[ubuntu/questing-proposed] openssl 3.5.0-2ubuntu1 (Accepted)

Ravi Kant Sharma ravi.kant.sharma at canonical.com
Wed Jun 11 10:58:22 UTC 2025 

openssl (3.5.0-2ubuntu1) questing; urgency=medium

   * Merge with Debian unstable (LP: #2112457). Remaining changes:
    - Use perl:native in the autopkgtest for installability on i386.
    - Symlink copyright/changelog.Debian.gz in libssl3* to libssl-dev/openssl
    - Disable LTO with which the codebase is generally incompatible (LP #2058017)
    - Default config reads crypto-config and /etc/ssl/openssl.cnf.d dropins
    - Don't enable or package anything FIPS (LP #2087955)
    - fips patches (debian/patches/fips):
      - crypto: Add kernel FIPS mode detection
      - crypto: Automatically use the FIPS provider...
      - apps/speed: Omit unavailable algorithms in FIPS mode
      - apps: pass -propquery arg to the libctx DRBG fetches
      - test: Ensure encoding runs with the correct context...
      - Add Ubuntu-specific defines to help FIPS certification (LP #2073991)
        + UBUNTU_OSSL_SELF_TEST_DESC_PCT_DH
        + UBUNTU_OSSL_PROV_FIPS_PARAM_UNAPPROVED_USAGE
  * Patches refresh
    - d/p/fips/crypto-Automatically-use-the-FIPS-provider-when-the-kerne.patch
    - d/p/fips/two-defines-for-fips-in-libssl-dev-headers.patch
  * Dropped patch, merged upstream (LP #2096810)
    - s390x-Add-hardware-acceleration-for-full-AES-XTS.patch
  * Drop all post-3.4.1 upstream patches

openssl (3.5.0-2) unstable; urgency=medium

  * Fix P-384 curve on lower-than-P9 PPC64 targets Closes: #1106516).
  * CVE-2025-4575 ("The x509 application adds trusted use instead of
    rejected use") (Closes: #1106322).

openssl (3.5.0-1) unstable; urgency=medium

  * Import 3.5.0
  * Upload to unstable.

openssl (3.5.0~~beta1-1) experimental; urgency=medium

  * Import 3.5.0-beta1.

openssl (3.5.0~~alpha1-1) experimental; urgency=medium

  * Import 3.5.0-alpha1.
  * Remove usr/share/doc/libssl3 (Closes: #1098515).

Date: Wed, 04 Jun 2025 12:46:00 +0200
Changed-By: Ravi Kant Sharma <ravi.kant.sharma at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Simon Chopin <simon.chopin at canonical.com>
https://launchpad.net/ubuntu/+source/openssl/3.5.0-2ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 04 Jun 2025 12:46:00 +0200
Source: openssl
Built-For-Profiles: noudeb
Architecture: source
Version: 3.5.0-2ubuntu1
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Ravi Kant Sharma <ravi.kant.sharma at canonical.com>
Closes: 1098515 1106322 1106516
Launchpad-Bugs-Fixed: 2112457
Changes:
 openssl (3.5.0-2ubuntu1) questing; urgency=medium
 .
    * Merge with Debian unstable (LP: #2112457). Remaining changes:
     - Use perl:native in the autopkgtest for installability on i386.
     - Symlink copyright/changelog.Debian.gz in libssl3* to libssl-dev/openssl
     - Disable LTO with which the codebase is generally incompatible (LP #2058017)
     - Default config reads crypto-config and /etc/ssl/openssl.cnf.d dropins
     - Don't enable or package anything FIPS (LP #2087955)
     - fips patches (debian/patches/fips):
       - crypto: Add kernel FIPS mode detection
       - crypto: Automatically use the FIPS provider...
       - apps/speed: Omit unavailable algorithms in FIPS mode
       - apps: pass -propquery arg to the libctx DRBG fetches
       - test: Ensure encoding runs with the correct context...
       - Add Ubuntu-specific defines to help FIPS certification (LP #2073991)
         + UBUNTU_OSSL_SELF_TEST_DESC_PCT_DH
         + UBUNTU_OSSL_PROV_FIPS_PARAM_UNAPPROVED_USAGE
   * Patches refresh
     - d/p/fips/crypto-Automatically-use-the-FIPS-provider-when-the-kerne.patch
     - d/p/fips/two-defines-for-fips-in-libssl-dev-headers.patch
   * Dropped patch, merged upstream (LP #2096810)
     - s390x-Add-hardware-acceleration-for-full-AES-XTS.patch
   * Drop all post-3.4.1 upstream patches
 .
 openssl (3.5.0-2) unstable; urgency=medium
 .
   * Fix P-384 curve on lower-than-P9 PPC64 targets Closes: #1106516).
   * CVE-2025-4575 ("The x509 application adds trusted use instead of
     rejected use") (Closes: #1106322).
 .
 openssl (3.5.0-1) unstable; urgency=medium
 .
   * Import 3.5.0
   * Upload to unstable.
 .
 openssl (3.5.0~~beta1-1) experimental; urgency=medium
 .
   * Import 3.5.0-beta1.
 .
 openssl (3.5.0~~alpha1-1) experimental; urgency=medium
 .
   * Import 3.5.0-alpha1.
   * Remove usr/share/doc/libssl3 (Closes: #1098515).
Checksums-Sha1:
 d099cacec6ac17de2489a66733cf17c5d80e64d1 2426 openssl_3.5.0-2ubuntu1.dsc
 01ba9f9cc97125eab08bbe7206607e404244cf3c 53136912 openssl_3.5.0.orig.tar.gz
 2256a2805d9a77faf6ff07965dc66ab34f39ee46 67920 openssl_3.5.0-2ubuntu1.debian.tar.xz
 3fd35495598052a0759fcab60f93218cf03f769c 7509 openssl_3.5.0-2ubuntu1_source.buildinfo
Checksums-Sha256:
 1cf71c632a0fe5136d584c4f54fcb2fae4cff6b45829b4dd7610cad7d64858f1 2426 openssl_3.5.0-2ubuntu1.dsc
 344d0a79f1a9b08029b0744e2cc401a43f9c90acd1044d09a530b4885a8e9fc0 53136912 openssl_3.5.0.orig.tar.gz
 1760ad39d4794edb73caf0a57f07b5cb983663bf77408cd879e4be99aca6d779 67920 openssl_3.5.0-2ubuntu1.debian.tar.xz
 c12c40ce5c2f8e760724125a44dbed167ef1b5bc414b17ac926d4169b3f6b276 7509 openssl_3.5.0-2ubuntu1_source.buildinfo
Files:
 f1f6e16b2eaacb419b0378b56406c8be 2426 utils optional openssl_3.5.0-2ubuntu1.dsc
 51da7d2bdf7f4f508cb024f562eb9b03 53136912 utils optional openssl_3.5.0.orig.tar.gz
 0f3f112406090805d61dbab3cf29587f 67920 utils optional openssl_3.5.0-2ubuntu1.debian.tar.xz
 eaaa7040cd45bdc6732a62c2e588168b 7509 utils optional openssl_3.5.0-2ubuntu1_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at alioth-lists.debian.net>
Vcs-Git: https://git.launchpad.net/~schopin/ubuntu/+source/openssl
Vcs-Git-Commit: 03b6f3d29381b2c48dd174c7cbd69462b5ef5457
Vcs-Git-Ref: refs/heads/merge-lp2110006-questing

More information about the Questing-changes mailing list