[ubuntu/quantal] openssl 1.0.1c-3ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Jul 3 14:30:19 UTC 2012 

openssl (1.0.1c-3ubuntu1) quantal; urgency=low

  * Resynchronise with Debian. Remaining changes:
    - debian/libssl1.0.0.postinst:
      + Display a system restart required notification on libssl1.0.0
        upgrade on servers.
      + Use a different priority for libssl1.0.0/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
    - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
      libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
      in Debian).
    - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
      rules}: Move runtime libraries to /lib, for the benefit of
      wpasupplicant.
    - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
      .pc.
    - debian/rules:
      + Don't run 'make test' when cross-building.
      + Use host compiler when cross-building.  Patch from Neil Williams.
      + Don't build for processors no longer supported: i586 (on i386)
      + Fix Makefile to properly clean up libs/ dirs in clean target.
      + Replace duplicate files in the doc directory with symlinks.
    - Unapply patch c_rehash-multi and comment it out in the series as it
      breaks parsing of certificates with CRLF line endings and other cases
      (see Debian #642314 for discussion), it also changes the semantics of
      c_rehash directories by requiring applications to parse hash link
      targets as files containing potentially *multiple* certificates rather
      than exactly one.
    - Bump version passed to dh_makeshlibs to 1.0.1 for new symbols.
    - debian/patches/tls12_workarounds.patch: workaround large client hello
      issue: Compile with -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 and
      with -DOPENSSL_NO_TLS1_2_CLIENT.
  * Dropped upstreamed patches:
    - debian/patches/CVE-2012-2110.patch
    - debian/patches/CVE-2012-2110b.patch
    - debian/patches/CVE-2012-2333.patch
    - debian/patches/CVE-2012-0884-extra.patch
    - most of debian/patches/tls12_workarounds.patch

openssl (1.0.1c-3) unstable; urgency=low

  * Disable padlock engine again, causes problems for hosts not supporting it.

openssl (1.0.1c-2) unstable; urgency=high

  * Fix renegiotation when using TLS > 1.0.  This breaks tor.  Patch from
    upstream.  (Closes: #675990)
  * Enable the padlock engine by default.
  * Change default bits from 1024 to 2048 (Closes: #487152)

openssl (1.0.1c-1) unstable; urgency=high

  * New upstream version
    - Fixes CVE-2012-2333 (Closes: #672452)

openssl (1.0.1b-1) unstable; urgency=high

  * New upstream version
    - Remaps SSL_OP_NO_TLSv1_1, so applications linked to 1.0.0
      can talk to servers supporting TLS 1.1 but not TLS 1.2
    - Drop rc4_hmac_md5.patch, applied upstream

openssl (1.0.1a-3) unstable; urgency=low

  * Use patch from upstream for the rc4_hmac_md5 issue.

openssl (1.0.1a-2) unstable; urgency=low

  * Fix rc4_hmac_md5 on non-i386/amd64 arches.

openssl (1.0.1a-1) unstable; urgency=high

  * New upstream version
    - Fixes CVE-2012-2110
    - Fix crash in rc4_hmac_md5 (Closes: #666405)
    - Fixes some issues with talking to other servers when TLS 1.1 and 1.2 is
      supported
    - Drop patches no_ssl2.patch vpaes.patch tls1.2_client_algorithms.patch,
      applied upstream.

Date: Fri, 29 Jun 2012 13:01:30 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/quantal/+source/openssl/1.0.1c-3ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 29 Jun 2012 13:01:30 -0400
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: source
Version: 1.0.1c-3ubuntu1
Distribution: quantal
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libcrypto1.0.0-udeb - crypto shared library - udeb (udeb)
 libssl-dev - SSL development libraries, header files and documentation
 libssl-doc - SSL development documentation documentation
 libssl1.0.0 - SSL shared libraries
 libssl1.0.0-dbg - Symbol tables for libssl and libcrypto
 libssl1.0.0-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Socket Layer (SSL) binary and related cryptographic tools
Closes: 487152 666405 672452 675990
Changes: 
 openssl (1.0.1c-3ubuntu1) quantal; urgency=low
 .
   * Resynchronise with Debian. Remaining changes:
     - debian/libssl1.0.0.postinst:
       + Display a system restart required notification on libssl1.0.0
         upgrade on servers.
       + Use a different priority for libssl1.0.0/restart-services depending
         on whether a desktop, or server dist-upgrade is being performed.
     - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
       libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
       in Debian).
     - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
       rules}: Move runtime libraries to /lib, for the benefit of
       wpasupplicant.
     - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
       .pc.
     - debian/rules:
       + Don't run 'make test' when cross-building.
       + Use host compiler when cross-building.  Patch from Neil Williams.
       + Don't build for processors no longer supported: i586 (on i386)
       + Fix Makefile to properly clean up libs/ dirs in clean target.
       + Replace duplicate files in the doc directory with symlinks.
     - Unapply patch c_rehash-multi and comment it out in the series as it
       breaks parsing of certificates with CRLF line endings and other cases
       (see Debian #642314 for discussion), it also changes the semantics of
       c_rehash directories by requiring applications to parse hash link
       targets as files containing potentially *multiple* certificates rather
       than exactly one.
     - Bump version passed to dh_makeshlibs to 1.0.1 for new symbols.
     - debian/patches/tls12_workarounds.patch: workaround large client hello
       issue: Compile with -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 and
       with -DOPENSSL_NO_TLS1_2_CLIENT.
   * Dropped upstreamed patches:
     - debian/patches/CVE-2012-2110.patch
     - debian/patches/CVE-2012-2110b.patch
     - debian/patches/CVE-2012-2333.patch
     - debian/patches/CVE-2012-0884-extra.patch
     - most of debian/patches/tls12_workarounds.patch
 .
 openssl (1.0.1c-3) unstable; urgency=low
 .
   * Disable padlock engine again, causes problems for hosts not supporting it.
 .
 openssl (1.0.1c-2) unstable; urgency=high
 .
   * Fix renegiotation when using TLS > 1.0.  This breaks tor.  Patch from
     upstream.  (Closes: #675990)
   * Enable the padlock engine by default.
   * Change default bits from 1024 to 2048 (Closes: #487152)
 .
 openssl (1.0.1c-1) unstable; urgency=high
 .
   * New upstream version
     - Fixes CVE-2012-2333 (Closes: #672452)
 .
 openssl (1.0.1b-1) unstable; urgency=high
 .
   * New upstream version
     - Remaps SSL_OP_NO_TLSv1_1, so applications linked to 1.0.0
       can talk to servers supporting TLS 1.1 but not TLS 1.2
     - Drop rc4_hmac_md5.patch, applied upstream
 .
 openssl (1.0.1a-3) unstable; urgency=low
 .
   * Use patch from upstream for the rc4_hmac_md5 issue.
 .
 openssl (1.0.1a-2) unstable; urgency=low
 .
   * Fix rc4_hmac_md5 on non-i386/amd64 arches.
 .
 openssl (1.0.1a-1) unstable; urgency=high
 .
   * New upstream version
     - Fixes CVE-2012-2110
     - Fix crash in rc4_hmac_md5 (Closes: #666405)
     - Fixes some issues with talking to other servers when TLS 1.1 and 1.2 is
       supported
     - Drop patches no_ssl2.patch vpaes.patch tls1.2_client_algorithms.patch,
       applied upstream.
Checksums-Sha1: 
 fdfd768908079137dbe828c06a878356df58100c 2374 openssl_1.0.1c-3ubuntu1.dsc
 91b684de947cb021ac61b8c51027cc4b63d894ce 4457113 openssl_1.0.1c.orig.tar.gz
 ff6f2910c6ac15e08fa5c7ba18d72b037343ddc2 98062 openssl_1.0.1c-3ubuntu1.debian.tar.gz
Checksums-Sha256: 
 a2a6d3f4fc09dc1a1fec15bbe28b2b88e995e7632cf2060e4a5d40bffaf535c7 2374 openssl_1.0.1c-3ubuntu1.dsc
 2a9eb3cd4e8b114eb9179c0d3884d61658e7d8e8bf4984798a5f5bd48e325ebe 4457113 openssl_1.0.1c.orig.tar.gz
 3c9937fd40e1c4a20e979a70424ed26395abc92b228338bca0f75f4bbf28aa98 98062 openssl_1.0.1c-3ubuntu1.debian.tar.gz
Files: 
 9a17e7bb23aa66525a420f175c1b8016 2374 utils optional openssl_1.0.1c-3ubuntu1.dsc
 ae412727c8c15b67880aef7bd2999b2e 4457113 utils optional openssl_1.0.1c.orig.tar.gz
 cc88dab98a96dc3289f98182fe82d84a 98062 utils optional openssl_1.0.1c-3ubuntu1.debian.tar.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJP8v88AAoJEGVp2FWnRL6TiKgP/ReoWGOhwb+OBbK22HxVXYG0
gXoVnAo3WdMN0qj5frJHFgQvnB4nV+9mGm+9ADaZ0258f4oFGzUPI4oHS017toCG
u+wKWkKRWsPg3/1xNd9peB64K1Rv8REWhNCW1I6CeD0tMsGFSi3dgshBEaMsUXKZ
nDMnwBDFMdDArraM1xlUyOa0JtOAHat8xxfe95Y6o3lkUyMQCIGUrZTr7McD+JCI
wrAyyjoW5nye1hSH/xmWQE902DVNEDA+K0wd+viGoig71wZdPkI+Q7xpAfYyPwP1
XEEnKb4TghDbsbJ3lm75jPUCLGYCsqVKUzdf4WVnqay6sPEcCkOOHDhSoM8v7R+C
U2XNVqkp4Xbj4n63dNX5LWrFDDXuL/X+uEfnviw4v2h4Rp06lNeJ/meS7zH302/S
GqGBEiodSUqR1iMsH4BjUcO3ZwSpOzFkZqu48cyV6fvVfdCtw8bfZ7bIC/hKdzn8
TYOVWxsGn+3a9ypooQ5Dzc5pg5ZLXSkyr6qmSj6YLqxB2LpzWE3OYrKToomFE8L3
OUWz6n+agsLWCwIIeH57Nhttk8KbiBeJ2AVvgG0Hkq9H48s4bSUGQR2z110XKezt
omjNqrDgBfGd5koley+cSpQCC48HFP7t/OZvsJERqWuGKbE6c2U3dbnRHHVDxKMJ
HIUzn0zrrfWTPn3hV9bp
=V8RO
-----END PGP SIGNATURE-----

More information about the Quantal-changes mailing list