-
nginx (1.18.0-0ubuntu1.4) focal-security; urgency=medium
* SECURITY UPDATE: memory corruption/disclosure issue
- debian/patches/CVE-2022-41741_41742.patch: disabled duplicate atoms in
Mp4
- CVE-2022-41741
- CVE-2022-41742
-- Nishit Majithia <email address hidden> Thu, 10 Nov 2022 12:08:48 +0530
-
nginx (1.18.0-0ubuntu1.3) focal-security; urgency=medium
* SECURITY UPDATE: ALPACA TLS issue
- debian/patches/CVE-2021-3618.patch: specify the number of
errors after which the connection is closed in
src/mail/ngx_mail.h, src/mail/ngx_mail_core_module.c and
src/mail/ngx_mail_handler.c.
- CVE-2021-3618
* SECURITY UPDATE: request mutation by unsafe characters
- Add input validation to requests in Lua module in
debian/modules/http-lua/src/ngx_http_lua_control.c,
debian/modules/http-lua/src/ngx_http_lua_headers_in.c,
debian/modules/http-lua/src/ngx_http_lua_headers_out.c,
debian/modules/http-lua/src/ngx_http_lua_uri.c,
debian/modules/http-lua/src/ngx_http_lua_util.h and
debian/modules/http-lua/src/ngx_http_lua_util.h.
- CVE-2020-36309
* SECURITY UPDATE: request smuggling in ngx.location.capture
- Add manual crafting of Content-Length in case request is
chunked in
debian/modules/http-lua/src/ngx_http_lua_subrequest.c.
- CVE-2020-11724
-- David Fernandez Gonzalez <email address hidden> Tue, 12 Apr 2022 10:04:16 +0200
-
nginx (1.18.0-0ubuntu1.2) focal-security; urgency=medium
* SECURITY UPDATE: DNS Resolver issues
- debian/patches/CVE-2021-23017-1.patch: fixed off-by-one write in
src/core/ngx_resolver.c.
- debian/patches/CVE-2021-23017-2.patch: fixed off-by-one read in
src/core/ngx_resolver.c.
- CVE-2021-23017
-- Marc Deslauriers <email address hidden> Tue, 25 May 2021 13:10:38 -0400
-
nginx (1.18.0-0ubuntu1) focal; urgency=medium
* Stable Release Update for Version String (LP: #1875231)
* New upstream Stable release (1.18.0) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
- d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
module to nginx-full and nginx-extras (and use proper DEP5 syntax for
d/copyright).
- d/control, d/rules: Drop GeoIP from nginx-core due to demotion of
libgeoip.
-- Thomas Ward <email address hidden> Tue, 21 Apr 2020 10:49:01 -0400
-
nginx (1.17.10-0ubuntu1) focal; urgency=medium
* New upstream release (1.17.9) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
- d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
module to nginx-full and nginx-extras (and use proper DEP5 syntax for
d/copyright).
- d/control, d/rules: Drop GeoIP from nginx-core due to demotion of
libgeoip.
-- Thomas Ward <email address hidden> Tue, 14 Apr 2020 12:53:34 -0400
-
nginx (1.17.9-0ubuntu3) focal; urgency=medium
* d/conf/sites-available/default: Update PHP path for PHP 7.4.
-- Thomas Ward <email address hidden> Thu, 26 Mar 2020 10:53:52 -0400
-
nginx (1.17.9-0ubuntu2) focal; urgency=medium
* Drop GeoIP from nginx-core due to demotion of libgeoip (LP: #1861101,
LP: #1867150):
- d/control: Remove libnginx-mod-http-geoip from nginx-core dependency
- d/rules: Remove the configure line of with-http_geoip_module=dynamic
from the nginx-core build flags, due to demotion of libgeoip and the
removal of the dynamic library from install deps for nginx-core.
-- Thomas Ward <email address hidden> Wed, 11 Mar 2020 13:41:07 -0400
-
nginx (1.17.9-0ubuntu1) focal; urgency=medium
* New upstream release (1.17.9) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
- d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
module to nginx-full and nginx-extras (and use proper DEP5 syntax for
d/copyright).
-- Thomas Ward <email address hidden> Tue, 03 Mar 2020 11:05:45 -0500
-
nginx (1.17.8-0ubuntu3) focal; urgency=medium
* d/conf/sites-available/default: Indentation consistency.
Fix an indentation issue introduced by 1.17.8-0ubuntu2 to make sure that
indentation in the default config file is consistent.
-- Thomas Ward <email address hidden> Wed, 26 Feb 2020 10:35:13 -0500
-
nginx (1.17.8-0ubuntu2) focal; urgency=medium
* d/conf/sites-available/default: Revert changes done in #1743592.
Reverts this change:
- d/conf/sites-available/default: Update default nginx site
configuration file to remove the IPv6 listening line so that servers
running without IPv6 enabled at all on the system will start nginx
properly.
-- Thomas Ward <email address hidden> Thu, 20 Feb 2020 13:52:32 -0500
-
nginx (1.17.8-0ubuntu1) focal; urgency=medium
* New upstream release (1.17.8) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
- d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
module to nginx-full and nginx-extras (and use proper DEP5 syntax for
d/copyright).
- d/conf/sites-available/default: Update default nginx site configuration
file to remove the IPv6 listening line so that servers running without
IPv6 enabled at all on the system will start nginx properly.
(LP: #1743592)
-- Thomas Ward <email address hidden> Tue, 18 Feb 2020 19:01:02 -0500
-
nginx (1.17.7-0ubuntu1) focal; urgency=medium
* New upstream release (1.17.7) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
- d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
module to nginx-full and nginx-extras (and use proper DEP5 syntax for
d/copyright).
- d/conf/sites-available/default: Update default nginx site configuration
file to remove the IPv6 listening line so that servers running without
IPv6 enabled at all on the system will start nginx properly.
(LP: #1743592)
-- Thomas Ward <email address hidden> Mon, 30 Dec 2019 13:02:58 -0500
-
nginx (1.17.6-0ubuntu1) focal; urgency=medium
* New upstream release (1.17.6) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
- d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
module to nginx-full and nginx-extras (and use proper DEP5 syntax for
d/copyright).
- d/conf/sites-available/default: Update default nginx site configuration
file to remove the IPv6 listening line so that servers running without
IPv6 enabled at all on the system will start nginx properly.
(LP: #1743592)
-- Thomas Ward <email address hidden> Tue, 19 Nov 2019 10:34:14 -0500
-
nginx (1.17.5-0ubuntu1) focal; urgency=medium
* New upstream release (1.17.5) - full changelog available from
http://nginx.org/en/CHANGES
* Remaining Ubuntu-specific changes:
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
- d/nginx-{core,light,full,extras}.postinst: Add checks for whether
port 80 is in use or not to determine whether or not to attempt
starting of the NGINX service during install/upgrade
- d/control: Add dependencies to nginx-{core,light,full,extras} on
`iproute2` as the postinst scripts now use `ss` to determine if
Port 80 is open or not.
- d/rules: Enable --with-compat build option for all nginx package
flavors
- d/{control,rules,copyright,modules/http-geoip2*}: Add GeoIP2 third party
module to nginx-full and nginx-extras (and use proper DEP5 syntax for
d/copyright).
* New Ubuntu-specific changes:
- d/conf/sites-available/default: Update default nginx site configuration
file to remove the IPv6 listening line so that servers running without
IPv6 enabled at all on the system will start nginx properly.
(LP: #1743592)
-- Thomas Ward <email address hidden> Fri, 01 Nov 2019 11:55:10 -0400
-
nginx (1.16.1-0ubuntu3) focal; urgency=medium
* No-change rebuild for the perl update.
-- Matthias Klose <email address hidden> Fri, 18 Oct 2019 19:37:10 +0000
-
nginx (1.16.1-0ubuntu2) eoan; urgency=medium
* d/conf/sites-available/default: Update PHP referred to in the
example in the default configuration to PHP 7.2.
(LP: #1831748)
-- Thomas Ward <email address hidden> Thu, 15 Aug 2019 12:01:39 -0400