www/nginx-devel: Update to 1.31.2
Changes with nginx 1.31.2 17 Jun
2026
*) Security: use-after-free might occur when using HTTP/3 and
processing
a specially crafted QUIC session, allowing an attacker to cause
worker process memory corruption or segmentation fault in a
worker
process (CVE-2026-42530).
Thanks to Trung Nguyen of CyStack.
*) Security: a heap memory buffer overflow might occur in a worker
process when using a configuration with "ignore_invalid_headers
off;"
and "large_client_header_buffers" with large configured values
when
proxying a specially crafted request to HTTP/2 or gRPC backend,
[28 lines not shown]
www/nginx: Update to 1.30.3
Changes with nginx 1.30.3 17 Jun
2026
*) Security: a heap memory buffer overflow might occur in a worker
process when using a configuration with "ignore_invalid_headers
off;"
and "large_client_header_buffers" with large configured values
when
proxying a specially crafted request to HTTP/2 or gRPC backend,
allowing an attacker to cause worker process memory corruption or
segmentation fault in a worker process (CVE-2026-42055).
Thanks to Mufeed VH of Winfunc Research.
*) Security: a heap memory buffer overread might occur in a worker
process while handling a specially sent response with decoding
from
UTF-8 via the "charset_map" directive, allowing an attacker to
[7 lines not shown]
java/openjdk8: fix build on aarch64/16
>>> Compiling /wrkdirs/usr/ports/java/openjdk8/work/jdk8u-jdk8u482-b08.1/hotspot/src/os/bsd/vm/os_perf_bsd.cpp
>>> In file included from /wrkdirs/usr/ports/java/openjdk8/work/jdk8u-jdk8u482-b08.1/hotspot/src/os/bsd/vm/os_perf_bsd.cpp:67:
>>> In file included from /usr/include/sys/user.h:52:
>>> In file included from /usr/include/vm/pmap.h:88:
>>> In file included from /usr/include/machine/pmap.h:46:
>>> In file included from /usr/include/sys/systm.h:46:
>>> /usr/include/machine/cpufunc.h:35:1: error: static declaration of 'breakpoint' follows non-static declaration
>>> 35 | breakpoint(void)
>>> | ^
>>> /wrkdirs/usr/ports/java/openjdk8/work/jdk8u-jdk8u482-b08.1/hotspot/src/share/vm/utilities/globalDefinitions_gcc.hpp:224:17: note: previous declaration is here
>>> 224 | extern "C" void breakpoint();
>>> | ^
>>> 1 error generated.
I don't know why this does not happen on other architectures or freebsd versions.
- changed post-patch to pre-configure, this makes it a lot easier to use "make makepatch".
[2 lines not shown]
lang/ghc: fix runtime on powerpc64
While the compiler binary itself built fine, it creates ELFv1 binaries
on powerpc64, because default.target is regenerated later during
the build process. Drop the current workaround and just patch
the autoconf's m4 file instead.
lang/swipl: fix build on !amd64
Including poll.h is guarded behind HAVE_POLL_H, but then it also starts
using poll() and struct pollfd, which fails:
/wrkdirs/usr/ports/lang/swipl/work/swipl-9.2.9/src/os/pl-file.c:2604:25: error: array has incomplete element type 'struct pollfd'
2604 | struct pollfd poll_buf[FASTMAP_SIZE];
| ^
/wrkdirs/usr/ports/lang/swipl/work/swipl-9.2.9/src/os/pl-file.c:2604:10: note: forward declaration of 'struct pollfd'
2604 | struct pollfd poll_buf[FASTMAP_SIZE];
| ^
/wrkdirs/usr/ports/lang/swipl/work/swipl-9.2.9/src/os/pl-file.c:2642:45: error: invalid application of 'sizeof' to an incomplete type 'struct pollfd'
2642 | else if ( !(poll_map = malloc(count*sizeof(*poll_map))) )
| ^~~~~~~~~~~
/wrkdirs/usr/ports/lang/swipl/work/swipl-9.2.9/src/os/pl-file.c:2604:10: note: forward declaration of 'struct pollfd'
2604 | struct pollfd poll_buf[FASTMAP_SIZE];
| ^
/wrkdirs/usr/ports/lang/swipl/work/swipl-9.2.9/src/os/pl-file.c:2644:35: error: invalid application of 'sizeof' to an incomplete type 'struct pollfd'
2644 | memset(poll_map, 0, count*sizeof(*poll_map));
| ^~~~~~~~~~~
databases/mongodb70: re-enable python3.12
The patch was disabled temporarily because it was in the way of the recent upgrades.
NB: a test build was already running when this PR came in.
- Remove jobs_unsafe from a flavour. The build timed out with this.
- no portrevision bump as no pkg content changes.
PR: 296127
graphics/mesa-{dri,libs}: Fix vaapi for AMD
VA bits end up being compiled into the libgallium.so giant library, which is
shipped by mesa-libs. This means that we should make libva an unconditional
build dep for mesa-libs. In turn this makes no sense to disable VA in mesa-dri.
Luckily, libva is a pretty thin dep.
Reported by: flo
sysutil/u-boot-rpi*: zap CONFIG_ENV_FAT_DEVICE_AND_PART
This is no longer needed with modern U-Boot and it's inaccurate for the
modern RPi. Leave the config var around for now as a hint in case
someone cares, but empty it out to avoid breaking things.
PR: 268630
Approved by: uboot (manu)
audio/gsm: Update 1.0.23 => 1.0.24
Changelog:
Fri Mar 6 07:16:24 2026 Jutta Degener (jutta at pobox.com)
* Release 1.0 Patchlevel 24
Left-shifting negative signed integers is undefined behavior as per
the C standard; so let's not do that.
Thanks to Nanang Izzuddin <nanang at teluu.com> for an exhaustive list
of places where we definitely did do that, and for the patience to
wait until I managed to Actually Read What the C99 Standard Says,
rather than what I _want_ it to say.
Also, don't forget the P0() and the void and int return types in a few
places of the test code.
Sponsored by: UNIS Labs