lp://staging/ubuntu/intrepid-updates/openssl
- Get this branch:
- bzr branch lp://staging/ubuntu/intrepid-updates/openssl
Branch merges
Branch information
Recent revisions
- 30. By Kees Cook
-
* SECURITY UPDATE: memory leak possible during state clean-up.
- crypto/comp/c_ zlib.c: upstream fixes applied inline.
- CVE-2009-4355 - 29. By Marc Deslauriers
-
* SECURITY UPDATE: certificate spoofing via hash collisions from MD2
design flaws.
- crypto/evp/c_alld. c, ssl/ssl_algs.c: disable MD2 digest.
- crypto/x509/x509_ vfy.c: skip signature check for self signed
certificates
- http://marc.info/ ?l=openssl- cvs&m=124508133 203041& w=2
- http://marc.info/ ?l=openssl- cvs&m=124704528 713852& w=2
- CVE-2009-2409 - 28. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via memory consumption from large
number of future epoch DTLS records.
- crypto/pqueue.*: add new pqueue_size counter function.
- ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100.
- http://cvs.openssl. org/chngview? cn=18187
- CVE-2009-1377
* SECURITY UPDATE: denial of service via memory consumption from
duplicate or invalid sequence numbers in DTLS records.
- ssl/d1_both.c: discard message if it's a duplicate or too far in the
future.
- http://marc.info/ ?l=openssl- dev&m=124263491 424212& w=2
- CVE-2009-1378
* SECURITY UPDATE: denial of service or other impact via use-after-free
in dtls1_retrieve_buffered_ fragment.
- ssl/d1_both.c: use temp frag_len instead of freed frag.
- http://rt.openssl. org/Ticket/ Display. html?id= 1923
- CVE-2009-1379
* SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet
that occurs before ClientHello.
- ssl/s3_pkt.c: abort if s->session is NULL.
- ssl/{ssl.h,ssl_err. c}: add new error codes.
- http://cvs.openssl. org/chngview? cn=17369
- CVE-2009-1386
* SECURITY UPDATE: denial of service via an out-of-sequence DTLS
handshake message.
- ssl/d1_both.c: don't buffer fragments with no data.
- http://cvs.openssl. org/chngview? cn=17958
- CVE-2009-1387 - 27. By Jamie Strandboge
-
* SECURITY UPDATE: crash via invalid memory access when printing BMPString
or UniversalString with invalid length
- crypto/asn1/tasn_ dec.c, crypto/ asn1/asn1_ err.c and crypto/asn1/asn1.h:
return error if invalid length
- CVE-2009-0590
- http://www.openssl. org/news/ secadv_ 20090325. txt
- patch from upstream CVS:
crypto/asn1/asn1. h:1.128. 2.11->1. 128.2.12
crypto/asn1/asn1_ err.c:1. 54.2.4- >1.54.2. 5
crypto/asn1/tasn_ dec.c:1. 26.2.10- >1.26.2. 11 - 26. By Jamie Strandboge
-
* SECURITY UPDATE: clients treat malformed signatures as good when verifying
server DSA and ECDSA certificates
- update apps/speed.c, apps/spkac.c, apps/verify.c, apps/x509.c,
ssl/s2_clnt.c, ssl/s2_srvr.c, ssl/s3_clnt.c, s3_srvr.c, and
ssl/ssltest.c to properly check the return code of EVP_VerifyFinal()
- patch based on upstream patch for #2008-016
- CVE-2008-5077 - 25. By Ante Karamatić
-
* debian/rules:
- disable SSLv2 during compile
* debian/README. debian
- add note about disabled SSLv2 in Ubuntu - 24. By Luke Yelavich
-
* Merge from debian unstable, remaining changes:
- Use a different priority for libssl0.9.8/restart- services depending on whether
a desktop, or server dist-upgrade is being performed.
- Display a system restart required notification bubble on libssl0.9.8 upgrade.
- Ship documentation in new openssl-doc package.
- Configure: Add support for lpia.
- Replace duplicate files in the doc directory with symlinks.
- Link using -Bsymbolic-functions.
- Update maintainer as per spec. - 23. By Luke Yelavich
-
* Merge from debian unstable, remaining changes:
- Use a different priority for libssl0.9.8/restart- services depending on whether
a desktop, or server dist-upgrade is being performed.
- Display a system restart required notification bubble on libssl0.9.8 upgrade.
- Ship documentation in new openssl-doc package.
- Configure: Add support for lpia.
- Replace duplicate files in the doc directory with symlinks.
- Link using -Bsymbolic-functions.
- Update maintainer as per spec. - 22. By Luke Yelavich
-
* Merge from debian unstable, remaining changes:
- Use a different priority for libssl0.9.8/restart- services depending on whether
a desktop, or server dist-upgrade is being performed.
- Display a system restart required notification bubble on libssl0.9.8 upgrade.
- Ship documentation in new openssl-doc package.
- Configure: Add support for lpia.
- Replace duplicate files in the doc directory with symlinks.
- Link using -Bsymbolic-functions.
- Update maintainer as per spec. - 21. By Luke Yelavich
-
* Use a different priority for libssl0.
9.8/restart- services depending on whether
a desktop, or server dist-upgrade is being performed. (LP: #91814)
* Display a system restart required notification bubble on libssl0.9.8 upgrade.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/lucid/openssl