[Touch-packages] [Bug 1939544] Re: Merge the 1.1.1k version from Debian
This bug was fixed in the package openssl - 1.1.1k-1ubuntu1 --- openssl (1.1.1k-1ubuntu1) impish; urgency=low * Merge from Debian unstable (LP: #1939544). Remaining changes: - Replace duplicate files in the doc directory with symlinks. - debian/libssl1.1.postinst: + Display a system restart required notification on libssl1.1 upgrade on servers, unless needrestart is available. + Use a different priority for libssl1.1/restart-services depending on whether a desktop, or server dist-upgrade is being performed. + Skip services restart & reboot notification if needrestart is in-use. + Bump version check to to 1.1.1. + Import libraries/restart-without-asking template as used by above. - Revert "Enable system default config to enforce TLS1.2 as a minimum" & "Increase default security level from 1 to 2". - Reword the NEWS entry, as applicable on Ubuntu. - Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20 and ECC from master. - Use perl:native in the autopkgtest for installability on i386. - Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions below 1.2 and update documentation. Previous default of 1, can be set by calling SSL_CTX_set_security_level(), SSL_set_security_level() or using ':@SECLEVEL=1' CipherString value in openssl.cfg. - Import https://github.com/openssl/openssl/pull/12272.patch to enable CET. - Add support for building with noudeb build profile. * Dropped changes, superseded upstream: - SECURITY UPDATE: NULL pointer deref in signature_algorithms processing -> CVE-2021-3449 - SECURITY UPDATE: CA cert check bypass with X509_V_FLAG_X509_STRICT -> CVE-2021-3450 openssl (1.1.1k-1) unstable; urgency=medium * New upstream version. - CVE-2021-3450 (CA certificate check bypass with X509_V_FLAG_X509_STRICT). - CVE-2021-3449 (NULL pointer deref in signature_algorithms processing). -- Simon Chopin Wed, 11 Aug 2021 13:00:48 +0200 ** Changed in: openssl (Ubuntu) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3449 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3450 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1939544 Title: Merge the 1.1.1k version from Debian Status in openssl package in Ubuntu: Fix Released Bug description: Impish currently ships with a version based on the upstream 1.1.1j, while Debian bullseye/sid has 1.1.1k. Let's merge! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1939544/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1939544] Re: Merge the 1.1.1k version from Debian
Please merge 1.1.1l with the CVE fixes -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1939544 Title: Merge the 1.1.1k version from Debian Status in openssl package in Ubuntu: Fix Committed Bug description: Impish currently ships with a version based on the upstream 1.1.1j, while Debian bullseye/sid has 1.1.1k. Let's merge! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1939544/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1939544] Re: Merge the 1.1.1k version from Debian
I'm unsubscribing the sponsors team given that this is in -proposed. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1939544 Title: Merge the 1.1.1k version from Debian Status in openssl package in Ubuntu: Fix Committed Bug description: Impish currently ships with a version based on the upstream 1.1.1j, while Debian bullseye/sid has 1.1.1k. Let's merge! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1939544/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1939544] Re: Merge the 1.1.1k version from Debian
** Changed in: openssl (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1939544 Title: Merge the 1.1.1k version from Debian Status in openssl package in Ubuntu: Fix Committed Bug description: Impish currently ships with a version based on the upstream 1.1.1j, while Debian bullseye/sid has 1.1.1k. Let's merge! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1939544/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1939544] Re: Merge the 1.1.1k version from Debian
** Changed in: openssl (Ubuntu) Importance: Undecided => Wishlist -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1939544 Title: Merge the 1.1.1k version from Debian Status in openssl package in Ubuntu: In Progress Bug description: Impish currently ships with a version based on the upstream 1.1.1j, while Debian bullseye/sid has 1.1.1k. Let's merge! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1939544/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1939544] Re: Merge the 1.1.1k version from Debian
Removed previous patches, as there was a small issue with the changelog (no bug number). Reattaching them now :) ** Patch removed: "openssl_diff_from_ubuntu.debdiff" https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1939544/+attachment/5517303/+files/openssl_diff_from_ubuntu.debdiff ** Patch removed: "openssl_diff_from_debian.debdiff" https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1939544/+attachment/5517304/+files/openssl_diff_from_debian.debdiff ** Patch added: "openssl_diff_from_ubuntu.debdiff" https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1939544/+attachment/5517310/+files/openssl_diff_from_ubuntu.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1939544 Title: Merge the 1.1.1k version from Debian Status in openssl package in Ubuntu: In Progress Bug description: Impish currently ships with a version based on the upstream 1.1.1j, while Debian bullseye/sid has 1.1.1k. Let's merge! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1939544/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1939544] Re: Merge the 1.1.1k version from Debian
** Patch added: "openssl_diff_from_debian.debdiff" https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1939544/+attachment/5517304/+files/openssl_diff_from_debian.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1939544 Title: Merge the 1.1.1k version from Debian Status in openssl package in Ubuntu: In Progress Bug description: Impish currently ships with a version based on the upstream 1.1.1j, while Debian bullseye/sid has 1.1.1k. Let's merge! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1939544/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1939544] Re: Merge the 1.1.1k version from Debian
The merge was easy, as most of the diff in the upstream release comes from patches that we already applied. A build was uploaded to the following PPA: https://launchpad.net/~schopin/+archive/ubuntu/test- ppa/+sourcepub/12642677/+listing-archive-extra Attached is a debdiff from the Ubuntu version, a debdiff against the current Debian version will follow shortly for reference. ** Patch added: "openssl_diff_from_ubuntu.debdiff" https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1939544/+attachment/5517303/+files/openssl_diff_from_ubuntu.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1939544 Title: Merge the 1.1.1k version from Debian Status in openssl package in Ubuntu: In Progress Bug description: Impish currently ships with a version based on the upstream 1.1.1j, while Debian bullseye/sid has 1.1.1k. Let's merge! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1939544/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp