Thomas, would you consider a SRU to Trusty now? If yes, I could work on
providing a debdiff if you'd like. Thanks in advance
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in Ubuntu.
https://bugs.launchpad.net/bugs/1315426
Simon:
Please reread comment #4 here -
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1315426/comments/4
The decision on SRU stands because of the reasons stated there, with
agreement from the Server and Security teams to that effect. We will
not be SRUing these changes, because the
** Changed in: nginx (Debian)
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in Ubuntu.
https://bugs.launchpad.net/bugs/1315426
Title:
nginx not built as Position Independent; does
This bug was fixed in the package nginx - 1.6.2-5ubuntu3
---
nginx (1.6.2-5ubuntu3) vivid-proposed; urgency=medium
* debian/rules:
* Reversed Debian change in 1.6.2-5ubuntu2.
* Added DEB_BUILD_MAINT_OPTIONS=hardening=+all to enable all
dpkg-buildflags to harden the
** Changed in: nginx (Ubuntu Vivid)
Status: Triaged = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in Ubuntu.
https://bugs.launchpad.net/bugs/1315426
Title:
nginx not built as position independent
To
Additional related bugs in Debian:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781703 - nginx not using
BIND_NOW security feature
Immediate binding as well as Position Independent building are both enabled
with the fix that is committed right now. (Bug summary expanded to include the
Simon:
This is currently marked as Fix Committed in Debian - that doesn't
mean that this is Fixed up there yet, and that it's only in the git
repo for it.
It also isn't fixed in Vivid. To SRU this, the commit from Debian would
need to be put into Vivid, and possibly Utopic before it could end
Thomas, since the fix is trivial and the benefit would be very welcome,
would it be possible to do SRU this?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in Ubuntu.
https://bugs.launchpad.net/bugs/1315426
Title:
nginx not
** Changed in: nginx (Ubuntu Precise)
Importance: Undecided = Wishlist
** Changed in: nginx (Ubuntu Trusty)
Importance: Undecided = Wishlist
** Changed in: nginx (Ubuntu Utopic)
Importance: Undecided = Wishlist
** Changed in: nginx (Ubuntu Vivid)
Importance: Undecided = Wishlist
--
Why bother having nginx in main? It should have been hardened as a
blocking bug when the MIR was originally put out
(https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1262710) .
Is it even meaningful to compare the speed of apache with nginx if one
is build with pie and one is not? I respect
After additional discussion with the server team and members of the
security team, we do not believe that this qualifies as an SRU. It does
not provide any significant benefit other than hardening, and does not
qualify for SRU.
As such, I am setting Won't Fix in Precise through Utopic, but
Thanks for the clarifications. Please know that I'll be available to
test any new build that would reach Vivid or any older versions.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in Ubuntu.
** Changed in: nginx (Ubuntu Vivid)
Importance: Wishlist = Low
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in Ubuntu.
https://bugs.launchpad.net/bugs/1315426
Title:
nginx not built as position independent
To manage
** Branch linked: lp:ubuntu/vivid-proposed/nginx
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in Ubuntu.
https://bugs.launchpad.net/bugs/1315426
Title:
nginx not built as position independent
To manage notifications about
Sindhudweep: We were not comparing Apache and NGINX speeds. With PIE,
on a 32bit platform there si at least a 15% performance decrease (based
on general observation between platforms with PIE enabled/disabled).
We're working on this for Vivid right now, have patience.
--
You received this bug
** Changed in: nginx (Debian)
Status: New = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in Ubuntu.
https://bugs.launchpad.net/bugs/1315426
Title:
nginx not built as position independent
To manage
** Changed in: nginx (Ubuntu)
Status: New = Confirmed
** Changed in: nginx (Ubuntu)
Assignee: (unassigned) = Thomas Ward (teward)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in Ubuntu.
** Bug watch added: Debian Bug tracker #747025
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747025
** Also affects: nginx (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747025
Importance: Unknown
Status: Unknown
** Changed in: nginx (Ubuntu)
Status:
** Changed in: nginx (Debian)
Status: Unknown = New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in Ubuntu.
https://bugs.launchpad.net/bugs/1315426
Title:
nginx not built as position independent
To manage
19 matches
Mail list logo
