CVS commit: pkgsrc/www/nginx

["Kimmo Suominen" <kim%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   kim
Date:           Thu Jun 18 07:13:08 UTC 2026

Modified Files:
        pkgsrc/www/nginx: Makefile distinfo

Log Message:
nginx: Update to 1.30.3

Changes with nginx 1.30.3                                        17 Jun 2026

    *) Security: a heap memory buffer overflow might occur in a worker
       process when using a configuration with "ignore_invalid_headers off;"
       and "large_client_header_buffers" with large configured values when
       proxying a specially crafted request to HTTP/2 or gRPC backend,
       allowing an attacker to cause worker process memory corruption or
       segmentation fault in a worker process (CVE-2026-42055).
       Thanks to Mufeed VH of Winfunc Research.

    *) Security: a heap memory buffer overread might occur in a worker
       process while handling a specially sent response with decoding from
       UTF-8 via the "charset_map" directive, allowing an attacker to cause
       a limited disclosure of worker proccess memory or segmentation fault
       in a worker process (CVE-2026-48142).
       Thanks to Han Yan of Xiaomi and p4p3r of CYBERONE.


To generate a diff of this commit:
cvs rdiff -u -r1.192 -r1.193 pkgsrc/www/nginx/Makefile
cvs rdiff -u -r1.142 -r1.143 pkgsrc/www/nginx/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/nginx/Makefile
diff -u pkgsrc/www/nginx/Makefile:1.192 pkgsrc/www/nginx/Makefile:1.193
--- pkgsrc/www/nginx/Makefile:1.192     Fri May 29 03:50:19 2026
+++ pkgsrc/www/nginx/Makefile   Thu Jun 18 07:13:08 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.192 2026/05/29 03:50:19 kim Exp $
+# $NetBSD: Makefile,v 1.193 2026/06/18 07:13:08 kim Exp $
 
-DISTNAME=      nginx-1.30.2
+DISTNAME=      nginx-1.30.3
 CATEGORIES=    www
 MASTER_SITES=  https://nginx.org/download/
 DISTFILES=     ${DEFAULT_DISTFILES}

Index: pkgsrc/www/nginx/distinfo
diff -u pkgsrc/www/nginx/distinfo:1.142 pkgsrc/www/nginx/distinfo:1.143
--- pkgsrc/www/nginx/distinfo:1.142     Fri May 29 03:50:19 2026
+++ pkgsrc/www/nginx/distinfo   Thu Jun 18 07:13:08 2026
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.142 2026/05/29 03:50:19 kim Exp $
+$NetBSD: distinfo,v 1.143 2026/06/18 07:13:08 kim Exp $
 
 BLAKE2s (array-var-nginx-module-0.06.tar.gz) = fa6ad2a2ce3c3eba3f69287b224e9c01fcaca29a083394ab74f2f655d3e2138b
 SHA512 (array-var-nginx-module-0.06.tar.gz) = bc72158856a1be18a26ee04c6b5b0f0a20bcce688610a493bf31e2a133e7eb12e11f7c18197a09a72b1513f6a08348ee5281b9d5b84cf43603539040ebd23c26
@@ -27,9 +27,9 @@ Size (naxsi-1.7-src-with-deps.tar.gz) = 
 BLAKE2s (nchan-1.3.7.tar.gz) = 27da0a52c9123186a321a01b02cb004eed0623110aafa6737dd43ceeff766010
 SHA512 (nchan-1.3.7.tar.gz) = 585c6f9107b84354e7f6c587f85cf554dd5c213b1e3baa75e0aee0b28520afb9cffff1812c32e81541a1f25773fc58d1b92ce6bd9d85accc12f37841633eb79b
 Size (nchan-1.3.7.tar.gz) = 665133 bytes
-BLAKE2s (nginx-1.30.2.tar.gz) = 455700847052d33cc47e322db8a242edf708dce9dfee88b4635bcc0a0a4f76a8
-SHA512 (nginx-1.30.2.tar.gz) = dbba779a15595a77f340795c3a06bf5f846f351a14738f36085b3251f053c6b2946f112640754b8470b541ca45319fb599111cffc06e5cf2ac2384e64d16348c
-Size (nginx-1.30.2.tar.gz) = 1325247 bytes
+BLAKE2s (nginx-1.30.3.tar.gz) = 45fe49e808e53478340bf7a269c18bd6ab732c5d4476321e2f96b71cc416f640
+SHA512 (nginx-1.30.3.tar.gz) = 13b479cb2e80bbe7e0b977bd762e70b0cb95c7ce5dc80da61ab59fbcf2da19eca266dc82a8ef1a8b8c8c19c22948abd1aa6a3817bf490880ae175f7e2f692495
+Size (nginx-1.30.3.tar.gz) = 1325830 bytes
 BLAKE2s (nginx-dav-ext-module-3.0.0.tar.gz) = 8e823ffd605d4fca00eb3ca92a0954ca35fb178397e0b990fea7d47580ee582f
 SHA512 (nginx-dav-ext-module-3.0.0.tar.gz) = d0193ba90f1ef46c4e470630c4394bdf99d94fd2e3bd8be6cb2ba1655ec59944b1269025f032b79dc2c6dad366e54389ef6a6da2ddeb91d535a4027f2162fbde
 Size (nginx-dav-ext-module-3.0.0.tar.gz) = 14558 bytes