Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
From: Thomas Perale via buildroot <buildroot@buildroot.org>
To: Waldemar Brodkorb <wbx@openadk.org>
Cc: Thomas Perale <thomas.perale@mind.be>, buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH] package/nginx: security bump to 1.30.3
Date: Fri, 10 Jul 2026 15:52:11 +0200	[thread overview]
Message-ID: <20260710135211.760447-1-thomas.perale@mind.be> (raw)
In-Reply-To: <akYVJ5F5kodcxrfK@waldemar-brodkorb.de>

In reply of:
> Changes with nginx 1.30.3
> 
>     *) Security: a heap memory buffer overflow might occur in a worker
>        process when using a configuration with "ignore_invalid_headers off;"
>        and "large_client_header_buffers" with large configured values when
>        proxying a specially crafted request to HTTP/2 or gRPC backend,
>        allowing an attacker to cause worker process memory corruption or
>        segmentation fault in a worker process (CVE-2026-42055).
>        Thanks to Mufeed VH of Winfunc Research.
> 
>     *) Security: a heap memory buffer overread might occur in a worker
>        process while handling a specially sent response with decoding from
>        UTF-8 via the "charset_map" directive, allowing an attacker to cause
>        a limited disclosure of worker proccess memory or segmentation fault
>        in a worker process (CVE-2026-48142).
>        Thanks to Han Yan of Xiaomi and p4p3r of CYBERONE.
> 
> Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>

Applied to 2026.05.x & 2025.02.x. Thanks

> ---
>  package/nginx/nginx.hash | 2 +-
>  package/nginx/nginx.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/package/nginx/nginx.hash b/package/nginx/nginx.hash
> index 5055b4bd57..6c3afa889d 100644
> --- a/package/nginx/nginx.hash
> +++ b/package/nginx/nginx.hash
> @@ -1,4 +1,4 @@
>  # Locally calculated after checking pgp signature
> -sha256  7df3090907fca3cc0e456d6dc00ceb230da74ea88026ceff0affc29dbbd9ac4c  nginx-1.30.2.tar.gz
> +sha256  e5823dc6f45610993def93ebf6cfce68264af4958c77e874b7d20f3709001b8f  nginx-1.30.3.tar.gz
>  # License files, locally calculated
>  sha256  08845fe39e06b51dad7685c28140ab49577a86e947523e16b536a46caf89ad5c  LICENSE
> diff --git a/package/nginx/nginx.mk b/package/nginx/nginx.mk
> index 3f6aecebef..ad61ef6140 100644
> --- a/package/nginx/nginx.mk
> +++ b/package/nginx/nginx.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -NGINX_VERSION = 1.30.2
> +NGINX_VERSION = 1.30.3
>  NGINX_SITE = https://nginx.org/download
>  NGINX_LICENSE = BSD-2-Clause
>  NGINX_LICENSE_FILES = LICENSE
> -- 
> 2.47.3
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

      parent reply	other threads:[~2026-07-10 13:52 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-02  7:37 [Buildroot] [PATCH] package/nginx: security bump to 1.30.3 Waldemar Brodkorb
2026-07-02 16:53 ` Peter Korsgaard
2026-07-10 13:52 ` Thomas Perale via buildroot [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260710135211.760447-1-thomas.perale@mind.be \
    --to=buildroot@buildroot.org \
    --cc=thomas.perale@mind.be \
    --cc=wbx@openadk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox