[SRU] Naxsi package lacking Stub Status
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nginx (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned | ||
Precise |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
[Impact]
nginx-naxsi is missing the stub_status module, which in some deployments is necessary for production environments. This module is also listed in the nginx-naxsi description, however it is not enabled as would be expected, since the module is listed in the description for the nginx-naxsi package.
---
[Test Case]
sudo apt-get install nginx-naxsi
Create a site configuration file for nginx in /etc/nginx/
server {
listen 127.0.0.1;
server_name localhost;
location / {
try_files $uri $uri/ =403;
}
location /nginx_status {
allow 127.0.0.1;
deny all;
}
}
After creating this configuration file, restart the nginx process or issue the reload command using one of the following commands (you do NOT need to do both, only one of them):
$ sudo service nginx restart
$ sudo service nginx reload
With the version in Ubuntu now, before this SRU, you should see something like so for an error stating that it failed the configuration test:
$ sudo service nginx restart
Restarting nginx: nginx: [emerg] unknown directive "stub_status" in /etc/nginx/
nginx: configuration file /etc/nginx/
With the version created by including the attached debdiff, you will be able to start nginx with the same configuration file and not run into any errors.
When navigating to http://
Active connections: 2
server accepts handled requests
2 2 1
Reading: 1 Writing: 1 Waiting: 0
---
[Regression Potential]
There is no new code introduced here, only one module that should've been enabled, but was not being enabled in the package. There is almost no regression potential by enabling this module.
[rbasak] I was concerned about the regression risk associated with enabling a build-time configuration option in an SRU. On balance, I think it is worth doing. It's an independent module which I understand to be reasonably separate in the codebase. I asked upstream, who confirmed that they don't think it will cause a regression, and nginx is in universe (an MIR for Trusty is in progress).
---
[Original Bug Description]
Hi,
The nginx-naxsi package provided in Ubuntu 12.04 LTS lacks the Stub Status module which somehow mandatory in production environment. Plus, if Ubuntu follows Debian philosophy regarding those packages, it is supposed to be shipped with in Debian: http://
Current nginx -V: # nginx -V
nginx version: nginx/1.1.19
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-
Regards,
P. Schweitzer
Related branches
tags: | added: precise |
Changed in nginx (Ubuntu): | |
status: | Triaged → Incomplete |
Changed in nginx (Ubuntu Precise): | |
status: | New → Confirmed |
importance: | Undecided → Wishlist |
Changed in nginx (Ubuntu): | |
importance: | Undecided → Wishlist |
Changed in nginx (Ubuntu Precise): | |
status: | Confirmed → Triaged |
Status changed to 'Confirmed' because the bug affects multiple users.