[ubuntu/precise] openssl 1.0.1-2ubuntu1 (Accepted)

Colin Watson cjwatson at ubuntu.com
Thu Mar 22 18:10:22 UTC 2012 

openssl (1.0.1-2ubuntu1) precise; urgency=low

  * Resynchronise with Debian (LP: #958430).  Remaining changes:
    - debian/libssl1.0.0.postinst:
      + Display a system restart required notification on libssl1.0.0
        upgrade on servers.
      + Use a different priority for libssl1.0.0/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
    - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
      libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
      in Debian).
    - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
      rules}: Move runtime libraries to /lib, for the benefit of
      wpasupplicant.
    - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
      .pc.
    - debian/rules:
      + Don't run 'make test' when cross-building.
      + Use host compiler when cross-building.  Patch from Neil Williams.
      + Don't build for processors no longer supported: i586 (on i386)
      + Fix Makefile to properly clean up libs/ dirs in clean target.
      + Replace duplicate files in the doc directory with symlinks.
    - Unapply patch c_rehash-multi and comment it out in the series as it
      breaks parsing of certificates with CRLF line endings and other cases
      (see Debian #642314 for discussion), it also changes the semantics of
      c_rehash directories by requiring applications to parse hash link
      targets as files containing potentially *multiple* certificates rather
      than exactly one.
  * Drop aesni.patch, applied upstream.
  * Drop Bsymbolic-functions.patch, now handled using dpkg-buildflags.

openssl (1.0.1-2) unstable; urgency=low

  * Properly quote the new cflags in Configure

openssl (1.0.1-1) unstable; urgency=low

  * New upstream version
    - Remove kfreebsd-pipe.patch, fixed upstream
    - Update pic.patch, openssl-pod-misspell.patch and make-targets.patch
    - Add OPENSSL_1.0.1 to version-script.patch and libssl1.0.0.symbols for
      the new functions.
    - AES-NI support (Closes: #644743)
  * pic.patch: upstream made OPENSSL_ia32cap_P and OPENSSL_cpuid_setup
    hidden on amd64, no need to access it PIC anymore.
  * pic.patch: Make OPENSSL_ia32cap_P hidden on i386 too (Closes: #663977)
  * Enable hardening using dpkg-buildflags (Closes: #653495)
  * s_client and s_server were forcing SSLv3 only connection when SSLv2 was
    disabled instead of the SSLv2 with upgrade method.  (Closes: #664454)
  * Add Beaks on openssh < 1:5.9p1-4, it has a too strict version check.

openssl (1.0.0h-1) unstable; urgency=high

  * New upstream version
    - Fixes CVE-2012-0884
    - Fixes CVE-2012-1165
    - Properly fix CVE-2011-4619
    - pkg-config.patch applied upstream, remove it.
  * Enable assembler for all i386 arches.  The assembler does proper
    detection of CPU support, including cpuid support.
    This should fix a problem with AES 192 and 256 with the padlock
    engine because of the difference in NO_ASM between the between
    the i686 optimized library and the engine.

Date: Thu, 22 Mar 2012 17:54:09 +0000
Changed-By: Colin Watson <cjwatson at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/openssl/1.0.1-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 22 Mar 2012 17:54:09 +0000
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: source
Version: 1.0.1-2ubuntu1
Distribution: precise
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Colin Watson <cjwatson at ubuntu.com>
Description: 
 libcrypto1.0.0-udeb - crypto shared library - udeb (udeb)
 libssl-dev - SSL development libraries, header files and documentation
 libssl-doc - SSL development documentation documentation
 libssl1.0.0 - SSL shared libraries
 libssl1.0.0-dbg - Symbol tables for libssl and libcrypto
 libssl1.0.0-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Socket Layer (SSL) binary and related cryptographic tools
Closes: 644743 653495 663977 664454
Launchpad-Bugs-Fixed: 958430
Changes: 
 openssl (1.0.1-2ubuntu1) precise; urgency=low
 .
   * Resynchronise with Debian (LP: #958430).  Remaining changes:
     - debian/libssl1.0.0.postinst:
       + Display a system restart required notification on libssl1.0.0
         upgrade on servers.
       + Use a different priority for libssl1.0.0/restart-services depending
         on whether a desktop, or server dist-upgrade is being performed.
     - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
       libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
       in Debian).
     - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
       rules}: Move runtime libraries to /lib, for the benefit of
       wpasupplicant.
     - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
       .pc.
     - debian/rules:
       + Don't run 'make test' when cross-building.
       + Use host compiler when cross-building.  Patch from Neil Williams.
       + Don't build for processors no longer supported: i586 (on i386)
       + Fix Makefile to properly clean up libs/ dirs in clean target.
       + Replace duplicate files in the doc directory with symlinks.
     - Unapply patch c_rehash-multi and comment it out in the series as it
       breaks parsing of certificates with CRLF line endings and other cases
       (see Debian #642314 for discussion), it also changes the semantics of
       c_rehash directories by requiring applications to parse hash link
       targets as files containing potentially *multiple* certificates rather
       than exactly one.
   * Drop aesni.patch, applied upstream.
   * Drop Bsymbolic-functions.patch, now handled using dpkg-buildflags.
 .
 openssl (1.0.1-2) unstable; urgency=low
 .
   * Properly quote the new cflags in Configure
 .
 openssl (1.0.1-1) unstable; urgency=low
 .
   * New upstream version
     - Remove kfreebsd-pipe.patch, fixed upstream
     - Update pic.patch, openssl-pod-misspell.patch and make-targets.patch
     - Add OPENSSL_1.0.1 to version-script.patch and libssl1.0.0.symbols for
       the new functions.
     - AES-NI support (Closes: #644743)
   * pic.patch: upstream made OPENSSL_ia32cap_P and OPENSSL_cpuid_setup
     hidden on amd64, no need to access it PIC anymore.
   * pic.patch: Make OPENSSL_ia32cap_P hidden on i386 too (Closes: #663977)
   * Enable hardening using dpkg-buildflags (Closes: #653495)
   * s_client and s_server were forcing SSLv3 only connection when SSLv2 was
     disabled instead of the SSLv2 with upgrade method.  (Closes: #664454)
   * Add Beaks on openssh < 1:5.9p1-4, it has a too strict version check.
 .
 openssl (1.0.0h-1) unstable; urgency=high
 .
   * New upstream version
     - Fixes CVE-2012-0884
     - Fixes CVE-2012-1165
     - Properly fix CVE-2011-4619
     - pkg-config.patch applied upstream, remove it.
   * Enable assembler for all i386 arches.  The assembler does proper
     detection of CPU support, including cpuid support.
     This should fix a problem with AES 192 and 256 with the padlock
     engine because of the difference in NO_ASM between the between
     the i686 optimized library and the engine.
Checksums-Sha1: 
 eb5224a3d92aadd66f9b6ebaa9c082968c1f7548 2423 openssl_1.0.1-2ubuntu1.dsc
 a6476d33fd38c2e7dfb438d1e3be178cc242c907 4453920 openssl_1.0.1.orig.tar.gz
 062255b902c136afa66b380a7dd54db4ef82a77a 94564 openssl_1.0.1-2ubuntu1.debian.tar.gz
Checksums-Sha256: 
 fcecd56acba6c3da05c7f7c760d1648cca353d033d24c338cdd81f6c82bbe072 2423 openssl_1.0.1-2ubuntu1.dsc
 4d9f0a594a9a89b28e1a04a9504c04104f6508ee27ad1e0efdd17a7a6dbbeeee 4453920 openssl_1.0.1.orig.tar.gz
 24bf8c49143e28069d817a14c52af3cbabf8aebc5fb1da8fcacda21316c2a7c5 94564 openssl_1.0.1-2ubuntu1.debian.tar.gz
Files: 
 ec8141bfa5b9022f1aa8bc07ef415814 2423 utils optional openssl_1.0.1-2ubuntu1.dsc
 134f168bc2a8333f19f81d684841710b 4453920 utils optional openssl_1.0.1.orig.tar.gz
 f9fc1b0c409f0d1598dcebc3eb961dcb 94564 utils optional openssl_1.0.1-2ubuntu1.debian.tar.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Colin Watson <cjwatson at debian.org> -- Debian developer

iQIVAwUBT2tpFzk1h9l9hlALAQgMGw//VkDUrSJv8h/T3RkIyEde1/6tAkPPga1R
5LD6hTBN9hKcNHpHAqsH7bdBJB3MKrviK4Ccc+61KQhYFfQITjiR5thtMETvWXA7
YAvlF7wEU6g5j0hgR8bQ8pDPgPTLqqQn3uI22Mn73925gDmVbf1GfDGaTGtpcux4
T8AHJ2SlQFDkITVvfCsUBo8RZ6yj9Zwu55rsbHp5Ekpy/i5vISlyTH/Da8PItxbc
KPTgZtz86Z4MEQJUxI0HDKhlMyfBQgApOPBjKrn6faGJ2/Lqt2aNsHfvm73hxDEr
ySLbAy7aZTqTl4z0f426Q5iNtNV258Adz6r46hlv/cVeXqsoH/L3sA+lE3HNbwim
cP80IoXWyXEBreF6nOiGMdsxbAoqylYASHjsrdwnxIRW+mcOX0QUedxVmaQbGaiD
Sv0scH5TXis3wAriL/+uwKv2xAoIWZw1e7REjIdSqav5AvRrtHquRj3Vx7QDOAbW
PHelVLPr2jolB6huJtVtHRAIkMlqKThBOiF94DF6cK6Eizjg5whethiEUM/9IiaW
JGgMz2WVXpTQ2aXNvGt4HNArKpZOKwcyfnKJj7WTAyMucF6iA4GE7/uXuqFZ9yfO
6LlbX/cppkPbDqB2c7iYatDtuwJUHDs1YjTCU96QcwzSOVhhtZEXypWgWx5FAyxl
JySeprr4BYI=
=seWb
-----END PGP SIGNATURE-----

More information about the Precise-changes mailing list