Ubuntu
openssl package

lp:ubuntu/quantal-proposed/openssl

  1. Quantal (12.10)
  2. quantal-proposed
Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/quantal-proposed/openssl
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

89. By Seth Arnold

* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
  (LP: #1187195)
  - CVE-2012-4929
  - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
    zlib to compress SSL/TLS unless the environment variable
    OPENSSL_DEFAULT_ZLIB is set in the environment during library
    initialization.
  - Introduced to assist with programs not yet updated to provide their own
    controls on compression, such as Postfix
  - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch

88. By Marc Deslauriers

* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - debian/patches/CVE-2013-0169.patch: re-enabled patch and added extra
    commit from upstream to fix regression.
  - CVE-2013-0169

87. By Marc Deslauriers

* REGRESSION FIX: decryption errors on AES-NI hardware (LP: #1134873,
  LP: #1133333)
  - debian/patches/CVE-2013-0169.patch: disabled for now until fix is
    available from upstream.

86. By Marc Deslauriers

* SECURITY UPDATE: denial of service via invalid OCSP key
  - debian/patches/CVE-2013-0166.patch: properly handle NULL key in
    crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
  - CVE-2013-0166
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - debian/patches/CVE-2013-0169.patch: massive code changes
  - CVE-2013-0169
* SECURITY UPDATE: denial of service via AES-NI and crafted CBC data
  - Fix included in CVE-2013-0169 patch
  - CVE-2012-2686

85. By Tyler Hicks

[ Tyler Hicks <email address hidden> ]
* debian/patches/tls12_workarounds.patch: Readd the change to check
  TLS1_get_client_version rather than TLS1_get_version to fix incorrect
  client hello cipher list truncation when TLS 1.1 and lower is in use.
  (LP: #1051892)

[ Micah Gersten <email address hidden> ]
* Mark Debian Vcs-* as XS-Debian-Vcs-*
  - update debian/control

84. By Marc Deslauriers

* Resynchronise with Debian. Remaining changes:
  - debian/libssl1.0.0.postinst:
    + Display a system restart required notification on libssl1.0.0
      upgrade on servers.
    + Use a different priority for libssl1.0.0/restart-services depending
      on whether a desktop, or server dist-upgrade is being performed.
  - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
    libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
    in Debian).
  - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
    rules}: Move runtime libraries to /lib, for the benefit of
    wpasupplicant.
  - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
    .pc.
  - debian/rules:
    + Don't run 'make test' when cross-building.
    + Use host compiler when cross-building. Patch from Neil Williams.
    + Don't build for processors no longer supported: i586 (on i386)
    + Fix Makefile to properly clean up libs/ dirs in clean target.
    + Replace duplicate files in the doc directory with symlinks.
  - Unapply patch c_rehash-multi and comment it out in the series as it
    breaks parsing of certificates with CRLF line endings and other cases
    (see Debian #642314 for discussion), it also changes the semantics of
    c_rehash directories by requiring applications to parse hash link
    targets as files containing potentially *multiple* certificates rather
    than exactly one.
  - Bump version passed to dh_makeshlibs to 1.0.1 for new symbols.
  - debian/patches/tls12_workarounds.patch: workaround large client hello
    issue: Compile with -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 and
    with -DOPENSSL_NO_TLS1_2_CLIENT.
* Dropped upstreamed patches:
  - debian/patches/CVE-2012-2110.patch
  - debian/patches/CVE-2012-2110b.patch
  - debian/patches/CVE-2012-2333.patch
  - debian/patches/CVE-2012-0884-extra.patch
  - most of debian/patches/tls12_workarounds.patch

83. By Steve Beattie

* SECURITY UPDATE: denial of service attack in DTLS, TLS v1.1 and
  TLS v1.2 implementation
  - debian/patches/CVE_2012-2333.patch: guard for integer overflow
    before skipping explicit IV
  - CVE-2012-2333
* debian/patches/CVE-2012-0884-extra.patch: initialize tkeylen
  properly when encrypting CMS messages.

82. By Jamie Strandboge

debian/patches/CVE-2012-2110b.patch: Use correct error code in
BUF_MEM_grow_clean()

81. By Jamie Strandboge

* SECURITY UPDATE: fix various overflows
  - debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c,
    crypto/buffer.c and crypto/mem.c to verify size of lengths
  - CVE-2012-2110

80. By Colin Watson

releasing version 1.0.1-4ubuntu4

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/trusty/openssl
This branch contains Public information 
Everyone can see this information.

Subscribers