ubuntu/+source/openssl:applied/ubuntu/hardy-proposed

Last commit made on 2010-08-18
Get this branch:
git clone -b applied/ubuntu/hardy-proposed https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/hardy-proposed
Repository:
lp:ubuntu/+source/openssl

Recent commits

ff8c217... by Marc Deslauriers on 2010-08-12

Import patches-applied version 0.9.8g-4ubuntu3.10 to applied/ubuntu/hardy-proposed

Imported using git-ubuntu import.

Changelog parent: 81a9d8aebf9052305de903fb794a9eb16cff4360
Unapplied parent: 9181eea4a719ed4067ec7e63cce910ddf160266b

New changelog entries:
  * SECURITY UPDATE: TLS renegotiation flaw (LP: #616759)
    - apps/{s_cb,s_client,s_server}.c, doc/ssl/SSL_CTX_set_options.pod,
      ssl/{d1_both,d1_clnt,d1_srvr,s3_both,s3_clnt,s3_pkt,s3_srvr,ssl_err,
      ssl_lib,t1_lib,t1_reneg}.c, ssl/Makefile, ssl/{ssl3,ssl,ssl_locl,
      tls1}.h: backport rfc5746 support from openssl 0.9.8m.
    - CVE-2009-3555
  * Enable tlsext, and backport some patches from jaunty now that tlsext is
    enabled.
    - Fix a problem with tlsext preventing firefox 3 from connection.
    - Don't add extentions to ssl v3 connections. It breaks with some
      other software.

9181eea... by Marc Deslauriers on 2010-08-12

Import patches-unapplied version 0.9.8g-4ubuntu3.10 to ubuntu/hardy-proposed

Imported using git-ubuntu import.

Changelog parent: 8917a16412136f272dba9cc7b2ca50826d2c2438

New changelog entries:
  * SECURITY UPDATE: TLS renegotiation flaw (LP: #616759)
    - apps/{s_cb,s_client,s_server}.c, doc/ssl/SSL_CTX_set_options.pod,
      ssl/{d1_both,d1_clnt,d1_srvr,s3_both,s3_clnt,s3_pkt,s3_srvr,ssl_err,
      ssl_lib,t1_lib,t1_reneg}.c, ssl/Makefile, ssl/{ssl3,ssl,ssl_locl,
      tls1}.h: backport rfc5746 support from openssl 0.9.8m.
    - CVE-2009-3555
  * Enable tlsext, and backport some patches from jaunty now that tlsext is
    enabled.
    - Fix a problem with tlsext preventing firefox 3 from connection.
    - Don't add extentions to ssl v3 connections. It breaks with some
      other software.

81a9d8a... by Kees Cook on 2010-01-13

Import patches-applied version 0.9.8g-4ubuntu3.9 to applied/ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 019416489e29dc1b45d65fd935be8b7d80a52a34
Unapplied parent: 8917a16412136f272dba9cc7b2ca50826d2c2438

New changelog entries:
  * SECURITY UPDATE: memory leak possible during state clean-up.
    - crypto/comp/c_zlib.c: upstream fixes applied inline.
    - CVE-2009-4355

8917a16... by Kees Cook on 2010-01-13

Import patches-unapplied version 0.9.8g-4ubuntu3.9 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: cfeb16aae0d7d360ab2f85c06fa543dd94eb68cb

New changelog entries:
  * SECURITY UPDATE: memory leak possible during state clean-up.
    - crypto/comp/c_zlib.c: upstream fixes applied inline.
    - CVE-2009-4355

0194164... by Marc Deslauriers on 2009-09-08

Import patches-applied version 0.9.8g-4ubuntu3.8 to applied/ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 0a91e7337ee88311a761008de6d5fb5655548be1
Unapplied parent: cfeb16aae0d7d360ab2f85c06fa543dd94eb68cb

New changelog entries:
  * SECURITY UPDATE: certificate spoofing via hash collisions from MD2
    design flaws.
    - crypto/evp/c_alld.c, ssl/ssl_algs.c: disable MD2 digest.
    - crypto/x509/x509_vfy.c: skip signature check for self signed
      certificates
    - http://marc.info/?l=openssl-cvs&m=124508133203041&w=2
    - http://marc.info/?l=openssl-cvs&m=124704528713852&w=2
    - CVE-2009-2409

cfeb16a... by Marc Deslauriers on 2009-09-08

Import patches-unapplied version 0.9.8g-4ubuntu3.8 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: c029de58caa1e6cf2f6c01ff474d6db9006529f0

New changelog entries:
  * SECURITY UPDATE: certificate spoofing via hash collisions from MD2
    design flaws.
    - crypto/evp/c_alld.c, ssl/ssl_algs.c: disable MD2 digest.
    - crypto/x509/x509_vfy.c: skip signature check for self signed
      certificates
    - http://marc.info/?l=openssl-cvs&m=124508133203041&w=2
    - http://marc.info/?l=openssl-cvs&m=124704528713852&w=2
    - CVE-2009-2409

0a91e73... by Marc Deslauriers on 2009-06-11

Import patches-applied version 0.9.8g-4ubuntu3.7 to applied/ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 9b029258fbd59f6e6a23d7b9d97b188db9b00b34
Unapplied parent: c029de58caa1e6cf2f6c01ff474d6db9006529f0

New changelog entries:
  * SECURITY UPDATE: denial of service via memory consumption from large
    number of future epoch DTLS records.
    - crypto/pqueue.*: add new pqueue_size counter function.
    - ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100.
    - http://cvs.openssl.org/chngview?cn=18187
    - CVE-2009-1377
  * SECURITY UPDATE: denial of service via memory consumption from
    duplicate or invalid sequence numbers in DTLS records.
    - ssl/d1_both.c: discard message if it's a duplicate or too far in the
      future.
    - http://marc.info/?l=openssl-dev&m=124263491424212&w=2
    - CVE-2009-1378
  * SECURITY UPDATE: denial of service or other impact via use-after-free
    in dtls1_retrieve_buffered_fragment.
    - ssl/d1_both.c: use temp frag_len instead of freed frag.
    - http://rt.openssl.org/Ticket/Display.html?id=1923
    - CVE-2009-1379
  * SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet
    that occurs before ClientHello.
    - ssl/s3_pkt.c: abort if s->session is NULL.
    - ssl/{ssl.h,ssl_err.c}: add new error codes.
    - http://cvs.openssl.org/chngview?cn=17369
    - CVE-2009-1386
  * SECURITY UPDATE: denial of service via an out-of-sequence DTLS
    handshake message.
    - ssl/d1_both.c: don't buffer fragments with no data.
    - http://cvs.openssl.org/chngview?cn=17958
    - CVE-2009-1387

c029de5... by Marc Deslauriers on 2009-06-11

Import patches-unapplied version 0.9.8g-4ubuntu3.7 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 5fc1b8a54cc34d8a4b546a40abc196631ace02c9

New changelog entries:
  * SECURITY UPDATE: denial of service via memory consumption from large
    number of future epoch DTLS records.
    - crypto/pqueue.*: add new pqueue_size counter function.
    - ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100.
    - http://cvs.openssl.org/chngview?cn=18187
    - CVE-2009-1377
  * SECURITY UPDATE: denial of service via memory consumption from
    duplicate or invalid sequence numbers in DTLS records.
    - ssl/d1_both.c: discard message if it's a duplicate or too far in the
      future.
    - http://marc.info/?l=openssl-dev&m=124263491424212&w=2
    - CVE-2009-1378
  * SECURITY UPDATE: denial of service or other impact via use-after-free
    in dtls1_retrieve_buffered_fragment.
    - ssl/d1_both.c: use temp frag_len instead of freed frag.
    - http://rt.openssl.org/Ticket/Display.html?id=1923
    - CVE-2009-1379
  * SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet
    that occurs before ClientHello.
    - ssl/s3_pkt.c: abort if s->session is NULL.
    - ssl/{ssl.h,ssl_err.c}: add new error codes.
    - http://cvs.openssl.org/chngview?cn=17369
    - CVE-2009-1386
  * SECURITY UPDATE: denial of service via an out-of-sequence DTLS
    handshake message.
    - ssl/d1_both.c: don't buffer fragments with no data.
    - http://cvs.openssl.org/chngview?cn=17958
    - CVE-2009-1387

9b02925... by Jamie Strandboge on 2009-03-26

Import patches-applied version 0.9.8g-4ubuntu3.5 to applied/ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 04518c21f3f2ee16ba02d78d4e8990f4fbff18be
Unapplied parent: 5fc1b8a54cc34d8a4b546a40abc196631ace02c9

New changelog entries:
  * SECURITY UPDATE: crash via invalid memory access when printing BMPString
    or UniversalString with invalid length
    - crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h:
      return error if invalid length
    - CVE-2009-0590
    - http://www.openssl.org/news/secadv_20090325.txt
    - patch from upstream CVS:
      crypto/asn1/asn1.h:1.128.2.11->1.128.2.12
      crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5
      crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11

5fc1b8a... by Jamie Strandboge on 2009-03-26

Import patches-unapplied version 0.9.8g-4ubuntu3.5 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 1d38ef9415795d9c6f3ee1c691e194fddd21c3f8

New changelog entries:
  * SECURITY UPDATE: crash via invalid memory access when printing BMPString
    or UniversalString with invalid length
    - crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h:
      return error if invalid length
    - CVE-2009-0590
    - http://www.openssl.org/news/secadv_20090325.txt
    - patch from upstream CVS:
      crypto/asn1/asn1.h:1.128.2.11->1.128.2.12
      crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5
      crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11