Change log for nginx package in Ubuntu

175 of 215 results
Published in focal-proposed on 2020-04-28
nginx (1.18.0-0ubuntu1) focal; urgency=medium

  * Stable Release Update for Version String (LP: #1875231)
  * New upstream Stable release (1.18.0) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors
    - d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
      module to nginx-full and nginx-extras (and use proper DEP5 syntax for
      d/copyright).
    - d/control, d/rules: Drop GeoIP from nginx-core due to demotion of
      libgeoip.

 -- Thomas Ward <email address hidden>  Tue, 21 Apr 2020 10:49:01 -0400
Published in groovy-release on 2020-04-24
Published in focal-release on 2020-04-18
Deleted in focal-proposed (Reason: moved to Release)
nginx (1.17.10-0ubuntu1) focal; urgency=medium

  * New upstream release (1.17.9) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors
    - d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
      module to nginx-full and nginx-extras (and use proper DEP5 syntax for
      d/copyright).
    - d/control, d/rules: Drop GeoIP from nginx-core due to demotion of
      libgeoip.

 -- Thomas Ward <email address hidden>  Tue, 14 Apr 2020 12:53:34 -0400
Superseded in focal-release on 2020-04-18
Deleted in focal-proposed on 2020-04-19 (Reason: moved to Release)
nginx (1.17.9-0ubuntu3) focal; urgency=medium

  * d/conf/sites-available/default: Update PHP path for PHP 7.4.

 -- Thomas Ward <email address hidden>  Thu, 26 Mar 2020 10:53:52 -0400

Available diffs

Superseded in focal-release on 2020-03-26
Deleted in focal-proposed on 2020-03-28 (Reason: moved to Release)
nginx (1.17.9-0ubuntu2) focal; urgency=medium

  * Drop GeoIP from nginx-core due to demotion of libgeoip (LP: #1861101,
    LP: #1867150):
    - d/control: Remove libnginx-mod-http-geoip from nginx-core dependency
    - d/rules: Remove the configure line of with-http_geoip_module=dynamic
      from the nginx-core build flags, due to demotion of libgeoip and the
      removal of the dynamic library from install deps for nginx-core.

 -- Thomas Ward <email address hidden>  Wed, 11 Mar 2020 13:41:07 -0400
Superseded in focal-release on 2020-03-17
Deleted in focal-proposed on 2020-03-18 (Reason: moved to Release)
nginx (1.17.9-0ubuntu1) focal; urgency=medium

  * New upstream release (1.17.9) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors
    - d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
      module to nginx-full and nginx-extras (and use proper DEP5 syntax for
      d/copyright).

 -- Thomas Ward <email address hidden>  Tue, 03 Mar 2020 11:05:45 -0500
Superseded in focal-release on 2020-03-03
Deleted in focal-proposed on 2020-03-05 (Reason: moved to Release)
nginx (1.17.8-0ubuntu3) focal; urgency=medium

  * d/conf/sites-available/default: Indentation consistency.
    Fix an indentation issue introduced by 1.17.8-0ubuntu2 to make sure that
    indentation in the default config file is consistent.

 -- Thomas Ward <email address hidden>  Wed, 26 Feb 2020 10:35:13 -0500

Available diffs

Superseded in focal-release on 2020-02-28
Deleted in focal-proposed on 2020-02-29 (Reason: moved to Release)
nginx (1.17.8-0ubuntu2) focal; urgency=medium

  * d/conf/sites-available/default: Revert changes done in #1743592.
    Reverts this change:
      - d/conf/sites-available/default: Update default nginx site
        configuration file to remove the IPv6 listening line so that servers
        running without IPv6 enabled at all on the system will start nginx
        properly.

 -- Thomas Ward <email address hidden>  Thu, 20 Feb 2020 13:52:32 -0500

Available diffs

Superseded in focal-release on 2020-02-21
Deleted in focal-proposed on 2020-02-22 (Reason: moved to Release)
nginx (1.17.8-0ubuntu1) focal; urgency=medium

  * New upstream release (1.17.8) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors
    - d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
      module to nginx-full and nginx-extras (and use proper DEP5 syntax for
      d/copyright).
    - d/conf/sites-available/default: Update default nginx site configuration
      file to remove the IPv6 listening line so that servers running without
      IPv6 enabled at all on the system will start nginx properly.
      (LP: #1743592)

 -- Thomas Ward <email address hidden>  Tue, 18 Feb 2020 19:01:02 -0500
Published in bionic-updates on 2020-01-13
Published in bionic-security on 2020-01-13
nginx (1.14.0-0ubuntu1.7) bionic-security; urgency=medium

  * SECURITY UPDATE: request smuggling via error_page
    - debian/patches/CVE-2019-20372.patch: discard request body when
      redirecting to a URL via error_page in
      src/http/ngx_http_special_response.c.
    - CVE-2019-20372

 -- Marc Deslauriers <email address hidden>  Fri, 10 Jan 2020 14:18:38 -0500
Published in disco-updates on 2020-01-13
Published in disco-security on 2020-01-13
nginx (1.15.9-0ubuntu1.2) disco-security; urgency=medium

  * SECURITY UPDATE: request smuggling via error_page
    - debian/patches/CVE-2019-20372.patch: discard request body when
      redirecting to a URL via error_page in
      src/http/ngx_http_special_response.c.
    - CVE-2019-20372

 -- Marc Deslauriers <email address hidden>  Fri, 10 Jan 2020 14:18:15 -0500
Published in xenial-updates on 2020-01-13
Published in xenial-security on 2020-01-13
nginx (1.10.3-0ubuntu0.16.04.5) xenial-security; urgency=medium

  * SECURITY UPDATE: request smuggling via error_page
    - debian/patches/CVE-2019-20372.patch: discard request body when
      redirecting to a URL via error_page in
      src/http/ngx_http_special_response.c.
    - CVE-2019-20372

 -- Marc Deslauriers <email address hidden>  Fri, 10 Jan 2020 14:19:02 -0500
Published in eoan-updates on 2020-01-13
Published in eoan-security on 2020-01-13
nginx (1.16.1-0ubuntu2.1) eoan-security; urgency=medium

  * SECURITY UPDATE: request smuggling via error_page
    - debian/patches/CVE-2019-20372.patch: discard request body when
      redirecting to a URL via error_page in
      src/http/ngx_http_special_response.c.
    - CVE-2019-20372

 -- Marc Deslauriers <email address hidden>  Fri, 10 Jan 2020 14:16:29 -0500
Superseded in focal-release on 2020-02-20
Deleted in focal-proposed on 2020-02-21 (Reason: moved to Release)
nginx (1.17.7-0ubuntu1) focal; urgency=medium

  * New upstream release (1.17.7) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors
    - d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
      module to nginx-full and nginx-extras (and use proper DEP5 syntax for
      d/copyright).
    - d/conf/sites-available/default: Update default nginx site configuration
      file to remove the IPv6 listening line so that servers running without
      IPv6 enabled at all on the system will start nginx properly.
      (LP: #1743592)

 -- Thomas Ward <email address hidden>  Mon, 30 Dec 2019 13:02:58 -0500
Superseded in focal-release on 2020-01-02
Deleted in focal-proposed on 2020-01-03 (Reason: moved to Release)
nginx (1.17.6-0ubuntu1) focal; urgency=medium

  * New upstream release (1.17.6) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors
    - d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
      module to nginx-full and nginx-extras (and use proper DEP5 syntax for
      d/copyright).
    - d/conf/sites-available/default: Update default nginx site configuration
      file to remove the IPv6 listening line so that servers running without
      IPv6 enabled at all on the system will start nginx properly.
      (LP: #1743592)

 -- Thomas Ward <email address hidden>  Tue, 19 Nov 2019 10:34:14 -0500
Superseded in focal-release on 2019-11-20
Deleted in focal-proposed on 2019-11-21 (Reason: moved to Release)
nginx (1.17.5-0ubuntu1) focal; urgency=medium

  * New upstream release (1.17.5) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors
    - d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
      module to nginx-full and nginx-extras (and use proper DEP5 syntax for
      d/copyright).
  * New Ubuntu-specific changes:
    - d/conf/sites-available/default: Update default nginx site configuration
      file to remove the IPv6 listening line so that servers running without
      IPv6 enabled at all on the system will start nginx properly.
      (LP: #1743592)

 -- Thomas Ward <email address hidden>  Fri, 01 Nov 2019 11:55:10 -0400
Superseded in focal-release on 2019-11-02
Deleted in focal-proposed on 2019-11-04 (Reason: moved to Release)
nginx (1.16.1-0ubuntu3) focal; urgency=medium

  * No-change rebuild for the perl update.

 -- Matthias Klose <email address hidden>  Fri, 18 Oct 2019 19:37:10 +0000

Available diffs

Superseded in bionic-updates on 2020-01-13
Superseded in bionic-security on 2020-01-13
nginx (1.14.0-0ubuntu1.6) bionic-security; urgency=medium

  * No change rebuild in -security pocket now that OpenSSL 1.1.1 is
    available.

 -- Marc Deslauriers <email address hidden>  Tue, 20 Aug 2019 08:46:02 -0400
Superseded in bionic-updates on 2019-08-20
Deleted in bionic-proposed on 2019-08-29 (Reason: moved to -updates)
nginx (1.14.0-0ubuntu1.5) bionic; urgency=medium

  * No change rebuild for bionic outside of security pocket to pick up
    OpenSSL 1.1.1. (LP: #1840404)

 -- Marc Deslauriers <email address hidden>  Fri, 16 Aug 2019 07:05:57 -0400
Superseded in focal-release on 2019-10-24
Published in eoan-release on 2019-08-15
Deleted in eoan-proposed (Reason: moved to release)
nginx (1.16.1-0ubuntu2) eoan; urgency=medium

  * d/conf/sites-available/default: Update PHP referred to in the
    example in the default configuration to PHP 7.2.
    (LP: #1831748)

 -- Thomas Ward <email address hidden>  Thu, 15 Aug 2019 12:01:39 -0400

Available diffs

Superseded in bionic-updates on 2019-08-16
Superseded in bionic-security on 2019-08-20
nginx (1.14.0-0ubuntu1.4) bionic-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 Data Dribble issue
    - debian/patches/CVE-2019-9511.patch: limited number of DATA frames in
      src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h,
      src/http/v2/ngx_http_v2_filter_module.c.
    - CVE-2019-9511
  * SECURITY UPDATE: HTTP/2 Resource Loop / Priority Shuffling issue
    - debian/patches/CVE-2019-9513.patch: limited number of PRIORITY frames
      in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
    - CVE-2019-9513
  * SECURITY UPDATE: HTTP/2 0-Length Headers Leak issue
    - debian/patches/CVE-2019-9516.patch: reject zero length headers with
      PROTOCOL_ERROR in src/http/v2/ngx_http_v2.c.
    - CVE-2019-9516

 -- Marc Deslauriers <email address hidden>  Wed, 14 Aug 2019 14:44:40 -0400
Superseded in xenial-updates on 2020-01-13
Superseded in xenial-security on 2020-01-13
nginx (1.10.3-0ubuntu0.16.04.4) xenial-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 Data Dribble issue
    - debian/patches/CVE-2019-9511.patch: limited number of DATA frames in
      src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h,
      src/http/v2/ngx_http_v2_filter_module.c.
    - CVE-2019-9511
  * SECURITY UPDATE: HTTP/2 Resource Loop / Priority Shuffling issue
    - debian/patches/CVE-2019-9513.patch: limited number of PRIORITY frames
      in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
    - CVE-2019-9513
  * SECURITY UPDATE: HTTP/2 0-Length Headers Leak issue
    - debian/patches/CVE-2019-9516.patch: reject zero length headers with
      PROTOCOL_ERROR in src/http/v2/ngx_http_v2.c.
    - CVE-2019-9516

 -- Marc Deslauriers <email address hidden>  Wed, 14 Aug 2019 14:48:49 -0400
Superseded in disco-updates on 2020-01-13
Superseded in disco-security on 2020-01-13
nginx (1.15.9-0ubuntu1.1) disco-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 Data Dribble issue
    - debian/patches/CVE-2019-9511.patch: limited number of DATA frames in
      src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h,
      src/http/v2/ngx_http_v2_filter_module.c.
    - CVE-2019-9511
  * SECURITY UPDATE: HTTP/2 Resource Loop / Priority Shuffling issue
    - debian/patches/CVE-2019-9513.patch: limited number of PRIORITY frames
      in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
    - CVE-2019-9513
  * SECURITY UPDATE: HTTP/2 0-Length Headers Leak issue
    - debian/patches/CVE-2019-9516.patch: reject zero length headers with
      PROTOCOL_ERROR in src/http/v2/ngx_http_v2.c.
    - CVE-2019-9516

 -- Marc Deslauriers <email address hidden>  Wed, 14 Aug 2019 14:41:19 -0400
Superseded in eoan-release on 2019-08-15
Deleted in eoan-proposed on 2019-08-17 (Reason: moved to release)
nginx (1.16.1-0ubuntu1) eoan; urgency=medium

  * New upstream release (1.16.1) - full changelog available from
    http://nginx.org/en/CHANGES-1.16
  * This patch contains security patches only.
  * Security content in this version:
    - When using HTTP/2 a client might cause excessive memory consumption
      and CPU usage (CVE-2019-9511. CVE-2019-9513, CVE-2019-9516)

 -- Thomas Ward <email address hidden>  Tue, 13 Aug 2019 13:08:03 -0400
Superseded in bionic-updates on 2019-08-15
Deleted in bionic-proposed on 2019-08-16 (Reason: moved to -updates)
nginx (1.14.0-0ubuntu1.3) bionic; urgency=medium

  * No changes rebuild (to build against OpenSSL 1.1.1 in Bionic)
    (LP: #1836366)

 -- Thomas Ward <email address hidden>  Fri, 12 Jul 2019 14:18:43 -0400
Superseded in eoan-release on 2019-08-13
Deleted in eoan-proposed on 2019-08-15 (Reason: moved to release)
nginx (1.16.0-0ubuntu2) eoan; urgency=medium

  * d/patches/nginx-fix-pidfile.patch: Fix NGINX PIDfile handling to avoid
    SystemD race condition - thanks to Tj for the patch.  (LP: #1581864)

 -- Thomas Ward <email address hidden>  Tue, 04 Jun 2019 11:43:30 -0400
Superseded in eoan-release on 2019-06-29
Deleted in eoan-proposed on 2019-06-30 (Reason: moved to release)
nginx (1.16.0-0ubuntu1) eoan; urgency=medium

  * New upstream release (1.16.0) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors
    - d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
      module to nginx-full and nginx-extras

 -- Thomas Ward <email address hidden>  Mon, 29 Apr 2019 12:31:39 -0400
Superseded in eoan-release on 2019-04-29
Deleted in eoan-proposed on 2019-05-01 (Reason: moved to release)
nginx (1.15.12-0ubuntu1) eoan; urgency=medium

  * New upstream release (1.15.12) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors
  * Add GeoIP2 third party module to nginx-full and nginx-extras
    (LP: #1825895). The following is the files list for this:
    - d/{control,rules}: Add libnginx-mod-http-geoip2 and corresponding build
      rules.
    - d/modules/http-geoip2{,/*}: Add geoip2 module from third party git.
    - d/copyright: Add relevant copyright lines for GeoIP2 module.

 -- Thomas Ward <email address hidden>  Mon, 22 Apr 2019 17:59:46 -0400
Superseded in eoan-release on 2019-04-28
Published in disco-release on 2019-03-08
Deleted in disco-proposed (Reason: moved to release)
nginx (1.15.9-0ubuntu1) disco; urgency=medium

  * New upstream release (1.15.9) - full changelog available from
    http://nginx.org/en/CHANGES (LP: #1817750)
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors

 -- Thomas Ward <email address hidden>  Tue, 26 Feb 2019 11:15:07 -0500
Superseded in disco-release on 2019-03-08
Deleted in disco-proposed on 2019-03-09 (Reason: moved to release)
nginx (1.15.8-0ubuntu1) disco; urgency=medium

  * New upstream release (1.15.8) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors

 -- Thomas Ward <email address hidden>  Fri, 01 Feb 2019 20:21:45 -0500
Superseded in disco-release on 2019-02-02
Deleted in disco-proposed on 2019-02-03 (Reason: moved to release)
nginx (1.15.7-0ubuntu1) disco; urgency=medium

  * New upstream release (1.15.7) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors (LP: #1797897)

 -- Thomas Ward <email address hidden>  Tue, 27 Nov 2018 10:28:55 -0500
Superseded in disco-release on 2018-12-13
Deleted in disco-proposed on 2018-12-14 (Reason: moved to release)
nginx (1.15.6-0ubuntu2) disco; urgency=medium

  * Apply a Debian packaging change to Ubuntu package for config parity:
    * d/conf/snippets/fastcgi-php.conf: Adjust fastcgi_split_path_info
      snippet to handle the /example.php/ case. (Debian bug 911398)

 -- Thomas Ward <email address hidden>  Fri, 23 Nov 2018 10:56:21 -0500

Available diffs

Superseded in disco-release on 2018-11-24
Deleted in disco-proposed on 2018-11-25 (Reason: moved to release)
nginx (1.15.6-0ubuntu1) disco; urgency=medium

  * New upstream release (1.15.6) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.
    - d/rules: Enable --with-compat build option for all nginx package
      flavors (LP: #1797897)

 -- Thomas Ward <email address hidden>  Tue, 13 Nov 2018 10:10:45 -0500
Superseded in disco-proposed on 2018-11-13
nginx (1.15.5-0ubuntu4) disco; urgency=medium

  * No-change rebuild against libhiredis0.14

 -- Steve Langasek <email address hidden>  Mon, 12 Nov 2018 08:47:44 +0000

Available diffs

Superseded in xenial-updates on 2019-08-15
Superseded in xenial-security on 2019-08-15
nginx (1.10.3-0ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: excessive memory consumption in HTTP/2 implementation
    - debian/patches/CVE-2018-16843.patch: add flood detection in
      src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
    - CVE-2018-16843
  * SECURITY UPDATE: excessive CPU usage in HTTP/2 implementation
    - debian/patches/CVE-2018-16844-pre.patch: backport new
      http2_max_requests directive.
    - debian/patches/CVE-2018-16844.patch: limit the number of idle state
      switches in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
    - CVE-2018-16844
  * SECURITY UPDATE: infinite loop in ngx_http_mp4_module
    - debian/patches/CVE-2018-16845.patch: fixed reading 64-bit atoms in
      src/http/modules/ngx_http_mp4_module.c.
    - CVE-2018-16845

 -- Marc Deslauriers <email address hidden>  Tue, 06 Nov 2018 13:55:13 -0500
Published in cosmic-updates on 2018-11-07
Published in cosmic-security on 2018-11-07
nginx (1.15.5-0ubuntu2.1) cosmic-security; urgency=medium

  * SECURITY UPDATE: excessive memory consumption in HTTP/2 implementation
    - debian/patches/CVE-2018-16843.patch: add flood detection in
      src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
    - CVE-2018-16843
  * SECURITY UPDATE: excessive CPU usage in HTTP/2 implementation
    - debian/patches/CVE-2018-16844.patch: limit the number of idle state
      switches in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
    - CVE-2018-16844
  * SECURITY UPDATE: infinite loop in ngx_http_mp4_module
    - debian/patches/CVE-2018-16845.patch: fixed reading 64-bit atoms in
      src/http/modules/ngx_http_mp4_module.c.
    - CVE-2018-16845

 -- Marc Deslauriers <email address hidden>  Tue, 06 Nov 2018 13:50:41 -0500
Published in trusty-updates on 2018-11-07
Published in trusty-security on 2018-11-07
nginx (1.4.6-1ubuntu3.9) trusty-security; urgency=medium

  * SECURITY UPDATE: infinite loop in ngx_http_mp4_module
    - debian/patches/CVE-2018-16845.patch: fixed reading 64-bit atoms in
      src/http/modules/ngx_http_mp4_module.c.
    - CVE-2018-16845

 -- Marc Deslauriers <email address hidden>  Tue, 06 Nov 2018 13:56:34 -0500
Superseded in bionic-updates on 2019-07-22
Superseded in bionic-security on 2019-08-15
nginx (1.14.0-0ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: excessive memory consumption in HTTP/2 implementation
    - debian/patches/CVE-2018-16843.patch: add flood detection in
      src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
    - CVE-2018-16843
  * SECURITY UPDATE: excessive CPU usage in HTTP/2 implementation
    - debian/patches/CVE-2018-16844.patch: limit the number of idle state
      switches in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
    - CVE-2018-16844
  * SECURITY UPDATE: infinite loop in ngx_http_mp4_module
    - debian/patches/CVE-2018-16845.patch: fixed reading 64-bit atoms in
      src/http/modules/ngx_http_mp4_module.c.
    - CVE-2018-16845

 -- Marc Deslauriers <email address hidden>  Tue, 06 Nov 2018 13:54:15 -0500
Superseded in disco-release on 2018-11-15
Deleted in disco-proposed on 2018-11-16 (Reason: moved to release)
nginx (1.15.5-0ubuntu3) disco; urgency=medium

  * No-change rebuild for the perl 5.28 transition.

 -- Adam Conrad <email address hidden>  Fri, 02 Nov 2018 19:02:18 -0600

Available diffs

Deleted in cosmic-proposed on 2018-11-14 (Reason: moved to -updates)
nginx (1.15.5-0ubuntu2) cosmic; urgency=medium

  * d/conf/nginx.conf: Enable TLSv1.3 by default by adding TLSv1.3 to
    the ssl_protocols line.  (SRU, LP: #1800214)

 -- Thomas Ward <email address hidden>  Fri, 26 Oct 2018 15:25:59 -0400

Available diffs

Superseded in disco-release on 2018-11-08
Published in cosmic-release on 2018-10-04
Deleted in cosmic-proposed (Reason: moved to release)
nginx (1.15.5-0ubuntu1) cosmic; urgency=medium

  * This is a bugfixes-only upstream micro release, and thus is a bugfixes-
    only version change. (LP: #1795690)
  * New upstream release (1.15.5) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.

 -- Thomas Ward <email address hidden>  Tue, 02 Oct 2018 11:31:05 -0400
Superseded in cosmic-proposed on 2018-10-02
nginx (1.15.4-0ubuntu1) cosmic; urgency=medium

  * New upstream release (1.15.4) - full changelog available from
    http://nginx.org/en/CHANGES (LP: #1794321)
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.

 -- Thomas Ward <email address hidden>  Tue, 25 Sep 2018 11:59:46 -0400
Superseded in cosmic-release on 2018-10-04
Deleted in cosmic-proposed on 2018-10-05 (Reason: moved to release)
nginx (1.15.3-0ubuntu1) cosmic; urgency=medium

  * New upstream release (1.15.3) - full changelog available from
    http://nginx.org/en/CHANGES  (LP: #1790149)
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.

 -- Thomas Ward <email address hidden>  Fri, 31 Aug 2018 09:52:34 -0400
Superseded in bionic-updates on 2018-11-07
Deleted in bionic-proposed on 2018-11-08 (Reason: moved to -updates)
nginx (1.14.0-0ubuntu1.1) bionic; urgency=medium

  * Stable Release Update. Do not attempt to start nginx if other daemon
    is binding to port 80, to prevent install failure (LP: #1782226):
    - d/nginx{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade.
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.

 -- Andres Rodriguez <email address hidden>  Mon, 20 Aug 2018 18:41:42 -0400
Superseded in cosmic-release on 2018-09-07
Deleted in cosmic-proposed on 2018-09-09 (Reason: moved to release)
nginx (1.15.2-0ubuntu2) cosmic; urgency=medium

  * d/control: Add `iproute2` dependencies for the binary
    nginx-{core,light,full,extras} packages, they got missed in the
    application of the diff in 1.15.2-0ubuntu1. (LP: #1782226)

 -- Thomas Ward <email address hidden>  Tue, 21 Aug 2018 12:07:59 -0400
Superseded in cosmic-proposed on 2018-08-21
nginx (1.15.2-0ubuntu1) cosmic; urgency=medium

  * Switch to track NGINX Mainline for 18.10 (and 19.04) releases after
    discussion with Server team members. Mainline version is 1.15.2
  * Upstream changelogs for 1.15.2 are available at
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
  * Additional Ubuntu only changes (LP: #1782226):
    - d/nginx{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade.
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.

 -- Thomas Ward <email address hidden>  Sun, 19 Aug 2018 12:16:48 -0400
Superseded in cosmic-release on 2018-08-26
Deleted in cosmic-proposed on 2018-08-27 (Reason: moved to release)
nginx (1.14.0-0ubuntu2) cosmic; urgency=medium

  * debian/nginx-core.postinst: Make nginx-*.postinst use invoke-rc.d.
    (LP: #1578344)

 -- Thomas Ward <email address hidden>  Tue, 15 May 2018 11:14:02 -0400

Available diffs

Superseded in cosmic-release on 2018-07-06
Published in bionic-release on 2018-04-19
Deleted in bionic-proposed (Reason: moved to release)
nginx (1.14.0-0ubuntu1) bionic; urgency=medium

  * New upstream stable release (1.14.0)
  * Upstream changelogs can be found at http://nginx.org/en/CHANGES-1.14
  * There are no functional changes or new features in this release,
    and the only change is a version number change.
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.

 -- Thomas Ward <email address hidden>  Tue, 17 Apr 2018 12:17:58 -0400
Superseded in bionic-release on 2018-04-19
Deleted in bionic-proposed on 2018-04-21 (Reason: moved to release)
nginx (1.13.12-0ubuntu1) bionic; urgency=medium

  * New upstream releases (1.13.11, 1.13.12)
  * Upstream changelogs can be found at https://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.

 -- Thomas Ward <email address hidden>  Mon, 16 Apr 2018 11:43:01 -0400
Superseded in bionic-release on 2018-04-17
Deleted in bionic-proposed on 2018-04-19 (Reason: moved to release)
nginx (1.13.10-1ubuntu1) bionic; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
  * Drop:
    - debian/patches/0002-Make-sure-signature-stays-the-same-in-
      all-nginx-buil.patch:  Refreshed patch - Merge-o-Matic introduced some
      fuzz which caused issues.
      [ Does not seem necessary ]
    - d/control: drop mention of SSL Preread from nginx-full, nginx-extras
      [ Previously undocumented ]
    - d/gbp.conf: update for 1.12 release
      [ Previously undocumented ]
    - d/p/0003-define_gnu_source-on-other-glibc-based-platforms.patch:
      Refresh patch.
      [ Previously undocumented ]

Available diffs

Superseded in bionic-release on 2018-04-09
Deleted in bionic-proposed on 2018-04-10 (Reason: moved to release)
nginx (1.13.6-2ubuntu2) bionic; urgency=high

  * No change rebuild against openssl1.1.

 -- Dimitri John Ledkov <email address hidden>  Mon, 05 Feb 2018 16:51:17 +0000

Available diffs

Superseded in bionic-release on 2018-02-09
Deleted in bionic-proposed on 2018-02-11 (Reason: moved to release)
nginx (1.13.6-2ubuntu1) bionic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - debian/rules: Alter build flags for cflags and ldflags to fix known
      fPIE / fPIC compilation issues (see nginx PPA bug for more details
      and information, LP: #1657596)
    - debian/patches/0002-Make-sure-signature-stays-the-same-in-
      all-nginx-buil.patch:  Refreshed patch - Merge-o-Matic introduced some
      fuzz which caused issues.

 -- Thomas Ward <email address hidden>  Tue, 12 Dec 2017 12:15:30 -0500
Superseded in bionic-release on 2017-12-14
Published in artful-release on 2017-08-10
Deleted in artful-proposed (Reason: moved to release)
nginx (1.12.1-0ubuntu2) artful; urgency=medium

  * No-change rebuild for perl 5.26.0.

 -- Matthias Klose <email address hidden>  Wed, 26 Jul 2017 20:11:43 +0000

Available diffs

Superseded in artful-release on 2017-08-10
Deleted in artful-proposed on 2017-08-11 (Reason: moved to release)
nginx (1.12.1-0ubuntu1) artful; urgency=medium

  * New upstream release (1.12.1) - full changelog available at upstream
    website - http://nginx.org/en/CHANGES-1.12
  * This release is a security patch micro-release from Upstream.
  * This package contains security content to fix the following CVEs:
    * CVE-2017-7529: A security issue was identified in nginx range filter.
      A specially crafted request might result in an integer overflow and
      incorrect processing of ranges, potentially resulting in sensitive
      information leak. (Closes LP: #1704151)
  * Additional changes:
    * d/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch.

 -- Thomas Ward <email address hidden>  Sat, 15 Jul 2017 12:40:15 -0400
Superseded in artful-release on 2017-07-15
Deleted in artful-proposed on 2017-07-17 (Reason: moved to release)
nginx (1.12.0-1ubuntu1) artful; urgency=medium

  * Merge from Debian Experimental (1.12.0-1, via snapshots.debian.org)
  * All Ubuntu-specific changes from Ubuntu 1.12.0-0ubuntu1 were retained.
  * Remaining changes:
    * d/tests/control: Specify nginx-core flavor tests.
  * This merge closes the merge request on Launchpad. (LP: #1704020)

 -- Thomas Ward <email address hidden>  Wed, 12 Jul 2017 19:53:24 -0400
Superseded in xenial-updates on 2018-11-07
Superseded in xenial-security on 2018-11-07
nginx (1.10.3-0ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: integer overflow in range filter leading to
    information exposure
    - debian/patches/CVE-2017-7529.patch: add check to ensure size does
      not overflow
    - CVE-2017-7529

 -- Steve Beattie <email address hidden>  Wed, 12 Jul 2017 03:20:18 -0700
Superseded in trusty-updates on 2018-11-07
Superseded in trusty-security on 2018-11-07
nginx (1.4.6-1ubuntu3.8) trusty-security; urgency=medium

  * SECURITY UPDATE: integer overflow in range filter leading to
    information exposure
    - debian/patches/CVE-2017-7529.patch: add check to ensure size does
      not overflow
    - CVE-2017-7529

 -- Steve Beattie <email address hidden>  Wed, 12 Jul 2017 02:59:32 -0700
Obsolete in yakkety-updates on 2018-01-23
Obsolete in yakkety-security on 2018-01-23
nginx (1.10.1-0ubuntu1.3) yakkety-security; urgency=medium

  * SECURITY UPDATE: integer overflow in range filter leading to
    information exposure
    - debian/patches/CVE-2017-7529.patch: add check to ensure size does
      not overflow
    - CVE-2017-7529

 -- Steve Beattie <email address hidden>  Wed, 12 Jul 2017 02:56:24 -0700
Obsolete in zesty-updates on 2018-06-22
Obsolete in zesty-security on 2018-06-22
nginx (1.10.3-1ubuntu3.1) zesty-security; urgency=medium

  * SECURITY UPDATE: integer overflow in range filter leading to
    information exposure
    - debian/patches/CVE-2017-7529.patch: add check to ensure size does
      not overflow
    - CVE-2017-7529

 -- Steve Beattie <email address hidden>  Wed, 12 Jul 2017 00:27:59 -0700
Superseded in artful-release on 2017-07-15
Deleted in artful-proposed on 2017-07-16 (Reason: moved to release)
nginx (1.12.0-0ubuntu1) artful; urgency=medium

  * New upstream release: 1.12.0 Stable branch.
  * All remaining Ubuntu-specific and Debian-specific changes remain
    in place with this upload, the upstream version and code are the
    only bits that have been updated, except where indicated below.
  * Remaining changes:
    - d/modules/nginx-upload-progress/config: Apply upstream patch to
      fix an issue where the module does not properly function due to
      the wrong module type being set; this prevented the module from
      working when built. (LP: #1673056)
    - d/patches: The following patches were dropped from the package
      because the changes from the patches are already incorporated
      in 1.12.0:
      - 0004-SSL-error-messages-style.patch
      - 0005-SSL-style.patch
      - 0006-SSL-support-for-multiple-curves-ticket-885.patch
    - d/patches/perl-use-dpkg-buildflags.patch: Refreshed patch to
      remove fuzz from the patch.
    - d/modules/nginx-echo: Apply upstream diff/patch to fix an FTBFS
    - d/modules/nginx-lua: Apply upstream diff/patch to fix an FTBFS
    - d/modules/nginx-upstream-fair: Apply diff/patch from the Debian
      package maintainers' git repository to not use default_port to
      fix an FTBFS.  (This will eventually be in Debian, and will get
      merged in then as well).

 -- Thomas Ward <email address hidden>  Wed, 26 Apr 2017 12:02:33 -0400

Available diffs

Superseded in artful-release on 2017-04-28
Obsolete in zesty-release on 2018-06-22
Deleted in zesty-proposed on 2018-06-22 (Reason: moved to release)
nginx (1.10.3-1ubuntu3) zesty; urgency=medium

  * debian/tests/control: Remove the 'ec-x25519' test stanzas from the
    declarations of tests to run. This test requires OpenSSL >= 1.1.0
    to support the X25519 ECDH curve, and we do not have OpenSSL 1.1.0.
    This delta can be ***dropped*** when we do have OpenSSL >= 1.1.0.
    - This fixes the autopkgtests, of which the Debian merge introduced
      a regression due to the ec-x25519 test.

 -- Thomas Ward <email address hidden>  Mon, 27 Feb 2017 19:51:57 -0500
Superseded in zesty-proposed on 2017-02-28
nginx (1.10.3-1ubuntu2) zesty; urgency=low

  * debian/*.save: Junk .save left in the packaging, remove these.

 -- Thomas Ward <email address hidden>  Thu, 16 Feb 2017 15:39:51 -0500

Available diffs

Superseded in zesty-proposed on 2017-02-16
nginx (1.10.3-1ubuntu1) zesty; urgency=medium

  * Merge from Debian unstable (note: 1.10.3 already was merged, but 1.10.3
    packaging changes in Debian were not). Remaining changes are as
    follows: (LP: #1664652)
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - debian/rules: Alter build flags for cflags and ldflags to fix known
      fPIE / fPIC compilation issues (see nginx PPA bug for more details
      and information, LP: #1657596)

 -- Thomas Ward <email address hidden>  Thu, 16 Feb 2017 15:29:40 -0500

Available diffs

Superseded in zesty-proposed on 2017-02-16
nginx (1.10.3-0ubuntu2) zesty; urgency=low

  * Merge from Debian unstable (nginx version there is 1.10.2-4). Remaining
    changes: (LP: #1664652)
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - debian/rules: Alter build flags for cflags and ldflags to fix known
      fPIE / fPIC compilation issues (see nginx PPA bug for more details
      and information, LP: #1657596)

 -- Thomas Ward <email address hidden>  Tue, 14 Feb 2017 17:47:00 -0500

Available diffs

Obsolete in yakkety-proposed on 2018-01-23
nginx (1.10.3-0ubuntu0.16.10.1) yakkety; urgency=medium

  * Stable Release Update (LP: #1663937)
  * New upstream release (1.10.3) - full changelog available at upstream
    website - http://nginx.org/en/CHANGES-1.10
  * All Ubuntu specific changes from 1.10.1-0ubuntu1 through 1.10.1-0ubuntu1.2
    remain included.
  * Additional changes:
    * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch.

 -- Thomas Ward <email address hidden>  Sat, 11 Feb 2017 16:18:21 -0500
Superseded in xenial-updates on 2017-07-13
Deleted in xenial-proposed on 2017-07-15 (Reason: moved to -updates)
nginx (1.10.3-0ubuntu0.16.04.1) xenial; urgency=medium

  * Stable Release Update (LP: #1663937)
  * New upstream release (1.10.3) - full changelog available at upstream
    website - http://nginx.org/en/CHANGES-1.10
  * All Ubuntu specific changes from 1.10.0-0ubuntu1 through
    1.10.0-0ubuntu0.16.04.4 remain included.
  * Additional changes:
    * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch.
    * debian/patches/cve-2016-4450.patch: Drop CVE patch as it is already
      included in the upstream source code in this upload.

 -- Thomas Ward <email address hidden>  Sat, 11 Feb 2017 16:18:21 -0500
Deleted in zesty-proposed on 2017-02-19 (Reason: NBS)
nginx (1.10.3-0ubuntu1) zesty; urgency=medium

  * New upstream release (1.10.3) - full changelog available at upstream
    website - http://nginx.org/en/CHANGES-1.10 - upstream release date
    was 31 Jan 2016
  * All other changes from previous versions remain included.
  * debian/patches/ubuntu-branding.patch:
    - Refreshed Ubuntu Branding patch.

 -- Thomas Ward <email address hidden>  Sat, 11 Feb 2017 15:56:57 -0500

Available diffs

Deleted in zesty-proposed on 2016-12-30 (Reason: Bad upload)
nginx (1.11.8-1+zesty1) zesty; urgency=medium

  * Try and fix PIE/PIC build errors.

 -- Thomas Ward <email address hidden>  Thu, 29 Dec 2016 13:38:38 -0500

Available diffs

Superseded in zesty-release on 2017-02-28
Deleted in zesty-proposed on 2017-03-01 (Reason: moved to release)
nginx (1.10.2-0ubuntu1) zesty; urgency=medium

  * New upstream release (1.10.2) - full changelog available at upstream
    website - http://nginx.org/en/CHANGES-1.10 - upstream release date
    was 18 Oct 2016
  * All other changes from 1.10.1-0ubuntu1 through 1.10.1-0ubuntu5 remain
    included
  * debian/patches/ubuntu-branding.patch:
    - Refreshed Ubuntu Branding patch.

 -- Thomas Ward <email address hidden>  Thu, 15 Dec 2016 11:23:43 -0500
Superseded in trusty-updates on 2017-07-13
Superseded in trusty-security on 2017-07-13
nginx (1.4.6-1ubuntu3.7) trusty-security; urgency=medium

  * SECURITY REGRESSION: config upgrade failure (LP: #1637058)
    - debian/nginx-common.config: fix return code so script doesn't exit.

 -- Marc Deslauriers <email address hidden>  Thu, 27 Oct 2016 10:42:53 -0400
Superseded in xenial-updates on 2017-06-29
Superseded in xenial-security on 2017-07-13
nginx (1.10.0-0ubuntu0.16.04.4) xenial-security; urgency=medium

  * SECURITY REGRESSION: config upgrade failure (LP: #1637058)
    - debian/nginx-common.config: fix return code so script doesn't exit.

 -- Marc Deslauriers <email address hidden>  Thu, 27 Oct 2016 10:42:14 -0400
Superseded in zesty-release on 2016-12-16
Deleted in zesty-proposed on 2016-12-17 (Reason: moved to release)
nginx (1.10.1-0ubuntu5) zesty; urgency=medium

  * debian/nginx-common.config:
    - Fix the return code so the script does not exit during version
      string comparisons.
    - Also update the version string to compare with (for zesty only)

 -- Thomas Ward <email address hidden>  Thu, 27 Oct 2016 10:48:45 -0400
Superseded in yakkety-updates on 2017-07-13
Superseded in yakkety-security on 2017-07-13
nginx (1.10.1-0ubuntu1.2) yakkety-security; urgency=medium

  * SECURITY REGRESSION: postinst upgrade failure (LP: #1637058)
    - debian/nginx-common.postinst: fix return code so script doesn't exit.

 -- Marc Deslauriers <email address hidden>  Thu, 27 Oct 2016 10:14:26 -0400
Superseded in zesty-proposed on 2016-10-27
nginx (1.10.1-0ubuntu4) zesty; urgency=medium

  * debian/nginx-common.config:
    - Fix an issue with the incorrect version numbers being compared
      during configuration; this was something I missed when reviewing
      the package for uploading previously. (LP: #1637058)

 -- Thomas Ward <email address hidden>  Thu, 27 Oct 2016 08:45:40 -0400

Available diffs

Superseded in zesty-proposed on 2016-10-27
nginx (1.10.1-0ubuntu3) zesty; urgency=medium

  [ Christos Trochalakis ]
  * debian/nginx-common.postinst:
    + Secure log file handling (owner & permissions) against privilege
      escalation attacks. /var/log/nginx is now owned by root:adm.
      Thanks Dawid Golunski (http://legalhackers.com) for the report.
      Changing /var/log/nginx permissions effectively reopens #701112,
      since log files can be world-readable. This is a trade-off until
      a better log opening solution is implemented upstream (trac:376).
  * debian/control:
    Don't allow building against liblua5.1-0-dev on architectures
    that libluajit is available.

 -- Thomas Ward <email address hidden>  Tue, 25 Oct 2016 17:03:54 -0400
Superseded in zesty-proposed on 2016-10-26
nginx (1.10.1-0ubuntu2) zesty; urgency=medium

  * No-change rebuild for perl 5.24 transition

 -- Iain Lane <email address hidden>  Mon, 24 Oct 2016 10:36:19 +0100

Available diffs

175 of 215 results