[ubuntu/plucky-proposed] openssl 3.4.0-1ubuntu1 (Accepted)

Fri Nov 29 14:04:16 UTC 2024

openssl (3.4.0-1ubuntu1) plucky; urgency=medium

  * Merge with Debian unstable (LP: #2044795). Remaining changes:
    - Use perl:native in the autopkgtest for installability on i386.
    - Symlink copyright/changelog.Debian.gz in libssl3* to libssl-dev/openssl
    - Disable LTO with which the codebase is generally incompatible (LP: #2058017)
    - Default config reads crypto-config and /etc/ssl/openssl.cnf.d dropins
    - patch: crypto: Add kernel FIPS mode detection
    - patch: crypto: Automatically use the FIPS provider...
    - patch: apps/speed: Omit unavailable algorithms in FIPS mode
    - patch: apps: pass -propquery arg to the libctx DRBG fetches
    - patch: test: Ensure encoding runs with the correct context...
    - patch: Add Ubuntu-specific defines to help FIPS certification (LP: #2073991)
      + UBUNTU_OSSL_SELF_TEST_DESC_PCT_DH
      + UBUNTU_OSSL_PROV_FIPS_PARAM_UNAPPROVED_USAGE
    Dropped, merged upstream:
    - debian/patches/CVE-2024-6119.patch: avoid type errors in EAI-related
      name check logic in crypto/x509/v3_utl.c, test/*.
  * Don't enable or package anything FIPS (LP: #2087955)

openssl (3.4.0-1) experimental; urgency=medium

  * Import 3.4.0

openssl (3.4.0~~beta1-2) experimental; urgency=medium

  * Add a patch to avoid using other memory allocations if custom malloc is
    provided.
  * Add a patch to check length in the SPARC assembly implementation of
    AES-CBC.

openssl (3.4.0~~beta1-1) experimental; urgency=medium

  * Import 3.4.0-beta1

openssl (3.3.2-1) unstable; urgency=medium

  * Import 3.3.2.
    - CVE-2024-6119 (Possible denial of service in X.509 name checks).
    - CVE-2024-5535 (SSL_select_next_proto buffer overread)
      (Closes: #1074487).

openssl (3.3.1-7) unstable; urgency=medium

  * Make libssl3t64 depend on openssl-provider-legacy (See further development
    in #965041).

openssl (3.3.1-6) unstable; urgency=medium

  [ Sebastian Andrzej Siewior ]
  * Enable ec_nistp_64_gcc_128 on arm64, ppc64el, riscv64. Initially suggested
    by Joel Stanley.
  * Add a "prefix" for pkg-config and cmake exporter
    (Closes: #1078509, #1078020).
  * Add Breaks/ Replaces to the legacy provider also against libssl3
    (Closes: #1078551).
  * Upload to unstable.

  [ Debian Janitor ]
  * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
    Repository-Browse.
  * Fix day-of-week for changelog entries 0.9.8a-7, 0.9.8a-6, 0.9.8a-4.

openssl (3.3.1-5) experimental; urgency=medium

  * Split the legacy provider into its own package (Closes: #965041).
  * Add the FIPS provider (Closes: #1050210).
  * Reintroduce the provider section back in the default openssl.cnf. This is
    was to keep compatibility with the openssl 1.1 series. Adding makes it
    easier to add/ enable provides such as fips.

Date: Fri, 29 Nov 2024 11:19:56 +0100
Changed-By: Adrien Nader <adrien.nader at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Simon Chopin <simon.chopin at canonical.com>
https://launchpad.net/ubuntu/+source/openssl/3.4.0-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Fri, 29 Nov 2024 11:19:56 +0100
Source: openssl
Built-For-Profiles: noudeb
Architecture: source
Version: 3.4.0-1ubuntu1
Distribution: plucky
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Adrien Nader <adrien.nader at canonical.com>
Closes: 965041 1050210 1074487 1078020 1078509 1078551
Launchpad-Bugs-Fixed: 2044795 2058017 2073991 2087955
Changes:
 openssl (3.4.0-1ubuntu1) plucky; urgency=medium
 .
   * Merge with Debian unstable (LP: #2044795). Remaining changes:
     - Use perl:native in the autopkgtest for installability on i386.
     - Symlink copyright/changelog.Debian.gz in libssl3* to libssl-dev/openssl
     - Disable LTO with which the codebase is generally incompatible (LP: #2058017)
     - Default config reads crypto-config and /etc/ssl/openssl.cnf.d dropins
     - patch: crypto: Add kernel FIPS mode detection
     - patch: crypto: Automatically use the FIPS provider...
     - patch: apps/speed: Omit unavailable algorithms in FIPS mode
     - patch: apps: pass -propquery arg to the libctx DRBG fetches
     - patch: test: Ensure encoding runs with the correct context...
     - patch: Add Ubuntu-specific defines to help FIPS certification (LP: #2073991)
       + UBUNTU_OSSL_SELF_TEST_DESC_PCT_DH
       + UBUNTU_OSSL_PROV_FIPS_PARAM_UNAPPROVED_USAGE
     Dropped, merged upstream:
     - debian/patches/CVE-2024-6119.patch: avoid type errors in EAI-related
       name check logic in crypto/x509/v3_utl.c, test/*.
   * Don't enable or package anything FIPS (LP: #2087955)
 .
 openssl (3.4.0-1) experimental; urgency=medium
 .
   * Import 3.4.0
 .
 openssl (3.4.0~~beta1-2) experimental; urgency=medium
 .
   * Add a patch to avoid using other memory allocations if custom malloc is
     provided.
   * Add a patch to check length in the SPARC assembly implementation of
     AES-CBC.
 .
 openssl (3.4.0~~beta1-1) experimental; urgency=medium
 .
   * Import 3.4.0-beta1
 .
 openssl (3.3.2-1) unstable; urgency=medium
 .
   * Import 3.3.2.
     - CVE-2024-6119 (Possible denial of service in X.509 name checks).
     - CVE-2024-5535 (SSL_select_next_proto buffer overread)
       (Closes: #1074487).
 .
 openssl (3.3.1-7) unstable; urgency=medium
 .
   * Make libssl3t64 depend on openssl-provider-legacy (See further development
     in #965041).
 .
 openssl (3.3.1-6) unstable; urgency=medium
 .
   [ Sebastian Andrzej Siewior ]
   * Enable ec_nistp_64_gcc_128 on arm64, ppc64el, riscv64. Initially suggested
     by Joel Stanley.
   * Add a "prefix" for pkg-config and cmake exporter
     (Closes: #1078509, #1078020).
   * Add Breaks/ Replaces to the legacy provider also against libssl3
     (Closes: #1078551).
   * Upload to unstable.
 .
   [ Debian Janitor ]
   * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
     Repository-Browse.
   * Fix day-of-week for changelog entries 0.9.8a-7, 0.9.8a-6, 0.9.8a-4.
 .
 openssl (3.3.1-5) experimental; urgency=medium
 .
   * Split the legacy provider into its own package (Closes: #965041).
   * Add the FIPS provider (Closes: #1050210).
   * Reintroduce the provider section back in the default openssl.cnf. This is
     was to keep compatibility with the openssl 1.1 series. Adding makes it
     easier to add/ enable provides such as fips.
Checksums-Sha1:
 5e8a9d951c752d8a74b07392cf1006a98797d570 2666 openssl_3.4.0-1ubuntu1.dsc
 5c2f33c3f3601676f225109231142cdc30d44127 18320899 openssl_3.4.0.orig.tar.gz
 9be60fa72dd73921d916a698872516048f2e6358 833 openssl_3.4.0.orig.tar.gz.asc
 f3de6bec2f4b0000774e49fcf887af7a6f8a98d6 65860 openssl_3.4.0-1ubuntu1.debian.tar.xz
 7257ce74cd4c1b7102fb4c90518fc326f4adb098 5124 openssl_3.4.0-1ubuntu1_source.buildinfo
Checksums-Sha256:
 3c8c282e41c4e842e702bbe38c75bbc70796fe7ed500690c201d3b5cb84721d5 2666 openssl_3.4.0-1ubuntu1.dsc
 e15dda82fe2fe8139dc2ac21a36d4ca01d5313c75f99f46c4e8a27709b7294bf 18320899 openssl_3.4.0.orig.tar.gz
 c1769b042904b54becc86b28cd5ff5475ed229a76c5eda5a6f5906e3fe1a3706 833 openssl_3.4.0.orig.tar.gz.asc
 702b94ae3fda03da8a0d9182c233ffde749b162baeeb98a1254b0470fdd82c8f 65860 openssl_3.4.0-1ubuntu1.debian.tar.xz
 c1bdc38145836cf4f722e685bc3d5d0118b89f4d30d856eebbc2718e22f5c1b7 5124 openssl_3.4.0-1ubuntu1_source.buildinfo
Files:
 2b84598e3b3e91018dd336e3f7291bab 2666 utils optional openssl_3.4.0-1ubuntu1.dsc
 34733f7be2d60ecd8bd9ddb796e182af 18320899 utils optional openssl_3.4.0.orig.tar.gz
 ca4bf45835137ddfe9416f261f7ff511 833 utils optional openssl_3.4.0.orig.tar.gz.asc
 6d0ebca71591886778b5e6eae591406a 65860 utils optional openssl_3.4.0-1ubuntu1.debian.tar.xz
 ad0fd199ede9c76f0036b767dfe4b4c0 5124 utils optional openssl_3.4.0-1ubuntu1_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at alioth-lists.debian.net>
Vcs-Git: https://git.launchpad.net/~schopin/ubuntu/+source/openssl
Vcs-Git-Commit: 362bfbfb7e88b2f79c7bd60b05daeacf0094f04f
Vcs-Git-Ref: refs/heads/plucky-merge-3.4