You are not logged in.
- Topics: Active | Unanswered
#1 2022-11-03 13:12:18
- gerardr
- Member
- Registered: 2021-05-31
- Posts: 6
Openssl 1.1.1s bug fix upgrade released 2022-11-01 (along with 3.0.7)
Hi!
At the same time the security patch for Openssl 3.0 (3.0.7) was released, Openssl 1.1.1s was released.
In the package lists, I haven't seen any mention of this, so I thought I should post this.
Thanks!
Offline
#2 2022-11-03 13:30:36
- graysky
- Wiki Maintainer
- From: :wq
- Registered: 2008-12-01
- Posts: 10,597
- Website
Re: Openssl 1.1.1s bug fix upgrade released 2022-11-01 (along with 3.0.7)
You can flag out of date here but someone beat you to it: https://archlinux.org/packages/?sort=&q=openssl
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
#3 2022-11-03 13:38:34
- fredbezies
- Member
- Registered: 2011-07-28
- Posts: 353
Re: Openssl 1.1.1s bug fix upgrade released 2022-11-01 (along with 3.0.7)
I noticed I put my finger on the wrong tool. It is a crash with a 3rd party gnome-extension which was crashing every time the session.
Sorry for the noise. You can close the thread if you want to.
Offline
#4 2022-11-03 13:54:55
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 11,544
Re: Openssl 1.1.1s bug fix upgrade released 2022-11-01 (along with 3.0.7)
Hi!
At the same time the security patch for Openssl 3.0 (3.0.7) was released, Openssl 1.1.1s was released.
In the package lists, I haven't seen any mention of this, so I thought I should post this.
Thanks!
Look a little closer. https://archlinux.org/packages/testing/ … enssl-1.1/
Offline
#5 2022-11-03 13:55:10
- gerardr
- Member
- Registered: 2021-05-31
- Posts: 6
Re: Openssl 1.1.1s bug fix upgrade released 2022-11-01 (along with 3.0.7)
You can flag out of date here but someone beat you to it: https://archlinux.org/packages/?sort=&q=openssl
Right, thanks, but that flag is very old, and since Openssl 1.1.1r was retracted for a regression error, it looks like Openssl 1.1 got frozen.
Offline
#6 2022-11-03 14:18:37
- gerardr
- Member
- Registered: 2021-05-31
- Posts: 6
Re: Openssl 1.1.1s bug fix upgrade released 2022-11-01 (along with 3.0.7)
Look a little closer. https://archlinux.org/packages/testing/ … enssl-1.1/
OK, thanks. I had checked just before I posted. HOWEVER, when I search for Openssl in Packages, in the results' "Exact Matches" section, I see the Testing 3.0.7 row, but only the out-of-date Core 1.1 row. The Testing 1.1 row does show up in the bulk results below the "Exact Matches" section, but I didn't scroll down that far when I checked.
Shouldn't both the Core and Testing rows for Openssl 1.1 show up in the "Exact Matches" section of the search results?
Thanks all. This topic can be closed at this point.
Offline
#7 2022-11-03 14:21:47
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 11,544
Re: Openssl 1.1.1s bug fix upgrade released 2022-11-01 (along with 3.0.7)
The testing package name is different, so it's not an exact match.
Offline
#8 2022-11-03 15:08:36
- gerardr
- Member
- Registered: 2021-05-31
- Posts: 6
Re: Openssl 1.1.1s bug fix upgrade released 2022-11-01 (along with 3.0.7)
The testing package name is different, so it's not an exact match.
Understood, thanks. It's now clear that Core Openssl is being phased to version 3.0 from 1.1 (the long-term-support version).
So, will the Core Openssl (the "Exact Match" one) get the 1.1.1s bug fix update, or is it stuck waiting for version 3.0.7 to move out of Testing?
Offline
#9 2022-11-03 15:20:32
- loqs
- Member
- Registered: 2014-03-06
- Posts: 17,322
Re: Openssl 1.1.1s bug fix upgrade released 2022-11-01 (along with 3.0.7)
Updates for packages in core are required to first be published to testing. So the next update to openssl will be 3.0.7.
Offline
#10 2022-11-07 11:59:17
- dietzi96
- Member
- Registered: 2015-07-04
- Posts: 17
Re: Openssl 1.1.1s bug fix upgrade released 2022-11-01 (along with 3.0.7)
Scimmia wrote:The testing package name is different, so it's not an exact match.
Understood, thanks. It's now clear that Core Openssl is being phased to version 3.0 from 1.1 (the long-term-support version).
So, will the Core Openssl (the "Exact Match" one) get the 1.1.1s bug fix update, or is it stuck waiting for version 3.0.7 to move out of Testing?
I totally understand why the archlinux team decided to move to the 3.0 (LTS) version which is supported until 2026-09-07. What strikes to me a bit is the fact, that no news post about this - quite significant and security related - change has been posted, yet.
dietzi96
Offline