[ubuntu/kinetic-proposed] openssl 3.0.4-1ubuntu1 (Accepted)

Simon Chopin schopin at ubuntu.com
Fri Jun 24 11:46:13 UTC 2022 

openssl (3.0.4-1ubuntu1) kinetic; urgency=medium

  * Merge from Debian unstable (LP: #1979639). Remaining changes:
    - Replace duplicate files in the doc directory with symlinks.
    - d/libssl3.postinst: Revert Debian deletion
      + Skip services restart & reboot notification if needrestart is in-use.
      + Bump version check to to 1.1.1.
      + Use a different priority for libssl1.1/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
      + Import libraries/restart-without-asking template as used by above.
    - Add support for building with noudeb build profile.
    - Revert "Enable system default config to enforce TLS1.2 as a
      minimum" & "Increase default security level from 1 to 2".
    - Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
      level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions
      below 1.2 and update documentation. Previous default of 1, can be set
      by calling SSL_CTX_set_security_level(), SSL_set_security_level() or
      using ':@SECLEVEL=1' CipherString value in openssl.cfg.
    - Use perl:native in the autopkgtest for installability on i386.
    - d/p/skip_tls1.1_seclevel3_tests.patch: new Ubuntu-specific patch for the
      testsuite
    - d/p/Set-systemwide-default-settings-for-libssl-users: partially apply it
      on Ubuntu to make it easier for user to change security level
  * Dropped changes, merged upstream:
    - Add some more string comparison fixes
    - d/p/lp1947588.patch: Cherry-picked as our patches make it very easy to
      trigger the underlying bug
    - d/p/lp1978093/*: renew some expiring test certificates
  * d/p/fix-avx512-overflow.patch: Cherry-picked from upstream to fix a 3.0.4
    regression on AVX-512 capable CPUs.

openssl (3.0.4-1) unstable; urgency=medium

  * Import 3.0.3
    - CVE-2022-2068 (The c_rehash script allows command injection)

openssl (3.0.3-8) unstable; urgency=medium

  * Update to openssl-3.0 head.
  * Avoid reusing the init_lock for a different purpose (Closes: #1011339).

openssl (3.0.3-7) unstable; urgency=medium

  * Remove the provider section from the provided openssl.cnf
   (Closes: #1011051).

openssl (3.0.3-6) unstable; urgency=medium

  * Update to openssl-3.0 head which fixes the expired certs in the testsuite.

Date: Thu, 23 Jun 2022 12:43:23 +0200
Changed-By: Simon Chopin <schopin at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssl/3.0.4-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Thu, 23 Jun 2022 12:43:23 +0200
Source: openssl
Built-For-Profiles: noudeb
Architecture: source
Version: 3.0.4-1ubuntu1
Distribution: kinetic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Simon Chopin <schopin at ubuntu.com>
Closes: 1011051 1011339
Launchpad-Bugs-Fixed: 1979639
Changes:
 openssl (3.0.4-1ubuntu1) kinetic; urgency=medium
 .
   * Merge from Debian unstable (LP: #1979639). Remaining changes:
     - Replace duplicate files in the doc directory with symlinks.
     - d/libssl3.postinst: Revert Debian deletion
       + Skip services restart & reboot notification if needrestart is in-use.
       + Bump version check to to 1.1.1.
       + Use a different priority for libssl1.1/restart-services depending
         on whether a desktop, or server dist-upgrade is being performed.
       + Import libraries/restart-without-asking template as used by above.
     - Add support for building with noudeb build profile.
     - Revert "Enable system default config to enforce TLS1.2 as a
       minimum" & "Increase default security level from 1 to 2".
     - Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
       level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions
       below 1.2 and update documentation. Previous default of 1, can be set
       by calling SSL_CTX_set_security_level(), SSL_set_security_level() or
       using ':@SECLEVEL=1' CipherString value in openssl.cfg.
     - Use perl:native in the autopkgtest for installability on i386.
     - d/p/skip_tls1.1_seclevel3_tests.patch: new Ubuntu-specific patch for the
       testsuite
     - d/p/Set-systemwide-default-settings-for-libssl-users: partially apply it
       on Ubuntu to make it easier for user to change security level
   * Dropped changes, merged upstream:
     - Add some more string comparison fixes
     - d/p/lp1947588.patch: Cherry-picked as our patches make it very easy to
       trigger the underlying bug
     - d/p/lp1978093/*: renew some expiring test certificates
   * d/p/fix-avx512-overflow.patch: Cherry-picked from upstream to fix a 3.0.4
     regression on AVX-512 capable CPUs.
 .
 openssl (3.0.4-1) unstable; urgency=medium
 .
   * Import 3.0.3
     - CVE-2022-2068 (The c_rehash script allows command injection)
 .
 openssl (3.0.3-8) unstable; urgency=medium
 .
   * Update to openssl-3.0 head.
   * Avoid reusing the init_lock for a different purpose (Closes: #1011339).
 .
 openssl (3.0.3-7) unstable; urgency=medium
 .
   * Remove the provider section from the provided openssl.cnf
    (Closes: #1011051).
 .
 openssl (3.0.3-6) unstable; urgency=medium
 .
   * Update to openssl-3.0 head which fixes the expired certs in the testsuite.
Checksums-Sha1:
 7985c93e8b7f744fc35c6952caa1bd75a36f0d1e 2544 openssl_3.0.4-1ubuntu1.dsc
 cde0c343646ce10600e6b28fc7000e9096e7959f 15069605 openssl_3.0.4.orig.tar.gz
 1458850bc6dd616a5208c67c9c61ab459b51774a 488 openssl_3.0.4.orig.tar.gz.asc
 3a2230db4fed17f96c8cf81e896f12f5112ea5b7 133800 openssl_3.0.4-1ubuntu1.debian.tar.xz
 bc863a75d879645215199f48e96ff27eb49438d8 7202 openssl_3.0.4-1ubuntu1_source.buildinfo
Checksums-Sha256:
 94e86069715fe13b6a0b3c011850eec85b6bc383f0d2d5eed16127a05b3cc360 2544 openssl_3.0.4-1ubuntu1.dsc
 2831843e9a668a0ab478e7020ad63d2d65e51f72977472dc73efcefbafc0c00f 15069605 openssl_3.0.4.orig.tar.gz
 a4c23366369c3e9e1abd2af47c1658581d1d4e58fa9b453e5b959d550cf974e1 488 openssl_3.0.4.orig.tar.gz.asc
 3e9ebc3fa4f94fd1bbf31a6d0050a078baceeceff3bdd26fec553c4dab4cd8f9 133800 openssl_3.0.4-1ubuntu1.debian.tar.xz
 2becda2ded8957f764f4de6652df07c7a746d3b7437bd235d0199f4ea947d354 7202 openssl_3.0.4-1ubuntu1_source.buildinfo
Files:
 36d96b0c1b24a57654f09f5f8896cca3 2544 utils optional openssl_3.0.4-1ubuntu1.dsc
 32c7e6f6274e591e73fc463617078690 15069605 utils optional openssl_3.0.4.orig.tar.gz
 3ed636e786ce7fe1b02f5a21aa0fea51 488 utils optional openssl_3.0.4.orig.tar.gz.asc
 af005e55e5bf7bbc41a182d64ffb510b 133800 utils optional openssl_3.0.4-1ubuntu1.debian.tar.xz
 e30f92d32030b23dfe53e4f194151cf1 7202 utils optional openssl_3.0.4-1ubuntu1_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at alioth-lists.debian.net>

More information about the kinetic-changes mailing list