Bug 17229 - libressl to replace openssl
Summary: libressl to replace openssl
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: Mageia 7
Assignee: All Packagers
QA Contact:
URL: http://www.libressl.org
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-11-26 10:59 CET by Oden Eriksson
Modified: 2017-04-02 21:52 CEST (History)
4 users (show)

See Also:
Source RPM:
CVE:
Status comment: Needs to be proposed and accepted as feature for Mageia 7


Attachments

Description Oden Eriksson 2015-11-26 10:59:01 CET
I added libressl to cauldron that could be used to move away from openssl due to various reasons. Here's the initial check in:

http://svnweb.mageia.org/packages?view=revision&revision=905744

You could already do this for a subset of packages that supports it. Patches for various softwares can be downloaded from the libressl site.

For example apache 2.4.17 has this support upstream so it's just a matter of replacing "openssl" with "libressl" in the apache specfile and rebuild apache I believe.

Cheers.

Reproducible: 

Steps to Reproduce:
Comment 1 Luke Jones 2015-11-27 08:25:38 CET
Thanks for the heads up. I've got a few packages that will need updating.

CC: (none) => luke.nukem.jones

Comment 2 David Walser 2015-12-01 13:34:19 CET
Before we switch things to use libressl, this should go through as a proposed feature.  We already reviewed the features proposed for Mageia 6, but there might still be time to propose this.
Comment 3 Bjarne Thomsen 2016-03-17 12:42:45 CET
Is nginx going to be linked with libressl?
We already have
libressl-common-2.3.2-1.mga6.x86_64.rpm
libressl-2.3.2-1.mga6.x86_64.rpm
lib64libressl-devel-2.3.2-1.mga6.x86_64.rpm
in cauldron.

CC: (none) => bjarne.thomsen

Comment 4 David Walser 2016-03-18 19:32:32 CET
No, nothing should be linked with libressl in Mageia 6.  This can be revisited afterward.
Comment 5 Marja Van Waes 2016-11-09 22:15:55 CET
(In reply to David Walser from comment #4)
> No, nothing should be linked with libressl in Mageia 6.  This can be
> revisited afterward.

Adding to the Mageia 7 tracker, so the feature proposal won't be forgotten.

Assigning to all packagers collectively, because that seems better than keeping this future feature request assigned to BugSquad and ending up with no one proposing it.

Status comment: (none) => Needs to be proposed and accepted as feature for Mageia 7
CC: (none) => marja11
Blocks: (none) => 18932
Assignee: bugsquad => pkg-bugs
Target Milestone: --- => Mageia 7

Comment 6 Samuel Verschelde 2016-11-10 10:18:08 CET
(In reply to Marja van Waes from comment #5)
> (In reply to David Walser from comment #4)
> > No, nothing should be linked with libressl in Mageia 6.  This can be
> > revisited afterward.
> 
> Adding to the Mageia 7 tracker, so the feature proposal won't be forgotten.
> 
> Assigning to all packagers collectively, because that seems better than
> keeping this future feature request assigned to BugSquad and ending up with
> no one proposing it.

We haven't discussed it yet, but we intend to use the milestone as "we want it to be done for this version", not "we might want it to be done for this version".

David, Oden, can we consider it something that is good to do and that we will be able to do for Mageia 7, or should it stay as a "to be reviewed" enhancement request (in which case I'll remove the milestone for now).
Samuel Verschelde 2016-11-10 10:36:01 CET

Blocks: 18932 => (none)

Comment 7 Neal Gompa 2017-04-02 21:52:44 CEST
(In reply to Samuel Verschelde from comment #6)
> (In reply to Marja van Waes from comment #5)
> > (In reply to David Walser from comment #4)
> > > No, nothing should be linked with libressl in Mageia 6.  This can be
> > > revisited afterward.
> > 
> > Adding to the Mageia 7 tracker, so the feature proposal won't be forgotten.
> > 
> > Assigning to all packagers collectively, because that seems better than
> > keeping this future feature request assigned to BugSquad and ending up with
> > no one proposing it.
> 
> We haven't discussed it yet, but we intend to use the milestone as "we want
> it to be done for this version", not "we might want it to be done for this
> version".
> 
> David, Oden, can we consider it something that is good to do and that we
> will be able to do for Mageia 7, or should it stay as a "to be reviewed"
> enhancement request (in which case I'll remove the milestone for now).

Please put this in the "to be reviewed" state. With the way that OpenSSL development has been picking up and how some of the binary compatibility issues are being resolved with OpenSSL 1.1 release across all distros, it may be equally compelling to just do the move to OpenSSL 1.1.

CC: (none) => ngompa13
Hardware: i586 => All


Note You need to log in before you can comment on or make changes to this bug.