Distro

[Spec] TLS 1.0 and 1.1 are disabled by default

The specification is now approved! TLS 1.0 and 1.1 is recognized as deprecated in Ubuntu too and while some softare stil enable these by default, this is considered a bug rather than a feature.

libtracefs

I got the package in a better shape, especially its testsuite which was superficial, and fixed/skipped/ignored half a dozen different issues in CI. The package has migrated and is in now in main. Thanks @upils , @slyon and @paelzer !

• Initial bug report to promote libtracefs in main
• Testsuite needs to be run
• Merge request

gnutls28

Prepared 3.8.5-2ubuntu1 which merges from debian and uses the upstream fix for the regression observed in 3.8.5 (no configuration file led to the wrong default configuration for a new setting). This is a late update in order to have as many fixes as possible for this core package, including security ones, and also future-proofing for the Ubuntu LTS as gnutls finally offers a way to disable RSAES-PKCS1-v1_5 which has been deprecated for decades and has been considered legacy for years. Thanks @vpa19771 for the review.

• Merge request
• Feature Freeze exception request

openssl

Like with gnutls28, I’m looking at using the most recent version possible for openssl. At the moment, 3.0.13 is already in the archive but there are fixes in the openssl-3.0 git branch which I’ve picked up in order to create 3.0.13+20240415.45c2a8-0ubuntu1.

• Merge request but I’m re-spinning it for a couple minor changes
• Feature Freeze exception request

Misc

• Created next week’s status report: Foundations Team Updates - Thursday 2024/04/25
• Work on automation to trigger tests in a PPA after the builds have been published; it’s very basic code but very convenient; thanks @andersson123 for the API key and @bryce for ppa-dev-tools