Package "libssl-dev"
Name: |
libssl-dev
|
Description: |
SSL development libraries, header files and documentation
|
Latest version: |
1.0.1-4ubuntu3 |
Release: |
precise (12.04) |
Level: |
base |
Repository: |
main |
Head package: |
openssl |
Links
Download "libssl-dev"
Other versions of "libssl-dev" in Precise
Changelog
openssl (1.0.1-4ubuntu3) precise-proposed; urgency=low
* SECURITY UPDATE: fix various overflows
- debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c,
crypto/buffer.c and crypto/mem.c to verify size of lengths
- CVE-2012-2110
-- Jamie Strandboge Thu, 19 Apr 2012 10:31:06 -0500
|
Source diff to previous version |
|
openssl (1.0.1-4ubuntu2) precise-proposed; urgency=low
* Backport more upstream patches to work around TLS 1.2 failures
(LP #965371):
- Do not use record version number > TLS 1.0 in initial client hello:
some (but not all) hanging servers will now work.
- Truncate the number of ciphers sent in the client hello to 50. Most
broken servers should now work.
- Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.
* Don't re-enable TLS 1.2 client support by default yet, since more of the
sites listed in the above bug and its duplicates still fail if I do that
versus leaving it disabled.
-- Colin Watson Wed, 18 Apr 2012 15:03:56 +0100
|
Source diff to previous version |
965371 |
HTTPS requests fail on some sites on Ubuntu 12.04 |
|
openssl (1.0.1-4ubuntu1) precise; urgency=low
* Resynchronise with Debian (LP: #968753). Remaining changes:
- debian/libssl1.0.0.postinst:
+ Display a system restart required notification on libssl1.0.0
upgrade on servers.
+ Use a different priority for libssl1.0.0/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
- debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
in Debian).
- debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
rules}: Move runtime libraries to /lib, for the benefit of
wpasupplicant.
- debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
.pc.
- debian/rules:
+ Don't run 'make test' when cross-building.
+ Use host compiler when cross-building. Patch from Neil Williams.
+ Don't build for processors no longer supported: i586 (on i386)
+ Fix Makefile to properly clean up libs/ dirs in clean target.
+ Replace duplicate files in the doc directory with symlinks.
- Unapply patch c_rehash-multi and comment it out in the series as it
breaks parsing of certificates with CRLF line endings and other cases
(see Debian #642314 for discussion), it also changes the semantics of
c_rehash directories by requiring applications to parse hash link
targets as files containing potentially *multiple* certificates rather
than exactly one.
- Bump version passed to dh_makeshlibs to 1.0.1 for new symbols.
- Experimental workaround to large client hello issue: if
OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients
only.
- Compile with -DOPENSSL_NO_TLS1_2_CLIENT.
-- Colin Watson Tue, 10 Apr 2012 20:50:52 +0100
|
Source diff to previous version |
968753 |
ssh crashed with SIGSEGV |
|
openssl (1.0.1-2ubuntu4) precise; urgency=low
* Pass cross-compiling options to 'make install' as well, since apparently
it likes to rebuild fips_premain_dso.
-- Colin Watson Sat, 31 Mar 2012 00:48:38 +0100
|
Source diff to previous version |
openssl (1.0.1-2ubuntu3) precise; urgency=low
* Temporarily work around TLS 1.2 failures as suggested by upstream
(LP #965371):
- Use client version when deciding whether to send supported signature
algorithms extension.
- Experimental workaround to large client hello issue: if
OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients
only.
- Compile with -DOPENSSL_NO_TLS1_2_CLIENT.
This fixes most of the reported problems, but does not fix the case of
servers that reject version numbers they don't support rather than
trying to negotiate a lower version (e.g. www.mediafire.com).
-- Colin Watson Fri, 30 Mar 2012 17:11:45 +0100
|
965371 |
HTTPS requests fail on some sites on Ubuntu 12.04 |
|
About
-
Send Feedback to @ubuntu_updates