[ubuntu/hirsute-proposed] openssl 1.1.1i-3ubuntu1 (Accepted)

Dimitri John Ledkov xnox at ubuntu.com
Mon Feb 8 15:36:13 UTC 2021 

openssl (1.1.1i-3ubuntu1) hirsute; urgency=medium

  * Merge from Debian unstable.  Remaining changes:
    - Replace duplicate files in the doc directory with symlinks.
    - debian/libssl1.1.postinst:
      + Display a system restart required notification on libssl1.1
        upgrade on servers, unless needrestart is available.
      + Use a different priority for libssl1.1/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
      + Skip services restart & reboot notification if needrestart is in-use.
      + Bump version check to to 1.1.1.
      + Import libraries/restart-without-asking template as used by above.
    - Revert "Enable system default config to enforce TLS1.2 as a
      minimum" & "Increase default security level from 1 to 2".
    - Reword the NEWS entry, as applicable on Ubuntu.
    - Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20
      and ECC from master.
    - Use perl:native in the autopkgtest for installability on i386.
    - Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
      level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions
      below 1.2 and update documentation. Previous default of 1, can be set
      by calling SSL_CTX_set_security_level(), SSL_set_security_level() or
      using ':@SECLEVEL=1' CipherString value in openssl.cfg.
    - Import https://github.com/openssl/openssl/pull/12272.patch to enable
      CET.

  * Drop many patches included upstream.

openssl (1.1.1i-3) unstable; urgency=medium

  * Cherry-pick a patch from upstream to address #13931.
  * Enable LFS. Thanks to Dan Nicholson for debugging (Closes: #923479).

openssl (1.1.1i-2) unstable; urgency=medium

  * Apply two patches from upstream to address x509 related regressions.

openssl (1.1.1i-1) unstable; urgency=medium

  * New upstream version.
    - CVE-2020-1971 (EDIPARTYNAME NULL pointer de-reference).
    - Restore rejection of expired trusted (root) certificate
      (Closes: #976465).

openssl (1.1.1h-1) unstable; urgency=medium

  * New upstream version
  * Disable CAPI engine, it is designed for Windows.

openssl (1.1.1g-1) unstable; urgency=medium

  * New upstream version
    - CVE-2020-1967 (Segmentation fault in SSL_check_chain).

Date: Mon, 08 Feb 2021 11:08:21 +0000
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssl/1.1.1i-3ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 08 Feb 2021 11:08:21 +0000
Source: openssl
Architecture: source
Version: 1.1.1i-3ubuntu1
Distribution: hirsute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Closes: 923479 976465
Changes:
 openssl (1.1.1i-3ubuntu1) hirsute; urgency=medium
 .
   * Merge from Debian unstable.  Remaining changes:
     - Replace duplicate files in the doc directory with symlinks.
     - debian/libssl1.1.postinst:
       + Display a system restart required notification on libssl1.1
         upgrade on servers, unless needrestart is available.
       + Use a different priority for libssl1.1/restart-services depending
         on whether a desktop, or server dist-upgrade is being performed.
       + Skip services restart & reboot notification if needrestart is in-use.
       + Bump version check to to 1.1.1.
       + Import libraries/restart-without-asking template as used by above.
     - Revert "Enable system default config to enforce TLS1.2 as a
       minimum" & "Increase default security level from 1 to 2".
     - Reword the NEWS entry, as applicable on Ubuntu.
     - Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20
       and ECC from master.
     - Use perl:native in the autopkgtest for installability on i386.
     - Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
       level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions
       below 1.2 and update documentation. Previous default of 1, can be set
       by calling SSL_CTX_set_security_level(), SSL_set_security_level() or
       using ':@SECLEVEL=1' CipherString value in openssl.cfg.
     - Import https://github.com/openssl/openssl/pull/12272.patch to enable
       CET.
 .
   * Drop many patches included upstream.
 .
 openssl (1.1.1i-3) unstable; urgency=medium
 .
   * Cherry-pick a patch from upstream to address #13931.
   * Enable LFS. Thanks to Dan Nicholson for debugging (Closes: #923479).
 .
 openssl (1.1.1i-2) unstable; urgency=medium
 .
   * Apply two patches from upstream to address x509 related regressions.
 .
 openssl (1.1.1i-1) unstable; urgency=medium
 .
   * New upstream version.
     - CVE-2020-1971 (EDIPARTYNAME NULL pointer de-reference).
     - Restore rejection of expired trusted (root) certificate
       (Closes: #976465).
 .
 openssl (1.1.1h-1) unstable; urgency=medium
 .
   * New upstream version
   * Disable CAPI engine, it is designed for Windows.
 .
 openssl (1.1.1g-1) unstable; urgency=medium
 .
   * New upstream version
     - CVE-2020-1967 (Segmentation fault in SSL_check_chain).
Checksums-Sha1:
 5725c056895efcea6e673be15901f8330f01d8cb 2705 openssl_1.1.1i-3ubuntu1.dsc
 eb684ba4ed31fe2c48062aead75233ecd36882a6 9808346 openssl_1.1.1i.orig.tar.gz
 7e74790f0847bfabb2986366c10097f8a3c03aa2 488 openssl_1.1.1i.orig.tar.gz.asc
 3bcbfff80df5dc7457a1d33d6164717fd1fc673a 152476 openssl_1.1.1i-3ubuntu1.debian.tar.xz
 a82709353a458f38b811ed1c500ac3c58fcb35d9 8057 openssl_1.1.1i-3ubuntu1_source.buildinfo
Checksums-Sha256:
 66177741601795f5e8a98ee92cd38b34c88b8e7209b77613aba583c701ec5e17 2705 openssl_1.1.1i-3ubuntu1.dsc
 e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242 9808346 openssl_1.1.1i.orig.tar.gz
 da48cfca2d64bdfca7a2c39c13571e2f1d3d7ea996d9365de5cae5a9e33b9791 488 openssl_1.1.1i.orig.tar.gz.asc
 e99e228a946be3dae7e7f501823928c082d352ccd2fea84ed00d23cddc437952 152476 openssl_1.1.1i-3ubuntu1.debian.tar.xz
 4758d2f44f161386164d1bff80eba6cd7e06469b59e7c0178030a197b1990019 8057 openssl_1.1.1i-3ubuntu1_source.buildinfo
Files:
 905b043187db5c71590cbd9f762450b2 2705 utils optional openssl_1.1.1i-3ubuntu1.dsc
 08987c3cf125202e2b0840035efb392c 9808346 utils optional openssl_1.1.1i.orig.tar.gz
 479fd45f84ddc42cab67a8a465d286df 488 utils optional openssl_1.1.1i.orig.tar.gz.asc
 b8986ef50327e7dafc1a041578e66157 152476 utils optional openssl_1.1.1i-3ubuntu1.debian.tar.xz
 5654d4862ce8fe08266c5720127e5797 8057 utils optional openssl_1.1.1i-3ubuntu1_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7iQKBSojGtiSWEHXm47ISdXvcO0FAmAhHXMACgkQm47ISdXv
cO1QMBAAqxHxC2HJ2HwObyDDy59hKMHgOETD7zlzKDPiFmYF10bKQoxm85QYKuxn
dMN3HomxHmAOhUSFYOWP6GrYxSoaqvZJXP0yMQstyakO5DCV25dFIQVWkYwBoNcl
Rdq2fr4fytSPpbrvS6IR4+fnU563BIXdpQoNJxMAqiOj4t9mPj7PN4qtpnBW9Hfd
6knzSrSONH1e5VEsCZxGGhw9isnxF8XjOToCDELcZy1J/ZmlGF5ex7lRl2bveRse
0/RUl/riafHUe1nmm5V67IT/lf6b+tseqw8ViVPrDhVyHpbsCZkYzhGbq0z+/d9i
+Jd6hA57MKnlbE5zTl/vgpt597NseSdVNXUrod5zBxyI8QxqTGaRJXGfNjrWrQgW
LX0ZidaRIICgfvNR07q/mgk7pv0j+UmZPcFaBWpuGGng1qN+fgm/zIfTs2o/7pm8
wezdBh+BRPpZuVa+TO7TrSEW8c1/R0GAZcwz0k2ksD1esK67YcWObjqmmjCUCYFr
IJ5+jXhBeu3XdrJGZLVTjDYoQ5o5jYTbPQ4xpSQQN0R3DeLRgAQ6k7X8FuKIBsaf
we81wZ2Q2HrwtitP4EaWbPCeILucaFJ/0qObLDo0L3uMA0KtGR5rFlJgPYNpCp8A
kgNj8TMeNMwAaJVEzz3E2/jIkM4VHRYf/2rohDsJgwrWuZZWAvM=
=Wjby
-----END PGP SIGNATURE-----

More information about the Hirsute-changes mailing list