1 files changed, 30 insertions, 0 deletions

diff --git a/debian/changelog b/debian/changelog
index b03a9b2..ca3e7b3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,33 @@
+lacme (0.8.3-1) unstable; urgency=high
+
+  * New upstream bugfix release.
+    + Fix post-issuance validation logic.  We avoid pinning the intermediate
+      certificates in the bundle and instead validate the leaf certificate
+      with intermediates supplied during issuance as untrusted (used for chain
+      building only).  Only the root certificates are used as trust anchor.
+      Not pinning intermediate certificates is in line with Let's Encrypt's
+      latest recommendations.
+      Closes: #1072847
+    + Pass `-in /dev/stdin` option to openssl(1) to avoid warning with OpenSSL
+      3.2 or later.
+    + Fix test suite to account for Let's Encrypt's (staging) ACME server
+      changes.
+  * d/control: Update Standards-Version to 4.7.0 (no changes necessary).
+
+ -- Guilhem Moulin <guilhem@debian.org>  Thu, 13 Jun 2024 17:56:33 +0200
+
+lacme (0.8.2-1) unstable; urgency=medium
+
+  * New upstream bugfix release.
+    + client: Handle "ready" → "processing" → "valid" status change during
+      newOrder, instead of just "ready" → "valid".  The latter may be what we
+      observe when the server is fast enough, but according to RFC 8555 sec.
+      7.1.6 the state actually transitions via "processing" state and we need
+      to account for that.  Closes: #1034834.
+    + Test suite: Point stretch's archive URL to archive.d.o.
+
+ -- Guilhem Moulin <guilhem@debian.org>  Tue, 25 Apr 2023 20:08:21 +0200
+
 lacme (0.8.1-1) unstable; urgency=medium
 
   [ Guilhem Moulin ]