ubuntu/+source/openssl:ubuntu/hoary-security

Last commit made on 2006-10-04
Get this branch:
git clone -b ubuntu/hoary-security https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/hoary-security
Repository:
lp:ubuntu/+source/openssl

Recent commits

8e1aba5... by Martin Pitt on 2006-10-04

Import patches-unapplied version 0.9.7e-3ubuntu0.6 to ubuntu/hoary-security

Imported using git-ubuntu import.

Changelog parent: 51f9430a17d7d26a505072d5e4d88ff7a5fdc6ae

New changelog entries:
  * SECURITY UPDATE: Previous update did not completely fix CVE-2006-2940.
  * crypto/rsa/rsa_eay.c: Apply max. modulus bits checking to
    RSA_eay_public_decrypt() instead of RSA_eay_private_encrypt(). Thanks to
    Mark J. Cox for noticing!
  * crypto/dh/dh_key.c: Fix return value to prevent free'ing an uninit'ed
    pointer.

51f9430... by Martin Pitt on 2006-09-27

Import patches-unapplied version 0.9.7e-3ubuntu0.4 to ubuntu/hoary-security

Imported using git-ubuntu import.

Changelog parent: 844eb411bcb6b45c7237f6a5b374fe4a249ced30

New changelog entries:
  * SECURITY UPDATE: Remote arbitrary code execution, remote DoS.
  * crypto/asn1/tasn_dec.c, asn1_d2i_ex_primitive(): Initialize 'ret' to avoid
    an infinite loop in some circumstances. [CVE-2006-2937]
  * ssl/ssl_lib.c, SSL_get_shared_ciphers(): Fix len comparison to correctly
    handle invalid long cipher list strings. [CVE-2006-3738]
  * ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to
    avoid client crash with malicious server responses. [CVE-2006-4343]
  * Certain types of public key could take disproportionate amounts of time to
    process. Apply patch from Bodo Moeller to impose limits to public key type
    values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940]
  * Updated patch in previous package version to fix a few corner-case
    regressions. (This reverts the changes to rsa_eay.c/rsa.h/rsa_err.c, which
    were determined to not be necessary).

844eb41... by Martin Pitt on 2006-09-05

Import patches-unapplied version 0.9.7e-3ubuntu0.3 to ubuntu/hoary-security

Imported using git-ubuntu import.

Changelog parent: e4f1845654cf97e89d0510115291000425063cf0

New changelog entries:
  * SECURITY UPDATE: signature forgery in some cases.
  * Apply http://www.openssl.org/news/patch-CVE-2006-4339.txt:
    - Check excessive data in padding of PKCS #1 v1.5 signatures to prevent
      applications from incorrectly verifying the certificate.
  * References:
    CVE-2006-4339
    http://www.openssl.org/news/secadv_20060905.txt

e4f1845... by Martin Pitt on 2005-10-13

Import patches-unapplied version 0.9.7e-3ubuntu0.2 to ubuntu/hoary-security

Imported using git-ubuntu import.

Changelog parent: 356487a868d6cbf990cddfd08c115d6d0c946072

New changelog entries:
  * SECURITY UPDATE: Fix cryptographic weakness.
  * ssl/s23_srvr.c:
    - When using SSL_OP_MSIE_SSLV2_RSA_PADDING, do not disable the
      protocol-version rollback check, so that a man-in-the-middle cannot
      force a client and server to fall back to the insecure SSL 2.0 protocol.
    - Problem discovered by Yutaka Oiwa.
  * References:
    CAN-2005-2969
    http://www.openssl.org/news/secadv_20051011.txt
  * SECURITY UPDATE: Fix insecure default message digest.
  * apps/openssl.cnf: Change CA and req default message digest algorithm to
    SHA-1 since MD5 is deemed insecure.
  * References:
    http://www.cits.rub.de/MD5Collisions/
    http://eprint.iacr.org/2004/356
    Ubuntu #13593

356487a... by Christoph Martin <email address hidden> on 2004-12-16

Import patches-unapplied version 0.9.7e-3 to ubuntu/hoary

Imported using git-ubuntu import.

Changelog parent: e75c4ef37c48280805a3b468cdaecc1f13aba5d4

New changelog entries:
  * really fix der_chop. The fix from -1 was not really included (closes:
    #281212)
  * still fixes security problem CAN-2004-0975 etc.
    - tempfile raise condition in der_chop
    - Avoid a race condition when CRLs are checked in a multi threaded
      environment.
  * fix perl path in der_chop and c_rehash (closes: #281212)
  * still fixes security problem CAN-2004-0975 etc.
    - tempfile raise condition in der_chop
    - Avoid a race condition when CRLs are checked in a multi threaded
      environment.
  * SECURITY UPDATE: fix insecure temporary file handling
  * apps/der_chop:
    - replaced $$-style creation of temporary files with
      File::Temp::tempfile()
    - removed unused temporary file name in do_certificate()
  * References:
    CAN-2004-0975 (closes: #278260)
  * fix ASN1_STRING_to_UTF8 with UTF8 (closes: #260357)
  * New upstream release with security fixes
    - Avoid a race condition when CRLs are checked in a multi threaded
      environment.
    - Various fixes to s3_pkt.c so alerts are sent properly.
    - Reduce the chances of duplicate issuer name and serial numbers (in
      violation of RFC3280) using the OpenSSL certificate creation
      utilities.
  * depends openssl on perl-base instead of perl (closes: #280225)
  * support powerpc64 in Configure (closes: #275224)
  * include cs translation (closes: #273517)
  * include nl translation (closes: #272479)
  * Fix default dir of c_rehash (closes: #253126)
  * Make S/MIME encrypt work again (backport from CVS) (closes: #241407,
    #241386)
  * add Catalan translation (closes: #248749)
  * add Spanish translation (closes: #254561)
  * include NMU fixes: see below
  * decrease optimisation level for debian-arm to work around gcc bug
    (closes: #253848) (thanks to Steve Langasek and Thom May)
  * Add libcrypto0.9.7-udeb. (closes: #250010) (thanks to Bastian Blank)
  * Add watchfile

e75c4ef... by Christoph Martin <email address hidden> on 2004-05-24

Import patches-unapplied version 0.9.7d-3 to ubuntu/warty

Imported using git-ubuntu import.