diff options
Diffstat (limited to 'debian/changelog')
| -rw-r--r-- | debian/changelog | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 4c8d3dc..8a26ff6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,28 @@ +lacme (0.8.0-2+deb11u2) bullseye; urgency=medium + + * Backport upstream patches to fix post-issuance validation logic. We avoid + pinning the intermediate certificates in the bundle and instead validate + the leaf certificate with intermediates supplied during issuance as + untrusted (used for chain building only). Only the root certificates are + used as trust anchor. + Not pinning intermediate certificates is in line with Let's Encrypt's + latest recommendations. + Closes: #1072847 + * Adjust test suite against current Let's Encrypt staging environment. + + -- Guilhem Moulin <guilhem@debian.org> Thu, 13 Jun 2024 19:19:07 +0200 + +lacme (0.8.0-2+deb11u1) bullseye; urgency=medium + + * client: Handle "ready" → "processing" → "valid" status change during + newOrder, instead of just "ready" → "valid". The latter may be what we + observe when the server is fast enough, but according to RFC 8555 sec. + 7.1.6 the state actually transitions via "processing" and we need to + account for that (closes: #1034834). + * d/gbp.conf: Set 'debian-branch = debian/bullseye'. + + -- Guilhem Moulin <guilhem@debian.org> Fri, 28 Apr 2023 10:25:54 +0200 + lacme (0.8.0-2) unstable; urgency=medium * d/lacme.postrm: Don't delete system users on purge. There might be files |