ubuntu/+source/openssl:applied/ubuntu/breezy-devel

Last commit made on 2006-10-04
Get this branch:
git clone -b applied/ubuntu/breezy-devel https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/breezy-devel
Repository:
lp:ubuntu/+source/openssl

Recent commits

7564302... by Martin Pitt on 2006-10-04

Import patches-applied version 0.9.7g-1ubuntu1.5 to applied/ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: a7a1218600f359b14d8edef7b540ee4d81d603d3
Unapplied parent: 760ab111936d14f417c6c4a0da21e10dd9dacb37

New changelog entries:
  * SECURITY UPDATE: Previous update did not completely fix CVE-2006-2940.
  * crypto/rsa/rsa_eay.c: Apply max. modulus bits checking to
    RSA_eay_public_decrypt() instead of RSA_eay_private_encrypt(). Thanks to
    Mark J. Cox for noticing!
  * crypto/dh/dh_key.c: Fix return value to prevent free'ing an uninit'ed
    pointer.

760ab11... by Martin Pitt on 2006-10-04

Import patches-unapplied version 0.9.7g-1ubuntu1.5 to ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: 0d30bc4cbd029cdc193f54e35115b18251de8f57

New changelog entries:
  * SECURITY UPDATE: Previous update did not completely fix CVE-2006-2940.
  * crypto/rsa/rsa_eay.c: Apply max. modulus bits checking to
    RSA_eay_public_decrypt() instead of RSA_eay_private_encrypt(). Thanks to
    Mark J. Cox for noticing!
  * crypto/dh/dh_key.c: Fix return value to prevent free'ing an uninit'ed
    pointer.

a7a1218... by Martin Pitt on 2006-09-27

Import patches-applied version 0.9.7g-1ubuntu1.3 to applied/ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: 59a4a59cb18f9bfb5cad480760bd02fa8a71d72e
Unapplied parent: 0d30bc4cbd029cdc193f54e35115b18251de8f57

New changelog entries:
  * SECURITY UPDATE: Remote arbitrary code execution, remote DoS.
  * crypto/asn1/tasn_dec.c, asn1_d2i_ex_primitive(): Initialize 'ret' to avoid
    an infinite loop in some circumstances. [CVE-2006-2937]
  * ssl/ssl_lib.c, SSL_get_shared_ciphers(): Fix len comparison to correctly
    handle invalid long cipher list strings. [CVE-2006-3738]
  * ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to
    avoid client crash with malicious server responses. [CVE-2006-4343]
  * Certain types of public key could take disproportionate amounts of time to
    process. Apply patch from Bodo Moeller to impose limits to public key type
    values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940]
  * Updated patch in previous package version to fix a few corner-case
    regressions. (This reverts the changes to rsa_eay.c/rsa.h/rsa_err.c, which
    were determined to not be necessary).

0d30bc4... by Martin Pitt on 2006-09-27

Import patches-unapplied version 0.9.7g-1ubuntu1.3 to ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: 043599a8714556e7232c04a1b6dc3f38da6d976b

New changelog entries:
  * SECURITY UPDATE: Remote arbitrary code execution, remote DoS.
  * crypto/asn1/tasn_dec.c, asn1_d2i_ex_primitive(): Initialize 'ret' to avoid
    an infinite loop in some circumstances. [CVE-2006-2937]
  * ssl/ssl_lib.c, SSL_get_shared_ciphers(): Fix len comparison to correctly
    handle invalid long cipher list strings. [CVE-2006-3738]
  * ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to
    avoid client crash with malicious server responses. [CVE-2006-4343]
  * Certain types of public key could take disproportionate amounts of time to
    process. Apply patch from Bodo Moeller to impose limits to public key type
    values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940]
  * Updated patch in previous package version to fix a few corner-case
    regressions. (This reverts the changes to rsa_eay.c/rsa.h/rsa_err.c, which
    were determined to not be necessary).

59a4a59... by Martin Pitt on 2006-09-05

Import patches-applied version 0.9.7g-1ubuntu1.2 to applied/ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: 51d104ddfdf2f6dc7052b4e3aed0f81c04978f06
Unapplied parent: 043599a8714556e7232c04a1b6dc3f38da6d976b

New changelog entries:
  * SECURITY UPDATE: signature forgery in some cases.
  * Apply http://www.openssl.org/news/patch-CVE-2006-4339.txt:
    - Check excessive data in padding of PKCS #1 v1.5 signatures to prevent
      applications from incorrectly verifying the certificate.
  * References:
    CVE-2006-4339
    http://www.openssl.org/news/secadv_20060905.txt

043599a... by Martin Pitt on 2006-09-05

Import patches-unapplied version 0.9.7g-1ubuntu1.2 to ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: 695a18d6ab0f11a3b73b3c4c002b1e43f9b616b4

New changelog entries:
  * SECURITY UPDATE: signature forgery in some cases.
  * Apply http://www.openssl.org/news/patch-CVE-2006-4339.txt:
    - Check excessive data in padding of PKCS #1 v1.5 signatures to prevent
      applications from incorrectly verifying the certificate.
  * References:
    CVE-2006-4339
    http://www.openssl.org/news/secadv_20060905.txt

51d104d... by Martin Pitt on 2005-10-13

Import patches-applied version 0.9.7g-1ubuntu1.1 to applied/ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: 6a23cad7315de092b33ab13d63597d9f2eeb77c5
Unapplied parent: 695a18d6ab0f11a3b73b3c4c002b1e43f9b616b4

New changelog entries:
  * SECURITY UPDATE: Fix cryptographic weakness.
  * ssl/s23_srvr.c:
    - When using SSL_OP_MSIE_SSLV2_RSA_PADDING, do not disable the
      protocol-version rollback check, so that a man-in-the-middle cannot
      force a client and server to fall back to the insecure SSL 2.0 protocol.
    - Problem discovered by Yutaka Oiwa.
  * References:
    CAN-2005-2969
    http://www.openssl.org/news/secadv_20051011.txt

695a18d... by Martin Pitt on 2005-10-13

Import patches-unapplied version 0.9.7g-1ubuntu1.1 to ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: 743f7a6f4d3563ee8c797f7e266644b45dcf6e06

New changelog entries:
  * SECURITY UPDATE: Fix cryptographic weakness.
  * ssl/s23_srvr.c:
    - When using SSL_OP_MSIE_SSLV2_RSA_PADDING, do not disable the
      protocol-version rollback check, so that a man-in-the-middle cannot
      force a client and server to fall back to the insecure SSL 2.0 protocol.
    - Problem discovered by Yutaka Oiwa.
  * References:
    CAN-2005-2969
    http://www.openssl.org/news/secadv_20051011.txt

6a23cad... by Martin Pitt on 2005-08-24

Import patches-applied version 0.9.7g-1ubuntu1 to applied/ubuntu/breezy

Imported using git-ubuntu import.

Changelog parent: 55171dc5d9515e06f39cd91cfa8cff3d3d90268d
Unapplied parent: 743f7a6f4d3563ee8c797f7e266644b45dcf6e06

New changelog entries:
  * apps/openssl.cnf: Change CA and req default message digest algorithm to
    SHA-1 since MD5 is deemed insecure. (Ubuntu #13593)

  * New upstream release
    * Added support for proxy certificates according to RFC 3820.
      Because they may be a security thread to unaware applications,
      they must be explicitely allowed in run-time. See
      docs/HOWTO/proxy_certificates.txt for further information.
    * Prompt for pass phrases when appropriate for PKCS12 input format.
    * Back-port of selected performance improvements from development
      branch, as well as improved support for PowerPC platforms.
    * Add lots of checks for memory allocation failure, error codes to indicate
      failure and freeing up memory if a failure occurs.
    * Perform some character comparisons of different types in X509_NAME_cmp:
      this is needed for some certificates that reencode DNs into UTF8Strings
      (in violation of RFC3280) and can't or wont issue name rollover
      certificates.
  * corrected watchfile
  * added upstream source url (closes: #292904)
  * fix typo in CA.pl.1 (closes: #290271)
  * change debian-powerpc64 to debian-ppc64 and adapt the configure
    options to be the same like upstream (closes: #289841)
  * include -signcert option in CA.pl usage
  * compile with zlib-dynamic to use system zlib (closes: #289872)

743f7a6... by Martin Pitt on 2005-08-24

Import patches-unapplied version 0.9.7g-1ubuntu1 to ubuntu/breezy

Imported using git-ubuntu import.

Changelog parent: 356487a868d6cbf990cddfd08c115d6d0c946072

New changelog entries:
  * apps/openssl.cnf: Change CA and req default message digest algorithm to
    SHA-1 since MD5 is deemed insecure. (Ubuntu #13593)

  * New upstream release
    * Added support for proxy certificates according to RFC 3820.
      Because they may be a security thread to unaware applications,
      they must be explicitely allowed in run-time. See
      docs/HOWTO/proxy_certificates.txt for further information.
    * Prompt for pass phrases when appropriate for PKCS12 input format.
    * Back-port of selected performance improvements from development
      branch, as well as improved support for PowerPC platforms.
    * Add lots of checks for memory allocation failure, error codes to indicate
      failure and freeing up memory if a failure occurs.
    * Perform some character comparisons of different types in X509_NAME_cmp:
      this is needed for some certificates that reencode DNs into UTF8Strings
      (in violation of RFC3280) and can't or wont issue name rollover
      certificates.
  * corrected watchfile
  * added upstream source url (closes: #292904)
  * fix typo in CA.pl.1 (closes: #290271)
  * change debian-powerpc64 to debian-ppc64 and adapt the configure
    options to be the same like upstream (closes: #289841)
  * include -signcert option in CA.pl usage
  * compile with zlib-dynamic to use system zlib (closes: #289872)