[ubuntu/hirsute-proposed] openssl 1.1.1j-1ubuntu1 (Accepted)
Dimitri John Ledkov
xnox at ubuntu.com
Wed Feb 24 00:21:15 UTC 2021
openssl (1.1.1j-1ubuntu1) hirsute; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Replace duplicate files in the doc directory with symlinks.
- debian/libssl1.1.postinst:
+ Display a system restart required notification on libssl1.1
upgrade on servers, unless needrestart is available.
+ Use a different priority for libssl1.1/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
+ Skip services restart & reboot notification if needrestart is in-use.
+ Bump version check to to 1.1.1.
+ Import libraries/restart-without-asking template as used by above.
- Revert "Enable system default config to enforce TLS1.2 as a
minimum" & "Increase default security level from 1 to 2".
- Reword the NEWS entry, as applicable on Ubuntu.
- Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20
and ECC from master.
- Use perl:native in the autopkgtest for installability on i386.
- Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions
below 1.2 and update documentation. Previous default of 1, can be set
by calling SSL_CTX_set_security_level(), SSL_set_security_level() or
using ':@SECLEVEL=1' CipherString value in openssl.cfg.
- Import https://github.com/openssl/openssl/pull/12272.patch to enable
CET.
* Add support for building with noudeb build profile.
openssl (1.1.1j-1) unstable; urgency=medium
* New upstream version.
- CVE-2021-23841 (NULL pointer deref in X509_issuer_and_serial_hash()).
- CVE-2021-23840 (Possible overflow of the output length argument in
EVP_CipherUpdate(), EVP_EncryptUpdate() and EVP_DecryptUpdate()).
openssl (1.1.1i-3ubuntu2) hirsute; urgency=medium
* No-change rebuild to drop the udeb package.
openssl (1.1.1i-3ubuntu1) hirsute; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Replace duplicate files in the doc directory with symlinks.
- debian/libssl1.1.postinst:
+ Display a system restart required notification on libssl1.1
upgrade on servers, unless needrestart is available.
+ Use a different priority for libssl1.1/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
+ Skip services restart & reboot notification if needrestart is in-use.
+ Bump version check to to 1.1.1.
+ Import libraries/restart-without-asking template as used by above.
- Revert "Enable system default config to enforce TLS1.2 as a
minimum" & "Increase default security level from 1 to 2".
- Reword the NEWS entry, as applicable on Ubuntu.
- Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20
and ECC from master.
- Use perl:native in the autopkgtest for installability on i386.
- Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions
below 1.2 and update documentation. Previous default of 1, can be set
by calling SSL_CTX_set_security_level(), SSL_set_security_level() or
using ':@SECLEVEL=1' CipherString value in openssl.cfg.
- Import https://github.com/openssl/openssl/pull/12272.patch to enable
CET.
* Drop many patches included upstream.
openssl (1.1.1i-3) unstable; urgency=medium
* Cherry-pick a patch from upstream to address #13931.
* Enable LFS. Thanks to Dan Nicholson for debugging (Closes: #923479).
openssl (1.1.1i-2) unstable; urgency=medium
* Apply two patches from upstream to address x509 related regressions.
openssl (1.1.1i-1) unstable; urgency=medium
* New upstream version.
- CVE-2020-1971 (EDIPARTYNAME NULL pointer de-reference).
- Restore rejection of expired trusted (root) certificate
(Closes: #976465).
openssl (1.1.1h-1) unstable; urgency=medium
* New upstream version
* Disable CAPI engine, it is designed for Windows.
openssl (1.1.1g-1) unstable; urgency=medium
* New upstream version
- CVE-2020-1967 (Segmentation fault in SSL_check_chain).
Date: Tue, 23 Feb 2021 22:01:12 +0000
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssl/1.1.1j-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 23 Feb 2021 22:01:12 +0000
Source: openssl
Architecture: source
Version: 1.1.1j-1ubuntu1
Distribution: hirsute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Closes: 923479 976465
Changes:
openssl (1.1.1j-1ubuntu1) hirsute; urgency=medium
.
* Merge from Debian unstable. Remaining changes:
- Replace duplicate files in the doc directory with symlinks.
- debian/libssl1.1.postinst:
+ Display a system restart required notification on libssl1.1
upgrade on servers, unless needrestart is available.
+ Use a different priority for libssl1.1/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
+ Skip services restart & reboot notification if needrestart is in-use.
+ Bump version check to to 1.1.1.
+ Import libraries/restart-without-asking template as used by above.
- Revert "Enable system default config to enforce TLS1.2 as a
minimum" & "Increase default security level from 1 to 2".
- Reword the NEWS entry, as applicable on Ubuntu.
- Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20
and ECC from master.
- Use perl:native in the autopkgtest for installability on i386.
- Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions
below 1.2 and update documentation. Previous default of 1, can be set
by calling SSL_CTX_set_security_level(), SSL_set_security_level() or
using ':@SECLEVEL=1' CipherString value in openssl.cfg.
- Import https://github.com/openssl/openssl/pull/12272.patch to enable
CET.
* Add support for building with noudeb build profile.
.
openssl (1.1.1j-1) unstable; urgency=medium
.
* New upstream version.
- CVE-2021-23841 (NULL pointer deref in X509_issuer_and_serial_hash()).
- CVE-2021-23840 (Possible overflow of the output length argument in
EVP_CipherUpdate(), EVP_EncryptUpdate() and EVP_DecryptUpdate()).
.
openssl (1.1.1i-3ubuntu2) hirsute; urgency=medium
.
* No-change rebuild to drop the udeb package.
.
openssl (1.1.1i-3ubuntu1) hirsute; urgency=medium
.
* Merge from Debian unstable. Remaining changes:
- Replace duplicate files in the doc directory with symlinks.
- debian/libssl1.1.postinst:
+ Display a system restart required notification on libssl1.1
upgrade on servers, unless needrestart is available.
+ Use a different priority for libssl1.1/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
+ Skip services restart & reboot notification if needrestart is in-use.
+ Bump version check to to 1.1.1.
+ Import libraries/restart-without-asking template as used by above.
- Revert "Enable system default config to enforce TLS1.2 as a
minimum" & "Increase default security level from 1 to 2".
- Reword the NEWS entry, as applicable on Ubuntu.
- Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20
and ECC from master.
- Use perl:native in the autopkgtest for installability on i386.
- Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions
below 1.2 and update documentation. Previous default of 1, can be set
by calling SSL_CTX_set_security_level(), SSL_set_security_level() or
using ':@SECLEVEL=1' CipherString value in openssl.cfg.
- Import https://github.com/openssl/openssl/pull/12272.patch to enable
CET.
.
* Drop many patches included upstream.
.
openssl (1.1.1i-3) unstable; urgency=medium
.
* Cherry-pick a patch from upstream to address #13931.
* Enable LFS. Thanks to Dan Nicholson for debugging (Closes: #923479).
.
openssl (1.1.1i-2) unstable; urgency=medium
.
* Apply two patches from upstream to address x509 related regressions.
.
openssl (1.1.1i-1) unstable; urgency=medium
.
* New upstream version.
- CVE-2020-1971 (EDIPARTYNAME NULL pointer de-reference).
- Restore rejection of expired trusted (root) certificate
(Closes: #976465).
.
openssl (1.1.1h-1) unstable; urgency=medium
.
* New upstream version
* Disable CAPI engine, it is designed for Windows.
.
openssl (1.1.1g-1) unstable; urgency=medium
.
* New upstream version
- CVE-2020-1967 (Segmentation fault in SSL_check_chain).
Checksums-Sha1:
325ffe96eb24020bbff19d9fee942310ff707a8b 2737 openssl_1.1.1j-1ubuntu1.dsc
04c340b086828eecff9df06dceff196790bb9268 9823161 openssl_1.1.1j.orig.tar.gz
7e811869c5e0f0a1628e58b0b5b02dadb6259e1b 488 openssl_1.1.1j.orig.tar.gz.asc
f8331e2b980b35f34136666381db1abf10cea70c 144104 openssl_1.1.1j-1ubuntu1.debian.tar.xz
62573053566a2cfc93c89d50611fe035d71c0a85 8057 openssl_1.1.1j-1ubuntu1_source.buildinfo
Checksums-Sha256:
fad10895c5bdae8b050a8e48170d83a7d0099786187bf4f19fef9e8a586f5ae2 2737 openssl_1.1.1j-1ubuntu1.dsc
aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf 9823161 openssl_1.1.1j.orig.tar.gz
02571ae2fb2de5a1bc613106caabb1c4007b5268312aba221ed873c365fd9c99 488 openssl_1.1.1j.orig.tar.gz.asc
4b6186e519930241c54527e1ac981fd3dfa5358263e40dff0566d82238a5774b 144104 openssl_1.1.1j-1ubuntu1.debian.tar.xz
9c855b5e8bf757a16c3e66ca2b310c8fdc8c7138cdac22647f6e7f947b0a7b55 8057 openssl_1.1.1j-1ubuntu1_source.buildinfo
Files:
25b761ff121f897b8a33301f513ccbc6 2737 utils optional openssl_1.1.1j-1ubuntu1.dsc
cccaa064ed860a2b4d1303811bf5c682 9823161 utils optional openssl_1.1.1j.orig.tar.gz
8a430975d92c93e25e8ee5c7db37091b 488 utils optional openssl_1.1.1j.orig.tar.gz.asc
7468998f318c4793bd93a2d110f284d4 144104 utils optional openssl_1.1.1j-1ubuntu1.debian.tar.xz
d168e85d6d79b75f53dc0e15fbcc02ce 8057 utils optional openssl_1.1.1j-1ubuntu1_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>
More information about the Hirsute-changes
mailing list