[ubuntu/xenial-proposed] openssl 1.0.2g-1ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Mar 1 21:11:13 UTC 2016 

openssl (1.0.2g-1ubuntu1) xenial; urgency=medium

  * Merge with Debian, remaining changes.
    - Disable SSLv3 without changing ABI:
      + debian/patches/no-sslv3.patch: Disable SSLv3 without using the
        no-ssl3-method option
      + debian/rules: don't use no-ssl3-method, don't bump soname
      + debian/patches/engines-path.patch: don't bump soname
      + debian/patches/version-script.patch: don't bump soname
      + debian/patches/soname.patch: removed
      + debian/lib*: don't bump soname
    - debian/control: don't enable rfc3779 and cms support for now as it
      changes ABI.
    - debian/libssl1.0.0.postinst:
      + Display a system restart required notification on libssl1.0.0
        upgrade on servers.
      + Use a different priority for libssl1.0.0/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
    - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
      libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
      in Debian).
    - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
      rules}: Move runtime libraries to /lib, for the benefit of
      wpasupplicant.
    - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
      .pc.
    - debian/rules:
      + Don't run 'make test' when cross-building.
      + Use host compiler when cross-building.  Patch from Neil Williams.
      + Don't build for processors no longer supported: i586 (on i386)
      + Fix Makefile to properly clean up libs/ dirs in clean target.
      + Replace duplicate files in the doc directory with symlinks.
    - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-*
    - debian/rules: Enable optimized 64bit elliptic curve code contributed
      by Google.

openssl (1.0.2g-1) unstable; urgency=high

  * New upstream version
  * Fix CVE-2016-0797
  * Fix CVE-2016-0798
  * Fix CVE-2016-0799
  * Fix CVE-2016-0702
  * Fix CVE-2016-0705
  * Disable EXPORT and LOW ciphers: The DROWN attack (CVE-2016-0800)
    makes use of those, and SLOTH attack (CVE-2015-7575) can make use of them
    too.

Date: Tue, 01 Mar 2016 14:09:30 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 01 Mar 2016 14:09:30 -0500
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: source
Version: 1.0.2g-1ubuntu1
Distribution: xenial
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.0.0-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.0.2g-1ubuntu1) xenial; urgency=medium
 .
   * Merge with Debian, remaining changes.
     - Disable SSLv3 without changing ABI:
       + debian/patches/no-sslv3.patch: Disable SSLv3 without using the
         no-ssl3-method option
       + debian/rules: don't use no-ssl3-method, don't bump soname
       + debian/patches/engines-path.patch: don't bump soname
       + debian/patches/version-script.patch: don't bump soname
       + debian/patches/soname.patch: removed
       + debian/lib*: don't bump soname
     - debian/control: don't enable rfc3779 and cms support for now as it
       changes ABI.
     - debian/libssl1.0.0.postinst:
       + Display a system restart required notification on libssl1.0.0
         upgrade on servers.
       + Use a different priority for libssl1.0.0/restart-services depending
         on whether a desktop, or server dist-upgrade is being performed.
     - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
       libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
       in Debian).
     - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
       rules}: Move runtime libraries to /lib, for the benefit of
       wpasupplicant.
     - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
       .pc.
     - debian/rules:
       + Don't run 'make test' when cross-building.
       + Use host compiler when cross-building.  Patch from Neil Williams.
       + Don't build for processors no longer supported: i586 (on i386)
       + Fix Makefile to properly clean up libs/ dirs in clean target.
       + Replace duplicate files in the doc directory with symlinks.
     - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-*
     - debian/rules: Enable optimized 64bit elliptic curve code contributed
       by Google.
 .
 openssl (1.0.2g-1) unstable; urgency=high
 .
   * New upstream version
   * Fix CVE-2016-0797
   * Fix CVE-2016-0798
   * Fix CVE-2016-0799
   * Fix CVE-2016-0702
   * Fix CVE-2016-0705
   * Disable EXPORT and LOW ciphers: The DROWN attack (CVE-2016-0800)
     makes use of those, and SLOTH attack (CVE-2015-7575) can make use of them
     too.
Checksums-Sha1:
 6d4d72c8a4d1aff727750f1b392c84d89f6effd8 2424 openssl_1.0.2g-1ubuntu1.dsc
 36af23887402a5ea4ebef91df8e61654906f58f2 5266102 openssl_1.0.2g.orig.tar.gz
 349187a7e9f29b1843e44a03f8421c9aaf88934e 86748 openssl_1.0.2g-1ubuntu1.debian.tar.xz
Checksums-Sha256:
 ec505a252b0b85e2c09d42684f073dc4236671c69ef51b3e7ce2173d4e4f7fd4 2424 openssl_1.0.2g-1ubuntu1.dsc
 b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33 5266102 openssl_1.0.2g.orig.tar.gz
 cff2bed81d04e1d8c3dd95587fc3d70afbbbebeb8d4d887427ddabf48fc0ab02 86748 openssl_1.0.2g-1ubuntu1.debian.tar.xz
Files:
 ede22954a36a755ca302ca37c4bba97e 2424 utils optional openssl_1.0.2g-1ubuntu1.dsc
 f3c710c045cdee5fd114feb69feba7aa 5266102 utils optional openssl_1.0.2g.orig.tar.gz
 8e3f4ca7ca3a853fb520d0da18f64235 86748 utils optional openssl_1.0.2g-1ubuntu1.debian.tar.xz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJW1fRhAAoJEGVp2FWnRL6TOWgP/2ylzJA1s0uNOOuFDgspSq2k
ehRJKJEuwwtVWA7vQf03kpoBSKWHwUuuVBpsi2ih1bSn8GfPCBFaRqgXSnsHlAet
bEoYnrzfCBqRmRa5d8o4S7DwSb8DUQYhwo5KW2cUHWE4dYeif21BZ8pXnphDgFHy
Vir5AMScRIhetGuldbFbqyOL0kQqUTBpGGZ5sVna7hp3CrZW47TKbc+4F5dmahbS
GYKMRk28wOH8j+U9KGn8ikLrJZ8WixBIc+y0VVmeHrtnQW7uFrfOK2kwihN1iPoT
WLKytOt0HC5sw5o/99JdoSBTw+xYtMuPlUdD0h17uAP0jhUhCTy6ge4VpQPV2VX6
Cgv4NKkXqIp9zpESxF3IsGxuuUdR73/L7sDeyssK7nzU9sLMtamdiHbq5Afj8xqP
a8RJZnMsOYLiy4MnDQvy56zKAYChyiO4PoZFx9LxBECUlkTYrGF5RirWE4r+0khd
l+q9n4P/vSZ6b9w5PjmwGemxFHcSO6tHkENeKIOCbFSN8Gjc34pYb/JfJsxkmU/w
FNQrFKBjpohFkCi28wUShMvgAsc3CM/LOnQnMqxfHW7iAwbD/lLfh9sMh3icHUmn
6j2EOSXfzAtaf8Qng7at038gHhCmT6qb2uqK8PObcJYA3OVpMScp4/OkWYQViaL1
owNgvwqGk5KO+XkDl0xz
=655S
-----END PGP SIGNATURE-----

More information about the Xenial-changes mailing list