This bug was fixed in the package nginx - 1.14.0-0ubuntu1.3
---
nginx (1.14.0-0ubuntu1.3) bionic; urgency=medium
* No changes rebuild (to build against OpenSSL 1.1.1 in Bionic)
(LP: #1836366)
-- Thomas Ward Fri, 12 Jul 2019 14:18:43 -0400
** Changed in: nginx (Ubuntu
I can confirm that it does work as expected with package
1.14.0-0ubuntu1.3 from bionic-proposed. I tested on my personal site.
Before (1.2 and 1.3 work despite 1.3 not being explicitly enabled):
$ echo q | openssl s_client -connect sdeziel.info:443 -tls1_2 -no_ign_eof
2>/dev/null | grep 'Cipher
** Attachment added: "test-config-ssl.conf"
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1836366/+attachment/5278053/+files/test-config-ssl.conf
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Upstream has indicated via http://mailman.nginx.org/pipermail/nginx-
devel/2019-July/012430.html that to their knowledge, with TLS1.3
enabled, there is no other 'TLS 1.3' behavior not handled by OpenSSL
that is otherwise introduced by default.
Note that in NGINX Upstream, and down here in Ubuntu,
I've also written a full test case, give me a minute to add the example
config here.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1836366
Title:
[SRU] No Changes Rebuild in Bionic for OpenSSL
** Description changed:
[Impact]
Upstream NGINX notified me that for proper TLS1.3 controls in NGINX it
needs rebuilt against OpenSSL 1.1.1 that is how in Bionic.
[Test Case]
- N/A
+ PREREQUISITES:
+ (1) Install `curl` and `ssl-cert` if not already installed.
+ (2) Replace the
To illuminate why I think "no-change rebuild that causes the binary to
get different behavior as a result of newer headers" is not a slam-dunk:
$ apt download libssl-dev=1.1.0g-2ubuntu4; apt download libssl-dev
$ dpkg-deb -R libssl-dev_1.1.0g-2ubuntu4_amd64.deb old
$ dpkg-deb -R
I'm putting the brakes on this SRU for the moment, because "N/A" is not
an adequate test case for any change. We are doing this rebuild
precisely because we know it changes behavior of the application to
rebuild it against newer openssl headers, but there's no information
here that confirms that
autopkgtest indicated no longer fails, the issue was an issue local to
the build environment and its networking uplinks to the repos.
"regression" cleared without incident or work.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
sil2100 et al:
The SRU regression observed was an environment failure to retrieve from
the internal repo server. Autopkgtest has been queued to rerun but the
error reported is not due to NGINX. If the autopkgtest fails again for
a different issue we can address it then.
--
You received this
Note in the short term this could and should only be released to
-updates.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1836366
Title:
[SRU] No Changes Rebuild in Bionic for OpenSSL compat reasons
Hello Thomas, or anyone else affected,
Accepted nginx into bionic-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.3 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
** Changed in: nginx (Ubuntu Bionic)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1836366
Title:
[SRU] No Changes Rebuild in Bionic for OpenSSL compat
13 matches
Mail list logo