[ubuntu/focal-proposed] openssl 1.1.1d-2ubuntu1 (Accepted)

Dimitri John Ledkov xnox at ubuntu.com
Wed Jan 8 17:35:13 UTC 2020 

openssl (1.1.1d-2ubuntu1) focal; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Replace duplicate files in the doc directory with symlinks.
    - debian/libssl1.1.postinst:
      + Display a system restart required notification on libssl1.1
        upgrade on servers.
      + Use a different priority for libssl1.1/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
      + Bump version check to to 1.1.1.
      + Import libraries/restart-without-asking template as used by above.
    - Revert "Enable system default config to enforce TLS1.2 as a
      minimum" & "Increase default security level from 1 to 2".
    - Reword the NEWS entry, as applicable on Ubuntu.
    - Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20
      from master.

  * Set TLS 1.2 as compiled-in minimum protocol version for TLS
    context. TLS 1.0 and 1.1 can be enabled again by calling
    SSL_CTX_set_min_proto_version() or SSL_set_min_proto_version(), or
    setting MinProtocol in the openssl.cfg. LP: #1856428

  * Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
    level. Previous default of 1, can be set by calling
    SSL_CTX_set_security_level(), SSL_set_security_level() or using
    ':@SECLEVEL=1' CipherString value in openssl.cfg.

openssl (1.1.1d-2) unstable; urgency=medium

  * Reenable AES-CBC-HMAC-SHA ciphers (Closes: #941987).

openssl (1.1.1d-1) unstable; urgency=medium

  * New upstream version
   - CVE-2019-1549 (Fixed a fork protection issue).
   - CVE-2019-1547 (Compute ECC cofactors if not provided during EC_GROUP
     construction).
   - CVE-2019-1563 (Fixed a padding oracle in PKCS7_dataDecode and
     CMS_decrypt_set1_pkey).
  * Update symbol list

Date: Wed, 08 Jan 2020 17:17:41 +0000
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssl/1.1.1d-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 08 Jan 2020 17:17:41 +0000
Source: openssl
Architecture: source
Version: 1.1.1d-2ubuntu1
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Closes: 941987
Launchpad-Bugs-Fixed: 1856428
Changes:
 openssl (1.1.1d-2ubuntu1) focal; urgency=low
 .
   * Merge from Debian unstable.  Remaining changes:
     - Replace duplicate files in the doc directory with symlinks.
     - debian/libssl1.1.postinst:
       + Display a system restart required notification on libssl1.1
         upgrade on servers.
       + Use a different priority for libssl1.1/restart-services depending
         on whether a desktop, or server dist-upgrade is being performed.
       + Bump version check to to 1.1.1.
       + Import libraries/restart-without-asking template as used by above.
     - Revert "Enable system default config to enforce TLS1.2 as a
       minimum" & "Increase default security level from 1 to 2".
     - Reword the NEWS entry, as applicable on Ubuntu.
     - Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20
       from master.
 .
   * Set TLS 1.2 as compiled-in minimum protocol version for TLS
     context. TLS 1.0 and 1.1 can be enabled again by calling
     SSL_CTX_set_min_proto_version() or SSL_set_min_proto_version(), or
     setting MinProtocol in the openssl.cfg. LP: #1856428
 .
   * Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
     level. Previous default of 1, can be set by calling
     SSL_CTX_set_security_level(), SSL_set_security_level() or using
     ':@SECLEVEL=1' CipherString value in openssl.cfg.
 .
 openssl (1.1.1d-2) unstable; urgency=medium
 .
   * Reenable AES-CBC-HMAC-SHA ciphers (Closes: #941987).
 .
 openssl (1.1.1d-1) unstable; urgency=medium
 .
   * New upstream version
    - CVE-2019-1549 (Fixed a fork protection issue).
    - CVE-2019-1547 (Compute ECC cofactors if not provided during EC_GROUP
      construction).
    - CVE-2019-1563 (Fixed a padding oracle in PKCS7_dataDecode and
      CMS_decrypt_set1_pkey).
   * Update symbol list
Checksums-Sha1:
 5752503d30b735ce6d5188cc0266490f26c851ae 2724 openssl_1.1.1d-2ubuntu1.dsc
 056057782325134b76d1931c48f2c7e6595d7ef4 8845861 openssl_1.1.1d.orig.tar.gz
 d3bbfe1db19cc36bb17f2b6dc39fa8ade6a8cdd3 488 openssl_1.1.1d.orig.tar.gz.asc
 c2ddf78b0a8da77cbd761bd076444c19f8c7e64c 152352 openssl_1.1.1d-2ubuntu1.debian.tar.xz
 e5e31c942096d9fb9a70c46bbddcc2a366fe2534 6566 openssl_1.1.1d-2ubuntu1_source.buildinfo
Checksums-Sha256:
 64aefcc7731a2a3a24b9fa304eabef7c3c401a526720a6e25136d2ee01d9809a 2724 openssl_1.1.1d-2ubuntu1.dsc
 1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2 8845861 openssl_1.1.1d.orig.tar.gz
 f3fd3299a79421fffd51d35f62636b8e987dab1d3033d93a19d7685868e15395 488 openssl_1.1.1d.orig.tar.gz.asc
 7f576c3b72c55d54d542137b8fe363532c27877d673b664f732ef768d8363294 152352 openssl_1.1.1d-2ubuntu1.debian.tar.xz
 7e6164762bb9b78825193d12023b9237a0cdbe88b267bb445a4532e95da10137 6566 openssl_1.1.1d-2ubuntu1_source.buildinfo
Files:
 adcd72b1210b904db897cfc5a3a92b7f 2724 utils optional openssl_1.1.1d-2ubuntu1.dsc
 3be209000dbc7e1b95bcdf47980a3baa 8845861 utils optional openssl_1.1.1d.orig.tar.gz
 56a525b2d934330e1c2de3bc9b55e4e2 488 utils optional openssl_1.1.1d.orig.tar.gz.asc
 4e5478392ebd9853d30be24123cc8f61 152352 utils optional openssl_1.1.1d-2ubuntu1.debian.tar.xz
 e55cf18d53822ab9951cecbce501a219 6566 utils optional openssl_1.1.1d-2ubuntu1_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7iQKBSojGtiSWEHXm47ISdXvcO0FAl4WD2MACgkQm47ISdXv
cO3qfQ//amWYm9PYTzBItlI2Vv6iqzmOkyBHSwbN9qwGdg/OiVZ/0YTKEOInYzis
N5+WIeFlx72YIu3d8SGPqHw0DJEqUw79UcvGKAeL1BbuLZIYPW6TnuDNcr+pEg4V
U7BL8hqYkH1T9d8qXoOING2MeGXyt/JHlXGi9Y88PbAcodpxVHULxY1mP7EiJABK
h86JPOta7oI7+QGJFiRT5GWnaGHJb8MCYUz0kAsKNHtsihCwyz1JvdfSUFTB8BFK
1kO/ayA470LammuzV6z9BwABVSdQl5eoLw940GRqUk6rCvVwIO+exDPC5fES+Ssb
uiPukS03hTao/cwzHy9CjtLr65hriL/xX9Az973LMQ3aO2bCDWQes8Vya7hDFIwR
3frPvzAgU3ZiYxeft+2XeNufvHoB29IzFmfcc0IODU+5RWCHYKDYfliqQ/WT8xlg
cigdxFpVmbltaVq60ydAgSBZrs0uuP/YLejuTHAY+yDZDHioynQ7GyQ2cIEr4Bnn
856/Ccp0pQpCld2sA3BIyGnXBsnT5OBx4eUZw8Vzs7zz63EbbNp3crXTbErziCcM
PfF8FJL6KgSGP1UbEd18VQl2iaJh6/7pK0og1er3ZnUHb1JafTWYi7vAGp3+nRK+
YrsGSABaLCcbqXpN130/K6jRYzbETSfmrE/nJHvkZTEghET2Gb8=
=sYIu
-----END PGP SIGNATURE-----

More information about the Focal-changes mailing list