Ubuntu
nginx package

[FFe Needed] Update NGINX in Cosmic to 1.15.4 for bugfixes

Bug #1794321 reported by Thomas Ward on 2018-09-25

8

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	nginx (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

NGINX Upstream recently released 1.15.4.

This is the following from its changelog:

Changes with nginx 1.15.4 25 Sep 2018

*) Feature: now the "ssl_early_data" directive can be used with OpenSSL.

*) Bugfix: in the ngx_http_uwsgi_module.
Thanks to Chris Caputo.

*) Bugfix: connections with some gRPC backends might not be cached when
using the "keepalive" directive.

    *) Bugfix: a socket leak might occur when using the "error_page"
       directive to redirect early request processing errors, notably errors
       with code 400.

    *) Bugfix: the "return" directive did not change the response code when
       returning errors if the request was redirected by the "error_page"
       directive.

    *) Bugfix: standard error pages and responses of the
       ngx_http_autoindex_module module used the "bgcolor" attribute, and
       might be displayed incorrectly when using custom color settings in
       browsers.
       Thanks to Nova DasSarma.

    *) Change: the logging level of the "no suitable key share" and "no
       suitable signature algorithm" SSL errors has been lowered from "crit"
       to "info".

The only feature here being added will only be available if https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092 passes and is accepted into Cosmic. Until such time, however, TLS1.3 extensions such as ssl_early_data won't work at the moment.

The remaining bugfixes are more important. Socket leaks, connections to gRPC backends, return directive not working, etc. should all be fixed with these bugfixes. The only other change is to the logging importance for certain types of errors.

This is an Upstream originating point release. Regression risk from this is minimal.

Test builds will take place in a PPA, link to be posted shortly.

Tags:

Revision history for this message

Łukasz Zemczak (sil2100) wrote on 2018-09-25:

#1

Ok, looks sane. Please provide the test build logs (or link to the PPA) and perform some basic upgrade sanity tests. We can then think about approving this.

Revision history for this message

Thomas Ward (teward) wrote on 2018-09-25:

#2

PPA builds uploaded, location will be at https://launchpad.net/~teward/+archive/ubuntu/nginx-1794321

Once it builds, I'll run the upgrade sanity tests.

(Thanks for the quick response, sil2100!)

Revision history for this message

Thomas Ward (teward) wrote on 2018-09-25:

#3

Just realized I didn't enable all the archs on the PPA. WIll reupload to the PPA if necessary to regenerate the other archs.

Hans Joachim Desserud (hjd) on 2018-09-25

tags:

added: upgrade-software-version

Revision history for this message

Thomas Ward (teward) wrote on 2018-09-25:

#4

All other arch builds beyond amd64 and i386 have been spun and are in progress on the PPA - thanks to cjwatson for showing me the sneaky way to build the other archs. (Builds in progress, once amd64 finishes and shows up I'll do testing)

Revision history for this message

Thomas Ward (teward) wrote on 2018-09-25:

#5

Basic upgrade and installation tests were completed in a Cosmic container.

Both upgrading to 1.15.4 from 1.15.3 which is currently in the repos and clean-installing 1.15.4 work without issue.

Revision history for this message

Łukasz Zemczak (sil2100) wrote on 2018-09-26:

#6

Excellent. I don't see any reason not to proceed. FFe approved.

Changed in nginx (Ubuntu):
status:	New → Triaged

Revision history for this message

Thomas Ward (teward) wrote on 2018-09-26:

#7

Uploaded and awaiting approval.

Revision history for this message

Thomas Ward (teward) wrote on 2018-09-26:

#8

Approval will have to wait until after Beta Freeze, this has been assured to get in by other AAs after Beta Freeze is over.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-10-04:

#9

This bug was fixed in the package nginx - 1.15.5-0ubuntu1

---------------
nginx (1.15.5-0ubuntu1) cosmic; urgency=medium

  * This is a bugfixes-only upstream micro release, and thus is a bugfixes-
    only version change. (LP: #1795690)
  * New upstream release (1.15.5) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.

-- Thomas Ward <email address hidden> Tue, 02 Oct 2018 11:31:05 -0400

Changed in nginx (Ubuntu):
status:	Triaged → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.