[Bug 291491] www/angie: update 1.10.2 => 1.10.3

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 291491] www/angie: update 1.10.2 => 1.10.3"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 291491] www/angie: update 1.10.2 => 1.10.3"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 291491] www/angie: update 1.10.2 => 1.10.3"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 08 Dec 2025 17:19:35 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291491

            Bug ID: 291491
           Summary: www/angie: update 1.10.2 => 1.10.3
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: sko@rostwald.de
 Attachment #265993 maintainer-approval+
             Flags:
             Flags: maintainer-feedback+

Created attachment 265993
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=265993&action=edit
www/angie: update 1.10.2 -> 1.10.3

This patch updates www/angie from 1.10.2 to 1.10.3.

This update includes the following changes:

Security
    Processing of a specially crafted login/password when using the none
    authentication method in the SMTP module might cause worker process
    memory disclosure to the authentication server (CVE-2025-53859); the
    fix was ported from nginx 1.29.1.

Bugfixes
    When the renew_on_load option of the acme_client directive was used, a
    previously obtained certificate would not be loaded if it existed. This
    could limit functionality until the certificate renewal was completed.
    If the certificate did not exist, attempts to obtain a new one would fail
    with the error [alert] lseek() failed (9: Bad file descriptor).

    If an ACME client was referenced in the stream block but not the http
    block, it was disabled with the warning [warn] ACME client ... is defined
    but not used and would never fetch a certificate.

    If all acme_client directives had the enabled=off parameter and the
    relevant $acme_cert_* variables were used in the configuration, Angie
    would not start, reporting the error [emerg] unknown acme_cert_* variable.

    If the ACME client was used in the stream block that came before an http
    block, Angie would not start, reporting the error
    [emerg] ACME client .. is not defined but referenced.

    Some client block configurations might cause worker processes to crash
    when using variables that refer to an incoming connection missing in this
    case.

The following Modules were also updated:

    - www/angie-module-lua 1.10.28 -> 1.10.29
    - www/angie-module-njs 0.9.1 -> 0.9.4

Full changelog: https://en.angie.software/angie/docs/oss_changes/


Angie and all modules build fine after applying this patch @14.3-RELEASE +
latest ports tree.

-- 
You are receiving this mail because:
You are the assignee for the bug.