www/nginx: security update to 1.28.2
*) Security: an attacker might inject plain text data in the response
from an SSL backend (CVE-2026-1642).
*) Bugfix: use-after-free might occur after switching to the next gRPC
or HTTP/2 backend.
set REVISION=0 to stay ahead of 7.8-stable
ok sthen@ robert@ (MAINTAINER)
ImageMagick: switch the default installed policy.xml to "open".
it's not possible to set user config to allow a weaker policy than
th one in /etc/ImageMagick, and changes in the recent update mean that
the "module" policies (denying read support for various riskier formats,
including svg, when those formats are provided by a plug-in module) also
apply when support for those formats is compiled-in to the main binary
(previously configured separatelt as "coder" policies)..
since the ImageMagick package used compiled-in format support, this change
is just reverting format support to what it was before the update, rather
than enabling new formats. it does however remove some resource limits
configured in the same file.
if you do want to restrict these formats, or reenable resource limits,
copy one of the alternative policy-*.xml from share/examples/ImageMagick
to /etc/ImageMagick/policy.xml and adapt as required.
fixes build of m1n1 and firmware/apple-boot reported by aja
