Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 18 Jun 2026 16:12:03 +0000
From:      Jochen Neumeister <joneum@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: fa2d9148c35e - main - www/nginx-devel: Update to 1.31.2
Message-ID:  <6a3418d3.46f02.7e5f3809@gitrepo.freebsd.org>

index | next in thread | raw e-mail

The branch main has been updated by joneum:

URL: https://cgit.FreeBSD.org/ports/commit/?id=fa2d9148c35ea341b0f21b4646764cfd4e8527a1

commit fa2d9148c35ea341b0f21b4646764cfd4e8527a1
Author:     Jochen Neumeister <joneum@FreeBSD.org>
AuthorDate: 2026-06-18 16:10:59 +0000
Commit:     Jochen Neumeister <joneum@FreeBSD.org>
CommitDate: 2026-06-18 16:10:59 +0000

    www/nginx-devel: Update to 1.31.2
    
    Changes with nginx 1.31.2                                        17 Jun
    2026
    
        *) Security: use-after-free might occur when using HTTP/3 and
    processing
           a specially crafted QUIC session, allowing an attacker to cause
           worker process memory corruption or segmentation fault in a
    worker
           process (CVE-2026-42530).
           Thanks to Trung Nguyen of CyStack.
    
        *) Security: a heap memory buffer overflow might occur in a worker
           process when using a configuration with "ignore_invalid_headers
    off;"
           and "large_client_header_buffers" with large configured values
    when
           proxying a specially crafted request to HTTP/2 or gRPC backend,
           allowing an attacker to cause worker process memory corruption or
           segmentation fault in a worker process (CVE-2026-42055).
           Thanks to Mufeed VH of Winfunc Research.
    
        *) Security: a heap memory buffer overread might occur in a worker
           process while handling a specially sent response with decoding
    from
           UTF-8 via the "charset_map" directive, allowing an attacker to
    cause
           a limited disclosure of worker proccess memory or segmentation
    fault
           in a worker process (CVE-2026-48142).
           Thanks to Han Yan of Xiaomi and p4p3r of CYBERONE.
    
        *) Change: now the $request_id variable uses SipHash-2-4.
    
        *) Feature: the $ssl_sigalgs variable.
    
        *) Bugfix: a variable defined by the "split_clients" directive might
    be
           empty if all percentages were specified explicitly and summed up
    to
           100%.
    
        *) Bugfix: constant time "secure_link" hash comparison.
           Thanks to kodareef5.
    
    Sponsored by:   Netzkommune GmbH
---
 www/nginx-acme/Makefile    | 2 +-
 www/nginx-acme/distinfo    | 6 +++---
 www/nginx-devel/Makefile   | 2 +-
 www/nginx-devel/distinfo   | 6 +++---
 www/nginx-devel/version.mk | 2 +-
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/www/nginx-acme/Makefile b/www/nginx-acme/Makefile
index b0396799a512..b9c3335dc626 100644
--- a/www/nginx-acme/Makefile
+++ b/www/nginx-acme/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	acme
 PORTVERSION=	0.3.1
-PORTREVISION=	7
+PORTREVISION=	8
 CATEGORIES=	www
 MASTER_SITES=	https://github.com/nginx/nginx-${PORTNAME}/releases/download/v${PORTVERSION}/:acme \
 		https://nginx.org/download/:nginx
diff --git a/www/nginx-acme/distinfo b/www/nginx-acme/distinfo
index 64f0927902a8..8b96017ba8b2 100644
--- a/www/nginx-acme/distinfo
+++ b/www/nginx-acme/distinfo
@@ -1,10 +1,10 @@
-TIMESTAMP = 1781796317
+TIMESTAMP = 1781798762
 SHA256 (nginx-acme-0.3.1.tar.gz) = be3d3d10f042930a3bf348731698eadb7003d224a863c53b719ccd28721572c3
 SIZE (nginx-acme-0.3.1.tar.gz) = 99486
 SHA256 (nginx-1.30.3.tar.gz) = e5823dc6f45610993def93ebf6cfce68264af4958c77e874b7d20f3709001b8f
 SIZE (nginx-1.30.3.tar.gz) = 1325830
-SHA256 (nginx-1.31.0.tar.gz) = 6d5b00d45393af2e4e7c52a442d2a198f0ccbc7678ed062a46f403edd833ebaa
-SIZE (nginx-1.31.0.tar.gz) = 1337335
+SHA256 (nginx-1.31.2.tar.gz) = af2a957c41da636ddc4f883e4523c6d140b4784dbce42000c364ae5092aa473c
+SIZE (nginx-1.31.2.tar.gz) = 1339618
 SHA256 (rust/crates/aho-corasick-1.1.4.crate) = ddd31a130427c27518df266943a5308ed92d4b226cc639f5a8f1002816174301
 SIZE (rust/crates/aho-corasick-1.1.4.crate) = 184015
 SHA256 (rust/crates/allocator-api2-0.3.1.crate) = c583acf993cf4245c4acb0a2cc2ab1f9cc097de73411bb6d3647ff6af2b1013d
diff --git a/www/nginx-devel/Makefile b/www/nginx-devel/Makefile
index dc887fdbb75b..7949bb6a3328 100644
--- a/www/nginx-devel/Makefile
+++ b/www/nginx-devel/Makefile
@@ -1,7 +1,7 @@
 PORTNAME?=	nginx
 PORTVERSION=	${NGINX_VERSION}
 .include "version.mk"
-PORTREVISION=	3
+PORTREVISION=	0
 CATEGORIES=	www
 MASTER_SITES=	https://nginx.org/download/ \
 		LOCAL/osa
diff --git a/www/nginx-devel/distinfo b/www/nginx-devel/distinfo
index 55355dcdaf6d..47d72b1f51c2 100644
--- a/www/nginx-devel/distinfo
+++ b/www/nginx-devel/distinfo
@@ -1,6 +1,6 @@
-TIMESTAMP = 1781448913
-SHA256 (nginx-1.31.0.tar.gz) = 6d5b00d45393af2e4e7c52a442d2a198f0ccbc7678ed062a46f403edd833ebaa
-SIZE (nginx-1.31.0.tar.gz) = 1337335
+TIMESTAMP = 1781798737
+SHA256 (nginx-1.31.2.tar.gz) = af2a957c41da636ddc4f883e4523c6d140b4784dbce42000c364ae5092aa473c
+SIZE (nginx-1.31.2.tar.gz) = 1339618
 SHA256 (nginx_mogilefs_module-1.0.4.tar.gz) = 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae
 SIZE (nginx_mogilefs_module-1.0.4.tar.gz) = 11208
 SHA256 (passenger-6.1.2.tar.gz) = 94400a52e536cfdd8acf2accb47badb7a67dc309452f1b05600da67343f25bf8
diff --git a/www/nginx-devel/version.mk b/www/nginx-devel/version.mk
index 7f62669fe9b4..97d18ade9f33 100644
--- a/www/nginx-devel/version.mk
+++ b/www/nginx-devel/version.mk
@@ -1 +1 @@
-NGINX_VERSION=	1.31.0
+NGINX_VERSION=	1.31.2


home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a3418d3.46f02.7e5f3809>