| === cpaelzer_ is now known as cpaelzer | ||
| sudhackar | I am looking for some clarifications on what packages are affected with a USN. I see that some USNs mentions both binary and source packages like USN-5333-2 mentions both apache2 and apache2-bin. | 07:13 |
|---|---|---|
| sudhackar | Some just mention the vulnerabilities apply to a single package like systemd in https://ubuntu.com/security/notices/USN-5013-1 | 07:14 |
| sudhackar | I like that idea that all vulnerabilities apply to all the binary packages compiled from the source. But as a means of upgrading packages - irrelevant packages need not be upgraded if the vulnerability was applicable to a select few | 07:16 |
| sudhackar | If the vulnerability applied to just the source - the advisories should mention just the source not the binary packages no? | 07:17 |
| sudhackar | I also saw that official OVALs check for all applicable binary packages built from that source. | 07:17 |
| sudhackar | Please advise | 07:17 |
| mdeslaur | sudhackar: USN-5333-2 lists the apache2 binary package, not the apache2 source package | 11:26 |
| mdeslaur | sudhackar: the section that lists some binary packages is just a subset so that an admin can quickly tell if an update is installed or not. The USN applies to the whole source package, and all it's binary packages. | 11:27 |
| mdeslaur | s/it's/its/ | 11:27 |
| === ChanServ changed the topic of #ubuntu-security to: Twitter: @ubuntu_sec || https://usn.ubuntu.com || https://wiki.ubuntu.com/SecurityTeam || https://wiki.ubuntu.com/Security/Features || Community: pfsmorigo | ||
| teward | fyi while I know this is a foundations item they filed, I think Security should have a say? https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1965141 | 13:38 |
| ubottu | Launchpad bug 1965141 in openssl (Ubuntu) "openssl: package the new bugfix release 3.0.2" [Undecided, New] | 13:38 |
| teward | at least this late in the cycle I mean | 13:38 |
| teward | since this targets Jammy and it's OpenSSL which I know has a Security component to it, thought I'd ask if Security saw that | 13:39 |
| mdeslaur | teward: yes, I am aware of it | 13:40 |
| mdeslaur | thanks | 13:40 |
| teward | mdeslaur: check, thanks. just checking since this is one of the things I start saying "eeh, security chaos" | 13:40 |
| teward | :P | 13:40 |
| * mdeslaur adds comment | 13:42 | |
| schopin | teward: I was actually planing on asking here for sponsorship today :D | 14:16 |
| teward | heheh, makes sense. :P | 14:17 |
| teward | mdeslaur: i've got some spare cycles @ lunchtime here, if you don't mind me using my coredev to sponsor the openssl upload to jammy. Unless you want to take it since Security. | 14:17 |
| teward | schopin: hehe, well openssl is one of the things i keep on my radar 'cause it's so important to everything. | 14:17 |
| mdeslaur | teward: oh, please take it if you have some time, thanks! | 14:22 |
| teward | mdeslaur: yep yep. it's not git-ubuntu'd or anything special is it? I'm still a stickler for the old school "pull package, apply debdiff, test build, upload" approach :p | 14:22 |
| mdeslaur | I don't think so | 14:23 |
| teward | perfect, yeah most stuff isn't :P | 14:23 |
| schopin | teward: AFAIK pretty much no Foundation package uses git-ubuntu as its main contribution "mode". And TIA for the sponsoring :) | 15:00 |
| teward | schopin: i believe it. you never know though ;) | 15:00 |
| teward | i'll do my usual build testing locally BEFORE I upload though, 'cause OpenSSL is its own form of chaos. :P | 15:00 |
| teward | hm, just... one question | 15:01 |
| teward | is this going to need a rebuild of everything in Jammy first with it? | 15:01 |
| teward | 'cause... that's going to be a large transition task | 15:01 |
| teward | (if so) | 15:01 |
| schopin | teward: no, no ABI bump. The autopkgtests runners will run hot though | 15:04 |
| teward | check, never hurts to be thorough :p | 15:04 |
| teward | autopkgtests always run hot during releases thoug h:P | 15:04 |
| teward | just hope they don't explode ;P | 15:04 |
| mdeslaur | need more autopkgtest hamsters | 15:06 |
| teward | hey if i had the server space i'd happily help but I think Canonical has all the autopkgtest envs it needs xD | 15:07 |
| teward | schopin: i'm building (again) in my junk drawer which has risc enabled - https://launchpad.net/~teward/+archive/ubuntu/junk-drawer - so we'll be able to make sure that arch builds right too. If all looks good I'll upload direct to jammy | 15:14 |
| teward | (and yes i call it the 'junk drawer' because it's where i upload buildtests now xD) | 15:14 |
| teward | (and it's as close as I can get to the main distro builders :P) | 15:15 |
| teward | i had to pull the tar.gz and the sig off your ppa upload you did though 'cause i'm a lazy SOB :P | 15:15 |
| teward | mdeslaur: ^^ for your awareness as well | 15:15 |
| teward | schopin: mdeslaur: 3.0.2-0ubuntu1 uploaded ([ubuntu/jammy-proposed] openssl 3.0.2-0ubuntu1 (Accepted)) | 17:57 |
| teward | expect autopkgtests to run hot for a while :P | 17:57 |
| schopin | ACK | 17:58 |
| mdeslaur | awesome, thanks schopin, teward | 18:01 |
| teward | yep yep! | 18:02 |
| === hank_ is now known as hank | ||
| shalocin[m] | Really enjoying the lively and fun coverage by @ccdm_94 about hardening your Ubuntu server on the @amurray Ubuntu Security Podcast. Lots of things to consider... I wonder if I could suggest a follow up for a future episode (yes, yes, greedy I am!)... (full message at https://libera.ems.host/_matrix/media/r0/download/libera.chat/02b4c40e08cf4e4bf38c13a098530dde8e48390b) | 23:05 |
| sarnold | woo, thanks :) | 23:08 |
| amurray | thanks shalocin[m] - I've always wanted to try and do more 'discussion' type content on the podcast but finding times when everyone is available is challenging - but I think that is a great idea nonetheless and will see what we can do | 23:17 |
| shalocin[m] | s/doing/dropping/ | 23:18 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!