Not The Same OpenSSL Version?

This topic has 12 replies, 1 voice, and was last updated 6 months ago by Thijs Eilander.

Viewing 10 reply threads

Author

Posts
- 10/23/2023 at 6:27 AM #3853 Reply
  
  Dan
  Guest
  
  Not the same OpenSSL version?
  
  nginx -V return this info:
  built with OpenSSL 3.0.2 15 Mar 2022 (running with OpenSSL 3.0.11+quic 19 Sep 2023)
- 10/23/2023 at 11:09 AM #3857 Reply
  
  Thijs Eilander
  Keymaster
  
  That’s is strange, what distribution are you using?
  
  Also, did you make by any change an exception for OpenSSL in apt while that was broken?
- 10/23/2023 at 11:47 AM #3859 Reply
  
  Thijs Eilander
  Keymaster
  
  This should be the correct output, at least on Bookworm
  
  # nginx -V
  nginx version: nginx/1.25.2 (https://deb.myguard.nl/nginx-modules/)
  built with OpenSSL 3.0.11+quic 19 Sep 2023
- 10/23/2023 at 1:07 PM #3862 Reply
  
  Dan
  Guest
  
  I’m just using this PPA: ppa:eilander/nginx
  On the Ubuntu 22.04 LTS server
  
  I do not make any changes on Nginx or OpenSSL in apt.
- 10/23/2023 at 1:15 PM #3864 Reply
  
  Thijs Eilander
  Keymaster
  
  Ooh Launchpad, yeah I cleaned it out last night. Need to repopulate that again but my OpenSSL builds are rejected somehow
  
  Didn’t know anybody is still using Launchpad for my repo :) Most people are on my own repo. Thanks for reminding me
- 10/23/2023 at 1:22 PM #3867 Reply
  
  Dan
  Guest
  
  I skip your hosted PPA after encountering this old issue last year:
  
  Release 8.8p1 disables RSA signatures using the SHA-1 hash algorithm by default
  
  As the PPA from Ubuntu works perfect :)
  - 10/23/2023 at 3:58 PM #3868 Reply
    
    Thijs Eilander
    Keymaster
    
    well, I don’t maintain openssh anymore ;-) Since it can now do what I wanted by default.
- 10/24/2023 at 12:43 AM #3869 Reply
  
  Dan
  Guest
  
  With your hosted PPA, I can still see an update to openssh and I’m afraid it will lock out my SSH again :(
  
  # apt list –upgradable
  Listing… Done
  eatmydata/jammy,jammy 130-11myguard1~jammy all [upgradable from: 130-2build1]
  libeatmydata1/jammy 130-11myguard1~jammy amd64 [upgradable from: 130-2build1]
  libfido2-1/jammy 1.13.0-3myguard1~jammy amd64 [upgradable from: 1.10.0-1]
  liblmdb0/jammy 0.9.31-3myguard1~jammy amd64 [upgradable from: 0.9.24-1build2]
  libpcre2-8-0/jammy 10.42-3myguard1~jammy amd64 [upgradable from: 10.40-1+ubuntu22.04.1+deb.sury.org+1]
  libz-ng2/jammy 2.1.4-3myguard1~jammy amd64 [upgradable from: 2.0.6-3myguard1~jammy]
  libzstd1/jammy 1.5.5-3myguard11~jammy amd64 [upgradable from: 1.4.8+dfsg-3build1]
  myguard/jammy,jammy 231018-1myguard3~jammy all [upgradable from: 231018-1myguard3~bionic]
  nginx-light/jammy 1.25.2-3myguard7~jammy amd64 [upgradable from: 1.25.2-3myguard7~jammy]
  openssh-client/jammy 1:9.2p1-3myguard3~jammy amd64 [upgradable from: 1:8.9p1-3ubuntu0.4]
  openssh-server/jammy 1:9.2p1-3myguard3~jammy amd64 [upgradable from: 1:8.9p1-3ubuntu0.4]
  openssh-sftp-server/jammy 1:9.2p1-3myguard3~jammy amd64 [upgradable from: 1:8.9p1-3ubuntu0.4]
  zstd/jammy 1.5.5-3myguard11~jammy amd64 [upgradable from: 1.4.8+dfsg-3build1]
- 10/24/2023 at 1:06 AM #3870 Reply
  
  Thijs Eilander
  Keymaster
  
  oh I thought I removed all the openssh stuff in jammy.
  
  should be gone now, after apt update
- 10/24/2023 at 1:11 AM #3871 Reply
  
  Dan
  Guest
  
  Thanks for the quick fix.
  Any plans on syncing all those updates to Launchpad as well?
  - 10/24/2023 at 1:34 AM #3872 Reply
    
    Thijs Eilander
    Keymaster
    
    Only the NGINX related packages I think.
    
    I’ll have to add a command to each package buildscript to push the source-package to Launchpad and wait for it to build, but Launchpad does some weird things sometimes so I cannot garantuee something will be build, or something will be build after 10 hours or so, thats why I started to host my own repo. (and the fact that I needed to host for debian too)
- 10/27/2023 at 5:43 PM #3874 Reply
  
  Dan
  Guest
  
  Server updated, thank you so much for the update.
  
  nginx version: nginx/1.25.2 (https://deb.myguard.nl/nginx-modules/)
  built with OpenSSL 3.0.11+quic 19 Sep 2023
  TLS SNI support enabled
  configure arguments: –build=https://deb.myguard.nl/nginx-modules/ –conf-path=/etc/nginx/nginx.conf –error-log-path=/var/log/nginx/error.log –http-client-body-temp-path=/var/lib/nginx/body –http-fastcgi-temp-path=/var/lib/nginx/fastcgi –http-log-path=/var/log/nginx/access.log –http-proxy-temp-path=/var/lib/nginx/proxy –http-scgi-temp-path=/var/lib/nginx/scgi –http-uwsgi-temp-path=/var/lib/nginx/uwsgi –lock-path=/var/lock/nginx.lock –modules-path=/usr/lib/nginx/modules –pid-path=/run/nginx.pid –prefix=/usr/share/nginx –with-cc-opt=’-g -ffile-prefix-map=/build/nginx-Y4M7iL/nginx-1.25.2=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -O3 -flto -DNGX_HTTP_HEADERS -DNGX_ZLIB_NG=1 -D_FORTIFY_SOURCE=2 -w -DTCP_FASTOPEN=23 -fPIC -Wdate-time -D_FORTIFY_SOURCE=2′ –with-compat –with-file-aio –with-http_dav_module –with-http_gzip_static_module –with-http_auth_request_module –with-http_realip_module –with-http_slice_module –with-http_ssl_module –with-threads –with-http_v2_module –with-http_v3_module –with-ld-opt=’-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now -fPIC -static-libstdc++ -flto -lpcre’ –with-http_sub_module –without-http_browser_module –without-http_geo_module –without-http_limit_req_module –without-http_limit_conn_module –without-http_memcached_module –without-http_referer_module –without-http_split_clients_module –without-http_userid_module
- 10/29/2023 at 11:35 PM #3903 Reply
  
  Thijs Eilander
  Keymaster
  
  I get tired of Launchpad, I sent the same package 3 times and got 3 different compile errors back :-)
  
  One more try I guess
Author

Posts

Viewing 10 reply threads