ubuntu/+source/openssl:applied/ubuntu/lucid-proposed

Last commit made on 2013-06-10
Get this branch:
git clone -b applied/ubuntu/lucid-proposed https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/lucid-proposed
Repository:
lp:ubuntu/+source/openssl

Recent commits

0163bbc... by Seth Arnold on 2013-06-04

Import patches-applied version 0.9.8k-7ubuntu8.15 to applied/ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 21fc00425d3cae8c0f108942036066b708d34e05
Unapplied parent: a1f413c474497ce18812739a2bbefa6ec82ab5d4

New changelog entries:
  * SECURITY UPDATE: Disable compression to avoid CRIME systemwide
    (LP: #1187195)
    - CVE-2012-4929
    - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
      zlib to compress SSL/TLS unless the environment variable
      OPENSSL_DEFAULT_ZLIB is set in the environment during library
      initialization.
    - Introduced to assist with programs not yet updated to provide their own
      controls on compression, such as Postfix
    - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch

a1f413c... by Seth Arnold on 2013-06-04

Remove .pc directory from source package.

ab30314... by Seth Arnold on 2013-06-04

Import patches-unapplied version 0.9.8k-7ubuntu8.15 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 589dca1defdb786453e9370c9c5cba678b68aaf5

New changelog entries:
  * SECURITY UPDATE: Disable compression to avoid CRIME systemwide
    (LP: #1187195)
    - CVE-2012-4929
    - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
      zlib to compress SSL/TLS unless the environment variable
      OPENSSL_DEFAULT_ZLIB is set in the environment during library
      initialization.
    - Introduced to assist with programs not yet updated to provide their own
      controls on compression, such as Postfix
    - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch

21fc004... by Marc Deslauriers on 2013-02-18

Import patches-applied version 0.9.8k-7ubuntu8.14 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 711496703b210d7befc2f56d453595442598ea60
Unapplied parent: ea3a51ea15a78e7ae39e1c5fc741f2643f444bc1

New changelog entries:
  * SECURITY UPDATE: denial of service via invalid OCSP key
    - debian/patches/CVE-2013-0166.patch: properly handle NULL key in
      crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
    - CVE-2013-0166
  * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
    - debian/patches/CVE-2013-0169.patch: massive code changes
    - CVE-2013-0169

589dca1... by Marc Deslauriers on 2013-02-18

Import patches-unapplied version 0.9.8k-7ubuntu8.14 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 1df2feab1607aa830b767e35251bfd46530f98f9

New changelog entries:
  * SECURITY UPDATE: denial of service via invalid OCSP key
    - debian/patches/CVE-2013-0166.patch: properly handle NULL key in
      crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
    - CVE-2013-0166
  * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
    - debian/patches/CVE-2013-0169.patch: massive code changes
    - CVE-2013-0169

ea3a51e... by Marc Deslauriers on 2013-02-18

Remove .pc directory from source package.

7114967... by Steve Beattie on 2012-05-22

Import patches-applied version 0.9.8k-7ubuntu8.13 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 933e705bb3bff1606daa721b3261767bab4d8c06
Unapplied parent: 1ca88058de61f2291b414d6aab8c5e5ded0fe017

New changelog entries:
  * SECURITY UPDATE: denial of service attack in DTLS implementation
    - debian/patches/CVE_2012-2333.patch: guard for integer overflow
      before skipping explicit IV
    - CVE-2012-2333
  * SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7
    - debian/patches/CVE-2012-0884.patch: use a random key if RSA
      decryption fails to avoid leaking timing information
    - CVE-2012-0884
  * debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto
    errors in PKCS7_decrypt and initialize tkeylen properly when
    encrypting CMS messages.

1df2fea... by Steve Beattie on 2012-05-22

Import patches-unapplied version 0.9.8k-7ubuntu8.13 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 853fd00a202311ccba4d35d978eabd43e6f69360

New changelog entries:
  * SECURITY UPDATE: denial of service attack in DTLS implementation
    - debian/patches/CVE_2012-2333.patch: guard for integer overflow
      before skipping explicit IV
    - CVE-2012-2333
  * SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7
    - debian/patches/CVE-2012-0884.patch: use a random key if RSA
      decryption fails to avoid leaking timing information
    - CVE-2012-0884
  * debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto
    errors in PKCS7_decrypt and initialize tkeylen properly when
    encrypting CMS messages.

1ca8805... by Steve Beattie on 2012-05-22

Remove .pc directory from source package.

933e705... by Jamie Strandboge on 2012-04-24

Import patches-applied version 0.9.8k-7ubuntu8.11 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 21112fc50c1004fef396465a8f335af2e2345094
Unapplied parent: ae83c61059b8fbc0270e7b266d3df850072612a9

New changelog entries:
  * SECURITY UPDATE: incomplete fix for CVE-2012-2110
    - debian/patches/CVE-2012-2131.patch: also verify 'len' in BUF_MEM_grow
      and BUF_MEM_grow_clean is non-negative
    - CVE-2012-2131
  * debian/patches/CVE-2012-2110b.patch: Use correct error code in
    BUF_MEM_grow_clean()