Created by Ubuntu Package Importer on 2013-05-29 and last modified on 2013-11-22
Get this branch:
bzr branch lp:ubuntu/quantal-security/nginx
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

58. By Thomas Ward on 2013-11-21

* SECURITY UPDATE: ACL bypass via space character (LP: #1253691)
  - debian/patches/cve-2013-4547.patch: modify src/http/ngx_http_parse.c
    to account for a space character, fixing an issue which could result in
    security restrictions being bypassed
  - CVE-2013-4547

57. By Thomas Ward on 2013-05-24

* Security update (closes LP: #1182586):
  * Patch to fix a buffer overflow vulnerability (CVE-2013-2070)

56. By gregor herrmann on 2012-08-04

* Non-maintainer upload.
* Fix "removes files that were installed by another package":
  don't remove directories that are owned by (and removed from) nginx-common
  from nginx-extras.postrm. This seems to have been the idea in commit e30a854
  ("Moved configuration purging to nginx-common.") except that it was added
  in nginx-common.postrm without being removed in nginx-extras.postrm.
  Remove nginx-extras.postrm since it's empty after this change.
  (Closes: #681758)

55. By Cyril Lavier on 2012-06-27

[Cyril Lavier]
* Urgency set to medium, security bug in naxsi module, fix via upstream.
* debian/modules/naxsi:
  + Updated naxsi module to version 0.46-1 fixing the following security
    issue : potential file disclosure in nx_extract.

54. By Kartik Mistry on 2012-05-14

[Cyril Lavier]
* New upstream release. (Closes: #670306)
  + 1.2.x is stable release now.
* debian/modules/chunkin-nginx-module:
  + Updated chunkin-nginx-module to v0.23rc2-3-g85eca98.
* debian/modules/headers-more-module:
  + Updated headers-more-module to v0.17rc1-4-g33a82ed.
* debian/modules/nginx-development-kit:
  + Updated nginx-development-kit to v0.2.17-7-g24202b4.
* debian/modules/nginx-echo:
  + Updated nginx-echo to v0.38rc2-7-g080c0a1.
* debian/modules/nginx-lua:
  + Updated nginx-lua to v0.5.0rc25-5-g8d28785.
* debian/modules/nginx-upstream-fair:
  + Updated nginx-upstream-fair to a18b409.
* debian/modules/nginx-upload-progress:
  + Updated nginx-upload-progress to v0.9.0-0-ga788dea.
* debian/modules/naxsi:
  + Updated naxsi to 0.46
* debian/modules/README.Modules-versions:
  + Updated versions and URLs for modules.
* debian/naxsi-ui-extract, debian/naxsi-ui-intercept,
  debian/nginx-naxsi-ui.*, debian/naxsi-ui-extract.1,
  debian/naxsi-ui-intercept.1, debian/rules:
  + Added nginx-naxsi-ui package containing the learning daemon
    and the WebUI.
* debian/nginx-common.nginx.default, debian/nginx-common.nginx.init:
  + Renamed files to be compliant with the nginx-naxsi-ui package.
* debian/po:
  + Added needed files for using po-debconf.
  + Added French translation.
* debian/control:
  + Applied the modifications given after the review by Justin Rye.

[Michael Lustfield]
* debian/conf/uwsgi_params:
  + Added UWSGI_SCHEME to uwsgi_params. (Closes: #664878)
* debian/conf/sites-available/default:
  + Added allow directive for ipv6 localhost. (Closes: #664271)

[Kartik Mistry]
* debian/control:
  + wrap-and-sort.
* debian/copyright:
  + Added missing copyrights, minor formatting fixes.
* debian/nginx-common.nginx.init:
  + Added ulimit for restarts, Thanks to Daniel Roschka
    <email address hidden> for patch. (Closes: #673580)
* debian/conf/sites-available/default:
  + Added patch to fix deprecated "listen" directive, Thanks to
    Guillaume Plessis <email address hidden> for patch. (Closes: #672632)

53. By Cyril Lavier on 2012-04-13

[Cyril Lavier]
* New upstream release.
  + Fixed a buffer overflow in the ngx_http_mp4_module. See: CVE-2012-2089
    for more details.
* debian/copyright:
  + Updated licenses.
* debian/nginx-extras.postinst, debian/nginx-full.postinst,
  debian/nginx-light.postinst, debian/nginx-naxsi.postinst:
  + Removing the debug markers. (Closes: #667894)
* debian/control, debian/rules, debian/copyright,
  + Added nginx-dav-ext-module in full and extras.
* debian/modules/naxsi:
  + Updated naxsi to the SVN snapshot (r280) to fix the licence issue with

[Kartik Mistry]
* Misc cleanups in debian/control, debian/copyright.

52. By Cyril Lavier on 2012-03-18

[Cyril Lavier]
* debian/control:
  + Added build dependency to dpkg-dev (>= 1.15.7). (Closes: #664212)
* debian/patches/perl-use-dpkg-buildflags.patch:
  + Added patch to harden flags for perl module (Thanks to Simon Ruderich
    for the patch). (Closes: #664090)

[Kartik Mistry]
* Set urgency due to fix for security and RC bugs with 1.17.1-1 upload.

51. By Kartik Mistry on 2012-02-01

[Cyril Lavier]
* New upstream release.
* debian/rules:
  + Resolved the lintian errors "unstripped-binary-or-object" with a
    cleaner correction (Thanks to Steven Chamberlain for the patch).
  + Added a check on the parallel building to force NUMJOBS to 1 if
    the value 0 is given.
* debian/modules:
  + Updated nginx-lua module to version 0.4.1.

[Kartik Mistry]
* debian/rules, debian/control, debian/copyright,
  + Added Upload module to nginx-extras, updated long description and
    copyright. (Closes: #654593)
* debian/modules/README.modules:
  + Added Homepage information for some modules.
* debian/rules:
  + Enable hardened build flags, Thanks to Moritz Muehlenhoff for patch.
    (Closes: #658186)

50. By Kartik Mistry on 2012-01-01

[Kartik Mistry]
* debian/control:
  + Set myself as Maintainer, Jose Parrella as Uploaders with approval from
* debian/copyright:
  + Fixed DEP5 URL.
  + Updated debian/* copyright.
* debian/modules:
  + Updated nginx-lua module to version 0.3.1rc43

[Cyril Lavier]
* New upstream release.
* debian/conf/sites-available/default:
  + Added a / in the alias directive. (Closes: #653160)
* debian/rules:
  + Added necessary lines for parallel building.

49. By Kartik Mistry on 2011-12-14

[Kartik Mistry]
* New upstream release.
* debian/control:
  + Set priority to extra for nginx-light and nginx-extras binaries
    (Policy: Section 2.5)
* debian/patches/607418-ipv6-addresses.diff:
  + Removed. Merged upstream with 1.1.9 release.
* debian/copyright:
  + Updated upstream copyright year, updated Michael's email address, misc
    changes for format.

[Michael Lustfield]
* debian/conf/fastcgi_params:
  + Changed $server_https to $https per new feature in 1.1.11.
* debian/conf/nginx.conf:
  + Removed map for $server_https as it's no longer needed.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.