-
openssl-ibmca (2.3.0-0ubuntu1.1) kinetic; urgency=medium
* Fix IBMCA provider security vulnerability LP: #2015333 by adding:
- d/p/lp-2015333-provider-RSA-cipher-Tolerate-implicit-rejection-opti.patch
- d/p/lp-2015333-provider-RSA-cipher-Fix-copy-paste-error.patch
- d/p/lp-2015333-provider-Make-ibmca_rsa_check_pkcs1_tls_padding-cons.patch
- d/p/lp-2015333-provider-Make-ibmca_rsa_check_pkcs1_padding-constant.patch
- d/p/lp-2015333-provider-Make-ibmca_rsa_check_oaep_mgf1_padding-cons.patch
- d/p/lp-2015333-provider-Add-support-for-implicit-rejection.patch
- d/p/lp-2015333-provider-Support-RSA-blinding.patch
- d/p/lp-2015333-provider-Perform-mod-expo-for-blinding-setup-via-lib.patch
* Fix IBMCA engine security vulnerability LP: #2015454 by adding:
- d/p/lp-2015333-engine-Enable-RSA-blinding-and-offload-blinding-setu.patch
-- Frank Heimes <email address hidden> Wed, 12 Apr 2023 17:11:30 +0200
-
openssl-ibmca (2.3.0-0ubuntu1) kinetic; urgency=medium
* New upstream release. LP: #1959763
- update d/p/openssl-config.patch
since code moved from src to src/engine
- update d/p/testconf-openssl3.patch
since code moved from test to test/engine
and context adjustment in test/engine/Makefile.am
- remove d/p/e59cce5-Fix-compilation-for-OpenSSL-3.0.patch
since this patch/commit is incl. in the new upstream version
- due to the refactoring (engine/provider) path adjustments needed in
d/rules and d/openssl-ibmca.install
- add ibmca-provider-opensslconfig to
d/rules and d/openssl-ibmca.install
- modify d/rules to configure for engine and provider using full libica
- expand d/examples with openssl.cnf.provider.sample
- add d/p/lp-1959763-Adjust-to-new-libica.patch
to be compliiant with latest libica
- add d/p/lp-1959763-Support-tests-in-remote-builds.patch
to make tests more decent
- add d/p/lp-1959763-provider-Adapt-keymgmt_match-implementations.patch
to adapt the provider's match functions
- add d/p/lp-1959763-tests-skip-tests-if-libica-does-not-support.patch
skip tests if unsupported by libica
- add d/p/lp-1959763-Provider-Fix-parallel-test-runs.patch
without this esp. the provider tests will not properly work
-- Frank Heimes <email address hidden> Fri, 05 Aug 2022 16:37:13 +0200
-
openssl-ibmca (2.2.3-0ubuntu1) jammy; urgency=medium
* New upstream release. LP: #1967141
* The difference between 2.2.2 and 2.2.3 includes just these two fixes:
- "PKEY: Fix usage of ECX keys"
- "use correct libica for ibmca_mechaList_test"
Rather than adding these as quilt patches, raising the package to the
bugfix-only version that incl. them is preferable.
* For "PKEY: Fix usage of ECX keys" a backport of
"Fix compilation for OpenSSL 3.0" was needed:
d/p/e59cce5-Fix-compilation-for-OpenSSL-3.0.patch
* For convenience reasons a generated sample config is now included in
the package, but also the optional configuration generator Perl script
'ibmca-engine-opensslconfig'.
* d/control: add dh-autoreconf to Build-Depends to work around a Lintian
regression on missing-build-dependency-for-dh-addon
-- Frank Heimes <email address hidden> Wed, 30 Mar 2022 19:19:00 +0100