From f6bfd9b91629bd498301b34de8ea2b28d33ceb7d Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@debian.org>
Date: Thu, 13 Jun 2024 19:20:05 +0200
Subject: Update changelog for 0.8.0-2+deb11u2 release

---
 debian/changelog | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 9fbaada..382a8ed 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+lacme (0.8.0-2+deb11u2) bullseye; urgency=medium
+
+  * Backport upstream patches to fix fix post-issuance validation logic.
+    We avoid pining the intermediate certificates in the bundle and instead
+    validate the leaf certificate with intermediates supplied during issuance
+    as untrusted (used for chain building only).  Only the root certificates
+    are used as trust anchor.  Not pining intermediate certificates is in line
+    with Let's Encrypt's latest recommendations.
+    Closes: #1072847
+  * Adjust test suite against current Let's Encrypt staging environment.
+
+ -- Guilhem Moulin <guilhem@debian.org>  Thu, 13 Jun 2024 19:19:07 +0200
+
 lacme (0.8.0-2+deb11u1) bullseye; urgency=medium
 
   * client: Handle "ready" → "processing" → "valid" status change during
-- 
cgit v1.2.3