ubuntu/+source/openssl:ubuntu/quantal-proposed

Last commit made on 2013-06-10
Get this branch:
git clone -b ubuntu/quantal-proposed https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/quantal-proposed
Repository:
lp:ubuntu/+source/openssl

Recent commits

4f83627... by Seth Arnold on 2013-06-04

Import patches-unapplied version 1.0.1c-3ubuntu2.5 to ubuntu/quantal-proposed

Imported using git-ubuntu import.

Changelog parent: f21cab26413aab43712787d8cf49e1996994acc3

New changelog entries:
  * SECURITY UPDATE: Disable compression to avoid CRIME systemwide
    (LP: #1187195)
    - CVE-2012-4929
    - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
      zlib to compress SSL/TLS unless the environment variable
      OPENSSL_DEFAULT_ZLIB is set in the environment during library
      initialization.
    - Introduced to assist with programs not yet updated to provide their own
      controls on compression, such as Postfix
    - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch

f21cab2... by Dimitri John Ledkov on 2013-04-04

Import patches-unapplied version 1.0.1c-3ubuntu2.4 to ubuntu/quantal-proposed

Imported using git-ubuntu import.

Changelog parent: 11c8d572bc4659c45320b8e584f64cf0a12937ec

New changelog entries:
  [ Dmitrijs Ledkovs ]
  * Enable arm assembly code. (LP: #1083498) (Closes: #676533)
  * Enable optimized 64bit elliptic curve code contributed by Google. (LP: #1018522)
  [ Marc Deslauriers ]
  * debian/patches/fix_key_decoding_deadlock.patch: Fix possible deadlock
    when decoding public keys. (LP: #1066032)

11c8d57... by Marc Deslauriers on 2013-03-19

Import patches-unapplied version 1.0.1c-3ubuntu2.3 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 42cee38eeccf026138ab9111914ecc6282f5d95b

New changelog entries:
  * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
    - debian/patches/CVE-2013-0169.patch: re-enabled patch and added extra
      commit from upstream to fix regression.
    - CVE-2013-0169

42cee38... by Marc Deslauriers on 2013-02-28

Import patches-unapplied version 1.0.1c-3ubuntu2.2 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: b73244f5700f67177862e20c4840aeb7e49354f3

New changelog entries:
  * REGRESSION FIX: decryption errors on AES-NI hardware (LP: #1134873,
    LP: #1133333)
    - debian/patches/CVE-2013-0169.patch: disabled for now until fix is
      available from upstream.

b73244f... by Marc Deslauriers on 2013-02-18

Import patches-unapplied version 1.0.1c-3ubuntu2.1 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 6a84e73a96db519d6a25f61be789109539097b0a

New changelog entries:
  * SECURITY UPDATE: denial of service via invalid OCSP key
    - debian/patches/CVE-2013-0166.patch: properly handle NULL key in
      crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
    - CVE-2013-0166
  * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
    - debian/patches/CVE-2013-0169.patch: massive code changes
    - CVE-2013-0169
  * SECURITY UPDATE: denial of service via AES-NI and crafted CBC data
    - Fix included in CVE-2013-0169 patch
    - CVE-2012-2686

6a84e73... by Tyler Hicks on 2012-10-04

Import patches-unapplied version 1.0.1c-3ubuntu2 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: 2f84dee8ff1bdc3c9ddfad42fed4ee06f20da7b5

New changelog entries:
  [ Tyler Hicks <email address hidden> ]
  * debian/patches/tls12_workarounds.patch: Readd the change to check
    TLS1_get_client_version rather than TLS1_get_version to fix incorrect
    client hello cipher list truncation when TLS 1.1 and lower is in use.
    (LP: #1051892)
  [ Micah Gersten <email address hidden> ]
  * Mark Debian Vcs-* as XS-Debian-Vcs-*
    - update debian/control

2f84dee... by Marc Deslauriers on 2012-06-29

Import patches-unapplied version 1.0.1c-3ubuntu1 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: 79e8663eddb6e1140f68c98add690f24351da12e

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - debian/libssl1.0.0.postinst:
      + Display a system restart required notification on libssl1.0.0
        upgrade on servers.
      + Use a different priority for libssl1.0.0/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
    - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
      libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
      in Debian).
    - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
      rules}: Move runtime libraries to /lib, for the benefit of
      wpasupplicant.
    - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
      .pc.
    - debian/rules:
      + Don't run 'make test' when cross-building.
      + Use host compiler when cross-building. Patch from Neil Williams.
      + Don't build for processors no longer supported: i586 (on i386)
      + Fix Makefile to properly clean up libs/ dirs in clean target.
      + Replace duplicate files in the doc directory with symlinks.
    - Unapply patch c_rehash-multi and comment it out in the series as it
      breaks parsing of certificates with CRLF line endings and other cases
      (see Debian #642314 for discussion), it also changes the semantics of
      c_rehash directories by requiring applications to parse hash link
      targets as files containing potentially *multiple* certificates rather
      than exactly one.
    - Bump version passed to dh_makeshlibs to 1.0.1 for new symbols.
    - debian/patches/tls12_workarounds.patch: workaround large client hello
      issue: Compile with -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 and
      with -DOPENSSL_NO_TLS1_2_CLIENT.
  * Dropped upstreamed patches:
    - debian/patches/CVE-2012-2110.patch
    - debian/patches/CVE-2012-2110b.patch
    - debian/patches/CVE-2012-2333.patch
    - debian/patches/CVE-2012-0884-extra.patch
    - most of debian/patches/tls12_workarounds.patch

79e8663... by Kurt Roeckx on 2012-06-06

Import patches-unapplied version 1.0.1c-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 0981ef39db63efe309e74592997d983db1d320ec

New changelog entries:
  * Disable padlock engine again, causes problems for hosts not supporting it.

0981ef3... by Kurt Roeckx on 2012-06-05

Import patches-unapplied version 1.0.1c-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 061e2165f691c68d1d843660d8954f2301d8a0aa

New changelog entries:
  * Fix renegiotation when using TLS > 1.0. This breaks tor. Patch from
    upstream. (Closes: #675990)
  * Enable the padlock engine by default.
  * Change default bits from 1024 to 2048 (Closes: #487152)

061e216... by Kurt Roeckx on 2012-05-11

Import patches-unapplied version 1.0.1c-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 85ed39a72573ecd3db3d04abfa12886280d6305f

New changelog entries:
  * New upstream version
    - Fixes CVE-2012-2333 (Closes: #672452)