[ubuntu/trusty-proposed] openssl 1.0.1f-1ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Fri Jan 10 12:32:14 UTC 2014 

openssl (1.0.1f-1ubuntu1) trusty; urgency=low

  * Merge with Debian, remaining changes.
    - debian/libssl1.0.0.postinst:
      + Display a system restart required notification on libssl1.0.0
        upgrade on servers.
      + Use a different priority for libssl1.0.0/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
    - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
      libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
      in Debian).
    - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
      rules}: Move runtime libraries to /lib, for the benefit of
      wpasupplicant.
    - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
      .pc.
    - debian/rules:
      + Don't run 'make test' when cross-building.
      + Use host compiler when cross-building.  Patch from Neil Williams.
      + Don't build for processors no longer supported: i586 (on i386)
      + Fix Makefile to properly clean up libs/ dirs in clean target.
      + Replace duplicate files in the doc directory with symlinks.
    - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-*
    - debian/patches/ubuntu_deb676533_arm_asm.patch: Enable arm assembly
      code.
    - debian/rules: Enable optimized 64bit elliptic curve code contributed
      by Google.
  * Dropped changes:
    - debian/patches/arm64-support: included in debian-targets.patch
    - debian/patches/no_default_rdrand.patch: upstream
    - debian/patches/openssl-1.0.1e-env-zlib.patch: zlib is now completely
      disabled in debian/rules

openssl (1.0.1f-1) unstable; urgency=high

  * New upstream version
    - Fix for TLS record tampering bug CVE-2013-4353
    - Drop the snapshot patch
  * update watch file to check for upstream signature and add upstream pgp key.
  * Drop conflicts against openssh since we now on a released version again.

openssl (1.0.1e-6) unstable; urgency=medium

  * Add Breaks: openssh-client (<< 1:6.4p1-1.1), openssh-server (<<
    1:6.4p1-1.1).  This is to prevent people running into #732940.
    This Breaks can be removed again when we stop using a git snapshot.

openssl (1.0.1e-5) unstable; urgency=low

  * Change default digest to SHA256 instead of SHA1.  (Closes: #694738)
  * Drop support for multiple certificates in 1 file.  It never worked
    properly in the first place, and the only one shipping in
    ca-certificates has been split.
  * Fix libdoc-manpgs-pod-spell.patch to only fix spalling errors
  * Remove make-targets.patch.  It prevented the test dir from being cleaned.
  * Update to a git snapshot of the OpenSSL_1_0_1-stable branch.
    - Fixes CVE-2013-6449 (Closes: #732754)
    - Fixes CVE-2013-6450
    - Drop patches ssltest_no_sslv2.patch cpuid.patch aesni-mac.patch
      dtls_version.patch get_certificate.patch, since they where all
      already commited upstream.
    - adjust fix-pod-errors.patch for the reordering of items in the
      documentation they've done trying to fix those pod errors.
    - disable rdrand engine by default (Closes: #732710)
  * disable zlib support.  Fixes CVE-2012-4929 (Closes: #728055)
  * Add arm64 support (Closes: #732348)
  * Properly use the default number of bits in req when none are given

Date: Wed, 08 Jan 2014 15:57:24 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/trusty/+source/openssl/1.0.1f-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 08 Jan 2014 15:57:24 -0500
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: source
Version: 1.0.1f-1ubuntu1
Distribution: trusty
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.0.0-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Closes: 694738 728055 732348 732710 732754
Changes: 
 openssl (1.0.1f-1ubuntu1) trusty; urgency=low
 .
   * Merge with Debian, remaining changes.
     - debian/libssl1.0.0.postinst:
       + Display a system restart required notification on libssl1.0.0
         upgrade on servers.
       + Use a different priority for libssl1.0.0/restart-services depending
         on whether a desktop, or server dist-upgrade is being performed.
     - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
       libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
       in Debian).
     - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
       rules}: Move runtime libraries to /lib, for the benefit of
       wpasupplicant.
     - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
       .pc.
     - debian/rules:
       + Don't run 'make test' when cross-building.
       + Use host compiler when cross-building.  Patch from Neil Williams.
       + Don't build for processors no longer supported: i586 (on i386)
       + Fix Makefile to properly clean up libs/ dirs in clean target.
       + Replace duplicate files in the doc directory with symlinks.
     - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-*
     - debian/patches/ubuntu_deb676533_arm_asm.patch: Enable arm assembly
       code.
     - debian/rules: Enable optimized 64bit elliptic curve code contributed
       by Google.
   * Dropped changes:
     - debian/patches/arm64-support: included in debian-targets.patch
     - debian/patches/no_default_rdrand.patch: upstream
     - debian/patches/openssl-1.0.1e-env-zlib.patch: zlib is now completely
       disabled in debian/rules
 .
 openssl (1.0.1f-1) unstable; urgency=high
 .
   * New upstream version
     - Fix for TLS record tampering bug CVE-2013-4353
     - Drop the snapshot patch
   * update watch file to check for upstream signature and add upstream pgp key.
   * Drop conflicts against openssh since we now on a released version again.
 .
 openssl (1.0.1e-6) unstable; urgency=medium
 .
   * Add Breaks: openssh-client (<< 1:6.4p1-1.1), openssh-server (<<
     1:6.4p1-1.1).  This is to prevent people running into #732940.
     This Breaks can be removed again when we stop using a git snapshot.
 .
 openssl (1.0.1e-5) unstable; urgency=low
 .
   * Change default digest to SHA256 instead of SHA1.  (Closes: #694738)
   * Drop support for multiple certificates in 1 file.  It never worked
     properly in the first place, and the only one shipping in
     ca-certificates has been split.
   * Fix libdoc-manpgs-pod-spell.patch to only fix spalling errors
   * Remove make-targets.patch.  It prevented the test dir from being cleaned.
   * Update to a git snapshot of the OpenSSL_1_0_1-stable branch.
     - Fixes CVE-2013-6449 (Closes: #732754)
     - Fixes CVE-2013-6450
     - Drop patches ssltest_no_sslv2.patch cpuid.patch aesni-mac.patch
       dtls_version.patch get_certificate.patch, since they where all
       already commited upstream.
     - adjust fix-pod-errors.patch for the reordering of items in the
       documentation they've done trying to fix those pod errors.
     - disable rdrand engine by default (Closes: #732710)
   * disable zlib support.  Fixes CVE-2012-4929 (Closes: #728055)
   * Add arm64 support (Closes: #732348)
   * Properly use the default number of bits in req when none are given
Checksums-Sha1: 
 8b237cbfa298d58d5da3e571c5d22df640c5e97a 2375 openssl_1.0.1f-1ubuntu1.dsc
 9ef09e97dfc9f14ac2c042f3b7e301098794fc0f 4509212 openssl_1.0.1f.orig.tar.gz
 1ce4c884c9b6e4e4a7ddbf3a32ff9835f2a46e3a 109690 openssl_1.0.1f-1ubuntu1.debian.tar.gz
Checksums-Sha256: 
 9f5bcc4fa75df01b871bff28a32407de126b34f4c8b4b4cd2b1b6c0bdc80f244 2375 openssl_1.0.1f-1ubuntu1.dsc
 6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5a 4509212 openssl_1.0.1f.orig.tar.gz
 2c87d1148b927f1c064870e288c84ba94572b9849b8623005cadb62fa0b60f67 109690 openssl_1.0.1f-1ubuntu1.debian.tar.gz
Files: 
 a93f0ddf476c562859321f13c75b3d55 2375 utils optional openssl_1.0.1f-1ubuntu1.dsc
 f26b09c028a0541cab33da697d522b25 4509212 utils optional openssl_1.0.1f.orig.tar.gz
 5322d861b3500c7fc63141505f4c984a 109690 utils optional openssl_1.0.1f-1ubuntu1.debian.tar.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBCgAGBQJSz+eiAAoJEGVp2FWnRL6TY2gP/iG6rjvQ90yqkKIW69cQbH2y
PZyXnbu9A2tiLoNKsHwFxifbR6HaBr7Y5Pmr39w2DcfFQZehcUQlE0YEuKas63Fi
6q67IOzyY/THT3B+oTn8nChf9UGkeGogHWv0HSBg+lKWiBiu+tcFhuDgbWKd3aOt
NZfRwQoe/U8S16E7ELU/BQPOqb3GFZSV8EHDKrOv3DNf8WgP4vDOMWHM015u2cKo
3bDKI5p651RDGX+SbPdAKGiyac6yQy9WhUNZbsxTw0jYoOJ9RnuxF5P9FcMS6E9M
l/wU6qr0P4u/HMz4Tf4IIKa7JSFnrG8M4KdAJahejaLDJIY2bpcmIEzzb5mBCmO6
ul0IljvPGo8o0anZsBDaJ6bck3t3Wj+r6Z0EMarQhn5cD4gK7r+LWfrLl5MMdzHy
W1bQezUhXuTZZjrmiae6sRFTrXno4eSudD3jcCN5yNj+T1nFsEx8SUQP2Q8ehz/2
aFLvD/AxYhpt/9wEoAO+z8fnvP53b3cp6JNDeENESHZOEquVpFVoLpJMlE8c/KQE
EK1ao9hmOrxnnKmgIK3RmmHsHMAeN6UdNwfPfR9j/X0S6f4irg9fBbQ3MQk8N0ma
RasWwLrHjLP93gX13Bg0tYcRV5iuTHi89TjiyPjmilKQWE8JQX0RsAz7AQ+aT8qD
3arqFZIbCzrLmwfbROBR
=5yzn
-----END PGP SIGNATURE-----

More information about the Trusty-changes mailing list