lp:~levlaz/ubuntu/precise/nginx/fix-for-1370478
- Get this branch:
- bzr branch lp:~levlaz/ubuntu/precise/nginx/fix-for-1370478
Branch merges
- Marc Deslauriers: Approve
- Ubuntu Security Sponsors Team: Pending requested
-
Diff: 2477 lines (+2423/-1)6 files modified.pc/applied-patches (+1/-0)
.pc/cve-2014-3616.diff/src/event/ngx_event_openssl.c (+2384/-0)
debian/changelog (+10/-0)
debian/patches/cve-2014-3616.diff (+24/-0)
debian/patches/series (+1/-0)
src/event/ngx_event_openssl.c (+3/-1)
Branch information
- Owner:
- Lev Lazinskiy
- Status:
- Development
Recent revisions
- 58. By Lev Lazinskiy
-
* SECURITY UPDATE: incorrect cached SSL session reuse (LP: #1370478)
- debian/patches/ CVE-2014- 3616.patch: Use a random value for session id context,
since there is no support for shared TLS Session Tickets in this version
in src/event/ngx_event_ openssl. c.
- CVE-2014-3616 - 57. By Thomas Ward
-
Enable building of the http_stub_
status_ module in nginx-naxsi, which was
apparently not marked for compiling even though it's listed in the package
description. (LP: #1170586) - 56. By Thomas Ward
-
[ Thomas Ward ]
* Move postinst symlinking of default nginx config to nginx-common only.
(closes LP: #1206878)[ Iain Lane ]
* Take additional change from Debian patch to check sites-enabled and
sites-available are directories before symlinking .../default. - 55. By Thomas Ward
-
Move configuration file removal for package purging to nginx-common only.
(closes LP: #1206878) - 54. By Thomas Ward
-
* Applies upstream bug fixes
* Segfault with try_files when first URI is shorter than request URI
(LP: #1065555) - 53. By Cyril Lavier
-
[Cyril Lavier]
* New upstream release.
+ Fixed a buffer overflow in the ngx_http_mp4_module. See: CVE-2012-2089
for more details.
* debian/copyright:
+ Updated licenses.
* debian/nginx-extras. postinst, debian/ nginx-full. postinst,
debian/nginx-light. postinst, debian/ nginx-naxsi. postinst:
+ Removing the debug markers. (Closes: #667894)
* debian/control, debian/rules, debian/copyright,
debian/modules/ nginx-dav- ext-module:
+ Added nginx-dav-ext-module in full and extras.
* debian/modules/ naxsi:
+ Updated naxsi to the SVN snapshot (r280) to fix the licence issue with
OpenSSL.[Kartik Mistry]
* Misc cleanups in debian/control, debian/copyright. - 52. By Cyril Lavier
-
[Cyril Lavier]
* debian/control:
+ Added build dependency to dpkg-dev (>= 1.15.7). (Closes: #664212)
* debian/patches/ perl-use- dpkg-buildflags .patch:
+ Added patch to harden flags for perl module (Thanks to Simon Ruderich
for the patch). (Closes: #664090)[Kartik Mistry]
* Set urgency due to fix for security and RC bugs with 1.17.1-1 upload. - 51. By Kartik Mistry
-
[Cyril Lavier]
* New upstream release.
* debian/rules:
+ Resolved the lintian errors "unstripped-binary- or-object" with a
cleaner correction (Thanks to Steven Chamberlain for the patch).
+ Added a check on the parallel building to force NUMJOBS to 1 if
the value 0 is given.
* debian/modules:
+ Updated nginx-lua module to version 0.4.1.[Kartik Mistry]
* debian/rules, debian/control, debian/copyright,
debian/modules/ nginx-upload- module:
+ Added Upload module to nginx-extras, updated long description and
copyright. (Closes: #654593)
* debian/modules/ README. modules:
+ Added Homepage information for some modules.
* debian/rules:
+ Enable hardened build flags, Thanks to Moritz Muehlenhoff for patch.
(Closes: #658186) - 50. By Kartik Mistry
-
[Kartik Mistry]
* debian/control:
+ Set myself as Maintainer, Jose Parrella as Uploaders with approval from
team.
* debian/copyright:
+ Fixed DEP5 URL.
+ Updated debian/* copyright.
* debian/modules:
+ Updated nginx-lua module to version 0.3.1rc43[Cyril Lavier]
* New upstream release.
* debian/conf/sites- available/ default:
+ Added a / in the alias directive. (Closes: #653160)
* debian/rules:
+ Added necessary lines for parallel building.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/vivid/nginx