diff --git a/debian/changelog b/debian/changelog index 60fce34..5a07c41 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,71 @@ +nginx (1.2.1-2.2+wheezy4+deb7u1) wheezy-security; urgency=high + + * CVE-2017-7529: Fix an vulnerability in the range filter. A specially + crafted request could have resulted in an integer overflow and incorrect + processing of ranges, potentially resulting in sensitive information + leak. (Closes: #868109) + + -- Chris Lamb Thu, 13 Jul 2017 09:06:49 +0100 + +nginx (1.2.1-2.2+wheezy4) wheezy-security; urgency=high + + [ Christos Trochalakis ] + * Fixes multiple resolver CVEs, + CVE-2016-0742, CVE-2016-0746, CVE-2016-0747 + Closes: #812806 + + -- Christos Trochalakis Thu, 28 Jan 2016 13:42:29 +0200 + +nginx (1.2.1-2.2+wheezy3) wheezy-security; urgency=high + + * debian/patches/fix-CVE-2014-3616.patch: + CVE-2014-3616: It was possible to reuse cached SSL sessions in + unrelated contexts, allowing virtual host confusion attacks in some + configurations by an attacker in a privileged network position. + (Closes: #761940) + + -- Christos Trochalakis Thu, 18 Sep 2014 15:25:04 +0300 + +nginx (1.2.1-2.2+wheezy2) stable-security; urgency=high + + * debian/patches/fix-CVE-2013-4547.patch: + + Proper backtracking after space in a request line. + See: CVE:2013-4547 for more details. + + -- Christos Trochalakis Wed, 20 Nov 2013 00:36:19 +0200 + +nginx (1.2.1-2.2+wheezy1) stable-security; urgency=high + + * debian/patches/fix-CVE-2013-2070.patch: + + Fixed the buffer overflow issue found on may 13th 2013. + See: CVE-2013-2070 for more details. + + -- Cyril Lavier Wed, 05 Jun 2013 10:41:45 +0200 + +nginx (1.2.1-2.2) unstable; urgency=low + + * Non-maintainer upload. + * Fix "removes files that were installed by another package": + don't remove directories that are owned by (and removed from) nginx-common + from nginx-extras.postrm. This seems to have been the idea in commit e30a854 + ("Moved configuration purging to nginx-common.") except that it was added + in nginx-common.postrm without being removed in nginx-extras.postrm. + Remove nginx-extras.postrm since it's empty after this change. + (Closes: #681758) + + -- gregor herrmann Sat, 04 Aug 2012 18:13:10 +0200 + +nginx (1.2.1-2.1) unstable; urgency=low + + * Non-maintainer upload to deal with the goal of 100% translated + debconf templates for 7 languages in wheezy. + * Drop nasty ^M characters from the templates file. They break + debconf-updatepo and therefore translations. Closes: #681381 + * As a consequence, fix translations as some of them had been + "updated" in the meantime wrt broken templates + + -- Christian Perrier Thu, 12 Jul 2012 21:23:57 +0200 + nginx (1.2.1-2) unstable; urgency=medium [Cyril Lavier] diff --git a/debian/control b/debian/control index ad0df28..de4809b 100644 --- a/debian/control +++ b/debian/control @@ -6,7 +6,8 @@ Uploaders: Jose Parrella , Fabio Tranchitella , Michael Lustfield , Dmitry E. Oboukhov , - Cyril Lavier + Cyril Lavier , + Christos Trochalakis Build-Depends: autotools-dev, debhelper (>= 7), dpkg-dev (>= 1.15.7), diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..af46c8f --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,3 @@ +[DEFAULT] +pristine-tar = True + diff --git a/debian/nginx-extras.postrm b/debian/nginx-extras.postrm deleted file mode 100644 index ce81bd5..0000000 --- a/debian/nginx-extras.postrm +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh - -set -e - -case "$1" in - purge) - rm -rf /var/lib/nginx /var/log/nginx /etc/nginx - ;; - - remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) - ;; - - *) - echo "postrm called with unknown argument \`$1'" >&2 - exit 1 -esac - -#DEBHELPER# - -exit 0 diff --git a/debian/nginx-naxsi-ui.templates b/debian/nginx-naxsi-ui.templates index 7b5cc4f..f8d21c3 100644 --- a/debian/nginx-naxsi-ui.templates +++ b/debian/nginx-naxsi-ui.templates @@ -1,15 +1,15 @@ -# These templates have been reviewed by the debian-l10n-english -# team -# -# If modifications/additions/rewording are needed, please ask -# debian-l10n-english@lists.debian.org for advice. -# -# Even minor modifications require translation updates and such -# changes should be coordinated with translators and reviewers. -# -Template: nginx-naxsi-ui/dbhost -Type: string -Default: localhost -_Description: Database host for naxsi: - Please specify the hostname of the server that will host the database - for the naxsi web application firewall. +# These templates have been reviewed by the debian-l10n-english +# team +# +# If modifications/additions/rewording are needed, please ask +# debian-l10n-english@lists.debian.org for advice. +# +# Even minor modifications require translation updates and such +# changes should be coordinated with translators and reviewers. +# +Template: nginx-naxsi-ui/dbhost +Type: string +Default: localhost +_Description: Database host for naxsi: + Please specify the hostname of the server that will host the database + for the naxsi web application firewall. diff --git a/debian/patches/0005-Resolver-fixed-possible-segmentation-fault-on-DNS-fo.patch b/debian/patches/0005-Resolver-fixed-possible-segmentation-fault-on-DNS-fo.patch new file mode 100644 index 0000000..895ad4f --- /dev/null +++ b/debian/patches/0005-Resolver-fixed-possible-segmentation-fault-on-DNS-fo.patch @@ -0,0 +1,21 @@ +From: Roman Arutyunyan +Date: Tue, 26 Jan 2016 16:46:18 +0300 +Subject: Resolver: fixed possible segmentation fault on DNS format error. + +--- + src/core/ngx_resolver.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c +index edc43dc..7dfc3ec 100644 +--- a/src/core/ngx_resolver.c ++++ b/src/core/ngx_resolver.c +@@ -1053,7 +1053,7 @@ ngx_resolver_process_response(ngx_resolver_t *r, u_char *buf, size_t n) + times = 0; + + for (q = ngx_queue_head(&r->name_resend_queue); +- q != ngx_queue_sentinel(&r->name_resend_queue) || times++ < 100; ++ q != ngx_queue_sentinel(&r->name_resend_queue) && times++ < 100; + q = ngx_queue_next(q)) + { + rn = ngx_queue_data(q, ngx_resolver_node_t, queue); diff --git a/debian/patches/0006-Resolver-fixed-crashes-in-timeout-handler.patch b/debian/patches/0006-Resolver-fixed-crashes-in-timeout-handler.patch new file mode 100644 index 0000000..dfa8a72 --- /dev/null +++ b/debian/patches/0006-Resolver-fixed-crashes-in-timeout-handler.patch @@ -0,0 +1,66 @@ +From: Ruslan Ermilov +Date: Tue, 26 Jan 2016 16:46:31 +0300 +Subject: Resolver: fixed crashes in timeout handler. + +If one or more requests were waiting for a response, then after +getting a CNAME response, the timeout event on the first request +remained active, pointing to the wrong node with an empty +rn->waiting list, and that could cause either null pointer +dereference or use-after-free memory access if this timeout +expired. + +If several requests were waiting for a response, and the first +request terminated (e.g., due to client closing a connection), +other requests were left without a timeout and could potentially +wait indefinitely. + +This is fixed by introducing per-request independent timeouts. +This change also reverts 954867a2f0a6 and 5004210e8c78. +--- + src/core/ngx_resolver.c | 26 ++++++++++++++++++++++++++ + 1 file changed, 26 insertions(+) + +diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c +index 7dfc3ec..8d40043 100644 +--- a/src/core/ngx_resolver.c ++++ b/src/core/ngx_resolver.c +@@ -502,6 +502,20 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx) + + if (rn->waiting) { + ++ if (ctx->event == NULL) { ++ ctx->event = ngx_resolver_calloc(r, sizeof(ngx_event_t)); ++ if (ctx->event == NULL) { ++ return NGX_ERROR; ++ } ++ ++ ctx->event->handler = ngx_resolver_timeout_handler; ++ ctx->event->data = ctx; ++ ctx->event->log = r->log; ++ ctx->ident = -1; ++ ++ ngx_add_timer(ctx->event, ctx->timeout); ++ } ++ + ctx->next = rn->waiting; + rn->waiting = ctx; + ctx->state = NGX_AGAIN; +@@ -666,6 +680,18 @@ ngx_resolve_addr(ngx_resolver_ctx_t *ctx) + + if (rn->waiting) { + ++ ctx->event = ngx_resolver_calloc(r, sizeof(ngx_event_t)); ++ if (ctx->event == NULL) { ++ return NGX_ERROR; ++ } ++ ++ ctx->event->handler = ngx_resolver_timeout_handler; ++ ctx->event->data = ctx; ++ ctx->event->log = r->log; ++ ctx->ident = -1; ++ ++ ngx_add_timer(ctx->event, ctx->timeout); ++ + ctx->next = rn->waiting; + rn->waiting = ctx; + ctx->state = NGX_AGAIN; diff --git a/debian/patches/0007-Resolver-fixed-CNAME-processing-for-several-requests.patch b/debian/patches/0007-Resolver-fixed-CNAME-processing-for-several-requests.patch new file mode 100644 index 0000000..2787630 --- /dev/null +++ b/debian/patches/0007-Resolver-fixed-CNAME-processing-for-several-requests.patch @@ -0,0 +1,78 @@ +From: Ruslan Ermilov +Date: Tue, 26 Jan 2016 16:46:38 +0300 +Subject: Resolver: fixed CNAME processing for several requests. + +When several requests were waiting for a response, then after getting +a CNAME response only the last request was properly processed, while +others were left waiting. +--- + src/core/ngx_resolver.c | 21 +++++++++++++++------ + 1 file changed, 15 insertions(+), 6 deletions(-) + +diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c +index 8d40043..15d42b7 100644 +--- a/src/core/ngx_resolver.c ++++ b/src/core/ngx_resolver.c +@@ -411,7 +411,7 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx) + in_addr_t addr, *addrs; + ngx_int_t rc; + ngx_uint_t naddrs; +- ngx_resolver_ctx_t *next; ++ ngx_resolver_ctx_t *next, *last; + ngx_resolver_node_t *rn; + + hash = ngx_crc32_short(ctx->name.data, ctx->name.len); +@@ -420,6 +420,9 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx) + + if (rn) { + ++ /* ctx can be a list after NGX_RESOLVE_CNAME */ ++ for (last = ctx; last->next; last = last->next); ++ + if (rn->valid >= ngx_time()) { + + ngx_log_debug0(NGX_LOG_DEBUG_CORE, r->log, 0, "resolve cached"); +@@ -449,7 +452,7 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx) + addrs = NULL; + } + +- ctx->next = rn->waiting; ++ last->next = rn->waiting; + rn->waiting = NULL; + + /* unlock name mutex */ +@@ -483,7 +486,7 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx) + return ngx_resolve_name_locked(r, ctx); + } + +- ctx->next = rn->waiting; ++ last->next = rn->waiting; + rn->waiting = NULL; + + /* unlock name mutex */ +@@ -516,7 +519,7 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx) + ngx_add_timer(ctx->event, ctx->timeout); + } + +- ctx->next = rn->waiting; ++ last->next = rn->waiting; + rn->waiting = ctx; + ctx->state = NGX_AGAIN; + +@@ -575,8 +578,14 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx) + ngx_resolver_free(r, rn->name); + ngx_resolver_free(r, rn); + +- ctx->state = NGX_RESOLVE_NXDOMAIN; +- ctx->handler(ctx); ++ do { ++ ctx->state = NGX_RESOLVE_NXDOMAIN; ++ next = ctx->next; ++ ++ ctx->handler(ctx); ++ ++ ctx = next; ++ } while (ctx); + + return NGX_OK; + } diff --git a/debian/patches/0008-Resolver-changed-the-ngx_resolver_create_-_query-arg.patch b/debian/patches/0008-Resolver-changed-the-ngx_resolver_create_-_query-arg.patch new file mode 100644 index 0000000..c6e330c --- /dev/null +++ b/debian/patches/0008-Resolver-changed-the-ngx_resolver_create_-_query-arg.patch @@ -0,0 +1,134 @@ +From: Roman Arutyunyan +Date: Tue, 26 Jan 2016 16:46:48 +0300 +Subject: Resolver: changed the ngx_resolver_create_*_query() arguments. + +No functional changes. + +This is needed by the following change. +--- + src/core/ngx_resolver.c | 36 +++++++++++++++++++----------------- + 1 file changed, 19 insertions(+), 17 deletions(-) + +diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c +index 15d42b7..6c83324 100644 +--- a/src/core/ngx_resolver.c ++++ b/src/core/ngx_resolver.c +@@ -59,10 +59,10 @@ static void ngx_resolver_expire(ngx_resolver_t *r, ngx_rbtree_t *tree, + ngx_queue_t *queue); + static ngx_int_t ngx_resolver_send_query(ngx_resolver_t *r, + ngx_resolver_node_t *rn); +-static ngx_int_t ngx_resolver_create_name_query(ngx_resolver_node_t *rn, +- ngx_resolver_ctx_t *ctx); +-static ngx_int_t ngx_resolver_create_addr_query(ngx_resolver_node_t *rn, +- ngx_resolver_ctx_t *ctx); ++static ngx_int_t ngx_resolver_create_name_query(ngx_resolver_t *r, ++ ngx_resolver_node_t *rn, ngx_str_t *name); ++static ngx_int_t ngx_resolver_create_addr_query(ngx_resolver_t *r, ++ ngx_resolver_node_t *rn, in_addr_t addr); + static void ngx_resolver_resend_handler(ngx_event_t *ev); + static time_t ngx_resolver_resend(ngx_resolver_t *r, ngx_rbtree_t *tree, + ngx_queue_t *queue); +@@ -565,7 +565,7 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx) + ngx_rbtree_insert(&r->name_rbtree, &rn->node); + } + +- rc = ngx_resolver_create_name_query(rn, ctx); ++ rc = ngx_resolver_create_name_query(r, rn, &ctx->name); + + if (rc == NGX_ERROR) { + goto failed; +@@ -727,7 +727,7 @@ ngx_resolve_addr(ngx_resolver_ctx_t *ctx) + ngx_rbtree_insert(&r->addr_rbtree, &rn->node); + } + +- if (ngx_resolver_create_addr_query(rn, ctx) != NGX_OK) { ++ if (ngx_resolver_create_addr_query(r, rn, ctx->addr) != NGX_OK) { + goto failed; + } + +@@ -1822,7 +1822,8 @@ ngx_resolver_rbtree_insert_value(ngx_rbtree_node_t *temp, + + + static ngx_int_t +-ngx_resolver_create_name_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx) ++ngx_resolver_create_name_query(ngx_resolver_t *r, ngx_resolver_node_t *rn, ++ ngx_str_t *name) + { + u_char *p, *s; + size_t len, nlen; +@@ -1830,11 +1831,11 @@ ngx_resolver_create_name_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx) + ngx_resolver_qs_t *qs; + ngx_resolver_query_t *query; + +- nlen = ctx->name.len ? (1 + ctx->name.len + 1) : 1; ++ nlen = name->len ? (1 + name->len + 1) : 1; + + len = sizeof(ngx_resolver_query_t) + nlen + sizeof(ngx_resolver_qs_t); + +- p = ngx_resolver_alloc(ctx->resolver, len); ++ p = ngx_resolver_alloc(r, len); + if (p == NULL) { + return NGX_ERROR; + } +@@ -1846,8 +1847,8 @@ ngx_resolver_create_name_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx) + + ident = ngx_random(); + +- ngx_log_debug2(NGX_LOG_DEBUG_CORE, ctx->resolver->log, 0, +- "resolve: \"%V\" %i", &ctx->name, ident & 0xffff); ++ ngx_log_debug2(NGX_LOG_DEBUG_CORE, r->log, 0, ++ "resolve: \"%V\" %i", name, ident & 0xffff); + + query->ident_hi = (u_char) ((ident >> 8) & 0xff); + query->ident_lo = (u_char) (ident & 0xff); +@@ -1866,7 +1867,7 @@ ngx_resolver_create_name_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx) + qs = (ngx_resolver_qs_t *) p; + + /* query type */ +- qs->type_hi = 0; qs->type_lo = (u_char) ctx->type; ++ qs->type_hi = 0; qs->type_lo = NGX_RESOLVE_A; + + /* IP query class */ + qs->class_hi = 0; qs->class_lo = 1; +@@ -1877,11 +1878,11 @@ ngx_resolver_create_name_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx) + p--; + *p-- = '\0'; + +- if (ctx->name.len == 0) { ++ if (name->len == 0) { + return NGX_DECLINED; + } + +- for (s = ctx->name.data + ctx->name.len - 1; s >= ctx->name.data; s--) { ++ for (s = name->data + name->len - 1; s >= name->data; s--) { + if (*s != '.') { + *p = *s; + len++; +@@ -1911,7 +1912,8 @@ ngx_resolver_create_name_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx) + /* AF_INET only */ + + static ngx_int_t +-ngx_resolver_create_addr_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx) ++ngx_resolver_create_addr_query(ngx_resolver_t *r, ngx_resolver_node_t *rn, ++ in_addr_t addr) + { + u_char *p, *d; + size_t len; +@@ -1923,7 +1925,7 @@ ngx_resolver_create_addr_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx) + + sizeof(".255.255.255.255.in-addr.arpa.") - 1 + + sizeof(ngx_resolver_qs_t); + +- p = ngx_resolver_alloc(ctx->resolver, len); ++ p = ngx_resolver_alloc(r, len); + if (p == NULL) { + return NGX_ERROR; + } +@@ -1948,7 +1950,7 @@ ngx_resolver_create_addr_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx) + p += sizeof(ngx_resolver_query_t); + + for (n = 0; n < 32; n += 8) { +- d = ngx_sprintf(&p[1], "%ud", (ctx->addr >> n) & 0xff); ++ d = ngx_sprintf(&p[1], "%ud", (addr >> n) & 0xff); + *p = (u_char) (d - &p[1]); + p = d; + } diff --git a/debian/patches/0009-Resolver-fixed-use-after-free-memory-accesses-with-C.patch b/debian/patches/0009-Resolver-fixed-use-after-free-memory-accesses-with-C.patch new file mode 100644 index 0000000..eef58f1 --- /dev/null +++ b/debian/patches/0009-Resolver-fixed-use-after-free-memory-accesses-with-C.patch @@ -0,0 +1,220 @@ +From: Roman Arutyunyan +Date: Tue, 26 Jan 2016 16:46:59 +0300 +Subject: Resolver: fixed use-after-free memory accesses with CNAME. + +When several requests were waiting for a response, then after getting +a CNAME response only the last request's context had the name updated. +Contexts of other requests had the wrong name. This name was used by +ngx_resolve_name_done() to find the node to remove the request context +from. When the name was wrong, the request could not be properly +cancelled, its context was freed but stayed linked to the node's waiting +list. This happened e.g. when the first request was aborted or timed +out before the resolving completed. When it completed, this triggered +a use-after-free memory access by calling ctx->handler of already freed +request context. The bug manifests itself by +"could not cancel resolving" alerts in error_log. + +When a request was responded with a CNAME, the request context kept +the pointer to the original node's rn->u.cname. If the original node +expired before the resolving timed out or completed with an error, +this would trigger a use-after-free memory access via ctx->name in +ctx->handler(). + +The fix is to keep ctx->name unmodified. The name from context +is no longer used by ngx_resolve_name_done(). Instead, we now keep +the pointer to resolver node to which this request is linked. +Keeping the original name intact also improves logging. +--- + src/core/ngx_resolver.c | 52 +++++++++++++++++++++++++++++++------------------ + src/core/ngx_resolver.h | 2 ++ + 2 files changed, 35 insertions(+), 19 deletions(-) + +diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c +index 6c83324..fde8887 100644 +--- a/src/core/ngx_resolver.c ++++ b/src/core/ngx_resolver.c +@@ -54,7 +54,7 @@ ngx_int_t ngx_udp_connect(ngx_udp_connection_t *uc); + static void ngx_resolver_cleanup(void *data); + static void ngx_resolver_cleanup_tree(ngx_resolver_t *r, ngx_rbtree_t *tree); + static ngx_int_t ngx_resolve_name_locked(ngx_resolver_t *r, +- ngx_resolver_ctx_t *ctx); ++ ngx_resolver_ctx_t *ctx, ngx_str_t *name); + static void ngx_resolver_expire(ngx_resolver_t *r, ngx_rbtree_t *tree, + ngx_queue_t *queue); + static ngx_int_t ngx_resolver_send_query(ngx_resolver_t *r, +@@ -311,7 +311,7 @@ ngx_resolve_name(ngx_resolver_ctx_t *ctx) + + /* lock name mutex */ + +- rc = ngx_resolve_name_locked(r, ctx); ++ rc = ngx_resolve_name_locked(r, ctx, &ctx->name); + + if (rc == NGX_OK) { + return NGX_OK; +@@ -338,7 +338,6 @@ ngx_resolve_name(ngx_resolver_ctx_t *ctx) + void + ngx_resolve_name_done(ngx_resolver_ctx_t *ctx) + { +- uint32_t hash; + ngx_resolver_t *r; + ngx_resolver_ctx_t *w, **p; + ngx_resolver_node_t *rn; +@@ -360,9 +359,7 @@ ngx_resolve_name_done(ngx_resolver_ctx_t *ctx) + + if (ctx->state == NGX_AGAIN || ctx->state == NGX_RESOLVE_TIMEDOUT) { + +- hash = ngx_crc32_short(ctx->name.data, ctx->name.len); +- +- rn = ngx_resolver_lookup_name(r, &ctx->name, hash); ++ rn = ctx->node; + + if (rn) { + p = &rn->waiting; +@@ -405,18 +402,20 @@ done: + /* NGX_RESOLVE_A only */ + + static ngx_int_t +-ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx) ++ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx, ++ ngx_str_t *name) + { + uint32_t hash; + in_addr_t addr, *addrs; + ngx_int_t rc; ++ ngx_str_t cname; + ngx_uint_t naddrs; + ngx_resolver_ctx_t *next, *last; + ngx_resolver_node_t *rn; + +- hash = ngx_crc32_short(ctx->name.data, ctx->name.len); ++ hash = ngx_crc32_short(name->data, name->len); + +- rn = ngx_resolver_lookup_name(r, &ctx->name, hash); ++ rn = ngx_resolver_lookup_name(r, name, hash); + + if (rn) { + +@@ -480,10 +479,10 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx) + + if (ctx->recursion++ < NGX_RESOLVER_MAX_RECURSION) { + +- ctx->name.len = rn->cnlen; +- ctx->name.data = rn->u.cname; ++ cname.len = rn->cnlen; ++ cname.data = rn->u.cname; + +- return ngx_resolve_name_locked(r, ctx); ++ return ngx_resolve_name_locked(r, ctx, &cname); + } + + last->next = rn->waiting; +@@ -523,6 +522,11 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx) + rn->waiting = ctx; + ctx->state = NGX_AGAIN; + ++ do { ++ ctx->node = rn; ++ ctx = ctx->next; ++ } while (ctx); ++ + return NGX_AGAIN; + } + +@@ -552,20 +556,20 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx) + return NGX_ERROR; + } + +- rn->name = ngx_resolver_dup(r, ctx->name.data, ctx->name.len); ++ rn->name = ngx_resolver_dup(r, name->data, name->len); + if (rn->name == NULL) { + ngx_resolver_free(r, rn); + return NGX_ERROR; + } + + rn->node.key = hash; +- rn->nlen = (u_short) ctx->name.len; ++ rn->nlen = (u_short) name->len; + rn->query = NULL; + + ngx_rbtree_insert(&r->name_rbtree, &rn->node); + } + +- rc = ngx_resolver_create_name_query(r, rn, &ctx->name); ++ rc = ngx_resolver_create_name_query(r, rn, name); + + if (rc == NGX_ERROR) { + goto failed; +@@ -623,6 +627,11 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx) + + ctx->state = NGX_AGAIN; + ++ do { ++ ctx->node = rn; ++ ctx = ctx->next; ++ } while (ctx); ++ + return NGX_AGAIN; + + failed: +@@ -704,6 +713,7 @@ ngx_resolve_addr(ngx_resolver_ctx_t *ctx) + ctx->next = rn->waiting; + rn->waiting = ctx; + ctx->state = NGX_AGAIN; ++ ctx->node = rn; + + /* unlock addr mutex */ + +@@ -765,6 +775,7 @@ ngx_resolve_addr(ngx_resolver_ctx_t *ctx) + /* unlock addr mutex */ + + ctx->state = NGX_AGAIN; ++ ctx->node = rn; + + return NGX_OK; + +@@ -795,7 +806,7 @@ failed: + void + ngx_resolve_addr_done(ngx_resolver_ctx_t *ctx) + { +- in_addr_t addr; ++ in_addr_t addr; + ngx_resolver_t *r; + ngx_resolver_ctx_t *w, **p; + ngx_resolver_node_t *rn; +@@ -813,7 +824,7 @@ ngx_resolve_addr_done(ngx_resolver_ctx_t *ctx) + + if (ctx->state == NGX_AGAIN || ctx->state == NGX_RESOLVE_TIMEDOUT) { + +- rn = ngx_resolver_lookup_addr(r, ctx->addr); ++ rn = ctx->node; + + if (rn) { + p = &rn->waiting; +@@ -1476,9 +1487,12 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last, + rn->waiting = NULL; + + if (ctx) { +- ctx->name = name; + +- (void) ngx_resolve_name_locked(r, ctx); ++ for (next = ctx; next; next = next->next) { ++ next->node = NULL; ++ } ++ ++ (void) ngx_resolve_name_locked(r, ctx, &name); + } + + ngx_resolver_free(r, rn->query); +diff --git a/src/core/ngx_resolver.h b/src/core/ngx_resolver.h +index ae34ca5..2b1ced6 100644 +--- a/src/core/ngx_resolver.h ++++ b/src/core/ngx_resolver.h +@@ -131,6 +131,8 @@ struct ngx_resolver_ctx_s { + ngx_uint_t quick; /* unsigned quick:1; */ + ngx_uint_t recursion; + ngx_event_t *event; ++ ++ ngx_resolver_node_t *node; + }; + + diff --git a/debian/patches/0010-Resolver-limited-CNAME-recursion.patch b/debian/patches/0010-Resolver-limited-CNAME-recursion.patch new file mode 100644 index 0000000..de34d17 --- /dev/null +++ b/debian/patches/0010-Resolver-limited-CNAME-recursion.patch @@ -0,0 +1,54 @@ +From: Ruslan Ermilov +Date: Tue, 26 Jan 2016 16:47:14 +0300 +Subject: Resolver: limited CNAME recursion. + +Previously, the recursion was only limited for cached responses. +--- + src/core/ngx_resolver.c | 22 +++++++++++++++++++--- + 1 file changed, 19 insertions(+), 3 deletions(-) + +diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c +index fde8887..f20ac17 100644 +--- a/src/core/ngx_resolver.c ++++ b/src/core/ngx_resolver.c +@@ -1483,11 +1483,30 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last, + + ngx_queue_insert_head(&r->name_expire_queue, &rn->queue); + ++ ngx_resolver_free(r, rn->query); ++ rn->query = NULL; ++ + ctx = rn->waiting; + rn->waiting = NULL; + + if (ctx) { + ++ if (ctx->recursion++ >= NGX_RESOLVER_MAX_RECURSION) { ++ ++ /* unlock name mutex */ ++ ++ do { ++ ctx->state = NGX_RESOLVE_NXDOMAIN; ++ next = ctx->next; ++ ++ ctx->handler(ctx); ++ ++ ctx = next; ++ } while (ctx); ++ ++ return; ++ } ++ + for (next = ctx; next; next = next->next) { + next->node = NULL; + } +@@ -1495,9 +1514,6 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last, + (void) ngx_resolve_name_locked(r, ctx, &name); + } + +- ngx_resolver_free(r, rn->query); +- rn->query = NULL; +- + return; + } + diff --git a/debian/patches/fix-CVE-2013-2070.patch b/debian/patches/fix-CVE-2013-2070.patch new file mode 100644 index 0000000..5c3fb1e --- /dev/null +++ b/debian/patches/fix-CVE-2013-2070.patch @@ -0,0 +1,16 @@ +Description: fix nginx proxy_pass buffer overflow +(CVE-2013-2070) +Forwarded: http://www.openwall.com/lists/oss-security/2013/05/13/3 +--- a/src/http/modules/ngx_http_proxy_module.c ++++ b/src/http/modules/ngx_http_proxy_module.c +@@ -1864,6 +1864,10 @@ + + } + ++ if (ctx->size < 0 || ctx->length < 0) { ++ goto invalid; ++ } ++ + return rc; + + done: diff --git a/debian/patches/fix-CVE-2013-4547.patch b/debian/patches/fix-CVE-2013-4547.patch new file mode 100644 index 0000000..5521b92 --- /dev/null +++ b/debian/patches/fix-CVE-2013-4547.patch @@ -0,0 +1,30 @@ +From: Christos Trochalakis +Date: Wed, 20 Nov 2013 00:26:42 +0200 +Subject: Fix CVE-2013-4547 + +backport of changeset 5446:988c22615014 from the nginx repo. +http://hg.nginx.org/nginx/rev/988c22615014 +--- + src/http/ngx_http_parse.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c +index be750ed..bda0b0d 100644 +--- a/src/http/ngx_http_parse.c ++++ b/src/http/ngx_http_parse.c +@@ -614,6 +614,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) + default: + r->space_in_uri = 1; + state = sw_check_uri; ++ p--; + break; + } + break; +@@ -667,6 +668,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) + default: + r->space_in_uri = 1; + state = sw_uri; ++ p--; + break; + } + break; diff --git a/debian/patches/fix-CVE-2014-3616.patch b/debian/patches/fix-CVE-2014-3616.patch new file mode 100644 index 0000000..6395395 --- /dev/null +++ b/debian/patches/fix-CVE-2014-3616.patch @@ -0,0 +1,23 @@ +Subject: fix CVE-2014-3616, Reuse cached SSL sessions in unrelated contexts +Origin: http://mailman.nginx.org/pipermail/nginx-devel/2014-September/005948.html +--- a/src/event/ngx_event_openssl.c ++++ b/src/event/ngx_event_openssl.c +@@ -1498,14 +1498,16 @@ ngx_int_t + ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx, + ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout) + { +- long cache_mode; ++ long cache_mode; ++ u_char buf[16]; + + if (builtin_session_cache == NGX_SSL_NO_SCACHE) { + SSL_CTX_set_session_cache_mode(ssl->ctx, SSL_SESS_CACHE_OFF); + return NGX_OK; + } + +- SSL_CTX_set_session_id_context(ssl->ctx, sess_ctx->data, sess_ctx->len); ++ RAND_pseudo_bytes(buf, 16); ++ SSL_CTX_set_session_id_context(ssl->ctx, buf, 16); + + if (builtin_session_cache == NGX_SSL_NONE_SCACHE) { + diff --git a/debian/patches/fix-CVE-2017-7529.patch b/debian/patches/fix-CVE-2017-7529.patch new file mode 100644 index 0000000..b2dee21 --- /dev/null +++ b/debian/patches/fix-CVE-2017-7529.patch @@ -0,0 +1,13 @@ +--- nginx-1.2.1.orig/src/http/modules/ngx_http_range_filter_module.c ++++ nginx-1.2.1/src/http/modules/ngx_http_range_filter_module.c +@@ -322,6 +322,10 @@ ngx_http_range_parse(ngx_http_request_t + range->start = start; + range->end = end; + ++ if (size > NGX_MAX_OFF_T_VALUE - (end - start)) { ++ return NGX_HTTP_RANGE_NOT_SATISFIABLE; ++ } ++ + size += end - start; + + if (ranges-- == 0) { diff --git a/debian/patches/series b/debian/patches/series index 73f535e..afbfec6 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1 +1,11 @@ perl-use-dpkg-buildflags.patch +fix-CVE-2013-2070.patch +fix-CVE-2013-4547.patch +fix-CVE-2014-3616.patch +0005-Resolver-fixed-possible-segmentation-fault-on-DNS-fo.patch +0006-Resolver-fixed-crashes-in-timeout-handler.patch +0007-Resolver-fixed-CNAME-processing-for-several-requests.patch +0008-Resolver-changed-the-ngx_resolver_create_-_query-arg.patch +0009-Resolver-fixed-use-after-free-memory-accesses-with-C.patch +0010-Resolver-limited-CNAME-recursion.patch +fix-CVE-2017-7529.patch diff --git a/debian/po/cs.po b/debian/po/cs.po index dd7f4f6..9b2b65d 100644 --- a/debian/po/cs.po +++ b/debian/po/cs.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: nginx 1.2.0-2\n" "Report-Msgid-Bugs-To: nginx@packages.debian.org\n" -"POT-Creation-Date: 2012-06-11 08:18+0200\n" +"POT-Creation-Date: 2012-07-12 12:34-0600\n" "PO-Revision-Date: 2012-06-23 11:31+0200\n" "Last-Translator: Michal Simunek \n" "Language-Team: Czech \n" @@ -18,13 +18,13 @@ msgstr "" #. Type: string #. Description -#: ../nginx-naxsi-ui.templates:2001 +#: ../nginx-naxsi-ui.templates:1001 msgid "Database host for naxsi:" msgstr "Hostitel databáze pro naxsi:" #. Type: string #. Description -#: ../nginx-naxsi-ui.templates:2001 +#: ../nginx-naxsi-ui.templates:1001 msgid "" "Please specify the hostname of the server that will host the database for " "the naxsi web application firewall." diff --git a/debian/po/da.po b/debian/po/da.po index 939ea43..fde5b9c 100644 --- a/debian/po/da.po +++ b/debian/po/da.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: nginx\n" "Report-Msgid-Bugs-To: nginx@packages.debian.org\n" -"POT-Creation-Date: 2012-06-17 20:16+0530\n" +"POT-Creation-Date: 2012-07-12 12:34-0600\n" "PO-Revision-Date: 2012-06-16 17:30+01:00\n" "Last-Translator: Joe Hansen \n" "Language-Team: Danish \n" @@ -19,17 +19,15 @@ msgstr "" #. Type: string #. Description #: ../nginx-naxsi-ui.templates:1001 -#| msgid "" -#| "Please specify the hostname of the server that will host the database for " -#| "the naxsi web application firewall." -msgid "Please specify the hostname of the server that will host the database" -msgstr "" -"Angiv venligst værtsnavnet for serveren som skal betjene brandmurens " -"database for naxsi-internetprogrammet." +msgid "Database host for naxsi:" +msgstr "Databasevært for naxsi:" #. Type: string #. Description #: ../nginx-naxsi-ui.templates:1001 -#| msgid "Database host for naxsi:" -msgid "Database host for naxsi:);" -msgstr "Databasevært for naxsi:" +msgid "" +"Please specify the hostname of the server that will host the database for " +"the naxsi web application firewall." +msgstr "" +"Angiv venligst værtsnavnet for serveren som skal betjene brandmurens " +"database for naxsi-internetprogrammet." diff --git a/debian/po/de.po b/debian/po/de.po index 240e6ef..8658355 100644 --- a/debian/po/de.po +++ b/debian/po/de.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: nginx 1.2.0-2\n" "Report-Msgid-Bugs-To: nginx@packages.debian.org\n" -"POT-Creation-Date: 2012-06-17 20:16+0530\n" +"POT-Creation-Date: 2012-07-12 12:34-0600\n" "PO-Revision-Date: 2012-06-13 23:11+0200\n" "Last-Translator: Chris Leick \n" "Language-Team: German \n" @@ -20,17 +20,15 @@ msgstr "" #. Type: string #. Description #: ../nginx-naxsi-ui.templates:1001 -#| msgid "" -#| "Please specify the hostname of the server that will host the database for " -#| "the naxsi web application firewall." -msgid "Please specify the hostname of the server that will host the database" -msgstr "" -"Bitte geben Sie den Rechnernamen des Servers an, der die Datenbank der Web-" -"Anwendungs-Firewall Naxsi beherbergen soll." +msgid "Database host for naxsi:" +msgstr "Datenbankrechner für Naxsi:" #. Type: string #. Description #: ../nginx-naxsi-ui.templates:1001 -#| msgid "Database host for naxsi:" -msgid "Database host for naxsi:);" -msgstr "Datenbankrechner für Naxsi:" +msgid "" +"Please specify the hostname of the server that will host the database for " +"the naxsi web application firewall." +msgstr "" +"Bitte geben Sie den Rechnernamen des Servers an, der die Datenbank der Web-" +"Anwendungs-Firewall Naxsi beherbergen soll." diff --git a/debian/po/es.po b/debian/po/es.po index d197359..55ba741 100644 --- a/debian/po/es.po +++ b/debian/po/es.po @@ -32,7 +32,7 @@ msgid "" msgstr "" "Project-Id-Version: nginx\n" "Report-Msgid-Bugs-To: nginx@packages.debian.org\n" -"POT-Creation-Date: 2012-06-11 08:18+0200\n" +"POT-Creation-Date: 2012-07-12 12:34-0600\n" "PO-Revision-Date: 2012-06-25 00:17-0500\n" "Last-Translator: Fernando C. Estrada \n" "Language-Team: Debian L10N Spanish \n" @@ -45,16 +45,13 @@ msgstr "" #. Type: string #. Description -#: ../nginx-naxsi-ui.templates:2001 +#: ../nginx-naxsi-ui.templates:1001 msgid "Database host for naxsi:" msgstr "Servidor de base de datos para naxsi:" #. Type: string #. Description -#: ../nginx-naxsi-ui.templates:2001 -#| msgid "" -#| "Please specify the hostname of the server where the naxsi Web Application " -#| "Firewall's database should be located." +#: ../nginx-naxsi-ui.templates:1001 msgid "" "Please specify the hostname of the server that will host the database for " "the naxsi web application firewall." diff --git a/debian/po/fr.po b/debian/po/fr.po index ee01f8b..de42aea 100644 --- a/debian/po/fr.po +++ b/debian/po/fr.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: nginx 1.2.0-2\n" "Report-Msgid-Bugs-To: nginx@packages.debian.org\n" -"POT-Creation-Date: 2012-06-11 08:18+0200\n" +"POT-Creation-Date: 2012-07-12 12:34-0600\n" "PO-Revision-Date: 2012-06-11 08:55+0100\n" "Last-Translator: Cyril Lavier \n" "Language-Team: French \n" @@ -18,16 +18,16 @@ msgstr "" #. Type: string #. Description -#: ../nginx-naxsi-ui.templates:2001 +#: ../nginx-naxsi-ui.templates:1001 msgid "Database host for naxsi:" msgstr "Serveur hébergeant la base de données pour naxsi :" #. Type: string #. Description -#: ../nginx-naxsi-ui.templates:2001 -#| msgid "" -#| "Please specify the hostname of the server where the naxsi Web Application " -#| "Firewall's database should be located." -msgid "Please specify the hostname of the server that will host the database for the naxsi web application firewall." -msgstr "Merci de fournir l'adresse du serveur de base de données pour l'application de pare-feu web naxsi." - +#: ../nginx-naxsi-ui.templates:1001 +msgid "" +"Please specify the hostname of the server that will host the database for " +"the naxsi web application firewall." +msgstr "" +"Merci de fournir l'adresse du serveur de base de données pour l'application " +"de pare-feu web naxsi." diff --git a/debian/po/gl.po b/debian/po/gl.po index bcce56c..1e6e899 100644 --- a/debian/po/gl.po +++ b/debian/po/gl.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: nginx\n" "Report-Msgid-Bugs-To: nginx@packages.debian.org\n" -"POT-Creation-Date: 2012-06-11 08:18+0200\n" +"POT-Creation-Date: 2012-07-12 12:34-0600\n" "PO-Revision-Date: 2012-06-25 01:23+0200\n" "Last-Translator: Jorge Barreiro \n" "Language-Team: Galician \n" @@ -20,17 +20,16 @@ msgstr "" #. Type: string #. Description -#: ../nginx-naxsi-ui.templates:2001 +#: ../nginx-naxsi-ui.templates:1001 msgid "Database host for naxsi:" msgstr "Servidor de base de datos para «naxsi»:" #. Type: string #. Description -#: ../nginx-naxsi-ui.templates:2001 +#: ../nginx-naxsi-ui.templates:1001 msgid "" "Please specify the hostname of the server that will host the database for " "the naxsi web application firewall." msgstr "" "Indique o nome do servidor que aloxará a base de datos para a devasa do " "aplicativo web «naxsi»," - diff --git a/debian/po/it.po b/debian/po/it.po index fd2a37c..1b7574d 100644 --- a/debian/po/it.po +++ b/debian/po/it.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: nginx 1.2.0-1\n" "Report-Msgid-Bugs-To: nginx@packages.debian.org\n" -"POT-Creation-Date: 2012-05-09 09:26+0200\n" +"POT-Creation-Date: 2012-07-12 12:34-0600\n" "PO-Revision-Date: 2012-06-26 23:27+0200\n" "Last-Translator: Dario Santamaria \n" "Language-Team: Italian \n" @@ -26,8 +26,8 @@ msgstr "Host del database per naxsi:" #. Description #: ../nginx-naxsi-ui.templates:1001 msgid "" -"Please specify the hostname of the server where the naxsi Web Application " -"Firewall's database should be located." +"Please specify the hostname of the server that will host the database for " +"the naxsi web application firewall." msgstr "" -"Specificare il nome host del server dove deve essere collocato il database del Firewall " -"dell'Applicazione Web naxsi." +"Specificare il nome host del server dove deve essere collocato il database " +"del Firewall dell'Applicazione Web naxsi." diff --git a/debian/po/nl.po b/debian/po/nl.po index 73c03d6..936975f 100644 --- a/debian/po/nl.po +++ b/debian/po/nl.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: ngnix 1.2.0-2\n" "Report-Msgid-Bugs-To: nginx@packages.debian.org\n" -"POT-Creation-Date: 2012-06-17 20:16+0530\n" +"POT-Creation-Date: 2012-07-12 12:34-0600\n" "PO-Revision-Date: 2012-06-13 12:51+0200\n" "Last-Translator: Jeroen Schot \n" "Language-Team: Debian l10n Dutch \n" @@ -19,17 +19,15 @@ msgstr "" #. Type: string #. Description #: ../nginx-naxsi-ui.templates:1001 -#| msgid "" -#| "Please specify the hostname of the server that will host the database for " -#| "the naxsi web application firewall." -msgid "Please specify the hostname of the server that will host the database" -msgstr "" -"Wat is de computernaam van de server die de database van de naxsi " -"webapplicatie-firewall zal aanbieden?" +msgid "Database host for naxsi:" +msgstr "Database-server voor naxsi:" #. Type: string #. Description #: ../nginx-naxsi-ui.templates:1001 -#| msgid "Database host for naxsi:" -msgid "Database host for naxsi:);" -msgstr "Database-server voor naxsi:" +msgid "" +"Please specify the hostname of the server that will host the database for " +"the naxsi web application firewall." +msgstr "" +"Wat is de computernaam van de server die de database van de naxsi " +"webapplicatie-firewall zal aanbieden?" diff --git a/debian/po/pl.po b/debian/po/pl.po index e5a772c..0509ecc 100644 --- a/debian/po/pl.po +++ b/debian/po/pl.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: nginx\n" "Report-Msgid-Bugs-To: nginx@packages.debian.org\n" -"POT-Creation-Date: 2012-06-11 08:18+0200\n" +"POT-Creation-Date: 2012-07-12 12:34-0600\n" "PO-Revision-Date: 2012-06-14 19:46+0200\n" "Last-Translator: Michał Kułach \n" "Language-Team: Polish \n" @@ -21,17 +21,16 @@ msgstr "" #. Type: string #. Description -#: ../nginx-naxsi-ui.templates:2001 +#: ../nginx-naxsi-ui.templates:1001 msgid "Database host for naxsi:" msgstr "Komputer z bazą danych do naxsi:" #. Type: string #. Description -#: ../nginx-naxsi-ui.templates:2001 +#: ../nginx-naxsi-ui.templates:1001 msgid "" "Please specify the hostname of the server that will host the database for " "the naxsi web application firewall." msgstr "" "Proszę podać nazwę serwera, który będzie przechowywał bazę danych do zapory " "sieciowej aplikacji WWW naxci." - diff --git a/debian/po/pt.po b/debian/po/pt.po index e28f62d..5388b01 100644 --- a/debian/po/pt.po +++ b/debian/po/pt.po @@ -2,32 +2,32 @@ # Copyright (C) 2012 Cyril Lavier # This file is distributed under the same license as the nginx-naxsi-ui package. # Pedro Ribeiro , 2012. -# -msgid "" -msgstr "" -"Project-Id-Version: nginx\n" -"Report-Msgid-Bugs-To: nginx@packages.debian.org\n" -"POT-Creation-Date: 2012-06-11 08:18+0200\n" -"PO-Revision-Date: 2012-06-26 19:14+0100\n" -"Last-Translator: Pedro Ribeiro \n" -"Language-Team: Portuguese \n" -"Language: Portuguese\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" - -#. Type: string -#. Description -#: ../nginx-naxsi-ui.templates:2001 -msgid "Database host for naxsi:" -msgstr "Servidor de base de dados para o naxsi:" - -#. Type: string -#. Description -#: ../nginx-naxsi-ui.templates:2001 -msgid "" -"Please specify the hostname of the server that will host the database for " -"the naxsi web application firewall." -msgstr "" -"Indique, por favor, o nome da máquina do servidor que irá alojar a base " -"de dados para a firewall da aplicação web naxsi." +# +msgid "" +msgstr "" +"Project-Id-Version: nginx\n" +"Report-Msgid-Bugs-To: nginx@packages.debian.org\n" +"POT-Creation-Date: 2012-07-12 12:34-0600\n" +"PO-Revision-Date: 2012-06-26 19:14+0100\n" +"Last-Translator: Pedro Ribeiro \n" +"Language-Team: Portuguese \n" +"Language: Portuguese\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../nginx-naxsi-ui.templates:1001 +msgid "Database host for naxsi:" +msgstr "Servidor de base de dados para o naxsi:" + +#. Type: string +#. Description +#: ../nginx-naxsi-ui.templates:1001 +msgid "" +"Please specify the hostname of the server that will host the database for " +"the naxsi web application firewall." +msgstr "" +"Indique, por favor, o nome da máquina do servidor que irá alojar a base de " +"dados para a firewall da aplicação web naxsi." diff --git a/debian/po/ru.po b/debian/po/ru.po index eabccfc..aed506d 100644 --- a/debian/po/ru.po +++ b/debian/po/ru.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: nginx 1.2.0-2\n" "Report-Msgid-Bugs-To: nginx@packages.debian.org\n" -"POT-Creation-Date: 2012-06-17 20:16+0530\n" +"POT-Creation-Date: 2012-07-12 12:34-0600\n" "PO-Revision-Date: 2012-06-12 09:32+0400\n" "Last-Translator: Yuri Kozlov \n" "Language-Team: Russian \n" @@ -23,17 +23,15 @@ msgstr "" #. Type: string #. Description #: ../nginx-naxsi-ui.templates:1001 -#| msgid "" -#| "Please specify the hostname of the server that will host the database for " -#| "the naxsi web application firewall." -msgid "Please specify the hostname of the server that will host the database" -msgstr "" -"Укажите имя узла сервера, на котором будет размещена база данных веб-" -"приложения межсетевого экрана naxsi." +msgid "Database host for naxsi:" +msgstr "Узел для базы данных naxsi:" #. Type: string #. Description #: ../nginx-naxsi-ui.templates:1001 -#| msgid "Database host for naxsi:" -msgid "Database host for naxsi:);" -msgstr "Узел для базы данных naxsi:" +msgid "" +"Please specify the hostname of the server that will host the database for " +"the naxsi web application firewall." +msgstr "" +"Укажите имя узла сервера, на котором будет размещена база данных веб-" +"приложения межсетевого экрана naxsi." diff --git a/debian/po/sk.po b/debian/po/sk.po index d1a1050..1e48bbc 100644 --- a/debian/po/sk.po +++ b/debian/po/sk.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: nginx\n" "Report-Msgid-Bugs-To: nginx@packages.debian.org\n" -"POT-Creation-Date: 2012-06-17 20:16+0530\n" +"POT-Creation-Date: 2012-07-12 12:34-0600\n" "PO-Revision-Date: 2012-06-12 23:15+0100\n" "Last-Translator: Ivan Masár \n" "Language-Team: Slovak \n" @@ -19,17 +19,15 @@ msgstr "" #. Type: string #. Description #: ../nginx-naxsi-ui.templates:1001 -#| msgid "" -#| "Please specify the hostname of the server that will host the database for " -#| "the naxsi web application firewall." -msgid "Please specify the hostname of the server that will host the database" -msgstr "" -"Prosím, zadajte názov servera, ktorý bude hostiteľom databázy webového " -"aplikačného firewallu naxsi." +msgid "Database host for naxsi:" +msgstr "Hostiteľ databázy naxsi:" #. Type: string #. Description #: ../nginx-naxsi-ui.templates:1001 -#| msgid "Database host for naxsi:" -msgid "Database host for naxsi:);" -msgstr "Hostiteľ databázy naxsi:" +msgid "" +"Please specify the hostname of the server that will host the database for " +"the naxsi web application firewall." +msgstr "" +"Prosím, zadajte názov servera, ktorý bude hostiteľom databázy webového " +"aplikačného firewallu naxsi." diff --git a/debian/po/sv.po b/debian/po/sv.po index b426bb3..fe600de 100644 --- a/debian/po/sv.po +++ b/debian/po/sv.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: nginx\n" "Report-Msgid-Bugs-To: nginx@packages.debian.org\n" -"POT-Creation-Date: 2012-06-17 20:16+0530\n" +"POT-Creation-Date: 2012-07-12 12:34-0600\n" "PO-Revision-Date: 2012-06-11 11:08+0100\n" "Last-Translator: Martin Bagge / brother \n" "Language-Team: Swedish \n" @@ -21,17 +21,15 @@ msgstr "" #. Type: string #. Description #: ../nginx-naxsi-ui.templates:1001 -#| msgid "" -#| "Please specify the hostname of the server that will host the database for " -#| "the naxsi web application firewall." -msgid "Please specify the hostname of the server that will host the database" -msgstr "" -"Ange värdnamnet för servern som kommer att tillhandahålla databasen för " -"naxsi web application firewall." +msgid "Database host for naxsi:" +msgstr "Databasvärd för naxsi:" #. Type: string #. Description #: ../nginx-naxsi-ui.templates:1001 -#| msgid "Database host for naxsi:" -msgid "Database host for naxsi:);" -msgstr "Databasvärd för naxsi:" +msgid "" +"Please specify the hostname of the server that will host the database for " +"the naxsi web application firewall." +msgstr "" +"Ange värdnamnet för servern som kommer att tillhandahålla databasen för " +"naxsi web application firewall." diff --git a/debian/po/templates.pot b/debian/po/templates.pot index 2290926..a57ab00 100644 --- a/debian/po/templates.pot +++ b/debian/po/templates.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: nginx\n" "Report-Msgid-Bugs-To: nginx@packages.debian.org\n" -"POT-Creation-Date: 2012-06-17 20:16+0530\n" +"POT-Creation-Date: 2012-07-12 12:34-0600\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -20,11 +20,13 @@ msgstr "" #. Type: string #. Description #: ../nginx-naxsi-ui.templates:1001 -msgid "Please specify the hostname of the server that will host the database" +msgid "Database host for naxsi:" msgstr "" #. Type: string #. Description #: ../nginx-naxsi-ui.templates:1001 -msgid "Database host for naxsi:);" +msgid "" +"Please specify the hostname of the server that will host the database for " +"the naxsi web application firewall." msgstr ""