Debian

Available patches from Ubuntu

To see Ubuntu differences wrt. to Debian, write down a grep-dctrl query identifying the packages you're interested in:
grep-dctrl -n -sPackage Sources.Debian
(e.g. -FPackage linux-ntfs or linux-ntfs)

Modified packages are listed below:

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: openssl

openssl (1.1.1f-1ubuntu3) groovy; urgency=medium * Import https://github.com/openssl/openssl/pull/12272.patch to enable CET. -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 25 Jun 2020 14:18:43 +0100 openssl (1.1.1f-1ubuntu2) focal; urgency=medium * SECURITY UPDATE: Segmentation fault in SSL_check_chain - debian/patches/CVE-2020-1967-1.patch: add test for CVE-2020-1967 in test/recipes/70-test_sslsigalgs.t. - debian/patches/CVE-2020-1967-2.patch: fix NULL dereference in SSL_check_chain() for TLS 1.3 in ssl/t1_lib.c. - debian/patches/CVE-2020-1967-3.patch: fix test in test/recipes/70-test_sslsigalgs.t. - debian/patches/CVE-2020-1967-4.patch: fix test in test/recipes/70-test_sslsigalgs.t. - CVE-2020-1967 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 20 Apr 2020 07:53:50 -0400 openssl (1.1.1f-1ubuntu1) focal; urgency=low * Merge from Debian unstable. Remaining changes: - Replace duplicate files in the doc directory with symlinks. - debian/libssl1.1.postinst: + Display a system restart required notification on libssl1.1 upgrade on servers. + Use a different priority for libssl1.1/restart-services depending on whether a desktop, or server dist-upgrade is being performed. + Bump version check to to 1.1.1. + Import libraries/restart-without-asking template as used by above. - Revert "Enable system default config to enforce TLS1.2 as a minimum" & "Increase default security level from 1 to 2". - Reword the NEWS entry, as applicable on Ubuntu. - Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20 and ECC from master. - Use perl:native in the autopkgtest for installability on i386. - Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions below 1.2 and update documentation. Previous default of 1, can be set by calling SSL_CTX_set_security_level(), SSL_set_security_level() or using ':@SECLEVEL=1' CipherString value in openssl.cfg. -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 03 Apr 2020 18:31:00 +0100

Modifications :
  1. Download patch debian/po/ca.po

    --- 1.1.1f-1/debian/po/ca.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/ca.po 2020-04-01 15:57:22.000000000 +0000 @@ -94,5 +94,24 @@ msgstr "" "Aquests els haureu d'iniciar manualment executant «/etc/init.d/<servei> " "start»." +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" + #~ msgid "${services}" #~ msgstr "${services}"
  2. Download patch debian/patches/0024-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-a.patch
  3. Download patch debian/patches/0001-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
  4. Download patch debian/tests/control

    --- 1.1.1f-1/debian/tests/control 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/tests/control 2020-04-01 15:57:11.000000000 +0000 @@ -1,3 +1,3 @@ Tests: run-25-test-verify -Depends: openssl, perl +Depends: openssl, perl:native Restrictions: rw-build-tree, allow-stderr
  5. Download patch debian/po/lt.po

    --- 1.1.1f-1/debian/po/lt.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/lt.po 2020-04-01 15:57:22.000000000 +0000 @@ -103,3 +103,22 @@ msgid "" "You will need to start these manually by running '/etc/init.d/<service> " "start'." msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr ""
  6. Download patch debian/patches/pic.patch

    --- 1.1.1f-1/debian/patches/pic.patch 2020-03-31 21:49:47.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/patches/pic.patch 2020-06-25 13:18:26.000000000 +0000 @@ -9,10 +9,10 @@ Subject: pic crypto/x86cpuid.pl | 10 +++++----- 4 files changed, 55 insertions(+), 12 deletions(-) -diff --git a/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl -index ef7054e27506..50765d2b1552 100644 ---- a/crypto/des/asm/desboth.pl -+++ b/crypto/des/asm/desboth.pl +Index: openssl-1.1.1f/crypto/des/asm/desboth.pl +=================================================================== +--- openssl-1.1.1f.orig/crypto/des/asm/desboth.pl ++++ openssl-1.1.1f/crypto/des/asm/desboth.pl @@ -23,6 +23,11 @@ sub DES_encrypt3 &push("edi"); @@ -50,10 +50,10 @@ index ef7054e27506..50765d2b1552 100644 &stack_pop(3); &mov($L,&DWP(0,"ebx","",0)); -diff --git a/crypto/perlasm/cbc.pl b/crypto/perlasm/cbc.pl -index 01bafe457d68..c093be5a4fd6 100644 ---- a/crypto/perlasm/cbc.pl -+++ b/crypto/perlasm/cbc.pl +Index: openssl-1.1.1f/crypto/perlasm/cbc.pl +=================================================================== +--- openssl-1.1.1f.orig/crypto/perlasm/cbc.pl ++++ openssl-1.1.1f/crypto/perlasm/cbc.pl @@ -129,7 +129,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call &mov(&DWP($data_off+4,"esp","",0), "ebx"); # @@ -67,7 +67,7 @@ index 01bafe457d68..c093be5a4fd6 100644 &mov("eax", &DWP($data_off,"esp","",0)); &mov("ebx", &DWP($data_off+4,"esp","",0)); -@@ -192,7 +196,11 @@ sub cbc +@@ -199,7 +203,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call &mov(&DWP($data_off+4,"esp","",0), "ebx"); # @@ -80,7 +80,7 @@ index 01bafe457d68..c093be5a4fd6 100644 &mov("eax", &DWP($data_off,"esp","",0)); &mov("ebx", &DWP($data_off+4,"esp","",0)); -@@ -225,7 +233,11 @@ sub cbc +@@ -232,7 +240,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put back &mov(&DWP($data_off+4,"esp","",0), "ebx"); # @@ -93,7 +93,7 @@ index 01bafe457d68..c093be5a4fd6 100644 &mov("eax", &DWP($data_off,"esp","",0)); # get return &mov("ebx", &DWP($data_off+4,"esp","",0)); # -@@ -268,7 +280,11 @@ sub cbc +@@ -275,7 +287,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put back &mov(&DWP($data_off+4,"esp","",0), "ebx"); # @@ -106,19 +106,19 @@ index 01bafe457d68..c093be5a4fd6 100644 &mov("eax", &DWP($data_off,"esp","",0)); # get return &mov("ebx", &DWP($data_off+4,"esp","",0)); # -diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl -index 5c7ea3880e4d..7e49b55e97c7 100644 ---- a/crypto/perlasm/x86gas.pl -+++ b/crypto/perlasm/x86gas.pl -@@ -170,6 +170,7 @@ sub ::file_end +Index: openssl-1.1.1f/crypto/perlasm/x86gas.pl +=================================================================== +--- openssl-1.1.1f.orig/crypto/perlasm/x86gas.pl ++++ openssl-1.1.1f/crypto/perlasm/x86gas.pl +@@ -171,6 +171,7 @@ sub ::file_end if ($::macosx) { push (@out,"$tmp,2\n"); } elsif ($::elf) { push (@out,"$tmp,4\n"); } else { push (@out,"$tmp\n"); } + if ($::elf) { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); } } push(@out,$initseg) if ($initseg); - } -@@ -228,8 +229,23 @@ ___ + if ($::elf) { +@@ -249,8 +250,23 @@ ___ elsif ($::elf) { $initseg.=<<___; .section .init @@ -142,10 +142,10 @@ index 5c7ea3880e4d..7e49b55e97c7 100644 } elsif ($::coff) { $initseg.=<<___; # applies to both Cygwin and Mingw -diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl -index ba4fd80fb32e..18c124707587 100644 ---- a/crypto/x86cpuid.pl -+++ b/crypto/x86cpuid.pl +Index: openssl-1.1.1f/crypto/x86cpuid.pl +=================================================================== +--- openssl-1.1.1f.orig/crypto/x86cpuid.pl ++++ openssl-1.1.1f/crypto/x86cpuid.pl @@ -18,6 +18,8 @@ open OUT,">$output"; for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } @@ -155,7 +155,7 @@ index ba4fd80fb32e..18c124707587 100644 &function_begin("OPENSSL_ia32_cpuid"); &xor ("edx","edx"); &pushf (); -@@ -163,9 +165,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } +@@ -163,9 +165,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3 &set_label("nocpuid"); &function_end("OPENSSL_ia32_cpuid"); @@ -166,7 +166,7 @@ index ba4fd80fb32e..18c124707587 100644 &xor ("eax","eax"); &xor ("edx","edx"); &picmeup("ecx","OPENSSL_ia32cap_P"); -@@ -179,7 +179,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } +@@ -179,7 +179,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3 # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host], # but it's safe to call it on any [supported] 32-bit platform... # Just check for [non-]zero return value... @@ -175,7 +175,7 @@ index ba4fd80fb32e..18c124707587 100644 &picmeup("ecx","OPENSSL_ia32cap_P"); &bt (&DWP(0,"ecx"),4); &jnc (&label("nohalt")); # no TSC -@@ -246,7 +246,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } +@@ -246,7 +246,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3 &ret (); &function_end_B("OPENSSL_far_spin");
  7. Download patch debian/patches/0016-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch

    --- 1.1.1f-1/debian/patches/0016-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/patches/0016-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch 2020-04-03 17:29:24.000000000 +0000 @@ -0,0 +1,74 @@ +From 7fdfe28c43ebd49636f51b636dbd956d06e5295a Mon Sep 17 00:00:00 2001 +From: Patrick Steuer <patrick.steuer@de.ibm.com> +Date: Wed, 26 Jun 2019 23:41:35 +0200 +Subject: [PATCH 16/25] s390x assembly pack: update OPENSSL_s390xcap(3) + +Add description of capability vector's pcc and kma parts. + +Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> + +Reviewed-by: Richard Levitte <levitte@openssl.org> +Reviewed-by: Shane Lontis <shane.lontis@oracle.com> +(Merged from https://github.com/openssl/openssl/pull/9258) + +(cherry picked from commit da93b5cc2bc931b998f33ee432bc1ae2b38fccca) +Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> +--- + doc/man3/OPENSSL_s390xcap.pod | 21 ++++++++++++++++++--- + 1 file changed, 18 insertions(+), 3 deletions(-) + +diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod +index 20a6833d96..80528a597f 100644 +--- a/doc/man3/OPENSSL_s390xcap.pod ++++ b/doc/man3/OPENSSL_s390xcap.pod +@@ -34,14 +34,14 @@ There are three types of tokens: + The name of a processor generation. A bit in the environment variable's + mask is set to one if and only if the specified processor generation + implements the corresponding instruction set extension. Possible values +-are z900, z990, z9, z10, z196, zEC12, z13 and z14. ++are z900, z990, z9, z10, z196, zEC12, z13, z14 and z15. + + =item <string>:<mask>:<mask> + + The name of an instruction followed by two 64-bit masks. The part of the + environment variable's mask corresponding to the specified instruction is + set to the specified 128-bit mask. Possible values are kimd, klmd, km, kmc, +-kmac, kmctr, kmo, kmf, prno and kma. ++kmac, kmctr, kmo, kmf, prno, kma, pcc and kdsa. + + =item stfle:<mask>:<mask>:<mask> + +@@ -139,6 +139,21 @@ the numbering is continuous across 64-bit mask boundaries. + # 20 1<<43 KMA-GCM-AES-256 + : + ++ pcc : ++ : ++ # 64 1<<63 PCC-Scalar-Multiply-P256 ++ # 65 1<<62 PCC-Scalar-Multiply-P384 ++ # 66 1<<61 PCC-Scalar-Multiply-P521 ++ ++ kdsa : ++ # 1 1<<62 KDSA-ECDSA-Verify-P256 ++ # 2 1<<61 KDSA-ECDSA-Verify-P384 ++ # 3 1<<60 KDSA-ECDSA-Verify-P521 ++ # 9 1<<54 KDSA-ECDSA-Sign-P256 ++ # 10 1<<53 KDSA-ECDSA-Sign-P384 ++ # 11 1<<52 KDSA-ECDSA-Sign-P521 ++ : ++ + =head1 RETURN VALUES + + Not available. +@@ -159,7 +174,7 @@ Disables the KM-XTS-AES and and the KIMD-SHAKE function codes: + + =head1 SEE ALSO + +-[1] z/Architecture Principles of Operation, SA22-7832-11 ++[1] z/Architecture Principles of Operation, SA22-7832-12 + + =head1 COPYRIGHT + +-- +2.25.1 +
  8. Download patch debian/po/ro.po

    --- 1.1.1f-1/debian/po/ro.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/ro.po 2020-04-01 15:57:22.000000000 +0000 @@ -94,3 +94,22 @@ msgid "" msgstr "" "Va trebui să le porniți manual cu o comandă de tipul „/etc/init.d/<serviciu> " "start'." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr ""
  9. Download patch debian/patches/0012-s390x-assembly-pack-remove-poly1305-dependency-on-no.patch

    --- 1.1.1f-1/debian/patches/0012-s390x-assembly-pack-remove-poly1305-dependency-on-no.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/patches/0012-s390x-assembly-pack-remove-poly1305-dependency-on-no.patch 2020-04-03 17:29:24.000000000 +0000 @@ -0,0 +1,33 @@ +From 7ecac2c4326ab42e85ffd98e7ce137c11fb54121 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer <patrick.steuer@de.ibm.com> +Date: Mon, 25 Mar 2019 18:23:59 +0100 +Subject: [PATCH 12/25] s390x assembly pack: remove poly1305 dependency on + non-base memnonics + +Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> + +Reviewed-by: Paul Dale <paul.dale@oracle.com> +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/8181) + +(cherry picked from commit 5ee08f45bcabc3cef0d7d7b2aa6ecad12ca4197b) +--- + crypto/poly1305/asm/poly1305-s390x.pl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/poly1305/asm/poly1305-s390x.pl b/crypto/poly1305/asm/poly1305-s390x.pl +index 5ee527a47b..4f4ed47665 100755 +--- a/crypto/poly1305/asm/poly1305-s390x.pl ++++ b/crypto/poly1305/asm/poly1305-s390x.pl +@@ -45,7 +45,7 @@ + use strict; + use FindBin qw($Bin); + use lib "$Bin/../.."; +-use perlasm::s390x qw(:DEFAULT :VX AUTOLOAD LABEL INCLUDE); ++use perlasm::s390x qw(:DEFAULT :LD :GE :EI :MI1 :VX AUTOLOAD LABEL INCLUDE); + + my $flavour = shift; + +-- +2.25.1 +
  10. Download patch debian/po/pt.po

    --- 1.1.1f-1/debian/po/pt.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/pt.po 2020-04-01 15:57:22.000000000 +0000 @@ -87,3 +87,29 @@ msgid "" "start'." msgstr "" "Terá que iniciá-los manualmente correndo '/etc/init.d/<serviço> start'." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "Reiniciar serviços sem perguntar durante a actualização do pacote?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Há serviços instalados no seu sistema que necessitam de ser reiniciados " +"quando são actualizadas certas bibliotecas, como libpam, libc e libssl. Uma " +"vez que estes reinícios podem causar interrupção de serviços no sistema, é-" +"lhe normalmente perguntado em cada actualização que serviços deseja " +"reiniciar. Pode escolher esta opção para que os reinícios necessários sejam " +"automaticamente tratados pelo processo de actualização em vez de lhe serem " +"colocadas questões."
  11. Download patch debian/patches/0005-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch
  12. Download patch debian/po/eu.po

    --- 1.1.1f-1/debian/po/eu.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/eu.po 2020-04-01 15:57:22.000000000 +0000 @@ -91,5 +91,24 @@ msgid "" msgstr "" "Eskuz berrabiarazi beharko dituzu '/etc/ init.d/<zerbitzua> start' eginez." +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" + #~ msgid "${services}" #~ msgstr "${services}"
  13. Download patch debian/rules

    --- 1.1.1f-1/debian/rules 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/rules 2020-04-01 15:57:10.000000000 +0000 @@ -12,6 +12,7 @@ include /usr/share/dpkg/architecture.mk include /usr/share/dpkg/pkg-info.mk export DEB_BUILD_MAINT_OPTIONS = hardening=+all +export DEB_CFLAGS_MAINT_APPEND = -DOPENSSL_TLS_SECURITY_LEVEL=2 SHELL=/bin/bash @@ -139,6 +140,15 @@ override_dh_fixperms: fi dh_fixperms -a -X etc/ssl/private +override_dh_compress: + dh_compress + # symlink doc files + for p in openssl libssl-dev; do \ + for f in changelog.Debian.gz changelog.gz copyright; do \ + ln -sf ../libssl1.1/$$f debian/$$p/usr/share/doc/$$p/$$f; \ + done; \ + done + override_dh_perl: dh_perl -d
  14. Download patch debian/po/sk.po

    --- 1.1.1f-1/debian/po/sk.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/sk.po 2020-04-01 15:57:22.000000000 +0000 @@ -84,3 +84,30 @@ msgid "" "start'." msgstr "" "Budete ich musieť reštartovať ručne spustením „/etc/init.d/<service> start“." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "Reštartovať služby počas aktualizácie balíka bez pýtania sa?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Na vašom systéme sú nainštalované služby, ktoré je potrebné reštartovať pri " +"aktualizácii určitých knižníc ako libpam, libc, a libssl. Keďže tieto " +"reštarty môžu spôsobiť prerušenie služby systému, za bežných okolností sa " +"vám systém správy balíkov pri každej aktualizácii ponúkne zoznam služieb, " +"ktoré chcete reštartovať. Môžete zvoliť, aby sa vás systém správy balíkov už " +"viac nepýtal, ale aby sa namiesto toho všetky potrebné reštarty vykonávali " +"automaticky, takže sa vyhnete kladeniu otázok pri každej aktualizácii " +"knižnice."
  15. Download patch debian/patches/0007-s390x-assembly-pack-import-chacha-from-cryptogams-re.patch
  16. Download patch debian/po/uk.po

    --- 1.1.1f-1/debian/po/uk.po 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/uk.po 2019-06-20 16:58:44.000000000 +0000 @@ -0,0 +1,105 @@ +# translation of uk.po to Ukrainian +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +# Eugeniy Meshcheryakov <eugen@univ.kiev.ua>, 2004, 2006. +msgid "" +msgstr "" +"Project-Id-Version: uk\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2019-06-20 17:58+0100\n" +"PO-Revision-Date: 2006-02-21 10:12+0200\n" +"Last-Translator: Eugeniy Meshcheryakov <eugen@univ.kiev.ua>\n" +"Language-Team: Ukrainian\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.2\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" +"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" + +#. Type: error +#. Description +#: ../libssl1.1.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl1.1.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" + +#. Type: error +#. Description +#: ../libssl1.1.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr ""
  17. Download patch debian/po/nb.po

    --- 1.1.1f-1/debian/po/nb.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/nb.po 2020-04-01 15:57:22.000000000 +0000 @@ -47,8 +47,8 @@ msgid "" "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" -"Kontroller lista over funne tjenester som trenger omstart. Rett på lista " -"om den er feil. Tjenestenavnene må være lik skript-navnene i /etc/init.d, og " +"Kontroller lista over funne tjenester som trenger omstart. Rett på lista om " +"den er feil. Tjenestenavnene må være lik skript-navnene i /etc/init.d, og " "være atskilt med mellomrom. Hvis du tømmer lista blir ingen tjenester " "omstartet." @@ -62,8 +62,7 @@ msgid "" msgstr "" "Hvis andre tjenester begynner å svikte på mystisk måte etter denne " "oppgraderingen, så blir det anbefalt at maskinen stoppes og startes for å " -"unngå vansker i " -"forbindelse med SSL." +"unngå vansker i forbindelse med SSL." #. Type: error #. Description @@ -80,8 +79,8 @@ msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" -"Følgende tjenester kunne ikke restartes for oppgradering av " -"OpenSSL-biblioteket:" +"Følgende tjenester kunne ikke restartes for oppgradering av OpenSSL-" +"biblioteket:" #. Type: error #. Description @@ -91,3 +90,28 @@ msgid "" "start'." msgstr "Du må starte disse manuelt ved å kjøre «/etc/init.d/<service> start»." +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "Skal tjenester restartes uten spørsmål under pakkeoppgraderinger?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"På systemet ditt finnes det tjenester som må startes på nytt når visse " +"biblioteker, slik som libpam, libc og libssl, oppgraderes. Slike omstarter " +"kan avbryte tjenester på systemet, og normalt blir du spurt ved hver " +"oppgradering om hvilke tjenester du vil starte på nytt. Du kan slå på dette " +"valget for å slippe å bli spurt, da blir i stedet alle nødvendige omstarter " +"gjort automatisk slik at du ikke får spørsmål ved hver " +"biblioteksoppgradering."
  18. Download patch debian/patches/0021-OPENSSL_s390xcap.pod-list-msa9-facility-bit-155.patch

    --- 1.1.1f-1/debian/patches/0021-OPENSSL_s390xcap.pod-list-msa9-facility-bit-155.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/patches/0021-OPENSSL_s390xcap.pod-list-msa9-facility-bit-155.patch 2020-04-03 17:29:24.000000000 +0000 @@ -0,0 +1,32 @@ +From 65734fa53b55dd541095ea6091df43ce96daed66 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer <patrick.steuer@de.ibm.com> +Date: Fri, 12 Jul 2019 13:47:32 +0200 +Subject: [PATCH 21/25] OPENSSL_s390xcap.pod: list msa9 facility bit (155) + +Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> + +Reviewed-by: Richard Levitte <levitte@openssl.org> +Reviewed-by: Shane Lontis <shane.lontis@oracle.com> +(Merged from https://github.com/openssl/openssl/pull/9348) + +(cherry picked from commit 3ded2288a45d2cc3a27a1b08d29499cbcec52c0e) +Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> +--- + doc/man3/OPENSSL_s390xcap.pod | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod +index 80528a597f..e1c7d7030f 100644 +--- a/doc/man3/OPENSSL_s390xcap.pod ++++ b/doc/man3/OPENSSL_s390xcap.pod +@@ -72,6 +72,7 @@ the numbering is continuous across 64-bit mask boundaries. + #134 1<<57 vector packed decimal facility + #135 1<<56 vector enhancements facility 1 + #146 1<<45 message-security assist extension 8 ++ #155 1<<36 message-security assist extension 9 + + kimd : + # 1 1<<62 KIMD-SHA-1 +-- +2.25.1 +
  19. Download patch debian/po/nl.po

    --- 1.1.1f-1/debian/po/nl.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/nl.po 2020-04-01 15:57:22.000000000 +0000 @@ -99,5 +99,32 @@ msgstr "" "U zult deze handmatig moeten herstarten via het commando '/etc/init.d/" "<dienst> start'." +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "Diensten zonder vragen herstarten bij het opwaarderen van pakketten?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Er zijn diensten op uw systeem geïnstalleerd die moeten worden herstart " +"wanneer bepaalde bibliotheken, zoals libpam, libc en libssl, worden " +"opgewaardeerd. Omdat deze herstarts dienstonderbrekingen op uw systeem " +"kunnen veroorzaken, wordt u normaal gesproken bij elke opwaardering gevraagd " +"welke diensten u wilt herstarten. Als u voor deze optie kiest wordt dit niet " +"meer aan u gevraagd. In plaats daarvan worden alle noodzakelijke herstarts " +"automatisch gedaan zodat u geen vragen krijgt bij elke opwaardering van een " +"bibliotheek." + #~ msgid "${services}" #~ msgstr "${services}"
  20. Download patch debian/control

    --- 1.1.1f-1/debian/control 2020-03-31 21:46:50.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/control 2020-04-01 15:57:10.000000000 +0000 @@ -2,7 +2,8 @@ Source: openssl Build-Depends: debhelper-compat (= 12), m4, bc, dpkg-dev (>= 1.15.7) Section: utils Priority: optional -Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> Uploaders: Christoph Martin <christoph.martin@uni-mainz.de>, Kurt Roeckx <kurt@roeckx.be>, Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Standards-Version: 4.5.0 Vcs-Browser: https://salsa.debian.org/debian/openssl
  21. Download patch debian/po/pl.po

    --- 1.1.1f-1/debian/po/pl.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/pl.po 2020-04-01 15:57:22.000000000 +0000 @@ -47,8 +47,8 @@ msgid "" "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" -"Proszę sprawdzić listę wykrytych usług, które powinny zostać zrestartowane, i " -"poprawić ją, jeśli to konieczne. Nazwy usług muszą się zgadzać z nazwami " +"Proszę sprawdzić listę wykrytych usług, które powinny zostać zrestartowane, " +"i poprawić ją, jeśli to konieczne. Nazwy usług muszą się zgadzać z nazwami " "skryptów startowych w /etc/init.d i muszą być rozdzielone spacjami. Jeśli " "lista będzie pusta, żadne usługi nie zostaną zrestartowane." @@ -60,9 +60,9 @@ msgid "" "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" -"Każda usługa w której wystąpi nieoczekiwany błąd po tej aktualizacji, powinna " -"zostać zrestartowana. Zaleca się ponowne uruchomienie komputera, co umożliwi " -"uniknięcie wszystkich problemów związanych z SSL." +"Każda usługa w której wystąpi nieoczekiwany błąd po tej aktualizacji, " +"powinna zostać zrestartowana. Zaleca się ponowne uruchomienie komputera, co " +"umożliwi uniknięcie wszystkich problemów związanych z SSL." #. Type: error #. Description @@ -90,7 +90,31 @@ msgid "" "You will need to start these manually by running '/etc/init.d/<service> " "start'." msgstr "" -"Należy zrestartować te usługi ręcznie, przez wykonanie \"/etc/init.d/<usługa> " -"start\"" +"Należy zrestartować te usługi ręcznie, przez wykonanie \"/etc/init.d/" +"<usługa> start\"" +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "Zrestartować usługi podczas aktualizacji pakietu bez pytania?" +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Niektóre z zainstalowanych usług wymagają restartu, gdy są aktualizowane " +"określone biblioteki (np. libpam, libc i libss1). Ponieważ restarty mogą " +"spowodować przerwanie tych usług, użytkownik jest zwykle pytany podczas " +"każdej aktualizacji o listę usług, które chce zrestartować. Można wybrać tę " +"opcję, aby zapobiec takim pytaniom; wtedy wszystkie potrzebne restarty " +"odbędą się automatycznie, a użytkownik uniknie pytania przy każdej " +"aktualizacji biblioteki."
  22. Download patch debian/po/ar.po

    --- 1.1.1f-1/debian/po/ar.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/ar.po 2020-04-01 15:57:22.000000000 +0000 @@ -87,3 +87,22 @@ msgid "" msgstr "" "يجب أن تقوم بتشغيل هذه الخدمات يدوياً بتفيذ الأمر '/etc/init.d/<service> " "start'." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr ""
  23. Download patch debian/libssl1.1.templates

    --- 1.1.1f-1/debian/libssl1.1.templates 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/libssl1.1.templates 2020-04-01 15:57:10.000000000 +0000 @@ -28,3 +28,15 @@ _Description: Failure restarting some se You will need to start these manually by running '/etc/init.d/<service> start'. +Template: libraries/restart-without-asking +Type: boolean +Default: false +_Description: Restart services during package upgrades without asking? + There are services installed on your system which need to be restarted + when certain libraries, such as libpam, libc, and libssl, are upgraded. + Since these restarts may cause interruptions of service for the system, + you will normally be prompted on each upgrade for the list of services + you wish to restart. You can choose this option to avoid being prompted; + instead, all necessary restarts will be done for you automatically so you + can avoid being asked questions on each library upgrade. +
  24. Download patch debian/patches/tests-use-seclevel-1.patch
  25. Download patch debian/patches/0015-Place-return-values-after-examples-in-doc.patch

    --- 1.1.1f-1/debian/patches/0015-Place-return-values-after-examples-in-doc.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/patches/0015-Place-return-values-after-examples-in-doc.patch 2020-04-03 17:29:24.000000000 +0000 @@ -0,0 +1,43 @@ +From da8ef7c092f28d8c78ba03f809546c71101704a8 Mon Sep 17 00:00:00 2001 +From: Paul Yang <yang.yang@baishancloud.com> +Date: Tue, 26 Feb 2019 13:11:10 +0800 +Subject: [PATCH 15/25] Place return values after examples in doc + +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/8338) + +(cherry picked from commit 4564e77ae9dd1866e8a033f03511b6a1792c024e) +Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> +--- + doc/man3/OPENSSL_s390xcap.pod | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod +index 550136a82b..20a6833d96 100644 +--- a/doc/man3/OPENSSL_s390xcap.pod ++++ b/doc/man3/OPENSSL_s390xcap.pod +@@ -139,6 +139,10 @@ the numbering is continuous across 64-bit mask boundaries. + # 20 1<<43 KMA-GCM-AES-256 + : + ++=head1 RETURN VALUES ++ ++Not available. ++ + =head1 EXAMPLES + + Disables all instruction set extensions which the z196 processor does not implement: +@@ -153,10 +157,6 @@ Disables the KM-XTS-AES and and the KIMD-SHAKE function codes: + + OPENSSL_s390xcap="km:~0x2800:~0;kimd:~0xc000000:~0" + +-=head1 RETURN VALUES +- +-Not available. +- + =head1 SEE ALSO + + [1] z/Architecture Principles of Operation, SA22-7832-11 +-- +2.25.1 +
  26. Download patch debian/po/zh_CN.po

    --- 1.1.1f-1/debian/po/zh_CN.po 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/zh_CN.po 2019-06-20 16:58:44.000000000 +0000 @@ -0,0 +1,106 @@ +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +# Hiei Xu <nicky@mail.edu.cn>, 2004. +# Carlos Z.F. Liu <carlos_liu@yahoo.com>, 2004. +# LI Daobing <lidaobing@gmail.com>, 2007, 2008. +# +# +msgid "" +msgstr "" +"Project-Id-Version: glibc 2.7-9\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2019-06-20 17:58+0100\n" +"PO-Revision-Date: 2008-02-28 23:44+0800\n" +"Last-Translator: LI Daobing <lidaobing@gmail.com>\n" +"Language-Team: Chinese (Simplified) <debian-chinese-gb@lists.debian.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" + +#. Type: error +#. Description +#: ../libssl1.1.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl1.1.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" + +#. Type: error +#. Description +#: ../libssl1.1.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr ""
  27. Download patch debian/po/fi.po

    --- 1.1.1f-1/debian/po/fi.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/fi.po 2020-04-01 15:57:22.000000000 +0000 @@ -89,5 +89,33 @@ msgid "" msgstr "" "Nämä tarvitsee käynnistää käsin ajamalla ”/etc/init.d/<palvelu> start”." +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" +"Käynnistetäänkö palvelut kysymättä uudelleen pakettien päivityksen " +"yhteydessä?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Järjestelmässäsi on asennettuna palveluita, jotka tulee käynnistää uudelleen " +"päivitettäessä tiettyjä ohjelmakirjastoja, kuten libpam, libc ja libssl. " +"Koska palveluiden uudelleenkäynnistys saattaa aiheuttaa katkoja palveluihin, " +"kunkin päivityksen yhteydessä yleensä kysytään luetteloa käynnistettävistä " +"palveluista. Voit valita tämän vaihtoehdon, jos et halua nähdä kysymystä " +"jokaisen kirjastopäivityksen yhteydessä. Tällöin tarvittavat palvelut " +"käynnistetään uudelleen automaattisesti." + #~ msgid "${services}" #~ msgstr "${services}"
  28. Download patch debian/patches/0003-s390x-assembly-pack-perlasm-support.patch
  29. Download patch debian/patches/0014-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch
  30. Download patch debian/patches/0011-s390x-assembly-pack-remove-chacha20-dependency-on-no.patch

    --- 1.1.1f-1/debian/patches/0011-s390x-assembly-pack-remove-chacha20-dependency-on-no.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/patches/0011-s390x-assembly-pack-remove-chacha20-dependency-on-no.patch 2020-04-03 17:29:24.000000000 +0000 @@ -0,0 +1,33 @@ +From 292cd2879dc6dcd1923e606a0ebc719425f643b9 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer <patrick.steuer@de.ibm.com> +Date: Mon, 25 Mar 2019 18:22:02 +0100 +Subject: [PATCH 11/25] s390x assembly pack: remove chacha20 dependency on + non-base memnonics + +Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> + +Reviewed-by: Paul Dale <paul.dale@oracle.com> +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/8181) + +(cherry picked from commit 302aa3c26d9e716ed4a3fba453faafa7acadf22c) +--- + crypto/chacha/asm/chacha-s390x.pl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/chacha/asm/chacha-s390x.pl b/crypto/chacha/asm/chacha-s390x.pl +index 040ce391c0..16a90c6ae6 100755 +--- a/crypto/chacha/asm/chacha-s390x.pl ++++ b/crypto/chacha/asm/chacha-s390x.pl +@@ -40,7 +40,7 @@ + use strict; + use FindBin qw($Bin); + use lib "$Bin/../.."; +-use perlasm::s390x qw(:DEFAULT :VX AUTOLOAD LABEL INCLUDE); ++use perlasm::s390x qw(:DEFAULT :VX :LD AUTOLOAD LABEL INCLUDE); + + my $flavour = shift; + +-- +2.25.1 +
  31. Download patch debian/po/zh_TW.po

    --- 1.1.1f-1/debian/po/zh_TW.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/zh_TW.po 2020-04-01 15:57:22.000000000 +0000 @@ -77,3 +77,22 @@ msgid "" "You will need to start these manually by running '/etc/init.d/<service> " "start'." msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr ""
  32. Download patch debian/patches/0025-Add-self-generated-test-vector-for-x448-non-canonica.patch

    --- 1.1.1f-1/debian/patches/0025-Add-self-generated-test-vector-for-x448-non-canonica.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/patches/0025-Add-self-generated-test-vector-for-x448-non-canonica.patch 2020-04-03 17:29:25.000000000 +0000 @@ -0,0 +1,49 @@ +From f30d6611bcc324807cd4534d8bca9f841a1f8902 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer <patrick.steuer@de.ibm.com> +Date: Sun, 3 Nov 2019 00:01:20 +0100 +Subject: [PATCH 25/25] Add self-generated test vector for x448 non-canonical + values + +x25519 has such a test vector obtained from wycheproof but wycheproof +does not have a corresponding x448 test vector. +So add a self-generated test vector for that case. + +Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> + +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10339) + +(cherry picked from commit fd60f8da74c68ba56f828bcc59141856503ffa0a) +Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> +--- + test/recipes/30-test_evp_data/evppkey.txt | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/test/recipes/30-test_evp_data/evppkey.txt b/test/recipes/30-test_evp_data/evppkey.txt +index 736e0ce4d3..a049f19694 100644 +--- a/test/recipes/30-test_evp_data/evppkey.txt ++++ b/test/recipes/30-test_evp_data/evppkey.txt +@@ -814,6 +814,8 @@ PublicKeyRaw=Bob-448-PUBLIC-Raw:X448:3eb7a829b0cd20f5bcfc0b599b6feccf6da4627107b + + PrivPubKeyPair = Bob-448-Raw:Bob-448-PUBLIC-Raw + ++PublicKeyRaw=Bob-448-PUBLIC-Raw-NonCanonical:X448:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff ++ + Derive=Alice-448 + PeerKey=Bob-448-PUBLIC + SharedSecret=07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d +@@ -830,6 +832,11 @@ Derive=Bob-448-Raw + PeerKey=Alice-448-PUBLIC-Raw + SharedSecret=07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d + ++# Self-generated non-canonical ++Derive=Alice-448-Raw ++PeerKey=Bob-448-PUBLIC-Raw-NonCanonical ++SharedSecret=66e2e682b1f8e68c809f1bb3e406bd826921d9c1a5bfbfcbab7ae72feecee63660eabd54934f3382061d17607f581a90bdac917a064959fb ++ + # Illegal sign/verify operations with X448 key + + Sign=Alice-448 +-- +2.25.1 +
  33. Download patch debian/libssl1.1.postinst

    --- 1.1.1f-1/debian/libssl1.1.postinst 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/libssl1.1.postinst 2020-04-01 15:57:10.000000000 +0000 @@ -57,7 +57,9 @@ filerc() { if [ "$1" = "configure" ] then if [ ! -z "$2" ]; then - if dpkg --compare-versions "$2" lt 1.0.1g-2; then + # This triggers services restarting, so limit this to major upgrades + # only. Security updates should not restart services automatically. + if dpkg --compare-versions "$2" lt 1.1.1-1ubuntu2.1~18.04.2; then echo -n "Checking for services that may need to be restarted..." check="amanda-server anon-proxy apache2 apache-ssl" check="$check apf-firewall asterisk bacula-director-common" @@ -102,7 +104,7 @@ then ") echo "done." fi - if dpkg --compare-versions "$2" lt 1.0.1g-3; then + if dpkg --compare-versions "$2" lt 1.1.1-1ubuntu2.1~18.04.2; then echo -n "Checking for services that may need to be restarted..." check2="chef chef-expander chef-server-api" check2="$check2 chef-solr pound postgresql-common" @@ -152,7 +154,11 @@ then if [ "x$RET" != xtrue ]; then db_reset libssl1.1/restart-services db_set libssl1.1/restart-services "$services" - db_input critical libssl1.1/restart-services || true + if [ "$RELEASE_UPGRADE_MODE" = desktop ]; then + db_input medium libssl1.1/restart-services || true + else + db_input critical libssl1.1/restart-services || true + fi db_go || true db_get libssl1.1/restart-services @@ -200,7 +206,20 @@ then # Shut down the frontend, to make sure none of the # restarted services keep a connection open to it db_stop + fi # end upgrading and $2 lt 0.9.8c-2 + + # Here we issue the reboot notification for upgrades and + # security updates. We do want services to be restarted when we + # update for a security issue, but planned by the sysadmin, not + # automatically. + + # Only issue the reboot notification for servers; we proxy this by + # testing that the X server is not running (LP: #244250) + if ! pidof /usr/lib/xorg/Xorg > /dev/null && [ -x /usr/share/update-notifier/notify-reboot-required ]; then + /usr/share/update-notifier/notify-reboot-required + fi + fi # Upgrading fi
  34. Download patch debian/patches/0013-fix-strict-warnings-build.patch
  35. Download patch debian/patches/0004-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch
  36. Download patch debian/po/templates.pot

    --- 1.1.1f-1/debian/po/templates.pot 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/templates.pot 2020-04-01 15:57:11.000000000 +0000 @@ -74,3 +74,22 @@ msgid "" "You will need to start these manually by running '/etc/init.d/<service> " "start'." msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr ""
  37. Download patch debian/po/vi.po

    --- 1.1.1f-1/debian/po/vi.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/vi.po 2020-04-01 15:57:22.000000000 +0000 @@ -86,3 +86,22 @@ msgid "" msgstr "" "Vì thế bạn cần phải khởi chạy bằng tay, bằng cách chạy câu lệnh « /etc/init." "d/<tên_dịch_vụ> start »." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr ""
  38. Download patch debian/patches/0020-s390x-assembly-pack-accelerate-ECDSA.patch
  39. Download patch debian/patches/0023-s390x-assembly-pack-fix-OPENSSL_s390xcap-z15-cpu-mas.patch

    --- 1.1.1f-1/debian/patches/0023-s390x-assembly-pack-fix-OPENSSL_s390xcap-z15-cpu-mas.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/patches/0023-s390x-assembly-pack-fix-OPENSSL_s390xcap-z15-cpu-mas.patch 2020-04-03 17:29:24.000000000 +0000 @@ -0,0 +1,48 @@ +From aba5efd988fca1ae58c64c6cbc93cbd99144487f Mon Sep 17 00:00:00 2001 +From: Patrick Steuer <patrick.steuer@de.ibm.com> +Date: Tue, 24 Sep 2019 23:20:00 +0200 +Subject: [PATCH 23/25] s390x assembly pack: fix OPENSSL_s390xcap z15 cpu mask + +Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> + +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10004) + +(cherry picked from commit ac037dc874a721ca81a33b4314e26cef4a7e8d48) +Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> +--- + crypto/s390xcap.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c +index 00834e4f98..1f9851efc1 100644 +--- a/crypto/s390xcap.c ++++ b/crypto/s390xcap.c +@@ -547,7 +547,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) + S390X_CAPBIT(S390X_VX) + | S390X_CAPBIT(S390X_VXD) + | S390X_CAPBIT(S390X_VXE) +- | S390X_CAPBIT(S390X_MSA8), ++ | S390X_CAPBIT(S390X_MSA8) ++ | S390X_CAPBIT(S390X_MSA9), + 0ULL}, + /*.kimd = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_1) +@@ -611,11 +612,10 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, +- /*.pcc = */{S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P256) ++ /*.pcc = */{S390X_CAPBIT(S390X_QUERY), ++ S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P256) + | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P384) +- | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P521), +- 0ULL}, ++ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P521)}, + /*.kdsa = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_ECDSA_VERIFY_P256) + | S390X_CAPBIT(S390X_ECDSA_VERIFY_P384) +-- +2.25.1 +
  40. Download patch debian/po/da.po

    --- 1.1.1f-1/debian/po/da.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/da.po 2020-04-01 15:57:22.000000000 +0000 @@ -91,3 +91,29 @@ msgid "" "start'." msgstr "" "Du skal genstarte disse manuelt ved at køre '/etc/init.d/<tjeneste> start'." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "Genstart tjenester under pakkeopgraderinger uden at spørge?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Der er tjenester installeret på dit system, som kræver at blive genstartet " +"når bestemte biblioteker, såsom libpam, libc og libssl, opgraderes. Da disse " +"genstarter kan medføre forstyrrelse af systemets tjenester, vil du normalt " +"blive spurgt ved hver opgradering om listen over tjenester, du ønsker at " +"genstarte. Du kan vælge denne indstilling for at undgå at blive spurgt; i " +"stedet for vil alle nødvendige genstarter blive udført automatisk, så du kan " +"undgå spørgsmål ved hver biblioteksopgradering."
  41. Download patch debian/po/ko.po

    --- 1.1.1f-1/debian/po/ko.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/ko.po 2020-04-01 15:57:22.000000000 +0000 @@ -83,3 +83,22 @@ msgid "" "You will need to start these manually by running '/etc/init.d/<service> " "start'." msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr ""
  42. Download patch debian/po/ja.po

    --- 1.1.1f-1/debian/po/ja.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/ja.po 2020-04-01 15:57:22.000000000 +0000 @@ -80,3 +80,30 @@ msgid "" "start'." msgstr "" "開始するには '/etc/init.d/<service> start' を手動で実行する必要があります。" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" +"パッケージのアップグレード中、質問することなくサービスを再起動しますか?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"このシステムには、libpam や libc、libssl といった特定のライブラリがアップグ" +"レードされたときに再起動を必要とするサービスがインストールされています。この" +"再起動はそのシステムで動作しているサービスの中断を伴う可能性があるため、通常" +"は再起動させるサービス一覧をアップグレードの度に質問します。このオプションを" +"選択するとその質問を避けられます。代わりに、再起動が必要な場合は全て自動で再" +"起動させるため、ライブラリをアップグレードする度に質問されるのを避けられま" +"す。"
  43. Download patch debian/po/it.po

    --- 1.1.1f-1/debian/po/it.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/it.po 2020-04-01 15:57:22.000000000 +0000 @@ -88,3 +88,30 @@ msgid "" "start'." msgstr "" "È necessario avviarli manualmente con \"/etc/init.d/<servizio> start\"." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "Riavviare i servizi durante l'aggiornamento senza chiedere conferma?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Sul proprio sistema sono installati dei servizi che devono essere riavviati " +"dopo l'aggiornamento di determinate librerie, quali libpam, libc e libssl. " +"Poiché questi riavvii possono causare delle interruzioni dei servizi offerti " +"dal sistema normalmente, a ogni aggiornamento, viene mostrato l'elenco dei " +"servizi e viene chiesto di confermarne il riavvio. È possibile evitare che " +"sia chiesta la conferma del riavvio accettando questa opzione; saranno " +"effettuati automaticamente tutti i riavvii necessari senza fare domande per " +"ogni aggiornamento della libreria."
  44. Download patch debian/patches/0009-s390x-assembly-pack-allow-alignment-hints-for-vector.patch

    --- 1.1.1f-1/debian/patches/0009-s390x-assembly-pack-allow-alignment-hints-for-vector.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/patches/0009-s390x-assembly-pack-allow-alignment-hints-for-vector.patch 2020-04-03 17:29:24.000000000 +0000 @@ -0,0 +1,64 @@ +From a8ad22a341dc1ac377453d59e5f6db49b9bf2a0b Mon Sep 17 00:00:00 2001 +From: Patrick Steuer <patrick.steuer@de.ibm.com> +Date: Thu, 7 Feb 2019 16:44:05 +0100 +Subject: [PATCH 09/25] s390x assembly pack: allow alignment hints for vector + load/store + +z14 introduced alignment hints to help vector load/store +performance. For its predecessors, alignment hint defaults +to 0 (no alignment indicated). + +Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> + +Reviewed-by: Paul Dale <paul.dale@oracle.com> +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/8181) + +(cherry picked from commit 11aad862850cb2e639756e7126216b6cf38af26b) +--- + crypto/perlasm/s390x.pm | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/crypto/perlasm/s390x.pm b/crypto/perlasm/s390x.pm +index 5f3a49dd0c..c00218a0cc 100644 +--- a/crypto/perlasm/s390x.pm ++++ b/crypto/perlasm/s390x.pm +@@ -250,7 +250,7 @@ sub vgmg { + } + + sub vl { +- confess(err("ARGNUM")) if ($#_!=1); ++ confess(err("ARGNUM")) if ($#_<1||$#_>2); + VRX(0xe706,@_); + } + +@@ -345,7 +345,7 @@ sub vllezg { + } + + sub vlm { +- confess(err("ARGNUM")) if ($#_!=2); ++ confess(err("ARGNUM")) if ($#_<2||$#_>3); + VRSa(0xe736,@_); + } + +@@ -548,7 +548,7 @@ sub vsegf { + } + + sub vst { +- confess(err("ARGNUM")) if ($#_!=1); ++ confess(err("ARGNUM")) if ($#_<1||$#_>2); + VRX(0xe70e,@_); + } + +@@ -570,7 +570,7 @@ sub vsteg { + } + + sub vstm { +- confess(err("ARGNUM")) if ($#_!=2); ++ confess(err("ARGNUM")) if ($#_<2||$#_>3); + VRSa(0xe73e,@_); + } + +-- +2.25.1 +
  45. Download patch debian/patches/series

    --- 1.1.1f-1/debian/patches/series 2020-03-31 21:49:47.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/patches/series 2020-06-25 13:17:55.000000000 +0000 @@ -1,6 +1,43 @@ +# x86_64 cet hwe +pr12272.patch +# s390x hwe +0001-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch +0002-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch +0003-s390x-assembly-pack-perlasm-support.patch +0004-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch +0005-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch +0006-s390x-assembly-pack-fix-formal-interface-bug-in-chac.patch +0007-s390x-assembly-pack-import-chacha-from-cryptogams-re.patch +0008-s390x-assembly-pack-import-poly-from-cryptogams-repo.patch +0009-s390x-assembly-pack-allow-alignment-hints-for-vector.patch +0010-s390x-assembly-pack-update-perlasm-module.patch +0011-s390x-assembly-pack-remove-chacha20-dependency-on-no.patch +0012-s390x-assembly-pack-remove-poly1305-dependency-on-no.patch +0013-fix-strict-warnings-build.patch +0014-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch +0015-Place-return-values-after-examples-in-doc.patch +0016-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch +0017-s390xcpuid.pl-fix-comment.patch +0018-s390x-assembly-pack-accelerate-scalar-multiplication.patch +0019-Enable-curve-spefific-ECDSA-implementations-via-EC_M.patch +0020-s390x-assembly-pack-accelerate-ECDSA.patch +0021-OPENSSL_s390xcap.pod-list-msa9-facility-bit-155.patch +0022-s390x-assembly-pack-fix-msa3-stfle-bit-detection.patch +0023-s390x-assembly-pack-fix-OPENSSL_s390xcap-z15-cpu-mas.patch +0024-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-a.patch +0025-Add-self-generated-test-vector-for-x448-non-canonica.patch +# Debian patches debian-targets.patch man-section.patch no-symbolic.patch pic.patch c_rehash-compat.patch -Set-systemwide-default-settings-for-libssl-users.patch +# Remove Set-systemwide-default-settings-for-libssl-users.patch, this is done differently + +# Ubuntu patches +tests-use-seclevel-1.patch +tls1.2-min-seclevel2.patch +CVE-2020-1967-1.patch +CVE-2020-1967-2.patch +CVE-2020-1967-3.patch +CVE-2020-1967-4.patch
  46. Download patch debian/patches/CVE-2020-1967-3.patch

    --- 1.1.1f-1/debian/patches/CVE-2020-1967-3.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/patches/CVE-2020-1967-3.patch 2020-04-20 11:53:44.000000000 +0000 @@ -0,0 +1,24 @@ +From f420c25bb7d0c198b4b080fce203f6d707e9c86c Mon Sep 17 00:00:00 2001 +From: Benjamin Kaduk <kaduk@mit.edu> +Date: Tue, 14 Apr 2020 08:58:20 -0700 +Subject: [PATCH] fixup! Add test for CVE-2020-1967 + +--- + test/recipes/70-test_sslsigalgs.t | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/test/recipes/70-test_sslsigalgs.t b/test/recipes/70-test_sslsigalgs.t +index 1a6390a3e9..e3bc7b5534 100644 +--- a/test/recipes/70-test_sslsigalgs.t ++++ b/test/recipes/70-test_sslsigalgs.t +@@ -45,8 +45,8 @@ use constant { + SIGALGS_CERT_ALL => 7, + SIGALGS_CERT_PKCS => 8, + SIGALGS_CERT_INVALID => 9, +- UNRECOGNIZED_SIGALGS_CERT => 4, +- UNRECOGNIZED_SIGALG => 5 ++ UNRECOGNIZED_SIGALGS_CERT => 10, ++ UNRECOGNIZED_SIGALG => 11 + }; + + #Note: Throughout this test we override the default ciphersuites where TLSv1.2
  47. Download patch debian/patches/0002-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
  48. Download patch debian/patches/Set-systemwide-default-settings-for-libssl-users.patch

    --- 1.1.1f-1/debian/patches/Set-systemwide-default-settings-for-libssl-users.patch 2020-03-31 21:49:47.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/patches/Set-systemwide-default-settings-for-libssl-users.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,42 +0,0 @@ -From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> -Date: Tue, 20 Mar 2018 22:07:30 +0100 -Subject: Set systemwide default settings for libssl users - -This config change enforeces a TLS1.2 protocol version as minimum. It -can be overwritten by the system administrator. - -It also changes the default security level from 1 to 2, moving from the 80 bit -security level to the 112 bit security level. - -Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> ---- - apps/openssl.cnf | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/apps/openssl.cnf b/apps/openssl.cnf -index 4acca4b0446f..a6fed92a2e75 100644 ---- a/apps/openssl.cnf -+++ b/apps/openssl.cnf -@@ -15,6 +15,9 @@ HOME = . - #oid_file = $ENV::HOME/.oid - oid_section = new_oids - -+# System default -+openssl_conf = default_conf -+ - # To use this configuration file with the "-extfile" option of the - # "openssl x509" utility, name here the section containing the - # X.509v3 extensions to use: -@@ -348,3 +351,12 @@ ess_cert_id_chain = no # Must the ESS cert id chain be included? - # (optional, default: no) - ess_cert_id_alg = sha1 # algorithm to compute certificate - # identifier (optional, default: sha1) -+[default_conf] -+ssl_conf = ssl_sect -+ -+[ssl_sect] -+system_default = system_default_sect -+ -+[system_default_sect] -+MinProtocol = TLSv1.2 -+CipherString = DEFAULT@SECLEVEL=2
  49. Download patch debian/po/ta.po

    --- 1.1.1f-1/debian/po/ta.po 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/ta.po 2019-06-20 16:58:44.000000000 +0000 @@ -0,0 +1,95 @@ +# translation of glibc.po to TAMIL +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Dr.T.Vasudevan <agnihot3@gmail.com>, 2007. +msgid "" +msgstr "" +"Project-Id-Version: glibc\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2019-06-20 17:58+0100\n" +"PO-Revision-Date: 2007-04-24 19:42+0530\n" +"Last-Translator: Dr.T.Vasudevan <agnihot3@gmail.com>\n" +"Language-Team: TAMIL <ubuntu-l10n-tam@lists.ubuntu.com>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" + +#. Type: error +#. Description +#: ../libssl1.1.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl1.1.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" + +#. Type: error +#. Description +#: ../libssl1.1.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr ""
  50. Download patch debian/patches/CVE-2020-1967-4.patch

    --- 1.1.1f-1/debian/patches/CVE-2020-1967-4.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/patches/CVE-2020-1967-4.patch 2020-04-20 11:53:47.000000000 +0000 @@ -0,0 +1,22 @@ +From c3a639fb591815604c512b34b83f0c285bdb6aa3 Mon Sep 17 00:00:00 2001 +From: Benjamin Kaduk <kaduk@mit.edu> +Date: Wed, 15 Apr 2020 14:44:42 -0700 +Subject: [PATCH] fixup! Add test for CVE-2020-1967 + +--- + test/recipes/70-test_sslsigalgs.t | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/recipes/70-test_sslsigalgs.t b/test/recipes/70-test_sslsigalgs.t +index e3bc7b5534..9ea9d05219 100644 +--- a/test/recipes/70-test_sslsigalgs.t ++++ b/test/recipes/70-test_sslsigalgs.t +@@ -482,7 +482,7 @@ sub inject_unrecognized_sigalg + + my $ext = pack "C8", + 0x00, 0x06, #Extension length +- 0x18, 0x18, #unallocated ++ 0xfe, 0x18, #private use + 0x04, 0x01, #rsa_pkcs1_sha256 + 0x08, 0x04; #rsa_pss_rsae_sha256; + my $message = ${$proxy->message_list}[0];
  51. Download patch debian/patches/0019-Enable-curve-spefific-ECDSA-implementations-via-EC_M.patch
  52. Download patch debian/po/hu.po

    --- 1.1.1f-1/debian/po/hu.po 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/hu.po 2019-06-20 16:58:44.000000000 +0000 @@ -0,0 +1,101 @@ +# SZERVÁC Attila <sas@321.hu>, +# Dr. Nagy Elemér Károly <eknagy@omikk.bme.hu>, 2013. +# +msgid "" +msgstr "" +"Project-Id-Version: glibc\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2019-06-20 17:58+0100\n" +"PO-Revision-Date: 2013-05-14 18:47+0200\n" +"Last-Translator: Dr. Nagy Elemér Károly <eknagy@omikk.bme.hu>\n" +"Language-Team: Hungarian <debian-l10n-hungarian@lists.d.o>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: UTF-8\n" +"Plural-Forms: ???\n" +"X-Poedit-Language: Hungarian\n" +"X-Poedit-Country: HUNGARY\n" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" + +#. Type: error +#. Description +#: ../libssl1.1.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl1.1.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" + +#. Type: error +#. Description +#: ../libssl1.1.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "A csomag frissítésekor kérdés nélkül újraindítsam a szolgáltatásokat?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Ezen a rendszeren olyan szolgáltatások vannak telepítve, amelyeket újra kell " +"indítani, bizonyos könyvtárak (mint a libpam, libc, libssl) frissítésekor. " +"Mivel ezek az újraindítások megszakítják a szolgáltatásokat, alapesetben " +"minden frissítésnél megkérdezi az újraindítandó szolgáltatások listáját a " +"rendszer. Dönthetsz úgy, hogy ne kérdezzen - ilyenkor minden szükséges " +"szolgáltatás-újraindítást elvégez a rendszer és nem kérdezget."
  53. Download patch debian/patches/0022-s390x-assembly-pack-fix-msa3-stfle-bit-detection.patch

    --- 1.1.1f-1/debian/patches/0022-s390x-assembly-pack-fix-msa3-stfle-bit-detection.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/patches/0022-s390x-assembly-pack-fix-msa3-stfle-bit-detection.patch 2020-04-03 17:29:24.000000000 +0000 @@ -0,0 +1,32 @@ +From 4b05becebc482b862c894ddec444c4441cc15414 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer <patrick.steuer@de.ibm.com> +Date: Tue, 24 Sep 2019 23:03:19 +0200 +Subject: [PATCH 22/25] s390x assembly pack: fix msa3 stfle bit detection + +Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> + +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10004) + +(cherry picked from commit b3681e2641999be6c1f70e66497fe384d683a07e) +Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> +--- + crypto/s390xcpuid.pl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/s390xcpuid.pl b/crypto/s390xcpuid.pl +index 2408ca52b0..6cc3fbc3fd 100755 +--- a/crypto/s390xcpuid.pl ++++ b/crypto/s390xcpuid.pl +@@ -107,7 +107,7 @@ OPENSSL_s390x_functions: + la %r1,S390X_KMAC(%r4) + .long 0xb91e0042 # kmac %r4,%r2 + +- tmhh %r3,0x0003 # check for message-security-assist-3 ++ tmhh %r3,0x0008 # check for message-security-assist-3 + jz .Lret + + lghi %r0,S390X_QUERY # query pcc capability vector +-- +2.25.1 +
  54. Download patch debian/patches/0017-s390xcpuid.pl-fix-comment.patch

    --- 1.1.1f-1/debian/patches/0017-s390xcpuid.pl-fix-comment.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/patches/0017-s390xcpuid.pl-fix-comment.patch 2020-04-03 17:29:24.000000000 +0000 @@ -0,0 +1,43 @@ +From c284114f14a5a0413399ce2f4a2e2932b6d07846 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer <patrick.steuer@de.ibm.com> +Date: Wed, 3 Jul 2019 18:02:11 +0200 +Subject: [PATCH 17/25] s390xcpuid.pl: fix comment + +Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> + +Reviewed-by: Richard Levitte <levitte@openssl.org> +Reviewed-by: Shane Lontis <shane.lontis@oracle.com> +(Merged from https://github.com/openssl/openssl/pull/9348) + +Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> +--- + crypto/s390xcpuid.pl | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/crypto/s390xcpuid.pl b/crypto/s390xcpuid.pl +index 344f4f67de..2408ca52b0 100755 +--- a/crypto/s390xcpuid.pl ++++ b/crypto/s390xcpuid.pl +@@ -443,7 +443,7 @@ ___ + } + + ################ +-# void s390x_pcc(unsigned int fc, void *param) ++# int s390x_pcc(unsigned int fc, void *param) + { + my ($fc,$param) = map("%r$_",(2..3)); + $code.=<<___; +@@ -468,8 +468,8 @@ ___ + } + + ################ +-# void s390x_kdsa(unsigned int fc, void *param, +-# const unsigned char *in, size_t len) ++# int s390x_kdsa(unsigned int fc, void *param, ++# const unsigned char *in, size_t len) + { + my ($fc,$param,$in,$len) = map("%r$_",(2..5)); + $code.=<<___; +-- +2.25.1 +
  55. Download patch debian/po/el.po

    --- 1.1.1f-1/debian/po/el.po 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/el.po 2019-06-20 16:58:44.000000000 +0000 @@ -0,0 +1,115 @@ +# translation of el.po to Greek +# translation of templates.po to Greek +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# Konstantinos Margaritis <markos@debian.org>, 2004. +# Vangelis Skarmoutsos <skarmoutsosv@gmail.com>, 2017. +# +msgid "" +msgstr "" +"Project-Id-Version: el\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2019-06-20 17:58+0100\n" +"PO-Revision-Date: 2017-07-06 21:00+0300\n" +"Last-Translator: Vangelis Skarmoutsos <skarmoutsosv@gmail.com>\n" +"Language-Team: Greek <debian-l10n-greek@lists.debian.org>\n" +"Language: el\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 2.0.2\n" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" + +#. Type: error +#. Description +#: ../libssl1.1.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl1.1.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" + +#. Type: error +#. Description +#: ../libssl1.1.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" +"Επανεκκίνηση υπηρεσιών, κατά την διάρκεια αναβάθμισης πακέτων, χωρίς να " +"γίνει ερώτηση;" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Αυτές είναι εγκατεστημένες υπηρεσίες στο σύστημα σας, που χρειάζεται να " +"επανεκκινηθούν, όταν αναβαθμίζονται συγκεκριμένες βιβλιοθήκες, όπως οι " +"libpam, libc και libssl. Καθώς αυτές οι επανεκκινήσεις μπορούν να " +"προκαλέσουν διακοπές των υπηρεσιών του συστήματος, φυσιολογικά θα ερωτηθείτε " +"σε κάθε αναβάθμιση για την λίστα των υπηρεσιών που επιθυμείτε να " +"επανεκκινήσετε. Μπορείτε να διαλέξετε αυτή την επιλογή για να αποφύγετε να " +"ερωτηθείτε και έτσι όλες οι απαραίτητες επανεκκινήσεις θα γίνουν αυτόματα " +"ώστε να αποφύγετε τις ερωτήσεις για κάθε αναβάθμιση βιβλιοθήκης."
  56. Download patch debian/po/gl.po

    --- 1.1.1f-1/debian/po/gl.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/gl.po 2020-04-01 15:57:22.000000000 +0000 @@ -87,3 +87,22 @@ msgid "" msgstr "" "Ha ter que reinicialos manualmente executando \"/etc/init.d/<servizo> start" "\"." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr ""
  57. Download patch debian/po/ru.po

    --- 1.1.1f-1/debian/po/ru.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/ru.po 2020-04-01 15:57:22.000000000 +0000 @@ -92,3 +92,28 @@ msgid "" msgstr "" "Вам нужно будет перезапустить их вручную с помощью команд '/etc/init.d/" "<служба> start'." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "Перезапускать службы при обновлении пакета без подтверждения?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"В системе установлены службы, которые требуют перезапуска после обновления " +"определённых библиотек (например, libpam, libc и libssl). Так как это может " +"вызвать перерыв в работе службы, то обычно при каждом обновлении " +"запрашивается подтверждение списка служб, которые нужно перезапустить. Чтобы " +"этот вопрос не задавался, вы можете ответить утвердительно; в этом случае " +"все необходимые службы будут перезапущены автоматически."
  58. Download patch debian/po/pt_BR.po

    --- 1.1.1f-1/debian/po/pt_BR.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/pt_BR.po 2020-04-01 15:57:22.000000000 +0000 @@ -102,3 +102,30 @@ msgid "" msgstr "" "Você terá que iniciá-los manualmente executando '/etc/init.d/<serviço> " "start'." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "Reiniciar serviços durante a atualização de pacotes sem perguntar?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Existem serviços instalados no seu sistema que precisam ser reiniciados " +"quando determinadas bibliotecas, tais como libpam, libc e libssl são " +"atualizadas. Uma vez que essas reinicializações podem causar interrupções de " +"serviços para o sistema, normalmente você terá que responder a cada " +"atualização qual será a lista de serviços que quiser reiniciar. Você pode " +"escolher esta opção para evitar novas solicitações; ao invés disso, todas as " +"reinicializações necessárias serão realizadas automaticamente, para evitar " +"que você responda a cada atualização de biblioteca."
  59. Download patch debian/po/ml.po

    --- 1.1.1f-1/debian/po/ml.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/ml.po 2020-04-01 15:57:22.000000000 +0000 @@ -85,3 +85,22 @@ msgid "" "You will need to start these manually by running '/etc/init.d/<service> " "start'." msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr ""
  60. Download patch debian/patches/0006-s390x-assembly-pack-fix-formal-interface-bug-in-chac.patch

    --- 1.1.1f-1/debian/patches/0006-s390x-assembly-pack-fix-formal-interface-bug-in-chac.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/patches/0006-s390x-assembly-pack-fix-formal-interface-bug-in-chac.patch 2020-04-03 17:29:24.000000000 +0000 @@ -0,0 +1,33 @@ +From b857d3affccf870501f7b9de34f837a1a2575046 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer <patrick.steuer@de.ibm.com> +Date: Fri, 15 Feb 2019 22:59:09 +0100 +Subject: [PATCH 06/25] s390x assembly pack: fix formal interface bug in chacha + module + +Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> + +Reviewed-by: Tim Hudson <tjh@openssl.org> +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/8257) + +(cherry picked from commit b2b580fe445e064da50c13d3e00f71022da16ece) +--- + crypto/chacha/asm/chacha-s390x.pl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/chacha/asm/chacha-s390x.pl b/crypto/chacha/asm/chacha-s390x.pl +index 895765e1c4..2843bb1eb6 100755 +--- a/crypto/chacha/asm/chacha-s390x.pl ++++ b/crypto/chacha/asm/chacha-s390x.pl +@@ -225,7 +225,7 @@ LABEL ("ChaCha20_ctr32"); + larl ("%r1","OPENSSL_s390xcap_P"); + + lghi ("%r0",64); +-&{$z? \&cgr:\&cr} ($len,"%r0"); ++&{$z? \&clgr:\&clr} ($len,"%r0"); + jle ("_s390x_chacha_novx"); + + lg ("%r0","S390X_STFLE+16(%r1)"); +-- +2.25.1 +
  61. Download patch debian/patches/CVE-2020-1967-1.patch

    --- 1.1.1f-1/debian/patches/CVE-2020-1967-1.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/patches/CVE-2020-1967-1.patch 2020-04-20 11:53:36.000000000 +0000 @@ -0,0 +1,113 @@ +From 540e4c35c534a5a12688beb707fee9e16a6a34fa Mon Sep 17 00:00:00 2001 +From: Benjamin Kaduk <kaduk@mit.edu> +Date: Fri, 10 Apr 2020 12:27:28 -0700 +Subject: [PATCH] Add test for CVE-2020-1967 + +Add to test_sslsigalgs a TLSProxy test that injects a +"signature_algorithms_cert" extension that contains an unallocated +codepoint. + +The test currently fails, since s_server segfaults instead of +ignoring the unrecognized value. + +Since "signature_algorithms" and "signature_algorithms_cert" are very +similar, also add the analogous test for "signature_algorithms". +--- + test/recipes/70-test_sslsigalgs.t | 66 ++++++++++++++++++++++++++++++- + 1 file changed, 64 insertions(+), 2 deletions(-) + +diff --git a/test/recipes/70-test_sslsigalgs.t b/test/recipes/70-test_sslsigalgs.t +index b3339ff59f..1a6390a3e9 100644 +--- a/test/recipes/70-test_sslsigalgs.t ++++ b/test/recipes/70-test_sslsigalgs.t +@@ -44,7 +44,9 @@ use constant { + COMPAT_SIGALGS => 6, + SIGALGS_CERT_ALL => 7, + SIGALGS_CERT_PKCS => 8, +- SIGALGS_CERT_INVALID => 9 ++ SIGALGS_CERT_INVALID => 9, ++ UNRECOGNIZED_SIGALGS_CERT => 4, ++ UNRECOGNIZED_SIGALG => 5 + }; + + #Note: Throughout this test we override the default ciphersuites where TLSv1.2 +@@ -53,7 +55,7 @@ use constant { + + #Test 1: Default sig algs should succeed + $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +-plan tests => 24; ++plan tests => 26; + ok(TLSProxy::Message->success, "Default sigalgs"); + my $testtype; + +@@ -282,6 +284,39 @@ SKIP: { + ok(TLSProxy::Message->fail, "No matching certificate for sigalgs_cert"); + } + ++SKIP: { ++ skip "TLS 1.3 disabled", 2 if disabled("tls1_3"); ++ #Test 25: Send an unrecognized signature_algorithms_cert ++ # We should be able to skip over the unrecognized value and use a ++ # valid one that appears later in the list. ++ $proxy->clear(); ++ $proxy->filter(\&inject_unrecognized_sigalg); ++ $proxy->clientflags("-tls1_3"); ++ # Use -xcert to get SSL_check_chain() to run in the cert_cb. This is ++ # needed to trigger (e.g.) CVE-2020-1967 ++ $proxy->serverflags("" . ++ " -xcert " . srctop_file("test", "certs", "servercert.pem") . ++ " -xkey " . srctop_file("test", "certs", "serverkey.pem") . ++ " -xchain " . srctop_file("test", "certs", "rootcert.pem")); ++ $testtype = UNRECOGNIZED_SIGALGS_CERT; ++ $proxy->start(); ++ ok(TLSProxy::Message->success(), "Unrecognized sigalg_cert in ClientHello"); ++ ++ #Test 26: Send an unrecognized signature_algorithms ++ # We should be able to skip over the unrecognized value and use a ++ # valid one that appears later in the list. ++ $proxy->clear(); ++ $proxy->filter(\&inject_unrecognized_sigalg); ++ $proxy->clientflags("-tls1_3"); ++ $proxy->serverflags("" . ++ " -xcert " . srctop_file("test", "certs", "servercert.pem") . ++ " -xkey " . srctop_file("test", "certs", "serverkey.pem") . ++ " -xchain " . srctop_file("test", "certs", "rootcert.pem")); ++ $testtype = UNRECOGNIZED_SIGALG; ++ $proxy->start(); ++ ok(TLSProxy::Message->success(), "Unrecognized sigalg in ClientHello"); ++} ++ + + + sub sigalgs_filter +@@ -427,3 +462,30 @@ sub modify_cert_verify_sigalg + } + } + } ++ ++sub inject_unrecognized_sigalg ++{ ++ my $proxy = shift; ++ my $type; ++ ++ # We're only interested in the initial ClientHello ++ if ($proxy->flight != 0) { ++ return; ++ } ++ if ($testtype == UNRECOGNIZED_SIGALGS_CERT) { ++ $type = TLSProxy::Message::EXT_SIG_ALGS_CERT; ++ } elsif ($testtype == UNRECOGNIZED_SIGALG) { ++ $type = TLSProxy::Message::EXT_SIG_ALGS; ++ } else { ++ return; ++ } ++ ++ my $ext = pack "C8", ++ 0x00, 0x06, #Extension length ++ 0x18, 0x18, #unallocated ++ 0x04, 0x01, #rsa_pkcs1_sha256 ++ 0x08, 0x04; #rsa_pss_rsae_sha256; ++ my $message = ${$proxy->message_list}[0]; ++ $message->set_extension($type, $ext); ++ $message->repack; ++}
  62. Download patch debian/patches/0008-s390x-assembly-pack-import-poly-from-cryptogams-repo.patch
  63. Download patch debian/po/fr.po

    --- 1.1.1f-1/debian/po/fr.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/fr.po 2020-04-01 15:57:22.000000000 +0000 @@ -96,5 +96,33 @@ msgstr "" "Vous devrez les redémarrer vous-même avec la commande « /etc/init.d/" "<service> start »." +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" +"Redémarrer inconditionnellement les services lors des mises à niveau de " +"paquets ?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Certains services installés sur le système doivent être redémarrés lorsque " +"certaines bibliothèques, comme libpam, libc ou libssl, sont mises à niveau. " +"Comme ces redémarrages peuvent conduire à une interruption du service, le " +"choix de les redémarrer ou non est en général offert lors de ces mises à " +"niveau. Vous pouvez choisir ici que ce choix ne soit plus offert et que les " +"redémarrages aient lieu systématiquement lors des mises à niveau de " +"bibliothèques." + #~ msgid "${services}" #~ msgstr "${services}"
  64. Download patch debian/patches/CVE-2020-1967-2.patch

    --- 1.1.1f-1/debian/patches/CVE-2020-1967-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/patches/CVE-2020-1967-2.patch 2020-04-20 11:53:40.000000000 +0000 @@ -0,0 +1,43 @@ +From fda4b40dacd47859c0760b62572af761e8e5ed74 Mon Sep 17 00:00:00 2001 +From: Benjamin Kaduk <kaduk@mit.edu> +Date: Fri, 10 Apr 2020 12:27:28 -0700 +Subject: [PATCH] Fix NULL dereference in SSL_check_chain() for TLS 1.3 + +In the tls1_check_sig_alg() helper function, we loop through the list of +"signature_algorithms_cert" values received from the client and attempt +to look up each one in turn in our internal table that maps wire +codepoint to string-form name, digest and/or signature NID, etc., in +order to compare the signature scheme from the peer's list against what +is used to sign the certificates in the certificate chain we're +checking. Unfortunately, when the peer sends a value that we don't +support, the lookup returns NULL, but we unconditionally dereference the +lookup result for the comparison, leading to an application crash +triggerable by an unauthenticated client. + +Since we will not be able to say anything about algorithms we don't +recognize, treat NULL return from lookup as "does not match". + +We currently only apply the "signature_algorithm_cert" checks on TLS 1.3 +connections, so previous TLS versions are unaffected. SSL_check_chain() +is not called directly from libssl, but may be used by the application +inside a callback (e.g., client_hello or cert callback) to verify that a +candidate certificate chain will be acceptable to the client. + +CVE-2020-1967 +--- + ssl/t1_lib.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index a254fd5a05..76b4baa388 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -2130,7 +2130,7 @@ static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid) + sigalg = use_pc_sigalgs + ? tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]) + : s->shared_sigalgs[i]; +- if (sig_nid == sigalg->sigandhash) ++ if (sigalg != NULL && sig_nid == sigalg->sigandhash) + return 1; + } + return 0;
  65. Download patch debian/po/sv.po

    --- 1.1.1f-1/debian/po/sv.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/sv.po 2020-04-01 15:57:22.000000000 +0000 @@ -97,3 +97,30 @@ msgid "" msgstr "" "Du mste starta om dessa tjnster manuellt genom att kra '/etc/init.d/" "<service> start'" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" +"Ska tjänster startas om vid paketuppgraderingar utan att först fråga?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Det finns tjänster installerade på systemet som behöver startas om när " +"vissa bibliotek, exempelvis libpam, libc och libssl, uppgraderas. Eftersom " +"dessa omstarter kan orsaka avbrott i tjänsten ställs normalt en fråga vid " +"varje uppgradering där en lista med tjänster som ska startas om " +"presenteras. Du kan välja att aktivera detta alternativ för att undvika " +"att frågan ställs. Istället kommer alla nödvändiga omstarter att göras " +"automatiskt."
  66. Download patch debian/patches/tls1.2-min-seclevel2.patch

    --- 1.1.1f-1/debian/patches/tls1.2-min-seclevel2.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/patches/tls1.2-min-seclevel2.patch 2020-01-08 17:17:41.000000000 +0000 @@ -0,0 +1,75 @@ +Description: TLS versions below 1.2 are not permitted as security level 2. + +Index: openssl-1.1.1d/ssl/ssl_cert.c +=================================================================== +--- openssl-1.1.1d.orig/ssl/ssl_cert.c ++++ openssl-1.1.1d/ssl/ssl_cert.c +@@ -956,18 +956,12 @@ static int ssl_security_default_callback + } + case SSL_SECOP_VERSION: + if (!SSL_IS_DTLS(s)) { +- /* SSLv3 not allowed at level 2 */ +- if (nid <= SSL3_VERSION && level >= 2) +- return 0; +- /* TLS v1.1 and above only for level 3 */ +- if (nid <= TLS1_VERSION && level >= 3) +- return 0; +- /* TLS v1.2 only for level 4 and above */ +- if (nid <= TLS1_1_VERSION && level >= 4) ++ /* TLS v1.2 only for level 2 and above */ ++ if (nid <= TLS1_1_VERSION && level >= 2) + return 0; + } else { +- /* DTLS v1.2 only for level 4 and above */ +- if (DTLS_VERSION_LT(nid, DTLS1_2_VERSION) && level >= 4) ++ /* DTLS v1.2 only for level 2 and above */ ++ if (DTLS_VERSION_LT(nid, DTLS1_2_VERSION) && level >= 2) + return 0; + } + break; +Index: openssl-1.1.1d/doc/man3/SSL_CTX_set_security_level.pod +=================================================================== +--- openssl-1.1.1d.orig/doc/man3/SSL_CTX_set_security_level.pod ++++ openssl-1.1.1d/doc/man3/SSL_CTX_set_security_level.pod +@@ -84,22 +84,20 @@ using MD5 for the MAC is also prohibited + Security level set to 112 bits of security. As a result RSA, DSA and DH keys + shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. + In addition to the level 1 exclusions any cipher suite using RC4 is also +-prohibited. SSL version 3 is also not allowed. Compression is disabled. ++prohibited. On Ubuntu, TLS versions below 1.2 are not permitted. Compression is disabled. + + =item B<Level 3> + + Security level set to 128 bits of security. As a result RSA, DSA and DH keys + shorter than 3072 bits and ECC keys shorter than 256 bits are prohibited. + In addition to the level 2 exclusions cipher suites not offering forward +-secrecy are prohibited. TLS versions below 1.1 are not permitted. Session +-tickets are disabled. ++secrecy are prohibited. Session tickets are disabled. + + =item B<Level 4> + + Security level set to 192 bits of security. As a result RSA, DSA and + DH keys shorter than 7680 bits and ECC keys shorter than 384 bits are +-prohibited. Cipher suites using SHA1 for the MAC are prohibited. TLS +-versions below 1.2 are not permitted. ++prohibited. Cipher suites using SHA1 for the MAC are prohibited. + + =item B<Level 5> + +@@ -114,14 +112,8 @@ I<Documentation to be provided.> + + =head1 NOTES + +-B<WARNING> at this time setting the security level higher than 1 for +-general internet use is likely to cause B<considerable> interoperability +-issues and is not recommended. This is because the B<SHA1> algorithm +-is very widely used in certificates and will be rejected at levels +-higher than 1 because it only offers 80 bits of security. +- + The default security level can be configured when OpenSSL is compiled by +-setting B<-DOPENSSL_TLS_SECURITY_LEVEL=level>. If not set then 1 is used. ++setting B<-DOPENSSL_TLS_SECURITY_LEVEL=level>. On Ubuntu, 2 is used. + + The security framework disables or reject parameters inconsistent with the + set security level. In the past this was difficult as applications had to set
  67. Download patch debian/README.debian

    --- 1.1.1f-1/debian/README.debian 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/README.debian 2020-04-01 15:57:10.000000000 +0000 @@ -11,14 +11,6 @@ Instead of `<application>` please call n eg: instead of `req` please call `openssl req` -TLS protovol version and RSA key size -------------------------------------- -The default system global policy is to support TLSv1.2+ and security level two. -Please see - https://www.openssl.org/docs/man1.1.1/man5/config.html - https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html#DEFAULT-CALLBACK-BEHAVIOUR -for configurations details of `MinProtocol' and `CipherString' in -/etc/ssl/openssl.cnf case you really require to support legacy systems. PATENT ISSUES -------------
  68. Download patch debian/po/cs.po

    --- 1.1.1f-1/debian/po/cs.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/cs.po 2020-04-01 15:57:22.000000000 +0000 @@ -92,3 +92,28 @@ msgid "" "You will need to start these manually by running '/etc/init.d/<service> " "start'." msgstr "Budete je muset spustit ručně příkazem „/etc/init.d/<služba> start“." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "Restartovat služby při aktualizaci balíku bez ptaní?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"V systému jsou nainstalovány služby, které je nutno při aktualizaci určitých " +"knihoven (libpam, libc nebo libssl) restartovat. Během restartu služeb jsou " +"tyto po nějakou dobu nedostupné. Abychom předešli nechtěné nedostupnosti, je " +"při každé aktualizaci nabídnut seznam služeb, které se mají restartovat. " +"Povolíte-li tuto možnost, budou se všechny potřebné služby restartovat při " +"aktualizaci knihoven automaticky bez ptaní."
  69. Download patch debian/patches/0018-s390x-assembly-pack-accelerate-scalar-multiplication.patch
  70. Download patch debian/po/tr.po

    --- 1.1.1f-1/debian/po/tr.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/tr.po 2020-04-01 15:57:22.000000000 +0000 @@ -25,20 +25,40 @@ msgstr "Yeni kitaplıkları kullanmalar #. Type: string #. Description #: ../libssl1.0.0.templates:1001 -msgid "This release of OpenSSL fixes some security issues. Services will not use these fixes until they are restarted. Please note that restarting the SSH server (sshd) should not affect any existing connections." -msgstr "OpenSSL paketinin bu sürümü bazı güvenlik sorunlarını düzeltmiştir. Hizmetler yeniden başlatılmadıkça bu düzeltmeleri kullanamayacaklar. SSH sunucusunun (sshd) yeniden başlatılması kurulu bağlantıları etkilemeyecektir." +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"OpenSSL paketinin bu sürümü bazı güvenlik sorunlarını düzeltmiştir. " +"Hizmetler yeniden başlatılmadıkça bu düzeltmeleri kullanamayacaklar. SSH " +"sunucusunun (sshd) yeniden başlatılması kurulu bağlantıları etkilemeyecektir." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 -msgid "Please check the list of detected services that need to be restarted and correct it, if needed. The services names must be identical to the initialization script names in /etc/init.d and separated by spaces. No services will be restarted if the list is empty." -msgstr "Yeniden başlatılması gerektiği algılanan hizmetleri gözden geçiriniz ve gerekirse düzeltiniz. Hizmetlerin adları boşluklarla ayrılmalı ve /etc/init.d dizinindeki başlatma betikleri ile özdeş olmalıdır. Bu liste boş ise hiçbir hizmetin yeniden başlatılmasına gerek yoktur." +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"Yeniden başlatılması gerektiği algılanan hizmetleri gözden geçiriniz ve " +"gerekirse düzeltiniz. Hizmetlerin adları boşluklarla ayrılmalı ve /etc/init." +"d dizinindeki başlatma betikleri ile özdeş olmalıdır. Bu liste boş ise " +"hiçbir hizmetin yeniden başlatılmasına gerek yoktur." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 -msgid "Any service that later fails unexpectedly after this upgrade should be restarted. It is recommended to reboot this host to avoid any SSL-related trouble." -msgstr "Bu yükseltmeden sonra beklenmedik bir şekilde duran herhangi bir hizmet yeniden başlatılmalıdır. SSL ile bağlantılı bir sorun yaşamamak için en doğrusu bu sunucunun yeniden başlatılmasıdır." +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"Bu yükseltmeden sonra beklenmedik bir şekilde duran herhangi bir hizmet " +"yeniden başlatılmalıdır. SSL ile bağlantılı bir sorun yaşamamak için en " +"doğrusu bu sunucunun yeniden başlatılmasıdır." #. Type: error #. Description @@ -51,12 +71,48 @@ msgstr "OpenSSL yükseltmesi sırasında #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 -msgid "The following services could not be restarted for the OpenSSL library upgrade:" -msgstr "Aşağıdaki hizmetler OpenSSL kitaplıkları yükseltilirken yeniden başlatılamadı:" +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" +"Aşağıdaki hizmetler OpenSSL kitaplıkları yükseltilirken yeniden " +"başlatılamadı:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 -msgid "You will need to start these manually by running '/etc/init.d/<service> start'." -msgstr " '/etc/init.d/<hizmet> start' komutunu çalıştırarak bu hizmetleri elle başlatmalısınız." - +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" +" '/etc/init.d/<hizmet> start' komutunu çalıştırarak bu hizmetleri elle " +"başlatmalısınız." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" +"Hizmetler paket yükseltme işlemi esnasında size sorulmadan yeniden " +"başlatılsın mı?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Sisteminizde libpam, libc ve libssl gibi bazı kitaplıklar yükseltildiğinde " +"yeniden başlatılması gereken bazı hizmetler kurulu. Yeniden başlatma " +"işlemleri sisteminizin sunduğu hizmetlerde kesintilere neden olabileceğinden " +"dolayı her yükseltme işlemi esnasında yeniden başlatmak istediğiniz " +"hizmetler size sorulacaktır. Eğer bu sorunun sorulmasını istemiyorsanız bu " +"seçeneği kullanabilirsiniz. Bu seçenek seçildiği takdirde bir kitaplık " +"yükseltmesi yapılırken gereken tüm yeniden başlatma işlemleri size " +"sorulmaksızın otomatik olarak yapılacaktır."
  71. Download patch debian/po/es.po

    --- 1.1.1f-1/debian/po/es.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/es.po 2020-04-01 15:57:22.000000000 +0000 @@ -120,5 +120,34 @@ msgstr "" "Tendrá que iniciarlos manualmente ejecutando « /etc/init.d/<servicio> start " "»." +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" +"¿Quiere que los servicios se actualicen durante una actualización de paquete " +"sin solicitar confirmación?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Hay algunos servicios instalados en el sistema que requieren reiniciarse al " +"actualizar paquetes como libpam, libc, y libssl. Ya que reiniciar estos " +"servicios puede provocar una interrupción de servicio del sistema, " +"habitualmente se le solicitará en cada actualización una lista de los " +"servicios que desea reiniciar. Puede seleccionar esta opción para impedir " +"que se le solicite esta información; en su lugar, cada reinicio de servicio " +"se hará de forma automática de forma que evitará que se le planteen " +"preguntas cada vez que se actualice una biblioteca." + #~ msgid "${services}" #~ msgstr "${services}"
  72. Download patch debian/libssl1.1.NEWS

    --- 1.1.1f-1/debian/libssl1.1.NEWS 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/libssl1.1.NEWS 2020-04-01 15:57:10.000000000 +0000 @@ -1,30 +1,38 @@ -openssl (1.1.1-2) unstable; urgency=medium +openssl (1.1.1d-2ubuntu2) focal; urgency=medium - Following various security recommendations, the default minimum TLS version - has been changed from TLSv1 to TLSv1.2. Mozilla, Microsoft, Google and Apple - plan to do same around March 2020. - - The default security level for TLS connections has also be increased from - level 1 to level 2. This moves from the 80 bit security level to the 112 bit - security level and will require 2048 bit or larger RSA and DHE keys, 224 bit - or larger ECC keys, and SHA-2. - - The system wide settings can be changed in /etc/ssl/openssl.cnf. Applications - might also have a way to override the defaults. - - In the default /etc/ssl/openssl.cnf there is a MinProtocol and CipherString - line. The CipherString can also sets the security level. Information about the - security levels can be found in the SSL_CTX_set_security_level(3ssl) manpage. - The list of valid strings for the minimum protocol version can be found in - SSL_CONF_cmd(3ssl). Other information can be found in ciphers(1ssl) and - config(5ssl). + The default security level for TLS connections was increased from + level 1 to level 2. This moves from the 80 bit security level to the + 112 bit security level and will require 2048 bit or larger RSA and + DHE keys, 224 bit or larger ECC keys, SHA-2, TLSv1.2 or DTLSv1.2. + + The system wide settings can be changed in + /etc/ssl/openssl.cnf. Applications might also have a way to override + the defaults. + + In the default /etc/ssl/openssl.cnf one can add sections to specify + CipherString. The CipherString can be used to set the security + level. Information about the security levels can be found in the + SSL_CTX_set_security_level(3ssl) manpage. Other information can be + found in ciphers(1ssl) and config(5ssl). Changing back the defaults in /etc/ssl/openssl.cnf to previous system wide - defaults can be done using: - MinProtocol = None - CipherString = DEFAULT + defaults can be by adding at the top of the file: + + # System default + openssl_conf = default_conf + + and adding at the bottom of the file: + + [default_conf] + ssl_conf = ssl_sect + + [ssl_sect] + system_default = system_default_sect + + [system_default_sect] + CipherString = DEFAULT:@SECLEVEL=1 It's recommended that you contact the remote site in case the defaults cause problems. - -- Kurt Roeckx <kurt@roeckx.be> Sun, 28 Oct 2018 20:58:35 +0100 + -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 08 Jan 2020 17:17:41 +0000 \ No newline at end of file
  73. Download patch debian/po/de.po

    --- 1.1.1f-1/debian/po/de.po 2020-03-31 21:46:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/po/de.po 2020-04-01 15:57:22.000000000 +0000 @@ -90,3 +90,30 @@ msgid "" msgstr "" "Sie werden sie manuell durch Aufruf von »/etc/init.d/<dienst> start« starten " "müssen." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "Dienste bei Paket-Upgrades ohne Rückfrage neu starten?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Auf Ihrem System sind Dienste installiert, die beim Upgrade bestimmter " +"Bibliotheken, wie Libpam, Libc und Libssl, neu gestartet werden müssen. Da " +"diese Neustarts zu Unterbrechungen der Dienste für dieses System führen " +"können, werden Sie normalerweise bei jedem Upgrade über die Liste der neu zu " +"startenden Dienste befragt. Sie können diese Option wählen, um diese Abfrage " +"zu vermeiden; stattdessen werden alle notwendigen Dienste-Neustarts für Sie " +"automatisch vorgenommen und die Beantwortung dieser Fragen bei jedem Upgrade " +"von Bibliotheken vermieden."
  74. Download patch debian/patches/0010-s390x-assembly-pack-update-perlasm-module.patch

    --- 1.1.1f-1/debian/patches/0010-s390x-assembly-pack-update-perlasm-module.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1f-1ubuntu3/debian/patches/0010-s390x-assembly-pack-update-perlasm-module.patch 2020-04-03 17:29:24.000000000 +0000 @@ -0,0 +1,173 @@ +From efac7d142fff9d89ca47a425f9caac4c1ad205e6 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer <patrick.steuer@de.ibm.com> +Date: Mon, 25 Mar 2019 18:20:27 +0100 +Subject: [PATCH 10/25] s390x assembly pack: update perlasm module + +Add non-base instructions which are used by the chacha20 and +poly1305 modules. + +Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> + +Reviewed-by: Paul Dale <paul.dale@oracle.com> +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/8181) + +(cherry picked from commit 3062468b0aa0eaa287e44689157d97774fd5817e) +--- + crypto/perlasm/s390x.pm | 86 ++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 84 insertions(+), 2 deletions(-) + +diff --git a/crypto/perlasm/s390x.pm b/crypto/perlasm/s390x.pm +index c00218a0cc..7fb55c780c 100644 +--- a/crypto/perlasm/s390x.pm ++++ b/crypto/perlasm/s390x.pm +@@ -6,23 +6,37 @@ + # in the file LICENSE in the source distribution or at + # https://www.openssl.org/source/license.html + +-# Copyright IBM Corp. 2018 ++# Copyright IBM Corp. 2018-2019 + # Author: Patrick Steuer <patrick.steuer@de.ibm.com> + + package perlasm::s390x; + + use strict; + use warnings; ++use bigint; + use Carp qw(confess); + use Exporter qw(import); + + our @EXPORT=qw(PERLASM_BEGIN PERLASM_END); + our @EXPORT_OK=qw(AUTOLOAD LABEL INCLUDE stfle); + our %EXPORT_TAGS=( ++ # long-displacement facility ++ LD => [qw(clgfi)], ++ # general-instruction-extension facility ++ GE => [qw(risbg)], ++ # extended-immediate facility ++ EI => [qw(lt)], ++ # miscellaneous-instruction-extensions facility 1 ++ MI1 => [qw(risbgn)], ++ # message-security assist + MSA => [qw(kmac km kmc kimd klmd)], ++ # message-security-assist extension 4 + MSA4 => [qw(kmf kmo pcc kmctr)], ++ # message-security-assist extension 5 + MSA5 => [qw(ppno prno)], ++ # message-security-assist extension 8 + MSA8 => [qw(kma)], ++ # vector facility + VX => [qw(vgef vgeg vgbm vzero vone vgm vgmb vgmh vgmf vgmg + vl vlr vlrep vlrepb vlreph vlrepf vlrepg vleb vleh vlef vleg vleib + vleih vleif vleig vlgv vlgvb vlgvh vlgvf vlgvg vllez vllezb vllezh +@@ -71,6 +85,7 @@ our %EXPORT_TAGS=( + wfmadb vfms vfmsdb wfmsdb vfpso vfpsodb wfpsodb vflcdb wflcdb + vflndb wflndb vflpdb wflpdb vfsq vfsqdb wfsqdb vfs vfsdb wfsdb + vftci vftcidb wftcidb)], ++ # vector-enhancements facility 1 + VXE => [qw(vbperm vllezlf vmsl vmslg vnx vnn voc vpopctb vpopcth + vpopctf vpopctg vfasb wfasb wfaxb wfcsb wfcxb wfksb wfkxb vfcesb + vfcesbs wfcesb wfcesbs wfcexb wfcexbs vfchsb vfchsbs wfchsb wfchsbs +@@ -83,10 +98,11 @@ our %EXPORT_TAGS=( + wfnmsxb vfpsosb wfpsosb vflcsb wflcsb vflnsb wflnsb vflpsb wflpsb + vfpsoxb wfpsoxb vflcxb wflcxb vflnxb wflnxb vflpxb wflpxb vfsqsb + wfsqsb wfsqxb vfssb wfssb wfsxb vftcisb wftcisb wftcixb)], ++ # vector-packed-decimal facility + VXD => [qw(vlrlr vlrl vstrlr vstrl vap vcp vcvb vcvbg vcvd vcvdg vdp + vlip vmp vmsp vpkz vpsop vrp vsdp vsrp vsp vtp vupkz)], + ); +-Exporter::export_ok_tags(qw(MSA MSA4 MSA5 MSA8 VX VXE VXD)); ++Exporter::export_ok_tags(qw(LD GE EI MI1 MSA MSA4 MSA5 MSA8 VX VXE VXD)); + + our $AUTOLOAD; + +@@ -143,6 +159,28 @@ sub stfle { + S(0xb2b0,@_); + } + ++# MISC ++ ++sub clgfi { ++ confess(err("ARGNUM")) if ($#_!=1); ++ RILa(0xc2e,@_); ++} ++ ++sub lt { ++ confess(err("ARGNUM")) if ($#_!=1); ++ RXYa(0xe312,@_); ++} ++ ++sub risbg { ++ confess(err("ARGNUM")) if ($#_<3||$#_>4); ++ RIEf(0xec55,@_); ++} ++ ++sub risbgn { ++ confess(err("ARGNUM")) if ($#_<3||$#_>4); ++ RIEf(0xec59,@_); ++} ++ + # MSA + + sub kmac { +@@ -2486,6 +2524,36 @@ sub vupkz { + # Instruction Formats + # + ++sub RIEf { ++ confess(err("ARGNUM")) if ($#_<4||5<$#_); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$r1,$r2,$i3,$i4,$i5)=(shift,get_R(shift),get_R(shift), ++ get_I(shift,8),get_I(shift,8), ++ get_I(shift,8)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",(($opcode>>8)<<8|$r1<<4|$r2)).","; ++ $out.=sprintf("%#06x",($i3<<8)|$i4).","; ++ $out.=sprintf("%#06x",($i5<<8)|($opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub RILa { ++ confess(err("ARGNUM")) if ($#_!=2); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$r1,$i2)=(shift,get_R(shift),get_I(shift,32)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",(($opcode>>4)<<8|$r1<<4|($opcode&0xf))).","; ++ $out.=sprintf("%#06x",($i2>>16)).","; ++ $out.=sprintf("%#06x",($i2&0xffff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ + sub RRE { + confess(err("ARGNUM")) if ($#_<0||2<$#_); + my $ops=join(',',@_[1..$#_]); +@@ -2510,6 +2578,20 @@ sub RRFb { + $out.="\t# $memn\t$ops\n" + } + ++sub RXYa { ++ confess(err("ARGNUM")) if ($#_!=2); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$r1,$d2,$x2,$b2)=(shift,get_R(shift),get_DXB(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",(($opcode>>8)<<8|$r1<<4|$x2)).","; ++ $out.=sprintf("%#06x",($b2<<12|($d2&0xfff))).","; ++ $out.=sprintf("%#06x",(($d2>>12)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ + sub S { + confess(err("ARGNUM")) if ($#_<0||1<$#_); + my $ops=join(',',@_[1..$#_]); +-- +2.25.1 +
  75. Download patch debian/patches/pr12272.patch
  1. openssl