Change log for nginx package in Ubuntu
| 1 → 75 of 157 results | First • Previous • Next • Last |
nginx (1.12.0-0ubuntu1) artful; urgency=medium
* New upstream release: 1.12.0 Stable branch.
* All remaining Ubuntu-specific and Debian-specific changes remain
in place with this upload, the upstream version and code are the
only bits that have been updated, except where indicated below.
* Remaining changes:
- d/modules/nginx-upload-progress/config: Apply upstream patch to
fix an issue where the module does not properly function due to
the wrong module type being set; this prevented the module from
working when built. (LP: #1673056)
- d/patches: The following patches were dropped from the package
because the changes from the patches are already incorporated
in 1.12.0:
- 0004-SSL-error-messages-style.patch
- 0005-SSL-style.patch
- 0006-SSL-support-for-multiple-curves-ticket-885.patch
- d/patches/perl-use-dpkg-buildflags.patch: Refreshed patch to
remove fuzz from the patch.
- d/modules/nginx-echo: Apply upstream diff/patch to fix an FTBFS
- d/modules/nginx-lua: Apply upstream diff/patch to fix an FTBFS
- d/modules/nginx-upstream-fair: Apply diff/patch from the Debian
package maintainers' git repository to not use default_port to
fix an FTBFS. (This will eventually be in Debian, and will get
merged in then as well).
-- Thomas Ward <email address hidden> Wed, 26 Apr 2017 12:02:33 -0400
Available diffs
- diff from 1.10.3-1ubuntu3 to 1.12.0-0ubuntu1 (187.7 KiB)
| Superseded in artful-release on 2017-04-28 |
| Published in zesty-release on 2017-02-28 |
| Deleted in zesty-proposed (Reason: moved to release) |
nginx (1.10.3-1ubuntu3) zesty; urgency=medium
* debian/tests/control: Remove the 'ec-x25519' test stanzas from the
declarations of tests to run. This test requires OpenSSL >= 1.1.0
to support the X25519 ECDH curve, and we do not have OpenSSL 1.1.0.
This delta can be ***dropped*** when we do have OpenSSL >= 1.1.0.
- This fixes the autopkgtests, of which the Debian merge introduced
a regression due to the ec-x25519 test.
-- Thomas Ward <email address hidden> Mon, 27 Feb 2017 19:51:57 -0500
Available diffs
- diff from 1.10.2-0ubuntu1 to 1.10.3-1ubuntu3 (517.5 KiB)
- diff from 1.11.8-1+zesty1 to 1.10.3-1ubuntu3 (171.8 KiB)
| Superseded in zesty-proposed on 2017-02-28 |
nginx (1.10.3-1ubuntu2) zesty; urgency=low * debian/*.save: Junk .save left in the packaging, remove these. -- Thomas Ward <email address hidden> Thu, 16 Feb 2017 15:39:51 -0500
Available diffs
- diff from 1.11.8-1+zesty1 to 1.10.3-1ubuntu2 (171.7 KiB)
| Superseded in zesty-proposed on 2017-02-16 |
nginx (1.10.3-1ubuntu1) zesty; urgency=medium
* Merge from Debian unstable (note: 1.10.3 already was merged, but 1.10.3
packaging changes in Debian were not). Remaining changes are as
follows: (LP: #1664652)
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- debian/rules: Alter build flags for cflags and ldflags to fix known
fPIE / fPIC compilation issues (see nginx PPA bug for more details
and information, LP: #1657596)
-- Thomas Ward <email address hidden> Thu, 16 Feb 2017 15:29:40 -0500
Available diffs
- diff from 1.11.8-1+zesty1 to 1.10.3-1ubuntu1 (173.1 KiB)
| Superseded in zesty-proposed on 2017-02-16 |
nginx (1.10.3-0ubuntu2) zesty; urgency=low
* Merge from Debian unstable (nginx version there is 1.10.2-4). Remaining
changes: (LP: #1664652)
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- debian/rules: Alter build flags for cflags and ldflags to fix known
fPIE / fPIC compilation issues (see nginx PPA bug for more details
and information, LP: #1657596)
-- Thomas Ward <email address hidden> Tue, 14 Feb 2017 17:47:00 -0500
Available diffs
- diff from 1.11.8-1+zesty1 to 1.10.3-0ubuntu2 (172.8 KiB)
| Published in yakkety-proposed on 2017-03-22 |
nginx (1.10.3-0ubuntu0.16.10.1) yakkety; urgency=medium * Stable Release Update (LP: #1663937) * New upstream release (1.10.3) - full changelog available at upstream website - http://nginx.org/en/CHANGES-1.10 * All Ubuntu specific changes from 1.10.1-0ubuntu1 through 1.10.1-0ubuntu1.2 remain included. * Additional changes: * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch. -- Thomas Ward <email address hidden> Sat, 11 Feb 2017 16:18:21 -0500
Available diffs
| Published in xenial-proposed on 2017-03-22 |
nginx (1.10.3-0ubuntu0.16.04.1) xenial; urgency=medium * Stable Release Update (LP: #1663937) * New upstream release (1.10.3) - full changelog available at upstream website - http://nginx.org/en/CHANGES-1.10 * All Ubuntu specific changes from 1.10.0-0ubuntu1 through 1.10.0-0ubuntu0.16.04.4 remain included. * Additional changes: * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch. * debian/patches/cve-2016-4450.patch: Drop CVE patch as it is already included in the upstream source code in this upload. -- Thomas Ward <email address hidden> Sat, 11 Feb 2017 16:18:21 -0500
Available diffs
| Deleted in zesty-proposed on 2017-02-19 (Reason: NBS) |
nginx (1.10.3-0ubuntu1) zesty; urgency=medium
* New upstream release (1.10.3) - full changelog available at upstream
website - http://nginx.org/en/CHANGES-1.10 - upstream release date
was 31 Jan 2016
* All other changes from previous versions remain included.
* debian/patches/ubuntu-branding.patch:
- Refreshed Ubuntu Branding patch.
-- Thomas Ward <email address hidden> Sat, 11 Feb 2017 15:56:57 -0500
Available diffs
- diff from 1.11.8-1+zesty1 to 1.10.3-0ubuntu1 (653.5 KiB)
| Deleted in zesty-proposed on 2016-12-30 (Reason: Bad upload) |
nginx (1.11.8-1+zesty1) zesty; urgency=medium * Try and fix PIE/PIC build errors. -- Thomas Ward <email address hidden> Thu, 29 Dec 2016 13:38:38 -0500
Available diffs
- diff from 1.10.2-0ubuntu1 to 1.11.8-1+zesty1 (654.7 KiB)
| Superseded in zesty-release on 2017-02-28 |
| Deleted in zesty-proposed on 2017-03-01 (Reason: moved to release) |
nginx (1.10.2-0ubuntu1) zesty; urgency=medium
* New upstream release (1.10.2) - full changelog available at upstream
website - http://nginx.org/en/CHANGES-1.10 - upstream release date
was 18 Oct 2016
* All other changes from 1.10.1-0ubuntu1 through 1.10.1-0ubuntu5 remain
included
* debian/patches/ubuntu-branding.patch:
- Refreshed Ubuntu Branding patch.
-- Thomas Ward <email address hidden> Thu, 15 Dec 2016 11:23:43 -0500
Available diffs
nginx (1.4.6-1ubuntu3.7) trusty-security; urgency=medium * SECURITY REGRESSION: config upgrade failure (LP: #1637058) - debian/nginx-common.config: fix return code so script doesn't exit. -- Marc Deslauriers <email address hidden> Thu, 27 Oct 2016 10:42:53 -0400
Available diffs
nginx (1.10.0-0ubuntu0.16.04.4) xenial-security; urgency=medium * SECURITY REGRESSION: config upgrade failure (LP: #1637058) - debian/nginx-common.config: fix return code so script doesn't exit. -- Marc Deslauriers <email address hidden> Thu, 27 Oct 2016 10:42:14 -0400
Available diffs
| Superseded in zesty-release on 2016-12-16 |
| Deleted in zesty-proposed on 2016-12-17 (Reason: moved to release) |
nginx (1.10.1-0ubuntu5) zesty; urgency=medium
* debian/nginx-common.config:
- Fix the return code so the script does not exit during version
string comparisons.
- Also update the version string to compare with (for zesty only)
-- Thomas Ward <email address hidden> Thu, 27 Oct 2016 10:48:45 -0400
Available diffs
- diff from 1.10.1-0ubuntu1 to 1.10.1-0ubuntu5 (3.2 KiB)
- diff from 1.10.1-0ubuntu4 to 1.10.1-0ubuntu5 (574 bytes)
nginx (1.10.1-0ubuntu1.2) yakkety-security; urgency=medium * SECURITY REGRESSION: postinst upgrade failure (LP: #1637058) - debian/nginx-common.postinst: fix return code so script doesn't exit. -- Marc Deslauriers <email address hidden> Thu, 27 Oct 2016 10:14:26 -0400
Available diffs
| Superseded in zesty-proposed on 2016-10-27 |
nginx (1.10.1-0ubuntu4) zesty; urgency=medium
* debian/nginx-common.config:
- Fix an issue with the incorrect version numbers being compared
during configuration; this was something I missed when reviewing
the package for uploading previously. (LP: #1637058)
-- Thomas Ward <email address hidden> Thu, 27 Oct 2016 08:45:40 -0400
Available diffs
- diff from 1.10.1-0ubuntu3 to 1.10.1-0ubuntu4 (630 bytes)
| Superseded in zesty-proposed on 2016-10-27 |
nginx (1.10.1-0ubuntu3) zesty; urgency=medium
[ Christos Trochalakis ]
* debian/nginx-common.postinst:
+ Secure log file handling (owner & permissions) against privilege
escalation attacks. /var/log/nginx is now owned by root:adm.
Thanks Dawid Golunski (http://legalhackers.com) for the report.
Changing /var/log/nginx permissions effectively reopens #701112,
since log files can be world-readable. This is a trade-off until
a better log opening solution is implemented upstream (trac:376).
* debian/control:
Don't allow building against liblua5.1-0-dev on architectures
that libluajit is available.
-- Thomas Ward <email address hidden> Tue, 25 Oct 2016 17:03:54 -0400
Available diffs
| Superseded in zesty-proposed on 2016-10-26 |
nginx (1.10.1-0ubuntu2) zesty; urgency=medium * No-change rebuild for perl 5.24 transition -- Iain Lane <email address hidden> Mon, 24 Oct 2016 10:36:19 +0100
Available diffs
- diff from 1.10.1-0ubuntu1 to 1.10.1-0ubuntu2 (344 bytes)
nginx (1.4.6-1ubuntu3.6) trusty-security; urgency=medium
[ Christos Trochalakis ]
* debian/nginx-common.postinst:
+ Secure log file handling (owner & permissions) against privilege
escalation attacks. /var/log/nginx is now owned by root:adm.
Thanks Dawid Golunski (http://legalhackers.com) for the report.
Changing /var/log/nginx permissions effectively reopens #701112,
since log files can be world-readable. This is a trade-off until
a better log opening solution is implemented upstream (trac:376).
-- Marc Deslauriers <email address hidden> Tue, 18 Oct 2016 11:12:58 +0200
Available diffs
nginx (1.10.1-0ubuntu1.1) yakkety-security; urgency=medium
[ Christos Trochalakis ]
* debian/nginx-common.postinst:
+ Secure log file handling (owner & permissions) against privilege
escalation attacks. /var/log/nginx is now owned by root:adm.
Thanks Dawid Golunski (http://legalhackers.com) for the report.
Changing /var/log/nginx permissions effectively reopens #701112,
since log files can be world-readable. This is a trade-off until
a better log opening solution is implemented upstream (trac:376).
* debian/control:
Don't allow building against liblua5.1-0-dev on architectures
that libluajit is available.
-- Marc Deslauriers <email address hidden> Tue, 18 Oct 2016 11:18:47 +0200
Available diffs
nginx (1.10.0-0ubuntu0.16.04.3) xenial-security; urgency=medium
[ Christos Trochalakis ]
* debian/nginx-common.postinst:
+ Secure log file handling (owner & permissions) against privilege
escalation attacks. /var/log/nginx is now owned by root:adm.
Thanks Dawid Golunski (http://legalhackers.com) for the report.
Changing /var/log/nginx permissions effectively reopens #701112,
since log files can be world-readable. This is a trade-off until
a better log opening solution is implemented upstream (trac:376).
* debian/control:
Don't allow building against liblua5.1-0-dev on architectures
that libluajit is available.
-- Marc Deslauriers <email address hidden> Tue, 18 Oct 2016 11:02:16 +0200
Available diffs
nginx (1.4.6-1ubuntu3.5) trusty-security; urgency=medium
* SECURITY UPDATE: Null pointer dereference while writing client request
body (LP: #1587577)
- debian/patches/cve-2016-4450.patch: Upstream patch to address issue.
- CVE-2016-4450
-- Thomas Ward <email address hidden> Tue, 31 May 2016 20:23:03 -0400
Available diffs
- diff from 1.4.6-1ubuntu3.4 to 1.4.6-1ubuntu3.5 (921 bytes)
nginx (1.10.0-0ubuntu0.16.04.2) xenial-security; urgency=medium
* SECURITY UPDATE: Null pointer dereference while writing client request
body (LP: #1587577)
- debian/patches/cve-2016-4450.patch: Upstream patch to address issue.
- CVE-2016-4450
-- Thomas Ward <email address hidden> Tue, 31 May 2016 19:47:42 -0400
Available diffs
nginx (1.9.3-1ubuntu1.2) wily-security; urgency=medium
* SECURITY UPDATE: Null pointer dereference while writing client request
body (LP: #1587577)
- debian/patches/cve-2016-4450.patch: Upstream patch to address issue.
- CVE-2016-4450
-- Thomas Ward <email address hidden> Tue, 31 May 2016 20:14:23 -0400
Available diffs
- diff from 1.9.3-1ubuntu1.1 to 1.9.3-1ubuntu1.2 (918 bytes)
| Superseded in zesty-release on 2016-11-01 |
| Published in yakkety-release on 2016-06-01 |
| Deleted in yakkety-proposed (Reason: moved to release) |
nginx (1.10.1-0ubuntu1) yakkety; urgency=medium
* New upstream release (1.10.1) - full changelog available at upstream
website - http://nginx.org/en/CHANGES-1.10.
* Update done to address the following security issues:
- [CVE-2016-4450] NULL pointer dereference while writing client
request body. (LP: #1587577)
* Additional changes:
* debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch.
-- Thomas Ward <email address hidden> Tue, 31 May 2016 19:09:33 -0400
Available diffs
| Superseded in xenial-updates on 2016-06-02 |
| Deleted in xenial-proposed on 2016-06-03 (Reason: moved to -updates) |
nginx (1.10.0-0ubuntu0.16.04.1) xenial-proposed; urgency=medium * Stable Release Update (LP: #1575212) * New upstream release (1.10.0) - full changelog available at upstream website - http://nginx.org/en/CHANGES-1.10 * All Ubuntu specific changes from 1.9.15-0ubuntu1 remain included. * Additional changes: * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch. -- Thomas Ward <email address hidden> Tue, 26 Apr 2016 10:21:29 -0400
Available diffs
| Superseded in yakkety-release on 2016-06-01 |
| Deleted in yakkety-proposed on 2016-06-02 (Reason: moved to release) |
nginx (1.10.0-0ubuntu1) yakkety; urgency=medium
* New upstream release (1.10.0) - full changelog available at upstream
website - http://nginx.org/en/CHANGES-1.10 (LP: #1575217)
* All Ubuntu specific changes from 1.9.15-0ubuntu1 remain included.
* Additional changes:
* debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch.
-- Thomas Ward <email address hidden> Tue, 26 Apr 2016 10:24:23 -0400
Available diffs
| Superseded in yakkety-release on 2016-04-27 |
| Published in xenial-release on 2016-04-20 |
| Deleted in xenial-proposed (Reason: moved to release) |
nginx (1.9.15-0ubuntu1) xenial-proposed; urgency=medium
* New upstream release (1.9.15) - full changelog available at upstream
website - http://nginx.org/en/CHANGES (LP: #1572223)
* All Ubuntu specific changes from 1.1.14-0ubuntu1, except noted below,
remain included in this upload.
* Remaining changes:
* debian/control: Re-add libluajit-5.1-dev build-dependency, as it will
only affect nginx-extras which is in Universe. This reduces the merge
delta between Ubuntu and Debian slightly, as well. (LP: #1571444)
* debian/patches/ubuntu-branding.patch: Refresh Ubuntu Branding patch.
-- Thomas Ward <email address hidden> Mon, 18 Apr 2016 15:39:08 -0400
Available diffs
| Superseded in xenial-release on 2016-04-20 |
| Deleted in xenial-proposed on 2016-04-22 (Reason: moved to release) |
nginx (1.9.14-0ubuntu1) xenial-proposed; urgency=medium
* New upstream release (1.9.14) - full changelog available at upstream
website - htp://nginx.org/en/CHANGES (LP: #1566392)
* All Ubuntu specific changes from 1.9.13-0ubuntu1, except noted below,
remain included in this upload.
* Remaining changes:
* Enable HTTP/2 module for nginx-full, nginx-extras, and nginx-core
(LP: #1565043)
- debian/rules: Enable HTTP/2 module building in flavor rules
- debian/control: Add HTTP/2 module to package descriptions.
* debian/patches/ubuntu-branding.patch: Refresh Ubuntu Branding patch.
-- Thomas Ward <email address hidden> Fri, 01 Apr 2016 14:23:47 -0400
Available diffs
- diff from 1.9.13-0ubuntu1 to 1.9.14-0ubuntu1 (23.6 KiB)
| Superseded in xenial-release on 2016-04-06 |
| Deleted in xenial-proposed on 2016-04-08 (Reason: moved to release) |
nginx (1.9.13-0ubuntu1) xenial-proposed; urgency=medium
* New upstream release (1.9.13) - full changelog available at upstream
website - http://nginx.org/en/CHANGES (LP: #1563393)
* All Ubuntu specific changes from 1.9.12-0ubuntu1 remain included in
this upload.
* debian/patches/ubuntu-branding.patch: Refresh Ubuntu Branding patch.
-- Thomas Ward <email address hidden> Tue, 29 Mar 2016 18:47:36 -0400
Available diffs
- diff from 1.9.12-0ubuntu1 to 1.9.13-0ubuntu1 (35.0 KiB)
| Superseded in xenial-release on 2016-04-01 |
| Deleted in xenial-proposed on 2016-04-03 (Reason: moved to release) |
nginx (1.9.12-0ubuntu1) xenial; urgency=medium
* New upstream release (1.9.12) - full changelog available at upstream
website - http://nginx.org/en/CHANGES (LP: #1549347)
* All Ubuntu specific changes from 1.9.11-0ubuntu1 and -0ubuntu2 remain
included in this upload.
-- Thomas Ward <email address hidden> Wed, 24 Feb 2016 10:26:31 -0500
Available diffs
- diff from 1.9.11-0ubuntu2 to 1.9.12-0ubuntu1 (15.7 KiB)
| Superseded in xenial-release on 2016-03-15 |
| Deleted in xenial-proposed on 2016-03-17 (Reason: moved to release) |
nginx (1.9.11-0ubuntu2) xenial; urgency=medium
* This is a bug-fix only upload and does not include any new changes to
features.
* debian/conf/sites-available/default: Modify PHP 'default example' settings
to account for php5 being replaced with php7.0 in Xenial. Also adapt the
UNIX socket path for php7.0-fpm to be the one used by default in Xenial.
(LP: #1547642)
-- Thomas Ward <email address hidden> Fri, 19 Feb 2016 14:13:28 -0500
Available diffs
- diff from 1.9.11-0ubuntu1 to 1.9.11-0ubuntu2 (744 bytes)
| Superseded in xenial-release on 2016-02-21 |
| Deleted in xenial-proposed on 2016-02-23 (Reason: moved to release) |
nginx (1.9.11-0ubuntu1) xenial; urgency=low
* New upstream release (1.9.11) - see http://nginx.org/en/CHANGES for
full changelog.
* Ubuntu-specific changes from the 1.9.10 merge remain included here.
* Additional changes:
- debian/modules/nginx-lua: Apply upstream patch to fix FTBFS issue
-- Thomas Ward <email address hidden> Tue, 09 Feb 2016 10:33:14 -0500
Available diffs
- diff from 1.9.10-1ubuntu1 to 1.9.11-0ubuntu1 (29.0 KiB)
nginx (1.4.6-1ubuntu3.4) trusty-security; urgency=medium * SECURITY UPDATE: multiple resolver security issues (LP: #1538165) - debian/patches/CVE-2016-074x-1.patch: fix possible segmentation fault on DNS format error. - debian/patches/CVE-2016-074x-2.patch: fix crashes in timeout handler. - debian/patches/CVE-2016-074x-3.patch: fixed CNAME processing for several requests. - debian/patches/CVE-2016-074x-4.patch: change the ngx_resolver_create_*_query() arguments. - debian/patches/CVE-2016-074x-5.patch: fix use-after-free memory accesses with CNAME. - debian/patches/CVE-2016-074x-6.patch: limited CNAME recursion. - CVE-2016-0742 - CVE-2016-0743 - CVE-2016-0744 -- Marc Deslauriers <email address hidden> Wed, 03 Feb 2016 09:12:00 -0500
Available diffs
nginx (1.9.3-1ubuntu1.1) wily-security; urgency=medium * SECURITY UPDATE: multiple resolver security issues (LP: #1538165) - debian/patches/CVE-2016-074x-1.patch: fix possible segmentation fault on DNS format error. - debian/patches/CVE-2016-074x-2.patch: fix crashes in timeout handler. - debian/patches/CVE-2016-074x-3.patch: fixed CNAME processing for several requests. - debian/patches/CVE-2016-074x-4.patch: change the ngx_resolver_create_*_query() arguments. - debian/patches/CVE-2016-074x-5.patch: fix use-after-free memory accesses with CNAME. - debian/patches/CVE-2016-074x-6.patch: limited CNAME recursion. - CVE-2016-0742 - CVE-2016-0743 - CVE-2016-0744 -- Marc Deslauriers <email address hidden> Wed, 03 Feb 2016 08:38:22 -0500
Available diffs
| Superseded in xenial-release on 2016-02-18 |
| Deleted in xenial-proposed on 2016-02-19 (Reason: moved to release) |
nginx (1.9.10-1ubuntu1) xenial; urgency=low * Merge from Debian unstable. Remaining changes: (LP: #1538677) - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed) - d/{control,rules,nginx-core.*}: add new binary package for main, nginx-core, which contains only source-tarball-included modules and no third-party modules. - debian/tests/control: add nginx-core test. - debian/control: - drop luajit from Build-Depends as it is in universe. - Remove HTTP/2 references in package descriptions, per Ubuntu Security Team mandate to disable HTTP/2 support. - debian/rules: - Disable HTTP/2 module support in all flavors, per Ubuntu Security Team mandate. - debian/apport/source_nginx.py: Add apport hooks for additional bug information gathering. - debian/nginx-common.install: Add install rule for apport hooks. * Additional bugs fixed by this merge: - nginx-common should not depend on python (LP: #1480513) -- Thomas Ward <email address hidden> Tue, 27 Jan 2016 12:52:00 -0500
Available diffs
- diff from 1.9.10-0ubuntu1 to 1.9.10-1ubuntu1 (1008 bytes)
| Superseded in xenial-release on 2016-01-27 |
| Deleted in xenial-proposed on 2016-01-29 (Reason: moved to release) |
nginx (1.9.10-0ubuntu1) xenial; urgency=medium
* New upstream release.
* debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch
* Security content of this upload addresses the following vulnerabilities
and CVE-numbered Security issues: (LP: #1538165)
- Invalid pointer dereference might occur during DNS server response
processing, allowing an attacker who is able to forge UDP
packets from the DNS server to cause worker process crash
(CVE-2016-0742).
- Use-after-free condition might occur during CNAME response
processing. This problem allows an attacker who is able to trigger
name resolution to cause worker process crash, or might
have potential other impact (CVE-2016-0746).
- CNAME resolution was insufficiently limited, allowing an attacker who
is able to trigger arbitrary name resolution to cause excessive resource
consumption in worker processes (CVE-2016-0747).
-- Thomas Ward <email address hidden> Tue, 26 Jan 2016 14:53:01 -0500
Available diffs
| Superseded in xenial-release on 2016-01-26 |
| Deleted in xenial-proposed on 2016-01-28 (Reason: moved to release) |
nginx (1.9.9-1ubuntu1) xenial; urgency=low * Merge from Debian unstable. Remaining changes: (LP: #1534208) - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed) - d/{control,rules,nginx-core.*}: add new binary package for main, nginx-core, which contains only source-tarball-included modules and no third-party modules. - debian/tests/control: add nginx-core test. - debian/control: - drop luajit from Build-Depends as it is in universe. - Update nginx-core description to match nginx-full description of the standard and optional HTTP modules that are enabled. - Remove HTTP/2 references in package descriptions, per Ubuntu Security Team mandate to disable HTTP/2 support. - debian/rules: - Update nginx-core configure flags to match nginx-full config flags, due to refreshing the nginx-core 'enabled modules' to match the nginx-full modules (minus third-party modules) - Disable HTTP/2 module support in all flavors, per Ubuntu Security Team mandate. - debian/apport/source_nginx.py: Add apport hooks for additional bug information gathering. - debian/nginx-common.install: Add install rule for apport hooks. * debian/control: Remove HTTP/2 reference in nginx-extras description, which was missed previously due to accidental oversight. (LP: #1534368) -- Thomas Ward <email address hidden> Thu, 14 Jan 2016 18:42:00 -0500
Available diffs
- diff from 1.9.9-0ubuntu1 to 1.9.9-1ubuntu1 (65.1 KiB)
| Superseded in xenial-release on 2016-01-15 |
| Deleted in xenial-proposed on 2016-01-17 (Reason: moved to release) |
nginx (1.9.9-0ubuntu1) xenial; urgency=medium * New upstream release. * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch -- Thomas Ward <email address hidden> Sun, 03 Jan 2016 12:49:21 -0500
Available diffs
- diff from 1.9.6-2ubuntu2 to 1.9.9-0ubuntu1 (13.1 KiB)
| Superseded in xenial-release on 2016-01-07 |
| Deleted in xenial-proposed on 2016-01-08 (Reason: moved to release) |
nginx (1.9.6-2ubuntu2) xenial; urgency=medium * Rebuild for Perl 5.22.1. -- Colin Watson <email address hidden> Fri, 18 Dec 2015 12:53:05 +0000
Available diffs
- diff from 1.9.6-2ubuntu1 to 1.9.6-2ubuntu2 (324 bytes)
| Superseded in xenial-release on 2016-01-06 |
| Deleted in xenial-proposed on 2016-01-08 (Reason: moved to release) |
nginx (1.9.6-2ubuntu1) xenial; urgency=medium * Merge from Debian unstable. Remaining changes: (LP: #1510096) - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed) - d/{control,rules,nginx-core.*}: add new binary package for main, nginx-core, which contains only source-tarball-included modules and no third-party modules. - debian/tests/control: add nginx-core test. - debian/control: drop luajit from Build-Depends as it is in universe. - debian/apport/source_nginx.py: Add apport hooks for additional bug information gathering. - debian/nginx-common.install: Add install rule for apport hooks. * Additional changes: * debian/rules: - Update nginx-core configure flags to match nginx-full config flags, due to refreshing the nginx-core 'enabled modules' to match the nginx-full modules (minus third-party modules) - Disable HTTP/2 module support in all flavors, per Ubuntu Security Team mandate. * debian/control: - Update nginx-core description to match nginx-full description of the standard and optional HTTP modules that are enabled. - Remove HTTP/2 references in package descriptions, per Ubuntu Security Team mandate to disable HTTP/2 support. -- Thomas Ward <email address hidden> Mon, 14 Dec 2015 10:34:42 -0500
Available diffs
- diff from 1.9.3-1ubuntu1 to 1.9.6-2ubuntu1 (128.9 KiB)
| Superseded in trusty-updates on 2016-02-09 |
| Deleted in trusty-proposed on 2016-02-11 (Reason: moved to -updates) |
nginx (1.4.6-1ubuntu3.3) trusty-proposed; urgency=medium
* debian/nginx-common.nginx.init: Fix pidfile extraction, due to multiple
failure cases, using Debian's solution. (LP: #1314740)
-- Thomas Ward <email address hidden> Wed, 29 Jul 2015 19:43:04 -0400
Available diffs
- diff from 1.4.6-1ubuntu3.2 to 1.4.6-1ubuntu3.3 (655 bytes)
| Superseded in xenial-release on 2015-12-16 |
| Published in wily-release on 2015-07-22 |
| Deleted in wily-proposed (Reason: moved to release) |
nginx (1.9.3-1ubuntu1) wily; urgency=medium * Merge from Debian. Remaining changes: (LP: #1476811) - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed) - d/{control,rules,nginx-core.*}: add new binary package for main, nginx-core, which contains only source-tarball-included modules and no third-party modules. - debian/tests/control: add nginx-core test. - debian/control: drop luajit from Build-Depends as it is in universe. - debian/apport/source_nginx.py: Add apport hooks for additional bug information gathering. - debian/nginx-common.install: Add install rule for apport hooks.
Available diffs
- diff from 1.6.2-5ubuntu4 to 1.9.3-1ubuntu1 (323.7 KiB)
nginx (1.6.2-5ubuntu3.1) vivid; urgency=medium
* debian/apport/source_nginx.py:
- Add apport hooks for additional bug information gathering, as a result
of non-useful reports due to postinstall script failure bugs. This is
necessary in order to be able to actually debug what is going on in the
bug reports, thanks to systemd not putting startup errors to stdout or
stderr anymore, like Upstart and others did. (LP: #1472683)
* debian/nginx-common.install:
- Add install rule for debian/apport/source_nginx.py, which is the new
apport hooks to gather additional 'Package' bugtype debug data.
-- Thomas Ward <email address hidden> Fri, 10 Jul 2015 11:14:00 -0400
Available diffs
| Superseded in wily-release on 2015-07-22 |
| Deleted in wily-proposed on 2015-07-23 (Reason: moved to release) |
nginx (1.6.2-5ubuntu4) wily; urgency=medium
* debian/apport/source_nginx.py:
- Add apport hooks for additional bug information gathering, as a result
of non-useful reports due to postinstall script failure bugs. This is
necessary in order to be able to actually debug what is going on in the
bug reports, thanks to systemd not putting startup errors to stdout or
stderr anymore, like Upstart and others did. (LP: #1472683)
* debian/nginx-common.install:
- Add install rule for debian/apport/source_nginx.py, which is the new
apport hooks to gather additional 'Package' bugtype debug data.
-- Thomas Ward <email address hidden> Fri, 10 Jul 2015 12:51:48 -0400
Available diffs
| Superseded in wily-release on 2015-07-10 |
| Published in vivid-release on 2015-04-02 |
| Deleted in vivid-proposed (Reason: moved to release) |
nginx (1.6.2-5ubuntu3) vivid-proposed; urgency=medium
* debian/rules:
* Reversed Debian change in 1.6.2-5ubuntu2.
* Added DEB_BUILD_MAINT_OPTIONS=hardening=+all to enable all
dpkg-buildflags to harden the code, except for PIE flags.
* Manually define DEB_BUILD_MAINT_OPTIONS in DEBIAN_NGINX_PERL_LDFLAGS
to not have -fPIE conflicts in Perl flags.
-- Thomas Ward <email address hidden> Wed, 01 Apr 2015 14:57:34 -0400
Available diffs
- diff from 1.6.2-5ubuntu1 to 1.6.2-5ubuntu3 (828 bytes)
- diff from 1.6.2-5ubuntu2 to 1.6.2-5ubuntu3 (826 bytes)
| Superseded in vivid-proposed on 2015-04-02 |
nginx (1.6.2-5ubuntu2) vivid-proposed; urgency=medium
* debian/rules:
* Added -fPIE -pie to build rules (enables position-independent builds)
using Debian's committed change to enable. (LP: #1315426)
-- Thomas Ward <email address hidden> Wed, 01 Apr 2015 14:26:32 -0400
Available diffs
- diff from 1.6.2-5ubuntu1 to 1.6.2-5ubuntu2 (569 bytes)
| Superseded in trusty-updates on 2015-08-06 |
| Deleted in trusty-proposed on 2015-08-08 (Reason: moved to -updates) |
nginx (1.4.6-1ubuntu3.2) trusty-proposed; urgency=medium * d/modules/nginx-http-push: Apply upstream bugfix. (LP: #1216817) * src/ngx_http_push_module_setup.c: Modify push module code with upstream changes to fix an issue with initialization when using `fastcgi_cache` or `proxy_cache`. * tests/nginx-cachemanager.conf: (new file) Include upstream change of adding an nginx-cachemanager.conf file to the tests. -- Thomas Ward <email address hidden> Mon, 09 Feb 2015 12:08:50 -0500
Available diffs
nginx (1.1.19-1ubuntu0.8) precise-proposed; urgency=medium * d/modules/nginx-http-push: Apply upstream bugfix. (LP: #1216817) * src/ngx_http_push_module_setup.c: Modify push module code with upstream changes to fix an issue with initialization when using `fastcgi_cache` or `proxy_cache`. * tests/nginx-cachemanager.conf: (new file) Include upstream change of adding an nginx-cachemanager.conf file to the tests. -- Thomas Ward <email address hidden> Mon, 09 Feb 2015 12:02:52 -0500
Available diffs
nginx (1.1.19-1ubuntu0.7) precise-security; urgency=medium * SECURITY UPDATE: incorrect cached SSL session reuse (LP: #1370478) - debian/patches/CVE-2014-3616.patch: Use a random value for session id context, since there is no support for shared TLS Session Tickets in this version in src/event/ngx_event_openssl.c. - CVE-2014-3616 -- Lev Lazinskiy <email address hidden> Fri, 05 Dec 2014 22:25:50 -0500
Available diffs
| Superseded in vivid-release on 2015-04-02 |
| Deleted in vivid-proposed on 2015-04-04 (Reason: moved to release) |
nginx (1.6.2-5ubuntu1) vivid; urgency=medium * Merge from Debian. Remaining changes: (LP: #1399967) - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed) - debian/rules: Drop from -O3 to -O2 to work around a build failure. - d/{control,rules,nginx-core.*}: add new binary package for main, nginx-core, which contains only source-tarball-included modules and no third-party modules. - debian/tests/control: add nginx-core test. - debian/control: drop luajit from Build-Depends as it is in universe. -- Thomas Ward <email address hidden> Sat, 06 Dec 2014 13:06:55 -0500
Available diffs
| Superseded in vivid-release on 2014-12-30 |
| Deleted in vivid-proposed on 2014-12-31 (Reason: moved to release) |
nginx (1.6.2-4ubuntu1) vivid; urgency=medium * Merge from Debian. Remaining changes: (LP: #1388621) - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed). - debian/rules: Drop from -O3 to -O2 to work around a build failure. - d/{control,rules,nginx-core.*}: add new binary package for main, nginx-core, which contains only source-tarball-included modules and no third-party modules. - debian/tests/control: add nginx-core test. - debian/control: drop luajit from Build-Depends as it is in universe. * debian/control: * Remove nginx-naxsi* from nginx-core and related package stanzas, as the naxsi packages have all been dropped. * Remove reference to nginx-naxsi from nginx metapackage description * debian/index.html: Modify included index.html file to have Ubuntu branding, Ubuntu bug reporting tool references, and a link to the Launchpad bugs page for the nginx package.
Available diffs
- diff from 1.6.2-1ubuntu1.1 to 1.6.2-4ubuntu1 (466.5 KiB)
| Superseded in vivid-release on 2014-11-25 |
| Obsolete in utopic-release on 2016-11-03 |
| Deleted in utopic-proposed on 2016-11-03 (Reason: moved to release) |
nginx (1.6.2-1ubuntu1.1) utopic; urgency=medium
* debian/conf/sites-available/default: Remove SSLv3 from the ssl_protocols
line in the default config example, due to POODLE vulnerability.
-- Thomas Ward <email address hidden> Wed, 22 Oct 2014 09:43:35 -0400
Available diffs
- diff from 1.6.2-1ubuntu1 to 1.6.2-1ubuntu1.1 (553 bytes)
| Superseded in utopic-release on 2014-10-22 |
| Deleted in utopic-proposed on 2014-10-23 (Reason: moved to release) |
nginx (1.6.2-1ubuntu1) utopic; urgency=medium
* Merge from Debian. Remaining changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding
(refreshed).
- debian/rules: Drop from -O3 to -O2 to work around a build failure.
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
* debian/tests/control: add nginx-core test.
* debian/control: drop luajit from Build-Depends as it is in universe.
Available diffs
- diff from 1.6.1-1ubuntu2 to 1.6.2-1ubuntu1 (390.3 KiB)
nginx (1.4.6-1ubuntu3.1) trusty-security; urgency=medium * SECURITY UPDATE: incorrect cached SSL session reuse (LP: #1370478) - debian/patches/CVE-2014-3616.patch: include hash of certificate in session id context in src/event/ngx_event_openssl.c. - CVE-2014-3616 -- Marc Deslauriers <email address hidden> Wed, 17 Sep 2014 08:56:46 -0400
Available diffs
| Superseded in utopic-release on 2014-09-23 |
| Deleted in utopic-proposed on 2014-09-24 (Reason: moved to release) |
nginx (1.6.1-1ubuntu2) utopic; urgency=medium * Rebuild for Perl 5.20.0. -- Colin Watson <email address hidden> Sun, 24 Aug 2014 06:43:36 -0700
Available diffs
- diff from 1.6.1-1ubuntu1 to 1.6.1-1ubuntu2 (309 bytes)
| Superseded in utopic-release on 2014-08-27 |
| Deleted in utopic-proposed on 2014-08-28 (Reason: moved to release) |
nginx (1.6.1-1ubuntu1) utopic; urgency=medium
* Merge from Debian. Remaining changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding
(refreshed).
- debian/rules: Drop from -O3 to -O2 to work around a build failure.
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
* Add dep8 smoke test
Available diffs
- diff from 1.4.6-1ubuntu3 to 1.6.1-1ubuntu1 (237.6 KiB)
nginx (1.4.1-3ubuntu1.3) saucy-security; urgency=low * SECURITY UPDATE: SPDY Heap Buffer Overflow Vulnerabilty (LP: #1294280) - debian/patches/cve-2014-0133.patch: modify src/http/ngx_http_spdy.c to fix a heap buffer overflow vulnerability in the SPDY module by using a specially crafted request. - CVE-2014-0133 -- Thomas Ward <email address hidden> Tue, 18 Mar 2014 21:17:14 -0400
Available diffs
| Superseded in utopic-release on 2014-08-15 |
| Published in trusty-release on 2014-03-13 |
| Deleted in trusty-proposed (Reason: moved to release) |
nginx (1.4.6-1ubuntu3) trusty; urgency=medium
* Add new binary package for main, nginx-core, which contains only
source-tarball-included modules and no third-party modules.
* Changes to debian/ directory:
- control:
+ Add entry for nginx-core and nginx-core-dbg.
- rules:
+ Add nginx-core flavor to the build rules.
- nginx-core.*: Add new packaging files for nginx-core based on
the packaging files for nginx-full.
* The above changes satisfy the requirements for main (LP: #1262710)
-- Thomas Ward <email address hidden> Mon, 10 Mar 2014 18:23:36 -0400
Available diffs
| Superseded in trusty-release on 2014-03-13 |
| Superseded in trusty-release on 2014-03-13 |
| Deleted in trusty-proposed on 2014-03-14 (Reason: moved to release) |
nginx (1.4.6-1ubuntu2) trusty; urgency=medium * debian/rules: Drop from -O3 to -O2 to work around a build failure. -- Adam Conrad <email address hidden> Sun, 09 Mar 2014 11:49:28 -0600
Available diffs
- diff from 1.4.5-1ubuntu1 to 1.4.6-1ubuntu2 (6.5 KiB)
- diff from 1.4.6-1ubuntu1 to 1.4.6-1ubuntu2 (506 bytes)
| Superseded in trusty-proposed on 2014-03-09 |
nginx (1.4.6-1ubuntu1) trusty; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/ubuntu-branding.patch: Add Ubuntu branding.
Available diffs
| Superseded in trusty-release on 2014-03-09 |
| Deleted in trusty-proposed on 2014-03-11 (Reason: moved to release) |
nginx (1.4.5-1ubuntu1) trusty; urgency=medium * Resynchronise with Debian (LP: #1280511). Remaining changes: - debian/patches/ubuntu-branding.patch: + Add Ubuntu branding to server_tokens.
Available diffs
- diff from 1.4.4-4ubuntu1 to 1.4.5-1ubuntu1 (248.5 KiB)
| Superseded in saucy-updates on 2014-03-20 |
| Deleted in saucy-proposed on 2014-03-22 (Reason: moved to -updates) |
nginx (1.4.1-3ubuntu1.2) saucy; urgency=low
* Apply upstream changes to fix a segmentation fault in the third-party
ngx_auth_pam module in nginx-full and nginx-extras. (LP: #1264674)
-- Thomas Ward <email address hidden> Sun, 09 Feb 2014 21:14:14 -0500
Available diffs
| Superseded in precise-updates on 2015-01-06 |
| Deleted in precise-proposed on 2015-01-08 (Reason: moved to -updates) |
nginx (1.1.19-1ubuntu0.6) precise-proposed; urgency=low
* Enable building of the http_stub_status_module in nginx-naxsi, which was
apparently not marked for compiling even though it's listed in the package
description. (LP: #1170586)
-- Thomas Ward <email address hidden> Fri, 31 Jan 2014 11:02:23 -0500
Available diffs
| Superseded in trusty-release on 2014-02-15 |
| Deleted in trusty-proposed on 2014-02-16 (Reason: moved to release) |
nginx (1.4.4-4ubuntu1) trusty; urgency=medium
* Resynchronise with Debian. Remaining changes:
- debian/patches/ubuntu-branding.patch:
+ Add Ubuntu branding to server_tokens.
Available diffs
- diff from 1.4.4-2ubuntu1 to 1.4.4-4ubuntu1 (909 bytes)
| Superseded in trusty-release on 2014-01-08 |
| Deleted in trusty-proposed on 2014-01-09 (Reason: moved to release) |
nginx (1.4.4-2ubuntu1) trusty; urgency=medium
* Resynchronise with Debian. Remaining changes:
- debian/patches/ubuntu-branding.patch:
+ Add Ubuntu branding to server_tokens.
Available diffs
| Superseded in trusty-release on 2013-12-28 |
| Deleted in trusty-proposed on 2013-12-29 (Reason: moved to release) |
nginx (1.4.4-1ubuntu1) trusty; urgency=low * Resynchronise with Debian (LP: #1253691). Remaining changes: - debian/patches/ubuntu-branding.patch: + Add Ubuntu branding to server_tokens.
Available diffs
nginx (1.4.1-3ubuntu1.1) saucy-security; urgency=low * SECURITY UPDATE: ACL bypass via space character (LP: #1253691) - debian/patches/cve-2013-4547.patch: modify src/http/ngx_http_parse.c to account for a space character, fixing an issue which could result in security restrictions being bypassed - CVE-2013-4547 -- Thomas Ward <email address hidden> Thu, 21 Nov 2013 13:27:20 -0500
Available diffs
nginx (1.1.19-1ubuntu0.5) precise-security; urgency=low * SECURITY UPDATE: ACL bypass via space character (LP: #1253691) - debian/patches/cve-2013-4547.patch: modify src/http/ngx_http_parse.c to account for a space character, fixing an issue which could result in security restrictions being bypassed - CVE-2013-4547 -- Thomas Ward <email address hidden> Thu, 21 Nov 2013 13:02:22 -0500
Available diffs
nginx (1.2.6-1ubuntu3.3) raring-security; urgency=low * SECURITY UPDATE: ACL bypass via space character (LP: #1253691) - debian/patches/cve-2013-4547.patch: modify src/http/ngx_http_parse.c to account for a space character, fixing an issue which could result in security restrictions being bypassed - CVE-2013-4547 -- Thomas Ward <email address hidden> Thu, 21 Nov 2013 13:24:46 -0500
Available diffs
- diff from 1.2.6-1ubuntu3.2 to 1.2.6-1ubuntu3.3 (885 bytes)
nginx (1.2.1-2.2ubuntu0.2) quantal-security; urgency=low * SECURITY UPDATE: ACL bypass via space character (LP: #1253691) - debian/patches/cve-2013-4547.patch: modify src/http/ngx_http_parse.c to account for a space character, fixing an issue which could result in security restrictions being bypassed - CVE-2013-4547 -- Thomas Ward <email address hidden> Thu, 21 Nov 2013 13:19:37 -0500
Available diffs
| Superseded in trusty-release on 2013-11-22 |
| Deleted in trusty-proposed on 2013-11-23 (Reason: moved to release) |
nginx (1.4.3-2ubuntu1) trusty; urgency=low
* Resynchronise with Debian. Remaining changes:
- debian/patches/ubuntu-branding.patch:
+ Add Ubuntu branding to server_tokens.
Available diffs
- diff from 1.4.1-3ubuntu1 to 1.4.3-2ubuntu1 (10.2 KiB)
| Superseded in precise-updates on 2013-11-22 |
| Deleted in precise-proposed on 2013-11-23 (Reason: moved to -updates) |
nginx (1.1.19-1ubuntu0.4) precise; urgency=low
[ Thomas Ward ]
* Move postinst symlinking of default nginx config to nginx-common only.
(closes LP: #1206878)
[ Iain Lane ]
* Take additional change from Debian patch to check sites-enabled and
sites-available are directories before symlinking .../default.
-- Thomas Ward <email address hidden> Thu, 10 Oct 2013 10:48:16 +0100
Available diffs
| Superseded in precise-proposed on 2013-10-10 |
nginx (1.1.19-1ubuntu0.3) precise-proposed; urgency=low
* Move configuration file removal for package purging to nginx-common only.
(closes LP: #1206878)
-- Thomas Ward <email address hidden> Tue, 06 Aug 2013 13:20:29 -0400
Available diffs
| Superseded in trusty-release on 2013-10-24 |
| Obsolete in saucy-release on 2015-04-24 |
| Deleted in saucy-proposed on 2015-04-28 (Reason: moved to release) |
nginx (1.4.1-3ubuntu1) saucy; urgency=low
* Resynchronise with Debian. Remaining changes:
- debian/patches/ubuntu-branding.patch:
+ Add Ubuntu branding to server_tokens.
Available diffs
- diff from 1.4.1-2ubuntu1 to 1.4.1-3ubuntu1 (803 bytes)
| Superseded in saucy-release on 2013-07-01 |
| Deleted in saucy-proposed on 2013-07-03 (Reason: moved to release) |
nginx (1.4.1-2ubuntu1) saucy; urgency=low
* Resynchronise with Debian. Remaining changes:
- debian/patches/ubuntu-branding.patch:
+ Add Ubuntu branding to server_tokens.
Available diffs
| 1 → 75 of 157 results | First • Previous • Next • Last |
