Your message dated Tue, 29 Aug 2017 12:59:01 +0300
with message-id <[email protected]>
and subject line Re: Bug#856530: fPIE not enabled for Jessie Backports
has caused the Debian Bug report #856530,
regarding fPIE not enabled for Jessie Backports
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
856530: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856530
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: nginx
Severity: wishlist
Version: 1.10.3-1~bpo8+1
As part of a discussion with the NGINX maintainers on IRC chat in the
#debian-nginx channel on OFTC, we established fPIE/fPIC is enabled
proper in Debian Unstable and Debian Experimental. We also established
there were build issues when trying to get the packages to build for
Jessie backports. Coincidentally, the same fix that I introduced
downstream in Ubuntu back in 2014, and again as part of merging from
Debian to Ubuntu for the Ubuntu 17.04 cycle with a few changes, seem to
address the build issues for Jessie Backports, and the changes to the
packaging to fix the build problems observed by me are now part of the
packaging in Experimental as well [1], in an effort to reduce the merge
delta in the future. These changes were necessary downstream to get
fPIE part of hardening flags enabled and working with the binaries and
libraries.
All this said, backporting of the packaging from Stretch to Jessie
introduced a build failure [2] when trying to use PIE hardening flags.
Upon further investigation of the core issue myself, it seems to be an
issue similar to the toolchain problems I've observed downstream in
Ubuntu. Inclusion of the original diff which was put into Experimental
[1] will fix the build issues and produce usable binaries and builds, as
seen in build logs from a second build run for backports which included
these changes to the flags [3].
As the backport to Jessie Backports is disabling fPIE, I'd like to
request that the original diff submitted to Experimental my Michael
Lustfield to address this issue from a downstream perspective be
introduced at least for Jessie Backports, in order to resolve the build
failures that have been observed with a 'pure from stretch' packaging set.
(NOTE: *.dark-net.io is owned by me, I needed a place to dump my build
logs and data, so I thought I'd leverage my datanet.dark-net.io space on
my servers to hold the data)
------
Thomas
[1]:
https://anonscm.debian.org/cgit/pkg-nginx/nginx.git/commit/?id=f4307ddb1478c4ed9717c7a954f7192541d1cf95
[2]:
https://datanet.dark-net.io/nginx-debian/stretch-pure_jessie/nginx_1.10.3-1~bpo8%2B0%2Btest0_amd64-20170228-1520.build
[3]:
https://datanet.dark-net.io/nginx-debian/jessie-backports_teward/nginx_1.10.3-1~bpo8%2B1%2Btest0_amd64-20170228-1520.build
--- End Message ---
--- Begin Message ---
On Wed, Mar 01, 2017 at 10:34:16PM -0500, Thomas Ward wrote:
Source: nginx
Severity: wishlist
Version: 1.10.3-1~bpo8+1
This is fixed since 1.10.3-1+deb9u1~bpo8+1 by backporting the
relevant fixes from master.
--- End Message ---