The Wire · Showcase
OPENSSL UPGRADE UNBLOCKED AFTER UPSTREAM FIX
By RepoJournal · Filed · About Arch Linux
The rsync-ssl blocker that's been holding back OpenSSL updates across infrastructure is finally resolved, clearing the path for security patches.
Infrastructure has been deliberately ignoring OpenSSL upgrades due to a broken rsync-ssl dependency, but both the rsync [1] and OpenSSL [1] upstream issues have shipped fixes. This unblock comes paired with a critical nginx configuration fix [2]: Let's Encrypt switched to their Generation Y intermediates last week, creating a longer certificate chain that exceeds nginx's default verification depth of one. The dbscripts team deployed the depth fix [3] yesterday to restore mirrorauth validation on archlinux.org. With both the certificate chain issue [2] and the rsync-ssl blocker [4] resolved, the infrastructure team can now drop the OpenSSL upgrade ignore [5]. The main release train also pushed five package updates [6] [7] [8] [9] [10], including radicale 3.7.5, python-distributed 2026.6.0, and tig's graduation from testing to stable. Finishing the stack: mypy reached v2 in alpm dependencies [11].
Action items
- → Remove OpenSSL upgrade ignore and re-enable patching in infrastructure archlinux/infrastructure [immediate]
- → Verify nginx verification depth change is deployed to all mirror validation points archlinux/infrastructure [immediate]
- → Pull the five state updates (radicale, python-distributed, nvshmem, tig, python-aiogram) into next release cycle archlinux/state [plan]
References
- [1] Stop ignoring openssl upgrade archlinux/infrastructure
- [2] dbscripts: Fix broken mirrorauth due to longer chain on archlinux.org archlinux/infrastructure
- [3] Merge branch 'dbscripts-verify-depth' into 'main' archlinux/infrastructure
- [4] Stop ignoring openssl upgrade archlinux/infrastructure
- [5] Merge branch 'drop_openssl_upgrade_ignore' archlinux/infrastructure
- [6] update radicale to 3.7.5-1 in extra-any archlinux/state
- [7] update python-distributed to 2026.6.0-1 in extra-any archlinux/state
- [8] update nvshmem to 3.7.0-1 in extra-x86_64 archlinux/state
- [9] move tig from extra-testing-x86_64 to extra-x86_64 archlinux/state
- [10] update python-aiogram to 3.29.0-1 in extra-any archlinux/state
- [11] chore(deps): Update dependency mypy to v2 archlinux/alpm
FAQ
- What changed in Arch Linux on June 15, 2026?
- The rsync-ssl blocker that's been holding back OpenSSL updates across infrastructure is finally resolved, clearing the path for security patches.
- What should Arch Linux teams do about it?
- Remove OpenSSL upgrade ignore and re-enable patching in infrastructure • Verify nginx verification depth change is deployed to all mirror validation points • Pull the five state updates (radicale, python-distributed, nvshmem, tig, python-aiogram) into next release cycle
- Which Arch Linux repositories shipped on June 15, 2026?
- archlinux/infrastructure, archlinux/state, archlinux/alpm