[ubuntu/oracular-proposed] openssl 3.2.1-3ubuntu1 (Accepted)
Adrien Nader
adrien.nader at canonical.com
Mon Jun 24 14:04:14 UTC 2024
openssl (3.2.1-3ubuntu1) oracular; urgency=medium
* Merge 3.2.1-3 from Debian unstable (LP: #2067384)
- Remaining changes:
+ Symlink changelog{,.Debian}.gz and copyright.gz from libssl-dev to
openssl
+ Use perl:native in the autopkgtest for installability on i386.
+ Disable LTO with which the codebase is generally incompatible
(LP: #2058017)
+ Add fips-mode detection and adjust defaults when running in fips mode
- Dropped changes:
+ d/libssl3.postinst: Revert Debian deletion
- Skip services restart & reboot notification if needrestart is in-use.
- Bump version check to 1.1.1 (bug opened as LP: #1999139)
- Use a different priority for libssl1.1/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
- Import libraries/restart-without-asking template as used by above.
+ Add support for building with noudeb build profile which has been
integrated
+ Patches that forbade TLS < 1.2 @SECLEVEL=2 which is now upstream
behaviour:
- skip_tls1.1_seclevel3_tests.patch
- tests-use-seclevel-1.patch
- tls1.2-min-seclevel2.patch
+ Revert the provider removal from the default configuration as there's
no point in carrying the delta (will see if Debian drops the patch)
+ d/p/intel/*: was a backport from upstream changes
+ d/p/CVE-*: was a backport from upstream changes
openssl (3.2.1-3) unstable; urgency=medium
* Upload to unstable.
* Correct prvious security level in NEWS file (Closes: #1066116).
openssl (3.2.1-2) experimental; urgency=medium
* Disable brotli and enable zlib for certificate compression.
* Update to latest openssl-3.2 branch.
openssl (3.2.1-1.1~exp1) experimental; urgency=medium
* Non-maintainer upload.
* Rename libraries for 64-bit time_t transition.
openssl (3.2.1-1) experimental; urgency=medium
* Import 3.2.1
- CVE-2024-0727 (PKCS12 Decoding crashes). (Closes: #1061582).
- CVE-2023-6237 (Excessive time spent checking invalid RSA public keys)
(Closes: #1060858).
- CVE-2023-6129 (POLY1305 MAC implementation corrupts vector registers on
PowerPC) (Closes: #1060347).
openssl (3.2.0-2) experimental; urgency=medium
* Use generic target for riscv64.
* Update to latest openssl-3.2 branch.
openssl (3.2.0-1) experimental; urgency=medium
* Import 3.2.0
* Enable zstd, brotli and for certificate compression.
openssl (3.1.4-2) unstable; urgency=medium
* Invoke clean up from the openssl binary as a temporary workaround to avoid
a crash in libp11/SoftHSM engine (Closes: #1054546).
* CVE-2023-5678 (Excessive time spent in DH check / generation with large Q
parameter value) (Closes: #1055473).
* Upload to unstable.
openssl (3.1.4-1) experimental; urgency=medium
* Import 3.1.4
- CVE-2023-5363 (Incorrect cipher key and IV length processing).
openssl (3.1.3-1) experimental; urgency=medium
* Import 3.1.3
openssl (3.1.2-1) experimental; urgency=medium
* Import 3.1.2
- CVE-2023-2975 (AES-SIV implementation ignores empty associated data
entries) (Closes: #1041818).
- CVE-2023-3446 (Excessive time spent checking DH keys and parameters).
(Closes: #1041817).
- CVE-2023-3817 (Excessive time spent checking DH q parameter value).
- Drop bc and m4 from B-D.
openssl (3.1.1-1) experimental; urgency=medium
* Import 3.1.1
- CVE-2023-0464 (Excessive Resource Usage Verifying X.509 Policy
Constraints) (Closes: #1034720).
- CVE-2023-0465 (Invalid certificate policies in leaf certificates are
silently ignored).
- CVE-2023-0466 (Certificate policy check not enabled).
- Alternative fix for CVE-2022-4304 (Timing Oracle in RSA Decryption).
- CVE-2023-2650 (Possible DoS translating ASN.1 object identifiers).
- CVE-2023-1255 (Input buffer over-read in AES-XTS implementation on 64 bit ARM).
- Add new symbol.
openssl (3.1.0-1) experimental; urgency=medium
* Import 3.1.0
* Add new symbols.
Date: Tue, 28 May 2024 14:30:44 +0200
Changed-By: Adrien Nader <adrien.nader at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Simon Chopin <simon.chopin at canonical.com>
https://launchpad.net/ubuntu/+source/openssl/3.2.1-3ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 28 May 2024 14:30:44 +0200
Source: openssl
Built-For-Profiles: noudeb
Architecture: source
Version: 3.2.1-3ubuntu1
Distribution: oracular
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Adrien Nader <adrien.nader at canonical.com>
Closes: 1034720 1041817 1041818 1054546 1055473 1060347 1060858 1061582 1066116
Launchpad-Bugs-Fixed: 1999139 2058017 2067384
Changes:
openssl (3.2.1-3ubuntu1) oracular; urgency=medium
.
* Merge 3.2.1-3 from Debian unstable (LP: #2067384)
- Remaining changes:
+ Symlink changelog{,.Debian}.gz and copyright.gz from libssl-dev to
openssl
+ Use perl:native in the autopkgtest for installability on i386.
+ Disable LTO with which the codebase is generally incompatible
(LP: #2058017)
+ Add fips-mode detection and adjust defaults when running in fips mode
- Dropped changes:
+ d/libssl3.postinst: Revert Debian deletion
- Skip services restart & reboot notification if needrestart is in-use.
- Bump version check to 1.1.1 (bug opened as LP: #1999139)
- Use a different priority for libssl1.1/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
- Import libraries/restart-without-asking template as used by above.
+ Add support for building with noudeb build profile which has been
integrated
+ Patches that forbade TLS < 1.2 @SECLEVEL=2 which is now upstream
behaviour:
- skip_tls1.1_seclevel3_tests.patch
- tests-use-seclevel-1.patch
- tls1.2-min-seclevel2.patch
+ Revert the provider removal from the default configuration as there's
no point in carrying the delta (will see if Debian drops the patch)
+ d/p/intel/*: was a backport from upstream changes
+ d/p/CVE-*: was a backport from upstream changes
.
openssl (3.2.1-3) unstable; urgency=medium
.
* Upload to unstable.
* Correct prvious security level in NEWS file (Closes: #1066116).
.
openssl (3.2.1-2) experimental; urgency=medium
.
* Disable brotli and enable zlib for certificate compression.
* Update to latest openssl-3.2 branch.
.
openssl (3.2.1-1.1~exp1) experimental; urgency=medium
.
* Non-maintainer upload.
* Rename libraries for 64-bit time_t transition.
.
openssl (3.2.1-1) experimental; urgency=medium
.
* Import 3.2.1
- CVE-2024-0727 (PKCS12 Decoding crashes). (Closes: #1061582).
- CVE-2023-6237 (Excessive time spent checking invalid RSA public keys)
(Closes: #1060858).
- CVE-2023-6129 (POLY1305 MAC implementation corrupts vector registers on
PowerPC) (Closes: #1060347).
.
openssl (3.2.0-2) experimental; urgency=medium
.
* Use generic target for riscv64.
* Update to latest openssl-3.2 branch.
.
openssl (3.2.0-1) experimental; urgency=medium
.
* Import 3.2.0
* Enable zstd, brotli and for certificate compression.
.
openssl (3.1.4-2) unstable; urgency=medium
.
* Invoke clean up from the openssl binary as a temporary workaround to avoid
a crash in libp11/SoftHSM engine (Closes: #1054546).
* CVE-2023-5678 (Excessive time spent in DH check / generation with large Q
parameter value) (Closes: #1055473).
* Upload to unstable.
.
openssl (3.1.4-1) experimental; urgency=medium
.
* Import 3.1.4
- CVE-2023-5363 (Incorrect cipher key and IV length processing).
.
openssl (3.1.3-1) experimental; urgency=medium
.
* Import 3.1.3
.
openssl (3.1.2-1) experimental; urgency=medium
.
* Import 3.1.2
- CVE-2023-2975 (AES-SIV implementation ignores empty associated data
entries) (Closes: #1041818).
- CVE-2023-3446 (Excessive time spent checking DH keys and parameters).
(Closes: #1041817).
- CVE-2023-3817 (Excessive time spent checking DH q parameter value).
- Drop bc and m4 from B-D.
.
openssl (3.1.1-1) experimental; urgency=medium
.
* Import 3.1.1
- CVE-2023-0464 (Excessive Resource Usage Verifying X.509 Policy
Constraints) (Closes: #1034720).
- CVE-2023-0465 (Invalid certificate policies in leaf certificates are
silently ignored).
- CVE-2023-0466 (Certificate policy check not enabled).
- Alternative fix for CVE-2022-4304 (Timing Oracle in RSA Decryption).
- CVE-2023-2650 (Possible DoS translating ASN.1 object identifiers).
- CVE-2023-1255 (Input buffer over-read in AES-XTS implementation on 64 bit ARM).
- Add new symbol.
.
openssl (3.1.0-1) experimental; urgency=medium
.
* Import 3.1.0
* Add new symbols.
Checksums-Sha1:
fc2043e146b68337ce9ac6a4199db624704e8820 2589 openssl_3.2.1-3ubuntu1.dsc
9668723d65d21a9d13e985203ce8c27ac5ecf3ae 17733249 openssl_3.2.1.orig.tar.gz
8b9dce0adc7650a309b0096f7e45dbfb53d543fe 833 openssl_3.2.1.orig.tar.gz.asc
6f42d2cc852676680fc93c7d225b9a5b650b65c4 96536 openssl_3.2.1-3ubuntu1.debian.tar.xz
c91e4e9cd1ab083bf4a0d39ae2ba3a78fd013be1 8631 openssl_3.2.1-3ubuntu1_source.buildinfo
Checksums-Sha256:
df9381f31f97d59506fba7de0e983db9fc641e09e4bfb118c7ac8e79a972f199 2589 openssl_3.2.1-3ubuntu1.dsc
83c7329fe52c850677d75e5d0b0ca245309b97e8ecbcfdc1dfdc4ab9fac35b39 17733249 openssl_3.2.1.orig.tar.gz
a394b4f5242feb8b828b398cbea809e07bb73e699ae0b84413efb8c5916361c1 833 openssl_3.2.1.orig.tar.gz.asc
50eacbca299d8b6c127188abab3f7061c0f9d721ff560d7e87c2546fbf4dbb32 96536 openssl_3.2.1-3ubuntu1.debian.tar.xz
57e7b3fcb7cf6ce4ace010cceb458a99236828e8821c45083d966b2facaad344 8631 openssl_3.2.1-3ubuntu1_source.buildinfo
Files:
6db997e50ae1bfd988baffb03d9df7b0 2589 utils optional openssl_3.2.1-3ubuntu1.dsc
c239213887804ba00654884918b37441 17733249 utils optional openssl_3.2.1.orig.tar.gz
a3d1585772f9bde6d87e38d7475d2729 833 utils optional openssl_3.2.1.orig.tar.gz.asc
c971c2833308d7b9d0698556067434da 96536 utils optional openssl_3.2.1-3ubuntu1.debian.tar.xz
fed75a652f8e5ef769068d679ee94393 8631 utils optional openssl_3.2.1-3ubuntu1_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at alioth-lists.debian.net>
Vcs-Git: https://git.launchpad.net/~schopin/ubuntu/+source/openssl
Vcs-Git-Commit: 11a4f07b0d2b622f01b754d826ef17abe3ba4c26
Vcs-Git-Ref: refs/heads/merge-3.2
More information about the oracular-changes
mailing list