ubuntu/+source/openssl:ubuntu/breezy-devel

Last commit made on 2006-10-04
Get this branch:
git clone -b ubuntu/breezy-devel https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/breezy-devel
Repository:
lp:ubuntu/+source/openssl

Recent commits

760ab11... by Martin Pitt on 2006-10-04

Import patches-unapplied version 0.9.7g-1ubuntu1.5 to ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: 0d30bc4cbd029cdc193f54e35115b18251de8f57

New changelog entries:
  * SECURITY UPDATE: Previous update did not completely fix CVE-2006-2940.
  * crypto/rsa/rsa_eay.c: Apply max. modulus bits checking to
    RSA_eay_public_decrypt() instead of RSA_eay_private_encrypt(). Thanks to
    Mark J. Cox for noticing!
  * crypto/dh/dh_key.c: Fix return value to prevent free'ing an uninit'ed
    pointer.

0d30bc4... by Martin Pitt on 2006-09-27

Import patches-unapplied version 0.9.7g-1ubuntu1.3 to ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: 043599a8714556e7232c04a1b6dc3f38da6d976b

New changelog entries:
  * SECURITY UPDATE: Remote arbitrary code execution, remote DoS.
  * crypto/asn1/tasn_dec.c, asn1_d2i_ex_primitive(): Initialize 'ret' to avoid
    an infinite loop in some circumstances. [CVE-2006-2937]
  * ssl/ssl_lib.c, SSL_get_shared_ciphers(): Fix len comparison to correctly
    handle invalid long cipher list strings. [CVE-2006-3738]
  * ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to
    avoid client crash with malicious server responses. [CVE-2006-4343]
  * Certain types of public key could take disproportionate amounts of time to
    process. Apply patch from Bodo Moeller to impose limits to public key type
    values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940]
  * Updated patch in previous package version to fix a few corner-case
    regressions. (This reverts the changes to rsa_eay.c/rsa.h/rsa_err.c, which
    were determined to not be necessary).

043599a... by Martin Pitt on 2006-09-05

Import patches-unapplied version 0.9.7g-1ubuntu1.2 to ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: 695a18d6ab0f11a3b73b3c4c002b1e43f9b616b4

New changelog entries:
  * SECURITY UPDATE: signature forgery in some cases.
  * Apply http://www.openssl.org/news/patch-CVE-2006-4339.txt:
    - Check excessive data in padding of PKCS #1 v1.5 signatures to prevent
      applications from incorrectly verifying the certificate.
  * References:
    CVE-2006-4339
    http://www.openssl.org/news/secadv_20060905.txt

695a18d... by Martin Pitt on 2005-10-13

Import patches-unapplied version 0.9.7g-1ubuntu1.1 to ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: 743f7a6f4d3563ee8c797f7e266644b45dcf6e06

New changelog entries:
  * SECURITY UPDATE: Fix cryptographic weakness.
  * ssl/s23_srvr.c:
    - When using SSL_OP_MSIE_SSLV2_RSA_PADDING, do not disable the
      protocol-version rollback check, so that a man-in-the-middle cannot
      force a client and server to fall back to the insecure SSL 2.0 protocol.
    - Problem discovered by Yutaka Oiwa.
  * References:
    CAN-2005-2969
    http://www.openssl.org/news/secadv_20051011.txt

743f7a6... by Martin Pitt on 2005-08-24

Import patches-unapplied version 0.9.7g-1ubuntu1 to ubuntu/breezy

Imported using git-ubuntu import.

Changelog parent: 356487a868d6cbf990cddfd08c115d6d0c946072

New changelog entries:
  * apps/openssl.cnf: Change CA and req default message digest algorithm to
    SHA-1 since MD5 is deemed insecure. (Ubuntu #13593)

  * New upstream release
    * Added support for proxy certificates according to RFC 3820.
      Because they may be a security thread to unaware applications,
      they must be explicitely allowed in run-time. See
      docs/HOWTO/proxy_certificates.txt for further information.
    * Prompt for pass phrases when appropriate for PKCS12 input format.
    * Back-port of selected performance improvements from development
      branch, as well as improved support for PowerPC platforms.
    * Add lots of checks for memory allocation failure, error codes to indicate
      failure and freeing up memory if a failure occurs.
    * Perform some character comparisons of different types in X509_NAME_cmp:
      this is needed for some certificates that reencode DNs into UTF8Strings
      (in violation of RFC3280) and can't or wont issue name rollover
      certificates.
  * corrected watchfile
  * added upstream source url (closes: #292904)
  * fix typo in CA.pl.1 (closes: #290271)
  * change debian-powerpc64 to debian-ppc64 and adapt the configure
    options to be the same like upstream (closes: #289841)
  * include -signcert option in CA.pl usage
  * compile with zlib-dynamic to use system zlib (closes: #289872)

356487a... by Christoph Martin <email address hidden> on 2004-12-16

Import patches-unapplied version 0.9.7e-3 to ubuntu/hoary

Imported using git-ubuntu import.

Changelog parent: e75c4ef37c48280805a3b468cdaecc1f13aba5d4

New changelog entries:
  * really fix der_chop. The fix from -1 was not really included (closes:
    #281212)
  * still fixes security problem CAN-2004-0975 etc.
    - tempfile raise condition in der_chop
    - Avoid a race condition when CRLs are checked in a multi threaded
      environment.
  * fix perl path in der_chop and c_rehash (closes: #281212)
  * still fixes security problem CAN-2004-0975 etc.
    - tempfile raise condition in der_chop
    - Avoid a race condition when CRLs are checked in a multi threaded
      environment.
  * SECURITY UPDATE: fix insecure temporary file handling
  * apps/der_chop:
    - replaced $$-style creation of temporary files with
      File::Temp::tempfile()
    - removed unused temporary file name in do_certificate()
  * References:
    CAN-2004-0975 (closes: #278260)
  * fix ASN1_STRING_to_UTF8 with UTF8 (closes: #260357)
  * New upstream release with security fixes
    - Avoid a race condition when CRLs are checked in a multi threaded
      environment.
    - Various fixes to s3_pkt.c so alerts are sent properly.
    - Reduce the chances of duplicate issuer name and serial numbers (in
      violation of RFC3280) using the OpenSSL certificate creation
      utilities.
  * depends openssl on perl-base instead of perl (closes: #280225)
  * support powerpc64 in Configure (closes: #275224)
  * include cs translation (closes: #273517)
  * include nl translation (closes: #272479)
  * Fix default dir of c_rehash (closes: #253126)
  * Make S/MIME encrypt work again (backport from CVS) (closes: #241407,
    #241386)
  * add Catalan translation (closes: #248749)
  * add Spanish translation (closes: #254561)
  * include NMU fixes: see below
  * decrease optimisation level for debian-arm to work around gcc bug
    (closes: #253848) (thanks to Steve Langasek and Thom May)
  * Add libcrypto0.9.7-udeb. (closes: #250010) (thanks to Bastian Blank)
  * Add watchfile

e75c4ef... by Christoph Martin <email address hidden> on 2004-05-24

Import patches-unapplied version 0.9.7d-3 to ubuntu/warty

Imported using git-ubuntu import.