| 2019-06-11 05:27:20 |
Jim Tittsler |
bug |
|
|
added bug |
| 2019-06-11 13:16:32 |
Jim Tittsler |
bug watch added |
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913558 |
|
| 2019-06-12 03:51:12 |
Launchpad Janitor |
lighttpd (Ubuntu): status |
New |
Confirmed |
|
| 2019-06-17 19:31:26 |
Florian |
bug |
|
|
added subscriber Florian |
| 2019-06-19 08:05:14 |
Oliver Blasnik |
bug |
|
|
added subscriber Oliver Blasnik |
| 2019-06-21 17:36:30 |
Andres Rodriguez |
lighttpd (Ubuntu): importance |
Undecided |
Critical |
|
| 2019-06-22 12:24:22 |
Ben |
bug |
|
|
added subscriber Ben |
| 2019-06-24 09:19:14 |
grzes |
bug |
|
|
added subscriber grzes |
| 2019-06-24 20:59:00 |
Dmitry Shachnev |
bug |
|
|
added subscriber Dmitry Shachnev |
| 2019-06-24 22:16:24 |
Robie Basak |
tags |
amd64 apport-bug bionic uec-images |
amd64 apport-bug bionic regression-update uec-images |
|
| 2019-06-24 22:58:33 |
Dimitri John Ledkov |
nominated for series |
|
Ubuntu Bionic |
|
| 2019-06-24 22:58:33 |
Dimitri John Ledkov |
bug task added |
|
lighttpd (Ubuntu Bionic) |
|
| 2019-06-24 22:58:33 |
Dimitri John Ledkov |
nominated for series |
|
Ubuntu Cosmic |
|
| 2019-06-24 22:58:33 |
Dimitri John Ledkov |
bug task added |
|
lighttpd (Ubuntu Cosmic) |
|
| 2019-06-24 23:00:43 |
Dimitri John Ledkov |
lighttpd (Ubuntu Bionic): importance |
Undecided |
Critical |
|
| 2019-06-24 23:00:45 |
Dimitri John Ledkov |
lighttpd (Ubuntu Cosmic): importance |
Undecided |
Critical |
|
| 2019-06-24 23:00:48 |
Dimitri John Ledkov |
lighttpd (Ubuntu Bionic): status |
New |
In Progress |
|
| 2019-06-24 23:00:50 |
Dimitri John Ledkov |
lighttpd (Ubuntu Cosmic): status |
New |
In Progress |
|
| 2019-06-24 23:00:53 |
Dimitri John Ledkov |
lighttpd (Ubuntu): status |
Confirmed |
Fix Released |
|
| 2019-06-24 23:01:12 |
Dimitri John Ledkov |
bug task added |
|
lighttpd (Debian) |
|
| 2019-06-24 23:02:16 |
Dimitri John Ledkov |
bug watch added |
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913251 |
|
| 2019-06-24 23:02:16 |
Dimitri John Ledkov |
lighttpd (Debian): remote watch |
Debian Bug tracker #913558 |
Debian Bug tracker #913251 |
|
| 2019-06-24 23:10:02 |
Dimitri John Ledkov |
description |
After installing today's bionic OpenSSL update (1.1.0g-2ubuntu4.3 -> 1.1.1-1ubuntu2.1~18.04.1 and associated libraries) SSL is broken in lighttpd 1.4.45-1ubuntu3. The logs are full of messages of the form:
2019-06-11 12:02:20: (connections-glue.c.126) SSL: renegotiation initiated by client, killing connection
Perhaps problem with TLS v1.3 negotiation? (And the version of lighttpd is too old to have the ssl.openssl.ssl-conf-cmd directive to try to disable it.)
Description: Ubuntu 18.04.2 LTS
Release: 18.04
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: lighttpd 1.4.45-1ubuntu3
ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
Uname: Linux 4.15.0-51-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.6
Architecture: amd64
Date: Tue Jun 11 14:18:55 2019
SourcePackage: lighttpd
UpgradeStatus: Upgraded to bionic on 2018-06-10 (365 days ago)
modified.conffile..etc.lighttpd.conf-available.10-cgi.conf: [modified]
modified.conffile..etc.lighttpd.lighttpd.conf: [modified]
mtime.conffile..etc.lighttpd.conf-available.10-cgi.conf: 2015-07-16T10:18:19.857892
mtime.conffile..etc.lighttpd.lighttpd.conf: 2019-06-11T12:01:59.493213 |
[Impact]
* TLSv1.3 (which is enabled by default) connections are getting killed instead of succeeding negotiation.
[Test Case]
* Create lighttpd server, attempt to connect via tlsv1.3
* Connection should succeed.
[Regression Potential]
* TLSv1.3 connections attempt client renegotiation when they should not, as that's not supported anymore. Currently, connections are getting killed instead of succeeding. This change is a backport from a later v1.4 series point release, hence the file paths don't match the original and variables are renamed, however, the affected codepath appears to still be the same-ish. Hence the patch should be review for rebase correctness as there is room for error in handling client renegotiation with prior tls versions.
[Upstream Link]
https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/7a7f4f987aa8443aa3898f484539f707e213bcba/diff
[Original Bugreport]
After installing today's bionic OpenSSL update (1.1.0g-2ubuntu4.3 -> 1.1.1-1ubuntu2.1~18.04.1 and associated libraries) SSL is broken in lighttpd 1.4.45-1ubuntu3. The logs are full of messages of the form:
2019-06-11 12:02:20: (connections-glue.c.126) SSL: renegotiation initiated by client, killing connection
Perhaps problem with TLS v1.3 negotiation? (And the version of lighttpd is too old to have the ssl.openssl.ssl-conf-cmd directive to try to disable it.)
Description: Ubuntu 18.04.2 LTS
Release: 18.04
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: lighttpd 1.4.45-1ubuntu3
ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
Uname: Linux 4.15.0-51-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.6
Architecture: amd64
Date: Tue Jun 11 14:18:55 2019
SourcePackage: lighttpd
UpgradeStatus: Upgraded to bionic on 2018-06-10 (365 days ago)
modified.conffile..etc.lighttpd.conf-available.10-cgi.conf: [modified]
modified.conffile..etc.lighttpd.lighttpd.conf: [modified]
mtime.conffile..etc.lighttpd.conf-available.10-cgi.conf: 2015-07-16T10:18:19.857892
mtime.conffile..etc.lighttpd.lighttpd.conf: 2019-06-11T12:01:59.493213 |
|
| 2019-06-25 07:28:38 |
Bug Watch Updater |
lighttpd (Debian): status |
Unknown |
Fix Released |
|
| 2019-06-25 09:41:33 |
Dimitri John Ledkov |
description |
[Impact]
* TLSv1.3 (which is enabled by default) connections are getting killed instead of succeeding negotiation.
[Test Case]
* Create lighttpd server, attempt to connect via tlsv1.3
* Connection should succeed.
[Regression Potential]
* TLSv1.3 connections attempt client renegotiation when they should not, as that's not supported anymore. Currently, connections are getting killed instead of succeeding. This change is a backport from a later v1.4 series point release, hence the file paths don't match the original and variables are renamed, however, the affected codepath appears to still be the same-ish. Hence the patch should be review for rebase correctness as there is room for error in handling client renegotiation with prior tls versions.
[Upstream Link]
https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/7a7f4f987aa8443aa3898f484539f707e213bcba/diff
[Original Bugreport]
After installing today's bionic OpenSSL update (1.1.0g-2ubuntu4.3 -> 1.1.1-1ubuntu2.1~18.04.1 and associated libraries) SSL is broken in lighttpd 1.4.45-1ubuntu3. The logs are full of messages of the form:
2019-06-11 12:02:20: (connections-glue.c.126) SSL: renegotiation initiated by client, killing connection
Perhaps problem with TLS v1.3 negotiation? (And the version of lighttpd is too old to have the ssl.openssl.ssl-conf-cmd directive to try to disable it.)
Description: Ubuntu 18.04.2 LTS
Release: 18.04
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: lighttpd 1.4.45-1ubuntu3
ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
Uname: Linux 4.15.0-51-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.6
Architecture: amd64
Date: Tue Jun 11 14:18:55 2019
SourcePackage: lighttpd
UpgradeStatus: Upgraded to bionic on 2018-06-10 (365 days ago)
modified.conffile..etc.lighttpd.conf-available.10-cgi.conf: [modified]
modified.conffile..etc.lighttpd.lighttpd.conf: [modified]
mtime.conffile..etc.lighttpd.conf-available.10-cgi.conf: 2015-07-16T10:18:19.857892
mtime.conffile..etc.lighttpd.lighttpd.conf: 2019-06-11T12:01:59.493213 |
[Impact]
* TLSv1.3 (which is enabled by default) connections are getting killed instead of succeeding negotiation.
[Test Case]
* Create lighttpd server, attempt to connect via tlsv1.3
* Connection should succeed.
Sample lighttpd.conf:
server.port = 443
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/server.pem"
Where server.pem is concat of snakeoil cert + private key.
Attempting curl to lighttpd results in:
# curl --cacert /etc/ssl/certs/ssl-cert-snakeoil.pem https://apt-kitten.lxd
curl: (52) Empty reply from server
# grep 'killing' /var/log/lighttpd/error.log
2019-06-25 09:40:15: (connections-glue.c.126) SSL: renegotiation initiated by client, killing connection
[Regression Potential]
* TLSv1.3 connections attempt client renegotiation when they should not, as that's not supported anymore. Currently, connections are getting killed instead of succeeding. This change is a backport from a later v1.4 series point release, hence the file paths don't match the original and variables are renamed, however, the affected codepath appears to still be the same-ish. Hence the patch should be review for rebase correctness as there is room for error in handling client renegotiation with prior tls versions.
[Upstream Link]
https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/7a7f4f987aa8443aa3898f484539f707e213bcba/diff
[Original Bugreport]
After installing today's bionic OpenSSL update (1.1.0g-2ubuntu4.3 -> 1.1.1-1ubuntu2.1~18.04.1 and associated libraries) SSL is broken in lighttpd 1.4.45-1ubuntu3. The logs are full of messages of the form:
2019-06-11 12:02:20: (connections-glue.c.126) SSL: renegotiation initiated by client, killing connection
Perhaps problem with TLS v1.3 negotiation? (And the version of lighttpd is too old to have the ssl.openssl.ssl-conf-cmd directive to try to disable it.)
Description: Ubuntu 18.04.2 LTS
Release: 18.04
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: lighttpd 1.4.45-1ubuntu3
ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
Uname: Linux 4.15.0-51-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.6
Architecture: amd64
Date: Tue Jun 11 14:18:55 2019
SourcePackage: lighttpd
UpgradeStatus: Upgraded to bionic on 2018-06-10 (365 days ago)
modified.conffile..etc.lighttpd.conf-available.10-cgi.conf: [modified]
modified.conffile..etc.lighttpd.lighttpd.conf: [modified]
mtime.conffile..etc.lighttpd.conf-available.10-cgi.conf: 2015-07-16T10:18:19.857892
mtime.conffile..etc.lighttpd.lighttpd.conf: 2019-06-11T12:01:59.493213 |
|
| 2019-06-25 09:45:06 |
Dimitri John Ledkov |
description |
[Impact]
* TLSv1.3 (which is enabled by default) connections are getting killed instead of succeeding negotiation.
[Test Case]
* Create lighttpd server, attempt to connect via tlsv1.3
* Connection should succeed.
Sample lighttpd.conf:
server.port = 443
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/server.pem"
Where server.pem is concat of snakeoil cert + private key.
Attempting curl to lighttpd results in:
# curl --cacert /etc/ssl/certs/ssl-cert-snakeoil.pem https://apt-kitten.lxd
curl: (52) Empty reply from server
# grep 'killing' /var/log/lighttpd/error.log
2019-06-25 09:40:15: (connections-glue.c.126) SSL: renegotiation initiated by client, killing connection
[Regression Potential]
* TLSv1.3 connections attempt client renegotiation when they should not, as that's not supported anymore. Currently, connections are getting killed instead of succeeding. This change is a backport from a later v1.4 series point release, hence the file paths don't match the original and variables are renamed, however, the affected codepath appears to still be the same-ish. Hence the patch should be review for rebase correctness as there is room for error in handling client renegotiation with prior tls versions.
[Upstream Link]
https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/7a7f4f987aa8443aa3898f484539f707e213bcba/diff
[Original Bugreport]
After installing today's bionic OpenSSL update (1.1.0g-2ubuntu4.3 -> 1.1.1-1ubuntu2.1~18.04.1 and associated libraries) SSL is broken in lighttpd 1.4.45-1ubuntu3. The logs are full of messages of the form:
2019-06-11 12:02:20: (connections-glue.c.126) SSL: renegotiation initiated by client, killing connection
Perhaps problem with TLS v1.3 negotiation? (And the version of lighttpd is too old to have the ssl.openssl.ssl-conf-cmd directive to try to disable it.)
Description: Ubuntu 18.04.2 LTS
Release: 18.04
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: lighttpd 1.4.45-1ubuntu3
ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
Uname: Linux 4.15.0-51-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.6
Architecture: amd64
Date: Tue Jun 11 14:18:55 2019
SourcePackage: lighttpd
UpgradeStatus: Upgraded to bionic on 2018-06-10 (365 days ago)
modified.conffile..etc.lighttpd.conf-available.10-cgi.conf: [modified]
modified.conffile..etc.lighttpd.lighttpd.conf: [modified]
mtime.conffile..etc.lighttpd.conf-available.10-cgi.conf: 2015-07-16T10:18:19.857892
mtime.conffile..etc.lighttpd.lighttpd.conf: 2019-06-11T12:01:59.493213 |
[Impact]
* TLSv1.3 (which is enabled by default) connections are getting killed instead of succeeding negotiation.
[Test Case]
* Create lighttpd server, attempt to connect via tlsv1.3
* Connection should succeed.
Sample lighttpd.conf:
server.port = 443
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/server.pem"
Where server.pem is concat of snakeoil cert + private key.
Attempting curl to lighttpd results in:
# curl --cacert /etc/ssl/certs/ssl-cert-snakeoil.pem https://apt-kitten.lxd
curl: (52) Empty reply from server
# grep 'killing' /var/log/lighttpd/error.log
2019-06-25 09:40:15: (connections-glue.c.126) SSL: renegotiation initiated by client, killing connection
Upgrade to new lighttpd, repeat curl, and now get the download of the home-page:
# curl --cacert /etc/ssl/certs/ssl-cert-snakeoil.pem https://apt-kitten.lxd
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
...
[Regression Potential]
* TLSv1.3 connections attempt client renegotiation when they should not, as that's not supported anymore. Currently, connections are getting killed instead of succeeding. This change is a backport from a later v1.4 series point release, hence the file paths don't match the original and variables are renamed, however, the affected codepath appears to still be the same-ish. Hence the patch should be review for rebase correctness as there is room for error in handling client renegotiation with prior tls versions.
[Upstream Link]
https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/7a7f4f987aa8443aa3898f484539f707e213bcba/diff
[Original Bugreport]
After installing today's bionic OpenSSL update (1.1.0g-2ubuntu4.3 -> 1.1.1-1ubuntu2.1~18.04.1 and associated libraries) SSL is broken in lighttpd 1.4.45-1ubuntu3. The logs are full of messages of the form:
2019-06-11 12:02:20: (connections-glue.c.126) SSL: renegotiation initiated by client, killing connection
Perhaps problem with TLS v1.3 negotiation? (And the version of lighttpd is too old to have the ssl.openssl.ssl-conf-cmd directive to try to disable it.)
Description: Ubuntu 18.04.2 LTS
Release: 18.04
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: lighttpd 1.4.45-1ubuntu3
ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
Uname: Linux 4.15.0-51-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.6
Architecture: amd64
Date: Tue Jun 11 14:18:55 2019
SourcePackage: lighttpd
UpgradeStatus: Upgraded to bionic on 2018-06-10 (365 days ago)
modified.conffile..etc.lighttpd.conf-available.10-cgi.conf: [modified]
modified.conffile..etc.lighttpd.lighttpd.conf: [modified]
mtime.conffile..etc.lighttpd.conf-available.10-cgi.conf: 2015-07-16T10:18:19.857892
mtime.conffile..etc.lighttpd.lighttpd.conf: 2019-06-11T12:01:59.493213 |
|
| 2019-06-25 10:22:28 |
Robie Basak |
lighttpd (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
| 2019-06-25 10:22:29 |
Robie Basak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2019-06-25 10:22:30 |
Robie Basak |
bug |
|
|
added subscriber SRU Verification |
| 2019-06-25 10:22:34 |
Robie Basak |
tags |
amd64 apport-bug bionic regression-update uec-images |
amd64 apport-bug bionic regression-update uec-images verification-needed verification-needed-bionic |
|
| 2019-06-25 10:22:47 |
Robie Basak |
lighttpd (Ubuntu Cosmic): status |
In Progress |
Fix Committed |
|
| 2019-06-25 10:22:51 |
Robie Basak |
tags |
amd64 apport-bug bionic regression-update uec-images verification-needed verification-needed-bionic |
amd64 apport-bug bionic regression-update uec-images verification-needed verification-needed-bionic verification-needed-cosmic |
|
| 2019-06-25 12:29:58 |
Dimitri John Ledkov |
tags |
amd64 apport-bug bionic regression-update uec-images verification-needed verification-needed-bionic verification-needed-cosmic |
amd64 apport-bug bionic regression-update uec-images verification-done-bionic verification-needed verification-needed-cosmic |
|
| 2019-06-25 12:51:01 |
Dimitri John Ledkov |
tags |
amd64 apport-bug bionic regression-update uec-images verification-done-bionic verification-needed verification-needed-cosmic |
amd64 apport-bug bionic regression-update uec-images verification-done-bionic verification-done-cosmic |
|
| 2019-06-26 00:10:29 |
Launchpad Janitor |
lighttpd (Ubuntu Cosmic): status |
Fix Committed |
Fix Released |
|
| 2019-06-26 00:10:36 |
Brian Murray |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2019-06-26 00:12:34 |
Launchpad Janitor |
lighttpd (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2019-10-08 21:14:55 |
Robie Basak |
tags |
amd64 apport-bug bionic regression-update uec-images verification-done-bionic verification-done-cosmic |
amd64 apport-bug bionic bionic-openssl-1.1 regression-update uec-images verification-done-bionic verification-done-cosmic |
|
