Niels Thykier <niels@thykier.net> (2017-06-03): > Kurt Roeckx: > > Package: release.debian.org > > User: release.debian.org@packages.debian.org > > Usertags: unblock > > Severity: normal > > > > Hi, > > > > I've uploaded a new upstream version of openssl that contains bug > > fixes. The Debian changelog says: > > * New upstream version > > - Fix regression in req -x509 (Closes: #839575) > > - Properly detect features on the AMD Ryzen processor > > (Closes: #861145) > > - Don't mention -tls1_3 in the manpage (Closes: #859191) > > * Update libssl1.1.symbols for new symbols > > * Update man-section.patch > > > > > > Kurt > > > > Hi, > > Fine by me. CC'ing KiBi for a d-i ack assuming he is ok with this > last minute change. Erm. The libssl1.1-udeb package is broken, as it fails to depend on an appropriate version of libcrypto1.1-udeb, which means I've just successfully built a debian-installer against testing with this addition: build/localudebs/libssl1.1-udeb_1.1.0f-1_amd64.udeb and gotten a broken wget: | wget: /usr/lib/libcrypto.so.1.1: version `OPENSSL_1_1_0f' not found (required by /usr/lib/libssl.so.1.1) See the missing version here: | $ dpkg --info build/localudebs/libssl1.1-udeb_1.1.0f-1_amd64.udeb|grep Depends: | Depends: libc6-udeb (>= 2.24), libcrypto1.1-udeb One could argue they're from the same source and that this isn't a practical problem since they're going to migrate at the same time and be used together in debian-installer, but further fun could come up when other packages start depending on particular symbols (hello wget), so I think I'd be nice to have this fixed. Maybe file this as an RC bug against openssl so that it isn't forgotten about, but ignore it for r0? That being said, an installer built against both updated udebs seem to work fine with regular http and https test cases, which is better news. Awaiting RT comments before d-i ACK'ing this update. KiBi.
Attachment:
signature.asc
Description: Digital signature