SSL worker process bugfixes in 1.15.5, please put into Cosmic

Bug #1795690 reported by Thomas Ward on 2018-10-02
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nginx (Ubuntu)
Medium
Thomas Ward

Bug Description

NGINX has released 1.15.5 which contains bugfixes for a segmentation fault:

Changes with nginx 1.15.5 02 Oct 2018

    *) Bugfix: a segmentation fault might occur in a worker process when
       using OpenSSL 1.1.0h or newer; the bug had appeared in 1.15.4.

    *) Bugfix: of minor potential bugs.

This should be included in Ubuntu as the flaw was introduced in 1.15.4, which is already in the repositories.

As this is upstream-originating fixes, regression risk is low.

As there are no feature changes, this is a bugfix-only upload and should be OK under the current freeze of the archives.

Adam Conrad (adconrad) wrote :

This was purely just two bugfixes, no freeze exception needed. We care about features, not version numbers. :)

Thomas Ward (teward) on 2018-10-02
Changed in nginx (Ubuntu):
status: In Progress → Fix Committed
summary: - Update NGINX in Cosmic go 1.15.5 for segfault bugfixes
+ SSL worker process bugfixes in 1.15.5, please put into Cosmic
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nginx - 1.15.5-0ubuntu1

---------------
nginx (1.15.5-0ubuntu1) cosmic; urgency=medium

  * This is a bugfixes-only upstream micro release, and thus is a bugfixes-
    only version change. (LP: #1795690)
  * New upstream release (1.15.5) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.

 -- Thomas Ward <email address hidden> Tue, 02 Oct 2018 11:31:05 -0400

Changed in nginx (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers