NGINX in Ubuntu

Jon Grimm jon.grimm at canonical.com
Thu Dec 15 21:12:31 UTC 2016


Hi Thomas,

As 16.04 is an LTS with a whole lot of life yet to it, I think its
reasonable to consider bringing it back to Xenial.

As you have a lot more experience with nginx you can help assess whether it
meets the SRU micro-release exception even:

https://wiki.ubuntu.com/StableReleaseUpdates#New_upstream_microreleases


Obviously, we want to be very cautious with the LTS in not regressing
anyone, but looking through your changelog it seems reasonable to attempt
it.

Thank you for your looking after diligent looking after of nginx; I greatly
appreciate it!


On Thu, Dec 15, 2016 at 11:27 AM, Thomas Ward <teward at ubuntu.com> wrote:

> Hello to all on the Server Team!
>
> Just to put this out of the way: The nginx merge from Debian is currently
> giving build errors, so I am going to upload a 1.10.2 directly to Zesty,
> the same as we did during the Yakkety and Xenial cycles.  That way, we get
> nginx 1.10.2 available for Zesty.
>
> However, it was initially requested via a bug on Launchpad to update the
> version of nginx in Xenial (and by extension, Yakkety) to 1.10.2 as well.
> [1]  For now, I've marked those tasks as "Won't Fix" because I wanted to
> touch base with the Server Team first on this.
>
> This request to update to 1.10.2 would include the following changes from
> Upstream:
>
>
> Changes with nginx 1.10.2                                        18 Oct 2016
>
>     *) Change: the "421 Misdirected Request" response now used when
>        rejecting requests to a virtual server different from one negotiated
>        during an SSL handshake; this improves interoperability with some
>        HTTP/2 clients when using client certificates.
>
>     *) Change: HTTP/2 clients can now start sending request body
>        immediately; the "http2_body_preread_size" directive controls size of
>        the buffer used before nginx will start reading client request body.
>
>     *) Bugfix: a segmentation fault might occur in a worker process when
>        using HTTP/2 and the "proxy_request_buffering" directive.
>
>     *) Bugfix: the "Content-Length" request header line was always added to
>        requests passed to backends, including requests without body, when
>        using HTTP/2.
>
>     *) Bugfix: "http request count is zero" alerts might appear in logs when
>        using HTTP/2.
>
>     *) Bugfix: unnecessary buffering might occur when using the "sub_filter"
>        directive; the issue had appeared in 1.9.4.
>
>     *) Bugfix: socket leak when using HTTP/2.
>
>     *) Bugfix: an incorrect response might be returned when using the "aio
>        threads" and "sendfile" directives; the bug had appeared in 1.9.13.
>
>     *) Workaround: OpenSSL 1.1.0 compatibility.
>
>
> Note that the CVE update from 1.10.1 is already applied in Ubuntu
> releases.  I coordinated with the Security team to make sure that got
> pushed out in a timely manner.  1.10.1 introduces a few changes, a lot of
> bugfixes, and a workaround for OpenSSL 1.1.0 compatibility.
>
> I am not 100% sure whether we should be updating Xenial to 1.10.2.  Apart
> from the fact it is more than just a 'bug fix' release, I'm not so sure
> whether we need all of these bug fixes in Xenial.  Because I am unsure, I'd
> like Server Team member input on how we should proceed.
>
> Namely, should we consider updating nginx 1.10.2 in both Xenial and
> Yakkety to get these bugfixes in?  And if we think we should, we'll need
> SRU team approval.
>
>
> Thomas Ward
> Ubuntu Server Team Member
> LP: https://launchpad.net/~teward
>
> [1]: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1636593
>
> --
> ubuntu-server mailing list
> ubuntu-server at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
>



-- 
Jon Grimm
Engineering Manager, Ubuntu Server
Canonical Ltd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20161215/1799d225/attachment.html>


More information about the ubuntu-server mailing list