ubuntu/+source/openssl:ubuntu/raring-updates

Last commit made on 2014-01-09
Get this branch:
git clone -b ubuntu/raring-updates https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/raring-updates
Repository:
lp:ubuntu/+source/openssl

Recent commits

ec89de7... by Marc Deslauriers on 2014-01-08

Import patches-unapplied version 1.0.1c-4ubuntu8.2 to ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: e281fcbaf9216ffe400126fe0dda64c8fd6dfe61

New changelog entries:
  * SECURITY UPDATE: denial of service via invalid TLS handshake
    - debian/patches/CVE-2013-4353.patch: handle no new cipher setup in
      ssl/s3_both.c.
    - CVE-2013-4353
  * SECURITY UPDATE: denial of service via incorrect data structure
    - debian/patches/CVE-2013-6449.patch: check for handshake digests in
      ssl/s3_both.c,ssl/s3_pkt.c,ssl/t1_enc.c, use proper version in
      ssl/s3_lib.c.
    - CVE-2013-6449
  * SECURITY UPDATE: denial of service via DTLS retransmission
    - debian/patches/CVE-2013-6450.patch: fix DTLS retransmission in
      crypto/evp/digest.c,ssl/d1_both.c,ssl/s3_pkt.c,ssl/s3_srvr.c,
      ssl/ssl_locl.h,ssl/t1_enc.c.
    - CVE-2013-6450
  * debian/patches/no_default_rdrand.patch: Don't use rdrand engine as
    default unless explicitly requested.

e281fcb... by Seth Arnold on 2013-06-04

Import patches-unapplied version 1.0.1c-4ubuntu8.1 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 9687c13e435979857557c270fc1c7a80bacc005d

New changelog entries:
  * SECURITY UPDATE: Disable compression to avoid CRIME systemwide
    (LP: #1187195)
    - CVE-2012-4929
    - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
      zlib to compress SSL/TLS unless the environment variable
      OPENSSL_DEFAULT_ZLIB is set in the environment during library
      initialization.
    - Introduced to assist with programs not yet updated to provide their own
      controls on compression, such as Postfix
    - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch

9687c13... by Marc Deslauriers on 2013-03-19

Import patches-unapplied version 1.0.1c-4ubuntu8 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 67eb48c1aa2ff07ffe475dc075e315833edbcfda

New changelog entries:
  * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
    - debian/patches/CVE-2013-0169.patch: re-enabled patch and added extra
      commit from upstream to fix regression.
    - CVE-2013-0169

67eb48c... by Dimitri John Ledkov on 2013-03-07

Import patches-unapplied version 1.0.1c-4ubuntu7 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 68584781ccc6a72dce71d0c3a15002a50a6d7d23

New changelog entries:
  * Enable optimized 64bit elliptic curve code contributed by Google. (LP: #1018522)

6858478... by Marc Deslauriers on 2013-03-06

Import patches-unapplied version 1.0.1c-4ubuntu6 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 2a88f715ff6efe2367ef709606662a615061f147

New changelog entries:
  * debian/patches/fix_key_decoding_deadlock.patch: Fix possible deadlock
    when decoding public keys. (LP: #1066032)

2a88f71... by Marc Deslauriers on 2013-02-28

Import patches-unapplied version 1.0.1c-4ubuntu5 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 8a6defe1379d1fb2437a0213a743ea26593c0739

New changelog entries:
  * REGRESSION FIX: decryption errors on AES-NI hardware (LP: #1134873,
    LP: #1133333)
    - debian/patches/CVE-2013-0169.patch: disabled for now until fix is
      available from upstream.

8a6defe... by Marc Deslauriers on 2013-02-19

Import patches-unapplied version 1.0.1c-4ubuntu4 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 13c763588aecc494afd629fe6f8219aee516497f

New changelog entries:
  * SECURITY UPDATE: denial of service via invalid OCSP key
    - debian/patches/CVE-2013-0166.patch: properly handle NULL key in
      crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
    - CVE-2013-0166
  * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
    - debian/patches/CVE-2013-0169.patch: massive code changes
    - CVE-2013-0169
  * SECURITY UPDATE: denial of service via AES-NI and crafted CBC data
    - Fix included in CVE-2013-0169 patch
    - CVE-2012-2686

13c7635... by Wookey on 2013-01-20

Import patches-unapplied version 1.0.1c-4ubuntu3 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: f30d50fb8c0566ec798102df983e7a9cac055ed1

New changelog entries:
  * Add basic arm64 support (no assembler) (LP: #1102107)

f30d50f... by Dimitri John Ledkov on 2012-11-28

Import patches-unapplied version 1.0.1c-4ubuntu2 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: cdc5315d09e7ce7edf61a9db342ec6b78c658803

New changelog entries:
  * Enable arm assembly code. (LP: #1083498) (Closes: #676533)

cdc5315... by Tyler Hicks on 2012-11-09

Import patches-unapplied version 1.0.1c-4ubuntu1 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 23d2b7c8d282b3bd60601b7c48cf594106d126ef

New changelog entries:
  * Resynchronise with Debian (LP: #1077228). Remaining changes:
    - debian/libssl1.0.0.postinst:
      + Display a system restart required notification on libssl1.0.0
        upgrade on servers.
      + Use a different priority for libssl1.0.0/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
    - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
      libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
      in Debian).
    - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
      rules}: Move runtime libraries to /lib, for the benefit of
      wpasupplicant.
    - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
      .pc.
    - debian/rules:
      + Don't run 'make test' when cross-building.
      + Use host compiler when cross-building. Patch from Neil Williams.
      + Don't build for processors no longer supported: i586 (on i386)
      + Fix Makefile to properly clean up libs/ dirs in clean target.
      + Replace duplicate files in the doc directory with symlinks.
    - Unapply patch c_rehash-multi and comment it out in the series as it
      breaks parsing of certificates with CRLF line endings and other cases
      (see Debian #642314 for discussion), it also changes the semantics of
      c_rehash directories by requiring applications to parse hash link
      targets as files containing potentially *multiple* certificates rather
      than exactly one.
    - Bump version passed to dh_makeshlibs to 1.0.1 for new symbols.
    - debian/patches/tls12_workarounds.patch: Workaround large client hello
      issues when TLS 1.1 and lower is in use
    - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-*
  * Dropped changes:
    - Drop openssl-doc in favour of the libssl-doc package introduced by
      Debian. Add Conflicts/Replaces until the next LTS release.
      + Drop the Conflicts/Replaces because 12.04 LTS was 'the next LTS
        release'