ubuntu/+source/openssl:ubuntu/maverick-security

Last commit made on 2012-02-09
Get this branch:
git clone -b ubuntu/maverick-security https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/maverick-security
Repository:
lp:ubuntu/+source/openssl

Recent commits

0b4a9a8... by Steve Beattie on 2012-01-31

Import patches-unapplied version 0.9.8o-1ubuntu4.6 to ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: 6982a41627d3ca3ab47c6b46fcd713cc2c44405a

New changelog entries:
  * SECURITY UPDATE: ECDSA private key timing attack
    - debian/patches/CVE-2011-1945.patch: compute with fixed scalar
      length
    - CVE-2011-1945
  * SECURITY UPDATE: ECDH ciphersuite denial of service
    - debian/patches/CVE-2011-3210.patch: fix memory usage for thread
      safety
    - CVE-2011-3210
  * SECURITY UPDATE: DTLS plaintext recovery attack
    - debian/patches/CVE-2011-4108.patch: perform all computations
      before discarding messages
    - CVE-2011-4108
  * SECURITY UPDATE: policy check double free vulnerability
    - debian/patches/CVE-2011-4019.patch: only free domain policyin
      one location
    - CVE-2011-4019
  * SECURITY UPDATE: SSL 3.0 block padding exposure
    - debian/patches/CVE-2011-4576.patch: clear bytes used for block
      padding of SSL 3.0 records.
    - CVE-2011-4576
  * SECURITY UPDATE: malformed RFC 3779 data denial of service attack
    - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779
      data from triggering an assertion failure
    - CVE-2011-4577
  * SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service
    - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake
      restart for SSL/TLS.
    - CVE-2011-4619
  * SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack
    - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC
    - CVE-2012-0050
  * debian/patches/openssl-fix_ECDSA_tests.patch: fix ECDSA tests
  * debian/libssl0.9.8.postinst: Only issue the reboot notification for
    servers by testing that the X server is not running (LP: #244250)

6982a41... by Steve Beattie on 2011-02-10

Import patches-unapplied version 0.9.8o-1ubuntu4.4 to ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: bb0872832f0f82265db821e4dd2b6db532657318

New changelog entries:
  * SECURITY UPDATE: OCSP stapling vulnerability
    - debian/patched/openssl-CVE-2011-0014-secadv_20110208.patch:
      stricter parsing of ClientHello message in ssl/t1_lib.c
    - CVE-2011-0014

bb08728... by Steve Beattie on 2010-12-03

Import patches-unapplied version 0.9.8o-1ubuntu4.3 to ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: c5df23bb58e2caf760e532933ea35ffbf7fd72f7

New changelog entries:
  * SECURITY UPDATE: ciphersuite downgrade vulnerability
    - openssl-CVE-2010-4180-secadv_20101202-0.9.8.patch:
      disable workaround for Netscape cipher suite bug in ssl/s3_clnt.c
      and ssl/s3_srvr.c
    - CVE-2010-4180

c5df23b... by Steve Beattie on 2010-11-16

Import patches-unapplied version 0.9.8o-1ubuntu4.2 to ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: 6e00223359658385d77a58f5b2c8ea491adb412a

New changelog entries:
  * SECURITY UPDATE: TLS race condition leading to a buffer overflow and
    possible code execution. (LP: #676243)
    - patches/debian/openssl-CVE-2010-3864-secadv_20101116-0.9.8.patch:
      stricter NULL/not-NULL checking in ssl/t1_lib.c
    - CVE-2010-3864

6e00223... by Marc Deslauriers on 2010-10-06

Import patches-unapplied version 0.9.8o-1ubuntu4.1 to ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: 364d39dac71b95401b55b72ee2ae99e835e7200a

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted private key with an invalid prime.
    - debian/patches/CVE-2010-2939.patch: set bn_ctx to NULL after freeing
      it in ssl/s3_clnt.c.
    - CVE-2010-2939

364d39d... by Colin Watson on 2010-09-24

Import patches-unapplied version 0.9.8o-1ubuntu4 to ubuntu/maverick

Imported using git-ubuntu import.

Changelog parent: 80b3e62fe80f4b86385865af2acced55dcf83c56

New changelog entries:
  * Update AES-NI patch to openssl-0.9.8-aesni-modes-perlasm-win32-v4.patch
    from http://rt.openssl.org/Ticket/Display.html?id=2067, fixing segfault
    on engine initialisation (LP: #590639).

80b3e62... by Kees Cook on 2010-07-20

Import patches-unapplied version 0.9.8o-1ubuntu3 to ubuntu/maverick

Imported using git-ubuntu import.

Changelog parent: ff92823f3d7ed742ac8e2f19ba8672a37078f42c

New changelog entries:
  * debian/patches/no-sslv2.patch: disable SSLv2 to match NSS and GnuTLS.
    The protocol is unsafe and extremely deprecated. (Debian bug 589706)

ff92823... by Matthias Klose on 2010-07-19

Import patches-unapplied version 0.9.8o-1ubuntu2 to ubuntu/maverick

Imported using git-ubuntu import.

Changelog parent: 1697fe50025d5f297c2ce2fc00cd69c01dc0e100

New changelog entries:
  * Don't build anymore for processors not supported anymore in maverick:
    - i486, i586 (on i386).
    - v8 (on sparc).

1697fe5... by Marc Deslauriers on 2010-06-14

Import patches-unapplied version 0.9.8o-1ubuntu1 to ubuntu/maverick

Imported using git-ubuntu import.

Changelog parent: d632da659b723bd315f7aa135a673701bea4a326

New changelog entries:
  * Merge from debian unstable, remaining changes (LP: #581167):
    - debian/patches/Bsymbolic-functions.patch: Link using
      -Bsymbolic-functions
    - Ship documentation in openssl-doc, suggested by the package.
    - Use a different priority for libssl0.9.8/restart-services
      depending on whether a desktop, or server dist-upgrade is being
      performed.
    - Display a system restart required notification bubble on libssl0.9.8
      upgrade.
    - Replace duplicate files in the doc directory with symlinks.
    - Move runtime libraries to /lib, for the benefit of wpasupplicant
    - Use host compiler when cross-building (patch from Neil Williams in
      Debian #465248).
    - Don't run 'make test' when cross-building.
    - Create libssl0.9.8-udeb, for the benefit of wget-udeb (LP: #503339).
    - debian/patches/aesni.patch: Backport Intel AES-NI support from
      http://rt.openssl.org/Ticket/Display.html?id=2067 (LP: #485518).
    - debian/patches/perlpath-quilt.patch: Don't change perl #! paths
      under .pc.
  * Dropped patches, now upstream:
    - debian/patches/CVE-2009-3245.patch
    - debian/patches/CVE-2010-0740.patch
    - debian/patches/dtls-compatibility.patch
    - debian/patches/CVE-2009-4355.patch
  * Dropped "Add support for lpia".
  * Dropped "Disable SSLv2 during compile" as this had never actually
    disabled SSLv2.
  * Don't disable CVE-2009-3555.patch for Maverick.

d632da6... by Kurt Roeckx on 2010-04-17

Import patches-unapplied version 0.9.8o-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f1b6e1fafd1f910c9780bd06a601288c76907e7b

New changelog entries:
  * New upstream version
    - Add SHA2 algorithms to SSL_library_init().
    - aes-x86_64.pl is now PIC, update pic.patch.
  * Add sparc64 support (Closes: #560240)