[ubuntu/bionic-security] openssl 1.1.1-1ubuntu2.1~18.04.4 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Aug 20 12:25:02 UTC 2019

openssl (1.1.1-1ubuntu2.1~18.04.4) bionic; urgency=medium

  * Import libraries/restart-without-asking as used in postinst, to
    prevent failure to configure the package without debconf database.
    LP: #1832919

openssl (1.1.1-1ubuntu2.1~18.04.3) bionic; urgency=medium

  * Fix path to Xorg for reboot notifications on desktop. LP: #1832421
  * Cherrypick upstream fix to allow succesful init of libssl and
    libcrypto using separate calls with different options. LP: #1832659

openssl (1.1.1-1ubuntu2.1~18.04.2) bionic; urgency=medium

  * Cherrypick upstream patch to fix ca -spkac output to be text again.
    LP: #1828215
  * Cherrypick upstream patch to prevent over long nonces in ChaCha20-Poly1305
  * Bump major version of OpenSSL in postinst to trigger services restart
    upon upgrade. Many services listed there must be restarted when
    upgrading 1.1.0 to 1.1.1. LP: #1832522

openssl (1.1.1-1ubuntu2.1~18.04.1) bionic; urgency=medium

  * Backport OpenSSL 1.1.1 to 18.04 LTS. LP: #1797386
  * Adjust Breaks on versions published in bionic-release.

openssl (1.1.1-1ubuntu2.1) cosmic-security; urgency=medium

  * SECURITY UPDATE: timing side channel attack in DSA
    - debian/patches/CVE-2018-0734-1.patch: fix mod inverse in
    - debian/patches/CVE-2018-0734-2.patch: fix timing vulnerability in
    - debian/patches/CVE-2018-0734-3.patch: add a constant time flag in
    - CVE-2018-0734
  * SECURITY UPDATE: timing side channel attack in ECDSA
    - debian/patches/CVE-2018-0735.patch: fix timing vulberability in
    - CVE-2018-0735

openssl (1.1.1-1ubuntu2) cosmic; urgency=medium

  * Fixup typpos in the autopkgtest binary name.

openssl (1.1.1-1ubuntu1) cosmic; urgency=medium

  * Merge from Debian unstable, remaining changes:
    - Replace duplicate files in the doc directory with symlinks.
    - debian/libssl1.1.postinst:
      + Display a system restart required notification on libssl1.1
        upgrade on servers.
      + Use a different priority for libssl1.1/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
    - Revert "Enable system default config to enforce TLS1.2 as a
      minimum" & "Increase default security level from 1 to 2".
    - Further decrease security level from 1 to 0, for compatibility with
      openssl 1.0.2.

openssl (1.1.1-1) unstable; urgency=medium

  * New upstream version.
   - Update symbol file for 1.1.1
   - CVE-2018-0732 (actually since pre8).
  * Add Breaks on python-httplib2 (Addresses: #907015)
  * Add hardening=+all.
  * Update to policy 4.2.1
    - Less verbose testsuite with terse
    - Use RRR=no

openssl (1.1.1~~pre9-1) unstable; urgency=medium

  * New upstream version.
    - Support the final TLS 1.3 version (RFC 8446)
  * Upload to unstable

openssl (1.1.1~~pre8-1) experimental; urgency=medium

  * New upstream version.

openssl (1.1.1~~pre7-1) experimental; urgency=medium

  * Drop afalgeng on kfreebsd-* which go enabled because they inherit from
    the linux target.
  * Fix debian-rules-sets-dpkg-architecture-variable.
  * Update to policy 4.1.4
    - only Suggest: libssl-doc instead Recommends (only documentation and
      example code is shipped).
    - drop Priority: important.
    - use signing-key.asc and a https links for downloads
  * Use compat 11.
    - this moves the examples to /usr/share/doc/libssl-{doc->dev}/demos but it
      seems to make sense.
  * Add a 25-test_verify.t for autopkgtest which runs against intalled
    openssl binary.
  * Fix CVE-2018-0737 (Closes: #895844).

openssl (1.1.1~~pre6-2) experimental; urgency=medium

  * Update libssl1.1.symbols

openssl (1.1.1~~pre6-1) experimental; urgency=medium

  * New upstream version
  * Increase default security level from 1 to 2. This moves from the 80 bit
    security level to the 112 bit securit level and will require 2048 bit RSA
    and DHE keys.

openssl (1.1.1~~pre4-1) experimental; urgency=medium

  * Update to 1.1.1-pre4 (Closes: #892276, #894282).
  * Add riscv64 target (Closes: #891797).

openssl (1.1.1~~pre3-1) experimental; urgency=medium

  * Update to 1.1.1-pre3
  * Don't suggest 1024 bit RSA key to be typical (Closes: #878303).
  * Don't insist on TLS1.3 cipher for <TLS1.3 connections (Closes: #891570).
  * Enable system default config to enforce TLS1.2 as a minimum.

openssl (1.1.1~~pre2-1) experimental; urgency=medium

  * Update to 1.1.1-pre2

openssl (1.1.1~~pre1-1) experimental; urgency=medium

  * Abort the build if symbols are discovered which are not part of the
    symbols file.
  * Add config support for MIPS R6, patch by YunQiang Su (Closes: #882007).
  * Enable afalgeng on Linux targets (Closes: #888305)
  * Update 1.1.1-pre1.

Date: 2019-06-20 17:44:12.733306+00:00
Changed-By: Dimitri John Ledkov <launchpad at surgut.co.uk>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list