Last commit made on 2013-07-15
Get this branch:
git clone -b ubuntu/saucy-proposed https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

5070e5c... by Matthias Klose on 2013-07-15

Import patches-unapplied version 1.0.1e-3ubuntu1 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 8ce1bbd8473d512f65274dbd5fa5b0845fb8127e

New changelog entries:
  * Merge with Debian, remaining changes.
    - debian/libssl1.0.0.postinst:
      + Display a system restart required notification on libssl1.0.0
        upgrade on servers.
      + Use a different priority for libssl1.0.0/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
    - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
      libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
      in Debian).
    - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
      rules}: Move runtime libraries to /lib, for the benefit of
    - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
    - debian/rules:
      + Don't run 'make test' when cross-building.
      + Use host compiler when cross-building. Patch from Neil Williams.
      + Don't build for processors no longer supported: i586 (on i386)
      + Fix Makefile to properly clean up libs/ dirs in clean target.
      + Replace duplicate files in the doc directory with symlinks.
    - Unapply patch c_rehash-multi and comment it out in the series as it
      breaks parsing of certificates with CRLF line endings and other cases
      (see Debian #642314 for discussion), it also changes the semantics of
      c_rehash directories by requiring applications to parse hash link
      targets as files containing potentially *multiple* certificates rather
      than exactly one.
    - debian/patches/tls12_workarounds.patch: Workaround large client hello
      issues when TLS 1.1 and lower is in use
    - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-*
    - debian/patches/ubuntu_deb676533_arm_asm.patch: Enable arm assembly
    - debian/patches/arm64-support: Add basic arm64 support (no assembler)
    - debian/rules: Enable optimized 64bit elliptic curve code contributed
      by Google.
  * debian/patches/tls12_workarounds.patch: updated to also disable TLS 1.2
    in test suite since we disable it in the client.
  * Disable compression to avoid CRIME systemwide (CVE-2012-4929).
  * Dropped changes:
    - debian/patches/ubuntu_deb676533_arm_asm.patch, applied in Debian.

8ce1bbd... by Kurt Roeckx on 2013-05-20

Import patches-unapplied version 1.0.1e-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 05b54a0cf8b6dcdcbc4727cf5a25c42dc1c94f3d

New changelog entries:
  * Move <openssl/opensslconf.h> to /usr/include/$(DEB_HOST_MULTIARCH), and
    mark libssl-dev Multi-Arch: same.
    Patch by Colin Watson <email address hidden> (Closes: #689093)
  * Add Polish translation (Closes: #658162)
  * Add Turkish translation (Closes: #660971)
  * Enable assembler for the arm targets, and remove armeb.
    Patch by Riku Voipio <email address hidden> (Closes: #676533)
  * Add support for x32 (Closes: #698406)
  * enable ec_nistp_64_gcc_128 on *-amd64 (Closes: #698447)

05b54a0... by Kurt Roeckx on 2013-03-18

Import patches-unapplied version 1.0.1e-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e19510efe2346627266c179dc39dc63e98114a4b

New changelog entries:
  * Bump shlibs. It's needed for the udeb.
  * Make cpuid work on cpu's that don't set ecx (Closes: #699692)
  * Fix problem with AES-NI causing bad record mac (Closes: #701868, #702635, #678353)
  * Fix problem with DTLS version check (Closes: #701826)
  * Fix segfault in SSL_get_certificate (Closes: #703031)

e19510e... by Kurt Roeckx on 2013-02-11

Import patches-unapplied version 1.0.1e-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 23d2b7c8d282b3bd60601b7c48cf594106d126ef

New changelog entries:
  * New upstream version (Closes: #699889)
    - Fixes CVE-2013-0169, CVE-2012-2686, CVE-2013-0166
    - Drop renegiotate_tls.patch, applied upstream
    - Export new CRYPTO_memcmp symbol, update symbol file
  * Add ssltest_no_sslv2.patch so that "make test" works.
  * Re-enable assembler versions on sparc. They shouldn't have
    been disabled for sparc v9. (Closes: #649841)

23d2b7c... by Kurt Roeckx on 2012-07-17

Import patches-unapplied version 1.0.1c-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 79e8663eddb6e1140f68c98add690f24351da12e

New changelog entries:
  * Fix the configure rules for alpha (Closes: #672710)
  * Switch the postinst to sh again, there never was a reason to
    switch it to bash (Closes: #676398)
  * Fix pic.patch to not use #ifdef in x86cpuid.s, only .S files are
    preprocessed. We generate the file again for pic anyway.
    (Closes: #677468)
  * Drop Breaks against openssh as it was only for upgrades
    between versions that were only in testing/unstable.
    (Closes: #668600)

79e8663... by Kurt Roeckx on 2012-06-06

Import patches-unapplied version 1.0.1c-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 0981ef39db63efe309e74592997d983db1d320ec

New changelog entries:
  * Disable padlock engine again, causes problems for hosts not supporting it.

0981ef3... by Kurt Roeckx on 2012-06-05

Import patches-unapplied version 1.0.1c-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 061e2165f691c68d1d843660d8954f2301d8a0aa

New changelog entries:
  * Fix renegiotation when using TLS > 1.0. This breaks tor. Patch from
    upstream. (Closes: #675990)
  * Enable the padlock engine by default.
  * Change default bits from 1024 to 2048 (Closes: #487152)

061e216... by Kurt Roeckx on 2012-05-11

Import patches-unapplied version 1.0.1c-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 85ed39a72573ecd3db3d04abfa12886280d6305f

New changelog entries:
  * New upstream version
    - Fixes CVE-2012-2333 (Closes: #672452)

85ed39a... by Kurt Roeckx on 2012-04-26

Import patches-unapplied version 1.0.1b-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 390f8982ed38219808a6d98e93b7fdb9b9b65d2e

New changelog entries:
  * New upstream version
    - Remaps SSL_OP_NO_TLSv1_1, so applications linked to 1.0.0
      can talk to servers supporting TLS 1.1 but not TLS 1.2
    - Drop rc4_hmac_md5.patch, applied upstream

390f898... by Kurt Roeckx on 2012-04-19

Import patches-unapplied version 1.0.1a-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 38204fdc08384530b7a6105af5759fb9dff78fcc

New changelog entries:
  * Use patch from upstream for the rc4_hmac_md5 issue.
  * Fix rc4_hmac_md5 on non-i386/amd64 arches.