Package "openssl"

  openssl (1.1.1f-1ubuntu2) focal; urgency=medium

  * SECURITY UPDATE: Segmentation fault in SSL_check_chain
    - debian/patches/CVE-2020-1967-1.patch: add test for CVE-2020-1967 in
      test/recipes/70-test_sslsigalgs.t.
    - debian/patches/CVE-2020-1967-2.patch: fix NULL dereference in
      SSL_check_chain() for TLS 1.3 in ssl/t1_lib.c.
    - debian/patches/CVE-2020-1967-3.patch: fix test in
      test/recipes/70-test_sslsigalgs.t.
    - debian/patches/CVE-2020-1967-4.patch: fix test in
      test/recipes/70-test_sslsigalgs.t.
    - CVE-2020-1967

 -- Marc Deslauriers <email address hidden> Mon, 20 Apr 2020 07:53:50 -0400

  openssl (1.1.1f-1ubuntu1) focal; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Replace duplicate files in the doc directory with symlinks.
    - debian/libssl1.1.postinst:
      + Display a system restart required notification on libssl1.1
        upgrade on servers.
      + Use a different priority for libssl1.1/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
      + Bump version check to to 1.1.1.
      + Import libraries/restart-without-asking template as used by above.
    - Revert "Enable system default config to enforce TLS1.2 as a
      minimum" & "Increase default security level from 1 to 2".
    - Reword the NEWS entry, as applicable on Ubuntu.
    - Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20
      and ECC from master.
    - Use perl:native in the autopkgtest for installability on i386.
    - Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
      level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions
      below 1.2 and update documentation. Previous default of 1, can be set
      by calling SSL_CTX_set_security_level(), SSL_set_security_level() or
      using ':@SECLEVEL=1' CipherString value in openssl.cfg.