1.1.1f

Bernd Edlinger bernd.edlinger at hotmail.de
Thu Mar 26 19:41:08 UTC 2020 

So I disagree, it is a bug when it is not constant time.


On 3/26/20 8:26 PM, Tim Hudson wrote:
> +1 for a release - and soon - and without bundling any more changes. The
> circumstances justify getting this fix out. But I also think we need to
> keep improvements that aren't bug fixes out of stable branches.
> 
> Tim.
> 
> On Fri, 27 Mar 2020, 3:12 am Matt Caswell, <matt at openssl.org> wrote:
> 
>> On 26/03/2020 15:14, Short, Todd wrote:
>>> This type of API-braking change should be reserved for something like
>>> 3.0, not a patch release.
>>>
>>> Despite it being a "incorrect", it is expected behavior.
>>>
>>
>> Right - but the question now is not whether we should revert it (it has
>> been reverted) - but whether this should trigger a 1.1.1f release soon?
>>
>> Matt
>>
>>> --
>>> -Todd Short
>>> // tshort at akamai.com <mailto:tshort at akamai.com>
>>> // “One if by land, two if by sea, three if by the Internet."
>>>
>>>> On Mar 26, 2020, at 11:03 AM, Dr. Matthias St. Pierre
>>>> <Matthias.St.Pierre at ncp-e.com <mailto:Matthias.St.Pierre at ncp-e.com>>
>>>> wrote:
>>>>
>>>> I agree, go ahead.
>>>>
>>>> Please also consider reverting the change for the 3.0 alpha release as
>>>> well, see Daniel Stenbergs comment
>>>> https://github.com/openssl/openssl/issues/11378#issuecomment-603730581
>>>> <
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_issues_11378-23issuecomment-2D603730581&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=87AtfQDFl1z9cdRP12QeRUizmgnW6ejbufNT40Gip4Q&s=djWoIIXyggxwOfbwrmYGrSJdR5tWm06IdzY9x9tDxkA&e=
>>>
>>>>
>>>> Matthias
>>>>
>>>>
>>>> *From**:* openssl-project <openssl-project-bounces at openssl.org
>>>> <mailto:openssl-project-bounces at openssl.org>> *On Behalf Of *Dmitry
>>>> Belyavsky
>>>> *Sent:* Thursday, March 26, 2020 3:48 PM
>>>> *To:* Matt Caswell <matt at openssl.org <mailto:matt at openssl.org>>
>>>> *Cc:* openssl-project at openssl.org <mailto:openssl-project at openssl.org>
>>>> *Subject:* Re: 1.1.1f
>>>>
>>>>
>>>> On Thu, Mar 26, 2020 at 5:14 PM Matt Caswell <matt at openssl.org
>>>> <mailto:matt at openssl.org>> wrote:
>>>>
>>>>     The EOF issue (https://github.com/openssl/openssl/issues/11378
>>>>     <
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_issues_11378&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=87AtfQDFl1z9cdRP12QeRUizmgnW6ejbufNT40Gip4Q&s=MAiLjfGJWaKvnBvqnM4fcyvGVfUyj9CDANO_vh4wfco&e=
>>> )
>>>>     has
>>>>     resulted in us reverting the original EOF change in the 1.1.1 branch
>>>>     (https://github.com/openssl/openssl/pull/11400
>>>>     <
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_pull_11400&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=87AtfQDFl1z9cdRP12QeRUizmgnW6ejbufNT40Gip4Q&s=3hBU2pt84DQlrY1dCnSn9x1ah1gSzH6NEO_bNRH-6DE&e=
>>> ).
>>>>
>>>>     Given that this seems to have broken quite a bit of stuff, I propose
>>>>     that we do a 1.1.1f soon (possibly next Tuesday - 31st March).
>>>>
>>>>     Thoughts?
>>>>
>>>>
>>>> I strongly support this idea.
>>>>
>>>> --
>>>> SY, Dmitry Belyavsky
>>>
>>
>

More information about the openssl-project mailing list