| 2022-07-12 14:33:17 |
Daniel |
bug |
|
|
added bug |
| 2022-07-12 14:34:46 |
Launchpad Janitor |
nginx (Ubuntu): status |
New |
Confirmed |
|
| 2022-07-12 14:34:57 |
Josua |
bug |
|
|
added subscriber Josua |
| 2022-07-12 14:36:07 |
Antonios Tsianakas |
bug |
|
|
added subscriber Antonios Tsianakas |
| 2022-07-12 14:38:22 |
Paul Rogers |
bug |
|
|
added subscriber Paul Rogers |
| 2022-07-13 13:40:59 |
Athos Ribeiro |
nginx (Ubuntu): status |
Confirmed |
Triaged |
|
| 2022-07-13 13:41:12 |
Athos Ribeiro |
bug |
|
|
added subscriber Ubuntu Server |
| 2022-07-13 13:41:19 |
Athos Ribeiro |
tags |
|
server-todo |
|
| 2022-07-13 20:55:17 |
Bryce Harrington |
bug task added |
|
nginx |
|
| 2022-07-13 20:58:42 |
Bryce Harrington |
bug task deleted |
nginx |
|
|
| 2022-07-20 15:17:33 |
Bryce Harrington |
nominated for series |
|
Ubuntu Jammy |
|
| 2022-07-20 15:17:33 |
Bryce Harrington |
bug task added |
|
nginx (Ubuntu Jammy) |
|
| 2022-07-20 15:17:33 |
Bryce Harrington |
nominated for series |
|
Ubuntu Kinetic |
|
| 2022-07-20 15:17:33 |
Bryce Harrington |
bug task added |
|
nginx (Ubuntu Kinetic) |
|
| 2022-07-20 15:21:25 |
Bryce Harrington |
nginx (Ubuntu Jammy): assignee |
|
Bryce Harrington (bryce) |
|
| 2022-07-27 01:21:32 |
Bryce Harrington |
nginx (Ubuntu Kinetic): assignee |
|
Bryce Harrington (bryce) |
|
| 2022-07-27 01:21:34 |
Bryce Harrington |
nginx (Ubuntu Jammy): status |
New |
Triaged |
|
| 2022-08-04 19:45:34 |
Bryce Harrington |
nginx (Ubuntu Jammy): status |
Triaged |
Fix Committed |
|
| 2022-08-04 19:45:55 |
Bryce Harrington |
nginx (Ubuntu Jammy): status |
Fix Committed |
Triaged |
|
| 2022-08-10 15:55:08 |
Bryce Harrington |
nginx (Ubuntu Kinetic): status |
Triaged |
Fix Committed |
|
| 2022-08-10 17:07:46 |
Daniel |
attachment added |
|
nginx config snippets https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1981457/+attachment/5607694/+files/nginx_snippets.conf |
|
| 2022-08-17 15:14:53 |
Bryce Harrington |
nginx (Ubuntu Kinetic): status |
Fix Committed |
Fix Released |
|
| 2022-08-24 19:56:53 |
Bryce Harrington |
nginx (Ubuntu Jammy): assignee |
Bryce Harrington (bryce) |
|
|
| 2022-08-24 19:57:01 |
Bryce Harrington |
tags |
server-todo |
|
|
| 2022-08-25 13:41:35 |
Simon Déziel |
description |
Ubuntu Jammy (22.04) is using OpenSSL 3.0 which changed the behaviour when closing encrypted connections. Hence, nginx upstream patched its versions >= 1.21.2 with a flag to remain compatible with clients still closing connections improperly. Details can be found in https://github.com/nginx/nginx/commit/5155845ce4453a07d60e2ce43946c9181bc311fa
Can this patch please be backported to nginx on Jammy as well?
```
'lsb_release -rd':
Description: Ubuntu 22.04 LTS
Release: 22.04
'apt-cache policy nginx':
nginx:
Installed: 1.18.0-6ubuntu14.1
Candidate: 1.18.0-6ubuntu14.1
...
``` |
# Steps to reproduce
1) install nginx
2) setup a vhost that accepts HTTPS connections
3) from a client machine, send many requests and abort some of them abruptly
URL="https://$NAME_OF_HTTPS_VHOST"
while :; do
timeout -s KILL 0.2s curl -v -K <(echo verbose;for i in {1..2000}; do echo url = "$URL"; echo -o /dev/null; done)
done
4) check the error logs for "unexpected eof while reading"
grep -cF "unexpected eof while reading" /var/log/nginx/*error.log
There should be no "unexpected eof while reading" error when a connection is aborted by the timeout command.
# Original description
Ubuntu Jammy (22.04) is using OpenSSL 3.0 which changed the behaviour when closing encrypted connections. Hence, nginx upstream patched its versions >= 1.21.2 with a flag to remain compatible with clients still closing connections improperly. Details can be found in https://github.com/nginx/nginx/commit/5155845ce4453a07d60e2ce43946c9181bc311fa
Can this patch please be backported to nginx on Jammy as well?
```
'lsb_release -rd':
Description: Ubuntu 22.04 LTS
Release: 22.04
'apt-cache policy nginx':
nginx:
Installed: 1.18.0-6ubuntu14.1
Candidate: 1.18.0-6ubuntu14.1
...
``` |
|
| 2022-08-29 18:59:00 |
Andreas Hasenack |
bug |
|
|
added subscriber Andreas Hasenack |
| 2022-08-30 20:08:08 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~bryce/ubuntu/+source/nginx/+git/nginx/+merge/429171 |
|
| 2022-08-30 20:29:30 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~bryce/ubuntu/+source/nginx/+git/nginx/+merge/429172 |
|
| 2022-08-30 20:30:19 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~bryce/ubuntu/+source/nginx/+git/nginx/+merge/429173 |
|
| 2022-08-30 21:25:09 |
Bryce Harrington |
description |
# Steps to reproduce
1) install nginx
2) setup a vhost that accepts HTTPS connections
3) from a client machine, send many requests and abort some of them abruptly
URL="https://$NAME_OF_HTTPS_VHOST"
while :; do
timeout -s KILL 0.2s curl -v -K <(echo verbose;for i in {1..2000}; do echo url = "$URL"; echo -o /dev/null; done)
done
4) check the error logs for "unexpected eof while reading"
grep -cF "unexpected eof while reading" /var/log/nginx/*error.log
There should be no "unexpected eof while reading" error when a connection is aborted by the timeout command.
# Original description
Ubuntu Jammy (22.04) is using OpenSSL 3.0 which changed the behaviour when closing encrypted connections. Hence, nginx upstream patched its versions >= 1.21.2 with a flag to remain compatible with clients still closing connections improperly. Details can be found in https://github.com/nginx/nginx/commit/5155845ce4453a07d60e2ce43946c9181bc311fa
Can this patch please be backported to nginx on Jammy as well?
```
'lsb_release -rd':
Description: Ubuntu 22.04 LTS
Release: 22.04
'apt-cache policy nginx':
nginx:
Installed: 1.18.0-6ubuntu14.1
Candidate: 1.18.0-6ubuntu14.1
...
``` |
[Impact]
Ubuntu Jammy (22.04) is using OpenSSL 3.0 which changed the behavior when closing encrypted connections. Certain clients close their connections improperly and thus trigger an error message in the server logs. These messages bloat the error logs.
[Test case]
1) install nginx
2) setup a vhost that accepts HTTPS connections
3) from a client machine, send many requests and abort some of them abruptly
URL="https://$NAME_OF_HTTPS_VHOST"
while :; do
timeout -s KILL 0.2s curl -v -K <(echo verbose;for i in {1..2000}; do echo url = "$URL"; echo -o /dev/null; done)
done
4) check the error logs for "unexpected eof while reading"
grep -cF "unexpected eof while reading" /var/log/nginx/*error.log
With the fixed version, there should be no "unexpected eof while reading" error when a connection is aborted by the timeout command. With the unfixed version, the error should present itself many times fairly quickly.
[Fix]
Ubuntu Kinetic ships a newer version of nginx that includes a fix for this problem. This SRU backports that patch to Jammy. Earlier versions of Ubuntu don't carry OpenSSL 3.0 so are not presenting the altered closure behavior.
[Original description]
Ubuntu Jammy (22.04) is using OpenSSL 3.0 which changed the behaviour when closing encrypted connections. Hence, nginx upstream patched its versions >= 1.21.2 with a flag to remain compatible with clients still closing connections improperly. Details can be found in https://github.com/nginx/nginx/commit/5155845ce4453a07d60e2ce43946c9181bc311fa
Can this patch please be backported to nginx on Jammy as well?
```
'lsb_release -rd':
Description: Ubuntu 22.04 LTS
Release: 22.04
'apt-cache policy nginx':
nginx:
Installed: 1.18.0-6ubuntu14.1
Candidate: 1.18.0-6ubuntu14.1
...
``` |
|
| 2022-08-30 22:33:50 |
Bryce Harrington |
description |
[Impact]
Ubuntu Jammy (22.04) is using OpenSSL 3.0 which changed the behavior when closing encrypted connections. Certain clients close their connections improperly and thus trigger an error message in the server logs. These messages bloat the error logs.
[Test case]
1) install nginx
2) setup a vhost that accepts HTTPS connections
3) from a client machine, send many requests and abort some of them abruptly
URL="https://$NAME_OF_HTTPS_VHOST"
while :; do
timeout -s KILL 0.2s curl -v -K <(echo verbose;for i in {1..2000}; do echo url = "$URL"; echo -o /dev/null; done)
done
4) check the error logs for "unexpected eof while reading"
grep -cF "unexpected eof while reading" /var/log/nginx/*error.log
With the fixed version, there should be no "unexpected eof while reading" error when a connection is aborted by the timeout command. With the unfixed version, the error should present itself many times fairly quickly.
[Fix]
Ubuntu Kinetic ships a newer version of nginx that includes a fix for this problem. This SRU backports that patch to Jammy. Earlier versions of Ubuntu don't carry OpenSSL 3.0 so are not presenting the altered closure behavior.
[Original description]
Ubuntu Jammy (22.04) is using OpenSSL 3.0 which changed the behaviour when closing encrypted connections. Hence, nginx upstream patched its versions >= 1.21.2 with a flag to remain compatible with clients still closing connections improperly. Details can be found in https://github.com/nginx/nginx/commit/5155845ce4453a07d60e2ce43946c9181bc311fa
Can this patch please be backported to nginx on Jammy as well?
```
'lsb_release -rd':
Description: Ubuntu 22.04 LTS
Release: 22.04
'apt-cache policy nginx':
nginx:
Installed: 1.18.0-6ubuntu14.1
Candidate: 1.18.0-6ubuntu14.1
...
``` |
[Impact]
Ubuntu Jammy (22.04) is using OpenSSL 3.0 which changed the behavior when closing encrypted connections. Certain clients close their connections improperly and thus trigger an error message in the server logs. These messages bloat the error logs.
[Test case]
1) install nginx
2) setup a vhost that accepts HTTPS connections
3) from a client machine, send many requests and abort some of them abruptly
URL="https://$NAME_OF_HTTPS_VHOST"
while :; do
timeout -s KILL 0.2s curl -v -K <(echo verbose;for i in {1..2000}; do echo url = "$URL"; echo -o /dev/null; done)
done
4) check the error logs for "unexpected eof while reading"
grep -cF "unexpected eof while reading" /var/log/nginx/*error.log
With the fixed version, there should be no "unexpected eof while reading" error when a connection is aborted by the timeout command. With the unfixed version, the error should present itself many times fairly quickly.
[Fix]
Ubuntu Kinetic ships a newer version of nginx that includes a fix for this problem. This SRU backports that patch to Jammy. Earlier versions of Ubuntu don't carry OpenSSL 3.0 so are not presenting the altered closure behavior.
[Where problems may occur]
The patch changes behavior at point of connection termination, so a regression most likely would involve some form of misbehavior associated with connection state change. This also depends on spec'd OpenSSL definitions; if these happened to be incorrectly implemented in certain clients, those clients could exhibit odd behaviors, but such a non-compliant client would likely have problems with a lot of other web servers.
[Original description]
Ubuntu Jammy (22.04) is using OpenSSL 3.0 which changed the behaviour when closing encrypted connections. Hence, nginx upstream patched its versions >= 1.21.2 with a flag to remain compatible with clients still closing connections improperly. Details can be found in https://github.com/nginx/nginx/commit/5155845ce4453a07d60e2ce43946c9181bc311fa
Can this patch please be backported to nginx on Jammy as well?
```
'lsb_release -rd':
Description: Ubuntu 22.04 LTS
Release: 22.04
'apt-cache policy nginx':
nginx:
Installed: 1.18.0-6ubuntu14.1
Candidate: 1.18.0-6ubuntu14.1
...
``` |
|
| 2022-08-31 22:03:18 |
Bryce Harrington |
description |
[Impact]
Ubuntu Jammy (22.04) is using OpenSSL 3.0 which changed the behavior when closing encrypted connections. Certain clients close their connections improperly and thus trigger an error message in the server logs. These messages bloat the error logs.
[Test case]
1) install nginx
2) setup a vhost that accepts HTTPS connections
3) from a client machine, send many requests and abort some of them abruptly
URL="https://$NAME_OF_HTTPS_VHOST"
while :; do
timeout -s KILL 0.2s curl -v -K <(echo verbose;for i in {1..2000}; do echo url = "$URL"; echo -o /dev/null; done)
done
4) check the error logs for "unexpected eof while reading"
grep -cF "unexpected eof while reading" /var/log/nginx/*error.log
With the fixed version, there should be no "unexpected eof while reading" error when a connection is aborted by the timeout command. With the unfixed version, the error should present itself many times fairly quickly.
[Fix]
Ubuntu Kinetic ships a newer version of nginx that includes a fix for this problem. This SRU backports that patch to Jammy. Earlier versions of Ubuntu don't carry OpenSSL 3.0 so are not presenting the altered closure behavior.
[Where problems may occur]
The patch changes behavior at point of connection termination, so a regression most likely would involve some form of misbehavior associated with connection state change. This also depends on spec'd OpenSSL definitions; if these happened to be incorrectly implemented in certain clients, those clients could exhibit odd behaviors, but such a non-compliant client would likely have problems with a lot of other web servers.
[Original description]
Ubuntu Jammy (22.04) is using OpenSSL 3.0 which changed the behaviour when closing encrypted connections. Hence, nginx upstream patched its versions >= 1.21.2 with a flag to remain compatible with clients still closing connections improperly. Details can be found in https://github.com/nginx/nginx/commit/5155845ce4453a07d60e2ce43946c9181bc311fa
Can this patch please be backported to nginx on Jammy as well?
```
'lsb_release -rd':
Description: Ubuntu 22.04 LTS
Release: 22.04
'apt-cache policy nginx':
nginx:
Installed: 1.18.0-6ubuntu14.1
Candidate: 1.18.0-6ubuntu14.1
...
``` |
[Impact]
Ubuntu Jammy (22.04) is using OpenSSL 3.0 which changed the behavior when closing encrypted connections. Certain clients close their connections improperly and thus trigger an error message in the server logs. These messages bloat the error logs.
[Test case]
0) apt-get install nginx-full ssl-cert
1) edit /etc/nginx/sites-enabled/default and uncomment both "listen" lines for 443, and the "include" line for snakeoil.conf
2) restart nginx
3) from a client machine, send many requests and abort some of them abruptly
#!/bin/bash
URL="https://localhost"
while :; do
timeout -s KILL 0.2s curl -v -K <(echo verbose;for i in {1..2000}; do echo url = "$URL"; echo -o /dev/null; done)
done
4) In another terminal, check the error logs for "unexpected eof while reading" and SSL_READ() errors
tail -f /var/log/nginx/error.log
With the fixed version, there should be no "unexpected eof while reading" error when a connection is aborted by the timeout command. With the unfixed version, the error should present itself many times fairly quickly.
[Fix]
Ubuntu Kinetic ships a newer version of nginx that includes a fix for this problem. This SRU backports that patch to Jammy. Earlier versions of Ubuntu don't carry OpenSSL 3.0 so are not presenting the altered closure behavior.
[Where problems may occur]
The patch changes behavior at point of connection termination, so a regression most likely would involve some form of misbehavior associated with connection state change. This also depends on spec'd OpenSSL definitions; if these happened to be incorrectly implemented in certain clients, those clients could exhibit odd behaviors, but such a non-compliant client would likely have problems with a lot of other web servers.
[Original description]
Ubuntu Jammy (22.04) is using OpenSSL 3.0 which changed the behaviour when closing encrypted connections. Hence, nginx upstream patched its versions >= 1.21.2 with a flag to remain compatible with clients still closing connections improperly. Details can be found in https://github.com/nginx/nginx/commit/5155845ce4453a07d60e2ce43946c9181bc311fa
Can this patch please be backported to nginx on Jammy as well?
```
'lsb_release -rd':
Description: Ubuntu 22.04 LTS
Release: 22.04
'apt-cache policy nginx':
nginx:
Installed: 1.18.0-6ubuntu14.1
Candidate: 1.18.0-6ubuntu14.1
...
``` |
|
| 2022-08-31 23:18:03 |
Bryce Harrington |
nginx (Ubuntu Jammy): status |
Triaged |
Fix Committed |
|
| 2022-09-09 12:38:26 |
Timo Aaltonen |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2022-09-09 12:38:28 |
Timo Aaltonen |
bug |
|
|
added subscriber SRU Verification |
| 2022-09-09 12:38:32 |
Timo Aaltonen |
tags |
|
verification-needed verification-needed-jammy |
|
| 2022-09-09 18:20:57 |
Simon Déziel |
tags |
verification-needed verification-needed-jammy |
verification-done verification-done-jammy |
|
| 2022-09-21 23:09:05 |
Launchpad Janitor |
nginx (Ubuntu Jammy): status |
Fix Committed |
Fix Released |
|
| 2022-09-21 23:09:11 |
Brian Murray |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
