src/os/unix/ngx_posix_config.h | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 use _gnu_source on gnu/kfreebsd

src/core/nginx.c | 24 21 + 3 - 0 !
src/os/unix/ngx_daemon.c | 8 6 + 2 - 0 !
2 files changed, 27 insertions(+), 5 deletions(-)

 fix nginx pidfile handling

src/event/ngx_event_openssl.c | 32 32 + 0 - 0 !
1 file changed, 32 insertions(+)

---

src/http/modules/ngx_http_ssi_filter_module.c | 29 28 + 1 - 0 !
src/http/modules/ngx_http_ssi_filter_module.h | 1 1 + 0 - 0 !
2 files changed, 29 insertions(+), 1 deletion(-)

 ssi: handling of subrequests from other modules

src/core/ngx_connection.h | 1 1 + 0 - 0 !
src/http/ngx_http_request.c | 4 3 + 1 - 0 !
2 files changed, 4 insertions(+), 1 deletion(-)

 [patch] lingering close for connections with pipelined requests.

src/http/ngx_http_request.c | 27 25 + 2 - 0 !
1 file changed, 25 insertions(+), 2 deletions(-)

 cve-2025-23419

src/http/modules/ngx_http_mp4_module.c | 7 4 + 3 - 0 !
1 file changed, 4 insertions(+), 3 deletions(-)

 mp4: fixed buffer underread while updating stsz atom.

While cropping an stsc atom in ngx_http_mp4_crop_stsc_data(), a 32-bit integer
overflow could happen, which could result in incorrect seeking and a very large
value stored in "samples".  This resulted in a large invalid value of
trak->end_chunk_samples.  This value is further used to calculate the value of
trak->end_chunk_samples_size in ngx_http_mp4_update_stsz_atom().  While doing
this, a large invalid value of trak->end_chunk_samples could result in reading
memory before stsz atom start.  This could potentially result in a segfault.

src/http/modules/ngx_http_mp4_module.c | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 mp4: rejecting unordered chunks in stsc atom.

Unordered chunks could result in trak->end_chunk smaller than trak->start_chunk
in ngx_http_mp4_crop_stsc_data().  Later in ngx_http_mp4_update_stco_atom()
this caused buffer overread while trying to calculate trak->end_offset.