Ubuntu
openssl package

lp://staging/ubuntu/raring-proposed/openssl

  1. Raring (13.04)
  2. raring-proposed
Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp://staging/ubuntu/raring-proposed/openssl
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

94. By Seth Arnold

* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
  (LP: #1187195)
  - CVE-2012-4929
  - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
    zlib to compress SSL/TLS unless the environment variable
    OPENSSL_DEFAULT_ZLIB is set in the environment during library
    initialization.
  - Introduced to assist with programs not yet updated to provide their own
    controls on compression, such as Postfix
  - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch

93. By Marc Deslauriers

* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - debian/patches/CVE-2013-0169.patch: re-enabled patch and added extra
    commit from upstream to fix regression.
  - CVE-2013-0169

92. By Dimitri John Ledkov

Enable optimized 64bit elliptic curve code contributed by Google. (LP: #1018522)

91. By Marc Deslauriers

debian/patches/fix_key_decoding_deadlock.patch: Fix possible deadlock
when decoding public keys. (LP: #1066032)

90. By Marc Deslauriers

* REGRESSION FIX: decryption errors on AES-NI hardware (LP: #1134873,
  LP: #1133333)
  - debian/patches/CVE-2013-0169.patch: disabled for now until fix is
    available from upstream.

89. By Marc Deslauriers

* SECURITY UPDATE: denial of service via invalid OCSP key
  - debian/patches/CVE-2013-0166.patch: properly handle NULL key in
    crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
  - CVE-2013-0166
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - debian/patches/CVE-2013-0169.patch: massive code changes
  - CVE-2013-0169
* SECURITY UPDATE: denial of service via AES-NI and crafted CBC data
  - Fix included in CVE-2013-0169 patch
  - CVE-2012-2686

88. By Wookey

Add basic arm64 support (no assembler) (LP: #1102107)

87. By Dimitri John Ledkov

Enable arm assembly code. (LP: #1083498) (Closes: #676533)

86. By Tyler Hicks

* Resynchronise with Debian (LP: #1077228). Remaining changes:
  - debian/libssl1.0.0.postinst:
    + Display a system restart required notification on libssl1.0.0
      upgrade on servers.
    + Use a different priority for libssl1.0.0/restart-services depending
      on whether a desktop, or server dist-upgrade is being performed.
  - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
    libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
    in Debian).
  - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
    rules}: Move runtime libraries to /lib, for the benefit of
    wpasupplicant.
  - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
    .pc.
  - debian/rules:
    + Don't run 'make test' when cross-building.
    + Use host compiler when cross-building. Patch from Neil Williams.
    + Don't build for processors no longer supported: i586 (on i386)
    + Fix Makefile to properly clean up libs/ dirs in clean target.
    + Replace duplicate files in the doc directory with symlinks.
  - Unapply patch c_rehash-multi and comment it out in the series as it
    breaks parsing of certificates with CRLF line endings and other cases
    (see Debian #642314 for discussion), it also changes the semantics of
    c_rehash directories by requiring applications to parse hash link
    targets as files containing potentially *multiple* certificates rather
    than exactly one.
  - Bump version passed to dh_makeshlibs to 1.0.1 for new symbols.
  - debian/patches/tls12_workarounds.patch: Workaround large client hello
    issues when TLS 1.1 and lower is in use
  - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-*
* Dropped changes:
  - Drop openssl-doc in favour of the libssl-doc package introduced by
    Debian. Add Conflicts/Replaces until the next LTS release.
    + Drop the Conflicts/Replaces because 12.04 LTS was 'the next LTS
      release'

85. By Tyler Hicks

[ Tyler Hicks <email address hidden> ]
* debian/patches/tls12_workarounds.patch: Readd the change to check
  TLS1_get_client_version rather than TLS1_get_version to fix incorrect
  client hello cipher list truncation when TLS 1.1 and lower is in use.
  (LP: #1051892)

[ Micah Gersten <email address hidden> ]
* Mark Debian Vcs-* as XS-Debian-Vcs-*
  - update debian/control

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://staging/ubuntu/trusty/openssl
This branch contains Public information 
Everyone can see this information.

Subscribers