Hello David, Thank you for correcting my bad habit of using root to fetch changelogs. :D Thank you for the additional work in helping me. Thanks to this thread I have learned a lot.
Jul 1, 2022, 09:08 by deb...@lionunicorn.co.uk: > On Fri 01 Jul 2022 at 07:24:29 (+0100), Tixy wrote: > >> On Fri, 2022-07-01 at 04:46 +0200, icedgorilla wrote: >> > [...] Is this some sort of Man in The Middle attack or is there an easy >> > explanation and a simple way to fix? >> > # apt changelog openssl >> > > (You shouldn't need root for that.) > >> > Err:1 https://metadata.ftp-master.debian.org openssl 1.1.1n-0+deb11u3 >> > Changelog >> > Changelog unavailable for openssl=1.1.1n-0+deb11u3 (404 Not Found [IP: >> > 146.75.94.132 443]) >> > E: Failed to fetch >> > https://metadata.ftp-master.debian.org/changelogs/main/o/openssl/openssl_1.1.1n-0%2bdeb11u3_changelog >> > Changelog unavailable for openssl=1.1.1n-0+deb11u3 (404 Not Found [IP: >> > 146.75.94.132 443]) >> >> It just means that version isn't available in the repositories. If you >> get a list by pointing a web broswer at last directory in that URL >> (https://metadata.ftp-master.debian.org/changelogs/main/o/openssl/) >> you see 'u2' is the latest version. >> >> If you go to the package tracker at https://tracker.debian.org >> and search for 'openssl' you get to a page that shows under 'news' that >> the 'u3' version is 'embargoed'. Which means it's been produced but not >> publicly available, this is done when packages have security fixes for >> for vulnerabilities that haven't been publicly detailed yet. >> There's been at lot of news in recent days about bugs in openssl. >> >> This doesn't answer why your machine is trying to download this 'u3' >> version, perhaps it appeared transiently for a time your machine was >> trying to update. >> > > Considering it's July, that's very odd: > > $ zgrep -A2 -B2 openssl /var/log/apt/history.log.1.gz > Start-Date: 2022-06-27 08:26:52 > Commandline: apt-get upgrade > Upgrade: libssl1.1:amd64 (1.1.1n-0+deb11u2, 1.1.1n-0+deb11u3), openssl:amd64 > (1.1.1n-0+deb11u2, 1.1.1n-0+deb11u3) > End-Date: 2022-06-27 08:27:08 > > $ apt changelog openssl | head > > WARNING: apt does not have a stable CLI interface. Use with caution in > scripts. > > Get:1 store: openssl 1.1.1n-0+deb11u3 Changelog > openssl (1.1.1n-0+deb11u3) bullseye-security; urgency=medium > > * CVE-2022-2068 (The c_rehash script allows command injection). > * Update expired certs. > > -- Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Fri, 24 Jun 2022 > 22:22:19 +0200 > > openssl (1.1.1n-0+deb11u2) bullseye-security; urgency=medium > > E: Sub-process pager received signal 13. > $ > >> Have you tried running 'apt update' to refresh the package list on you >> computer. >> > > Or rather, always run update before carrying out these sorts of operations. > Never having not done so, I wouldn't know what symptoms to expect in this > case. > > Cheers, > David. >
