Package "libssl-doc"

Name: libssl-doc


SSL development documentation documentation

Latest version: 1.0.1-4ubuntu3
Release: precise (12.04)
Level: base
Repository: main
Head package: openssl


Download "libssl-doc"

Other versions of "libssl-doc" in Precise

Repository Area Version
security main 1.0.1-4ubuntu5.39
updates main 1.0.1-4ubuntu5.39


Version: 1.0.1-4ubuntu3 2012-04-19 22:06:49 UTC

openssl (1.0.1-4ubuntu3) precise-proposed; urgency=low

  * SECURITY UPDATE: fix various overflows
    - debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c,
      crypto/buffer.c and crypto/mem.c to verify size of lengths
    - CVE-2012-2110

 -- Jamie Strandboge Thu, 19 Apr 2012 10:31:06 -0500

Source diff to previous version
CVE-2012-2110 ossl DER int conversion issues

Version: 1.0.1-4ubuntu2 2012-04-19 15:06:51 UTC

openssl (1.0.1-4ubuntu2) precise-proposed; urgency=low

  * Backport more upstream patches to work around TLS 1.2 failures
    (LP #965371):
    - Do not use record version number > TLS 1.0 in initial client hello:
      some (but not all) hanging servers will now work.
    - Truncate the number of ciphers sent in the client hello to 50. Most
      broken servers should now work.
    - Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.
  * Don't re-enable TLS 1.2 client support by default yet, since more of the
    sites listed in the above bug and its duplicates still fail if I do that
    versus leaving it disabled.

 -- Colin Watson Wed, 18 Apr 2012 15:03:56 +0100

Source diff to previous version
965371 HTTPS requests fail on some sites on Ubuntu 12.04

Version: 1.0.1-4ubuntu1 2012-04-11 02:06:49 UTC

openssl (1.0.1-4ubuntu1) precise; urgency=low

  * Resynchronise with Debian (LP: #968753). Remaining changes:
    - debian/libssl1.0.0.postinst:
      + Display a system restart required notification on libssl1.0.0
        upgrade on servers.
      + Use a different priority for libssl1.0.0/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
    - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
      libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
      in Debian).
    - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
      rules}: Move runtime libraries to /lib, for the benefit of
    - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
    - debian/rules:
      + Don't run 'make test' when cross-building.
      + Use host compiler when cross-building. Patch from Neil Williams.
      + Don't build for processors no longer supported: i586 (on i386)
      + Fix Makefile to properly clean up libs/ dirs in clean target.
      + Replace duplicate files in the doc directory with symlinks.
    - Unapply patch c_rehash-multi and comment it out in the series as it
      breaks parsing of certificates with CRLF line endings and other cases
      (see Debian #642314 for discussion), it also changes the semantics of
      c_rehash directories by requiring applications to parse hash link
      targets as files containing potentially *multiple* certificates rather
      than exactly one.
    - Bump version passed to dh_makeshlibs to 1.0.1 for new symbols.
    - Experimental workaround to large client hello issue: if
      OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients
    - Compile with -DOPENSSL_NO_TLS1_2_CLIENT.

 -- Colin Watson Tue, 10 Apr 2012 20:50:52 +0100

Source diff to previous version
968753 ssh crashed with SIGSEGV

Version: 1.0.1-2ubuntu4 2012-03-31 01:06:49 UTC

openssl (1.0.1-2ubuntu4) precise; urgency=low

  * Pass cross-compiling options to 'make install' as well, since apparently
    it likes to rebuild fips_premain_dso.

 -- Colin Watson Sat, 31 Mar 2012 00:48:38 +0100

Source diff to previous version

Version: 1.0.1-2ubuntu3 2012-03-30 17:06:54 UTC

openssl (1.0.1-2ubuntu3) precise; urgency=low

  * Temporarily work around TLS 1.2 failures as suggested by upstream
    (LP #965371):
    - Use client version when deciding whether to send supported signature
      algorithms extension.
    - Experimental workaround to large client hello issue: if
      OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients
    - Compile with -DOPENSSL_NO_TLS1_2_CLIENT.
    This fixes most of the reported problems, but does not fix the case of
    servers that reject version numbers they don't support rather than
    trying to negotiate a lower version (e.g. www.mediafire.com).

 -- Colin Watson Fri, 30 Mar 2012 17:11:45 +0100

965371 HTTPS requests fail on some sites on Ubuntu 12.04

About   -   Send Feedback to @ubuntu_updates