Import Debian changes 1.2.1-2.2+wheezy4+deb7u1

nginx (1.2.1-2.2+wheezy4+deb7u1) wheezy-security; urgency=high

  * CVE-2017-7529: Fix an vulnerability in the range filter. A specially
    crafted request could have resulted in an integer overflow and incorrect
    processing of ranges, potentially resulting in sensitive information
    leak. (Closes: #868109)

debian/changelog

@@ -1,3 +1,71 @@
+nginx (1.2.1-2.2+wheezy4+deb7u1) wheezy-security; urgency=high
+
+  * CVE-2017-7529: Fix an vulnerability in the range filter. A specially
+    crafted request could have resulted in an integer overflow and incorrect
+    processing of ranges, potentially resulting in sensitive information
+    leak. (Closes: #868109)
+
+ -- Chris Lamb <lamby@debian.org>  Thu, 13 Jul 2017 09:06:49 +0100
+
+nginx (1.2.1-2.2+wheezy4) wheezy-security; urgency=high
+
+  [ Christos Trochalakis ]
+  * Fixes multiple resolver CVEs,
+    CVE-2016-0742, CVE-2016-0746, CVE-2016-0747
+    Closes: #812806
+
+ -- Christos Trochalakis <yatiohi@ideopolis.gr>  Thu, 28 Jan 2016 13:42:29 +0200
+
+nginx (1.2.1-2.2+wheezy3) wheezy-security; urgency=high
+
+  * debian/patches/fix-CVE-2014-3616.patch:
+    CVE-2014-3616: It was possible to reuse cached SSL sessions in
+    unrelated contexts, allowing virtual host confusion attacks in some
+    configurations by an attacker in a privileged network position.
+    (Closes: #761940)
+
+ -- Christos Trochalakis <yatiohi@ideopolis.gr>  Thu, 18 Sep 2014 15:25:04 +0300
+
+nginx (1.2.1-2.2+wheezy2) stable-security; urgency=high
+
+  * debian/patches/fix-CVE-2013-4547.patch:
+    + Proper backtracking after space in a request line.
+      See: CVE:2013-4547 for more details.
+
+ -- Christos Trochalakis <yatiohi@ideopolis.gr>  Wed, 20 Nov 2013 00:36:19 +0200
+
+nginx (1.2.1-2.2+wheezy1) stable-security; urgency=high
+
+  * debian/patches/fix-CVE-2013-2070.patch:
+    + Fixed the buffer overflow issue found on may 13th 2013.
+      See: CVE-2013-2070 for more details.
+
+ -- Cyril Lavier <cyril.lavier@davromaniak.eu>  Wed, 05 Jun 2013 10:41:45 +0200
+
+nginx (1.2.1-2.2) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Fix "removes files that were installed by another package":
+    don't remove directories that are owned by (and removed from) nginx-common
+    from nginx-extras.postrm. This seems to have been the idea in commit e30a854
+    ("Moved configuration purging to nginx-common.") except that it was added
+    in nginx-common.postrm without being removed in nginx-extras.postrm.
+    Remove nginx-extras.postrm since it's empty after this change.
+    (Closes: #681758)
+
+ -- gregor herrmann <gregoa@debian.org>  Sat, 04 Aug 2012 18:13:10 +0200
+
+nginx (1.2.1-2.1) unstable; urgency=low
+
+  * Non-maintainer upload to deal with the goal of 100% translated
+    debconf templates for 7 languages in wheezy.
+  * Drop nasty ^M characters from the templates file. They break
+    debconf-updatepo and therefore translations. Closes: #681381
+  * As a consequence, fix translations as some of them had been
+    "updated" in the meantime wrt broken templates
+
+ -- Christian Perrier <bubulle@debian.org>  Thu, 12 Jul 2012 21:23:57 +0200
+
 nginx (1.2.1-2) unstable; urgency=medium
 
   [Cyril Lavier]

debian/control

@@ -6,7 +6,8 @@ Uploaders: Jose Parrella <bureado@debian.org>,
            Fabio Tranchitella <kobold@debian.org>,
            Michael Lustfield <michael@lustfield.net>,
            Dmitry E. Oboukhov <unera@debian.org>,
-           Cyril Lavier <cyril.lavier@davromaniak.eu>
+           Cyril Lavier <cyril.lavier@davromaniak.eu>,
+           Christos Trochalakis <yatiohi@ideopolis.gr>
 Build-Depends: autotools-dev,
                debhelper (>= 7),
                dpkg-dev (>= 1.15.7),

debian/gbp.conf

@@ -0,0 +1,3 @@
+[DEFAULT]
+pristine-tar = True
+

debian/nginx-extras.postrm

@@ -1,20 +0,0 @@
-#!/bin/sh
-
-set -e
-
-case "$1" in
-  purge)
-    rm -rf /var/lib/nginx /var/log/nginx /etc/nginx
-    ;;
-
-  remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
-    ;;
-
-  *)
-    echo "postrm called with unknown argument \`$1'" >&2
-    exit 1
-esac
-
-#DEBHELPER#
-
-exit 0

debian/nginx-naxsi-ui.templates

@@ -1,15 +1,15 @@
-# These templates have been reviewed by the debian-l10n-english
-# team
-#
-# If modifications/additions/rewording are needed, please ask
-# debian-l10n-english@lists.debian.org for advice.
-#
-# Even minor modifications require translation updates and such
-# changes should be coordinated with translators and reviewers.
-#
-Template: nginx-naxsi-ui/dbhost
-Type: string
-Default: localhost
-_Description: Database host for naxsi:
- Please specify the hostname of the server that will host the database
- for the naxsi web application firewall.
+# These templates have been reviewed by the debian-l10n-english
+# team
+#
+# If modifications/additions/rewording are needed, please ask
+# debian-l10n-english@lists.debian.org for advice.
+#
+# Even minor modifications require translation updates and such
+# changes should be coordinated with translators and reviewers.
+#
+Template: nginx-naxsi-ui/dbhost
+Type: string
+Default: localhost
+_Description: Database host for naxsi:
+ Please specify the hostname of the server that will host the database
+ for the naxsi web application firewall.

debian/patches/0005-Resolver-fixed-possible-segmentation-fault-on-DNS-fo.patch

@@ -0,0 +1,21 @@
+From: Roman Arutyunyan <arut@nginx.com>
+Date: Tue, 26 Jan 2016 16:46:18 +0300
+Subject: Resolver: fixed possible segmentation fault on DNS format error.
+
+---
+ src/core/ngx_resolver.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
+index edc43dc..7dfc3ec 100644
+--- a/src/core/ngx_resolver.c
++++ b/src/core/ngx_resolver.c
+@@ -1053,7 +1053,7 @@ ngx_resolver_process_response(ngx_resolver_t *r, u_char *buf, size_t n)
+         times = 0;
+ 
+         for (q = ngx_queue_head(&r->name_resend_queue);
+-             q != ngx_queue_sentinel(&r->name_resend_queue) || times++ < 100;
++             q != ngx_queue_sentinel(&r->name_resend_queue) && times++ < 100;
+              q = ngx_queue_next(q))
+         {
+             rn = ngx_queue_data(q, ngx_resolver_node_t, queue);

debian/patches/0006-Resolver-fixed-crashes-in-timeout-handler.patch

@@ -0,0 +1,66 @@
+From: Ruslan Ermilov <ru@nginx.com>
+Date: Tue, 26 Jan 2016 16:46:31 +0300
+Subject: Resolver: fixed crashes in timeout handler.
+
+If one or more requests were waiting for a response, then after
+getting a CNAME response, the timeout event on the first request
+remained active, pointing to the wrong node with an empty
+rn->waiting list, and that could cause either null pointer
+dereference or use-after-free memory access if this timeout
+expired.
+
+If several requests were waiting for a response, and the first
+request terminated (e.g., due to client closing a connection),
+other requests were left without a timeout and could potentially
+wait indefinitely.
+
+This is fixed by introducing per-request independent timeouts.
+This change also reverts 954867a2f0a6 and 5004210e8c78.
+---
+ src/core/ngx_resolver.c | 26 ++++++++++++++++++++++++++
+ 1 file changed, 26 insertions(+)
+
+diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
+index 7dfc3ec..8d40043 100644
+--- a/src/core/ngx_resolver.c
++++ b/src/core/ngx_resolver.c
+@@ -502,6 +502,20 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx)
+ 
+         if (rn->waiting) {
+ 
++            if (ctx->event == NULL) {
++                ctx->event = ngx_resolver_calloc(r, sizeof(ngx_event_t));
++                if (ctx->event == NULL) {
++                    return NGX_ERROR;
++                }
++
++                ctx->event->handler = ngx_resolver_timeout_handler;
++                ctx->event->data = ctx;
++                ctx->event->log = r->log;
++                ctx->ident = -1;
++
++                ngx_add_timer(ctx->event, ctx->timeout);
++            }
++
+             ctx->next = rn->waiting;
+             rn->waiting = ctx;
+             ctx->state = NGX_AGAIN;
+@@ -666,6 +680,18 @@ ngx_resolve_addr(ngx_resolver_ctx_t *ctx)
+ 
+         if (rn->waiting) {
+ 
++            ctx->event = ngx_resolver_calloc(r, sizeof(ngx_event_t));
++            if (ctx->event == NULL) {
++                return NGX_ERROR;
++            }
++
++            ctx->event->handler = ngx_resolver_timeout_handler;
++            ctx->event->data = ctx;
++            ctx->event->log = r->log;
++            ctx->ident = -1;
++
++            ngx_add_timer(ctx->event, ctx->timeout);
++
+             ctx->next = rn->waiting;
+             rn->waiting = ctx;
+             ctx->state = NGX_AGAIN;

debian/patches/0007-Resolver-fixed-CNAME-processing-for-several-requests.patch

@@ -0,0 +1,78 @@
+From: Ruslan Ermilov <ru@nginx.com>
+Date: Tue, 26 Jan 2016 16:46:38 +0300
+Subject: Resolver: fixed CNAME processing for several requests.
+
+When several requests were waiting for a response, then after getting
+a CNAME response only the last request was properly processed, while
+others were left waiting.
+---
+ src/core/ngx_resolver.c | 21 +++++++++++++++------
+ 1 file changed, 15 insertions(+), 6 deletions(-)
+
+diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
+index 8d40043..15d42b7 100644
+--- a/src/core/ngx_resolver.c
++++ b/src/core/ngx_resolver.c
+@@ -411,7 +411,7 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx)
+     in_addr_t             addr, *addrs;
+     ngx_int_t             rc;
+     ngx_uint_t            naddrs;
+-    ngx_resolver_ctx_t   *next;
++    ngx_resolver_ctx_t   *next, *last;
+     ngx_resolver_node_t  *rn;
+ 
+     hash = ngx_crc32_short(ctx->name.data, ctx->name.len);
+@@ -420,6 +420,9 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx)
+ 
+     if (rn) {
+ 
++        /* ctx can be a list after NGX_RESOLVE_CNAME */
++        for (last = ctx; last->next; last = last->next);
++
+         if (rn->valid >= ngx_time()) {
+ 
+             ngx_log_debug0(NGX_LOG_DEBUG_CORE, r->log, 0, "resolve cached");
+@@ -449,7 +452,7 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx)
+                     addrs = NULL;
+                 }
+ 
+-                ctx->next = rn->waiting;
++                last->next = rn->waiting;
+                 rn->waiting = NULL;
+ 
+                 /* unlock name mutex */
+@@ -483,7 +486,7 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx)
+                 return ngx_resolve_name_locked(r, ctx);
+             }
+ 
+-            ctx->next = rn->waiting;
++            last->next = rn->waiting;
+             rn->waiting = NULL;
+ 
+             /* unlock name mutex */
+@@ -516,7 +519,7 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx)
+                 ngx_add_timer(ctx->event, ctx->timeout);
+             }
+ 
+-            ctx->next = rn->waiting;
++            last->next = rn->waiting;
+             rn->waiting = ctx;
+             ctx->state = NGX_AGAIN;
+ 
+@@ -575,8 +578,14 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx)
+         ngx_resolver_free(r, rn->name);
+         ngx_resolver_free(r, rn);
+ 
+-        ctx->state = NGX_RESOLVE_NXDOMAIN;
+-        ctx->handler(ctx);
++        do {
++            ctx->state = NGX_RESOLVE_NXDOMAIN;
++            next = ctx->next;
++
++            ctx->handler(ctx);
++
++            ctx = next;
++        } while (ctx);
+ 
+         return NGX_OK;
+     }

debian/patches/0008-Resolver-changed-the-ngx_resolver_create_-_query-arg.patch

@@ -0,0 +1,134 @@
+From: Roman Arutyunyan <arut@nginx.com>
+Date: Tue, 26 Jan 2016 16:46:48 +0300
+Subject: Resolver: changed the ngx_resolver_create_*_query() arguments.
+
+No functional changes.
+
+This is needed by the following change.
+---
+ src/core/ngx_resolver.c | 36 +++++++++++++++++++-----------------
+ 1 file changed, 19 insertions(+), 17 deletions(-)
+
+diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
+index 15d42b7..6c83324 100644
+--- a/src/core/ngx_resolver.c
++++ b/src/core/ngx_resolver.c
+@@ -59,10 +59,10 @@ static void ngx_resolver_expire(ngx_resolver_t *r, ngx_rbtree_t *tree,
+     ngx_queue_t *queue);
+ static ngx_int_t ngx_resolver_send_query(ngx_resolver_t *r,
+     ngx_resolver_node_t *rn);
+-static ngx_int_t ngx_resolver_create_name_query(ngx_resolver_node_t *rn,
+-    ngx_resolver_ctx_t *ctx);
+-static ngx_int_t ngx_resolver_create_addr_query(ngx_resolver_node_t *rn,
+-    ngx_resolver_ctx_t *ctx);
++static ngx_int_t ngx_resolver_create_name_query(ngx_resolver_t *r,
++    ngx_resolver_node_t *rn, ngx_str_t *name);
++static ngx_int_t ngx_resolver_create_addr_query(ngx_resolver_t *r,
++    ngx_resolver_node_t *rn, in_addr_t addr);
+ static void ngx_resolver_resend_handler(ngx_event_t *ev);
+ static time_t ngx_resolver_resend(ngx_resolver_t *r, ngx_rbtree_t *tree,
+     ngx_queue_t *queue);
+@@ -565,7 +565,7 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx)
+         ngx_rbtree_insert(&r->name_rbtree, &rn->node);
+     }
+ 
+-    rc = ngx_resolver_create_name_query(rn, ctx);
++    rc = ngx_resolver_create_name_query(r, rn, &ctx->name);
+ 
+     if (rc == NGX_ERROR) {
+         goto failed;
+@@ -727,7 +727,7 @@ ngx_resolve_addr(ngx_resolver_ctx_t *ctx)
+         ngx_rbtree_insert(&r->addr_rbtree, &rn->node);
+     }
+ 
+-    if (ngx_resolver_create_addr_query(rn, ctx) != NGX_OK) {
++    if (ngx_resolver_create_addr_query(r, rn, ctx->addr) != NGX_OK) {
+         goto failed;
+     }
+ 
+@@ -1822,7 +1822,8 @@ ngx_resolver_rbtree_insert_value(ngx_rbtree_node_t *temp,
+ 
+ 
+ static ngx_int_t
+-ngx_resolver_create_name_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx)
++ngx_resolver_create_name_query(ngx_resolver_t *r, ngx_resolver_node_t *rn,
++    ngx_str_t *name)
+ {
+     u_char                *p, *s;
+     size_t                 len, nlen;
+@@ -1830,11 +1831,11 @@ ngx_resolver_create_name_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx)
+     ngx_resolver_qs_t     *qs;
+     ngx_resolver_query_t  *query;
+ 
+-    nlen = ctx->name.len ? (1 + ctx->name.len + 1) : 1;
++    nlen = name->len ? (1 + name->len + 1) : 1;
+ 
+     len = sizeof(ngx_resolver_query_t) + nlen + sizeof(ngx_resolver_qs_t);
+ 
+-    p = ngx_resolver_alloc(ctx->resolver, len);
++    p = ngx_resolver_alloc(r, len);
+     if (p == NULL) {
+         return NGX_ERROR;
+     }
+@@ -1846,8 +1847,8 @@ ngx_resolver_create_name_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx)
+ 
+     ident = ngx_random();
+ 
+-    ngx_log_debug2(NGX_LOG_DEBUG_CORE, ctx->resolver->log, 0,
+-                   "resolve: \"%V\" %i", &ctx->name, ident & 0xffff);
++    ngx_log_debug2(NGX_LOG_DEBUG_CORE, r->log, 0,
++                   "resolve: \"%V\" %i", name, ident & 0xffff);
+ 
+     query->ident_hi = (u_char) ((ident >> 8) & 0xff);
+     query->ident_lo = (u_char) (ident & 0xff);
+@@ -1866,7 +1867,7 @@ ngx_resolver_create_name_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx)
+     qs = (ngx_resolver_qs_t *) p;
+ 
+     /* query type */
+-    qs->type_hi = 0; qs->type_lo = (u_char) ctx->type;
++    qs->type_hi = 0; qs->type_lo = NGX_RESOLVE_A;
+ 
+     /* IP query class */
+     qs->class_hi = 0; qs->class_lo = 1;
+@@ -1877,11 +1878,11 @@ ngx_resolver_create_name_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx)
+     p--;
+     *p-- = '\0';
+ 
+-    if (ctx->name.len == 0)  {
++    if (name->len == 0)  {
+         return NGX_DECLINED;
+     }
+ 
+-    for (s = ctx->name.data + ctx->name.len - 1; s >= ctx->name.data; s--) {
++    for (s = name->data + name->len - 1; s >= name->data; s--) {
+         if (*s != '.') {
+             *p = *s;
+             len++;
+@@ -1911,7 +1912,8 @@ ngx_resolver_create_name_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx)
+ /* AF_INET only */
+ 
+ static ngx_int_t
+-ngx_resolver_create_addr_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx)
++ngx_resolver_create_addr_query(ngx_resolver_t *r, ngx_resolver_node_t *rn,
++    in_addr_t addr)
+ {
+     u_char                *p, *d;
+     size_t                 len;
+@@ -1923,7 +1925,7 @@ ngx_resolver_create_addr_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx)
+           + sizeof(".255.255.255.255.in-addr.arpa.") - 1
+           + sizeof(ngx_resolver_qs_t);
+ 
+-    p = ngx_resolver_alloc(ctx->resolver, len);
++    p = ngx_resolver_alloc(r, len);
+     if (p == NULL) {
+         return NGX_ERROR;
+     }
+@@ -1948,7 +1950,7 @@ ngx_resolver_create_addr_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx)
+     p += sizeof(ngx_resolver_query_t);
+ 
+     for (n = 0; n < 32; n += 8) {
+-        d = ngx_sprintf(&p[1], "%ud", (ctx->addr >> n) & 0xff);
++        d = ngx_sprintf(&p[1], "%ud", (addr >> n) & 0xff);
+         *p = (u_char) (d - &p[1]);
+         p = d;
+     }

debian/patches/0009-Resolver-fixed-use-after-free-memory-accesses-with-C.patch

@@ -0,0 +1,220 @@
+From: Roman Arutyunyan <arut@nginx.com>
+Date: Tue, 26 Jan 2016 16:46:59 +0300
+Subject: Resolver: fixed use-after-free memory accesses with CNAME.
+
+When several requests were waiting for a response, then after getting
+a CNAME response only the last request's context had the name updated.
+Contexts of other requests had the wrong name.  This name was used by
+ngx_resolve_name_done() to find the node to remove the request context
+from.  When the name was wrong, the request could not be properly
+cancelled, its context was freed but stayed linked to the node's waiting
+list.  This happened e.g. when the first request was aborted or timed
+out before the resolving completed.  When it completed, this triggered
+a use-after-free memory access by calling ctx->handler of already freed
+request context.  The bug manifests itself by
+"could not cancel <name> resolving" alerts in error_log.
+
+When a request was responded with a CNAME, the request context kept
+the pointer to the original node's rn->u.cname.  If the original node
+expired before the resolving timed out or completed with an error,
+this would trigger a use-after-free memory access via ctx->name in
+ctx->handler().
+
+The fix is to keep ctx->name unmodified.  The name from context
+is no longer used by ngx_resolve_name_done().  Instead, we now keep
+the pointer to resolver node to which this request is linked.
+Keeping the original name intact also improves logging.
+---
+ src/core/ngx_resolver.c | 52 +++++++++++++++++++++++++++++++------------------
+ src/core/ngx_resolver.h |  2 ++
+ 2 files changed, 35 insertions(+), 19 deletions(-)
+
+diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
+index 6c83324..fde8887 100644
+--- a/src/core/ngx_resolver.c
++++ b/src/core/ngx_resolver.c
+@@ -54,7 +54,7 @@ ngx_int_t ngx_udp_connect(ngx_udp_connection_t *uc);
+ static void ngx_resolver_cleanup(void *data);
+ static void ngx_resolver_cleanup_tree(ngx_resolver_t *r, ngx_rbtree_t *tree);
+ static ngx_int_t ngx_resolve_name_locked(ngx_resolver_t *r,
+-    ngx_resolver_ctx_t *ctx);
++    ngx_resolver_ctx_t *ctx, ngx_str_t *name);
+ static void ngx_resolver_expire(ngx_resolver_t *r, ngx_rbtree_t *tree,
+     ngx_queue_t *queue);
+ static ngx_int_t ngx_resolver_send_query(ngx_resolver_t *r,
+@@ -311,7 +311,7 @@ ngx_resolve_name(ngx_resolver_ctx_t *ctx)
+ 
+     /* lock name mutex */
+ 
+-    rc = ngx_resolve_name_locked(r, ctx);
++    rc = ngx_resolve_name_locked(r, ctx, &ctx->name);
+ 
+     if (rc == NGX_OK) {
+         return NGX_OK;
+@@ -338,7 +338,6 @@ ngx_resolve_name(ngx_resolver_ctx_t *ctx)
+ void
+ ngx_resolve_name_done(ngx_resolver_ctx_t *ctx)
+ {
+-    uint32_t              hash;
+     ngx_resolver_t       *r;
+     ngx_resolver_ctx_t   *w, **p;
+     ngx_resolver_node_t  *rn;
+@@ -360,9 +359,7 @@ ngx_resolve_name_done(ngx_resolver_ctx_t *ctx)
+ 
+     if (ctx->state == NGX_AGAIN || ctx->state == NGX_RESOLVE_TIMEDOUT) {
+ 
+-        hash = ngx_crc32_short(ctx->name.data, ctx->name.len);
+-
+-        rn = ngx_resolver_lookup_name(r, &ctx->name, hash);
++        rn = ctx->node;
+ 
+         if (rn) {
+             p = &rn->waiting;
+@@ -405,18 +402,20 @@ done:
+ /* NGX_RESOLVE_A only */
+ 
+ static ngx_int_t
+-ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx)
++ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx,
++    ngx_str_t *name)
+ {
+     uint32_t              hash;
+     in_addr_t             addr, *addrs;
+     ngx_int_t             rc;
++    ngx_str_t             cname;
+     ngx_uint_t            naddrs;
+     ngx_resolver_ctx_t   *next, *last;
+     ngx_resolver_node_t  *rn;
+ 
+-    hash = ngx_crc32_short(ctx->name.data, ctx->name.len);
++    hash = ngx_crc32_short(name->data, name->len);
+ 
+-    rn = ngx_resolver_lookup_name(r, &ctx->name, hash);
++    rn = ngx_resolver_lookup_name(r, name, hash);
+ 
+     if (rn) {
+ 
+@@ -480,10 +479,10 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx)
+ 
+             if (ctx->recursion++ < NGX_RESOLVER_MAX_RECURSION) {
+ 
+-                ctx->name.len = rn->cnlen;
+-                ctx->name.data = rn->u.cname;
++                cname.len = rn->cnlen;
++                cname.data = rn->u.cname;
+ 
+-                return ngx_resolve_name_locked(r, ctx);
++                return ngx_resolve_name_locked(r, ctx, &cname);
+             }
+ 
+             last->next = rn->waiting;
+@@ -523,6 +522,11 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx)
+             rn->waiting = ctx;
+             ctx->state = NGX_AGAIN;
+ 
++            do {
++                ctx->node = rn;
++                ctx = ctx->next;
++            } while (ctx);
++
+             return NGX_AGAIN;
+         }
+ 
+@@ -552,20 +556,20 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx)
+             return NGX_ERROR;
+         }
+ 
+-        rn->name = ngx_resolver_dup(r, ctx->name.data, ctx->name.len);
++        rn->name = ngx_resolver_dup(r, name->data, name->len);
+         if (rn->name == NULL) {
+             ngx_resolver_free(r, rn);
+             return NGX_ERROR;
+         }
+ 
+         rn->node.key = hash;
+-        rn->nlen = (u_short) ctx->name.len;
++        rn->nlen = (u_short) name->len;
+         rn->query = NULL;
+ 
+         ngx_rbtree_insert(&r->name_rbtree, &rn->node);
+     }
+ 
+-    rc = ngx_resolver_create_name_query(r, rn, &ctx->name);
++    rc = ngx_resolver_create_name_query(r, rn, name);
+ 
+     if (rc == NGX_ERROR) {
+         goto failed;
+@@ -623,6 +627,11 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx)
+ 
+     ctx->state = NGX_AGAIN;
+ 
++    do {
++        ctx->node = rn;
++        ctx = ctx->next;
++    } while (ctx);
++
+     return NGX_AGAIN;
+ 
+ failed:
+@@ -704,6 +713,7 @@ ngx_resolve_addr(ngx_resolver_ctx_t *ctx)
+             ctx->next = rn->waiting;
+             rn->waiting = ctx;
+             ctx->state = NGX_AGAIN;
++            ctx->node = rn;
+ 
+             /* unlock addr mutex */
+ 
+@@ -765,6 +775,7 @@ ngx_resolve_addr(ngx_resolver_ctx_t *ctx)
+     /* unlock addr mutex */
+ 
+     ctx->state = NGX_AGAIN;
++    ctx->node = rn;
+ 
+     return NGX_OK;
+ 
+@@ -795,7 +806,7 @@ failed:
+ void
+ ngx_resolve_addr_done(ngx_resolver_ctx_t *ctx)
+ {
+-    in_addr_t             addr;
++    in_addr_t            addr;
+     ngx_resolver_t       *r;
+     ngx_resolver_ctx_t   *w, **p;
+     ngx_resolver_node_t  *rn;
+@@ -813,7 +824,7 @@ ngx_resolve_addr_done(ngx_resolver_ctx_t *ctx)
+ 
+     if (ctx->state == NGX_AGAIN || ctx->state == NGX_RESOLVE_TIMEDOUT) {
+ 
+-        rn = ngx_resolver_lookup_addr(r, ctx->addr);
++        rn = ctx->node;
+ 
+         if (rn) {
+             p = &rn->waiting;
+@@ -1476,9 +1487,12 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last,
+         rn->waiting = NULL;
+ 
+         if (ctx) {
+-            ctx->name = name;
+ 
+-            (void) ngx_resolve_name_locked(r, ctx);
++            for (next = ctx; next; next = next->next) {
++                next->node = NULL;
++            }
++
++            (void) ngx_resolve_name_locked(r, ctx, &name);
+         }
+ 
+         ngx_resolver_free(r, rn->query);
+diff --git a/src/core/ngx_resolver.h b/src/core/ngx_resolver.h
+index ae34ca5..2b1ced6 100644
+--- a/src/core/ngx_resolver.h
++++ b/src/core/ngx_resolver.h
+@@ -131,6 +131,8 @@ struct ngx_resolver_ctx_s {
+     ngx_uint_t                quick;  /* unsigned  quick:1; */
+     ngx_uint_t                recursion;
+     ngx_event_t              *event;
++
++    ngx_resolver_node_t      *node;
+ };
+ 
+ 

debian/patches/0010-Resolver-limited-CNAME-recursion.patch

@@ -0,0 +1,54 @@
+From: Ruslan Ermilov <ru@nginx.com>
+Date: Tue, 26 Jan 2016 16:47:14 +0300
+Subject: Resolver: limited CNAME recursion.
+
+Previously, the recursion was only limited for cached responses.
+---
+ src/core/ngx_resolver.c | 22 +++++++++++++++++++---
+ 1 file changed, 19 insertions(+), 3 deletions(-)
+
+diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
+index fde8887..f20ac17 100644
+--- a/src/core/ngx_resolver.c
++++ b/src/core/ngx_resolver.c
+@@ -1483,11 +1483,30 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last,
+ 
+         ngx_queue_insert_head(&r->name_expire_queue, &rn->queue);
+ 
++        ngx_resolver_free(r, rn->query);
++        rn->query = NULL;
++
+         ctx = rn->waiting;
+         rn->waiting = NULL;
+ 
+         if (ctx) {
+ 
++            if (ctx->recursion++ >= NGX_RESOLVER_MAX_RECURSION) {
++
++                /* unlock name mutex */
++
++                do {
++                    ctx->state = NGX_RESOLVE_NXDOMAIN;
++                    next = ctx->next;
++
++                    ctx->handler(ctx);
++
++                    ctx = next;
++                } while (ctx);
++
++                return;
++            }
++
+             for (next = ctx; next; next = next->next) {
+                 next->node = NULL;
+             }
+@@ -1495,9 +1514,6 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last,
+             (void) ngx_resolve_name_locked(r, ctx, &name);
+         }
+ 
+-        ngx_resolver_free(r, rn->query);
+-        rn->query = NULL;
+-
+         return;
+     }
+ 

debian/patches/fix-CVE-2013-2070.patch

@@ -0,0 +1,16 @@
+Description: fix nginx proxy_pass buffer overflow
+(CVE-2013-2070)
+Forwarded: http://www.openwall.com/lists/oss-security/2013/05/13/3
+--- a/src/http/modules/ngx_http_proxy_module.c
++++ b/src/http/modules/ngx_http_proxy_module.c
+@@ -1864,6 +1864,10 @@
+ 
+     }
+ 
++   if (ctx->size < 0 || ctx->length < 0) {
++        goto invalid;
++    }
++
+     return rc;
+ 
+ done:

debian/patches/fix-CVE-2013-4547.patch

@@ -0,0 +1,30 @@
+From: Christos Trochalakis <yatiohi@ideopolis.gr>
+Date: Wed, 20 Nov 2013 00:26:42 +0200
+Subject: Fix CVE-2013-4547
+
+backport of changeset 5446:988c22615014 from the nginx repo.
+http://hg.nginx.org/nginx/rev/988c22615014
+---
+ src/http/ngx_http_parse.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
+index be750ed..bda0b0d 100644
+--- a/src/http/ngx_http_parse.c
++++ b/src/http/ngx_http_parse.c
+@@ -614,6 +614,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
+             default:
+                 r->space_in_uri = 1;
+                 state = sw_check_uri;
++                p--;
+                 break;
+             }
+             break;
+@@ -667,6 +668,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
+             default:
+                 r->space_in_uri = 1;
+                 state = sw_uri;
++                p--;
+                 break;
+             }
+             break;

debian/patches/fix-CVE-2014-3616.patch

@@ -0,0 +1,23 @@
+Subject: fix CVE-2014-3616, Reuse cached SSL sessions in unrelated contexts
+Origin: http://mailman.nginx.org/pipermail/nginx-devel/2014-September/005948.html
+--- a/src/event/ngx_event_openssl.c
++++ b/src/event/ngx_event_openssl.c
+@@ -1498,14 +1498,16 @@ ngx_int_t
+ ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
+     ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout)
+ {
+-    long  cache_mode;
++    long    cache_mode;
++    u_char  buf[16];
+ 
+     if (builtin_session_cache == NGX_SSL_NO_SCACHE) {
+         SSL_CTX_set_session_cache_mode(ssl->ctx, SSL_SESS_CACHE_OFF);
+         return NGX_OK;
+     }
+ 
+-    SSL_CTX_set_session_id_context(ssl->ctx, sess_ctx->data, sess_ctx->len);
++    RAND_pseudo_bytes(buf, 16);
++    SSL_CTX_set_session_id_context(ssl->ctx, buf, 16);
+ 
+     if (builtin_session_cache == NGX_SSL_NONE_SCACHE) {
+ 

debian/patches/fix-CVE-2017-7529.patch

@@ -0,0 +1,13 @@
+--- nginx-1.2.1.orig/src/http/modules/ngx_http_range_filter_module.c
++++ nginx-1.2.1/src/http/modules/ngx_http_range_filter_module.c
+@@ -322,6 +322,10 @@ ngx_http_range_parse(ngx_http_request_t
+             range->start = start;
+             range->end = end;
+ 
++            if (size > NGX_MAX_OFF_T_VALUE - (end - start)) {
++                return NGX_HTTP_RANGE_NOT_SATISFIABLE;
++            }
++
+             size += end - start;
+ 
+             if (ranges-- == 0) {

debian/patches/series

@@ -1 +1,11 @@
 perl-use-dpkg-buildflags.patch
+fix-CVE-2013-2070.patch
+fix-CVE-2013-4547.patch
+fix-CVE-2014-3616.patch
+0005-Resolver-fixed-possible-segmentation-fault-on-DNS-fo.patch
+0006-Resolver-fixed-crashes-in-timeout-handler.patch
+0007-Resolver-fixed-CNAME-processing-for-several-requests.patch
+0008-Resolver-changed-the-ngx_resolver_create_-_query-arg.patch
+0009-Resolver-fixed-use-after-free-memory-accesses-with-C.patch
+0010-Resolver-limited-CNAME-recursion.patch
+fix-CVE-2017-7529.patch

debian/po/cs.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: nginx 1.2.0-2\n"
 "Report-Msgid-Bugs-To: nginx@packages.debian.org\n"
-"POT-Creation-Date: 2012-06-11 08:18+0200\n"
+"POT-Creation-Date: 2012-07-12 12:34-0600\n"
 "PO-Revision-Date: 2012-06-23 11:31+0200\n"
 "Last-Translator: Michal Simunek <michal.simunek@gmail.com>\n"
 "Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n"
@@ -18,13 +18,13 @@ msgstr ""
 
 #. Type: string
 #. Description
-#: ../nginx-naxsi-ui.templates:2001
+#: ../nginx-naxsi-ui.templates:1001
 msgid "Database host for naxsi:"
 msgstr "Hostitel databáze pro naxsi:"
 
 #. Type: string
 #. Description
-#: ../nginx-naxsi-ui.templates:2001
+#: ../nginx-naxsi-ui.templates:1001
 msgid ""
 "Please specify the hostname of the server that will host the database for "
 "the naxsi web application firewall."

debian/po/da.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: nginx\n"
 "Report-Msgid-Bugs-To: nginx@packages.debian.org\n"
-"POT-Creation-Date: 2012-06-17 20:16+0530\n"
+"POT-Creation-Date: 2012-07-12 12:34-0600\n"
 "PO-Revision-Date: 2012-06-16 17:30+01:00\n"
 "Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n"
 "Language-Team: Danish <debian-l10n-danish@lists.debian.org>\n"
@@ -19,17 +19,15 @@ msgstr ""
 #. Type: string
 #. Description
 #: ../nginx-naxsi-ui.templates:1001
-#| msgid ""
-#| "Please specify the hostname of the server that will host the database for "
-#| "the naxsi web application firewall."
-msgid "Please specify the hostname of the server that will host the database"
-msgstr ""
-"Angiv venligst værtsnavnet for serveren som skal betjene brandmurens "
-"database for naxsi-internetprogrammet."
+msgid "Database host for naxsi:"
+msgstr "Databasevært for naxsi:"
 
 #. Type: string
 #. Description
 #: ../nginx-naxsi-ui.templates:1001
-#| msgid "Database host for naxsi:"
-msgid "Database host for naxsi:);"
-msgstr "Databasevært for naxsi:"
+msgid ""
+"Please specify the hostname of the server that will host the database for "
+"the naxsi web application firewall."
+msgstr ""
+"Angiv venligst værtsnavnet for serveren som skal betjene brandmurens "
+"database for naxsi-internetprogrammet."

debian/po/de.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: nginx 1.2.0-2\n"
 "Report-Msgid-Bugs-To: nginx@packages.debian.org\n"
-"POT-Creation-Date: 2012-06-17 20:16+0530\n"
+"POT-Creation-Date: 2012-07-12 12:34-0600\n"
 "PO-Revision-Date: 2012-06-13 23:11+0200\n"
 "Last-Translator: Chris Leick <c.leick@vollbio.de>\n"
 "Language-Team: German <debian-l10n-german@lists.debian.org>\n"
@@ -20,17 +20,15 @@ msgstr ""
 #. Type: string
 #. Description
 #: ../nginx-naxsi-ui.templates:1001
-#| msgid ""
-#| "Please specify the hostname of the server that will host the database for "
-#| "the naxsi web application firewall."
-msgid "Please specify the hostname of the server that will host the database"
-msgstr ""
-"Bitte geben Sie den Rechnernamen des Servers an, der die Datenbank der Web-"
-"Anwendungs-Firewall Naxsi beherbergen soll."
+msgid "Database host for naxsi:"
+msgstr "Datenbankrechner für Naxsi:"
 
 #. Type: string
 #. Description
 #: ../nginx-naxsi-ui.templates:1001
-#| msgid "Database host for naxsi:"
-msgid "Database host for naxsi:);"
-msgstr "Datenbankrechner für Naxsi:"
+msgid ""
+"Please specify the hostname of the server that will host the database for "
+"the naxsi web application firewall."
+msgstr ""
+"Bitte geben Sie den Rechnernamen des Servers an, der die Datenbank der Web-"
+"Anwendungs-Firewall Naxsi beherbergen soll."

debian/po/es.po

@@ -32,7 +32,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: nginx\n"
 "Report-Msgid-Bugs-To: nginx@packages.debian.org\n"
-"POT-Creation-Date: 2012-06-11 08:18+0200\n"
+"POT-Creation-Date: 2012-07-12 12:34-0600\n"
 "PO-Revision-Date: 2012-06-25 00:17-0500\n"
 "Last-Translator: Fernando C. Estrada <fcestrada@fcestrada.com>\n"
 "Language-Team: Debian L10N Spanish <debian-l10n-spanish@lists.debian.org>\n"
@@ -45,16 +45,13 @@ msgstr ""
 
 #. Type: string
 #. Description
-#: ../nginx-naxsi-ui.templates:2001
+#: ../nginx-naxsi-ui.templates:1001
 msgid "Database host for naxsi:"
 msgstr "Servidor de base de datos para naxsi:"
 
 #. Type: string
 #. Description
-#: ../nginx-naxsi-ui.templates:2001
-#| msgid ""
-#| "Please specify the hostname of the server where the naxsi Web Application "
-#| "Firewall's database should be located."
+#: ../nginx-naxsi-ui.templates:1001
 msgid ""
 "Please specify the hostname of the server that will host the database for "
 "the naxsi web application firewall."

debian/po/fr.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: nginx 1.2.0-2\n"
 "Report-Msgid-Bugs-To: nginx@packages.debian.org\n"
-"POT-Creation-Date: 2012-06-11 08:18+0200\n"
+"POT-Creation-Date: 2012-07-12 12:34-0600\n"
 "PO-Revision-Date: 2012-06-11 08:55+0100\n"
 "Last-Translator: Cyril Lavier <cyril.lavier@davromaniak.eu>\n"
 "Language-Team: French <debian-l10n-french@lists.debian.org>\n"
@@ -18,16 +18,16 @@ msgstr ""
 
 #. Type: string
 #. Description
-#: ../nginx-naxsi-ui.templates:2001
+#: ../nginx-naxsi-ui.templates:1001
 msgid "Database host for naxsi:"
 msgstr "Serveur hébergeant la base de données pour naxsi :"
 
 #. Type: string
 #. Description
-#: ../nginx-naxsi-ui.templates:2001
-#| msgid ""
-#| "Please specify the hostname of the server where the naxsi Web Application "
-#| "Firewall's database should be located."
-msgid "Please specify the hostname of the server that will host the database for the naxsi web application firewall."
-msgstr "Merci de fournir l'adresse du serveur de base de données pour l'application de pare-feu web naxsi."
-
+#: ../nginx-naxsi-ui.templates:1001
+msgid ""
+"Please specify the hostname of the server that will host the database for "
+"the naxsi web application firewall."
+msgstr ""
+"Merci de fournir l'adresse du serveur de base de données pour l'application "
+"de pare-feu web naxsi."

debian/po/gl.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: nginx\n"
 "Report-Msgid-Bugs-To: nginx@packages.debian.org\n"
-"POT-Creation-Date: 2012-06-11 08:18+0200\n"
+"POT-Creation-Date: 2012-07-12 12:34-0600\n"
 "PO-Revision-Date: 2012-06-25 01:23+0200\n"
 "Last-Translator: Jorge Barreiro <yortx.barry@gmail.com>\n"
 "Language-Team: Galician <proxecto@trasno.net>\n"
@@ -20,17 +20,16 @@ msgstr ""
 
 #. Type: string
 #. Description
-#: ../nginx-naxsi-ui.templates:2001
+#: ../nginx-naxsi-ui.templates:1001
 msgid "Database host for naxsi:"
 msgstr "Servidor de base de datos para «naxsi»:"
 
 #. Type: string
 #. Description
-#: ../nginx-naxsi-ui.templates:2001
+#: ../nginx-naxsi-ui.templates:1001
 msgid ""
 "Please specify the hostname of the server that will host the database for "
 "the naxsi web application firewall."
 msgstr ""
 "Indique o nome do servidor que aloxará a base de datos para a devasa do "
 "aplicativo web «naxsi»,"
-

debian/po/it.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: nginx 1.2.0-1\n"
 "Report-Msgid-Bugs-To: nginx@packages.debian.org\n"
-"POT-Creation-Date: 2012-05-09 09:26+0200\n"
+"POT-Creation-Date: 2012-07-12 12:34-0600\n"
 "PO-Revision-Date: 2012-06-26 23:27+0200\n"
 "Last-Translator: Dario Santamaria <dario.santamaria@gmail.com>\n"
 "Language-Team: Italian <tp@lists.linux.it>\n"
@@ -26,8 +26,8 @@ msgstr "Host del database per naxsi:"
 #. Description
 #: ../nginx-naxsi-ui.templates:1001
 msgid ""
-"Please specify the hostname of the server where the naxsi Web Application "
-"Firewall's database should be located."
+"Please specify the hostname of the server that will host the database for "
+"the naxsi web application firewall."
 msgstr ""
-"Specificare il nome host del server dove deve essere collocato il database del Firewall "
-"dell'Applicazione Web naxsi."
+"Specificare il nome host del server dove deve essere collocato il database "
+"del Firewall dell'Applicazione Web naxsi."

debian/po/nl.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: ngnix 1.2.0-2\n"
 "Report-Msgid-Bugs-To: nginx@packages.debian.org\n"
-"POT-Creation-Date: 2012-06-17 20:16+0530\n"
+"POT-Creation-Date: 2012-07-12 12:34-0600\n"
 "PO-Revision-Date: 2012-06-13 12:51+0200\n"
 "Last-Translator: Jeroen Schot <schot@a-eskwadraat.nl>\n"
 "Language-Team: Debian l10n Dutch <debian-l10n-dutch@lists.debian.org>\n"
@@ -19,17 +19,15 @@ msgstr ""
 #. Type: string
 #. Description
 #: ../nginx-naxsi-ui.templates:1001
-#| msgid ""
-#| "Please specify the hostname of the server that will host the database for "
-#| "the naxsi web application firewall."
-msgid "Please specify the hostname of the server that will host the database"
-msgstr ""
-"Wat is de computernaam van de server die de database van de naxsi "
-"webapplicatie-firewall zal aanbieden?"
+msgid "Database host for naxsi:"
+msgstr "Database-server voor naxsi:"
 
 #. Type: string
 #. Description
 #: ../nginx-naxsi-ui.templates:1001
-#| msgid "Database host for naxsi:"
-msgid "Database host for naxsi:);"
-msgstr "Database-server voor naxsi:"
+msgid ""
+"Please specify the hostname of the server that will host the database for "
+"the naxsi web application firewall."
+msgstr ""
+"Wat is de computernaam van de server die de database van de naxsi "
+"webapplicatie-firewall zal aanbieden?"

debian/po/pl.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: nginx\n"
 "Report-Msgid-Bugs-To: nginx@packages.debian.org\n"
-"POT-Creation-Date: 2012-06-11 08:18+0200\n"
+"POT-Creation-Date: 2012-07-12 12:34-0600\n"
 "PO-Revision-Date: 2012-06-14 19:46+0200\n"
 "Last-Translator: Michał Kułach <michal.kulach@gmail.com>\n"
 "Language-Team: Polish <debian-l10n-polish@lists.debian.org>\n"
@@ -21,17 +21,16 @@ msgstr ""
 
 #. Type: string
 #. Description
-#: ../nginx-naxsi-ui.templates:2001
+#: ../nginx-naxsi-ui.templates:1001
 msgid "Database host for naxsi:"
 msgstr "Komputer z bazą danych do naxsi:"
 
 #. Type: string
 #. Description
-#: ../nginx-naxsi-ui.templates:2001
+#: ../nginx-naxsi-ui.templates:1001
 msgid ""
 "Please specify the hostname of the server that will host the database for "
 "the naxsi web application firewall."
 msgstr ""
 "Proszę podać nazwę serwera, który będzie przechowywał bazę danych do zapory "
 "sieciowej aplikacji WWW naxci."
-

debian/po/pt.po

@@ -2,32 +2,32 @@
 # Copyright (C) 2012 Cyril Lavier
 # This file is distributed under the same license as the nginx-naxsi-ui package.
 # Pedro Ribeiro <p.m42.ribeiro@gmail.com>, 2012.
-#
-msgid ""
-msgstr ""
-"Project-Id-Version: nginx\n"
-"Report-Msgid-Bugs-To: nginx@packages.debian.org\n"
-"POT-Creation-Date: 2012-06-11 08:18+0200\n"
-"PO-Revision-Date: 2012-06-26 19:14+0100\n"
-"Last-Translator: Pedro Ribeiro <p.m42.ribeiro@gmail.com>\n"
-"Language-Team: Portuguese <traduz@debianpt.org>\n"
-"Language: Portuguese\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-
-#. Type: string
-#. Description
-#: ../nginx-naxsi-ui.templates:2001
-msgid "Database host for naxsi:"
-msgstr "Servidor de base de dados para o naxsi:"
-
-#. Type: string
-#. Description
-#: ../nginx-naxsi-ui.templates:2001
-msgid ""
-"Please specify the hostname of the server that will host the database for "
-"the naxsi web application firewall."
-msgstr ""
-"Indique, por favor, o nome da máquina do servidor que irá alojar a base "
-"de dados para a firewall da aplicação web naxsi."
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: nginx\n"
+"Report-Msgid-Bugs-To: nginx@packages.debian.org\n"
+"POT-Creation-Date: 2012-07-12 12:34-0600\n"
+"PO-Revision-Date: 2012-06-26 19:14+0100\n"
+"Last-Translator: Pedro Ribeiro <p.m42.ribeiro@gmail.com>\n"
+"Language-Team: Portuguese <traduz@debianpt.org>\n"
+"Language: Portuguese\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: string
+#. Description
+#: ../nginx-naxsi-ui.templates:1001
+msgid "Database host for naxsi:"
+msgstr "Servidor de base de dados para o naxsi:"
+
+#. Type: string
+#. Description
+#: ../nginx-naxsi-ui.templates:1001
+msgid ""
+"Please specify the hostname of the server that will host the database for "
+"the naxsi web application firewall."
+msgstr ""
+"Indique, por favor, o nome da máquina do servidor que irá alojar a base de "
+"dados para a firewall da aplicação web naxsi."

debian/po/ru.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: nginx 1.2.0-2\n"
 "Report-Msgid-Bugs-To: nginx@packages.debian.org\n"
-"POT-Creation-Date: 2012-06-17 20:16+0530\n"
+"POT-Creation-Date: 2012-07-12 12:34-0600\n"
 "PO-Revision-Date: 2012-06-12 09:32+0400\n"
 "Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n"
 "Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n"
@@ -23,17 +23,15 @@ msgstr ""
 #. Type: string
 #. Description
 #: ../nginx-naxsi-ui.templates:1001
-#| msgid ""
-#| "Please specify the hostname of the server that will host the database for "
-#| "the naxsi web application firewall."
-msgid "Please specify the hostname of the server that will host the database"
-msgstr ""
-"Укажите имя узла сервера, на котором будет размещена база данных веб-"
-"приложения межсетевого экрана naxsi."
+msgid "Database host for naxsi:"
+msgstr "Узел для базы данных naxsi:"
 
 #. Type: string
 #. Description
 #: ../nginx-naxsi-ui.templates:1001
-#| msgid "Database host for naxsi:"
-msgid "Database host for naxsi:);"
-msgstr "Узел для базы данных naxsi:"
+msgid ""
+"Please specify the hostname of the server that will host the database for "
+"the naxsi web application firewall."
+msgstr ""
+"Укажите имя узла сервера, на котором будет размещена база данных веб-"
+"приложения межсетевого экрана naxsi."

debian/po/sk.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: nginx\n"
 "Report-Msgid-Bugs-To: nginx@packages.debian.org\n"
-"POT-Creation-Date: 2012-06-17 20:16+0530\n"
+"POT-Creation-Date: 2012-07-12 12:34-0600\n"
 "PO-Revision-Date: 2012-06-12 23:15+0100\n"
 "Last-Translator: Ivan Masár <helix84@centrum.sk>\n"
 "Language-Team: Slovak <debian-l10n-slovak@lists.debian.org>\n"
@@ -19,17 +19,15 @@ msgstr ""
 #. Type: string
 #. Description
 #: ../nginx-naxsi-ui.templates:1001
-#| msgid ""
-#| "Please specify the hostname of the server that will host the database for "
-#| "the naxsi web application firewall."
-msgid "Please specify the hostname of the server that will host the database"
-msgstr ""
-"Prosím, zadajte názov servera, ktorý bude hostiteľom databázy webového "
-"aplikačného firewallu naxsi."
+msgid "Database host for naxsi:"
+msgstr "Hostiteľ databázy naxsi:"
 
 #. Type: string
 #. Description
 #: ../nginx-naxsi-ui.templates:1001
-#| msgid "Database host for naxsi:"
-msgid "Database host for naxsi:);"
-msgstr "Hostiteľ databázy naxsi:"
+msgid ""
+"Please specify the hostname of the server that will host the database for "
+"the naxsi web application firewall."
+msgstr ""
+"Prosím, zadajte názov servera, ktorý bude hostiteľom databázy webového "
+"aplikačného firewallu naxsi."

debian/po/sv.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: nginx\n"
 "Report-Msgid-Bugs-To: nginx@packages.debian.org\n"
-"POT-Creation-Date: 2012-06-17 20:16+0530\n"
+"POT-Creation-Date: 2012-07-12 12:34-0600\n"
 "PO-Revision-Date: 2012-06-11 11:08+0100\n"
 "Last-Translator: Martin Bagge / brother <brother@bsnet.se>\n"
 "Language-Team: Swedish <debian-l10n-swedish@lists.debian.org>\n"
@@ -21,17 +21,15 @@ msgstr ""
 #. Type: string
 #. Description
 #: ../nginx-naxsi-ui.templates:1001
-#| msgid ""
-#| "Please specify the hostname of the server that will host the database for "
-#| "the naxsi web application firewall."
-msgid "Please specify the hostname of the server that will host the database"
-msgstr ""
-"Ange värdnamnet för servern som kommer att tillhandahålla databasen för "
-"naxsi web application firewall."
+msgid "Database host for naxsi:"
+msgstr "Databasvärd för naxsi:"
 
 #. Type: string
 #. Description
 #: ../nginx-naxsi-ui.templates:1001
-#| msgid "Database host for naxsi:"
-msgid "Database host for naxsi:);"
-msgstr "Databasvärd för naxsi:"
+msgid ""
+"Please specify the hostname of the server that will host the database for "
+"the naxsi web application firewall."
+msgstr ""
+"Ange värdnamnet för servern som kommer att tillhandahålla databasen för "
+"naxsi web application firewall."

debian/po/templates.pot

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: nginx\n"
 "Report-Msgid-Bugs-To: nginx@packages.debian.org\n"
-"POT-Creation-Date: 2012-06-17 20:16+0530\n"
+"POT-Creation-Date: 2012-07-12 12:34-0600\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -20,11 +20,13 @@ msgstr ""
 #. Type: string
 #. Description
 #: ../nginx-naxsi-ui.templates:1001
-msgid "Please specify the hostname of the server that will host the database"
+msgid "Database host for naxsi:"
 msgstr ""
 
 #. Type: string
 #. Description
 #: ../nginx-naxsi-ui.templates:1001
-msgid "Database host for naxsi:);"
+msgid ""
+"Please specify the hostname of the server that will host the database for "
+"the naxsi web application firewall."
 msgstr ""