Bug 24433 - openssl versions in Mageia 7 will be EOL in less than a year
Summary: openssl versions in Mageia 7 will be EOL in less than a year
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: release_blocker normal
Target Milestone: Mageia 7
Assignee: Nicolas Lécureuil
QA Contact:
URL:
Whiteboard: MGA7TOO
Keywords:
Depends on:
Blocks:
 
Reported: 2019-02-27 03:58 CET by David Walser
Modified: 2019-09-11 02:15 CEST (History)
1 user (show)

See Also:
Source RPM: openssl-1.1.0j-1.mga7.src.rpm, compat-openssl10-1.0.2r-1.mga7.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2019-02-27 03:58:56 CET
Upstream has issued an advisory today (February 26):
https://www.openssl.org/news/secadv/20190226.txt

It contains this note:
OpenSSL 1.0.2 and 1.1.0 are currently only receiving security updates. Support
for 1.0.2 will end on 31st December 2019. Support for 1.1.0 will end on 11th
September 2019. Users of these versions should upgrade to OpenSSL 1.1.1.

Both OpenSSL versions in Cauldron will be EOL this year.  We should drop the compat-openssl10 package and migrate the openssl package to 1.1.1.
David Walser 2019-02-27 03:59:06 CET

Target Milestone: --- => Mageia 7
Priority: Normal => release_blocker

Comment 1 Marja Van Waes 2019-02-28 19:04:40 CET
Assigning to neoclust, because he is the registered maintainer of compat-openssl10 and there's no registered maintainer of openssl

Assignee: bugsquad => mageia
CC: (none) => marja11

Comment 2 Jani Välimaa 2019-03-03 14:23:11 CET
Source rpm list for packages still using oldest 1.0.x:
afbackup
botan
c-client
freepops
freeswitch
ghpsdr3-alex
harbour
ice
ipsec-tools
ircd-hybrid
jboss-web-native
libmsn
libofetion
libqxt
mongo-tools
netty-tcnative
pam_ssh
ptlib
sslscan
sslsniff
ucommon
ufdbguard
vdr-plugin-sc
w3c-libwww
wvstreams

There might be more pkgs BR'ing openssl 1.0.x, but mentioned pkgs uses the libs from it.
Comment 4 David Walser 2019-05-13 04:13:54 CEST
Just a reminder that nothing has been done with this yet.
Comment 5 David Walser 2019-09-11 02:15:53 CEST
OpenSSL 1.1.0 will be EOL in a few hours, and 1.0.2 will be in a few months...

Whiteboard: (none) => MGA7TOO


Note You need to log in before you can comment on or make changes to this bug.