www/nginx: Update to 1.30.2
hanges with nginx 1.30.2 22 May
2026
*) Security: a heap memory buffer overflow might occur in a worker
process when using a configuration with overlapping captures in
ngx_http_rewrite_module, potentially resulting in arbitrary code
execution (CVE-2026-9256).
Thanks to Mufeed VH of Winfunc Research.
PR: 295498
Sponsored by: Netzkommune GmbH
[clang-tidy] Change IgnoreExternC default to true in modernize-use-using (#199189)
This prevents generating invalid C code in mixed-language headers by
leaving `typedef` declarations inside `extern "C"` blocks intact by
default.
Fixes #141394
www/anubis: Update to 1.25.0
Changelog:
1.25.0:
Add iplist2rule tool that lets admins turn an IP address blocklist into an Anubis ruleset.
Add Polish locale (#1292)
Fix honeypot and imprint links missing BASE_PREFIX when deployed behind a path prefix (#1402)
Add ANEXIA Sponsor logo to docs (#1409)
Improve idle performance in memory storage
Add HAProxy Configurations to Docs (#1424)
What's Changed
build(deps): bump the github-actions group with 4 updates by @dependabot[bot] in #1355
feat(localization): add Polish language translation by @btomaev in #1363
docs(known-instances): Alphabetical order + Add Valve Corporation by @p0008874 in #1352
test: basic nginx smoke test by @Xe in #1365
build(deps): bump the github-actions group with 3 updates by @dependabot[bot] in #1369
build(deps-dev): bump esbuild from 0.27.1 to 0.27.2 in the npm group by @dependabot[bot] in #1368
[31 lines not shown]
iSCSI ALUA: regression test for failover LUN-replace stall
Add an extended test that builds 2 targets (25 + 10 LUNs), opens an
iSCSI session to the standby on the 25-LUN target so the kernel has
tgt_devs to clean up during become_active, then triggers an ungraceful
failover via poweroff_vm. Asserts:
- /var/log/failover.log on the new master does not contain
'Failed to restart service "iscsitarget" after 15 seconds',
which would indicate the LUN-replace loop stalled.
- /sys/kernel/scst_tgt/async_lun_replace reads 0 after failover,
confirming reset_active released the parked cleanup work.
- All LUNs are reachable on the new master.
A function-scoped fixture handles recovery (start_vm, wait_for_backup,
wait_for_settle) so the cluster is restored to a clean two-node state
even if an assertion above failed.
Uses the dataset() asset helper rather than zvol() for lower
per-extent overhead at this scale.
Release parked async LUN-replace cleanup after DLM peer eviction
scst.async_lun_replace=1 now also tells the kernel to park the deferred
cleanup of old tgt_devs from each LUN replace until the flag is cleared.
This avoids stalling become_active on scst_dlm_lock_wait inside
scst_clear_reservation while the dead peer is still a DLM lockspace
member.
Add iscsi.scst.disable_async_lun_replace and call it from the end of
iscsi.alua.reset_active, after dlm.reset_active (which evicts the peer)
completes.
[clang] Use FileError in FileManager::getFileRef, getDirectoryRef (#199126)
Most callers are unchanged, since they either ignore the specific error
or have their own formatting of the error that includes both the path
and the errorToErrorCode-unwrapped value. However, for clients that just
forward the error it's helpful to ensure we do not lose track of the
filename that the error is associated with, so use FileError.
Incidentally remove two uses of errorToErrorCode that were being used
instead of consumeError; in both cases getOptionalFileRef was more
appropriate.
[lldb] Adopt LockedPtr in Module (NFC) (#199160)
Follow-up to #198941, which introduced Locked<T> and SharedLocked<T>.
Add GetObjectFileLocked, GetSymbolFileLocked, GetSymtabLocked, and
GetSectionListLocked alongside the existing accessors.
The locked variants cover two things:
1. They prevent the pointer from being swapped out from under the
caller. The old getters take m_mutex only during lazy initialization and
release it before returning. The unique_ptr or shared_ptr that owns the
pointee can therefore be reassigned by another thread while the caller
still holds the raw value. LockedPtr keeps the Module mutex held
alongside the borrowed pointer, pinning the binding for the lifetime of
the handle.
2. They serialize access to the pointee itself. This is not new, the
classes in question were already relying on the Module mutex for
synchronization.
[5 lines not shown]
[LV] Avoid stale VPTypeAnalysis cache in convertToStridedAccesses (#199222)
VPlanTransforms::convertToStridedAccesses calls
VPWidenMemoryRecipe::computeCost, which uses VPTypeAnalysis in
VPCostContext to infer the pointer type of the load address. However,
CachedTypes in VPTypeAnalysis may be invalidated since earlier
transformations in tryToBuildVPlan could erase recipes from the plan.
This pollutes the cache with stale types.
Fix this by creating a new VPCostContext locally scoped to
convertToStridedAccesses, ensuring VPTypeAnalysis reflects the current
plan state. This serves as a quick fix to prevent accidental reuse by
future transformations.
[lldb] Fix dummy target filtering regression in CommandInterpreter (#198949)
In #198429 (reland), CommandObject::GetTarget() was tightened to return
nullptr instead of the dummy target when no real target exists, unless
the command explicitly opts in via eCommandAllowsDummyTarget or standard
target requirements
However in CommandInterpreter::GetExecutionContext(bool
adopt_dummy_target) :
```
ExecutionContext
CommandInterpreter::GetExecutionContext(bool adopt_dummy_target) const {
return !m_overriden_exe_contexts.empty()
? m_overriden_exe_contexts.top()
: m_debugger.GetSelectedExecutionContext(adopt_dummy_target);
}
```
[31 lines not shown]
CI: enable FreeBSD 15.0-RELEASE in matrix
Add freebsd15-0r to the FreeBSD presets
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Signed-off-by: Christos Longros <chris.longros at gmail.com>
Closes #18561