Change logs for openssl source package in Focal

  • openssl (1.1.1d-2ubuntu6) focal; urgency=medium
    
      * Revert version number change to 1.1.1e-dev.
    
    openssl (1.1.1d-2ubuntu4) focal; urgency=medium
    
      * Apply 1_1_1-stable branch patches
      * Apply s390x ECC assembly pack improvements
    
     -- Dimitri John Ledkov <email address hidden>  Fri, 06 Mar 2020 04:08:51 +0000
  • openssl (1.1.1d-2ubuntu5) focal; urgency=medium
    
      * Revert version number change to 1.1.1e-dev.
    
    openssl (1.1.1d-2ubuntu4) focal; urgency=medium
    
      * Apply 1_1_1-stable branch patches
      * Apply s390x ECC assembly pack improvements
    
     -- Dimitri John Ledkov <email address hidden>  Fri, 06 Mar 2020 04:08:51 +0000
  • openssl (1.1.1d-2ubuntu4) focal; urgency=medium
    
      * Apply 1_1_1-stable branch patches
      * Apply s390x ECC assembly pack improvements
    
     -- Dimitri John Ledkov <email address hidden>  Wed, 26 Feb 2020 21:54:47 +0000
  • openssl (1.1.1d-2ubuntu3) focal; urgency=medium
    
      * Use perl:native in the autopkgtest for installability on i386.
    
    openssl (1.1.1d-2ubuntu2) focal; urgency=low
    
      * Merge from Debian unstable.  Remaining changes:
        - Replace duplicate files in the doc directory with symlinks.
        - debian/libssl1.1.postinst:
          + Display a system restart required notification on libssl1.1
            upgrade on servers.
          + Use a different priority for libssl1.1/restart-services depending
            on whether a desktop, or server dist-upgrade is being performed.
          + Bump version check to to 1.1.1.
          + Import libraries/restart-without-asking template as used by above.
        - Revert "Enable system default config to enforce TLS1.2 as a
          minimum" & "Increase default security level from 1 to 2".
        - Reword the NEWS entry, as applicable on Ubuntu.
        - Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20
          from master.
    
      * Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
        level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions
        below 1.2 and update documentation. Previous default of 1, can be set
        by calling SSL_CTX_set_security_level(), SSL_set_security_level() or
        using ':@SECLEVEL=1' CipherString value in openssl.cfg.
    
    openssl (1.1.1d-2) unstable; urgency=medium
    
      * Reenable AES-CBC-HMAC-SHA ciphers (Closes: #941987).
    
    openssl (1.1.1d-1) unstable; urgency=medium
    
      * New upstream version
       - CVE-2019-1549 (Fixed a fork protection issue).
       - CVE-2019-1547 (Compute ECC cofactors if not provided during EC_GROUP
         construction).
       - CVE-2019-1563 (Fixed a padding oracle in PKCS7_dataDecode and
         CMS_decrypt_set1_pkey).
      * Update symbol list
    
     -- Dimitri John Ledkov <email address hidden>  Thu, 16 Jan 2020 14:15:26 +0000
  • openssl (1.1.1d-2ubuntu2) focal; urgency=low
    
      * Merge from Debian unstable.  Remaining changes:
        - Replace duplicate files in the doc directory with symlinks.
        - debian/libssl1.1.postinst:
          + Display a system restart required notification on libssl1.1
            upgrade on servers.
          + Use a different priority for libssl1.1/restart-services depending
            on whether a desktop, or server dist-upgrade is being performed.
          + Bump version check to to 1.1.1.
          + Import libraries/restart-without-asking template as used by above.
        - Revert "Enable system default config to enforce TLS1.2 as a
          minimum" & "Increase default security level from 1 to 2".
        - Reword the NEWS entry, as applicable on Ubuntu.
        - Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20
          from master.
    
      * Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
        level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions
        below 1.2 and update documentation. Previous default of 1, can be set
        by calling SSL_CTX_set_security_level(), SSL_set_security_level() or
        using ':@SECLEVEL=1' CipherString value in openssl.cfg.
    
     -- Dimitri John Ledkov <email address hidden>  Wed, 08 Jan 2020 17:17:41 +0000
  • openssl (1.1.1d-2ubuntu1) focal; urgency=low
    
      * Merge from Debian unstable.  Remaining changes:
        - Replace duplicate files in the doc directory with symlinks.
        - debian/libssl1.1.postinst:
          + Display a system restart required notification on libssl1.1
            upgrade on servers.
          + Use a different priority for libssl1.1/restart-services depending
            on whether a desktop, or server dist-upgrade is being performed.
          + Bump version check to to 1.1.1.
          + Import libraries/restart-without-asking template as used by above.
        - Revert "Enable system default config to enforce TLS1.2 as a
          minimum" & "Increase default security level from 1 to 2".
        - Reword the NEWS entry, as applicable on Ubuntu.
        - Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20
          from master.
    
      * Set TLS 1.2 as compiled-in minimum protocol version for TLS
        context. TLS 1.0 and 1.1 can be enabled again by calling
        SSL_CTX_set_min_proto_version() or SSL_set_min_proto_version(), or
        setting MinProtocol in the openssl.cfg. LP: #1856428
    
      * Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
        level. Previous default of 1, can be set by calling
        SSL_CTX_set_security_level(), SSL_set_security_level() or using
        ':@SECLEVEL=1' CipherString value in openssl.cfg.
    
    openssl (1.1.1d-2) unstable; urgency=medium
    
      * Reenable AES-CBC-HMAC-SHA ciphers (Closes: #941987).
    
    openssl (1.1.1d-1) unstable; urgency=medium
    
      * New upstream version
       - CVE-2019-1549 (Fixed a fork protection issue).
       - CVE-2019-1547 (Compute ECC cofactors if not provided during EC_GROUP
         construction).
       - CVE-2019-1563 (Fixed a padding oracle in PKCS7_dataDecode and
         CMS_decrypt_set1_pkey).
      * Update symbol list
    
     -- Dimitri John Ledkov <email address hidden>  Wed, 08 Jan 2020 17:17:41 +0000
  • openssl (1.1.1c-1ubuntu4) eoan; urgency=medium
    
      * Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20
        from master. LP: #1736705 LP: #1736704
    
     -- Dimitri John Ledkov <email address hidden>  Tue, 20 Aug 2019 12:46:33 +0100