Last commit made on 2019-02-16
Get this branch:
git clone -b applied/debian/stretch https://git.launchpad.net/ubuntu/+source/nginx
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

09dc57c... by ctrochalakis on 2018-11-07

Import patches-applied version 1.10.3-1+deb9u2 to applied/debian/stretch

Imported using git-ubuntu import.

Changelog parent: d1dc27557f0fb43a3004ea4e89c733838fe11772
Unapplied parent: feddaf7cbc356774330ddc74fbcf23385572f9a1

New changelog entries:
  * Backport http2_max_requests directive needed for
    CVE-2018-16844 mitigation
  * Backport upstream fixes for 3 CVEs (Closes: #913090)
    + CVE-2018-16843 Excessive memory usage in HTTP/2
    + CVE-2018-16844 Excessive CPU usage in HTTP/2
      This change limits the maximum allowed number of idle state
      switches to 10 * http2_max_requests (i.e., 10000 by default).
      This limits possible CPU usage in one connection, and also
      imposes a limit on the maximum lifetime of a connection
    + CVE-2018-16845 Memory disclosure in the ngx_http_mp4_module

feddaf7... by ctrochalakis on 2018-11-07

[PATCH 10/12] Mp4: fixed reading 64-bit atoms.

Gbp-Pq: CVE-2018-16845-Mp4-fixed-reading-64-bit-atoms.patch.

2226ee9... by ctrochalakis on 2018-11-07

[PATCH 12/12] HTTP/2: limit the number of idle state switches.

Gbp-Pq: CVE-2018-16844-1-HTTP-2-limit-the-number-of-idle-state-switches.patch.

b6493b1... by ctrochalakis on 2018-11-07

[PATCH 20/21] HTTP/2: limited maximum number of requests in

Gbp-Pq: CVE-2018-16844-0-HTTP-2-limited-maximum-number-of-requests-in-connect.patch.

b9d8c76... by ctrochalakis on 2018-11-07

[PATCH] Adapt HTTP/2 flood detection to nginx 1.10.3

Gbp-Pq: CVE-2018-16843-1-Adapt-HTTP-2-flood-detection-to-nginx-1.10.3.patch.

f37d948... by ctrochalakis on 2018-11-07

[PATCH 11/12] HTTP/2: flood detection.

Gbp-Pq: CVE-2018-16843-0-HTTP-2-flood-detection.patch.

86e0b5a... by ctrochalakis on 2018-11-07

[PATCH] Range filter: protect from total size overflows.

Gbp-Pq: CVE-2017-7529-Range-filter.patch.

ba96b02... by ctrochalakis on 2018-11-07

SSL: support for multiple curves (ticket #885).

Gbp-Pq: 0006-SSL-support-for-multiple-curves-ticket-885.patch.

bf63dba... by ctrochalakis on 2018-11-07

SSL: style.

Gbp-Pq: 0005-SSL-style.patch.

bea563e... by ctrochalakis on 2018-11-07

SSL: error messages style.

Gbp-Pq: 0004-SSL-error-messages-style.patch.