openssl - Debian Package Tracker

general

source: openssl (main)
version: 3.0.3-3
maintainer: Debian OpenSSL Team (archive) (DMD)
uploaders: Sebastian Andrzej Siewior [DMD] – Christoph Martin [DMD] – Kurt Roeckx [DMD]
arch: all any
std-ver: 4.6.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.1.0l-1~deb9u1
o-o-sec: 1.1.0l-1~deb9u6
oldstable: 1.1.1d-0+deb10u7
old-sec: 1.1.1d-0+deb10u8
stable: 1.1.1k-1+deb11u1
stable-sec: 1.1.1k-1+deb11u2
testing: 1.1.1o-1
unstable: 3.0.3-3

versioned links

1.1.0l-1~deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.0l-1~deb9u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.1d-0+deb10u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.1d-0+deb10u8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.1k-1+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.1k-1+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.1o-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.0.3-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.0.3-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libcrypto3-udeb
libssl-dev (2 bugs: 0, 1, 1, 0)
libssl-doc (1 bugs: 0, 0, 1, 0)
libssl3 (3 bugs: 1, 2, 0, 0)
libssl3-udeb
openssl (58 bugs: 0, 37, 21, 0)

action needed

1 security issue in buster high

There is 1 open security issue in buster.

1 important issue:

CVE-2022-1292: The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).

Created: 2022-05-03 Last update: 2022-05-15 06:30

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2022-1292: The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).

Created: 2022-05-03 Last update: 2022-05-15 06:30

lintian reports 1 error and 9 warnings high

Lintian reports 1 error and 9 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-09-21 Last update: 2022-01-01 04:34

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2021-08-14 Last update: 2022-05-17 05:39

224 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 675c4cc6652c46d16c00e447178c91dfbb0ed6d6
Merge: 76687a5fe5 fce07dc616
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Mon May 16 22:59:07 2022 +0200

    Merge branch 'debian/unstable' into debian/experimental

commit 76687a5fe5815393a29705cfdaa6692cba00baa9
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sat May 14 22:26:02 2022 +0200

    Prepare 3.0.3-3
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit f55cef1035fc3dc4e1b90783cbb567937143856b
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sat May 14 21:50:22 2022 +0200

    Record the ia64 bug.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 4d5ae11ef44e4a449ee4aaae6576e0174611c991
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sat May 14 19:40:40 2022 +0200

    Don't build ev4/ev5 binaries on alpha.
    
    Due to a mistake on my side, the ev4/ev5 libraries were built but never
    actually on alpha. This has been noticed because newer dh_install 13 now
    complains about built but not installed files.
    I have no idea how to quickly get this done and these were missing since
    I rewrote rules files.
    
    Disable the build for now and maybe figure it out later.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 74633b81566a68de67f045eecab21f35e6f89fde
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sat May 14 19:28:24 2022 +0200

    Don't zero registers on ia64.
    
    The produced .s file fails to be assemled.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 3d6e17a648f4624f8142f6513449e011e3e5781f
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sat May 14 19:21:35 2022 +0200

    Revert the .s for the ia64 assembler.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit c7f855aa77c3ef66f6c46cf246e4f8b41babd060
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri May 13 23:25:11 2022 +0200

    Prepare 3.0.3-2.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 665fb29c9b1d6728e4da369ea3e53e8a21a9556d
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri May 13 23:24:34 2022 +0200

    Make the upload to unstable.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 4be53bca5ec9fcccd42acd0a57032a9a0846b004
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri May 13 23:12:31 2022 +0200

    Use dh commpat 13.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 4b63ee42214ca7bf16db27e28ba2e4c6c426bcf5
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri May 13 23:08:44 2022 +0200

    Use version 4 for the debian/watch file.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 02d54f7ab2d30b7052a33731ab18b06290b5f11c
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri May 13 22:52:44 2022 +0200

    Add a list files which are not installed.
    
    dh complains and the html documentation is currently not packaged. Also
    the dist files are ignored.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit cdc804c901b60a497295c7f69c1719a4c5580b5c
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri May 13 22:37:42 2022 +0200

    Update Standards-Version version.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit d4c179edb5baa0a51bb1f1d6b1c0dd5e506307a7
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri May 6 22:22:01 2022 +0200

    Prepare 3.0.3-1.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit fce07dc61662596fd6d8dee0cf3d1c44383179f1
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri May 6 22:21:05 2022 +0200

    Prepare 1.1.1o-1.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 3563904750256b1d7a4ac97009921ddf48e0a0bf
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri May 6 22:16:59 2022 +0200

    Close another one with the script removal.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 754077029d34bc6baaf041deed1ae20f9bbc587a
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri May 6 22:06:56 2022 +0200

    Remove the postist script its template and translations.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit d19f4895bd2790b872470f3e7edd9e9c0354aa0c
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri May 6 21:54:01 2022 +0200

    Use a separator.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit fd3bcbc010322c7d21dbf6e9405438af33bbd0cd
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri May 6 22:06:56 2022 +0200

    Remove the postist script its template and translations.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 87e769f0a7204ab02f424c9d102997125ecb867f
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri May 6 21:49:52 2022 +0200

    Use a separator.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 5433bf1ddbbbf91d767340b46fa36710caebfb78
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri May 6 21:44:18 2022 +0200

    Orig tar is signed with sha256
    
    Hope it stays.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 11cab71f7dcc813ac337babfab6335b70cb806a2
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Thu May 5 23:42:32 2022 +0200

    Add new symbols.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 04ecf0757a7a866e65e8575230ad6a8a42e0198b
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Thu May 5 23:27:17 2022 +0200

    Import 3.0.3
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit c1def31d2ddec80999f626187fe38fde3c2130f0
Merge: b507914c40 5784ad8a86
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Thu May 5 23:19:28 2022 +0200

    Update upstream source from tag 'upstream/3.0.3'
    
    Update to upstream version '3.0.3'
    with Debian dir 9bf21019ef6814893f905bda21978a842b2b1cee

commit 5784ad8a8636392efc081a78e04ae7d897f28f79
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Thu May 5 23:19:28 2022 +0200

    New upstream version 3.0.3

commit adedec52eaf55254a2aa53d9bf5676749fdb3cdf
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Thu May 5 07:34:36 2022 +0200

    Import 1.1.1n
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 51481524d23783e09ade68eafa62c5c00bfc0d89
Merge: 82d5b721c5 3696544aa5
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Wed May 4 20:41:06 2022 +0200

    Update upstream source from tag 'upstream/1.1.1o'
    
    Update to upstream version '1.1.1o'
    with Debian dir 668362d0ef4fc2f5b06c40ab9939ff6b137df2d3

commit 3696544aa5b7b3c80c7893d428a74534c6dcd1ca
Merge: e567245f45 ca2e0784d2
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Wed May 4 20:41:06 2022 +0200

    New upstream version 1.1.1o

commit ca2e0784d2c38edcefd5d68028f4d954bd8faddb
Author: Matt Caswell <matt@openssl.org>
Date:   Tue May 3 14:41:15 2022 +0100

    Prepare for 1.1.1o release
    
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    Release: yes

commit b5b37553bcf9b90a5be5d8ed573b377d1766bd95
Author: Matt Caswell <matt@openssl.org>
Date:   Tue May 3 11:54:12 2022 +0100

    Update copyright year
    
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    Release: yes

commit 58d24ad926e3ccb30be9254cd1c7acbfac35a568
Author: Matt Caswell <matt@openssl.org>
Date:   Tue Apr 26 14:39:34 2022 +0100

    Update CHANGES and NEWS for new release
    
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    Release: yes

commit 76eb96b656f742be4c2e6d83d621af22031953cb
Author: Tomas Mraz <tomas@openssl.org>
Date:   Fri Apr 22 16:34:53 2022 +0200

    Add additional keys to release key fingerprints
    
    Added keys for Paul Dale and Tomáš Mráz.
    
    Reviewed-by: Paul Dale <pauli@openssl.org>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/18156)

commit e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23
Author: Tomas Mraz <tomas@openssl.org>
Date:   Tue Apr 26 12:40:24 2022 +0200

    c_rehash: Do not use shell to invoke openssl
    
    Except on VMS where it is safe.
    
    This fixes CVE-2022-1292.
    
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
    Reviewed-by: Matt Caswell <matt@openssl.org>

commit b507914c40270e32cde6afcc8af93707c225e7f4
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sun May 1 09:22:48 2022 +0200

    Correct the openssl.cnf to provide proper default configuration.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 982fad3ec4107684a6cb442f593193972b06c41a
Author: Paul Kehrer <paul.l.kehrer@gmail.com>
Date:   Sat Apr 24 15:55:08 2021 -0500

    add wycheproof submodule
    
    This is used with the pyca/cryptography test suite
    
    (cherry picked from commit a09fb26ba90e46c4f731b5a597051b4d4b9aea3e)
    
    Reviewed-by: Matt Caswell <matt@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16340)

commit 2cf22024e82d59280616a16ef9b5c264cb1d70e1
Author: Nicola Tuveri <nic.tuv@gmail.com>
Date:   Tue Apr 26 12:49:31 2022 +0300

    [github-ci] Sync pyca workflow with master
    
    Reviewed-by: Matt Caswell <matt@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16340)

commit 25f4bf08c71a81d0a8a50f89a344d8013b55716c
Author: Nicola Tuveri <nic.tuv@gmail.com>
Date:   Tue Aug 17 13:03:56 2021 +0300

    Revert "[github-ci][ci.yml] Disable pyca external tests"
    
    This reverts commit 850ed18505631286abbd23d355d4b48f28ad89a9.
    
    Reviewed-by: Matt Caswell <matt@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16340)

commit 91db522f31981b3fafdec4120de1027e8bc4d792
Author: Daniel Fiala <daniel@openssl.org>
Date:   Mon Apr 18 11:30:13 2022 +0200

    x509: use actual issuer name if a CA is used
    
    Fixes openssl#16080.
    
    Reviewed-by: Ben Kaduk <kaduk@mit.edu>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/18129)

commit 564a8d442cbd8ce68d452ff2e8a58c0aea6b0632
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date:   Mon Apr 11 10:12:48 2022 +0200

    Fix an assertion in the DTLS server code
    
    This fixes an internal error alert from the server and
    an unexpected connection failure in the release version,
    but a failed assertion and a server crash in the
    debug version.
    
    Reproduce this issue with a DTLS server/client like that:
    
    ./openssl s_server -dtls -mtu 1500
    ./openssl s_client -dtls -maxfraglen 512
    
    In the debug version a crash happens in the Server now:
    
    ./openssl s_server -dtls -mtu 1500
    Using default temp DH parameters
    ACCEPT
    ssl/statem/statem_dtls.c:269: OpenSSL internal error: Assertion failed: len == written
    Aborted (core dumped)
    
    While in the release version the handshake exceeds the
    negotiated max fragment size, and fails because of this:
    
    $ ./openssl s_server -dtls -mtu 1500
    Using default temp DH parameters
    ACCEPT
    ERROR
    4057152ADA7F0000:error:0A0000C2:SSL routines:do_dtls1_write:exceeds max fragment size:ssl/record/rec_layer_d1.c:826:
    shutting down SSL
    CONNECTION CLOSED
    
    From the client's point of view the connection fails
    with an Internal Error Alert:
    
    $ ./openssl s_client -dtls -maxfraglen 512
    Connecting to ::1
    CONNECTED(00000003)
    40B76343377F0000:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_d1.c:613:SSL alert number 80
    
    and now the connection attempt fails unexpectedly.
    
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/18093)
    
    (cherry picked from commit e915c3f5381cd38ebdc1824c3ba9896ea7160103)

commit 6e73a0a0bd608daecb8e2c1e46de9d1014194c84
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date:   Tue Apr 12 08:27:21 2022 +0200

    Fix a DTLS server hangup due to TLS13_AD_MISSING_EXTENSION
    
    This causes the DTLS server to enter an error state:
    
    ./openssl s_server -dtls
    ./openssl s_client -dtls -maxfraglen 512 -sess_out s1.txt
    [...]
    Q
    ./openssl s_client -dtls -sess_in s1.txt
    CONNECTED(00000003)
    ^C
    ./openssl s_client -dtls
    CONNECTED(00000003)
    140335537067840:error:14102410:SSL routines:dtls1_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_d1.c:614:SSL alert number 40
    
    At this point the dtls server needs to be restarted,
    because verify_cookie_callback always fails, because
    the previous cookie is checked against the current one.
    The reason for this is not fully understood.
    
    In wireshark we see the following each time:
    c->s Client Hello (without cookie)
    s->c Hello Verify Request (with new cookie)
    s->c Alert (Level: Fatal, Description: Handshake Failure)
    c->s Client Hello (echoes new cookie)
    
    The client gives up when the Alert arrives.
    The Alert is triggered because the server calls
    verify_cookie_callback with the previous cookie,
    although it just sent the current cookie in the
    Hello Verify Request.
    
    However this does only happen because no Alert message
    is sent when the client re-connects the session with
    the missing -maxfraglen option.
    
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/18094)

commit a1d3ecd7adf9f17ba20b061106088d13f8b77c03
Author: Todd Short <todd.short@me.com>
Date:   Fri Apr 1 10:54:45 2022 -0400

    Fix -no-tls1_2 in tests
    
    This is specific for OpenSSL_1_1_1-stable branch
    
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
    (Merged from https://github.com/openssl/openssl/pull/18080)

commit c1c7004e7fcddcbb767c47f8dc1831c4637d1b74
Author: Dr. Matthias St. Pierre <matthias.st.pierre@ncp-e.com>
Date:   Tue Mar 29 21:50:21 2022 +0200

    err: get rid of err_free_strings_int()
    
    Even though the function is not part of the public api, it is not
    entirely removed, in order to minimize the chance of breakage,
    because it is exported from libcrypto. Instead, we keep a dummy
    implementation.
    
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    Reviewed-by: Paul Dale <pauli@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17975)

commit 2b6617511e424e5a0e8b841918ad2cae864e2699
Author: Dr. Matthias St. Pierre <matthias.st.pierre@ncp-e.com>
Date:   Mon Mar 28 19:26:46 2022 +0200

    err: fix indentation of preprocessor directive
    
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    Reviewed-by: Paul Dale <pauli@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17975)

commit fdc4646d5eb03e9e3d14ed496bf655671240193a
Author: Dr. Matthias St. Pierre <matthias.st.pierre@ncp-e.com>
Date:   Mon Mar 28 11:47:55 2022 +0200

    err: fix crash in ERR_load_strings() when configured with no-err
    
    This commit removes the entire initialization and cleanup of the
    error string hash table (`int_error_hash`) if `no-err` is configured.
    The only operative function remaining is `ERR_get_next_error_library()`.
    That is the reason why the `err_string_lock` and hence the
    `do_err_strings_init()` function can't be removed entirely.
    
    Fixes #17971
    
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    Reviewed-by: Paul Dale <pauli@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17975)

commit 93ac3b8dd1cc49b27c402278cbe73a1c4ac91f9b
Author: Hugo Landau <hlandau@openssl.org>
Date:   Mon Apr 4 12:25:16 2022 +0100

    Fix failure to check result of bn_rshift_fixed_top
    
    Fixes #18010.
    
    Reviewed-by: Matt Caswell <matt@openssl.org>
    Reviewed-by: Paul Dale <pauli@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/18034)
    
    (cherry picked from commit bc6bac8561ead83d6135f376ffcbbb0b657e64fe)

commit 3e8f70c30d84861fcd257a6e280dc49e104eb145
Author: Matt Caswell <matt@openssl.org>
Date:   Wed Mar 30 14:49:24 2022 +0100

    Fix usage of SSLfatal
    
    A cherry-pick from the master branch incorrectly introduced a usage of
    3 argument SSLfatal. In 1.1.1 the function code is also required.
    
    Fixes #17999
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/18000)

commit f29ec6563ddf81db46c464d14f2bb29a3fa5592f
Author: Tomas Mraz <tomas@openssl.org>
Date:   Tue Mar 22 16:33:52 2022 +0100

    Test processing of a duplicated HRR
    
    Reviewed-by: Todd Short <todd.short@me.com>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17936)
    
    (cherry picked from commit db44b55aaa42141921217183667800425227b658)

commit fb67978a9eb076b23ddf17f6b95f697ed526c584
Author: Tomas Mraz <tomas@openssl.org>
Date:   Tue Mar 22 12:34:07 2022 +0100

    tls_process_server_hello: Disallow repeated HRR
    
    Repeated HRR must be rejected.
    
    Fixes #17934
    
    Reviewed-by: Todd Short <todd.short@me.com>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17936)
    
    (cherry picked from commit d204a50b898435fbf937316d5693008cebf62eef)

commit 739d2bdfba536ff59e8444eb4295b53288ac5caf
Author: Todd Short <todd.short@me.com>
Date:   Fri Mar 25 13:34:11 2022 -0400

    Fix: ticket_lifetime_hint may exceed 1 week in TLSv1.3
    
    libctx was left in cherry-pick from master/3.0 cherry-pick
    
    Reviewed-by: Matt Caswell <matt@openssl.org>
    Reviewed-by: Ben Kaduk <kaduk@mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/17970)

commit 79dbd85fe27ebabc278417af64ab8e3eb43d2d40
Author: Todd Short <todd.short@me.com>
Date:   Wed Mar 23 18:55:10 2022 -0400

    ticket_lifetime_hint may exceed 1 week in TLSv1.3
    
    For TLSv1.3, limit ticket lifetime hint to 1 week per RFC8446
    
    Fixes #17948
    
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    Reviewed-by: Tim Hudson <tjh@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17952)
    
    (cherry picked from commit 0089cc7f9d42f6e39872161199fb8b6a99da2492)

commit 04a768fc5968fa463cf9624a67accdef35bce0e4
Author: Juergen Christ <jchrist@linux.ibm.com>
Date:   Wed Mar 23 13:26:13 2022 +0100

    s390x: Hide internal cpuid symbol and function
    
    The symbol OPENSSL_s390xcap_P and the OPENSSL_cpuid_setup function are not
    exported by the version script of OpenSSL.  However, if someone uses the
    static library without the version script, these symbols all of a sudden
    become global symbols and their usage in assembler code does not correctly
    reflect that for PIC.  Since these symbols should never be used outside of
    OpenSSL, hide them inside the binary.
    
    Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
    
    Reviewed-by: Paul Dale <pauli@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17946)
    
    (cherry picked from commit 37816ef5757e458be9648481e56bf698ee3bfbb1)

commit 00e5603de13e4f436a0f07abed28b7ea8e3a236e
Author: Pauli <pauli@openssl.org>
Date:   Wed Mar 16 14:13:25 2022 +1100

    Fix Coverity 1498612: integer overflow
    
    The assert added cannot ever fail because (current & 0xFFFF) != 0 from the
    while loop and the trailing zero bit count therefore cannot be as large as 32.
    
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
    (Merged from https://github.com/openssl/openssl/pull/17892)
    
    (cherry picked from commit 81487b65b9eb8148471e729b8c1959521d62c69e)

commit eed53b9addd097a5d39f896b05aa857d6f29b245
Author: Hugo Landau <hlandau@openssl.org>
Date:   Fri Mar 11 08:36:11 2022 +0000

    Fix integer overflow in evp_EncryptDecryptUpdate
    
    Fixes #17871.
    
    Reviewed-by: Paul Dale <pauli@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17872)

commit ad24941228eafe59fe3807d1659585c4d98eac97
Author: Pauli <pauli@openssl.org>
Date:   Wed Mar 16 13:48:27 2022 +1100

    Fix Coverity 1201763 uninitialised pointer read
    
    Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17890)
    
    (cherry picked from commit a0238b7ed87998c48b1c92bad7fa82dcbba507f9)

commit cd2471cd797ae5a6355814bb14a176af6a7d883f
Author: Pauli <pauli@openssl.org>
Date:   Wed Mar 16 14:21:01 2022 +1100

    Fix Coverity 1498611 & 1498608: uninitialised read
    
    Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17893)
    
    (cherry picked from commit 09134f183f76539aa1294adfef10fcc694e90267)

commit 2f1c42553dbaac97d38657cd1ac1209ef4c11e78
Author: Pauli <pauli@openssl.org>
Date:   Wed Mar 16 14:45:44 2022 +1100

    Fix coverity 1498607: uninitialised value
    
    Reviewed-by: Tim Hudson <tjh@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17897)
    
    (cherry picked from commit 70cd9a51911e9a4e2f24e29ddd84fa9fcb778b63)

commit e567245f45e276a5b0dde456f485e8c505c2a1be
Merge: 364d9696f1 d82e959e62
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri Mar 18 19:28:05 2022 +0100

    New upstream version 1.1.1n

commit 364d9696f1628fb751828c8905a4646d1813ab83
Merge: 1f22415412 d82e959e62
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri Mar 18 18:55:20 2022 +0100

    New upstream version 1.1.1n

commit 0d9f48d079cbbe85c684c2215955c2a70b2d1c6b
Author: David Carlier <devnexen@gmail.com>
Date:   Wed Mar 16 23:21:58 2022 +0000

    print SSL session, fix build warnings on OpenBSD.
    
    time_t is a 64 bits type on this platform.
    
    Reviewed-by: Matt Caswell <matt@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17917)
    
    (cherry picked from commit 9362638b080e328ccab43f89048bed27bcf2f11d)

commit d6bf4a2218aeb246ba7d34f02e895c37569c8265
Author: Tomas Mraz <tomas@openssl.org>
Date:   Wed Mar 16 12:09:52 2022 +0100

    eng_dyn: Avoid spurious errors when checking for 3.x engine
    
    Reviewed-by: Paul Dale <pauli@openssl.org>
    Reviewed-by: Richard Levitte <levitte@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17902)

commit 0a9bb445893b4a98ad1588aef2d14c29e6c4c5e3
Author: Daniel Fiala <daniel@openssl.org>
Date:   Wed Mar 16 07:42:55 2022 +0100

    Check password length only when verify is enabled.
    
    Fixes #16231.
    
    Reviewed-by: Paul Dale <pauli@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17899)

commit 0dfacc00afec4bfc15b5b0066fe24e91f6cb5371
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Tue Mar 15 20:55:04 2022 +0100

    Releasea 3.0.2-1.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit ca6297108e4a0fa0ae883836b9fd83bdb9af230b
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Tue Mar 15 20:03:38 2022 +0100

    debian/symbol: Drop that alpha reference from the symbol file.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 2c45b7f1a824794151d7df2c8d4531f3ecc944f4
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Tue Mar 15 20:02:57 2022 +0100

    Import 3.0.2
    
    and add a reference for the CVE that wasn't mentioned in 3.0.1.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit c1a1ee96ae38668a199296abb24f780c3e17ae71
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Tue Mar 15 19:56:59 2022 +0100

    New upstream version 3.0.2

commit 07f3792df153c908704864424535b9ea8383684b
Merge: 4e9a8e9944 c1a1ee96ae
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Tue Mar 15 19:56:59 2022 +0100

    Update upstream source from tag 'upstream/3.0.2'
    
    Update to upstream version '3.0.2'
    with Debian dir fb0b281d66034700d85f6d43fc1e0652dfecc778

commit 82d5b721c581a7d82a9fcdaaedf842fe3bebb840
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Tue Mar 15 19:46:27 2022 +0100

    Release 1.1.1n-1.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 20c77d645785114693c4ac443f2e93da52114935
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Tue Mar 15 19:45:55 2022 +0100

    Import 1.1.1n-1
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit dd20f03636dc44f1b3aa53be539c59cb7bf8d385
Merge: 1af8a4ce17 1f22415412
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Tue Mar 15 19:39:54 2022 +0100

    Update upstream source from tag 'upstream/1.1.1n'
    
    Update to upstream version '1.1.1n'
    with Debian dir f9de4222df3a91bc90a927d3102ed9dc51790a5a

commit 60f3fa75945d97ec6f008424d2c5b6b4165fc152
Author: Matt Caswell <matt@openssl.org>
Date:   Tue Mar 15 14:37:56 2022 +0000

    Prepare for 1.1.1o-dev
    
    Reviewed-by: Tomas Mraz <tomas@openssl.org>

commit 1af8a4ce1733fa8fbb7f933a139dc5d808462899
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Thu Dec 30 17:45:20 2021 +0100

    Use swapcontext() on IA64.
    
    This fixes the longterm test-async.t failure.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 4e9a8e99448f46ac4c72b7c5a8f7f366b1c4134f
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Mon Dec 27 11:45:01 2021 +0100

    Release 3.0.1-1.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 25b30357fa2b0a2a72a37ea612d030852ed1cd44
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Mon Dec 27 11:17:23 2021 +0100

    Zero used registers at function exit.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 314050504a7a252474db88f8c4f992921e3bb1ff
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Mon Dec 27 10:35:24 2021 +0100

    Import 3.0.1
    
    While updating the chanelog, correct AVR32 vs ARC. It was never about
    AVR32, it was ARC that was added.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 598a6e7a37a24e6fc584a1258022c243b50d65c8
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Mon Dec 27 10:26:20 2021 +0100

    New upstream version 3.0.1

commit 6a13b91614f39a21c5946b399eddd9c9c5a22cc2
Merge: 74a013466d 598a6e7a37
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Mon Dec 27 10:26:20 2021 +0100

    Update upstream source from tag 'upstream/3.0.1'
    
    Update to upstream version '3.0.1'
    with Debian dir f4de2d19fb031d1542956ae27b5b5b2e401ebfdf

commit e6e17f4f68d90b64768879ddc341907d26de3b2d
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sun Dec 26 18:35:54 2021 +0100

    New upstream version 3.0.1

commit c0872250027c780031b0ce204a3985252b822637
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri Dec 24 13:16:00 2021 +0100

    Prepare 1.1.1m
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 2a43a96c773cec3e63e6123cd88305867178ba2f
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri Dec 24 11:36:02 2021 +0100

    KfreeBSD should build again.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 3d8aad427c834717491c40422597f01fc95f2682
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri Dec 24 11:35:02 2021 +0100

    Import 1.1.1m
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 159e76e9a8d7320cc3bfb957c6b02c7d5ee2001c
Merge: ce4627ec97 04dfe10d77
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri Dec 24 11:33:25 2021 +0100

    Update upstream source from tag 'upstream/1.1.1m'
    
    Update to upstream version '1.1.1m'
    with Debian dir 5b69cdaec518fd2e6c7bb03e4f82c688c98fa843

commit ce4627ec9717095dc605aabb695166c396b27ea2
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Mon Aug 30 21:04:08 2021 +0200

    Add ARC.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 74a013466d7476e1fd185020eb03b5cb60b2dc68
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sat Sep 11 10:43:21 2021 +0200

    Preapre 3.0.0-1
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit ca34ff32449a96df391cbb6eb2343565f3f5abf2
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sat Sep 11 10:16:45 2021 +0200

    Import 3.0.0.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 6b08c2f9663b54f8dc506f9f8d00b33f54930609
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sat Sep 11 10:13:59 2021 +0200

    New upstream version 3.0.0

commit 420826dd86b8ab111452654910a4652941f186f4
Merge: 067d418723 6b08c2f966
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sat Sep 11 10:13:59 2021 +0200

    Update upstream source from tag 'upstream/3.0.0'
    
    Update to upstream version '3.0.0'
    with Debian dir ad767b682348eb77c033306657ddb11829157fb6

commit 067d418723b2d039309dd07525087c8d55f54f52
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Mon Aug 30 21:04:08 2021 +0200

    Add AVR32.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit ee402b9236c2925bee2d2b9d5a61faeeb41ad27c
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Wed Aug 25 00:19:16 2021 +0200

    Prepare 1.1.1l-1
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 57a62113611ab82cb111e400f9305ba6abffbdc2
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Tue Aug 24 22:35:05 2021 +0200

    Import 1.1.1l
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit cb0d1276f54be1b1ef74d27fcc1aad4d932afa8c
Merge: 2699d536bd 94ca62b511
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Tue Aug 24 22:33:41 2021 +0200

    Update upstream source from tag 'upstream/1.1.1l'
    
    Update to upstream version '1.1.1l'
    with Debian dir 1b556e333e10862e755a43f972cfc0aa8dbedd17

commit 637e7c1606e55a55d59b9f509a19a9d86e7d9584
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri Jul 30 07:51:39 2021 +0200

    Prepare 3.0.0~~beta2-1
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit cd8e7165096efa2536d6732cedd7799acc88a733
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Thu Jul 29 22:04:06 2021 +0200

    Import 3.0.0~~beta2
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 3a8f564782297f631bb9b5244d2dda309b06ffe4
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Thu Jul 29 22:03:21 2021 +0200

    rebase patches, add latomic to a few 32bit arches
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 9f2d59f9cb1eeddf720008d72511fab297bf1754
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Thu Jul 29 21:51:11 2021 +0200

    New upstream version 3.0.0~~beta2

commit e6ce0f722a8e28f4094943f580cf7e81353894e9
Merge: 2a832773c1 9f2d59f9cb
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Thu Jul 29 21:51:11 2021 +0200

    Update upstream source from tag 'upstream/3.0.0__beta2'
    
    Update to upstream version '3.0.0~~beta2'
    with Debian dir 1e35dd93d22ba801461bde7ae176946c05ffac3d

commit 2a832773c1c24da0a0a3ff8c37a834d0880518e7
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Wed Jun 23 19:32:38 2021 +0200

    Release 3.0.0~~beta1-1
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit a64df1ea74d8b5689125f878d4846bdb08f177a7
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Wed Jun 23 19:03:51 2021 +0200

    Revert VERBOSE_FAILURE change.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 9176b216d9715fa64bf7e7c7cd3c93ee44e3c19c
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Wed Jun 23 19:01:14 2021 +0200

    Import beta1
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 7b0ba3d5d4d286f4c621409ac3c5d1b7f35ab36e
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Wed Jun 23 18:57:28 2021 +0200

    New upstream version 3.0.0~~beta1

commit c8808676ce9459ac1e15afd797802a49d9ea23b8
Merge: 0450b0afdd 7b0ba3d5d4
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Wed Jun 23 18:57:28 2021 +0200

    Update upstream source from tag 'upstream/3.0.0__beta1'
    
    Update to upstream version '3.0.0~~beta1'
    with Debian dir 2dae0ec2889846f691c4966aa72c753dd78b4c6a

commit f9bfdc3aa979eb32d4b8341999473f2ad202d889
Author: Matt Caswell <matt@openssl.org>
Date:   Thu Jun 17 14:03:42 2021 +0100

    Prepare for release of 3.0 beta 1
    
    Reviewed-by: Richard Levitte <levitte@openssl.org>

Created: 2020-06-09 Last update: 2022-05-16 22:06

RFH: The maintainer is looking for help with this package. normal

The current maintainer is looking for someone who can help with the maintenance of this package. If you are interested in this package, please consider helping out. One way you can help is offer to be a co-maintainer or triage bugs in the BTS. Please see bug number #332498 for more information.

Created: 2017-12-02 Last update: 2017-12-02 00:26

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2021-01-18 Last update: 2021-01-18 09:00

testing migrations

This package is part of the ongoing testing transition known as auto-openssl. Please avoid uploads unrelated to this transition, they would likely delay it and require supplementary work from the release managers. On the other hand, if your package has problems preventing it to migrate to testing, please fix them as soon as possible. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
excuses:
- Migrates after: bind9-libs/amd64, bind9-libs/arm64, bind9-libs/armel, bind9-libs/armhf, bind9-libs/i386, bind9-libs/mips64el, bind9-libs/mipsel, bind9-libs/ppc64el, bind9-libs/s390x, cryptsetup/amd64, cryptsetup/arm64, cryptsetup/armel, cryptsetup/armhf, cryptsetup/i386, cryptsetup/mips64el, cryptsetup/mipsel, cryptsetup/ppc64el, cryptsetup/s390x, hfsprogs/amd64, hfsprogs/arm64, hfsprogs/armel, hfsprogs/armhf, hfsprogs/i386, hfsprogs/mips64el, hfsprogs/mipsel, hfsprogs/ppc64el, hfsprogs/s390x, open-iscsi/amd64, open-iscsi/arm64, open-iscsi/armhf, open-iscsi/i386, open-iscsi/mipsel, open-iscsi/ppc64el, open-iscsi/s390x, openssh/amd64, openssh/arm64, openssh/armel, openssh/armhf, openssh/i386, openssh/mips64el, openssh/mipsel, openssh/ppc64el, openssh/s390x, ppp/amd64, ppp/arm64, ppp/armel, ppp/armhf, ppp/i386, ppp/mips64el, ppp/mipsel, ppp/ppc64el, wget/amd64, wget/arm64, wget/armel, wget/armhf, wget/i386, wget/mips64el, wget/mipsel, wget/ppc64el, wget/s390x, wpa/amd64, wpa/arm64, wpa/armel, wpa/armhf, wpa/i386, wpa/mips64el, wpa/mipsel, wpa/ppc64el, wpa/s390x
- Migration status for openssl (1.1.1o-1 to 3.0.3-3): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Updating openssl would introduce bugs in testing: #1011051
- ∙ ∙ autopkgtest for apache2/2.4.53-2: amd64: Pass, arm64: Pass, armhf: Pass, i386: Regression ♻ (reference ♻), ppc64el: Pass, s390x: Pass
- ∙ ∙ autopkgtest for burp/2.4.0-3: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻), ppc64el: Regression ♻ (reference ♻), s390x: Not a regression
- ∙ ∙ autopkgtest for dovecot/1:2.3.18+dfsg1-1: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻), ppc64el: Regression ♻ (reference ♻), s390x: Regression ♻ (reference ♻)
- ∙ ∙ autopkgtest for easy-rsa/3.0.8-1: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻), ppc64el: Regression ♻ (reference ♻), s390x: Regression ♻ (reference ♻)
- ∙ ∙ autopkgtest for golang-github-mendersoftware-openssl/1.1.0-3: amd64: Pass, arm64: Pass, armhf: Pass, i386: Pass, ppc64el: Pass, s390x: Regression ♻ (reference ♻)
- ∙ ∙ autopkgtest for interimap/0.5.7-1: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻), ppc64el: Regression ♻ (reference ♻), s390x: Regression ♻ (reference ♻)
- ∙ ∙ autopkgtest for m2crypto/0.38.0-2: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻), ppc64el: Regression ♻ (reference ♻), s390x: Regression ♻ (reference ♻)
- ∙ ∙ autopkgtest for mender-client/3.0.0+ds1-2: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻), ppc64el: Regression ♻ (reference ♻), s390x: Regression ♻ (reference ♻)
- ∙ ∙ autopkgtest for openssl/3.0.3-3: amd64: Pass, arm64: Pass, armhf: Pass, i386: Pass, ppc64el: Pass, s390x: Pass
- ∙ ∙ autopkgtest for puma/5.5.2-2: amd64: Pass, arm64: Pass, armhf: Ignored failure, i386: Pass, ppc64el: Pass, s390x: Pass
- ∙ ∙ autopkgtest for ruby-eventmachine/1.3~pre20201020-b50c135-5: amd64: Pass, arm64: Pass, armhf: Pass, i386: Pass, ppc64el: Pass, s390x: Regression ♻ (reference ♻)
- ∙ ∙ autopkgtest for scapy/2.4.4-4: amd64: Pass, arm64: Regression ♻ (reference ♻), armhf: Not a regression, i386: Pass, ppc64el: Pass, s390x: Not a regression
- ∙ ∙ autopkgtest for tpm2-pkcs11/1.7.0-1: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻), ppc64el: Regression ♻ (reference ♻), s390x: Regression ♻ (reference ♻)
- ∙ ∙ removing libcrypto1.1-udeb/1.1.1o-1/amd64 from testing makes libisns-udeb/0.100-3/amd64 uninstallable
- ∙ ∙ removing libcrypto1.1-udeb/1.1.1o-1/arm64 from testing makes libisns-udeb/0.100-3/arm64 uninstallable
- ∙ ∙ removing libcrypto1.1-udeb/1.1.1o-1/armel from testing makes libisns-udeb/0.100-3/armel uninstallable
- ∙ ∙ removing libcrypto1.1-udeb/1.1.1o-1/armhf from testing makes libisns-udeb/0.100-3/armhf uninstallable
- ∙ ∙ removing libcrypto1.1-udeb/1.1.1o-1/i386 from testing makes libisns-udeb/0.100-3/i386 uninstallable
- ∙ ∙ removing libcrypto1.1-udeb/1.1.1o-1/mips64el from testing makes libisns-udeb/0.100-3/mips64el uninstallable
- ∙ ∙ removing libcrypto1.1-udeb/1.1.1o-1/mipsel from testing makes libisns-udeb/0.100-3/mipsel uninstallable
- ∙ ∙ removing libcrypto1.1-udeb/1.1.1o-1/ppc64el from testing makes libisns-udeb/0.100-3/ppc64el uninstallable
- ∙ ∙ removing libcrypto1.1-udeb/1.1.1o-1/s390x from testing makes libisns-udeb/0.100-3/s390x uninstallable
- ∙ ∙ Not built on buildd: upload info for arch amd64 binaries not found
- ∙ ∙ Not built on buildd: upload info for arch arm64 binaries not found
- ∙ ∙ Not built on buildd: upload info for arch armhf binaries not found
- ∙ ∙ Not built on buildd: upload info for arch i386 binaries not found
- ∙ ∙ Not built on buildd: upload info for arch mips64el binaries not found
- ∙ ∙ Not built on buildd: upload info for arch mipsel binaries not found
- ∙ ∙ Not built on buildd: upload info for arch ppc64el binaries not found
- ∙ ∙ Too young, only 2 of 5 days old
- ∙ ∙ Implicit dependency: openssl bind9-libs/amd64
- ∙ ∙ Implicit dependency: openssl bind9-libs/arm64
- ∙ ∙ Implicit dependency: openssl bind9-libs/armel
- ∙ ∙ Implicit dependency: openssl bind9-libs/armhf
- ∙ ∙ Implicit dependency: openssl bind9-libs/i386
- ∙ ∙ Implicit dependency: openssl bind9-libs/mips64el
- ∙ ∙ Implicit dependency: openssl bind9-libs/mipsel
- ∙ ∙ Implicit dependency: openssl bind9-libs/ppc64el
- ∙ ∙ Implicit dependency: openssl bind9-libs/s390x
- ∙ ∙ Implicit dependency: openssl cryptsetup/amd64
- ∙ ∙ Implicit dependency: openssl cryptsetup/arm64
- ∙ ∙ Implicit dependency: openssl cryptsetup/armel
- ∙ ∙ Implicit dependency: openssl cryptsetup/armhf
- ∙ ∙ Implicit dependency: openssl cryptsetup/i386
- ∙ ∙ Implicit dependency: openssl cryptsetup/mips64el
- ∙ ∙ Implicit dependency: openssl cryptsetup/mipsel
- ∙ ∙ Implicit dependency: openssl cryptsetup/ppc64el
- ∙ ∙ Implicit dependency: openssl cryptsetup/s390x
- ∙ ∙ Implicit dependency: openssl hfsprogs/amd64
- ∙ ∙ Implicit dependency: openssl hfsprogs/arm64
- ∙ ∙ Implicit dependency: openssl hfsprogs/armel
- ∙ ∙ Implicit dependency: openssl hfsprogs/armhf
- ∙ ∙ Implicit dependency: openssl hfsprogs/i386
- ∙ ∙ Implicit dependency: openssl hfsprogs/mips64el
- ∙ ∙ Implicit dependency: openssl hfsprogs/mipsel
- ∙ ∙ Implicit dependency: openssl hfsprogs/ppc64el
- ∙ ∙ Implicit dependency: openssl hfsprogs/s390x
- ∙ ∙ Implicit dependency: openssl open-iscsi/amd64
- ∙ ∙ Implicit dependency: openssl open-iscsi/arm64
- ∙ ∙ Implicit dependency: openssl open-iscsi/armhf
- ∙ ∙ Implicit dependency: openssl open-iscsi/i386
- ∙ ∙ Implicit dependency: openssl open-iscsi/mipsel
- ∙ ∙ Implicit dependency: openssl open-iscsi/ppc64el
- ∙ ∙ Implicit dependency: openssl open-iscsi/s390x
- ∙ ∙ Implicit dependency: openssl openssh/amd64
- ∙ ∙ Implicit dependency: openssl openssh/arm64
- ∙ ∙ Implicit dependency: openssl openssh/armel
- ∙ ∙ Implicit dependency: openssl openssh/armhf
- ∙ ∙ Implicit dependency: openssl openssh/i386
- ∙ ∙ Implicit dependency: openssl openssh/mips64el
- ∙ ∙ Implicit dependency: openssl openssh/mipsel
- ∙ ∙ Implicit dependency: openssl openssh/ppc64el
- ∙ ∙ Implicit dependency: openssl openssh/s390x
- ∙ ∙ Implicit dependency: openssl ppp/amd64
- ∙ ∙ Implicit dependency: openssl ppp/arm64
- ∙ ∙ Implicit dependency: openssl ppp/armel
- ∙ ∙ Implicit dependency: openssl ppp/armhf
- ∙ ∙ Implicit dependency: openssl ppp/i386
- ∙ ∙ Implicit dependency: openssl ppp/mips64el
- ∙ ∙ Implicit dependency: openssl ppp/mipsel
- ∙ ∙ Implicit dependency: openssl ppp/ppc64el
- ∙ ∙ Implicit dependency: openssl wget/amd64
- ∙ ∙ Implicit dependency: openssl wget/arm64
- ∙ ∙ Implicit dependency: openssl wget/armel
- ∙ ∙ Implicit dependency: openssl wget/armhf
- ∙ ∙ Implicit dependency: openssl wget/i386
- ∙ ∙ Implicit dependency: openssl wget/mips64el
- ∙ ∙ Implicit dependency: openssl wget/mipsel
- ∙ ∙ Implicit dependency: openssl wget/ppc64el
- ∙ ∙ Implicit dependency: openssl wget/s390x
- ∙ ∙ Implicit dependency: openssl wpa/amd64
- ∙ ∙ Implicit dependency: openssl wpa/arm64
- ∙ ∙ Implicit dependency: openssl wpa/armel
- ∙ ∙ Implicit dependency: openssl wpa/armhf
- ∙ ∙ Implicit dependency: openssl wpa/i386
- ∙ ∙ Implicit dependency: openssl wpa/mips64el
- ∙ ∙ Implicit dependency: openssl wpa/mipsel
- ∙ ∙ Implicit dependency: openssl wpa/ppc64el
- ∙ ∙ Implicit dependency: openssl wpa/s390x
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/o/openssl.html
- Not considered

news

[rss feed]

[2022-05-16] Accepted openssl 3.0.3-4 (source) into unstable (Sebastian Andrzej Siewior)
[2022-05-15] Accepted openssl 1.1.0l-1~deb9u6 (source) into oldoldstable (Stefano Rivera)
[2022-05-14] Accepted openssl 3.0.3-3 (source) into unstable (Sebastian Andrzej Siewior)
[2022-05-13] Accepted openssl 3.0.3-2 (source) into unstable (Sebastian Andrzej Siewior)
[2022-05-09] openssl 1.1.1o-1 MIGRATED to testing (Debian testing watch)
[2022-05-06] Accepted openssl 3.0.3-1 (source) into experimental (Sebastian Andrzej Siewior)
[2022-05-06] Accepted openssl 1.1.1o-1 (source) into unstable (Sebastian Andrzej Siewior)
[2022-03-19] Accepted openssl 1.1.1n-0+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Sebastian Andrzej Siewior)
[2022-03-19] Accepted openssl 1.1.1n-0+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Sebastian Andrzej Siewior)
[2022-03-19] Accepted openssl 1.1.1m-0+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Sebastian Andrzej Siewior)
[2022-03-19] Accepted openssl 1.1.1k-1+deb11u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Sebastian Andrzej Siewior)
[2022-03-18] openssl 1.1.1n-1 MIGRATED to testing (Debian testing watch)
[2022-03-17] Accepted openssl 1.1.0l-1~deb9u5 (source) into oldoldstable (Emilio Pozuelo Monfort)
[2022-03-16] Accepted openssl 1.1.1d-0+deb10u8 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Sebastian Andrzej Siewior)
[2022-03-15] Accepted openssl 3.0.2-1 (source) into experimental (Sebastian Andrzej Siewior)
[2022-03-15] Accepted openssl 1.1.1n-1 (source) into unstable (Sebastian Andrzej Siewior)
[2022-03-15] Accepted openssl 1.1.1k-1+deb11u2 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Sebastian Andrzej Siewior)
[2022-03-15] Accepted openssl 1.1.1d-0+deb10u8 (source) into oldstable->embargoed, oldstable (Debian FTP Masters) (signed by: Sebastian Andrzej Siewior)
[2021-12-27] Accepted openssl 3.0.1-1 (source) into experimental (Sebastian Andrzej Siewior)
[2021-12-27] openssl 1.1.1m-1 MIGRATED to testing (Debian testing watch)
[2021-12-24] Accepted openssl 1.1.1m-1 (source) into unstable (Sebastian Andrzej Siewior)
[2021-09-26] Accepted openssl 1.1.0l-1~deb9u4 (source amd64 all) into oldoldstable (Thorsten Alteholz)
[2021-09-11] Accepted openssl 3.0.0-1 (source) into experimental (Sebastian Andrzej Siewior)
[2021-08-27] Accepted openssl 1.1.1d-0+deb10u7 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Sebastian Andrzej Siewior)
[2021-08-27] Accepted openssl 1.1.1k-1+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Sebastian Andrzej Siewior)
[2021-08-27] openssl 1.1.1l-1 MIGRATED to testing (Debian testing watch)
[2021-08-24] Accepted openssl 1.1.1l-1 (source) into unstable (Sebastian Andrzej Siewior)
[2021-08-24] Accepted openssl 1.1.1d-0+deb10u7 (source) into oldstable->embargoed, oldstable (Debian FTP Masters) (signed by: Sebastian Andrzej Siewior)
[2021-08-24] Accepted openssl 1.1.1k-1+deb11u1 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Sebastian Andrzej Siewior)
[2021-07-30] Accepted openssl 3.0.0~~beta2-1 (source) into experimental (Sebastian Andrzej Siewior)

bugs [bug history graph]

all: 69
RC: 1
I&N: 45
M&W: 23
F&P: 0
patch: 1

links

homepage
lintian (1, 9)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.0.2-0ubuntu1
125 bugs (6 patches)
patches for 3.0.2-0ubuntu1