Change log for nginx package in Ubuntu
| 1 → 75 of 259 results | First • Previous • Next • Last |
nginx (1.24.0-2ubuntu2) noble; urgency=medium * No change rebuild -- Bryce Harrington <email address hidden> Mon, 20 Nov 2023 00:47:34 +0000
Available diffs
- diff from 1.24.0-2ubuntu1 to 1.24.0-2ubuntu2 (314 bytes)
nginx (1.24.0-2ubuntu1) noble; urgency=low
* Merge from Debian unstable. Remaining changes:
- Branding for Ubuntu
+ d/p/ubuntu-branding.patch: add Ubuntu branding
+ d/t/branding: Add autopkgtest to validate branding presence
- d/control: Drop the Lua module (libnginx-mod-http-lua) as a
dependency for NGINX (Server Team Decision) - future support
for Lua module now requires resty-core from OpenResty, meaning that if
we want to continue to support the Lua module, we have to start becoming
OpenResty - users should just use OpenResty at this point for Lua.
- d/control: let nginx-core depend on geoip2 instead of geoip.
- d/t/control: Drop autopkgtest dependencies on libnginx-mod-http-lua too
Available diffs
| Superseded in noble-release |
| Published in mantic-release |
| Deleted in mantic-proposed (Reason: Moved to mantic) |
nginx (1.24.0-1ubuntu1) mantic; urgency=low
* Merge with Debian unstable. Remaining changes:
- Branding for Ubuntu
+ d/p/ubuntu-branding.patch: add Ubuntu branding
+ d/t/branding: Add autopkgtest to validate branding presence
- d/control: Drop the Lua module (libnginx-mod-http-lua) as a
dependency for NGINX (Server Team Decision) - future support
for Lua module now requires resty-core from OpenResty, meaning that if
we want to continue to support the Lua module, we have to start becoming
OpenResty - users should just use OpenResty at this point for Lua.
- d/control: let nginx-core depend on geoip2 instead of geoip.
- d/t/control: Drop autopkgtest dependencies on libnginx-mod-http-lua too
-- Gianfranco Costamagna <email address hidden> Wed, 28 Jun 2023 08:48:23 +0200
Available diffs
- diff from 1.22.1-9ubuntu5 to 1.24.0-1ubuntu1 (91.9 KiB)
nginx (1.18.0-6ubuntu14.4) jammy; urgency=medium
* d/p/lp1957320-jammy-fixed-sigquit-issue-with-unix-sockets.patch:
Fix SIGQUIT by replacing the custom socket closing code in the
ngx_process_cycle.c file by calling another function.
(LP: #1957320)
-- Michal Maloszewski <email address hidden> Tue, 30 May 2023 19:31:46 +0200
Available diffs
nginx (1.22.1-9ubuntu5) mantic; urgency=medium * Merge with Debian unstable (LP: #1993421). Remaining changes: - Branding for Ubuntu + d/p/ubuntu-branding.patch: add Ubuntu branding + d/t/branding: Add autopkgtest to validate branding presence - d/control: Drop the Lua module (libnginx-mod-http-lua) as a dependency for NGINX (Server Team Decision) - future support for Lua module now requires resty-core from OpenResty, meaning that if we want to continue to support the Lua module, we have to start becoming OpenResty - users should just use OpenResty at this point for Lua. - d/control: let nginx-core depend on geoip2 instead of geoip. - d/t/control: Drop autopkgtest dependencies on libnginx-mod-http-lua too -- Gianfranco Costamagna <email address hidden> Sat, 20 May 2023 11:45:20 +0200
Available diffs
- diff from 1.22.0-1ubuntu3 to 1.22.1-9ubuntu5 (881.5 KiB)
- diff from 1.22.1-9ubuntu4 to 1.22.1-9ubuntu5 (589 bytes)
| Superseded in mantic-proposed |
nginx (1.22.1-9ubuntu4) mantic; urgency=medium * Merge with Debian unstable (LP: #1993421). Remaining changes: - Branding for Ubuntu + d/p/ubuntu-branding.patch: add Ubuntu branding + d/t/branding: Add autopkgtest to validate branding presence - d/control: Drop the Lua module (libnginx-mod-http-lua) as a dependency for NGINX (Server Team Decision) - future support for Lua module now requires resty-core from OpenResty, meaning that if we want to continue to support the Lua module, we have to start becoming OpenResty - users should just use OpenResty at this point for Lua. - d/control: let nginx-core depend on geoip2 instead of geoip. - d/t/control: Drop autopkgtest dependencies on libnginx-mod-http-lua too -- Gianfranco Costamagna <email address hidden> Sat, 20 May 2023 11:45:20 +0200
Available diffs
- diff from 1.22.1-9ubuntu3 to 1.22.1-9ubuntu4 (454 bytes)
| Superseded in mantic-proposed |
nginx (1.22.1-9ubuntu3) mantic; urgency=medium * Merge with Debian unstable (LP: #1993421). Remaining changes: - Branding for Ubuntu + d/p/ubuntu-branding.patch: add Ubuntu branding + d/t/branding: Add autopkgtest to validate branding presence - d/control: Drop the Lua module (libnginx-mod-http-lua) as a dependency for NGINX (Server Team Decision) - future support for Lua module now requires resty-core from OpenResty, meaning that if we want to continue to support the Lua module, we have to start becoming OpenResty - users should just use OpenResty at this point for Lua. - d/control: let nginx-core depend on geoip2 instead of geoip. - d/t/control: Drop autopkgtest dependencies on libnginx-mod-http-lua too -- Gianfranco Costamagna <email address hidden> Sat, 20 May 2023 11:45:20 +0200
Available diffs
- diff from 1.22.1-9ubuntu2 to 1.22.1-9ubuntu3 (734 bytes)
| Superseded in mantic-proposed |
nginx (1.22.1-9ubuntu2) mantic; urgency=medium * Merge with Debian unstable (LP: #1993421). Remaining changes: - Branding for Ubuntu + d/p/ubuntu-branding.patch: add Ubuntu branding + d/t/branding: Add autopkgtest to validate branding presence - d/control: Drop the Lua module (libnginx-mod-http-lua) as a dependency for NGINX (Server Team Decision) - future support for Lua module now requires resty-core from OpenResty, meaning that if we want to continue to support the Lua module, we have to start becoming OpenResty - users should just use OpenResty at this point for Lua. - d/t/control: Drop autopkgtest dependencies on libnginx-mod-http-lua too -- Gianfranco Costamagna <email address hidden> Sat, 20 May 2023 11:45:20 +0200
Available diffs
- diff from 1.22.1-9ubuntu1 to 1.22.1-9ubuntu2 (459 bytes)
| Superseded in mantic-proposed |
nginx (1.22.1-9ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #1993421). Remaining changes: - Branding for Ubuntu + d/p/ubuntu-branding.patch: add Ubuntu branding + d/t/branding: Add autopkgtest to validate branding presence - d/control: Drop the Lua module (libnginx-mod-http-lua) as a dependency for NGINX (Server Team Decision) - future support for Lua module now requires resty-core from OpenResty, meaning that if we want to continue to support the Lua module, we have to start becoming OpenResty - users should just use OpenResty at this point for Lua. - d/t/control: Drop autopkgtest dependencies on libnginx-mod-http-lua too
Available diffs
| Superseded in mantic-proposed |
nginx (1.22.1-7ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #1993421). Remaining changes: - Branding for Ubuntu + d/p/ubuntu-branding.patch: add Ubuntu branding + d/t/branding: Add autopkgtest to validate branding presence - d/control: Drop the Lua module (libnginx-mod-http-lua) as a dependency for NGINX (Server Team Decision) - future support for Lua module now requires resty-core from OpenResty, meaning that if we want to continue to support the Lua module, we have to start becoming OpenResty - users should just use OpenResty at this point for Lua. * Dropped: - d/apport/source_nginx.py: Add apport hooks for additional bug information gathering. [Accepted by Debian 1.22.0-2. Deb #963668] - d/nginx-common.install: Add install rule for apport hooks. [Accepted by Debian in 1.22.0-2. Deb #963668] - d/p/nginx-fix-pidfile.patch: Fix NGINX PIDfile handling to avoid SystemD race condition - thanks to Tj for the patch. (LP #1581864) [Accepted by Debian 1.22.0-2. Deb #876365] - d/control: make nginx and nginx-full arch any, so that nginx-full is no longer pulled into main because of i386 (LP #1893267) [No longer required due to Debian packaging split] - Remove the Lua modules from NGINX (Server Team Decision) - future support for Lua module now requires resty-core from OpenResty, meaning that if we want to continue to support the Lua module, we have to start becoming OpenResty - users should just use OpenResty at this point for Lua. Changes made for this removal: + d/control: + Remove lua module from dependencies, and binary build item. + Add "Breaks" line for nginx-lua for older versions of NGINX. This is added to the nginx metapackage and nginx-extras. + d/rules: Remove Lua module from the build flags for -extras. + d/http-lua, d/modules/{,patches/,watch/}nginx-lua: Remove Lua modules, watch file, module patches. + d/modules/control: Remove Lua module from definitions + d/copyright: Remove lua module. + d/tests/{control,lua/}: Remove Lua test entirely, remove dependencies on any test which request libnginx-mod-http-lua as it's gone. [No longer required due to Debian packaging split] - d/control: drop GeoIP from nginx-core due to demotion of libgeoip (LP #1861101, LP #1867150): + remove libnginx-mod-http-geoip from nginx-core dependency + have nginx-core depend on libnginx-mod-stream-geoip2 instead of libnginx-mod-stream-geoip + adjust package descriptions accordingly [No longer required due to Debian packaging split] - d/control: (GeoIP2 related changes) + Update dependencies for http-geoip2 package to include libmaxminddb0. + Update nginx-core to include http-geoip2 module due to approved bin-MIR (LP #1867198) + Move geoip2 module build flags to the common flags so all package flavors have it. + Update dependencies for nginx-light, etc. to include libnginx-mod-http-geoip2 as it's in the 'common build flags' for all flavors of the builds. + Update package description for nginx-core to indicate geoip2 is included, and to list third party HTTP modules. GeoIP2 is not included for Stream by default, so we have to adjust this because the Stream part isn't MIR'd. [No longer required due to Debian packaging split] - d/m/p/http-subs-filter/pcre2.patch: Patch from debian 0d813834 to fix FTBFS [Debian switched to libpcre2 in 1.22.1-7] - d/p/CVE-2022-41741_41742.patch: disabled duplicate atoms in Mp4 (CVE-2022-41741, CVE-2022-41742) [Included in upstream 1.22.1 release] -- Bryce Harrington <email address hidden> Thu, 23 Feb 2023 01:22:32 -0800
Available diffs
- diff from 1.22.0-1ubuntu3 to 1.22.1-7ubuntu1 (887.7 KiB)
| Superseded in mantic-release |
| Published in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
nginx (1.22.0-1ubuntu3) lunar; urgency=medium
* SECURITY UPDATE: memory corruption/disclosure issue
- debian/patches/CVE-2022-41741_41742.patch: disabled duplicate atoms in
Mp4
- CVE-2022-41741
- CVE-2022-41742
-- Nishit Majithia <email address hidden> Tue, 21 Feb 2023 18:35:20 +0530
Available diffs
nginx (1.22.0-1ubuntu1.1) kinetic-security; urgency=medium
* SECURITY UPDATE: memory corruption/disclosure issue
- debian/patches/CVE-2022-41741_41742.patch: disabled duplicate atoms in
Mp4
- CVE-2022-41741
- CVE-2022-41742
-- Nishit Majithia <email address hidden> Thu, 10 Nov 2022 12:10:13 +0530
Available diffs
nginx (1.18.0-6ubuntu14.3) jammy-security; urgency=medium
* SECURITY UPDATE: memory corruption/disclosure issue
- debian/patches/CVE-2022-41741_41742.patch: disabled duplicate atoms in
Mp4
- CVE-2022-41741
- CVE-2022-41742
-- Nishit Majithia <email address hidden> Thu, 10 Nov 2022 12:09:42 +0530
Available diffs
nginx (1.18.0-0ubuntu1.4) focal-security; urgency=medium
* SECURITY UPDATE: memory corruption/disclosure issue
- debian/patches/CVE-2022-41741_41742.patch: disabled duplicate atoms in
Mp4
- CVE-2022-41741
- CVE-2022-41742
-- Nishit Majithia <email address hidden> Thu, 10 Nov 2022 12:08:48 +0530
Available diffs
nginx (1.14.0-0ubuntu1.11) bionic-security; urgency=medium
* SECURITY UPDATE: memory corruption/disclosure issue
- debian/patches/CVE-2022-41741_41742.patch: disabled duplicate atoms in
Mp4
- CVE-2022-41741
- CVE-2022-41742
-- Nishit Majithia <email address hidden> Thu, 10 Nov 2022 12:08:23 +0530
Available diffs
nginx (1.22.0-1ubuntu2) lunar; urgency=medium * Rebuild against new perlapi-5.36. -- Gianfranco Costamagna <email address hidden> Fri, 04 Nov 2022 16:49:47 +0100
Available diffs
- diff from 1.22.0-1ubuntu1 to 1.22.0-1ubuntu2 (356 bytes)
nginx (1.18.0-6ubuntu14.2) jammy; urgency=medium
* d/p/ssl-op-ignore-unexpected-eof-option.patch: Add compatibility
flag for certain clients that don't close their connection properly.
(LP: #1981457)
-- Bryce Harrington <email address hidden> Tue, 02 Aug 2022 15:24:53 -0700
Available diffs
| Superseded in lunar-release |
| Obsolete in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
nginx (1.22.0-1ubuntu1) kinetic; urgency=medium * Merge with Debian unstable (LP: #1982626). Remaining changes: - d/p/ubuntu-branding.patch: add Ubuntu branding - d/apport/source_nginx.py: Add apport hooks for additional bug information gathering. - d/nginx-common.install: Add install rule for apport hooks. - d/p/nginx-fix-pidfile.patch: Fix NGINX PIDfile handling to avoid SystemD race condition - thanks to Tj for the patch. (LP #1581864) - d/control: make nginx and nginx-full arch any, so that nginx-full is no longer pulled into main because of i386 (LP #1893267) - Remove the Lua modules from NGINX (Server Team Decision) - future support for Lua module now requires resty-core from OpenResty, meaning that if we want to continue to support the Lua module, we have to start becoming OpenResty - users should just use OpenResty at this point for Lua. Changes made for this removal: + d/control: + Remove lua module from dependencies, and binary build item. + Add "Breaks" line for nginx-lua for older versions of NGINX. This is added to the nginx metapackage and nginx-extras. + d/rules: Remove Lua module from the build flags for -extras. + d/http-lua, d/modules/{,patches/,watch/}nginx-lua: Remove Lua modules, watch file, module patches. + d/modules/control: Remove Lua module from definitions + d/copyright: Remove lua module. + d/tests/{control,lua/}: Remove Lua test entirely, remove dependencies on any test which request libnginx-mod-http-lua as it's gone. - d/control: drop GeoIP from nginx-core due to demotion of libgeoip (LP #1861101, LP #1867150): + remove libnginx-mod-http-geoip from nginx-core dependency + have nginx-core depend on libnginx-mod-stream-geoip2 instead of libnginx-mod-stream-geoip + adjust package descriptions accordingly - d/control: (GeoIP2 related changes) + Update dependencies for http-geoip2 package to include libmaxminddb0. + Update nginx-core to include http-geoip2 module due to approved bin-MIR (LP #1867198) + Move geoip2 module build flags to the common flags so all package flavors have it. + Update dependencies for nginx-light, etc. to include libnginx-mod-http-geoip2 as it's in the 'common build flags' for all flavors of the builds. + Update package description for nginx-core to indicate geoip2 is included, and to list third party HTTP modules. GeoIP2 is not included for Stream by default, so we have to adjust this because the Stream part isn't MIR'd. * d/p/ubuntu-branding.patch: Reimplement patch to avoid conflicting on (volatile) release version numbers when merging. * d/m/p/http-subs-filter/pcre2.patch: Patch from debian 0d813834 to fix FTBFS * d/t/branding: Add autopkgtest to validate branding presence -- Bryce Harrington <email address hidden> Fri, 22 Jul 2022 17:56:50 -0700
Available diffs
- diff from 1.20.2-2ubuntu2 to 1.22.0-1ubuntu1 (99.5 KiB)
nginx (1.20.2-2ubuntu2) kinetic; urgency=medium * d/http-lua: Remove another lua patch -- Bryce Harrington <email address hidden> Fri, 15 Jul 2022 04:50:47 +0000
Available diffs
| Superseded in kinetic-proposed |
nginx (1.20.2-2ubuntu1) kinetic; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/p/ubuntu-branding.patch: add Ubuntu branding
- d/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- d/nginx-common.install: Add install rule for apport hooks.
- d/p/nginx-fix-pidfile.patch: Fix NGINX PIDfile handling to avoid
SystemD race condition - thanks to Tj for the patch. (LP #1581864)
- d/control: make nginx and nginx-full arch any, so that nginx-full
is no longer pulled into main because of i386 (LP #1893267)
- Remove the Lua modules from NGINX (Server Team Decision) - future support
for Lua module now requires resty-core from OpenResty, meaning that if
we want to continue to support the Lua module, we have to start becoming
OpenResty - users should just use OpenResty at this point for Lua.
Changes made for this removal:
+ d/control:
+ Remove lua module from dependencies, and binary build item.
+ Add "Breaks" line for nginx-lua for older versions of NGINX.
This is added to the nginx metapackage and nginx-extras.
+ d/rules: Remove Lua module from the build flags for -extras.
+ d/modules/{,patches/,watch/}nginx-lua: Remove Lua module, watch file,
module patches.
+ d/modules/control: Remove Lua module from definitions
+ d/copyright: Remove lua module.
+ d/tests/{control,lua/}: Remove Lua test entirely, remove
dependencies on any test which request
libnginx-mod-http-lua as it's gone.
- d/control: drop GeoIP from nginx-core due to demotion of libgeoip
(LP #1861101, LP #1867150):
+ remove libnginx-mod-http-geoip from nginx-core dependency
+ have nginx-core depend on libnginx-mod-stream-geoip2
instead of libnginx-mod-stream-geoip
+ adjust package descriptions accordingly
- d/control: (GeoIP2 related changes)
+ Update dependencies for http-geoip2 package to include libmaxminddb0.
+ Update nginx-core to include http-geoip2 module due to approved bin-MIR
(LP #1867198)
+ Move geoip2 module build flags to the common flags so all
package flavors have it.
+ Update dependencies for nginx-light, etc. to include
libnginx-mod-http-geoip2 as it's in the 'common build flags'
for all flavors of the builds.
+ Update package description for nginx-core to indicate geoip2
is included, and to list third party HTTP modules. GeoIP2
is not included for Stream by default, so we have to adjust
this because the Stream part isn't MIR'd.
* d/p/ubuntu-branding.patch: Refresh
* Dropped:
- DNS Resolver Off-by-One Heap Write
+ debian/patches/CVE-2021-23017.patch: fix logic in
src/core/ngx_resolver.c.
[Not needed: Replaced by upstream patches in separate commit]
- DNS Resolver issues
+ debian/patches/CVE-2021-23017-1.patch: fixed off-by-one write in
src/core/ngx_resolver.c.
+ debian/patches/CVE-2021-23017-2.patch: fixed off-by-one read in
src/core/ngx_resolver.c.
+ debian/patches/CVE-2021-23017.patch: removed, replaced with upstream
commits.
[Included in upstream release 1.20.1]
- ALPACA TLS issue
+ debian/patches/CVE-2021-3618.patch: specify the number of
errors after which the connection is closed in
src/mail/ngx_mail.h, src/mail/ngx_mail_core_module.c and
src/mail/ngx_mail_handler.c.
[Included in Debian release 1.20.2-2]
-- Bryce Harrington <email address hidden> Tue, 12 Jul 2022 10:23:53 -0700
Available diffs
| Superseded in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
| Superseded in jammy-updates |
| Superseded in jammy-security |
nginx (1.18.0-6ubuntu14.1) jammy-security; urgency=medium
* SECURITY UPDATE: ALPACA TLS issue
- debian/patches/CVE-2021-3618.patch: specify the number of
errors after which the connection is closed in
src/mail/ngx_mail.h, src/mail/ngx_mail_core_module.c and
src/mail/ngx_mail_handler.c.
- CVE-2021-3618
-- David Fernandez Gonzalez <email address hidden> Wed, 27 Apr 2022 12:56:57 +0200
Available diffs
nginx (1.14.0-0ubuntu1.10) bionic-security; urgency=medium
* SECURITY UPDATE: ALPACA TLS issue
- debian/patches/CVE-2021-3618.patch: specify the number of
errors after which the connection is closed in
src/mail/ngx_mail.h, src/mail/ngx_mail_core_module.c and
src/mail/ngx_mail_handler.c.
- CVE-2021-3618
* SECURITY UPDATE: request mutation by unsafe characters
- Add input validation to requests in Lua module in
debian/modules/http-lua/src/ngx_http_lua_control.c,
debian/modules/http-lua/src/ngx_http_lua_headers_in.c,
debian/modules/http-lua/src/ngx_http_lua_headers_out.c,
debian/modules/http-lua/src/ngx_http_lua_uri.c,
debian/modules/http-lua/src/ngx_http_lua_util.h and
debian/modules/http-lua/src/ngx_http_lua_util.h.
- CVE-2020-36309
* SECURITY UPDATE: request smuggling in ngx.location.capture
- Add manual crafting of Content-Length in case request is
chunked in
debian/modules/http-lua/src/ngx_http_lua_subrequest.c.
- CVE-2020-11724
-- David Fernandez Gonzalez <email address hidden> Tue, 12 Apr 2022 11:00:15 +0200
Available diffs
nginx (1.18.0-0ubuntu1.3) focal-security; urgency=medium
* SECURITY UPDATE: ALPACA TLS issue
- debian/patches/CVE-2021-3618.patch: specify the number of
errors after which the connection is closed in
src/mail/ngx_mail.h, src/mail/ngx_mail_core_module.c and
src/mail/ngx_mail_handler.c.
- CVE-2021-3618
* SECURITY UPDATE: request mutation by unsafe characters
- Add input validation to requests in Lua module in
debian/modules/http-lua/src/ngx_http_lua_control.c,
debian/modules/http-lua/src/ngx_http_lua_headers_in.c,
debian/modules/http-lua/src/ngx_http_lua_headers_out.c,
debian/modules/http-lua/src/ngx_http_lua_uri.c,
debian/modules/http-lua/src/ngx_http_lua_util.h and
debian/modules/http-lua/src/ngx_http_lua_util.h.
- CVE-2020-36309
* SECURITY UPDATE: request smuggling in ngx.location.capture
- Add manual crafting of Content-Length in case request is
chunked in
debian/modules/http-lua/src/ngx_http_lua_subrequest.c.
- CVE-2020-11724
-- David Fernandez Gonzalez <email address hidden> Tue, 12 Apr 2022 10:04:16 +0200
Available diffs
nginx (1.18.0-6ubuntu11.1) impish-security; urgency=medium
* SECURITY UPDATE: ALPACA TLS issue
- debian/patches/CVE-2021-3618.patch: specify the number of
errors after which the connection is closed in
src/mail/ngx_mail.h, src/mail/ngx_mail_core_module.c and
src/mail/ngx_mail_handler.c.
- CVE-2021-3618
-- David Fernandez Gonzalez <email address hidden> Tue, 12 Apr 2022 11:09:13 +0200
Available diffs
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
nginx (1.18.0-6ubuntu14) jammy; urgency=medium * No-change rebuild to update maintainer scripts, see LP: 1959054 -- Dave Jones <email address hidden> Wed, 16 Feb 2022 17:10:20 +0000
Available diffs
- diff from 1.18.0-6 (in Debian) to 1.18.0-6ubuntu14 (619.2 KiB)
- diff from 1.18.0-6ubuntu12 to 1.18.0-6ubuntu14 (388 bytes)
- diff from 1.18.0-6ubuntu13 to 1.18.0-6ubuntu14 (329 bytes)
| Superseded in jammy-proposed |
nginx (1.18.0-6ubuntu13) jammy; urgency=medium * No-change rebuild for the perl update. -- Matthias Klose <email address hidden> Sun, 06 Feb 2022 13:48:12 +0100
Available diffs
- diff from 1.18.0-6ubuntu12 to 1.18.0-6ubuntu13 (314 bytes)
nginx (1.18.0-6ubuntu12) jammy; urgency=medium * No-change rebuild against openssl3 -- Simon Chopin <email address hidden> Wed, 24 Nov 2021 13:59:50 +0000
Available diffs
- diff from 1.18.0-6ubuntu11 to 1.18.0-6ubuntu12 (331 bytes)
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
nginx (1.18.0-6ubuntu11) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose <email address hidden> Thu, 07 Oct 2021 12:21:36 +0200
Available diffs
- diff from 1.18.0-6ubuntu10 to 1.18.0-6ubuntu11 (347 bytes)
nginx (1.18.0-6ubuntu10) impish; urgency=medium
* SECURITY UPDATE: DNS Resolver issues
- debian/patches/CVE-2021-23017-1.patch: fixed off-by-one write in
src/core/ngx_resolver.c.
- debian/patches/CVE-2021-23017-2.patch: fixed off-by-one read in
src/core/ngx_resolver.c.
- debian/patches/CVE-2021-23017.patch: removed, replaced with upstream
commits.
- CVE-2021-23017
-- Marc Deslauriers <email address hidden> Wed, 26 May 2021 06:59:42 -0400
Available diffs
nginx (1.14.0-0ubuntu1.9) bionic-security; urgency=medium
* SECURITY UPDATE: DNS Resolver issues
- debian/patches/CVE-2021-23017-1.patch: fixed off-by-one write in
src/core/ngx_resolver.c.
- debian/patches/CVE-2021-23017-2.patch: fixed off-by-one read in
src/core/ngx_resolver.c.
- CVE-2021-23017
-- Marc Deslauriers <email address hidden> Tue, 25 May 2021 13:11:02 -0400
Available diffs
nginx (1.18.0-6ubuntu8.2) hirsute-security; urgency=medium
* SECURITY UPDATE: DNS Resolver issues
- debian/patches/CVE-2021-23017-1.patch: fixed off-by-one write in
src/core/ngx_resolver.c.
- debian/patches/CVE-2021-23017-2.patch: fixed off-by-one read in
src/core/ngx_resolver.c.
- CVE-2021-23017
-- Marc Deslauriers <email address hidden> Tue, 25 May 2021 13:06:54 -0400
Available diffs
nginx (1.18.0-0ubuntu1.2) focal-security; urgency=medium
* SECURITY UPDATE: DNS Resolver issues
- debian/patches/CVE-2021-23017-1.patch: fixed off-by-one write in
src/core/ngx_resolver.c.
- debian/patches/CVE-2021-23017-2.patch: fixed off-by-one read in
src/core/ngx_resolver.c.
- CVE-2021-23017
-- Marc Deslauriers <email address hidden> Tue, 25 May 2021 13:10:38 -0400
Available diffs
nginx (1.18.0-6ubuntu2.2) groovy-security; urgency=medium
* SECURITY UPDATE: DNS Resolver issues
- debian/patches/CVE-2021-23017-1.patch: fixed off-by-one write in
src/core/ngx_resolver.c.
- debian/patches/CVE-2021-23017-2.patch: fixed off-by-one read in
src/core/ngx_resolver.c.
- CVE-2021-23017
-- Marc Deslauriers <email address hidden> Tue, 25 May 2021 13:10:13 -0400
Available diffs
nginx (1.18.0-6ubuntu9) impish; urgency=medium
* SECURITY UPDATE: DNS Resolver Off-by-One Heap Write
- debian/patches/CVE-2021-23017.patch: fix logic in
src/core/ngx_resolver.c.
- CVE-2021-23017
-- Marc Deslauriers <email address hidden> Tue, 25 May 2021 13:06:54 -0400
Available diffs
- diff from 1.18.0-6ubuntu8 to 1.18.0-6ubuntu9 (752 bytes)
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: Moved to hirsute) |
nginx (1.18.0-6ubuntu8) hirsute; urgency=medium
* d/modules/control: Remove Lua module from definitions
* d/tests/:
- control: Remove Lua test, remove dependencies on any test which
request libnginx-mod-http-lua as it's gone.
- lua: Remove the lua test entirely.
-- Thomas Ward <email address hidden> Wed, 10 Mar 2021 10:50:43 -0500
Available diffs
- diff from 1.18.0-6ubuntu4 to 1.18.0-6ubuntu8 (606.7 KiB)
- diff from 1.18.0-6ubuntu7 to 1.18.0-6ubuntu8 (1.1 KiB)
| Superseded in hirsute-proposed |
nginx (1.18.0-6ubuntu7) hirsute; urgency=medium
* d/control:
- Fix dependencies issue for libnginx-mod-http-geoip2 - missing a
character in the depends.
-- Thomas Ward <email address hidden> Tue, 09 Mar 2021 19:03:55 -0500
Available diffs
- diff from 1.18.0-6ubuntu6 to 1.18.0-6ubuntu7 (527 bytes)
| Superseded in hirsute-proposed |
nginx (1.18.0-6ubuntu6) hirsute; urgency=medium
* d/control:
- Update dependencies for nginx-light, etc. to include
libnginx-mod-http-geoip2 as it's in the 'common build flags' for
all flavors of the builds.
- Update nginx-core package description to list third party HTTP
modules. GeoIP2 is not included for Stream by default, so we
have to adjust this because the Stream part isn't MIR'd.
-- Thomas Ward <email address hidden> Tue, 09 Mar 2021 12:41:36 -0500
Available diffs
| Superseded in hirsute-proposed |
nginx (1.18.0-6ubuntu5) hirsute; urgency=medium
* d/control: (GeoIP2 related changes)
- Update dependencies for http-geoip2 package.
- Update nginx-core to include http-geoip2 module due to approved bin-MIR
(LP: #1867198)
- Update description to nginx-core to indicate geoip2 is included.
* d/control: move geoip2 module build flags to the common flags so all
package flavors have it.
* d/modules/http-geoip2: Update to upstream version 3.3.
* Remove the Lua modules from NGINX (Server Team Decision) - future support
for Lua module now requires resty-core from OpenResty, meaning that if
we want to continue to support the Lua module, we have to start becoming
OpenResty - users should just use OpenResty at this point for Lua.
Changes made for this removal:
- d/control:
- Remove lua module from dependencies, and binary build item.
- Add "Breaks" line for nginx-lua for older versions of NGINX.
This is added to the nginx metapackage and nginx-extras.
- d/copyright: Remove lua module.
- d/modules/{,patches/,watch/}nginx-lua: Remove Lua module, watch file,
module patches.
- d/rules: Remove Lua module from the build flags for -extras.
-- Thomas Ward <email address hidden> Mon, 08 Mar 2021 09:59:56 -0500
Available diffs
- diff from 1.18.0-6ubuntu4 to 1.18.0-6ubuntu5 (605.5 KiB)
nginx (1.18.0-6ubuntu4) hirsute; urgency=medium * No-change rebuild for the perl update. -- Matthias Klose <email address hidden> Mon, 09 Nov 2020 12:46:47 +0100
Available diffs
- diff from 1.18.0-6ubuntu2 to 1.18.0-6ubuntu4 (349 bytes)
- diff from 1.18.0-6ubuntu3 to 1.18.0-6ubuntu4 (292 bytes)
| Superseded in hirsute-proposed |
nginx (1.18.0-6ubuntu3) hirsute; urgency=medium * No-change rebuild for the perl update. -- Matthias Klose <email address hidden> Mon, 09 Nov 2020 10:51:27 +0100
Available diffs
- diff from 1.18.0-6ubuntu2 to 1.18.0-6ubuntu3 (333 bytes)
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
nginx (1.18.0-6ubuntu2) groovy; urgency=medium
* d/control: make nginx and nginx-full arch any, so that nginx-full
is no longer pulled into main because of i386 (LP: #1893267)
-- Andreas Hasenack <email address hidden> Thu, 27 Aug 2020 16:59:57 -0300
Available diffs
- diff from 1.18.0-6ubuntu1 to 1.18.0-6ubuntu2 (647 bytes)
nginx (1.18.0-6ubuntu1) groovy; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/p/ubuntu-branding.patch: add Ubuntu branding
- d/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- d/nginx-common.install: Add install rule for apport hooks.
- d/p/nginx-fix-pidfile.patch: Fix NGINX PIDfile handling to avoid
SystemD race condition - thanks to Tj for the patch. (LP #1581864)
- d/control: drop GeoIP from nginx-core due to demotion of libgeoip
(LP #1861101, LP #1867150):
+ remove libnginx-mod-http-geoip from nginx-core dependency
+ have nginx-core depend on libnginx-mod-stream-geoip2
instead of libnginx-mod-stream-geoip
+ adjust package descriptions accordingly
Available diffs
nginx (1.18.0-3ubuntu2) groovy; urgency=medium
* Re-apply demotion of geoip in favor of geoip2
- Fixes some accidentally dropped delta from merge to fix
unsatisfiable depends. nginx-[core|full] need to depend on
libnginx-mod-stream-geoip2, not on -geoip.
(LP #1861101)
-- Bryce Harrington <email address hidden> Mon, 06 Jul 2020 15:12:26 -0700
Available diffs
- diff from 1.17.10-0ubuntu1 to 1.18.0-3ubuntu2 (427.3 KiB)
- diff from 1.18.0-3ubuntu1 to 1.18.0-3ubuntu2 (1013 bytes)
| Superseded in groovy-proposed |
nginx (1.18.0-3ubuntu1) groovy; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/p/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- d/nginx-common.install: Add install rule for apport hooks.
- d/p/nginx-fix-pidfile.patch: Fix NGINX PIDfile handling to avoid
SystemD race condition - thanks to Tj for the patch. (LP #1581864)
- Drop GeoIP from nginx-core due to demotion of libgeoip
(LP #1861101, LP #1867150):
+ d/control: Remove libnginx-mod-http-geoip from nginx-core dependency
+ d/rules: Remove the configure line of with-http_geoip_module=dynamic
from the nginx-core build flags, due to demotion of libgeoip and the
removal of the dynamic library from install deps for nginx-core.
* d/a/source_nginx.py: Fix indentation in apport hook
* d/p/nginx-fix-pidfile.patch: Update dep3 with fwd debian link
* Dropped:
- debian/patches/0002-Make-sure-signature-stays-the-same-in-
all-nginx-buil.patch: Refreshed patch - Merge-o-Matic introduced some
fuzz which caused issues.
[ Does not seem necessary ]
- d/control: drop mention of SSL Preread from nginx-full, nginx-extras
[ Previously undocumented ]
- d/gbp.conf: update for 1.12 release
[ Previously undocumented ]
- d/p/0003-define_gnu_source-on-other-glibc-based-platforms.patch:
Refresh patch.
[ Previously undocumented ]
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- Add GeoIP2 third party module to nginx-full and nginx-extras
(LP #1825895). The following is the files list for this:
+ d/{control,rules}: Add libnginx-mod-http-geoip2 and corresponding
build rules.
+ d/modules/http-geoip2{,/*}: Add geoip2 module from third party git.
+ d/copyright: Add relevant copyright lines for GeoIP2 module.
- d/conf/sites-available/default: Update PHP path for PHP 7.4.
[added in 1.17.9-0ubuntu3 taken by Debian in 1.18.0-2]
- d/nginx-full.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade.
- d/control: Add dependency from nginx-full on `iproute2` as the
postinst scripts now use `ss` to determine if Port 80 is open
or not.
[Taken by Debian in 1.18.0-2]
- d/rules: Enable --with-compat build option for all nginx package
flavors (LP #1797897)
-- Bryce Harrington <email address hidden> Wed, 24 Jun 2020 23:15:11 +0000
Available diffs
- diff from 1.17.10-0ubuntu1 to 1.18.0-3ubuntu1 (427.2 KiB)
nginx (1.18.0-0ubuntu1) focal; urgency=medium * Stable Release Update for Version String (LP: #1875231) * New upstream Stable release (1.18.0) - full changelog available from http://nginx.org/en/CHANGES * Remaining Ubuntu-specific changes: - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed) - d/{control,rules,nginx-core.*}: add new binary package for main, nginx-core, which contains only source-tarball-included modules and no third-party modules. - debian/tests/control: add nginx-core test. - debian/apport/source_nginx.py: Add apport hooks for additional bug information gathering. - debian/nginx-common.install: Add install rule for apport hooks. - d/nginx-{core,light,full,extras}.postinst: Add checks for whether port 80 is in use or not to determine whether or not to attempt starting of the NGINX service during install/upgrade - d/control: Add dependencies to nginx-{core,light,full,extras} on `iproute2` as the postinst scripts now use `ss` to determine if Port 80 is open or not. - d/rules: Enable --with-compat build option for all nginx package flavors - d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party module to nginx-full and nginx-extras (and use proper DEP5 syntax for d/copyright). - d/control, d/rules: Drop GeoIP from nginx-core due to demotion of libgeoip. -- Thomas Ward <email address hidden> Tue, 21 Apr 2020 10:49:01 -0400
Available diffs
| Superseded in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
nginx (1.17.10-0ubuntu1) focal; urgency=medium
* New upstream release (1.17.9) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
- d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
module to nginx-full and nginx-extras (and use proper DEP5 syntax for
d/copyright).
- d/control, d/rules: Drop GeoIP from nginx-core due to demotion of
libgeoip.
-- Thomas Ward <email address hidden> Tue, 14 Apr 2020 12:53:34 -0400
Available diffs
nginx (1.17.9-0ubuntu3) focal; urgency=medium * d/conf/sites-available/default: Update PHP path for PHP 7.4. -- Thomas Ward <email address hidden> Thu, 26 Mar 2020 10:53:52 -0400
Available diffs
- diff from 1.17.9-0ubuntu2 to 1.17.9-0ubuntu3 (515 bytes)
nginx (1.17.9-0ubuntu2) focal; urgency=medium * Drop GeoIP from nginx-core due to demotion of libgeoip (LP: #1861101, LP: #1867150): - d/control: Remove libnginx-mod-http-geoip from nginx-core dependency - d/rules: Remove the configure line of with-http_geoip_module=dynamic from the nginx-core build flags, due to demotion of libgeoip and the removal of the dynamic library from install deps for nginx-core. -- Thomas Ward <email address hidden> Wed, 11 Mar 2020 13:41:07 -0400
Available diffs
nginx (1.17.9-0ubuntu1) focal; urgency=medium
* New upstream release (1.17.9) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
- d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
module to nginx-full and nginx-extras (and use proper DEP5 syntax for
d/copyright).
-- Thomas Ward <email address hidden> Tue, 03 Mar 2020 11:05:45 -0500
Available diffs
nginx (1.17.8-0ubuntu3) focal; urgency=medium
* d/conf/sites-available/default: Indentation consistency.
Fix an indentation issue introduced by 1.17.8-0ubuntu2 to make sure that
indentation in the default config file is consistent.
-- Thomas Ward <email address hidden> Wed, 26 Feb 2020 10:35:13 -0500
Available diffs
- diff from 1.17.8-0ubuntu2 to 1.17.8-0ubuntu3 (487 bytes)
nginx (1.17.8-0ubuntu2) focal; urgency=medium
* d/conf/sites-available/default: Revert changes done in #1743592.
Reverts this change:
- d/conf/sites-available/default: Update default nginx site
configuration file to remove the IPv6 listening line so that servers
running without IPv6 enabled at all on the system will start nginx
properly.
-- Thomas Ward <email address hidden> Thu, 20 Feb 2020 13:52:32 -0500
Available diffs
- diff from 1.17.8-0ubuntu1 to 1.17.8-0ubuntu2 (564 bytes)
nginx (1.17.8-0ubuntu1) focal; urgency=medium
* New upstream release (1.17.8) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
- d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
module to nginx-full and nginx-extras (and use proper DEP5 syntax for
d/copyright).
- d/conf/sites-available/default: Update default nginx site configuration
file to remove the IPv6 listening line so that servers running without
IPv6 enabled at all on the system will start nginx properly.
(LP: #1743592)
-- Thomas Ward <email address hidden> Tue, 18 Feb 2020 19:01:02 -0500
Available diffs
nginx (1.14.0-0ubuntu1.7) bionic-security; urgency=medium
* SECURITY UPDATE: request smuggling via error_page
- debian/patches/CVE-2019-20372.patch: discard request body when
redirecting to a URL via error_page in
src/http/ngx_http_special_response.c.
- CVE-2019-20372
-- Marc Deslauriers <email address hidden> Fri, 10 Jan 2020 14:18:38 -0500
Available diffs
nginx (1.15.9-0ubuntu1.2) disco-security; urgency=medium
* SECURITY UPDATE: request smuggling via error_page
- debian/patches/CVE-2019-20372.patch: discard request body when
redirecting to a URL via error_page in
src/http/ngx_http_special_response.c.
- CVE-2019-20372
-- Marc Deslauriers <email address hidden> Fri, 10 Jan 2020 14:18:15 -0500
Available diffs
- diff from 1.15.9-0ubuntu1.1 to 1.15.9-0ubuntu1.2 (978 bytes)
nginx (1.10.3-0ubuntu0.16.04.5) xenial-security; urgency=medium
* SECURITY UPDATE: request smuggling via error_page
- debian/patches/CVE-2019-20372.patch: discard request body when
redirecting to a URL via error_page in
src/http/ngx_http_special_response.c.
- CVE-2019-20372
-- Marc Deslauriers <email address hidden> Fri, 10 Jan 2020 14:19:02 -0500
Available diffs
nginx (1.16.1-0ubuntu2.1) eoan-security; urgency=medium
* SECURITY UPDATE: request smuggling via error_page
- debian/patches/CVE-2019-20372.patch: discard request body when
redirecting to a URL via error_page in
src/http/ngx_http_special_response.c.
- CVE-2019-20372
-- Marc Deslauriers <email address hidden> Fri, 10 Jan 2020 14:16:29 -0500
Available diffs
nginx (1.17.7-0ubuntu1) focal; urgency=medium
* New upstream release (1.17.7) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
- d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
module to nginx-full and nginx-extras (and use proper DEP5 syntax for
d/copyright).
- d/conf/sites-available/default: Update default nginx site configuration
file to remove the IPv6 listening line so that servers running without
IPv6 enabled at all on the system will start nginx properly.
(LP: #1743592)
-- Thomas Ward <email address hidden> Mon, 30 Dec 2019 13:02:58 -0500
Available diffs
nginx (1.17.6-0ubuntu1) focal; urgency=medium
* New upstream release (1.17.6) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
- d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
module to nginx-full and nginx-extras (and use proper DEP5 syntax for
d/copyright).
- d/conf/sites-available/default: Update default nginx site configuration
file to remove the IPv6 listening line so that servers running without
IPv6 enabled at all on the system will start nginx properly.
(LP: #1743592)
-- Thomas Ward <email address hidden> Tue, 19 Nov 2019 10:34:14 -0500
Available diffs
nginx (1.17.5-0ubuntu1) focal; urgency=medium
* New upstream release (1.17.5) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
- d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
module to nginx-full and nginx-extras (and use proper DEP5 syntax for
d/copyright).
* New Ubuntu-specific changes:
- d/conf/sites-available/default: Update default nginx site configuration
file to remove the IPv6 listening line so that servers running without
IPv6 enabled at all on the system will start nginx properly.
(LP: #1743592)
-- Thomas Ward <email address hidden> Fri, 01 Nov 2019 11:55:10 -0400
Available diffs
- diff from 1.16.1-0ubuntu3 to 1.17.5-0ubuntu1 (24.1 KiB)
nginx (1.16.1-0ubuntu3) focal; urgency=medium * No-change rebuild for the perl update. -- Matthias Klose <email address hidden> Fri, 18 Oct 2019 19:37:10 +0000
Available diffs
- diff from 1.16.1-0ubuntu2 to 1.16.1-0ubuntu3 (338 bytes)
nginx (1.14.0-0ubuntu1.6) bionic-security; urgency=medium
* No change rebuild in -security pocket now that OpenSSL 1.1.1 is
available.
-- Marc Deslauriers <email address hidden> Tue, 20 Aug 2019 08:46:02 -0400
Available diffs
nginx (1.14.0-0ubuntu1.5) bionic; urgency=medium
* No change rebuild for bionic outside of security pocket to pick up
OpenSSL 1.1.1. (LP: #1840404)
-- Marc Deslauriers <email address hidden> Fri, 16 Aug 2019 07:05:57 -0400
Available diffs
| Superseded in focal-release |
| Obsolete in eoan-release |
| Deleted in eoan-proposed (Reason: moved to release) |
nginx (1.16.1-0ubuntu2) eoan; urgency=medium
* d/conf/sites-available/default: Update PHP referred to in the
example in the default configuration to PHP 7.2.
(LP: #1831748)
-- Thomas Ward <email address hidden> Thu, 15 Aug 2019 12:01:39 -0400
Available diffs
- diff from 1.16.1-0ubuntu1 to 1.16.1-0ubuntu2 (551 bytes)
nginx (1.14.0-0ubuntu1.4) bionic-security; urgency=medium
* SECURITY UPDATE: HTTP/2 Data Dribble issue
- debian/patches/CVE-2019-9511.patch: limited number of DATA frames in
src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h,
src/http/v2/ngx_http_v2_filter_module.c.
- CVE-2019-9511
* SECURITY UPDATE: HTTP/2 Resource Loop / Priority Shuffling issue
- debian/patches/CVE-2019-9513.patch: limited number of PRIORITY frames
in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
- CVE-2019-9513
* SECURITY UPDATE: HTTP/2 0-Length Headers Leak issue
- debian/patches/CVE-2019-9516.patch: reject zero length headers with
PROTOCOL_ERROR in src/http/v2/ngx_http_v2.c.
- CVE-2019-9516
-- Marc Deslauriers <email address hidden> Wed, 14 Aug 2019 14:44:40 -0400
Available diffs
nginx (1.10.3-0ubuntu0.16.04.4) xenial-security; urgency=medium
* SECURITY UPDATE: HTTP/2 Data Dribble issue
- debian/patches/CVE-2019-9511.patch: limited number of DATA frames in
src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h,
src/http/v2/ngx_http_v2_filter_module.c.
- CVE-2019-9511
* SECURITY UPDATE: HTTP/2 Resource Loop / Priority Shuffling issue
- debian/patches/CVE-2019-9513.patch: limited number of PRIORITY frames
in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
- CVE-2019-9513
* SECURITY UPDATE: HTTP/2 0-Length Headers Leak issue
- debian/patches/CVE-2019-9516.patch: reject zero length headers with
PROTOCOL_ERROR in src/http/v2/ngx_http_v2.c.
- CVE-2019-9516
-- Marc Deslauriers <email address hidden> Wed, 14 Aug 2019 14:48:49 -0400
Available diffs
nginx (1.15.9-0ubuntu1.1) disco-security; urgency=medium
* SECURITY UPDATE: HTTP/2 Data Dribble issue
- debian/patches/CVE-2019-9511.patch: limited number of DATA frames in
src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h,
src/http/v2/ngx_http_v2_filter_module.c.
- CVE-2019-9511
* SECURITY UPDATE: HTTP/2 Resource Loop / Priority Shuffling issue
- debian/patches/CVE-2019-9513.patch: limited number of PRIORITY frames
in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
- CVE-2019-9513
* SECURITY UPDATE: HTTP/2 0-Length Headers Leak issue
- debian/patches/CVE-2019-9516.patch: reject zero length headers with
PROTOCOL_ERROR in src/http/v2/ngx_http_v2.c.
- CVE-2019-9516
-- Marc Deslauriers <email address hidden> Wed, 14 Aug 2019 14:41:19 -0400
Available diffs
nginx (1.16.1-0ubuntu1) eoan; urgency=medium
* New upstream release (1.16.1) - full changelog available from
http://nginx.org/en/CHANGES-1.16
* This patch contains security patches only.
* Security content in this version:
- When using HTTP/2 a client might cause excessive memory consumption
and CPU usage (CVE-2019-9511. CVE-2019-9513, CVE-2019-9516)
-- Thomas Ward <email address hidden> Tue, 13 Aug 2019 13:08:03 -0400
Available diffs
nginx (1.14.0-0ubuntu1.3) bionic; urgency=medium
* No changes rebuild (to build against OpenSSL 1.1.1 in Bionic)
(LP: #1836366)
-- Thomas Ward <email address hidden> Fri, 12 Jul 2019 14:18:43 -0400
Available diffs
nginx (1.16.0-0ubuntu2) eoan; urgency=medium
* d/patches/nginx-fix-pidfile.patch: Fix NGINX PIDfile handling to avoid
SystemD race condition - thanks to Tj for the patch. (LP: #1581864)
-- Thomas Ward <email address hidden> Tue, 04 Jun 2019 11:43:30 -0400
Available diffs
nginx (1.16.0-0ubuntu1) eoan; urgency=medium
* New upstream release (1.16.0) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
- d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
module to nginx-full and nginx-extras
-- Thomas Ward <email address hidden> Mon, 29 Apr 2019 12:31:39 -0400
Available diffs
nginx (1.15.12-0ubuntu1) eoan; urgency=medium
* New upstream release (1.15.12) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
* Add GeoIP2 third party module to nginx-full and nginx-extras
(LP: #1825895). The following is the files list for this:
- d/{control,rules}: Add libnginx-mod-http-geoip2 and corresponding build
rules.
- d/modules/http-geoip2{,/*}: Add geoip2 module from third party git.
- d/copyright: Add relevant copyright lines for GeoIP2 module.
-- Thomas Ward <email address hidden> Mon, 22 Apr 2019 17:59:46 -0400
Available diffs
| Superseded in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
nginx (1.15.9-0ubuntu1) disco; urgency=medium
* New upstream release (1.15.9) - full changelog available from
http://nginx.org/en/CHANGES (LP: #1817750)
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
-- Thomas Ward <email address hidden> Tue, 26 Feb 2019 11:15:07 -0500
Available diffs
- diff from 1.15.8-0ubuntu1 to 1.15.9-0ubuntu1 (14.2 KiB)
nginx (1.15.8-0ubuntu1) disco; urgency=medium
* New upstream release (1.15.8) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
-- Thomas Ward <email address hidden> Fri, 01 Feb 2019 20:21:45 -0500
Available diffs
nginx (1.15.7-0ubuntu1) disco; urgency=medium
* New upstream release (1.15.7) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors (LP: #1797897)
-- Thomas Ward <email address hidden> Tue, 27 Nov 2018 10:28:55 -0500
Available diffs
nginx (1.15.6-0ubuntu2) disco; urgency=medium
* Apply a Debian packaging change to Ubuntu package for config parity:
* d/conf/snippets/fastcgi-php.conf: Adjust fastcgi_split_path_info
snippet to handle the /example.php/ case. (Debian bug 911398)
-- Thomas Ward <email address hidden> Fri, 23 Nov 2018 10:56:21 -0500
Available diffs
- diff from 1.15.6-0ubuntu1 to 1.15.6-0ubuntu2 (583 bytes)
| 1 → 75 of 259 results | First • Previous • Next • Last |
