ubuntu/+source/openssl:ubuntu/gutsy-updates

Last commit made on 2009-03-30
Get this branch:
git clone -b ubuntu/gutsy-updates https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/gutsy-updates
Repository:
lp:ubuntu/+source/openssl

Recent commits

097a576... by Jamie Strandboge on 2009-03-26

Import patches-unapplied version 0.9.8e-5ubuntu3.4 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: cbd31c777ba3c8e8f28a9a638b23c27b8e4ceee8

New changelog entries:
  * SECURITY UPDATE: crash via invalid memory access when printing BMPString
    or UniversalString with invalid length
    - crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h:
      return error if invalid length
    - CVE-2009-0590
    - http://www.openssl.org/news/secadv_20090325.txt
    - patch from upstream CVS:
      crypto/asn1/asn1.h:1.128.2.11->1.128.2.12
      crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5
      crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11

cbd31c7... by Jamie Strandboge on 2009-01-06

Import patches-unapplied version 0.9.8e-5ubuntu3.3 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 76623ff3135a859f26d0805fe267a158790401ad

New changelog entries:
  * SECURITY UPDATE: clients treat malformed signatures as good when verifying
    server DSA and ECDSA certificates
    - update apps/speed.c, apps/spkac.c, apps/verify.c, apps/x509.c,
      ssl/s2_clnt.c, ssl/s2_srvr.c, ssl/s3_clnt.c, s3_srvr.c, and
      ssl/ssltest.c to properly check the return code of EVP_VerifyFinal()
    - patch based on upstream patch for #2008-016
    - CVE-2008-5077

76623ff... by Kees Cook on 2008-05-09

Import patches-unapplied version 0.9.8e-5ubuntu3.2 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 2b8bf6d49e431ba51cc89e3ceb8d8b26cba26740

New changelog entries:
  * SECURITY UPDATE: PRNG seeding was not fully operational.
  * crypto/rand/md_rand.c: restore upstream code.

2b8bf6d... by Kees Cook on 2007-10-19

Import patches-unapplied version 0.9.8e-5ubuntu3.1 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 536eef067229a4ae95986ad4b2df96b926523c87

New changelog entries:
  * SECURITY UPDATE: DTLS implementation can lead to remote code execution.
  * ssl/{ssl_err,d1_both}.c, ssl/{dtls1,ssl}.h: patched inline with upstream
    fixes backported thanks to Ludwig Nussel.
  * References
    http://www.openssl.org/news/secadv_20071012.txt
    CVE-2007-4995

536eef0... by Matthias Klose on 2007-10-04

Import patches-unapplied version 0.9.8e-5ubuntu3 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: ef1a78d79eb6bce2cb9a9cdc3841005e33390e63

New changelog entries:
  * Replace duplicate files in the doc directory with symlinks.

ef1a78d... by Kees Cook on 2007-09-28

Import patches-unapplied version 0.9.8e-5ubuntu2 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 4205ad546b70c56e6d3cd1048fa53fa2a61353cf

New changelog entries:
  [ Jamie Strandboge ]
  * SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in
    buffer overflow
  * ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to
    Stephan Hermann
  * References:
    CVE-2007-5135
    http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded
    Fixes LP: #146269
  * Modify Maintainer value to match the DebianMaintainerField
    specification.
  [ Kees Cook ]
  * SECURITY UPDATE: side-channel attacks via BN_from_montgomery function.
  * crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian.
  * References
    CVE-2007-3108

4205ad5... by Matthias Klose on 2007-07-31

Import patches-unapplied version 0.9.8e-5ubuntu1 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: f172a9fc8be095f9646f2c087b7827031ce3db2f

New changelog entries:
  * Configure: Add support for lpia.
  * Explicitely build using gcc-4.1 (PR other/31359).

f172a9f... by Kurt Roeckx on 2007-05-15

Import patches-unapplied version 0.9.8e-5 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 3ba8d0ec2c1bdf5464cabe017bb0fd01b3a901a7

New changelog entries:
  [ Christian Perrier ]
  * Debconf templates proofread and slightly rewritten by
    the debian-l10n-english team as part of the Smith Review Project.
    Closes: #418584
  * Debconf templates translations:
    - Arabic. Closes: #418669
    - Russian. Closes: #418670
    - Galician. Closes: #418671
    - Swedish. Closes: #418679
    - Korean. Closes: #418755
    - Czech. Closes: #418768
    - Basque. Closes: #418784
    - German. Closes: #418785
    - Traditional Chinese. Closes: #419915
    - Brazilian Portuguese. Closes: #419959
    - French. Closes: #420429
    - Italian. Closes: #420461
    - Japanese. Closes: #420482
    - Catalan. Closes: #420833
    - Dutch. Closes: #420925
    - Malayalam. Closes: #420986
    - Portuguese. Closes: #421032
    - Romanian. Closes: #421708
  [ Kurt Roeckx ]
  * Remove the Provides for the udeb. Patch from Frans Pop. (Closes: #419608)
  * Updated Spanish debconf template. (Closes: #421336)
  * Do the header changes, changing those defines into real functions,
    and bump the shlibs to match.
  * Update Japanese debconf translation. (Closes: #422270)

3ba8d0e... by Kurt Roeckx on 2007-03-10

Import patches-unapplied version 0.9.8e-4 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 20d2ab7db063d6a3a9d7ea109f67a2ebcd83c8ae

New changelog entries:
  * openssl should depend on libssl0.9.8 0.9.8e-1 since it
    uses some of the defines that changed to functions.
    Other things build against libssl or libcrypto shouldn't
    have this problem since they use the old headers.
    (Closes: #414283)
  * Add nagios-nrpe-server to the list of services to be checked
    (Closes: #391188)
  * EVP_CIPHER_CTX_key_length() should return the set key length in the
    EVP_CIPHER_CTX structure which may not be the same as the underlying
    cipher key length for variable length ciphers.
    From upstream CVS. (Closes: #412979)
  * Undo include changes that change defines into real functions,
    but keep the new functions in the library.
  * New upstream release
    - Inludes security fixes for CVE-2006-2937, CVE-2006-2940,
      CVE-2006-3738, CVE-2006-4343 (Closes: #408902)
    - s_client now properly works with SMTP. Also added support
      for IMAP. (closes: #221689)
    - Load padlock modules (Closes: #345656, #368476)
  * Add clamav-freshclam and clamav-daemon to the list of service that
    need to be restarted. (Closes: #391191)
  * Add armel support. Thanks to Guillem Jover <email address hidden>
    for the patch. (Closes: #407196)
  * Add Portuguese translations. Thanks to Carlos Lisboa. (Closes: 408157)
  * Add Norwegian translations. Thanks to Bjørn Steensrud
    <email address hidden> (Closes: #412326)

20d2ab7... by Kurt Roeckx on 2006-11-30

Import patches-unapplied version 0.9.8c-4 to ubuntu/feisty

Imported using git-ubuntu import.

Changelog parent: c1d2d17be519b41526d5f68261a06ded06fef958

New changelog entries:
  * Add German debconf translation. Thanks to
    Johannes Starosta <email address hidden> (Closes: #388108)
  * Make c_rehash look for both .pem and .crt files. Also make it support
    files in DER format. Patch by "Yauheni Kaliuta" <email address hidden>
    (Closes: #387089)
  * Use & instead of && to check a flag in the X509 policy checking.
    Patch from upstream cvs. (Closes: #397151)
  * Also restart slapd for security updates (Closes: #400221)
  * Add Romanian debconf translation. Thanks to
    stan ioan-eugen <email address hidden> (Closes: #393507)