ubuntu/+source/openssl:ubuntu/dapper-devel

Last commit made on 2010-12-08
Get this branch:
git clone -b ubuntu/dapper-devel https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/dapper-devel
Repository:
lp:ubuntu/+source/openssl

Recent commits

da35049... by Steve Beattie on 2010-12-03

Import patches-unapplied version 0.9.8a-7ubuntu0.14 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 91cac03a5ea4d76c7379e3d7dc98beb7f020cf35

New changelog entries:
  * SECURITY UPDATE: ciphersuite downgrade vulnerability
    - ssl/s3_clnt.c, ssl/s3_srvr.c: disable workaround for Netscape
      cipher suite bug
    - http://openssl.org/news/secadv_20101202.txt
    - CVE-2010-4180

91cac03... by Marc Deslauriers on 2010-10-06

Import patches-unapplied version 0.9.8a-7ubuntu0.13 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 8d599ee19e4bd84caf0b6288be5eae8ade71a55b

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    unchecked bn_wexpand return values. (LP: #655884)
    - crypto/bn/{bn_mul,bn_div,bn_gf2m}.c, crypto/ec/ec2_smpl.c,
      engines/e_ubsec.c: check return values.
    - http://cvs.openssl.org/chngview?cn=18936
    - http://cvs.openssl.org/chngview?cn=19309
    - CVE-2009-3245
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted private key with an invalid prime.
    - ssl/s3_clnt.c: set bn_ctx to NULL after freeing it.
    - http://<email address hidden>/msg28049.html
    - CVE-2010-2939

8d599ee... by Marc Deslauriers on 2010-08-12

Import patches-unapplied version 0.9.8a-7ubuntu0.12 to ubuntu/dapper-proposed

Imported using git-ubuntu import.

Changelog parent: 131259e4b8a2eed83f5da7f36ac6d529d2b64082

New changelog entries:
  * SECURITY UPDATE: TLS renegotiation flaw (LP: #616759)
    - apps/{s_client,s_server}.c, doc/ssl/SSL_CTX_set_options.pod,
      ssl/{d1_both,d1_clnt,d1_srvr,s23_clnt,s3_both,s3_clnt,s3_pkt,s3_srvr,
      ssl_err,ssl_lib,t1_lib,t1_reneg}.c, ssl/Makefile, ssl/{ssl3,ssl,
      ssl_locl,tls1}.h: add rfc5746 support. Patch backport thanks to
      Red Hat.
    - CVE-2009-3555

131259e... by Kees Cook on 2010-01-13

Import patches-unapplied version 0.9.8a-7ubuntu0.11 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 3768774ed7168b8145ed03f998e8ecfc70209352

New changelog entries:
  * SECURITY UPDATE: memory leak possible during state clean-up.
    - crypto/comp/c_zlib.c: upstream fixes applied inline.
    - CVE-2009-4355

3768774... by Marc Deslauriers on 2009-09-08

Import patches-unapplied version 0.9.8a-7ubuntu0.10 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 65e04d3110aa282d2310b4609c1bf4285c23b9c3

New changelog entries:
  * SECURITY UPDATE: certificate spoofing via hash collisions from MD2
    design flaws.
    - crypto/evp/c_alld.c, ssl/ssl_algs.c: disable MD2 digest.
    - crypto/x509/x509_vfy.c: skip signature check for self signed
      certificates
    - http://marc.info/?l=openssl-cvs&m=124508133203041&w=2
    - http://marc.info/?l=openssl-cvs&m=124704528713852&w=2
    - CVE-2009-2409

65e04d3... by Marc Deslauriers on 2009-06-11

Import patches-unapplied version 0.9.8a-7ubuntu0.9 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: a2fc3888f2bfedc453e8ea61ebb2a250a74a6d11

New changelog entries:
  * SECURITY UPDATE: denial of service via memory consumption from large
    number of future epoch DTLS records.
    - crypto/pqueue.*: add new pqueue_size counter function.
    - ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100.
    - http://cvs.openssl.org/chngview?cn=18187
    - CVE-2009-1377
  * SECURITY UPDATE: denial of service via memory consumption from
    duplicate or invalid sequence numbers in DTLS records.
    - ssl/d1_both.c: discard message if it's a duplicate or too far in the
      future.
    - http://marc.info/?l=openssl-dev&m=124263491424212&w=2
    - CVE-2009-1378
  * SECURITY UPDATE: denial of service or other impact via use-after-free
    in dtls1_retrieve_buffered_fragment.
    - ssl/d1_both.c: use temp frag_len instead of freed frag.
    - http://rt.openssl.org/Ticket/Display.html?id=1923
    - CVE-2009-1379
  * SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet
    that occurs before ClientHello.
    - ssl/s3_pkt.c: abort if s->session is NULL.
    - ssl/{ssl.h,ssl_err.c}: add new error codes.
    - http://cvs.openssl.org/chngview?cn=17369
    - CVE-2009-1386
  * SECURITY UPDATE: denial of service via an out-of-sequence DTLS
    handshake message.
    - ssl/d1_both.c: don't buffer fragments with no data.
    - http://cvs.openssl.org/chngview?cn=17958
    - CVE-2009-1387

a2fc388... by Jamie Strandboge on 2009-03-26

Import patches-unapplied version 0.9.8a-7ubuntu0.7 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 5e29af1693c700557a461f3517b445edd845b049

New changelog entries:
  * SECURITY UPDATE: crash via invalid memory access when printing BMPString
    or UniversalString with invalid length
    - crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h:
      return error if invalid length
    - CVE-2009-0590
    - http://www.openssl.org/news/secadv_20090325.txt
    - patch from upstream CVS:
      crypto/asn1/asn1.h:1.128.2.11->1.128.2.12
      crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5
      crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11

5e29af1... by Jamie Strandboge on 2009-01-06

Import patches-unapplied version 0.9.8a-7ubuntu0.6 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: a7cb40fad1af9745755e0af0337b578a365c4a60

New changelog entries:
  * SECURITY UPDATE: clients treat malformed signatures as good when verifying
    server DSA and ECDSA certificates
    - update apps/speed.c, apps/spkac.c, apps/verify.c, apps/x509.c,
      ssl/s2_clnt.c, ssl/s2_srvr.c, ssl/s3_clnt.c, s3_srvr.c, and
      ssl/ssltest.c to properly check the return code of EVP_VerifyFinal()
    - patch based on upstream patch for #2008-016
    - CVE-2008-5077

a7cb40f... by Kees Cook on 2007-10-19

Import patches-unapplied version 0.9.8a-7ubuntu0.5 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: ea0a5184ceae867d367e1d7e3df66b996bf67350

New changelog entries:
  * SECURITY UPDATE: DTLS implementation can lead to remote code execution.
  * ssl/{ssl_err,d1_both}.c, ssl/{dtls1,ssl}.h: patched inline with upstream
    fixes backported thanks to Ludwig Nussel.
  * References
    http://www.openssl.org/news/secadv_20071012.txt
    CVE-2007-4995

ea0a518... by Kees Cook on 2007-09-28

Import patches-unapplied version 0.9.8a-7ubuntu0.4 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: a762d133d3fc1a6cd3245efe9e6d81c4af0fb769

New changelog entries:
  [ Jamie Strandboge ]
  * SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in
    buffer overflow
  * ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to
    Stephan Hermann
  * References:
    CVE-2007-5135
    http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded
    Fixes LP: #146269
  [ Kees Cook ]
  * SECURITY UPDATE: side-channel attacks via BN_from_montgomery function.
  * crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian.
  * References
    CVE-2007-3108