[ubuntu/oneiric] openssl 1.0.0e-2ubuntu1 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Thu Sep 15 20:00:24 UTC 2011 

openssl (1.0.0e-2ubuntu1) oneiric; urgency=low

  * Resynchronise with Debian, fixes CVE-2011-1945, CVE-2011-3207 and
    CVE-2011-3210 (LP: #850608). Remaining changes:
    - debian/libssl1.0.0.postinst:
      + Display a system restart required notification bubble on libssl1.0.0
        upgrade.
      + Use a different priority for libssl1.0.0/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
    - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
      libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
      in Debian).
    - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
      rules}: Move runtime libraries to /lib, for the benefit of
      wpasupplicant.
    - debian/patches/aesni.patch: Backport Intel AES-NI support, now from
      http://rt.openssl.org/Ticket/Display.html?id=2065 rather than the
      0.9.8 variant.
    - debian/patches/Bsymbolic-functions.patch: Link using
      -Bsymbolic-functions.
    - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
      .pc.
    - debian/rules:
      + Don't run 'make test' when cross-building.
      + Use host compiler when cross-building.  Patch from Neil Williams.
      + Don't build for processors no longer supported: i486, i586 (on
        i386), v8 (on sparc).
      + Fix Makefile to properly clean up libs/ dirs in clean target.
      + Replace duplicate files in the doc directory with symlinks.
  * debian/libssl1.0.0.postinst: only display restart notification on
    servers (LP: #244250)

openssl (1.0.0e-2) unstable; urgency=low

  * Add a missing $(DEB_HOST_MULTIARCH)

openssl (1.0.0e-1) unstable; urgency=low

  * New upstream version
    - Fix bug where CRLs with nextUpdate in the past are sometimes accepted
      by initialising X509_STORE_CTX properly. (CVE-2011-3207)
    - Fix SSL memory handling for (EC)DH ciphersuites, in particular
      for multi-threaded use of ECDH. (CVE-2011-3210)
    - Add protection against ECDSA timing attacks (CVE-2011-1945)
  * Block DigiNotar certifiates.  Patch from
    Raphael Geissert <geissert at debian.org>
  * Generate hashes for all certs in a file (Closes: #628780, #594524)
    Patch from Klaus Ethgen <Klaus at Ethgen.de>
  * Add multiarch support (Closs: #638137)
    Patch from Steve Langasek / Ubuntu
  * Symbols from the gost engine were removed because it didn't have
    a linker file.  Thanks to Roman I Khimov <khimov at altell.ru>
    (Closes: #631503)
  * Add support for s390x.  Patch from Aurelien Jarno <aurel32 at debian.org>
    (Closes: #641100)
  * Add build-arch and build-indep targets to the rules file.

openssl (1.0.0d-3) unstable; urgency=low

  * Make it build on sparc64.  Patch from Aurelien Jarno.  (Closes: #626060)
  * Apply patches from Scott Schaefer <saschaefer at neurodiverse.org> to
    fix various pod and spelling errors. (Closes: #622820, #605561)
  * Add missing symbols for the engines (Closes: #623038)
  * More spelling fixes from Scott Schaefer (Closes: #395424)
  * Patch from Scott Schaefer to better document pkcs12 password options
    (Closes: #462489)
  * Document dgst -hmac option.  Patch by Thorsten Glaser <tg at mirbsd.de>
    (Closes: #529586)

Date: Wed, 14 Sep 2011 22:06:03 -0700
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/oneiric/+source/openssl/1.0.0e-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 14 Sep 2011 22:06:03 -0700
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: source
Version: 1.0.0e-2ubuntu1
Distribution: oneiric
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description: 
 libcrypto1.0.0-udeb - crypto shared library - udeb (udeb)
 libssl-dev - SSL development libraries, header files and documentation
 libssl-doc - SSL development documentation documentation
 libssl1.0.0 - SSL shared libraries
 libssl1.0.0-dbg - Symbol tables for libssl and libcrypto
 libssl1.0.0-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Socket Layer (SSL) binary and related cryptographic tools
Closes: 395424 462489 529586 594524 605561 622820 623038 626060 628780 631503 641100
Launchpad-Bugs-Fixed: 244250 850608
Changes: 
 openssl (1.0.0e-2ubuntu1) oneiric; urgency=low
 .
   * Resynchronise with Debian, fixes CVE-2011-1945, CVE-2011-3207 and
     CVE-2011-3210 (LP: #850608). Remaining changes:
     - debian/libssl1.0.0.postinst:
       + Display a system restart required notification bubble on libssl1.0.0
         upgrade.
       + Use a different priority for libssl1.0.0/restart-services depending
         on whether a desktop, or server dist-upgrade is being performed.
     - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
       libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
       in Debian).
     - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
       rules}: Move runtime libraries to /lib, for the benefit of
       wpasupplicant.
     - debian/patches/aesni.patch: Backport Intel AES-NI support, now from
       http://rt.openssl.org/Ticket/Display.html?id=2065 rather than the
       0.9.8 variant.
     - debian/patches/Bsymbolic-functions.patch: Link using
       -Bsymbolic-functions.
     - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
       .pc.
     - debian/rules:
       + Don't run 'make test' when cross-building.
       + Use host compiler when cross-building.  Patch from Neil Williams.
       + Don't build for processors no longer supported: i486, i586 (on
         i386), v8 (on sparc).
       + Fix Makefile to properly clean up libs/ dirs in clean target.
       + Replace duplicate files in the doc directory with symlinks.
   * debian/libssl1.0.0.postinst: only display restart notification on
     servers (LP: #244250)
 .
 openssl (1.0.0e-2) unstable; urgency=low
 .
   * Add a missing $(DEB_HOST_MULTIARCH)
 .
 openssl (1.0.0e-1) unstable; urgency=low
 .
   * New upstream version
     - Fix bug where CRLs with nextUpdate in the past are sometimes accepted
       by initialising X509_STORE_CTX properly. (CVE-2011-3207)
     - Fix SSL memory handling for (EC)DH ciphersuites, in particular
       for multi-threaded use of ECDH. (CVE-2011-3210)
     - Add protection against ECDSA timing attacks (CVE-2011-1945)
   * Block DigiNotar certifiates.  Patch from
     Raphael Geissert <geissert at debian.org>
   * Generate hashes for all certs in a file (Closes: #628780, #594524)
     Patch from Klaus Ethgen <Klaus at Ethgen.de>
   * Add multiarch support (Closs: #638137)
     Patch from Steve Langasek / Ubuntu
   * Symbols from the gost engine were removed because it didn't have
     a linker file.  Thanks to Roman I Khimov <khimov at altell.ru>
     (Closes: #631503)
   * Add support for s390x.  Patch from Aurelien Jarno <aurel32 at debian.org>
     (Closes: #641100)
   * Add build-arch and build-indep targets to the rules file.
 .
 openssl (1.0.0d-3) unstable; urgency=low
 .
   * Make it build on sparc64.  Patch from Aurelien Jarno.  (Closes: #626060)
   * Apply patches from Scott Schaefer <saschaefer at neurodiverse.org> to
     fix various pod and spelling errors. (Closes: #622820, #605561)
   * Add missing symbols for the engines (Closes: #623038)
   * More spelling fixes from Scott Schaefer (Closes: #395424)
   * Patch from Scott Schaefer to better document pkcs12 password options
     (Closes: #462489)
   * Document dgst -hmac option.  Patch by Thorsten Glaser <tg at mirbsd.de>
     (Closes: #529586)
Checksums-Sha1: 
 b15279184d17476490ade2a9cead7e997250b521 2079 openssl_1.0.0e-2ubuntu1.dsc
 235eb68e5a31b0f7a23bc05f52d7a39c596e2e69 4040229 openssl_1.0.0e.orig.tar.gz
 289777a637e60362e330bc2f658d64bba99cf7e1 110949 openssl_1.0.0e-2ubuntu1.debian.tar.gz
Checksums-Sha256: 
 8932912ad5664be7343158c255b49a5bbe1f4b6e217a47bec93aaeea7585da99 2079 openssl_1.0.0e-2ubuntu1.dsc
 e361dc2775733fb84de7b5bf7b504778b772869e8f7bfac0b28b935cbf7380f7 4040229 openssl_1.0.0e.orig.tar.gz
 ecb7d7f127dd42802d03f537810ec2776c269817adb54f45e43456c5b2057b26 110949 openssl_1.0.0e-2ubuntu1.debian.tar.gz
Files: 
 f760930c1715f9d5656868133db891b9 2079 utils optional openssl_1.0.0e-2ubuntu1.dsc
 7040b89c4c58c7a1016c0dfa6e821c86 4040229 utils optional openssl_1.0.0e.orig.tar.gz
 9099e4576044fd0169b22176dc1a37d0 110949 utils optional openssl_1.0.0e-2ubuntu1.debian.tar.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJOclbCAAoJEGVp2FWnRL6TJjAP/A38vYY2bzxwpzFrtszYBQrA
gPYtZmyAQ9lncLJbhi9IORLQQBdUYCo7s9VEwytwGOP1WclETDaxfkqophmwnKzE
Xgm262D0vfQ+TTKqeSgzH6f+k2G8d3l5KY3Ccb30FbCWx261ofZEtJbZe0bqtGC3
RN3qtH/gdNzoKsTm0RmexSLQJAUp1f5loWzQilRq+B2AfOI1DNPVhTaj+r24Iz60
cDppzLzs+ft4o/Ant3CAR6ziyHtyzIys4p9lcPg59E+uVSZjDUjaqlsiT67WH527
F9Ow+SD+yMWaUt3pYgDXC8Op4afPneUiVSmhpI+JhgmAob/KH37limWK26O4iUyZ
17IJOBU10UbzQn0EymGFp4W9HM/J0WwrQKlCqm3szpiMX9LixiFFhhsNLmwH51M/
TwEtI094SfNTvBouoZYiSlZWMJs7ztFZRJsVwgS6MLj1em3ObC60nLXu0c1jdvqc
0VVKmcBBFfG4c/loHvTNAb2pJjnQ78P8bszN7RhhnvvgrIpROVFCVmMKYS/xZwwK
W675gHFaagm8hFjTDXDC+PSSN8PdHmLMWaIS+Kykz5xIBRBJ0tn4wESNBdi7DQfK
rbAY9LVhCnfDOD/CknTf4lyQcqQ9LQhSvryUmALabh58KDhUpiXNaTIScspmaIDX
S92o42QJLzS4i9P4ChaT
=ArO0
-----END PGP SIGNATURE-----

More information about the Oneiric-changes mailing list