Activity log for bug #1815439

Date Who What changed Old value New value Message
2019-02-11 10:50:43 Dimitri John Ledkov bug added bug
2019-02-11 10:50:54 Dimitri John Ledkov nominated for series Ubuntu Cosmic
2019-02-11 10:50:54 Dimitri John Ledkov bug task added python-boto (Ubuntu Cosmic)
2019-02-11 10:50:54 Dimitri John Ledkov nominated for series Ubuntu Bionic
2019-02-11 10:50:54 Dimitri John Ledkov bug task added python-boto (Ubuntu Bionic)
2019-02-11 10:51:01 Dimitri John Ledkov python-boto (Ubuntu): status New Fix Released
2019-02-11 10:51:03 Dimitri John Ledkov python-boto (Ubuntu Bionic): status New In Progress
2019-02-11 10:51:05 Dimitri John Ledkov python-boto (Ubuntu Cosmic): status New In Progress
2019-02-11 10:53:10 Dimitri John Ledkov bug watch added https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909545
2019-02-11 10:53:10 Dimitri John Ledkov bug task added python-boto (Debian)
2019-02-11 10:56:31 Dimitri John Ledkov bug added subscriber Ubuntu Stable Release Updates Team
2019-02-11 11:36:53 Bug Watch Updater python-boto (Debian): status Unknown Fix Released
2019-02-11 15:31:06 Dimitri John Ledkov description [Impact] * OpenSSL 1.1.1 performs SNI hostname verification, therefore hostname SSL context option must be set when establishing the connection, otherwise, validation of SNI certificates fail and thus resulting in lack of connectivity. [Test Case] * use python-boto to connect to an SNI tls protected host [Regression Potential] * change is compatible with pythons/openssl versions shipped in bionic/cosmic-release * change is from upstream / tested in debian & disco * change improves security, and is compatible with deployed servers out there * hosts with certificates not matching their actual hostname will remain invalid/untrusted [Impact]  * OpenSSL 1.1.1 performs SNI hostname verification, therefore hostname SSL context option must be set when establishing the connection, otherwise, validation of SNI certificates fail and thus resulting in lack of connectivity. [Test Case]  * use python-boto to connect to an SNI tls protected host [Regression Potential]  * change is compatible with pythons/openssl versions shipped in bionic/cosmic-release  * change is from upstream / tested in debian & disco  * change improves security, and is compatible with deployed servers out there  * hosts with certificates not matching their actual hostname will remain invalid/untrusted [Additional info] To install python & openssl 1.1.1 on Bionic you may enable and use the below silo, which will then exhibit the enforcement of SNI hostname verification. sudo add-apt-repository ppa:ci-train-ppa-service/3473 sudo apt-get update
2019-02-11 18:17:06 Łukasz Zemczak python-boto (Ubuntu Cosmic): status In Progress Fix Committed
2019-02-11 18:17:08 Łukasz Zemczak bug added subscriber SRU Verification
2019-02-11 18:17:10 Łukasz Zemczak tags verification-needed verification-needed-cosmic
2019-02-11 18:20:46 Łukasz Zemczak python-boto (Ubuntu Bionic): status In Progress Fix Committed
2019-02-11 18:20:50 Łukasz Zemczak tags verification-needed verification-needed-cosmic verification-needed verification-needed-bionic verification-needed-cosmic
2019-02-12 10:23:52 Dimitri John Ledkov tags verification-needed verification-needed-bionic verification-needed-cosmic verification-done-cosmic verification-needed verification-needed-bionic
2019-02-12 10:56:00 Dimitri John Ledkov tags verification-done-cosmic verification-needed verification-needed-bionic verification-done verification-done-bionic verification-done-cosmic
2019-02-12 10:56:25 Dimitri John Ledkov description [Impact]  * OpenSSL 1.1.1 performs SNI hostname verification, therefore hostname SSL context option must be set when establishing the connection, otherwise, validation of SNI certificates fail and thus resulting in lack of connectivity. [Test Case]  * use python-boto to connect to an SNI tls protected host [Regression Potential]  * change is compatible with pythons/openssl versions shipped in bionic/cosmic-release  * change is from upstream / tested in debian & disco  * change improves security, and is compatible with deployed servers out there  * hosts with certificates not matching their actual hostname will remain invalid/untrusted [Additional info] To install python & openssl 1.1.1 on Bionic you may enable and use the below silo, which will then exhibit the enforcement of SNI hostname verification. sudo add-apt-repository ppa:ci-train-ppa-service/3473 sudo apt-get update [Impact]  * OpenSSL 1.1.1 performs SNI hostname verification, therefore hostname SSL context option must be set when establishing the connection, otherwise, validation of SNI certificates fail and thus resulting in lack of connectivity. [Test Case]  * use python-boto to connect to an SNI tls protected host, e.g. GCE google storage using legacy .boto [Regression Potential]  * change is compatible with pythons/openssl versions shipped in bionic/cosmic-release  * change is from upstream / tested in debian & disco  * change improves security, and is compatible with deployed servers out there  * hosts with certificates not matching their actual hostname will remain invalid/untrusted [Additional info] To install python & openssl 1.1.1 on Bionic you may enable and use the below silo, which will then exhibit the enforcement of SNI hostname verification. sudo add-apt-repository ppa:ci-train-ppa-service/3473 sudo apt-get update
2019-02-12 13:36:16 Francis Ginther tags verification-done verification-done-bionic verification-done-cosmic id-5c6154852a93b980fb9074b2 verification-done verification-done-bionic verification-done-cosmic
2019-02-25 11:14:48 Launchpad Janitor python-boto (Ubuntu Cosmic): status Fix Committed Fix Released
2019-02-25 11:14:51 Łukasz Zemczak removed subscriber Ubuntu Stable Release Updates Team
2019-02-25 11:20:48 Launchpad Janitor python-boto (Ubuntu Bionic): status Fix Committed Fix Released