You are not logged in.
Hi!
At the same time the security patch for Openssl 3.0 (3.0.7) was released, Openssl 1.1.1s was released.
In the package lists, I haven't seen any mention of this, so I thought I should post this.
Thanks!
Offline
You can flag out of date here but someone beat you to it: https://archlinux.org/packages/?sort=&q=openssl
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
I noticed I put my finger on the wrong tool. It is a crash with a 3rd party gnome-extension which was crashing every time the session.
Sorry for the noise. You can close the thread if you want to.
Offline
Hi!
At the same time the security patch for Openssl 3.0 (3.0.7) was released, Openssl 1.1.1s was released.
In the package lists, I haven't seen any mention of this, so I thought I should post this.
Thanks!
Look a little closer. https://archlinux.org/packages/testing/ … enssl-1.1/
Online
You can flag out of date here but someone beat you to it: https://archlinux.org/packages/?sort=&q=openssl
Right, thanks, but that flag is very old, and since Openssl 1.1.1r was retracted for a regression error, it looks like Openssl 1.1 got frozen.
Offline
Look a little closer. https://archlinux.org/packages/testing/ … enssl-1.1/
OK, thanks. I had checked just before I posted. HOWEVER, when I search for Openssl in Packages, in the results' "Exact Matches" section, I see the Testing 3.0.7 row, but only the out-of-date Core 1.1 row. The Testing 1.1 row does show up in the bulk results below the "Exact Matches" section, but I didn't scroll down that far when I checked.
Shouldn't both the Core and Testing rows for Openssl 1.1 show up in the "Exact Matches" section of the search results?
Thanks all. This topic can be closed at this point.
Offline
The testing package name is different, so it's not an exact match.
Online
The testing package name is different, so it's not an exact match.
Understood, thanks. It's now clear that Core Openssl is being phased to version 3.0 from 1.1 (the long-term-support version).
So, will the Core Openssl (the "Exact Match" one) get the 1.1.1s bug fix update, or is it stuck waiting for version 3.0.7 to move out of Testing?
Offline
Updates for packages in core are required to first be published to testing. So the next update to openssl will be 3.0.7.
Online
Scimmia wrote:The testing package name is different, so it's not an exact match.
Understood, thanks. It's now clear that Core Openssl is being phased to version 3.0 from 1.1 (the long-term-support version).
So, will the Core Openssl (the "Exact Match" one) get the 1.1.1s bug fix update, or is it stuck waiting for version 3.0.7 to move out of Testing?
I totally understand why the archlinux team decided to move to the 3.0 (LTS) version which is supported until 2026-09-07. What strikes to me a bit is the fact, that no news post about this - quite significant and security related - change has been posted, yet.
dietzi96
Offline