Change log for nginx package in Debian
| 1 → 75 of 203 results | First • Previous • Next • Last |
nginx (1.24.0-2) unstable; urgency=medium
* d/control added dependency nginx-common to nginx (Closes: 1039905)
After nginx installation, the nginx-common package is installed
automatically due to its dependencies. The nginx-common package includes
the systemd unit, which becomes enabled and activated upon installation.
When the nginx is removed, nginx-common package and the systemd unit will
remain in the system. Adding a dependency nginx-common to nginx solves
this problem.
* d/control fixed binNMU safe dependency declaration nginx to nginx-common,
nginx is 'any', nginx-common is 'all' -> dependency '= ${source:Version}'
* d/rules removed override_dh_strip, migration to automatic debug symbols is
already done, fixes debug-symbol-migration-possibly-complete lint. warning
* d/po/ro.po added Romanian debconf translation. (Closes: 1033084),
Thanks to Remus-Gabriel Chelu
* d/po/sv.po added Swedish debconf translation. (Closes: 1050443),
Thanks to Peter Kvillegård
* d/conf/mime.types added video/ogg, video/x-matroska (Closes: 1028144)
* d/p/CVE-2023-44487.patch adds additional mitigations for CVE-2023-44487
that according to NGINX developers on nginx-devel are already suitably
mitigated with the default config options for keepalive. (Closes: 1053770)
* d/control added nginx-dev dependency on ${nginx:abi}
* d/debhelper/nginx_mod.pm automatic libnginx-mod-stream dependencies
-- Jan Mojžíš <email address hidden> Wed, 11 Oct 2023 01:17:51 +0200
nginx (1.24.0-1) unstable; urgency=medium
* New upstream version 1.24.0
* nginx ABI release: nginx-abi-1.24.0-1
* d/libnginx-mod.abisubstvars update version constraints of the 3rd party
modules
* d/p/bug-{1024605,973861}.patch removed, fixed in upstream
* d/copyright: updated copyright for files src/event/ngx_event_udp.h,
src/os/win32/ngx_dlopen
-- Jan Mojžíš <email address hidden> Tue, 27 Jun 2023 23:19:31 +0200
| Deleted in experimental-release (Reason: None provided.) |
nginx (1.24.0-1~exp1) experimental; urgency=medium
* New upstream version 1.24.0
* nginx ABI release: nginx-abi-1.24.0-1
* d/libnginx-mod.abisubstvars update version constraints of the 3rd party
modules
* d/p/bug-{1024605,973861}.patch removed, fixed in upstream
* d/copyright: updated copyright for files src/event/ngx_event_udp.h,
src/os/win32/ngx_dlopen
-- Jan Mojžíš <email address hidden> Mon, 26 Jun 2023 15:21:06 +0200
nginx (1.22.1-9) unstable; urgency=medium
* d/control: nginx-common Breaks+Replaces: nginx (<< 1.22.1-8)
(Closes: 1032929)
-- Jan Mojžíš <email address hidden> Tue, 14 Mar 2023 16:19:32 +0100
nginx (1.22.1-8) unstable; urgency=medium
* Main change:
Configuration files returned to nginx-common package. This fixes
the serious problem of losing configuration files during upgrade.
This is a rollback of a change made in 1.22.1-6 (Closes: 1032517)
* d/control: fix nginx-full dependencies
* d/libnginx-mod.abisubstvars: update libnginx-mod-http-lua version
-- Jan Mojžíš <email address hidden> Tue, 14 Mar 2023 06:53:32 +0100
nginx (1.22.1-7) unstable; urgency=medium
* nginx ABI release: nginx-abi-1.22.1-7
* nginx ABI: Nginx now provides nginx-abi-<VERSION> to better manage
dependencies between nginx and 3rd party modules. Credit to Jérémy Lal.
* switched to libpcre2 (Closes: 1000013)
* d/p/bug-973861: added, lingering close for connections with pipelined
requests. The patch is backported from the upstream. (Closes: 973861)
* d/gbb.conf: switched to debian branch main (debian-branch = main)
* d/copyright: updated to be compatible with 'cme update dpkg-copyright'
-- Jan Mojžíš <email address hidden> Mon, 13 Feb 2023 13:04:16 +0100
nginx (1.22.1-6) unstable; urgency=medium
* Main change:
Nginx binary moved to package nginx, also moved basic
configuration files from nginx-common to package nginx.
The packages nginx-{light,core,extras,common} are replaced
by a metapackage. (Closes: 1025763)
Users should simply install 'nginx' and 'libnginx-mod-...'
instead of these packages.
* Additional changes:
* d/nginx-{light,core,extras,full,common}.NEWS: added warning that
nginx-{light,core,extras,full,common} are deprecated
* d/control: fixed dependencies for safe binNMU
* d/copyright: updated debian/* copyright
* d/copyright: added missing copyright for d/apport/*
* d/copyright: added missing GPL-2+ copyright for d/debhelper/dh_nginx
* d/copyright: added missing copyright for d/help/examples/nginx_modsite
* d/po/it.po: added Italian debconf translation. (Closes: 1019160)
* d/control: removed dependency on obsolete package lsb-base
* d/control: bump Standards-Version: 4.6.2, no changes
-- Jan Mojžíš <email address hidden> Wed, 08 Feb 2023 17:20:27 +0100
| Deleted in experimental-release (Reason: None provided.) |
nginx (1.22.1-6~exp1) experimental; urgency=medium
* d/{control,rules}: moved nginx binary to package nginx.
The packages nginx-{light,core,extras} are replaced by a metapackage
and marked as deprecated.
Users should simply install 'nginx' and 'libnginx-mod-...'
instead of these packages.
* d/nginx-{light,core,extras,full}.NEWS: added warning that
nginx-{light,core,extras,full} are deprecated
* d/control: fixed dependencies for safe binNMU
* d/copyright: updated debian/* copyright
* d/copyright: added missing copyright for debian/apport/*
* d/copyright: added missing GPL-2+ copyright for debian/debhelper/dh_nginx
* d/copyright: added missing copyright for debian/help/examples/nginx_modsite
* d/po/it.po: added Italian debconf translation.
* d/control: removed dependency on obsolete package lsb-base
* d/p/bug-973861: added, lingering close for connections with pipelined
requests. The patch is backported from the upstream.
-- Jan Mojžíš <email address hidden> Sat, 04 Feb 2023 09:28:01 +0100
nginx (1.22.1-5) unstable; urgency=medium
[ Jan Mojžíš ]
* Since version 1.22.1-5 all third party modules are removed from Debian NGINX
package and all these modules are maintained in separate external packages.
Removed namely these remaining modules:
- libnginx-mod-http-geoip2
- libnginx-mod-stream-geoip2
- libnginx-mod-http-auth-pam
- libnginx-mod-http-echo
- libnginx-mod-http-upstream-fair
- libnginx-mod-http-headers-more-filter
- libnginx-mod-http-cache-purge
- libnginx-mod-http-fancyindex
- libnginx-mod-http-uploadprogress
- libnginx-mod-http-subs-filter
- libnginx-mod-http-dav-ext
* d/tests: all *-simple and *-deps tests updated to check if nginx works
after installation/reload/restart for all flavours
* d/control: updated nginx-common dependency, fixes lintian warning
maybe-not-arch-all-binnmuable
[ Jérémy Lal ]
* d/rules: default error-log-path is stderr (--error-log-path=stderr)
instead of hardcoded /var/log/nginx/error.log (Closes: 1025858)
* dh nginx: auto-detect build-dependency on ndk-dev
* dh nginx: absolute /usr/sbin/nginx path for nginx tests
* d/p/nginx-ssl_cert_cb_yield.patch SSL_CTX_set_cert_cb() callback yielding
patch update
* d/conf/nginx.conf: Set global error_log to /var/log/error.log
Now that error_log default value is stderr, it is possible
to override that config using nginx -g 'error_log stderr;'
[ Miao Wang ]
* d/control: removed unnecessary dependencies after removing 3rd party modules
* d/rules: enabled stream_realip_module (--with-stream_realip_module)
* d/rules: explicitly disabled pcre2 (--without-pcre2)
-- Jan Mojžíš <email address hidden> Tue, 20 Dec 2022 10:36:19 +0100
| Published in bullseye-release |
nginx (1.18.0-6.1+deb11u3) bullseye-security; urgency=medium * CVE-2022-41741 / CVE-2022-41742 -- Moritz Muehlenhoff <email address hidden> Fri, 11 Nov 2022 15:14:18 +0000
nginx (1.22.1-4) unstable; urgency=medium
* d/t/*-module-deps: updated, added curl timeout 300 seconds and
added nginx restart before calling curl
* d/t/*-module-deps: update:
- added tests for new ext. module libnginx-mod-http-set-misc
- added tests for new ext. module libnginx-mod-http-brotli-filter
- added tests for new ext. module libnginx-mod-http-brotli-static
- added tests for new ext. module libnginx-mod-http-memc
- added tests for new ext. module libnginx-mod-http-srcache-filter
* removed 3th party modules and moved to separate packages:
- libnginx-mod-nchan module
- libnginx-mod-rtmp module
- libnginx-mod-http-ndk module
-- Jan Mojžíš <email address hidden> Thu, 08 Dec 2022 14:15:15 +0100
nginx (1.22.1-3) unstable; urgency=medium * d/control: added Multi-Arch: foreign for package nginx-dev * d/rules: enabled NDK upstream list module NDK_UPSTREAM_LIST * d/p/bug-1024605.patch: added header Forwarded: not-needed -- Jan Mojžíš <email address hidden> Mon, 05 Dec 2022 18:25:16 +0100
| Deleted in experimental-release (Reason: None provided.) |
nginx (1.22.1-3~exp1) experimental; urgency=medium * d/control: added Multi-Arch: foreign for package nginx-dev * d/rules: all NDK modules are now enabled by default -- Jan Mojžíš <email address hidden> Sat, 03 Dec 2022 17:17:18 +0100
nginx (1.22.1-2) unstable; urgency=medium
[ Jan Mojžíš ]
* d/control: fixed spelling-error-in-description
* d/nginx-*.postinst: fixed postinst script, used invoke-rc.d instead of
pidof and ad-hoc tests, tnx Gioele Barabucci
* d/tests/ssi-module-test added, simple ngx_http_ssi_filter_module test
* d/p/bug-1024605.patch added: fixes problem when a subrequest has SSI
enabled but its main request does not, the SSI module may crash the worker
due to NULL-pointer dereference. The patch is backported from the upstream
(Closes: 1024605)
* d/control: updated implicit dependencies of third-party modules
for easier transition to third-party modules in separate packages.
[ Jérémy Lal ]
* d/debhelper: set nginx_mod buildsystem by default
* d/control: nginx-dev provides dh-sequence-nginx (Closes: #1024879)
* d/control: remove Uploaders that are part of nginx-team,
keep only the most recent active one, per policy 5.6.3.
[ Debian Janitor ]
* Remove constraints unnecessary since buster (oldstable):
+ nginx-dev: Drop versioned constraint on dpkg-dev in Depends.
-- Jan Mojžíš <email address hidden> Wed, 30 Nov 2022 17:39:42 +0100
| Deleted in experimental-release (Reason: None provided.) |
nginx (1.22.1-2~exp2) experimental; urgency=medium
[ Jan Mojžíš ]
* d/control: fixed spelling-error-in-description
* d/nginx-*.postinst: fixed postinst script, used invoke-rc.d instead of
pidof and ad-hoc tests, tnx Gioele Barabucci
* d/tests/ssi-module-test added, simple ngx_http_ssi_filter_module test
* d/p/bug-1024605.patch added: fixes problem when a subrequest has SSI
enabled but its main request does not, the SSI module may crash the worker
due to NULL-pointer dereference. The patch is backported from the upstream
* d/control: updated implicit dependencies of third-party modules
for easier transition to third-party modules in separate packages.
[ Jérémy Lal ]
* d/debhelper: set nginx_mod buildsystem by default
* d/control: nginx-dev provides dh-sequence-nginx
-- Jan Mojžíš <email address hidden> Mon, 28 Nov 2022 18:31:24 +0100
| Superseded in experimental-release |
nginx (1.22.1-2~exp1) experimental; urgency=medium
* d/control: fixed spelling-error-in-description
* d/nginx-*.postinst: fixed postinst script, used invoke-rc.d instead of
pidof and ad-hoc tests, tnx Gioele Barabucci
* d/tests/ssi-module-test added, simple ngx_http_ssi_filter_module test
* d/p/bug-1024605.patch added: fixes problem when a subrequest has SSI
enabled but its main request does not, the SSI module may crash the worker
due to NULL-pointer dereference. The patch is backported from the upstream
* d/control: updated implicit dependencies of third-party modules
for easier transition to third-party modules in separate packages.
-- Jan Mojžíš <email address hidden> Sat, 26 Nov 2022 22:27:46 +0100
nginx (1.22.1-1) unstable; urgency=medium
[ Jan Mojžíš ]
* New upstream version 1.22.1
* d/control: added implicit version of dependency libnginx-mod-http-lua
(>=1:0.10.22-3~), it is a rebuilt version with nginx 1.22.1.
* Added libnginx-mod-http-lua powerpc architecture
[ Debian Janitor ]
* Fix day-of-week for changelog entry 0.5.11-1.
-- Jan Mojžíš <email address hidden> Thu, 10 Nov 2022 18:21:43 +0100
| Deleted in experimental-release (Reason: None provided.) |
nginx (1.22.1-1~exp2) experimental; urgency=medium
[ Jan Mojžíš ]
* New upstream version 1.22.1
* d/control: added implicit version of dependency libnginx-mod-http-lua
(>=1:0.10.22-3~), it is a rebuilt version with nginx 1.22.1.
To make the dependency work also with the experimental version of
libnginx-mod-http-lua in the experimental environment, the version
is terminated by '~'.
* Added libnginx-mod-http-lua powerpc architecture
[ Debian Janitor ]
* Fix day-of-week for changelog entry 0.5.11-1.
-- Jan Mojžíš <email address hidden> Fri, 28 Oct 2022 15:39:07 +0200
| Superseded in experimental-release |
nginx (1.22.1-1~exp1) experimental; urgency=medium
* New upstream version 1.22.1
* d/changelog added exact version of dependency libnginx-mod-http-lua
(>=1:0.10.22-3)
* Added libnginx-mod-http-lua powerpc architecture
-- Jan Mojžíš <email address hidden> Tue, 25 Oct 2022 18:29:34 +0200
| Superseded in sid-release |
nginx (1.22.0-3.1) unstable; urgency=medium * Non-maintainer upload. * No source change upload to rebuild with debhelper 13.10. -- Michael Biebl <email address hidden> Sat, 15 Oct 2022 12:28:07 +0200
nginx (1.22.0-3) unstable; urgency=medium * d/changelog: fixed typo in bug number 61261 -> 861261 (Closes: 861261) * d/p/nginx-ssl_cert_cb_yield.patch added (Closes: 884434) * http-lua: removed the http-lua module and moved it to a separate package -- Jan Mojžíš <email address hidden> Wed, 17 Aug 2022 18:38:15 +0200
nginx (1.22.0-2) unstable; urgency=medium
[ Miao Wang ]
* adding a new libnginx-mod-http-ndk-dev package including necessary
headers to build a 3rd party module depending on ndk.
[ Jan Mojžíš ]
* d/nginx-common.nginx.service: added Systemd dependency
Wants=network-online.target and updated Systemd "After" dependency to
recommended NGINX values, namely:
- network-online.target (Closes: 61261) (Closes: 1000406)
- remote-fs.target (Closes: 898896)
- nss-lookup.target
* d/p/0003-define_gnu_source-on-other-glibc-based-platforms.patch: forwarded
to upstream (Closes: 859082)
* d/t/reboot: added, tests if nginx works after reboot
* d/m/p/http-subs-filter/pcre2.patch: added PCRE2 support
* d/p/nginx-fix-pidfile.patch: Fix NGINX PIDfile handling to avoid
SystemD race condition, this fix is backported from Ubuntu (Closes: 876365)
* d/apport/source_nginx.py: Add apport hooks for additional bug
information gathering, the script is backported from Ubuntu (Closes: 963668)
* d/nginx-common.install: Add install rule for apport hooks.
[ Debian Janitor ]
* Remove constraints unnecessary since buster:
+ Build-Depends: Drop versioned constraint on dpkg-dev.
+ nginx-common: Drop versioned constraint on lsb-base in Depends.
+ nginx-core: Drop versioned constraint on nginx in Breaks.
+ nginx-full: Drop versioned constraint on nginx in Breaks.
+ nginx-light: Drop versioned constraint on nginx in Breaks.
+ nginx-extras: Drop versioned constraint on nginx in Breaks.
+ libnginx-mod-http-perl: Drop versioned constraint on nginx-extras in
Replaces.
+ Remove 5 maintscript entries from 1 files.
-- Jan Mojžíš <email address hidden> Sun, 07 Aug 2022 16:14:59 +0200
| Deleted in experimental-release (Reason: None provided.) |
nginx (1.22.0-2~exp4) experimental; urgency=medium
[ Miao Wang ]
* adding a new libnginx-mod-http-ndk-dev package including necessary
headers to build a 3rd party module depending on ndk.
[ Jan Mojžíš ]
* d/nginx-common.nginx.service: added Systemd dependency
Wants=network-online.target and updated Systemd "After" dependency to
recommended NGINX values, namely:
- network-online.target
- remote-fs.target
- nss-lookup.target
* d/p/0003-define_gnu_source-on-other-glibc-based-platforms.patch: forwarded
to upstream
* d/t/reboot: added, tests if nginx works after reboot
* d/m/p/http-subs-filter/pcre2.patch: added PCRE2 support
* d/p/nginx-fix-pidfile.patch: Fix NGINX PIDfile handling to avoid
SystemD race condition, this fix is backported from Ubuntu
* d/apport/source_nginx.py: Add apport hooks for additional bug
information gathering, the script is backported from Ubuntu
* d/nginx-common.install: Add install rule for apport hooks.
[ Debian Janitor ]
* Remove constraints unnecessary since buster:
+ Build-Depends: Drop versioned constraint on dpkg-dev.
+ nginx-common: Drop versioned constraint on lsb-base in Depends.
+ nginx-core: Drop versioned constraint on nginx in Breaks.
+ nginx-full: Drop versioned constraint on nginx in Breaks.
+ nginx-light: Drop versioned constraint on nginx in Breaks.
+ nginx-extras: Drop versioned constraint on nginx in Breaks.
+ libnginx-mod-http-perl: Drop versioned constraint on nginx-extras in
Replaces.
+ Remove 5 maintscript entries from 1 files.
-- Jan Mojžíš <email address hidden> Sat, 23 Jul 2022 14:33:20 +0200
| Superseded in experimental-release |
| Deleted in experimental-release (Reason: None provided.) |
nginx (1.22.0-2~exp3) experimental; urgency=medium
* d/control: roll-back dependency libpcre2-dev -> libpcre3-dev,
lua module doesn't support libpcre2
-- Jan Mojžíš <email address hidden> Wed, 20 Jul 2022 08:26:23 +0200
| Superseded in experimental-release |
nginx (1.22.0-2~exp2) experimental; urgency=medium
[ Miao Wang ]
* force enable NDK_SET_VAR in ndk module for successfully building
the out-of-tree lua module.
* d/control: added back the dependency of libnginx-mod-http-lua module
-- Jan Mojžíš <email address hidden> Tue, 19 Jul 2022 05:27:00 +0800
| Superseded in experimental-release |
nginx (1.22.0-2~exp1) experimental; urgency=medium
[ Miao Wang ]
* adding a new libnginx-mod-http-ndk-dev package including necessary
headers to build a 3rd party module depending on ndk.
[ Jan Mojžíš ]
* d/nginx-common.nginx.service: added Systemd dependency
Wants=network-online.target and updated Systemd "After" dependency to
recommended NGINX values, namely:
- network-online.target
- remote-fs.target
- nss-lookup.target
* d/p/0003-define_gnu_source-on-other-glibc-based-platforms.patch: forwarded
to upstream
* d/t/reboot: added, tests if nginx works after reboot
* d/m/p/http-subs-filter/pcre2.patch: added PCRE2 support
* http-lua: removed lua module
* d/control: changed dependency libpcre3-dev -> libpcre2-dev
[ Debian Janitor ]
* Remove constraints unnecessary since buster:
+ Build-Depends: Drop versioned constraint on dpkg-dev.
+ nginx-common: Drop versioned constraint on lsb-base in Depends.
+ nginx-core: Drop versioned constraint on nginx in Breaks.
+ nginx-full: Drop versioned constraint on nginx in Breaks.
+ nginx-light: Drop versioned constraint on nginx in Breaks.
+ nginx-extras: Drop versioned constraint on nginx in Breaks.
+ libnginx-mod-http-perl: Drop versioned constraint on nginx-extras in
Replaces.
+ Remove 5 maintscript entries from 1 files.
-- Jan Mojžíš <email address hidden> Sun, 10 Jul 2022 07:58:44 +0200
nginx (1.22.0-1) unstable; urgency=medium
[ Thomas Ward ]
* New upstream release (1.22.0)
* Additional changes:
* d/conf/mime.types: Fix a typo in font/woff2 extension in
mime.types. (Closes: #1010798)
* d/upstream/signing-key.asc: Additional signing keys observed
in upstream (Konstantin Pavlov <email address hidden>) during
upstream merge/import by Thomas Ward, additional signing key
was added to the keyring while keeping Maxim's key in signing
keys as well.
* d/copyright: Updated copyright for src/core/ngx_murmurhash.c
and debian/modules/http-ndk/src/hash/murmurhash2.c to be
public-domain (Closes: #1011936)
* d/control: Use libluajit-5.1-dev for s390x.
Due to src:luajit2 landing in Unstable, superseding src:luajit,
and due to luajit2 having s390x support, we can use s390x now
with luajit instead of standard Lua.
Thanks to Paul Gevers for the heads up on luajit2 supporting s390x.
* d/control: Use liblua for ppc64el - src:luajit2 is still not ppc64el
stable and there seems to be nobody willing to support it. (Closes: 1013807)
[ Jan Mojžíš ]
* d/patches/CVE-2021-3618.patch removed, fix is included in new upstream
release
* d/copyright: bump nginx copyright years
* d/copyright: added copyright for src/stream/ngx_stream_set_module.c
* d/copyright: removed copyright for src/http/v2/ngx_http_v2_huff_encode.c
* d/control: bump Standards-Version to 4.6.1, no changes
[ Bastian Germann ]
* d/copyright: Update copyright for d/debhelper/*
[ Miao Wang ]
* dh_nginx: support auto generating module config files
* adding a new nginx-dev package including necessary headers and debhelper
scripts to build and package a 3rd party module. (Closes: 985133)
* d/p/0002-Make-sure-signature-stays-the-same-in-all-nginx-buil.patch
removed, because feature already implemented with --with-compat configure
option since 1.11.5
-- Thomas Ward <email address hidden> Tue, 10 May 2022 12:08:02 -0400
| Superseded in bullseye-release |
nginx (1.18.0-6.1+deb11u2) bullseye; urgency=medium
* d/patches/CVE-2021-3618.patch: Include upstream changeset from NGINX
that adds mitigations into the Mail module for CVE-2021-3618.patch.
(Closes: #991328)
-- Jan Mojžíš <email address hidden> Sat, 14 May 2022 08:27:08 +0200
| Deleted in experimental-release (Reason: None provided.) |
nginx (1.22.0-1~exp2) experimental; urgency=medium [ Miao Wang ] * d/dh_nginx fix nginx version subtracting in dh_nginx * d/control simplify dependencies * dh_nginx: support auto generating module config files -- Jan Mojžíš <email address hidden> Fri, 27 May 2022 09:32:52 +0200
| Superseded in experimental-release |
nginx (1.22.0-1~exp1) experimental; urgency=medium
[ Thomas Ward ]
* New upstream release (1.22.0)
* Additional changes:
* d/conf/mime.types: Fix a typo in font/woff2 extension in
mime.types.
* d/upstream/signing-key.asc: Additional signing keys observed
in upstream (Konstantin Pavlov <email address hidden>) during
upstream merge/import by Thomas Ward, additional signing key
was added to the keyring while keeping Maxim's key in signing
keys as wel.
[ Jan Mojžíš ]
* d/patches/CVE-2021-3618.patch removed, fix is included in new upstream
release
* d/control: removed ppc64el from list of luajit platforms.
* d/copyright: bump nginx copyright years
* d/copyright: added copyright for src/stream/ngx_stream_set_module.c
* d/copyright: removed copyright for src/http/v2/ngx_http_v2_huff_encode.c
[ Bastian Germann ]
* d/copyright: Update copyright for d/debhelper/*
[ Miao Wang ]
* adding a new nginx-dev package including necessary headers and debhelper
scripts to build and package a 3rd party module.
* d/p/0002-Make-sure-signature-stays-the-same-in-all-nginx-buil.patch
removed, because feature already implemented with --with-compat configure
option since 1.11.5
-- Jan Mojžíš <email address hidden> Wed, 25 May 2022 16:14:35 +0200
| Superseded in experimental-release |
nginx (1.20.2-3~exp1) experimental; urgency=low
[ Thomas Ward ]
* d/conf/mime.types: Fix a typo in font/woff2 extension in
mime.types.
[ Bastian Germann ]
* d/copyright: Update copyright for d/debhelper/*
[ Miao Wang ]
* adding a new nginx-dev package including necessary headers and debhelper
scripts to build and package a 3rd party module.
* d/p/0002-Make-sure-signature-stays-the-same-in-all-nginx-buil.patch
removed, because feature already implemented with --with-compat configure
option since 1.11.5
-- Jan Mojžíš <email address hidden> Wed, 18 May 2022 05:48:44 +0200
nginx (1.20.2-2) unstable; urgency=medium
[ Thomas Ward ]
* d/patches/CVE-2021-3618.patch: Include upstream changeset from NGINX
that adds mitigations into the Mail module for CVE-2021-3618.patch.
(Closes: #991328)
[ Jan Mojžíš ]
* d/p/0003-define_gnu_source-on-other-glibc-based-platforms.patch update,
fixes build on hurd-i386 platform
-- Thomas Ward <email address hidden> Wed, 04 May 2022 16:04:59 -0400
nginx (1.20.2-1) unstable; urgency=medium
[ Ondřej Nový ]
* d/control: Update Uploaders for new maintainers.
[ Thomas Ward ]
* Update to latest upstream Stable version (1.20.2) (Closes: #1008855)
* d/patches/Resolver-fixed-off-by-one-write-in-ngx_resolver
_copy.patch: Drop CVE-2021-23017 patch, as this is fixed in 1.20.1
and we are now using 1.20.2 which already contains the patch.
* Refreshed d/patches/0002-Make-sure-signature-stays-the-same-
in-all-nginx-buil.patch (fuzz thanks to 1.20.2)
* d/conf/mime.types: Update mime.types to more match upstream mime.types
and include upstream changes with mime.types from 1.21.x via nginx.org
mercurial repository versions.
* d/control: Remove self from Uploaders per other Debian devs, who want
that commit to be done by someone on the current uploaders/maintainers
group instead.
-- Thomas Ward <email address hidden> Tue, 19 Apr 2022 09:50:42 -0400
nginx (1.18.0-9) unstable; urgency=medium
[ Jan Mojžíš ]
* http-lua: Downgrade to 0.10.13 (Closes: #1008787).
* http-lua: Backport upstream bugfix for segfault in nginx core >= 1.15.0
when libnginx-mod-http-lua is loaded and init_worker_by_lua* is used.
* d/control: Add mips64el,ppc64,kfreebsd-amd64 to list of luajit platforms.
* d/control: fix Homepage nginx.net -> nginx.org (Closes: #976158)
[ Thomas Ward ]
* d/watch: Update watch syntax to match all even versions of NGINX releases
rather than use a watch syntax that is static to one specific version.
This will fix the untracked "New upstream stable versions" problem.
* d/control: Update 'uploaders' as Thomas Ward is now a maintainer in
the Salsa repository.
-- Jan Mojžíš <email address hidden> Tue, 05 Apr 2022 19:11:47 +0200
nginx (1.18.0-8) unstable; urgency=medium
* Restore patch:
d/p/Resolver-fixed-off-by-one-write-in-ngx_resolver_copy.patch
-- Ondřej Nový <email address hidden> Tue, 15 Mar 2022 13:23:06 +0100
| Published in buster-release |
nginx (1.14.2-2+deb10u4) buster-security; urgency=medium * CVE-2021-23017 (Closes: #989095) -- Moritz Mühlenhoff <email address hidden> Fri, 28 May 2021 10:43:00 +0200
nginx (1.18.0-6.1) unstable; urgency=high
* Non-maintainer upload.
* Resolver: fixed off-by-one write in ngx_resolver_copy() (CVE-2021-23017)
(Closes: #989095)
-- Salvatore Bonaccorso <email address hidden> Sat, 29 May 2021 16:21:37 +0200
Available diffs
- diff from 1.18.0-6 to 1.18.0-6.1 (1.0 KiB)
| Superseded in buster-release |
nginx (1.14.2-2+deb10u3) buster-security; urgency=high
* Non-maintainer upload by the Security Team.
* bugfix: prevented request smuggling in the ngx.location.capture API
(CVE-2020-11724) (Closes: #964950)
-- Salvatore Bonaccorso <email address hidden> Mon, 24 Aug 2020 12:18:43 +0200
nginx (1.18.0-6) unstable; urgency=medium * Fix GCC-10 compatibility (Closes: #957605). -- Ondřej Nový <email address hidden> Wed, 19 Aug 2020 15:27:02 +0200
| Superseded in buster-release |
nginx (1.14.2-2+deb10u2) buster; urgency=medium
* Handle CVE-2019-20372, error page request smuggling
(Closes: #948579)
-- Christos Trochalakis <email address hidden> Sat, 11 Jan 2020 09:28:05 +0200
| Published in stretch-release |
nginx (1.10.3-1+deb9u4) stretch; urgency=medium
* Handle CVE-2019-20372, error page request smuggling
(Closes: #948579)
-- Christos Trochalakis <email address hidden> Sat, 11 Jan 2020 09:28:05 +0200
nginx (1.18.0-5) unstable; urgency=medium
* Prevented request smuggling in LUA
CVE-2020-11724
Closes: #964950
-- Ondřej Nový <email address hidden> Tue, 14 Jul 2020 10:08:15 +0200
nginx (1.18.0-4) unstable; urgency=medium * Revert: libnginx-mod-* now depends on nginx-<any flavour> (Closes: #963860). * Update ngx_http_auth_pam_module upstream URL. * libnginx-mod-* recommends nginx now. * http-auth-pam: Upgrade to 1.5.2 (Closes: #963567). * d/copyright: Bump year of http-auth-pam. -- Ondřej Nový <email address hidden> Fri, 03 Jul 2020 09:34:49 +0200
nginx (1.18.0-3) unstable; urgency=medium * Source-only upload to allow migration. -- Ondřej Nový <email address hidden> Thu, 11 Jun 2020 15:14:59 +0200
nginx (1.18.0-2) unstable; urgency=medium
[ Ondřej Nový ]
* d/copyright:
- Update for upstream release
- Add Thomas Ward from Ubuntu for debian/*
* d/conf/sites-available/default: Update PHP path for PHP 7.4
* d/conf/nginx.conf:
- Enable TLSv1.3
- Remove tcp_nodelay on, which is same as default
- Remove keepalive_timeout 65 and use default value 75s.
- Remove trailing whitespaces
* Introduce nginx-core and make it new default for "nginx"
* Add stream-geoip and stream-geoip2 modules
* d/ngx-conf: Convert to Python 3
* d/control: Add GeoIP2 into description
* Build dynamic modules only in extras flavour
* libnginx-mod-* now depends on nginx-<any flavour>
* Check if port 80 is free before starting during install
[ Ondřej Surý ]
* http-geoip2: Add ngx_http_geoip2_module 3.3
-- Ondřej Nový <email address hidden> Fri, 05 Jun 2020 18:28:40 +0200
nginx (1.18.0-1) unstable; urgency=medium
[ Ondřej Nový ]
* New upstream version 1.18.0
* Add REMOTE_USER fastcgi param
* Use debhelper-compat instead of debian/compat
* Replace dh_systemd_enable with dh_installsystemd
* Set Rules-Requires-Root: no
* d/rules/dh_installinit: Replace --no-restart-on-upgrade with
--no-stop-on-upgrade
* Bump debhelper compat level to 13
* Use package.maintscript instead of dpkg-maintscript-helper
* Bump standards version to 4.5.0
* d/watch: Change to 1.18.x
* d/patches/CVE-2019-20372.patch: Rebase
* Convert d/ngxmod to Python 3 (Closes: #953025)
* nchan: Upgrade to 1.2.7
* http-fancyindex: Upgrade to 0.4.4
* d/copyright: Add myself for Debian part
* Add myself as uploader
[ Mohamed Akram ]
* Enable --with-compat configure option (Closes: #897926)
-- Ondřej Nový <email address hidden> Fri, 29 May 2020 19:03:30 +0200
nginx (1.16.1-3) unstable; urgency=high
* Handle CVE-2019-20372, error page request smuggling
(Closes: #948579)
-- Christos Trochalakis <email address hidden> Sat, 11 Jan 2020 09:36:00 +0200
| Deleted in experimental-release (Reason: None provided.) |
nginx (1.16.1-3~exp2) experimental; urgency=medium * Skip http-lua on architectures where LuaJIT is not available * http-lua: Upgrade to 0.10.15 -- Christos Trochalakis <email address hidden> Sun, 13 Oct 2019 10:30:32 +0300
nginx (1.16.1-2) unstable; urgency=medium
* http-lua: Downgrade to 0.10.13 (Closes: #941917)
Temporary fix FTBFS on architectures where Luajit is not available.
-- Christos Trochalakis <email address hidden> Sat, 12 Oct 2019 17:59:23 +0300
| Deleted in experimental-release (Reason: None provided.) |
nginx (1.16.1-3~exp1) experimental; urgency=medium * Update libluajit-5.1-dev dependency architectures -- Christos Trochalakis <email address hidden> Sat, 12 Oct 2019 18:46:42 +0300
nginx (1.16.1-1) unstable; urgency=medium * New upstream version (Closes: #929200) * Follow stable 1.16 releases (Closes: #929199) * Drop already included debian patches * http-ndk: Upgrade to 0.3.1 * http-lua: Upgrade to 0.10.15 -- Christos Trochalakis <email address hidden> Mon, 09 Sep 2019 18:24:43 +0300
| Superseded in stretch-release |
nginx (1.10.3-1+deb9u3) stretch-security; urgency=high
* Backport upstream fixes for 3 CVEs (Closes: #935037)
Those fixes affect Nginx HTTP/2 implementation, which might cause
excessive memory consumption and CPU usage.
(CVE-2019-9511, CVE-2019-9513, CVE-2019-9516).
-- Christos Trochalakis <email address hidden> Mon, 19 Aug 2019 12:31:19 +0300
| Superseded in buster-release |
nginx (1.14.2-2+deb10u1) buster-security; urgency=high
* Backport upstream fixes for 3 CVEs (Closes: #935037)
Those fixes affect Nginx HTTP/2 implementation, which might cause
excessive memory consumption and CPU usage.
(CVE-2019-9511, CVE-2019-9513, CVE-2019-9516).
-- Christos Trochalakis <email address hidden> Tue, 13 Aug 2019 21:10:28 +0300
nginx (1.14.2-3) unstable; urgency=high
* Backport upstream fixes for 3 CVEs (Closes: #935037)
Those fixes affect Nginx HTTP/2 implementation, which might cause
excessive memory consumption and CPU usage.
(CVE-2019-9511, CVE-2019-9513, CVE-2019-9516).
-- Christos Trochalakis <email address hidden> Mon, 19 Aug 2019 11:30:08 +0300
| Superseded in stretch-release |
nginx (1.10.3-1+deb9u2) stretch-security; urgency=high
* Backport http2_max_requests directive needed for
CVE-2018-16844 mitigation
* Backport upstream fixes for 3 CVEs (Closes: #913090)
+ CVE-2018-16843 Excessive memory usage in HTTP/2
+ CVE-2018-16844 Excessive CPU usage in HTTP/2
This change limits the maximum allowed number of idle state
switches to 10 * http2_max_requests (i.e., 10000 by default).
This limits possible CPU usage in one connection, and also
imposes a limit on the maximum lifetime of a connection
+ CVE-2018-16845 Memory disclosure in the ngx_http_mp4_module
-- Christos Trochalakis <email address hidden> Wed, 07 Nov 2018 07:40:42 +0200
nginx (1.14.2-2) unstable; urgency=medium
[ Kartik Mistry ]
* po/tr.po:
+ Added Turkish translation. Thanks Atila KOÇ <email address hidden>
(Closes: #915728)
[ Christos Trochalakis ]
* http-dav-ext: Upgrade to 3.0.0 (Closes: #851651)
-- Christos Trochalakis <email address hidden> Thu, 27 Dec 2018 12:49:34 +0200
nginx (1.14.2-1) unstable; urgency=medium
[ Olaf van der Spek ]
* Reference PHP 7.3 (Closes: 913250)
[ Christos Trochalakis ]
* Adjust fastcgi_split_path_info snippet to handle the `/example.php/` case
(Closes: #911398)
-- Christos Trochalakis <email address hidden> Thu, 13 Dec 2018 10:05:37 +0200
nginx (1.14.1-1) unstable; urgency=medium
[ Kartik Mistry ]
* Removed unused lintian override.
* Fixed trailing whitespaces in changelog.
[ Christos Trochalakis ]
* New upstream version. (Closes: #913090)
+ CVE-2018-16843 Excessive memory usage in HTTP/2
+ CVE-2018-16844 Excessive CPU usage in HTTP/2
+ CVE-2018-16845 Memory disclosure in the ngx_http_mp4_module
-- Christos Trochalakis <email address hidden> Wed, 07 Nov 2018 07:16:00 +0200
nginx (1.14.0-1) unstable; urgency=medium
[ Kartik Mistry ]
* debian/control:
+ Removed duplicate Build-Depends.
+ Use https in Homepage.
[ Christos Trochalakis ]
* http-lua: Upgrade to 0.10.13
* http-lua: Drop our OpenSSL patch, OpenSSL 1.1 is now supported upstream
* http-fancyindex: Upgrade to 0.4.3
* Order nginx after nss-lookup.target to synchronize host/network name lookups
(Closes: #900790)
* Merge ru translations.
Thanks to Lev Lamberov (Closes: #883104)
-- Christos Trochalakis <email address hidden> Fri, 31 Aug 2018 15:28:04 +0300
nginx (1.13.12-1) unstable; urgency=medium * New upstream version -- Christos Trochalakis <email address hidden> Wed, 11 Apr 2018 08:19:23 +0300
nginx (1.13.11-1) unstable; urgency=medium * New upstream version -- Christos Trochalakis <email address hidden> Tue, 10 Apr 2018 14:55:11 +0300
nginx (1.13.10-1) unstable; urgency=medium * New upstream version -- Christos Trochalakis <email address hidden> Wed, 21 Mar 2018 16:16:22 +0200
nginx (1.13.9-1) unstable; urgency=medium [ Michael Lustfield ] * Remove non-uploading users [ Christos Trochalakis ] * New upstream version 1.13.9 * Move packaging repository to salsa.debian.org * Bump Standards-Version to 4.1.3, no changes needed -- Christos Trochalakis <email address hidden> Wed, 21 Feb 2018 11:24:53 +0200
nginx (1.13.8-1) unstable; urgency=medium * New upstream release. -- Christos Trochalakis <email address hidden> Wed, 27 Dec 2017 09:24:36 +0200
nginx (1.13.7-1) unstable; urgency=medium [ Christos Trochalakis ] * New upstream version 1.13.7 * Bump Standards-Version, no changes needed * debian/watch: switch to HTTPS for the upstream check [ Mpampis Kostas ] * Automate modules watch & upgrade process (Closes: #869499) [ Christos Trochalakis ] * Bits & pieces for ngxmod * http-headers-more-filter: Upgrade to 0.33 * http-echo: Upgrade to 0.61 * http-lua: Upgrade to 0.10.11 * http-dav-ext: Upgrade to 0.1.0 (Closes: #878611) * http-fancyindex: Upgrade to 0.4.2 * rtmp: Upgrade to 1.2.1 (Closes: #880718) -- Christos Trochalakis <email address hidden> Thu, 14 Dec 2017 11:04:36 +0200
| Published in jessie-release |
nginx (1.6.2-5+deb8u5) jessie-security; urgency=high * Handle CVE-2017-7529 Integer overflow in the range filter (Closes: #868109) -- Christos Trochalakis <email address hidden> Wed, 12 Jul 2017 10:29:22 +0300
nginx (1.13.6-2) unstable; urgency=medium * rtmp: Ship docs & examples (Closes: #878368) -- Christos Trochalakis <email address hidden> Fri, 13 Oct 2017 12:59:28 +0300
nginx (1.13.6-1) unstable; urgency=medium * New upstream version * Normalize module paths in packaging repository * Bump Standards-Version, no changes needed * Drop dh-systemd dependency since we depend on debhelper >= 10 -- Christos Trochalakis <email address hidden> Thu, 12 Oct 2017 10:37:29 +0300
nginx (1.13.5-1) unstable; urgency=medium
* New upstream version 1.13.5
* doc: Improve example WordPress configuration
Thanks to Larry Holish (Closes: #863343)
* Remove upstart conffile (Closes: #874319)
-- Christos Trochalakis <email address hidden> Wed, 06 Sep 2017 10:10:24 +0300
nginx (1.13.4-1) unstable; urgency=medium
* New upstream version 1.13.4
* nginx-lua:
+ Add a simple lua autopkgtest
+ Discover LuaJIT 2.1 (FTBFS) (Closes: #873319)
+ Update to v0.10.10
+ Update OpenSSL 1.1 patch
+ Drop patch to build against Nginx 1.11.11, now included upstream
* tests: Fix race between reload and curl's http request
* Explicitly disable autoreconf (debhelper 10)
* Drop Upstart configuration
* Bump Standards to 4.1.0
+ Switch all packages to Priority optional, extra is considered deprecated
-- Christos Trochalakis <email address hidden> Tue, 29 Aug 2017 10:49:03 +0300
| Superseded in stretch-release |
nginx (1.10.3-1+deb9u1) stretch-security; urgency=high * Handle CVE-2017-7529 Integer overflow in the range filter (Closes: #868109) -- Christos Trochalakis <email address hidden> Wed, 12 Jul 2017 08:44:59 +0300
nginx (1.13.3-1) unstable; urgency=high
* New upstream version 1.13.3.
Fixes CVE-2017-7529 (Closes: #868109)
* Drop gzip_disable "msie6" directive. (Closes: #867024)
-- Christos Trochalakis <email address hidden> Wed, 12 Jul 2017 11:20:27 +0300
nginx (1.13.1-2) unstable; urgency=medium * Upload to unstable. -- Christos Trochalakis <email address hidden> Tue, 20 Jun 2017 14:16:52 +0300
| Deleted in experimental-release (Reason: None provided.) |
nginx (1.13.1-1) experimental; urgency=medium * New upstream version 1.13.1. -- Christos Trochalakis <email address hidden> Wed, 31 May 2017 11:41:59 +0300
| Superseded in experimental-release |
nginx (1.13.0-1) experimental; urgency=medium
* New upstream release.
We now target nginx mainline (1.13.x).
-- Christos Trochalakis <email address hidden> Wed, 10 May 2017 11:40:38 +0300
| 1 → 75 of 203 results | First • Previous • Next • Last |
