Ubuntu
openssl package

openssl 3.0.9-1ubuntu1 source package in Ubuntu

Changelog

openssl (3.0.9-1ubuntu1) mantic; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Remaining changes:
      + Symlink changelog{,.Debian}.gz and copyright.gz from libssl-dev to
        openssl
      + d/libssl3.postinst: Revert Debian deletion
        - Skip services restart & reboot notification if needrestart is in-use.
        - Bump version check to 1.1.1 (bug opened as LP: #1999139)
        - Use a different priority for libssl1.1/restart-services depending
          on whether a desktop, or server dist-upgrade is being performed.
        - Import libraries/restart-without-asking template as used by above.
      + Add support for building with noudeb build profile.
      + Use perl:native in the autopkgtest for installability on i386.

openssl (3.0.9-1) unstable; urgency=medium

  * Import 3.0.7
   - CVE-2023-0464 (Excessive Resource Usage Verifying X.509 Policy
     Constraints) (Closes: #1034720).
   - CVE-2023-0465 (Invalid certificate policies in leaf certificates are
     silently ignored).
   - CVE-2023-0466 (Certificate policy check not enabled).
   - Alternative fix for CVE-2022-4304 (Timing Oracle in RSA Decryption).
   - CVE-2023-2650 (Possible DoS translating ASN.1 object identifiers).
   - CVE-2023-1255 (Input buffer over-read in AES-XTS implementation on 64 bit ARM).
   - Add new symbol.

openssl (3.0.8-1ubuntu3) mantic; urgency=medium

  * SECURITY UPDATE: DoS in AES-XTS cipher decryption
    - debian/patches/CVE-2023-1255.patch: avoid buffer overrread in
      crypto/aes/asm/aesv8-armx.pl.
    - CVE-2023-1255
  * SECURITY UPDATE: Possible DoS translating ASN.1 object identifiers
    - debian/patches/CVE-2023-2650.patch: restrict the size of OBJECT
      IDENTIFIERs that OBJ_obj2txt will translate in
      crypto/objects/obj_dat.c.
    - CVE-2023-2650
  * Replace CVE-2022-4304 fix with improved version
    - debian/patches/revert-CVE-2022-4304.patch: remove previous fix.
    - debian/patches/CVE-2022-4304.patch: use alternative fix in
      crypto/bn/bn_asm.c, crypto/bn/bn_blind.c, crypto/bn/bn_lib.c,
      crypto/bn/bn_local.h, crypto/rsa/rsa_ossl.c.

openssl (3.0.8-1ubuntu2) mantic; urgency=medium

  * Manual reupload from lunar-security to mantic-proposed pocket, due to
    LP failing to copy it

openssl (3.0.8-1ubuntu1.1) lunar-security; urgency=medium

  * SECURITY UPDATE: excessive resource use when verifying policy constraints
    - debian/patches/CVE-2023-0464-1.patch: limit the number of nodes created
      in a policy tree (the default limit is set to 1000 nodes).
    - debian/patches/CVE-2023-0464-2.patch: add test cases for the policy
      resource overuse.
    - debian/patches/CVE-2023-0464-3.patch: disable the policy tree
      exponential growth test conditionally.
    - CVE-2023-0464
  * SECURITY UPDATE: invalid certificate policies ignored in leaf certificates
    - debian/patches/CVE-2023-0465-1.patch: ensure that EXFLAG_INVALID_POLICY
      is checked even in leaf certs.
    - debian/patches/CVE-2023-0465-2.patch: generate some certificates with
      the certificatePolicies extension.
    - debian/patches/CVE-2023-0465-3.patch: add a certificate policies test.
    - CVE-2023-0466
  * SECURITY UPDATE: certificate policy check in X509_VERIFY_PARAM_add0_policy
    not enabled as documented
    - debian/patches/CVE-2023-0466.patch: fix documentation of
      X509_VERIFY_PARAM_add0_policy().
    - CVE-2023-0466

 -- Gianfranco Costamagna <email address hidden>  Mon, 12 Jun 2023 11:19:44 +0200

Upload details

Uploaded by:
Gianfranco Costamagna
Uploaded to:
Mantic
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
utils
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
openssl_3.0.9.orig.tar.gz 14.5 MiB eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90
openssl_3.0.9.orig.tar.gz.asc 833 bytes 75f46c27c14fbe84c16d41ed95b1af347641c06a53533d3926c4fc05f59ef87a
openssl_3.0.9-1ubuntu1.debian.tar.xz 104.3 KiB 684f9ec3d4feb3cd45640cfcff5dcf5ea7989445d686b350651e43deac01b8ad
openssl_3.0.9-1ubuntu1.dsc 2.7 KiB dd75aff4b3af3f831c6396f14f1054d541265bce6e0940860a93509d6af663a0

Available diffs

View changes file

Binary packages built by this source

libssl-dev: Secure Sockets Layer toolkit - development files

 This package is part of the OpenSSL project's implementation of the SSL
 and TLS cryptographic protocols for secure communication over the
 Internet.
 .
 It contains development libraries, header files, and manpages for libssl
 and libcrypto.

libssl-doc: Secure Sockets Layer toolkit - development documentation

 This package is part of the OpenSSL project's implementation of the SSL
 and TLS cryptographic protocols for secure communication over the
 Internet.
 .
 It contains manpages and demo files for libssl and libcrypto.

libssl3: Secure Sockets Layer toolkit - shared libraries

 This package is part of the OpenSSL project's implementation of the SSL
 and TLS cryptographic protocols for secure communication over the
 Internet.
 .
 It provides the libssl and libcrypto shared libraries.

libssl3-dbgsym: debug symbols for libssl3
openssl: Secure Sockets Layer toolkit - cryptographic utility

 This package is part of the OpenSSL project's implementation of the SSL
 and TLS cryptographic protocols for secure communication over the
 Internet.
 .
 It contains the general-purpose command line binary /usr/bin/openssl,
 useful for cryptographic operations such as:
  * creating RSA, DH, and DSA key parameters;
  * creating X.509 certificates, CSRs, and CRLs;
  * calculating message digests;
  * encrypting and decrypting with ciphers;
  * testing SSL/TLS clients and servers;
  * handling S/MIME signed or encrypted mail.

openssl-dbgsym: debug symbols for openssl