From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: Plans for the upcoming Core Updates
Date: Thu, 22 Feb 2018 22:45:41 +0000 [thread overview]
Message-ID: <1519339541.2423.13.camel@ipfire.org> (raw)
In-Reply-To: <20180222210708.67d87fdb.peter.mueller@link38.eu>
[-- Attachment #1: Type: text/plain, Size: 2156 bytes --]
On Thu, 2018-02-22 at 21:07 +0100, Peter Müller wrote:
> Hello Michael,
> > Hello guys,
> >
> > it has been a bit quiet this week on this list. So here is an update for
> > everyone on where we are with the upcoming Core Updates.
> >
> > I would also like to remind you that we have a monthly telephone conference for
> > further information that is a bit too much to be written down.
> >
> > So Core Update 119 is branched and ready to be uploaded into testing very soon.
> > I did not merge OpenSSL into it because I thought that the update would a) get
> > too large, b) is harder to test and c) we have some things in C119 already that
> > should be released very very soon because of security reasons.
> >
> > So basically C119 updates the toolchain, GCC, glibc on all systems. It has some
> > smaller bug fixes and improvements and that is about it. It is a maintenance and
> > housekeeping update, but that's kind of good that we have that isolated from any
> > new features. We should be able to ship this soon without much friction.
>
> I thought GCC brings some protection against Spectre ("retpolines")...
Well we do have the right compiler now, but this is not active since
the current kernel doesn't support it.
Userspace has no advantage of this.
> > I openend C120 and merged OpenSSL 1.1.0 into it. With that, we should now look
> > at all applications that use OpenSSL and make sure that we get the best out of
> > it. That means, that we should add all new ciphers that we can use now. We
> > should update cipher suites where ever we ship pre-configured ones, etc.
>
> Yes, I will take care about the OpenSSL-DEFAULT-cipherlist-patch for 1.1.x so we
> can merge that altogether.
Would you also update the ciphersuite for apache, too?
> Best regards,
> Peter Müller
> >
> > So please everyone review your patches that you have submitted, update them if
> > necessary and post them (again) to this list within the next week.
> >
> > Again, I do not think that we should allow a long time to pass before this being
> > uploaded into testing.
> >
> > Best,
> > -Michael
>
>
prev parent reply other threads:[~2018-02-22 22:45 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-21 12:54 Michael Tremer
2018-02-22 20:07 ` Peter Müller
2018-02-22 22:45 ` Michael Tremer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1519339541.2423.13.camel@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox