Hello to all on the Server Team!
Just to put this out of the way: The nginx merge from Debian is
currently giving build errors, so I am going to upload a 1.10.2 directly
to Zesty, the same as we did during the Yakkety and Xenial cycles. That
way, we get nginx 1.10.2 available for Zesty.
However, it was initially requested via a bug on Launchpad to update the
version of nginx in Xenial (and by extension, Yakkety) to 1.10.2 as
well. [1] For now, I've marked those tasks as "Won't Fix" because I
wanted to touch base with the Server Team first on this.
This request to update to 1.10.2 would include the following changes
from Upstream:
Changes with nginx 1.10.2 18 Oct 2016
*) Change: the "421 Misdirected Request" response now used when
rejecting requests to a virtual server different from one negotiated
during an SSL handshake; this improves interoperability with some
HTTP/2 clients when using client certificates.
*) Change: HTTP/2 clients can now start sending request body
immediately; the "http2_body_preread_size" directive controls size of
the buffer used before nginx will start reading client request body.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2 and the "proxy_request_buffering" directive.
*) Bugfix: the "Content-Length" request header line was always added to
requests passed to backends, including requests without body, when
using HTTP/2.
*) Bugfix: "http request count is zero" alerts might appear in logs when
using HTTP/2.
*) Bugfix: unnecessary buffering might occur when using the "sub_filter"
directive; the issue had appeared in 1.9.4.
*) Bugfix: socket leak when using HTTP/2.
*) Bugfix: an incorrect response might be returned when using the "aio
threads" and "sendfile" directives; the bug had appeared in 1.9.13.
*) Workaround: OpenSSL 1.1.0 compatibility.
Note that the CVE update from 1.10.1 is already applied in Ubuntu
releases. I coordinated with the Security team to make sure that got
pushed out in a timely manner. 1.10.1 introduces a few changes, a lot
of bugfixes, and a workaround for OpenSSL 1.1.0 compatibility.
I am not 100% sure whether we should be updating Xenial to 1.10.2.
Apart from the fact it is more than just a 'bug fix' release, I'm not so
sure whether we need all of these bug fixes in Xenial. Because I am
unsure, I'd like Server Team member input on how we should proceed.
Namely, should we consider updating nginx 1.10.2 in both Xenial and
Yakkety to get these bugfixes in? And if we think we should, we'll need
SRU team approval.
Thomas Ward
Ubuntu Server Team Member
LP: https://launchpad.net/~teward
[1]: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1636593
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
