lp://staging/ubuntu/gutsy/openssl
- Get this branch:
- bzr branch lp://staging/ubuntu/gutsy/openssl
Branch merges
Branch information
Recent revisions
- 16. By Kees Cook
-
[ Jamie Strandboge ]
* SECURITY UPDATE: off-by-one error in SSL_get_shared_ ciphers( ) results in
buffer overflow
* ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to
Stephan Hermann
* References:
CVE-2007-5135
http://www.securityfoc us.com/ archive/ 1/archive/ 1/480855/ 100/0/threaded
Fixes LP: #146269
* Modify Maintainer value to match the DebianMaintainerField
specification.[ Kees Cook ]
* SECURITY UPDATE: side-channel attacks via BN_from_montgomery function.
* crypto/bn/bn_mont. c: upstream patch from openssl CVS thanks to Debian.
* References
CVE-2007-3108 - 15. By Matthias Klose
-
* Configure: Add support for lpia.
* Explicitely build using gcc-4.1 (PR other/31359). - 14. By Kurt Roeckx
-
[ Christian Perrier ]
* Debconf templates proofread and slightly rewritten by
the debian-l10n-english team as part of the Smith Review Project.
Closes: #418584
* Debconf templates translations:
- Arabic. Closes: #418669
- Russian. Closes: #418670
- Galician. Closes: #418671
- Swedish. Closes: #418679
- Korean. Closes: #418755
- Czech. Closes: #418768
- Basque. Closes: #418784
- German. Closes: #418785
- Traditional Chinese. Closes: #419915
- Brazilian Portuguese. Closes: #419959
- French. Closes: #420429
- Italian. Closes: #420461
- Japanese. Closes: #420482
- Catalan. Closes: #420833
- Dutch. Closes: #420925
- Malayalam. Closes: #420986
- Portuguese. Closes: #421032
- Romanian. Closes: #421708[ Kurt Roeckx ]
* Remove the Provides for the udeb. Patch from Frans Pop. (Closes: #419608)
* Updated Spanish debconf template. (Closes: #421336)
* Do the header changes, changing those defines into real functions,
and bump the shlibs to match.
* Update Japanese debconf translation. (Closes: #422270) - 13. By Kurt Roeckx
-
openssl should depend on libssl0.9.8 0.9.8e-1 since it
uses some of the defines that changed to functions.
Other things build against libssl or libcrypto shouldn't
have this problem since they use the old headers.
(Closes: #414283) - 11. By Kurt Roeckx
-
* Add German debconf translation. Thanks to
Johannes Starosta <email address hidden> (Closes: #388108)
* Make c_rehash look for both .pem and .crt files. Also make it support
files in DER format. Patch by "Yauheni Kaliuta" <email address hidden>
(Closes: #387089)
* Use & instead of && to check a flag in the X509 policy checking.
Patch from upstream cvs. (Closes: #397151)
* Also restart slapd for security updates (Closes: #400221)
* Add Romanian debconf translation. Thanks to
stan ioan-eugen <email address hidden> (Closes: #393507) - 9. By Martin Pitt
-
* SECURITY UPDATE: Remote arbitrary code execution, remote DoS.
* crypto/asn1/tasn_ dec.c, asn1_d2i_ ex_primitive( ): Initialize 'ret' to avoid
an infinite loop in some circumstances. [CVE-2006-2937]
* ssl/ssl_lib.c, SSL_get_shared_ ciphers( ): Fix len comparison to correctly
handle invalid long cipher list strings. [CVE-2006-3738]
* ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to
avoid client crash with malicious server responses. [CVE-2006-4343]
* Certain types of public key could take disproportionate amounts of time to
process. Apply patch from Bodo Moeller to impose limits to public key type
values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940]
* Updated patch in previous package version to fix a few corner-case
regressions. (This reverts the changes to rsa_eay.c/rsa.h/ rsa_err. c, which
were determined to not be necessary). - 8. By Martin Pitt
-
* SECURITY UPDATE: signature forgery in some cases.
* Apply http://www.openssl. org/news/ patch-CVE- 2006-4339. txt:
- Check excessive data in padding of PKCS #1 v1.5 signatures to prevent
applications from incorrectly verifying the certificate.
* References:
CVE-2006-4339
http://www.openssl. org/news/ secadv_ 20060905. txt
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/lucid/openssl