Merge ~bryce/ubuntu/+source/nginx:fix-lp1981457-jammy into ubuntu/+source/nginx:ubuntu/jammy-devel

Proposed by Bryce Harrington
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merged at revision: b77769fb2df154e358026cac3952511cf7794701
Proposed branch: ~bryce/ubuntu/+source/nginx:fix-lp1981457-jammy
Merge into: ubuntu/+source/nginx:ubuntu/jammy-devel
Diff against target: 77 lines (+55/-0)
3 files modified
debian/changelog (+8/-0)
debian/patches/series (+1/-0)
debian/patches/ssl-op-ignore-unexpected-eof-option.patch (+46/-0)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Andreas Hasenack (community) Approve
Canonical Server Reporter Pending
Review via email: mp+429173@code.staging.launchpad.net

Description of the change

SRUs a fix for an SSL bug for nginx that users are seeing often in production system nginx error logs. See LP #191457 for details.

PPA: https://launchpad.net/~bryce/+archive/ubuntu/nginx-fix-lp1981457

To post a comment you must log in.
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I'll look at this.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

+1

patch is ok, headers are ok (bug is against openssl, not nginx, but it has the info we need)

In the changelog, I just wouldn't say "older clients". It's any client really that misbehaves. So perhaps just say "for clients that don't close ...". Totally up to you.

I was able to confirm the fix even, with the test case from the SRU.

I would just suggest to clarify that a bit. Here is what I did:

- install nginx-full and ssl-cert
- edit /etc/nginx/sites-enabled/default and uncomment both "listen" lines for 443, and the "include" line for snakeoil.conf
- restart nginx
- run the script:
#!/bin/bash
URL="https://localhost"
while :; do
  timeout -s KILL 0.2s curl -v -k -K <(echo verbose;for i in {1..2000}; do echo url = "$URL"; echo -o /dev/null; done)
done

- in another terminal, tail -f /var/log/nginx/error.log and observe tons of SSL_READ() errors.
- with the updated package, these errors are gone

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: bryce, ahasenack
Uploaders: bryce, ahasenack
MP auto-approved

review: Approve
Revision history for this message
Bryce Harrington (bryce) wrote :

Thanks, I've made those updates to the test case

Revision history for this message
Bryce Harrington (bryce) wrote (last edit ):

$ grep "^Vcs-Git" "${changes_file}"
Vcs-Git: https://git.launchpad.net/~bryce/ubuntu/+source/nginx
Vcs-Git-Commit: b77769fb2df154e358026cac3952511cf7794701
Vcs-Git-Ref: refs/heads/fix-lp1981457-jammy
triage-jammy+22.04:~/pkg/Nginx/fix-lp1981457/nginx-gu-jammy$ dput ubuntu "${changes_file}"
D: Setting host argument.
Checking signature on .changes
gpg: ../nginx_1.18.0-6ubuntu14.2_source.changes: Valid signature from E603B2578FB8F0FB
Checking signature on .dsc
gpg: ../nginx_1.18.0-6ubuntu14.2.dsc: Valid signature from E603B2578FB8F0FB
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading nginx_1.18.0-6ubuntu14.2.dsc: done.
  Uploading nginx_1.18.0-6ubuntu14.2.debian.tar.xz: done.
  Uploading nginx_1.18.0-6ubuntu14.2_source.buildinfo: done.
  Uploading nginx_1.18.0-6ubuntu14.2_source.changes: done.
Successfully uploaded packages.

There was an error fetching revisions from git servers. Please try again in a few minutes. If the problem persists, contact Launchpad support.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches