dwww Home | Show directory contents | Find package

openssl (3.0.13-1~deb12u1) bookworm; urgency=medium

  * Import 3.0.13
   - CVE-2023-5678 (Fix excessive time spent in DH check / generation with
     large Q parameter value) (Closes: #1055473).
   - CVE-2023-6129 (POLY1305 MAC implementation corrupts vector registers on
     PowerPC) (Closes: #1060347).
   - CVE-2023-6237 (Excessive time spent checking invalid RSA public keys)
     (Closes: #1060858)
   - CVE-2024-0727 (PKCS12 Decoding crashes) (Closes: #1061582).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Sun, 03 Mar 2024 10:47:43 +0100

openssl (3.0.11-1~deb12u2) bookworm-security; urgency=medium

  * CVE-2023-5363 (Incorrect cipher key and IV length processing).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Mon, 23 Oct 2023 19:52:22 +0200

openssl (3.0.11-1~deb12u1) bookworm; urgency=medium

  * Import 3.0.11

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Tue, 26 Sep 2023 21:08:42 +0200

openssl (3.0.10-1~deb12u1) bookworm; urgency=medium

  * Import 3.0.10
   - CVE-2023-2975 (AES-SIV implementation ignores empty associated data
     entries) (Closes: #1041818).
   - CVE-2023-3446 (Excessive time spent checking DH keys and parameters).
     (Closes: #1041817).
   - CVE-2023-3817 (Excessive time spent checking DH q parameter value).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Sat, 26 Aug 2023 11:29:40 +0200

openssl (3.0.9-1) unstable; urgency=medium

  * Import 3.0.9
   - CVE-2023-0464 (Excessive Resource Usage Verifying X.509 Policy
     Constraints) (Closes: #1034720).
   - CVE-2023-0465 (Invalid certificate policies in leaf certificates are
     silently ignored).
   - CVE-2023-0466 (Certificate policy check not enabled).
   - Alternative fix for CVE-2022-4304 (Timing Oracle in RSA Decryption).
   - CVE-2023-2650 (Possible DoS translating ASN.1 object identifiers).
   - CVE-2023-1255 (Input buffer over-read in AES-XTS implementation on 64 bit ARM).
   - Add new symbol.

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Tue, 30 May 2023 18:12:36 +0200

openssl (3.0.8-1) unstable; urgency=medium

  * Import 3.0.8
    - CVE-2023-0401 (NULL dereference during PKCS7 data verification).
    - CVE-2023-0286 (X.400 address type confusion in X.509 GeneralName).
    - CVE-2023-0217 (NULL dereference validating DSA public key).
    - CVE-2023-0216 (Invalid pointer dereference in d2i_PKCS7 functions).
    - CVE-2023-0215 (Use-after-free following BIO_new_NDEF).
    - CVE-2022-4450 (Double free after calling PEM_read_bio_ex).
    - CVE-2022-4304 (Timing Oracle in RSA Decryption).
    - CVE-2022-4203 (X.509 Name Constraints Read Buffer Overflow).
    - Padlock: fix byte swapping assembly for AES-192 and 256
      (Closes: #1029259).
    - Add new symbol.
  * Make loongarch64 little endian (Closes: #1029281).
  * Drop conflict against libssl1.0-dev.
  * Update Standards-Version to 4.6.1. No changes required.

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Tue, 07 Feb 2023 21:42:42 +0100

openssl (3.0.7-2) unstable; urgency=medium

  [ Sebastian Andrzej Siewior ]
  * CVE-2022-3996 (X.509 Policy Constraints Double Locking) (Closes: #1027102).
  * Add loongarch64 target (Closes: #1024414).
  * Avoid SIGSEGV with engines, reported by ValdikSS (Closes: #1028898).
  * Set digestname from argv[0] if it is a builtin hash name
   (Closes:# 1025461).

  [ Helmut Grohne ]
  * Support the noudeb build profile (Closes: #1024929).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Thu, 19 Jan 2023 21:31:42 +0100

openssl (3.0.7-1) unstable; urgency=medium

  * Import 3.0.7
    - Using a Custom Cipher with NID_undef may lead to NULL encryption
      (CVE-2022-3358) (Closes: #1021620).
    - X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602).
    - X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786).
  * Disable rdrand engine (the opcode on x86).
  * Remove config bits for MIPS R6, the generic MIPS config can be used.

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Tue, 01 Nov 2022 21:39:01 +0100

openssl (3.0.5-4) unstable; urgency=medium

  * Add ssl_conf() serialisation (Closes: #1020308).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Mon, 19 Sep 2022 21:59:19 +0200

openssl (3.0.5-3) unstable; urgency=medium

  * Add cert.pem symlink pointing to ca-certificates' ca-certificates.crt
   (Closes: #805646).
  * Compile with OPENSSL_TLS_SECURITY_LEVEL=2 (Closes: #918727).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Sun, 18 Sep 2022 21:48:05 +0200

openssl (3.0.5-2) unstable; urgency=medium

  * Update to commit ce3951fc30c7b ("VC++ 2008 or earlier x86 compilers…")
    (Closes: #1016290).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Sun, 14 Aug 2022 21:57:05 +0200

openssl (3.0.5-1) unstable; urgency=medium

  * Import 3.0.5
    - Possible module_list_lock crash (Closes: #1013309).
    - CVE-2022-2097 (AES OCB fails to encrypt some bytes).
  * Update to 55461bf22a57a ("Don't try to make configuration leaner")
  * Use -latomic on arc,nios2 and sparc (Closes: #1015792).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Sun, 24 Jul 2022 16:30:30 +0200

openssl (3.0.4-2) unstable; urgency=medium

  * Address a AVX2 related memory corruption (Closes: #1013441)
    (CVE-2022-2274).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Fri, 24 Jun 2022 19:27:02 +0200

openssl (3.0.4-1) unstable; urgency=medium

  * Import 3.0.4
    - CVE-2022-2068 (The c_rehash script allows command injection)

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Wed, 22 Jun 2022 08:04:00 +0200

openssl (3.0.3-8) unstable; urgency=medium

  * Update to openssl-3.0 head.
  * Avoid reusing the init_lock for a different purpose (Closes: #1011339).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Mon, 13 Jun 2022 22:16:39 +0200

openssl (3.0.3-7) unstable; urgency=medium

  * Remove the provider section from the provided openssl.cnf
   (Closes: #1011051).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Wed, 08 Jun 2022 23:10:14 +0200

openssl (3.0.3-6) unstable; urgency=medium

  * Update to openssl-3.0 head which fixes the expired certs in the testsuite.

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Sat, 04 Jun 2022 15:25:53 +0200

openssl (3.0.3-5) unstable; urgency=medium

  * Don't generate endbr32 opcodes on i386. Thanks to Wolfgang Walter
    (Closes: #1011127).
  * Backport more compare fixes from upstream.

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Fri, 20 May 2022 22:01:29 +0200

openssl (3.0.3-4) unstable; urgency=medium

  * Add an init to EVP_PKEY_Q_keygen(). GH#18247, reference 1010958.

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Mon, 16 May 2022 23:20:27 +0200

openssl (3.0.3-3) unstable; urgency=medium

  * Revert "Use .s extension for ia64 assembler" and don't zero used
    registers. Thanks to John Paul Adrian Glaubitz for debugging
    (Closes: #1010975).
  * Don't build ev4/ev5 optimized libraries on alpha.

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Sat, 14 May 2022 21:50:31 +0200

openssl (3.0.3-2) unstable; urgency=medium

  * Update standards to 4.6.1. No changes were needed.
  * Upload to unstable.

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Fri, 13 May 2022 23:25:01 +0200

openssl (3.0.3-1) experimental; urgency=medium

  * Import 3.0.3
    - CVE-2022-1292 (The c_rehash script allows command injection).
    - CVE-2022-1343 (OCSP_basic_verify may incorrectly verify the response
      signing certificate).
    - CVE-2022-1434 (Incorrect MAC key used in the RC4-MD5 ciphersuite).
    - CVE-2022-1473 (Resource leakage when decoding certificates and keys).
    - Add new symbols.
  * Correct the openssl.cnf to provide proper default configuration. Thanks to
    Matthias Blümel (Closes: #1010360).
  * Use a separator in the CipherString in openssl.cnf (Closes: #948800).
  * Remove the postinst script which was used to restart daemons after a
    library upgrade. It is not updated and essentially dead code. Users are
    advised to switch to checkrestart/ needrestart or a similar service.
    Thanks to Helmut Grohne (Closes: #983722).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Fri, 06 May 2022 22:21:52 +0200

openssl (3.0.2-1) experimental; urgency=medium

  * Import 3.0.2
    - CVE-2022-0778 (Infinite loop in BN_mod_sqrt() reachable when parsing
      certificates).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Tue, 15 Mar 2022 20:54:57 +0100

openssl (3.0.1-1) experimental; urgency=medium

  * Import 3.0.1
    - CVE-2021-4044 (Fixed invalid handling of X509_verify_cert() internal
      errors in libssl).
    - CVE-2021-4160 (Carry propagation bug in the MIPS32 and MIPS64 squaring
      procedure.)
  * Zero used registers at function exit.

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Mon, 27 Dec 2021 11:44:50 +0100

openssl (3.0.0-1) experimental; urgency=medium

  * Import 3.0.0.
  * Add ARC, patch by Vineet Gupta (Closes: #989442).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Sat, 11 Sep 2021 10:41:54 +0200

openssl (3.0.0~~beta2-1) experimental; urgency=medium

  * Import 3.0.0-beta2.

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Fri, 30 Jul 2021 07:51:18 +0200

openssl (3.0.0~~beta1-1) experimental; urgency=medium

  * Import 3.0.0-beta1.
  * Use HARNESS_VERBOSE again (otherwise the test suite might killed since no
    progress is visible).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Wed, 23 Jun 2021 19:32:27 +0200

openssl (3.0.0~~alpha16-1) experimental; urgency=medium

  * Import 3.0.0-alpha16.
  * Use VERBOSE_FAILURE to log only failures in the build log.

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Thu, 06 May 2021 21:54:38 +0200

openssl (3.0.0~~alpha15-1) experimental; urgency=medium

  * Import 3.0.0-alpha15.

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Wed, 28 Apr 2021 23:26:47 +0200

openssl (3.0.0~~alpha13-2) experimental; urgency=medium

  * Add a proposed patch from upstream to skip negativ errno number in the
    testsuite to pass the testsute on hurd.
  * Always link against libatomic.

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Wed, 07 Apr 2021 21:36:02 +0200

openssl (3.0.0~~alpha13-1) experimental; urgency=medium

  * Import 3.0.0-alpha13.
  * Move configuration.h to architecture specific include folder. Patch from
    Antonio Terceiro (Closes: #985555).
  * Enable LFS. Thanks to Dan Nicholson for debugging (Closes: #923479).
  * drop `lsof', the testsuite is not using it anymore.
  * Enable ktls.

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Thu, 01 Apr 2021 23:07:05 +0200

openssl (3.0.0~~alpha4-1) experimental; urgency=medium

  * Import 3.0.0-alpha4.
  * Add `lsof' which is needed by the test suite.
  * Add ossl-modules to libcrypto's udeb.

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Tue, 07 Jul 2020 00:16:54 +0200

openssl (3.0.0~~alpha3-1) experimental; urgency=medium

  * Import 3.0.0-alpha3
  * Install the .so files only in the -dev package (Closes: #962548).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Wed, 17 Jun 2020 23:24:43 +0200

openssl (3.0.0~~alpha1-1) experimental; urgency=medium

  * Import 3.0.0-alpha1 (Closes: #934836).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Sat, 25 Apr 2020 23:08:44 +0200

openssl (1.1.1g-1) unstable; urgency=medium

  * New upstream version
    - CVE-2020-1967 (Segmentation fault in SSL_check_chain).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Tue, 21 Apr 2020 21:45:21 +0200

openssl (1.1.1f-1) unstable; urgency=medium

  * New upstream version
   - Revert the change of EOF detection to avoid regressions in applications.
     (Closes: #955442).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Tue, 31 Mar 2020 23:59:59 +0200

openssl (1.1.1e-1) unstable; urgency=medium

  * Use dh-compat level 12.
  * New upstream version
    - CVE-2019-1551 (Overflow in the x64_64 Montgomery squaring procedure),
    (Closes: #947949).
  * Update symbol list.
  * Update Standards-Version to 4.5.0. No changes required.
  * Add musl configurations (Closes: #941765).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Wed, 18 Mar 2020 20:59:39 +0100

openssl (1.1.1d-2) unstable; urgency=medium

  * Reenable AES-CBC-HMAC-SHA ciphers (Closes: #941987).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Sat, 12 Oct 2019 21:37:55 +0200

openssl (1.1.1d-1) unstable; urgency=medium

  * New upstream version
   - CVE-2019-1549 (Fixed a fork protection issue).
   - CVE-2019-1547 (Compute ECC cofactors if not provided during EC_GROUP
     construction).
   - CVE-2019-1563 (Fixed a padding oracle in PKCS7_dataDecode and
     CMS_decrypt_set1_pkey).
  * Update symbol list

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Sat, 14 Sep 2019 00:38:12 +0200

# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog openssl`.

Generated by dwww version 1.15 on Sun Jun 16 08:48:42 CEST 2024.