Merge openssl 0.9.8o-5 (main) from Debian unstable (main)

Bug #718205 reported by Artur Rona on 2011-02-13
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)

Bug Description

Binary package hint: openssl

openssl (0.9.8o-5) unstable; urgency=low

  * Fix OCSP stapling parse error (CVE-2011-0014)

 -- Kurt Roeckx <email address hidden> Thu, 10 Feb 2011 20:43:43 +0100

Related branches

CVE References

Artur Rona (ari-tczew) wrote :

Would like to be sponsored by Kees Cook!

Changed in openssl (Ubuntu):
importance: Undecided → Medium
status: New → Confirmed
tags: added: patch
Kees Cook (kees) wrote :

This update looks fine, but I'd like to take the opportunity to clean up the changelog information. There are a lot of Ubuntu deltas in this package, so I'd like to see the list of affected files for each logical change. This greatly helps people reviewing merges in the future. For example, instead of:

    - Replace duplicate files in the doc directory with symlinks.

Something like this would be more helpful:

    - debian/rules: replace duplicate files in the doc directory with symlinks.

Changed in openssl (Ubuntu):
status: Confirmed → Incomplete
Artur Rona (ari-tczew) wrote :
Artur Rona (ari-tczew) wrote :
Artur Rona (ari-tczew) wrote :

Kees, debdiff refreshed.

Changed in openssl (Ubuntu):
status: Incomplete → Confirmed
Kees Cook (kees) wrote :

Thanks, this looks great! I'll get it uploaded shortly.

Changed in openssl (Ubuntu):
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 0.9.8o-5ubuntu1

openssl (0.9.8o-5ubuntu1) natty; urgency=low

  * Merge from debian unstable. Remaining changes: (LP: #718205)
    - d/libssl0.9.8.postinst:
      + Display a system restart required notification bubble
        on libssl0.9.8 upgrade.
      + Use a different priority for libssl0.9.8/restart-services
        depending on whether a desktop, or server dist-upgrade
        is being performed.
    - d/{libssl0.9.8-udeb.dirs, control, rules}: Create
      libssl0.9.8-udeb, for the benefit of wget-udeb (no wget-udeb
      package in Debian).
    - d/{libcrypto0.9.8-udeb.dirs, libssl0.9.8.dirs, libssl0.9.8.files,
      rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant.
    - d/{control,,, openssl.dirs}:
      + Ship documentation in openssl-doc, suggested by the package.
       (Closes: #470594)
    - d/p/aesni.patch: Backport Intel AES-NI support from (refreshed)
    - d/p/Bsymbolic-functions.patch: Link using -Bsymbolic-functions.
    - d/p/perlpath-quilt.patch: Don't change perl #! paths under .pc.
    - d/p/no-sslv2.patch: Disable SSLv2 to match NSS and GnuTLS.
      The protocol is unsafe and extremely deprecated. (Closes: #589706)
    - d/rules:
      + Disable SSLv2 during compile. (Closes: #589706)
      + Don't run 'make test' when cross-building.
      + Use host compiler when cross-building. Patch from Neil Williams.
        (Closes: #465248)
      + Don't build for processors no longer supported: i486, i586
        (on i386), v8 (on sparc).
      + Fix Makefile to properly clean up libs/ dirs in clean target.
        (Closes: #611667)
      + Replace duplicate files in the doc directory with symlinks.
  * This upload fixed CVE: (LP: #718208)
    - CVE-2011-0014

openssl (0.9.8o-5) unstable; urgency=low

  * Fix OCSP stapling parse error (CVE-2011-0014)
 -- Artur Rona <email address hidden> Sun, 13 Feb 2011 16:10:24 +0100

Changed in openssl (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.