[ubuntu/bionic-proposed] openssl 1.0.2n-1ubuntu1 (Accepted)
Dimitri John Ledkov
xnox at ubuntu.com
Tue Jan 16 15:56:14 UTC 2018
openssl (1.0.2n-1ubuntu1) bionic; urgency=medium
* Merge with Debian, remaining changes.
- Use openssl source package name, instead of openssl1.0.
- Make libssl-dev a metapackage pointing at libssl1.0-dev package.
- Ship openssl package.
- Disable SSLv3 without changing ABI:
+ debian/patches/no-sslv3.patch: Disable SSLv3 without using the
no-ssl3-method option
+ debian/rules: don't use no-ssl3-method, don't bump soname
+ debian/patches/engines-path.patch: don't bump soname
+ debian/patches/version-script.patch: don't bump soname
+ debian/patches/soname.patch: removed
+ debian/lib*: don't bump soname
- debian/rules: don't enable rfc3779 and cms support for now as it
changes ABI.
- debian/libssl1.0.0.postinst:
+ Display a system restart required notification on libssl1.0.0
upgrade on servers.
+ Use a different priority for libssl1.0.0/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
- debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
rules}: Move runtime libraries to /lib, for the benefit of
wpasupplicant.
- debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
.pc.
- debian/rules:
+ Don't run 'make test' when cross-building.
+ Use host compiler when cross-building. Patch from Neil Williams.
+ Fix Makefile to properly clean up libs/ dirs in clean target.
+ Replace duplicate files in the doc directory with symlinks.
- debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-*
- Enable asm optimisations on s390x. LP: #1602655.
* Changes applied in Debian:
- debian/rules: Enable optimized 64bit elliptic curve code contributed
by Google.
- debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
libssl1.0.0-udeb, for the benefit of wget-udeb. Same has been applied
in Debian.
* Dropped patches, part of new upstream release:
- CVE-2016-2105.patch
- CVE-2016-2106.patch
- CVE-2016-2107.patch
- CVE-2016-2108.patch
- CVE-2016-2109.patch
- 0b48a24ce993d1a4409d7bde26295f6df0d173cb.patch
- CVE-2016-2177.patch
- CVE-2016-2178-1.patch
- CVE-2016-2178-2.patch
- CVE-2016-2179.patch
- CVE-2016-2180.patch
- CVE-2016-2181-1.patch
- CVE-2016-2181-2.patch
- CVE-2016-2181-3.patch
- CVE-2016-2182.patch
- CVE-2016-2183.patch
- CVE-2016-6302.patch
- CVE-2016-6303.patch
- CVE-2016-6304.patch
- CVE-2016-6306-1.patch
- CVE-2016-6306-2.patch
- CVE-2016-2182-2.patch
- CVE-2016-7055.patch
- CVE-2016-8610.patch
- CVE-2016-8610-2.patch
- CVE-2017-3731.patch
- CVE-2017-3732.patch
- move-extended-feature-detection.patch
- fix-sha-ni.patch
- CVE-2017-3735.patch
- CVE-2017-3736.patch
- fix_armhf_ftbfs.patch
- CVE-2017-3737-pre.patch
- CVE-2017-3737-1.patch
- CVE-2017-3737-2.patch
- CVE-2017-3738.patch
openssl1.0 (1.0.2n-1) unstable; urgency=medium
* New upstream version 1.0.2n
- drop patches which applied upstream:
- 0001-Fix-no-ssl3-build.patch
- 0001-aes-armv4-bsaes-armv7-sha256-armv4-.pl-make-it-work-.patch
- Fixes CVE-2017-3737 (Read/write after SSL object in error state)
- Fixes CVE-2017-3738 (rsaz_1024_mul_avx2 overflow bug on x86_64)
* move to gbp
* Abort the build if symbols are discovered which are not part of the
symbols file.
openssl1.0 (1.0.2m-3) unstable; urgency=medium
* Avoid problems with aes and sha256 assembler on armhf using binutils 2.29
openssl1.0 (1.0.2m-2) unstable; urgency=medium
* Fix no-ssl3-method build
openssl1.0 (1.0.2m-1) unstable; urgency=high
[ Kurt Roeckx ]
* New upstream version
- Fixes CVE-2017-3735
- Fixes CVE-2017-3736
[ Sebastian Andrzej Siewior]
* Add support for arm64ilp32, Patch by Wookey (Closes: #874709).
openssl1.0 (1.0.2l-2) unstable; urgency=medium
* Make the udeb use a versioned depends (Closes: #864081)
openssl1.0 (1.0.2l-1) unstable; urgency=medium
* New upstream release
- Properly detect features on the AMD Ryzen processor (Closes: #861145)
* Refresh valgrind.patch
openssl1.0 (1.0.2k-1) unstable; urgency=medium
* New upstream release
- Fixes CVE-2017-3731
- Fixes CVE-2017-3732
- Fixes CVE-2016-7055
openssl1.0 (1.0.2j-5) unstable; urgency=medium
* Add myself as Uploader.
* Drop zlib1g-dev from libssl1.0-dev's deps (Closes: #845945).
* Mark RC4 and 3DES as weak which removes them from the SSL/TLS protocol
(Closes: #736687).
* Update Standards-Version, no change required.
* Drop asm support for X32 because the testsuite segfaults.
* Limit the watchfile to the 1.0.2x series.
* Redo rules file to newer debhelper syntax
* Add homepage filed
* Remove recommends for libssl-doc because the doc package from 1.1.0 is not
really matching the -dev package from 1.0.2
openssl1.0 (1.0.2j-4) unstable; urgency=medium
* Re-add udebs
openssl1.0 (1.0.2j-3) unstable; urgency=medium
* Upload to unstable
openssl1.0 (1.0.2j-2) experimental; urgency=medium
* Provide an 1.0.2 version of the library for Stretch.
openssl (1.0.2j-1) unstable; urgency=medium
* New upstream release
- Fixes CVE-2016-7052
openssl (1.0.2i-1) unstable; urgency=high
* New upstream version
- Fix CVE-2016-2177
- Fix CVE-2016-2178
- Fix CVE-2016-2179
- Fix CVE-2016-2180
- Fix CVE-2016-2181
- Fix CVE-2016-2182
- Fix CVE-2016-2183
- Fix CVE-2016-6302
- Fix CVE-2016-6303
- Fix CVE-2016-6304
- Fix CVE-2016-6306
* Drop ca.patch, option is now documented upstream
* Update engines-path.patch to also update the libcrypto.pc, now that that
has an enginesdir in it.
openssl (1.0.2h-2) unstable; urgency=medium
* Re-add libdoc-manpgs-pod-spell.patch to series files (Closes: #813191)
* Don't build i686 optimized version anymore on i386, it's now the default.
(Closes: #823774)
openssl (1.0.2h-1) unstable; urgency=high
* New upstream version
- Fixes CVE-2016-2107
- Fixes CVE-2016-2105
- Fixes CVE-2016-2106
- Fixes CVE-2016-2109
- Fixes CVE-2016-2176
openssl (1.0.2g-2) unstable; urgency=medium
* Use assembler of arm64 (Closes: #794326)
Patch from Riku Voipio <riku.voipio at iki.fi>
* Add a udeb for libssl, based on similar changes done in Ubuntu
starting in version 0.9.8o-4ubuntu1 (Closes: #802591)
Patch from Margarita Manterola <marga at google.com>
* Add support for nios2 (Closes: #816239)
Based on patch from Marek Vasut <marex at denx.de>
* Update Spanish translation from Manuel "Venturi" Porras Peralta
<venturi at openmailbox.org> (Closes: #773601)
* Don't build an i586 optimized version anymore, the default
already targets that. Patch from Sven Joachim <svenjoac at gmx.de>
(Closes: #759811)
Date: Mon, 15 Jan 2018 13:10:21 +0000
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssl/1.0.2n-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 15 Jan 2018 13:10:21 +0000
Source: openssl
Binary: openssl libssl1.0.0 libssl-dev libssl1.0-dev libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb
Architecture: source
Version: 1.0.2n-1ubuntu1
Distribution: bionic
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Description:
libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
libssl-dev - Secure Sockets Layer toolkit - metapackage
libssl-doc - Secure Sockets Layer toolkit - development documentation
libssl1.0-dev - Secure Sockets Layer toolkit - development files
libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
libssl1.0.0-udeb - ssl shared library - udeb (udeb)
openssl - Secure Sockets Layer toolkit - cryptographic utility
Closes: 736687 759811 773601 794326 802591 813191 816239 823774 845945 861145 864081 874709
Launchpad-Bugs-Fixed: 1602655
Changes:
openssl (1.0.2n-1ubuntu1) bionic; urgency=medium
.
* Merge with Debian, remaining changes.
- Use openssl source package name, instead of openssl1.0.
- Make libssl-dev a metapackage pointing at libssl1.0-dev package.
- Ship openssl package.
- Disable SSLv3 without changing ABI:
+ debian/patches/no-sslv3.patch: Disable SSLv3 without using the
no-ssl3-method option
+ debian/rules: don't use no-ssl3-method, don't bump soname
+ debian/patches/engines-path.patch: don't bump soname
+ debian/patches/version-script.patch: don't bump soname
+ debian/patches/soname.patch: removed
+ debian/lib*: don't bump soname
- debian/rules: don't enable rfc3779 and cms support for now as it
changes ABI.
- debian/libssl1.0.0.postinst:
+ Display a system restart required notification on libssl1.0.0
upgrade on servers.
+ Use a different priority for libssl1.0.0/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
- debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
rules}: Move runtime libraries to /lib, for the benefit of
wpasupplicant.
- debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
.pc.
- debian/rules:
+ Don't run 'make test' when cross-building.
+ Use host compiler when cross-building. Patch from Neil Williams.
+ Fix Makefile to properly clean up libs/ dirs in clean target.
+ Replace duplicate files in the doc directory with symlinks.
- debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-*
- Enable asm optimisations on s390x. LP: #1602655.
.
* Changes applied in Debian:
- debian/rules: Enable optimized 64bit elliptic curve code contributed
by Google.
- debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
libssl1.0.0-udeb, for the benefit of wget-udeb. Same has been applied
in Debian.
.
* Dropped patches, part of new upstream release:
- CVE-2016-2105.patch
- CVE-2016-2106.patch
- CVE-2016-2107.patch
- CVE-2016-2108.patch
- CVE-2016-2109.patch
- 0b48a24ce993d1a4409d7bde26295f6df0d173cb.patch
- CVE-2016-2177.patch
- CVE-2016-2178-1.patch
- CVE-2016-2178-2.patch
- CVE-2016-2179.patch
- CVE-2016-2180.patch
- CVE-2016-2181-1.patch
- CVE-2016-2181-2.patch
- CVE-2016-2181-3.patch
- CVE-2016-2182.patch
- CVE-2016-2183.patch
- CVE-2016-6302.patch
- CVE-2016-6303.patch
- CVE-2016-6304.patch
- CVE-2016-6306-1.patch
- CVE-2016-6306-2.patch
- CVE-2016-2182-2.patch
- CVE-2016-7055.patch
- CVE-2016-8610.patch
- CVE-2016-8610-2.patch
- CVE-2017-3731.patch
- CVE-2017-3732.patch
- move-extended-feature-detection.patch
- fix-sha-ni.patch
- CVE-2017-3735.patch
- CVE-2017-3736.patch
- fix_armhf_ftbfs.patch
- CVE-2017-3737-pre.patch
- CVE-2017-3737-1.patch
- CVE-2017-3737-2.patch
- CVE-2017-3738.patch
.
openssl1.0 (1.0.2n-1) unstable; urgency=medium
.
* New upstream version 1.0.2n
- drop patches which applied upstream:
- 0001-Fix-no-ssl3-build.patch
- 0001-aes-armv4-bsaes-armv7-sha256-armv4-.pl-make-it-work-.patch
- Fixes CVE-2017-3737 (Read/write after SSL object in error state)
- Fixes CVE-2017-3738 (rsaz_1024_mul_avx2 overflow bug on x86_64)
* move to gbp
* Abort the build if symbols are discovered which are not part of the
symbols file.
.
openssl1.0 (1.0.2m-3) unstable; urgency=medium
.
* Avoid problems with aes and sha256 assembler on armhf using binutils 2.29
.
openssl1.0 (1.0.2m-2) unstable; urgency=medium
.
* Fix no-ssl3-method build
.
openssl1.0 (1.0.2m-1) unstable; urgency=high
.
[ Kurt Roeckx ]
* New upstream version
- Fixes CVE-2017-3735
- Fixes CVE-2017-3736
.
[ Sebastian Andrzej Siewior]
* Add support for arm64ilp32, Patch by Wookey (Closes: #874709).
.
openssl1.0 (1.0.2l-2) unstable; urgency=medium
.
* Make the udeb use a versioned depends (Closes: #864081)
.
openssl1.0 (1.0.2l-1) unstable; urgency=medium
.
* New upstream release
- Properly detect features on the AMD Ryzen processor (Closes: #861145)
* Refresh valgrind.patch
.
openssl1.0 (1.0.2k-1) unstable; urgency=medium
.
* New upstream release
- Fixes CVE-2017-3731
- Fixes CVE-2017-3732
- Fixes CVE-2016-7055
.
openssl1.0 (1.0.2j-5) unstable; urgency=medium
.
* Add myself as Uploader.
* Drop zlib1g-dev from libssl1.0-dev's deps (Closes: #845945).
* Mark RC4 and 3DES as weak which removes them from the SSL/TLS protocol
(Closes: #736687).
* Update Standards-Version, no change required.
* Drop asm support for X32 because the testsuite segfaults.
* Limit the watchfile to the 1.0.2x series.
* Redo rules file to newer debhelper syntax
* Add homepage filed
* Remove recommends for libssl-doc because the doc package from 1.1.0 is not
really matching the -dev package from 1.0.2
.
openssl1.0 (1.0.2j-4) unstable; urgency=medium
.
* Re-add udebs
.
openssl1.0 (1.0.2j-3) unstable; urgency=medium
.
* Upload to unstable
.
openssl1.0 (1.0.2j-2) experimental; urgency=medium
.
* Provide an 1.0.2 version of the library for Stretch.
.
openssl (1.0.2j-1) unstable; urgency=medium
.
* New upstream release
- Fixes CVE-2016-7052
.
openssl (1.0.2i-1) unstable; urgency=high
.
* New upstream version
- Fix CVE-2016-2177
- Fix CVE-2016-2178
- Fix CVE-2016-2179
- Fix CVE-2016-2180
- Fix CVE-2016-2181
- Fix CVE-2016-2182
- Fix CVE-2016-2183
- Fix CVE-2016-6302
- Fix CVE-2016-6303
- Fix CVE-2016-6304
- Fix CVE-2016-6306
* Drop ca.patch, option is now documented upstream
* Update engines-path.patch to also update the libcrypto.pc, now that that
has an enginesdir in it.
.
openssl (1.0.2h-2) unstable; urgency=medium
.
* Re-add libdoc-manpgs-pod-spell.patch to series files (Closes: #813191)
* Don't build i686 optimized version anymore on i386, it's now the default.
(Closes: #823774)
.
openssl (1.0.2h-1) unstable; urgency=high
.
* New upstream version
- Fixes CVE-2016-2107
- Fixes CVE-2016-2105
- Fixes CVE-2016-2106
- Fixes CVE-2016-2109
- Fixes CVE-2016-2176
.
openssl (1.0.2g-2) unstable; urgency=medium
.
* Use assembler of arm64 (Closes: #794326)
Patch from Riku Voipio <riku.voipio at iki.fi>
* Add a udeb for libssl, based on similar changes done in Ubuntu
starting in version 0.9.8o-4ubuntu1 (Closes: #802591)
Patch from Margarita Manterola <marga at google.com>
* Add support for nios2 (Closes: #816239)
Based on patch from Marek Vasut <marex at denx.de>
* Update Spanish translation from Manuel "Venturi" Porras Peralta
<venturi at openmailbox.org> (Closes: #773601)
* Don't build an i586 optimized version anymore, the default
already targets that. Patch from Sven Joachim <svenjoac at gmx.de>
(Closes: #759811)
Checksums-Sha1:
ae9f374ae042b82a6bd8d6a08a43719f402e2201 2203 openssl_1.0.2n-1ubuntu1.dsc
0ca2957869206de193603eca6d89f532f61680b1 5375802 openssl_1.0.2n.orig.tar.gz
198b318d2407873c8b6b91ecb036250a7a3e19c0 91456 openssl_1.0.2n-1ubuntu1.debian.tar.xz
af144b09cb6630b07204f011dec868ac03eac235 6548 openssl_1.0.2n-1ubuntu1_source.buildinfo
Checksums-Sha256:
0f72c41e15e5f35302d1e50bb7a2980d6738f8086d1996a368a35f110d4d64e1 2203 openssl_1.0.2n-1ubuntu1.dsc
370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe 5375802 openssl_1.0.2n.orig.tar.gz
ec505ee8c04ea26cbb36ec6fd273bea57a9829c0eb995ea9ef88fe23ea4cd3b6 91456 openssl_1.0.2n-1ubuntu1.debian.tar.xz
b2651aff71fda0486b9b3f49761071603a9ccd0a26f9207a739da39992fc92cf 6548 openssl_1.0.2n-1ubuntu1_source.buildinfo
Files:
c77c3a4c94c955780f3268ca5b93396d 2203 utils optional openssl_1.0.2n-1ubuntu1.dsc
13bdc1b1d1ff39b6fd42a255e74676a4 5375802 utils optional openssl_1.0.2n.orig.tar.gz
e7af8585932fb91979e4e5821e435327 91456 utils optional openssl_1.0.2n-1ubuntu1.debian.tar.xz
12bec6d62fc5bb4221cc78ac650dd4a3 6548 utils optional openssl_1.0.2n-1ubuntu1_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQFEBAEBCgAuFiEEdzyZ69ChEXIhenw/ysLYuc0spfkFAlpeH9YQHHhub3hAdWJ1
bnR1LmNvbQAKCRDKwti5zSyl+ZUOB/0Un0Vr82M/dPsLgUoOl6ccY9r5exYwT1dA
PCBvcMxVo/mySFJEVsM9e2zqcai3JTPVHE62/JUiWBn8PU6tNaEW2GrrlvuAS6oy
WqyOiY8OPhncwEt5SEinVTA+Ewr4bPt8PJ0aN/EAoKU262EW7kR0RblimVlaNARx
1sIDp+murODH0BcF8aU7/4ZjFrkRR0lkodAav5/snbnJx4Jx6G/Vl1myy4bp1UiS
1LETO5HZA7h/019QXIlRzH9yn9/0m/LrhtUuWs1W/ypx4J292omAUbteHOyy5j+d
OQfAAAEoZ+XYNMDoYi5eQr+84YdEfZALbxtjT695BBMFi46q3o91
=tcq/
-----END PGP SIGNATURE-----
More information about the Bionic-changes
mailing list