-
nginx (1.9.3-1ubuntu1.2) wily-security; urgency=medium
* SECURITY UPDATE: Null pointer dereference while writing client request
body (LP: #1587577)
- debian/patches/cve-2016-4450.patch: Upstream patch to address issue.
- CVE-2016-4450
-- Thomas Ward <email address hidden> Tue, 31 May 2016 20:14:23 -0400
-
nginx (1.9.3-1ubuntu1.1) wily-security; urgency=medium
* SECURITY UPDATE: multiple resolver security issues (LP: #1538165)
- debian/patches/CVE-2016-074x-1.patch: fix possible segmentation fault
on DNS format error.
- debian/patches/CVE-2016-074x-2.patch: fix crashes in timeout handler.
- debian/patches/CVE-2016-074x-3.patch: fixed CNAME processing for
several requests.
- debian/patches/CVE-2016-074x-4.patch: change the
ngx_resolver_create_*_query() arguments.
- debian/patches/CVE-2016-074x-5.patch: fix use-after-free memory
accesses with CNAME.
- debian/patches/CVE-2016-074x-6.patch: limited CNAME recursion.
- CVE-2016-0742
- CVE-2016-0743
- CVE-2016-0744
-- Marc Deslauriers <email address hidden> Wed, 03 Feb 2016 08:38:22 -0500
-
nginx (1.9.3-1ubuntu1) wily; urgency=medium
* Merge from Debian. Remaining changes: (LP: #1476811)
- debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
- d/{control,rules,nginx-core.*}: add new binary package for main,
nginx-core, which contains only source-tarball-included modules
and no third-party modules.
- debian/tests/control: add nginx-core test.
- debian/control: drop luajit from Build-Depends as it is in universe.
- debian/apport/source_nginx.py: Add apport hooks for additional bug
information gathering.
- debian/nginx-common.install: Add install rule for apport hooks.
nginx (1.9.3-1) unstable; urgency=medium
[ Christos Trochalakis]
* New upstream Release. (Closes: #789924)
* debian/control:
+ Remove XS-Testsuite header, it is now automatically added when
`debian/tests/control` is present.
* debian/modules/nginx-lua:
+ Update nginx-lua to v0.9.16 and drop our backported patches.
* debian/conf/*:
+ Add REQUEST_SCHEME to fcgi, wsgi and scgi configs (sync with upstream).
nginx (1.9.2-1) unstable; urgency=medium
[ Michael Lustfield ]
* debian/nginx-common.nginx.init:
+ Init script now returns the proper exit status. (Closes: #788573)
+ Cleaned up the init script to have consistent naming/structure.
[ Christos Trochalakis ]
* New upstream Release.
* debian/rules:
+ Add stream module to nginx-full & nginx-extras.
+ Add thread pool support to nginx-full & nginx-extras.
* debian/modules/nginx-lua:
+ Backport upstream's 9531e5e7 fixing build failure when thread pool
support is enabled.
nginx (1.9.1-1) unstable; urgency=medium
[ Michael Lustfield ]
* debian/conf/nginx.conf:
+ Switch worker_processes to auto. (Closes: #781711)
* debian/conf/sites-available/default:
+ Add comment about disabling gzip in HTTPS. (Closes: #773332)
+ Add comment about checking ssl_ciphers. (Closes: #765782)
* debian/modules/*:
+ Updated nginx-auth-pam 1.3 -> 1.4. (Closes: #777120)
+ Updated nginx-echo v0.56 -> v0.57.
+ Updated nginx-lua v0.9.13 -> v0.9.15.
+ Updated nginx-cache-purge 2.1 -> 2.3.
+ Updated ngx-fancyindex v0.3.4 -> v0.3.5.
* debian/nginx-common.NEWS:
+ Document potential issues with newer versions on i386.
* debian/nginx-common.{dirs,install}, debian/vim/*:
+ Installing vim syntax highlighting from package. (Closes: #771609)
Thanks Emmanuel Bouthenot for building this patch.
* debian/nginx-common.nginx.upstart:
+ Created file to support upstart jobs. (Closes: #745483)
Thanks Cameron Norman for building this file.
* debian/rules:
+ Add hardening flags with dpkg-buildflags. (Closes: #747025, #781703)
Thanks Thomas Ward.
+ Supply custom DEB_BUILD_MAINT_OPTIONS for debian_ldflags generation.
Thanks Thomas Ward.
+ Added back missing module gunzip. (Closes: #782065)
Thanks Peter Wu for the initial patch.
* debian/modules/nginx-lua/*:
+ Updated module version. (Closes: #762494)
* debian/ngx-conf/*
+ Added configuration utility, not shipped yet. (Closes: #652108)
* debian/nginx-common.manpages:
+ Replaced man page with upstream maintained version. (Closes: #781345)
* debian/nginx-common.install:
+ Changed debian/index.html -> html/index.html. This installs the package
maintained version of this file as opposed to our out of date version.
[ Christos Trochalakis ]
* New upstream release. Switching to mainline version. (Closes: #777677)
* debian/nginx-common.manpages:
+ Build & ship manpages with binary packages.
* debian/rules:
+ Adjust configure flags for limit_zone module (renamed to limit_conn).
* debian/modules/nginx-lua:
+ Backport upstream's f4e1311 fixing build failure with mainline nginx.
* debian/control:
+ Depend on libgd-dev now that jessie is released.
-- Thomas Ward <email address hidden> Wed, 22 Jul 2015 11:39:44 -0400
-
nginx (1.6.2-5ubuntu4) wily; urgency=medium
* debian/apport/source_nginx.py:
- Add apport hooks for additional bug information gathering, as a result
of non-useful reports due to postinstall script failure bugs. This is
necessary in order to be able to actually debug what is going on in the
bug reports, thanks to systemd not putting startup errors to stdout or
stderr anymore, like Upstart and others did. (LP: #1472683)
* debian/nginx-common.install:
- Add install rule for debian/apport/source_nginx.py, which is the new
apport hooks to gather additional 'Package' bugtype debug data.
-- Thomas Ward <email address hidden> Fri, 10 Jul 2015 12:51:48 -0400
-
nginx (1.6.2-5ubuntu3) vivid-proposed; urgency=medium
* debian/rules:
* Reversed Debian change in 1.6.2-5ubuntu2.
* Added DEB_BUILD_MAINT_OPTIONS=hardening=+all to enable all
dpkg-buildflags to harden the code, except for PIE flags.
* Manually define DEB_BUILD_MAINT_OPTIONS in DEBIAN_NGINX_PERL_LDFLAGS
to not have -fPIE conflicts in Perl flags.
-- Thomas Ward <email address hidden> Wed, 01 Apr 2015 14:57:34 -0400
