- Package:
- libnginx-mod-http-lua
- Source:
- nginx
- Description:
- Lua module for Nginx
- Submitter:
- Bastian Blank
- Date:
- 2022-04-17 11:36:12 UTC
- Severity:
- serious
The nginx source bundles the http-lua module in a version incompatible with nginx 1.18. It segfaults immediately with a minimal config if a "init_worker_by_lua_block" block is defined. (I haven't looked much further.) This looks to be the same bug as https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1915391 This is broken in Stable. Bastian
RAmesh
https://salsa.debian.org/nginx-team/nginx/-/merge_requests/15 After updating to 0.10.15 I am no longer seeing nginx segfault when init_worker_by_lua_block is used. A similar update is being discussed in the corresponding Ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1893753 Regards, Anton
We believe that the bug you reported is fixed in the latest version of
nginx, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 994178@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ondřej Nový <onovy@debian.org> (supplier of updated nginx package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Tue, 15 Mar 2022 11:50:18 +0100
Source: nginx
Architecture: source
Version: 1.18.0-7
Distribution: unstable
Urgency: medium
Maintainer: Debian Nginx Maintainers <pkg-nginx-maintainers@alioth-lists.debian.net>
Changed-By: Ondřej Nový <onovy@debian.org>
Closes: 994178
Changes:
nginx (1.18.0-7) unstable; urgency=medium
.
[ Ondřej Nový ]
* d/p/CVE-2019-20372.patch: Drop, applied upstream.
* http-auth-pam: Upgrade to 1.5.3.
* http-echo: Upgrade to 0.62.
* nchan: Upgrade to 1.2.15.
* http-fancyindex: Upgrade to 0.5.2.
* rtmp: Upgrade to 1.2.2.
* http-lua: Upgrade to 0.10.15 (Closes: #994178).
* http-lua: Rebase patch.
* nchan: Drop GCC 10 patch, applied upstream.
* d/watch: Bump version to 4.
* Bump standards version to 4.6.1 (no changes).
* d/copyright: Bump my copyright year.
.
[ Ondřej Surý ]
* Add arm64 and ppc64el to list of luajit platforms.
.
[ Athos Ribeiro ]
* d/nginx-common.nginx.service: Fix service shutdown desctiption to mention
SIGQUIT instead of SIGSTOP (LP: #1919965).
Checksums-Sha1:
eedc4445ed188a8f7b4ce3920b0bb670f19a4827 4780 nginx_1.18.0-7.dsc
d1330cc95b5bd12d13efed7a5080d08f6ee3a3a4 1092372 nginx_1.18.0-7.debian.tar.xz
83dbcf21171e06f5276bc7ee0b57c5166b2e4032 25637 nginx_1.18.0-7_amd64.buildinfo
Checksums-Sha256:
2a5c844bb7b770ab1ed3b182473dcaa71ad2e4259a2421854206406cd1a308c6 4780 nginx_1.18.0-7.dsc
dd108c535811db9d7d24e1e1f7ce62b88bf6fdb645acb2255dc88ab16a899bb0 1092372 nginx_1.18.0-7.debian.tar.xz
1f9d1d63acca0302548f65d104a6ade211b3fb1c6ac18205315024c708bb3a5f 25637 nginx_1.18.0-7_amd64.buildinfo
Files:
9570fee307f9127156bbe45bbbe62ddf 4780 httpd optional nginx_1.18.0-7.dsc
e8e82549d73578756f3c3b80d5c411ff 1092372 httpd optional nginx_1.18.0-7.debian.tar.xz
5bb2b72a4e4314164e7987a968b97f36 25637 httpd optional nginx_1.18.0-7_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEPZg8UuuFmAxGpWCQNXMSVZ0eBksFAmIwdwUACgkQNXMSVZ0e
BksR4A/+MvrchZFNY06S7mcnCjFfw62a7gU8nBclBAyUKn/tSouGNFRO+5hyYVEM
n4wap7BREil5sbO0KzXgCReojH7wTRfiatROJ7bqcXs39aqHMBl3AvmFxWvr4Ehl
1pfTD6HfBfDmSii6eLrfT+dMoK4+vkHVN37bShI0xsAvAVC74UKvPSL9nk8GAzpW
Ly7nc4JBBRnB9fYRwrkYLYnph8DwdaM45okPvX0AThzN+OrfRcajBE4A+t2Un+gJ
AIfrn7iWYH+Nxo4Iog6RBK4ajaE4jC/yeHuhrpslBZaqCThXyp80VE4ZB97S0/bc
3wr+6Q/9r7EhlTZaSdFrmoCVWkARGG7V2xsl0+/DtkbLva1zvz2ApiGXIlrwoWb1
Jb7aW2xoLeCwpFK9RgEA2gyOaU0aVBPBMQWTdq/OsAZIZZkxJPBbNI5iz6bJC0LZ
WaT2J9KDGDtwUCFaWrj4NGtQeXJ6GUOPXxmuoMKekBi7Eims4WkHKeaIiMTz8ZKZ
z9FrKlsi6yA43LEvLucK+IYD/ZwUNw7yPGb2haxL6MO4BS7tRSHUcC0mo0HhxowB
sLS4t3PqhDFxO7d3W5SkTlWjRWNaHsDyHpgqotWwBBM48XGjCXPcUZskO+A08G66
X9eGtsWx0uEqi9hm9uYgckgvujgDNcqpQH7sePdL/jLDGR41XP0=
=BRrm
-----END PGP SIGNATURE-----
Hello, Bug #994178 in nginx reported by you has been fixed in the Git repository. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/nginx-team/nginx/-/commit/2c27f48e5e667aa2b984cd30d3e19ee3a89b2650 (this message was generated automatically) -- Greetings https://bugs.debian.org/994178
We believe that the bug you reported is fixed in the latest version of
nginx, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 994178@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jan Mojžíš <jan.mojzis@gmail.com> (supplier of updated nginx package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Tue, 15 Mar 2022 21:36:18 +0100
Source: nginx
Architecture: source
Version: 1.18.0-6.1+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian Nginx Maintainers <pkg-nginx-maintainers@alioth-lists.debian.net>
Changed-By: Jan Mojžíš <jan.mojzis@gmail.com>
Closes: 994178
Changes:
nginx (1.18.0-6.1+deb11u1) bullseye; urgency=medium
.
* Backport upstream bugfix for segfault in nginx core >= 1.15.0 when
libnginx-mod-http-lua is loaded and init_worker_by_lua* is used.
(Closes: #994178)
Checksums-Sha1:
dc4ed66f09dffd76e343c7ec2d236c190ce27cfe 4790 nginx_1.18.0-6.1+deb11u1.dsc
c5369b0b0d4bfb26358c54158e874ae6f59b2a71 1039612 nginx_1.18.0-6.1+deb11u1.debian.tar.xz
0808b3cf11372b8dec6447a5cfccbebf34c1731b 27176 nginx_1.18.0-6.1+deb11u1_amd64.buildinfo
Checksums-Sha256:
ecbb0361273436ad550d57ffb910bd55d82bf42887ab56e4a78018096f63db53 4790 nginx_1.18.0-6.1+deb11u1.dsc
1647e07df2c9e2745981c34ee18745707e003bd6bceb608eae32f940007bfd27 1039612 nginx_1.18.0-6.1+deb11u1.debian.tar.xz
a611388250be2ff27de221230ff8de65ca6723018de7b95f53751be456b8d8ff 27176 nginx_1.18.0-6.1+deb11u1_amd64.buildinfo
Files:
b12eb5f5767afa3e26e280be048fe907 4790 httpd optional nginx_1.18.0-6.1+deb11u1.dsc
1901866f76f47da596f69f7650e60e77 1039612 httpd optional nginx_1.18.0-6.1+deb11u1.debian.tar.xz
7aae27e2e0df8a4873dcf32841473495 27176 httpd optional nginx_1.18.0-6.1+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEPZg8UuuFmAxGpWCQNXMSVZ0eBksFAmI8Or4ACgkQNXMSVZ0e
Bku5tBAAqv7JqWxmM2mJ1VGx5fXcFssQSk/ZKkSMJI24w96rH2d5vlGaL1iUBTdX
Xf018pT7Lpuwoii8bPMx0P/39nQ8nCOcotRULNPjYtjJKs8SFApZfCHXAZBT0er/
p8Mstwn2oczDQkvBftRWhn9BmOQ62HaX0yMMJvzqUJc9gH5zoB9szD0A6WGM7t/i
JPQq3QX5bHw52Jgctw3jUel2K48M36mNyUHYDBgHjtK4wo0g2MYJhygNQU1ufv0W
ej0JN25jhE2A5khn6gkTWUf0yzvGuRdQGVaAFNKfePqgBRqiCTUOfWEO15RE+THH
POWEIp/ntT57YiC4CDZBqcTx4ILOuL8NZhRsskh+76Y6BmKQNMWOZ5EnXECvbCwS
XuXTV8ulhh0qUz1+Ss/TNJKCyrNOmWbrkI5jW86aLiSCTl00GoPAtccmDBnaDwD9
PMfpZ7ftcrmh4M8C6DAv5ObPsgPqRblrycPWrSnmFYKxTXTH1Rn1UwznmjAfjDMA
m3rm17dgPMuYz2J/D32ZwGAEYm/+A3AlTzg77FCc/UORctwNBDL7n1XrOmv9nh5R
nUAFZWTSp1082i4zoJbvpUiybVc6nDka3UXrLTEgXJ3IVSvIyQeJpU63oz/ovGH4
rtXYAnlaEMXNyh1uMG4x+uHWQqrAq17qPx5sz+3/9CtCtdlubyQ=
=/wGT
-----END PGP SIGNATURE-----