[Bug 1823332] Re: salt --versions-report broken in bionic/cosmic with openssl 1.1.1
This bug was fixed in the package salt - 2017.7.4+dfsg1-1ubuntu18.04.1 --- salt (2017.7.4+dfsg1-1ubuntu18.04.1) bionic; urgency=medium * Cherrypick two upstream patches to fix compat with OpenSSL 1.1.1, without these salt fails to start when OpenSSL is upgraded from 1.1.0 to 1.1.1. LP: #1823332 * Fix up install call in debian/rules to resolve FTBFS. -- Dimitri John Ledkov Fri, 05 Apr 2019 15:41:52 +0100 ** Changed in: salt (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823332 Title: salt --versions-report broken in bionic/cosmic with openssl 1.1.1 To manage notifications about this bug go to: https://bugs.launchpad.net/salt/+bug/1823332/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823332] Re: salt --versions-report broken in bionic/cosmic with openssl 1.1.1
# dpkg-query -W libssl1.1 salt-master libssl1.1:amd64 1.1.1-1ubuntu2.1~18.04.1 salt-master 2017.7.4+dfsg1-1ubuntu18.04.1 (bionic-amd64)root@ottawa:~# salt --versions-report Salt Version: Salt: 2017.7.4 Dependency Versions: cffi: Not Installed cherrypy: Not Installed dateutil: 2.6.1 docker-py: Not Installed gitdb: Not Installed gitpython: Not Installed ioflo: Not Installed Jinja2: 2.10 libgit2: 0.26.0 libnacl: Not Installed M2Crypto: Not Installed Mako: Not Installed msgpack-pure: Not Installed msgpack-python: 0.5.6 mysql-python: Not Installed pycparser: Not Installed pycrypto: 2.6.1 pycryptodome: Not Installed pygit2: 0.26.2 Python: 3.6.8 (default, Jan 14 2019, 11:02:34) python-gnupg: Not Installed PyYAML: 3.12 PyZMQ: 16.0.2 RAET: Not Installed smmap: Not Installed timelib: Not Installed Tornado: 4.5.3 ZMQ: 4.2.5 System Versions: dist: Ubuntu 18.04 bionic locale: ANSI_X3.4-1968 machine: x86_64 release: 5.0.0-13-generic system: Linux version: Ubuntu 18.04 bionic All is good. ** Tags removed: verification-needed verification-needed-bionic ** Tags added: verification-done verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823332 Title: salt --versions-report broken in bionic/cosmic with openssl 1.1.1 To manage notifications about this bug go to: https://bugs.launchpad.net/salt/+bug/1823332/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823332] Re: salt --versions-report broken in bionic/cosmic with openssl 1.1.1
Hello Dimitri, or anyone else affected, Accepted salt into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/salt/2017.7.4+dfsg1-1ubuntu18.04.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: salt (Ubuntu Bionic) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823332 Title: salt --versions-report broken in bionic/cosmic with openssl 1.1.1 To manage notifications about this bug go to: https://bugs.launchpad.net/salt/+bug/1823332/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823332] Re: salt --versions-report broken in bionic/cosmic with openssl 1.1.1
https://launchpad.net/ubuntu/bionic/+queue?queue_state=1_text=salt It's currently awaiting review from Stable Release Updates team, since 5th of April. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823332 Title: salt --versions-report broken in bionic/cosmic with openssl 1.1.1 To manage notifications about this bug go to: https://bugs.launchpad.net/salt/+bug/1823332/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823332] Re: salt --versions-report broken in bionic/cosmic with openssl 1.1.1
Hello. Is there any blocking thing for Bionic? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823332 Title: salt --versions-report broken in bionic/cosmic with openssl 1.1.1 To manage notifications about this bug go to: https://bugs.launchpad.net/salt/+bug/1823332/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823332] Re: salt --versions-report broken in bionic/cosmic with openssl 1.1.1
** Changed in: salt Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823332 Title: salt --versions-report broken in bionic/cosmic with openssl 1.1.1 To manage notifications about this bug go to: https://bugs.launchpad.net/salt/+bug/1823332/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823332] Re: salt --versions-report broken in bionic/cosmic with openssl 1.1.1
** Changed in: salt (Ubuntu Bionic) Status: Confirmed => In Progress ** Description changed: [Impact] - * salt fails to start with OpenSSL 1.1.1 (which is in cosmic-release, + * salt fails to start with OpenSSL 1.1.1 (which is in cosmic-release, bionic-proposed) [Test Case] - * bionic-only: install openssl/libssl1.1 from bionic-proposed + * install openssl/libssl1.1 from bionic-proposed - sudo apt install salt-master - sudo salt --versions-report + sudo apt install salt-master + sudo salt --versions-report - [bad] Python traceback ending in: - ssl.SSLError: unknown error (_ssl.c:2788) + [bad] Python traceback ending in: + ssl.SSLError: unknown error (_ssl.c:2788) - [good] a table of version numbers + [good] a table of version numbers Salt Version: -Salt: 2018.3.0 + Salt: 2018.3.0 ... - [Fix] - * Unused imports, and 1.1.1 incompatible libcrypto init functions in + * Unused imports, and 1.1.1 incompatible libcrypto init functions in salt are causing it to fail to start with OpenSSL 1.1.1. The upstream patches that were merged into stable branch make it compatible with either 1.1.0 or 1.1.1. + * Note that for bionic above is sufficent by itself. In cosmic, python- + tornado got upgraded from v4 to v5 and salt is incompatible with it. + Hence salt in cosmic is currently complete busted due to this issue and + lack of tornado4. I have now requested and SRU to reintroduce tornado4 + into cosmic to unbreak salt in cosmic. But it may take much longer than + the smaller fix for bionic. + [Regression Potential] - * The underlying behavior of crypto with or without these patches is + * The underlying behavior of crypto with or without these patches is not changed. There are no versioned breaks to prevent upgrading libssl1.1 whilst salt is installed, but this fix should make salt compatible with any openssl releases. Currently, salt is completely broken in cosmic-release (fails to start) so it's hard to regress further than that in cosmic. [Other Info] - - * Full traceback + + * Full traceback # sudo apt install salt-master # sudo salt --versions-report Traceback (most recent call last): File "/usr/bin/salt", line 10, in salt_main() File "/usr/lib/python3/dist-packages/salt/scripts.py", line 476, in salt_main client.run() File "/usr/lib/python3/dist-packages/salt/cli/salt.py", line 33, in run import salt.client File "/usr/lib/python3/dist-packages/salt/client/__init__.py", line 31, in import salt.cache File "/usr/lib/python3/dist-packages/salt/cache/__init__.py", line 18, in import salt.loader File "/usr/lib/python3/dist-packages/salt/loader.py", line 26, in import salt.utils.event File "/usr/lib/python3/dist-packages/salt/utils/event.py", line 70, in import tornado.iostream File "/usr/lib/python3/dist-packages/tornado/iostream.py", line 40, in from tornado.netutil import ssl_wrap_socket, _client_ssl_defaults, _server_ssl_defaults File "/usr/lib/python3/dist-packages/tornado/netutil.py", line 45, in ssl.Purpose.SERVER_AUTH) File "/usr/lib/python3.6/ssl.py", line 502, in create_default_context context = SSLContext(PROTOCOL_TLS) File "/usr/lib/python3.6/ssl.py", line 391, in __new__ self = _SSLContext.__new__(cls, protocol) ssl.SSLError: unknown error (_ssl.c:2788) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823332 Title: salt --versions-report broken in bionic/cosmic with openssl 1.1.1 To manage notifications about this bug go to: https://bugs.launchpad.net/salt/+bug/1823332/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823332] Re: salt --versions-report broken in bionic/cosmic with openssl 1.1.1
** Description changed: + [Impact] + + * salt fails to start with OpenSSL 1.1.1 (which is in cosmic-release, + bionic-proposed) + + [Test Case] + + * bionic-only: install openssl/libssl1.1 from bionic-proposed + + sudo apt install salt-master + sudo salt --versions-report + + [bad] Python traceback ending in: + ssl.SSLError: unknown error (_ssl.c:2788) + + [good] a table of version numbers + Salt Version: +Salt: 2018.3.0 + ... + + + [Fix] + + * Unused imports, and 1.1.1 incompatible libcrypto init functions in + salt are causing it to fail to start with OpenSSL 1.1.1. The upstream + patches that were merged into stable branch make it compatible with + either 1.1.0 or 1.1.1. + + [Regression Potential] + + * The underlying behavior of crypto with or without these patches is + not changed. There are no versioned breaks to prevent upgrading + libssl1.1 whilst salt is installed, but this fix should make salt + compatible with any openssl releases. Currently, salt is completely + broken in cosmic-release (fails to start) so it's hard to regress + further than that in cosmic. + + [Other Info] + + * Full traceback + # sudo apt install salt-master # sudo salt --versions-report Traceback (most recent call last): File "/usr/bin/salt", line 10, in salt_main() File "/usr/lib/python3/dist-packages/salt/scripts.py", line 476, in salt_main client.run() File "/usr/lib/python3/dist-packages/salt/cli/salt.py", line 33, in run import salt.client File "/usr/lib/python3/dist-packages/salt/client/__init__.py", line 31, in import salt.cache File "/usr/lib/python3/dist-packages/salt/cache/__init__.py", line 18, in import salt.loader File "/usr/lib/python3/dist-packages/salt/loader.py", line 26, in import salt.utils.event File "/usr/lib/python3/dist-packages/salt/utils/event.py", line 70, in import tornado.iostream File "/usr/lib/python3/dist-packages/tornado/iostream.py", line 40, in from tornado.netutil import ssl_wrap_socket, _client_ssl_defaults, _server_ssl_defaults File "/usr/lib/python3/dist-packages/tornado/netutil.py", line 45, in ssl.Purpose.SERVER_AUTH) File "/usr/lib/python3.6/ssl.py", line 502, in create_default_context context = SSLContext(PROTOCOL_TLS) File "/usr/lib/python3.6/ssl.py", line 391, in __new__ self = _SSLContext.__new__(cls, protocol) ssl.SSLError: unknown error (_ssl.c:2788) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823332 Title: salt --versions-report broken in bionic/cosmic with openssl 1.1.1 To manage notifications about this bug go to: https://bugs.launchpad.net/salt/+bug/1823332/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823332] Re: salt --versions-report broken in bionic/cosmic with openssl 1.1.1
** Changed in: salt Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823332 Title: salt --versions-report broken in bionic/cosmic with openssl 1.1.1 To manage notifications about this bug go to: https://bugs.launchpad.net/salt/+bug/1823332/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823332] Re: salt --versions-report broken in bionic/cosmic with openssl 1.1.1
** Bug watch added: github.com/saltstack/salt/issues #49661 https://github.com/saltstack/salt/issues/49661 ** Also affects: salt via https://github.com/saltstack/salt/issues/49661 Importance: Unknown Status: Unknown ** Changed in: salt (Ubuntu Disco) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823332 Title: salt --versions-report broken in bionic/cosmic with openssl 1.1.1 To manage notifications about this bug go to: https://bugs.launchpad.net/salt/+bug/1823332/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs