nginx: upgrade 1.30.2 -> 1.30.3

Changes with nginx 1.30.3

*) Security: a heap memory buffer overflow might occur in a worker
   process when using a configuration with "ignore_invalid_headers off;"
   and "large_client_header_buffers" with large configured values when
   proxying a specially crafted request to HTTP/2 or gRPC backend,
   allowing an attacker to cause worker process memory corruption or
   segmentation fault in a worker process (CVE-2026-42055).

*) Security: a heap memory buffer overread might occur in a worker
   process while handling a specially sent response with decoding from
   UTF-8 via the "charset_map" directive, allowing an attacker to cause
   a limited disclosure of worker proccess memory or segmentation fault
   in a worker process (CVE-2026-48142).

Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This commit is contained in:
Andrej Kozemcak
2026-06-24 12:57:39 +02:00
committed by Khem Raj
parent d8cb988be3
commit 61bc94423e
@@ -2,5 +2,5 @@ require nginx.inc
LIC_FILES_CHKSUM = "file://LICENSE;md5=79da1c70d587d3a199af9255ad393f99"
SRC_URI[sha256sum] = "7df3090907fca3cc0e456d6dc00ceb230da74ea88026ceff0affc29dbbd9ac4c"
SRC_URI[sha256sum] = "e5823dc6f45610993def93ebf6cfce68264af4958c77e874b7d20f3709001b8f"