Bug 6842 - [UPDATE REQUEST] openssl 1.0.1r -> 1.0.1s
: [UPDATE REQUEST] openssl 1.0.1r -> 1.0.1s
Status: VERIFIED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-03-14 18:20 MSK by Andrey Bondrov
Modified: 2016-03-29 12:00 MSD (History)
1 user (show)

See Also:
RPM Package: openssl
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
andrey.bondrov: published+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrey Bondrov 2016-03-14 18:20:44 MSK
We need to update OpenSSL and rebuild various packages to drop SSLv2 support.
Comment 1 Andrey Bondrov 2016-03-14 18:22:22 MSK
Advisory: "Update OpenSSL to new version 1.0.1s. This update fixes CVE-2016-0800, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799 and CVE-2016-0702. It also disables SSLv2 support."

https://abf.rosalinux.ru/build_lists/2627220
https://abf.rosalinux.ru/build_lists/2627221

P.S. Rebuilt packages are coming later. It may take quite much time to rebuild them.
Comment 5 Andrey Bondrov 2016-03-17 20:01:14 MSK
One more package from Main:

28. fetchmail:
https://abf.rosalinux.ru/build_lists/2627782
https://abf.rosalinux.ru/build_lists/2627783
Comment 7 Vladimir Potapov 2016-03-22 14:14:23 MSK
> 19. libtorrent-rasterbar:
> https://abf.rosalinux.ru/build_lists/2627784
> https://abf.rosalinux.ru/build_lists/2627785

deluge
[ERROR   ] 18:12:58 ui:168 cannot import name crypto
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/deluge/ui/ui.py", line 149, in __init__
    from deluge.ui.gtkui.gtkui import GtkUI
  File "/usr/lib/python2.7/site-packages/deluge/ui/gtkui/__init__.py", line 1, in <module>
    from gtkui import start
  File "/usr/lib/python2.7/site-packages/deluge/ui/gtkui/gtkui.py", line 87, in <module>
    from deluge.ui.client import client
  File "/usr/lib/python2.7/site-packages/deluge/ui/client.py", line 37, in <module>
    from twisted.internet import reactor, ssl, defer
  File "/usr/lib64/python2.7/site-packages/twisted/internet/ssl.py", line 59, in <module>
    from OpenSSL import SSL
  File "/usr/lib64/python2.7/site-packages/OpenSSL/__init__.py", line 36, in <module>
    from OpenSSL import crypto
ImportError: cannot import name crypto
[ERROR   ] 18:12:58 ui:169 There was an error whilst launching the request UI: gtk
[ERROR   ] 18:12:58 ui:170 Look at the traceback above for more information.
Comment 8 Vladimir Potapov 2016-03-23 16:56:06 MSK
deluge error

:0: UserWarning: You do not have a working installation of the service_identity module: 'No module named service_identity'.  Please install it from <https://pypi.python.org/pypi/service_identity> and make sure all of its dependencies are satisfied.  Without the service_identity module and a recent enough pyOpenSSL to support it, Twisted can perform only rudimentary TLS client hostname verification.  Many valid certificate/hostname mappings may be rejected.
Comment 9 Vladimir Potapov 2016-03-23 17:05:19 MSK
(In reply to comment #8)
> deluge error
> 
> :0: UserWarning: You do not have a working installation of the
> service_identity module: 'No module named service_identity'.  Please install
> it from <https://pypi.python.org/pypi/service_identity> and make sure all of
> its dependencies are satisfied.  Without the service_identity module and a
> recent enough pyOpenSSL to support it, Twisted can perform only rudimentary
> TLS client hostname verification.  Many valid certificate/hostname mappings
> may be rejected.

http://bugs.rosalinux.ru/show_bug.cgi?id=6871
Comment 10 Vladimir Potapov 2016-03-23 18:04:16 MSK
The update is sent to expanded testing
***************************************
Comment 11 Vladimir Potapov 2016-03-28 21:53:28 MSD
openssl-1.0.1s-2
https://abf.rosalinux.ru/build_lists/2627220
https://abf.rosalinux.ru/build_lists/2627221

qt4-4.8.7-2
https://abf.rosalinux.ru/build_lists/2627230
https://abf.rosalinux.ru/build_lists/2627231

qt5-5.5.1-4
https://abf.rosalinux.ru/build_lists/2627448
https://abf.rosalinux.ru/build_lists/2627449

qca2-2.0.3-7
https://abf.rosalinux.ru/build_lists/2627486
https://abf.rosalinux.ru/build_lists/2627487

qca2-qt5-2.1.1-2
https://abf.rosalinux.ru/build_lists/2627490
https://abf.rosalinux.ru/build_lists/2627491

ruby-2.1.8-2
https://abf.rosalinux.ru/build_lists/2627690
https://abf.rosalinux.ru/build_lists/2627691

perl-Crypt-SSLeay-0.720.0-3
https://abf.rosalinux.ru/build_lists/2627692
https://abf.rosalinux.ru/build_lists/2627693

perl-Net-SSLeay-1.720.0-2
https://abf.rosalinux.ru/build_lists/2627694
https://abf.rosalinux.ru/build_lists/2627695

php-5.6.19-1
https://abf.rosalinux.ru/build_lists/2627696
https://abf.rosalinux.ru/build_lists/2627697

python-2.7.11-2
https://abf.rosalinux.ru/build_lists/2627700
https://abf.rosalinux.ru/build_lists/2627701

python-m2crypto-0.21.1-6
https://abf.rosalinux.ru/build_lists/2627716
https://abf.rosalinux.ru/build_lists/2627717

python-OpenSSL-0.13.1-6
https://abf.rosalinux.ru/build_lists/2627724
https://abf.rosalinux.ru/build_lists/2627725

apache-2.4.18-2
https://abf.rosalinux.ru/build_lists/2627772
https://abf.rosalinux.ru/build_lists/2627773

curl-7.47.1-2
https://abf.rosalinux.ru/build_lists/2627788
https://abf.rosalinux.ru/build_lists/2627789

distcache-1.5.1-25
https://abf.rosalinux.ru/build_lists/2627780
https://abf.rosalinux.ru/build_lists/2627781

libtorrent-rasterbar-1.0.7-2
https://abf.rosalinux.ru/build_lists/2627784
https://abf.rosalinux.ru/build_lists/2627785

nail-12.4-14
https://abf.rosalinux.ru/build_lists/2627786
https://abf.rosalinux.ru/build_lists/2627787

neon-0.30.1-2
https://abf.rosalinux.ru/build_lists/2627790
https://abf.rosalinux.ru/build_lists/2627791

partimage-0.6.9-4
https://abf.rosalinux.ru/build_lists/2627798
https://abf.rosalinux.ru/build_lists/2627799

stunnel-5.28-2
https://abf.rosalinux.ru/build_lists/2627802
https://abf.rosalinux.ru/build_lists/2627803

squid-3.5.15-2
https://abf.rosalinux.ru/build_lists/2627800
https://abf.rosalinux.ru/build_lists/2627801


w3c-libwww-5.4.1-0.20061204.10
https://abf.rosalinux.ru/build_lists/2627804
https://abf.rosalinux.ru/build_lists/2627805

wget-1.17.1-2
https://abf.rosalinux.ru/build_lists/2627792
https://abf.rosalinux.ru/build_lists/2627793

fetchmail-6.3.26-3
https://abf.rosalinux.ru/build_lists/2627782
https://abf.rosalinux.ru/build_lists/2627783

************************* Advisory **************************
Update OpenSSL to new version 1.0.1s. This update fixes CVE-2016-0800, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799 and CVE-2016-0702. It also disables SSLv2 support.
*************************************************************
QA Verified