On 12/21/20 2:51 AM, Debian Bug Tracking System wrote:
I'd expect the update of ntpsec triggers too the update of libssl1.1 to a compatible version.
I ended up taking the opposite approach. I patched out the OpenSSL build vs install version check from upstream NTPsec. While I definitely think one should stay current on (packaged versions of) OpenSSL, there is no good reason to force the upgrade in this scenario. We should be able to assume that dpkg-shlibdeps is generating correct dependencies. In this case, it would have been just fine for ntpd to run.
This version check is arguably somewhat useful in the general case, but I believe it largely exists as part of an effort to avoid 1.1.1a which is buggy and/or to ensure that a new enough version is present for NTS. I've added an explicit dependency on >= 1.1.1b.
Note that this fix is only in unstable at the moment. I will update buster-backports once the fixed version migrates to testing, as required by backports policy.
-- Richard
