Re: Bug#959469: buster-pu: package openssl/1.1.1g-1
On Thu, Jan 14, 2021 at 05:43:00PM +0000, Adam D. Barratt wrote:
> Hi,
>
> On Fri, 2021-01-08 at 23:59 +0100, Kurt Roeckx wrote:
> > On Fri, Jan 08, 2021 at 11:39:13PM +0100, Sebastian Andrzej Siewior
> > wrote:
> [...]
> > > The i release in unstable managed to migrate to testing. It was
> > > blocked due to ci by m2crypto and swi-prolog. The swi-prolog issue
> > > got fixed in unstable (the testuite was updated) and is not an
> > > issue in stable (the package builds, the testsuite gets ignored).
> > > The m2crypto issue is a different story and is still open in BTS
> > > (#977655). I *think* someone added an override or the ci-system was
> > > kind to Kurt/me and looked the other way :)
> > > The m2crypto package in stable and bpo will FTBFS with the updated
> > > openssl package.
> > >
> > > I'm not aware of other issues.
> >
> > I think there are at least 2 upstream issues since the 1.1.1i
> > release we want to fix first. As far as I know, they haven't been
> > fixed upstream yet.
>
> Just to confirm, these are issues that you'd want to have fixed before
> adding 1.1.1i to stable, presumably requiring further uploads to
> unstable first?
Yes.
> Do you have pointers to upstream issues?
They both got merged today:
commit 76ed0c0ad119569f6e6f6c96b27b76d3b110413b (origin/OpenSSL_1_1_1-stable)
Author: Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Date: Mon Dec 28 11:25:59 2020 +0100
x509_vfy.c: Fix a regression in find_isser()
...in case the candidate issuer cert is identical to the target cert.
Fixes #13739
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13749)
commit fb1e2411042f0367c2560e4ec5e4b1189ca9cd45
Author: Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Date: Wed Dec 30 09:57:49 2020 +0100
X509_cmp(): Fix comparison in case x509v3_cache_extensions() failed to due to invalid cert
This is the backport of #13755 to v1.1.1.
Fixes #13698
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13756)
There are a whole bunch of other issues and pull requests related to
this. I hope this is the end of the regressions in the X509 code.
Kurt
Reply to: