2018-09-18 08:16:13 |
Dimitri John Ledkov |
bug |
|
|
added bug |
2018-09-18 17:46:31 |
Hans Joachim Desserud |
tags |
|
needs-debian-merge upgrade-software-version |
|
2018-09-20 06:42:51 |
Dimitri John Ledkov |
description |
Merge openssl 1.1.1 from debian unstable.
OpenSSL 1.1.1 is now out, with TLS1.3 support, and is the new upstream LTS release.
Preserving existing delta:
- Replace duplicate files in the doc directory with symlinks.
- debian/libssl1.1.postinst:
+ Display a system restart required notification on libssl1.1
upgrade on servers.
+ Use a different priority for libssl1.1/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
With further changes to diverge from Debian to:
- Revert "Enable system default config to enforce TLS1.2 as a
minimum" & "Increase default security level from 1 to 2".
- Further decrease security level from 1 to 0, for compatibility with
openssl 1.0.2.
These mitigate most of the runtime incompatibilities, and ensure client<->server compatibility between 1.1.1, 1.1.0, and 1.0.2 series and thus one can continue to mix & match xenial/bionic/cosmic releases.
Proposed package is in https://launchpad.net/~xnox/+archive/ubuntu/openssl with a rebuild of all the reverse dependencies. It demonstrates that openssl compiled as above is more compatible and has less issues than debian config, and has only a small fallout which is being analyzed right now. |
Merge openssl 1.1.1 from debian unstable.
OpenSSL 1.1.1 is now out, with TLS1.3 support, and is the new upstream LTS release.
Preserving existing delta:
- Replace duplicate files in the doc directory with symlinks.
- debian/libssl1.1.postinst:
+ Display a system restart required notification on libssl1.1
upgrade on servers.
+ Use a different priority for libssl1.1/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
With further changes to diverge from Debian to:
- Revert "Enable system default config to enforce TLS1.2 as a
minimum" & "Increase default security level from 1 to 2".
- Further decrease security level from 1 to 0, for compatibility with
openssl 1.0.2.
These mitigate most of the runtime incompatibilities, and ensure client<->server compatibility between 1.1.1, 1.1.0, and 1.0.2 series and thus one can continue to mix & match xenial/bionic/cosmic releases.
Proposed package is in https://launchpad.net/~xnox/+archive/ubuntu/openssl with a rebuild of all the reverse dependencies. It demonstrates that openssl compiled as above is more compatible and has less issues than debian config. There are a few FTBFS, which are also present in cosmic-release; there are some test-suite expectations mismatch (connectivity succeeds with tls1.3 even though lower/different algos are expected); there are very little connectivity tests thus connectivity interop are the biggest issues which will be unavoidable with introducing 1.3. |
|
2018-09-20 06:43:13 |
Dimitri John Ledkov |
bug |
|
|
added subscriber Ubuntu Release Team |
2018-09-20 09:45:49 |
Steve Langasek |
openssl (Ubuntu): status |
New |
Incomplete |
|
2018-09-20 09:52:04 |
Dimitri John Ledkov |
description |
Merge openssl 1.1.1 from debian unstable.
OpenSSL 1.1.1 is now out, with TLS1.3 support, and is the new upstream LTS release.
Preserving existing delta:
- Replace duplicate files in the doc directory with symlinks.
- debian/libssl1.1.postinst:
+ Display a system restart required notification on libssl1.1
upgrade on servers.
+ Use a different priority for libssl1.1/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
With further changes to diverge from Debian to:
- Revert "Enable system default config to enforce TLS1.2 as a
minimum" & "Increase default security level from 1 to 2".
- Further decrease security level from 1 to 0, for compatibility with
openssl 1.0.2.
These mitigate most of the runtime incompatibilities, and ensure client<->server compatibility between 1.1.1, 1.1.0, and 1.0.2 series and thus one can continue to mix & match xenial/bionic/cosmic releases.
Proposed package is in https://launchpad.net/~xnox/+archive/ubuntu/openssl with a rebuild of all the reverse dependencies. It demonstrates that openssl compiled as above is more compatible and has less issues than debian config. There are a few FTBFS, which are also present in cosmic-release; there are some test-suite expectations mismatch (connectivity succeeds with tls1.3 even though lower/different algos are expected); there are very little connectivity tests thus connectivity interop are the biggest issues which will be unavoidable with introducing 1.3. |
Merge openssl 1.1.1 from debian unstable.
OpenSSL 1.1.1 is now out, with TLS1.3 support, and is the new upstream LTS release.
Resulting in the following changes in Ubuntu:
- openssl moves from 1.1.0 series to 1.1.1 LTS series
- TLS1.3 is enabled, and used by default, when possible. Major feature.
- All existing delta, and minimally accepted key sizes, and minimally accepted protocol versions remain the same.
Proposed package is in https://launchpad.net/~xnox/+archive/ubuntu/openssl with a rebuild of all the reverse dependencies. It demonstrates that openssl compiled as above is more compatible and has less issues than debian config. There are a few FTBFS, which are also present in cosmic-release; there are some test-suite expectations mismatch (connectivity succeeds with tls1.3 even though lower/different algos are expected); there are very little connectivity tests thus connectivity interop are the biggest issues which will be unavoidable with introducing 1.3.
===
Ubuntu delta summary versus debian unstable in this merge:
- Replace duplicate files in the doc directory with symlinks.
- debian/libssl1.1.postinst:
+ Display a system restart required notification on libssl1.1
upgrade on servers.
+ Use a different priority for libssl1.1/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
- Revert "Enable system default config to enforce TLS1.2 as a
minimum" & "Increase default security level from 1 to 2".
- Further decrease security level from 1 to 0, for compatibility with
openssl 1.0.2.
These mitigate most of the runtime incompatibilities, and ensure client<->server compatibility between 1.1.1, 1.1.0, and 1.0.2 series and thus one can continue to mix & match xenial/bionic/cosmic releases. |
|
2018-09-20 09:52:39 |
Dimitri John Ledkov |
openssl (Ubuntu): status |
Incomplete |
New |
|
2018-09-21 10:02:53 |
Steve Langasek |
bug |
|
|
added subscriber Steve Langasek |
2018-09-22 00:55:11 |
Steve Langasek |
openssl (Ubuntu): status |
New |
Confirmed |
|
2018-09-24 13:28:24 |
Dimitri John Ledkov |
tags |
needs-debian-merge upgrade-software-version |
block-proposed needs-debian-merge upgrade-software-version |
|
2018-09-24 14:52:26 |
Jean-Daniel Dupas |
bug |
|
|
added subscriber Jean-Daniel Dupas |
2018-09-24 15:25:46 |
Frank Heimes |
bug |
|
|
added subscriber Frank Heimes |
2018-09-25 10:45:44 |
Dimitri John Ledkov |
bug task added |
|
ruby2.5 (Ubuntu) |
|
2018-09-25 10:45:53 |
Dimitri John Ledkov |
bug task added |
|
python2.7 (Ubuntu) |
|
2018-09-25 10:46:01 |
Dimitri John Ledkov |
bug task added |
|
python3.6 (Ubuntu) |
|
2018-09-25 10:46:12 |
Dimitri John Ledkov |
bug task added |
|
python3.7 (Ubuntu) |
|
2018-09-26 12:02:47 |
Dimitri John Ledkov |
bug task deleted |
ruby2.5 (Ubuntu) |
|
|
2018-09-26 12:03:07 |
Dimitri John Ledkov |
bug task deleted |
python3.7 (Ubuntu) |
|
|
2018-09-26 12:04:16 |
Dimitri John Ledkov |
bug watch added |
|
http://bugs.python.org/issue34670 |
|
2018-09-26 15:55:17 |
Łukasz Zemczak |
openssl (Ubuntu): status |
Confirmed |
Triaged |
|
2018-09-27 03:23:47 |
Tommy Yang |
bug |
|
|
added subscriber Tommy Yang |
2018-09-27 08:08:57 |
Łukasz Zemczak |
python2.7 (Ubuntu): status |
New |
Triaged |
|
2018-09-27 08:09:00 |
Łukasz Zemczak |
python3.6 (Ubuntu): status |
New |
Triaged |
|
2018-09-27 12:14:59 |
Andreas Hasenack |
bug |
|
|
added subscriber Andreas Hasenack |
2018-10-03 15:09:22 |
Dimitri John Ledkov |
tags |
block-proposed needs-debian-merge upgrade-software-version |
upgrade-software-version |
|
2018-10-03 19:25:42 |
Dimitri John Ledkov |
tags |
upgrade-software-version |
block-proposed upgrade-software-version |
|
2018-10-04 01:27:53 |
Dimitri John Ledkov |
tags |
block-proposed upgrade-software-version |
upgrade-software-version |
|
2018-10-04 01:28:01 |
Dimitri John Ledkov |
openssl (Ubuntu): status |
Triaged |
Fix Committed |
|
2018-10-04 01:28:03 |
Dimitri John Ledkov |
python2.7 (Ubuntu): status |
Triaged |
Fix Committed |
|
2018-10-04 01:28:06 |
Dimitri John Ledkov |
python3.6 (Ubuntu): status |
Triaged |
Fix Committed |
|
2018-10-04 02:51:13 |
Jeremy Bícha |
openssl (Ubuntu): status |
Fix Committed |
Fix Released |
|
2018-10-04 02:51:17 |
Jeremy Bícha |
python2.7 (Ubuntu): status |
Fix Committed |
Fix Released |
|
2018-10-04 02:51:21 |
Jeremy Bícha |
python3.6 (Ubuntu): status |
Fix Committed |
Fix Released |
|
2018-11-23 08:11:22 |
Zoltán Halassy |
bug |
|
|
added subscriber Zoltán Halassy |