Ubuntu
nginx package

SSL worker process bugfixes in 1.15.5, please put into Cosmic

Bug #1795690 reported by Thomas Ward
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nginx (Ubuntu)
Fix Released
Medium
Thomas Ward

Bug Description

NGINX has released 1.15.5 which contains bugfixes for a segmentation fault:

Changes with nginx 1.15.5 02 Oct 2018

    *) Bugfix: a segmentation fault might occur in a worker process when
       using OpenSSL 1.1.0h or newer; the bug had appeared in 1.15.4.

    *) Bugfix: of minor potential bugs.

This should be included in Ubuntu as the flaw was introduced in 1.15.4, which is already in the repositories.

As this is upstream-originating fixes, regression risk is low.

As there are no feature changes, this is a bugfix-only upload and should be OK under the current freeze of the archives.

Revision history for this message
Thomas Ward (teward) wrote :

Build tests are underway in https://launchpad.net/~teward/+archive/ubuntu/cosmic-buildtests/+packages

Revision history for this message
Adam Conrad (adconrad) wrote :

This was purely just two bugfixes, no freeze exception needed. We care about features, not version numbers. :)

Thomas Ward (teward)
Changed in nginx (Ubuntu):
status: In Progress → Fix Committed
summary: - Update NGINX in Cosmic go 1.15.5 for segfault bugfixes
+ SSL worker process bugfixes in 1.15.5, please put into Cosmic
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nginx - 1.15.5-0ubuntu1

---------------
nginx (1.15.5-0ubuntu1) cosmic; urgency=medium

  * This is a bugfixes-only upstream micro release, and thus is a bugfixes-
    only version change. (LP: #1795690)
  * New upstream release (1.15.5) - full changelog available from
    http://nginx.org/en/CHANGES
  * Remaining Ubuntu-specific changes:
    - debian/patches/ubuntu-branding.patch: add Ubuntu branding (refreshed)
    - d/{control,rules,nginx-core.*}: add new binary package for main,
      nginx-core, which contains only source-tarball-included modules
      and no third-party modules.
    - debian/tests/control: add nginx-core test.
    - debian/apport/source_nginx.py: Add apport hooks for additional bug
      information gathering.
    - debian/nginx-common.install: Add install rule for apport hooks.
    - d/nginx-{core,light,full,extras}.postinst: Add checks for whether
      port 80 is in use or not to determine whether or not to attempt
      starting of the NGINX service during install/upgrade
    - d/control: Add dependencies to nginx-{core,light,full,extras} on
      `iproute2` as the postinst scripts now use `ss` to determine if
      Port 80 is open or not.

 -- Thomas Ward <email address hidden> Tue, 02 Oct 2018 11:31:05 -0400

Changed in nginx (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.