control: retitle -1 buster-pu: package openssl/1.1.1h-1 On 2020-05-02 22:34:40 [+0100], Adam D. Barratt wrote: > > > Do we have any feeling for how widespread such certificates might > > > be? > > > The fact that there have been two different upstream reports isn't > > > particularly comforting. > > > > This is correct. I don't know if there is tooling that is generating > > broken certificates or just some individuals. I updated my two > > OpenVPN instances and I saw clients connecting again. > > Thanks for the information.
look at that. I deployed it locally and forgot all about it. Now I was going to open a pu for 1.1.1h and noticed that I didn't finish this one. I hereby propose an update to 1.1.1h. There were no dramatic CVEs closed according to the news file, only | o Disallow explicit curve parameters in verifications chains when | X509_V_FLAG_X509_STRICT is used | o Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS | contexts | o Oracle Developer Studio will start reporting deprecation warnings is listed under "major changes" since the g release. We have h in unstable and testing. It took almost a month to migrate. It was first blocked by swi-prolog (#972862) which was cause by an "interesting" test suite. Test suite errors do not lead to build failures, only debci is/was affected. The fix included only an update to the testsuite. The same error is also present in the stable version of swi-prolog. However, this is not the only failure in the test suite (it also complains about too small keys) and there is no debci for stable which would cause a regression so I don't think that it is worth to address this in stable. The package builds fine from source. I'm attaching a debdiff against the proposed g release. > Regards, > > Adam Sebastian
1.1.1h.diff.xz
Description: application/xz
