[Touch-packages] [Bug 1991771] Re: [FFe] Update to 3.0.6
** Changed in: openssl (Ubuntu) Status: Triaged => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1991771 Title: [FFe] Update to 3.0.6 Status in openssl package in Ubuntu: Won't Fix Bug description: There's an upcoming security release for OpenSSL according to https://mta.openssl.org/pipermail/openssl- users/2022-October/015477.html The timing is somewhat unfortunate given our own release schedule. The current version of openssl in kinetic, 3.0.5-2ubuntu1, is actually a snapshot of the 3.0 branch ahead of 3.0.5 (inherited from Debian during the last merge). Sadly, they don't have a proper changelog (even partial) for the upcoming release yet, but I'll attach the diff and shortlog between our current version and the current state of the branch to get an idea of what's to come. As usual for their 3.0 point releases, it's not just security fixes but general bugfixes as well. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1991771/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1991771] Re: [FFe] Update to 3.0.6
** Changed in: openssl (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1991771 Title: [FFe] Update to 3.0.6 Status in openssl package in Ubuntu: Triaged Bug description: There's an upcoming security release for OpenSSL according to https://mta.openssl.org/pipermail/openssl- users/2022-October/015477.html The timing is somewhat unfortunate given our own release schedule. The current version of openssl in kinetic, 3.0.5-2ubuntu1, is actually a snapshot of the 3.0 branch ahead of 3.0.5 (inherited from Debian during the last merge). Sadly, they don't have a proper changelog (even partial) for the upcoming release yet, but I'll attach the diff and shortlog between our current version and the current state of the branch to get an idea of what's to come. As usual for their 3.0 point releases, it's not just security fixes but general bugfixes as well. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1991771/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1991771] Re: [FFe] Update to 3.0.6
Given the late glibc change now in flight, I do not think we have the capacity to take an openssl change this late in the release cycle without significantly taxing the team to make the release happen. Especially since the security fixes are low impact and the upstream release is not security-fix-only, I definitely do not think we can grant a freeze exception at this point, and think the chances of granting one on Tuesday when the upstream release has happened are low. I would advise that you work with the Security Team to work out what a zero-day security update of this package should look like. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1991771 Title: [FFe] Update to 3.0.6 Status in openssl package in Ubuntu: New Bug description: There's an upcoming security release for OpenSSL according to https://mta.openssl.org/pipermail/openssl- users/2022-October/015477.html The timing is somewhat unfortunate given our own release schedule. The current version of openssl in kinetic, 3.0.5-2ubuntu1, is actually a snapshot of the 3.0 branch ahead of 3.0.5 (inherited from Debian during the last merge). Sadly, they don't have a proper changelog (even partial) for the upcoming release yet, but I'll attach the diff and shortlog between our current version and the current state of the branch to get an idea of what's to come. As usual for their 3.0 point releases, it's not just security fixes but general bugfixes as well. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1991771/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1991771] Re: [FFe] Update to 3.0.6
** Changed in: openssl (Ubuntu) Status: Confirmed => New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1991771 Title: [FFe] Update to 3.0.6 Status in openssl package in Ubuntu: New Bug description: There's an upcoming security release for OpenSSL according to https://mta.openssl.org/pipermail/openssl- users/2022-October/015477.html The timing is somewhat unfortunate given our own release schedule. The current version of openssl in kinetic, 3.0.5-2ubuntu1, is actually a snapshot of the 3.0 branch ahead of 3.0.5 (inherited from Debian during the last merge). Sadly, they don't have a proper changelog (even partial) for the upcoming release yet, but I'll attach the diff and shortlog between our current version and the current state of the branch to get an idea of what's to come. As usual for their 3.0 point releases, it's not just security fixes but general bugfixes as well. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1991771/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1991771] Re: [FFe] Update to 3.0.6
** Patch added: "openssl.diff" https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1991771/+attachment/5621368/+files/openssl.diff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1991771 Title: [FFe] Update to 3.0.6 Status in openssl package in Ubuntu: Confirmed Bug description: There's an upcoming security release for OpenSSL according to https://mta.openssl.org/pipermail/openssl- users/2022-October/015477.html The timing is somewhat unfortunate given our own release schedule. The current version of openssl in kinetic, 3.0.5-2ubuntu1, is actually a snapshot of the 3.0 branch ahead of 3.0.5 (inherited from Debian during the last merge). Sadly, they don't have a proper changelog (even partial) for the upcoming release yet, but I'll attach the diff and shortlog between our current version and the current state of the branch to get an idea of what's to come. As usual for their 3.0 point releases, it's not just security fixes but general bugfixes as well. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1991771/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp