-
02d44fa...
by
ctrochalakis
on 2017-07-12
-
Import patches-unapplied version 1.6.2-5+deb8u5 to debian/jessie
Imported using git-ubuntu import.
Changelog parent: 9317b0e81149eb41acb129acdd05a59cb157d46f
New changelog entries:
* Handle CVE-2017-7529 Integer overflow in the range filter (Closes: #868109)
-
9317b0e...
by
Salvatore Bonaccorso
on 2016-10-27
-
Import patches-unapplied version 1.6.2-5+deb8u4 to debian/jessie
Imported using git-ubuntu import.
Changelog parent: 19bbd2ff329acf28b6083717df18bc11406a1620
New changelog entries:
* Non-maintainer upload by the Security Team.
* debian/nginx-common.config: fix return code so script doesn't exit.
Thanks to Marc Deslauriers and Thomas Ward (Closes: #842276)
[ Christos Trochalakis ]
* debian/nginx-common.postinst:
+ CVE-2016-1247: Secure log file handling (owner & permissions)
against privilege escalation attacks. /var/log/nginx is now owned
by root:adm. Thanks ro Dawid Golunski for the report.
Changing /var/log/nginx permissions effectively reopens #701112,
since log files can be world-readable. This is a trade-off until
a better log opening solution is implemented upstream (trac:376).
* debian/control:
Don't allow building against liblua5.1-0-dev on architectures
that libluajit is available. (Closes: #826167)
-
19bbd2f...
by
ctrochalakis
on 2016-05-31
-
Import patches-unapplied version 1.6.2-5+deb8u2 to debian/jessie
Imported using git-ubuntu import.
Changelog parent: 90f763e5a14c5b62978ed52b5adc2fe5a05af0b9
New changelog entries:
[ Christos Trochalakis ]
* Fixes CVE-2016-4450
NULL pointer dereference while writing client request body.
(Closes: #825960)
-
90f763e...
by
ctrochalakis
on 2016-01-27
-
Import patches-unapplied version 1.6.2-5+deb8u1 to debian/jessie
Imported using git-ubuntu import.
Changelog parent: 7a8a9a90a6413fc5fd37dba447c5ec792cfcbfa6
New changelog entries:
[ Christos Trochalakis ]
* Fixes multiple resolver CVEs,
CVE-2016-0742, CVE-2016-0746, CVE-2016-0747
Closes: #812806
-
7a8a9a9...
by
ctrochalakis
on 2014-11-30
-
Import patches-unapplied version 1.6.2-5 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 76a9d567e1d72024c4f009df8cf5ff8c8f2d5481
New changelog entries:
[ Christos Trochalakis ]
* debian/conf/nginx.conf:
+ Drop SSLv3 protocol (POODLE), and prefer server ciphers
by default. (Closes: #767456)
* debian/copyright:
+ Add copyright for ngx_http_substitutions_filter_module.
* debian/nginx-common.{preinst,postinst,postrm}:
+ Remove /etc/nginx/naxsi-ui.conf conffile. (Closes: #768233)
* debian/README.Debian:
+ Add a list of important changes since wheezy.
-
76a9d56...
by
ctrochalakis
on 2014-10-19
-
Import patches-unapplied version 1.6.2-4 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 4f4fcce289cd2c689d65830b5f9ad55bb1ce61af
New changelog entries:
[ Christos Trochalakis ]
* debian/modules/nginx-development-kit:
+ Upgrade v0.2.17-7-g24202b4 -> v0.2.19
* debian/modules/nginx-echo:
+ Upgrade v0.51 -> v0.56
* debian/modules/nginx-upload-progress:
+ Upgrade v0.9.0-0-ga788dea -> 0.9.1
* debian/modules/ngx-fancy-index:
+ Upgrade v0.3.3 -> v0.3.4
* debian/copyright:
+ Rewrite copyright file fixing various issues.
* debian/nginx-common.nginx.logrotate:
+ Switch postrotate to the initscript's rotate command.
-
4f4fcce...
by
ctrochalakis
on 2014-10-16
-
Import patches-unapplied version 1.6.2-3 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 687e59f75e2fd84e9afc509fffd34b6ea368691e
New changelog entries:
[ Christos Trochalakis ]
* Change the default document root to /var/www/html according to debian
policy 3.9.6.0. (Closes: #730382)
* Provide a new, debian specific, default landing page.
* debian/nginx-common.nginx.service:
+ Graceful stopping of nginx was not handled correctly with systemd.
* debian/nginx-common.nginx.init:
+ Gracefully stop nginx by default, we are switcing to a configurable
STOP/5/TERM/5/KILL/5 schedule. We are now in sync with the systemd
service file. (Closes: #762708)
* debian/conf:
+ Introduce a `snippets/fastcgi-php.conf` snippet with a basic
php configuration that can be included when needed. (Closes: #762491)
+ Introduce a `snippets/snakeoil.conf` snippet that enabled https
using the certs installed by the ssl-cert package.
+ Suggest disabling SSLv3 in default site with a ref to POODLE.
* debian/control:
+ nginx-common now suggests ssl-cert.
-
687e59f...
by
ctrochalakis
on 2014-09-26
-
Import patches-unapplied version 1.6.2-2 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 0776d8459e3548befeed669516eed1ea86bc2fe1
New changelog entries:
[ Christos Trochalakis ]
* Drop nginx-naxsi, nginx-naxsi-dbg, nginx-naxsi-ui packages.
(Closes: #746199, #737146, #712445)
* debian/conf/nginx.conf:
+ Remove relic passenger stanga.
-
0776d84...
by
ctrochalakis
on 2014-09-17
-
Import patches-unapplied version 1.6.2-1 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 7c40413381d849edbd4a07bdd9a2b8559229b529
New changelog entries:
[ Christos Trochalakis ]
* New upstream release.
CVE-2014-3616: "it was possible to reuse SSL sessions in unrelated
contexts if a shared SSL session cache or the same TLS session ticket
key was used for multiple "server" blocks".
(Closes: #761940)
-
7c40413...
by
ctrochalakis
on 2014-09-04
-
Import patches-unapplied version 1.6.1-2 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 67f51992698e5685754477bd697086b882f75f71
New changelog entries:
[ Christos Trochalakis ]
* debian/control:
+ Build nginx-extras against luajit (Closes: #755875)
* debian/modules/nginx-lua:
+ Update nginx-lua to v0.9.12
* debian/nginx-common.nginx.init:
+ Better pidfile extraction from nginx.conf (Closes: #747329)
* debian/conf/mime.types:
+ Upgrade to the latest upstream mime types.
As a consequence, nginx now uses "application/javascript" for
javascript files.
* debian/conf/nginx.conf:
+ Add application/javascript to the gzip_types list. (Closes: #737176)
* debian/rules:
+ Make naxsi module first in configure parameters.
Fixes erratic naxsi behaviour. (Closes: #758642)
* debian/conf/{koi-utf,koi-win,scgi_params,uwsgi_params}:
+ Sync with upstream config files.
* debian/conf/fastcgi_params:
+ Sync with upstream and remove `SCRIPT_FILENAME` parameter.
This change might break fastcgi sites. (Closes: #718639)
+ debian/conf/fastcgi.conf:
+ Ship upstream file.
* debian/nginx-common.NEWS:
+ Document syncing conf files with upstream.
* debian/tests/control:
+ Include some simple autopkgtests.
Thanks to Robie Basak for the initial patch. (Closes: #756391)
* debian/modules/nginx-http-push:
+ Update to v0.73.
Fixes fd leak on reload. (Closes: #745921)