Bug#1051884: bullseye-pu: package openssl/1.1.1w-0~deb11u1

[Sebastian Andrzej Siewior]

Package: release.debian.org
Control: affects -1 + src:openssl
User: release.d...@packages.debian.org
Usertags: pu
Tags: bullseye
Severity: normal

OpenSSL upstream released 1.1.1w which the last stable update to the
1.1.1 series because it is EOL since last Monday.
The update is fairly small and contains a few fixes for memory leaks.
The mentioned CVE affects only Windows.

Sebastian

[Adam D Barratt]

package release.debian.org
tags 1051884 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==============

Package: openssl
Version: 1.1.1w-0~deb11u1

Explanation: new upstream stable release

[Cyril Brulebois]

Hi,

Sebastian Andrzej Siewior <seba...@breakpoint.cc> (2023-09-13):

The updated libssl1.1-udeb cannot be installed:

$ dpkg --info binary-libssl1.1-udeb/libssl1.1-udeb_1.1.1w-0~deb11u1_amd64.udeb | grep Depends
Depends: libc6-udeb (>= 2.31), libcrypto1.1-udeb (>= 1.1.1w)

versus:

libcrypto1.1-udeb | 1.1.1w-0~deb11u1 | oldstable-proposed-updates | amd64, arm64, armel, armhf, i386, mips64el, mipsel, ppc64el, s390x

which leads to:

The following packages have unmet dependencies:
libssl1.1-udeb : Depends: libcrypto1.1-udeb (>= 1.1.1w) but 1.1.1w-0~deb11u1 is to be installed


Cheers,
--
Cyril Brulebois (ki...@debian.org) <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant

[Adam D. Barratt]

On Wed, 2023-09-13 at 22:48 +0200, Sebastian Andrzej Siewior wrote:
> OpenSSL upstream released 1.1.1w which the last stable update to the
> 1.1.1 series because it is EOL since last Monday.
> The update is fairly small and contains a few fixes for memory leaks.
> The mentioned CVE affects only Windows.
>

Unfortunately, the version format change from -0+deb11uX to -0~deb11uX
has broken the installer.

The udebs end up with dependencies of the form ">= 1.1.1w", which
1.1.1w-0~deb11u1 doesn't fulfil. Assuming I'm not missing anything,
could we have an upload that uses the -0+ style of versioning ASAP,
please?

Regards,

Adam

[Cyril Brulebois]

Adam D. Barratt <ad...@adam-barratt.org.uk> (2023-10-02):

> Unfortunately, the version format change from -0+deb11uX to -0~deb11uX
> has broken the installer.
>
> The udebs end up with dependencies of the form ">= 1.1.1w", which
> 1.1.1w-0~deb11u1 doesn't fulfil. Assuming I'm not missing anything,
> could we have an upload that uses the -0+ style of versioning ASAP,
> please?

Trying to understand the reasons behind the versioning scheme switch, it
seems the debian/bullseye branch is still at 1.1.1v-0~deb11u1 (without a
tag).

[Sebastian Andrzej Siewior]

On 2023-10-02 13:41:17 [+0200], Cyril Brulebois wrote:
> Adam D. Barratt <ad...@adam-barratt.org.uk> (2023-10-02):
> > Unfortunately, the version format change from -0+deb11uX to -0~deb11uX
> > has broken the installer.
> >
> > The udebs end up with dependencies of the form ">= 1.1.1w", which
> > 1.1.1w-0~deb11u1 doesn't fulfil. Assuming I'm not missing anything,
> > could we have an upload that uses the -0+ style of versioning ASAP,
> > please?
>
> Trying to understand the reasons behind the versioning scheme switch, it
> seems the debian/bullseye branch is still at 1.1.1v-0~deb11u1 (without a
> tag).

Sorry for that. Just uploaded 1.1.1w-0+deb11u1 which solves that.

> Cheers,

Sebastian

[Adam D Barratt]

package release.debian.org
tags 1051884 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==============

Package: openssl

Version: 1.1.1w-0+deb11u1

Explanation: fix udeb dependencies by using -0+ version rather than -0~