=== cpaelzer_ is now known as cpaelzer
sudhackarI am looking for some clarifications on what packages are affected with a USN. I see that some USNs mentions both binary and source packages like USN-5333-2 mentions both apache2 and apache2-bin.07:13
sudhackarSome just mention the vulnerabilities apply to a single package like systemd in https://ubuntu.com/security/notices/USN-5013-107:14
sudhackarI like that idea that all vulnerabilities apply to all the binary packages compiled from the source. But as a means of upgrading packages - irrelevant packages need not be upgraded if the vulnerability was applicable to a select few07:16
sudhackarIf the vulnerability applied to just the source - the advisories should mention just the source not the binary packages no?07:17
sudhackarI also saw that official OVALs check for all applicable binary packages built from that source.07:17
sudhackarPlease advise07:17
mdeslaursudhackar: USN-5333-2 lists the apache2 binary package, not the apache2 source package11:26
mdeslaursudhackar: the section that lists some binary packages is just a subset so that an admin can quickly tell if an update is installed or not. The USN applies to the whole source package, and all it's binary packages.11:27
=== ChanServ changed the topic of #ubuntu-security to: Twitter: @ubuntu_sec || https://usn.ubuntu.com || https://wiki.ubuntu.com/SecurityTeam || https://wiki.ubuntu.com/Security/Features || Community: pfsmorigo
tewardfyi while I know this is a foundations item they filed, I think Security should have a say?  https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/196514113:38
ubottuLaunchpad bug 1965141 in openssl (Ubuntu) "openssl: package the new bugfix release 3.0.2" [Undecided, New]13:38
tewardat least this late in the cycle I mean13:38
tewardsince this targets Jammy and it's OpenSSL which I know has a Security component to it, thought I'd ask if Security saw that13:39
mdeslaurteward: yes, I am aware of it13:40
tewardmdeslaur: check, thanks.  just checking since this is one of the things I start saying "eeh, security chaos"13:40
* mdeslaur adds comment13:42
schopinteward: I was actually planing on asking here for sponsorship today :D14:16
tewardheheh, makes sense.  :P14:17
tewardmdeslaur: i've got some spare cycles @ lunchtime here, if you don't mind me using my coredev to sponsor the openssl upload to jammy.  Unless you want to take it since Security.14:17
tewardschopin: hehe, well openssl is one of the things i keep on my radar 'cause it's so important to everything.14:17
mdeslaurteward: oh, please take it if you have some time, thanks!14:22
tewardmdeslaur: yep yep.  it's not git-ubuntu'd or anything special is it?  I'm still a stickler for the old school "pull package, apply debdiff, test build, upload" approach :p14:22
mdeslaurI don't think so14:23
tewardperfect, yeah most stuff isn't :P14:23
schopinteward: AFAIK pretty much no Foundation package uses git-ubuntu as its main contribution "mode". And TIA for the sponsoring :)15:00
tewardschopin: i believe it.  you never know though ;)15:00
tewardi'll do my usual build testing locally BEFORE I upload though, 'cause OpenSSL is its own form of chaos. :P15:00
tewardhm, just... one question15:01
tewardis this going to need a rebuild of everything in Jammy first with it?15:01
teward'cause... that's going to be a large transition task15:01
teward(if so)15:01
schopinteward: no, no ABI bump. The autopkgtests runners will run hot though15:04
tewardcheck, never hurts to be thorough :p15:04
tewardautopkgtests always run hot during releases thoug h:P15:04
tewardjust hope they don't explode ;P15:04
mdeslaurneed more autopkgtest hamsters15:06
tewardhey if i had the server space i'd happily help but I think Canonical has all the autopkgtest envs it needs xD15:07
tewardschopin: i'm building (again) in my junk drawer which has risc enabled - https://launchpad.net/~teward/+archive/ubuntu/junk-drawer - so we'll be able to make sure that arch builds right too.  If all looks good I'll upload direct to jammy15:14
teward(and yes i call it the 'junk drawer' because it's where i upload buildtests now xD)15:14
teward(and it's as close as I can get to the main distro builders :P)15:15
tewardi had to pull the tar.gz and the sig off your ppa upload you did though 'cause i'm a lazy SOB :P15:15
tewardmdeslaur: ^^ for your awareness as well15:15
tewardschopin: mdeslaur: 3.0.2-0ubuntu1 uploaded ([ubuntu/jammy-proposed] openssl 3.0.2-0ubuntu1 (Accepted))17:57
tewardexpect autopkgtests to run hot for a while :P17:57
mdeslaurawesome, thanks schopin, teward 18:01
tewardyep yep!18:02
=== hank_ is now known as hank
shalocin[m]Really enjoying the lively and fun coverage by @ccdm_94 about hardening your Ubuntu server on the @amurray Ubuntu Security Podcast. Lots of things to consider... I wonder if I could suggest a follow up for a future episode (yes, yes, greedy I am!)... (full message at https://libera.ems.host/_matrix/media/r0/download/libera.chat/02b4c40e08cf4e4bf38c13a098530dde8e48390b)23:05
sarnoldwoo, thanks :)23:08
amurraythanks shalocin[m] - I've always wanted to try and do more 'discussion' type content on the podcast but finding times when everyone is available is challenging - but I think that is a great idea nonetheless and will see what we can do23:17

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!