On Sun, 2020-03-22 at 17:29 +0100, Miro Hrončok wrote:
On 19. 03. 20 17:31, Tomas Mraz wrote:
> The new openssl-1.1.1e is coming to Rawhide.
>
> It reports premature EOF/improper shutdown on TLS connections more
> properly. However this might make some dependencies broken in build
> tests (such as Ruby).
>
> As I would like to eventually update the openssl also on stable
> branches because it brings many bugfixes please consider bringing
> eventual fixes/workarounds in depending packages also there.
Packages failing to build:
https://koschei.fedoraproject.org/affected-by/openssl?epoch1=1&versio...
https://koschei.fedoraproject.org/affected-by/openssl-devel?epoch1=1&...
That includes Python interpreters.
We have Python tests defined in the CI:
https://src.fedoraproject.org/rpms/openssl/blob/master/f/tests/tests_pyth...
Why have this upgrade never been tested that way?
I knew there will be actual problems so that is the reason why I sent
the heads up. Next time I'll make sure the CI is run as well, not sure
if it would make any difference in this case apart from maybe I would
open bugs right away?
Please do not push this to older releases until we fix this.
I will not push it to older releases. Most probably we will revert this
change in upstream 1.1.1 branch and I will update the rawhide build
with the revert patch as well. Anyway this change is going to stay in
the master branch of OpenSSL (for 3.0.0) so it is a good idea to be
able to handle it in the dependencies anyway.
--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]