Change log for nginx package in Ubuntu
| 1 → 75 of 215 results | First • Previous • Next • Last |
| Published in focal-proposed on 2020-04-28 |
nginx (1.18.0-0ubuntu1) focal; urgency=medium * Stable Release Update for Version String (LP: #1875231) * New upstream Stable release (1.18.0) - full changelog available from http://nginx.org/en/CHANGES * Remaining Ubuntu-specific changes: - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed) - d/{control,rules,nginx-core.*}: add new binary package for main, nginx-core, which contains only source-tarball-included modules and no third-party modules. - debian/tests/control: add nginx-core test. - debian/apport/source_nginx.py: Add apport hooks for additional bug information gathering. - debian/nginx-common.install: Add install rule for apport hooks. - d/nginx-{core,light,full,extras}.postinst: Add checks for whether port 80 is in use or not to determine whether or not to attempt starting of the NGINX service during install/upgrade - d/control: Add dependencies to nginx-{core,light,full,extras} on `iproute2` as the postinst scripts now use `ss` to determine if Port 80 is open or not. - d/rules: Enable --with-compat build option for all nginx package flavors - d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party module to nginx-full and nginx-extras (and use proper DEP5 syntax for d/copyright). - d/control, d/rules: Drop GeoIP from nginx-core due to demotion of libgeoip. -- Thomas Ward <email address hidden> Tue, 21 Apr 2020 10:49:01 -0400
Available diffs
| Published in groovy-release on 2020-04-24 |
| Published in focal-release on 2020-04-18 |
| Deleted in focal-proposed (Reason: moved to Release) |
nginx (1.17.10-0ubuntu1) focal; urgency=medium
* New upstream release (1.17.9) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
- d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
module to nginx-full and nginx-extras (and use proper DEP5 syntax for
d/copyright).
- d/control, d/rules: Drop GeoIP from nginx-core due to demotion of
libgeoip.
-- Thomas Ward <email address hidden> Tue, 14 Apr 2020 12:53:34 -0400
Available diffs
| Superseded in focal-release on 2020-04-18 |
| Deleted in focal-proposed on 2020-04-19 (Reason: moved to Release) |
nginx (1.17.9-0ubuntu3) focal; urgency=medium * d/conf/sites-available/default: Update PHP path for PHP 7.4. -- Thomas Ward <email address hidden> Thu, 26 Mar 2020 10:53:52 -0400
Available diffs
- diff from 1.17.9-0ubuntu2 to 1.17.9-0ubuntu3 (515 bytes)
| Superseded in focal-release on 2020-03-26 |
| Deleted in focal-proposed on 2020-03-28 (Reason: moved to Release) |
nginx (1.17.9-0ubuntu2) focal; urgency=medium * Drop GeoIP from nginx-core due to demotion of libgeoip (LP: #1861101, LP: #1867150): - d/control: Remove libnginx-mod-http-geoip from nginx-core dependency - d/rules: Remove the configure line of with-http_geoip_module=dynamic from the nginx-core build flags, due to demotion of libgeoip and the removal of the dynamic library from install deps for nginx-core. -- Thomas Ward <email address hidden> Wed, 11 Mar 2020 13:41:07 -0400
Available diffs
| Superseded in focal-release on 2020-03-17 |
| Deleted in focal-proposed on 2020-03-18 (Reason: moved to Release) |
nginx (1.17.9-0ubuntu1) focal; urgency=medium
* New upstream release (1.17.9) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
- d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
module to nginx-full and nginx-extras (and use proper DEP5 syntax for
d/copyright).
-- Thomas Ward <email address hidden> Tue, 03 Mar 2020 11:05:45 -0500
Available diffs
| Superseded in focal-release on 2020-03-03 |
| Deleted in focal-proposed on 2020-03-05 (Reason: moved to Release) |
nginx (1.17.8-0ubuntu3) focal; urgency=medium
* d/conf/sites-available/default: Indentation consistency.
Fix an indentation issue introduced by 1.17.8-0ubuntu2 to make sure that
indentation in the default config file is consistent.
-- Thomas Ward <email address hidden> Wed, 26 Feb 2020 10:35:13 -0500
Available diffs
- diff from 1.17.8-0ubuntu2 to 1.17.8-0ubuntu3 (487 bytes)
| Superseded in focal-release on 2020-02-28 |
| Deleted in focal-proposed on 2020-02-29 (Reason: moved to Release) |
nginx (1.17.8-0ubuntu2) focal; urgency=medium
* d/conf/sites-available/default: Revert changes done in #1743592.
Reverts this change:
- d/conf/sites-available/default: Update default nginx site
configuration file to remove the IPv6 listening line so that servers
running without IPv6 enabled at all on the system will start nginx
properly.
-- Thomas Ward <email address hidden> Thu, 20 Feb 2020 13:52:32 -0500
Available diffs
- diff from 1.17.8-0ubuntu1 to 1.17.8-0ubuntu2 (564 bytes)
| Superseded in focal-release on 2020-02-21 |
| Deleted in focal-proposed on 2020-02-22 (Reason: moved to Release) |
nginx (1.17.8-0ubuntu1) focal; urgency=medium
* New upstream release (1.17.8) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
- d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
module to nginx-full and nginx-extras (and use proper DEP5 syntax for
d/copyright).
- d/conf/sites-available/default: Update default nginx site configuration
file to remove the IPv6 listening line so that servers running without
IPv6 enabled at all on the system will start nginx properly.
(LP: #1743592)
-- Thomas Ward <email address hidden> Tue, 18 Feb 2020 19:01:02 -0500
Available diffs
nginx (1.14.0-0ubuntu1.7) bionic-security; urgency=medium
* SECURITY UPDATE: request smuggling via error_page
- debian/patches/CVE-2019-20372.patch: discard request body when
redirecting to a URL via error_page in
src/http/ngx_http_special_response.c.
- CVE-2019-20372
-- Marc Deslauriers <email address hidden> Fri, 10 Jan 2020 14:18:38 -0500
Available diffs
nginx (1.15.9-0ubuntu1.2) disco-security; urgency=medium
* SECURITY UPDATE: request smuggling via error_page
- debian/patches/CVE-2019-20372.patch: discard request body when
redirecting to a URL via error_page in
src/http/ngx_http_special_response.c.
- CVE-2019-20372
-- Marc Deslauriers <email address hidden> Fri, 10 Jan 2020 14:18:15 -0500
Available diffs
- diff from 1.15.9-0ubuntu1.1 to 1.15.9-0ubuntu1.2 (978 bytes)
nginx (1.10.3-0ubuntu0.16.04.5) xenial-security; urgency=medium
* SECURITY UPDATE: request smuggling via error_page
- debian/patches/CVE-2019-20372.patch: discard request body when
redirecting to a URL via error_page in
src/http/ngx_http_special_response.c.
- CVE-2019-20372
-- Marc Deslauriers <email address hidden> Fri, 10 Jan 2020 14:19:02 -0500
Available diffs
nginx (1.16.1-0ubuntu2.1) eoan-security; urgency=medium
* SECURITY UPDATE: request smuggling via error_page
- debian/patches/CVE-2019-20372.patch: discard request body when
redirecting to a URL via error_page in
src/http/ngx_http_special_response.c.
- CVE-2019-20372
-- Marc Deslauriers <email address hidden> Fri, 10 Jan 2020 14:16:29 -0500
Available diffs
| Superseded in focal-release on 2020-02-20 |
| Deleted in focal-proposed on 2020-02-21 (Reason: moved to Release) |
nginx (1.17.7-0ubuntu1) focal; urgency=medium
* New upstream release (1.17.7) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
- d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
module to nginx-full and nginx-extras (and use proper DEP5 syntax for
d/copyright).
- d/conf/sites-available/default: Update default nginx site configuration
file to remove the IPv6 listening line so that servers running without
IPv6 enabled at all on the system will start nginx properly.
(LP: #1743592)
-- Thomas Ward <email address hidden> Mon, 30 Dec 2019 13:02:58 -0500
Available diffs
| Superseded in focal-release on 2020-01-02 |
| Deleted in focal-proposed on 2020-01-03 (Reason: moved to Release) |
nginx (1.17.6-0ubuntu1) focal; urgency=medium
* New upstream release (1.17.6) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
- d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
module to nginx-full and nginx-extras (and use proper DEP5 syntax for
d/copyright).
- d/conf/sites-available/default: Update default nginx site configuration
file to remove the IPv6 listening line so that servers running without
IPv6 enabled at all on the system will start nginx properly.
(LP: #1743592)
-- Thomas Ward <email address hidden> Tue, 19 Nov 2019 10:34:14 -0500
Available diffs
| Superseded in focal-release on 2019-11-20 |
| Deleted in focal-proposed on 2019-11-21 (Reason: moved to Release) |
nginx (1.17.5-0ubuntu1) focal; urgency=medium
* New upstream release (1.17.5) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
- d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
module to nginx-full and nginx-extras (and use proper DEP5 syntax for
d/copyright).
* New Ubuntu-specific changes:
- d/conf/sites-available/default: Update default nginx site configuration
file to remove the IPv6 listening line so that servers running without
IPv6 enabled at all on the system will start nginx properly.
(LP: #1743592)
-- Thomas Ward <email address hidden> Fri, 01 Nov 2019 11:55:10 -0400
Available diffs
- diff from 1.16.1-0ubuntu3 to 1.17.5-0ubuntu1 (24.1 KiB)
| Superseded in focal-release on 2019-11-02 |
| Deleted in focal-proposed on 2019-11-04 (Reason: moved to Release) |
nginx (1.16.1-0ubuntu3) focal; urgency=medium * No-change rebuild for the perl update. -- Matthias Klose <email address hidden> Fri, 18 Oct 2019 19:37:10 +0000
Available diffs
- diff from 1.16.1-0ubuntu2 to 1.16.1-0ubuntu3 (338 bytes)
nginx (1.14.0-0ubuntu1.6) bionic-security; urgency=medium
* No change rebuild in -security pocket now that OpenSSL 1.1.1 is
available.
-- Marc Deslauriers <email address hidden> Tue, 20 Aug 2019 08:46:02 -0400
Available diffs
| Superseded in bionic-updates on 2019-08-20 |
| Deleted in bionic-proposed on 2019-08-29 (Reason: moved to -updates) |
nginx (1.14.0-0ubuntu1.5) bionic; urgency=medium
* No change rebuild for bionic outside of security pocket to pick up
OpenSSL 1.1.1. (LP: #1840404)
-- Marc Deslauriers <email address hidden> Fri, 16 Aug 2019 07:05:57 -0400
Available diffs
| Superseded in focal-release on 2019-10-24 |
| Published in eoan-release on 2019-08-15 |
| Deleted in eoan-proposed (Reason: moved to release) |
nginx (1.16.1-0ubuntu2) eoan; urgency=medium
* d/conf/sites-available/default: Update PHP referred to in the
example in the default configuration to PHP 7.2.
(LP: #1831748)
-- Thomas Ward <email address hidden> Thu, 15 Aug 2019 12:01:39 -0400
Available diffs
- diff from 1.16.1-0ubuntu1 to 1.16.1-0ubuntu2 (551 bytes)
nginx (1.14.0-0ubuntu1.4) bionic-security; urgency=medium
* SECURITY UPDATE: HTTP/2 Data Dribble issue
- debian/patches/CVE-2019-9511.patch: limited number of DATA frames in
src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h,
src/http/v2/ngx_http_v2_filter_module.c.
- CVE-2019-9511
* SECURITY UPDATE: HTTP/2 Resource Loop / Priority Shuffling issue
- debian/patches/CVE-2019-9513.patch: limited number of PRIORITY frames
in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
- CVE-2019-9513
* SECURITY UPDATE: HTTP/2 0-Length Headers Leak issue
- debian/patches/CVE-2019-9516.patch: reject zero length headers with
PROTOCOL_ERROR in src/http/v2/ngx_http_v2.c.
- CVE-2019-9516
-- Marc Deslauriers <email address hidden> Wed, 14 Aug 2019 14:44:40 -0400
Available diffs
nginx (1.10.3-0ubuntu0.16.04.4) xenial-security; urgency=medium
* SECURITY UPDATE: HTTP/2 Data Dribble issue
- debian/patches/CVE-2019-9511.patch: limited number of DATA frames in
src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h,
src/http/v2/ngx_http_v2_filter_module.c.
- CVE-2019-9511
* SECURITY UPDATE: HTTP/2 Resource Loop / Priority Shuffling issue
- debian/patches/CVE-2019-9513.patch: limited number of PRIORITY frames
in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
- CVE-2019-9513
* SECURITY UPDATE: HTTP/2 0-Length Headers Leak issue
- debian/patches/CVE-2019-9516.patch: reject zero length headers with
PROTOCOL_ERROR in src/http/v2/ngx_http_v2.c.
- CVE-2019-9516
-- Marc Deslauriers <email address hidden> Wed, 14 Aug 2019 14:48:49 -0400
Available diffs
nginx (1.15.9-0ubuntu1.1) disco-security; urgency=medium
* SECURITY UPDATE: HTTP/2 Data Dribble issue
- debian/patches/CVE-2019-9511.patch: limited number of DATA frames in
src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h,
src/http/v2/ngx_http_v2_filter_module.c.
- CVE-2019-9511
* SECURITY UPDATE: HTTP/2 Resource Loop / Priority Shuffling issue
- debian/patches/CVE-2019-9513.patch: limited number of PRIORITY frames
in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
- CVE-2019-9513
* SECURITY UPDATE: HTTP/2 0-Length Headers Leak issue
- debian/patches/CVE-2019-9516.patch: reject zero length headers with
PROTOCOL_ERROR in src/http/v2/ngx_http_v2.c.
- CVE-2019-9516
-- Marc Deslauriers <email address hidden> Wed, 14 Aug 2019 14:41:19 -0400
Available diffs
| Superseded in eoan-release on 2019-08-15 |
| Deleted in eoan-proposed on 2019-08-17 (Reason: moved to release) |
nginx (1.16.1-0ubuntu1) eoan; urgency=medium
* New upstream release (1.16.1) - full changelog available from
http://nginx.org/en/CHANGES-1.16
* This patch contains security patches only.
* Security content in this version:
- When using HTTP/2 a client might cause excessive memory consumption
and CPU usage (CVE-2019-9511. CVE-2019-9513, CVE-2019-9516)
-- Thomas Ward <email address hidden> Tue, 13 Aug 2019 13:08:03 -0400
Available diffs
| Superseded in bionic-updates on 2019-08-15 |
| Deleted in bionic-proposed on 2019-08-16 (Reason: moved to -updates) |
nginx (1.14.0-0ubuntu1.3) bionic; urgency=medium
* No changes rebuild (to build against OpenSSL 1.1.1 in Bionic)
(LP: #1836366)
-- Thomas Ward <email address hidden> Fri, 12 Jul 2019 14:18:43 -0400
Available diffs
| Superseded in eoan-release on 2019-08-13 |
| Deleted in eoan-proposed on 2019-08-15 (Reason: moved to release) |
nginx (1.16.0-0ubuntu2) eoan; urgency=medium
* d/patches/nginx-fix-pidfile.patch: Fix NGINX PIDfile handling to avoid
SystemD race condition - thanks to Tj for the patch. (LP: #1581864)
-- Thomas Ward <email address hidden> Tue, 04 Jun 2019 11:43:30 -0400
Available diffs
| Superseded in eoan-release on 2019-06-29 |
| Deleted in eoan-proposed on 2019-06-30 (Reason: moved to release) |
nginx (1.16.0-0ubuntu1) eoan; urgency=medium
* New upstream release (1.16.0) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
- d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
module to nginx-full and nginx-extras
-- Thomas Ward <email address hidden> Mon, 29 Apr 2019 12:31:39 -0400
Available diffs
| Superseded in eoan-release on 2019-04-29 |
| Deleted in eoan-proposed on 2019-05-01 (Reason: moved to release) |
nginx (1.15.12-0ubuntu1) eoan; urgency=medium
* New upstream release (1.15.12) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
* Add GeoIP2 third party module to nginx-full and nginx-extras
(LP: #1825895). The following is the files list for this:
- d/{control,rules}: Add libnginx-mod-http-geoip2 and corresponding build
rules.
- d/modules/http-geoip2{,/*}: Add geoip2 module from third party git.
- d/copyright: Add relevant copyright lines for GeoIP2 module.
-- Thomas Ward <email address hidden> Mon, 22 Apr 2019 17:59:46 -0400
Available diffs
| Superseded in eoan-release on 2019-04-28 |
| Published in disco-release on 2019-03-08 |
| Deleted in disco-proposed (Reason: moved to release) |
nginx (1.15.9-0ubuntu1) disco; urgency=medium
* New upstream release (1.15.9) - full changelog available from
http://nginx.org/en/CHANGES (LP: #1817750)
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
-- Thomas Ward <email address hidden> Tue, 26 Feb 2019 11:15:07 -0500
Available diffs
- diff from 1.15.8-0ubuntu1 to 1.15.9-0ubuntu1 (14.2 KiB)
| Superseded in disco-release on 2019-03-08 |
| Deleted in disco-proposed on 2019-03-09 (Reason: moved to release) |
nginx (1.15.8-0ubuntu1) disco; urgency=medium
* New upstream release (1.15.8) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
-- Thomas Ward <email address hidden> Fri, 01 Feb 2019 20:21:45 -0500
Available diffs
| Superseded in disco-release on 2019-02-02 |
| Deleted in disco-proposed on 2019-02-03 (Reason: moved to release) |
nginx (1.15.7-0ubuntu1) disco; urgency=medium
* New upstream release (1.15.7) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors (LP: #1797897)
-- Thomas Ward <email address hidden> Tue, 27 Nov 2018 10:28:55 -0500
Available diffs
| Superseded in disco-release on 2018-12-13 |
| Deleted in disco-proposed on 2018-12-14 (Reason: moved to release) |
nginx (1.15.6-0ubuntu2) disco; urgency=medium
* Apply a Debian packaging change to Ubuntu package for config parity:
* d/conf/snippets/fastcgi-php.conf: Adjust fastcgi_split_path_info
snippet to handle the /example.php/ case. (Debian bug 911398)
-- Thomas Ward <email address hidden> Fri, 23 Nov 2018 10:56:21 -0500
Available diffs
- diff from 1.15.6-0ubuntu1 to 1.15.6-0ubuntu2 (583 bytes)
| Superseded in disco-release on 2018-11-24 |
| Deleted in disco-proposed on 2018-11-25 (Reason: moved to release) |
nginx (1.15.6-0ubuntu1) disco; urgency=medium
* New upstream release (1.15.6) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors (LP: #1797897)
-- Thomas Ward <email address hidden> Tue, 13 Nov 2018 10:10:45 -0500
Available diffs
| Superseded in disco-proposed on 2018-11-13 |
nginx (1.15.5-0ubuntu4) disco; urgency=medium * No-change rebuild against libhiredis0.14 -- Steve Langasek <email address hidden> Mon, 12 Nov 2018 08:47:44 +0000
Available diffs
- diff from 1.15.5-0ubuntu3 to 1.15.5-0ubuntu4 (314 bytes)
nginx (1.10.3-0ubuntu0.16.04.3) xenial-security; urgency=medium
* SECURITY UPDATE: excessive memory consumption in HTTP/2 implementation
- debian/patches/CVE-2018-16843.patch: add flood detection in
src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
- CVE-2018-16843
* SECURITY UPDATE: excessive CPU usage in HTTP/2 implementation
- debian/patches/CVE-2018-16844-pre.patch: backport new
http2_max_requests directive.
- debian/patches/CVE-2018-16844.patch: limit the number of idle state
switches in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
- CVE-2018-16844
* SECURITY UPDATE: infinite loop in ngx_http_mp4_module
- debian/patches/CVE-2018-16845.patch: fixed reading 64-bit atoms in
src/http/modules/ngx_http_mp4_module.c.
- CVE-2018-16845
-- Marc Deslauriers <email address hidden> Tue, 06 Nov 2018 13:55:13 -0500
Available diffs
nginx (1.15.5-0ubuntu2.1) cosmic-security; urgency=medium
* SECURITY UPDATE: excessive memory consumption in HTTP/2 implementation
- debian/patches/CVE-2018-16843.patch: add flood detection in
src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
- CVE-2018-16843
* SECURITY UPDATE: excessive CPU usage in HTTP/2 implementation
- debian/patches/CVE-2018-16844.patch: limit the number of idle state
switches in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
- CVE-2018-16844
* SECURITY UPDATE: infinite loop in ngx_http_mp4_module
- debian/patches/CVE-2018-16845.patch: fixed reading 64-bit atoms in
src/http/modules/ngx_http_mp4_module.c.
- CVE-2018-16845
-- Marc Deslauriers <email address hidden> Tue, 06 Nov 2018 13:50:41 -0500
Available diffs
nginx (1.4.6-1ubuntu3.9) trusty-security; urgency=medium
* SECURITY UPDATE: infinite loop in ngx_http_mp4_module
- debian/patches/CVE-2018-16845.patch: fixed reading 64-bit atoms in
src/http/modules/ngx_http_mp4_module.c.
- CVE-2018-16845
-- Marc Deslauriers <email address hidden> Tue, 06 Nov 2018 13:56:34 -0500
Available diffs
nginx (1.14.0-0ubuntu1.2) bionic-security; urgency=medium
* SECURITY UPDATE: excessive memory consumption in HTTP/2 implementation
- debian/patches/CVE-2018-16843.patch: add flood detection in
src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
- CVE-2018-16843
* SECURITY UPDATE: excessive CPU usage in HTTP/2 implementation
- debian/patches/CVE-2018-16844.patch: limit the number of idle state
switches in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
- CVE-2018-16844
* SECURITY UPDATE: infinite loop in ngx_http_mp4_module
- debian/patches/CVE-2018-16845.patch: fixed reading 64-bit atoms in
src/http/modules/ngx_http_mp4_module.c.
- CVE-2018-16845
-- Marc Deslauriers <email address hidden> Tue, 06 Nov 2018 13:54:15 -0500
Available diffs
| Superseded in disco-release on 2018-11-15 |
| Deleted in disco-proposed on 2018-11-16 (Reason: moved to release) |
nginx (1.15.5-0ubuntu3) disco; urgency=medium * No-change rebuild for the perl 5.28 transition. -- Adam Conrad <email address hidden> Fri, 02 Nov 2018 19:02:18 -0600
Available diffs
- diff from 1.15.5-0ubuntu1 to 1.15.5-0ubuntu3 (596 bytes)
| Deleted in cosmic-proposed on 2018-11-14 (Reason: moved to -updates) |
nginx (1.15.5-0ubuntu2) cosmic; urgency=medium
* d/conf/nginx.conf: Enable TLSv1.3 by default by adding TLSv1.3 to
the ssl_protocols line. (SRU, LP: #1800214)
-- Thomas Ward <email address hidden> Fri, 26 Oct 2018 15:25:59 -0400
Available diffs
- diff from 1.15.5-0ubuntu1 to 1.15.5-0ubuntu2 (519 bytes)
| Superseded in disco-release on 2018-11-08 |
| Published in cosmic-release on 2018-10-04 |
| Deleted in cosmic-proposed (Reason: moved to release) |
nginx (1.15.5-0ubuntu1) cosmic; urgency=medium
* This is a bugfixes-only upstream micro release, and thus is a bugfixes-
only version change. (LP: #1795690)
* New upstream release (1.15.5) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
-- Thomas Ward <email address hidden> Tue, 02 Oct 2018 11:31:05 -0400
Available diffs
- diff from 1.15.3-0ubuntu1 to 1.15.5-0ubuntu1 (10.9 KiB)
- diff from 1.15.4-0ubuntu1 to 1.15.5-0ubuntu1 (2.2 KiB)
| Superseded in cosmic-proposed on 2018-10-02 |
nginx (1.15.4-0ubuntu1) cosmic; urgency=medium
* New upstream release (1.15.4) - full changelog available from
http://nginx.org/en/CHANGES (LP: #1794321)
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
-- Thomas Ward <email address hidden> Tue, 25 Sep 2018 11:59:46 -0400
Available diffs
- diff from 1.15.3-0ubuntu1 to 1.15.4-0ubuntu1 (10.1 KiB)
| Superseded in cosmic-release on 2018-10-04 |
| Deleted in cosmic-proposed on 2018-10-05 (Reason: moved to release) |
nginx (1.15.3-0ubuntu1) cosmic; urgency=medium
* New upstream release (1.15.3) - full changelog available from
http://nginx.org/en/CHANGES (LP: #1790149)
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
-- Thomas Ward <email address hidden> Fri, 31 Aug 2018 09:52:34 -0400
Available diffs
| Superseded in bionic-updates on 2018-11-07 |
| Deleted in bionic-proposed on 2018-11-08 (Reason: moved to -updates) |
nginx (1.14.0-0ubuntu1.1) bionic; urgency=medium
* Stable Release Update. Do not attempt to start nginx if other daemon
is binding to port 80, to prevent install failure (LP: #1782226):
- d/nginx{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade.
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
-- Andres Rodriguez <email address hidden> Mon, 20 Aug 2018 18:41:42 -0400
Available diffs
| Superseded in cosmic-release on 2018-09-07 |
| Deleted in cosmic-proposed on 2018-09-09 (Reason: moved to release) |
nginx (1.15.2-0ubuntu2) cosmic; urgency=medium
* d/control: Add `iproute2` dependencies for the binary
nginx-{core,light,full,extras} packages, they got missed in the
application of the diff in 1.15.2-0ubuntu1. (LP: #1782226)
-- Thomas Ward <email address hidden> Tue, 21 Aug 2018 12:07:59 -0400
Available diffs
- diff from 1.14.0-0ubuntu2 to 1.15.2-0ubuntu2 (29.4 KiB)
- diff from 1.15.2-0ubuntu1 to 1.15.2-0ubuntu2 (657 bytes)
| Superseded in cosmic-proposed on 2018-08-21 |
nginx (1.15.2-0ubuntu1) cosmic; urgency=medium
* Switch to track NGINX Mainline for 18.10 (and 19.04) releases after
discussion with Server team members. Mainline version is 1.15.2
* Upstream changelogs for 1.15.2 are available at
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
* Additional Ubuntu only changes (LP: #1782226):
- d/nginx{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade.
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
-- Thomas Ward <email address hidden> Sun, 19 Aug 2018 12:16:48 -0400
Available diffs
- diff from 1.14.0-0ubuntu2 to 1.15.2-0ubuntu1 (29.1 KiB)
| Superseded in cosmic-release on 2018-08-26 |
| Deleted in cosmic-proposed on 2018-08-27 (Reason: moved to release) |
nginx (1.14.0-0ubuntu2) cosmic; urgency=medium
* debian/nginx-core.postinst: Make nginx-*.postinst use invoke-rc.d.
(LP: #1578344)
-- Thomas Ward <email address hidden> Tue, 15 May 2018 11:14:02 -0400
Available diffs
- diff from 1.14.0-0ubuntu1 to 1.14.0-0ubuntu2 (663 bytes)
| Superseded in cosmic-release on 2018-07-06 |
| Published in bionic-release on 2018-04-19 |
| Deleted in bionic-proposed (Reason: moved to release) |
nginx (1.14.0-0ubuntu1) bionic; urgency=medium
* New upstream stable release (1.14.0)
* Upstream changelogs can be found at http://nginx.org/en/CHANGES-1.14
* There are no functional changes or new features in this release,
and the only change is a version number change.
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
-- Thomas Ward <email address hidden> Tue, 17 Apr 2018 12:17:58 -0400
Available diffs
| Superseded in bionic-release on 2018-04-19 |
| Deleted in bionic-proposed on 2018-04-21 (Reason: moved to release) |
nginx (1.13.12-0ubuntu1) bionic; urgency=medium
* New upstream releases (1.13.11, 1.13.12)
* Upstream changelogs can be found at https://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
-- Thomas Ward <email address hidden> Mon, 16 Apr 2018 11:43:01 -0400
Available diffs
| Superseded in bionic-release on 2018-04-17 |
| Deleted in bionic-proposed on 2018-04-19 (Reason: moved to release) |
nginx (1.13.10-1ubuntu1) bionic; urgency=medium
* Merge with Debian unstable. Remaining changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
* Drop:
- debian/patches/0002-Make-sure-signature-stays-the-same-in-
all-nginx-buil.patch: Refreshed patch - Merge-o-Matic introduced some
fuzz which caused issues.
[ Does not seem necessary ]
- d/control: drop mention of SSL Preread from nginx-full, nginx-extras
[ Previously undocumented ]
- d/gbp.conf: update for 1.12 release
[ Previously undocumented ]
- d/p/0003-define_gnu_source-on-other-glibc-based-platforms.patch:
Refresh patch.
[ Previously undocumented ]
Available diffs
- diff from 1.13.6-2ubuntu2 to 1.13.10-1ubuntu1 (164.6 KiB)
| Superseded in bionic-release on 2018-04-09 |
| Deleted in bionic-proposed on 2018-04-10 (Reason: moved to release) |
nginx (1.13.6-2ubuntu2) bionic; urgency=high * No change rebuild against openssl1.1. -- Dimitri John Ledkov <email address hidden> Mon, 05 Feb 2018 16:51:17 +0000
Available diffs
- diff from 1.13.6-2ubuntu1 to 1.13.6-2ubuntu2 (327 bytes)
| Superseded in bionic-release on 2018-02-09 |
| Deleted in bionic-proposed on 2018-02-11 (Reason: moved to release) |
nginx (1.13.6-2ubuntu1) bionic; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- debian/rules: Alter build flags for cflags and ldflags to fix known
fPIE / fPIC compilation issues (see nginx PPA bug for more details
and information, LP: #1657596)
- debian/patches/0002-Make-sure-signature-stays-the-same-in-
all-nginx-buil.patch: Refreshed patch - Merge-o-Matic introduced some
fuzz which caused issues.
-- Thomas Ward <email address hidden> Tue, 12 Dec 2017 12:15:30 -0500
Available diffs
| Superseded in bionic-release on 2017-12-14 |
| Published in artful-release on 2017-08-10 |
| Deleted in artful-proposed (Reason: moved to release) |
nginx (1.12.1-0ubuntu2) artful; urgency=medium * No-change rebuild for perl 5.26.0. -- Matthias Klose <email address hidden> Wed, 26 Jul 2017 20:11:43 +0000
Available diffs
- diff from 1.12.1-0ubuntu1 to 1.12.1-0ubuntu2 (323 bytes)
| Superseded in artful-release on 2017-08-10 |
| Deleted in artful-proposed on 2017-08-11 (Reason: moved to release) |
nginx (1.12.1-0ubuntu1) artful; urgency=medium
* New upstream release (1.12.1) - full changelog available at upstream
website - http://nginx.org/en/CHANGES-1.12
* This release is a security patch micro-release from Upstream.
* This package contains security content to fix the following CVEs:
* CVE-2017-7529: A security issue was identified in nginx range filter.
A specially crafted request might result in an integer overflow and
incorrect processing of ranges, potentially resulting in sensitive
information leak. (Closes LP: #1704151)
* Additional changes:
* d/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch.
-- Thomas Ward <email address hidden> Sat, 15 Jul 2017 12:40:15 -0400
Available diffs
| Superseded in artful-release on 2017-07-15 |
| Deleted in artful-proposed on 2017-07-17 (Reason: moved to release) |
nginx (1.12.0-1ubuntu1) artful; urgency=medium
* Merge from Debian Experimental (1.12.0-1, via snapshots.debian.org)
* All Ubuntu-specific changes from Ubuntu 1.12.0-0ubuntu1 were retained.
* Remaining changes:
* d/tests/control: Specify nginx-core flavor tests.
* This merge closes the merge request on Launchpad. (LP: #1704020)
-- Thomas Ward <email address hidden> Wed, 12 Jul 2017 19:53:24 -0400
Available diffs
nginx (1.10.3-0ubuntu0.16.04.2) xenial-security; urgency=medium
* SECURITY UPDATE: integer overflow in range filter leading to
information exposure
- debian/patches/CVE-2017-7529.patch: add check to ensure size does
not overflow
- CVE-2017-7529
-- Steve Beattie <email address hidden> Wed, 12 Jul 2017 03:20:18 -0700
Available diffs
nginx (1.4.6-1ubuntu3.8) trusty-security; urgency=medium
* SECURITY UPDATE: integer overflow in range filter leading to
information exposure
- debian/patches/CVE-2017-7529.patch: add check to ensure size does
not overflow
- CVE-2017-7529
-- Steve Beattie <email address hidden> Wed, 12 Jul 2017 02:59:32 -0700
Available diffs
- diff from 1.4.6-1ubuntu3.7 to 1.4.6-1ubuntu3.8 (877 bytes)
nginx (1.10.1-0ubuntu1.3) yakkety-security; urgency=medium
* SECURITY UPDATE: integer overflow in range filter leading to
information exposure
- debian/patches/CVE-2017-7529.patch: add check to ensure size does
not overflow
- CVE-2017-7529
-- Steve Beattie <email address hidden> Wed, 12 Jul 2017 02:56:24 -0700
Available diffs
- diff from 1.10.1-0ubuntu1.2 to 1.10.1-0ubuntu1.3 (886 bytes)
nginx (1.10.3-1ubuntu3.1) zesty-security; urgency=medium
* SECURITY UPDATE: integer overflow in range filter leading to
information exposure
- debian/patches/CVE-2017-7529.patch: add check to ensure size does
not overflow
- CVE-2017-7529
-- Steve Beattie <email address hidden> Wed, 12 Jul 2017 00:27:59 -0700
Available diffs
| Superseded in artful-release on 2017-07-15 |
| Deleted in artful-proposed on 2017-07-16 (Reason: moved to release) |
nginx (1.12.0-0ubuntu1) artful; urgency=medium
* New upstream release: 1.12.0 Stable branch.
* All remaining Ubuntu-specific and Debian-specific changes remain
in place with this upload, the upstream version and code are the
only bits that have been updated, except where indicated below.
* Remaining changes:
- d/modules/nginx-upload-progress/config: Apply upstream patch to
fix an issue where the module does not properly function due to
the wrong module type being set; this prevented the module from
working when built. (LP: #1673056)
- d/patches: The following patches were dropped from the package
because the changes from the patches are already incorporated
in 1.12.0:
- 0004-SSL-error-messages-style.patch
- 0005-SSL-style.patch
- 0006-SSL-support-for-multiple-curves-ticket-885.patch
- d/patches/perl-use-dpkg-buildflags.patch: Refreshed patch to
remove fuzz from the patch.
- d/modules/nginx-echo: Apply upstream diff/patch to fix an FTBFS
- d/modules/nginx-lua: Apply upstream diff/patch to fix an FTBFS
- d/modules/nginx-upstream-fair: Apply diff/patch from the Debian
package maintainers' git repository to not use default_port to
fix an FTBFS. (This will eventually be in Debian, and will get
merged in then as well).
-- Thomas Ward <email address hidden> Wed, 26 Apr 2017 12:02:33 -0400
Available diffs
- diff from 1.10.3-1ubuntu3 to 1.12.0-0ubuntu1 (187.7 KiB)
| Superseded in artful-release on 2017-04-28 |
| Obsolete in zesty-release on 2018-06-22 |
| Deleted in zesty-proposed on 2018-06-22 (Reason: moved to release) |
nginx (1.10.3-1ubuntu3) zesty; urgency=medium
* debian/tests/control: Remove the 'ec-x25519' test stanzas from the
declarations of tests to run. This test requires OpenSSL >= 1.1.0
to support the X25519 ECDH curve, and we do not have OpenSSL 1.1.0.
This delta can be ***dropped*** when we do have OpenSSL >= 1.1.0.
- This fixes the autopkgtests, of which the Debian merge introduced
a regression due to the ec-x25519 test.
-- Thomas Ward <email address hidden> Mon, 27 Feb 2017 19:51:57 -0500
Available diffs
- diff from 1.10.2-0ubuntu1 to 1.10.3-1ubuntu3 (517.5 KiB)
- diff from 1.11.8-1+zesty1 to 1.10.3-1ubuntu3 (171.8 KiB)
| Superseded in zesty-proposed on 2017-02-28 |
nginx (1.10.3-1ubuntu2) zesty; urgency=low * debian/*.save: Junk .save left in the packaging, remove these. -- Thomas Ward <email address hidden> Thu, 16 Feb 2017 15:39:51 -0500
Available diffs
- diff from 1.11.8-1+zesty1 to 1.10.3-1ubuntu2 (171.7 KiB)
| Superseded in zesty-proposed on 2017-02-16 |
nginx (1.10.3-1ubuntu1) zesty; urgency=medium
* Merge from Debian unstable (note: 1.10.3 already was merged, but 1.10.3
packaging changes in Debian were not). Remaining changes are as
follows: (LP: #1664652)
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- debian/rules: Alter build flags for cflags and ldflags to fix known
fPIE / fPIC compilation issues (see nginx PPA bug for more details
and information, LP: #1657596)
-- Thomas Ward <email address hidden> Thu, 16 Feb 2017 15:29:40 -0500
Available diffs
- diff from 1.11.8-1+zesty1 to 1.10.3-1ubuntu1 (173.1 KiB)
| Superseded in zesty-proposed on 2017-02-16 |
nginx (1.10.3-0ubuntu2) zesty; urgency=low
* Merge from Debian unstable (nginx version there is 1.10.2-4). Remaining
changes: (LP: #1664652)
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- debian/rules: Alter build flags for cflags and ldflags to fix known
fPIE / fPIC compilation issues (see nginx PPA bug for more details
and information, LP: #1657596)
-- Thomas Ward <email address hidden> Tue, 14 Feb 2017 17:47:00 -0500
Available diffs
- diff from 1.11.8-1+zesty1 to 1.10.3-0ubuntu2 (172.8 KiB)
| Obsolete in yakkety-proposed on 2018-01-23 |
nginx (1.10.3-0ubuntu0.16.10.1) yakkety; urgency=medium * Stable Release Update (LP: #1663937) * New upstream release (1.10.3) - full changelog available at upstream website - http://nginx.org/en/CHANGES-1.10 * All Ubuntu specific changes from 1.10.1-0ubuntu1 through 1.10.1-0ubuntu1.2 remain included. * Additional changes: * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch. -- Thomas Ward <email address hidden> Sat, 11 Feb 2017 16:18:21 -0500
Available diffs
| Superseded in xenial-updates on 2017-07-13 |
| Deleted in xenial-proposed on 2017-07-15 (Reason: moved to -updates) |
nginx (1.10.3-0ubuntu0.16.04.1) xenial; urgency=medium * Stable Release Update (LP: #1663937) * New upstream release (1.10.3) - full changelog available at upstream website - http://nginx.org/en/CHANGES-1.10 * All Ubuntu specific changes from 1.10.0-0ubuntu1 through 1.10.0-0ubuntu0.16.04.4 remain included. * Additional changes: * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch. * debian/patches/cve-2016-4450.patch: Drop CVE patch as it is already included in the upstream source code in this upload. -- Thomas Ward <email address hidden> Sat, 11 Feb 2017 16:18:21 -0500
Available diffs
| Deleted in zesty-proposed on 2017-02-19 (Reason: NBS) |
nginx (1.10.3-0ubuntu1) zesty; urgency=medium
* New upstream release (1.10.3) - full changelog available at upstream
website - http://nginx.org/en/CHANGES-1.10 - upstream release date
was 31 Jan 2016
* All other changes from previous versions remain included.
* debian/patches/ubuntu-branding.patch:
- Refreshed Ubuntu Branding patch.
-- Thomas Ward <email address hidden> Sat, 11 Feb 2017 15:56:57 -0500
Available diffs
- diff from 1.11.8-1+zesty1 to 1.10.3-0ubuntu1 (653.5 KiB)
| Deleted in zesty-proposed on 2016-12-30 (Reason: Bad upload) |
nginx (1.11.8-1+zesty1) zesty; urgency=medium * Try and fix PIE/PIC build errors. -- Thomas Ward <email address hidden> Thu, 29 Dec 2016 13:38:38 -0500
Available diffs
- diff from 1.10.2-0ubuntu1 to 1.11.8-1+zesty1 (654.7 KiB)
| Superseded in zesty-release on 2017-02-28 |
| Deleted in zesty-proposed on 2017-03-01 (Reason: moved to release) |
nginx (1.10.2-0ubuntu1) zesty; urgency=medium
* New upstream release (1.10.2) - full changelog available at upstream
website - http://nginx.org/en/CHANGES-1.10 - upstream release date
was 18 Oct 2016
* All other changes from 1.10.1-0ubuntu1 through 1.10.1-0ubuntu5 remain
included
* debian/patches/ubuntu-branding.patch:
- Refreshed Ubuntu Branding patch.
-- Thomas Ward <email address hidden> Thu, 15 Dec 2016 11:23:43 -0500
Available diffs
nginx (1.4.6-1ubuntu3.7) trusty-security; urgency=medium * SECURITY REGRESSION: config upgrade failure (LP: #1637058) - debian/nginx-common.config: fix return code so script doesn't exit. -- Marc Deslauriers <email address hidden> Thu, 27 Oct 2016 10:42:53 -0400
Available diffs
nginx (1.10.0-0ubuntu0.16.04.4) xenial-security; urgency=medium * SECURITY REGRESSION: config upgrade failure (LP: #1637058) - debian/nginx-common.config: fix return code so script doesn't exit. -- Marc Deslauriers <email address hidden> Thu, 27 Oct 2016 10:42:14 -0400
Available diffs
| Superseded in zesty-release on 2016-12-16 |
| Deleted in zesty-proposed on 2016-12-17 (Reason: moved to release) |
nginx (1.10.1-0ubuntu5) zesty; urgency=medium
* debian/nginx-common.config:
- Fix the return code so the script does not exit during version
string comparisons.
- Also update the version string to compare with (for zesty only)
-- Thomas Ward <email address hidden> Thu, 27 Oct 2016 10:48:45 -0400
Available diffs
- diff from 1.10.1-0ubuntu1 to 1.10.1-0ubuntu5 (3.2 KiB)
- diff from 1.10.1-0ubuntu4 to 1.10.1-0ubuntu5 (574 bytes)
nginx (1.10.1-0ubuntu1.2) yakkety-security; urgency=medium * SECURITY REGRESSION: postinst upgrade failure (LP: #1637058) - debian/nginx-common.postinst: fix return code so script doesn't exit. -- Marc Deslauriers <email address hidden> Thu, 27 Oct 2016 10:14:26 -0400
Available diffs
| Superseded in zesty-proposed on 2016-10-27 |
nginx (1.10.1-0ubuntu4) zesty; urgency=medium
* debian/nginx-common.config:
- Fix an issue with the incorrect version numbers being compared
during configuration; this was something I missed when reviewing
the package for uploading previously. (LP: #1637058)
-- Thomas Ward <email address hidden> Thu, 27 Oct 2016 08:45:40 -0400
Available diffs
- diff from 1.10.1-0ubuntu3 to 1.10.1-0ubuntu4 (630 bytes)
| Superseded in zesty-proposed on 2016-10-27 |
nginx (1.10.1-0ubuntu3) zesty; urgency=medium
[ Christos Trochalakis ]
* debian/nginx-common.postinst:
+ Secure log file handling (owner & permissions) against privilege
escalation attacks. /var/log/nginx is now owned by root:adm.
Thanks Dawid Golunski (http://legalhackers.com) for the report.
Changing /var/log/nginx permissions effectively reopens #701112,
since log files can be world-readable. This is a trade-off until
a better log opening solution is implemented upstream (trac:376).
* debian/control:
Don't allow building against liblua5.1-0-dev on architectures
that libluajit is available.
-- Thomas Ward <email address hidden> Tue, 25 Oct 2016 17:03:54 -0400
Available diffs
| Superseded in zesty-proposed on 2016-10-26 |
nginx (1.10.1-0ubuntu2) zesty; urgency=medium * No-change rebuild for perl 5.24 transition -- Iain Lane <email address hidden> Mon, 24 Oct 2016 10:36:19 +0100
Available diffs
- diff from 1.10.1-0ubuntu1 to 1.10.1-0ubuntu2 (344 bytes)
| 1 → 75 of 215 results | First • Previous • Next • Last |
