You are not logged in.

#1 2022-11-03 13:12:18

gerardr
Member
Registered: 2021-05-31
Posts: 6

Openssl 1.1.1s bug fix upgrade released 2022-11-01 (along with 3.0.7)

Hi!

At the same time the security patch for Openssl 3.0 (3.0.7) was released, Openssl 1.1.1s was released.

In the package lists, I haven't seen any mention of this, so I thought I should post this.

Thanks!

Offline

#2 2022-11-03 13:30:36

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,448
Website

Re: Openssl 1.1.1s bug fix upgrade released 2022-11-01 (along with 3.0.7)

You can flag out of date here but someone beat you to it: https://archlinux.org/packages/?sort=&q=openssl


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#3 2022-11-03 13:38:34

fredbezies
Member
Registered: 2011-07-28
Posts: 345

Re: Openssl 1.1.1s bug fix upgrade released 2022-11-01 (along with 3.0.7)

I noticed I put my finger on the wrong tool. It is a crash with a 3rd party gnome-extension which was crashing every time the session.

Sorry for the noise. You can close the thread if you want to.

Offline

#4 2022-11-03 13:54:55

Scimmia
Fellow
Registered: 2012-09-01
Posts: 9,830

Re: Openssl 1.1.1s bug fix upgrade released 2022-11-01 (along with 3.0.7)

gerardr wrote:

Hi!

At the same time the security patch for Openssl 3.0 (3.0.7) was released, Openssl 1.1.1s was released.

In the package lists, I haven't seen any mention of this, so I thought I should post this.

Thanks!

Look a little closer. https://archlinux.org/packages/testing/ … enssl-1.1/

Online

#5 2022-11-03 13:55:10

gerardr
Member
Registered: 2021-05-31
Posts: 6

Re: Openssl 1.1.1s bug fix upgrade released 2022-11-01 (along with 3.0.7)

graysky wrote:

You can flag out of date here but someone beat you to it: https://archlinux.org/packages/?sort=&q=openssl

Right, thanks, but that flag is very old, and since Openssl 1.1.1r was retracted for a regression error, it looks like Openssl 1.1 got frozen.

Offline

#6 2022-11-03 14:18:37

gerardr
Member
Registered: 2021-05-31
Posts: 6

Re: Openssl 1.1.1s bug fix upgrade released 2022-11-01 (along with 3.0.7)

Scimmia wrote:

OK, thanks. I had checked just before I posted. HOWEVER, when I search for Openssl in Packages, in the results' "Exact Matches" section, I see the Testing 3.0.7 row, but only the out-of-date Core 1.1 row. The Testing 1.1 row does show up in the bulk results below the "Exact Matches" section, but I didn't scroll down that far when I checked.

Shouldn't both the Core and Testing rows for Openssl 1.1 show up in the "Exact Matches" section of the search results?

Thanks all. This topic can be closed at this point.

Offline

#7 2022-11-03 14:21:47

Scimmia
Fellow
Registered: 2012-09-01
Posts: 9,830

Re: Openssl 1.1.1s bug fix upgrade released 2022-11-01 (along with 3.0.7)

The testing package name is different, so it's not an exact match.

Online

#8 2022-11-03 15:08:36

gerardr
Member
Registered: 2021-05-31
Posts: 6

Re: Openssl 1.1.1s bug fix upgrade released 2022-11-01 (along with 3.0.7)

Scimmia wrote:

The testing package name is different, so it's not an exact match.

Understood, thanks. It's now clear that Core Openssl is being phased to version 3.0 from 1.1 (the long-term-support version).

So, will the Core Openssl (the "Exact Match" one) get the 1.1.1s bug fix update, or is it stuck waiting for version 3.0.7 to move out of Testing?

Offline

#9 2022-11-03 15:20:32

loqs
Member
Registered: 2014-03-06
Posts: 15,509

Re: Openssl 1.1.1s bug fix upgrade released 2022-11-01 (along with 3.0.7)

Updates for packages in core are required to first be published to testing.  So the next update to openssl will be 3.0.7.

Offline

#10 2022-11-07 11:59:17

dietzi96
Member
Registered: 2015-07-04
Posts: 17

Re: Openssl 1.1.1s bug fix upgrade released 2022-11-01 (along with 3.0.7)

gerardr wrote:
Scimmia wrote:

The testing package name is different, so it's not an exact match.

Understood, thanks. It's now clear that Core Openssl is being phased to version 3.0 from 1.1 (the long-term-support version).

So, will the Core Openssl (the "Exact Match" one) get the 1.1.1s bug fix update, or is it stuck waiting for version 3.0.7 to move out of Testing?

I totally understand why the archlinux team decided to move to the 3.0 (LTS) version which is supported until 2026-09-07. What strikes to me a bit is the fact, that no news post about this - quite significant and security related - change has been posted, yet.

dietzi96

Offline

Board footer

Powered by FluxBB