** Description changed: Unstable has openssl 3.2.1 which is need to fix some tests for nodejs and some features for cryptsetup and is a good step to 3.3 for 24.10. Merge request: https://code.launchpad.net/~adrien/ubuntu/+source/openssl/+git/openssl/+merge/466581 + + Copied over from the MP for anyone looking for the detailed rationales behind the dropped delta: + Merge unstable's openssl 3.2.1-1 + + Remove most of the delta we have compared to Debian. + + Openssl 3.2 now forbids TLS < 1.2 when at SECLEVEL=2 which we were + already doing through a patch. This lets us drop patches that implement + this and those that adapt tests. + + In addition, debian had integrated the support for the noudeb profile + but we still had some bits related to our diff which we can actually + drop. + + Debian had reverted a change in the default configuration file that + broke applications which were using openssl < 3. We had not propagated + that due to various reasons which don't apply for a new development + cycle. I will see if the patch can be dropped Debian-side as it mostly + made sense when openssl versions were likely to be installed alongside + (i.e. during the transition). + + The AVX-512 patches have been integrated upstream and can be dropped. + + The FIPS patches only make sense during Ubuntu LTS cycles. There is + value in them but the next LTS cycle is in 18 months and the preferred + approach is rather to have them merged upstream by then. + + In a private conversation with Tobias (from whom I integrated the FIPS + patches for Noble), we agreed that we could drop the FIPS patches after + Noble since they would be useless until 26.04, at which point they + should have been upstreamed already. Overall it's not very useful to + keep them around as patches during the releases they're certainly not + going to be used (it's fine to have them through, say, upstream 3.4 or + 3.5 however). + + All security patches have been integrated. + + The code for reboot notification has been removed too as it was buggy + and was actually only working on desktops while the original intent was + to have that code run on servers. Considering there has been no + specification of what was wanted and how it evolved over the years, it's + impossible to "fix" so let's just remove it. The right place to + implement such things is not in postinst scripts. + + There are a few things kept: a symlink for changelog/copyright files, + using perl:native in autopkgtests depends, and disabling LTO. The + symlink topic will be looked at later on as there are issues there (the + targets don't exist!), and I will also attempt to drop using + perl:native. I will be doing that slightly later on as there are already + many changes and 3.2 is needed to fix some other tests.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2067384 Title: openssl: merge 3.2.1-3 from unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2067384/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
