Outdate version check for restart in libssl3.postinst
Bug #1999139 reported by
Adrien Nader
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Our version of libssl3.postinst compares the installed version to "1.1.1-
The version needs to be updated and since we have been carrying this as a delta from Debian, it would be a good idea to ensure the behaviour still matches what we currently want.
To post a comment you must log in.
This bug was fixed in the package openssl - 3.0.7-1ubuntu1
---------------
openssl (3.0.7-1ubuntu1) lunar; urgency=medium
* Merge 3.0.7 from Debian unstable (LP: #1998942) 3602-1. patch 3602-2. patch seclevel- 1.patch TLS_SECURITY_ LEVEL=2 is now hard-coded: default- settings- for-libssl- users.patch a-default- openssl. cnf-for- tests.patch min-seclevel2. patch ,.Debian} .gz and copyright.gz from libssl-dev to 1/restart- services depending restart- without- asking template as used by above. 1_seclevel3_ tests.patch
- Drop patches merged upstream:
+ CVE-2022-3358.patch
+ CVE-2022-
+ CVE-2022-
- Shrink patch since upstream fixed some tests in the patch above:
+ tests-use-
- Drop patch since -DOPENSSL_
+ Set-systemwide-
- Drop Debian patch not needed anymore:
+ TEST-Provide-
- Mention Debian as defaulting to SECLEVEL=2 in addition to Ubuntu:
+ tls1.2-
- Remaining changes:
+ Symlink changelog{
openssl
+ d/libssl3.postinst: Revert Debian deletion
- Skip services restart & reboot notification if needrestart is in-use.
- Bump version check to 1.1.1 (bug opened as LP: #1999139)
- Use a different priority for libssl1.
on whether a desktop, or server dist-upgrade is being performed.
- Import libraries/
+ Add support for building with noudeb build profile.
+ Use perl:native in the autopkgtest for installability on i386.
* Correct comment as to which TLS version is disabled with our seclevel:
- skip_tls1.
[Sebastian Andrzej Siewior]
* CVE-2022-3996 (X.509 Policy Constraints Double Locking).
openssl (3.0.7-1) unstable; urgency=medium
* Import 3.0.7 CVE-2022- 3358) (Closes: #1021620).
- Using a Custom Cipher with NID_undef may lead to NULL encryption
(
- X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602).
- X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786).
* Disable rdrand engine (the opcode on x86).
* Remove config bits for MIPS R6, the generic MIPS config can be used.
openssl (3.0.5-4) unstable; urgency=medium
* Add ssl_conf() serialisation (Closes: #1020308).
openssl (3.0.5-3) unstable; urgency=medium
* Add cert.pem symlink pointing to ca-certificates' ca-certificates.crt TLS_SECURITY_ LEVEL=2 (Closes: #918727).
(Closes: #805646).
* Compile with OPENSSL_
-- Adrien Nader <email address hidden> Tue, 06 Dec 2022 15:11:40 +0100