Re: Openssl 1.0.0
On Wed, Apr 06, 2011 at 12:45:03AM +0200, Julien Cristau wrote: On Sun, Feb 13, 2011 at 00:27:51 +0100, Kurt Roeckx wrote: Hi, I would like to upload version 1.0.0(d) to unstable soon. It changes soname, but as far as I know the API is still compatible with the old one, and you should be able to rebuild everything against the new version. So this is started now. Most packages should be fine because we keep libssl0.9.8 around for a while. However, the udeb needed for openssh is going away, which means we'd need to migrate openssl, openssl098 and openssh together to testing. That might not work out because of #612607, which Colin says nobody knows how to fix yet. I can see two ways out. One is ignoring the bug and getting the new openssh in testing anyway. The other is to force libcrypto0.9.8-udeb to stay in testing for now. Please pick one (or an alternative I'm not thinking of). :) Or re-introduce libcrypto0.9.8-udeb as part of the openssl098 source package. Kurt -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110406071054.ga20...@roeckx.be
Re: Openssl 1.0.0
On Sun, Feb 13, 2011 at 00:27:51 +0100, Kurt Roeckx wrote: Hi, I would like to upload version 1.0.0(d) to unstable soon. It changes soname, but as far as I know the API is still compatible with the old one, and you should be able to rebuild everything against the new version. So this is started now. Most packages should be fine because we keep libssl0.9.8 around for a while. However, the udeb needed for openssh is going away, which means we'd need to migrate openssl, openssl098 and openssh together to testing. That might not work out because of #612607, which Colin says nobody knows how to fix yet. I can see two ways out. One is ignoring the bug and getting the new openssh in testing anyway. The other is to force libcrypto0.9.8-udeb to stay in testing for now. Please pick one (or an alternative I'm not thinking of). :) Cheers, Julien -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110405224503.gb3...@radis.liafa.jussieu.fr
Re: Openssl 1.0.0
On Mon, Apr 04, 2011 at 01:42:20PM +0900, Nobuhiro Iwamatsu wrote: Hi, I confirm that some packages still use SSLv2[1][2]. I suggest that we do binNMU about openssl 1.0. I'm sure we'll do binNMUs soon. But I think the release team might want to wait until 1.0.0 has reached testing. Kurt -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110404164619.ga31...@roeckx.be
Re: Openssl 1.0.0
Hi, 2011/3/9 Kurt Roeckx k...@roeckx.be: On Tue, Mar 08, 2011 at 11:11:15PM +0100, Jakub Wilk wrote: * Kurt Roeckx k...@roeckx.be, 2011-02-13, 00:27: I would like to upload version 1.0.0(d) to unstable soon. It changes soname, but as far as I know the API is still compatible with the old one, and you should be able to rebuild everything against the new version. Support for SSLv2 has been disabled in openssl 1.0.0c-2. We have a few dozens of packages in the archive that are not prepared for this: when rebuilt, they will either FTBFS or, worse, produce shared libraries with missing symbols. We really should stop using SSLv2. It was either making the functions related to ssl 2 do nothing, and potentionally silently breaking the applications, or just removing the related function from the API and trying to make sure they fail on build and hopefully catch most of the problems like that. I think I'll also change some of the header files so that no v2 related things are defined or declared, since the define for it doesn't seem to be used correctly everywhere. I confirm that some packages still use SSLv2[1][2]. I suggest that we do binNMU about openssl 1.0. [1]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=620776 [2]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=620777 Best regards, Nobuhirio -- Nobuhiro Iwamatsu iwamatsu at {nigauri.org / debian.org} GPG ID: 40AD1FA6 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/banlktikuoo2-u8axkc3nn4zkjoj0xpy...@mail.gmail.com
Re: Openssl 1.0.0
Hi, I'm still waiting for a reply to my questions. If I don't hear from you I will upload it to unstable a week from now. Kurt On Sun, Mar 06, 2011 at 03:07:47PM +0100, Kurt Roeckx wrote: Hi, I'm still waiting for a reply. Kurt On Sun, Feb 13, 2011 at 12:27:51AM +0100, Kurt Roeckx wrote: Hi, I would like to upload version 1.0.0(d) to unstable soon. It changes soname, but as far as I know the API is still compatible with the old one, and you should be able to rebuild everything against the new version. I wonder if I need to upload an openssl098 source package at the same time to provide the current soname. I would really like to avoid having the old soname in wheezy, so I would like to get rid of it as soon as possible and don't plan to keep a -dev package for it in any case. Please let me know what I should do, and when you think it's a good time to do that. Kurt -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110212232751.gb9...@roeckx.be -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110306140747.ga17...@roeckx.be -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110318202211.ga2...@roeckx.be
Re: Openssl 1.0.0
On Sun, Feb 13, 2011 at 00:27:51 +0100, Kurt Roeckx wrote: Hi, I would like to upload version 1.0.0(d) to unstable soon. It changes soname, but as far as I know the API is still compatible with the old one, and you should be able to rebuild everything against the new version. I wonder if I need to upload an openssl098 source package at the same time to provide the current soname. I would really like to avoid having the old soname in wheezy, so I would like to get rid of it as soon as possible and don't plan to keep a -dev package for it in any case. We should keep both SONAMES in sid and wheezy for now, IMO. So I think that means first upload openssl 1.0.0 as a new source package without the -dev (this can probably happen now). Then when that's in testing and you get an ack, switch the -dev from 0.9.8 to 1.0.0. Please let me know what I should do, and when you think it's a good time to do that. We'll let you know. Thanks for your patience. Cheers, Julien -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110318203023.gs12...@radis.liafa.jussieu.fr
Re: Openssl 1.0.0
On Fri, Mar 18, 2011 at 09:30:23PM +0100, Julien Cristau wrote: We should keep both SONAMES in sid and wheezy for now, IMO. So I think that means first upload openssl 1.0.0 as a new source package without the -dev (this can probably happen now). Then when that's in testing and you get an ack, switch the -dev from 0.9.8 to 1.0.0. If all you want to do is to have both libssl0.9.8 and libssl1.0.0 both in testing at the same time, I don't see why you want to do it like that. I could just upload a openssl098 source package just containing libssl0.9.8(-dbg), and have the openssl source package provide libssl1.0.0 and libssl-dev. It shouldn't take that long for the openssl098 pacakge to migrate to testing. I could also upload an openssl098 source package that provides the libssl0.9.8(-dbg) and libssl-dev binary package. And I would upload an openssl source package that provides libssl1.0.0(-dbg), openssl, and libcrypto1.0.0-udeb, so without -dev package. And once openssl098 is migrated to testing I could change the -dev package. But it seems to be more work, and I don't see the what that would gain us. Kurt -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110318223217.ga3...@roeckx.be
Re: Openssl 1.0.0
On Tue, Mar 08, 2011 at 11:11:15PM +0100, Jakub Wilk wrote: * Kurt Roeckx k...@roeckx.be, 2011-02-13, 00:27: I would like to upload version 1.0.0(d) to unstable soon. It changes soname, but as far as I know the API is still compatible with the old one, and you should be able to rebuild everything against the new version. Support for SSLv2 has been disabled in openssl 1.0.0c-2. We have a few dozens of packages in the archive that are not prepared for this: when rebuilt, they will either FTBFS or, worse, produce shared libraries with missing symbols. We really should stop using SSLv2. It was either making the functions related to ssl 2 do nothing, and potentionally silently breaking the applications, or just removing the related function from the API and trying to make sure they fail on build and hopefully catch most of the problems like that. I think I'll also change some of the header files so that no v2 related things are defined or declared, since the define for it doesn't seem to be used correctly everywhere. Kurt -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110308232928.ga13...@roeckx.be
Re: Openssl 1.0.0
* Kurt Roeckx k...@roeckx.be, 2011-02-13, 00:27: I would like to upload version 1.0.0(d) to unstable soon. It changes soname, but as far as I know the API is still compatible with the old one, and you should be able to rebuild everything against the new version. Support for SSLv2 has been disabled in openssl 1.0.0c-2. We have a few dozens of packages in the archive that are not prepared for this: when rebuilt, they will either FTBFS or, worse, produce shared libraries with missing symbols. -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110308221115.ga8...@jwilk.net