Re: Forthcoming OpenSSL Releases

Re: Forthcoming OpenSSL Releases

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 2183 bytes --]

Hello,

> On 24 May 2023, at 09:47, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
> 
> Hi Michael,
> 
> On 24/05/2023 10:07, Michael Tremer wrote:
>> It looks like we might not want to release the forthcoming Core Update before this.
>> 
>> I did not hear any rumours about what might be the issue, but I would say that it wouldn’t hurt us to wait.
>> 
>> What other outstanding issues do we have that are currently blocking the update?
>> 
> The fix for Bug#13117 has been merged into master so that is no longer blocking.
> 
> As mentioned to Peter, I recommend reverting my fix for Bug#11048 as some issues were found by myself (missed in my own testing) plus from other testers reporting in the forum. I am making progress on this but there are still some bits outstanding. The bug has been around for a long time so it won't hurt for it to wait till Core Update 176.

Okay. Let’s rather have the right fix than a quick one. I agree!

> I haven't found anything else that was a problem and I haven't seen any other issues mentioned in the forum that look to be caused by CU175.

That sounds good then!

> Regards,
> Adolf.
>> -Michael
>> 
>>> Begin forwarded message:
>>> 
>>> From: Tomas Mraz <tomas(a)openssl.org>
>>> Subject: Forthcoming OpenSSL Releases
>>> Date: 24 May 2023 at 05:06:12 BST
>>> To: "openssl-project(a)openssl.org" <openssl-project(a)openssl.org>, "openssl-users(a)openssl.org" <openssl-users(a)openssl.org>, openssl-announce(a)openssl.org
>>> Reply-To: openssl-users(a)openssl.org
>>> 
>>> The OpenSSL project team would like to announce the forthcoming release
>>> of OpenSSL versions 3.0.9, 1.1.1u and 1.0.2zh. Note that OpenSSL 1.0.2 
>>> is End Of Life and so 1.0.2zh will be available to premium support 
>>> customers only.
>>> 
>>> These releases will be made available on Tuesday 30th May 2023 
>>> between 1300-1700 UTC.
>>> 
>>> These are security-fix releases. The highest severity issue fixed in 
>>> each of these three releases is Moderate:
>>> 
>>> https://www.openssl.org/policies/secpolicy.html
>>> 
>>> Yours
>>> The OpenSSL Project Team
>>> 
>> 
> 
> -- 
> Sent from my laptop

Re: Forthcoming OpenSSL Releases

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 2870 bytes --]

Hi,

On 24/05/2023 11:02, Michael Tremer wrote:
> Hello,
> 
>> On 24 May 2023, at 09:47, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>
>> Hi Michael,
>>
>> On 24/05/2023 10:07, Michael Tremer wrote:
>>> It looks like we might not want to release the forthcoming Core Update before this.
>>>
>>> I did not hear any rumours about what might be the issue, but I would say that it wouldn’t hurt us to wait.
>>>
>>> What other outstanding issues do we have that are currently blocking the update?
>>>
>> The fix for Bug#13117 has been merged into master so that is no longer blocking.
>>
>> As mentioned to Peter, I recommend reverting my fix for Bug#11048 as some issues were found by myself (missed in my own testing) plus from other testers reporting in the forum. I am making progress on this but there are still some bits outstanding. The bug has been around for a long time so it won't hurt for it to wait till Core Update 176.
> 
> Okay. Let’s rather have the right fix than a quick one. I agree!
The reversion of the update.sh script was done two days ago but there are 4 other commits for the same bug fix that also need to be reverted.

https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=762c88ec4d85e3a4f7265b887f054cbe7703eb7c
https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=82822934ba769bca4235cd2a02f848cdc8511120
https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=070abb0d011ff71e5aefd170dcb366d81bdf2497
https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=18bece0edbd817933f48fdbffcffffd074e42c05

just to make sure that those don't get missed.

Regards,
Adolf.
> 
>> I haven't found anything else that was a problem and I haven't seen any other issues mentioned in the forum that look to be caused by CU175.
> 
> That sounds good then!
> 
>> Regards,
>> Adolf.
>>> -Michael
>>>
>>>> Begin forwarded message:
>>>>
>>>> From: Tomas Mraz <tomas(a)openssl.org>
>>>> Subject: Forthcoming OpenSSL Releases
>>>> Date: 24 May 2023 at 05:06:12 BST
>>>> To: "openssl-project(a)openssl.org" <openssl-project(a)openssl.org>, "openssl-users(a)openssl.org" <openssl-users(a)openssl.org>, openssl-announce(a)openssl.org
>>>> Reply-To: openssl-users(a)openssl.org
>>>>
>>>> The OpenSSL project team would like to announce the forthcoming release
>>>> of OpenSSL versions 3.0.9, 1.1.1u and 1.0.2zh. Note that OpenSSL 1.0.2
>>>> is End Of Life and so 1.0.2zh will be available to premium support
>>>> customers only.
>>>>
>>>> These releases will be made available on Tuesday 30th May 2023
>>>> between 1300-1700 UTC.
>>>>
>>>> These are security-fix releases. The highest severity issue fixed in
>>>> each of these three releases is Moderate:
>>>>
>>>> https://www.openssl.org/policies/secpolicy.html
>>>>
>>>> Yours
>>>> The OpenSSL Project Team
>>>>
>>>
>>
>> -- 
>> Sent from my laptop
> 

Re: Forthcoming OpenSSL Releases

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 3218 bytes --]

Thank you very much for letting me know. I wasn’t aware at all.

I reverted those changes in next and if the build goes through I will merge the branch back into master again.

-Michael

> On 26 May 2023, at 14:33, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
> 
> Hi,
> 
> On 24/05/2023 11:02, Michael Tremer wrote:
>> Hello,
>>> On 24 May 2023, at 09:47, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>> 
>>> Hi Michael,
>>> 
>>> On 24/05/2023 10:07, Michael Tremer wrote:
>>>> It looks like we might not want to release the forthcoming Core Update before this.
>>>> 
>>>> I did not hear any rumours about what might be the issue, but I would say that it wouldn’t hurt us to wait.
>>>> 
>>>> What other outstanding issues do we have that are currently blocking the update?
>>>> 
>>> The fix for Bug#13117 has been merged into master so that is no longer blocking.
>>> 
>>> As mentioned to Peter, I recommend reverting my fix for Bug#11048 as some issues were found by myself (missed in my own testing) plus from other testers reporting in the forum. I am making progress on this but there are still some bits outstanding. The bug has been around for a long time so it won't hurt for it to wait till Core Update 176.
>> Okay. Let’s rather have the right fix than a quick one. I agree!
> The reversion of the update.sh script was done two days ago but there are 4 other commits for the same bug fix that also need to be reverted.
> 
> https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=762c88ec4d85e3a4f7265b887f054cbe7703eb7c
> https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=82822934ba769bca4235cd2a02f848cdc8511120
> https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=070abb0d011ff71e5aefd170dcb366d81bdf2497
> https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=18bece0edbd817933f48fdbffcffffd074e42c05
> 
> just to make sure that those don't get missed.
> 
> Regards,
> Adolf.
>>> I haven't found anything else that was a problem and I haven't seen any other issues mentioned in the forum that look to be caused by CU175.
>> That sounds good then!
>>> Regards,
>>> Adolf.
>>>> -Michael
>>>> 
>>>>> Begin forwarded message:
>>>>> 
>>>>> From: Tomas Mraz <tomas(a)openssl.org>
>>>>> Subject: Forthcoming OpenSSL Releases
>>>>> Date: 24 May 2023 at 05:06:12 BST
>>>>> To: "openssl-project(a)openssl.org" <openssl-project(a)openssl.org>, "openssl-users(a)openssl.org" <openssl-users(a)openssl.org>, openssl-announce(a)openssl.org
>>>>> Reply-To: openssl-users(a)openssl.org
>>>>> 
>>>>> The OpenSSL project team would like to announce the forthcoming release
>>>>> of OpenSSL versions 3.0.9, 1.1.1u and 1.0.2zh. Note that OpenSSL 1.0.2
>>>>> is End Of Life and so 1.0.2zh will be available to premium support
>>>>> customers only.
>>>>> 
>>>>> These releases will be made available on Tuesday 30th May 2023
>>>>> between 1300-1700 UTC.
>>>>> 
>>>>> These are security-fix releases. The highest severity issue fixed in
>>>>> each of these three releases is Moderate:
>>>>> 
>>>>> https://www.openssl.org/policies/secpolicy.html
>>>>> 
>>>>> Yours
>>>>> The OpenSSL Project Team
>>>>> 
>>>> 
>>> 
>>> -- 
>>> Sent from my laptop

Re: Forthcoming OpenSSL Releases

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 4833 bytes --]

Hello Michael, hello Adolf,

thank you very much for raising this, and your coordination efforts
on Core Update 175. Again, apologies for me being rather absent at
the moment - ${non-IPFire commitments} eat up a lot of the spare time
I currently have, and I still struggle to find a schedule that allows
me to be reliably contributing to the IPFire project. :-/

With regards to OpenSSL, including that in Core Update 175 makes
sense to me, and I will take care of this tomorrow (really, I promise),
and update the changelog accordingly.

With regards to the latter, I just deleted the section concerning
bug #11048, so everything is current in there.

Further, I took the liberty to include Matthias' patch for updating
Suricata to 6.0.12 in the update - before, we had already shipped
Suricata 6.0.11, and since the changelog for .12 reads rather nasty,
I figure we may as well go with the latest version here.

(Matthias: As always, thank you very much for taking care of this!)

As soon as the OpenSSL is included and tested by me, I would like
to release Core Update 175 - its been already six weeks since the
last Core Update, and given the testing feedback, I don't think we
need to give this Core Update more time.

@Michael: You'll have a draft for the release announcement of Core
Update 175 by Thursday at the latest.

As always, thank you all very much for your contributions! Let me
know if there are any comments/concerns/vetoes to the release schedule
I detailed above.

All the best,
Peter Müller


> Thank you very much for letting me know. I wasn’t aware at all.
> 
> I reverted those changes in next and if the build goes through I will merge the branch back into master again.
> 
> -Michael
> 
>> On 26 May 2023, at 14:33, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>
>> Hi,
>>
>> On 24/05/2023 11:02, Michael Tremer wrote:
>>> Hello,
>>>> On 24 May 2023, at 09:47, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>>>
>>>> Hi Michael,
>>>>
>>>> On 24/05/2023 10:07, Michael Tremer wrote:
>>>>> It looks like we might not want to release the forthcoming Core Update before this.
>>>>>
>>>>> I did not hear any rumours about what might be the issue, but I would say that it wouldn’t hurt us to wait.
>>>>>
>>>>> What other outstanding issues do we have that are currently blocking the update?
>>>>>
>>>> The fix for Bug#13117 has been merged into master so that is no longer blocking.
>>>>
>>>> As mentioned to Peter, I recommend reverting my fix for Bug#11048 as some issues were found by myself (missed in my own testing) plus from other testers reporting in the forum. I am making progress on this but there are still some bits outstanding. The bug has been around for a long time so it won't hurt for it to wait till Core Update 176.
>>> Okay. Let’s rather have the right fix than a quick one. I agree!
>> The reversion of the update.sh script was done two days ago but there are 4 other commits for the same bug fix that also need to be reverted.
>>
>> https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=762c88ec4d85e3a4f7265b887f054cbe7703eb7c
>> https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=82822934ba769bca4235cd2a02f848cdc8511120
>> https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=070abb0d011ff71e5aefd170dcb366d81bdf2497
>> https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=18bece0edbd817933f48fdbffcffffd074e42c05
>>
>> just to make sure that those don't get missed.
>>
>> Regards,
>> Adolf.
>>>> I haven't found anything else that was a problem and I haven't seen any other issues mentioned in the forum that look to be caused by CU175.
>>> That sounds good then!
>>>> Regards,
>>>> Adolf.
>>>>> -Michael
>>>>>
>>>>>> Begin forwarded message:
>>>>>>
>>>>>> From: Tomas Mraz <tomas(a)openssl.org>
>>>>>> Subject: Forthcoming OpenSSL Releases
>>>>>> Date: 24 May 2023 at 05:06:12 BST
>>>>>> To: "openssl-project(a)openssl.org" <openssl-project(a)openssl.org>, "openssl-users(a)openssl.org" <openssl-users(a)openssl.org>, openssl-announce(a)openssl.org
>>>>>> Reply-To: openssl-users(a)openssl.org
>>>>>>
>>>>>> The OpenSSL project team would like to announce the forthcoming release
>>>>>> of OpenSSL versions 3.0.9, 1.1.1u and 1.0.2zh. Note that OpenSSL 1.0.2
>>>>>> is End Of Life and so 1.0.2zh will be available to premium support
>>>>>> customers only.
>>>>>>
>>>>>> These releases will be made available on Tuesday 30th May 2023
>>>>>> between 1300-1700 UTC.
>>>>>>
>>>>>> These are security-fix releases. The highest severity issue fixed in
>>>>>> each of these three releases is Moderate:
>>>>>>
>>>>>> https://www.openssl.org/policies/secpolicy.html
>>>>>>
>>>>>> Yours
>>>>>> The OpenSSL Project Team
>>>>>>
>>>>>
>>>>
>>>> -- 
>>>> Sent from my laptop
> 
> 

Re: Forthcoming OpenSSL Releases

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 3551 bytes --]



On 26/05/2023 16:28, Michael Tremer wrote:
> Thank you very much for letting me know. I wasn’t aware at all.
> 
> I reverted those changes in next and if the build goes through I will merge the branch back into master again.

Just as a reminder the reversion changes went through on next but are not yet reverted in master. This needs to be done before CU175 is released otherwise n2n connections will fail to work properly.

Regards,
Adolf.

> 
> -Michael
> 
>> On 26 May 2023, at 14:33, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>
>> Hi,
>>
>> On 24/05/2023 11:02, Michael Tremer wrote:
>>> Hello,
>>>> On 24 May 2023, at 09:47, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>>>
>>>> Hi Michael,
>>>>
>>>> On 24/05/2023 10:07, Michael Tremer wrote:
>>>>> It looks like we might not want to release the forthcoming Core Update before this.
>>>>>
>>>>> I did not hear any rumours about what might be the issue, but I would say that it wouldn’t hurt us to wait.
>>>>>
>>>>> What other outstanding issues do we have that are currently blocking the update?
>>>>>
>>>> The fix for Bug#13117 has been merged into master so that is no longer blocking.
>>>>
>>>> As mentioned to Peter, I recommend reverting my fix for Bug#11048 as some issues were found by myself (missed in my own testing) plus from other testers reporting in the forum. I am making progress on this but there are still some bits outstanding. The bug has been around for a long time so it won't hurt for it to wait till Core Update 176.
>>> Okay. Let’s rather have the right fix than a quick one. I agree!
>> The reversion of the update.sh script was done two days ago but there are 4 other commits for the same bug fix that also need to be reverted.
>>
>> https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=762c88ec4d85e3a4f7265b887f054cbe7703eb7c
>> https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=82822934ba769bca4235cd2a02f848cdc8511120
>> https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=070abb0d011ff71e5aefd170dcb366d81bdf2497
>> https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=18bece0edbd817933f48fdbffcffffd074e42c05
>>
>> just to make sure that those don't get missed.
>>
>> Regards,
>> Adolf.
>>>> I haven't found anything else that was a problem and I haven't seen any other issues mentioned in the forum that look to be caused by CU175.
>>> That sounds good then!
>>>> Regards,
>>>> Adolf.
>>>>> -Michael
>>>>>
>>>>>> Begin forwarded message:
>>>>>>
>>>>>> From: Tomas Mraz <tomas(a)openssl.org>
>>>>>> Subject: Forthcoming OpenSSL Releases
>>>>>> Date: 24 May 2023 at 05:06:12 BST
>>>>>> To: "openssl-project(a)openssl.org" <openssl-project(a)openssl.org>, "openssl-users(a)openssl.org" <openssl-users(a)openssl.org>, openssl-announce(a)openssl.org
>>>>>> Reply-To: openssl-users(a)openssl.org
>>>>>>
>>>>>> The OpenSSL project team would like to announce the forthcoming release
>>>>>> of OpenSSL versions 3.0.9, 1.1.1u and 1.0.2zh. Note that OpenSSL 1.0.2
>>>>>> is End Of Life and so 1.0.2zh will be available to premium support
>>>>>> customers only.
>>>>>>
>>>>>> These releases will be made available on Tuesday 30th May 2023
>>>>>> between 1300-1700 UTC.
>>>>>>
>>>>>> These are security-fix releases. The highest severity issue fixed in
>>>>>> each of these three releases is Moderate:
>>>>>>
>>>>>> https://www.openssl.org/policies/secpolicy.html
>>>>>>
>>>>>> Yours
>>>>>> The OpenSSL Project Team
>>>>>>
>>>>>
>>>>
>>>> -- 
>>>> Sent from my laptop
> 
> 

core175: merge kernel and alsa.

[Arne Fitzenreiter]

[-- Attachment #1: Type: text/plain, Size: 196 bytes --]

I have send in again a kernel update for core175. I think we should 
merge this before the openssl
update.
Also alsa 1.2.9 addon needs to merged because 1.2.8 still miss some 
config files.

Arne

Re: core175: merge kernel and alsa.

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 374 bytes --]

Yes, please lets be on the latest kernel version that is available as of today.

> On 30 May 2023, at 07:14, Arne Fitzenreiter <arne_f(a)ipfire.org> wrote:
> 
> I have send in again a kernel update for core175. I think we should merge this before the openssl
> update.
> Also alsa 1.2.9 addon needs to merged because 1.2.8 still miss some config files.
> 
> Arne