Change log for nginx package in Ubuntu

175 of 242 results
Published in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic)
nginx (1.22.0-1ubuntu1) kinetic; urgency=medium

  * Merge with Debian unstable (LP: #1982626). Remaining changes:
    - d/p/ubuntu-branding.patch: add Ubuntu branding
    - d/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - d/nginx-common.install: Add install rule for apport hooks.
    - d/p/nginx-fix-pidfile.patch: Fix NGINX PIDfile handling to avoid
      SystemD race condition - thanks to Tj for the patch.  (LP #1581864)
    - d/control: make nginx and nginx-full arch any, so that nginx-full
      is no longer pulled into main because of i386 (LP #1893267)
    - Remove the Lua modules from NGINX (Server Team Decision) - future support
      for Lua module now requires resty-core from OpenResty, meaning that if
      we want to continue to support the Lua module, we have to start becoming
      OpenResty - users should just use OpenResty at this point for Lua.
      Changes made for this removal:
       + d/control:
         + Remove lua module from dependencies, and binary build item.
         + Add "Breaks" line for nginx-lua for older versions of NGINX.
           This is added to the nginx metapackage and nginx-extras.
       + d/rules: Remove Lua module from the build flags for -extras.
       + d/http-lua, d/modules/{,patches/,watch/}nginx-lua: Remove Lua
         modules, watch file, module patches.
       + d/modules/control: Remove Lua module from definitions
       + d/copyright: Remove lua module.
       + d/tests/{control,lua/}: Remove Lua test entirely, remove
         dependencies on any test which request
         libnginx-mod-http-lua as it's gone.
    - d/control: drop GeoIP from nginx-core due to demotion of libgeoip
      (LP #1861101, LP #1867150):
      + remove libnginx-mod-http-geoip from nginx-core dependency
      + have nginx-core depend on libnginx-mod-stream-geoip2
        instead of libnginx-mod-stream-geoip
      + adjust package descriptions accordingly
    - d/control: (GeoIP2 related changes)
      + Update dependencies for http-geoip2 package to include libmaxminddb0.
      + Update nginx-core to include http-geoip2 module due to approved bin-MIR
        (LP #1867198)
      + Move geoip2 module build flags to the common flags so all
        package flavors have it.
      + Update dependencies for nginx-light, etc. to include
        libnginx-mod-http-geoip2 as it's in the 'common build flags'
        for all flavors of the builds.
      + Update package description for nginx-core to indicate geoip2
        is included, and to list third party HTTP modules.  GeoIP2
        is not included for Stream by default, so we have to adjust
        this because the Stream part isn't MIR'd.
  * d/p/ubuntu-branding.patch: Reimplement patch to avoid conflicting on
    (volatile) release version numbers when merging.
  * d/m/p/http-subs-filter/pcre2.patch: Patch from debian 0d813834 to
    fix FTBFS
  * d/t/branding: Add autopkgtest to validate branding presence

 -- Bryce Harrington <email address hidden>  Fri, 22 Jul 2022 17:56:50 -0700
Superseded in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic)
nginx (1.20.2-2ubuntu2) kinetic; urgency=medium

  * d/http-lua: Remove another lua patch

 -- Bryce Harrington <email address hidden>  Fri, 15 Jul 2022 04:50:47 +0000
Superseded in kinetic-proposed
nginx (1.20.2-2ubuntu1) kinetic; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/p/ubuntu-branding.patch: add Ubuntu branding
    - d/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - d/nginx-common.install: Add install rule for apport hooks.
    - d/p/nginx-fix-pidfile.patch: Fix NGINX PIDfile handling to avoid
      SystemD race condition - thanks to Tj for the patch.  (LP #1581864)
    - d/control: make nginx and nginx-full arch any, so that nginx-full
      is no longer pulled into main because of i386 (LP #1893267)
    - Remove the Lua modules from NGINX (Server Team Decision) - future support
      for Lua module now requires resty-core from OpenResty, meaning that if
      we want to continue to support the Lua module, we have to start becoming
      OpenResty - users should just use OpenResty at this point for Lua.
      Changes made for this removal:
       + d/control:
         + Remove lua module from dependencies, and binary build item.
         + Add "Breaks" line for nginx-lua for older versions of NGINX.
           This is added to the nginx metapackage and nginx-extras.
       + d/rules: Remove Lua module from the build flags for -extras.
       + d/modules/{,patches/,watch/}nginx-lua: Remove Lua module, watch file,
         module patches.
       + d/modules/control: Remove Lua module from definitions
       + d/copyright: Remove lua module.
       + d/tests/{control,lua/}: Remove Lua test entirely, remove
         dependencies on any test which request
         libnginx-mod-http-lua as it's gone.
    - d/control: drop GeoIP from nginx-core due to demotion of libgeoip
      (LP #1861101, LP #1867150):
      + remove libnginx-mod-http-geoip from nginx-core dependency
      + have nginx-core depend on libnginx-mod-stream-geoip2
        instead of libnginx-mod-stream-geoip
      + adjust package descriptions accordingly
    - d/control: (GeoIP2 related changes)
      + Update dependencies for http-geoip2 package to include libmaxminddb0.
      + Update nginx-core to include http-geoip2 module due to approved bin-MIR
        (LP #1867198)
      + Move geoip2 module build flags to the common flags so all
        package flavors have it.
      + Update dependencies for nginx-light, etc. to include
        libnginx-mod-http-geoip2 as it's in the 'common build flags'
        for all flavors of the builds.
      + Update package description for nginx-core to indicate geoip2
        is included, and to list third party HTTP modules.  GeoIP2
        is not included for Stream by default, so we have to adjust
        this because the Stream part isn't MIR'd.
  * d/p/ubuntu-branding.patch: Refresh
  * Dropped:
    - DNS Resolver Off-by-One Heap Write
      + debian/patches/CVE-2021-23017.patch: fix logic in
        src/core/ngx_resolver.c.
      [Not needed: Replaced by upstream patches in separate commit]
    - DNS Resolver issues
      + debian/patches/CVE-2021-23017-1.patch: fixed off-by-one write in
        src/core/ngx_resolver.c.
      + debian/patches/CVE-2021-23017-2.patch: fixed off-by-one read in
        src/core/ngx_resolver.c.
      + debian/patches/CVE-2021-23017.patch: removed, replaced with upstream
        commits.
      [Included in upstream release 1.20.1]
    - ALPACA TLS issue
      + debian/patches/CVE-2021-3618.patch: specify the number of
        errors after which the connection is closed in
        src/mail/ngx_mail.h, src/mail/ngx_mail_core_module.c and
        src/mail/ngx_mail_handler.c.
      [Included in Debian release 1.20.2-2]

 -- Bryce Harrington <email address hidden>  Tue, 12 Jul 2022 10:23:53 -0700
Superseded in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic)
Published in jammy-updates
Published in jammy-security
nginx (1.18.0-6ubuntu14.1) jammy-security; urgency=medium

  * SECURITY UPDATE: ALPACA TLS issue
    - debian/patches/CVE-2021-3618.patch: specify the number of
      errors after which the connection is closed in
      src/mail/ngx_mail.h, src/mail/ngx_mail_core_module.c and
      src/mail/ngx_mail_handler.c.
    - CVE-2021-3618

 -- David Fernandez Gonzalez <email address hidden>  Wed, 27 Apr 2022 12:56:57 +0200
Published in bionic-updates
Published in bionic-security
nginx (1.14.0-0ubuntu1.10) bionic-security; urgency=medium

  * SECURITY UPDATE: ALPACA TLS issue
    - debian/patches/CVE-2021-3618.patch: specify the number of
      errors after which the connection is closed in
      src/mail/ngx_mail.h, src/mail/ngx_mail_core_module.c and
      src/mail/ngx_mail_handler.c.
    - CVE-2021-3618
  * SECURITY UPDATE: request mutation by unsafe characters
    - Add input validation to requests in Lua module in
      debian/modules/http-lua/src/ngx_http_lua_control.c,
      debian/modules/http-lua/src/ngx_http_lua_headers_in.c,
      debian/modules/http-lua/src/ngx_http_lua_headers_out.c,
      debian/modules/http-lua/src/ngx_http_lua_uri.c,
      debian/modules/http-lua/src/ngx_http_lua_util.h and
      debian/modules/http-lua/src/ngx_http_lua_util.h.
    - CVE-2020-36309
  * SECURITY UPDATE: request smuggling in ngx.location.capture
    - Add manual crafting of Content-Length in case request is
      chunked in
      debian/modules/http-lua/src/ngx_http_lua_subrequest.c.
    - CVE-2020-11724

 -- David Fernandez Gonzalez <email address hidden>  Tue, 12 Apr 2022 11:00:15 +0200
Published in focal-updates
Published in focal-security
nginx (1.18.0-0ubuntu1.3) focal-security; urgency=medium

  * SECURITY UPDATE: ALPACA TLS issue
    - debian/patches/CVE-2021-3618.patch: specify the number of
      errors after which the connection is closed in
      src/mail/ngx_mail.h, src/mail/ngx_mail_core_module.c and
      src/mail/ngx_mail_handler.c.
    - CVE-2021-3618
  * SECURITY UPDATE: request mutation by unsafe characters
    - Add input validation to requests in Lua module in
      debian/modules/http-lua/src/ngx_http_lua_control.c,
      debian/modules/http-lua/src/ngx_http_lua_headers_in.c,
      debian/modules/http-lua/src/ngx_http_lua_headers_out.c,
      debian/modules/http-lua/src/ngx_http_lua_uri.c,
      debian/modules/http-lua/src/ngx_http_lua_util.h and
      debian/modules/http-lua/src/ngx_http_lua_util.h.
    - CVE-2020-36309
  * SECURITY UPDATE: request smuggling in ngx.location.capture
    - Add manual crafting of Content-Length in case request is
      chunked in
      debian/modules/http-lua/src/ngx_http_lua_subrequest.c.
    - CVE-2020-11724

 -- David Fernandez Gonzalez <email address hidden>  Tue, 12 Apr 2022 10:04:16 +0200
Obsolete in impish-updates
Obsolete in impish-security
nginx (1.18.0-6ubuntu11.1) impish-security; urgency=medium

  * SECURITY UPDATE: ALPACA TLS issue
    - debian/patches/CVE-2021-3618.patch: specify the number of
      errors after which the connection is closed in
      src/mail/ngx_mail.h, src/mail/ngx_mail_core_module.c and
      src/mail/ngx_mail_handler.c.
    - CVE-2021-3618

 -- David Fernandez Gonzalez <email address hidden>  Tue, 12 Apr 2022 11:09:13 +0200
Superseded in kinetic-release
Published in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy)
nginx (1.18.0-6ubuntu14) jammy; urgency=medium

  * No-change rebuild to update maintainer scripts, see LP: 1959054

 -- Dave Jones <email address hidden>  Wed, 16 Feb 2022 17:10:20 +0000
Superseded in jammy-proposed
nginx (1.18.0-6ubuntu13) jammy; urgency=medium

  * No-change rebuild for the perl update.

 -- Matthias Klose <email address hidden>  Sun, 06 Feb 2022 13:48:12 +0100
Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy)
nginx (1.18.0-6ubuntu12) jammy; urgency=medium

  * No-change rebuild against openssl3

 -- Simon Chopin <email address hidden>  Wed, 24 Nov 2021 13:59:50 +0000
Superseded in jammy-release
Obsolete in impish-release
Deleted in impish-proposed (Reason: Moved to impish)
nginx (1.18.0-6ubuntu11) impish; urgency=medium

  * No-change rebuild to build packages with zstd compression.

 -- Matthias Klose <email address hidden>  Thu, 07 Oct 2021 12:21:36 +0200
Superseded in impish-release
Deleted in impish-proposed (Reason: Moved to impish)
nginx (1.18.0-6ubuntu10) impish; urgency=medium

  * SECURITY UPDATE: DNS Resolver issues
    - debian/patches/CVE-2021-23017-1.patch: fixed off-by-one write in
      src/core/ngx_resolver.c.
    - debian/patches/CVE-2021-23017-2.patch: fixed off-by-one read in
      src/core/ngx_resolver.c.
    - debian/patches/CVE-2021-23017.patch: removed, replaced with upstream
      commits.
    - CVE-2021-23017

 -- Marc Deslauriers <email address hidden>  Wed, 26 May 2021 06:59:42 -0400
Superseded in bionic-updates
Superseded in bionic-security
nginx (1.14.0-0ubuntu1.9) bionic-security; urgency=medium

  * SECURITY UPDATE: DNS Resolver issues
    - debian/patches/CVE-2021-23017-1.patch: fixed off-by-one write in
      src/core/ngx_resolver.c.
    - debian/patches/CVE-2021-23017-2.patch: fixed off-by-one read in
      src/core/ngx_resolver.c.
    - CVE-2021-23017

 -- Marc Deslauriers <email address hidden>  Tue, 25 May 2021 13:11:02 -0400
Obsolete in hirsute-updates
Obsolete in hirsute-security
nginx (1.18.0-6ubuntu8.2) hirsute-security; urgency=medium

  * SECURITY UPDATE: DNS Resolver issues
    - debian/patches/CVE-2021-23017-1.patch: fixed off-by-one write in
      src/core/ngx_resolver.c.
    - debian/patches/CVE-2021-23017-2.patch: fixed off-by-one read in
      src/core/ngx_resolver.c.
    - CVE-2021-23017

 -- Marc Deslauriers <email address hidden>  Tue, 25 May 2021 13:06:54 -0400
Superseded in focal-updates
Superseded in focal-security
nginx (1.18.0-0ubuntu1.2) focal-security; urgency=medium

  * SECURITY UPDATE: DNS Resolver issues
    - debian/patches/CVE-2021-23017-1.patch: fixed off-by-one write in
      src/core/ngx_resolver.c.
    - debian/patches/CVE-2021-23017-2.patch: fixed off-by-one read in
      src/core/ngx_resolver.c.
    - CVE-2021-23017

 -- Marc Deslauriers <email address hidden>  Tue, 25 May 2021 13:10:38 -0400
Obsolete in groovy-updates
Obsolete in groovy-security
nginx (1.18.0-6ubuntu2.2) groovy-security; urgency=medium

  * SECURITY UPDATE: DNS Resolver issues
    - debian/patches/CVE-2021-23017-1.patch: fixed off-by-one write in
      src/core/ngx_resolver.c.
    - debian/patches/CVE-2021-23017-2.patch: fixed off-by-one read in
      src/core/ngx_resolver.c.
    - CVE-2021-23017

 -- Marc Deslauriers <email address hidden>  Tue, 25 May 2021 13:10:13 -0400
Superseded in impish-release
Deleted in impish-proposed (Reason: Moved to impish)
nginx (1.18.0-6ubuntu9) impish; urgency=medium

  * SECURITY UPDATE: DNS Resolver Off-by-One Heap Write
    - debian/patches/CVE-2021-23017.patch: fix logic in
      src/core/ngx_resolver.c.
    - CVE-2021-23017

 -- Marc Deslauriers <email address hidden>  Tue, 25 May 2021 13:06:54 -0400

Available diffs

Superseded in impish-release
Obsolete in hirsute-release
Deleted in hirsute-proposed (Reason: Moved to hirsute)
nginx (1.18.0-6ubuntu8) hirsute; urgency=medium

  * d/modules/control: Remove Lua module from definitions
  * d/tests/:
    - control: Remove Lua test, remove dependencies on any test which
      request libnginx-mod-http-lua as it's gone.
    - lua: Remove the lua test entirely.

 -- Thomas Ward <email address hidden>  Wed, 10 Mar 2021 10:50:43 -0500
Superseded in hirsute-proposed
nginx (1.18.0-6ubuntu7) hirsute; urgency=medium

  * d/control:
    - Fix dependencies issue for libnginx-mod-http-geoip2 - missing a
      character in the depends.

 -- Thomas Ward <email address hidden>  Tue, 09 Mar 2021 19:03:55 -0500

Available diffs

Superseded in hirsute-proposed
nginx (1.18.0-6ubuntu6) hirsute; urgency=medium

  * d/control:
    - Update dependencies for nginx-light, etc. to include
      libnginx-mod-http-geoip2 as it's in the 'common build flags' for
      all flavors of the builds.
    - Update nginx-core package description to list third party HTTP
      modules.  GeoIP2 is not included for Stream by default, so we
      have to adjust this because the Stream part isn't MIR'd.

 -- Thomas Ward <email address hidden>  Tue, 09 Mar 2021 12:41:36 -0500
Superseded in hirsute-proposed
nginx (1.18.0-6ubuntu5) hirsute; urgency=medium

  * d/control: (GeoIP2 related changes)
    - Update dependencies for http-geoip2 package.
    - Update nginx-core to include http-geoip2 module due to approved bin-MIR
      (LP: #1867198)
    - Update description to nginx-core to indicate geoip2 is included.
  * d/control: move geoip2 module build flags to the common flags so all
    package flavors have it.
  * d/modules/http-geoip2: Update to upstream version 3.3.
  * Remove the Lua modules from NGINX (Server Team Decision) - future support
    for Lua module now requires resty-core from OpenResty, meaning that if
    we want to continue to support the Lua module, we have to start becoming
    OpenResty - users should just use OpenResty at this point for Lua.
    Changes made for this removal:
     - d/control:
       - Remove lua module from dependencies, and binary build item.
       - Add "Breaks" line for nginx-lua for older versions of NGINX.
         This is added to the nginx metapackage and nginx-extras.
     - d/copyright: Remove lua module.
     - d/modules/{,patches/,watch/}nginx-lua: Remove Lua module, watch file,
       module patches.
     - d/rules: Remove Lua module from the build flags for -extras.

 -- Thomas Ward <email address hidden>  Mon, 08 Mar 2021 09:59:56 -0500

Available diffs

Superseded in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release)
nginx (1.18.0-6ubuntu4) hirsute; urgency=medium

  * No-change rebuild for the perl update.

 -- Matthias Klose <email address hidden>  Mon, 09 Nov 2020 12:46:47 +0100
Superseded in hirsute-proposed
nginx (1.18.0-6ubuntu3) hirsute; urgency=medium

  * No-change rebuild for the perl update.

 -- Matthias Klose <email address hidden>  Mon, 09 Nov 2020 10:51:27 +0100

Available diffs

Superseded in hirsute-release
Obsolete in groovy-release
Deleted in groovy-proposed (Reason: moved to Release)
nginx (1.18.0-6ubuntu2) groovy; urgency=medium

  * d/control: make nginx and nginx-full arch any, so that nginx-full
    is no longer pulled into main because of i386 (LP: #1893267)

 -- Andreas Hasenack <email address hidden>  Thu, 27 Aug 2020 16:59:57 -0300

Available diffs

Superseded in groovy-release
Deleted in groovy-proposed (Reason: moved to Release)
nginx (1.18.0-6ubuntu1) groovy; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/p/ubuntu-branding.patch: add Ubuntu branding
    - d/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - d/nginx-common.install: Add install rule for apport hooks.
    - d/p/nginx-fix-pidfile.patch: Fix NGINX PIDfile handling to avoid
      SystemD race condition - thanks to Tj for the patch.  (LP #1581864)
    - d/control: drop GeoIP from nginx-core due to demotion of libgeoip
      (LP #1861101, LP #1867150):
      + remove libnginx-mod-http-geoip from nginx-core dependency
      + have nginx-core depend on libnginx-mod-stream-geoip2
        instead of libnginx-mod-stream-geoip
      + adjust package descriptions accordingly

Superseded in groovy-release
Deleted in groovy-proposed (Reason: moved to Release)
nginx (1.18.0-3ubuntu2) groovy; urgency=medium

  * Re-apply demotion of geoip in favor of geoip2
    - Fixes some accidentally dropped delta from merge to fix
      unsatisfiable depends.  nginx-[core|full] need to depend on
      libnginx-mod-stream-geoip2, not on -geoip.
      (LP #1861101)

 -- Bryce Harrington <email address hidden>  Mon, 06 Jul 2020 15:12:26 -0700
Superseded in groovy-proposed
nginx (1.18.0-3ubuntu1) groovy; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/p/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - d/nginx-common.install: Add install rule for apport hooks.
    - d/p/nginx-fix-pidfile.patch: Fix NGINX PIDfile handling to avoid
      SystemD race condition - thanks to Tj for the patch.  (LP #1581864)
    - Drop GeoIP from nginx-core due to demotion of libgeoip
      (LP #1861101, LP #1867150):
      + d/control: Remove libnginx-mod-http-geoip from nginx-core dependency
      + d/rules: Remove the configure line of with-http_geoip_module=dynamic
        from the nginx-core build flags, due to demotion of libgeoip and the
        removal of the dynamic library from install deps for nginx-core.
  * d/a/source_nginx.py: Fix indentation in apport hook
  * d/p/nginx-fix-pidfile.patch: Update dep3 with fwd debian link
  * Dropped:
    - debian/patches/0002-Make-sure-signature-stays-the-same-in-
      all-nginx-buil.patch:  Refreshed patch - Merge-o-Matic introduced some
      fuzz which caused issues.
      [ Does not seem necessary ]
    - d/control: drop mention of SSL Preread from nginx-full, nginx-extras
      [ Previously undocumented ]
    - d/gbp.conf: update for 1.12 release
      [ Previously undocumented ]
    - d/p/0003-define_gnu_source-on-other-glibc-based-platforms.patch:
      Refresh patch.
      [ Previously undocumented ]
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - Add GeoIP2 third party module to nginx-full and nginx-extras
      (LP #1825895). The following is the files list for this:
      + d/{control,rules}: Add libnginx-mod-http-geoip2 and corresponding
        build rules.
      + d/modules/http-geoip2{,/*}: Add geoip2 module from third party git.
      + d/copyright: Add relevant copyright lines for GeoIP2 module.
    - d/conf/sites-available/default: Update PHP path for PHP 7.4.
      [added in 1.17.9-0ubuntu3 taken by Debian in 1.18.0-2]
    - d/nginx-full.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade.
    - d/control: Add dependency from nginx-full on `iproute2` as the
      postinst scripts now use `ss` to determine if Port 80 is open
      or not.
      [Taken by Debian in 1.18.0-2]
    - d/rules: Enable --with-compat build option for all nginx package
      flavors (LP #1797897)

 -- Bryce Harrington <email address hidden>  Wed, 24 Jun 2020 23:15:11 +0000

Available diffs

Superseded in focal-updates
Deleted in focal-proposed (Reason: moved to -updates)
nginx (1.18.0-0ubuntu1) focal; urgency=medium

  * Stable Release Update for Version String (LP: #1875231)
  * New upstream Stable release (1.18.0) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors
    - d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
      module to nginx-full and nginx-extras (and use proper DEP5 syntax for
      d/copyright).
    - d/control, d/rules: Drop GeoIP from nginx-core due to demotion of
      libgeoip.

 -- Thomas Ward <email address hidden>  Tue, 21 Apr 2020 10:49:01 -0400
Superseded in groovy-release
Published in focal-release
Deleted in focal-proposed (Reason: moved to Release)
nginx (1.17.10-0ubuntu1) focal; urgency=medium

  * New upstream release (1.17.9) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors
    - d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
      module to nginx-full and nginx-extras (and use proper DEP5 syntax for
      d/copyright).
    - d/control, d/rules: Drop GeoIP from nginx-core due to demotion of
      libgeoip.

 -- Thomas Ward <email address hidden>  Tue, 14 Apr 2020 12:53:34 -0400
Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release)
nginx (1.17.9-0ubuntu3) focal; urgency=medium

  * d/conf/sites-available/default: Update PHP path for PHP 7.4.

 -- Thomas Ward <email address hidden>  Thu, 26 Mar 2020 10:53:52 -0400

Available diffs

Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release)
nginx (1.17.9-0ubuntu2) focal; urgency=medium

  * Drop GeoIP from nginx-core due to demotion of libgeoip (LP: #1861101,
    LP: #1867150):
    - d/control: Remove libnginx-mod-http-geoip from nginx-core dependency
    - d/rules: Remove the configure line of with-http_geoip_module=dynamic
      from the nginx-core build flags, due to demotion of libgeoip and the
      removal of the dynamic library from install deps for nginx-core.

 -- Thomas Ward <email address hidden>  Wed, 11 Mar 2020 13:41:07 -0400
Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release)
nginx (1.17.9-0ubuntu1) focal; urgency=medium

  * New upstream release (1.17.9) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors
    - d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
      module to nginx-full and nginx-extras (and use proper DEP5 syntax for
      d/copyright).

 -- Thomas Ward <email address hidden>  Tue, 03 Mar 2020 11:05:45 -0500
Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release)
nginx (1.17.8-0ubuntu3) focal; urgency=medium

  * d/conf/sites-available/default: Indentation consistency.
    Fix an indentation issue introduced by 1.17.8-0ubuntu2 to make sure that
    indentation in the default config file is consistent.

 -- Thomas Ward <email address hidden>  Wed, 26 Feb 2020 10:35:13 -0500

Available diffs

Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release)
nginx (1.17.8-0ubuntu2) focal; urgency=medium

  * d/conf/sites-available/default: Revert changes done in #1743592.
    Reverts this change:
      - d/conf/sites-available/default: Update default nginx site
        configuration file to remove the IPv6 listening line so that servers
        running without IPv6 enabled at all on the system will start nginx
        properly.

 -- Thomas Ward <email address hidden>  Thu, 20 Feb 2020 13:52:32 -0500

Available diffs

Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release)
nginx (1.17.8-0ubuntu1) focal; urgency=medium

  * New upstream release (1.17.8) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors
    - d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
      module to nginx-full and nginx-extras (and use proper DEP5 syntax for
      d/copyright).
    - d/conf/sites-available/default: Update default nginx site configuration
      file to remove the IPv6 listening line so that servers running without
      IPv6 enabled at all on the system will start nginx properly.
      (LP: #1743592)

 -- Thomas Ward <email address hidden>  Tue, 18 Feb 2020 19:01:02 -0500
Superseded in bionic-updates
Superseded in bionic-security
nginx (1.14.0-0ubuntu1.7) bionic-security; urgency=medium

  * SECURITY UPDATE: request smuggling via error_page
    - debian/patches/CVE-2019-20372.patch: discard request body when
      redirecting to a URL via error_page in
      src/http/ngx_http_special_response.c.
    - CVE-2019-20372

 -- Marc Deslauriers <email address hidden>  Fri, 10 Jan 2020 14:18:38 -0500
Obsolete in disco-updates
Obsolete in disco-security
nginx (1.15.9-0ubuntu1.2) disco-security; urgency=medium

  * SECURITY UPDATE: request smuggling via error_page
    - debian/patches/CVE-2019-20372.patch: discard request body when
      redirecting to a URL via error_page in
      src/http/ngx_http_special_response.c.
    - CVE-2019-20372

 -- Marc Deslauriers <email address hidden>  Fri, 10 Jan 2020 14:18:15 -0500
Published in xenial-updates
Published in xenial-security
nginx (1.10.3-0ubuntu0.16.04.5) xenial-security; urgency=medium

  * SECURITY UPDATE: request smuggling via error_page
    - debian/patches/CVE-2019-20372.patch: discard request body when
      redirecting to a URL via error_page in
      src/http/ngx_http_special_response.c.
    - CVE-2019-20372

 -- Marc Deslauriers <email address hidden>  Fri, 10 Jan 2020 14:19:02 -0500
Obsolete in eoan-updates
Obsolete in eoan-security
nginx (1.16.1-0ubuntu2.1) eoan-security; urgency=medium

  * SECURITY UPDATE: request smuggling via error_page
    - debian/patches/CVE-2019-20372.patch: discard request body when
      redirecting to a URL via error_page in
      src/http/ngx_http_special_response.c.
    - CVE-2019-20372

 -- Marc Deslauriers <email address hidden>  Fri, 10 Jan 2020 14:16:29 -0500
Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release)
nginx (1.17.7-0ubuntu1) focal; urgency=medium

  * New upstream release (1.17.7) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors
    - d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
      module to nginx-full and nginx-extras (and use proper DEP5 syntax for
      d/copyright).
    - d/conf/sites-available/default: Update default nginx site configuration
      file to remove the IPv6 listening line so that servers running without
      IPv6 enabled at all on the system will start nginx properly.
      (LP: #1743592)

 -- Thomas Ward <email address hidden>  Mon, 30 Dec 2019 13:02:58 -0500
Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release)
nginx (1.17.6-0ubuntu1) focal; urgency=medium

  * New upstream release (1.17.6) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors
    - d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
      module to nginx-full and nginx-extras (and use proper DEP5 syntax for
      d/copyright).
    - d/conf/sites-available/default: Update default nginx site configuration
      file to remove the IPv6 listening line so that servers running without
      IPv6 enabled at all on the system will start nginx properly.
      (LP: #1743592)

 -- Thomas Ward <email address hidden>  Tue, 19 Nov 2019 10:34:14 -0500
Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release)
nginx (1.17.5-0ubuntu1) focal; urgency=medium

  * New upstream release (1.17.5) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors
    - d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
      module to nginx-full and nginx-extras (and use proper DEP5 syntax for
      d/copyright).
  * New Ubuntu-specific changes:
    - d/conf/sites-available/default: Update default nginx site configuration
      file to remove the IPv6 listening line so that servers running without
      IPv6 enabled at all on the system will start nginx properly.
      (LP: #1743592)

 -- Thomas Ward <email address hidden>  Fri, 01 Nov 2019 11:55:10 -0400
Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release)
nginx (1.16.1-0ubuntu3) focal; urgency=medium

  * No-change rebuild for the perl update.

 -- Matthias Klose <email address hidden>  Fri, 18 Oct 2019 19:37:10 +0000

Available diffs

Superseded in bionic-updates
Superseded in bionic-security
nginx (1.14.0-0ubuntu1.6) bionic-security; urgency=medium

  * No change rebuild in -security pocket now that OpenSSL 1.1.1 is
    available.

 -- Marc Deslauriers <email address hidden>  Tue, 20 Aug 2019 08:46:02 -0400
Superseded in bionic-updates
Deleted in bionic-proposed (Reason: moved to -updates)
nginx (1.14.0-0ubuntu1.5) bionic; urgency=medium

  * No change rebuild for bionic outside of security pocket to pick up
    OpenSSL 1.1.1. (LP: #1840404)

 -- Marc Deslauriers <email address hidden>  Fri, 16 Aug 2019 07:05:57 -0400
Superseded in focal-release
Obsolete in eoan-release
Deleted in eoan-proposed (Reason: moved to release)
nginx (1.16.1-0ubuntu2) eoan; urgency=medium

  * d/conf/sites-available/default: Update PHP referred to in the
    example in the default configuration to PHP 7.2.
    (LP: #1831748)

 -- Thomas Ward <email address hidden>  Thu, 15 Aug 2019 12:01:39 -0400

Available diffs

Superseded in bionic-updates
Superseded in bionic-security
nginx (1.14.0-0ubuntu1.4) bionic-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 Data Dribble issue
    - debian/patches/CVE-2019-9511.patch: limited number of DATA frames in
      src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h,
      src/http/v2/ngx_http_v2_filter_module.c.
    - CVE-2019-9511
  * SECURITY UPDATE: HTTP/2 Resource Loop / Priority Shuffling issue
    - debian/patches/CVE-2019-9513.patch: limited number of PRIORITY frames
      in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
    - CVE-2019-9513
  * SECURITY UPDATE: HTTP/2 0-Length Headers Leak issue
    - debian/patches/CVE-2019-9516.patch: reject zero length headers with
      PROTOCOL_ERROR in src/http/v2/ngx_http_v2.c.
    - CVE-2019-9516

 -- Marc Deslauriers <email address hidden>  Wed, 14 Aug 2019 14:44:40 -0400
Superseded in xenial-updates
Superseded in xenial-security
nginx (1.10.3-0ubuntu0.16.04.4) xenial-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 Data Dribble issue
    - debian/patches/CVE-2019-9511.patch: limited number of DATA frames in
      src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h,
      src/http/v2/ngx_http_v2_filter_module.c.
    - CVE-2019-9511
  * SECURITY UPDATE: HTTP/2 Resource Loop / Priority Shuffling issue
    - debian/patches/CVE-2019-9513.patch: limited number of PRIORITY frames
      in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
    - CVE-2019-9513
  * SECURITY UPDATE: HTTP/2 0-Length Headers Leak issue
    - debian/patches/CVE-2019-9516.patch: reject zero length headers with
      PROTOCOL_ERROR in src/http/v2/ngx_http_v2.c.
    - CVE-2019-9516

 -- Marc Deslauriers <email address hidden>  Wed, 14 Aug 2019 14:48:49 -0400
Superseded in disco-updates
Superseded in disco-security
nginx (1.15.9-0ubuntu1.1) disco-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 Data Dribble issue
    - debian/patches/CVE-2019-9511.patch: limited number of DATA frames in
      src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h,
      src/http/v2/ngx_http_v2_filter_module.c.
    - CVE-2019-9511
  * SECURITY UPDATE: HTTP/2 Resource Loop / Priority Shuffling issue
    - debian/patches/CVE-2019-9513.patch: limited number of PRIORITY frames
      in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
    - CVE-2019-9513
  * SECURITY UPDATE: HTTP/2 0-Length Headers Leak issue
    - debian/patches/CVE-2019-9516.patch: reject zero length headers with
      PROTOCOL_ERROR in src/http/v2/ngx_http_v2.c.
    - CVE-2019-9516

 -- Marc Deslauriers <email address hidden>  Wed, 14 Aug 2019 14:41:19 -0400
Superseded in eoan-release
Deleted in eoan-proposed (Reason: moved to release)
nginx (1.16.1-0ubuntu1) eoan; urgency=medium

  * New upstream release (1.16.1) - full changelog available from
    http://nginx.org/en/CHANGES-1.16
  * This patch contains security patches only.
  * Security content in this version:
    - When using HTTP/2 a client might cause excessive memory consumption
      and CPU usage (CVE-2019-9511. CVE-2019-9513, CVE-2019-9516)

 -- Thomas Ward <email address hidden>  Tue, 13 Aug 2019 13:08:03 -0400
Superseded in bionic-updates
Deleted in bionic-proposed (Reason: moved to -updates)
nginx (1.14.0-0ubuntu1.3) bionic; urgency=medium

  * No changes rebuild (to build against OpenSSL 1.1.1 in Bionic)
    (LP: #1836366)

 -- Thomas Ward <email address hidden>  Fri, 12 Jul 2019 14:18:43 -0400
Superseded in eoan-release
Deleted in eoan-proposed (Reason: moved to release)
nginx (1.16.0-0ubuntu2) eoan; urgency=medium

  * d/patches/nginx-fix-pidfile.patch: Fix NGINX PIDfile handling to avoid
    SystemD race condition - thanks to Tj for the patch.  (LP: #1581864)

 -- Thomas Ward <email address hidden>  Tue, 04 Jun 2019 11:43:30 -0400
Superseded in eoan-release
Deleted in eoan-proposed (Reason: moved to release)
nginx (1.16.0-0ubuntu1) eoan; urgency=medium

  * New upstream release (1.16.0) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors
    - d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
      module to nginx-full and nginx-extras

 -- Thomas Ward <email address hidden>  Mon, 29 Apr 2019 12:31:39 -0400
Superseded in eoan-release
Deleted in eoan-proposed (Reason: moved to release)
nginx (1.15.12-0ubuntu1) eoan; urgency=medium

  * New upstream release (1.15.12) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors
  * Add GeoIP2 third party module to nginx-full and nginx-extras
    (LP: #1825895). The following is the files list for this:
    - d/{control,rules}: Add libnginx-mod-http-geoip2 and corresponding build
      rules.
    - d/modules/http-geoip2{,/*}: Add geoip2 module from third party git.
    - d/copyright: Add relevant copyright lines for GeoIP2 module.

 -- Thomas Ward <email address hidden>  Mon, 22 Apr 2019 17:59:46 -0400
Superseded in eoan-release
Obsolete in disco-release
Deleted in disco-proposed (Reason: moved to release)
nginx (1.15.9-0ubuntu1) disco; urgency=medium

  * New upstream release (1.15.9) - full changelog available from
    http://nginx.org/en/CHANGES (LP: #1817750)
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors

 -- Thomas Ward <email address hidden>  Tue, 26 Feb 2019 11:15:07 -0500
Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release)
nginx (1.15.8-0ubuntu1) disco; urgency=medium

  * New upstream release (1.15.8) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors

 -- Thomas Ward <email address hidden>  Fri, 01 Feb 2019 20:21:45 -0500
Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release)
nginx (1.15.7-0ubuntu1) disco; urgency=medium

  * New upstream release (1.15.7) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors (LP: #1797897)

 -- Thomas Ward <email address hidden>  Tue, 27 Nov 2018 10:28:55 -0500
Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release)
nginx (1.15.6-0ubuntu2) disco; urgency=medium

  * Apply a Debian packaging change to Ubuntu package for config parity:
    * d/conf/snippets/fastcgi-php.conf: Adjust fastcgi_split_path_info
      snippet to handle the /example.php/ case. (Debian bug 911398)

 -- Thomas Ward <email address hidden>  Fri, 23 Nov 2018 10:56:21 -0500

Available diffs

Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release)
nginx (1.15.6-0ubuntu1) disco; urgency=medium

  * New upstream release (1.15.6) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors (LP: #1797897)

 -- Thomas Ward <email address hidden>  Tue, 13 Nov 2018 10:10:45 -0500
Superseded in disco-proposed
nginx (1.15.5-0ubuntu4) disco; urgency=medium

  * No-change rebuild against libhiredis0.14

 -- Steve Langasek <email address hidden>  Mon, 12 Nov 2018 08:47:44 +0000

Available diffs

Superseded in xenial-updates
Superseded in xenial-security
nginx (1.10.3-0ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: excessive memory consumption in HTTP/2 implementation
    - debian/patches/CVE-2018-16843.patch: add flood detection in
      src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
    - CVE-2018-16843
  * SECURITY UPDATE: excessive CPU usage in HTTP/2 implementation
    - debian/patches/CVE-2018-16844-pre.patch: backport new
      http2_max_requests directive.
    - debian/patches/CVE-2018-16844.patch: limit the number of idle state
      switches in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
    - CVE-2018-16844
  * SECURITY UPDATE: infinite loop in ngx_http_mp4_module
    - debian/patches/CVE-2018-16845.patch: fixed reading 64-bit atoms in
      src/http/modules/ngx_http_mp4_module.c.
    - CVE-2018-16845

 -- Marc Deslauriers <email address hidden>  Tue, 06 Nov 2018 13:55:13 -0500
Obsolete in cosmic-updates
Obsolete in cosmic-security
nginx (1.15.5-0ubuntu2.1) cosmic-security; urgency=medium

  * SECURITY UPDATE: excessive memory consumption in HTTP/2 implementation
    - debian/patches/CVE-2018-16843.patch: add flood detection in
      src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
    - CVE-2018-16843
  * SECURITY UPDATE: excessive CPU usage in HTTP/2 implementation
    - debian/patches/CVE-2018-16844.patch: limit the number of idle state
      switches in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
    - CVE-2018-16844
  * SECURITY UPDATE: infinite loop in ngx_http_mp4_module
    - debian/patches/CVE-2018-16845.patch: fixed reading 64-bit atoms in
      src/http/modules/ngx_http_mp4_module.c.
    - CVE-2018-16845

 -- Marc Deslauriers <email address hidden>  Tue, 06 Nov 2018 13:50:41 -0500
Published in trusty-updates
Published in trusty-security
nginx (1.4.6-1ubuntu3.9) trusty-security; urgency=medium

  * SECURITY UPDATE: infinite loop in ngx_http_mp4_module
    - debian/patches/CVE-2018-16845.patch: fixed reading 64-bit atoms in
      src/http/modules/ngx_http_mp4_module.c.
    - CVE-2018-16845

 -- Marc Deslauriers <email address hidden>  Tue, 06 Nov 2018 13:56:34 -0500
Superseded in bionic-updates
Superseded in bionic-security
nginx (1.14.0-0ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: excessive memory consumption in HTTP/2 implementation
    - debian/patches/CVE-2018-16843.patch: add flood detection in
      src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
    - CVE-2018-16843
  * SECURITY UPDATE: excessive CPU usage in HTTP/2 implementation
    - debian/patches/CVE-2018-16844.patch: limit the number of idle state
      switches in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
    - CVE-2018-16844
  * SECURITY UPDATE: infinite loop in ngx_http_mp4_module
    - debian/patches/CVE-2018-16845.patch: fixed reading 64-bit atoms in
      src/http/modules/ngx_http_mp4_module.c.
    - CVE-2018-16845

 -- Marc Deslauriers <email address hidden>  Tue, 06 Nov 2018 13:54:15 -0500
Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release)
nginx (1.15.5-0ubuntu3) disco; urgency=medium

  * No-change rebuild for the perl 5.28 transition.

 -- Adam Conrad <email address hidden>  Fri, 02 Nov 2018 19:02:18 -0600

Available diffs

Deleted in cosmic-proposed (Reason: moved to -updates)
nginx (1.15.5-0ubuntu2) cosmic; urgency=medium

  * d/conf/nginx.conf: Enable TLSv1.3 by default by adding TLSv1.3 to
    the ssl_protocols line.  (SRU, LP: #1800214)

 -- Thomas Ward <email address hidden>  Fri, 26 Oct 2018 15:25:59 -0400

Available diffs

Superseded in disco-release
Obsolete in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release)
nginx (1.15.5-0ubuntu1) cosmic; urgency=medium

  * This is a bugfixes-only upstream micro release, and thus is a bugfixes-
    only version change. (LP: #1795690)
  * New upstream release (1.15.5) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.

 -- Thomas Ward <email address hidden>  Tue, 02 Oct 2018 11:31:05 -0400
Superseded in cosmic-proposed
nginx (1.15.4-0ubuntu1) cosmic; urgency=medium

  * New upstream release (1.15.4) - full changelog available from
    http://nginx.org/en/CHANGES (LP: #1794321)
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.

 -- Thomas Ward <email address hidden>  Tue, 25 Sep 2018 11:59:46 -0400
Superseded in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release)
nginx (1.15.3-0ubuntu1) cosmic; urgency=medium

  * New upstream release (1.15.3) - full changelog available from
    http://nginx.org/en/CHANGES  (LP: #1790149)
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.

 -- Thomas Ward <email address hidden>  Fri, 31 Aug 2018 09:52:34 -0400
Superseded in bionic-updates
Deleted in bionic-proposed (Reason: moved to -updates)
nginx (1.14.0-0ubuntu1.1) bionic; urgency=medium

  * Stable Release Update. Do not attempt to start nginx if other daemon
    is binding to port 80, to prevent install failure (LP: #1782226):
    - d/nginx{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade.
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.

 -- Andres Rodriguez <email address hidden>  Mon, 20 Aug 2018 18:41:42 -0400
Superseded in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release)
nginx (1.15.2-0ubuntu2) cosmic; urgency=medium

  * d/control: Add `iproute2` dependencies for the binary
    nginx-{core,light,full,extras} packages, they got missed in the
    application of the diff in 1.15.2-0ubuntu1. (LP: #1782226)

 -- Thomas Ward <email address hidden>  Tue, 21 Aug 2018 12:07:59 -0400
Superseded in cosmic-proposed
nginx (1.15.2-0ubuntu1) cosmic; urgency=medium

  * Switch to track NGINX Mainline for 18.10 (and 19.04) releases after
    discussion with Server team members. Mainline version is 1.15.2
  * Upstream changelogs for 1.15.2 are available at
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
  * Additional Ubuntu only changes (LP: #1782226):
    - d/nginx{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade.
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.

 -- Thomas Ward <email address hidden>  Sun, 19 Aug 2018 12:16:48 -0400
Superseded in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release)
nginx (1.14.0-0ubuntu2) cosmic; urgency=medium

  * debian/nginx-core.postinst: Make nginx-*.postinst use invoke-rc.d.
    (LP: #1578344)

 -- Thomas Ward <email address hidden>  Tue, 15 May 2018 11:14:02 -0400

Available diffs

Superseded in cosmic-release
Published in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
nginx (1.14.0-0ubuntu1) bionic; urgency=medium

  * New upstream stable release (1.14.0)
  * Upstream changelogs can be found at http://nginx.org/en/CHANGES-1.14
  * There are no functional changes or new features in this release,
    and the only change is a version number change.
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.

 -- Thomas Ward <email address hidden>  Tue, 17 Apr 2018 12:17:58 -0400
Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
nginx (1.13.12-0ubuntu1) bionic; urgency=medium

  * New upstream releases (1.13.11, 1.13.12)
  * Upstream changelogs can be found at https://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.

 -- Thomas Ward <email address hidden>  Mon, 16 Apr 2018 11:43:01 -0400
175 of 242 results