lp:ubuntu/trusty/openssl
- Get this branch:
- bzr branch lp:ubuntu/trusty/openssl
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 102. By Marc Deslauriers
-
* SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
- debian/patches/ CVE-2014- 0076.patch: add and use constant time swap in
crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_ mult.c,
util/libeay. num.
- CVE-2014-0076
* SECURITY UPDATE: memory disclosure in TLS heartbeat extension
- debian/patches/ CVE-2014- 0160.patch: use correct lengths in
ssl/d1_both.c, ssl/t1_lib.c.
- CVE-2014-0160 - 101. By Marc Deslauriers
-
* Merge with Debian, remaining changes.
- debian/libssl1. 0.0.postinst:
+ Display a system restart required notification on libssl1.0.0
upgrade on servers.
+ Use a different priority for libssl1.0.0/restart- services depending
on whether a desktop, or server dist-upgrade is being performed.
- debian/{libssl1. 0.0-udeb. dirs, control, rules}: Create
libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
in Debian).
- debian/{libcrypto1. 0.0-udeb. dirs, libssl1.0.0.dirs, libssl1.0.0.files,
rules}: Move runtime libraries to /lib, for the benefit of
wpasupplicant.
- debian/patches/ perlpath- quilt.patch: Don't change perl #! paths under
.pc.
- debian/rules:
+ Don't run 'make test' when cross-building.
+ Use host compiler when cross-building. Patch from Neil Williams.
+ Don't build for processors no longer supported: i586 (on i386)
+ Fix Makefile to properly clean up libs/ dirs in clean target.
+ Replace duplicate files in the doc directory with symlinks.
- debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-*
- debian/patches/ ubuntu_ deb676533_ arm_asm. patch: Enable arm assembly
code.
- debian/rules: Enable optimized 64bit elliptic curve code contributed
by Google.
* Dropped changes:
- debian/patches/ arm64-support: included in debian- targets. patch
- debian/patches/ no_default_ rdrand. patch: upstream
- debian/patches/ openssl- 1.0.1e- env-zlib. patch: zlib is now completely
disabled in debian/rules - 100. By Marc Deslauriers
-
debian/
patches/ no_default_ rdrand. patch: Don't use rdrand engine as
default unless explicitly requested. - 98. By Marc Deslauriers
-
* Re-enable full TLSv1.2 support (LP: #1257877)
- debian/patches/ tls12_workaroun ds.patch: disable patch to re-enable
full TLSv1.2 support. Most problematic sites have been fixed now, and
we really want proper TLSv1.2 support in an LTS. - 96. By Matthias Klose
-
* Merge with Debian, remaining changes.
- debian/libssl1. 0.0.postinst:
+ Display a system restart required notification on libssl1.0.0
upgrade on servers.
+ Use a different priority for libssl1.0.0/restart- services depending
on whether a desktop, or server dist-upgrade is being performed.
- debian/{libssl1. 0.0-udeb. dirs, control, rules}: Create
libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
in Debian).
- debian/{libcrypto1. 0.0-udeb. dirs, libssl1.0.0.dirs, libssl1.0.0.files,
rules}: Move runtime libraries to /lib, for the benefit of
wpasupplicant.
- debian/patches/ perlpath- quilt.patch: Don't change perl #! paths under
.pc.
- debian/rules:
+ Don't run 'make test' when cross-building.
+ Use host compiler when cross-building. Patch from Neil Williams.
+ Don't build for processors no longer supported: i586 (on i386)
+ Fix Makefile to properly clean up libs/ dirs in clean target.
+ Replace duplicate files in the doc directory with symlinks.
- Unapply patch c_rehash-multi and comment it out in the series as it
breaks parsing of certificates with CRLF line endings and other cases
(see Debian #642314 for discussion), it also changes the semantics of
c_rehash directories by requiring applications to parse hash link
targets as files containing potentially *multiple* certificates rather
than exactly one.
- debian/patches/ tls12_workaroun ds.patch: Workaround large client hello
issues when TLS 1.1 and lower is in use
- debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-*
- debian/patches/ ubuntu_ deb676533_ arm_asm. patch: Enable arm assembly
code.
- debian/patches/ arm64-support: Add basic arm64 support (no assembler)
- debian/rules: Enable optimized 64bit elliptic curve code contributed
by Google.
* debian/patches/ tls12_workaroun ds.patch: updated to also disable TLS 1.2
in test suite since we disable it in the client.
* Disable compression to avoid CRIME systemwide (CVE-2012-4929).
* Dropped changes:
- debian/patches/ ubuntu_ deb676533_ arm_asm. patch, applied in Debian. - 95. By Seth Arnold
-
* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
(LP: #1187195)
- CVE-2012-4929
- debian/patches/ openssl- 1.0.1e- env-zlib. patch: disable default use of
zlib to compress SSL/TLS unless the environment variable
OPENSSL_DEFAULT_ ZLIB is set in the environment during library
initialization.
- Introduced to assist with programs not yet updated to provide their own
controls on compression, such as Postfix
- http://pkgs.fedoraproj ect.org/ cgit/openssl. git/plain/ openssl- 1.0.1e- env-zlib. patch - 94. By Marc Deslauriers
-
* Resynchronise with Debian unstable. Remaining changes:
- debian/libssl1. 0.0.postinst:
+ Display a system restart required notification on libssl1.0.0
upgrade on servers.
+ Use a different priority for libssl1.0.0/restart- services depending
on whether a desktop, or server dist-upgrade is being performed.
- debian/{libssl1. 0.0-udeb. dirs, control, rules}: Create
libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
in Debian).
- debian/{libcrypto1. 0.0-udeb. dirs, libssl1.0.0.dirs, libssl1.0.0.files,
rules}: Move runtime libraries to /lib, for the benefit of
wpasupplicant.
- debian/patches/ perlpath- quilt.patch: Don't change perl #! paths under
.pc.
- debian/rules:
+ Don't run 'make test' when cross-building.
+ Use host compiler when cross-building. Patch from Neil Williams.
+ Don't build for processors no longer supported: i586 (on i386)
+ Fix Makefile to properly clean up libs/ dirs in clean target.
+ Replace duplicate files in the doc directory with symlinks.
- Unapply patch c_rehash-multi and comment it out in the series as it
breaks parsing of certificates with CRLF line endings and other cases
(see Debian #642314 for discussion), it also changes the semantics of
c_rehash directories by requiring applications to parse hash link
targets as files containing potentially *multiple* certificates rather
than exactly one.
- debian/patches/ tls12_workaroun ds.patch: Workaround large client hello
issues when TLS 1.1 and lower is in use
- debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-*
- debian/patches/ ubuntu_ deb676533_ arm_asm. patch: Enable arm assembly
code.
- debian/patches/ arm64-support: Add basic arm64 support (no assembler)
- debian/rules: Enable optimized 64bit elliptic curve code contributed
by Google.
* debian/patches/ tls12_workaroun ds.patch: updated to also disable TLS 1.2
in test suite since we disable it in the client.
* Dropped changes:
- debian/patches/ CVE-2013- 0169.patch: upstream.
- debian/patches/ fix_key_ decoding_ deadlock. patch: upstream.
- debian/patches/ CVE-2013- 0166.patch: upstream. - 93. By Marc Deslauriers
-
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
- debian/patches/ CVE-2013- 0169.patch: re-enabled patch and added extra
commit from upstream to fix regression.
- CVE-2013-0169
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/utopic/openssl