[FFe needed] Update NGINX in Cosmic to 1.15.3 for bugfixes

Bug #1790149 reported by Thomas Ward on 2018-08-31
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nginx (Ubuntu)
Thomas Ward

Bug Description

There are a number of bugs fixed in the HTTP DAV module shipped with nginx by upstream as part of NGINX 1.15.3, and a workaround to an HTTP/2 bug. Given that for Cosmic we are tracking NGINX Mainline, the simplest solution for this is a

The following is the changelog for NGINX 1.15.3:

Changes with nginx 1.15.3 28 Aug 2018

    *) Feature: now TLSv1.3 can be used with BoringSSL.

    *) Feature: the "ssl_early_data" directive, currently available with

    *) Feature: the "keepalive_timeout" and "keepalive_requests" directives
       in the "upstream" block.

    *) Bugfix: the ngx_http_dav_module did not truncate destination file
       when copying a file over an existing one with the COPY method.

    *) Bugfix: the ngx_http_dav_module used zero access rights on the
       destination file and did not preserve file modification time when
       moving a file between different file systems with the MOVE method.

    *) Bugfix: the ngx_http_dav_module used default access rights when
       copying a file with the COPY method.

    *) Workaround: some clients might not work when using HTTP/2; the bug
       had appeared in 1.13.5.

    *) Bugfix: nginx could not be built with LibreSSL 2.8.0.

The only 'Feature' change here of relevance is that "keepalive_timeout" and "keepalive_requests" can be provided in the 'upstream' block of a config, but functionally there are no other changes.

The other two feature changes are BoringSSL-specific, and not relevant for Cosmic as we use OpenSSL for ouir builds.

The remaining bugfixes should be included to fix issues with the HTTP DAV module.

The regression risk of this is low, as these bugfixes originated upstream.

Package builds for this are in-progress at a PPA specifically for this with all buildable arches enabled - https://launchpad.net/~teward/+archive/ubuntu/nginx-1790149/+packages

Installation of the packages seems to work fine on my local builds (however, they were built via my automated build environment which does not currently have the build logs published, only the result, please refer to build logs in the PPA for build logs)

Thomas Ward (teward) on 2018-08-31
description: updated
description: updated
Łukasz Zemczak (sil2100) wrote :

Seeing that this is a new point-release with just one affecting feature, I think it should be fine to still include it in cosmic. Please proceed.

Changed in nginx (Ubuntu):
status: New → Triaged
Thomas Ward (teward) wrote :

Upload in progress, it should land in the queue shortly. Thanks, Lukasz.

Changed in nginx (Ubuntu):
status: Triaged → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nginx - 1.15.3-0ubuntu1

nginx (1.15.3-0ubuntu1) cosmic; urgency=medium

  * New upstream release (1.15.3) - full changelog available from
    http://nginx.org/en/CHANGES (LP: #1790149)
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.

 -- Thomas Ward <email address hidden> Fri, 31 Aug 2018 09:52:34 -0400

Changed in nginx (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers