[irrelevant] openssl (serious bug)

Forum rules
Please supply only the affected package name as title, with bugreport number (bugs.debian.org) or other sources. This feed can be subscribed to and piped into your RSS reader or conky: http://linuxbbq.org/bbs/feed.php?mode=news
User avatar
ivanovnegro
Minister of Truth
Posts: 5448
Joined: Wed Oct 17, 2012 11:12 pm

[irrelevant] openssl (serious bug)

Unread post by ivanovnegro » Sun May 03, 2015 4:10 pm

It is exciting, the first bug and 270 packages upgraded. :)

If you use curl or related packages the new openssl renders unrelated packages unusable. If you do not mind and even use wget then it is OK, otherwise use the older version of openssl.

https://bugs.debian.org/cgi-bin/bugrepo ... bug=768476

machinebacon
Baconator
Posts: 10253
Joined: Thu Sep 16, 2010 11:03 am
Location: Pfälzerwald
Contact:

Re: openssl (serious bug)

Unread post by machinebacon » Sun May 03, 2015 7:30 pm

Thanks DD.

Code: Select all

user@grill:~$ policy openssl
openssl:
  Installed: 1.0.2a-1
  Candidate: 1.0.2a-1
  Version table:
 *** 1.0.2a-1 0
        500 http://ftp.cn.debian.org/debian/ unstable/main i386 Packages
        100 /var/lib/dpkg/status

user@grill:~$ policy libssl1.0.0
libssl1.0.0:
  Installed: 1.0.2a-1
  Candidate: 1.0.2a-1
  Version table:
 *** 1.0.2a-1 0
        500 http://ftp.cn.debian.org/debian/ unstable/main i386 Packages
        100 /var/lib/dpkg/status
Interesting, the bug report mentions 1.0.2~beta3-1. I do have experimental enabled, and I'm some versions behind/ahead. Seems they pulled the affected version back, and the bug report is from November last year. The last report on the matter is from April 5, but in the meanwhile curl got an upgrade on April 29. I'd "lean out of the window" and say: safe to upgrade :D
..gnutella..

User avatar
ivanovnegro
Minister of Truth
Posts: 5448
Joined: Wed Oct 17, 2012 11:12 pm

Re: openssl (serious bug)

Unread post by ivanovnegro » Sun May 03, 2015 9:01 pm

You might be right. As for the old bug report, it was because people installed from experimental at that time.

You have already the newest openssl but then I have already the newest libssl1.0.0. I guess we can ignore the bug. I let it open for a while because people whined on the BTS. :)

machinebacon
Baconator
Posts: 10253
Joined: Thu Sep 16, 2010 11:03 am
Location: Pfälzerwald
Contact:

Re: openssl (serious bug)

Unread post by machinebacon » Sun May 03, 2015 9:03 pm

ssl is anyway for pussies. :)
..gnutella..

User avatar
ivanovnegro
Minister of Truth
Posts: 5448
Joined: Wed Oct 17, 2012 11:12 pm

Re: openssl (serious bug)

Unread post by ivanovnegro » Mon May 04, 2015 5:26 pm

Installed the new version, see no reason why not to upgrade. :P

machinebacon
Baconator
Posts: 10253
Joined: Thu Sep 16, 2010 11:03 am
Location: Pfälzerwald
Contact:

Re: [irrelevant] openssl (serious bug)

Unread post by machinebacon » Mon May 04, 2015 5:34 pm

Same here, if the openssl package is missing, eg. links https://github.com will print an error and bail out. Installing the so-called 'buggy' openssl package works fine. Thanks for releasing the ban :D
..gnutella..

Post Reply