[Bug 2062167] [NEW] [FFe] openssl: post-3.0.13 changes from git

Adrien Nader 2062167 at bugs.launchpad.net
Thu Apr 18 10:56:56 UTC 2024 

Public bug reported:

I would like to have the most recent openssl version possible in Noble.
For that I am requesting to upload all the commits in the openssl-3.0
branch that follow 3.0.13 which is already in the archive.

I would like to include 3.0.14 afterwards if feasible. Having the most
recent commits of the 3.0 branch will make that easier.

I went through all commits since 3.0.13 at the end of January. I skipped
a few which touch files that are not in the 3.0.13 release tarball
(github CI stuff mostly) and edited one that touched such a file.

There are only fixes. This is not surprising considering we are past the
13th patch release for openssl 3.0, and almost 3 years after 3.0 was
released.

Changes are most usually backports which is a good thing as it means
they are also tested in the other branches, including through 3.3, for
which the .0 release was published a few days ago after weeks in
beta/RC.

There are a few behaviour tweaks, and that is why I want to get as close
as possible to what 3.0.14 will be. The bigger one is
ad6cbe4b7f57a783a66a7ae883ea0d35ef5f82b6: Revert "Improved detection of
engine-provided private "classic" keys", which also states "The
workaround has caused more problems than it solved."

As I said, I went through all commits. All look safe to me. The question
really boils down to whether we will include these fixes in Noble now or
if we won't: there is only a very very small chance that any given
change is SRU'ed afterwards.

** Affects: openssl (Ubuntu)
     Importance: High
         Status: Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2062167

Title:
  [FFe] openssl: post-3.0.13 changes from git

Status in openssl package in Ubuntu:
  Triaged

Bug description:
  I would like to have the most recent openssl version possible in
  Noble. For that I am requesting to upload all the commits in the
  openssl-3.0 branch that follow 3.0.13 which is already in the archive.

  I would like to include 3.0.14 afterwards if feasible. Having the most
  recent commits of the 3.0 branch will make that easier.

  I went through all commits since 3.0.13 at the end of January. I
  skipped a few which touch files that are not in the 3.0.13 release
  tarball (github CI stuff mostly) and edited one that touched such a
  file.

  There are only fixes. This is not surprising considering we are past
  the 13th patch release for openssl 3.0, and almost 3 years after 3.0
  was released.

  Changes are most usually backports which is a good thing as it means
  they are also tested in the other branches, including through 3.3, for
  which the .0 release was published a few days ago after weeks in
  beta/RC.

  There are a few behaviour tweaks, and that is why I want to get as
  close as possible to what 3.0.14 will be. The bigger one is
  ad6cbe4b7f57a783a66a7ae883ea0d35ef5f82b6: Revert "Improved detection
  of engine-provided private "classic" keys", which also states "The
  workaround has caused more problems than it solved."

  As I said, I went through all commits. All look safe to me. The
  question really boils down to whether we will include these fixes in
  Noble now or if we won't: there is only a very very small chance that
  any given change is SRU'ed afterwards.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2062167/+subscriptions

More information about the foundations-bugs mailing list