* Manual merge of version 3.0.0-1 from Debian experimental, remaining
changes:
- Replace duplicate files in the doc directory with symlinks.
- debian/libssl1.1.postinst:
+ Display a system restart required notification on libssl1.1
upgrade on servers, unless needrestart is available.
+ Use a different priority for libssl1.1/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
+ Skip services restart & reboot notification if needrestart is in-use.
+ Bump version check to to 1.1.1.
+ Import libraries/restart-without-asking template as used by above.
- Revert "Enable system default config to enforce TLS1.2 as a
minimum" & "Increase default security level from 1 to 2".
- Reword the NEWS entry, as applicable on Ubuntu.
- Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions
below 1.2 and update documentation. Previous default of 1, can be set
by calling SSL_CTX_set_security_level(), SSL_set_security_level() or
using ':@SECLEVEL=1' CipherString value in openssl.cfg.
- Add support for building with noudeb build profile.
* d/p/Don-t-create-an-ECX-key-with-short-keys.patch:
Backported from upstream to fix a regression with short keys (LP: #1946213)
* d/p/Add-null-digest-implementation-to-the-default-provid.patch:
Backported from upstream to fix a compatibility issue with 1.1.1l
* Manually call dh_installdirs to fix build failure
* Drop some Ubuntu patches merged upstream
+ The s390x series (00xx) has been applied upstream
+ The lp-1927161 Intel CET series has been applied upstream
+ CVE-2021-3449 has been fixed upstream
+ CVE-2021-3450 doesn't apply to 3.0 branch
* Refresh and adapt the remaining patches
* Import 3.0.0-alpha13.
* Move configuration.h to architecture specific include folder. Patch from
Antonio Terceiro (Closes: #985555).
* Enable LFS. Thanks to Dan Nicholson for debugging (Closes: #923479).
* drop `lsof', the testsuite is not using it anymore.
* Enable ktls.
This bug was fixed in the package openssl - 3.0.0-1ubuntu1
---------------
openssl (3.0.0-1ubuntu1) jammy; urgency=medium
* Manual merge of version 3.0.0-1 from Debian experimental, remaining libssl1. 1.postinst: 1/restart- services depending restart- without- asking template as used by above. TLS_SECURITY_ LEVEL=2 as compiled-in minimum security set_security_ level() , SSL_set_ security_ level() or t-create- an-ECX- key-with- short-keys. patch: null-digest- implementation- to-the- default- provid. patch:
changes:
- Replace duplicate files in the doc directory with symlinks.
- debian/
+ Display a system restart required notification on libssl1.1
upgrade on servers, unless needrestart is available.
+ Use a different priority for libssl1.
on whether a desktop, or server dist-upgrade is being performed.
+ Skip services restart & reboot notification if needrestart is in-use.
+ Bump version check to to 1.1.1.
+ Import libraries/
- Revert "Enable system default config to enforce TLS1.2 as a
minimum" & "Increase default security level from 1 to 2".
- Reword the NEWS entry, as applicable on Ubuntu.
- Set OPENSSL_
level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions
below 1.2 and update documentation. Previous default of 1, can be set
by calling SSL_CTX_
using ':@SECLEVEL=1' CipherString value in openssl.cfg.
- Add support for building with noudeb build profile.
* d/p/Don-
Backported from upstream to fix a regression with short keys (LP: #1946213)
* d/p/Add-
Backported from upstream to fix a compatibility issue with 1.1.1l
* Manually call dh_installdirs to fix build failure
* Drop some Ubuntu patches merged upstream
+ The s390x series (00xx) has been applied upstream
+ The lp-1927161 Intel CET series has been applied upstream
+ CVE-2021-3449 has been fixed upstream
+ CVE-2021-3450 doesn't apply to 3.0 branch
* Refresh and adapt the remaining patches
openssl (3.0.0-1) experimental; urgency=medium
* Import 3.0.0.
* Add avr32, patch by Vineet Gupta (Closes: #989442).
openssl (3.0.0~~beta2-1) experimental; urgency=medium
* Import 3.0.0-beta2.
openssl (3.0.0~~beta1-1) experimental; urgency=medium
* Import 3.0.0-beta1.
* Use HARNESS_VERBOSE again (otherwise the test suite might killed since no
progress is visible).
openssl (3.0.0~~alpha16-1) experimental; urgency=medium
* Import 3.0.0-alpha16.
* Use VERBOSE_FAILURE to log only failures in the build log.
openssl (3.0.0~~alpha15-1) experimental; urgency=medium
* Import 3.0.0-alpha15.
openssl (3.0.0~~alpha13-2) experimental; urgency=medium
* Add a proposed patch from upstream to skip negativ errno number in the
testsuite to pass the testsute on hurd.
* Always link against libatomic.
openssl (3.0.0~~alpha13-1) experimental; urgency=medium
* Import 3.0.0-alpha13.
* Move configuration.h to architecture specific include folder. Patch from
Antonio Terceiro (Closes: #985555).
* Enable LFS. Thanks to Dan Nicholson for debugging (Closes: #923479).
* drop `lsof', the testsuite is not using it anymore.
* Enable ktls.
openssl (3.0.0~~alpha4-1) experimental; urgency=medium
* Import 3.0.0-alpha4.
* Add `lsof' which is needed by the test suite.
* Add ossl-modules to libcrypto's udeb.
openssl (3.0.0~~alpha3-1) experimental; urgency=medium
* Import 3.0.0-alpha3
* Install the .so files only in the -dev package (Closes: #962548).
openssl (3.0.0~~alpha1-1) experimental; urgency=medium
* Import 3.0.0-alpha1 (Closes: #934836).
-- Simon Chopin <email address hidden> Mon, 20 Sep 2021 18:09:50 +0200