[ubuntu/impish-proposed] openssl 1.1.1l-1ubuntu1 (Accepted)

Simon Chopin simon.chopin at canonical.com
Fri Sep 10 08:33:13 UTC 2021 

openssl (1.1.1l-1ubuntu1) impish; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Replace duplicate files in the doc directory with symlinks.
    - debian/libssl1.1.postinst:
      + Display a system restart required notification on libssl1.1
        upgrade on servers, unless needrestart is available.
      + Use a different priority for libssl1.1/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
      + Skip services restart & reboot notification if needrestart is in-use.
      + Bump version check to to 1.1.1.
      + Import libraries/restart-without-asking template as used by above.
    - Revert "Enable system default config to enforce TLS1.2 as a
      minimum" & "Increase default security level from 1 to 2".
    - Reword the NEWS entry, as applicable on Ubuntu.
    - Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20
      and ECC from master.
    - Use perl:native in the autopkgtest for installability on i386.
    - Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
      level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions
      below 1.2 and update documentation. Previous default of 1, can be set
      by calling SSL_CTX_set_security_level(), SSL_set_security_level() or
      using ':@SECLEVEL=1' CipherString value in openssl.cfg.
    - Import https://github.com/openssl/openssl/pull/12272.patch to enable
      CET.
    - Add support for building with noudeb build profile.
  * Dropped changes:
    - Cherry-pick an upstream patch to fix s390x AES code

openssl (1.1.1l-1) unstable; urgency=medium

  * New upstream version.
    - CVE-2021-3711 (SM2 Decryption Buffer Overflow).
    - CVE-2021-3712 (Read buffer overruns processing ASN.1 strings).

Date: Fri, 10 Sep 2021 09:59:56 +0200
Changed-By: Simon Chopin <simon.chopin at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Julian Andres Klode <julian.klode at canonical.com>
https://launchpad.net/ubuntu/+source/openssl/1.1.1l-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Fri, 10 Sep 2021 09:59:56 +0200
Source: openssl
Built-For-Profiles: noudeb
Architecture: source
Version: 1.1.1l-1ubuntu1
Distribution: impish
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Simon Chopin <simon.chopin at canonical.com>
Changes:
 openssl (1.1.1l-1ubuntu1) impish; urgency=low
 .
   * Merge from Debian unstable. Remaining changes:
     - Replace duplicate files in the doc directory with symlinks.
     - debian/libssl1.1.postinst:
       + Display a system restart required notification on libssl1.1
         upgrade on servers, unless needrestart is available.
       + Use a different priority for libssl1.1/restart-services depending
         on whether a desktop, or server dist-upgrade is being performed.
       + Skip services restart & reboot notification if needrestart is in-use.
       + Bump version check to to 1.1.1.
       + Import libraries/restart-without-asking template as used by above.
     - Revert "Enable system default config to enforce TLS1.2 as a
       minimum" & "Increase default security level from 1 to 2".
     - Reword the NEWS entry, as applicable on Ubuntu.
     - Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20
       and ECC from master.
     - Use perl:native in the autopkgtest for installability on i386.
     - Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
       level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions
       below 1.2 and update documentation. Previous default of 1, can be set
       by calling SSL_CTX_set_security_level(), SSL_set_security_level() or
       using ':@SECLEVEL=1' CipherString value in openssl.cfg.
     - Import https://github.com/openssl/openssl/pull/12272.patch to enable
       CET.
     - Add support for building with noudeb build profile.
   * Dropped changes:
     - Cherry-pick an upstream patch to fix s390x AES code
 .
 openssl (1.1.1l-1) unstable; urgency=medium
 .
   * New upstream version.
     - CVE-2021-3711 (SM2 Decryption Buffer Overflow).
     - CVE-2021-3712 (Read buffer overruns processing ASN.1 strings).
Checksums-Sha1:
 9a8dac7984b6b39f829f10cb8f4f70fc21a8bb03 2758 openssl_1.1.1l-1ubuntu1.dsc
 f8819dd31642eebea6cc1fa5c256fc9a4f40809b 9834044 openssl_1.1.1l.orig.tar.gz
 1f13a8055c8c143a78e1f18aeae38b22cf3b18e4 488 openssl_1.1.1l.orig.tar.gz.asc
 24896898076ffab03de92d11fcca2b8c260fe374 144724 openssl_1.1.1l-1ubuntu1.debian.tar.xz
 e267142f9a7c66650331dc9b356c9db85de5b3ff 7706 openssl_1.1.1l-1ubuntu1_source.buildinfo
Checksums-Sha256:
 bd170ab313168ff7ddbe9ee8bf25084a7d8683daf99ecec383f2564c56d26a35 2758 openssl_1.1.1l-1ubuntu1.dsc
 0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1 9834044 openssl_1.1.1l.orig.tar.gz
 e2ae0ea526223843245dd80224b19a55283f4910dd56b7ee7b23187164f69fda 488 openssl_1.1.1l.orig.tar.gz.asc
 9845f9b19e1fd866babbcb28c93de74203ecb6f476fcb6418d29b60a2742e5b2 144724 openssl_1.1.1l-1ubuntu1.debian.tar.xz
 0f0a1916a056ee211135b0abfbbceeeb3565b776196d7fac48e10a25f739e654 7706 openssl_1.1.1l-1ubuntu1_source.buildinfo
Files:
 878c651fb9956fde705ccb340aa55242 2758 utils optional openssl_1.1.1l-1ubuntu1.dsc
 ac0d4387f3ba0ad741b0580dd45f6ff3 9834044 utils optional openssl_1.1.1l.orig.tar.gz
 dc5c52d7d1e7c2888351434789cdb89c 488 utils optional openssl_1.1.1l.orig.tar.gz.asc
 0663921b2560f1bffce83d443dde9f7f 144724 utils optional openssl_1.1.1l-1ubuntu1.debian.tar.xz
 fa4797aa37795d7744f1e8d0c7191cae 7706 utils optional openssl_1.1.1l-1ubuntu1_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>

More information about the impish-changes mailing list