ubuntu/+source/openssl:ubuntu/precise

Last commit made on 2012-04-19
Get this branch:
git clone -b ubuntu/precise https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/precise
Repository:
lp:ubuntu/+source/openssl

Recent commits

c1ce0c1... by Jamie Strandboge on 2012-04-19

Import patches-unapplied version 1.0.1-4ubuntu3 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: d92b3d1a66871f535a11abd7249d0dbf924a03b1

New changelog entries:
  * SECURITY UPDATE: fix various overflows
    - debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c,
      crypto/buffer.c and crypto/mem.c to verify size of lengths
    - CVE-2012-2110

d92b3d1... by Colin Watson on 2012-04-18

Import patches-unapplied version 1.0.1-4ubuntu2 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 9a6d6a9ba4f69833b060bc9bf44da7d5a36ed3bd

New changelog entries:
  * Backport more upstream patches to work around TLS 1.2 failures
    (LP #965371):
    - Do not use record version number > TLS 1.0 in initial client hello:
      some (but not all) hanging servers will now work.
    - Truncate the number of ciphers sent in the client hello to 50. Most
      broken servers should now work.
    - Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.
  * Don't re-enable TLS 1.2 client support by default yet, since more of the
    sites listed in the above bug and its duplicates still fail if I do that
    versus leaving it disabled.

9a6d6a9... by Colin Watson on 2012-04-10

Import patches-unapplied version 1.0.1-4ubuntu1 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: 80d1b191d547b2eb76ec48a083fbf1772d23a433

New changelog entries:
  * Resynchronise with Debian (LP: #968753). Remaining changes:
    - debian/libssl1.0.0.postinst:
      + Display a system restart required notification on libssl1.0.0
        upgrade on servers.
      + Use a different priority for libssl1.0.0/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
    - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
      libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
      in Debian).
    - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
      rules}: Move runtime libraries to /lib, for the benefit of
      wpasupplicant.
    - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
      .pc.
    - debian/rules:
      + Don't run 'make test' when cross-building.
      + Use host compiler when cross-building. Patch from Neil Williams.
      + Don't build for processors no longer supported: i586 (on i386)
      + Fix Makefile to properly clean up libs/ dirs in clean target.
      + Replace duplicate files in the doc directory with symlinks.
    - Unapply patch c_rehash-multi and comment it out in the series as it
      breaks parsing of certificates with CRLF line endings and other cases
      (see Debian #642314 for discussion), it also changes the semantics of
      c_rehash directories by requiring applications to parse hash link
      targets as files containing potentially *multiple* certificates rather
      than exactly one.
    - Bump version passed to dh_makeshlibs to 1.0.1 for new symbols.
    - Experimental workaround to large client hello issue: if
      OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients
      only.
    - Compile with -DOPENSSL_NO_TLS1_2_CLIENT.

80d1b19... by Kurt Roeckx on 2012-03-31

Import patches-unapplied version 1.0.1-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 10215eaec53ce765318f86f477b1e832cc0704c8

New changelog entries:
  * Use official patch for the vpaes problem, also covering amd64.

10215ea... by Kurt Roeckx on 2012-03-31

Import patches-unapplied version 1.0.1-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 374fcd4ee61af70b5b7f65ea36098921de820067

New changelog entries:
  * Fix crash in vpaes (Closes: #665836)
  * use client version when deciding whether to send supported signature
    algorithms extension

374fcd4... by Kurt Roeckx on 2012-03-19

Import patches-unapplied version 1.0.1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 1437f51242e5834ea113e07414da0fb769c84492

New changelog entries:
  * Properly quote the new cflags in Configure

1437f51... by Kurt Roeckx on 2012-03-19

Import patches-unapplied version 1.0.1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f329f5bac9e51d06ae2b41e7f6104c836371e318

New changelog entries:
  * New upstream version
    - Remove kfreebsd-pipe.patch, fixed upstream
    - Update pic.patch, openssl-pod-misspell.patch and make-targets.patch
    - Add OPENSSL_1.0.1 to version-script.patch and libssl1.0.0.symbols for
      the new functions.
    - AES-NI support (Closes: #644743)
  * pic.patch: upstream made OPENSSL_ia32cap_P and OPENSSL_cpuid_setup
    hidden on amd64, no need to access it PIC anymore.
  * pic.patch: Make OPENSSL_ia32cap_P hidden on i386 too (Closes: #663977)
  * Enable hardening using dpkg-buildflags (Closes: #653495)
  * s_client and s_server were forcing SSLv3 only connection when SSLv2 was
    disabled instead of the SSLv2 with upgrade method. (Closes: #664454)
  * Add Beaks on openssh < 1:5.9p1-4, it has a too strict version check.

f329f5b... by Kurt Roeckx on 2012-03-13

Import patches-unapplied version 1.0.0h-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b575a4f07f8744d3da5258b9378b137ee1c9ef25

New changelog entries:
  * New upstream version
    - Fixes CVE-2012-0884
    - Properly fix CVE-2011-4619
    - pkg-config.patch applied upstream, remove it.
  * Enable assembler for all i386 arches. The assembler does proper
    detection of CPU support, including cpuid support.
    This should fix a problem with AES 192 and 256 with the padlock
    engine because of the difference in NO_ASM between the between
    the i686 optimized library and the engine.

b575a4f... by Kurt Roeckx on 2012-01-18

Import patches-unapplied version 1.0.0g-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 63c8d979afed170a572dcfc59cf3f12273a39a11

New changelog entries:
  * New upstream version
    - Fixes CVE-2012-0050

63c8d97... by Kurt Roeckx on 2012-01-12

Import patches-unapplied version 1.0.0f-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e89dc46686c1bd7bb6ef25c16eb486e404bb678c

New changelog entries:
  * New upstream version
    - Fixes CVE-2011-4108, CVE-2011-4576, CVE-2011-4619, CVE-2012-0027,
      CVE-2011-4577