Discussion:
openssl 1.1.1 rebuild - need for help
Arkadiusz Miśkiewicz
2018-09-20 18:37:36 UTC
Permalink
openssl 1.1.1 rebuild, if anyone wants to help here is TODO list:

http://ep09.pld-linux.org/~pldth/qa.php?q=main-ready-test

Examples on how to fix things are at packages/*/openssl.patch mostly.
Also patches sometimes in debian, archlinux or upstream git of projects.
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
Adam Osuchowski
2018-09-20 18:57:08 UTC
Permalink
Post by Arkadiusz Miśkiewicz
http://ep09.pld-linux.org/~pldth/qa.php?q=main-ready-test
Examples on how to fix things are at packages/*/openssl.patch mostly. Also
patches sometimes in debian, archlinux or upstream git of projects.
I think, first of all we should to ensure that openssl 1.0.2 and 1.1.1 are
parallel installable, for instance by make openssl102 package. It would
allow old and new versions of the openssl API available and, thanks to it,
help in quiet migration.
Jacek Konieczny
2018-09-20 20:47:43 UTC
Permalink
Post by Adam Osuchowski
Post by Arkadiusz Miśkiewicz
http://ep09.pld-linux.org/~pldth/qa.php?q=main-ready-test
Examples on how to fix things are at packages/*/openssl.patch mostly. Also
patches sometimes in debian, archlinux or upstream git of projects.
I think, first of all we should to ensure that openssl 1.0.2 and 1.1.1 are
parallel installable, for instance by make openssl102 package. It would
allow old and new versions of the openssl API available and, thanks to it,
help in quiet migration.
+1

openssl 1.0.2 will also be required for many third-party binary software
(read: games).

Jacek
Arkadiusz Miśkiewicz
2018-09-21 05:06:01 UTC
Permalink
Post by Jacek Konieczny
Post by Adam Osuchowski
I think, first of all we should to ensure that openssl 1.0.2 and 1.1.1 are
parallel installable,
Be aware that mixing openssl libraries can lead to segfaults (if binary
uses libraries that are linked to different versions of openssl).
Post by Jacek Konieczny
Post by Adam Osuchowski
It would
allow old and new versions of the openssl API available and, thanks to it,
help in quiet migration.
+1
openssl 1.0.2 will also be required for many third-party binary software
(read: games).
just-install works at this moment, so it will work with openssl102 spec
if someone will do it.
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
Bartek Szady
2018-09-22 09:53:09 UTC
Permalink
Post by Arkadiusz Miśkiewicz
http://ep09.pld-linux.org/~pldth/qa.php?q=main-ready-test
qt4-plugin-qca-ossl is obsoleted by qca.

    Bartek
Adam Golebiowski
2018-09-24 21:31:15 UTC
Permalink
Post by Arkadiusz Miśkiewicz
http://ep09.pld-linux.org/~pldth/qa.php?q=main-ready-test
Examples on how to fix things are at packages/*/openssl.patch mostly.
Also patches sometimes in debian, archlinux or upstream git of projects.
botan should be dropped in favour of botan2:
error: #error "OpenSSL 1.1 API not supported in Botan 1.10, upgrade to 2.x"
Arkadiusz Miśkiewicz
2018-09-27 16:59:19 UTC
Permalink
Post by Arkadiusz Miśkiewicz
http://ep09.pld-linux.org/~pldth/qa.php?q=main-ready-test
Examples on how to fix things are at packages/*/openssl.patch mostly.
Also patches sometimes in debian, archlinux or upstream git of projects.
+- current TODO:

amanda.spec - update files
android-tools.spec
apache1-mod_ssl.spec - drop
botan.spec - drop
ckermit.spec
eagle-light.spec - binary, drop
efl.spec - drop with new enlightment
erlang-exmpp.spec - non-ssl fix needed just like partially done in
build.patch
freeradius-server.spec - needs update to 3.x
freerdp.spec - drop, there is freerdp2
ghasher.spec - needs openssl fix (or drop)
gsoap.spec - needs update to newer version
jhprimeminer.spec - drop, primecoin is dead I think
john.spec - needs update to git version
kannel.spec - needs update to 1.4.5
kphone.spec - format-security fixes needed
libeap-ikev2.spec - needs openssl fix
libjingle.speci - drop, obsolete protocols
libnasl.spec - needs openssl fix
links.spec
linuxdcpp.spec - needs c++ fix
monodevelop.spec
mstflint.spec - needs -Werror=format-overflow fixes
mythtv.spec
nessus-core.spec - depends on libnasl.spec
nx.spec - nxssh problematic
opal.spec - needs ffmpeg fixes
openssl-engine-tpm.spec
openvswitch.spec
pam-pam_p11.spec
pam-pam_ssh.spec
pgadmin3.spec - drop, TODO: finishing pgadmin4
phantomjs.spec
php52.spec - TODO, by me
php53-pecl-http.spec
php53-pecl-mongo.spec
php54-pecl-mongo.spec
php54.spec - drop
php55-pecl-http.spec
php55-pecl-mongo.spec
php56-pecl-http.spec
php56-pecl-mongo.spec
pjproject.spec
postfix.spec - finish %files
pound.spec
protoshares.spec
qdigidoc.spec
qt4-plugin-qca-ossl.spec - drop?
qt-plugin-qca-tls.spec - drop, obsoleted by qca.spec
rasdaman.spec - needs c++ fix
sblim-sfcb.spec - Makefile rules build fixes probably
skipfish.spec
spdylay.spec, drop
srp.spec, drop
srtp.spec, drop, obsoleted by libsrtp2
sylpheed.spec, drop - claws-mail.spec
telepathy-gabble.spec
telepathy-salut.spec
thrift.spec - builds but uses network while building which needs
workaround/fix
vtun.spec, drop
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
Jacek Konieczny
2018-09-27 18:08:13 UTC
Permalink
Post by Arkadiusz Miśkiewicz
pjproject.spec
Does anything use it? Except Asterisk, which uses own bundled version
(the patches and configuration included there is quite important for
proper Asterisk operation).

If not, then we can drop it and update only when needed.

Jacek
Jan Rękorajski
2018-10-21 11:37:14 UTC
Permalink
Post by Arkadiusz Miśkiewicz
http://ep09.pld-linux.org/~pldth/qa.php?q=main-ready-test
Examples on how to fix things are at packages/*/openssl.patch mostly.
Also patches sometimes in debian, archlinux or upstream git of projects.
[...]

Current status update:

android-tools drop
apache1-mod_ssl drop
eagle-light drop
efl drop
erlang-exmpp drop
freeradius-server needs update to 3.x
freerdp drop
hydra
jhprimeminer drop
john needs update to git version
kphone format-security fixes needed
libeap-ikev2 needs openssl fix
libjingle drop
links drop
linuxdcpp needs c++ fix
monodevelop
mstflint needs -Werror=format-overflow fixes
mythtv
nx nxssh problematic
openssl-engine-tpm
openvswitch
pam-pam_p11
pam-pam_ssh
pgadmin3 drop, TODO: finishing pgadmin4
phantomjs
pjproject
protoshares
qt-plugin-qca-tls drop, obsoleted by qca.spec
qt4-plugin-qca-ossl drop
rasdaman needs c++ fix
skipfish
srp drop
srtp drop, obsoleted by libsrtp2
sylpheed drop
--
Jan Rękorajski | PLD/Linux
SysAdm | baggins<at>pld-linux.org | http://www.pld-linux.org/
Adam Golebiowski
2018-10-21 20:13:50 UTC
Permalink
Post by Jan Rękorajski
Post by Arkadiusz Miśkiewicz
http://ep09.pld-linux.org/~pldth/qa.php?q=main-ready-test
Examples on how to fix things are at packages/*/openssl.patch mostly.
Also patches sometimes in debian, archlinux or upstream git of projects.
[...]
android-tools drop
apache1-mod_ssl drop
side note - drop apache1 all together. And by the same time drop php < 5.6 as well.
apache1 had its last release 8+ years ago, php 5.5 last release in July 2016.

We can drop php5.6 in couple of months - it will be eol-ed upstream by the end of the year.
Post by Jan Rękorajski
freerdp drop
this will pull down xrdp, vinagre - worth to fight for it?
Post by Jan Rękorajski
john needs update to git version
I will work on this one, git version is under active development
(6k+ commits ahead last -jumbo release)
Post by Jan Rękorajski
libeap-ikev2 needs openssl fix
have partial fix, will commit.
Post by Jan Rękorajski
protoshares
can be dropped.
--
adamg
Arkadiusz Miśkiewicz
2018-10-21 20:57:26 UTC
Permalink
Post by Adam Golebiowski
And by the same time drop php < 5.6 as well.
apache1 had its last release 8+ years ago, php 5.5 last release in July 2016.
We can drop php5.6 in couple of months - it will be eol-ed upstream by the end of the year.
I'm using all these old phps, so don't drop. All build fine with openssl
1.1.
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
Adam Golebiowski
2018-10-22 10:05:34 UTC
Permalink
Post by Arkadiusz Miśkiewicz
Post by Adam Golebiowski
And by the same time drop php < 5.6 as well.
apache1 had its last release 8+ years ago, php 5.5 last release in July 2016.
We can drop php5.6 in couple of months - it will be eol-ed upstream by the end of the year.
I'm using all these old phps, so don't drop. All build fine with openssl
1.1.
Just thought it is good time to drop some unused stuff.
But if there are people that still use those - no object from me.
--
adamg
glen
2018-10-22 08:34:56 UTC
Permalink
Post by Adam Golebiowski
Post by Jan Rękorajski
android-tools drop
apache1-mod_ssl drop
side note - drop apache1 all together. And by the same time drop php < 5.6 as well.
apache1 had its last release 8+ years ago, php 5.5 last release in July 2016.
We can drop php5.6 in couple of months - it will be eol-ed upstream by the end of the year.
also using apache 1.3 and php < 5.6 in infra.

if want to drop something, then candidates for php are rather:
- 5.4
- 5.5
- 7.0

mostly because there are no major changes with these versions, and that
extensions are present in pld.

but then this will remove uniqueness for pld where all php versions are
available and the maintenance cost is not that high.
--
glen
Andrzej Zawadzki
2018-10-23 12:16:40 UTC
Permalink
On 21.10.2018 22:13, Adam Golebiowski wrote:

On Sun, Oct 21, 2018 at 01:37:14PM +0200, Jan Rekorajski wrote:

On Thu, 27 Sep 2018, Arkadiusz Miskiewicz wrote:


On 20/09/2018 20:37, Arkadiusz Miskiewicz wrote:

openssl 1.1.1 rebuild, if anyone wants to help here is TODO list:

[1]http://ep09.pld-linux.org/~pldth/qa.php?q=main-ready-test

Examples on how to fix things are at packages/*/openssl.patch mostly.
Also patches sometimes in debian, archlinux or upstream git of projects.


+- current TODO:

[...]


freerdp drop

this will pull down xrdp, vinagre - worth to fight for it?

Use, freerdp2 (it's RC but works for me)

--

Andrzej

References

1. http://ep09.pld-linux.org/~pldth/qa.php?q=main-ready-test

Loading...