ubuntu/+source/openssl:ubuntu/dapper-proposed

Last commit made on 2010-08-18
Get this branch:
git clone -b ubuntu/dapper-proposed https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/dapper-proposed
Repository:
lp:ubuntu/+source/openssl

Recent commits

8d599ee... by Marc Deslauriers on 2010-08-12

Import patches-unapplied version 0.9.8a-7ubuntu0.12 to ubuntu/dapper-proposed

Imported using git-ubuntu import.

Changelog parent: 131259e4b8a2eed83f5da7f36ac6d529d2b64082

New changelog entries:
  * SECURITY UPDATE: TLS renegotiation flaw (LP: #616759)
    - apps/{s_client,s_server}.c, doc/ssl/SSL_CTX_set_options.pod,
      ssl/{d1_both,d1_clnt,d1_srvr,s23_clnt,s3_both,s3_clnt,s3_pkt,s3_srvr,
      ssl_err,ssl_lib,t1_lib,t1_reneg}.c, ssl/Makefile, ssl/{ssl3,ssl,
      ssl_locl,tls1}.h: add rfc5746 support. Patch backport thanks to
      Red Hat.
    - CVE-2009-3555

131259e... by Kees Cook on 2010-01-13

Import patches-unapplied version 0.9.8a-7ubuntu0.11 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 3768774ed7168b8145ed03f998e8ecfc70209352

New changelog entries:
  * SECURITY UPDATE: memory leak possible during state clean-up.
    - crypto/comp/c_zlib.c: upstream fixes applied inline.
    - CVE-2009-4355

3768774... by Marc Deslauriers on 2009-09-08

Import patches-unapplied version 0.9.8a-7ubuntu0.10 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 65e04d3110aa282d2310b4609c1bf4285c23b9c3

New changelog entries:
  * SECURITY UPDATE: certificate spoofing via hash collisions from MD2
    design flaws.
    - crypto/evp/c_alld.c, ssl/ssl_algs.c: disable MD2 digest.
    - crypto/x509/x509_vfy.c: skip signature check for self signed
      certificates
    - http://marc.info/?l=openssl-cvs&m=124508133203041&w=2
    - http://marc.info/?l=openssl-cvs&m=124704528713852&w=2
    - CVE-2009-2409

65e04d3... by Marc Deslauriers on 2009-06-11

Import patches-unapplied version 0.9.8a-7ubuntu0.9 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: a2fc3888f2bfedc453e8ea61ebb2a250a74a6d11

New changelog entries:
  * SECURITY UPDATE: denial of service via memory consumption from large
    number of future epoch DTLS records.
    - crypto/pqueue.*: add new pqueue_size counter function.
    - ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100.
    - http://cvs.openssl.org/chngview?cn=18187
    - CVE-2009-1377
  * SECURITY UPDATE: denial of service via memory consumption from
    duplicate or invalid sequence numbers in DTLS records.
    - ssl/d1_both.c: discard message if it's a duplicate or too far in the
      future.
    - http://marc.info/?l=openssl-dev&m=124263491424212&w=2
    - CVE-2009-1378
  * SECURITY UPDATE: denial of service or other impact via use-after-free
    in dtls1_retrieve_buffered_fragment.
    - ssl/d1_both.c: use temp frag_len instead of freed frag.
    - http://rt.openssl.org/Ticket/Display.html?id=1923
    - CVE-2009-1379
  * SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet
    that occurs before ClientHello.
    - ssl/s3_pkt.c: abort if s->session is NULL.
    - ssl/{ssl.h,ssl_err.c}: add new error codes.
    - http://cvs.openssl.org/chngview?cn=17369
    - CVE-2009-1386
  * SECURITY UPDATE: denial of service via an out-of-sequence DTLS
    handshake message.
    - ssl/d1_both.c: don't buffer fragments with no data.
    - http://cvs.openssl.org/chngview?cn=17958
    - CVE-2009-1387

a2fc388... by Jamie Strandboge on 2009-03-26

Import patches-unapplied version 0.9.8a-7ubuntu0.7 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 5e29af1693c700557a461f3517b445edd845b049

New changelog entries:
  * SECURITY UPDATE: crash via invalid memory access when printing BMPString
    or UniversalString with invalid length
    - crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h:
      return error if invalid length
    - CVE-2009-0590
    - http://www.openssl.org/news/secadv_20090325.txt
    - patch from upstream CVS:
      crypto/asn1/asn1.h:1.128.2.11->1.128.2.12
      crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5
      crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11

5e29af1... by Jamie Strandboge on 2009-01-06

Import patches-unapplied version 0.9.8a-7ubuntu0.6 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: a7cb40fad1af9745755e0af0337b578a365c4a60

New changelog entries:
  * SECURITY UPDATE: clients treat malformed signatures as good when verifying
    server DSA and ECDSA certificates
    - update apps/speed.c, apps/spkac.c, apps/verify.c, apps/x509.c,
      ssl/s2_clnt.c, ssl/s2_srvr.c, ssl/s3_clnt.c, s3_srvr.c, and
      ssl/ssltest.c to properly check the return code of EVP_VerifyFinal()
    - patch based on upstream patch for #2008-016
    - CVE-2008-5077

a7cb40f... by Kees Cook on 2007-10-19

Import patches-unapplied version 0.9.8a-7ubuntu0.5 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: ea0a5184ceae867d367e1d7e3df66b996bf67350

New changelog entries:
  * SECURITY UPDATE: DTLS implementation can lead to remote code execution.
  * ssl/{ssl_err,d1_both}.c, ssl/{dtls1,ssl}.h: patched inline with upstream
    fixes backported thanks to Ludwig Nussel.
  * References
    http://www.openssl.org/news/secadv_20071012.txt
    CVE-2007-4995

ea0a518... by Kees Cook on 2007-09-28

Import patches-unapplied version 0.9.8a-7ubuntu0.4 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: a762d133d3fc1a6cd3245efe9e6d81c4af0fb769

New changelog entries:
  [ Jamie Strandboge ]
  * SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in
    buffer overflow
  * ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to
    Stephan Hermann
  * References:
    CVE-2007-5135
    http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded
    Fixes LP: #146269
  [ Kees Cook ]
  * SECURITY UPDATE: side-channel attacks via BN_from_montgomery function.
  * crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian.
  * References
    CVE-2007-3108

a762d13... by Martin Pitt on 2006-10-04

Import patches-unapplied version 0.9.8a-7ubuntu0.3 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: e54f0dd8049051af96310202a9327662d91873ee

New changelog entries:
  * crypto/dh/dh_key.c: Fix return value to prevent free'ing an uninit'ed
    pointer.

e54f0dd... by Martin Pitt on 2006-09-27

Import patches-unapplied version 0.9.8a-7ubuntu0.2 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: b73319022f2d75f93bc769c72fa7de6bce2356f4

New changelog entries:
  * SECURITY UPDATE: Remote arbitrary code execution, remote DoS.
  * crypto/asn1/tasn_dec.c, asn1_d2i_ex_primitive(): Initialize 'ret' to avoid
    an infinite loop in some circumstances. [CVE-2006-2937]
  * ssl/ssl_lib.c, SSL_get_shared_ciphers(): Fix len comparison to correctly
    handle invalid long cipher list strings. [CVE-2006-3738]
  * ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to
    avoid client crash with malicious server responses. [CVE-2006-4343]
  * Certain types of public key could take disproportionate amounts of time to
    process. Apply patch from Bodo Moeller to impose limits to public key type
    values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940]
  * Updated patch in previous package version to fix a few corner-case
    regressions. (This reverts the changes to rsa_eay.c/rsa.h/rsa_err.c, which
    were determined to not be necessary).