On Thu, Jan 14, 2021 at 05:43:00PM +0000, Adam D. Barratt wrote: > Hi, > > On Fri, 2021-01-08 at 23:59 +0100, Kurt Roeckx wrote: > > On Fri, Jan 08, 2021 at 11:39:13PM +0100, Sebastian Andrzej Siewior > > wrote: > [...] > > > The i release in unstable managed to migrate to testing. It was > > > blocked due to ci by m2crypto and swi-prolog. The swi-prolog issue > > > got fixed in unstable (the testuite was updated) and is not an > > > issue in stable (the package builds, the testsuite gets ignored). > > > The m2crypto issue is a different story and is still open in BTS > > > (#977655). I *think* someone added an override or the ci-system was > > > kind to Kurt/me and looked the other way :) > > > The m2crypto package in stable and bpo will FTBFS with the updated > > > openssl package. > > > > > > I'm not aware of other issues. > > > > I think there are at least 2 upstream issues since the 1.1.1i > > release we want to fix first. As far as I know, they haven't been > > fixed upstream yet. > > Just to confirm, these are issues that you'd want to have fixed before > adding 1.1.1i to stable, presumably requiring further uploads to > unstable first?
Yes. > Do you have pointers to upstream issues? They both got merged today: commit 76ed0c0ad119569f6e6f6c96b27b76d3b110413b (origin/OpenSSL_1_1_1-stable) Author: Dr. David von Oheimb <david.von.ohe...@siemens.com> Date: Mon Dec 28 11:25:59 2020 +0100 x509_vfy.c: Fix a regression in find_isser() ...in case the candidate issuer cert is identical to the target cert. Fixes #13739 Reviewed-by: Tomas Mraz <tm...@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13749) commit fb1e2411042f0367c2560e4ec5e4b1189ca9cd45 Author: Dr. David von Oheimb <david.von.ohe...@siemens.com> Date: Wed Dec 30 09:57:49 2020 +0100 X509_cmp(): Fix comparison in case x509v3_cache_extensions() failed to due to invalid cert This is the backport of #13755 to v1.1.1. Fixes #13698 Reviewed-by: Tomas Mraz <tm...@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13756) There are a whole bunch of other issues and pull requests related to this. I hope this is the end of the regressions in the X509 code. Kurt