openssl 3.2.1-3ubuntu1 source package in Ubuntu
Changelog
openssl (3.2.1-3ubuntu1) oracular; urgency=medium * Merge 3.2.1-3 from Debian unstable (LP: #2067384) - Remaining changes: + Symlink changelog{,.Debian}.gz and copyright.gz from libssl-dev to openssl + Use perl:native in the autopkgtest for installability on i386. + Disable LTO with which the codebase is generally incompatible (LP: #2058017) + Add fips-mode detection and adjust defaults when running in fips mode - Dropped changes: + d/libssl3.postinst: Revert Debian deletion - Skip services restart & reboot notification if needrestart is in-use. - Bump version check to 1.1.1 (bug opened as LP: #1999139) - Use a different priority for libssl1.1/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - Import libraries/restart-without-asking template as used by above. + Add support for building with noudeb build profile which has been integrated + Patches that forbade TLS < 1.2 @SECLEVEL=2 which is now upstream behaviour: - skip_tls1.1_seclevel3_tests.patch - tests-use-seclevel-1.patch - tls1.2-min-seclevel2.patch + Revert the provider removal from the default configuration as there's no point in carrying the delta (will see if Debian drops the patch) + d/p/intel/*: was a backport from upstream changes + d/p/CVE-*: was a backport from upstream changes openssl (3.2.1-3) unstable; urgency=medium * Upload to unstable. * Correct prvious security level in NEWS file (Closes: #1066116). openssl (3.2.1-2) experimental; urgency=medium * Disable brotli and enable zlib for certificate compression. * Update to latest openssl-3.2 branch. openssl (3.2.1-1.1~exp1) experimental; urgency=medium * Non-maintainer upload. * Rename libraries for 64-bit time_t transition. openssl (3.2.1-1) experimental; urgency=medium * Import 3.2.1 - CVE-2024-0727 (PKCS12 Decoding crashes). (Closes: #1061582). - CVE-2023-6237 (Excessive time spent checking invalid RSA public keys) (Closes: #1060858). - CVE-2023-6129 (POLY1305 MAC implementation corrupts vector registers on PowerPC) (Closes: #1060347). openssl (3.2.0-2) experimental; urgency=medium * Use generic target for riscv64. * Update to latest openssl-3.2 branch. openssl (3.2.0-1) experimental; urgency=medium * Import 3.2.0 * Enable zstd, brotli and for certificate compression. openssl (3.1.4-2) unstable; urgency=medium * Invoke clean up from the openssl binary as a temporary workaround to avoid a crash in libp11/SoftHSM engine (Closes: #1054546). * CVE-2023-5678 (Excessive time spent in DH check / generation with large Q parameter value) (Closes: #1055473). * Upload to unstable. openssl (3.1.4-1) experimental; urgency=medium * Import 3.1.4 - CVE-2023-5363 (Incorrect cipher key and IV length processing). openssl (3.1.3-1) experimental; urgency=medium * Import 3.1.3 openssl (3.1.2-1) experimental; urgency=medium * Import 3.1.2 - CVE-2023-2975 (AES-SIV implementation ignores empty associated data entries) (Closes: #1041818). - CVE-2023-3446 (Excessive time spent checking DH keys and parameters). (Closes: #1041817). - CVE-2023-3817 (Excessive time spent checking DH q parameter value). - Drop bc and m4 from B-D. openssl (3.1.1-1) experimental; urgency=medium * Import 3.1.1 - CVE-2023-0464 (Excessive Resource Usage Verifying X.509 Policy Constraints) (Closes: #1034720). - CVE-2023-0465 (Invalid certificate policies in leaf certificates are silently ignored). - CVE-2023-0466 (Certificate policy check not enabled). - Alternative fix for CVE-2022-4304 (Timing Oracle in RSA Decryption). - CVE-2023-2650 (Possible DoS translating ASN.1 object identifiers). - CVE-2023-1255 (Input buffer over-read in AES-XTS implementation on 64 bit ARM). - Add new symbol. openssl (3.1.0-1) experimental; urgency=medium * Import 3.1.0 * Add new symbols. -- Adrien Nader <email address hidden> Tue, 28 May 2024 14:30:44 +0200
Upload details
- Uploaded by:
- Adrien Nader
- Sponsored by:
- Simon Chopin
- Uploaded to:
- Oracular
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- utils
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section | |
---|---|---|---|---|
Oracular | proposed | main | utils |
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
openssl_3.2.1.orig.tar.gz | 16.9 MiB | 83c7329fe52c850677d75e5d0b0ca245309b97e8ecbcfdc1dfdc4ab9fac35b39 |
openssl_3.2.1.orig.tar.gz.asc | 833 bytes | a394b4f5242feb8b828b398cbea809e07bb73e699ae0b84413efb8c5916361c1 |
openssl_3.2.1-3ubuntu1.debian.tar.xz | 94.3 KiB | 50eacbca299d8b6c127188abab3f7061c0f9d721ff560d7e87c2546fbf4dbb32 |
openssl_3.2.1-3ubuntu1.dsc | 2.5 KiB | df9381f31f97d59506fba7de0e983db9fc641e09e4bfb118c7ac8e79a972f199 |
Available diffs
Binary packages built by this source
- libssl-dev: Secure Sockets Layer toolkit - development files
This package is part of the OpenSSL project's implementation of the SSL
and TLS cryptographic protocols for secure communication over the
Internet.
.
It contains development libraries, header files, and manpages for libssl
and libcrypto.
- libssl-doc: Secure Sockets Layer toolkit - development documentation
This package is part of the OpenSSL project's implementation of the SSL
and TLS cryptographic protocols for secure communication over the
Internet.
.
It contains manpages and demo files for libssl and libcrypto.
- libssl3t64: Secure Sockets Layer toolkit - shared libraries
This package is part of the OpenSSL project's implementation of the SSL
and TLS cryptographic protocols for secure communication over the
Internet.
.
It provides the libssl and libcrypto shared libraries.
- libssl3t64-dbgsym: debug symbols for libssl3t64
- openssl: Secure Sockets Layer toolkit - cryptographic utility
This package is part of the OpenSSL project's implementation of the SSL
and TLS cryptographic protocols for secure communication over the
Internet.
.
It contains the general-purpose command line binary /usr/bin/openssl,
useful for cryptographic operations such as:
* creating RSA, DH, and DSA key parameters;
* creating X.509 certificates, CSRs, and CRLs;
* calculating message digests;
* encrypting and decrypting with ciphers;
* testing SSL/TLS clients and servers;
* handling S/MIME signed or encrypted mail.
- openssl-dbgsym: debug symbols for openssl