cod*_*dis 5 debian apt dist-upgrade
我找不到任何关于它的信息。可能有人有一些见解可以分享。
apt 建议降级一些 SSL 包。
# apt-get update && apt-get dist-upgrade --assume-yes
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be DOWNGRADED:
libssl-dev libssl1.1 openssl
0 upgraded, 0 newly installed, 3 downgraded, 0 to remove and 0 not upgraded.
E: Packages were downgraded and -y was used without --allow-downgrades.
为什么这个包会被降级?我没有启动任何降级它们。这就是我每天定期升级 dist 时发生的事情。
我认为 SSL 中存在一些关键的安全问题,他们无法快速轻松地修复。所以他们降级到最新版本没有这个问题。但目前我没有找到有关此类事情的任何信息。
Linux <hostname> 4.19.0-14-amd64 #1 SMP Debian 4.19.171-2 (2021-01-30) x86_64 GNU/Linux
libssl-dev/now 1.1.1j-1+0~20210301.25+debian10~1.gbp2578a0 amd64 [installed,local]
libssl-dev/stable 1.1.1d-0+deb10u5 amd64
libssl-dev/stable 1.1.1d-0+deb10u4 amd64
libssl-dev/stable 1.1.1d-0+deb10u5 i386
libssl-dev/stable 1.1.1d-0+deb10u4 i386
libssl1.1/now 1.1.1j-1+0~20210301.25+debian10~1.gbp2578a0 amd64 [installed,local]
libssl1.1/stable 1.1.1d-0+deb10u5 amd64
libssl1.1/stable 1.1.1d-0+deb10u4 amd64
libssl1.1/stable 1.1.1d-0+deb10u5 i386
libssl1.1/stable 1.1.1d-0+deb10u4 i386
openssl/now 1.1.1j-1+0~20210301.25+debian10~1.gbp2578a0 amd64 [installed,local]
openssl/stable 1.1.1d-0+deb10u5 amd64
openssl/stable 1.1.1d-0+deb10u4 amd64
openssl/stable 1.1.1d-0+deb10u5 i386
openssl/stable 1.1.1d-0+deb10u4 i386
# apt policy libssl-dev libssl1.1 openssl
libssl-dev:
Installed: 1.1.1j-1+0~20210301.25+debian10~1.gbp2578a0
Candidate: 1.1.1d-0+deb10u5
Version table:
*** 1.1.1j-1+0~20210301.25+debian10~1.gbp2578a0 100
100 /var/lib/dpkg/status
1.1.1d-0+deb10u5 1000
500 http://security.debian.org/debian-security buster/updates/main amd64 Packages
1.1.1d-0+deb10u4 1000
500 http://ftp.hosteurope.de/mirror/ftp.debian.org/debian buster/main amd64 Packages
libssl1.1:
Installed: 1.1.1j-1+0~20210301.25+debian10~1.gbp2578a0
Candidate: 1.1.1d-0+deb10u5
Version table:
*** 1.1.1j-1+0~20210301.25+debian10~1.gbp2578a0 100
100 /var/lib/dpkg/status
1.1.1d-0+deb10u5 1000
500 http://security.debian.org/debian-security buster/updates/main amd64 Packages
1.1.1d-0+deb10u4 1000
500 http://ftp.hosteurope.de/mirror/ftp.debian.org/debian buster/main amd64 Packages
openssl:
Installed: 1.1.1j-1+0~20210301.25+debian10~1.gbp2578a0
Candidate: 1.1.1d-0+deb10u5
Version table:
*** 1.1.1j-1+0~20210301.25+debian10~1.gbp2578a0 100
100 /var/lib/dpkg/status
1.1.1d-0+deb10u5 1000
500 http://security.debian.org/debian-security buster/updates/main amd64 Packages
1.1.1d-0+deb10u4 1000
500 http://ftp.hosteurope.de/mirror/ftp.debian.org/debian buster/main amd64 Packages
# apt policy
Package files:
100 /var/lib/dpkg/status
release a=now
500 https://packages.sury.org/php buster/main i386 Packages
release o=deb.sury.org,n=buster,c=main,b=i386
origin packages.sury.org
500 https://packages.sury.org/php buster/main amd64 Packages
release o=deb.sury.org,n=buster,c=main,b=amd64
origin packages.sury.org
500 http://ftp.hosteurope.de/mirror/ftp.debian.org/debian buster-updates/non-free i386 Packages
release o=Debian,a=stable-updates,n=buster-updates,l=Debian,c=non-free,b=i386
origin ftp.hosteurope.de
500 http://ftp.hosteurope.de/mirror/ftp.debian.org/debian buster-updates/non-free amd64 Packages
release o=Debian,a=stable-updates,n=buster-updates,l=Debian,c=non-free,b=amd64
origin ftp.hosteurope.de
500 http://ftp.hosteurope.de/mirror/ftp.debian.org/debian buster-updates/main i386 Packages
release o=Debian,a=stable-updates,n=buster-updates,l=Debian,c=main,b=i386
origin ftp.hosteurope.de
500 http://ftp.hosteurope.de/mirror/ftp.debian.org/debian buster-updates/main amd64 Packages
release o=Debian,a=stable-updates,n=buster-updates,l=Debian,c=main,b=amd64
origin ftp.hosteurope.de
500 http://security.debian.org/debian-security buster/updates/non-free i386 Packages
release v=10,o=Debian,a=stable,n=buster,l=Debian-Security,c=non-free,b=i386
origin security.debian.org
500 http://security.debian.org/debian-security buster/updates/non-free amd64 Packages
release v=10,o=Debian,a=stable,n=buster,l=Debian-Security,c=non-free,b=amd64
origin security.debian.org
500 http://security.debian.org/debian-security buster/updates/main i386 Packages
release v=10,o=Debian,a=stable,n=buster,l=Debian-Security,c=main,b=i386
origin security.debian.org
500 http://security.debian.org/debian-security buster/updates/main amd64 Packages
release v=10,o=Debian,a=stable,n=buster,l=Debian-Security,c=main,b=amd64
origin security.debian.org
500 http://ftp.hosteurope.de/mirror/ftp.debian.org/debian buster/contrib i386 Packages
release v=10.8,o=Debian,a=stable,n=buster,l=Debian,c=contrib,b=i386
origin ftp.hosteurope.de
500 http://ftp.hosteurope.de/mirror/ftp.debian.org/debian buster/contrib amd64 Packages
release v=10.8,o=Debian,a=stable,n=buster,l=Debian,c=contrib,b=amd64
origin ftp.hosteurope.de
500 http://ftp.hosteurope.de/mirror/ftp.debian.org/debian buster/non-free i386 Packages
release v=10.8,o=Debian,a=stable,n=buster,l=Debian,c=non-free,b=i386
origin ftp.hosteurope.de
500 http://ftp.hosteurope.de/mirror/ftp.debian.org/debian buster/non-free amd64 Packages
release v=10.8,o=Debian,a=stable,n=buster,l=Debian,c=non-free,b=amd64
origin ftp.hosteurope.de
500 http://ftp.hosteurope.de/mirror/ftp.debian.org/debian buster/main i386 Packages
release v=10.8,o=Debian,a=stable,n=buster,l=Debian,c=main,b=i386
origin ftp.hosteurope.de
500 http://ftp.hosteurope.de/mirror/ftp.debian.org/debian buster/main amd64 Packages
release v=10.8,o=Debian,a=stable,n=buster,l=Debian,c=main,b=amd64
origin ftp.hosteurope.de
Pinned packages:
openssl -> 1.1.1d-0+deb10u5 with priority 1000
openssl -> 1.1.1d-0+deb10u4 with priority 1000
libssl-dev -> 1.1.1d-0+deb10u5 with priority 1000
libssl-dev -> 1.1.1d-0+deb10u4 with priority 1000
libssl-doc -> 1.1.1d-0+deb10u5 with priority 1000
libssl-doc -> 1.1.1d-0+deb10u4 with priority 1000
libssl1.1 -> 1.1.1d-0+deb10u5 with priority 1000
libssl1.1 -> 1.1.1d-0+deb10u4 with priority 1000
基于@Louis Thompson 的回答......
当前安装的软件包实际上是由 Ond?ej Surý 维护的非官方 PHP 存储库提供的。
https://packages.sury.org/php/ https://packages.sury.org/php/dists/buster/main/debian-installer/binary-amd64/Packages
为了继续我的 debian 安装,我降级了这些软件包。到目前为止,我的 PHP 安装和使用 SSL 功能的 PHP 应用程序一切正常。
感谢@William Turrell。我安装是apt-listchanges为了获取有关未来更改的信息。会让事情变得容易很多。
小智 5
https://www.debian.org/security/2021/dsa-4855
这和 Debian Buster 中有关 openssl 的其他包信息表明 1.1.1d 是当前的稳定版本。看起来你从其他地方获得了 1.1.1j (gbp2578a0),它没有这个重要的安全补丁
| 归档时间: |
|
| 查看次数: |
1587 次 |
| 最近记录: |