Ubuntu
openssl package

openssl 3.2.1-3ubuntu1 source package in Ubuntu

Changelog

openssl (3.2.1-3ubuntu1) oracular; urgency=medium

  * Merge 3.2.1-3 from Debian unstable (LP: #2067384)
    - Remaining changes:
      + Symlink changelog{,.Debian}.gz and copyright.gz from libssl-dev to
        openssl
      + Use perl:native in the autopkgtest for installability on i386.
      + Disable LTO with which the codebase is generally incompatible
        (LP: #2058017)
      + Add fips-mode detection and adjust defaults when running in fips mode
    - Dropped changes:
      + d/libssl3.postinst: Revert Debian deletion
        - Skip services restart & reboot notification if needrestart is in-use.
        - Bump version check to 1.1.1 (bug opened as LP: #1999139)
        - Use a different priority for libssl1.1/restart-services depending
          on whether a desktop, or server dist-upgrade is being performed.
        - Import libraries/restart-without-asking template as used by above.
      + Add support for building with noudeb build profile which has been
        integrated
      + Patches that forbade TLS < 1.2 @SECLEVEL=2 which is now upstream
        behaviour:
        - skip_tls1.1_seclevel3_tests.patch
        - tests-use-seclevel-1.patch
        - tls1.2-min-seclevel2.patch
      + Revert the provider removal from the default configuration as there's
        no point in carrying the delta (will see if Debian drops the patch)
      + d/p/intel/*: was a backport from upstream changes
      + d/p/CVE-*: was a backport from upstream changes

openssl (3.2.1-3) unstable; urgency=medium

  * Upload to unstable.
  * Correct prvious security level in NEWS file (Closes: #1066116).

openssl (3.2.1-2) experimental; urgency=medium

  * Disable brotli and enable zlib for certificate compression.
  * Update to latest openssl-3.2 branch.

openssl (3.2.1-1.1~exp1) experimental; urgency=medium

  * Non-maintainer upload.
  * Rename libraries for 64-bit time_t transition.

openssl (3.2.1-1) experimental; urgency=medium

  * Import 3.2.1
   - CVE-2024-0727 (PKCS12 Decoding crashes). (Closes: #1061582).
   - CVE-2023-6237 (Excessive time spent checking invalid RSA public keys)
     (Closes: #1060858).
   - CVE-2023-6129 (POLY1305 MAC implementation corrupts vector registers on
     PowerPC) (Closes: #1060347).

openssl (3.2.0-2) experimental; urgency=medium

  * Use generic target for riscv64.
  * Update to latest openssl-3.2 branch.

openssl (3.2.0-1) experimental; urgency=medium

  * Import 3.2.0
  * Enable zstd, brotli and for certificate compression.

openssl (3.1.4-2) unstable; urgency=medium

  * Invoke clean up from the openssl binary as a temporary workaround to avoid
    a crash in libp11/SoftHSM engine (Closes: #1054546).
  * CVE-2023-5678 (Excessive time spent in DH check / generation with large Q
    parameter value) (Closes: #1055473).
  * Upload to unstable.

openssl (3.1.4-1) experimental; urgency=medium

  * Import 3.1.4
   - CVE-2023-5363 (Incorrect cipher key and IV length processing).

openssl (3.1.3-1) experimental; urgency=medium

  * Import 3.1.3

openssl (3.1.2-1) experimental; urgency=medium

  * Import 3.1.2
   - CVE-2023-2975 (AES-SIV implementation ignores empty associated data
     entries) (Closes: #1041818).
   - CVE-2023-3446 (Excessive time spent checking DH keys and parameters).
     (Closes: #1041817).
   - CVE-2023-3817 (Excessive time spent checking DH q parameter value).
   - Drop bc and m4 from B-D.

openssl (3.1.1-1) experimental; urgency=medium

  * Import 3.1.1
    - CVE-2023-0464 (Excessive Resource Usage Verifying X.509 Policy
      Constraints) (Closes: #1034720).
    - CVE-2023-0465 (Invalid certificate policies in leaf certificates are
      silently ignored).
    - CVE-2023-0466 (Certificate policy check not enabled).
    - Alternative fix for CVE-2022-4304 (Timing Oracle in RSA Decryption).
    - CVE-2023-2650 (Possible DoS translating ASN.1 object identifiers).
    - CVE-2023-1255 (Input buffer over-read in AES-XTS implementation on 64 bit ARM).
    - Add new symbol.

openssl (3.1.0-1) experimental; urgency=medium

  * Import 3.1.0
  * Add new symbols.

 -- Adrien Nader <email address hidden>  Tue, 28 May 2024 14:30:44 +0200

Upload details

Uploaded by:
Adrien Nader
Sponsored by:
Simon Chopin
Uploaded to:
Oracular
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
utils
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Oracular proposed main utils

Downloads

File Size SHA-256 Checksum
openssl_3.2.1.orig.tar.gz 16.9 MiB 83c7329fe52c850677d75e5d0b0ca245309b97e8ecbcfdc1dfdc4ab9fac35b39
openssl_3.2.1.orig.tar.gz.asc 833 bytes a394b4f5242feb8b828b398cbea809e07bb73e699ae0b84413efb8c5916361c1
openssl_3.2.1-3ubuntu1.debian.tar.xz 94.3 KiB 50eacbca299d8b6c127188abab3f7061c0f9d721ff560d7e87c2546fbf4dbb32
openssl_3.2.1-3ubuntu1.dsc 2.5 KiB df9381f31f97d59506fba7de0e983db9fc641e09e4bfb118c7ac8e79a972f199

View changes file

Binary packages built by this source

libssl-dev: Secure Sockets Layer toolkit - development files

 This package is part of the OpenSSL project's implementation of the SSL
 and TLS cryptographic protocols for secure communication over the
 Internet.
 .
 It contains development libraries, header files, and manpages for libssl
 and libcrypto.

libssl-doc: Secure Sockets Layer toolkit - development documentation

 This package is part of the OpenSSL project's implementation of the SSL
 and TLS cryptographic protocols for secure communication over the
 Internet.
 .
 It contains manpages and demo files for libssl and libcrypto.

libssl3t64: Secure Sockets Layer toolkit - shared libraries

 This package is part of the OpenSSL project's implementation of the SSL
 and TLS cryptographic protocols for secure communication over the
 Internet.
 .
 It provides the libssl and libcrypto shared libraries.

libssl3t64-dbgsym: debug symbols for libssl3t64
openssl: Secure Sockets Layer toolkit - cryptographic utility

 This package is part of the OpenSSL project's implementation of the SSL
 and TLS cryptographic protocols for secure communication over the
 Internet.
 .
 It contains the general-purpose command line binary /usr/bin/openssl,
 useful for cryptographic operations such as:
  * creating RSA, DH, and DSA key parameters;
  * creating X.509 certificates, CSRs, and CRLs;
  * calculating message digests;
  * encrypting and decrypting with ciphers;
  * testing SSL/TLS clients and servers;
  * handling S/MIME signed or encrypted mail.

openssl-dbgsym: debug symbols for openssl