Diffusion FreeBSD ports repository 97b5c29202de

www/nginx-devel: security update from 1.29.0 to 1.29.1
97b5c29202de
Actions

Description

www/nginx-devel: security update from 1.29.0 to 1.29.1

*) Security: processing of a specially crafted login/password when using

the "none" authentication method in the ngx_mail_smtp_module might
cause worker process memory disclosure to the authentication server
(CVE-2025-53859).

*) Change: now TLSv1.3 certificate compression is disabled by default.

*) Feature: the "ssl_certificate_compression" directive.

*) Feature: support for 0-RTT in QUIC when using OpenSSL 3.5.1 or newer.

*) Bugfix: the 103 response might be buffered when using HTTP/2 and the

"early_hints" directive.

*) Bugfix: in handling "Host" and ":authority" header lines with equal

values when using HTTP/2; the bug had appeared in 1.17.9.

*) Bugfix: in handling "Host" header lines with a port when using

HTTP/3.

*) Bugfix: nginx could not be built on NetBSD 10.0.

*) Bugfix: in the "none" parameter of the "smtp_auth" directive.

</ChangeLog>

(cherry picked from commit a6440935658f86a10be651a8a32f6a259a9dae03)

Details

Provenance

osa	Authored on Aug 15 2025, 3:56 PM

Parents

R11:fd805f7c10e3: security/nss: update to 3.115

Branches

Unknown

Tags

Unknown

Event Timeline

osa committed R11:97b5c29202de: www/nginx-devel: security update from 1.29.0 to 1.29.1 (authored by osa).Aug 15 2025, 9:13 PM

Changes (2)

Path

Size

www/

nginx-devel/

Makefile

distinfo

R11:97b5c29202de

View Options

www/nginx-devel/Makefile