-
openssl (1.1.1c-1ubuntu4.1) eoan-security; urgency=medium
* SECURITY UPDATE: ECDSA remote timing attack
- debian/patches/CVE-2019-1547.patch: for ECC parameters with NULL or
zero cofactor, compute it in crypto/ec/ec_lib.c.
- CVE-2019-1547
* SECURITY UPDATE: Fork Protection
- debian/patches/CVE-2019-1549.patch: ensure fork-safety without using
a pthread_atfork handler in crypto/include/internal/rand_int.h,
crypto/init.c, crypto/rand/drbg_lib.c, crypto/rand/rand_lcl.h,
crypto/rand/rand_lib.c, crypto/threads_none.c,
crypto/threads_pthread.c, crypto/threads_win.c,
include/internal/cryptlib.h, test/drbgtest.c.
- CVE-2019-1549
* SECURITY UPDATE: rsaz_512_sqr overflow bug on x86_64
- debian/patches/CVE-2019-1551.patch: fix an overflow bug in
rsaz_512_sqr in crypto/bn/asm/rsaz-x86_64.pl.
- CVE-2019-1551
* SECURITY UPDATE: Padding Oracle issue
- debian/patches/CVE-2019-1563.patch: fix a padding oracle in
PKCS7_dataDecode and CMS_decrypt_set1_pkey in crypto/cms/cms_env.c,
crypto/cms/cms_lcl.h, crypto/cms/cms_smime.c,
crypto/pkcs7/pk7_doit.c.
- CVE-2019-1563
-- Marc Deslauriers <email address hidden> Wed, 27 May 2020 15:04:47 -0400
-
openssl (1.1.1c-1ubuntu4) eoan; urgency=medium
* Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20
from master. LP: #1736705 LP: #1736704
-- Dimitri John Ledkov <email address hidden> Tue, 20 Aug 2019 12:46:33 +0100
-
openssl (1.1.1c-1ubuntu3) eoan; urgency=medium
* Import libraries/restart-without-asking as used in postinst, to
prevent failure to configure the package without debconf database. LP:
#1832919
-- Dimitri John Ledkov <email address hidden> Thu, 20 Jun 2019 17:59:55 +0100
-
openssl (1.1.1c-1ubuntu2) eoan; urgency=medium
* Bump major version of OpenSSL in postinst to trigger services restart
upon upgrade. Many services listed there must be restarted when
upgrading 1.1.0 to 1.1.1. LP: #1832522
* Fix path to Xorg for reboot notifications on desktop. LP: #1832421
-- Dimitri John Ledkov <email address hidden> Thu, 13 Jun 2019 15:29:07 +0100
-
openssl (1.1.1c-1ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- Replace duplicate files in the doc directory with symlinks.
- debian/libssl1.1.postinst:
+ Display a system restart required notification on libssl1.1
upgrade on servers.
+ Use a different priority for libssl1.1/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
- Revert "Enable system default config to enforce TLS1.2 as a
minimum" & "Increase default security level from 1 to 2".
- Drop the NEWS entry, not applicable on Ubuntu.
* Cherrypick upstream patch to fix ca -spkac output to be text again
LP: #1828215
openssl (1.1.1c-1) unstable; urgency=medium
* New upstream version
- CVE-2019-1543 (Prevent over long nonces in ChaCha20-Poly1305)
* Update symbol list
-- Dimitri John Ledkov <email address hidden> Mon, 10 Jun 2019 18:11:35 +0100
-
openssl (1.1.1b-2ubuntu1) devel; urgency=medium
* Merge from Debian unstable, remaining changes:
- Replace duplicate files in the doc directory with symlinks.
- debian/libssl1.1.postinst:
+ Display a system restart required notification on libssl1.1
upgrade on servers.
+ Use a different priority for libssl1.1/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
- Revert "Enable system default config to enforce TLS1.2 as a
minimum" & "Increase default security level from 1 to 2".
- Drop the NEWS entry, not applicable on Ubuntu.
openssl (1.1.1b-2) unstable; urgency=medium
* Fix BUF_MEM regression (Closes: #923516)
* Fix error when config can't be opened (Closes: #926315)
* Ship an openssl.cnf in libssl1.1-udeb.dirs
-- Dimitri John Ledkov <email address hidden> Wed, 17 Apr 2019 17:26:42 +0100
-
openssl (1.1.1b-1ubuntu2) disco; urgency=medium
* debian/rules: Ship openssl.cnf in libssl1.1-udeb, as required to use
OpenSSL by other udebs, e.g. wget-udeb. LP: #1822898
* Drop debian/patches/UBUNTU-lower-tls-security-level-for-compat.patch
to revert TLS_SECURITY_LEVEL back to 1. LP: #1822984
-- Dimitri John Ledkov <email address hidden> Wed, 03 Apr 2019 11:50:23 +0100
