* Resynchronise with Debian, fixes CVE-2011-1945, CVE-2011-3207 and
CVE-2011-3210 (LP: #850608). Remaining changes:
- debian/libssl1.0.0.postinst:
+ Display a system restart required notification bubble on libssl1.0.0
upgrade.
+ Use a different priority for libssl1.0.0/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
- debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
in Debian).
- debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
rules}: Move runtime libraries to /lib, for the benefit of
wpasupplicant.
- debian/patches/aesni.patch: Backport Intel AES-NI support, now from http://rt.openssl.org/Ticket/Display.html?id=2065 rather than the
0.9.8 variant.
- debian/patches/Bsymbolic-functions.patch: Link using
-Bsymbolic-functions.
- debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
.pc.
- debian/rules:
+ Don't run 'make test' when cross-building.
+ Use host compiler when cross-building. Patch from Neil Williams.
+ Don't build for processors no longer supported: i486, i586 (on
i386), v8 (on sparc).
+ Fix Makefile to properly clean up libs/ dirs in clean target.
+ Replace duplicate files in the doc directory with symlinks.
* debian/libssl1.0.0.postinst: only display restart notification on
servers (LP: #244250)
openssl (1.0.0e-2) unstable; urgency=low
* Add a missing $(DEB_HOST_MULTIARCH)
openssl (1.0.0e-1) unstable; urgency=low
* New upstream version
- Fix bug where CRLs with nextUpdate in the past are sometimes accepted
by initialising X509_STORE_CTX properly. (CVE-2011-3207)
- Fix SSL memory handling for (EC)DH ciphersuites, in particular
for multi-threaded use of ECDH. (CVE-2011-3210)
- Add protection against ECDSA timing attacks (CVE-2011-1945)
* Block DigiNotar certifiates. Patch from
Raphael Geissert <email address hidden>
* Generate hashes for all certs in a file (Closes: #628780, #594524)
Patch from Klaus Ethgen <email address hidden>
* Add multiarch support (Closs: #638137)
Patch from Steve Langasek / Ubuntu
* Symbols from the gost engine were removed because it didn't have
a linker file. Thanks to Roman I Khimov <email address hidden>
(Closes: #631503)
* Add support for s390x. Patch from Aurelien Jarno <email address hidden>
(Closes: #641100)
* Add build-arch and build-indep targets to the rules file.
openssl (1.0.0d-3) unstable; urgency=low
* Make it build on sparc64. Patch from Aurelien Jarno. (Closes: #626060)
* Apply patches from Scott Schaefer <email address hidden> to
fix various pod and spelling errors. (Closes: #622820, #605561)
* Add missing symbols for the engines (Closes: #623038)
* More spelling fixes from Scott Schaefer (Closes: #395424)
* Patch from Scott Schaefer to better document pkcs12 password options
(Closes: #462489)
* Document dgst -hmac option. Patch by Thorsten Glaser <email address hidden>
(Closes: #529586)
-- Steve Beattie <email address hidden> Wed, 14 Sep 2011 22:06:03 -0700
This bug was fixed in the package openssl - 1.0.0e-2ubuntu1
---------------
openssl (1.0.0e-2ubuntu1) oneiric; urgency=low
* Resynchronise with Debian, fixes CVE-2011-1945, CVE-2011-3207 and libssl1. 0.0.postinst: 0.0/restart- services depending {libssl1. 0.0-udeb. dirs, control, rules}: Create 0.0-udeb, for the benefit of wget-udeb (no wget-udeb package {libcrypto1. 0.0-udeb. dirs, libssl1.0.0.dirs, libssl1.0.0.files, cant. patches/ aesni.patch: Backport Intel AES-NI support, now from rt.openssl. org/Ticket/ Display. html?id= 2065 rather than the patches/ Bsymbolic- functions. patch: Link using Bsymbolic- functions. patches/ perlpath- quilt.patch: Don't change perl #! paths under libssl1. 0.0.postinst: only display restart notification on
CVE-2011-3210 (LP: #850608). Remaining changes:
- debian/
+ Display a system restart required notification bubble on libssl1.0.0
upgrade.
+ Use a different priority for libssl1.
on whether a desktop, or server dist-upgrade is being performed.
- debian/
libssl1.
in Debian).
- debian/
rules}: Move runtime libraries to /lib, for the benefit of
wpasuppli
- debian/
http://
0.9.8 variant.
- debian/
-
- debian/
.pc.
- debian/rules:
+ Don't run 'make test' when cross-building.
+ Use host compiler when cross-building. Patch from Neil Williams.
+ Don't build for processors no longer supported: i486, i586 (on
i386), v8 (on sparc).
+ Fix Makefile to properly clean up libs/ dirs in clean target.
+ Replace duplicate files in the doc directory with symlinks.
* debian/
servers (LP: #244250)
openssl (1.0.0e-2) unstable; urgency=low
* Add a missing $(DEB_HOST_ MULTIARCH)
openssl (1.0.0e-1) unstable; urgency=low
* New upstream version
- Fix bug where CRLs with nextUpdate in the past are sometimes accepted
by initialising X509_STORE_CTX properly. (CVE-2011-3207)
- Fix SSL memory handling for (EC)DH ciphersuites, in particular
for multi-threaded use of ECDH. (CVE-2011-3210)
- Add protection against ECDSA timing attacks (CVE-2011-1945)
* Block DigiNotar certifiates. Patch from
Raphael Geissert <email address hidden>
* Generate hashes for all certs in a file (Closes: #628780, #594524)
Patch from Klaus Ethgen <email address hidden>
* Add multiarch support (Closs: #638137)
Patch from Steve Langasek / Ubuntu
* Symbols from the gost engine were removed because it didn't have
a linker file. Thanks to Roman I Khimov <email address hidden>
(Closes: #631503)
* Add support for s390x. Patch from Aurelien Jarno <email address hidden>
(Closes: #641100)
* Add build-arch and build-indep targets to the rules file.
openssl (1.0.0d-3) unstable; urgency=low
* Make it build on sparc64. Patch from Aurelien Jarno. (Closes: #626060)
* Apply patches from Scott Schaefer <email address hidden> to
fix various pod and spelling errors. (Closes: #622820, #605561)
* Add missing symbols for the engines (Closes: #623038)
* More spelling fixes from Scott Schaefer (Closes: #395424)
* Patch from Scott Schaefer to better document pkcs12 password options
(Closes: #462489)
* Document dgst -hmac option. Patch by Thorsten Glaser <email address hidden>
(Closes: #529586)
-- Steve Beattie <email address hidden> Wed, 14 Sep 2011 22:06:03 -0700