NGINX in Ubuntu
Thomas Ward
teward at ubuntu.com
Sun Dec 25 01:30:21 UTC 2016
Well, it's been about a week since I looked at this, and I had a little
bit of an explosion on my computer. Turns out, upgrading 14.04 to 16.04
when you have more than one GCC in place breaks things. So I have been
restoring data from my backup since Tuesday.
Getting 1.10.x into Xenial, but I'd probably prod the SRU / Release
teams for their opinions before I do anything in terms of uploading.
I'm also rebuilding my sbuild schroots, but I do know that NGINX 1.10.2
*does* build for Xenial, and does run efficiently on Xenial. It
wouldn't be too hard to backport that from Zesty to Xenial, though I'm
not going to put dynamic modules into Xenial or Yakkety.
I'm still working on the merge from Debian to Zesty, which includes the
dynamic module stuff, but that's going to take a lot more time.
Probably not until after the new year, unfortunately.
Thomas
On 12/17/2016 10:14 AM, Thomas Ward wrote:
>
> Jon,
>
> Thanks for your reply.
>
> I think it is reasonable to attempt to include the code as well. I
> will work on diffs, and then ping the SRU team to look at it once my
> own build tests and update/upgrade testing is confirmed to not break
> anything.
>
> That said, there's a huge snow/ice storm that just rolled through, so
> power is spotty at my location - won't be able to get to this until
> the electricity stabilizes (it's got some periods of being out while
> mostly being on).
>
>
> Thomas
>
>
> On 12/15/2016 04:12 PM, Jon Grimm wrote:
>> Hi Thomas,
>>
>> As 16.04 is an LTS with a whole lot of life yet to it, I think its
>> reasonable to consider bringing it back to Xenial.
>>
>> As you have a lot more experience with nginx you can help assess
>> whether it meets the SRU micro-release exception even:
>>
>> https://wiki.ubuntu.com/StableReleaseUpdates#New_upstream_microreleases
>>
>>
>> Obviously, we want to be very cautious with the LTS in not regressing
>> anyone, but looking through your changelog it seems reasonable to
>> attempt it.
>>
>> Thank you for your looking after diligent looking after of nginx; I
>> greatly appreciate it!
>>
>>
>> On Thu, Dec 15, 2016 at 11:27 AM, Thomas Ward <teward at ubuntu.com
>> <mailto:teward at ubuntu.com>> wrote:
>>
>> Hello to all on the Server Team!
>>
>> Just to put this out of the way: The nginx merge from Debian is
>> currently giving build errors, so I am going to upload a 1.10.2
>> directly to Zesty, the same as we did during the Yakkety and
>> Xenial cycles. That way, we get nginx 1.10.2 available for Zesty.
>>
>> However, it was initially requested via a bug on Launchpad to
>> update the version of nginx in Xenial (and by extension, Yakkety)
>> to 1.10.2 as well. [1] For now, I've marked those tasks as
>> "Won't Fix" because I wanted to touch base with the Server Team
>> first on this.
>>
>> This request to update to 1.10.2 would include the following
>> changes from Upstream:
>>
>> Changes with nginx 1.10.2 18 Oct 2016
>>
>> *) Change: the "421 Misdirected Request" response now used when
>> rejecting requests to a virtual server different from one negotiated
>> during an SSL handshake; this improves interoperability with some
>> HTTP/2 clients when using client certificates.
>>
>> *) Change: HTTP/2 clients can now start sending request body
>> immediately; the "http2_body_preread_size" directive controls size of
>> the buffer used before nginx will start reading client request body.
>>
>> *) Bugfix: a segmentation fault might occur in a worker process when
>> using HTTP/2 and the "proxy_request_buffering" directive.
>>
>> *) Bugfix: the "Content-Length" request header line was always added to
>> requests passed to backends, including requests without body, when
>> using HTTP/2.
>>
>> *) Bugfix: "http request count is zero" alerts might appear in logs when
>> using HTTP/2.
>>
>> *) Bugfix: unnecessary buffering might occur when using the "sub_filter"
>> directive; the issue had appeared in 1.9.4.
>>
>> *) Bugfix: socket leak when using HTTP/2.
>>
>> *) Bugfix: an incorrect response might be returned when using the "aio
>> threads" and "sendfile" directives; the bug had appeared in 1.9.13.
>>
>> *) Workaround: OpenSSL 1.1.0 compatibility.
>>
>>
>> Note that the CVE update from 1.10.1 is already applied in Ubuntu
>> releases. I coordinated with the Security team to make sure that
>> got pushed out in a timely manner. 1.10.1 introduces a few
>> changes, a lot of bugfixes, and a workaround for OpenSSL 1.1.0
>> compatibility.
>>
>> I am not 100% sure whether we should be updating Xenial to
>> 1.10.2. Apart from the fact it is more than just a 'bug fix'
>> release, I'm not so sure whether we need all of these bug fixes
>> in Xenial. Because I am unsure, I'd like Server Team member
>> input on how we should proceed.
>>
>> Namely, should we consider updating nginx 1.10.2 in both Xenial
>> and Yakkety to get these bugfixes in? And if we think we should,
>> we'll need SRU team approval.
>>
>>
>> Thomas Ward
>> Ubuntu Server Team Member
>> LP: https://launchpad.net/~teward <https://launchpad.net/%7Eteward>
>>
>> [1]: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1636593
>> <https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1636593>
>>
>>
>> --
>> ubuntu-server mailing list
>> ubuntu-server at lists.ubuntu.com
>> <mailto:ubuntu-server at lists.ubuntu.com>
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>> <https://lists.ubuntu.com/mailman/listinfo/ubuntu-server>
>> More info: https://wiki.ubuntu.com/ServerTeam
>> <https://wiki.ubuntu.com/ServerTeam>
>>
>>
>>
>>
>> --
>> Jon Grimm
>> Engineering Manager, Ubuntu Server
>> Canonical Ltd
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20161224/6a6b736e/attachment.html>
More information about the ubuntu-server
mailing list