[ubuntu/lunar-proposed] openssl 3.0.7-1ubuntu1 (Accepted)

Adrien Nader adrien.nader at canonical.com
Thu Jan 12 11:23:14 UTC 2023 

openssl (3.0.7-1ubuntu1) lunar; urgency=medium

  * Merge 3.0.7 from Debian unstable (LP: #1998942)
    - Drop patches merged upstream:
      + CVE-2022-3358.patch
      + CVE-2022-3602-1.patch
      + CVE-2022-3602-2.patch
    - Shrink patch since upstream fixed some tests in the patch above:
      + tests-use-seclevel-1.patch
    - Drop patch since -DOPENSSL_TLS_SECURITY_LEVEL=2 is now hard-coded:
      + Set-systemwide-default-settings-for-libssl-users.patch
    - Drop Debian patch not needed anymore:
      + TEST-Provide-a-default-openssl.cnf-for-tests.patch
    - Mention Debian as defaulting to SECLEVEL=2 in addition to Ubuntu:
      + tls1.2-min-seclevel2.patch
    - Remaining changes:
      + Symlink changelog{,.Debian}.gz and copyright.gz from libssl-dev to
        openssl
      + d/libssl3.postinst: Revert Debian deletion
        - Skip services restart & reboot notification if needrestart is in-use.
        - Bump version check to 1.1.1 (bug opened as LP: #1999139)
        - Use a different priority for libssl1.1/restart-services depending
          on whether a desktop, or server dist-upgrade is being performed.
        - Import libraries/restart-without-asking template as used by above.
      + Add support for building with noudeb build profile.
      + Use perl:native in the autopkgtest for installability on i386.
  * Correct comment as to which TLS version is disabled with our seclevel:
    - skip_tls1.1_seclevel3_tests.patch

  [Sebastian Andrzej Siewior]
  * CVE-2022-3996 (X.509 Policy Constraints Double Locking).

openssl (3.0.7-1) unstable; urgency=medium

  * Import 3.0.7
    - Using a Custom Cipher with NID_undef may lead to NULL encryption
      (CVE-2022-3358) (Closes: #1021620).
    - X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602).
    - X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786).
  * Disable rdrand engine (the opcode on x86).
  * Remove config bits for MIPS R6, the generic MIPS config can be used.

openssl (3.0.5-4) unstable; urgency=medium

  * Add ssl_conf() serialisation (Closes: #1020308).

openssl (3.0.5-3) unstable; urgency=medium

  * Add cert.pem symlink pointing to ca-certificates' ca-certificates.crt
   (Closes: #805646).
  * Compile with OPENSSL_TLS_SECURITY_LEVEL=2 (Closes: #918727).

Date: Tue, 06 Dec 2022 15:11:40 +0100
Changed-By: Adrien Nader <adrien.nader at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Simon Chopin <simon.chopin at canonical.com>
https://launchpad.net/ubuntu/+source/openssl/3.0.7-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 06 Dec 2022 15:11:40 +0100
Source: openssl
Built-For-Profiles: noudeb
Architecture: source
Version: 3.0.7-1ubuntu1
Distribution: lunar
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Adrien Nader <adrien.nader at canonical.com>
Closes: 805646 918727 1020308 1021620
Launchpad-Bugs-Fixed: 1998942 1999139
Changes:
 openssl (3.0.7-1ubuntu1) lunar; urgency=medium
 .
   * Merge 3.0.7 from Debian unstable (LP: #1998942)
     - Drop patches merged upstream:
       + CVE-2022-3358.patch
       + CVE-2022-3602-1.patch
       + CVE-2022-3602-2.patch
     - Shrink patch since upstream fixed some tests in the patch above:
       + tests-use-seclevel-1.patch
     - Drop patch since -DOPENSSL_TLS_SECURITY_LEVEL=2 is now hard-coded:
       + Set-systemwide-default-settings-for-libssl-users.patch
     - Drop Debian patch not needed anymore:
       + TEST-Provide-a-default-openssl.cnf-for-tests.patch
     - Mention Debian as defaulting to SECLEVEL=2 in addition to Ubuntu:
       + tls1.2-min-seclevel2.patch
     - Remaining changes:
       + Symlink changelog{,.Debian}.gz and copyright.gz from libssl-dev to
         openssl
       + d/libssl3.postinst: Revert Debian deletion
         - Skip services restart & reboot notification if needrestart is in-use.
         - Bump version check to 1.1.1 (bug opened as LP: #1999139)
         - Use a different priority for libssl1.1/restart-services depending
           on whether a desktop, or server dist-upgrade is being performed.
         - Import libraries/restart-without-asking template as used by above.
       + Add support for building with noudeb build profile.
       + Use perl:native in the autopkgtest for installability on i386.
   * Correct comment as to which TLS version is disabled with our seclevel:
     - skip_tls1.1_seclevel3_tests.patch
 .
   [Sebastian Andrzej Siewior]
   * CVE-2022-3996 (X.509 Policy Constraints Double Locking).
 .
 openssl (3.0.7-1) unstable; urgency=medium
 .
   * Import 3.0.7
     - Using a Custom Cipher with NID_undef may lead to NULL encryption
       (CVE-2022-3358) (Closes: #1021620).
     - X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602).
     - X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786).
   * Disable rdrand engine (the opcode on x86).
   * Remove config bits for MIPS R6, the generic MIPS config can be used.
 .
 openssl (3.0.5-4) unstable; urgency=medium
 .
   * Add ssl_conf() serialisation (Closes: #1020308).
 .
 openssl (3.0.5-3) unstable; urgency=medium
 .
   * Add cert.pem symlink pointing to ca-certificates' ca-certificates.crt
    (Closes: #805646).
   * Compile with OPENSSL_TLS_SECURITY_LEVEL=2 (Closes: #918727).
Checksums-Sha1:
 2684649d602b529c364298c5f08c1c5168d4f313 2544 openssl_3.0.7-1ubuntu1.dsc
 f20736d6aae36bcbfa9aba0d358c71601833bf27 15107575 openssl_3.0.7.orig.tar.gz
 7b4c50ff27fadda7680a985ae2e6b5716f092e56 858 openssl_3.0.7.orig.tar.gz.asc
 d589804350a3e20e5107eace2806afd122873d0c 106024 openssl_3.0.7-1ubuntu1.debian.tar.xz
 9a8d773a86611e3517cf5c977f6a546f38ebc454 8001 openssl_3.0.7-1ubuntu1_source.buildinfo
Checksums-Sha256:
 db6e96457ed02649cd50e9a740882cae25eb62865c6f62a61f55800754b5e513 2544 openssl_3.0.7-1ubuntu1.dsc
 83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e 15107575 openssl_3.0.7.orig.tar.gz
 18be1d820b25ed5c7d8efe4fdba0b947925273ca114bbd78faecbd99a52df203 858 openssl_3.0.7.orig.tar.gz.asc
 10f3af70358b3120364c3588873b0b7e56bdab1fc8f4d3de3156eb817f88f74c 106024 openssl_3.0.7-1ubuntu1.debian.tar.xz
 cd1386ec85b615c1d4a50f175c48be919843d35e576f08ea4356dfd3859be52e 8001 openssl_3.0.7-1ubuntu1_source.buildinfo
Files:
 5932f7abab42b84894068810c6e6beeb 2544 utils optional openssl_3.0.7-1ubuntu1.dsc
 545478ce41b96bf3beacb4dc58b36c77 15107575 utils optional openssl_3.0.7.orig.tar.gz
 8cf6d88be580b37f4af4ea25424f4d2a 858 utils optional openssl_3.0.7.orig.tar.gz.asc
 193adfe6cbdb98b45a14142ad43d7902 106024 utils optional openssl_3.0.7-1ubuntu1.debian.tar.xz
 09a8c783eda7930b0943066945769a34 8001 utils optional openssl_3.0.7-1ubuntu1_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at alioth-lists.debian.net>

More information about the lunar-changes mailing list