[Pkg-openssl-devel] Bug#907906: stretch-pu: package openssl/1.1.0f-3+deb9u2

Sebastian Andrzej Siewior sebastian at breakpoint.cc
Mon Sep 3 23:12:56 BST 2018 

Package: release.debian.org
User: release.debian.org at packages.debian.org
Usertags: pu
Tags: stretch
Severity: normal

I prepared an update for OpenSSL to synchronize it with upstream's
latest stable release (i).  The i release is an OpenSSL stable release
within the 1.1.0 series with no additional features. It contains only
fixes which don't fix anything security related but still qualify as
something that should be fixed with a stable release.
The BTS bugs #903566 and #907457 are two examples which were raised
within Debian.

As part of my QA I rebuilt all openssl's and libssl1.1 reverse
dependencies [0]. Some packages (like nova) failed to build against this
and current (currently Stretch) openssl due its testsuite and it might
have something todo with by sbuild setup since it succeeded in the
"reproducible builds" build. However, openbsc also FTBFS in
"reproducible builds". Everything that FTBFS against that i also FTBFS
against the current openssl in my setup except for one package.

The package python-cryptography fails to build due to an API change of
BIO_callback_ctrl() in OpenSSL. While is a no-no in a stable release, it
has been explained [1] that the function / callback was always used with
a different prototype. I fixed this by removing the function / prototype
from the python wrapper while upstream removed the almost all BIO
related wrappers [2].
I would submit a pu bugs for python-cryptography if there is nothing
wrong with this one.

I am attaching a diff of the debian/ folder of the update (the openssl
part is replaced with the new version). The whole diff is 24MiB in size
and can be fetched from [4] compressed.

If the release team would like some additional tests, please let me
know.

[0] https://breakpoint.cc/openssl-rebuild/2018-09-02-rebuild-stretch-1.1.0i/
[1] https://github.com/openssl/openssl/pull/4493#discussion_r143505277
[2] https://github.com/pyca/cryptography/pull/4220
[3] https://breakpoint.cc/openssl-rebuild/2018-09-02-rebuild-stretch-python-cryptography/
[4] https://breakpoint.cc/openssl-rebuild/2018-09-02-rebuild-stretch-1.1.0i/ossl_1.1.0f-3deb9u2_to_1.1.0i.patch.xz

Sebastian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ossl_1.1.0f-3deb9u2_to_1.1.0i_debian.patch
Type: text/x-diff
Size: 13880 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-openssl-devel/attachments/20180904/3ae5693e/attachment-0001.patch>

More information about the Pkg-openssl-devel mailing list