lp://staging/ubuntu/gutsy/openssl

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

17. By Matthias Klose on 2007-10-04

Replace duplicate files in the doc directory with symlinks.

16. By Kees Cook on 2007-09-28

[ Jamie Strandboge ]
* SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in
  buffer overflow
* ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to
  Stephan Hermann
* References:
  CVE-2007-5135
  http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded
  Fixes LP: #146269
* Modify Maintainer value to match the DebianMaintainerField
  specification.

[ Kees Cook ]
* SECURITY UPDATE: side-channel attacks via BN_from_montgomery function.
* crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian.
* References
  CVE-2007-3108

15. By Matthias Klose on 2007-07-31

* Configure: Add support for lpia.
* Explicitely build using gcc-4.1 (PR other/31359).

14. By Kurt Roeckx on 2007-05-15

[ Christian Perrier ]
* Debconf templates proofread and slightly rewritten by
  the debian-l10n-english team as part of the Smith Review Project.
  Closes: #418584
* Debconf templates translations:
  - Arabic. Closes: #418669
  - Russian. Closes: #418670
  - Galician. Closes: #418671
  - Swedish. Closes: #418679
  - Korean. Closes: #418755
  - Czech. Closes: #418768
  - Basque. Closes: #418784
  - German. Closes: #418785
  - Traditional Chinese. Closes: #419915
  - Brazilian Portuguese. Closes: #419959
  - French. Closes: #420429
  - Italian. Closes: #420461
  - Japanese. Closes: #420482
  - Catalan. Closes: #420833
  - Dutch. Closes: #420925
  - Malayalam. Closes: #420986
  - Portuguese. Closes: #421032
  - Romanian. Closes: #421708

[ Kurt Roeckx ]
* Remove the Provides for the udeb. Patch from Frans Pop. (Closes: #419608)
* Updated Spanish debconf template. (Closes: #421336)
* Do the header changes, changing those defines into real functions,
  and bump the shlibs to match.
* Update Japanese debconf translation. (Closes: #422270)

13. By Kurt Roeckx on 2007-03-10

openssl should depend on libssl0.9.8 0.9.8e-1 since it
uses some of the defines that changed to functions.
Other things build against libssl or libcrypto shouldn't
have this problem since they use the old headers.
(Closes: #414283)

12. By Matthias Klose on 2007-03-05

Rebuild for changes in the amd64 toolchain.

11. By Kurt Roeckx on 2006-11-30

* Add German debconf translation. Thanks to
  Johannes Starosta <email address hidden> (Closes: #388108)
* Make c_rehash look for both .pem and .crt files. Also make it support
  files in DER format. Patch by "Yauheni Kaliuta" <email address hidden>
  (Closes: #387089)
* Use & instead of && to check a flag in the X509 policy checking.
  Patch from upstream cvs. (Closes: #397151)
* Also restart slapd for security updates (Closes: #400221)
* Add Romanian debconf translation. Thanks to
  stan ioan-eugen <email address hidden> (Closes: #393507)

10. By Kurt Roeckx on 2006-10-02

Fix patch for CVE-2006-2940, it left ctx unintiliased.

9. By Martin Pitt on 2006-09-27

* SECURITY UPDATE: Remote arbitrary code execution, remote DoS.
* crypto/asn1/tasn_dec.c, asn1_d2i_ex_primitive(): Initialize 'ret' to avoid
  an infinite loop in some circumstances. [CVE-2006-2937]
* ssl/ssl_lib.c, SSL_get_shared_ciphers(): Fix len comparison to correctly
  handle invalid long cipher list strings. [CVE-2006-3738]
* ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to
  avoid client crash with malicious server responses. [CVE-2006-4343]
* Certain types of public key could take disproportionate amounts of time to
  process. Apply patch from Bodo Moeller to impose limits to public key type
  values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940]
* Updated patch in previous package version to fix a few corner-case
  regressions. (This reverts the changes to rsa_eay.c/rsa.h/rsa_err.c, which
  were determined to not be necessary).

8. By Martin Pitt on 2006-09-05

* SECURITY UPDATE: signature forgery in some cases.
* Apply http://www.openssl.org/news/patch-CVE-2006-4339.txt:
  - Check excessive data in padding of PKCS #1 v1.5 signatures to prevent
    applications from incorrectly verifying the certificate.
* References:
  CVE-2006-4339
  http://www.openssl.org/news/secadv_20060905.txt