Branches for Saucy

Author: Matthias Klose
Revision Date: 2013-07-15 14:07:52 UTC

* Merge with Debian, remaining changes.
  - debian/libssl1.0.0.postinst:
    + Display a system restart required notification on libssl1.0.0
      upgrade on servers.
    + Use a different priority for libssl1.0.0/restart-services depending
      on whether a desktop, or server dist-upgrade is being performed.
  - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
    libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
    in Debian).
  - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
    rules}: Move runtime libraries to /lib, for the benefit of
    wpasupplicant.
  - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
    .pc.
  - debian/rules:
    + Don't run 'make test' when cross-building.
    + Use host compiler when cross-building. Patch from Neil Williams.
    + Don't build for processors no longer supported: i586 (on i386)
    + Fix Makefile to properly clean up libs/ dirs in clean target.
    + Replace duplicate files in the doc directory with symlinks.
  - Unapply patch c_rehash-multi and comment it out in the series as it
    breaks parsing of certificates with CRLF line endings and other cases
    (see Debian #642314 for discussion), it also changes the semantics of
    c_rehash directories by requiring applications to parse hash link
    targets as files containing potentially *multiple* certificates rather
    than exactly one.
  - debian/patches/tls12_workarounds.patch: Workaround large client hello
    issues when TLS 1.1 and lower is in use
  - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-*
  - debian/patches/ubuntu_deb676533_arm_asm.patch: Enable arm assembly
    code.
  - debian/patches/arm64-support: Add basic arm64 support (no assembler)
  - debian/rules: Enable optimized 64bit elliptic curve code contributed
    by Google.
* debian/patches/tls12_workarounds.patch: updated to also disable TLS 1.2
  in test suite since we disable it in the client.
* Disable compression to avoid CRIME systemwide (CVE-2012-4929).
* Dropped changes:
  - debian/patches/ubuntu_deb676533_arm_asm.patch, applied in Debian.

Author: Matthias Klose
Revision Date: 2013-07-15 14:07:52 UTC

* Merge with Debian, remaining changes.
  - debian/libssl1.0.0.postinst:
    + Display a system restart required notification on libssl1.0.0
      upgrade on servers.
    + Use a different priority for libssl1.0.0/restart-services depending
      on whether a desktop, or server dist-upgrade is being performed.
  - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
    libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
    in Debian).
  - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
    rules}: Move runtime libraries to /lib, for the benefit of
    wpasupplicant.
  - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
    .pc.
  - debian/rules:
    + Don't run 'make test' when cross-building.
    + Use host compiler when cross-building. Patch from Neil Williams.
    + Don't build for processors no longer supported: i586 (on i386)
    + Fix Makefile to properly clean up libs/ dirs in clean target.
    + Replace duplicate files in the doc directory with symlinks.
  - Unapply patch c_rehash-multi and comment it out in the series as it
    breaks parsing of certificates with CRLF line endings and other cases
    (see Debian #642314 for discussion), it also changes the semantics of
    c_rehash directories by requiring applications to parse hash link
    targets as files containing potentially *multiple* certificates rather
    than exactly one.
  - debian/patches/tls12_workarounds.patch: Workaround large client hello
    issues when TLS 1.1 and lower is in use
  - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-*
  - debian/patches/ubuntu_deb676533_arm_asm.patch: Enable arm assembly
    code.
  - debian/patches/arm64-support: Add basic arm64 support (no assembler)
  - debian/rules: Enable optimized 64bit elliptic curve code contributed
    by Google.
* debian/patches/tls12_workarounds.patch: updated to also disable TLS 1.2
  in test suite since we disable it in the client.
* Disable compression to avoid CRIME systemwide (CVE-2012-4929).
* Dropped changes:
  - debian/patches/ubuntu_deb676533_arm_asm.patch, applied in Debian.

Author: Marc Deslauriers
Revision Date: 2014-06-20 13:56:05 UTC

* SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
  - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
    sending finished ssl/s3_clnt.c.

Author: Marc Deslauriers
Revision Date: 2014-06-20 13:56:05 UTC

* SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
  - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
    sending finished ssl/s3_clnt.c.