[Bug 1315426] Re: nginx not built as Position Independent; does not use BIND_NOW
Simon: Please reread comment #4 here - https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1315426/comments/4 The decision on SRU stands because of the reasons stated there, with agreement from the Server and Security teams to that effect. We will not be SRUing these changes, because the agreement is that they don't bring any significant additional improvements (nor does it fix any real bugs which would impact security status of the package in older releases). -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1315426 Title: nginx not built as Position Independent; does not use BIND_NOW To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1315426/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1315426] Re: nginx not built as Position Independent; does not use BIND_NOW
Thomas, would you consider a SRU to Trusty now? If yes, I could work on providing a debdiff if you'd like. Thanks in advance -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1315426 Title: nginx not built as Position Independent; does not use BIND_NOW To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1315426/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1315426] Re: nginx not built as Position Independent; does not use BIND_NOW
** Changed in: nginx (Debian) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1315426 Title: nginx not built as Position Independent; does not use BIND_NOW To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1315426/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1315426] Re: nginx not built as Position Independent; does not use BIND_NOW
This bug was fixed in the package nginx - 1.6.2-5ubuntu3 --- nginx (1.6.2-5ubuntu3) vivid-proposed; urgency=medium * debian/rules: * Reversed Debian change in 1.6.2-5ubuntu2. * Added DEB_BUILD_MAINT_OPTIONS=hardening=+all to enable all dpkg-buildflags to harden the code, except for PIE flags. * Manually define DEB_BUILD_MAINT_OPTIONS in DEBIAN_NGINX_PERL_LDFLAGS to not have -fPIE conflicts in Perl flags. -- Thomas WardWed, 01 Apr 2015 14:57:34 -0400 ** Changed in: nginx (Ubuntu Vivid) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1315426 Title: nginx not built as Position Independent; does not use BIND_NOW To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1315426/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1315426] Re: nginx not built as Position Independent; does not use BIND_NOW
Additional related bugs in Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781703 - nginx not using BIND_NOW security feature Immediate binding as well as Position Independent building are both enabled with the fix that is committed right now. (Bug summary expanded to include the BIND_NOW security feature). With regard to the Debian bug, the Debian bug linked to this bug, as well as the additional related bug linked in this comment, are both fixed by a commit now included in Debian git. ** Summary changed: - nginx not built as position independent + nginx not built as Position Independent; does not use BIND_NOW ** Bug watch added: Debian Bug tracker #781703 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781703 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1315426 Title: nginx not built as Position Independent; does not use BIND_NOW To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1315426/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs