[Bug 1190566] New: Python 3.6 does not include the compat fixes to work with OpenSSL 3.0.0
https://bugzilla.suse.com/show_bug.cgi?id=1190566 Bug ID: 1190566 Summary: Python 3.6 does not include the compat fixes to work with OpenSSL 3.0.0 Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs@suse.de Reporter: pmonrealgonzalez@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Python 3.10, 3.9 and 3.8 have released the compatibility fixes to build and work with OpenSSL 3.0.0. But python 3.6 does not include these fixes and it seems that upstream is not going to port them to 3.6. Note that many packages fail to build due to this in the staging project where we are testing the OpenSSL 3.0.0 update: * https://build.opensuse.org/project/show/openSUSE:Factory:Staging:Gcc7 I'm not sure about the plans to keep 3.6 in Factory or not. But, if 3.6 is going to stay in Factory for long, it would be convenient to have these fixes also in Factory in that case. Here is the upstream bug for this task with all the required commits: * Make Python compatible with OpenSSL 3.0.0: https://bugs.python.org/issue38820 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190566 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jsikes@suse.com, | |meissner@suse.com, | |pmonrealgonzalez@suse.com, | |vcizek@suse.com Blocks| |1172267 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190566 https://bugzilla.suse.com/show_bug.cgi?id=1190566#c1 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |steven.kowalik@suse.com Assignee|screening-team-bugs@suse.de |mcepl@suse.com --- Comment #1 from Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> --- I'm assigning this to Matej and adding Steven in CC. Please, let me know if this is correctly assigned. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190566 https://bugzilla.suse.com/show_bug.cgi?id=1190566#c2 --- Comment #2 from Matej Cepl <mcepl@suse.com> --- (In reply to Pedro Monreal Gonzalez from comment #0)
I'm not sure about the plans to keep 3.6 in Factory or not. But, if 3.6 is going to stay in Factory for long, it would be convenient to have these fixes also in Factory in that case.
How long is long? We will probably phase out 3.6 after 3.10 is released (and we switch our packages to it), which is planned to be 4.10. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190566 https://bugzilla.suse.com/show_bug.cgi?id=1190566#c3 --- Comment #3 from Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> --- (In reply to Matej Cepl from comment #2)
(In reply to Pedro Monreal Gonzalez from comment #0)
I'm not sure about the plans to keep 3.6 in Factory or not. But, if 3.6 is going to stay in Factory for long, it would be convenient to have these fixes also in Factory in that case.
How long is long? We will probably phase out 3.6 after 3.10 is released (and we switch our packages to it), which is planned to be 4.10.
Two weeks in definitely not long in our time scale, we can wait for that to happen. Our plan is to have openssl-3 ready first in Factory and then submit to SLE-15-SP4. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190566 https://bugzilla.suse.com/show_bug.cgi?id=1190566#c11 --- Comment #11 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2022:0013-1: An update that has four recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1187338,1190566,1192249,1193179 CVE References: JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): python36-core-3.6.15-16.2 SUSE Linux Enterprise Server 12-SP5 (src): python36-3.6.15-16.2, python36-core-3.6.15-16.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190566 https://bugzilla.suse.com/show_bug.cgi?id=1190566#c13 --- Comment #13 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2022:0048-1: An update that has three recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1190566,1192249,1193179 CVE References: JIRA References: Sources used: SUSE Linux Enterprise Module for Development Tools 15-SP3 (src): python3-core-3.6.15-10.15.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): python3-3.6.15-10.15.1, python3-core-3.6.15-10.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190566 https://bugzilla.suse.com/show_bug.cgi?id=1190566#c14 --- Comment #14 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-RU-2022:0048-1: An update that has three recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1190566,1192249,1193179 CVE References: JIRA References: Sources used: openSUSE Leap 15.3 (src): python3-3.6.15-10.15.1, python3-core-3.6.15-10.15.1, python3-documentation-3.6.15-10.15.1 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190566 https://bugzilla.suse.com/show_bug.cgi?id=1190566#c15 --- Comment #15 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-RU-2022:0048-1: An update that has three recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1190566,1192249,1193179 CVE References: JIRA References: Sources used: openSUSE Leap 15.3 (src): python3-3.6.15-10.15.1, python3-core-3.6.15-10.15.1, python3-documentation-3.6.15-10.15.1 openSUSE Backports SLE-15-SP2 (src): python-stestr-2.6.0-bp152.4.13.1 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190566 https://bugzilla.suse.com/show_bug.cgi?id=1190566#c19 --- Comment #19 from Swamp Workflow Management <swamp@suse.de> --- SUSE-SU-2022:2351-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1186819,1190566,1192249,1193179,1198511 CVE References: CVE-2015-20107,CVE-2021-3572 JIRA References: Sources used: SUSE Manager Server 4.1 (src): python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1 SUSE Manager Retail Branch Server 4.1 (src): python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1 SUSE Manager Proxy 4.1 (src): python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1 SUSE Linux Enterprise Server for SAP 15 (src): python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1 SUSE Linux Enterprise Server 15-LTSS (src): python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1 SUSE Linux Enterprise Micro 5.1 (src): python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1 SUSE Enterprise Storage 7 (src): python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1 SUSE Enterprise Storage 6 (src): python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1 SUSE CaaS Platform 4.0 (src): python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com