hey, i have already committed an update On 18/06/26 07:54 +0200, Landry Breuil wrote: > another week, another bugfix release... trivial diff inline below, ok ? > > https://nginx.org/en/CHANGES-1.30 > > *) Security: a heap memory buffer overflow might occur in a worker > process when using a configuration with "ignore_invalid_headers off;" > and "large_client_header_buffers" with large configured values when > proxying a specially crafted request to HTTP/2 or gRPC backend, > allowing an attacker to cause worker process memory corruption or > segmentation fault in a worker process (CVE-2026-42055). > Thanks to Mufeed VH of Winfunc Research. > > *) Security: a heap memory buffer overread might occur in a worker > process while handling a specially sent response with decoding from > UTF-8 via the "charset_map" directive, allowing an attacker to cause > a limited disclosure of worker proccess memory or segmentation fault > in a worker process (CVE-2026-48142). > Thanks to Han Yan of Xiaomi and p4p3r of CYBERONE. > > Index: Makefile > =================================================================== > RCS file: /cvs/ports/www/nginx/Makefile,v > diff -u -r1.204 Makefile > --- Makefile 25 May 2026 17:28:01 -0000 1.204 > +++ Makefile 18 Jun 2026 05:51:33 -0000 > @@ -19,7 +19,7 @@ > COMMENT-stream= nginx TCP/UDP proxy module > COMMENT-xslt= nginx XSLT filter module > > -VERSION= 1.30.2 > +VERSION= 1.30.3 > DISTNAME= nginx-${VERSION} > CATEGORIES= www > > Index: distinfo > =================================================================== > RCS file: /cvs/ports/www/nginx/distinfo,v > diff -u -r1.99 distinfo > --- distinfo 25 May 2026 17:28:01 -0000 1.99 > +++ distinfo 18 Jun 2026 05:51:33 -0000 > @@ -4,7 +4,7 @@ > SHA256 (leev-ngx_http_geoip2_module-3.4.tar.gz) = rXL8IzSNcVozCZSYRTH6ubNgbhYEgyNnN/mkppV9lFI= > SHA256 (nbs-system-naxsi-d714f1636ea49a9a9f4f06dba14aee003e970834.tar.gz) = 2+IXdBFFfxy6mO5Gc84xh2mUrQa9zl7MDuZjhO8OQg4= > SHA256 (nginx-1.30.0-chroot.patch) = verI7zwpFLZwG4rOIswpPlZUB1if66TDGL3HN2/RUAU= > -SHA256 (nginx-1.30.2.tar.gz) = ffMJCQf8o8wORW1twAzrIw2nTqiAJs7/Cv/CnbvZrEw= > +SHA256 (nginx-1.30.3.tar.gz) = 5YI9xvRWEJk975Pr9s/OaCZK9JWMd+h0t9IPNwkAG48= > SHA256 (nginx-modules-ngx_http_hmac_secure_link_module-48c4625fbbf51ed5a95bfec23fa444f6c3702e50.tar.gz) = ZXpA2rODS1enIREzlD1OqWwpWcv3NOUXH4eUOgOAmqg= > SHA256 (nginx-njs-0.9.1.tar.gz) = YTZe6mnGhi/IpbXfUxUDrklJn2vNWvkySWuEhQooJKQ= > SHA256 (openresty-headers-more-nginx-module-v0.34.tar.gz) = DA0s7SzolbP0XrKyMM2QUIqyp3MpnxU94UpD5EwSCbM= > @@ -17,7 +17,7 @@ > SIZE (leev-ngx_http_geoip2_module-3.4.tar.gz) = 8877 > SIZE (nbs-system-naxsi-d714f1636ea49a9a9f4f06dba14aee003e970834.tar.gz) = 237272 > SIZE (nginx-1.30.0-chroot.patch) = 8217 > -SIZE (nginx-1.30.2.tar.gz) = 1325247 > +SIZE (nginx-1.30.3.tar.gz) = 1325830 > SIZE (nginx-modules-ngx_http_hmac_secure_link_module-48c4625fbbf51ed5a95bfec23fa444f6c3702e50.tar.gz) = 6159 > SIZE (nginx-njs-0.9.1.tar.gz) = 966480 > SIZE (openresty-headers-more-nginx-module-v0.34.tar.gz) = 28827 -- Regards, Robert Nagy
Wednesday, June 17, 2026
UPDATE: R-4.5.3
Simple update R-4.5.3. Tested on amd64. I think we should recommend jdk 17 instead of out-of-support 11. Otherwise, version 4.6.0 is already available, but I'll leave that to the maintainer Cheers Rafael Index: Makefile =================================================================== RCS file: /cvs/ports/math/R/Makefile,v diff -u -p -u -p -r1.137 Makefile --- Makefile 2 Dec 2025 13:06:25 -0000 1.137 +++ Makefile 18 Jun 2026 05:42:14 -0000 @@ -1,5 +1,5 @@ COMMENT= powerful math/statistics/graphics language -DISTNAME= R-4.5.2 +DISTNAME= R-4.5.3 # When bumping SO_VERSION, adjust # math/rstudio/patches/patch-src_cpp_core_r_util_REnvironmentPosix_cpp @@ -17,9 +17,9 @@ MAINTAINER= Ingo Feinerer <feinerer@logi PERMIT_PACKAGE= Yes WANTLIB += ${COMPILER_LIBCXX} ${MODTK_WANTLIB} ${MODFORTRAN_WANTLIB} -WANTLIB += ICE SM X11 Xext Xmu Xss Xt bz2 c cairo curl deflate glib-2.0 -WANTLIB += gobject-2.0 harfbuzz iconv icui18n icuuc intl jpeg -WANTLIB += lzma m pango-1.0 pangocairo-1.0 pcre2-8 png pthread +WANTLIB += ICE SM X11 Xext Xmu Xss Xt bz2 c cairo curl deflate +WANTLIB += glib-2.0 gobject-2.0 harfbuzz iconv icui18n icuuc intl +WANTLIB += jpeg lzma m pango-1.0 pangocairo-1.0 pcre2-8 png pthread WANTLIB += readline tiff z zstd COMPILER = base-clang ports-gcc base-gcc @@ -48,7 +48,9 @@ LIB_DEPENDS= ${MODTK_LIB_DEPENDS} \ archivers/bzip2 \ archivers/libdeflate \ archivers/xz \ + archivers/zstd \ devel/glib2 \ + devel/harfbuzz \ devel/pango \ devel/pcre2 \ graphics/cairo \ Index: distinfo =================================================================== RCS file: /cvs/ports/math/R/distinfo,v diff -u -p -u -p -r1.62 distinfo --- distinfo 14 Nov 2025 06:11:10 -0000 1.62 +++ distinfo 18 Jun 2026 05:42:14 -0000 @@ -1,2 +1,2 @@ -SHA256 (R-4.5.2.tar.gz) = DXH/cQbsac18Z+HpXtGjzuNViAkx8ut4xTABSp43nyA= -SIZE (R-4.5.2.tar.gz) = 40546249 +SHA256 (R-4.5.3.tar.gz) = qlwe1Ck8cnGsUT1lRnA1asDopq1eQr4BQ2XREVC1uPI= +SIZE (R-4.5.3.tar.gz) = 40518619 Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/math/R/pkg/PLIST,v diff -u -p -u -p -r1.54 PLIST --- pkg/PLIST 25 Apr 2025 08:56:27 -0000 1.54 +++ pkg/PLIST 18 Jun 2026 05:42:14 -0000 @@ -1001,6 +1001,8 @@ lib/R/library/lattice/doc/index.html lib/R/library/lattice/help/ lib/R/library/lattice/help/AnIndex lib/R/library/lattice/help/aliases.rds +lib/R/library/lattice/help/figures/ +lib/R/library/lattice/help/figures/logo.svg lib/R/library/lattice/help/lattice.rdb lib/R/library/lattice/help/lattice.rdx lib/R/library/lattice/help/paths.rds Index: pkg/README =================================================================== RCS file: /cvs/ports/math/R/pkg/README,v diff -u -p -u -p -r1.11 README --- pkg/README 11 Mar 2022 19:36:11 -0000 1.11 +++ pkg/README 18 Jun 2026 05:42:14 -0000 @@ -9,7 +9,7 @@ libraries are located. Running: -# export JAVA_HOME=${LOCALBASE}/jdk-11 +# export JAVA_HOME=${LOCALBASE}/jdk-17 # ${TRUEPREFIX}/bin/R CMD javareconf as root, will update both ${TRUEPREFIX}/lib/R/etc/Makeconf and