Releases retrieved: 23.3.0 Upstream release that is considered latest: 23.3.0 Current version/release in rawhide: 23.2.0-1.fc40 URL: https://pyopenssl.readthedocs.org/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_Monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/5535/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/pyOpenSSL
Created attachment 1995506 [details] Update to 23.3.0 (#2246256)
the-new-hotness/release-monitoring.org's scratch build of pyOpenSSL-23.3.0-1.fc38.src.rpm for rawhide completed http://koji.fedoraproject.org/koji/taskinfo?taskID=108115031
Releases retrieved: 24.0.0 Upstream release that is considered latest: 24.0.0 Current version/release in rawhide: 23.2.0-1.fc40 URL: https://pyopenssl.readthedocs.org/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_Monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/5535/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/pyOpenSSL
Scratch build failed. Details below: BuilderException: Build failed: Couldn't upload source /var/tmp/thn-dxx0r8x9/./SRPMS/pyOpenSSL-24.0.0-1.fc38.src.rpm to koji. Traceback: File "/usr/local/lib/python3.11/site-packages/hotness/use_cases/package_scratch_build_use_case.py", line 56, in build result = self.builder.build(request.package, request.opts) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/hotness/builders/koji.py", line 252, in build output["build_id"] = self._scratch_build(session, package.name, srpm) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/hotness/builders/koji.py", line 477, in _scratch_build raise BuilderException("Couldn't upload source {} to koji.".format(source)) If you think this issue is caused by some bug in the-new-hotness, please report it on the-new-hotness issue tracker: https://github.com/fedora-infra/the-new-hotness/issues
Releases retrieved: 24.1.0 Upstream release that is considered latest: 24.1.0 Current version/release in rawhide: 23.2.0-3.fc40 URL: https://pyopenssl.readthedocs.org/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_Monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/5535/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/pyOpenSSL
Created attachment 2020852 [details] Update to 24.1.0 (#2246256)
the-new-hotness/release-monitoring.org's scratch build of pyOpenSSL-24.1.0-1.fc38.src.rpm for rawhide completed http://koji.fedoraproject.org/koji/taskinfo?taskID=114734036
Could you please update the package as soon as possible and build it in my side tags for python-cryptography 42.0? The latest version is required to block a security update. - f41-build-side-86213 - f40-build-side-86215 - f39-build-side-86167 The F39 side tag does not have python-cryptography, yet. I'm waiting for rust-pem and rust-openssl updates.
I have merged your patch and sent a build for F41 and, looking at the policy, I guess it's probably OK to do it for F40, so I'll do that too. But I'm worried it's not appropriate for F39. This patch would bump F39 through two versions - 23.3.0 and 23.4.1 - which note 'backward-incompatible changes' in the upstream changelog: 23.3.0 ====== * Removed OpenSSL.crypto.load_pkcs7 and OpenSSL.crypto.load_pkcs12 which had been deprecated for 3 years. * Added OpenSSL.SSL.OP_LEGACY_SERVER_CONNECT to allow legacy insecure renegotiation between OpenSSL and unpatched servers. #1234. 23.4.1 ====== * Removed the deprecated OpenSSL.crypto.PKCS12 and OpenSSL.crypto.NetscapeSPKI. OpenSSL.crypto.PKCS12 may be replaced by the PKCS#12 APIs in the cryptography package. The Fedora Updates Policy for stable releases says: "Updates should be carefully considered with respect to their dependencies. An update that required (or provided) a new Python ABI, for example, would almost certainly not be allowed. ABI changes in general are very strongly discouraged, they force larger update sets on users and they make life difficult for third-party packagers." https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/#stable-releases this does not seem to respect that. Is there any way we can resolve the security issue without the backwards-incompatible changes? Yes, I know the things removed were deprecated, but if doing Python release bumps in Fedora has taught us anything, it's that people use deprecated stuff *all the time*.
sigh, I muffed the version numbers up there. s/23.4.1/24.1.0/g
Releases retrieved: 24.2.1 Upstream release that is considered latest: 24.2.1 Current version/release in rawhide: 24.1.0-2.fc41 URL: https://pyopenssl.readthedocs.org/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_Monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/5535/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/pyOpenSSL
Scratch build failed. Details below: BuilderException: Build failed: Command '['rpmbuild', '-D', '_sourcedir .', '-D', '_topdir .', '-bs', '/var/tmp/thn-rduyltrv/pyOpenSSL.spec']' returned non-zero exit status 1. StdOut: setting SOURCE_DATE_EPOCH=1721433600 error: Bad file: ./pyOpenSSL-24.2.1.tar.gz: No such file or directory RPM build errors: Bad file: ./pyOpenSSL-24.2.1.tar.gz: No such file or directory Traceback: File "/usr/local/lib/python3.12/site-packages/hotness/use_cases/package_scratch_build_use_case.py", line 56, in build result = self.builder.build(request.package, request.opts) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/hotness/builders/koji.py", line 229, in build raise BuilderException( If you think this issue is caused by some bug in the-new-hotness, please report it on the-new-hotness issue tracker: https://github.com/fedora-infra/the-new-hotness/issues
Created attachment 2040051 [details] Update to 24.2.1 (#2246256)
FEDORA-2024-f62eda62b5 (pyOpenSSL-24.2.1-1.fc41, python-cryptography-43.0.0-2.fc41, and 2 more) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2024-f62eda62b5
FEDORA-2024-42d8c5bd2d (freeipa-4.12.1-3.fc42, pyOpenSSL-24.2.1-1.fc42, and 4 more) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2024-42d8c5bd2d
FEDORA-2024-42d8c5bd2d (freeipa-4.12.1-3.fc42, pyOpenSSL-24.2.1-1.fc42, and 4 more) has been pushed to the Fedora 42 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-f62eda62b5 (freeipa-4.12.1-2.fc41, pyOpenSSL-24.2.1-1.fc41, and 3 more) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report.