ubuntu/+source/openssl:ubuntu/hardy-devel

Last commit made on 2013-02-21
Get this branch:
git clone -b ubuntu/hardy-devel https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/hardy-devel
Repository:
lp:ubuntu/+source/openssl

Recent commits

183fff5... by Marc Deslauriers on 2013-02-18

Import patches-unapplied version 0.9.8g-4ubuntu3.20 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 3e02728eac4fd4d74df24cc244bc6d3dfb45a04c

New changelog entries:
  * SECURITY UPDATE: denial of service via invalid OCSP key
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200
    - CVE-2013-0166
  * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=270881316664396326c461ec7a124aec2c6cc081
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=35a65e814beb899fa1c69a7673a8956c6059dce7
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a33e6702a0db1b9f4648d247b8b28a5c0e42ca13
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2928cb4c82d6516d9e65ede4901a5957d8c39c32
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b3a959a337b8083bc855623f24cebaf43a477350
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=be88529753897c29c677d1becb321f0072c0659c
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=99f5093347c65eecbd05f0668aea94b32fcf20d7
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=24b28060975c01b749391778d13ec2ea1323a1aa
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=924b11742296c13816a9f301e76fea023003920c
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c23a7458209e773ffcd42bdcfa5cf2564df86bd7
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1909df070fb5c5b87246a2de19c17588deba5818
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=33ccde59a1ece0f68cc4b64e930001ab230725b1
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5f9345a2f0b592457fc4a619ac98ea59ffd394ba
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=40e0de03955e218f45a7979cb46fba193f4e7fc2
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1213e6c3c2d7abeeb886d911a3c6c06c5da2e3a4
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ca3b81c8580a609edac1f13a3f62d4348d66c3a8
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6351adecb4726476def5f5ad904a7d2e63480d53
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb092ef4fca897344daf7189526f5f26be6487ce
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=59b1129e0a50fdf7e4e58d7c355783a7bfc1f44c
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4ea7019165db53b92b4284461c5c88bfe7c6e57d
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=76c61a5d1adb92388f39e585e4af860a20feb9bb
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ff58eaa4b645a38f3a226cf566d969fffa64ef94
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5864fd2061f43dc8f89b5755f19bd2a35dec636c
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fbe621d08f2026926c91c1c5f386b27605e39a43
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a8655eb21a7f9a313db18daa6ccaed928fb6027c
    - CVE-2013-0169

3e02728... by Steve Beattie on 2012-05-22

Import patches-unapplied version 0.9.8g-4ubuntu3.19 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: b3b72525a2fd7c7bd6cc5cc97e01322baea3096e

New changelog entries:
  * SECURITY UPDATE: denial of service attack in DTLS implementation
    - ssl/d1_enc.c: guard for integer overflow before skipping
      explicit IV
    - http://cvs.openssl.org/chngview?cn=22558
    - CVE-2012-2333
  * SECURITY UPDATE: million message attack (MMA) in CMS
    - crypto/pkcs7/pk7_doit.c: use a random key if RSA decryption
      fails to avoid leaking timing information
    - http://cvs.openssl.org/chngview?cn=22238
    - CVE-2012-0884
  * crypto/pkcs7/pk7_smime.c: detect symmetric crypto errors in
    PKCS7_decrypt
    - http://cvs.openssl.org/chngview?cn=22161

b3b7252... by Jamie Strandboge on 2012-04-24

Import patches-unapplied version 0.9.8g-4ubuntu3.18 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 2e2e930c20a93e7b1590fa8ee0484837b448feae

New changelog entries:
  * SECURITY UPDATE: incomplete fix for CVE-2012-2110
    - crypto/buffer/buffer.c: also verify 'len' in BUF_MEM_grow and
      BUF_MEM_grow_clean is non-negative
    - http://cvs.openssl.org/chngview?cn=22479
    - CVE-2012-2131
  * crypto/buffer/buffer.c: Use correct error code in BUF_MEM_grow_clean()
    - http://cvs.openssl.org/chngview?cn=22476

2e2e930... by Jamie Strandboge on 2012-04-19

Import patches-unapplied version 0.9.8g-4ubuntu3.17 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 7dbaef01fe97ad0ff9b72c2c673a25023d3bad8b

New changelog entries:
  * SECURITY UPDATE: fix various overflows
    - adjust crypto/a_d2i_fp.c, crypto/buffer.c and crypto/mem.c to verify
      size of lengths
    - http://cvs.openssl.org/chngview?cn=22439
    - CVE-2012-2110

7dbaef0... by Steve Beattie on 2012-01-31

Import patches-unapplied version 0.9.8g-4ubuntu3.15 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 6b6b298a4dac250c1119d986565f47d88ceedff7

New changelog entries:
  * SECURITY UPDATE: ECDSA private key timing attack
    - crypto/ecdsa/ecs_ossl.c: compute with fixed scalar length
    - http://cvs.openssl.org/chngview?cn=20892
    - CVE-2011-1945
  * SECURITY UPDATE: ECDH ciphersuite denial of service
    - ssl/s3_lib.c, file ssl/s3_srvr.c: fix memory usage for thread
      safety
    - http://cvs.openssl.org/chngview?cn=21334
    - CVE-2011-3210
  * SECURITY UPDATE: DTLS plaintext recovery attack (LP: #922229)
    - ssl/d1_pkt.c: perform all computations before discarding messages
    - http://cvs.openssl.org/chngview?cn=21942
    - http://cvs.openssl.org/chngview?cn=19574
    - CVE-2011-4108
  * SECURITY UPDATE: policy check double free vulnerability
    - crypto/x509v3/pcy_map.c, crypto/x509v3/pcy_tree.c: only free
      domain policy in one location
    - http://cvs.openssl.org/chngview?cn=21941
    - CVE-2011-4019
  * SECURITY UPDATE: incorrect elliptic curve computation TLS key
    exposure
    - crypto/bn/bn_nist.c: perform ellyiptic curve computations
      correctly
    - update to http://cvs.openssl.org/fileview?f=openssl/crypto/bn/bn_nist.c&v=1.20
    - CVE-2011-4354
  * SECURITY UPDATE: SSL 3.0 block padding exposure
    - ssl/s3_enc.c: clear bytes used for block padding of SSL 3.0
      records.
    - http://cvs.openssl.org/chngview?cn=21940
    - CVE-2011-4576
  * SECURITY UPDATE: malformed RFC 3779 data denial of service attack
    - crypto/x509v3/v3_addr.c: prevent malformed RFC3779 data
      from triggering an assertion failure
    - http://cvs.openssl.org/chngview?cn=21937
    - CVE-2011-4577
  * SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service
    - ssl/s3_srvr.c, ssl/ssl.h, ssl/ssl3.h, ssl/ssl_err.c: Only allow
      one SGC handshake restart for SSL/TLS.
    - CVE-2011-4619
  * SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack
    - ssl/d1_pkt.c: improve handling of DTLS MAC
    - http://cvs.openssl.org/chngview?cn=22032
    - CVE-2012-0050
  * crypto/ecdsa/ecdsatest.c: fix ECDSA tests
    - http://cvs.openssl.org/chngview?cn=21777
    - http://cvs.openssl.org/chngview?cn=21995
  * debian/libssl0.9.8.postinst: Only issue the reboot notification for
    servers by testing that the X server is not running (LP: #244250)

6b6b298... by Steve Beattie on 2010-12-03

Import patches-unapplied version 0.9.8g-4ubuntu3.13 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: ebe75231195509b7fa5ba37b527fbb6cfbc0875f

New changelog entries:
  * SECURITY UPDATE: ciphersuite downgrade vulnerability
    - ssl/s3_clnt.c, ssl/s3_srvr.c: disable workaround for Netscape
      cipher suite bug
    - http://openssl.org/news/secadv_20101202.txt
    - CVE-2010-4180

ebe7523... by Steve Beattie on 2010-11-17

Import patches-unapplied version 0.9.8g-4ubuntu3.12 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 873c4f0eda7ee816166d3f7b66becbd311be24d3

New changelog entries:
  * SECURITY UPDATE: TLS race condition leading to a buffer overflow and
    possible code execution. (LP: #676243)
    - ssl/t1_lib.c: stricter NULL/not-NULL checking
    - http://openssl.org/news/secadv_20101116.txt
    - CVE-2010-3864

873c4f0... by Marc Deslauriers on 2010-10-06

Import patches-unapplied version 0.9.8g-4ubuntu3.11 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 9181eea4a719ed4067ec7e63cce910ddf160266b

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    unchecked bn_wexpand return values. (LP: #655884)
    - crypto/bn/{bn_mul,bn_div,bn_gf2m}.c, crypto/ec/ec2_smpl.c,
      engines/e_ubsec.c: check return values.
    - http://cvs.openssl.org/chngview?cn=18936
    - http://cvs.openssl.org/chngview?cn=19309
    - CVE-2009-3245
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted private key with an invalid prime.
    - ssl/s3_clnt.c: set bn_ctx to NULL after freeing it.
    - http://<email address hidden>/msg28049.html
    - CVE-2010-2939

9181eea... by Marc Deslauriers on 2010-08-12

Import patches-unapplied version 0.9.8g-4ubuntu3.10 to ubuntu/hardy-proposed

Imported using git-ubuntu import.

Changelog parent: 8917a16412136f272dba9cc7b2ca50826d2c2438

New changelog entries:
  * SECURITY UPDATE: TLS renegotiation flaw (LP: #616759)
    - apps/{s_cb,s_client,s_server}.c, doc/ssl/SSL_CTX_set_options.pod,
      ssl/{d1_both,d1_clnt,d1_srvr,s3_both,s3_clnt,s3_pkt,s3_srvr,ssl_err,
      ssl_lib,t1_lib,t1_reneg}.c, ssl/Makefile, ssl/{ssl3,ssl,ssl_locl,
      tls1}.h: backport rfc5746 support from openssl 0.9.8m.
    - CVE-2009-3555
  * Enable tlsext, and backport some patches from jaunty now that tlsext is
    enabled.
    - Fix a problem with tlsext preventing firefox 3 from connection.
    - Don't add extentions to ssl v3 connections. It breaks with some
      other software.

8917a16... by Kees Cook on 2010-01-13

Import patches-unapplied version 0.9.8g-4ubuntu3.9 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: cfeb16aae0d7d360ab2f85c06fa543dd94eb68cb

New changelog entries:
  * SECURITY UPDATE: memory leak possible during state clean-up.
    - crypto/comp/c_zlib.c: upstream fixes applied inline.
    - CVE-2009-4355