lp:ubuntu/precise-security/nginx

Created by Ubuntu Package Importer on 2013-05-29 and last modified on 2015-01-06
Get this branch:
bzr branch lp:ubuntu/precise-security/nginx
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

56. By Lev Lazinskiy on 2014-12-05

* SECURITY UPDATE: incorrect cached SSL session reuse (LP: #1370478)
  - debian/patches/CVE-2014-3616.patch: Use a random value for session id
    context, since there is no support for shared TLS Session Tickets in
    this version in src/event/ngx_event_openssl.c.
  - CVE-2014-3616

55. By Thomas Ward on 2013-11-21

* SECURITY UPDATE: ACL bypass via space character (LP: #1253691)
  - debian/patches/cve-2013-4547.patch: modify src/http/ngx_http_parse.c
    to account for a space character, fixing an issue which could result in
    security restrictions being bypassed
  - CVE-2013-4547

54. By Thomas Ward on 2013-05-24

* Security update (closes LP: #1182586):
  * Patch to fix a buffer overflow vulnerability (CVE-2013-2070)

53. By Cyril Lavier on 2012-04-13

[Cyril Lavier]
* New upstream release.
  + Fixed a buffer overflow in the ngx_http_mp4_module. See: CVE-2012-2089
    for more details.
* debian/copyright:
  + Updated licenses.
* debian/nginx-extras.postinst, debian/nginx-full.postinst,
  debian/nginx-light.postinst, debian/nginx-naxsi.postinst:
  + Removing the debug markers. (Closes: #667894)
* debian/control, debian/rules, debian/copyright,
  debian/modules/nginx-dav-ext-module:
  + Added nginx-dav-ext-module in full and extras.
* debian/modules/naxsi:
  + Updated naxsi to the SVN snapshot (r280) to fix the licence issue with
    OpenSSL.

[Kartik Mistry]
* Misc cleanups in debian/control, debian/copyright.

52. By Cyril Lavier on 2012-03-18

[Cyril Lavier]
* debian/control:
  + Added build dependency to dpkg-dev (>= 1.15.7). (Closes: #664212)
* debian/patches/perl-use-dpkg-buildflags.patch:
  + Added patch to harden flags for perl module (Thanks to Simon Ruderich
    for the patch). (Closes: #664090)

[Kartik Mistry]
* Set urgency due to fix for security and RC bugs with 1.17.1-1 upload.

51. By Kartik Mistry on 2012-02-01

[Cyril Lavier]
* New upstream release.
* debian/rules:
  + Resolved the lintian errors "unstripped-binary-or-object" with a
    cleaner correction (Thanks to Steven Chamberlain for the patch).
  + Added a check on the parallel building to force NUMJOBS to 1 if
    the value 0 is given.
* debian/modules:
  + Updated nginx-lua module to version 0.4.1.

[Kartik Mistry]
* debian/rules, debian/control, debian/copyright,
  debian/modules/nginx-upload-module:
  + Added Upload module to nginx-extras, updated long description and
    copyright. (Closes: #654593)
* debian/modules/README.modules:
  + Added Homepage information for some modules.
* debian/rules:
  + Enable hardened build flags, Thanks to Moritz Muehlenhoff for patch.
    (Closes: #658186)

50. By Kartik Mistry on 2012-01-01

[Kartik Mistry]
* debian/control:
  + Set myself as Maintainer, Jose Parrella as Uploaders with approval from
    team.
* debian/copyright:
  + Fixed DEP5 URL.
  + Updated debian/* copyright.
* debian/modules:
  + Updated nginx-lua module to version 0.3.1rc43

[Cyril Lavier]
* New upstream release.
* debian/conf/sites-available/default:
  + Added a / in the alias directive. (Closes: #653160)
* debian/rules:
  + Added necessary lines for parallel building.

49. By Kartik Mistry on 2011-12-14

[Kartik Mistry]
* New upstream release.
* debian/control:
  + Set priority to extra for nginx-light and nginx-extras binaries
    (Policy: Section 2.5)
* debian/patches/607418-ipv6-addresses.diff:
  + Removed. Merged upstream with 1.1.9 release.
* debian/copyright:
  + Updated upstream copyright year, updated Michael's email address, misc
    changes for format.

[Michael Lustfield]
* debian/conf/fastcgi_params:
  + Changed $server_https to $https per new feature in 1.1.11.
* debian/conf/nginx.conf:
  + Removed map for $server_https as it's no longer needed.

48. By UNera on 2011-11-24

* debian/modules/chunkin-nginx-module:
  + Reinclude HttpChunkin Module with new upstream version (closes: #638814)
* debian/control:
  + Add myself to uploaders list.

47. By Kartik Mistry on 2011-11-18

[Kartik Mistry]
* New upstream release.
* debian/modules/chunkin-nginx-module:
  + Removed as of now, as it breaks with Perl 5.14 (Closes: #649061)

[Michael Lustfield]
* debian/control:
  + Added Map module to nginx-light modules list.
* debian/rules:
  + Removed --without-http_map_module form nginx-light.
* debian/nginx-common.install:
  + Changed ufw profile installation (LP: #825349).
    - debian/ufw.profile -> debian/ufw/nginx.
* debian/nginx-common.preinst:
  + Cleanup of moved nginx profile.
* debian/conf/nginx.conf:
  + Added a default map for $server_https (on|off).
* debian/conf/fastcgi_params:
  + Pass HTTPS so $_SERVER['HTTPS'] is set (LP: #857831).
* debian/conf/mime.types:
  + Added json type (LP: #883440).
* debian/conf/sites-available/default:
  + Added notes about PHP (Closes: #642995).
  + Changed location /doc from root to alias.
  + Changed location /doc to /doc/ for people that don't bother reading or
    learning anything about Nginx configuration files (LP: #840358).

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/saucy/nginx
This branch contains Public information 
Everyone can see this information.

Subscribers