[Group.of.nepali.translators] [Bug 1806483] Re: Ubuntu 18.04.1 - OpenSSL RSA connection rate performance degradation using ibmca engine (openssl-ibmca)
This bug was fixed in the package openssl-ibmca - 2.0.2-0ubuntu1 --- openssl-ibmca (2.0.2-0ubuntu1) disco; urgency=medium * New upstream release LP: #1804233 LP: #1806483 * Drop dlopen-soname.patch, applied upstream. * Update watch file to github.com. -- Dimitri John Ledkov Mon, 10 Dec 2018 11:21:56 +1100 ** Changed in: openssl-ibmca (Ubuntu Disco) Status: New => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1806483 Title: Ubuntu 18.04.1 - OpenSSL RSA connection rate performance degradation using ibmca engine (openssl-ibmca) Status in Ubuntu on IBM z Systems: Triaged Status in openssl-ibmca package in Ubuntu: Fix Released Status in openssl-ibmca source package in Xenial: New Status in openssl-ibmca source package in Bionic: New Status in openssl-ibmca source package in Cosmic: New Status in openssl-ibmca source package in Disco: Fix Released Bug description: ---Problem Description--- Recent performance evaluation has shown significant degradation in the TLS connections per second rate using the OpenSSL s_time benchmark with Ubuntu 18.04.1. While doing RSA sign/verify operations, the engine would preffer doing RSA-ME instead of RSA-CRT which is significantly better in terms of performance. Baseline for this comparison are measurements executed with another distro. Both measurements have been made on LPAR native, using the CEX6A adapter. Crypto stack on the host: OpenSSL ver: 1.1.0g IBMCA ver: 1.4.1.-0 Libica ver: 3.2.1 Problem present under following condititions: 1. IBMCA ver >= 2.0.0 2. OpenSSL version >= 1.1.0 && IBMCA ver >= 1.3.1. ---uname output--- Linux m42lp01 4.15.0-29-generic #31-Ubuntu SMP Tue Jul 17 15:42:24 UTC 2018 s390x s390x s390x GNU/Linux Machine Type = Type/Model:3906-M04 LPAR ---Steps to Reproduce--- Server; openssl s_server -cert benchcert.pem -quiet -WWW -engine ibmca -accept 8050 Client: openssl s_time -key benchcert.pem -www /2k.html -time 90 -cipher AES256-SHA -new -bugs -connect 10.14.1.254:8050 -elapsed By scaling the number of processes, the issue becomes more and more visible. Userspace tool common name: openssl-ibmca The userspace tool has the following bit modes: 64 Userspace package: openssl-ibmca-1.4.1-0ubuntu1.s390x The attached patch is generated from the commit available here: https://github.com/opencryptoki/openssl-ibmca/commit/a0e23d4063bf897dd9136c491d2201de5fbba653 Generated with: git format-patch -1 a0e23d4063bf897dd9136c491d2201de5fbba653 To be applied with: patch /openssl-ibmca/src/ibmca_rsa.c ~/0001-Fix-doing-rsa-me-altough-rsa-crt-would-be-possible.patch Fix applies smoothly and shows expected performance improvement as visible on the chart. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1806483/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1805865] Re: linux-azure-edge: 4.18.0-1006.6~16.04.2 -proposed tracker
** Changed in: kernel-sru-workflow/certification-testing Status: Confirmed => Invalid -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1805865 Title: linux-azure-edge: 4.18.0-1006.6~16.04.2 -proposed tracker Status in Kernel SRU Workflow: In Progress Status in Kernel SRU Workflow automated-testing series: Fix Released Status in Kernel SRU Workflow certification-testing series: Invalid Status in Kernel SRU Workflow prepare-package series: Fix Released Status in Kernel SRU Workflow prepare-package-meta series: Fix Released Status in Kernel SRU Workflow prepare-package-signed series: Fix Released Status in Kernel SRU Workflow promote-to-proposed series: Fix Released Status in Kernel SRU Workflow promote-to-security series: New Status in Kernel SRU Workflow promote-to-updates series: New Status in Kernel SRU Workflow regression-testing series: Fix Released Status in Kernel SRU Workflow security-signoff series: Fix Released Status in Kernel SRU Workflow stakeholder-signoff series: Fix Released Status in Kernel SRU Workflow upload-to-ppa series: New Status in Kernel SRU Workflow verification-testing series: Fix Released Status in linux-azure-edge package in Ubuntu: Invalid Status in linux-azure-edge source package in Xenial: Confirmed Bug description: This bug is for tracking the 4.18.0-1006.6~16.04.1 upload package. This bug will contain status and testing results related to that upload. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- boot-testing-requested: true kernel-stable-master-bug: 1802743 phase: Promoted to proposed phase-changed: Monday, 03. December 2018 13:03 UTC proposed-announcement-sent: true proposed-testing-requested: true reason: certification-testing: Testing in progress To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1805865/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1806573] Re: linux-aws: 4.4.0-1074.84 -proposed tracker
** Changed in: kernel-sru-workflow/regression-testing Status: Confirmed => Fix Released ** Description changed: This bug is for tracking the upload package. This bug will contain status and testing results related to that upload. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- boot-testing-requested: true kernel-stable-master-bug: 1806569 phase: Promoted to proposed phase-changed: Thursday, 06. December 2018 13:03 UTC proposed-announcement-sent: true proposed-testing-requested: true reason: - regression-testing: Testing in progress security-signoff: Waiting for signoff verification-testing: Testing in progress -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1806573 Title: linux-aws: 4.4.0-1074.84 -proposed tracker Status in Kernel SRU Workflow: In Progress Status in Kernel SRU Workflow automated-testing series: Fix Released Status in Kernel SRU Workflow certification-testing series: Invalid Status in Kernel SRU Workflow prepare-package series: Fix Released Status in Kernel SRU Workflow prepare-package-meta series: Fix Released Status in Kernel SRU Workflow promote-to-proposed series: Fix Released Status in Kernel SRU Workflow promote-to-security series: New Status in Kernel SRU Workflow promote-to-updates series: New Status in Kernel SRU Workflow regression-testing series: Fix Released Status in Kernel SRU Workflow security-signoff series: In Progress Status in Kernel SRU Workflow snap-release-to-beta series: Fix Released Status in Kernel SRU Workflow snap-release-to-candidate series: Fix Released Status in Kernel SRU Workflow snap-release-to-edge series: Fix Released Status in Kernel SRU Workflow snap-release-to-stable series: Invalid Status in Kernel SRU Workflow upload-to-ppa series: New Status in Kernel SRU Workflow verification-testing series: Confirmed Status in linux-aws package in Ubuntu: Invalid Status in linux-aws source package in Xenial: Confirmed Bug description: This bug is for tracking the upload package. This bug will contain status and testing results related to that upload. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- boot-testing-requested: true kernel-stable-master-bug: 1806569 phase: Promoted to proposed phase-changed: Thursday, 06. December 2018 13:03 UTC proposed-announcement-sent: true proposed-testing-requested: true reason: security-signoff: Waiting for signoff verification-testing: Testing in progress To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1806573/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1806483] Re: Ubuntu 18.04.1 - OpenSSL RSA connection rate performance degradation using ibmca engine (openssl-ibmca)
** Also affects: openssl-ibmca (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: openssl-ibmca (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: openssl-ibmca (Ubuntu Disco) Importance: Undecided Assignee: Skipper Bug Screeners (skipper-screen-team) Status: New ** Also affects: openssl-ibmca (Ubuntu Cosmic) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1806483 Title: Ubuntu 18.04.1 - OpenSSL RSA connection rate performance degradation using ibmca engine (openssl-ibmca) Status in Ubuntu on IBM z Systems: Triaged Status in openssl-ibmca package in Ubuntu: New Status in openssl-ibmca source package in Xenial: New Status in openssl-ibmca source package in Bionic: New Status in openssl-ibmca source package in Cosmic: New Status in openssl-ibmca source package in Disco: New Bug description: ---Problem Description--- Recent performance evaluation has shown significant degradation in the TLS connections per second rate using the OpenSSL s_time benchmark with Ubuntu 18.04.1. While doing RSA sign/verify operations, the engine would preffer doing RSA-ME instead of RSA-CRT which is significantly better in terms of performance. Baseline for this comparison are measurements executed with another distro. Both measurements have been made on LPAR native, using the CEX6A adapter. Crypto stack on the host: OpenSSL ver: 1.1.0g IBMCA ver: 1.4.1.-0 Libica ver: 3.2.1 Problem present under following condititions: 1. IBMCA ver >= 2.0.0 2. OpenSSL version >= 1.1.0 && IBMCA ver >= 1.3.1. ---uname output--- Linux m42lp01 4.15.0-29-generic #31-Ubuntu SMP Tue Jul 17 15:42:24 UTC 2018 s390x s390x s390x GNU/Linux Machine Type = Type/Model:3906-M04 LPAR ---Steps to Reproduce--- Server; openssl s_server -cert benchcert.pem -quiet -WWW -engine ibmca -accept 8050 Client: openssl s_time -key benchcert.pem -www /2k.html -time 90 -cipher AES256-SHA -new -bugs -connect 10.14.1.254:8050 -elapsed By scaling the number of processes, the issue becomes more and more visible. Userspace tool common name: openssl-ibmca The userspace tool has the following bit modes: 64 Userspace package: openssl-ibmca-1.4.1-0ubuntu1.s390x The attached patch is generated from the commit available here: https://github.com/opencryptoki/openssl-ibmca/commit/a0e23d4063bf897dd9136c491d2201de5fbba653 Generated with: git format-patch -1 a0e23d4063bf897dd9136c491d2201de5fbba653 To be applied with: patch /openssl-ibmca/src/ibmca_rsa.c ~/0001-Fix-doing-rsa-me-altough-rsa-crt-would-be-possible.patch Fix applies smoothly and shows expected performance improvement as visible on the chart. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1806483/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1640978] Re: [SRU] Backport letsencrypt 0.14.2
Did some major cleanup of this bug. Debdiffs attached for review. In general, the primary change for the backport was to modify the package to build against Python 2 instead of Python 3; one code change was needed in certbot to disable API documentation as the necessary sphinx module is not available. We're still sorting out the letsencrypt compat shims but I wanted to get these debdiffs reviewed as they are final or very close to. ** No longer affects: python-acme (Ubuntu Yakkety) ** No longer affects: python-acme (Ubuntu Zesty) ** Changed in: python-acme (Ubuntu Xenial) Status: Fix Committed => In Progress ** Changed in: python-acme (Ubuntu Xenial) Assignee: (unassigned) => Michael Casadevall (mcasadevall) ** No longer affects: python-certbot (Ubuntu Yakkety) ** No longer affects: python-certbot (Ubuntu Zesty) ** Changed in: python-certbot (Ubuntu Xenial) Status: Fix Committed => In Progress ** Changed in: python-certbot (Ubuntu Xenial) Assignee: (unassigned) => Michael Casadevall (mcasadevall) ** No longer affects: python-certbot-apache (Ubuntu Yakkety) ** No longer affects: python-certbot-apache (Ubuntu Zesty) ** Changed in: python-certbot-apache (Ubuntu Xenial) Status: Fix Committed => In Progress ** Changed in: python-certbot-apache (Ubuntu Xenial) Assignee: (unassigned) => Michael Casadevall (mcasadevall) ** No longer affects: python-certbot-nginx (Ubuntu Yakkety) ** No longer affects: python-certbot-nginx (Ubuntu Zesty) ** Changed in: python-certbot-nginx (Ubuntu Xenial) Assignee: (unassigned) => Michael Casadevall (mcasadevall) ** Changed in: python-certbot-nginx (Ubuntu Xenial) Importance: Undecided => High ** Changed in: python-certbot-nginx (Ubuntu Xenial) Milestone: None => xenial-updates ** Changed in: python-certbot-nginx (Ubuntu Xenial) Status: Fix Committed => In Progress ** Changed in: python-letsencrypt (Ubuntu Xenial) Importance: Undecided => High ** Changed in: python-letsencrypt (Ubuntu Xenial) Milestone: None => xenial-updates ** Changed in: python-letsencrypt (Ubuntu Xenial) Assignee: (unassigned) => Michael Casadevall (mcasadevall) ** Changed in: python-letsencrypt (Ubuntu Xenial) Status: Fix Committed => In Progress ** Changed in: python-letsencrypt-apache (Ubuntu Xenial) Importance: Undecided => High ** Changed in: python-letsencrypt-apache (Ubuntu Xenial) Status: Fix Committed => In Progress ** Changed in: python-letsencrypt-apache (Ubuntu Xenial) Milestone: None => xenial-updates ** Changed in: python-certbot-apache (Ubuntu Xenial) Importance: Undecided => High ** Changed in: python-certbot (Ubuntu Xenial) Importance: Undecided => High ** Changed in: python-acme (Ubuntu Xenial) Importance: Undecided => High ** Summary changed: - [SRU] Backport letsencrypt 0.14.2 + [SRU] Backport letsencrypt from bionic ** Tags removed: verification-needed-zesty ** Patch added: "python-acme.debdiff" https://bugs.launchpad.net/ubuntu/xenial/+source/python-acme/+bug/1640978/+attachment/5220643/+files/python-acme.debdiff -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1640978 Title: [SRU] Backport letsencrypt from bionic Status in python-acme package in Ubuntu: Fix Released Status in python-certbot package in Ubuntu: Fix Released Status in python-certbot-apache package in Ubuntu: Fix Released Status in python-certbot-nginx package in Ubuntu: Fix Released Status in python-acme source package in Xenial: In Progress Status in python-certbot source package in Xenial: In Progress Status in python-certbot-apache source package in Xenial: In Progress Status in python-certbot-nginx source package in Xenial: In Progress Status in python-letsencrypt source package in Xenial: In Progress Status in python-letsencrypt-apache source package in Xenial: In Progress Bug description: This bug contains a list of known major and other issues fixed between upstream letsencrypt 0.4.1 and the latest version, certbot 0.9.3 (the project has also been renamed to avoid confusion between the python client software and the Let's Encrypt CA service). [Impact] MAJOR BUGS FIXED https://github.com/certbot/certbot/issues/2750 letsencrypt < 0.5.0 was not compatible with future configuration files, so users who run certbot-auto then downgrade to the Xenial packages will encounter errors. https://github.com/certbot/certbot/issues/2709 Failure to remember choices of authenticator plugins for renewal operation. This would essentially make "letsencrypt renew" useless on Xenial. Numerous less severe automated renewal-related bugs fixed in subsequent releases: https://github.com/certbot/certbot/issues?utf8=%E2%9C%93=is%3Aissue%20milestone%3A0.5.0%20is%3Aclosed%20label%3Arenewal%20
