[ubuntu/oracular-proposed] openssl 3.3.1-2ubuntu1 (Accepted)

Simon Chopin schopin at ubuntu.com
Tue Aug 13 08:26:14 UTC 2024 

openssl (3.3.1-2ubuntu1) oracular; urgency=medium

  * Merge with Debian unstable (LP: #2044795). Remaining changes:
    - Use perl:native in the autopkgtest for installability on i386.
    - Symlink copyright/changelog.Debian.gz in libssl3* to libssl-dev/openssl
    - Disable LTO with which the codebase is generally incompatible (LP #2058017)
    - Default config reads crypto-config and /etc/ssl/openssl.cnf.d dropins
    - patch: crypto: Add kernel FIPS mode detection
    - patch: crypto: Automatically use the FIPS provider...
    - patch: apps/speed: Omit unavailable algorithms in FIPS mode
    - patch: apps: pass -propquery arg to the libctx DRBG fetches
    - patch: test: Ensure encoding runs with the correct context...
    - SECURITY UPDATE: crash or memory disclosure via SSL_select_next_proto
      - debian/patches/CVE-2024-5535*.patch: validate provided client list in
        ssl/ssl_lib.c.
      - CVE-2024-5535

openssl (3.3.1-2) unstable; urgency=medium

  * Upload to unstable.
  * Add support for hurd-amd64, patch by Samuel Thibault (Closes: #1076324).
  * Use the static archive from the shared build.

openssl (3.3.1-1) experimental; urgency=medium

  * Import 3.3.1.
    - CVE-2024-4603 (Excessive time spent checking DSA keys and parameters)
      (Closes: #1071972).
    - CVE-2024-4741 (Use After Free with SSL_free_buffers)
      (Closes: #1072113).

openssl (3.3.0-1) experimental; urgency=medium

  * Import 3.3.0.
    - CVE-2024-2511 (Unbounded memory growth with session handling in TLSv1.3)
      (Closes: #1068658).

openssl (3.3.0~beta1-1) experimental; urgency=medium

  * Import 3.3.0-beta1.

Date: Mon, 12 Aug 2024 13:49:56 +0200
Changed-By: Simon Chopin <schopin at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssl/3.3.1-2ubuntu1
-------------- next part --------------
Format: 1.8
Date: Mon, 12 Aug 2024 13:49:56 +0200
Source: openssl
Built-For-Profiles: noudeb
Architecture: source
Version: 3.3.1-2ubuntu1
Distribution: oracular
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Simon Chopin <schopin at ubuntu.com>
Closes: 1068658 1071972 1072113 1076324
Launchpad-Bugs-Fixed: 2044795
Changes:
 openssl (3.3.1-2ubuntu1) oracular; urgency=medium
 .
   * Merge with Debian unstable (LP: #2044795). Remaining changes:
     - Use perl:native in the autopkgtest for installability on i386.
     - Symlink copyright/changelog.Debian.gz in libssl3* to libssl-dev/openssl
     - Disable LTO with which the codebase is generally incompatible (LP #2058017)
     - Default config reads crypto-config and /etc/ssl/openssl.cnf.d dropins
     - patch: crypto: Add kernel FIPS mode detection
     - patch: crypto: Automatically use the FIPS provider...
     - patch: apps/speed: Omit unavailable algorithms in FIPS mode
     - patch: apps: pass -propquery arg to the libctx DRBG fetches
     - patch: test: Ensure encoding runs with the correct context...
     - SECURITY UPDATE: crash or memory disclosure via SSL_select_next_proto
       - debian/patches/CVE-2024-5535*.patch: validate provided client list in
         ssl/ssl_lib.c.
       - CVE-2024-5535
 .
 openssl (3.3.1-2) unstable; urgency=medium
 .
   * Upload to unstable.
   * Add support for hurd-amd64, patch by Samuel Thibault (Closes: #1076324).
   * Use the static archive from the shared build.
 .
 openssl (3.3.1-1) experimental; urgency=medium
 .
   * Import 3.3.1.
     - CVE-2024-4603 (Excessive time spent checking DSA keys and parameters)
       (Closes: #1071972).
     - CVE-2024-4741 (Use After Free with SSL_free_buffers)
       (Closes: #1072113).
 .
 openssl (3.3.0-1) experimental; urgency=medium
 .
   * Import 3.3.0.
     - CVE-2024-2511 (Unbounded memory growth with session handling in TLSv1.3)
       (Closes: #1068658).
 .
 openssl (3.3.0~beta1-1) experimental; urgency=medium
 .
   * Import 3.3.0-beta1.
Checksums-Sha1:
 7358578aca76831e183cb0b0b73d18db529a2949 2589 openssl_3.3.1-2ubuntu1.dsc
 7376042523b6a229bc697b8099c2af369d1a84c6 18055752 openssl_3.3.1.orig.tar.gz
 3a5ba76bd10fbd28be1d3a90d153feed837f11b7 833 openssl_3.3.1.orig.tar.gz.asc
 8b90332da4e7622c449a2aacad3186bfb842392a 82344 openssl_3.3.1-2ubuntu1.debian.tar.xz
 0920fb1387c2d7c2ea95e9e214b4bff0bb0ff1ec 8679 openssl_3.3.1-2ubuntu1_source.buildinfo
Checksums-Sha256:
 5980d605676c0a6e6536ec1c0aec6f03afa74ac79aa882c854c63ba7ac746623 2589 openssl_3.3.1-2ubuntu1.dsc
 777cd596284c883375a2a7a11bf5d2786fc5413255efab20c50d6ffe6d020b7e 18055752 openssl_3.3.1.orig.tar.gz
 a1ca1547057b75e1750717d69a35a5373544cb42f671a1a7f672c4237aab1248 833 openssl_3.3.1.orig.tar.gz.asc
 d89027b038213194edc21e3b85dfcdde3b3320de2c70a700cabed6e9d6c5561b 82344 openssl_3.3.1-2ubuntu1.debian.tar.xz
 d2f74c347007e0ef35f877dde60c51fe21fb0b5d11ba599e25646f98b248c4ee 8679 openssl_3.3.1-2ubuntu1_source.buildinfo
Files:
 1edd91f18fda7c544c6360ba6ad831f1 2589 utils optional openssl_3.3.1-2ubuntu1.dsc
 8a4342b399c18f870ca6186299195984 18055752 utils optional openssl_3.3.1.orig.tar.gz
 7fe8722b795a91cf0f9f09511e9c9aed 833 utils optional openssl_3.3.1.orig.tar.gz.asc
 a5705c02bf8c06cb5ff9d507b1febc2b 82344 utils optional openssl_3.3.1-2ubuntu1.debian.tar.xz
 31e6d537e217cc0d254589a3ea812cfe 8679 utils optional openssl_3.3.1-2ubuntu1_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at alioth-lists.debian.net>
Vcs-Git: https://git.launchpad.net/~schopin/ubuntu/+source/openssl
Vcs-Git-Commit: dfac6167cc2ec62ecd8bed582d764f38e10032bc
Vcs-Git-Ref: refs/heads/3.3-merge

More information about the oracular-changes mailing list