Processed: Re: Bug#823609: jessie-pu: package openssl/1.0.1t-1+deb8u1
Processing control commands: > tags -1 + pending Bug #823609 [release.debian.org] jessie-pu: package openssl/1.0.1t-1+deb8u2 Added tag(s) pending. -- 823609: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823609 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#823609: jessie-pu: package openssl/1.0.1t-1+deb8u1
Control: tags -1 + pending On Sun, 2016-05-15 at 21:57 +0200, Kurt Roeckx wrote: > On Sun, May 15, 2016 at 08:09:06PM +0100, Adam D. Barratt wrote: > > On Wed, 2016-05-11 at 23:48 +0200, Sebastian Andrzej Siewior wrote: > > > control: retitle -1 jessie-pu: package openssl/1.0.1t-1+deb8u2 > > > > > > On 2016-05-06 16:07:15 [+0200], Kurt Roeckx wrote: > > > > > > > So I've prepared an update for jessie with version > > > > > > I prepared an u2 which updates some certs for the testsuite. The old > > > expired yesterday and so the testsuite fails and the package won't > > > build. New ones are valid till May 26 17:28:31 2023. > > > > Please go ahead. > > 1.0.1t-1+deb8u2 has been uploaded. Flagged for acceptance. Regards, Adam
Bug#823609: jessie-pu: package openssl/1.0.1t-1+deb8u1
On Sun, May 15, 2016 at 08:09:06PM +0100, Adam D. Barratt wrote: > On Wed, 2016-05-11 at 23:48 +0200, Sebastian Andrzej Siewior wrote: > > control: retitle -1 jessie-pu: package openssl/1.0.1t-1+deb8u2 > > > > On 2016-05-06 16:07:15 [+0200], Kurt Roeckx wrote: > > > > > So I've prepared an update for jessie with version > > > > I prepared an u2 which updates some certs for the testsuite. The old > > expired yesterday and so the testsuite fails and the package won't > > build. New ones are valid till May 26 17:28:31 2023. > > Please go ahead. 1.0.1t-1+deb8u2 has been uploaded. Kurt
Bug#823609: jessie-pu: package openssl/1.0.1t-1+deb8u1
On Wed, 2016-05-11 at 23:48 +0200, Sebastian Andrzej Siewior wrote: > control: retitle -1 jessie-pu: package openssl/1.0.1t-1+deb8u2 > > On 2016-05-06 16:07:15 [+0200], Kurt Roeckx wrote: > > > So I've prepared an update for jessie with version > > I prepared an u2 which updates some certs for the testsuite. The old > expired yesterday and so the testsuite fails and the package won't > build. New ones are valid till May 26 17:28:31 2023. Please go ahead. Regards, Adam
Bug#823609: jessie-pu: package openssl/1.0.1t-1+deb8u1
control: retitle -1 jessie-pu: package openssl/1.0.1t-1+deb8u2 On 2016-05-06 16:07:15 [+0200], Kurt Roeckx wrote: > So I've prepared an update for jessie with version I prepared an u2 which updates some certs for the testsuite. The old expired yesterday and so the testsuite fails and the package won't build. New ones are valid till May 26 17:28:31 2023. Sebastian --- debian/changelog| 7 + debian/patches/Update-S-MIME-certificates.patch | 596 debian/patches/series | 1 + test/smime-certs/smdsa1.pem | 75 +-- test/smime-certs/smdsa2.pem | 75 +-- test/smime-certs/smdsa3.pem | 75 +-- test/smime-certs/smroot.pem | 75 +-- test/smime-certs/smrsa1.pem | 74 +-- test/smime-certs/smrsa2.pem | 74 +-- test/smime-certs/smrsa3.pem | 74 +-- 10 files changed, 921 insertions(+), 205 deletions(-) create mode 100644 debian/patches/Update-S-MIME-certificates.patch diff --git a/debian/changelog b/debian/changelog index f4f2bc0e7252..6bb8146b4957 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +openssl (1.0.1t-1+deb8u2) jessie; urgency=medium + + * add Update-S-MIME-certificates.patch to update expired certificates to +pass the test suite + + -- Sebastian Andrzej SiewiorWed, 11 May 2016 23:22:52 +0200 + openssl (1.0.1t-1+deb8u1) jessie; urgency=medium [ Sebastian Andrzej Siewior ] diff --git a/debian/patches/Update-S-MIME-certificates.patch b/debian/patches/Update-S-MIME-certificates.patch new file mode 100644 index ..5b6b87b8bd68 --- /dev/null +++ b/debian/patches/Update-S-MIME-certificates.patch @@ -0,0 +1,596 @@ +From 24762dee178bace3c39d6bdbea44f0455d9a240b Mon Sep 17 00:00:00 2001 +From: "Dr. Stephen Henson" +Date: Wed, 11 May 2016 18:00:52 +0100 +Subject: [PATCH] Update S/MIME certificates. + +Reviewed-by: Viktor Dukhovni +--- + test/smime-certs/smdsa1.pem | 75 ++--- + test/smime-certs/smdsa2.pem | 75 ++--- + test/smime-certs/smdsa3.pem | 75 ++--- + test/smime-certs/smroot.pem | 75 - + test/smime-certs/smrsa1.pem | 74 +++- + test/smime-certs/smrsa2.pem | 74 +++- + test/smime-certs/smrsa3.pem | 74 +++- + 7 files changed, 317 insertions(+), 205 deletions(-) + +diff --git a/test/smime-certs/smdsa1.pem b/test/smime-certs/smdsa1.pem +index d5677dbfbec4..b424f6704ed9 100644 +--- a/test/smime-certs/smdsa1.pem b/test/smime-certs/smdsa1.pem +@@ -1,34 +1,47 @@ +--BEGIN DSA PRIVATE KEY- +-MIIBuwIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 +-OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt +-GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J +-jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt +-wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK +-+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z +-SJCBQw5zAoGATQlPPF+OeU8nu3rsdXGDiZdJzOkuCce3KQfTABA9C+Dk4CVcvBdd +-YRLGpnykumkNTO1sTO+4/Gphsuje1ujK9td4UEhdYqylCe5QjEMrszDlJtelDQF9 +-C0yhdjKGTP0kxofLhsGckcuQvcKEKffT2pDDKJIy4vWQO0UyJl1vjLcCFG2uiGGx +-9fMUZq1v0ePD4Wo0Xkxo +--END DSA PRIVATE KEY- ++-BEGIN PRIVATE KEY- ++MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6 ++k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou ++zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO ++wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK ++v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC ++0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA ++rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM ++zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx ++DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy ++xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9 ++ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h ++Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ ++TQMsxQQjAiEAkolGvb/76X3vm5Ov09ezqyBYt9cdj/FLH7DyMkxO7X0= ++-END PRIVATE KEY- + -BEGIN CERTIFICATE- +-MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsWMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +-BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv +-TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx ++MIIFkDCCBHigAwIBAgIJANk5lu6mSyBDMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV ++BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv ++TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx +
Processed: Re: Bug#823609: jessie-pu: package openssl/1.0.1t-1+deb8u1
Processing control commands: > retitle -1 jessie-pu: package openssl/1.0.1t-1+deb8u2 Bug #823609 [release.debian.org] jessie-pu: package openssl/1.0.1t-1+deb8u1 Changed Bug title to 'jessie-pu: package openssl/1.0.1t-1+deb8u2' from 'jessie-pu: package openssl/1.0.1t-1+deb8u1'. -- 823609: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823609 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#823609: jessie-pu: package openssl/1.0.1t-1+deb8u1
Package: release.debian.org Tags: jessie User: release.debian@packages.debian.org Usertags: pu Hi, So I've prepared an update for jessie with version 1.0.1t-1+deb8u1. This are the changes: --- debian/changelog 2016-05-06 15:36:05.976438113 +0200 +++ debian/changelog 2016-05-06 15:56:17.562695936 +0200 @@ -1,3 +1,15 @@ +openssl (1.0.1t-1+deb8u1) jessie; urgency=medium + + [ Sebastian Andrzej Siewior ] + * Update to 1.0.1t stable release (drop applied patches and refresh existing +ones). +- Use alternate trust chains part of 1.0.1n (Closes: #774882). +- Use correct digest when exporting keying material (Closes: #807057) +- Fix CVE-2015-3197 (not affected, SSLv2 disabled) +- Fix CVE-2015-1793 (1.0.1n+ is affected and last upload was k) + + -- Kurt RoeckxFri, 06 May 2016 15:56:09 +0200 + openssl (1.0.1k-3+deb8u5) jessie-security; urgency=medium * Fix CVE-2016-2105 --- debian/rules 2014-10-15 19:11:07.097579808 +0200 +++ debian/rules 2016-05-06 14:16:42.757075129 +0200 @@ -50,6 +50,7 @@ # perl util/ssldir.pl /usr/lib/ssl # chmod +x debian/libtool ./Configure no-shared $(CONFARGS) debian-$(DEB_HOST_ARCH) + make depend make -f Makefile all $(MAKE_TEST) mv libcrypto.a libcrypto.static @@ -100,6 +101,7 @@ rm -f test/asn1test test/wp_test test/srptest test/jpaketest rm -f certs/demo/*.0 rm -rf crypto/aes/aes-armv4.S crypto/bn/armv4-gf2m.S crypto/modes/ghash-armv4.S crypto/sha/*.S + find . -type l -exec rm '{}' \; dh_clean install: build The patches in debian/patches have whitespace changes, and for the rest it removes a whole bunch of patches. Kurt