Change log for nginx package in Ubuntu

175 of 165 results
Published in bionic-proposed 19 hours ago
nginx (1.13.6-2ubuntu1) bionic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - debian/rules: Alter build flags for cflags and ldflags to fix known
      fPIE / fPIC compilation issues (see nginx PPA bug for more details
      and information, LP: #1657596)
    - debian/patches/0002-Make-sure-signature-stays-the-same-in-
      all-nginx-buil.patch:  Refreshed patch - Merge-o-Matic introduced some
      fuzz which caused issues.

 -- Thomas Ward <email address hidden>  Tue, 12 Dec 2017 12:15:30 -0500
Published in bionic-release on 2017-10-24
Published in artful-release on 2017-08-10
Deleted in artful-proposed (Reason: moved to release)
nginx (1.12.1-0ubuntu2) artful; urgency=medium

  * No-change rebuild for perl 5.26.0.

 -- Matthias Klose <email address hidden>  Wed, 26 Jul 2017 20:11:43 +0000

Available diffs

Superseded in artful-release on 2017-08-10
Deleted in artful-proposed on 2017-08-11 (Reason: moved to release)
nginx (1.12.1-0ubuntu1) artful; urgency=medium

  * New upstream release (1.12.1) - full changelog available at upstream
    website - http://nginx.org/en/CHANGES-1.12
  * This release is a security patch micro-release from Upstream.
  * This package contains security content to fix the following CVEs:
    * CVE-2017-7529: A security issue was identified in nginx range filter.
      A specially crafted request might result in an integer overflow and
      incorrect processing of ranges, potentially resulting in sensitive
      information leak. (Closes LP: #1704151)
  * Additional changes:
    * d/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch.

 -- Thomas Ward <email address hidden>  Sat, 15 Jul 2017 12:40:15 -0400
Superseded in artful-release on 2017-07-15
Deleted in artful-proposed on 2017-07-17 (Reason: moved to release)
nginx (1.12.0-1ubuntu1) artful; urgency=medium

  * Merge from Debian Experimental (1.12.0-1, via snapshots.debian.org)
  * All Ubuntu-specific changes from Ubuntu 1.12.0-0ubuntu1 were retained.
  * Remaining changes:
    * d/tests/control: Specify nginx-core flavor tests.
  * This merge closes the merge request on Launchpad. (LP: #1704020)

 -- Thomas Ward <email address hidden>  Wed, 12 Jul 2017 19:53:24 -0400
Published in xenial-updates on 2017-07-13
Published in xenial-security on 2017-07-13
nginx (1.10.3-0ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: integer overflow in range filter leading to
    information exposure
    - debian/patches/CVE-2017-7529.patch: add check to ensure size does
      not overflow
    - CVE-2017-7529

 -- Steve Beattie <email address hidden>  Wed, 12 Jul 2017 03:20:18 -0700
Published in trusty-updates on 2017-07-13
Published in trusty-security on 2017-07-13
nginx (1.4.6-1ubuntu3.8) trusty-security; urgency=medium

  * SECURITY UPDATE: integer overflow in range filter leading to
    information exposure
    - debian/patches/CVE-2017-7529.patch: add check to ensure size does
      not overflow
    - CVE-2017-7529

 -- Steve Beattie <email address hidden>  Wed, 12 Jul 2017 02:59:32 -0700
Published in yakkety-updates on 2017-07-13
Published in yakkety-security on 2017-07-13
nginx (1.10.1-0ubuntu1.3) yakkety-security; urgency=medium

  * SECURITY UPDATE: integer overflow in range filter leading to
    information exposure
    - debian/patches/CVE-2017-7529.patch: add check to ensure size does
      not overflow
    - CVE-2017-7529

 -- Steve Beattie <email address hidden>  Wed, 12 Jul 2017 02:56:24 -0700
Published in zesty-updates on 2017-07-13
Published in zesty-security on 2017-07-13
nginx (1.10.3-1ubuntu3.1) zesty-security; urgency=medium

  * SECURITY UPDATE: integer overflow in range filter leading to
    information exposure
    - debian/patches/CVE-2017-7529.patch: add check to ensure size does
      not overflow
    - CVE-2017-7529

 -- Steve Beattie <email address hidden>  Wed, 12 Jul 2017 00:27:59 -0700
Superseded in artful-release on 2017-07-15
Deleted in artful-proposed on 2017-07-16 (Reason: moved to release)
nginx (1.12.0-0ubuntu1) artful; urgency=medium

  * New upstream release: 1.12.0 Stable branch.
  * All remaining Ubuntu-specific and Debian-specific changes remain
    in place with this upload, the upstream version and code are the
    only bits that have been updated, except where indicated below.
  * Remaining changes:
    - d/modules/nginx-upload-progress/config: Apply upstream patch to
      fix an issue where the module does not properly function due to
      the wrong module type being set; this prevented the module from
      working when built. (LP: #1673056)
    - d/patches: The following patches were dropped from the package
      because the changes from the patches are already incorporated
      in 1.12.0:
      - 0004-SSL-error-messages-style.patch
      - 0005-SSL-style.patch
      - 0006-SSL-support-for-multiple-curves-ticket-885.patch
    - d/patches/perl-use-dpkg-buildflags.patch: Refreshed patch to
      remove fuzz from the patch.
    - d/modules/nginx-echo: Apply upstream diff/patch to fix an FTBFS
    - d/modules/nginx-lua: Apply upstream diff/patch to fix an FTBFS
    - d/modules/nginx-upstream-fair: Apply diff/patch from the Debian
      package maintainers' git repository to not use default_port to
      fix an FTBFS.  (This will eventually be in Debian, and will get
      merged in then as well).

 -- Thomas Ward <email address hidden>  Wed, 26 Apr 2017 12:02:33 -0400

Available diffs

Superseded in artful-release on 2017-04-28
Published in zesty-release on 2017-02-28
Deleted in zesty-proposed (Reason: moved to release)
nginx (1.10.3-1ubuntu3) zesty; urgency=medium

  * debian/tests/control: Remove the 'ec-x25519' test stanzas from the
    declarations of tests to run. This test requires OpenSSL >= 1.1.0
    to support the X25519 ECDH curve, and we do not have OpenSSL 1.1.0.
    This delta can be ***dropped*** when we do have OpenSSL >= 1.1.0.
    - This fixes the autopkgtests, of which the Debian merge introduced
      a regression due to the ec-x25519 test.

 -- Thomas Ward <email address hidden>  Mon, 27 Feb 2017 19:51:57 -0500
Superseded in zesty-proposed on 2017-02-28
nginx (1.10.3-1ubuntu2) zesty; urgency=low

  * debian/*.save: Junk .save left in the packaging, remove these.

 -- Thomas Ward <email address hidden>  Thu, 16 Feb 2017 15:39:51 -0500

Available diffs

Superseded in zesty-proposed on 2017-02-16
nginx (1.10.3-1ubuntu1) zesty; urgency=medium

  * Merge from Debian unstable (note: 1.10.3 already was merged, but 1.10.3
    packaging changes in Debian were not). Remaining changes are as
    follows: (LP: #1664652)
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - debian/rules: Alter build flags for cflags and ldflags to fix known
      fPIE / fPIC compilation issues (see nginx PPA bug for more details
      and information, LP: #1657596)

 -- Thomas Ward <email address hidden>  Thu, 16 Feb 2017 15:29:40 -0500

Available diffs

Superseded in zesty-proposed on 2017-02-16
nginx (1.10.3-0ubuntu2) zesty; urgency=low

  * Merge from Debian unstable (nginx version there is 1.10.2-4). Remaining
    changes: (LP: #1664652)
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - debian/rules: Alter build flags for cflags and ldflags to fix known
      fPIE / fPIC compilation issues (see nginx PPA bug for more details
      and information, LP: #1657596)

 -- Thomas Ward <email address hidden>  Tue, 14 Feb 2017 17:47:00 -0500

Available diffs

Published in yakkety-proposed on 2017-03-22
nginx (1.10.3-0ubuntu0.16.10.1) yakkety; urgency=medium

  * Stable Release Update (LP: #1663937)
  * New upstream release (1.10.3) - full changelog available at upstream
    website - http://nginx.org/en/CHANGES-1.10
  * All Ubuntu specific changes from 1.10.1-0ubuntu1 through 1.10.1-0ubuntu1.2
    remain included.
  * Additional changes:
    * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch.

 -- Thomas Ward <email address hidden>  Sat, 11 Feb 2017 16:18:21 -0500
Superseded in xenial-updates on 2017-07-13
Deleted in xenial-proposed on 2017-07-15 (Reason: moved to -updates)
nginx (1.10.3-0ubuntu0.16.04.1) xenial; urgency=medium

  * Stable Release Update (LP: #1663937)
  * New upstream release (1.10.3) - full changelog available at upstream
    website - http://nginx.org/en/CHANGES-1.10
  * All Ubuntu specific changes from 1.10.0-0ubuntu1 through
    1.10.0-0ubuntu0.16.04.4 remain included.
  * Additional changes:
    * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch.
    * debian/patches/cve-2016-4450.patch: Drop CVE patch as it is already
      included in the upstream source code in this upload.

 -- Thomas Ward <email address hidden>  Sat, 11 Feb 2017 16:18:21 -0500
Deleted in zesty-proposed on 2017-02-19 (Reason: NBS)
nginx (1.10.3-0ubuntu1) zesty; urgency=medium

  * New upstream release (1.10.3) - full changelog available at upstream
    website - http://nginx.org/en/CHANGES-1.10 - upstream release date
    was 31 Jan 2016
  * All other changes from previous versions remain included.
  * debian/patches/ubuntu-branding.patch:
    - Refreshed Ubuntu Branding patch.

 -- Thomas Ward <email address hidden>  Sat, 11 Feb 2017 15:56:57 -0500

Available diffs

Deleted in zesty-proposed on 2016-12-30 (Reason: Bad upload)
nginx (1.11.8-1+zesty1) zesty; urgency=medium

  * Try and fix PIE/PIC build errors.

 -- Thomas Ward <email address hidden>  Thu, 29 Dec 2016 13:38:38 -0500

Available diffs

Superseded in zesty-release on 2017-02-28
Deleted in zesty-proposed on 2017-03-01 (Reason: moved to release)
nginx (1.10.2-0ubuntu1) zesty; urgency=medium

  * New upstream release (1.10.2) - full changelog available at upstream
    website - http://nginx.org/en/CHANGES-1.10 - upstream release date
    was 18 Oct 2016
  * All other changes from 1.10.1-0ubuntu1 through 1.10.1-0ubuntu5 remain
    included
  * debian/patches/ubuntu-branding.patch:
    - Refreshed Ubuntu Branding patch.

 -- Thomas Ward <email address hidden>  Thu, 15 Dec 2016 11:23:43 -0500
Superseded in trusty-updates on 2017-07-13
Superseded in trusty-security on 2017-07-13
nginx (1.4.6-1ubuntu3.7) trusty-security; urgency=medium

  * SECURITY REGRESSION: config upgrade failure (LP: #1637058)
    - debian/nginx-common.config: fix return code so script doesn't exit.

 -- Marc Deslauriers <email address hidden>  Thu, 27 Oct 2016 10:42:53 -0400
Superseded in xenial-updates on 2017-06-29
Superseded in xenial-security on 2017-07-13
nginx (1.10.0-0ubuntu0.16.04.4) xenial-security; urgency=medium

  * SECURITY REGRESSION: config upgrade failure (LP: #1637058)
    - debian/nginx-common.config: fix return code so script doesn't exit.

 -- Marc Deslauriers <email address hidden>  Thu, 27 Oct 2016 10:42:14 -0400
Superseded in zesty-release on 2016-12-16
Deleted in zesty-proposed on 2016-12-17 (Reason: moved to release)
nginx (1.10.1-0ubuntu5) zesty; urgency=medium

  * debian/nginx-common.config:
    - Fix the return code so the script does not exit during version
      string comparisons.
    - Also update the version string to compare with (for zesty only)

 -- Thomas Ward <email address hidden>  Thu, 27 Oct 2016 10:48:45 -0400
Superseded in yakkety-updates on 2017-07-13
Superseded in yakkety-security on 2017-07-13
nginx (1.10.1-0ubuntu1.2) yakkety-security; urgency=medium

  * SECURITY REGRESSION: postinst upgrade failure (LP: #1637058)
    - debian/nginx-common.postinst: fix return code so script doesn't exit.

 -- Marc Deslauriers <email address hidden>  Thu, 27 Oct 2016 10:14:26 -0400
Superseded in zesty-proposed on 2016-10-27
nginx (1.10.1-0ubuntu4) zesty; urgency=medium

  * debian/nginx-common.config:
    - Fix an issue with the incorrect version numbers being compared
      during configuration; this was something I missed when reviewing
      the package for uploading previously. (LP: #1637058)

 -- Thomas Ward <email address hidden>  Thu, 27 Oct 2016 08:45:40 -0400

Available diffs

Superseded in zesty-proposed on 2016-10-27
nginx (1.10.1-0ubuntu3) zesty; urgency=medium

  [ Christos Trochalakis ]
  * debian/nginx-common.postinst:
    + Secure log file handling (owner & permissions) against privilege
      escalation attacks. /var/log/nginx is now owned by root:adm.
      Thanks Dawid Golunski (http://legalhackers.com) for the report.
      Changing /var/log/nginx permissions effectively reopens #701112,
      since log files can be world-readable. This is a trade-off until
      a better log opening solution is implemented upstream (trac:376).
  * debian/control:
    Don't allow building against liblua5.1-0-dev on architectures
    that libluajit is available.

 -- Thomas Ward <email address hidden>  Tue, 25 Oct 2016 17:03:54 -0400
Superseded in zesty-proposed on 2016-10-26
nginx (1.10.1-0ubuntu2) zesty; urgency=medium

  * No-change rebuild for perl 5.24 transition

 -- Iain Lane <email address hidden>  Mon, 24 Oct 2016 10:36:19 +0100

Available diffs

Superseded in trusty-updates on 2016-10-27
Superseded in trusty-security on 2016-10-27
nginx (1.4.6-1ubuntu3.6) trusty-security; urgency=medium

  [ Christos Trochalakis ]
  * debian/nginx-common.postinst:
    + Secure log file handling (owner & permissions) against privilege
      escalation attacks. /var/log/nginx is now owned by root:adm.
      Thanks Dawid Golunski (http://legalhackers.com) for the report.
      Changing /var/log/nginx permissions effectively reopens #701112,
      since log files can be world-readable. This is a trade-off until
      a better log opening solution is implemented upstream (trac:376).

 -- Marc Deslauriers <email address hidden>  Tue, 18 Oct 2016 11:12:58 +0200
Superseded in yakkety-updates on 2016-10-27
Superseded in yakkety-security on 2016-10-27
nginx (1.10.1-0ubuntu1.1) yakkety-security; urgency=medium

  [ Christos Trochalakis ]
  * debian/nginx-common.postinst:
    + Secure log file handling (owner & permissions) against privilege
      escalation attacks. /var/log/nginx is now owned by root:adm.
      Thanks Dawid Golunski (http://legalhackers.com) for the report.
      Changing /var/log/nginx permissions effectively reopens #701112,
      since log files can be world-readable. This is a trade-off until
      a better log opening solution is implemented upstream (trac:376).
  * debian/control:
    Don't allow building against liblua5.1-0-dev on architectures
    that libluajit is available.

 -- Marc Deslauriers <email address hidden>  Tue, 18 Oct 2016 11:18:47 +0200
Superseded in xenial-updates on 2016-10-27
Superseded in xenial-security on 2016-10-27
nginx (1.10.0-0ubuntu0.16.04.3) xenial-security; urgency=medium

  [ Christos Trochalakis ]
  * debian/nginx-common.postinst:
    + Secure log file handling (owner & permissions) against privilege
      escalation attacks. /var/log/nginx is now owned by root:adm.
      Thanks Dawid Golunski (http://legalhackers.com) for the report.
      Changing /var/log/nginx permissions effectively reopens #701112,
      since log files can be world-readable. This is a trade-off until
      a better log opening solution is implemented upstream (trac:376).
  * debian/control:
    Don't allow building against liblua5.1-0-dev on architectures
    that libluajit is available.

 -- Marc Deslauriers <email address hidden>  Tue, 18 Oct 2016 11:02:16 +0200
Superseded in trusty-updates on 2016-10-25
Superseded in trusty-security on 2016-10-25
nginx (1.4.6-1ubuntu3.5) trusty-security; urgency=medium

  * SECURITY UPDATE: Null pointer dereference while writing client request
    body (LP: #1587577)
    - debian/patches/cve-2016-4450.patch: Upstream patch to address issue.
    - CVE-2016-4450

 -- Thomas Ward <email address hidden>  Tue, 31 May 2016 20:23:03 -0400
Superseded in xenial-updates on 2016-10-25
Superseded in xenial-security on 2016-10-25
nginx (1.10.0-0ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Null pointer dereference while writing client request
    body (LP: #1587577)
    - debian/patches/cve-2016-4450.patch: Upstream patch to address issue.
    - CVE-2016-4450

 -- Thomas Ward <email address hidden>  Tue, 31 May 2016 19:47:42 -0400
Published in wily-updates on 2016-06-02
Published in wily-security on 2016-06-02
nginx (1.9.3-1ubuntu1.2) wily-security; urgency=medium

  * SECURITY UPDATE: Null pointer dereference while writing client request
    body (LP: #1587577)
    - debian/patches/cve-2016-4450.patch: Upstream patch to address issue.
    - CVE-2016-4450

 -- Thomas Ward <email address hidden>  Tue, 31 May 2016 20:14:23 -0400
Superseded in zesty-release on 2016-11-01
Published in yakkety-release on 2016-06-01
Deleted in yakkety-proposed (Reason: moved to release)
nginx (1.10.1-0ubuntu1) yakkety; urgency=medium

  * New upstream release (1.10.1) - full changelog available at upstream
    website - http://nginx.org/en/CHANGES-1.10.
  * Update done to address the following security issues:
    - [CVE-2016-4450] NULL pointer dereference while writing client
      request body. (LP: #1587577)
  * Additional changes:
    * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch.

 -- Thomas Ward <email address hidden>  Tue, 31 May 2016 19:09:33 -0400
Superseded in xenial-updates on 2016-06-02
Deleted in xenial-proposed on 2016-06-03 (Reason: moved to -updates)
nginx (1.10.0-0ubuntu0.16.04.1) xenial-proposed; urgency=medium

  * Stable Release Update (LP: #1575212)
  * New upstream release (1.10.0) - full changelog available at upstream
    website - http://nginx.org/en/CHANGES-1.10
  * All Ubuntu specific changes from 1.9.15-0ubuntu1 remain included.
  * Additional changes:
    * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch.

 -- Thomas Ward <email address hidden>  Tue, 26 Apr 2016 10:21:29 -0400
Superseded in yakkety-release on 2016-06-01
Deleted in yakkety-proposed on 2016-06-02 (Reason: moved to release)
nginx (1.10.0-0ubuntu1) yakkety; urgency=medium

  * New upstream release (1.10.0) - full changelog available at upstream
    website - http://nginx.org/en/CHANGES-1.10 (LP: #1575217)
  * All Ubuntu specific changes from 1.9.15-0ubuntu1 remain included.
  * Additional changes:
    * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch.

 -- Thomas Ward <email address hidden>  Tue, 26 Apr 2016 10:24:23 -0400
Superseded in yakkety-release on 2016-04-27
Published in xenial-release on 2016-04-20
Deleted in xenial-proposed (Reason: moved to release)
nginx (1.9.15-0ubuntu1) xenial-proposed; urgency=medium

  * New upstream release (1.9.15) - full changelog available at upstream
    website - http://nginx.org/en/CHANGES (LP: #1572223)
  * All Ubuntu specific changes from 1.1.14-0ubuntu1, except noted below,
    remain included in this upload.
  * Remaining changes:
    * debian/control: Re-add libluajit-5.1-dev build-dependency, as it will
      only affect nginx-extras which is in Universe. This reduces the merge
      delta between Ubuntu and Debian slightly, as well. (LP: #1571444)
    * debian/patches/ubuntu-branding.patch: Refresh Ubuntu Branding patch.

 -- Thomas Ward <email address hidden>  Mon, 18 Apr 2016 15:39:08 -0400
Superseded in xenial-release on 2016-04-20
Deleted in xenial-proposed on 2016-04-22 (Reason: moved to release)
nginx (1.9.14-0ubuntu1) xenial-proposed; urgency=medium

  * New upstream release (1.9.14) - full changelog available at upstream
    website - htp://nginx.org/en/CHANGES (LP: #1566392)
  * All Ubuntu specific changes from 1.9.13-0ubuntu1, except noted below,
    remain included in this upload.
  * Remaining changes:
    * Enable HTTP/2 module for nginx-full, nginx-extras, and nginx-core
      (LP: #1565043)
      - debian/rules: Enable HTTP/2 module building in flavor rules
      - debian/control: Add HTTP/2 module to package descriptions.
    * debian/patches/ubuntu-branding.patch: Refresh Ubuntu Branding patch.

 -- Thomas Ward <email address hidden>  Fri, 01 Apr 2016 14:23:47 -0400
Superseded in xenial-release on 2016-04-06
Deleted in xenial-proposed on 2016-04-08 (Reason: moved to release)
nginx (1.9.13-0ubuntu1) xenial-proposed; urgency=medium

  * New upstream release (1.9.13) - full changelog available at upstream
    website - http://nginx.org/en/CHANGES (LP: #1563393)
  * All Ubuntu specific changes from 1.9.12-0ubuntu1 remain included in
    this upload.
  * debian/patches/ubuntu-branding.patch: Refresh Ubuntu Branding patch.

 -- Thomas Ward <email address hidden>  Tue, 29 Mar 2016 18:47:36 -0400
Superseded in xenial-release on 2016-04-01
Deleted in xenial-proposed on 2016-04-03 (Reason: moved to release)
nginx (1.9.12-0ubuntu1) xenial; urgency=medium

  * New upstream release (1.9.12) - full changelog available at upstream
    website - http://nginx.org/en/CHANGES  (LP: #1549347)
  * All Ubuntu specific changes from 1.9.11-0ubuntu1 and -0ubuntu2 remain
    included in this upload.

 -- Thomas Ward <email address hidden>  Wed, 24 Feb 2016 10:26:31 -0500
Superseded in xenial-release on 2016-03-15
Deleted in xenial-proposed on 2016-03-17 (Reason: moved to release)
nginx (1.9.11-0ubuntu2) xenial; urgency=medium

  * This is a bug-fix only upload and does not include any new changes to
    features.
  * debian/conf/sites-available/default: Modify PHP 'default example' settings
    to account for php5 being replaced with php7.0 in Xenial. Also adapt the
    UNIX socket path for php7.0-fpm to be the one used by default in Xenial.
    (LP: #1547642)

 -- Thomas Ward <email address hidden>  Fri, 19 Feb 2016 14:13:28 -0500

Available diffs

Superseded in xenial-release on 2016-02-21
Deleted in xenial-proposed on 2016-02-23 (Reason: moved to release)
nginx (1.9.11-0ubuntu1) xenial; urgency=low

  * New upstream release (1.9.11) - see http://nginx.org/en/CHANGES for
    full changelog.
  * Ubuntu-specific changes from the 1.9.10 merge remain included here.
  * Additional changes:
    - debian/modules/nginx-lua: Apply upstream patch to fix FTBFS issue

 -- Thomas Ward <email address hidden>  Tue, 09 Feb 2016 10:33:14 -0500
Superseded in trusty-updates on 2016-06-02
Superseded in trusty-security on 2016-06-02
nginx (1.4.6-1ubuntu3.4) trusty-security; urgency=medium

  * SECURITY UPDATE: multiple resolver security issues (LP: #1538165)
    - debian/patches/CVE-2016-074x-1.patch: fix possible segmentation fault
      on DNS format error.
    - debian/patches/CVE-2016-074x-2.patch: fix crashes in timeout handler.
    - debian/patches/CVE-2016-074x-3.patch: fixed CNAME processing for
      several requests.
    - debian/patches/CVE-2016-074x-4.patch: change the
      ngx_resolver_create_*_query() arguments.
    - debian/patches/CVE-2016-074x-5.patch: fix use-after-free memory
      accesses with CNAME.
    - debian/patches/CVE-2016-074x-6.patch: limited CNAME recursion.
    - CVE-2016-0742
    - CVE-2016-0743
    - CVE-2016-0744

 -- Marc Deslauriers <email address hidden>  Wed, 03 Feb 2016 09:12:00 -0500
Superseded in wily-updates on 2016-06-02
Superseded in wily-security on 2016-06-02
nginx (1.9.3-1ubuntu1.1) wily-security; urgency=medium

  * SECURITY UPDATE: multiple resolver security issues (LP: #1538165)
    - debian/patches/CVE-2016-074x-1.patch: fix possible segmentation fault
      on DNS format error.
    - debian/patches/CVE-2016-074x-2.patch: fix crashes in timeout handler.
    - debian/patches/CVE-2016-074x-3.patch: fixed CNAME processing for
      several requests.
    - debian/patches/CVE-2016-074x-4.patch: change the
      ngx_resolver_create_*_query() arguments.
    - debian/patches/CVE-2016-074x-5.patch: fix use-after-free memory
      accesses with CNAME.
    - debian/patches/CVE-2016-074x-6.patch: limited CNAME recursion.
    - CVE-2016-0742
    - CVE-2016-0743
    - CVE-2016-0744

 -- Marc Deslauriers <email address hidden>  Wed, 03 Feb 2016 08:38:22 -0500
Superseded in xenial-release on 2016-02-18
Deleted in xenial-proposed on 2016-02-19 (Reason: moved to release)
nginx (1.9.10-1ubuntu1) xenial; urgency=low

  * Merge from Debian unstable.  Remaining changes:  (LP: #1538677)
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/control:
      - drop luajit from Build-Depends as it is in universe.
      - Remove HTTP/2 references in package descriptions, per Ubuntu
        Security Team mandate to disable HTTP/2 support.
    - debian/rules:
      - Disable HTTP/2 module support in all flavors, per Ubuntu Security
        Team mandate.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
  * Additional bugs fixed by this merge:
    - nginx-common should not depend on python (LP: #1480513)

 -- Thomas Ward <email address hidden>  Tue, 27 Jan 2016 12:52:00 -0500

Available diffs

Superseded in xenial-release on 2016-01-27
Deleted in xenial-proposed on 2016-01-29 (Reason: moved to release)
nginx (1.9.10-0ubuntu1) xenial; urgency=medium

  * New upstream release.
  * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch
  * Security content of this upload addresses the following vulnerabilities
    and CVE-numbered Security issues: (LP: #1538165)
    - Invalid pointer dereference might occur during DNS server response
      processing, allowing an attacker who is able to forge UDP
      packets from the DNS server to cause worker process crash
      (CVE-2016-0742).
    - Use-after-free condition might occur during CNAME response
      processing. This problem allows an attacker who is able to trigger
      name resolution to cause worker process crash, or might
      have potential other impact (CVE-2016-0746).
    - CNAME resolution was insufficiently limited, allowing an attacker who
      is able to trigger arbitrary name resolution to cause excessive resource
      consumption in worker processes (CVE-2016-0747).

 -- Thomas Ward <email address hidden>  Tue, 26 Jan 2016 14:53:01 -0500
Superseded in xenial-release on 2016-01-26
Deleted in xenial-proposed on 2016-01-28 (Reason: moved to release)
nginx (1.9.9-1ubuntu1) xenial; urgency=low

  * Merge from Debian unstable. Remaining changes: (LP: #1534208)
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/control:
      - drop luajit from Build-Depends as it is in universe.
      - Update nginx-core description to match nginx-full description of the
        standard and optional HTTP modules that are enabled.
      - Remove HTTP/2 references in package descriptions, per Ubuntu
        Security Team mandate to disable HTTP/2 support.
    - debian/rules:
      - Update nginx-core configure flags to match nginx-full config flags,
        due to refreshing the nginx-core 'enabled modules' to match the
        nginx-full modules (minus third-party modules)
      - Disable HTTP/2 module support in all flavors, per Ubuntu Security
        Team mandate.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
  * debian/control: Remove HTTP/2 reference in nginx-extras description, which
    was missed previously due to accidental oversight. (LP: #1534368)

 -- Thomas Ward <email address hidden>  Thu, 14 Jan 2016 18:42:00 -0500

Available diffs

Superseded in xenial-release on 2016-01-15
Deleted in xenial-proposed on 2016-01-17 (Reason: moved to release)
nginx (1.9.9-0ubuntu1) xenial; urgency=medium

  * New upstream release.
  * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch

 -- Thomas Ward <email address hidden>  Sun, 03 Jan 2016 12:49:21 -0500

Available diffs

Superseded in xenial-release on 2016-01-07
Deleted in xenial-proposed on 2016-01-08 (Reason: moved to release)
nginx (1.9.6-2ubuntu2) xenial; urgency=medium

  * Rebuild for Perl 5.22.1.

 -- Colin Watson <email address hidden>  Fri, 18 Dec 2015 12:53:05 +0000

Available diffs

Superseded in xenial-release on 2016-01-06
Deleted in xenial-proposed on 2016-01-08 (Reason: moved to release)
nginx (1.9.6-2ubuntu1) xenial; urgency=medium

  * Merge from Debian unstable.  Remaining changes:  (LP: #1510096)
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/control: drop luajit from Build-Depends as it is in universe.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
  * Additional changes:
    * debian/rules:
      - Update nginx-core configure flags to match nginx-full config flags,
        due to refreshing the nginx-core 'enabled modules' to match the
        nginx-full modules (minus third-party modules)
      - Disable HTTP/2 module support in all flavors, per Ubuntu Security
        Team mandate.
    * debian/control:
      - Update nginx-core description to match nginx-full description of the
        standard and optional HTTP modules that are enabled.
      - Remove HTTP/2 references in package descriptions, per Ubuntu
        Security Team mandate to disable HTTP/2 support.

 -- Thomas Ward <email address hidden>  Mon, 14 Dec 2015 10:34:42 -0500

Available diffs

Superseded in trusty-updates on 2016-02-09
Deleted in trusty-proposed on 2016-02-11 (Reason: moved to -updates)
nginx (1.4.6-1ubuntu3.3) trusty-proposed; urgency=medium

  * debian/nginx-common.nginx.init: Fix pidfile extraction, due to multiple
    failure cases, using Debian's solution. (LP: #1314740)

 -- Thomas Ward <email address hidden>  Wed, 29 Jul 2015 19:43:04 -0400
Superseded in xenial-release on 2015-12-16
Published in wily-release on 2015-07-22
Deleted in wily-proposed (Reason: moved to release)
nginx (1.9.3-1ubuntu1) wily; urgency=medium

  * Merge from Debian.  Remaining changes: (LP: #1476811)
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/control: drop luajit from Build-Depends as it is in universe.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.

Available diffs

Published in vivid-updates on 2015-07-20
Deleted in vivid-proposed (Reason: moved to -updates)
nginx (1.6.2-5ubuntu3.1) vivid; urgency=medium

  * debian/apport/source_nginx.py:
    - Add apport hooks for additional bug information gathering, as a result
      of non-useful reports due to postinstall script failure bugs. This is
      necessary in order to be able to actually debug what is going on in the
      bug reports, thanks to systemd not putting startup errors to stdout or
      stderr anymore, like Upstart and others did. (LP: #1472683)
  * debian/nginx-common.install:
    - Add install rule for debian/apport/source_nginx.py, which is the new
      apport hooks to gather additional 'Package' bugtype debug data.

 -- Thomas Ward <email address hidden>  Fri, 10 Jul 2015 11:14:00 -0400
Superseded in wily-release on 2015-07-22
Deleted in wily-proposed on 2015-07-23 (Reason: moved to release)
nginx (1.6.2-5ubuntu4) wily; urgency=medium

  * debian/apport/source_nginx.py:
    - Add apport hooks for additional bug information gathering, as a result
      of non-useful reports due to postinstall script failure bugs. This is
      necessary in order to be able to actually debug what is going on in the
      bug reports, thanks to systemd not putting startup errors to stdout or
      stderr anymore, like Upstart and others did. (LP: #1472683)
  * debian/nginx-common.install:
    - Add install rule for debian/apport/source_nginx.py, which is the new
      apport hooks to gather additional 'Package' bugtype debug data.

 -- Thomas Ward <email address hidden>  Fri, 10 Jul 2015 12:51:48 -0400

Available diffs

Superseded in wily-release on 2015-07-10
Published in vivid-release on 2015-04-02
Deleted in vivid-proposed (Reason: moved to release)
nginx (1.6.2-5ubuntu3) vivid-proposed; urgency=medium

  * debian/rules:
    * Reversed Debian change in 1.6.2-5ubuntu2.
    * Added DEB_BUILD_MAINT_OPTIONS=hardening=+all to enable all
      dpkg-buildflags to harden the code, except for PIE flags.
    * Manually define DEB_BUILD_MAINT_OPTIONS in DEBIAN_NGINX_PERL_LDFLAGS
      to not have -fPIE conflicts in Perl flags.
 -- Thomas Ward <email address hidden>   Wed, 01 Apr 2015 14:57:34 -0400
Superseded in vivid-proposed on 2015-04-02
nginx (1.6.2-5ubuntu2) vivid-proposed; urgency=medium

  * debian/rules:
    * Added -fPIE -pie to build rules (enables position-independent builds)
      using Debian's committed change to enable. (LP: #1315426)
 -- Thomas Ward <email address hidden>   Wed, 01 Apr 2015 14:26:32 -0400

Available diffs

Superseded in trusty-updates on 2015-08-06
Deleted in trusty-proposed on 2015-08-08 (Reason: moved to -updates)
nginx (1.4.6-1ubuntu3.2) trusty-proposed; urgency=medium

  * d/modules/nginx-http-push: Apply upstream bugfix. (LP: #1216817)
    * src/ngx_http_push_module_setup.c: Modify push module code with
      upstream changes to fix an issue with initialization when using
      `fastcgi_cache` or `proxy_cache`.
    * tests/nginx-cachemanager.conf: (new file) Include upstream change
      of adding an nginx-cachemanager.conf file to the tests.
 -- Thomas Ward <email address hidden>   Mon, 09 Feb 2015 12:08:50 -0500
Published in precise-updates on 2015-07-20
Deleted in precise-proposed (Reason: moved to -updates)
nginx (1.1.19-1ubuntu0.8) precise-proposed; urgency=medium

  * d/modules/nginx-http-push: Apply upstream bugfix. (LP: #1216817)
    * src/ngx_http_push_module_setup.c: Modify push module code with
      upstream changes to fix an issue with initialization when using
      `fastcgi_cache` or `proxy_cache`.
    * tests/nginx-cachemanager.conf: (new file) Include upstream change
      of adding an nginx-cachemanager.conf file to the tests.
 -- Thomas Ward <email address hidden>   Mon, 09 Feb 2015 12:02:52 -0500
Superseded in precise-updates on 2015-07-20
Published in precise-security on 2015-01-06
nginx (1.1.19-1ubuntu0.7) precise-security; urgency=medium

  * SECURITY UPDATE: incorrect cached SSL session reuse (LP: #1370478)
    - debian/patches/CVE-2014-3616.patch: Use a random value for session id
      context, since there is no support for shared TLS Session Tickets in
      this version in src/event/ngx_event_openssl.c.
    - CVE-2014-3616
 -- Lev Lazinskiy <email address hidden>   Fri, 05 Dec 2014 22:25:50 -0500
Superseded in vivid-release on 2015-04-02
Deleted in vivid-proposed on 2015-04-04 (Reason: moved to release)
nginx (1.6.2-5ubuntu1) vivid; urgency=medium

  * Merge from Debian.  Remaining changes: (LP: #1399967)
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - debian/rules: Drop from -O3 to -O2 to work around a build failure.
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/control: drop luajit from Build-Depends as it is in universe.
 -- Thomas Ward <email address hidden>   Sat, 06 Dec 2014 13:06:55 -0500

Available diffs

Superseded in vivid-release on 2014-12-30
Deleted in vivid-proposed on 2014-12-31 (Reason: moved to release)
nginx (1.6.2-4ubuntu1) vivid; urgency=medium

  * Merge from Debian. Remaining changes: (LP: #1388621)
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding
      (refreshed).
    - debian/rules: Drop from -O3 to -O2 to work around a build failure.
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/control: drop luajit from Build-Depends as it is in universe.
  * debian/control:
    * Remove nginx-naxsi* from nginx-core and related
      package stanzas, as the naxsi packages have all been dropped.
    * Remove reference to nginx-naxsi from nginx metapackage description
  * debian/index.html: Modify included index.html file to have Ubuntu
    branding, Ubuntu bug reporting tool references, and a link to the
    Launchpad bugs page for the nginx package.

Available diffs

Superseded in vivid-release on 2014-11-25
Obsolete in utopic-release on 2016-11-03
Deleted in utopic-proposed on 2016-11-03 (Reason: moved to release)
nginx (1.6.2-1ubuntu1.1) utopic; urgency=medium

  * debian/conf/sites-available/default: Remove SSLv3 from the ssl_protocols
    line in the default config example, due to POODLE vulnerability.
 -- Thomas Ward <email address hidden>   Wed, 22 Oct 2014 09:43:35 -0400

Available diffs

Superseded in utopic-release on 2014-10-22
Deleted in utopic-proposed on 2014-10-23 (Reason: moved to release)
nginx (1.6.2-1ubuntu1) utopic; urgency=medium

  * Merge from Debian. Remaining changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding
      (refreshed).
    - debian/rules: Drop from -O3 to -O2 to work around a build failure.
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
  * debian/tests/control: add nginx-core test.
  * debian/control: drop luajit from Build-Depends as it is in universe.

Available diffs

Superseded in trusty-updates on 2015-02-25
Superseded in trusty-security on 2016-02-09
nginx (1.4.6-1ubuntu3.1) trusty-security; urgency=medium

  * SECURITY UPDATE: incorrect cached SSL session reuse (LP: #1370478)
    - debian/patches/CVE-2014-3616.patch: include hash of certificate in
      session id context in src/event/ngx_event_openssl.c.
    - CVE-2014-3616
 -- Marc Deslauriers <email address hidden>   Wed, 17 Sep 2014 08:56:46 -0400
Superseded in utopic-release on 2014-09-23
Deleted in utopic-proposed on 2014-09-24 (Reason: moved to release)
nginx (1.6.1-1ubuntu2) utopic; urgency=medium

  * Rebuild for Perl 5.20.0.
 -- Colin Watson <email address hidden>   Sun, 24 Aug 2014 06:43:36 -0700

Available diffs

Superseded in utopic-release on 2014-08-27
Deleted in utopic-proposed on 2014-08-28 (Reason: moved to release)
nginx (1.6.1-1ubuntu1) utopic; urgency=medium

  * Merge from Debian. Remaining changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding
      (refreshed).
    - debian/rules: Drop from -O3 to -O2 to work around a build failure.
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
  * Add dep8 smoke test

Available diffs

Obsolete in saucy-updates on 2015-04-24
Obsolete in saucy-security on 2015-04-24
nginx (1.4.1-3ubuntu1.3) saucy-security; urgency=low

  * SECURITY UPDATE: SPDY Heap Buffer Overflow Vulnerabilty (LP: #1294280)
    - debian/patches/cve-2014-0133.patch: modify src/http/ngx_http_spdy.c to
      fix a heap buffer overflow vulnerability in the SPDY module by using
      a specially crafted request.
    - CVE-2014-0133
 -- Thomas Ward <email address hidden>   Tue, 18 Mar 2014 21:17:14 -0400
Superseded in utopic-release on 2014-08-15
Published in trusty-release on 2014-03-13
Deleted in trusty-proposed (Reason: moved to release)
nginx (1.4.6-1ubuntu3) trusty; urgency=medium

  * Add new binary package for main, nginx-core, which contains only
    source-tarball-included modules and no third-party modules.
  * Changes to debian/ directory:
    - control:
      + Add entry for nginx-core and nginx-core-dbg.
    - rules:
      + Add nginx-core flavor to the build rules.
    - nginx-core.*: Add new packaging files for nginx-core based on
      the packaging files for nginx-full.
  * The above changes satisfy the requirements for main (LP: #1262710)
 -- Thomas Ward <email address hidden>   Mon, 10 Mar 2014 18:23:36 -0400

Available diffs

Superseded in trusty-release on 2014-03-13
Superseded in trusty-release on 2014-03-13
Deleted in trusty-proposed on 2014-03-14 (Reason: moved to release)
nginx (1.4.6-1ubuntu2) trusty; urgency=medium

  * debian/rules: Drop from -O3 to -O2 to work around a build failure.
 -- Adam Conrad <email address hidden>   Sun, 09 Mar 2014 11:49:28 -0600
Superseded in trusty-proposed on 2014-03-09
nginx (1.4.6-1ubuntu1) trusty; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/patches/ubuntu-branding.patch: Add Ubuntu branding.

Available diffs

Superseded in trusty-release on 2014-03-09
Deleted in trusty-proposed on 2014-03-11 (Reason: moved to release)
nginx (1.4.5-1ubuntu1) trusty; urgency=medium

  * Resynchronise with Debian (LP: #1280511).  Remaining changes:
    - debian/patches/ubuntu-branding.patch:
      + Add Ubuntu branding to server_tokens.

Available diffs

Superseded in saucy-updates on 2014-03-20
Deleted in saucy-proposed on 2014-03-22 (Reason: moved to -updates)
nginx (1.4.1-3ubuntu1.2) saucy; urgency=low

  * Apply upstream changes to fix a segmentation fault in the third-party
    ngx_auth_pam module in nginx-full and nginx-extras. (LP: #1264674)
 -- Thomas Ward <email address hidden>   Sun, 09 Feb 2014 21:14:14 -0500
Superseded in precise-updates on 2015-01-06
Deleted in precise-proposed on 2015-01-08 (Reason: moved to -updates)
nginx (1.1.19-1ubuntu0.6) precise-proposed; urgency=low

  * Enable building of the http_stub_status_module in nginx-naxsi, which was
    apparently not marked for compiling even though it's listed in the package
    description.  (LP: #1170586)
 -- Thomas Ward <email address hidden>   Fri, 31 Jan 2014 11:02:23 -0500
Superseded in trusty-release on 2014-02-15
Deleted in trusty-proposed on 2014-02-16 (Reason: moved to release)
nginx (1.4.4-4ubuntu1) trusty; urgency=medium

  * Resynchronise with Debian.  Remaining changes:
    - debian/patches/ubuntu-branding.patch:
      + Add Ubuntu branding to server_tokens.

Available diffs

Superseded in trusty-release on 2014-01-08
Deleted in trusty-proposed on 2014-01-09 (Reason: moved to release)
nginx (1.4.4-2ubuntu1) trusty; urgency=medium

  * Resynchronise with Debian.  Remaining changes:
    - debian/patches/ubuntu-branding.patch:
      + Add Ubuntu branding to server_tokens.

Available diffs

Superseded in trusty-release on 2013-12-28
Deleted in trusty-proposed on 2013-12-29 (Reason: moved to release)
nginx (1.4.4-1ubuntu1) trusty; urgency=low

  * Resynchronise with Debian (LP: #1253691).  Remaining changes:
    - debian/patches/ubuntu-branding.patch:
      + Add Ubuntu branding to server_tokens.

Available diffs

Superseded in saucy-updates on 2014-02-27
Superseded in saucy-security on 2014-03-20
nginx (1.4.1-3ubuntu1.1) saucy-security; urgency=low

  * SECURITY UPDATE: ACL bypass via space character (LP: #1253691)
    - debian/patches/cve-2013-4547.patch: modify src/http/ngx_http_parse.c
      to account for a space character, fixing an issue which could result in
      security restrictions being bypassed
    - CVE-2013-4547
 -- Thomas Ward <email address hidden>   Thu, 21 Nov 2013 13:27:20 -0500
175 of 165 results