[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

** Tags added: bionic-openssl-1.1 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title: [SRU] OpenSSL 1.1.1 to 18.04 LTS To manage notifications about this bug go to:

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Dimitri John Ledkov (xnox) wrote on 2019-06-19: > Have you tried openssl 1.1.1-1ubuntu2.1~18.04.3 from bionic proposed? I can confirm that 1.1.1-1ubuntu2.1~18.04.3 (already released a couple of days ago) fixes the issue. Thanks a lot! -- You received this bug notification because you are a

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

This bug was fixed in the package python-tornado - 4.5.3-1ubuntu0.1 --- python-tornado (4.5.3-1ubuntu0.1) bionic; urgency=medium * Cherrypick patches from python-tornado4 4.5.3-2 package, to enable OpenSSL 1.1.1 support LP: #1797386: - New_test_crt.patch regenerate stronger

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Looking at autopkgtest regressions for python-tornado http://autopkgtest.ubuntu.com/packages/b/bdfproxy/bionic/ppc64el has never passed on bionic. Can sru team please commit badtest hint for bdfproxy and release python- tarnado? -- You received this bug notification because you are a member of

Re: [Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

On Wed, 19 Jun 2019, 16:30 Sascha Silbe, wrote: > > This update breaks salt-ssh 2016.11.2 (started from a different computer > that's running Debian Stretch) on Ubuntu 18.04 (running on the machine > being managed). Having Salt break from one day to the next for managing > an LTS (!) release is a

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

This update breaks salt-ssh 2016.11.2 (started from a different computer that's running Debian Stretch) on Ubuntu 18.04 (running on the machine being managed). Having Salt break from one day to the next for managing an LTS (!) release is a rather major PITA. Curiously enough, salt-ssh 2016.11.2

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

built and passed all autopkgtests on all architectures. ** Tags removed: verification-needed verification-needed-bionic ** Tags added: verification-done verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

** No longer affects: python-tornado (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title: [SRU] OpenSSL 1.1.1 to 18.04 LTS To manage notifications about this bug go to:

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Hello Dimitri, or anyone else affected, Accepted python-tornado into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python- tornado/4.5.3-1ubuntu0.1 in a few hours, and then in the -proposed repository. Please help us by testing this new

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

This bug was fixed in the package libio-socket-ssl-perl - 2.060-3~ubuntu18.04.1 --- libio-socket-ssl-perl (2.060-3~ubuntu18.04.1) bionic; urgency=medium * Backport 2.060 to 18.04 LTS with TLSv1.3 support. LP: #1797386 Includes: - upstream TLSv1.3 support - testsuite

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

This bug was fixed in the package libnet-ssleay-perl - 1.84-1ubuntu0.1 --- libnet-ssleay-perl (1.84-1ubuntu0.1) bionic; urgency=medium * Cherrypick patches prepared by Damyan Ivanov from 1.85-2 for OpenSSL 1.1.1 support (LP: #1797386): + add five patches from fedora +

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

This bug was fixed in the package libwww-perl - 6.31-1ubuntu0.1 --- libwww-perl (6.31-1ubuntu0.1) bionic; urgency=medium [ gregor herrmann ] * Drop drop-non-blocking-socket.patch. The patch is not only not needed anymore, it also causes troubles with OpenSSL 1.1.1 (via

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

This bug was fixed in the package python2.7 - 2.7.15-4ubuntu4~18.04 --- python2.7 (2.7.15-4ubuntu4~18.04) bionic; urgency=medium * Rebuild against OpenSSL 1.1.1. LP: #1797386 * Update to 2.7.15 final. -- Dimitri John Ledkov Tue, 27 Nov 2018 23:36:35 + ** Changed in:

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

This bug was fixed in the package python3.7 - 3.7.3-2~18.04.1 --- python3.7 (3.7.3-2~18.04.1) bionic; urgency=medium * Rebuild with OpenSSL 1.1.1. LP: #1797386 -- Dimitri John Ledkov Wed, 03 Apr 2019 20:16:38 +0100 ** Changed in: ruby2.5 (Ubuntu Bionic) Status: Fix

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

This bug was fixed in the package ruby-openssl - 2.0.9-0ubuntu1 --- ruby-openssl (2.0.9-0ubuntu1) bionic; urgency=medium * New upstream micro bugfix point release. * Fixes compatibility with OpenSSL 1.1.1. LP: #1797386 * Fixes CVE-2018-16395 * Drop Debian-specific no-tls-v1.1

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

This bug was fixed in the package python-cryptography - 2.1.4-1ubuntu1.3 --- python-cryptography (2.1.4-1ubuntu1.3) bionic; urgency=medium * Rebuild against OpenSSL 1.1.1, cherrypick upstream testsuite fix for 1.1.1. LP: #1797386 -- Dimitri John Ledkov Mon, 17 Dec 2018

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

This bug was fixed in the package openssl - 1.1.1-1ubuntu2.1~18.04.1 --- openssl (1.1.1-1ubuntu2.1~18.04.1) bionic; urgency=medium * Backport OpenSSL 1.1.1 to 18.04 LTS. LP: #1797386 * Adjust Breaks on versions published in bionic-release. openssl (1.1.1-1ubuntu2.1)

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

This bug was fixed in the package python3.6 - 3.6.8-1~18.04.1 --- python3.6 (3.6.8-1~18.04.1) bionic; urgency=medium * Rebuild with OpenSSL 1.1.1. LP: #1797386 python3.6 (3.6.8-1) unstable; urgency=medium * Python 3.6.8 release. * Revert the link optimization changes which

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

This bug was fixed in the package ruby2.5 - 2.5.1-1ubuntu1.4 --- ruby2.5 (2.5.1-1ubuntu1.4) bionic; urgency=medium * Cherrypick ruby-openssl upstream commits to fix compat with OpenSSL 1.1.1 LP: #1797386 -- Dimitri John Ledkov Tue, 23 Apr 2019 23:50:41 +0100 ** Changed in:

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

This bug was fixed in the package r-cran-openssl - 1.0.1-1ubuntu1.1 --- r-cran-openssl (1.0.1-1ubuntu1.1) bionic; urgency=medium * Cherrypick testsuite update for OpenSSL 1.1.1 LP: #1797386 -- Dimitri John Ledkov Tue, 11 Dec 2018 16:55:46 +1100 ** Changed in: r-cran-openssl

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Ship it! ** Tags removed: verification-needed verification-needed-bionic ** Tags added: verification-done verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title:

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

autopkgtest regressions: some kernel flavours are failing to build from source due to running out of memory whilst compiling mellanox drivers. Requesting to add all kernel flavours to big_packages configuration in https://bugs.launchpad.net/auto-package-testing/+bug/1831446 -- You received

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

autopkgtest regressions: libgeo-coder-googlev3-perl request to badtest + sru to unbreak autopkgtests https://bugs.launchpad.net/ubuntu/+source/libgeo-coder-googlev3-perl/+bug/1831443 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

RE: perl openssl read/write|_all changes OpenSSL 1.1.1 has enabled AUTO_RETRY by default and all non-application data records are retried by default. Thus this is effectively a no- change for higher level users as retries have moved further down the stack to libssl itself. Upstream executes

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Ok, so not having full context as some of the discussion was happening on IRC (and no mention of it was left on the bug here + the package was not rejected from the queue), I have possibly prematurely accepted the libnet-ssleay-perl SRU. After getting logs from Rik I see there's still no consensus

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Ok, I see it's simply missing another SRU that's already in the queue. Looking at it since it's needed to unblock everything. ** Changed in: libnet-ssleay-perl (Ubuntu Bionic) Status: In Progress => Fix Committed ** Tags removed: verification-failed-bionic ** Tags added:

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

The libio-socket-ssl-perl SRU seems to have broken dependencies, causing build failures for other SRUs (ibus-libpinyin) and image builds. libio-socket-ssl-perl : Depends: libnet-ssleay-perl (>= 1.84-1ubuntu0.1) but it is not going to be installed I'm actually considering removing the SRU from

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

** Description changed: [Impact]  * OpenSSL 1.1.1 is an LTS release upstream, which will continue to receive security support for much longer than 1.1.0 series will.  * OpenSSL 1.1.1 comes with support for TLS v1.3 which is expected to be rapidly adopted due to increased set of

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Hello Dimitri, or anyone else affected, Accepted libio-socket-ssl-perl into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source /libio-socket-ssl-perl/2.060-3~ubuntu18.04.1 in a few hours, and then in the -proposed repository. Please help us by

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Hello Dimitri, or anyone else affected, Accepted libwww-perl into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/libwww- perl/6.31-1ubuntu0.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package.

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

** Description changed: [Impact]  * OpenSSL 1.1.1 is an LTS release upstream, which will continue to receive security support for much longer than 1.1.0 series will.  * OpenSSL 1.1.1 comes with support for TLS v1.3 which is expected to be rapidly adopted due to increased set of

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

And there needs to be an explicit test case for libwww-perl given the specific regression potential known here ** Changed in: libwww-perl (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Note that the regression which is introduced is cross-package; a latent bug in libwww-perl is exposed by the update of libio-socket-ssl-perl. This means libio-socket-ssl-perl needs a reupload to declare a breaks: on the older versions of libwww-perl, so that users don't install the

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

** Changed in: python-tornado (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title: [SRU] OpenSSL 1.1.1 to 18.04 LTS To manage notifications

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

** Also affects: libwww-perl (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title: [SRU] OpenSSL 1.1.1 to 18.04 LTS To manage

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Hello Dimitri, or anyone else affected, Accepted ruby2.5 into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ruby2.5/2.5.1-1ubuntu1.4 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

** Bug watch removed: trac.nginx.org/nginx/ #1529 http://trac.nginx.org/nginx/ticket/1529 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title: [SRU] OpenSSL 1.1.1 to 18.04 LTS To manage

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

** Bug watch removed: github.com/openssl/openssl/issues #3665 https://github.com/openssl/openssl/issues/3665 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title: [SRU] OpenSSL 1.1.1 to

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

** Bug watch removed: github.com/openssl/openssl/issues #8055 https://github.com/openssl/openssl/issues/8055 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title: [SRU] OpenSSL 1.1.1 to

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

** Description changed: [Impact]  * OpenSSL 1.1.1 is an LTS release upstream, which will continue to receive security support for much longer than 1.1.0 series will.  * OpenSSL 1.1.1 comes with support for TLS v1.3 which is expected to be rapidly adopted due to increased set of

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title: [SRU] OpenSSL 1.1.1 to 18.04 LTS To manage notifications about this bug go

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title: [SRU] OpenSSL 1.1.1 to 18.04 LTS To manage notifications about this bug go

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

@Dimitri The https://bugs.launchpad.net/openssl/+bug/1828215 issue affects a custom application. I don't know whether any packages shipped in Ubuntu are directly impacted. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

@tim As that is a regression already in cosmic, disco and eoan, it's best to track fixing that up and track via a separate SRU bug #. Please see https://bugs.launchpad.net/openssl/+bug/1828215 and subscribe to that bug and use that one to track releasing updates for the issue you report. Which

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Relative to openssl 1.1.0g-2ubuntu4.3, openssl 1.1.1 (via 1.1.0i) has a regression in the "openssl ca -spkac" interface that will break applications that depend on the output of that command: https://github.com/openssl/openssl/issues/8055 The fix is in master, but has not been backported to

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

In regression potential, in the connectivity section, added more info about "non-application data records" issues that may cause main-loop hangs. ** Description changed: [Impact]  * OpenSSL 1.1.1 is an LTS release upstream, which will continue to receive security support for much longer

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Nova is tracked in https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1771506 ** No longer affects: nova (Ubuntu Bionic) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title: [SRU] OpenSSL

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: python-tornado (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

a wild guess is that we need some upstream commits cherry-picked e.g. https://github.com/tornadoweb/tornado/commit/00675409071b41650a5cd6894cafd921d16085ae https://github.com/tornadoweb/tornado/commit/58067883c40b2894b5bdf26dd79c30b6e49207d7

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

python-tornado FTBFS with this proposed-pocket. see e.g. the good build https://launchpadlibrarian.net/421462446/buildlog_ubuntu-bionic-ppc64el.python-tornado_4.5.3-1build1_BUILDING.txt.gz (release only pocket) and the bad one:

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: nova (Ubuntu Bionic) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title:

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: ruby2.5 (Ubuntu Bionic) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

libnet-ssleay-perl 1.86 is currently at beta9 and that version implements more comprehensive support for tls 1.3, including for example exposing APIs needed to implement post-handshake-authentication (changing client/server certs, post establishing a session, without establishing a new

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

** Changed in: openssl (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title: [SRU] OpenSSL 1.1.1 to 18.04 LTS To manage notifications

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Hello Dimitri, or anyone else affected, Accepted python3.7 into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python3.7/3.7.3-2~18.04.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

The libio-socket-ssl-perl debdiff includes the following changes to upstream tests: (t/ecdhe.t) +my $protocol = $to_server->get_sslversion; +if ($protocol eq 'TLSv1_3') { +# +ok("# SKIP TLSv1.3 doesn't advertize key

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Hello Dimitri, or anyone else affected, Accepted python-cryptography into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source /python-cryptography/2.1.4-1ubuntu1.3 in a few hours, and then in the -proposed repository. Please help us by testing

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Hello Dimitri, or anyone else affected, Accepted python3.6 into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python3.6/3.6.8-1~18.04.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Hello Dimitri, or anyone else affected, Accepted python2.7 into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python2.7/2.7.15-4ubuntu4~18.04 in a few hours, and then in the -proposed repository. Please help us by testing this new package.

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

This is affecting radosgw's civetweb (embedded webserver) when SSL is in used for Bionic which doesn't yet support OpenSSL 1.1 in civetweb v1.8 -> LP: #1822872 . The support of OpenSSL 1.1 start only with civetweb v1.10 and later. - Eric -- You received this bug notification because you are a

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

needs a test case for libnet-ssleay-perl. ** Also affects: libnet-ssleay-perl (Ubuntu) Importance: Undecided Status: New ** No longer affects: libnet-ssleay-perl (Ubuntu) ** Changed in: libnet-ssleay-perl (Ubuntu Bionic) Status: New => Incomplete -- You received this bug

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

** Description changed: [Impact]  * OpenSSL 1.1.1 is an LTS release upstream, which will continue to receive security support for much longer than 1.1.0 series will.  * OpenSSL 1.1.1 comes with support for TLS v1.3 which is expected to be rapidly adopted due to increased set of

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

** No longer affects: salt (Ubuntu) ** No longer affects: salt (Ubuntu Bionic) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title: [SRU] OpenSSL 1.1.1 to 18.04 LTS To manage

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Thank @xnox, I just made the test and I have the same issue with rebuilt python3.6. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title: [SRU] OpenSSL 1.1.1 to 18.04 LTS To manage

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

@eole-team hm, that shouldn't happen. python3.6, rebuilt against openssl1.1.1, has not been accepted yet into bionic-proposed. And even, when I upgrade to python3.6 from the staging ppa, salt still fails. To get the pending python3.6, you can use the below PPA: $ sudo add-apt-repository

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

The libssl1.1 version 1.1.1-1ubuntu2.1~18.04.1 breaks salt package version 2017.7.4+dfsg1-1: root@server:~# salt-key -L Error: unknown error (_ssl.c:2788) root@server:~# salt --versions-report Traceback (most recent call last): File "/usr/bin/salt", line 10, in salt_main() File

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

** Description changed: [Impact]  * OpenSSL 1.1.1 is an LTS release upstream, which will continue to receive security support for much longer than 1.1.0 series will.  * OpenSSL 1.1.1 comes with support for TLS v1.3 which is expected to be rapidly adopted due to increased set of

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

** Description changed: [Impact]  * OpenSSL 1.1.1 is an LTS release upstream, which will continue to receive security support for much longer than 1.1.0 series will.  * OpenSSL 1.1.1 comes with support for TLS v1.3 which is expected to be rapidly adopted due to increased set of

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Hello Dimitri, or anyone else affected, Accepted openssl into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package.

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Steve Langasek has pointed out that I missed the point of the bug. I'm not comfortable with OPENSSL_TLS_SECURITY_LEVEL=0 in bionic. (Or, indeed, in cosmic either.) We shipped 18.04 LTS with OPENSSL_TLS_SECURITY_LEVEL=1, correct? I don't recall seeing more than a handful of complaints about

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

I'm slightly concerned about raising the TLS minimums in our next LTS release without some exposure to it in the 19.10 release. But this plan sounds better than waiting until 20.10 to raise the minimums -- and 19.10 may be too soon to take the step. But we don't have to decide on 19.10 defaults

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

** Changed in: openssl (Ubuntu) Assignee: (unassigned) => Steve Langasek (vorlon) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title: [SRU] OpenSSL 1.1.1 to 18.04 LTS To manage

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

** Description changed: [Impact]  * OpenSSL 1.1.1 is an LTS release upstream, which will continue to receive security support for much longer than 1.1.0 series will.  * OpenSSL 1.1.1 comes with support for TLS v1.3 which is expected to be rapidly adopted due to increased set of

Re: [Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

On Tue, 12 Mar 2019 at 19:35, Seth Arnold <1797...@bugs.launchpad.net> wrote: > > On Tue, Mar 12, 2019 at 04:05:45PM -, Dimitri John Ledkov wrote: > > defaults. And all of them however have committed to drop support for > > those in 2020. My expectation is to follow suit, and set default > >

Re: [Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

On Tue, Mar 12, 2019 at 04:05:45PM -, Dimitri John Ledkov wrote: > defaults. And all of them however have committed to drop support for > those in 2020. My expectation is to follow suit, and set default > security level to 2, and require TLS1.2 shortly after 19.10 release. Can you expand upon

Re: [Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

On Mon, 11 Mar 2019 at 21:20, Steve Langasek wrote: > > Acceptance of openssl currently blocked on coverage of the (distro > patch) OPENSSL_TLS_SECURITY_LEVEL change as part of the SRU template. > In Debian (but never ubuntu) they have bumped the default security level from 1, to 2. In Ubuntu,

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Acceptance of openssl currently blocked on coverage of the (distro patch) OPENSSL_TLS_SECURITY_LEVEL change as part of the SRU template. ** Changed in: openssl (Ubuntu Bionic) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Hi, good idea in theory, but I want to add my 2cents: Please coordinate this update with ALL affected packages, like apache2 and nginx. My reason is: I just tried the PPA and found that nginx works with TLS 1.3 after that right out of the box. HOWEVER, there is a problem: openssl 1.1.1 has

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Hello Dimitri, or anyone else affected, Accepted ruby-openssl into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ruby- openssl/2.0.9-0ubuntu1 in a few hours, and then in the -proposed repository. Please help us by testing this new package.

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Hello Dimitri, or anyone else affected, Accepted r-cran-openssl into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/r-cran- openssl/1.0.1-1ubuntu1.1 in a few hours, and then in the -proposed repository. Please help us by testing this new

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

** Also affects: openssl (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: libio-socket-ssl-perl (Ubuntu) Importance: Undecided Status: New ** Also affects: libnet-ssleay-perl (Ubuntu) Importance: Undecided Status: New ** Also affects: nova

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Please see also: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1803689 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title: [SRU] OpenSSL 1.1.1 to 18.04 LTS To manage

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

@mruffalo This is about distribution provided packages only, installed system-wide. Not about binaries side installed from wheels from third-party providers. Can you test using $ sudo apt install python3-psycopg2 Without any wheels installed from pypi... -- You received this bug

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

** Description changed: [Impact]  * OpenSSL 1.1.1 is an LTS release upstream, which will continue to receive security support for much longer than 1.1.0 series will.  * OpenSSL 1.1.1 comes with support for TLS v1.3 which is expected to be rapidly adopted due to increased set of

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Thank you very much, Dimitri -- I am interested in this also. I tested that PPA on a test web server running nginx, uwsgi, uwsgi- plugin-python3, Django 1.11(.16), and a Python 3.6 'pyvenv' virtual environment using 'psycopg2' to connect to a PostgreSQL 10 server via the pre-built Python wheel

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Here is a quick update on this SRU. Bringing in Apache support is currently not in scope. However, this can be investigated separately and possibly would most likely look like a targetted backport of mod_ssl, rather than a full upgrade of all of the apache2. But again only after OpenSSL 1.1.1 SRU

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Any news on this? Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title: [SRU] OpenSSL 1.1.1 to 18.04 LTS To manage notifications about this bug go to:

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

I would love to be able to Use OpenSSL 1.1.1 (TLS 1.3) with Apache2 on 18.04 LTS. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title: [SRU] OpenSSL 1.1.1 to 18.04 LTS To manage

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

I'm very much in favor of this. Does this imply an update to Apache 2.4.37, too? (see https://github.com/apache/httpd/blob/2.4.x/CHANGES) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title:

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: openssl (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title:

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

** Description changed: [Impact] - * OpenSSL 1.1.1 is an LTS release upstream, which will continue to +  * OpenSSL 1.1.1 is an LTS release upstream, which will continue to receive security support for much longer than 1.1.0 series will. - * OpenSSL 1.1.1 comes with support for TLS

[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

** Summary changed: - SRU OpenSSL 1.1.1 to 18.04 LTS + [SRU] OpenSSL 1.1.1 to 18.04 LTS -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title: [SRU] OpenSSL 1.1.1 to 18.04 LTS To manage