Re: [arch-dev-public] OpenSSL 1.1.0

On 23.04.2017 03:30, Allan McRae wrote: On 23/04/17 08:07, Gaetan Bisson wrote: [2017-04-22 18:05:27 +0200] Sébastien Luttringer: When do you plan to move openssl rebuild out of testing? Quoting arojas on IRC: 2017-04-20 09:11:27 arojas: current blocker for openssl if FS#53618 2017-04-20

Re: [arch-dev-public] OpenSSL 1.1.0

On 23/04/17 08:07, Gaetan Bisson wrote: > [2017-04-22 18:05:27 +0200] Sébastien Luttringer: >> When do you plan to move openssl rebuild out of testing? > > Quoting arojas on IRC: > > 2017-04-20 09:11:27 arojas: current blocker for openssl if FS#53618 > 2017-04-20 09:11:47 arojas: someone needs

Re: [arch-dev-public] OpenSSL 1.1.0

[2017-04-22 18:05:27 +0200] Sébastien Luttringer: > When do you plan to move openssl rebuild out of testing? Quoting arojas on IRC: 2017-04-20 09:11:27 arojas: current blocker for openssl if FS#53618 2017-04-20 09:11:47 arojas: someone needs to decide whether we care about it or not, and if yes

Re: [arch-dev-public] OpenSSL 1.1.0

On Sat, 2017-02-11 at 09:32 +0100, Pierre Schmitz wrote: > On 29.01.2017 21:49, Pierre Schmitz wrote: > > Hi, > > > > I'd like to propose a migration to OpenSSL 1.1. The update comes with > > ABI and API changes. Every linked packages needs to be rebuild. There > > will likely be broken packages.

Re: [arch-dev-public] OpenSSL 1.1.0

On 2017-03-25 13:50, Jerome Leclanche wrote: > On Sat, Mar 25, 2017 at 2:46 PM, Lukas Fleischer > wrote: >> Hi, >> >> I just moved the OpenSSL 1.1.0 and libgit2 0.25 rebuilds to [testing]. >> Please report issues to the bug tracker. >> >> Regards, >> Lukas > > Heads up,

Re: [arch-dev-public] OpenSSL 1.1.0

On Sat, Mar 25, 2017 at 2:46 PM, Lukas Fleischer wrote: > Hi, > > I just moved the OpenSSL 1.1.0 and libgit2 0.25 rebuilds to [testing]. > Please report issues to the bug tracker. > > Regards, > Lukas Heads up, uwsgi breaks with OpenSSL 1.1:

Re: [arch-dev-public] OpenSSL 1.1.0

Hi, I just moved the OpenSSL 1.1.0 and libgit2 0.25 rebuilds to [testing]. Please report issues to the bug tracker. Regards, Lukas

Re: [arch-dev-public] OpenSSL 1.1.0

On Thu, 2017-03-02 at 20:06 +0100, Lukas Fleischer wrote: > On Thu, 02 Mar 2017 at 07:05:44, Lukas Fleischer wrote: > > What is the plan for packages where upstream is dead or reluctant > > to > > migrate to OpenSSL 1.1.0 (see e.g. [1])? Are we going to ship a > > legacy > > openssl-compat (or

Re: [arch-dev-public] OpenSSL 1.1.0

On Thu, 02 Mar 2017 at 07:05:44, Lukas Fleischer wrote: > What is the plan for packages where upstream is dead or reluctant to > migrate to OpenSSL 1.1.0 (see e.g. [1])? Are we going to ship a legacy > openssl-compat (or libressl) package for a while? It seems like there already is an openssl-1.0

Re: [arch-dev-public] OpenSSL 1.1.0

On Sun, 29 Jan 2017 at 21:49:51, Pierre Schmitz wrote: > I'd like to propose a migration to OpenSSL 1.1. The update comes with > ABI and API changes. Every linked packages needs to be rebuild. There > will likely be broken packages. Once the protobuf* rebuild has left the > [staging] repo I

Re: [arch-dev-public] OpenSSL 1.1.0

Christian Hesse on Thu, 2017/02/23 22:29: > I have a working version of openvpn, but it requires heavy patching. I will > wait for version 2.4.1 which has a lot of preparation (and with some luck is > ported completly). Will push an openssl rebuild then. > If anybody is

Re: [arch-dev-public] OpenSSL 1.1.0

Baptiste Jonglez on Thu, 2017/02/23 23:36: > > Mupdf is a burden to maintain due to build system, bundled libraries and > > static linking. Looks like upstream is not yet interested in openssl > > 1.1.0... As I do not use it currently this will move to [community] if

Re: [arch-dev-public] OpenSSL 1.1.0

Christian Hesse on Fri, 2017/02/24 13:37: > Antonio Rojas on Thu, 2017/02/23 21:42: > > El Thu, 23 Feb 2017 22:29:17 +0100, Christian Hesse escribió: > > > > > Mariadb is still unsolved. There is a ticket in upstream jira [0] but it > > > does not carry

Re: [arch-dev-public] OpenSSL 1.1.0

Antonio Rojas on Thu, 2017/02/23 21:42: > El Thu, 23 Feb 2017 22:29:17 +0100, Christian Hesse escribió: > > > Mariadb is still unsolved. There is a ticket in upstream jira [0] but it > > does not carry anything useful. There's a reference for a review, but I > > could not

Re: [arch-dev-public] OpenSSL 1.1.0

On Thu, Feb 23, 2017 at 10:29:17PM +0100, Christian Hesse wrote: > > I will push the first set of packages to [staging]. Please avoid doing > > other rebuilds until this one is done. > > Are you interested in details? FWIW, Debian stretch has openssl 1.1.0, so I guess they had to adapt lots of

Re: [arch-dev-public] OpenSSL 1.1.0

El Thu, 23 Feb 2017 22:29:17 +0100, Christian Hesse escribió: > Mariadb is still unsolved. There is a ticket in upstream jira [0] but it > does not carry anything useful. There's a reference for a review, but I > could not find the patch in mail archive. Will try to contact the > developers and

Re: [arch-dev-public] OpenSSL 1.1.0

Pierre Schmitz on Sat, 2017/02/11 09:32: > On 29.01.2017 21:49, Pierre Schmitz wrote: > > Hi, > > > > I'd like to propose a migration to OpenSSL 1.1. The update comes with > > ABI and API changes. Every linked packages needs to be rebuild. There > > will likely be broken

Re: [arch-dev-public] OpenSSL 1.1.0

Em fevereiro 11, 2017 6:36 Pierre Schmitz escreveu: For now I'd like to keep openssl. This might change when upstream projects might switch to libressl. ATM I do not see an objective reason to do so. If it is a drop in replacement a separate package could be provided. Sure, as I said, it

Re: [arch-dev-public] OpenSSL 1.1.0

On 30.01.2017 14:09, Giancarlo Razzolini wrote: Em janeiro 30, 2017 1:05 Allan McRae escreveu: Please cite one example. Every CVE I have seen that is of at least high severity has affected both. There have been some low severity ones only affecting openssl. Even worse, the fix time for

Re: [arch-dev-public] OpenSSL 1.1.0

On 29.01.2017 21:49, Pierre Schmitz wrote: Hi, I'd like to propose a migration to OpenSSL 1.1. The update comes with ABI and API changes. Every linked packages needs to be rebuild. There will likely be broken packages. Once the protobuf* rebuild has left the [staging] repo I would like to

Re: [arch-dev-public] OpenSSL 1.1.0

Em janeiro 30, 2017 1:05 Allan McRae escreveu: Please cite one example. Every CVE I have seen that is of at least high severity has affected both. There have been some low severity ones only affecting openssl. Even worse, the fix time for libressl in the couple of issues I monitored was

Re: [arch-dev-public] OpenSSL 1.1.0

On 30/01/17 08:30, Giancarlo Razzolini wrote: > Em janeiro 29, 2017 20:04 Doug Newgard escreveu: >> >> I haven't heard all that much from/about LibreSSL since shortly after >> the fork. >> Care to share what advantages it would bring, and at what cost? >> > > The cost for rebuilding everything

Re: [arch-dev-public] OpenSSL 1.1.0

Em janeiro 29, 2017 20:04 Doug Newgard escreveu: I haven't heard all that much from/about LibreSSL since shortly after the fork. Care to share what advantages it would bring, and at what cost? The cost for rebuilding everything against OpenSSL 1.1 will probably be a big one. For LibreSSL,

Re: [arch-dev-public] OpenSSL 1.1.0

On Sun, 29 Jan 2017 21:43:18 + Giancarlo Razzolini wrote: > Em janeiro 29, 2017 18:49 Pierre Schmitz escreveu: > > Hi, > > > > I'd like to propose a migration to OpenSSL 1.1. The update comes with > > ABI and API changes. > > I don't know if it ever was

Re: [arch-dev-public] OpenSSL 1.1.0

Em janeiro 29, 2017 18:49 Pierre Schmitz escreveu: Hi, I'd like to propose a migration to OpenSSL 1.1. The update comes with ABI and API changes. I don't know if it ever was discussed, but did we ever considered LibreSSL instead? There are some distros out there using it already using, I