[ubuntu/bionic-proposed] openssl 1.1.0g-2ubuntu1 (Accepted)

Dimitri John Ledkov xnox at ubuntu.com
Mon Feb 5 14:28:19 UTC 2018


openssl (1.1.0g-2ubuntu1) bionic; urgency=medium

  * Merge from Debian unstable, remaining changes:
    - Replace duplicate files in the doc directory with symlinks.
    - debian/libssl1.1.postinst:
      + Display a system restart required notification on libssl1.1
        upgrade on servers.
      + Use a different priority for libssl1.1/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.

openssl (1.1.0g-2) unstable; urgency=high

  * Avoid problems with aes assembler on armhf using binutils 2.29

openssl (1.1.0g-1) unstable; urgency=medium

  * New upstream version
    - Fixes CVE-2017-3735
    - Fixes CVE-2017-3736
  * Remove patches applied upstream
  * Temporary enable TLS 1.0 and 1.1 again (#875423)
  * Attempt to fix testsuite race condition
  * update no-symbolic.patch to apply

openssl (1.1.0f-5) unstable; urgency=medium

  * Instead of completly disabling TLS 1.0 and 1.1, just set the minimum
    version to TLS 1.2 by default. TLS 1.0 and 1.1 can be enabled again by
    calling SSL_CTX_set_min_proto_version() or SSL_set_min_proto_version().

openssl (1.1.0f-4) unstable; urgency=medium

  [ Sebastian Andrzej Siewior ]
  * Add support for arm64ilp32, patch by Wookey (Closes: #867240)

  [ Kurt Roeckx ]
  * Disable TLS 1.0 and 1.1, leaving 1.2 as the only supported SSL/TLS
    version. This will likely break things, but the hope is that by
    the release of Buster everything will speak at least TLS 1.2. This will be
    reconsidered before the Buster release.
  * Fix a race condition in the test suite (Closes: #869856)

openssl (1.1.0f-3) unstable; urgency=medium

  * Don't cleanup a thread-local key we didn't create it (Closes: #863707)

openssl (1.1.0f-2) unstable; urgency=medium

  * Make the udeb use a versioned depends (Closes: #864080)
  * Conflict with libssl1.0-dev (Closes: #863367)

openssl (1.1.0f-1) unstable; urgency=medium

  * New upstream version
    - Fix regression in req -x509 (Closes: #839575)
    - Properly detect features on the AMD Ryzen processor (Closes: #861145)
    - Don't mention -tls1_3 in the manpage (Closes: #859191)
  * Update libssl1.1.symbols for new symbols
  * Update man-section.patch

openssl (1.1.0e-2) unstable; urgency=medium

  * Make openssl depend on perl-base (Closes: #860254)

openssl (1.1.0e-1) unstable; urgency=high

  * New upstream version
    - Fixes CVE-2017-3733
    - Remove patches that are applied upstream.

openssl (1.1.0d-2) unstable; urgency=medium

  * Fix building of arch and all packages in a minimal environment
    (Closes: #852900).
  * Fix precomputing SHA1 by adding the following patches from upstream:
    - Add-a-couple-of-test-to-check-CRL-fingerprint.patch
    - Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch
    - X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch
    (Closes: #852920).

openssl (1.1.0d-1) unstable; urgency=medium

  * New Upstream release
    - Fixes CVE-2017-3731
    - Fixes CVE-2017-3730
    - Fixes CVE-2017-3732
    - drop revert_ssl_read.patch and
      0001-Add-missing-zdelete-for-some-linux-arches.patch, applied upstream.
  * add new symbols.

openssl (1.1.0c-4) unstable; urgency=medium

  * Make build-indep build again.
  * Don't depend on perl:any in openssl as it breaks debootstrap
   ("Closes: #852017).

openssl (1.1.0c-3) unstable; urgency=medium

  * Add myself as Uploader.
  * Add support for tilegx, patch by Helmut Grohne (Closes: #848957).
  * redo the rules file to some newer debhelper:
    - everyfile should remain, nothing should get lost
    - the scripts in the doc package gained an exec bit
    - openssl gained a dep on perl (the package contains perl scripts)
    - libssl1.0.2-dbg is gone, we have dbgsym now
    - dh compat 10
    - pkg.install instead of pkg.files is used for install
  * Mark libssl-doc as MA foreign
  * Update Standards-Version from 3.9.5 to 3.9.8. No changes required.
  * Document the change for openssl's enc command between 1.1.0 and pre 1.1.0
    in the NEWS file (Closes: #843064).
  * Add an override for lintian for the non-standard private directory

openssl (1.1.0c-2) unstable; urgency=medium

  * Revert behaviour of SSL_read() and SSL_write(), and update documentation.
    (Closes: #844234)
  * Add missing -zdelete on x32 (Closes: #844715)
  * Add a Breaks on salt-common. Addresses #844706

openssl (1.1.0c-1) unstable; urgency=medium

  * New upstrem release
    - Fix CVE-2016-7053
    - Fix CVE-2016-7054
    - Fix CVE-2016-7055
  * remove no-rpath.patch, applied upstream.
  * Remove old d2i test cases, use the one from the upstream tarball.
  * Update libssl1.1.symbols for new sysmbols.

openssl (1.1.0b-2) unstable; urgency=low

  * Upload to unstable

openssl (1.1.0b-1) experimental; urgency=medium

  * New upstream release
    - Fixes CVE-2016-6309

openssl (1.1.0a-1) experimental; urgency=medium

  * New upstream release
    - Fix CVE-2016-6304
    - Fix CVE-2016-6305
    - Fix CVE-2016-6307
    - Fix CVE-2016-6308
  * Update c_rehash-compat.patch to apply to new version.
  * Update symbol file.

openssl (1.1.0-1) experimental; urgency=medium

  [ Kurt Roeckx ]
  * New upstream version
  * Use Package-Type instead of XC-Package-Type
  * Remove "Priority: optional" in the binary packages.
  * Add Homepage
  * Use dpkg-buildflags's LDFLAGS also for building the shared libraries.

  [ Sebastian Andrzej Siewior ]
  * drop config-hurd.patch, we don't use `config' and it works without the
    patch.
  * Drop depend on zlib1g-dev since we don't use it anymore (Closes: #767207)
  * Make the openssl package Multi-Arch: foregin (Closes: #827028)

openssl (1.1.0~pre6-1) experimental; urgency=medium

  [ Sebastian Andrzej Siewior ]
  * drop engines-path.patch. Upstream uses a 1.1 suffixes now.

  [ Kurt Roeckx ]
  * New upstream version
  * Drop upstream snapshot
  * Update symbols file
  * Use some https instead of http URLs

openssl (1.1.0~pre5-5) experimental; urgency=medium

  * Update snapshot to commit fe964f0c88f6780fd30b26e306484b981b0a8480

openssl (1.1.0~pre5-4) experimental; urgency=medium

  * Update snapshot to commit c32bdbf171ce6650ef045ec47b5abe0de7c264db
  * Remove utils-mkdir-p-check-if-dir-exists-also-after-mkdir-f.patch, applied
    upstream

openssl (1.1.0~pre5-3) experimental; urgency=medium

  [ Kurt Roeckx ]
  * Don't use assembler on hppa, it's not writen for Linux.

openssl (1.1.0~pre5-2) experimental; urgency=medium

  [ Sebastian Andrzej Siewior ]
  * Run the testsuite with verbose output.
  * Use $(MAKE) so the whole make environment is passed to its child and we
    can build in parallel with -jX
  * Update snapshot to commit 5000a6d1215e ("Fix an error path leak in int
    X509_ATTRIBUTE_set1_data()")

openssl (1.1.0~pre5-1) experimental; urgency=medium

  * New upstream version with soname change.  Upload to experimental.
    - Rename binary packages
    - Remove patches:
      - block_diginotar.patch: All cross certificates expired in 2013
      - block_digicert_malaysia.patch: intermediate certificates expired in
        2015
      - man-dir.patch: Fixed upstream
      - valgrind.patch: Upstream no longer adds the uninitialized data to the
        RNG
      - shared-lib-ext.patch: No longer needed
      - version-script.patch: Upstream does symbol versioning itself now
      - disable_freelist.patch: No longer needed
      - soname.patch: Was to change to the 1.0.2 soname that upstream never had
      - disable_sslv3_test.patch: Fixed upstream
      - libdoc-manpgs-pod-spell.patch: Fixed upstream (Closes: #813191)
    - Rewrite debian-targets.patch to work with the new configuration system.
    - Update other patches to apply
    - Update list of install docs
    - Use DESTDIR instead of INSTALL_PREFIX
    - Clean up more files
    - Remove the configure option enable-tlsext no-ssl2 since they're no
      longer supported.
  * Add upstream snapshot:
    - Add d2i-tests.tar to get new binary test files.
  * Don't build i686 optimized version anymore on i386, it's now the default.
    (Closes: #823774)

Date: Mon, 05 Feb 2018 13:16:42 +0000
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssl/1.1.0g-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 05 Feb 2018 13:16:42 +0000
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.0g-2ubuntu1
Distribution: bionic
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Closes: 767207 813191 823774 827028 839575 843064 844234 844715 848957 852017 852900 852920 859191 860254 861145 863367 863707 864080 867240 869856
Changes:
 openssl (1.1.0g-2ubuntu1) bionic; urgency=medium
 .
   * Merge from Debian unstable, remaining changes:
     - Replace duplicate files in the doc directory with symlinks.
     - debian/libssl1.1.postinst:
       + Display a system restart required notification on libssl1.1
         upgrade on servers.
       + Use a different priority for libssl1.1/restart-services depending
         on whether a desktop, or server dist-upgrade is being performed.
 .
 openssl (1.1.0g-2) unstable; urgency=high
 .
   * Avoid problems with aes assembler on armhf using binutils 2.29
 .
 openssl (1.1.0g-1) unstable; urgency=medium
 .
   * New upstream version
     - Fixes CVE-2017-3735
     - Fixes CVE-2017-3736
   * Remove patches applied upstream
   * Temporary enable TLS 1.0 and 1.1 again (#875423)
   * Attempt to fix testsuite race condition
   * update no-symbolic.patch to apply
 .
 openssl (1.1.0f-5) unstable; urgency=medium
 .
   * Instead of completly disabling TLS 1.0 and 1.1, just set the minimum
     version to TLS 1.2 by default. TLS 1.0 and 1.1 can be enabled again by
     calling SSL_CTX_set_min_proto_version() or SSL_set_min_proto_version().
 .
 openssl (1.1.0f-4) unstable; urgency=medium
 .
   [ Sebastian Andrzej Siewior ]
   * Add support for arm64ilp32, patch by Wookey (Closes: #867240)
 .
   [ Kurt Roeckx ]
   * Disable TLS 1.0 and 1.1, leaving 1.2 as the only supported SSL/TLS
     version. This will likely break things, but the hope is that by
     the release of Buster everything will speak at least TLS 1.2. This will be
     reconsidered before the Buster release.
   * Fix a race condition in the test suite (Closes: #869856)
 .
 openssl (1.1.0f-3) unstable; urgency=medium
 .
   * Don't cleanup a thread-local key we didn't create it (Closes: #863707)
 .
 openssl (1.1.0f-2) unstable; urgency=medium
 .
   * Make the udeb use a versioned depends (Closes: #864080)
   * Conflict with libssl1.0-dev (Closes: #863367)
 .
 openssl (1.1.0f-1) unstable; urgency=medium
 .
   * New upstream version
     - Fix regression in req -x509 (Closes: #839575)
     - Properly detect features on the AMD Ryzen processor (Closes: #861145)
     - Don't mention -tls1_3 in the manpage (Closes: #859191)
   * Update libssl1.1.symbols for new symbols
   * Update man-section.patch
 .
 openssl (1.1.0e-2) unstable; urgency=medium
 .
   * Make openssl depend on perl-base (Closes: #860254)
 .
 openssl (1.1.0e-1) unstable; urgency=high
 .
   * New upstream version
     - Fixes CVE-2017-3733
     - Remove patches that are applied upstream.
 .
 openssl (1.1.0d-2) unstable; urgency=medium
 .
   * Fix building of arch and all packages in a minimal environment
     (Closes: #852900).
   * Fix precomputing SHA1 by adding the following patches from upstream:
     - Add-a-couple-of-test-to-check-CRL-fingerprint.patch
     - Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch
     - X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch
     (Closes: #852920).
 .
 openssl (1.1.0d-1) unstable; urgency=medium
 .
   * New Upstream release
     - Fixes CVE-2017-3731
     - Fixes CVE-2017-3730
     - Fixes CVE-2017-3732
     - drop revert_ssl_read.patch and
       0001-Add-missing-zdelete-for-some-linux-arches.patch, applied upstream.
   * add new symbols.
 .
 openssl (1.1.0c-4) unstable; urgency=medium
 .
   * Make build-indep build again.
   * Don't depend on perl:any in openssl as it breaks debootstrap
    ("Closes: #852017).
 .
 openssl (1.1.0c-3) unstable; urgency=medium
 .
   * Add myself as Uploader.
   * Add support for tilegx, patch by Helmut Grohne (Closes: #848957).
   * redo the rules file to some newer debhelper:
     - everyfile should remain, nothing should get lost
     - the scripts in the doc package gained an exec bit
     - openssl gained a dep on perl (the package contains perl scripts)
     - libssl1.0.2-dbg is gone, we have dbgsym now
     - dh compat 10
     - pkg.install instead of pkg.files is used for install
   * Mark libssl-doc as MA foreign
   * Update Standards-Version from 3.9.5 to 3.9.8. No changes required.
   * Document the change for openssl's enc command between 1.1.0 and pre 1.1.0
     in the NEWS file (Closes: #843064).
   * Add an override for lintian for the non-standard private directory
 .
 openssl (1.1.0c-2) unstable; urgency=medium
 .
   * Revert behaviour of SSL_read() and SSL_write(), and update documentation.
     (Closes: #844234)
   * Add missing -zdelete on x32 (Closes: #844715)
   * Add a Breaks on salt-common. Addresses #844706
 .
 openssl (1.1.0c-1) unstable; urgency=medium
 .
   * New upstrem release
     - Fix CVE-2016-7053
     - Fix CVE-2016-7054
     - Fix CVE-2016-7055
   * remove no-rpath.patch, applied upstream.
   * Remove old d2i test cases, use the one from the upstream tarball.
   * Update libssl1.1.symbols for new sysmbols.
 .
 openssl (1.1.0b-2) unstable; urgency=low
 .
   * Upload to unstable
 .
 openssl (1.1.0b-1) experimental; urgency=medium
 .
   * New upstream release
     - Fixes CVE-2016-6309
 .
 openssl (1.1.0a-1) experimental; urgency=medium
 .
   * New upstream release
     - Fix CVE-2016-6304
     - Fix CVE-2016-6305
     - Fix CVE-2016-6307
     - Fix CVE-2016-6308
   * Update c_rehash-compat.patch to apply to new version.
   * Update symbol file.
 .
 openssl (1.1.0-1) experimental; urgency=medium
 .
   [ Kurt Roeckx ]
   * New upstream version
   * Use Package-Type instead of XC-Package-Type
   * Remove "Priority: optional" in the binary packages.
   * Add Homepage
   * Use dpkg-buildflags's LDFLAGS also for building the shared libraries.
 .
   [ Sebastian Andrzej Siewior ]
   * drop config-hurd.patch, we don't use `config' and it works without the
     patch.
   * Drop depend on zlib1g-dev since we don't use it anymore (Closes: #767207)
   * Make the openssl package Multi-Arch: foregin (Closes: #827028)
 .
 openssl (1.1.0~pre6-1) experimental; urgency=medium
 .
   [ Sebastian Andrzej Siewior ]
   * drop engines-path.patch. Upstream uses a 1.1 suffixes now.
 .
   [ Kurt Roeckx ]
   * New upstream version
   * Drop upstream snapshot
   * Update symbols file
   * Use some https instead of http URLs
 .
 openssl (1.1.0~pre5-5) experimental; urgency=medium
 .
   * Update snapshot to commit fe964f0c88f6780fd30b26e306484b981b0a8480
 .
 openssl (1.1.0~pre5-4) experimental; urgency=medium
 .
   * Update snapshot to commit c32bdbf171ce6650ef045ec47b5abe0de7c264db
   * Remove utils-mkdir-p-check-if-dir-exists-also-after-mkdir-f.patch, applied
     upstream
 .
 openssl (1.1.0~pre5-3) experimental; urgency=medium
 .
   [ Kurt Roeckx ]
   * Don't use assembler on hppa, it's not writen for Linux.
 .
 openssl (1.1.0~pre5-2) experimental; urgency=medium
 .
   [ Sebastian Andrzej Siewior ]
   * Run the testsuite with verbose output.
   * Use $(MAKE) so the whole make environment is passed to its child and we
     can build in parallel with -jX
   * Update snapshot to commit 5000a6d1215e ("Fix an error path leak in int
     X509_ATTRIBUTE_set1_data()")
 .
 openssl (1.1.0~pre5-1) experimental; urgency=medium
 .
   * New upstream version with soname change.  Upload to experimental.
     - Rename binary packages
     - Remove patches:
       - block_diginotar.patch: All cross certificates expired in 2013
       - block_digicert_malaysia.patch: intermediate certificates expired in
         2015
       - man-dir.patch: Fixed upstream
       - valgrind.patch: Upstream no longer adds the uninitialized data to the
         RNG
       - shared-lib-ext.patch: No longer needed
       - version-script.patch: Upstream does symbol versioning itself now
       - disable_freelist.patch: No longer needed
       - soname.patch: Was to change to the 1.0.2 soname that upstream never had
       - disable_sslv3_test.patch: Fixed upstream
       - libdoc-manpgs-pod-spell.patch: Fixed upstream (Closes: #813191)
     - Rewrite debian-targets.patch to work with the new configuration system.
     - Update other patches to apply
     - Update list of install docs
     - Use DESTDIR instead of INSTALL_PREFIX
     - Clean up more files
     - Remove the configure option enable-tlsext no-ssl2 since they're no
       longer supported.
   * Add upstream snapshot:
     - Add d2i-tests.tar to get new binary test files.
   * Don't build i686 optimized version anymore on i386, it's now the default.
     (Closes: #823774)
Checksums-Sha1:
 f4a637d21217e841dcfa249ca2a4c22fd3185760 2365 openssl_1.1.0g-2ubuntu1.dsc
 e8240a8be304d4317a750753321b073c664bfdd4 5404748 openssl_1.1.0g.orig.tar.gz
 efced52be9d3c5cd231c232a6cf294a46b68a9d9 455 openssl_1.1.0g.orig.tar.gz.asc
 d8ecd8617e86d539ea05e1d8d2b4dcaac0d0eed7 59832 openssl_1.1.0g-2ubuntu1.debian.tar.xz
 45e0c43187cae06aaaa601b161c330eedda03990 6488 openssl_1.1.0g-2ubuntu1_source.buildinfo
Checksums-Sha256:
 1cf4cdc73b4cd434e1dc07a4d8026fe450035398f55a44db38a3fabf57352fe0 2365 openssl_1.1.0g-2ubuntu1.dsc
 de4d501267da39310905cb6dc8c6121f7a2cad45a7707f76df828fe1b85073af 5404748 openssl_1.1.0g.orig.tar.gz
 2a7532e6722aab8989644049ba5c1d3a5fce417aa4b18235eec901224098bbed 455 openssl_1.1.0g.orig.tar.gz.asc
 e3c13bc136dd575ae0d45aa0ca3867de722dfe8c7a65da3123dee8881af8822e 59832 openssl_1.1.0g-2ubuntu1.debian.tar.xz
 ccc351749a799d6024196bdf37a7e99edabadc9a3edd199baa6dbc1d28f4103d 6488 openssl_1.1.0g-2ubuntu1_source.buildinfo
Files:
 4a43bb3c8817fba81e08b3cfccbf73f4 2365 utils optional openssl_1.1.0g-2ubuntu1.dsc
 ba5f1b8b835b88cadbce9b35ed9531a6 5404748 utils optional openssl_1.1.0g.orig.tar.gz
 99a7a7d7b55d9d12bb1fc5a31f95899a 455 utils optional openssl_1.1.0g.orig.tar.gz.asc
 a1dc3218382acc55f730079ce0e23a46 59832 utils optional openssl_1.1.0g-2ubuntu1.debian.tar.xz
 18a8691b53535876ba36d02ffa3a5b91 6488 utils optional openssl_1.1.0g-2ubuntu1_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQFEBAEBCgAuFiEEdzyZ69ChEXIhenw/ysLYuc0spfkFAlp4WyIQHHhub3hAdWJ1
bnR1LmNvbQAKCRDKwti5zSyl+ePDB/9xCZ+wW8/mTWDSl/WxXID7RDiqZj4maEv3
mv5d+qQvJuXezy8xUscpr3I5qYrW9xQdTHda/SiWnOvunh8Xfho0jOpB50jfzfsW
exCHEdvr3jf2RIBCALhJQa77Eqf1hegxVP6lBTUxB864PjfUd3E8n1i1f8cJR3gL
mhUurz3MoBMCmbYmCTJF7WMxc7tqeRnj6b3k5lAFfTiF5TiWcG3T+WXBpXPLFW3p
dI/VxQzz2t6KJbecuVYUaGGq48in1kf/G34TbMhkKqfGDx6UZcVqwcDzLjRmDaZA
yoMAjqpVgBJaaxb1xNz8QsmPtQ9Qm7dAGqUy6inoJK+GsIw40bKQ
=tnDA
-----END PGP SIGNATURE-----


More information about the Bionic-changes mailing list