[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Changelog unavailable / This change is not coming from a source that supports changelogs

Hi Piotr,

Thank you for your help. Strangely enough the problem finally resolved itself. Maybe this thread had something to do with it? I don't know.

 I notice with stable, changelogs sometimes take a few days to be published, whereas with Sid it was never a problem.

An additional thank you to all who helped me with this problem.

I wish you all a wonderful Summer!

Jul 1, 2022, 10:55 by piorunz@gmx.com:

> On 01/07/2022 07:24, Tixy wrote:
>
>> On Fri, 2022-07-01 at 04:46 +0200, icedgorilla wrote:
>>
>>> [...] Is this some sort of Man in The Middle attack or is there an easy explanation and a simple way to fix?
>>> # apt changelog openssl
>>>
>>> Err:1 https://metadata.ftp-master.debian.org openssl 1.1.1n-0+deb11u3 Changelog
>>>    Changelog unavailable for openssl=1.1.1n-0+deb11u3 (404  Not Found [IP: 146.75.94.132 443])
>>> E: Failed to fetch https://metadata.ftp-master.debian.org/changelogs/main/o/openssl/openssl_1.1.1n-0%2bdeb11u3_changelog ; Changelog unavailable for openssl=1.1.1n-0+deb11u3 (404  Not Found [IP: 146.75.94.132 443])
>>>
>>
>> It just means that version isn't available in the repositories. If you
>> get a list by pointing a web broswer at last directory in that URL
>> (https://metadata.ftp-master.debian.org/changelogs/main/o/openssl/)
>> you see 'u2' is the latest version.
>>
>> If you go to the package tracker at https://tracker.debian.org
>> and search for 'openssl' you get to a page that shows under 'news' that
>> the 'u3' version is 'embargoed'. Which means it's been produced but not
>> publicly available, this is done when packages have security fixes for
>> for vulnerabilities that haven't been publicly detailed yet.
>> There's been at lot of news in recent days about bugs in openssl.
>>
>> This doesn't answer why your machine is trying to download this 'u3'
>> version, perhaps it appeared transiently for a time your machine was
>> trying to update.
>>
>> Have you tried running 'apt update' to refresh the package list on you
>> computer.
>>
> This package version is out already.
>
> My system updated to this version couple of days ago:
> $ zcat history.log.1.gz | grep -B2 -A1 openssl
> Start-Date: 2022-06-27  06:17:36
> Commandline: /usr/bin/unattended-upgrade
> Upgrade: openssl:amd64 (1.1.1n-0+deb11u2, 1.1.1n-0+deb11u3)
> End-Date: 2022-06-27  06:17:53
>
>
> $ apt-cache policy openssl
> openssl:
>  Installed: 1.1.1n-0+deb11u3
>  Candidate: 1.1.1n-0+deb11u3
>  Version table:
>  *** 1.1.1n-0+deb11u3 500
>  500 http://security.debian.org/debian-security
> bullseye-security/main amd64 Packages
>  100 /var/lib/dpkg/status
>  1.1.1n-0+deb11u1 500
>  500 http://deb.debian.org/debian bullseye/main amd64 Packages
>
> $ apt changelog openssl
> openssl (1.1.1n-0+deb11u3) bullseye-security; urgency=medium
>
>  * CVE-2022-2068 (The c_rehash script allows command injection).
>  * Update expired certs.
>
>  -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Fri, 24 Jun
> 2022 22:22:19 +0200
>
>
> --
> With kindest regards, Piotr.
>
> ⢀⣴⠾⠻⢶⣦⠀
> ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
> ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
> ⠈⠳⣄⠀⠀⠀⠀
>
Reply to: