[ubuntu/kinetic-proposed] openssl 3.0.5-2ubuntu1 (Accepted)

Simon Chopin schopin at ubuntu.com
Fri Aug 19 15:23:15 UTC 2022 

openssl (3.0.5-2ubuntu1) kinetic; urgency=low

  * Merge from Debian unstable (LP: #1987047). Remaining changes:
    - Replace duplicate files in the doc directory with symlinks.
    - d/libssl3.postinst: Revert Debian deletion
      + Skip services restart & reboot notification if needrestart is in-use.
      + Bump version check to to 1.1.1.
      + Use a different priority for libssl1.1/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
      + Import libraries/restart-without-asking template as used by above.
    - Add support for building with noudeb build profile.
    - Revert "Enable system default config to enforce TLS1.2 as a
      minimum" & "Increase default security level from 1 to 2".
    - Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
      level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions
      below 1.2 and update documentation. Previous default of 1, can be set
      by calling SSL_CTX_set_security_level(), SSL_set_security_level() or
      using ':@SECLEVEL=1' CipherString value in openssl.cfg.
    - Use perl:native in the autopkgtest for installability on i386.
    - d/p/skip_tls1.1_seclevel3_tests.patch: new Ubuntu-specific patch for the
      testsuite
    - d/p/Set-systemwide-default-settings-for-libssl-users: partially apply it
      on Ubuntu to make it easier for user to change security level
  * Dropped changes, merged upstream:
    - d/p/fix-avx512-overflow.patch: Cherry-picked from upstream to fix a 3.0.4
      regression on AVX-512 capable CPUs.
  * Revert the provider removal from the default configuration, following
    discussions on LP: #1979639

openssl (3.0.5-2) unstable; urgency=medium

  * Update to commit ce3951fc30c7b ("VC++ 2008 or earlier x86 compilers…")
    (Closes: #1016290).

openssl (3.0.5-1) unstable; urgency=medium

  * Import 3.0.5
    - Possible module_list_lock crash (Closes: #1013309).
    - CVE-2022-2097 (AES OCB fails to encrypt some bytes).
  * Update to 55461bf22a57a ("Don't try to make configuration leaner")
  * Use -latomic on arc,nios2 and sparc (Closes: #1015792).

openssl (3.0.4-2) unstable; urgency=medium

  * Address a AVX2 related memory corruption (Closes: #1013441)
    (CVE-2022-2274).

Date: Fri, 19 Aug 2022 10:05:04 +0200
Changed-By: Simon Chopin <schopin at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssl/3.0.5-2ubuntu1
-------------- next part --------------
Format: 1.8
Date: Fri, 19 Aug 2022 10:05:04 +0200
Source: openssl
Built-For-Profiles: noudeb
Architecture: source
Version: 3.0.5-2ubuntu1
Distribution: kinetic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Simon Chopin <schopin at ubuntu.com>
Closes: 1013309 1013441 1015792 1016290
Launchpad-Bugs-Fixed: 1979639 1987047
Changes:
 openssl (3.0.5-2ubuntu1) kinetic; urgency=low
 .
   * Merge from Debian unstable (LP: #1987047). Remaining changes:
     - Replace duplicate files in the doc directory with symlinks.
     - d/libssl3.postinst: Revert Debian deletion
       + Skip services restart & reboot notification if needrestart is in-use.
       + Bump version check to to 1.1.1.
       + Use a different priority for libssl1.1/restart-services depending
         on whether a desktop, or server dist-upgrade is being performed.
       + Import libraries/restart-without-asking template as used by above.
     - Add support for building with noudeb build profile.
     - Revert "Enable system default config to enforce TLS1.2 as a
       minimum" & "Increase default security level from 1 to 2".
     - Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
       level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions
       below 1.2 and update documentation. Previous default of 1, can be set
       by calling SSL_CTX_set_security_level(), SSL_set_security_level() or
       using ':@SECLEVEL=1' CipherString value in openssl.cfg.
     - Use perl:native in the autopkgtest for installability on i386.
     - d/p/skip_tls1.1_seclevel3_tests.patch: new Ubuntu-specific patch for the
       testsuite
     - d/p/Set-systemwide-default-settings-for-libssl-users: partially apply it
       on Ubuntu to make it easier for user to change security level
   * Dropped changes, merged upstream:
     - d/p/fix-avx512-overflow.patch: Cherry-picked from upstream to fix a 3.0.4
       regression on AVX-512 capable CPUs.
   * Revert the provider removal from the default configuration, following
     discussions on LP: #1979639
 .
 openssl (3.0.5-2) unstable; urgency=medium
 .
   * Update to commit ce3951fc30c7b ("VC++ 2008 or earlier x86 compilers…")
     (Closes: #1016290).
 .
 openssl (3.0.5-1) unstable; urgency=medium
 .
   * Import 3.0.5
     - Possible module_list_lock crash (Closes: #1013309).
     - CVE-2022-2097 (AES OCB fails to encrypt some bytes).
   * Update to 55461bf22a57a ("Don't try to make configuration leaner")
   * Use -latomic on arc,nios2 and sparc (Closes: #1015792).
 .
 openssl (3.0.4-2) unstable; urgency=medium
 .
   * Address a AVX2 related memory corruption (Closes: #1013441)
     (CVE-2022-2274).
Checksums-Sha1:
 c8e616ed31318f3fde34a0e5ee2dadb7b3d7e12d 2544 openssl_3.0.5-2ubuntu1.dsc
 a5305213c681a5a4322dad7347a6e66b7b6ef3c7 15074407 openssl_3.0.5.orig.tar.gz
 2862cb6bdc28381f82611ce1e9197c1f37a5f5ba 862 openssl_3.0.5.orig.tar.gz.asc
 7a1bd5db5b5f8d3daa2ae4c3e38e16e8c6352fe5 154072 openssl_3.0.5-2ubuntu1.debian.tar.xz
 7ab690ed6990c98e1dd7d7a40b6fcd29bfdb8eb3 7595 openssl_3.0.5-2ubuntu1_source.buildinfo
Checksums-Sha256:
 9fd8b4878470f87dba9a20fbdd68a3c2e2354b66e0c2e16cfbb211a7d21d5f10 2544 openssl_3.0.5-2ubuntu1.dsc
 aa7d8d9bef71ad6525c55ba11e5f4397889ce49c2c9349dcea6d3e4f0b024a7a 15074407 openssl_3.0.5.orig.tar.gz
 95f23bb4eb6faa8d0f1ca1b83cfb00a2bed4b53e124a4f13e1499abc0b426129 862 openssl_3.0.5.orig.tar.gz.asc
 e92be83c0da7031d1bc50490ade8d5a7881295d0892bf5df5c17e9cbb97b0653 154072 openssl_3.0.5-2ubuntu1.debian.tar.xz
 cdf0f18a6bc328d7226c1461a4a7553380a6462f80e8a99f4efb7404f7930dd7 7595 openssl_3.0.5-2ubuntu1_source.buildinfo
Files:
 50a6e513e710a9e1c24ac815ea622671 2544 utils optional openssl_3.0.5-2ubuntu1.dsc
 163bb3e58c143793d1dc6a6ec7d185d5 15074407 utils optional openssl_3.0.5.orig.tar.gz
 007c0d88e74a11aa8db21cff77b33796 862 utils optional openssl_3.0.5.orig.tar.gz.asc
 f4bfb895e510068b68917514c4f8d328 154072 utils optional openssl_3.0.5-2ubuntu1.debian.tar.xz
 041c239d0c223898073624d1ac949480 7595 utils optional openssl_3.0.5-2ubuntu1_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at alioth-lists.debian.net>

More information about the kinetic-changes mailing list