From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: Plans for the upcoming Core Updates Date: Thu, 22 Feb 2018 21:07:08 +0100 Message-ID: <20180222210708.67d87fdb.peter.mueller@link38.eu> In-Reply-To: <1519217650.15001.171.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3461018570606043721==" List-Id: --===============3461018570606043721== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Michael, > Hello guys, >=20 > it has been a bit quiet this week on this list. So here is an update for > everyone on where we are with the upcoming Core Updates. >=20 > I would also like to remind you that we have a monthly telephone conference= for > further information that is a bit too much to be written down. >=20 > So Core Update 119 is branched and ready to be uploaded into testing very s= oon. > I did not merge OpenSSL into it because I thought that the update would a) = get > too large, b) is harder to test and c) we have some things in C119 already = that > should be released very very soon because of security reasons. >=20 > So basically C119 updates the toolchain, GCC, glibc on all systems. It has = some > smaller bug fixes and improvements and that is about it. It is a maintenanc= e and > housekeeping update, but that's kind of good that we have that isolated fro= m any > new features. We should be able to ship this soon without much friction. I thought GCC brings some protection against Spectre ("retpolines")... >=20 > I openend C120 and merged OpenSSL 1.1.0 into it. With that, we should now l= ook > at all applications that use OpenSSL and make sure that we get the best out= of > it. That means, that we should add all new ciphers that we can use now. We > should update cipher suites where ever we ship pre-configured ones, etc. Yes, I will take care about the OpenSSL-DEFAULT-cipherlist-patch for 1.1.x so= we can merge that altogether. Best regards, Peter M=C3=BCller >=20 > So please everyone review your patches that you have submitted, update them= if > necessary and post them (again) to this list within the next week. >=20 > Again, I do not think that we should allow a long time to pass before this = being > uploaded into testing. >=20 > Best, > -Michael --===============3461018570606043721==--