-
openssl (3.0.2-0ubuntu1.15) jammy-security; urgency=medium
* SECURITY UPDATE: Implicit rejection for RSA PKCS#1 (LP: #2054090)
- debian/patches/openssl-pkcs1-implicit-rejection.patch:
Return deterministic random output instead of an error in case
there is a padding error in crypto/cms/cms_env.c,
crypto/evp/ctrl_params_translate.c, crypto/pkcs7/pk7_doit.c,
crypto/rsa/rsa_ossl.c, crypto/rsa/rsa_pk1.c,
crypto/rsa/rsa_pmeth.c, doc/man1/openssl-pkeyutl.pod.in,
doc/man1/openssl-rsautl.pod.in, doc/man3/EVP_PKEY_CTX_ctrl.pod,
doc/man3/EVP_PKEY_decrypt.pod,
doc/man3/RSA_padding_add_PKCS1_type_1.pod,
doc/man3/RSA_public_encrypt.pod, doc/man7/provider-asym_cipher.pod,
include/crypto/rsa.h, include/openssl/core_names.h,
include/openssl/rsa.h,
providers/implementations/asymciphers/rsa_enc.c and
test/recipes/30-test_evp_data/evppkey_rsa_common.txt.
-- David Fernandez Gonzalez <email address hidden> Fri, 16 Feb 2024 09:51:30 +0100
-
openssl (3.0.2-0ubuntu1.14) jammy-security; urgency=medium
* SECURITY UPDATE: Excessive time spent in DH check / generation with
large Q parameter value
- debian/patches/CVE-2023-5678.patch: make DH_check_pub_key() and
DH_generate_key() safer yet in crypto/dh/dh_check.c,
crypto/dh/dh_err.c, crypto/dh/dh_key.c, crypto/err/openssl.txt,
include/crypto/dherr.h, include/openssl/dh.h,
include/openssl/dherr.h.
- CVE-2023-5678
* SECURITY UPDATE: POLY1305 MAC implementation corrupts vector registers
on PowerPC
- debian/patches/CVE-2023-6129.patch: fix vector register clobbering in
crypto/poly1305/asm/poly1305-ppc.pl.
- CVE-2023-6129
* SECURITY UPDATE: Excessive time spent checking invalid RSA public keys
- debian/patches/CVE-2023-6237.patch: limit the execution time of RSA
public key check in crypto/rsa/rsa_sp800_56b_check.c,
test/recipes/91-test_pkey_check.t,
test/recipes/91-test_pkey_check_data/rsapub_17k.pem.
- CVE-2023-6237
* SECURITY UPDATE: PKCS12 Decoding crashes
- debian/patches/CVE-2024-0727.patch: add NULL checks where ContentInfo
data can be NULL in crypto/pkcs12/p12_add.c,
crypto/pkcs12/p12_mutl.c, crypto/pkcs12/p12_npas.c,
crypto/pkcs7/pk7_mime.c.
- CVE-2024-0727
-- Marc Deslauriers <email address hidden> Wed, 31 Jan 2024 13:43:23 -0500
-
openssl (3.0.2-0ubuntu1.13) jammy; urgency=medium
* Fix (upstream): crash when using an engine for ciphers used by DRBG
(LP: #2023545)
- lp2023545/0001-Release-the-drbg-in-the-global-default-context-befor.patch
* Fix (upstream): do not ignore return values for S/MIME signature
(LP: #1994165)
- lp1994165/0001-REGRESSION-CMS_final-do-not-ignore-CMS_dataFinal-res.patch
* Perf (upstream): don't empty method stores and provider synchronization
records when flushing the query cache (LP: #2033422)
- lp2033422/0001-Drop-ossl_provider_clear_all_operation_bits-and-all-.patch
- lp2033422/0002-Refactor-method-construction-pre-and-post-condition.patch
- lp2033422/0003-Don-t-empty-the-method-store-when-flushing-the-query.patch
- lp2033422/0004-Make-it-possible-to-remove-methods-by-the-provider-t.patch
- lp2033422/0005-Complete-the-cleanup-of-an-algorithm-in-OSSL_METHOD_.patch
- lp2033422/0006-For-child-libctx-provider-don-t-count-self-reference.patch
- lp2033422/0007-Add-method-store-cache-flush-and-method-removal-to-n.patch
-- Adrien Nader <email address hidden> Tue, 09 Jan 2024 11:42:50 +0100
-
openssl (3.0.2-0ubuntu1.12) jammy-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: AES-SIV implementation ignores empty associated data
entries
- debian/patches/CVE-2023-2975.patch: do not ignore empty associated
data with AES-SIV mode in
providers/implementations/ciphers/cipher_aes_siv.c.
- CVE-2023-2975
* SECURITY UPDATE: Incorrect cipher key and IV length processing
- debian/patches/CVE-2023-5363-1.patch: process key length and iv
length early if present in crypto/evp/evp_enc.c.
- debian/patches/CVE-2023-5363-2.patch: add unit test in
test/evp_extra_test.c.
- CVE-2023-5363
[ Ian Constantin ]
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2023-3446.patch: adds check to prevent the testing of
an excessively large modulus in DH_check().
- CVE-2023-3446
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2023-3817.patch: adds check to prevent the testing of
invalid q values in DH_check().
- CVE-2023-3817
-- Marc Deslauriers <email address hidden> Fri, 13 Oct 2023 08:02:49 -0400
-
openssl (3.0.2-0ubuntu1.10) jammy-security; urgency=medium
* SECURITY UPDATE: DoS in AES-XTS cipher decryption
- debian/patches/CVE-2023-1255.patch: avoid buffer overrread in
crypto/aes/asm/aesv8-armx.pl.
- CVE-2023-1255
* SECURITY UPDATE: Possible DoS translating ASN.1 object identifiers
- debian/patches/CVE-2023-2650.patch: restrict the size of OBJECT
IDENTIFIERs that OBJ_obj2txt will translate in
crypto/objects/obj_dat.c.
- CVE-2023-2650
* Replace CVE-2022-4304 fix with improved version
- debian/patches/CVE-2022-4304.patch: use alternative fix in
crypto/bn/bn_asm.c, crypto/bn/bn_blind.c, crypto/bn/bn_lib.c,
crypto/bn/bn_local.h, crypto/rsa/rsa_ossl.c.
-- Marc Deslauriers <email address hidden> Wed, 24 May 2023 13:12:55 -0400
-
openssl (3.0.2-0ubuntu1.9) jammy-security; urgency=medium
* SECURITY UPDATE: double locking when processing X.509 certificate policy
constraints
- debian/patches/CVE-2022-3996-1.patch: revert commit 9aa4be69 and remove
redundant flag setting.
- debian/patches/CVE-2022-3996-2.patch: add test case for reported
deadlock.
- CVE-2022-3996
* SECURITY UPDATE: excessive resource use when verifying policy constraints
- debian/patches/CVE-2023-0464-1.patch: limit the number of nodes created
in a policy tree (the default limit is set to 1000 nodes).
- debian/patches/CVE-2023-0464-2.patch: add test cases for the policy
resource overuse.
- debian/patches/CVE-2023-0464-3.patch: disable the policy tree
exponential growth test conditionally.
- CVE-2023-0464
* SECURITY UPDATE: invalid certificate policies ignored in leaf certificates
- debian/patches/CVE-2023-0465-1.patch: ensure that EXFLAG_INVALID_POLICY
is checked even in leaf certs.
- debian/patches/CVE-2023-0465-2.patch: generate some certificates with
the certificatePolicies extension.
- debian/patches/CVE-2023-0465-3.patch: add a certificate policies test.
- CVE-2023-0466
* SECURITY UPDATE: certificate policy check in X509_VERIFY_PARAM_add0_policy
not enabled as documented
- debian/patches/CVE-2023-0466.patch: fix documentation of
X509_VERIFY_PARAM_add0_policy().
- CVE-2023-0466
-- Camila Camargo de Matos <email address hidden> Mon, 17 Apr 2023 15:12:58 -0300
-
openssl (3.0.2-0ubuntu1.8) jammy-security; urgency=medium
* SECURITY UPDATE: X.509 Name Constraints Read Buffer Overflow
- debian/patches/CVE-2022-4203-1.patch: fix type confusion in
nc_match_single() in crypto/x509/v3_ncons.c.
- debian/patches/CVE-2022-4203-2.patch: add testcase for
nc_match_single type confusion in test/*.
- CVE-2022-4203
* SECURITY UPDATE: Timing Oracle in RSA Decryption
- debian/patches/CVE-2022-4304.patch: fix timing oracle in
crypto/bn/bn_blind.c, crypto/bn/bn_local.h, crypto/bn/build.info,
crypto/bn/rsa_sup_mul.c, crypto/rsa/rsa_ossl.c, include/crypto/bn.h.
- CVE-2022-4304
* SECURITY UPDATE: Double free after calling PEM_read_bio_ex
- debian/patches/CVE-2022-4450-1.patch: avoid dangling ptrs in header
and data params for PEM_read_bio_ex in crypto/pem/pem_lib.c.
- debian/patches/CVE-2022-4450-2.patch: add a test in test/pemtest.c.
- CVE-2022-4450
* SECURITY UPDATE: Use-after-free following BIO_new_NDEF
- debian/patches/CVE-2023-0215-1.patch: fix a UAF resulting from a bug
in BIO_new_NDEF in crypto/asn1/bio_ndef.c.
- debian/patches/CVE-2023-0215-2.patch: check CMS failure during BIO
setup with -stream is handled correctly in
test/recipes/80-test_cms.t, test/smime-certs/badrsa.pem.
- CVE-2023-0215
* SECURITY UPDATE: Invalid pointer dereference in d2i_PKCS7 functions
- debian/patches/CVE-2023-0216-1.patch: do not dereference PKCS7 object
data if not set in crypto/pkcs7/pk7_lib.c.
- debian/patches/CVE-2023-0216-2.patch: add test for d2i_PKCS7 NULL
dereference in test/recipes/25-test_pkcs7.t,
test/recipes/25-test_pkcs7_data/malformed.pkcs7.
- CVE-2023-0216
* SECURITY UPDATE: NULL dereference validating DSA public key
- debian/patches/CVE-2023-0217-1.patch: fix NULL deference when
validating FFC public key in crypto/ffc/ffc_key_validate.c,
include/internal/ffc.h, test/ffc_internal_test.c.
- debian/patches/CVE-2023-0217-2.patch: prevent creating DSA and DH
keys without parameters through import in
providers/implementations/keymgmt/dh_kmgmt.c,
providers/implementations/keymgmt/dsa_kmgmt.c.
- debian/patches/CVE-2023-0217-3.patch: do not create DSA keys without
parameters by decoder in crypto/x509/x_pubkey.c,
include/crypto/x509.h,
providers/implementations/encode_decode/decode_der2key.c.
- CVE-2023-0217
* SECURITY UPDATE: X.400 address type confusion in X.509 GeneralName
- debian/patches/CVE-2023-0286.patch: fix GENERAL_NAME_cmp for
x400Address in crypto/x509/v3_genn.c, include/openssl/x509v3.h.in,
test/v3nametest.c.
- CVE-2023-0286
* SECURITY UPDATE: NULL dereference during PKCS7 data verification
- debian/patches/CVE-2023-0401-1.patch: check return of BIO_set_md()
calls in crypto/pkcs7/pk7_doit.c.
- debian/patches/CVE-2023-0401-2.patch: add testcase for missing return
check of BIO_set_md() calls in test/recipes/80-test_cms.t,
test/recipes/80-test_cms_data/pkcs7-md4.pem.
- CVE-2023-0401
-- Marc Deslauriers <email address hidden> Mon, 06 Feb 2023 12:57:17 -0500
-
openssl (3.0.2-0ubuntu1.7) jammy-security; urgency=medium
* SECURITY UPDATE: X.509 Email Address Buffer Overflow
- debian/patches/CVE-2022-3602-1.patch: fix off by one in punycode
decoder in crypto/punycode.c, test/build.info, test/punycode_test.c,
test/recipes/04-test_punycode.t.
- debian/patches/CVE-2022-3602-2.patch: ensure the result is zero
terminated in crypto/punycode.c.
- CVE-2022-3602
* SECURITY UPDATE: legacy custom cipher issue
- debian/patches/CVE-2022-3358.patch: fix usage of custom EVP_CIPHER
objects in crypto/evp/digest.c, crypto/evp/evp_enc.c.
- CVE-2022-3358
-- Marc Deslauriers <email address hidden> Thu, 27 Oct 2022 13:06:56 -0400
-
openssl (3.0.2-0ubuntu1.6) jammy-security; urgency=medium
* SECURITY UPDATE: AES OCB fails to encrypt some bytes
- debian/patches/CVE-2022-2097-1.patch: fix AES OCB encrypt/decrypt for
x86 AES-NI in crypto/aes/asm/aesni-x86.pl.
- debian/patches/CVE-2022-2097-2.patch: add AES OCB test vectors in
test/recipes/30-test_evp_data/evpciph_aes_ocb.txt.
- CVE-2022-2097
-- Marc Deslauriers <email address hidden> Mon, 04 Jul 2022 07:20:23 -0400
-
openssl (3.0.2-0ubuntu1.5) jammy-security; urgency=medium
* SECURITY UPDATE: c_rehash script allows command injection
- debian/patches/CVE-2022-1292.patch: switch to upstream patch, and
apply it before c_rehash-compat.patch.
- debian/patches/CVE-2022-2068-1.patch: fix file operations in
tools/c_rehash.in.
- debian/patches/CVE-2022-2068-2.patch: drop the issuer_name_hash=
prefix from the CRL hash in tools/c_rehash.in.
- debian/patches/c_rehash-compat.patch: updated patch to apply after
the security updates.
- CVE-2022-2068
-- Marc Deslauriers <email address hidden> Wed, 15 Jun 2022 10:26:20 -0400
-
openssl (3.0.2-0ubuntu1.4) jammy; urgency=medium
* d/p/lp1978093/*: renew some expiring test certificates (LP: #1978093)
openssl (3.0.2-0ubuntu1.3) jammy; urgency=medium
* d/p/lp1974037/*: cherry-pick another patchset to fix regressions with the
previous lp1974037 one (LP: #1974037)
* d/p/Set-systemwide-default-settings-for-libssl-users: partially apply it on
Ubuntu to make it easier for user to change security level (LP: #1972056)
* d/p/lp1947588.patch: Cherry-picked as our patches make it very easy to
trigger the underlying bug (LP: #1947588)
-- Simon Chopin <email address hidden> Thu, 09 Jun 2022 13:20:55 +0200
-
openssl (3.0.2-0ubuntu1.3) jammy; urgency=medium
* d/p/lp1974037/*: cherry-pick another patchset to fix regressions with the
previous lp1974037 one (LP: #1974037)
* d/p/Set-systemwide-default-settings-for-libssl-users: partially apply it on
Ubuntu to make it easier for user to change security level (LP: #1972056)
* d/p/lp1947588.patch: Cherry-picked as our patches make it very easy to
trigger the underlying bug (LP: #1947588)
-- Simon Chopin <email address hidden> Tue, 24 May 2022 10:55:08 +0200
-
openssl (3.0.2-0ubuntu1.2) jammy; urgency=medium
* d/p/lp1968997/*: cherry-pick a patchset to fix issues with the Turkish
locale (LP: #1968997)
-- Simon Chopin <email address hidden> Thu, 05 May 2022 10:04:52 +0200
-
openssl (3.0.2-0ubuntu1.1) jammy-security; urgency=medium
* SECURITY UPDATE: c_rehash script allows command injection
- debian/patches/CVE-2022-1292.patch: do not use shell to invoke
openssl in tools/c_rehash.in.
- CVE-2022-1292
* SECURITY UPDATE: OCSP_basic_verify may incorrectly verify the response
signing certificate
- debian/patches/CVE-2022-1343-1.patch: fix OCSP_basic_verify signer
certificate validation in crypto/ocsp/ocsp_vfy.c.
- debian/patches/CVE-2022-1343-2.patch: test ocsp with invalid
responses in test/recipes/80-test_ocsp.t.
- CVE-2022-1343
* SECURITY UPDATE: incorrect MAC key used in the RC4-MD5 ciphersuite
- debian/patches/CVE-2022-1434.patch: fix the RC4-MD5 cipher in
providers/implementations/ciphers/cipher_rc4_hmac_md5.c,
test/recipes/30-test_evp_data/evpciph_aes_stitched.txt,
test/recipes/30-test_evp_data/evpciph_rc4_stitched.txt.
- CVE-2022-1434
* SECURITY UPDATE: resource leakage when decoding certificates and keys
- debian/patches/CVE-2022-1473.patch: fix bug in OPENSSL_LH_flush in
crypto/lhash/lhash.c.
- CVE-2022-1473
-- Marc Deslauriers <email address hidden> Tue, 03 May 2022 12:01:34 -0400
-
openssl (3.0.2-0ubuntu1) jammy; urgency=medium
* New upstream bugfix release (LP: #1965141)
* d/p/skip_tls1.1_seclevel3_tests.patch: new Ubuntu-specific patch for the
testsuite
-- Simon Chopin <email address hidden> Wed, 16 Mar 2022 09:35:51 +0100
-
openssl (3.0.1-0ubuntu1) jammy; urgency=medium
* New upstream release (LP: #1955026).
+ Dropped patches, merged upstream:
- d/p/double-engine-load*
- d/p/Add-null-digest-implementation-to-the-default-provid.patch
- d/p/Don-t-create-an-ECX-key-with-short-keys.patch
+ Refreshed patches:
- d/p/c_rehash-compat.patch
-- Simon Chopin <email address hidden> Thu, 16 Dec 2021 09:10:48 +0100
-
openssl (3.0.0-1ubuntu2) jammy; urgency=medium
* Cherry-pick upstream fixes to prevent double engine loading (LP: #1951943)
-- Julian Andres Klode <email address hidden> Tue, 07 Dec 2021 17:15:51 +0100
-
openssl (3.0.0-1ubuntu1) jammy; urgency=medium
* Manual merge of version 3.0.0-1 from Debian experimental, remaining
changes:
- Replace duplicate files in the doc directory with symlinks.
- debian/libssl1.1.postinst:
+ Display a system restart required notification on libssl1.1
upgrade on servers, unless needrestart is available.
+ Use a different priority for libssl1.1/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
+ Skip services restart & reboot notification if needrestart is in-use.
+ Bump version check to to 1.1.1.
+ Import libraries/restart-without-asking template as used by above.
- Revert "Enable system default config to enforce TLS1.2 as a
minimum" & "Increase default security level from 1 to 2".
- Reword the NEWS entry, as applicable on Ubuntu.
- Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions
below 1.2 and update documentation. Previous default of 1, can be set
by calling SSL_CTX_set_security_level(), SSL_set_security_level() or
using ':@SECLEVEL=1' CipherString value in openssl.cfg.
- Add support for building with noudeb build profile.
* d/p/Don-t-create-an-ECX-key-with-short-keys.patch:
Backported from upstream to fix a regression with short keys (LP: #1946213)
* d/p/Add-null-digest-implementation-to-the-default-provid.patch:
Backported from upstream to fix a compatibility issue with 1.1.1l
* Manually call dh_installdirs to fix build failure
* Drop some Ubuntu patches merged upstream
+ The s390x series (00xx) has been applied upstream
+ The lp-1927161 Intel CET series has been applied upstream
+ CVE-2021-3449 has been fixed upstream
+ CVE-2021-3450 doesn't apply to 3.0 branch
* Refresh and adapt the remaining patches
openssl (3.0.0-1) experimental; urgency=medium
* Import 3.0.0.
* Add avr32, patch by Vineet Gupta (Closes: #989442).
openssl (3.0.0~~beta2-1) experimental; urgency=medium
* Import 3.0.0-beta2.
openssl (3.0.0~~beta1-1) experimental; urgency=medium
* Import 3.0.0-beta1.
* Use HARNESS_VERBOSE again (otherwise the test suite might killed since no
progress is visible).
openssl (3.0.0~~alpha16-1) experimental; urgency=medium
* Import 3.0.0-alpha16.
* Use VERBOSE_FAILURE to log only failures in the build log.
openssl (3.0.0~~alpha15-1) experimental; urgency=medium
* Import 3.0.0-alpha15.
openssl (3.0.0~~alpha13-2) experimental; urgency=medium
* Add a proposed patch from upstream to skip negativ errno number in the
testsuite to pass the testsute on hurd.
* Always link against libatomic.
openssl (3.0.0~~alpha13-1) experimental; urgency=medium
* Import 3.0.0-alpha13.
* Move configuration.h to architecture specific include folder. Patch from
Antonio Terceiro (Closes: #985555).
* Enable LFS. Thanks to Dan Nicholson for debugging (Closes: #923479).
* drop `lsof', the testsuite is not using it anymore.
* Enable ktls.
openssl (3.0.0~~alpha4-1) experimental; urgency=medium
* Import 3.0.0-alpha4.
* Add `lsof' which is needed by the test suite.
* Add ossl-modules to libcrypto's udeb.
openssl (3.0.0~~alpha3-1) experimental; urgency=medium
* Import 3.0.0-alpha3
* Install the .so files only in the -dev package (Closes: #962548).
openssl (3.0.0~~alpha1-1) experimental; urgency=medium
* Import 3.0.0-alpha1 (Closes: #934836).
-- Simon Chopin <email address hidden> Mon, 20 Sep 2021 18:09:50 +0200
-
openssl (1.1.1l-1ubuntu1) impish; urgency=low
* Merge from Debian unstable. Remaining changes:
- Replace duplicate files in the doc directory with symlinks.
- debian/libssl1.1.postinst:
+ Display a system restart required notification on libssl1.1
upgrade on servers, unless needrestart is available.
+ Use a different priority for libssl1.1/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
+ Skip services restart & reboot notification if needrestart is in-use.
+ Bump version check to to 1.1.1.
+ Import libraries/restart-without-asking template as used by above.
- Revert "Enable system default config to enforce TLS1.2 as a
minimum" & "Increase default security level from 1 to 2".
- Reword the NEWS entry, as applicable on Ubuntu.
- Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20
and ECC from master.
- Use perl:native in the autopkgtest for installability on i386.
- Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions
below 1.2 and update documentation. Previous default of 1, can be set
by calling SSL_CTX_set_security_level(), SSL_set_security_level() or
using ':@SECLEVEL=1' CipherString value in openssl.cfg.
- Import https://github.com/openssl/openssl/pull/12272.patch to enable
CET.
- Add support for building with noudeb build profile.
* Dropped changes:
- Cherry-pick an upstream patch to fix s390x AES code
openssl (1.1.1l-1) unstable; urgency=medium
* New upstream version.
- CVE-2021-3711 (SM2 Decryption Buffer Overflow).
- CVE-2021-3712 (Read buffer overruns processing ASN.1 strings).
-- Simon Chopin <email address hidden> Fri, 10 Sep 2021 09:59:56 +0200