Hello,
Here's the same for openssl-1.0.2/stretch:
https://people.debian.org/~beuc/lts/openssl/
I also contributed to the launchpad bug for openssl where they have an
issue with trusty/openssl-1.0.1 so we can cross-review for jessie.
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1928989
Cheers!
Sylvain Beucler
Debian LTS Team
On 11/09/2021 23:21, Sylvain Beucler wrote:
Hello,
I have a stretch gnutls28 update ready for testing:
https://people.debian.org/~beuc/lts/gnutls28/
AFAICT this fixes wget and apt-transport-https.
On jessie the new testsuite unit is failing, I'm investigating.
I'd welcome tests on all kinds of certs to ensure no regression was
introduced.
No news wrt the openssl update yet.
Cheers!
Sylvain Beucler
Debian LTS Team
On 10/09/2021 20:47, Sylvain Beucler wrote:
Hello,
On 09/09/2021 19:11, Stefan Huehner wrote:
looking a tiny bit at changelog for gnutls buster it looks like the
backport was already done :)
3.6.7-4+deb10u5
the _16 + _17 patches from the description sound like what i
understand the fix is (explore alternative verification paths...)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961889
Thanks, that's a good reference for the gnutls part.
On 10/09/2021 10:55, Christoph Berg wrote:
Note that stretch and later are using libssl1.1 by default, so only
packages
who were actively patched to keep using 1.0 are affected.
Thanks.
This notably includes curl :/ So this needs fixing as well.
An openssl[1.0] update is underway, I'll coordinate with Thorsten.
Also, a work-around is to drop the expiring CA:
$ rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
$ update-ca-certificate