ -1 +1 @@ -NGINX_VERSION= 1.31.0 +NGINX_VERSION= 1.31.2home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a3418d3.46f02.7e5f3809>
