Bug#802159: New OpenSSL upstream version
On Tue, Dec 15, 2015 at 08:00:59PM +, Adam D. Barratt wrote: > [dropped explicit CCs to RT and TC members] > > On Tue, 2015-10-20 at 20:37 +0200, Kurt Roeckx wrote: > > On Tue, Oct 20, 2015 at 01:12:42PM -0500, Don Armstrong wrote: > > > So from what I'm gathering, this looks like a case where there isn't > > > enough eyeballs to adequately review this particularly set of updates, > > > coupled with the importance of making sure that these updates are > > > correct and don't cause any unintended issues. > > > > There is always the case that one persons bug is an other persons > > feature. But those new upstream versions have been in stable and > > testing for a while now without actually breaking anything. > > (I'm assuming "unstable".) I really meant stable. stable has a newer version than oldstable from the same 1.0.1 series. Kurt
Bug#802159: New OpenSSL upstream version
On Tue, Dec 15, 2015 at 08:00:59PM +, Adam D. Barratt wrote: > > Even a naively filtered diff - excluding documentation and tests - > between the 1.0.1k tag and HEAD on upstream's stable branch is much > larger than I'd imagined (1091 files changed, 73609+, 68591-), but > paging through it there's a significant amount of "no-op" changes such > as > > - seed_len, > - param_len; > + seed_len, param_len; > > that git diff is sadly too dumb to be able to ignore (or I'm too dumb to > be able to drive it to do so). There was a reformat of the code between those releases. See: https://www.openssl.org/blog/blog/2015/02/11/code-reformat-finished/ It includes the tags before and after the reformat. Kurt
Bug#802159: New OpenSSL upstream version
[dropped explicit CCs to RT and TC members] On Tue, 2015-10-20 at 20:37 +0200, Kurt Roeckx wrote: > On Tue, Oct 20, 2015 at 01:12:42PM -0500, Don Armstrong wrote: > > So from what I'm gathering, this looks like a case where there isn't > > enough eyeballs to adequately review this particularly set of updates, > > coupled with the importance of making sure that these updates are > > correct and don't cause any unintended issues. > > There is always the case that one persons bug is an other persons > feature. But those new upstream versions have been in stable and > testing for a while now without actually breaking anything. (I'm assuming "unstable".) Even a naively filtered diff - excluding documentation and tests - between the 1.0.1k tag and HEAD on upstream's stable branch is much larger than I'd imagined (1091 files changed, 73609+, 68591-), but paging through it there's a significant amount of "no-op" changes such as - seed_len, - param_len; + seed_len, param_len; that git diff is sadly too dumb to be able to ignore (or I'm too dumb to be able to drive it to do so). Do we have an approximate idea of how far divorced from upstream's 1.0.1e/k releases the corresponding packages in wheezy and jessie currently are? Regards, Adam