Index | Thread | Search

From:
Mark Patruck <mark@wrapped.cx>
Subject:
www/nginx 1.30.2 - fixing CVE-2026-9256 (buffer overflow)
To:
Robert Nagy <robert@openbsd.org>
Cc:
ports@openbsd.org
Date:
Sat, 23 May 2026 11:18:38 +0200

Download raw body.

Thread 
Update to www/nginx 1.30.2 released yesterday fixing

- CVE-2026-9256 (buffer overflow in ngx_http_rewrite_module)


Index: Makefile
===================================================================
RCS file: /cvs/ports/www/nginx/Makefile,v
retrieving revision 1.203
diff -u -p -r1.203 Makefile
--- Makefile	14 May 2026 06:57:09 -0000	1.203
+++ Makefile	23 May 2026 09:16:51 -0000
@@ -19,7 +19,7 @@ COMMENT-securelink=	nginx HMAC secure li
  COMMENT-stream=		nginx TCP/UDP proxy module
  COMMENT-xslt=		nginx XSLT filter module
  
-VERSION=	1.30.1
+VERSION=	1.30.2
  DISTNAME=	nginx-${VERSION}
  CATEGORIES=	www
  
Index: distinfo
===================================================================
RCS file: /cvs/ports/www/nginx/distinfo,v
retrieving revision 1.98
diff -u -p -r1.98 distinfo
--- distinfo	14 May 2026 06:57:09 -0000	1.98
+++ distinfo	23 May 2026 09:16:51 -0000
@@ -4,7 +4,7 @@ SHA256 (kvspb-nginx-auth-ldap-83c059b735
  SHA256 (leev-ngx_http_geoip2_module-3.4.tar.gz) = rXL8IzSNcVozCZSYRTH6ubNgbhYEgyNnN/mkppV9lFI=
  SHA256 (nbs-system-naxsi-d714f1636ea49a9a9f4f06dba14aee003e970834.tar.gz) = 2+IXdBFFfxy6mO5Gc84xh2mUrQa9zl7MDuZjhO8OQg4=
  SHA256 (nginx-1.30.0-chroot.patch) = verI7zwpFLZwG4rOIswpPlZUB1if66TDGL3HN2/RUAU=
-SHA256 (nginx-1.30.1.tar.gz) = mXZQANl0iWsxyliC2MJ5zj/n729cb58Kln7X/TQH+cw=
+SHA256 (nginx-1.30.2.tar.gz) = ffMJCQf8o8wORW1twAzrIw2nTqiAJs7/Cv/CnbvZrEw=
  SHA256 (nginx-modules-ngx_http_hmac_secure_link_module-48c4625fbbf51ed5a95bfec23fa444f6c3702e50.tar.gz) = ZXpA2rODS1enIREzlD1OqWwpWcv3NOUXH4eUOgOAmqg=
  SHA256 (nginx-njs-0.9.1.tar.gz) = YTZe6mnGhi/IpbXfUxUDrklJn2vNWvkySWuEhQooJKQ=
  SHA256 (openresty-headers-more-nginx-module-v0.34.tar.gz) = DA0s7SzolbP0XrKyMM2QUIqyp3MpnxU94UpD5EwSCbM=
@@ -17,7 +17,7 @@ SIZE (kvspb-nginx-auth-ldap-83c059b73566
  SIZE (leev-ngx_http_geoip2_module-3.4.tar.gz) = 8877
  SIZE (nbs-system-naxsi-d714f1636ea49a9a9f4f06dba14aee003e970834.tar.gz) = 237272
  SIZE (nginx-1.30.0-chroot.patch) = 8217
-SIZE (nginx-1.30.1.tar.gz) = 1325173
+SIZE (nginx-1.30.2.tar.gz) = 1325247
  SIZE (nginx-modules-ngx_http_hmac_secure_link_module-48c4625fbbf51ed5a95bfec23fa444f6c3702e50.tar.gz) = 6159
  SIZE (nginx-njs-0.9.1.tar.gz) = 966480
  SIZE (openresty-headers-more-nginx-module-v0.34.tar.gz) = 28827


--
Mark Patruck ( mark at wrapped.cx )
GPG key 0xF2865E51 / 187F F6D3 EE04 1DCE 1C74  F644 0D3C F66F F286 5E51
  
https://www.wrapped.cx