* Merge from Debian unstable (LP: #1979639). Remaining changes:
- Replace duplicate files in the doc directory with symlinks.
- d/libssl3.postinst: Revert Debian deletion
+ Skip services restart & reboot notification if needrestart is in-use.
+ Bump version check to to 1.1.1.
+ Use a different priority for libssl1.1/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
+ Import libraries/restart-without-asking template as used by above.
- Add support for building with noudeb build profile.
- Revert "Enable system default config to enforce TLS1.2 as a
minimum" & "Increase default security level from 1 to 2".
- Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions
below 1.2 and update documentation. Previous default of 1, can be set
by calling SSL_CTX_set_security_level(), SSL_set_security_level() or
using ':@SECLEVEL=1' CipherString value in openssl.cfg.
- Use perl:native in the autopkgtest for installability on i386.
- d/p/skip_tls1.1_seclevel3_tests.patch: new Ubuntu-specific patch for the
testsuite
- d/p/Set-systemwide-default-settings-for-libssl-users: partially apply it
on Ubuntu to make it easier for user to change security level
* Dropped changes, merged upstream:
- Add some more string comparison fixes
- d/p/lp1947588.patch: Cherry-picked as our patches make it very easy to
trigger the underlying bug
- d/p/lp1978093/*: renew some expiring test certificates
* d/p/fix-avx512-overflow.patch: Cherry-picked from upstream to fix a 3.0.4
regression on AVX-512 capable CPUs.
This bug was fixed in the package openssl - 3.0.4-1ubuntu1
---------------
openssl (3.0.4-1ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable (LP: #1979639). Remaining changes: 1/restart- services depending restart- without- asking template as used by above. TLS_SECURITY_ LEVEL=2 as compiled-in minimum security set_security_ level() , SSL_set_ security_ level() or tls1.1_ seclevel3_ tests.patch: new Ubuntu-specific patch for the systemwide- default- settings- for-libssl- users: partially apply it patch: Cherry-picked as our patches make it very easy to avx512- overflow. patch: Cherry-picked from upstream to fix a 3.0.4
- Replace duplicate files in the doc directory with symlinks.
- d/libssl3.postinst: Revert Debian deletion
+ Skip services restart & reboot notification if needrestart is in-use.
+ Bump version check to to 1.1.1.
+ Use a different priority for libssl1.
on whether a desktop, or server dist-upgrade is being performed.
+ Import libraries/
- Add support for building with noudeb build profile.
- Revert "Enable system default config to enforce TLS1.2 as a
minimum" & "Increase default security level from 1 to 2".
- Set OPENSSL_
level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions
below 1.2 and update documentation. Previous default of 1, can be set
by calling SSL_CTX_
using ':@SECLEVEL=1' CipherString value in openssl.cfg.
- Use perl:native in the autopkgtest for installability on i386.
- d/p/skip_
testsuite
- d/p/Set-
on Ubuntu to make it easier for user to change security level
* Dropped changes, merged upstream:
- Add some more string comparison fixes
- d/p/lp1947588.
trigger the underlying bug
- d/p/lp1978093/*: renew some expiring test certificates
* d/p/fix-
regression on AVX-512 capable CPUs.
openssl (3.0.4-1) unstable; urgency=medium
* Import 3.0.3
- CVE-2022-2068 (The c_rehash script allows command injection)
openssl (3.0.3-8) unstable; urgency=medium
* Update to openssl-3.0 head.
* Avoid reusing the init_lock for a different purpose (Closes: #1011339).
openssl (3.0.3-7) unstable; urgency=medium
* Remove the provider section from the provided openssl.cnf
(Closes: #1011051).
openssl (3.0.3-6) unstable; urgency=medium
* Update to openssl-3.0 head which fixes the expired certs in the testsuite.
-- Simon Chopin <email address hidden> Thu, 23 Jun 2022 12:43:23 +0200