[ubuntu/plucky-proposed] openssl 3.4.1-1ubuntu1 (Accepted)

Adrien Nader adrien.nader at canonical.com
Wed Feb 12 15:40:18 UTC 2025 

openssl (3.4.1-1ubuntu1) plucky; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - Use perl:native in the autopkgtest for installability on i386.
    - Symlink copyright/changelog.Debian.gz in libssl3* to libssl-dev/openssl
    - Disable LTO with which the codebase is generally incompatible (LP: #2058017)
    - Default config reads crypto-config and /etc/ssl/openssl.cnf.d dropins
    - Don't enable or package anything FIPS (LP: #2087955)
    - patch: crypto: Add kernel FIPS mode detection
    - patch: crypto: Automatically use the FIPS provider...
    - patch: apps/speed: Omit unavailable algorithms in FIPS mode
    - patch: apps: pass -propquery arg to the libctx DRBG fetches
    - patch: test: Ensure encoding runs with the correct context...
    - patch: Add Ubuntu-specific defines to help FIPS certification (LP: #2073991)
      + UBUNTU_OSSL_SELF_TEST_DESC_PCT_DH
      + UBUNTU_OSSL_PROV_FIPS_PARAM_UNAPPROVED_USAGE
  * Remove now-unneeded work-around for m2crypto as discussed in #1091133
  * patch: add CPACF instruction usage for AES-XTS (LP: #2096810)

openssl (3.4.1-1) unstable; urgency=medium

  * Import 3.4.1
  - CVE-2024-12797 (RFC7250 handshakes with unauthenticated servers don't
    abort as expected) (Closes: #1095765).
  - CVE-2024-13176 (Timing side-channel in ECDSA signature computation)
    (Closes: #1094027).
  - Compile on LoongArch again (Closes: #1092307).

openssl (3.4.0-2) unstable; urgency=medium

  * Disable padlockeng on non-x86 architectures.
  * Upload to unstable.

Date: Wed, 12 Feb 2025 10:21:22 +0100
Changed-By: Adrien Nader <adrien.nader at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Simon Quigley <tsimonq2 at ubuntu.com>
https://launchpad.net/ubuntu/+source/openssl/3.4.1-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 12 Feb 2025 10:21:22 +0100
Source: openssl
Built-For-Profiles: noudeb
Architecture: source
Version: 3.4.1-1ubuntu1
Distribution: plucky
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Adrien Nader <adrien.nader at canonical.com>
Closes: 1092307 1094027 1095765
Launchpad-Bugs-Fixed: 2058017 2073991 2087955 2096810
Changes:
 openssl (3.4.1-1ubuntu1) plucky; urgency=medium
 .
   * Merge with Debian unstable. Remaining changes:
     - Use perl:native in the autopkgtest for installability on i386.
     - Symlink copyright/changelog.Debian.gz in libssl3* to libssl-dev/openssl
     - Disable LTO with which the codebase is generally incompatible (LP: #2058017)
     - Default config reads crypto-config and /etc/ssl/openssl.cnf.d dropins
     - Don't enable or package anything FIPS (LP: #2087955)
     - patch: crypto: Add kernel FIPS mode detection
     - patch: crypto: Automatically use the FIPS provider...
     - patch: apps/speed: Omit unavailable algorithms in FIPS mode
     - patch: apps: pass -propquery arg to the libctx DRBG fetches
     - patch: test: Ensure encoding runs with the correct context...
     - patch: Add Ubuntu-specific defines to help FIPS certification (LP: #2073991)
       + UBUNTU_OSSL_SELF_TEST_DESC_PCT_DH
       + UBUNTU_OSSL_PROV_FIPS_PARAM_UNAPPROVED_USAGE
   * Remove now-unneeded work-around for m2crypto as discussed in #1091133
   * patch: add CPACF instruction usage for AES-XTS (LP: #2096810)
 .
 openssl (3.4.1-1) unstable; urgency=medium
 .
   * Import 3.4.1
   - CVE-2024-12797 (RFC7250 handshakes with unauthenticated servers don't
     abort as expected) (Closes: #1095765).
   - CVE-2024-13176 (Timing side-channel in ECDSA signature computation)
     (Closes: #1094027).
   - Compile on LoongArch again (Closes: #1092307).
 .
 openssl (3.4.0-2) unstable; urgency=medium
 .
   * Disable padlockeng on non-x86 architectures.
   * Upload to unstable.
Checksums-Sha1:
 e69e371dc6e66c82cbb5286998d2c00bcda777d3 2841 openssl_3.4.1-1ubuntu1.dsc
 d3469baf41823a28ad71aae12b2fbb9fe3b19a0d 18346056 openssl_3.4.1.orig.tar.gz
 3fc7c15a0580dc691ee7024602d0d065a2c40b32 833 openssl_3.4.1.orig.tar.gz.asc
 46f73c38157392d48d1a972b318a36e383a6062d 68988 openssl_3.4.1-1ubuntu1.debian.tar.xz
 2e695a09e72baa4fdc43f89f3df51a9048fea1c8 7247 openssl_3.4.1-1ubuntu1_source.buildinfo
Checksums-Sha256:
 9f18df1e9e7970720f3ef0ede0f3589abc45d517a0c99d2d87e56d5abeeea771 2841 openssl_3.4.1-1ubuntu1.dsc
 002a2d6b30b58bf4bea46c43bdd96365aaf8daa6c428782aa4feee06da197df3 18346056 openssl_3.4.1.orig.tar.gz
 488c2d4051d5d27b1c0f9d21fd717630e0a2e1b82216875b2fb0fceeb0e8ea5a 833 openssl_3.4.1.orig.tar.gz.asc
 4bd08e6f1677b87527af25630dc257fe8a91a713645e892183950082f035095c 68988 openssl_3.4.1-1ubuntu1.debian.tar.xz
 15761297d77d134a02afa41d08bcf768779625e21a3436754ae7f54b325e0e03 7247 openssl_3.4.1-1ubuntu1_source.buildinfo
Files:
 3327a50fecb1ad47580b7948b03605b1 2841 utils optional openssl_3.4.1-1ubuntu1.dsc
 fb7a747ac6793a7ad7118eaba45db379 18346056 utils optional openssl_3.4.1.orig.tar.gz
 543c69bafc1e9c48736fed6f19f4d1c9 833 utils optional openssl_3.4.1.orig.tar.gz.asc
 885a9ca93a779783e44a8a06e2acf06d 68988 utils optional openssl_3.4.1-1ubuntu1.debian.tar.xz
 e0b9cfecc0cc2f6221b300f5ec821d4d 7247 utils optional openssl_3.4.1-1ubuntu1_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at alioth-lists.debian.net>

More information about the plucky-changes mailing list