ubuntu/+source/openssl:ubuntu/trusty

Last commit made on 2014-04-07
Get this branch:
git clone -b ubuntu/trusty https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty
Repository:
lp:ubuntu/+source/openssl

Recent commits

283c453... by Marc Deslauriers on 2014-04-07

Import patches-unapplied version 1.0.1f-1ubuntu2 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: b5290b4ebcd2529a215bdd09fca79743de17b591

New changelog entries:
  * SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
    - debian/patches/CVE-2014-0076.patch: add and use constant time swap in
      crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
      util/libeay.num.
    - CVE-2014-0076
  * SECURITY UPDATE: memory disclosure in TLS heartbeat extension
    - debian/patches/CVE-2014-0160.patch: use correct lengths in
      ssl/d1_both.c, ssl/t1_lib.c.
    - CVE-2014-0160

b5290b4... by Marc Deslauriers on 2014-01-08

Import patches-unapplied version 1.0.1f-1ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 9b44e0604274f4ad4f41925d06399b323a828dd1

New changelog entries:
  * Merge with Debian, remaining changes.
    - debian/libssl1.0.0.postinst:
      + Display a system restart required notification on libssl1.0.0
        upgrade on servers.
      + Use a different priority for libssl1.0.0/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
    - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
      libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
      in Debian).
    - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
      rules}: Move runtime libraries to /lib, for the benefit of
      wpasupplicant.
    - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
      .pc.
    - debian/rules:
      + Don't run 'make test' when cross-building.
      + Use host compiler when cross-building. Patch from Neil Williams.
      + Don't build for processors no longer supported: i586 (on i386)
      + Fix Makefile to properly clean up libs/ dirs in clean target.
      + Replace duplicate files in the doc directory with symlinks.
    - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-*
    - debian/patches/ubuntu_deb676533_arm_asm.patch: Enable arm assembly
      code.
    - debian/rules: Enable optimized 64bit elliptic curve code contributed
      by Google.
  * Dropped changes:
    - debian/patches/arm64-support: included in debian-targets.patch
    - debian/patches/no_default_rdrand.patch: upstream
    - debian/patches/openssl-1.0.1e-env-zlib.patch: zlib is now completely
      disabled in debian/rules

9b44e06... by Kurt Roeckx on 2014-01-06

Import patches-unapplied version 1.0.1f-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ee8afb2435bbea4f6f2ed8e84d1269a6976f0a74

New changelog entries:
  * New upstream version
    - Fix for TLS record tampering bug CVE-2013-4353
    - Drop the snapshot patch
  * update watch file to check for upstream signature and add upstream pgp key.
  * Drop conflicts against openssh since we now on a released version again.

ee8afb2... by Kurt Roeckx on 2013-12-23

Import patches-unapplied version 1.0.1e-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: edf0c67f507269839a968d18e1a614cb70b3f753

New changelog entries:
  * Add Breaks: openssh-client (<< 1:6.4p1-1.1), openssh-server (<<
    1:6.4p1-1.1). This is to prevent people running into #732940.
    This Breaks can be removed again when we stop using a git snapshot.

edf0c67... by Kurt Roeckx on 2013-12-22

Import patches-unapplied version 1.0.1e-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 52acae66bce92bba10aee14760b4baaff710231a

New changelog entries:
  * Change default digest to SHA256 instead of SHA1. (Closes: #694738)
  * Drop support for multiple certificates in 1 file. It never worked
    properly in the first place, and the only one shipping in
    ca-certificates has been split.
  * Fix libdoc-manpgs-pod-spell.patch to only fix spalling errors
  * Remove make-targets.patch. It prevented the test dir from being cleaned.
  * Update to a git snapshot of the OpenSSL_1_0_1-stable branch.
    - Fixes CVE-2013-6449 (Closes: #732754)
    - Fixes CVE-2013-6450
    - Drop patches ssltest_no_sslv2.patch cpuid.patch aesni-mac.patch
      dtls_version.patch get_certificate.patch, since they where all
      already commited upstream.
    - adjust fix-pod-errors.patch for the reordering of items in the
      documentation they've done trying to fix those pod errors.
    - disable rdrand engine by default (Closes: #732710)
  * disable zlib support. Fixes CVE-2012-4929 (Closes: #728055)
  * Add arm64 support (Closes: #732348)
  * Properly use the default number of bits in req when none are given

52acae6... by Kurt Roeckx on 2013-11-01

Import patches-unapplied version 1.0.1e-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8ce1bbd8473d512f65274dbd5fa5b0845fb8127e

New changelog entries:
  [ Peter Michael Green ]
  * Fix pod errors (Closes: #723954)
  * Fix clean target
  [ Kurt Roeckx ]
  * Add mipsn32 and mips64 targets. Patch from Eleanor Chen
    <email address hidden> (Closes: #720654)
  * Add support for nocheck in DEB_BUILD_OPTIONS
  * Update Norwegian translation (Closes: #653574)
  * Update description of the packages. Patch by Justin B Rye
    (Closes: #719262)
  * change to debhelper compat level 9:
    - change dh_strip call so only the files from libssl1.0.0 get debug
      symbols.
    - change dh_makeshlibs call so the engines don't get added to the
      shlibs
  * Update Standards-Version from 3.8.0 to 3.9.5. No changes required.

8ce1bbd... by Kurt Roeckx on 2013-05-20

Import patches-unapplied version 1.0.1e-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 05b54a0cf8b6dcdcbc4727cf5a25c42dc1c94f3d

New changelog entries:
  * Move <openssl/opensslconf.h> to /usr/include/$(DEB_HOST_MULTIARCH), and
    mark libssl-dev Multi-Arch: same.
    Patch by Colin Watson <email address hidden> (Closes: #689093)
  * Add Polish translation (Closes: #658162)
  * Add Turkish translation (Closes: #660971)
  * Enable assembler for the arm targets, and remove armeb.
    Patch by Riku Voipio <email address hidden> (Closes: #676533)
  * Add support for x32 (Closes: #698406)
  * enable ec_nistp_64_gcc_128 on *-amd64 (Closes: #698447)

05b54a0... by Kurt Roeckx on 2013-03-18

Import patches-unapplied version 1.0.1e-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e19510efe2346627266c179dc39dc63e98114a4b

New changelog entries:
  * Bump shlibs. It's needed for the udeb.
  * Make cpuid work on cpu's that don't set ecx (Closes: #699692)
  * Fix problem with AES-NI causing bad record mac (Closes: #701868, #702635, #678353)
  * Fix problem with DTLS version check (Closes: #701826)
  * Fix segfault in SSL_get_certificate (Closes: #703031)

e19510e... by Kurt Roeckx on 2013-02-11

Import patches-unapplied version 1.0.1e-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 23d2b7c8d282b3bd60601b7c48cf594106d126ef

New changelog entries:
  * New upstream version (Closes: #699889)
    - Fixes CVE-2013-0169, CVE-2012-2686, CVE-2013-0166
    - Drop renegiotate_tls.patch, applied upstream
    - Export new CRYPTO_memcmp symbol, update symbol file
  * Add ssltest_no_sslv2.patch so that "make test" works.
  * Re-enable assembler versions on sparc. They shouldn't have
    been disabled for sparc v9. (Closes: #649841)

23d2b7c... by Kurt Roeckx on 2012-07-17

Import patches-unapplied version 1.0.1c-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 79e8663eddb6e1140f68c98add690f24351da12e

New changelog entries:
  * Fix the configure rules for alpha (Closes: #672710)
  * Switch the postinst to sh again, there never was a reason to
    switch it to bash (Closes: #676398)
  * Fix pic.patch to not use #ifdef in x86cpuid.s, only .S files are
    preprocessed. We generate the file again for pic anyway.
    (Closes: #677468)
  * Drop Breaks against openssh as it was only for upgrades
    between versions that were only in testing/unstable.
    (Closes: #668600)