Please merge 1.9.6-2 (main) from Debian Unstable (main)

Bug #1510096 reported by Thomas Ward
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nginx (Ubuntu)
Fix Released
Wishlist
Thomas Ward

Bug Description

Please merge nginx 1.9.6 into Ubuntu. There are multiple changes, some of which are bug fixes, and some of which are workarounds and other changes.

------

Upstream changelog on 1.9.6 is available, as well as for subsequent and prior releases, here: http://nginx.org/en/CHANGES

The 1.9.4, 1.9.5, and 1.9.6 release notes are here, though, for a summary:

Changes with nginx 1.9.6 27 Oct 2015

    *) Bugfix: a segmentation fault might occur in a worker process when
       using HTTP/2.
       Thanks to Piotr Sikora and Denis Andzakovic.

    *) Bugfix: the $server_protocol variable was empty when using HTTP/2.

    *) Bugfix: backend SSL connections in the stream module might be timed
       out unexpectedly.

    *) Bugfix: a segmentation fault might occur in a worker process if
       different ssl_session_cache settings were used in different virtual
       servers.

    *) Bugfix: nginx/Windows could not be built with MinGW gcc; the bug had
       appeared in 1.9.4.
       Thanks to Kouhei Sutou.

    *) Bugfix: time was not updated when the timer_resolution directive was
       used on Windows.

    *) Miscellaneous minor fixes and improvements.
       Thanks to Markus Linnala, Kurtis Nusbaum and Piotr Sikora.

Changes with nginx 1.9.5 22 Sep 2015

    *) Feature: the ngx_http_v2_module (replaces ngx_http_spdy_module).
       Thanks to Dropbox and Automattic for sponsoring this work.

    *) Change: now the "output_buffers" directive uses two buffers by
       default.

    *) Change: now nginx limits subrequests recursion, not simultaneous
       subrequests.

    *) Change: now nginx checks the whole cache key when returning a
       response from cache.
       Thanks to Gena Makhomed and Sergey Brester.

    *) Bugfix: "header already sent" alerts might appear in logs when using
       cache; the bug had appeared in 1.7.5.

    *) Bugfix: "writev() failed (4: Interrupted system call)" errors might
       appear in logs when using CephFS and the "timer_resolution" directive
       on Linux.

    *) Bugfix: in invalid configurations handling.
       Thanks to Markus Linnala.

    *) Bugfix: a segmentation fault occurred in a worker process if the
       "sub_filter" directive was used at http level; the bug had appeared
       in 1.9.4.

Changes with nginx 1.9.4 18 Aug 2015

    *) Change: the "proxy_downstream_buffer" and "proxy_upstream_buffer"
       directives of the stream module are replaced with the
       "proxy_buffer_size" directive.

    *) Feature: the "tcp_nodelay" directive in the stream module.

    *) Feature: multiple "sub_filter" directives can be used simultaneously.

    *) Feature: variables support in the search string of the "sub_filter"
       directive.

    *) Workaround: configuration testing might fail under Linux OpenVZ.
       Thanks to Gena Makhomed.

    *) Bugfix: old worker processes might hog CPU after reconfiguration with
       a large number of worker_connections.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       "try_files" and "alias" directives were used inside a location given
       by a regular expression; the bug had appeared in 1.7.1.

    *) Bugfix: the "try_files" directive inside a nested location given by a
       regular expression worked incorrectly if the "alias" directive was
       used in the outer location.

    *) Bugfix: in hash table initialization error handling.

    *) Bugfix: nginx could not be built with Visual Studio 2015.

------

Below are the debian changelog entries since 1.9.3-1ubuntu1.

nginx (1.9.6-2) unstable; urgency=medium

  [ Christos Trochalakis]
  * debian/modules/nginx-lua:
    + Update nginx-lua to v0.9.19 fixing HTTP/2 compatibility.

 -- Christos Trochalakis <email address hidden> Fri, 13 Nov 2015 16:08:01 +0200

nginx (1.9.6-1) unstable; urgency=medium

  [ Christos Trochalakis]
  * New upstream release.
  * Enable http2 module in nginx-full & nginx-extras

 -- Christos Trochalakis <email address hidden> Tue, 03 Nov 2015 08:59:21 +0200

nginx (1.9.4-1) unstable; urgency=medium

  [ Christos Trochalakis]
  * New upstream release.
  * debian/copyright:
    + Fix licence order.

 -- Christos Trochalakis <email address hidden> Mon, 24 Aug 2015 16:23:20 +0300

------

Build tests will be underway in https://launchpad.net/~teward/+archive/ubuntu/xenial-buildtests eventually, but build tests outside of my sbuild are still useful. Build tests won't go here until i've made sure it doesn't die in my pristine sbuild chroots.

Tags: patch xenial
Thomas Ward (teward)
description: updated
Thomas Ward (teward)
summary: - Please merge 1.9.4-1 (main) from Debian Unstable (main)
+ Please merge 1.9.6-1 (main) from Debian Unstable (main)
summary: - Please merge 1.9.6-1 (main) from Debian Unstable (main)
+ Please merge 1.9.6-2 (main) from Debian Unstable (main)
description: updated
Revision history for this message
Thomas Ward (teward) wrote :

Extreme delay due to Internet issues (thank you Comcast), and issues with `libuuid1` in my local builders, which prevented things from building. Working on the merge today.

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Please disable HTTP/2 / SPDY for initial inclusion into Xenial; the security team would really prefer this code have some more real-world exposure and fuzzing before we turn it on. We can always turn it on after release via an SRU later.

Thanks

Revision history for this message
Thomas Ward (teward) wrote :

ACK on Security Team Request.

Notes:
* SPDY is dead as of HTTP/2 module being released - SPDY support is dead as of 1.9.x (so there's no SPDY to disable).

Further discussion on HTTP/2 enablement will need to be done closer to 16.04 release in the Sec Team and otherwise, to discuss when/if HTTP/2 is enabled.

Revision history for this message
Thomas Ward (teward) wrote :

The preliminary debdiff for the changes are being attached here.

This debdiff here details the delta between what we have in Xenial now and what the merge will add (it's the big one).

Revision history for this message
Thomas Ward (teward) wrote :

The preliminary debdiff for the changes are being attached here.

This debdiff here details the delta between what Debian has and what we are introducing with the Merge.

tags: added: patch
Thomas Ward (teward)
Changed in nginx (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nginx - 1.9.6-2ubuntu1

---------------
nginx (1.9.6-2ubuntu1) xenial; urgency=medium

  * Merge from Debian unstable. Remaining changes: (LP: #1510096)
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/control: drop luajit from Build-Depends as it is in universe.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
  * Additional changes:
    * debian/rules:
      - Update nginx-core configure flags to match nginx-full config flags,
        due to refreshing the nginx-core 'enabled modules' to match the
        nginx-full modules (minus third-party modules)
      - Disable HTTP/2 module support in all flavors, per Ubuntu Security
        Team mandate.
    * debian/control:
      - Update nginx-core description to match nginx-full description of the
        standard and optional HTTP modules that are enabled.
      - Remove HTTP/2 references in package descriptions, per Ubuntu
        Security Team mandate to disable HTTP/2 support.

 -- Thomas Ward <email address hidden> Mon, 14 Dec 2015 10:34:42 -0500

Changed in nginx (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.