Please merge openssl 0.9.8n-1 into ubuntu

Bug #581167 reported by Nicolas Valcarcel on 2010-05-16
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: openssl

Debian has a new version that needs to be merged

Changed in openssl (Ubuntu):
status: New → Confirmed
Benjamin Drung (bdrung) wrote :

* There are around six additional patches compared to the Debian version, but only one is applied in debian/patches/series. You should remove old, unused patches.
* There are direct changes to the source. Please convert them to proper described patches.
* debian/changelog: Please target maverick instead of lucid.
* Do you really want to have "(Canonical)" in the debian/changelog stanza? The email address indicates that already.
* The bzr branch contains the .pc directory (files from quilt). I think that the .pc directory shouldn't be part of the branch.
* You may want to forward some Ubuntu changes to Debian to ease the merge next time (for example the openssl-doc package split).

Please resubscribe ubuntu-sponsors once you have addressed these issues.

Nicolas Valcarcel (nvalcarcel) wrote :

* Just removed them
* Those can't be striped out, please see changelog entry for 0.9.8k-7ubuntu2 and 0.9.8k-7ubuntu3 for more information
* Sorry about that, i forgot to update the branch.
* Sadly, yes, gpg complaining if not
* Deleted, but it should be there in the main branch aswell, since i didn't add it...
* Yes, planning on doing that.

Benjamin Drung (bdrung) wrote :

1. "Those can't be striped out, please see changelog entry for 0.9.8k-7ubuntu2 and 0.9.8k-7ubuntu3 for more information"
Due to dpkg-source 3.0 (quilt), they can be stripped out. debian/patches/debian-changes-0.9.8n-1ubuntu1 is created containing those patches. Please split them and give them propper DEP-3 headers.

2. The clean rules is not clean enough. Running "debuild" twice does not work (log attached).

3. Please have a look at the Lintian errors and warnings (attached). Some of them should be resolved upstream (for example, spelling-error-in-binary). All Lintian warnings imported from Debian [1] should be resolved there first and then merged to Ubuntu. For merging 0.9.8n-1 you should fix the Ubuntu specific Lintian warnings.

Please resubscribe ubuntu-sponsors once these three points are addressed. We are at the beginning of the release cycle and therefore I am more picky.

4. debian/rules could get more love (e.g. using dh 7). This should be done in Debian first.

[1] http://<email address hidden>

Benjamin Drung (bdrung) wrote :

log from second debuild run

Benjamin Drung (bdrung) wrote :
Nicolas Valcarcel (nvalcarcel) wrote :

1. Done

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 0.9.8o-1ubuntu1

---------------
openssl (0.9.8o-1ubuntu1) maverick; urgency=low

  * Merge from debian unstable, remaining changes (LP: #581167):
    - debian/patches/Bsymbolic-functions.patch: Link using
      -Bsymbolic-functions
    - Ship documentation in openssl-doc, suggested by the package.
    - Use a different priority for libssl0.9.8/restart-services
      depending on whether a desktop, or server dist-upgrade is being
      performed.
    - Display a system restart required notification bubble on libssl0.9.8
      upgrade.
    - Replace duplicate files in the doc directory with symlinks.
    - Move runtime libraries to /lib, for the benefit of wpasupplicant
    - Use host compiler when cross-building (patch from Neil Williams in
      Debian #465248).
    - Don't run 'make test' when cross-building.
    - Create libssl0.9.8-udeb, for the benefit of wget-udeb (LP: #503339).
    - debian/patches/aesni.patch: Backport Intel AES-NI support from
      http://rt.openssl.org/Ticket/Display.html?id=2067 (LP: #485518).
    - debian/patches/perlpath-quilt.patch: Don't change perl #! paths
      under .pc.
  * Dropped patches, now upstream:
    - debian/patches/CVE-2009-3245.patch
    - debian/patches/CVE-2010-0740.patch
    - debian/patches/dtls-compatibility.patch
    - debian/patches/CVE-2009-4355.patch
  * Dropped "Add support for lpia".
  * Dropped "Disable SSLv2 during compile" as this had never actually
    disabled SSLv2.
  * Don't disable CVE-2009-3555.patch for Maverick.

openssl (0.9.8o-1) unstable; urgency=low

  * New upstream version
    - Add SHA2 algorithms to SSL_library_init().
    - aes-x86_64.pl is now PIC, update pic.patch.
  * Add sparc64 support (Closes: #560240)

openssl (0.9.8n-1) unstable; urgency=high

  * New upstream version.
    - Fixes CVE-2010-0740.
    - Drop cfb.patch, applied upstream.

openssl (0.9.8m-2) unstable; urgency=low

  * Revert CFB block length change preventing reading older files.
    (Closes: #571810, #571940)

openssl (0.9.8m-1) unstable; urgency=low

  * New upstream version
    - Implements RFC5746, reenables renegotiation but requires the extension.
    - Fixes CVE-2009-3245
    - Drop patches CVE-2009-4355.patch, CVE-2009-1378.patch,
      CVE-2009-1377.patch, CVE-2009-1379.patch, CVE-2009-3555.patch,
      CVE-2009-2409.patch, CVE-2009-1387.patch, tls_ext_v3.patch,
      no_check_self_signed.patch: applied upstream
    - pk7_mime_free.patch removed, code rewritten
    - ca.diff partially applied upstream
    - engines-path.patch adjusted, upstream made some minor changes to the
      build system.
    - some flags changed values, bump shlibs.
  * Switch to 3.0 (quilt) source package.
  * Make sure the package is properly cleaned.
  * Add ${misc:Depends} to the Depends on all packages.
  * Fix spelling of extension in the changelog file.

openssl (0.9.8k-8) unstable; urgency=high

  * Clean up zlib state so that it will be reinitialized on next use and
    not cause a memory leak. (CVE-2009-4355, CVE-2008-1678)
 -- Marc Deslauriers <email address hidden> Mon, 14 Jun 2010 09:08:29 -0400

Changed in openssl (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.