Author: You-Sheng Yang
Revision Date: 2016-06-14 08:32:10 UTC

* switch to CNTVCT tick counter
  - debian/patches/switch-to-cntvct.patch: use CNTVCT virtual timer for
    feature probing on ARM arch.

Author: You-Sheng Yang
Revision Date: 2016-06-08 02:24:25 UTC

Switch to CNTVCT tick counter on arm

Author: Marc Deslauriers
Revision Date: 2015-07-09 09:27:48 UTC

* SECURITY UPDATE: alternative chains certificate forgery
  - Updated to new upstream version
  - CVE-2015-1793

Author: Marc Deslauriers
Revision Date: 2015-07-09 09:27:48 UTC

* SECURITY UPDATE: alternative chains certificate forgery
  - Updated to new upstream version
  - CVE-2015-1793

Author: Marc Deslauriers
Revision Date: 2015-06-11 07:10:41 UTC

* SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
  - debian/patches/reject_small_dh.patch: reject small dh keys in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
    doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
    dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod.
* SECURITY UPDATE: denial of service and possible code execution via
  invalid free in DTLS
  - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
  - CVE-2014-8176
* SECURITY UPDATE: denial of service via malformed ECParameters
  - debian/patches/CVE-2015-1788.patch: improve logic in
    crypto/bn/bn_gf2m.c.
  - CVE-2015-1788
* SECURITY UPDATE: denial of service via out-of-bounds read in
  X509_cmp_time
  - debian/patches/CVE-2015-1789.patch: properly parse time format in
    crypto/x509/x509_vfy.c.
  - CVE-2015-1789
* SECURITY UPDATE: denial of service via missing EnvelopedContent
  - debian/patches/CVE-2015-1790.patch: handle NULL data_body in
    crypto/pkcs7/pk7_doit.c.
  - CVE-2015-1790
* SECURITY UPDATE: race condition in NewSessionTicket
  - debian/patches/CVE-2015-1791.patch: create a new session in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
    ssl/ssl_sess.c.
  - CVE-2015-1791
* SECURITY UPDATE: CMS verify infinite loop with unknown hash function
  - debian/patches/CVE-2015-1792.patch: fix infinite loop in
    crypto/cms/cms_smime.c.
  - CVE-2015-1792

Author: Marc Deslauriers
Revision Date: 2015-06-11 07:10:41 UTC

* SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
  - debian/patches/reject_small_dh.patch: reject small dh keys in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
    doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
    dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod.
* SECURITY UPDATE: denial of service and possible code execution via
  invalid free in DTLS
  - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
  - CVE-2014-8176
* SECURITY UPDATE: denial of service via malformed ECParameters
  - debian/patches/CVE-2015-1788.patch: improve logic in
    crypto/bn/bn_gf2m.c.
  - CVE-2015-1788
* SECURITY UPDATE: denial of service via out-of-bounds read in
  X509_cmp_time
  - debian/patches/CVE-2015-1789.patch: properly parse time format in
    crypto/x509/x509_vfy.c.
  - CVE-2015-1789
* SECURITY UPDATE: denial of service via missing EnvelopedContent
  - debian/patches/CVE-2015-1790.patch: handle NULL data_body in
    crypto/pkcs7/pk7_doit.c.
  - CVE-2015-1790
* SECURITY UPDATE: race condition in NewSessionTicket
  - debian/patches/CVE-2015-1791.patch: create a new session in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
    ssl/ssl_sess.c.
  - CVE-2015-1791
* SECURITY UPDATE: CMS verify infinite loop with unknown hash function
  - debian/patches/CVE-2015-1792.patch: fix infinite loop in
    crypto/cms/cms_smime.c.
  - CVE-2015-1792

Author: Marc Deslauriers
Revision Date: 2015-06-11 07:35:48 UTC

* SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
  - debian/patches/reject_small_dh.patch: reject small dh keys in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
    doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
    dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod,
    switch defaut dh to 2048-bit in apps/dhparam.c, apps/gendh.c.
* SECURITY UPDATE: denial of service and possible code execution via
  invalid free in DTLS
  - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
  - CVE-2014-8176
* SECURITY UPDATE: denial of service via malformed ECParameters
  - debian/patches/CVE-2015-1788.patch: improve logic in
    crypto/bn/bn_gf2m.c.
  - CVE-2015-1788
* SECURITY UPDATE: denial of service via out-of-bounds read in
  X509_cmp_time
  - debian/patches/CVE-2015-1789.patch: properly parse time format in
    crypto/x509/x509_vfy.c.
  - CVE-2015-1789
* SECURITY UPDATE: denial of service via missing EnvelopedContent
  - debian/patches/CVE-2015-1790.patch: handle NULL data_body in
    crypto/pkcs7/pk7_doit.c.
  - CVE-2015-1790
* SECURITY UPDATE: race condition in NewSessionTicket
  - debian/patches/CVE-2015-1791.patch: create a new session in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
    ssl/ssl_sess.c.
  - CVE-2015-1791
* SECURITY UPDATE: CMS verify infinite loop with unknown hash function
  - debian/patches/CVE-2015-1792.patch: fix infinite loop in
    crypto/cms/cms_smime.c.
  - CVE-2015-1792

Author: Marc Deslauriers
Revision Date: 2015-06-11 07:35:48 UTC

* SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
  - debian/patches/reject_small_dh.patch: reject small dh keys in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
    doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
    dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod,
    switch defaut dh to 2048-bit in apps/dhparam.c, apps/gendh.c.
* SECURITY UPDATE: denial of service and possible code execution via
  invalid free in DTLS
  - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
  - CVE-2014-8176
* SECURITY UPDATE: denial of service via malformed ECParameters
  - debian/patches/CVE-2015-1788.patch: improve logic in
    crypto/bn/bn_gf2m.c.
  - CVE-2015-1788
* SECURITY UPDATE: denial of service via out-of-bounds read in
  X509_cmp_time
  - debian/patches/CVE-2015-1789.patch: properly parse time format in
    crypto/x509/x509_vfy.c.
  - CVE-2015-1789
* SECURITY UPDATE: denial of service via missing EnvelopedContent
  - debian/patches/CVE-2015-1790.patch: handle NULL data_body in
    crypto/pkcs7/pk7_doit.c.
  - CVE-2015-1790
* SECURITY UPDATE: race condition in NewSessionTicket
  - debian/patches/CVE-2015-1791.patch: create a new session in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
    ssl/ssl_sess.c.
  - CVE-2015-1791
* SECURITY UPDATE: CMS verify infinite loop with unknown hash function
  - debian/patches/CVE-2015-1792.patch: fix infinite loop in
    crypto/cms/cms_smime.c.
  - CVE-2015-1792

Author: Marc Deslauriers
Revision Date: 2015-06-11 07:34:23 UTC

* SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
  - debian/patches/reject_small_dh.patch: reject small dh keys in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
    doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
    dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod.
* SECURITY UPDATE: denial of service and possible code execution via
  invalid free in DTLS
  - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
  - CVE-2014-8176
* SECURITY UPDATE: denial of service via malformed ECParameters
  - debian/patches/CVE-2015-1788.patch: improve logic in
    crypto/bn/bn_gf2m.c.
  - CVE-2015-1788
* SECURITY UPDATE: denial of service via out-of-bounds read in
  X509_cmp_time
  - debian/patches/CVE-2015-1789.patch: properly parse time format in
    crypto/x509/x509_vfy.c.
  - CVE-2015-1789
* SECURITY UPDATE: denial of service via missing EnvelopedContent
  - debian/patches/CVE-2015-1790.patch: handle NULL data_body in
    crypto/pkcs7/pk7_doit.c.
  - CVE-2015-1790
* SECURITY UPDATE: race condition in NewSessionTicket
  - debian/patches/CVE-2015-1791.patch: create a new session in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
    ssl/ssl_sess.c.
  - CVE-2015-1791
* SECURITY UPDATE: CMS verify infinite loop with unknown hash function
  - debian/patches/CVE-2015-1792.patch: fix infinite loop in
    crypto/cms/cms_smime.c.
  - CVE-2015-1792

Author: Marc Deslauriers
Revision Date: 2015-06-11 07:34:23 UTC

* SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
  - debian/patches/reject_small_dh.patch: reject small dh keys in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
    doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
    dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod.
* SECURITY UPDATE: denial of service and possible code execution via
  invalid free in DTLS
  - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
  - CVE-2014-8176
* SECURITY UPDATE: denial of service via malformed ECParameters
  - debian/patches/CVE-2015-1788.patch: improve logic in
    crypto/bn/bn_gf2m.c.
  - CVE-2015-1788
* SECURITY UPDATE: denial of service via out-of-bounds read in
  X509_cmp_time
  - debian/patches/CVE-2015-1789.patch: properly parse time format in
    crypto/x509/x509_vfy.c.
  - CVE-2015-1789
* SECURITY UPDATE: denial of service via missing EnvelopedContent
  - debian/patches/CVE-2015-1790.patch: handle NULL data_body in
    crypto/pkcs7/pk7_doit.c.
  - CVE-2015-1790
* SECURITY UPDATE: race condition in NewSessionTicket
  - debian/patches/CVE-2015-1791.patch: create a new session in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
    ssl/ssl_sess.c.
  - CVE-2015-1791
* SECURITY UPDATE: CMS verify infinite loop with unknown hash function
  - debian/patches/CVE-2015-1792.patch: fix infinite loop in
    crypto/cms/cms_smime.c.
  - CVE-2015-1792

Author: Marc Deslauriers
Revision Date: 2015-06-11 07:12:10 UTC

* SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
  - debian/patches/reject_small_dh.patch: reject small dh keys in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
    doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
    dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod.
* SECURITY UPDATE: denial of service and possible code execution via
  invalid free in DTLS
  - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
  - CVE-2014-8176
* SECURITY UPDATE: denial of service via malformed ECParameters
  - debian/patches/CVE-2015-1788.patch: improve logic in
    crypto/bn/bn_gf2m.c.
  - CVE-2015-1788
* SECURITY UPDATE: denial of service via out-of-bounds read in
  X509_cmp_time
  - debian/patches/CVE-2015-1789.patch: properly parse time format in
    crypto/x509/x509_vfy.c.
  - CVE-2015-1789
* SECURITY UPDATE: denial of service via missing EnvelopedContent
  - debian/patches/CVE-2015-1790.patch: handle NULL data_body in
    crypto/pkcs7/pk7_doit.c.
  - CVE-2015-1790
* SECURITY UPDATE: race condition in NewSessionTicket
  - debian/patches/CVE-2015-1791.patch: create a new session in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
    ssl/ssl_sess.c.
  - CVE-2015-1791
* SECURITY UPDATE: CMS verify infinite loop with unknown hash function
  - debian/patches/CVE-2015-1792.patch: fix infinite loop in
    crypto/cms/cms_smime.c.
  - CVE-2015-1792

Author: Marc Deslauriers
Revision Date: 2015-06-11 07:12:10 UTC

* SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
  - debian/patches/reject_small_dh.patch: reject small dh keys in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
    doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
    dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod.
* SECURITY UPDATE: denial of service and possible code execution via
  invalid free in DTLS
  - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
  - CVE-2014-8176
* SECURITY UPDATE: denial of service via malformed ECParameters
  - debian/patches/CVE-2015-1788.patch: improve logic in
    crypto/bn/bn_gf2m.c.
  - CVE-2015-1788
* SECURITY UPDATE: denial of service via out-of-bounds read in
  X509_cmp_time
  - debian/patches/CVE-2015-1789.patch: properly parse time format in
    crypto/x509/x509_vfy.c.
  - CVE-2015-1789
* SECURITY UPDATE: denial of service via missing EnvelopedContent
  - debian/patches/CVE-2015-1790.patch: handle NULL data_body in
    crypto/pkcs7/pk7_doit.c.
  - CVE-2015-1790
* SECURITY UPDATE: race condition in NewSessionTicket
  - debian/patches/CVE-2015-1791.patch: create a new session in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
    ssl/ssl_sess.c.
  - CVE-2015-1791
* SECURITY UPDATE: CMS verify infinite loop with unknown hash function
  - debian/patches/CVE-2015-1792.patch: fix infinite loop in
    crypto/cms/cms_smime.c.
  - CVE-2015-1792

Author: Marc Deslauriers
Revision Date: 2015-03-19 10:07:13 UTC

* SECURITY UPDATE: denial of service and possible memory corruption via
  malformed EC private key
  - debian/patches/CVE-2015-0209.patch: fix use after free in
    crypto/ec/ec_asn1.c.
  - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
    freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
  - CVE-2015-0209
* SECURITY UPDATE: denial of service via cert verification
  - debian/patches/CVE-2015-0286.patch: handle boolean types in
    crypto/asn1/a_type.c.
  - CVE-2015-0286
* SECURITY UPDATE: ASN.1 structure reuse memory corruption
  - debian/patches/CVE-2015-0287.patch: free up structures in
    crypto/asn1/tasn_dec.c.
  - CVE-2015-0287
* SECURITY UPDATE: denial of service via invalid certificate key
  - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
    crypto/x509/x509_req.c.
  - CVE-2015-0288
* SECURITY UPDATE: denial of service and possible code execution via
  PKCS#7 parsing
  - debian/patches/CVE-2015-0289.patch: handle missing content in
    crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
  - CVE-2015-0289
* SECURITY UPDATE: denial of service or memory corruption via base64
  decoding
  - debian/patches/CVE-2015-0292.patch: prevent underflow in
    crypto/evp/encode.c.
  - CVE-2015-0292
* SECURITY UPDATE: denial of service via assert in SSLv2 servers
  - debian/patches/CVE-2015-0293.patch: check key lengths in
    ssl/s2_lib.c, ssl/s2_srvr.c.
  - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
    ssl/s2_srvr.c.
  - CVE-2015-0293

Author: Marc Deslauriers
Revision Date: 2015-03-19 10:07:13 UTC

* SECURITY UPDATE: denial of service and possible memory corruption via
  malformed EC private key
  - debian/patches/CVE-2015-0209.patch: fix use after free in
    crypto/ec/ec_asn1.c.
  - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
    freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
  - CVE-2015-0209
* SECURITY UPDATE: denial of service via cert verification
  - debian/patches/CVE-2015-0286.patch: handle boolean types in
    crypto/asn1/a_type.c.
  - CVE-2015-0286
* SECURITY UPDATE: ASN.1 structure reuse memory corruption
  - debian/patches/CVE-2015-0287.patch: free up structures in
    crypto/asn1/tasn_dec.c.
  - CVE-2015-0287
* SECURITY UPDATE: denial of service via invalid certificate key
  - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
    crypto/x509/x509_req.c.
  - CVE-2015-0288
* SECURITY UPDATE: denial of service and possible code execution via
  PKCS#7 parsing
  - debian/patches/CVE-2015-0289.patch: handle missing content in
    crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
  - CVE-2015-0289
* SECURITY UPDATE: denial of service or memory corruption via base64
  decoding
  - debian/patches/CVE-2015-0292.patch: prevent underflow in
    crypto/evp/encode.c.
  - CVE-2015-0292
* SECURITY UPDATE: denial of service via assert in SSLv2 servers
  - debian/patches/CVE-2015-0293.patch: check key lengths in
    ssl/s2_lib.c, ssl/s2_srvr.c.
  - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
    ssl/s2_srvr.c.
  - CVE-2015-0293

Author: Marc Deslauriers
Revision Date: 2015-03-19 09:57:59 UTC

* SECURITY UPDATE: denial of service and possible memory corruption via
  malformed EC private key
  - debian/patches/CVE-2015-0209.patch: fix use after free in
    crypto/ec/ec_asn1.c.
  - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
    freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
  - CVE-2015-0209
* SECURITY UPDATE: denial of service via cert verification
  - debian/patches/CVE-2015-0286.patch: handle boolean types in
    crypto/asn1/a_type.c.
  - CVE-2015-0286
* SECURITY UPDATE: ASN.1 structure reuse memory corruption
  - debian/patches/CVE-2015-0287.patch: free up structures in
    crypto/asn1/tasn_dec.c.
  - CVE-2015-0287
* SECURITY UPDATE: denial of service via invalid certificate key
  - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
    crypto/x509/x509_req.c.
  - CVE-2015-0288
* SECURITY UPDATE: denial of service and possible code execution via
  PKCS#7 parsing
  - debian/patches/CVE-2015-0289.patch: handle missing content in
    crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
  - CVE-2015-0289
* SECURITY UPDATE: denial of service or memory corruption via base64
  decoding
  - debian/patches/CVE-2015-0292.patch: prevent underflow in
    crypto/evp/encode.c.
  - CVE-2015-0292
* SECURITY UPDATE: denial of service via assert in SSLv2 servers
  - debian/patches/CVE-2015-0293.patch: check key lengths in
    ssl/s2_lib.c, ssl/s2_srvr.c.
  - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
    ssl/s2_srvr.c.
  - CVE-2015-0293

Author: Marc Deslauriers
Revision Date: 2015-03-19 09:57:59 UTC

* SECURITY UPDATE: denial of service and possible memory corruption via
  malformed EC private key
  - debian/patches/CVE-2015-0209.patch: fix use after free in
    crypto/ec/ec_asn1.c.
  - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
    freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
  - CVE-2015-0209
* SECURITY UPDATE: denial of service via cert verification
  - debian/patches/CVE-2015-0286.patch: handle boolean types in
    crypto/asn1/a_type.c.
  - CVE-2015-0286
* SECURITY UPDATE: ASN.1 structure reuse memory corruption
  - debian/patches/CVE-2015-0287.patch: free up structures in
    crypto/asn1/tasn_dec.c.
  - CVE-2015-0287
* SECURITY UPDATE: denial of service via invalid certificate key
  - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
    crypto/x509/x509_req.c.
  - CVE-2015-0288
* SECURITY UPDATE: denial of service and possible code execution via
  PKCS#7 parsing
  - debian/patches/CVE-2015-0289.patch: handle missing content in
    crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
  - CVE-2015-0289
* SECURITY UPDATE: denial of service or memory corruption via base64
  decoding
  - debian/patches/CVE-2015-0292.patch: prevent underflow in
    crypto/evp/encode.c.
  - CVE-2015-0292
* SECURITY UPDATE: denial of service via assert in SSLv2 servers
  - debian/patches/CVE-2015-0293.patch: check key lengths in
    ssl/s2_lib.c, ssl/s2_srvr.c.
  - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
    ssl/s2_srvr.c.
  - CVE-2015-0293

Author: Marc Deslauriers
Revision Date: 2015-02-26 13:05:15 UTC

* Fix DTLS handshake on amd64 (LP: #1425914)
  - debian/patches/lp1425914.patch: backport upstream patch that fixes
    alignment issue causing an assert in ssl/ssl_ciph.c.

Author: Marc Deslauriers
Revision Date: 2014-10-16 10:56:10 UTC

* SECURITY UPDATE: denial of service via DTLS SRTP memory leak
  - debian/patches/CVE-2014-3513.patch: fix logic in ssl/d1_srtp.c,
    ssl/srtp.h, ssl/t1_lib.c, util/mk1mf.pl, util/mkdef.pl,
    util/ssleay.num.
  - CVE-2014-3513
* SECURITY UPDATE: denial of service via session ticket integrity check
  memory leak
  - debian/patches/CVE-2014-3567.patch: perform cleanup in ssl/t1_lib.c.
  - CVE-2014-3567
* SECURITY UPDATE: fix the no-ssl3 build option
  - debian/patches/CVE-2014-3568.patch: fix conditional code in
    ssl/s23_clnt.c, ssl/s23_srvr.c.
  - CVE-2014-3568
* SECURITY IMPROVEMENT: Added TLS_FALLBACK_SCSV support to mitigate a
  protocol downgrade attack to SSLv3 that exposes the POODLE attack.
  - debian/patches/tls_fallback_scsv_support.patch: added support for
    TLS_FALLBACK_SCSV in apps/s_client.c, crypto/err/openssl.ec,
    ssl/d1_lib.c, ssl/dtls1.h, ssl/s23_clnt.c, ssl/s23_srvr.c,
    ssl/s2_lib.c, ssl/s3_enc.c, ssl/s3_lib.c, ssl/ssl.h, ssl/ssl3.h,
    ssl/ssl_err.c, ssl/ssl_lib.c, ssl/t1_enc.c, ssl/tls1.h,
    doc/apps/s_client.pod, doc/ssl/SSL_CTX_set_mode.pod.

Author: Marc Deslauriers
Revision Date: 2014-10-16 10:56:10 UTC

* SECURITY UPDATE: denial of service via DTLS SRTP memory leak
  - debian/patches/CVE-2014-3513.patch: fix logic in ssl/d1_srtp.c,
    ssl/srtp.h, ssl/t1_lib.c, util/mk1mf.pl, util/mkdef.pl,
    util/ssleay.num.
  - CVE-2014-3513
* SECURITY UPDATE: denial of service via session ticket integrity check
  memory leak
  - debian/patches/CVE-2014-3567.patch: perform cleanup in ssl/t1_lib.c.
  - CVE-2014-3567
* SECURITY UPDATE: fix the no-ssl3 build option
  - debian/patches/CVE-2014-3568.patch: fix conditional code in
    ssl/s23_clnt.c, ssl/s23_srvr.c.
  - CVE-2014-3568
* SECURITY IMPROVEMENT: Added TLS_FALLBACK_SCSV support to mitigate a
  protocol downgrade attack to SSLv3 that exposes the POODLE attack.
  - debian/patches/tls_fallback_scsv_support.patch: added support for
    TLS_FALLBACK_SCSV in apps/s_client.c, crypto/err/openssl.ec,
    ssl/d1_lib.c, ssl/dtls1.h, ssl/s23_clnt.c, ssl/s23_srvr.c,
    ssl/s2_lib.c, ssl/s3_enc.c, ssl/s3_lib.c, ssl/ssl.h, ssl/ssl3.h,
    ssl/ssl_err.c, ssl/ssl_lib.c, ssl/t1_enc.c, ssl/tls1.h,
    doc/apps/s_client.pod, doc/ssl/SSL_CTX_set_mode.pod.

Author: Marc Deslauriers
Revision Date: 2014-06-20 13:56:05 UTC

* SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
  - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
    sending finished ssl/s3_clnt.c.

Author: Marc Deslauriers
Revision Date: 2014-06-20 13:56:05 UTC

* SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
  - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
    sending finished ssl/s3_clnt.c.

Author: Marc Deslauriers
Revision Date: 2014-05-02 15:27:44 UTC

* SECURITY UPDATE: denial of service via use after free
  - debian/patches/CVE-2010-5298.patch: check s->s3->rbuf.left before
    releasing buffers in ssl/s3_pkt.c.
  - CVE-2010-5298
* SECURITY UPDATE: denial of service via null pointer dereference
  - debian/patches/CVE-2014-0198.patch: if buffer was released, get a new
    one in ssl/s3_pkt.c.
  - CVE-2014-0198

Author: Marc Deslauriers
Revision Date: 2014-05-02 15:27:44 UTC

* SECURITY UPDATE: denial of service via use after free
  - debian/patches/CVE-2010-5298.patch: check s->s3->rbuf.left before
    releasing buffers in ssl/s3_pkt.c.
  - CVE-2010-5298
* SECURITY UPDATE: denial of service via null pointer dereference
  - debian/patches/CVE-2014-0198.patch: if buffer was released, get a new
    one in ssl/s3_pkt.c.
  - CVE-2014-0198

Author: Marc Deslauriers
Revision Date: 2014-04-07 15:37:53 UTC

* SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
  - debian/patches/CVE-2014-0076.patch: add and use constant time swap in
    crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
    util/libeay.num.
  - CVE-2014-0076
* SECURITY UPDATE: memory disclosure in TLS heartbeat extension
  - debian/patches/CVE-2014-0160.patch: use correct lengths in
    ssl/d1_both.c, ssl/t1_lib.c.
  - CVE-2014-0160

Author: Marc Deslauriers
Revision Date: 2014-04-07 15:37:53 UTC

* SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
  - debian/patches/CVE-2014-0076.patch: add and use constant time swap in
    crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
    util/libeay.num.
  - CVE-2014-0076
* SECURITY UPDATE: memory disclosure in TLS heartbeat extension
  - debian/patches/CVE-2014-0160.patch: use correct lengths in
    ssl/d1_both.c, ssl/t1_lib.c.
  - CVE-2014-0160

Author: Marc Deslauriers
Revision Date: 2014-01-08 14:55:58 UTC

* SECURITY UPDATE: denial of service via invalid TLS handshake
  - debian/patches/CVE-2013-4353.patch: handle no new cipher setup in
    ssl/s3_both.c.
  - CVE-2013-4353
* SECURITY UPDATE: denial of service via incorrect data structure
  - debian/patches/CVE-2013-6449.patch: check for handshake digests in
    ssl/s3_both.c,ssl/s3_pkt.c,ssl/t1_enc.c, use proper version in
    ssl/s3_lib.c.
  - CVE-2013-6449
* SECURITY UPDATE: denial of service via DTLS retransmission
  - debian/patches/CVE-2013-6450.patch: fix DTLS retransmission in
    crypto/evp/digest.c,ssl/d1_both.c,ssl/s3_pkt.c,ssl/s3_srvr.c,
    ssl/ssl_locl.h,ssl/t1_enc.c.
  - CVE-2013-6450
* debian/patches/no_default_rdrand.patch: Don't use rdrand engine as
  default unless explicitly requested.

Author: Marc Deslauriers
Revision Date: 2014-01-08 14:55:58 UTC

* SECURITY UPDATE: denial of service via invalid TLS handshake
  - debian/patches/CVE-2013-4353.patch: handle no new cipher setup in
    ssl/s3_both.c.
  - CVE-2013-4353
* SECURITY UPDATE: denial of service via incorrect data structure
  - debian/patches/CVE-2013-6449.patch: check for handshake digests in
    ssl/s3_both.c,ssl/s3_pkt.c,ssl/t1_enc.c, use proper version in
    ssl/s3_lib.c.
  - CVE-2013-6449
* SECURITY UPDATE: denial of service via DTLS retransmission
  - debian/patches/CVE-2013-6450.patch: fix DTLS retransmission in
    crypto/evp/digest.c,ssl/d1_both.c,ssl/s3_pkt.c,ssl/s3_srvr.c,
    ssl/ssl_locl.h,ssl/t1_enc.c.
  - CVE-2013-6450
* debian/patches/no_default_rdrand.patch: Don't use rdrand engine as
  default unless explicitly requested.

Author: Matthias Klose
Revision Date: 2013-07-15 14:07:52 UTC

* Merge with Debian, remaining changes.
  - debian/libssl1.0.0.postinst:
    + Display a system restart required notification on libssl1.0.0
      upgrade on servers.
    + Use a different priority for libssl1.0.0/restart-services depending
      on whether a desktop, or server dist-upgrade is being performed.
  - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
    libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
    in Debian).
  - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
    rules}: Move runtime libraries to /lib, for the benefit of
    wpasupplicant.
  - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
    .pc.
  - debian/rules:
    + Don't run 'make test' when cross-building.
    + Use host compiler when cross-building. Patch from Neil Williams.
    + Don't build for processors no longer supported: i586 (on i386)
    + Fix Makefile to properly clean up libs/ dirs in clean target.
    + Replace duplicate files in the doc directory with symlinks.
  - Unapply patch c_rehash-multi and comment it out in the series as it
    breaks parsing of certificates with CRLF line endings and other cases
    (see Debian #642314 for discussion), it also changes the semantics of
    c_rehash directories by requiring applications to parse hash link
    targets as files containing potentially *multiple* certificates rather
    than exactly one.
  - debian/patches/tls12_workarounds.patch: Workaround large client hello
    issues when TLS 1.1 and lower is in use
  - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-*
  - debian/patches/ubuntu_deb676533_arm_asm.patch: Enable arm assembly
    code.
  - debian/patches/arm64-support: Add basic arm64 support (no assembler)
  - debian/rules: Enable optimized 64bit elliptic curve code contributed
    by Google.
* debian/patches/tls12_workarounds.patch: updated to also disable TLS 1.2
  in test suite since we disable it in the client.
* Disable compression to avoid CRIME systemwide (CVE-2012-4929).
* Dropped changes:
  - debian/patches/ubuntu_deb676533_arm_asm.patch, applied in Debian.

Author: Seth Arnold
Revision Date: 2013-06-03 18:13:47 UTC

* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
  (LP: #1187195)
  - CVE-2012-4929
  - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
    zlib to compress SSL/TLS unless the environment variable
    OPENSSL_DEFAULT_ZLIB is set in the environment during library
    initialization.
  - Introduced to assist with programs not yet updated to provide their own
    controls on compression, such as Postfix
  - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch

Author: Seth Arnold
Revision Date: 2013-06-03 18:13:33 UTC

* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
  (LP: #1187195)
  - CVE-2012-4929
  - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
    zlib to compress SSL/TLS unless the environment variable
    OPENSSL_DEFAULT_ZLIB is set in the environment during library
    initialization.
  - Introduced to assist with programs not yet updated to provide their own
    controls on compression, such as Postfix
  - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch

Author: Colin Watson
Revision Date: 2012-04-24 13:06:58 UTC

releasing version 1.0.1-4ubuntu4

Author: Matthias Klose
Revision Date: 2013-07-15 14:07:52 UTC

* Merge with Debian, remaining changes.
  - debian/libssl1.0.0.postinst:
    + Display a system restart required notification on libssl1.0.0
      upgrade on servers.
    + Use a different priority for libssl1.0.0/restart-services depending
      on whether a desktop, or server dist-upgrade is being performed.
  - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
    libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
    in Debian).
  - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
    rules}: Move runtime libraries to /lib, for the benefit of
    wpasupplicant.
  - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
    .pc.
  - debian/rules:
    + Don't run 'make test' when cross-building.
    + Use host compiler when cross-building. Patch from Neil Williams.
    + Don't build for processors no longer supported: i586 (on i386)
    + Fix Makefile to properly clean up libs/ dirs in clean target.
    + Replace duplicate files in the doc directory with symlinks.
  - Unapply patch c_rehash-multi and comment it out in the series as it
    breaks parsing of certificates with CRLF line endings and other cases
    (see Debian #642314 for discussion), it also changes the semantics of
    c_rehash directories by requiring applications to parse hash link
    targets as files containing potentially *multiple* certificates rather
    than exactly one.
  - debian/patches/tls12_workarounds.patch: Workaround large client hello
    issues when TLS 1.1 and lower is in use
  - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-*
  - debian/patches/ubuntu_deb676533_arm_asm.patch: Enable arm assembly
    code.
  - debian/patches/arm64-support: Add basic arm64 support (no assembler)
  - debian/rules: Enable optimized 64bit elliptic curve code contributed
    by Google.
* debian/patches/tls12_workarounds.patch: updated to also disable TLS 1.2
  in test suite since we disable it in the client.
* Disable compression to avoid CRIME systemwide (CVE-2012-4929).
* Dropped changes:
  - debian/patches/ubuntu_deb676533_arm_asm.patch, applied in Debian.

Author: Seth Arnold
Revision Date: 2013-06-03 20:37:34 UTC

* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
  (LP: #1187195)
  - CVE-2012-4929
  - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
    zlib to compress SSL/TLS unless the environment variable
    OPENSSL_DEFAULT_ZLIB is set in the environment during library
    initialization.
  - Introduced to assist with programs not yet updated to provide their own
    controls on compression, such as Postfix
  - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch

Author: Marc Deslauriers
Revision Date: 2013-03-19 14:33:14 UTC

* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - debian/patches/CVE-2013-0169.patch: re-enabled patch and added extra
    commit from upstream to fix regression.
  - CVE-2013-0169

Author: Marc Deslauriers
Revision Date: 2013-02-18 15:49:05 UTC

* SECURITY UPDATE: denial of service via invalid OCSP key
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200
  - CVE-2013-0166
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=270881316664396326c461ec7a124aec2c6cc081
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=35a65e814beb899fa1c69a7673a8956c6059dce7
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a33e6702a0db1b9f4648d247b8b28a5c0e42ca13
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2928cb4c82d6516d9e65ede4901a5957d8c39c32
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b3a959a337b8083bc855623f24cebaf43a477350
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=be88529753897c29c677d1becb321f0072c0659c
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=99f5093347c65eecbd05f0668aea94b32fcf20d7
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=24b28060975c01b749391778d13ec2ea1323a1aa
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=924b11742296c13816a9f301e76fea023003920c
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c23a7458209e773ffcd42bdcfa5cf2564df86bd7
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1909df070fb5c5b87246a2de19c17588deba5818
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=33ccde59a1ece0f68cc4b64e930001ab230725b1
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5f9345a2f0b592457fc4a619ac98ea59ffd394ba
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=40e0de03955e218f45a7979cb46fba193f4e7fc2
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1213e6c3c2d7abeeb886d911a3c6c06c5da2e3a4
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ca3b81c8580a609edac1f13a3f62d4348d66c3a8
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6351adecb4726476def5f5ad904a7d2e63480d53
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb092ef4fca897344daf7189526f5f26be6487ce
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=59b1129e0a50fdf7e4e58d7c355783a7bfc1f44c
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4ea7019165db53b92b4284461c5c88bfe7c6e57d
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=76c61a5d1adb92388f39e585e4af860a20feb9bb
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ff58eaa4b645a38f3a226cf566d969fffa64ef94
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5864fd2061f43dc8f89b5755f19bd2a35dec636c
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fbe621d08f2026926c91c1c5f386b27605e39a43
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a8655eb21a7f9a313db18daa6ccaed928fb6027c
  - CVE-2013-0169

Author: Marc Deslauriers
Revision Date: 2013-02-18 15:49:05 UTC

* SECURITY UPDATE: denial of service via invalid OCSP key
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200
  - CVE-2013-0166
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=270881316664396326c461ec7a124aec2c6cc081
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=35a65e814beb899fa1c69a7673a8956c6059dce7
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a33e6702a0db1b9f4648d247b8b28a5c0e42ca13
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2928cb4c82d6516d9e65ede4901a5957d8c39c32
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b3a959a337b8083bc855623f24cebaf43a477350
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=be88529753897c29c677d1becb321f0072c0659c
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=99f5093347c65eecbd05f0668aea94b32fcf20d7
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=24b28060975c01b749391778d13ec2ea1323a1aa
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=924b11742296c13816a9f301e76fea023003920c
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c23a7458209e773ffcd42bdcfa5cf2564df86bd7
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1909df070fb5c5b87246a2de19c17588deba5818
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=33ccde59a1ece0f68cc4b64e930001ab230725b1
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5f9345a2f0b592457fc4a619ac98ea59ffd394ba
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=40e0de03955e218f45a7979cb46fba193f4e7fc2
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1213e6c3c2d7abeeb886d911a3c6c06c5da2e3a4
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ca3b81c8580a609edac1f13a3f62d4348d66c3a8
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6351adecb4726476def5f5ad904a7d2e63480d53
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb092ef4fca897344daf7189526f5f26be6487ce
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=59b1129e0a50fdf7e4e58d7c355783a7bfc1f44c
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4ea7019165db53b92b4284461c5c88bfe7c6e57d
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=76c61a5d1adb92388f39e585e4af860a20feb9bb
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ff58eaa4b645a38f3a226cf566d969fffa64ef94
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5864fd2061f43dc8f89b5755f19bd2a35dec636c
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fbe621d08f2026926c91c1c5f386b27605e39a43
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a8655eb21a7f9a313db18daa6ccaed928fb6027c
  - CVE-2013-0169

Author: Marc Deslauriers
Revision Date: 2013-02-18 14:55:40 UTC

* SECURITY UPDATE: denial of service via invalid OCSP key
  - debian/patches/CVE-2013-0166.patch: properly handle NULL key in
    crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
  - CVE-2013-0166
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - debian/patches/CVE-2013-0169.patch: massive code changes
  - CVE-2013-0169

Author: Marc Deslauriers
Revision Date: 2013-02-18 14:55:40 UTC

* SECURITY UPDATE: denial of service via invalid OCSP key
  - debian/patches/CVE-2013-0166.patch: properly handle NULL key in
    crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
  - CVE-2013-0166
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - debian/patches/CVE-2013-0169.patch: massive code changes
  - CVE-2013-0169

Author: Tyler Hicks
Revision Date: 2012-10-04 10:34:57 UTC

[ Tyler Hicks <tyhicks@canonical.com> ]
* debian/patches/tls12_workarounds.patch: Readd the change to check
  TLS1_get_client_version rather than TLS1_get_version to fix incorrect
  client hello cipher list truncation when TLS 1.1 and lower is in use.
  (LP: #1051892)

[ Micah Gersten <micahg@ubuntu.com> ]
* Mark Debian Vcs-* as XS-Debian-Vcs-*
  - update debian/control

Author: Steve Beattie
Revision Date: 2012-05-22 15:25:06 UTC

* SECURITY UPDATE: denial of service attack in DTLS implementation
  - debian/patches/CVE_2012-2333.patch: guard for integer overflow
    before skipping explicit IV
  - CVE-2012-2333
* SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7
  - debian/patches/CVE-2012-0884.patch: use a random key if RSA
    decryption fails to avoid leaking timing information
  - CVE-2012-0884
* debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto
  errors in PKCS7_decrypt and initialize tkeylen properly when
  encrypting CMS messages.

Author: Steve Beattie
Revision Date: 2012-05-22 15:25:06 UTC

* SECURITY UPDATE: denial of service attack in DTLS implementation
  - debian/patches/CVE_2012-2333.patch: guard for integer overflow
    before skipping explicit IV
  - CVE-2012-2333
* SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7
  - debian/patches/CVE-2012-0884.patch: use a random key if RSA
    decryption fails to avoid leaking timing information
  - CVE-2012-0884
* debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto
  errors in PKCS7_decrypt and initialize tkeylen properly when
  encrypting CMS messages.

Author: Jamie Strandboge
Revision Date: 2012-04-19 10:31:06 UTC

* SECURITY UPDATE: fix various overflows
  - debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c,
    crypto/buffer.c and crypto/mem.c to verify size of lengths
  - CVE-2012-2110

Author: Colin Watson
Revision Date: 2012-04-10 19:49:59 UTC

merge fixes LP: #968753

Author: Colin Watson
Revision Date: 2012-03-30 23:45:22 UTC

add .pc/tls12_workarounds.patch/Configure to deconfuse package importer

Author: Steve Beattie
Revision Date: 2012-01-31 01:37:33 UTC

* SECURITY UPDATE: ECDSA private key timing attack
  - debian/patches/CVE-2011-1945.patch: compute with fixed scalar
    length
  - CVE-2011-1945
* SECURITY UPDATE: ECDH ciphersuite denial of service
  - debian/patches/CVE-2011-3210.patch: fix memory usage for thread
    safety
  - CVE-2011-3210
* SECURITY UPDATE: DTLS plaintext recovery attack
  - debian/patches/CVE-2011-4108.patch: perform all computations
    before discarding messages
  - CVE-2011-4108
* SECURITY UPDATE: policy check double free vulnerability
  - debian/patches/CVE-2011-4019.patch: only free domain policyin
    one location
  - CVE-2011-4019
* SECURITY UPDATE: SSL 3.0 block padding exposure
  - debian/patches/CVE-2011-4576.patch: clear bytes used for block
    padding of SSL 3.0 records.
  - CVE-2011-4576
* SECURITY UPDATE: malformed RFC 3779 data denial of service attack
  - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779
    data from triggering an assertion failure
  - CVE-2011-4577
* SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service
  - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake
    restart for SSL/TLS.
  - CVE-2011-4619
* SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack
  - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC
  - CVE-2012-0050
* debian/patches/openssl-fix_ECDSA_tests.patch: fix ECDSA tests
* debian/libssl0.9.8.postinst: Only issue the reboot notification for
  servers by testing that the X server is not running (LP: #244250)

Author: Steve Beattie
Revision Date: 2012-01-31 01:37:33 UTC

* SECURITY UPDATE: ECDSA private key timing attack
  - debian/patches/CVE-2011-1945.patch: compute with fixed scalar
    length
  - CVE-2011-1945
* SECURITY UPDATE: ECDH ciphersuite denial of service
  - debian/patches/CVE-2011-3210.patch: fix memory usage for thread
    safety
  - CVE-2011-3210
* SECURITY UPDATE: DTLS plaintext recovery attack
  - debian/patches/CVE-2011-4108.patch: perform all computations
    before discarding messages
  - CVE-2011-4108
* SECURITY UPDATE: policy check double free vulnerability
  - debian/patches/CVE-2011-4019.patch: only free domain policyin
    one location
  - CVE-2011-4019
* SECURITY UPDATE: SSL 3.0 block padding exposure
  - debian/patches/CVE-2011-4576.patch: clear bytes used for block
    padding of SSL 3.0 records.
  - CVE-2011-4576
* SECURITY UPDATE: malformed RFC 3779 data denial of service attack
  - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779
    data from triggering an assertion failure
  - CVE-2011-4577
* SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service
  - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake
    restart for SSL/TLS.
  - CVE-2011-4619
* SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack
  - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC
  - CVE-2012-0050
* debian/patches/openssl-fix_ECDSA_tests.patch: fix ECDSA tests
* debian/libssl0.9.8.postinst: Only issue the reboot notification for
  servers by testing that the X server is not running (LP: #244250)

Author: Colin Watson
Revision Date: 2011-10-04 12:36:28 UTC

releasing version 1.0.0e-2ubuntu3

Author: Marc Deslauriers
Revision Date: 2011-10-04 09:31:22 UTC

The previous change moved the notification to major upgrades only, but
in fact, we do want the sysadmin to be notified when security updates
are installed, without having services automatically restarted.
(LP: #244250)

Author: Steve Beattie
Revision Date: 2011-09-15 05:07:35 UTC

CVE-2011-3210 (LP: #850608). Remaining changes:
debian/libssl1.0.0.postinst: only display restart notification on
servers (LP: #244250)

Author: Guillermo Gonzalez
Revision Date: 2011-08-29 16:28:22 UTC

rename openssl package to openssl1.0.0

Author: Artur Rona
Revision Date: 2011-02-13 16:10:24 UTC

* Merge from debian unstable. Remaining changes: (LP: #718205)
  - d/libssl0.9.8.postinst:
    + Display a system restart required notification bubble
      on libssl0.9.8 upgrade.
    + Use a different priority for libssl0.9.8/restart-services
      depending on whether a desktop, or server dist-upgrade
      is being performed.
  - d/{libssl0.9.8-udeb.dirs, control, rules}: Create
    libssl0.9.8-udeb, for the benefit of wget-udeb (no wget-udeb
    package in Debian).
  - d/{libcrypto0.9.8-udeb.dirs, libssl0.9.8.dirs, libssl0.9.8.files,
    rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant.
  - d/{control, openssl-doc.docs, openssl.docs, openssl.dirs}:
    + Ship documentation in openssl-doc, suggested by the package.
     (Closes: #470594)
  - d/p/aesni.patch: Backport Intel AES-NI support from
    http://rt.openssl.org/Ticket/Display.html?id=2067 (refreshed)
  - d/p/Bsymbolic-functions.patch: Link using -Bsymbolic-functions.
  - d/p/perlpath-quilt.patch: Don't change perl #! paths under .pc.
  - d/p/no-sslv2.patch: Disable SSLv2 to match NSS and GnuTLS.
    The protocol is unsafe and extremely deprecated. (Closes: #589706)
  - d/rules:
    + Disable SSLv2 during compile. (Closes: #589706)
    + Don't run 'make test' when cross-building.
    + Use host compiler when cross-building. Patch from Neil Williams.
      (Closes: #465248)
    + Don't build for processors no longer supported: i486, i586
      (on i386), v8 (on sparc).
    + Fix Makefile to properly clean up libs/ dirs in clean target.
      (Closes: #611667)
    + Replace duplicate files in the doc directory with symlinks.
* This upload fixed CVE: (LP: #718208)
  - CVE-2011-0014

Author: Steve Beattie
Revision Date: 2010-12-03 12:40:41 UTC

* SECURITY UPDATE: ciphersuite downgrade vulnerability
  - ssl/s3_clnt.c, ssl/s3_srvr.c: disable workaround for Netscape
    cipher suite bug
  - http://openssl.org/news/secadv_20101202.txt
  - CVE-2010-4180

Author: Steve Beattie
Revision Date: 2010-12-03 13:15:15 UTC

* SECURITY UPDATE: ciphersuite downgrade vulnerability
  - ssl/s3_clnt.c, ssl/s3_srvr.c: disable workaround for Netscape
    cipher suite bug
  - http://openssl.org/news/secadv_20101202.txt
  - CVE-2010-4180

Author: Steve Beattie
Revision Date: 2010-12-03 13:15:15 UTC

* SECURITY UPDATE: ciphersuite downgrade vulnerability
  - ssl/s3_clnt.c, ssl/s3_srvr.c: disable workaround for Netscape
    cipher suite bug
  - http://openssl.org/news/secadv_20101202.txt
  - CVE-2010-4180

Author: Steve Beattie
Revision Date: 2010-12-03 12:40:41 UTC

* SECURITY UPDATE: ciphersuite downgrade vulnerability
  - ssl/s3_clnt.c, ssl/s3_srvr.c: disable workaround for Netscape
    cipher suite bug
  - http://openssl.org/news/secadv_20101202.txt
  - CVE-2010-4180

Author: Marc Deslauriers
Revision Date: 2010-10-06 17:50:37 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  unchecked bn_wexpand return values. (LP: #655884)
  - crypto/bn/{bn_mul,bn_div,bn_gf2m}.c, crypto/ec/ec2_smpl.c,
    engines/e_ubsec.c: check return values.
  - http://cvs.openssl.org/chngview?cn=18936
  - http://cvs.openssl.org/chngview?cn=19309
  - CVE-2009-3245
* SECURITY UPDATE: denial of service and possible code execution via
  crafted private key with an invalid prime.
  - ssl/s3_clnt.c: set bn_ctx to NULL after freeing it.
  - http://www.mail-archive.com/openssl-dev@openssl.org/msg28049.html
  - CVE-2010-2939

Author: Marc Deslauriers
Revision Date: 2010-10-06 17:50:37 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  unchecked bn_wexpand return values. (LP: #655884)
  - crypto/bn/{bn_mul,bn_div,bn_gf2m}.c, crypto/ec/ec2_smpl.c,
    engines/e_ubsec.c: check return values.
  - http://cvs.openssl.org/chngview?cn=18936
  - http://cvs.openssl.org/chngview?cn=19309
  - CVE-2009-3245
* SECURITY UPDATE: denial of service and possible code execution via
  crafted private key with an invalid prime.
  - ssl/s3_clnt.c: set bn_ctx to NULL after freeing it.
  - http://www.mail-archive.com/openssl-dev@openssl.org/msg28049.html
  - CVE-2010-2939

Author: Colin Watson
Revision Date: 2010-09-24 11:28:22 UTC

releasing version 0.9.8k-7ubuntu8.2

Author: Colin Watson
Revision Date: 2010-09-24 11:23:10 UTC

releasing version 0.9.8o-1ubuntu4

Author: Marc Deslauriers
Revision Date: 2010-08-12 08:35:55 UTC

* SECURITY UPDATE: TLS renegotiation flaw (LP: #616759)
  - apps/{s_cb,s_client,s_server}.c, doc/ssl/SSL_CTX_set_options.pod,
    ssl/{d1_both,d1_clnt,d1_srvr,s3_both,s3_clnt,s3_pkt,s3_srvr,ssl_err,
    ssl_lib,t1_lib,t1_reneg}.c, ssl/Makefile, ssl/{ssl3,ssl,ssl_locl,
    tls1}.h: backport rfc5746 support from openssl 0.9.8m.
  - CVE-2009-3555
* Enable tlsext, and backport some patches from jaunty now that tlsext is
  enabled.
  - Fix a problem with tlsext preventing firefox 3 from connection.
  - Don't add extentions to ssl v3 connections. It breaks with some
    other software.

Author: Marc Deslauriers
Revision Date: 2010-08-12 08:34:41 UTC

* SECURITY UPDATE: TLS renegotiation flaw (LP: #616759)
  - apps/{s_cb,s_client,s_server}.c, doc/ssl/SSL_CTX_set_options.pod,
    ssl/{d1_both,d1_clnt,d1_srvr,s3_both,s3_clnt,s3_pkt,s3_srvr,ssl_err,
    ssl_lib,t1_lib,t1_reneg}.c, ssl/Makefile, ssl/{ssl3,ssl,ssl_locl,
    tls1}.h: backport rfc5746 support from openssl 0.9.8m.
  - CVE-2009-3555

Author: Marc Deslauriers
Revision Date: 2010-08-12 08:32:19 UTC

* SECURITY UPDATE: TLS renegotiation flaw (LP: #616759)
  - apps/{s_cb,s_client,s_server}.c, doc/ssl/SSL_CTX_set_options.pod,
    ssl/{d1_both,d1_clnt,d1_srvr,s3_both,s3_clnt,s3_pkt,s3_srvr,ssl_err,
    ssl_lib,t1_lib,t1_reneg}.c, ssl/Makefile, ssl/{ssl3,ssl,ssl_locl,
    tls1}.h: backport rfc5746 support from openssl 0.9.8m.
  - CVE-2009-3555

Author: Marc Deslauriers
Revision Date: 2010-08-12 08:37:24 UTC

* SECURITY UPDATE: TLS renegotiation flaw (LP: #616759)
  - apps/{s_client,s_server}.c, doc/ssl/SSL_CTX_set_options.pod,
    ssl/{d1_both,d1_clnt,d1_srvr,s23_clnt,s3_both,s3_clnt,s3_pkt,s3_srvr,
    ssl_err,ssl_lib,t1_lib,t1_reneg}.c, ssl/Makefile, ssl/{ssl3,ssl,
    ssl_locl,tls1}.h: add rfc5746 support. Patch backport thanks to
    Red Hat.
  - CVE-2009-3555

Author: Nicolas Valcarcel
Revision Date: 2010-05-18 04:10:29 UTC

added configure.patch

Author: Marc Deslauriers
Revision Date: 2010-03-30 08:57:51 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via unchecked return values
  - debian/patches/CVE-2009-3245.patch: check bn_wexpand return value in
    crypto/bn/{bn_div.c,bn_gf2m.c,bn_mul.c}, crypto/ec/ec2_smpl.c,
    engines/e_ubsec.c.
  - CVE-2009-3245
* SECURITY UPDATE: denial of service via "record of death"
  - debian/patches/CVE-2010-0740.patch: only send back minor version
    number in ssl/s3_pkt.c.
  - CVE-2010-0740

Author: Kees Cook
Revision Date: 2010-01-13 11:19:14 UTC

* SECURITY UPDATE: memory leak possible during state clean-up.
  - crypto/comp/c_zlib.c: upstream fixes applied inline.
  - CVE-2009-4355

Author: Kees Cook
Revision Date: 2010-01-13 11:19:14 UTC

* SECURITY UPDATE: memory leak possible during state clean-up.
  - crypto/comp/c_zlib.c: upstream fixes applied inline.
  - CVE-2009-4355

Author: Nicolas Valcarcel
Revision Date: 2009-12-07 19:44:29 UTC

Move runtime libraries to /lib, for the benefit of wpasupplicant

Author: Marc Deslauriers
Revision Date: 2009-09-08 14:59:05 UTC

* SECURITY UPDATE: certificate spoofing via hash collisions from MD2
  design flaws.
  - crypto/evp/c_alld.c, ssl/ssl_algs.c: disable MD2 digest.
  - crypto/x509/x509_vfy.c: skip signature check for self signed
    certificates
  - http://marc.info/?l=openssl-cvs&m=124508133203041&w=2
  - http://marc.info/?l=openssl-cvs&m=124704528713852&w=2
  - CVE-2009-2409

Author: Jamie Strandboge
Revision Date: 2009-03-27 08:23:35 UTC

* SECURITY UPDATE: crash via invalid memory access when printing BMPString
  or UniversalString with invalid length
  - crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h:
    return error if invalid length
  - CVE-2009-0590
  - http://www.openssl.org/news/secadv_20090325.txt
  - patch from upstream CVS:
    crypto/asn1/asn1.h:1.128.2.11->1.128.2.12
    crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5
    crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11

Author: Ante Karamatić
Revision Date: 2008-07-24 12:47:09 UTC

* debian/rules:
  - disable SSLv2 during compile
* debian/README.debian
  - add note about disabled SSLv2 in Ubuntu

Author: Luke Yelavich
Revision Date: 2008-04-22 10:50:53 UTC

* Use a different priority for libssl0.9.8/restart-services depending on whether
  a desktop, or server dist-upgrade is being performed. (LP: #91814)
* Display a system restart required notification bubble on libssl0.9.8 upgrade.

Author: Kees Cook
Revision Date: 2008-05-08 21:45:57 UTC

* SECURITY UPDATE: PRNG seeding was not fully operational.
* crypto/rand/md_rand.c: restore upstream code.

Author: Kees Cook
Revision Date: 2007-10-19 09:59:38 UTC

* SECURITY UPDATE: DTLS implementation can lead to remote code execution.
* ssl/{ssl_err,d1_both}.c, ssl/{dtls1,ssl}.h: patched inline with upstream
  fixes backported thanks to Ludwig Nussel.
* References
  http://www.openssl.org/news/secadv_20071012.txt
  CVE-2007-4995

Author: Jamie Strandboge
Revision Date: 2009-03-26 14:13:35 UTC

* SECURITY UPDATE: crash via invalid memory access when printing BMPString
  or UniversalString with invalid length
  - crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h:
    return error if invalid length
  - CVE-2009-0590
  - http://www.openssl.org/news/secadv_20090325.txt
  - patch from upstream CVS:
    crypto/asn1/asn1.h:1.128.2.11->1.128.2.12
    crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5
    crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11

Author: Jamie Strandboge
Revision Date: 2009-03-26 14:13:35 UTC

* SECURITY UPDATE: crash via invalid memory access when printing BMPString
  or UniversalString with invalid length
  - crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h:
    return error if invalid length
  - CVE-2009-0590
  - http://www.openssl.org/news/secadv_20090325.txt
  - patch from upstream CVS:
    crypto/asn1/asn1.h:1.128.2.11->1.128.2.12
    crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5
    crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11

Author: Matthias Klose
Revision Date: 2007-10-04 16:27:53 UTC

Replace duplicate files in the doc directory with symlinks.

Author: Kees Cook
Revision Date: 2008-05-08 21:45:57 UTC

* SECURITY UPDATE: PRNG seeding was not fully operational.
* crypto/rand/md_rand.c: restore upstream code.

Author: Matthias Klose
Revision Date: 2007-03-05 01:24:00 UTC

Rebuild for changes in the amd64 toolchain.

Author: Kees Cook
Revision Date: 2007-10-19 09:59:38 UTC

* SECURITY UPDATE: DTLS implementation can lead to remote code execution.
* ssl/{ssl_err,d1_both}.c, ssl/{dtls1,ssl}.h: patched inline with upstream
  fixes backported thanks to Ludwig Nussel.
* References
  http://www.openssl.org/news/secadv_20071012.txt
  CVE-2007-4995

Author: Martin Pitt
Revision Date: 2006-09-27 12:16:12 UTC

* SECURITY UPDATE: Remote arbitrary code execution, remote DoS.
* crypto/asn1/tasn_dec.c, asn1_d2i_ex_primitive(): Initialize 'ret' to avoid
  an infinite loop in some circumstances. [CVE-2006-2937]
* ssl/ssl_lib.c, SSL_get_shared_ciphers(): Fix len comparison to correctly
  handle invalid long cipher list strings. [CVE-2006-3738]
* ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to
  avoid client crash with malicious server responses. [CVE-2006-4343]
* Certain types of public key could take disproportionate amounts of time to
  process. Apply patch from Bodo Moeller to impose limits to public key type
  values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940]
* Updated patch in previous package version to fix a few corner-case
  regressions. (This reverts the changes to rsa_eay.c/rsa.h/rsa_err.c, which
  were determined to not be necessary).

Author: Adam Conrad
Revision Date: 2006-03-29 19:01:40 UTC

Fake sync from Debian to resolve a problem with establishing TCP
connections over the BIO API, add a new debconf translation, and
resolve a build failure with libio-socket-ssl-perl.

Author: Martin Pitt
Revision Date: 2006-10-04 08:26:54 UTC

* SECURITY UPDATE: Previous update did not completely fix CVE-2006-2940.
* crypto/rsa/rsa_eay.c: Apply max. modulus bits checking to
  RSA_eay_public_decrypt() instead of RSA_eay_private_encrypt(). Thanks to
  Mark J. Cox for noticing!
* crypto/dh/dh_key.c: Fix return value to prevent free'ing an uninit'ed
  pointer.

Author: Martin Pitt
Revision Date: 2005-08-24 09:57:52 UTC

apps/openssl.cnf: Change CA and req default message digest algorithm to
SHA-1 since MD5 is deemed insecure. (Ubuntu #13593)

Author: Martin Pitt
Revision Date: 2006-10-04 07:53:40 UTC

* SECURITY UPDATE: Previous update did not completely fix CVE-2006-2940.
* crypto/rsa/rsa_eay.c: Apply max. modulus bits checking to
  RSA_eay_public_decrypt() instead of RSA_eay_private_encrypt(). Thanks to
  Mark J. Cox for noticing!
* crypto/dh/dh_key.c: Fix return value to prevent free'ing an uninit'ed
  pointer.

Author: Christoph Martin
Revision Date: 2004-12-16 18:41:29 UTC

* really fix der_chop. The fix from -1 was not really included (closes:
  #281212)
* still fixes security problem CAN-2004-0975 etc.
  - tempfile raise condition in der_chop
  - Avoid a race condition when CRLs are checked in a multi threaded
    environment.

Author: Martin Pitt
Revision Date: 2005-10-13 09:48:51 UTC

* SECURITY UPDATE: Fix cryptographic weakness.
* ssl/s23_srvr.c:
  - When using SSL_OP_MSIE_SSLV2_RSA_PADDING, do not disable the
    protocol-version rollback check, so that a man-in-the-middle cannot
    force a client and server to fall back to the insecure SSL 2.0 protocol.
  - Problem discovered by Yutaka Oiwa.
* References:
  CAN-2005-2969
  http://www.openssl.org/news/secadv_20051011.txt

Author: Christoph Martin
Revision Date: 2004-05-24 17:02:29 UTC

rename -pic.a libraries to _pic.a (closes: #250016)