1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1109207: bookworm-pu: package openssl/3.0.17-1~deb12u1

    From Simon Josefsson@21:1/5 to Sebastian Andrzej Siewior on Sun Jul 13 16:00:01 2025
    XPost: linux.debian.devel.release

    Sebastian Andrzej Siewior <[email protected]> writes:

    --- openssl-3.0.16/CHANGES.md 2025-02-11 15:47:41.000000000 +0100
    +++ openssl-3.0.17/CHANGES.md 2025-07-01 14:11:11.000000000 +0200
    ...
    + * SSLv3 is by default disabled at build-time. Builds that are not
    + configured with "enable-ssl3" will not support SSLv3.

    I'm all for disabling SSLv3, but could you clarify if this package
    update actually disable SSLv3 by default or merely fix the CHANGES to accurately describe a change of defaults that happened earlier?

    /Simon

    -----BEGIN PGP SIGNATURE-----

    iQNoBAEWCgMQFiEEo8ychwudMQq61M8vUXIrCP5HRaIFAmhzsFoUHHNpbW9uQGpv c2Vmc3Nvbi5vcmfCHCYAmDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9f V+QlTmXxo2naObDuGtw58YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9z ZWZzc29uLm9yZz6IlgQTFggAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYh BLHSvRN1vst4TPT4xNc89jjFPAa+BQJn0XQkBQkNZGbwAAoJENc89jjFPAa+BtIA /iR73CfBurG9y8pASh3cbGOMHpDZfMAtosu6jbpO69GHAP4p7l57d+iVty2VQMsx +3TCSAvZkpr4P/FuTzZ8JZe8BrgzBFySz4EWCSsGAQQB2kcPAQEHQOxTCIOaeXAx I2hIX4HK9bQTpNVei708oNr1Klm8qCGKiPUEGBYIACYCGwIWIQSx0r0Tdb7LeEz0 +MTXPPY4xTwGvgUCZ9F0SgUJDWRmSQCBdiAEGRYIAB0WIQSjzJyHC50xCrrUzy9R cisI/kdFogUCXJLPgQAKCRBRcisI/kdFoqdMAQCgH45aseZgIrwKOvUOA9QfsmeE 8GZHYNuFHmM9FEQS6AD6A4x5aYvoY6lo98pgtw2HPDhmcCXFItjXCrV4A0GmJA4J ENc89jjFPAa+wUUBAO64fbZek6FPlRK0DrlWsrjCXuLi6PUxyzCAY6lG2nhUAQC6 qobB9mkZlZ0qihy1x4JRtflqFcqqT9n7iUZkCDIiDbg4BFySz2oSCisGAQQBl1UB BQEBB0AxlRumDW6nZY7A+VCfek9VpEx6PJmdJyYPt3lNHMd6HAMBCAeIfgQYFggA JgIbDBYhBLHSvRN1vst4TPT4xNc89jjFPAa+BQJn0XTSBQkNZGboAAoJENc89jjF PAa+0M0BAPPRq73kLnHYNDMniVBOzUdi2XeF32idjEWWfjvyIJUOAP4wZ+ALxIeh is3Uw2BzGZE6ttXQ2Q+DeCJO3TPpIqaXDAAKCRBRcisI/kdFoh1GAQCjTTYMf8ks 72NDw8cElLp+9MhscsdVen1bsqqD6ZiAwAD/SovycJia+Ok9QB/0tuzh6M1P127y kfIbCh17oNnFPwA=
    =Mz4a
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Sebastian Andrzej Siewior@21:1/5 to Simon Josefsson on Sun Jul 13 16:50:01 2025
    XPost: linux.debian.devel.release

    On 2025-07-13 15:10:50 [+0200], Simon Josefsson wrote:
    Sebastian Andrzej Siewior <[email protected]> writes:

    --- openssl-3.0.16/CHANGES.md 2025-02-11 15:47:41.000000000 +0100
    +++ openssl-3.0.17/CHANGES.md 2025-07-01 14:11:11.000000000 +0200
    ...
    + * SSLv3 is by default disabled at build-time. Builds that are not
    + configured with "enable-ssl3" will not support SSLv3.

    I'm all for disabling SSLv3, but could you clarify if this package
    update actually disable SSLv3 by default or merely fix the CHANGES to accurately describe a change of defaults that happened earlier?

    SSLv3 is disabled in Debian since 1.0.2d-2.

    /Simon

    Sebastian

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jonathan Wiltshire@21:1/5 to All on Sun Aug 3 13:10:01 2025
    XPost: linux.debian.devel.release

    Hi,

    There are reports of the updated libssl3 causing segfaults in linked applications; please see #1110254.

    Thanks,

    --
    Jonathan Wiltshire [email protected]
    Debian Developer http://people.debian.org/~jmw

    4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)