Merge nginx from Debian unstable for kinetic

Bug #1971297 reported by Bryce Harrington
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nginx (Ubuntu)
New
Undecided
Bryce Harrington

Bug Description

Upstream: tbd
Debian: 1.18.0-9
Ubuntu: 1.18.0-6ubuntu14.1

As part of the merge, please also consider these bugs:
  LP: #1948699 - + Confirmed [nginx] 24.11.21 Low - Please enable luajit for arm64
  LP: #1581864 - Confirmed [nginx] 16.12.21 Low - nginx.service: Failed to read PID from file /run/nginx.pid:…

### New Debian Changes ###

nginx (1.18.0-9) unstable; urgency=medium

  [ Jan Mojžíš ]
  * http-lua: Downgrade to 0.10.13 (Closes: #1008787).
  * http-lua: Backport upstream bugfix for segfault in nginx core >= 1.15.0
    when libnginx-mod-http-lua is loaded and init_worker_by_lua* is used.
  * d/control: Add mips64el,ppc64,kfreebsd-amd64 to list of luajit platforms.
  * d/control: fix Homepage nginx.net -> nginx.org (Closes: #976158)

  [ Thomas Ward ]
  * d/watch: Update watch syntax to match all even versions of NGINX releases
    rather than use a watch syntax that is static to one specific version.
    This will fix the untracked 'New upstream stable versions' problem.
  * d/control: Update 'uploaders' as Thomas Ward is now a maintainer in
    the Salsa repository.

 -- Jan Mojžíš <email address hidden> Tue, 05 Apr 2022 19:11:47 +0200

nginx (1.18.0-8) unstable; urgency=medium

  * Restore patch:
    d/p/Resolver-fixed-off-by-one-write-in-ngx_resolver_copy.patch

 -- Ondřej Nový <email address hidden> Tue, 15 Mar 2022 13:23:06 +0100

nginx (1.18.0-7) unstable; urgency=medium

  [ Ondřej Nový ]
  * d/p/CVE-2019-20372.patch: Drop, applied upstream.
  * http-auth-pam: Upgrade to 1.5.3.
  * http-echo: Upgrade to 0.62.
  * nchan: Upgrade to 1.2.15.
  * http-fancyindex: Upgrade to 0.5.2.
  * rtmp: Upgrade to 1.2.2.
  * http-lua: Upgrade to 0.10.15 (Closes: #994178).
  * http-lua: Rebase patch.
  * nchan: Drop GCC 10 patch, applied upstream.
  * d/watch: Bump version to 4.
  * Bump standards version to 4.6.1 (no changes).
  * d/copyright: Bump my copyright year.

  [ Ondřej Surý ]
  * Add arm64 and ppc64el to list of luajit platforms.

  [ Athos Ribeiro ]
  * d/nginx-common.nginx.service: Fix service shutdown description to mention
    SIGQUIT instead of SIGSTOP (LP: #1919965).

 -- Ondřej Nový <email address hidden> Tue, 15 Mar 2022 11:50:18 +0100

nginx (1.18.0-6.1) unstable; urgency=high

  * Non-maintainer upload.
  * Resolver: fixed off-by-one write in ngx_resolver_copy() (CVE-2021-23017)
    (Closes: #989095)

 -- Salvatore Bonaccorso <email address hidden> Sat, 29 May 2021 16:21:37 +0200

nginx (1.18.0-6) unstable; urgency=medium

  * Fix GCC-10 compatibility (Closes: #957605).

 -- Ondřej Nový <email address hidden> Wed, 19 Aug 2020 15:27:02 +0200

nginx (1.18.0-5) unstable; urgency=medium

  * Prevented request smuggling in LUA
    CVE-2020-11724
    Closes: #964950

 -- Ondřej Nový <email address hidden> Tue, 14 Jul 2020 10:08:15 +0200

nginx (1.18.0-4) unstable; urgency=medium

  * Revert: libnginx-mod-* now depends on nginx-<any flavour> (Closes: #963860).
  * Update ngx_http_auth_pam_module upstream URL.
  * libnginx-mod-* recommends nginx now.
  * http-auth-pam: Upgrade to 1.5.2 (Closes: #963567).
  * d/copyright: Bump year of http-auth-pam.

 -- Ondřej Nový <email address hidden> Fri, 03 Jul 2020 09:34:49 +0200

nginx (1.18.0-3) unstable; urgency=medium

  * Source-only upload to allow migration.

 -- Ondřej Nový <email address hidden> Thu, 11 Jun 2020 15:14:59 +0200

nginx (1.18.0-2) unstable; urgency=medium

  [ Ondřej Nový ]
  * d/copyright:
    - Update for upstream release
    - Add Thomas Ward from Ubuntu for debian/*
  * d/conf/sites-available/default: Update PHP path for PHP 7.4
  * d/conf/nginx.conf:
    - Enable TLSv1.3
    - Remove tcp_nodelay on, which is same as default
    - Remove keepalive_timeout 65 and use default value 75s.
    - Remove trailing whitespaces

### Old Ubuntu Delta ###

nginx (1.18.0-6ubuntu14) jammy; urgency=medium

  * No-change rebuild to update maintainer scripts, see LP: 1959054

 -- Dave Jones <email address hidden> Wed, 16 Feb 2022 17:10:20 +0000

nginx (1.18.0-6ubuntu13) jammy; urgency=medium

  * No-change rebuild for the perl update.

 -- Matthias Klose <email address hidden> Sun, 06 Feb 2022 13:48:12 +0100

nginx (1.18.0-6ubuntu12) jammy; urgency=medium

  * No-change rebuild against openssl3

 -- Simon Chopin <email address hidden> Wed, 24 Nov 2021 13:59:50 +0000

nginx (1.18.0-6ubuntu11) impish; urgency=medium

  * No-change rebuild to build packages with zstd compression.

 -- Matthias Klose <email address hidden> Thu, 07 Oct 2021 12:21:36 +0200

nginx (1.18.0-6ubuntu10) impish; urgency=medium

  * SECURITY UPDATE: DNS Resolver issues
    - debian/patches/CVE-2021-23017-1.patch: fixed off-by-one write in
      src/core/ngx_resolver.c.
    - debian/patches/CVE-2021-23017-2.patch: fixed off-by-one read in
      src/core/ngx_resolver.c.
    - debian/patches/CVE-2021-23017.patch: removed, replaced with upstream
      commits.
    - CVE-2021-23017

 -- Marc Deslauriers <email address hidden> Wed, 26 May 2021 06:59:42 -0400

nginx (1.18.0-6ubuntu9) impish; urgency=medium

  * SECURITY UPDATE: DNS Resolver Off-by-One Heap Write
    - debian/patches/CVE-2021-23017.patch: fix logic in
      src/core/ngx_resolver.c.
    - CVE-2021-23017

 -- Marc Deslauriers <email address hidden> Tue, 25 May 2021 13:06:54 -0400

nginx (1.18.0-6ubuntu8) hirsute; urgency=medium

  * d/modules/control: Remove Lua module from definitions
  * d/tests/:
    - control: Remove Lua test, remove dependencies on any test which
      request libnginx-mod-http-lua as it's gone.
    - lua: Remove the lua test entirely.

 -- Thomas Ward <email address hidden> Wed, 10 Mar 2021 10:50:43 -0500

nginx (1.18.0-6ubuntu7) hirsute; urgency=medium

  * d/control:
    - Fix dependencies issue for libnginx-mod-http-geoip2 - missing a
      character in the depends.

 -- Thomas Ward <email address hidden> Tue, 09 Mar 2021 19:03:55 -0500

nginx (1.18.0-6ubuntu6) hirsute; urgency=medium

  * d/control:
    - Update dependencies for nginx-light, etc. to include
      libnginx-mod-http-geoip2 as it's in the 'common build flags' for
      all flavors of the builds.
    - Update nginx-core package description to list third party HTTP
      modules. GeoIP2 is not included for Stream by default, so we
      have to adjust this because the Stream part isn't MIR'd.

 -- Thomas Ward <email address hidden> Tue, 09 Mar 2021 12:41:36 -0500

nginx (1.18.0-6ubuntu5) hirsute; urgency=medium

  * d/control: (GeoIP2 related changes)
    - Update dependencies for http-geoip2 package.
    - Update nginx-core to include http-geoip2 module due to approved bin-MIR
      (LP: #1867198)
    - Update description to nginx-core to indicate geoip2 is included.
  * d/control: move geoip2 module build flags to the common flags so all
    package flavors have it.
  * d/modules/http-geoip2: Update to upstream version 3.3.
  * Remove the Lua modules from NGINX (Server Team Decision) - future support
    for Lua module now requires resty-core from OpenResty, meaning that if
    we want to continue to support the Lua module, we have to start becoming
    OpenResty - users should just use OpenResty at this point for Lua.
    Changes made for this removal:
     - d/control:
       - Remove lua module from dependencies, and binary build item.
       - Add 'Breaks' line for nginx-lua for older versions of NGINX.
         This is added to the nginx metapackage and nginx-extras.
     - d/copyright: Remove lua module.
     - d/modules/{,patches/,watch/}nginx-lua: Remove Lua module, watch file,
       module patches.
     - d/rules: Remove Lua module from the build flags for -extras.

 -- Thomas Ward <email address hidden> Mon, 08 Mar 2021 09:59:56 -0500

nginx (1.18.0-6ubuntu4) hirsute; urgency=medium

  * No-change rebuild for the perl update.

 -- Matthias Klose <email address hidden> Mon, 09 Nov 2020 12:46:47 +0100

nginx (1.18.0-6ubuntu3) hirsute; urgency=medium

  * No-change rebuild for the perl update.

 -- Matthias Klose <email address hidden> Mon, 09 Nov 2020 10:51:27 +0100

nginx (1.18.0-6ubuntu2) groovy; urgency=medium

  * d/control: make nginx and nginx-full arch any, so that nginx-full
    is no longer pulled into main because of i386 (LP: #1893267)

 -- Andreas Hasenack <email address hidden> Thu, 27 Aug 2020 16:59:57 -0300

nginx (1.18.0-6ubuntu1) groovy; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/p/ubuntu-branding.patch: add Ubuntu branding
    - d/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - d/nginx-common.install: Add install rule for apport hooks.
    - d/p/nginx-fix-pidfile.patch: Fix NGINX PIDfile handling to avoid
      SystemD race condition - thanks to Tj for the patch. (LP #1581864)
    - d/control: drop GeoIP from nginx-core due to demotion of libgeoip
      (LP #1861101, LP #1867150):
      + remove libnginx-mod-http-geoip from nginx-core dependency
      + have nginx-core depend on libnginx-mod-stream-geoip2
        instead of libnginx-mod-stream-geoip
      + adjust package descriptions accordingly

 -- Andreas Hasenack <email address hidden> Tue, 25 Aug 2020 11:11:41 -0300

Bryce Harrington (bryce)
Changed in nginx (Ubuntu):
milestone: none → later
Revision history for this message
Bryce Harrington (bryce) wrote :

teward is focusing on maintenance on the Debian side for now and asked Ubuntu Server team to drive the merge with Ubuntu. He advises, "Pay attention to d/conf/mine.types it got updated by me recently to adapt to some changes from NGINX 1.20.2 since d/conf/* overrules the mime.types shipped by the source package."

Revision history for this message
Thomas Ward (teward) wrote :

Note that your Debian source target will be NGINX 1.20.2-1 once it lands, this was uploaded to ftp-master by myself today after I was given access to upload by Ondrej Novy.

Bryce Harrington (bryce)
Changed in nginx (Ubuntu):
assignee: nobody → Bryce Harrington (bryce)
Bryce Harrington (bryce)
Changed in nginx (Ubuntu):
milestone: later → ubuntu-22.06
Bryce Harrington (bryce)
description: updated
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers