[Bug 1793092] Re: [FFe] openssl 1.1.1

2018-10-10 Thread Dimitri John Ledkov
wrong bug number typpo!

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1793092

Title:
  [FFe] openssl 1.1.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1793092] Re: [FFe] openssl 1.1.1

2018-10-08 Thread Iain Lane
systemd has "+  * Add conflicts with upstart and systemd-shim. (LP:
#1793092)", but it's not straightforward to me what is going on here.
Could you explain a bit more please?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1793092

Title:
  [FFe] openssl 1.1.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1793092] Re: [FFe] openssl 1.1.1

2018-10-03 Thread Jeremy Bicha
https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2

** Changed in: openssl (Ubuntu)
   Status: Fix Committed => Fix Released

** Changed in: python2.7 (Ubuntu)
   Status: Fix Committed => Fix Released

** Changed in: python3.6 (Ubuntu)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1793092

Title:
  [FFe] openssl 1.1.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1793092] Re: [FFe] openssl 1.1.1

2018-10-03 Thread Dimitri John Ledkov
** Tags removed: block-proposed

** Changed in: openssl (Ubuntu)
   Status: Triaged => Fix Committed

** Changed in: python2.7 (Ubuntu)
   Status: Triaged => Fix Committed

** Changed in: python3.6 (Ubuntu)
   Status: Triaged => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1793092

Title:
  [FFe] openssl 1.1.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1793092] Re: [FFe] openssl 1.1.1

2018-10-03 Thread Dimitri John Ledkov
** Tags added: block-proposed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1793092

Title:
  [FFe] openssl 1.1.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1793092] Re: [FFe] openssl 1.1.1

2018-10-03 Thread Dimitri John Ledkov
Should hopefully land today... here be dragons

** Tags removed: block-proposed needs-debian-merge

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1793092

Title:
  [FFe] openssl 1.1.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1793092] Re: [FFe] openssl 1.1.1

2018-09-27 Thread Łukasz Zemczak
Switching the other tasks to Triaged as well since those changes are
required for the base 1.1.1 feature to be completed.

** Changed in: python2.7 (Ubuntu)
   Status: New => Triaged

** Changed in: python3.6 (Ubuntu)
   Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1793092

Title:
  [FFe] openssl 1.1.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1793092] Re: [FFe] openssl 1.1.1

2018-09-26 Thread Łukasz Zemczak
Basing on the comment from Steve this is approved so switching status to
Triaged.

** Changed in: openssl (Ubuntu)
   Status: Confirmed => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1793092

Title:
  [FFe] openssl 1.1.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1793092] Re: [FFe] openssl 1.1.1

2018-09-26 Thread Dimitri John Ledkov
ruby2.5 ruby-openssl python3.7 correctly gain stronger dep on libssl1.1
>= 1.1.1.

python2.7 and python3.6 still need more patches to pick up
https://bugs.python.org/issue34670

** No longer affects: ruby2.5 (Ubuntu)

** No longer affects: python3.7 (Ubuntu)

** Bug watch added: Python Roundup #34670
   http://bugs.python.org/issue34670

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1793092

Title:
  [FFe] openssl 1.1.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1793092] Re: [FFe] openssl 1.1.1

2018-09-25 Thread Dimitri John Ledkov
Pythons appear to hardcode the expectations relative the openssl they
were built with, despite not gaining >= 1.1.1 shlibsdep, somehow it ends
up with >= 1.1.0 only.

** Also affects: ruby2.5 (Ubuntu)
   Importance: Undecided
   Status: New

** Also affects: python2.7 (Ubuntu)
   Importance: Undecided
   Status: New

** Also affects: python3.6 (Ubuntu)
   Importance: Undecided
   Status: New

** Also affects: python3.7 (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1793092

Title:
  [FFe] openssl 1.1.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1793092] Re: [FFe] openssl 1.1.1

2018-09-24 Thread Dimitri John Ledkov
** Tags added: block-proposed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1793092

Title:
  [FFe] openssl 1.1.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1793092] Re: [FFe] openssl 1.1.1

2018-09-21 Thread Steve Langasek
+1 on this FFe based on the analysis provided.  I do not consider
interoperability issues a reason not to turn on TLS1.3 in FFe; it will
eventually be turned on and expose those issues, and whether it happens
post-FF or before FF in 18.10, or post 18.10 release, is immaterial.

** Changed in: openssl (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1793092

Title:
  [FFe] openssl 1.1.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1793092] Re: [FFe] openssl 1.1.1

2018-09-21 Thread Dimitri John Ledkov
@steve updated. Ping?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1793092

Title:
  [FFe] openssl 1.1.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1793092] Re: [FFe] openssl 1.1.1

2018-09-20 Thread Dimitri John Ledkov
** Description changed:

  Merge openssl 1.1.1 from debian unstable.
  
  OpenSSL 1.1.1 is now out, with TLS1.3 support, and is the new upstream
  LTS release.
  
- Preserving existing delta:
- - Replace duplicate files in the doc directory with symlinks.
- - debian/libssl1.1.postinst:
-   + Display a system restart required notification on libssl1.1
- upgrade on servers.
-   + Use a different priority for libssl1.1/restart-services depending
- on whether a desktop, or server dist-upgrade is being performed.
+ Resulting in the following changes in Ubuntu:
  
- With further changes to diverge from Debian to:
- - Revert "Enable system default config to enforce TLS1.2 as a
-   minimum" & "Increase default security level from 1 to 2".
- - Further decrease security level from 1 to 0, for compatibility with
-   openssl 1.0.2.
+ - openssl moves from 1.1.0 series to 1.1.1 LTS series
  
- These mitigate most of the runtime incompatibilities, and ensure
- client<->server compatibility between 1.1.1, 1.1.0, and 1.0.2 series and
- thus one can continue to mix & match xenial/bionic/cosmic releases.
+ - TLS1.3 is enabled, and used by default, when possible. Major feature.
+ 
+ - All existing delta, and minimally accepted key sizes, and minimally
+ accepted protocol versions remain the same.
  
  Proposed package is in
  https://launchpad.net/~xnox/+archive/ubuntu/openssl with a rebuild of
  all the reverse dependencies. It demonstrates that openssl compiled as
  above is more compatible and has less issues than debian config. There
  are a few FTBFS, which are also present in cosmic-release; there are
  some test-suite expectations mismatch (connectivity succeeds with tls1.3
  even though lower/different algos are expected); there are very little
  connectivity tests thus connectivity interop are the biggest issues
  which will be unavoidable with introducing 1.3.
+ 
+ ===
+ 
+ Ubuntu delta summary versus debian unstable in this merge:
+ - Replace duplicate files in the doc directory with symlinks.
+ - debian/libssl1.1.postinst:
+   + Display a system restart required notification on libssl1.1
+ upgrade on servers.
+   + Use a different priority for libssl1.1/restart-services depending
+ on whether a desktop, or server dist-upgrade is being performed.
+ - Revert "Enable system default config to enforce TLS1.2 as a
+   minimum" & "Increase default security level from 1 to 2".
+ - Further decrease security level from 1 to 0, for compatibility with
+   openssl 1.0.2.
+ 
+ These mitigate most of the runtime incompatibilities, and ensure
+ client<->server compatibility between 1.1.1, 1.1.0, and 1.0.2 series and
+ thus one can continue to mix & match xenial/bionic/cosmic releases.

** Changed in: openssl (Ubuntu)
   Status: Incomplete => New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1793092

Title:
  [FFe] openssl 1.1.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1793092] Re: [FFe] openssl 1.1.1

2018-09-20 Thread Steve Langasek
Please express the FFe in terms of what will change relative to the
current Ubuntu package, not relative to the Debian package.

** Changed in: openssl (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1793092

Title:
  [FFe] openssl 1.1.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1793092] Re: [FFe] openssl 1.1.1

2018-09-20 Thread Dimitri John Ledkov
** Description changed:

  Merge openssl 1.1.1 from debian unstable.
  
  OpenSSL 1.1.1 is now out, with TLS1.3 support, and is the new upstream
  LTS release.
  
  Preserving existing delta:
  - Replace duplicate files in the doc directory with symlinks.
  - debian/libssl1.1.postinst:
-   + Display a system restart required notification on libssl1.1
- upgrade on servers.
-   + Use a different priority for libssl1.1/restart-services depending
- on whether a desktop, or server dist-upgrade is being performed.
+   + Display a system restart required notification on libssl1.1
+ upgrade on servers.
+   + Use a different priority for libssl1.1/restart-services depending
+ on whether a desktop, or server dist-upgrade is being performed.
  
  With further changes to diverge from Debian to:
  - Revert "Enable system default config to enforce TLS1.2 as a
-   minimum" & "Increase default security level from 1 to 2".
+   minimum" & "Increase default security level from 1 to 2".
  - Further decrease security level from 1 to 0, for compatibility with
-   openssl 1.0.2.
+   openssl 1.0.2.
  
  These mitigate most of the runtime incompatibilities, and ensure
  client<->server compatibility between 1.1.1, 1.1.0, and 1.0.2 series and
  thus one can continue to mix & match xenial/bionic/cosmic releases.
  
- 
- Proposed package is in https://launchpad.net/~xnox/+archive/ubuntu/openssl 
with a rebuild of all the reverse dependencies. It demonstrates that openssl 
compiled as above is more compatible and has less issues than debian config, 
and has only a small fallout which is being analyzed right now.
+ Proposed package is in
+ https://launchpad.net/~xnox/+archive/ubuntu/openssl with a rebuild of
+ all the reverse dependencies. It demonstrates that openssl compiled as
+ above is more compatible and has less issues than debian config. There
+ are a few FTBFS, which are also present in cosmic-release; there are
+ some test-suite expectations mismatch (connectivity succeeds with tls1.3
+ even though lower/different algos are expected); there are very little
+ connectivity tests thus connectivity interop are the biggest issues
+ which will be unavoidable with introducing 1.3.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1793092

Title:
  [FFe] openssl 1.1.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1793092] Re: [FFe] openssl 1.1.1

2018-09-19 Thread Marc Deslauriers
Big ACK from the security team. We would like to see this backported
into bionic at some point and having it in cosmic first would allow us
to identify and fix any issues.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1793092

Title:
  [FFe] openssl 1.1.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1793092] Re: [FFe] openssl 1.1.1

2018-09-18 Thread Hans Joachim Desserud
** Tags added: needs-debian-merge upgrade-software-version

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1793092

Title:
  [FFe] openssl 1.1.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs