[FFe Needed] Update NGINX in Cosmic to 1.15.4 for bugfixes

Bug #1794321 reported by Thomas Ward on 2018-09-25
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nginx (Ubuntu)
Undecided
Unassigned

Bug Description

NGINX Upstream recently released 1.15.4.

This is the following from its changelog:

Changes with nginx 1.15.4 25 Sep 2018

    *) Feature: now the "ssl_early_data" directive can be used with OpenSSL.

    *) Bugfix: in the ngx_http_uwsgi_module.
       Thanks to Chris Caputo.

    *) Bugfix: connections with some gRPC backends might not be cached when
       using the "keepalive" directive.

    *) Bugfix: a socket leak might occur when using the "error_page"
       directive to redirect early request processing errors, notably errors
       with code 400.

    *) Bugfix: the "return" directive did not change the response code when
       returning errors if the request was redirected by the "error_page"
       directive.

    *) Bugfix: standard error pages and responses of the
       ngx_http_autoindex_module module used the "bgcolor" attribute, and
       might be displayed incorrectly when using custom color settings in
       browsers.
       Thanks to Nova DasSarma.

    *) Change: the logging level of the "no suitable key share" and "no
       suitable signature algorithm" SSL errors has been lowered from "crit"
       to "info".

The only feature here being added will only be available if https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092 passes and is accepted into Cosmic. Until such time, however, TLS1.3 extensions such as ssl_early_data won't work at the moment.

The remaining bugfixes are more important. Socket leaks, connections to gRPC backends, return directive not working, etc. should all be fixed with these bugfixes. The only other change is to the logging importance for certain types of errors.

This is an Upstream originating point release. Regression risk from this is minimal.

Test builds will take place in a PPA, link to be posted shortly.

Łukasz Zemczak (sil2100) wrote :

Ok, looks sane. Please provide the test build logs (or link to the PPA) and perform some basic upgrade sanity tests. We can then think about approving this.

Thomas Ward (teward) wrote :

PPA builds uploaded, location will be at https://launchpad.net/~teward/+archive/ubuntu/nginx-1794321

Once it builds, I'll run the upgrade sanity tests.

(Thanks for the quick response, sil2100!)

Thomas Ward (teward) wrote :

Just realized I didn't enable all the archs on the PPA. WIll reupload to the PPA if necessary to regenerate the other archs.

tags: added: upgrade-software-version
Thomas Ward (teward) wrote :

All other arch builds beyond amd64 and i386 have been spun and are in progress on the PPA - thanks to cjwatson for showing me the sneaky way to build the other archs. (Builds in progress, once amd64 finishes and shows up I'll do testing)

Thomas Ward (teward) wrote :

Basic upgrade and installation tests were completed in a Cosmic container.

Both upgrading to 1.15.4 from 1.15.3 which is currently in the repos and clean-installing 1.15.4 work without issue.

Łukasz Zemczak (sil2100) wrote :

Excellent. I don't see any reason not to proceed. FFe approved.

Changed in nginx (Ubuntu):
status: New → Triaged
Thomas Ward (teward) wrote :

Uploaded and awaiting approval.

Thomas Ward (teward) wrote :

Approval will have to wait until after Beta Freeze, this has been assured to get in by other AAs after Beta Freeze is over.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nginx - 1.15.5-0ubuntu1

---------------
nginx (1.15.5-0ubuntu1) cosmic; urgency=medium

  * This is a bugfixes-only upstream micro release, and thus is a bugfixes-
    only version change. (LP: #1795690)
  * New upstream release (1.15.5) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.

 -- Thomas Ward <email address hidden> Tue, 02 Oct 2018 11:31:05 -0400

Changed in nginx (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers