ubuntu/+source/openssl:applied/ubuntu/karmic-proposed

Last commit made on 2010-08-18
Get this branch:
git clone -b applied/ubuntu/karmic-proposed https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/karmic-proposed
Repository:
lp:ubuntu/+source/openssl

Recent commits

d66a435... by Marc Deslauriers on 2010-08-12

Import patches-applied version 0.9.8g-16ubuntu3.2 to applied/ubuntu/karmic-proposed

Imported using git-ubuntu import.

Changelog parent: c31ac88c574b9bc827c3926124f4179a0d8274ad
Unapplied parent: cb34ed53bc8003353d30ab3e13fde86a59e3b366

New changelog entries:
  * SECURITY UPDATE: TLS renegotiation flaw (LP: #616759)
    - apps/{s_cb,s_client,s_server}.c, doc/ssl/SSL_CTX_set_options.pod,
      ssl/{d1_both,d1_clnt,d1_srvr,s3_both,s3_clnt,s3_pkt,s3_srvr,ssl_err,
      ssl_lib,t1_lib,t1_reneg}.c, ssl/Makefile, ssl/{ssl3,ssl,ssl_locl,
      tls1}.h: backport rfc5746 support from openssl 0.9.8m.
    - CVE-2009-3555

cb34ed5... by Marc Deslauriers on 2010-08-12

Import patches-unapplied version 0.9.8g-16ubuntu3.2 to ubuntu/karmic-proposed

Imported using git-ubuntu import.

Changelog parent: ba18c86ffa81a88489864cd8b8528bca6d6d8e94

New changelog entries:
  * SECURITY UPDATE: TLS renegotiation flaw (LP: #616759)
    - apps/{s_cb,s_client,s_server}.c, doc/ssl/SSL_CTX_set_options.pod,
      ssl/{d1_both,d1_clnt,d1_srvr,s3_both,s3_clnt,s3_pkt,s3_srvr,ssl_err,
      ssl_lib,t1_lib,t1_reneg}.c, ssl/Makefile, ssl/{ssl3,ssl,ssl_locl,
      tls1}.h: backport rfc5746 support from openssl 0.9.8m.
    - CVE-2009-3555

c31ac88... by Kees Cook on 2010-01-13

Import patches-applied version 0.9.8g-16ubuntu3.1 to applied/ubuntu/karmic-security

Imported using git-ubuntu import.

Changelog parent: d9cb4fc60e86ffc03de4d3f3b7a4347820879722
Unapplied parent: ba18c86ffa81a88489864cd8b8528bca6d6d8e94

New changelog entries:
  * SECURITY UPDATE: memory leak possible during state clean-up.
    - crypto/comp/c_zlib.c: upstream fixes applied inline.
    - CVE-2009-4355

ba18c86... by Kees Cook on 2010-01-13

Import patches-unapplied version 0.9.8g-16ubuntu3.1 to ubuntu/karmic-security

Imported using git-ubuntu import.

Changelog parent: 74bf0e923090036ed0bf6da4f7e0e0d625e8aa6f

New changelog entries:
  * SECURITY UPDATE: memory leak possible during state clean-up.
    - crypto/comp/c_zlib.c: upstream fixes applied inline.
    - CVE-2009-4355

d9cb4fc... by Marc Deslauriers on 2009-09-08

Import patches-applied version 0.9.8g-16ubuntu3 to applied/ubuntu/karmic

Imported using git-ubuntu import.

Changelog parent: 22033b5875d1b19b09fada8901ec13ce5d946cdf
Unapplied parent: 74bf0e923090036ed0bf6da4f7e0e0d625e8aa6f

New changelog entries:
  * SECURITY UPDATE: certificate spoofing via hash collisions from MD2
    design flaws.
    - crypto/evp/c_alld.c, ssl/ssl_algs.c: disable MD2 digest.
    - crypto/x509/x509_vfy.c: skip signature check for self signed
      certificates
    - http://marc.info/?l=openssl-cvs&m=124508133203041&w=2
    - http://marc.info/?l=openssl-cvs&m=124704528713852&w=2
    - CVE-2009-2409

74bf0e9... by Marc Deslauriers on 2009-09-08

Import patches-unapplied version 0.9.8g-16ubuntu3 to ubuntu/karmic

Imported using git-ubuntu import.

Changelog parent: 985d8098848c164fee083faa5116815286e94d1e

New changelog entries:
  * SECURITY UPDATE: certificate spoofing via hash collisions from MD2
    design flaws.
    - crypto/evp/c_alld.c, ssl/ssl_algs.c: disable MD2 digest.
    - crypto/x509/x509_vfy.c: skip signature check for self signed
      certificates
    - http://marc.info/?l=openssl-cvs&m=124508133203041&w=2
    - http://marc.info/?l=openssl-cvs&m=124704528713852&w=2
    - CVE-2009-2409

22033b5... by Jamie Strandboge on 2009-07-10

Import patches-applied version 0.9.8g-16ubuntu2 to applied/ubuntu/karmic

Imported using git-ubuntu import.

Changelog parent: 6c8384dc6a30c31a6bba19281a4a286b6a56bc32
Unapplied parent: 985d8098848c164fee083faa5116815286e94d1e

New changelog entries:
  * Patches forward ported from http://www.ubuntu.com/usn/USN-792-1 (by
    Marc Deslauriers)
  * SECURITY UPDATE: denial of service via memory consumption from large
    number of future epoch DTLS records.
    - crypto/pqueue.*: add new pqueue_size counter function.
    - ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100.
    - http://cvs.openssl.org/chngview?cn=18187
    - CVE-2009-1377
  * SECURITY UPDATE: denial of service via memory consumption from
    duplicate or invalid sequence numbers in DTLS records.
    - ssl/d1_both.c: discard message if it's a duplicate or too far in the
      future.
    - http://marc.info/?l=openssl-dev&m=124263491424212&w=2
    - CVE-2009-1378
  * SECURITY UPDATE: denial of service or other impact via use-after-free
    in dtls1_retrieve_buffered_fragment.
    - ssl/d1_both.c: use temp frag_len instead of freed frag.
    - http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest
    - CVE-2009-1379
  * SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet
    that occurs before ClientHello.
    - ssl/s3_pkt.c: abort if s->session is NULL.
    - ssl/{ssl.h,ssl_err.c}: add new error codes.
    - http://cvs.openssl.org/chngview?cn=17369
    - CVE-2009-1386
  * SECURITY UPDATE: denial of service via an out-of-sequence DTLS
    handshake message.
    - ssl/d1_both.c: don't buffer fragments with no data.
    - http://cvs.openssl.org/chngview?cn=17958
    - CVE-2009-1387

985d809... by Jamie Strandboge on 2009-07-10

Import patches-unapplied version 0.9.8g-16ubuntu2 to ubuntu/karmic

Imported using git-ubuntu import.

Changelog parent: 6505adf43482e91b2b5e710bcb94101c7a8aed09

New changelog entries:
  * Patches forward ported from http://www.ubuntu.com/usn/USN-792-1 (by
    Marc Deslauriers)
  * SECURITY UPDATE: denial of service via memory consumption from large
    number of future epoch DTLS records.
    - crypto/pqueue.*: add new pqueue_size counter function.
    - ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100.
    - http://cvs.openssl.org/chngview?cn=18187
    - CVE-2009-1377
  * SECURITY UPDATE: denial of service via memory consumption from
    duplicate or invalid sequence numbers in DTLS records.
    - ssl/d1_both.c: discard message if it's a duplicate or too far in the
      future.
    - http://marc.info/?l=openssl-dev&m=124263491424212&w=2
    - CVE-2009-1378
  * SECURITY UPDATE: denial of service or other impact via use-after-free
    in dtls1_retrieve_buffered_fragment.
    - ssl/d1_both.c: use temp frag_len instead of freed frag.
    - http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest
    - CVE-2009-1379
  * SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet
    that occurs before ClientHello.
    - ssl/s3_pkt.c: abort if s->session is NULL.
    - ssl/{ssl.h,ssl_err.c}: add new error codes.
    - http://cvs.openssl.org/chngview?cn=17369
    - CVE-2009-1386
  * SECURITY UPDATE: denial of service via an out-of-sequence DTLS
    handshake message.
    - ssl/d1_both.c: don't buffer fragments with no data.
    - http://cvs.openssl.org/chngview?cn=17958
    - CVE-2009-1387

6c8384d... by Jamie Strandboge on 2009-05-14

Import patches-applied version 0.9.8g-16ubuntu1 to applied/ubuntu/karmic

Imported using git-ubuntu import.

Changelog parent: 387a683fd229ea98897e52fa69682e3cac02a2aa
Unapplied parent: 6505adf43482e91b2b5e710bcb94101c7a8aed09

New changelog entries:
  * Merge from debian unstable, remaining changes:
    - Link using -Bsymbolic-functions
    - Add support for lpia
    - Disable SSLv2 during compile
    - Ship documentation in openssl-doc, suggested by the package.
    - Use a different priority for libssl0.9.8/restart-services
      depending on whether a desktop, or server dist-upgrade is being
      performed.
    - Display a system restart required notification bubble on libssl0.9.8
      upgrade.
    - Replace duplicate files in the doc directory with symlinks.

6505adf... by Jamie Strandboge on 2009-05-14

Import patches-unapplied version 0.9.8g-16ubuntu1 to ubuntu/karmic

Imported using git-ubuntu import.

Changelog parent: c63c73a1995b73b8b4d72eadaf8ea9fe3126797f

New changelog entries:
  * Merge from debian unstable, remaining changes:
    - Link using -Bsymbolic-functions
    - Add support for lpia
    - Disable SSLv2 during compile
    - Ship documentation in openssl-doc, suggested by the package.
    - Use a different priority for libssl0.9.8/restart-services
      depending on whether a desktop, or server dist-upgrade is being
      performed.
    - Display a system restart required notification bubble on libssl0.9.8
      upgrade.
    - Replace duplicate files in the doc directory with symlinks.