[Pkg-openssl-changes] r662 - in openssl/tags: . 1.0.1g-4/debian 1.0.1g-4/debian/patches 1.0.1g-4/debian/source
Kurt Roeckx
kroeckx at moszumanska.debian.org
Mon May 12 21:15:20 UTC 2014
Author: kroeckx
Date: 2014-05-12 21:15:20 +0000 (Mon, 12 May 2014)
New Revision: 662
Added:
openssl/tags/1.0.1g-4/
openssl/tags/1.0.1g-4/debian/changelog
openssl/tags/1.0.1g-4/debian/libssl1.0.0.postinst
openssl/tags/1.0.1g-4/debian/patches/CVE-2010-5298.patch
openssl/tags/1.0.1g-4/debian/patches/CVE-2014-XXXX-Extension-checking-fixes.patch
openssl/tags/1.0.1g-4/debian/patches/fix-pod-errors.patch
openssl/tags/1.0.1g-4/debian/patches/series
openssl/tags/1.0.1g-4/debian/rules
openssl/tags/1.0.1g-4/debian/source/include-binaries
Removed:
openssl/tags/1.0.1g-4/debian/changelog
openssl/tags/1.0.1g-4/debian/libssl1.0.0.postinst
openssl/tags/1.0.1g-4/debian/patches/fix-pod-errors.patch
openssl/tags/1.0.1g-4/debian/patches/series
openssl/tags/1.0.1g-4/debian/rules
Log:
Tagging 1.0.1g-4 as uploaded.
Deleted: openssl/tags/1.0.1g-4/debian/changelog
===================================================================
--- openssl/branches/1.0.1/debian/changelog 2014-05-12 21:05:05 UTC (rev 657)
+++ openssl/tags/1.0.1g-4/debian/changelog 2014-05-12 21:15:20 UTC (rev 662)
@@ -1,1727 +0,0 @@
-openssl (1.0.1f-1) unstable; urgency=high
-
- * New upstream version
- - Fix for TLS record tampering bug CVE-2013-4353
- - Drop the snapshot patch
- * update watch file to check for upstream signature and add upstream pgp key.
- * Drop conflicts against openssh since we now on a released version again.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 06 Jan 2014 18:50:54 +0100
-
-openssl (1.0.1e-6) unstable; urgency=medium
-
- * Add Breaks: openssh-client (<< 1:6.4p1-1.1), openssh-server (<<
- 1:6.4p1-1.1). This is to prevent people running into #732940.
- This Breaks can be removed again when we stop using a git snapshot.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 23 Dec 2013 15:19:17 +0100
-
-openssl (1.0.1e-5) unstable; urgency=low
-
- * Change default digest to SHA256 instead of SHA1. (Closes: #694738)
- * Drop support for multiple certificates in 1 file. It never worked
- properly in the first place, and the only one shipping in
- ca-certificates has been split.
- * Fix libdoc-manpgs-pod-spell.patch to only fix spalling errors
- * Remove make-targets.patch. It prevented the test dir from being cleaned.
- * Update to a git snapshot of the OpenSSL_1_0_1-stable branch.
- - Fixes CVE-2013-6449 (Closes: #732754)
- - Fixes CVE-2013-6450
- - Drop patches ssltest_no_sslv2.patch cpuid.patch aesni-mac.patch
- dtls_version.patch get_certificate.patch, since they where all
- already commited upstream.
- - adjust fix-pod-errors.patch for the reordering of items in the
- documentation they've done trying to fix those pod errors.
- - disable rdrand engine by default (Closes: #732710)
- * disable zlib support. Fixes CVE-2012-4929 (Closes: #728055)
- * Add arm64 support (Closes: #732348)
- * Properly use the default number of bits in req when none are given
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 22 Dec 2013 19:25:35 +0100
-
-openssl (1.0.1e-4) unstable; urgency=low
-
- [ Peter Michael Green ]
- * Fix pod errors (Closes: #723954)
- * Fix clean target
-
- [ Kurt Roeckx ]
- * Add mipsn32 and mips64 targets. Patch from Eleanor Chen
- <chenyueg at gmail.com> (Closes: #720654)
- * Add support for nocheck in DEB_BUILD_OPTIONS
- * Update Norwegian translation (Closes: #653574)
- * Update description of the packages. Patch by Justin B Rye
- (Closes: #719262)
- * change to debhelper compat level 9:
- - change dh_strip call so only the files from libssl1.0.0 get debug
- symbols.
- - change dh_makeshlibs call so the engines don't get added to the
- shlibs
- * Update Standards-Version from 3.8.0 to 3.9.5. No changes required.
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 01 Nov 2013 17:11:53 +0100
-
-openssl (1.0.1e-3) unstable; urgency=low
-
- * Move <openssl/opensslconf.h> to /usr/include/$(DEB_HOST_MULTIARCH), and
- mark libssl-dev Multi-Arch: same.
- Patch by Colin Watson <cjwatson at ubuntu.com> (Closes: #689093)
- * Add Polish translation (Closes: #658162)
- * Add Turkish translation (Closes: #660971)
- * Enable assembler for the arm targets, and remove armeb.
- Patch by Riku Voipio <riku.voipio at iki.fi> (Closes: #676533)
- * Add support for x32 (Closes: #698406)
- * enable ec_nistp_64_gcc_128 on *-amd64 (Closes: #698447)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 20 May 2013 16:56:06 +0200
-
-openssl (1.0.1e-2) unstable; urgency=high
-
- * Bump shlibs. It's needed for the udeb.
- * Make cpuid work on cpu's that don't set ecx (Closes: #699692)
- * Fix problem with AES-NI causing bad record mac (Closes: #701868, #702635, #678353)
- * Fix problem with DTLS version check (Closes: #701826)
- * Fix segfault in SSL_get_certificate (Closes: #703031)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 18 Mar 2013 20:37:11 +0100
-
-openssl (1.0.1e-1) unstable; urgency=high
-
- * New upstream version (Closes: #699889)
- - Fixes CVE-2013-0169, CVE-2012-2686, CVE-2013-0166
- - Drop renegiotate_tls.patch, applied upstream
- - Export new CRYPTO_memcmp symbol, update symbol file
- * Add ssltest_no_sslv2.patch so that "make test" works.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 11 Feb 2013 19:39:44 +0100
-
-openssl (1.0.1c-5) unstable; urgency=low
-
- * Re-enable assembler versions on sparc. They shouldn't have
- been disabled for sparc v9. (Closes: #649841)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 09 Sep 2012 08:43:40 +0200
-
-openssl (1.0.1c-4) unstable; urgency=low
-
- * Fix the configure rules for alpha (Closes: #672710)
- * Switch the postinst to sh again, there never was a reason to
- switch it to bash (Closes: #676398)
- * Fix pic.patch to not use #ifdef in x86cpuid.s, only .S files are
- preprocessed. We generate the file again for pic anyway.
- (Closes: #677468)
- * Drop Breaks against openssh as it was only for upgrades
- between versions that were only in testing/unstable.
- (Closes: #668600)
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 17 Jul 2012 11:49:19 +0200
-
-openssl (1.0.1c-3) unstable; urgency=low
-
- * Disable padlock engine again, causes problems for hosts not supporting it.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 06 Jun 2012 18:29:37 +0200
-
-openssl (1.0.1c-2) unstable; urgency=high
-
- * Fix renegiotation when using TLS > 1.0. This breaks tor. Patch from
- upstream. (Closes: #675990)
- * Enable the padlock engine by default.
- * Change default bits from 1024 to 2048 (Closes: #487152)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 06 Jun 2012 00:55:42 +0200
-
-openssl (1.0.1c-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2012-2333 (Closes: #672452)
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 11 May 2012 18:44:51 +0200
-
-openssl (1.0.1b-1) unstable; urgency=high
-
- * New upstream version
- - Remaps SSL_OP_NO_TLSv1_1, so applications linked to 1.0.0
- can talk to servers supporting TLS 1.1 but not TLS 1.2
- - Drop rc4_hmac_md5.patch, applied upstream
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 26 Apr 2012 23:34:34 +0200
-
-openssl (1.0.1a-3) unstable; urgency=low
-
- * Use patch from upstream for the rc4_hmac_md5 issue.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 23:16:30 +0200
-
-openssl (1.0.1a-2) unstable; urgency=low
-
- * Fix rc4_hmac_md5 on non-i386/amd64 arches.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 21:54:42 +0200
-
-openssl (1.0.1a-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2012-2110
- - Fix crash in rc4_hmac_md5 (Closes: #666405)
- - Fixes some issues with talking to other servers when TLS 1.1 and 1.2 is
- supported
- - Drop patches no_ssl2.patch vpaes.patch tls1.2_client_algorithms.patch,
- applied upstream.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 19:54:12 +0200
-
-openssl (1.0.1-4) unstable; urgency=low
-
- * Use official patch for the vpaes problem, also covering amd64.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 31 Mar 2012 20:54:13 +0200
-
-openssl (1.0.1-3) unstable; urgency=high
-
- * Fix crash in vpaes (Closes: #665836)
- * use client version when deciding whether to send supported signature
- algorithms extension
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 31 Mar 2012 18:35:59 +0200
-
-openssl (1.0.1-2) unstable; urgency=low
-
- * Properly quote the new cflags in Configure
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 19 Mar 2012 19:56:05 +0100
-
-openssl (1.0.1-1) unstable; urgency=low
-
- * New upstream version
- - Remove kfreebsd-pipe.patch, fixed upstream
- - Update pic.patch, openssl-pod-misspell.patch and make-targets.patch
- - Add OPENSSL_1.0.1 to version-script.patch and libssl1.0.0.symbols for
- the new functions.
- - AES-NI support (Closes: #644743)
- * pic.patch: upstream made OPENSSL_ia32cap_P and OPENSSL_cpuid_setup
- hidden on amd64, no need to access it PIC anymore.
- * pic.patch: Make OPENSSL_ia32cap_P hidden on i386 too (Closes: #663977)
- * Enable hardening using dpkg-buildflags (Closes: #653495)
- * s_client and s_server were forcing SSLv3 only connection when SSLv2 was
- disabled instead of the SSLv2 with upgrade method. (Closes: #664454)
- * Add Breaks on openssh < 1:5.9p1-4, it has a too strict version check.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 19 Mar 2012 18:23:32 +0100
-
-openssl (1.0.0h-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2012-0884
- - Fixes CVE-2012-1165
- - Properly fix CVE-2011-4619
- - pkg-config.patch applied upstream, remove it.
- * Enable assembler for all i386 arches. The assembler does proper
- detection of CPU support, including cpuid support.
- This should fix a problem with AES 192 and 256 with the padlock
- engine because of the difference in NO_ASM between the between
- the i686 optimized library and the engine.
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 13 Mar 2012 21:08:17 +0100
-
-openssl (1.0.0g-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2012-0050
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 18 Jan 2012 20:46:13 +0100
-
-openssl (1.0.0f-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2011-4108, CVE-2011-4576, CVE-2011-4619, CVE-2012-0027,
- CVE-2011-4577
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 12 Jan 2012 19:02:43 +0100
-
-openssl (1.0.0e-3) unstable; urgency=low
-
- * Don't build v8 and v9 variants of sparc anymore, they're older than
- the default. (Closes: #649841)
- * Don't build i486 optimized version, that's the default anyway, and
- it uses assembler that doesn't always work on i486.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 28 Nov 2011 22:17:26 +0100
-
-openssl (1.0.0e-2.1) unstable; urgency=high
-
- * Non-maintainer upload by the Security Team.
- * Block Malaysian's Digicert Sdn. Bhd. certificates by marking them
- as revoked.
-
- -- Raphael Geissert <geissert at debian.org> Sun, 06 Nov 2011 01:39:30 -0600
-
-openssl (1.0.0e-2) unstable; urgency=low
-
- * Add a missing $(DEB_HOST_MULTIARCH)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Sep 2011 17:02:29 +0200
-
-openssl (1.0.0e-1) unstable; urgency=low
-
- * New upstream version
- - Fix bug where CRLs with nextUpdate in the past are sometimes accepted
- by initialising X509_STORE_CTX properly. (CVE-2011-3207)
- - Fix SSL memory handling for (EC)DH ciphersuites, in particular
- for multi-threaded use of ECDH. (CVE-2011-3210)
- - Add protection against ECDSA timing attacks (CVE-2011-1945)
- * Block DigiNotar certifiates. Patch from
- Raphael Geissert <geissert at debian.org>
- * Generate hashes for all certs in a file (Closes: #628780, #594524)
- Patch from Klaus Ethgen <Klaus at Ethgen.de>
- * Add multiarch support (Closs: #638137)
- Patch from Steve Langasek / Ubuntu
- * Symbols from the gost engine were removed because it didn't have
- a linker file. Thanks to Roman I Khimov <khimov at altell.ru>
- (Closes: #631503)
- * Add support for s390x. Patch from Aurelien Jarno <aurel32 at debian.org>
- (Closes: #641100)
- * Add build-arch and build-indep targets to the rules file.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Sep 2011 12:03:13 +0200
-
-openssl (1.0.0d-3) unstable; urgency=low
-
- * Make it build on sparc64. Patch from Aurelien Jarno. (Closes: #626060)
- * Apply patches from Scott Schaefer <saschaefer at neurodiverse.org> to
- fix various pod and spelling errors. (Closes: #622820, #605561)
- * Add missing symbols for the engines (Closes: #623038)
- * More spelling fixes from Scott Schaefer (Closes: #395424)
- * Patch from Scott Schaefer to better document pkcs12 password options
- (Closes: #462489)
- * Document dgst -hmac option. Patch by Thorsten Glaser <tg at mirbsd.de>
- (Closes: #529586)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 13 Jun 2011 12:39:54 +0200
-
-openssl (1.0.0d-2) unstable; urgency=high
-
- * Make c_rehash also generate the old subject hash. Gnutls applications
- seem to require it. (Closes: #611102)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Apr 2011 22:36:49 +0200
-
-openssl (1.0.0d-1) unstable; urgency=low
-
- * New upstream version
- - Fixes CVE-2011-0014
- * Make libssl-doc Replaces/Breaks with old libssl-dev packages
- (Closes: #607609)
- * Only export the symbols we should, instead of all.
- * Add symbol file.
- * Upload to unstable
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 02 Apr 2011 13:19:19 +0000
-
-openssl (1.0.0c-2) experimental; urgency=low
-
- * Set $ in front of {sparcv9_asm} so that the sparc v9 variant builds.
- * Always define _GNU_SOURCE, not only for Linux.
- * Drop SSL2 support (Closes: #589706)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 19 Dec 2010 16:24:16 +0100
-
-openssl (1.0.0c-1) experimental; urgency=low
-
- * New upstream version (Closes: #578376)
- - New soname: Rename library packages
- - Drop patch perl-path.diff, not needed anymore
- - Drop patches CVE-2010-2939.patch, CVE-2010-3864.patch
- and CVE-2010-4180.patch: applied upstream.
- - Update Configure for the new fields for the assembler options
- per arch. alpha now makes use of assembler.
- * Move man3 manpages and demos to libssl-doc (Closes: #470594)
- * Drop .pod files from openssl package (Closes: #518167)
- * Don't use RC4_CHAR on amd64 and drop rc4-amd64.patch
- * Stop using BF_PTR2 on (kfreebd-)amd64.
- * Drop debian-arm from the list of arches.
- * Update arm arches to use BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
- BF_PTR instead of BN_LLONG DES_RISC1
- * ia64: Drop RC4_CHAR, add DES_UNROLL DES_INT
- * powerpc: Use RC4_CHAR RC4_CHUNK DES_RISC1 instead
- of DES_RISC2 DES_PTR MD2_CHAR RC4_INDEX
- * s390: Use RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL instead of BN_LLONG
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 12 Dec 2010 15:37:21 +0100
-
-openssl (0.9.8o-4) unstable; urgency=low
-
- * Fix CVE-2010-4180 (Closes: #529221)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 06 Dec 2010 20:33:21 +0100
-
-openssl (0.9.8o-3) unstable; urgency=high
-
- * Fix TLS extension parsing race condition (CVE-2010-3864) (Closes: #603709)
- * Re-add the engines. They were missing since 0.9.8m-1.
- Patch by Joerg Schneider. (Closes: #603693)
- * Not all architectures were build using -g (Closes: #570702)
- * Add powerpcspe support (Closes: #579805)
- * Add armhf support (Closes: #596881)
- * Update translations:
- - Brazilian Portuguese (Closes: #592154)
- - Danish (Closes: #599459)
- - Vietnamese (Closes: #601536)
- - Arabic (Closes: #596166)
- * Generate the proper stamp file so that everything doesn't get build twice.
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 16 Nov 2010 19:20:55 +0100
-
-openssl (0.9.8o-2) unstable; urgency=high
-
- * Fix CVE-2010-2939: Double free using ECDH. (Closes: #594415)
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 26 Aug 2010 18:25:29 +0200
-
-openssl (0.9.8o-1) unstable; urgency=low
-
- * New upstream version
- - Add SHA2 algorithms to SSL_library_init().
- - aes-x86_64.pl is now PIC, update pic.patch.
- * Add sparc64 support (Closes: #560240)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 18 Apr 2010 01:42:44 +0200
-
-openssl (0.9.8n-1) unstable; urgency=high
-
- * New upstream version.
- - Fixes CVE-2010-0740.
- - Drop cfb.patch, applied upstream.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 25 Mar 2010 20:30:52 +0100
-
-openssl (0.9.8m-2) unstable; urgency=low
-
- * Revert CFB block length change preventing reading older files.
- (Closes: #571810, #571940)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 28 Feb 2010 22:08:49 +0100
-
-openssl (0.9.8m-1) unstable; urgency=low
-
- * New upstream version
- - Implements RFC5746, reenables renegotiation but requires the extension.
- - Fixes CVE-2009-3245
- - Drop patches CVE-2009-4355.patch, CVE-2009-1378.patch,
- CVE-2009-1377.patch, CVE-2009-1379.patch, CVE-2009-3555.patch,
- CVE-2009-2409.patch, CVE-2009-1387.patch, tls_ext_v3.patch,
- no_check_self_signed.patch: applied upstream
- - pk7_mime_free.patch removed, code rewritten
- - ca.diff partially applied upstream
- - engines-path.patch adjusted, upstream made some minor changes to the
- build system.
- - some flags changed values, bump shlibs.
- * Switch to 3.0 (quilt) source package.
- * Make sure the package is properly cleaned.
- * Add ${misc:Depends} to the Depends on all packages.
- * Fix spelling of extension in the changelog file.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 27 Feb 2010 12:24:03 +0000
-
-openssl (0.9.8k-8) unstable; urgency=high
-
- * Clean up zlib state so that it will be reinitialized on next use and
- not cause a memory leak. (CVE-2009-4355, CVE-2008-1678)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Jan 2010 21:26:49 +0100
-
-openssl (0.9.8k-7) unstable; urgency=low
-
- * Bump the shlibs to require 0.9.8k-1. The following symbols
- to added between g and k: AES_wrap_key, AES_unwrap_key,
- ASN1_TYPE_set1, ASN1_STRING_set0, asn1_output_data_fn,
- SMIME_read_ASN1, BN_X931_generate_Xpq, BN_X931_derive_prime_ex,
- BN_X931_generate_prime_ex, COMP_zlib_cleanup, CRYPTO_malloc_debug_init,
- int_CRYPTO_set_do_dynlock_callback, CRYPTO_set_mem_info_functions,
- CRYPTO_strdup, CRYPTO_dbg_push_info, CRYPTO_dbg_pop_info,
- CRYPTO_dbg_remove_all_info, OPENSSL_isservice, OPENSSL_init,
- ENGINE_set_load_ssl_client_cert_function,
- ENGINE_get_ssl_client_cert_function, ENGINE_load_ssl_client_cert,
- EVP_CIPHER_CTX_set_flags, EVP_CIPHER_CTX_clear_flags,
- EVP_CIPHER_CTX_test_flags, HMAC_CTX_set_flags, OCSP_sendreq_new
- OCSP_sendreq_nbio, OCSP_REQ_CTX_free, RSA_X931_derive_ex,
- RSA_X931_generate_key_ex, X509_ALGOR_set0, X509_ALGOR_get0,
- X509at_get0_data_by_OBJ, X509_get1_ocsp
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 28 Nov 2009 14:34:26 +0100
-
-openssl (0.9.8k-6) unstable; urgency=low
-
- * Disable SSL/TLS renegotiation (CVE-2009-3555) (Closes: #555829)
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 12 Nov 2009 18:10:31 +0000
-
-openssl (0.9.8k-5) unstable; urgency=low
-
- * Don't check self signed certificate signatures in X509_verify_cert()
- (Closes: #541735)
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 11 Sep 2009 15:42:32 +0200
-
-openssl (0.9.8k-4) unstable; urgency=low
-
- * Split all the patches into a separate files
- * Stop undefinging HZ, the issue on alpha should be fixed.
- * Remove MD2 from digest algorithm table. (CVE-2009-2409) (Closes: #539899)
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 11 Aug 2009 21:19:18 +0200
-
-openssl (0.9.8k-3) unstable; urgency=low
-
- * Make rc4-x86_64 PIC. Based on patch from Petr Salinger (Closes: #532336)
- * Add workaround for kfreebsd that can't see the different between
- two pipes. Patch from Petr Salinger.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 13 Jun 2009 18:15:46 +0200
-
-openssl (0.9.8k-2) unstable; urgency=low
-
- * Move libssl0.9.8-dbg to the debug section.
- * Use the rc4 assembler on kfreebsd-amd64 (Closes: #532336)
- * Split the line to generate md5-x86_64.s in the Makefile. This will
- hopefully fix the build issue on kfreebsd that now outputs the file
- to stdout instead of the file.
- * Fix denial of service via an out-of-sequence DTLS handshake message
- (CVE-2009-1387) (Closes: #532037)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 08 Jun 2009 19:05:56 +0200
-
-openssl (0.9.8k-1) unstable; urgency=low
-
- * New upstream release
- - 0.9.8i fixed denial of service via a DTLS ChangeCipherSpec packet
- that occurs before ClientHello (CVE-2009-1386)
- * Make aes-x86_64.pl use PIC.
- * Fix security issues (Closes: #530400)
- - "DTLS record buffer limitation bug." (CVE-2009-1377)
- - "DTLS fragment handling" (CVE-2009-1378)
- - "DTLS use after free" (CVE-2009-1379)
- * Fixed Configure for hurd: use -mtune=i486 instead of -m486
- Patch by Marc Dequènes (Duck) <duck at hurdfr.org> (Closes: #530459)
- * Add support for avr32 (Closes: #528648)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 16 May 2009 17:33:55 +0200
-
-openssl (0.9.8g-16) unstable; urgency=high
-
- * Properly validate the length of an encoded BMPString and UniversalString
- (CVE-2009-0590) (Closes: #522002)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 01 Apr 2009 22:04:53 +0200
-
-openssl (0.9.8g-15) unstable; urgency=low
-
- * Internal calls to didn't properly check for errors which
- resulted in malformed DSA and ECDSA signatures being treated as
- a good signature rather than as an error. (CVE-2008-5077)
- * ipv6_from_asc() could write 1 byte longer than the buffer in case
- the ipv6 address didn't have "::" part. (Closes: #506111)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 05 Jan 2009 21:14:31 +0100
-
-openssl (0.9.8g-14) unstable; urgency=low
-
- * Don't give the warning about security updates when upgrading
- from etch since it doesn't have any known security problems.
- * Automaticly use engines that succesfully initialised. Patch
- from the 0.9.8h upstream version. (Closes: #502177)
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 31 Oct 2008 22:45:14 +0100
-
-openssl (0.9.8g-13) unstable; urgency=low
-
- * Fix a problem with tlsext preventing firefox 3 from connection.
- Patch from upstream CVS and part of 0.9.8h.
- (Closes: #492758)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 03 Aug 2008 19:47:10 +0200
-
-openssl (0.9.8g-12) unstable; urgency=low
-
- * add the changelog of the 10.1 NMU to make bugtracking happy
-
- -- Christoph Martin <Christoph.Martin at Uni-Mainz.DE> Tue, 22 Jul 2008 14:58:26 +0200
-
-openssl (0.9.8g-11) unstable; urgency=low
-
- [ Christoph Martin ]
- * updated cs, gl, sv, ru, ro debconf translation (closes: #480926, #480967,
- #482465, #484324, #488595)
- * add Vcs-Svn header (closes: #481654)
- * fix debian-kfreebsd-i386 build flags (closes: #482275)
- * add stunnel4 to restart list (closes: #482111)
- * include fixes from 10.1 NMU by Security team
- - Fix double free in TLS server name extension which leads to a remote
- denial of service (CVE-2008-0891; Closes: #483379).
- - Fix denial of service if the 'Server Key exchange message'
- is omitted from a TLS handshake which could lead to a client
- crash (CVE-2008-1672; Closes: #483379).
- This only works if openssl is compiled with enable-tlsext which is
- done in Debian.
- * fix some lintian warnings
- * update to newest standards version
-
- -- Christoph Martin <Christoph.Martin at Uni-Mainz.DE> Thu, 17 Jul 2008 09:53:01 +0200
-
-openssl (0.9.8g-10.1) unstable; urgency=high
-
- * Non-maintainer upload by the Security team.
- * Fix denial of service if the 'Server Key exchange message'
- is omitted from a TLS handshake which could lead to a client
- crash (CVE-2008-1672; Closes: #483379).
- This only works if openssl is compiled with enable-tlsext which is
- done in Debian.
- * Fix double free in TLS server name extension which leads to a remote
- denial of service (CVE-2008-0891; Closes: #483379).
-
- -- Nico Golde <nion at debian.org> Tue, 27 May 2008 11:13:44 +0200
-
-openssl (0.9.8g-10) unstable; urgency=low
-
- * undefine HZ so that the code falls back to sysconf(_SC_CLK_TCK)
- to fix a build failure on alpha.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 08 May 2008 17:56:13 +0000
-
-openssl (0.9.8g-9) unstable; urgency=high
-
- [ Christoph Martin ]
- * Include updated debconf translations (closes: #473477, #461597,
- #461880, #462011, #465517, #475439)
-
- [ Kurt Roeckx ]
- * ssleay_rand_add() really needs to call MD_Update() for buf.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 07 May 2008 20:32:12 +0200
-
-openssl (0.9.8g-8) unstable; urgency=high
-
- * Don't add extensions to ssl v3 connections. It breaks with some
- other software. (Closes: #471681)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 23 Mar 2008 17:50:04 +0000
-
-openssl (0.9.8g-7) unstable; urgency=low
-
- * Upload to unstable.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Feb 2008 22:22:29 +0000
-
-openssl (0.9.8g-6) experimental; urgency=low
-
- * Bump shlibs.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 09 Feb 2008 15:42:22 +0100
-
-openssl (0.9.8g-5) experimental; urgency=low
-
- * Enable tlsext. This changes the ABI, but should hopefully
- not cause any problems. (Closes: #462596)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 09 Feb 2008 13:32:49 +0100
-
-openssl (0.9.8g-4) unstable; urgency=low
-
- * Fix aes ige test speed not to overwrite it's buffer and
- cause segfauls. Thanks to Tim Hudson (Closes: #459619)
- * Mark some strings in the templates as non translatable.
- Patch from Christian Perrier <bubulle at debian.org> (Closes: #450418)
- * Update Dutch debconf translation (Closes: #451290)
- * Update French debconf translation (Closes: #451375)
- * Update Catalan debconf translation (Closes: #452694)
- * Update Basque debconf translation (Closes: #457285)
- * Update Finnish debconf translation (Closes: #458261)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 16 Jan 2008 21:49:43 +0100
-
-openssl (0.9.8g-3) unstable; urgency=low
-
- * aes-586.pl: push %ebx on the stack before we put some things on the
- stack and call a function, giving AES_decrypt() wrong values to work
- with. (Closes: #449200)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 04 Nov 2007 21:49:00 +0100
-
-openssl (0.9.8g-2) unstable; urgency=low
-
- * Avoid text relocations on i386 caused by the assembler versions:
- - x86unix.pl: Create a function_begin_B_static to create a
- static/local assembler function.
- - aes-586.pl: Use the function_begin_B_static for _x86_AES_decrypt
- so that it doesn't get exported and doesn't have any (text) relocations.
- - aes-586.pl: Set up ebx to point to the GOT and call AES_set_encrypt_key
- via the PLT to avoid a relocation.
- - x86unix.pl: Call the init function via the PLT, avoiding a relocation
- in case of a PIC object.
- - cbc.pl: Call functions via the PLT.
- - desboth.pl: Call DES_encrypt2 via the PLT.
- * CA.sh should use the v3_ca extension when called with -newca
- (Closes: #428051)
- * Use -Wa,--noexecstack for all arches in Debian. (Closes: #430583)
- * Convert the failure message when services fail restart to a debconf
- message.
- * To restart a service, just restart, instead of stop and start.
- Hopefully fixes #444946
- * Also remove igetest from the test dir in the clean target.
- (Closes: #424362)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 03 Nov 2007 13:25:45 +0100
-
-openssl (0.9.8g-1) unstable; urgency=low
-
- * New upstream release
- - Fixes version number not to say it's a development version.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 20 Oct 2007 12:47:10 +0200
-
-openssl (0.9.8f-1) unstable; urgency=low
-
- * New upstream release
- - Fixes DTLS issues, also fixes CVE-2007-4995 (Closes: #335703, #439737)
- - Proper inclusion of opensslconf.h in pq_compat.h (Closes: #408686)
- - New function SSL_set_SSL_CTX: bump shlibs.
- * Remove build dependency on gcc > 4.2
- * Remove the openssl preinst, it looks like a workaround
- for a change in 0.9.2b where config files got moved. (Closes: #445095)
- * Update debconf translations:
- - Vietnamese (Closes: #426988)
- - Danish (Closes: #426774)
- - Slovak (Closes: #440723)
- - Finnish (Closes: #444258)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 13 Oct 2007 00:47:22 +0200
-
-openssl (0.9.8e-9) unstable; urgency=high
-
- * CVE-2007-5135: Fix off by one error in SSL_get_shared_ciphers().
- (Closes: #444435)
- * Add postgresql-8.2 to the list of services to check.
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 28 Sep 2007 19:47:33 +0200
-
-openssl (0.9.8e-8) unstable; urgency=low
-
- * Fix another case of the "if this code is reached, the program will abort"
- (Closes: #429740)
- * Temporary force to build with gcc >= 4.2
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 02 Sep 2007 18:12:11 +0200
-
-openssl (0.9.8e-7) unstable; urgency=low
-
- * Fix problems with gcc-4.2 (Closes: #429740)
- * Stop using -Bsymbolic to create the shared library.
- * Make x86_64cpuid.pl use PIC.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 02 Sep 2007 16:15:18 +0200
-
-openssl (0.9.8e-6) unstable; urgency=high
-
- * Add fix for CVE-2007-3108 (Closes: #438142)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 15 Aug 2007 19:49:54 +0200
-
-openssl (0.9.8e-5) unstable; urgency=low
-
- [ Christian Perrier ]
- * Debconf templates proofread and slightly rewritten by
- the debian-l10n-english team as part of the Smith Review Project.
- Closes: #418584
- * Debconf templates translations:
- - Arabic. Closes: #418669
- - Russian. Closes: #418670
- - Galician. Closes: #418671
- - Swedish. Closes: #418679
- - Korean. Closes: #418755
- - Czech. Closes: #418768
- - Basque. Closes: #418784
- - German. Closes: #418785
- - Traditional Chinese. Closes: #419915
- - Brazilian Portuguese. Closes: #419959
- - French. Closes: #420429
- - Italian. Closes: #420461
- - Japanese. Closes: #420482
- - Catalan. Closes: #420833
- - Dutch. Closes: #420925
- - Malayalam. Closes: #420986
- - Portuguese. Closes: #421032
- - Romanian. Closes: #421708
-
- [ Kurt Roeckx ]
- * Remove the Provides for the udeb. Patch from Frans Pop. (Closes: #419608)
- * Updated Spanish debconf template. (Closes: #421336)
- * Do the header changes, changing those defines into real functions,
- and bump the shlibs to match.
- * Update Japanese debconf translation. (Closes: #422270)
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 15 May 2007 17:21:08 +0000
-
-openssl (0.9.8e-4) unstable; urgency=low
-
- * openssl should depend on libssl0.9.8 0.9.8e-1 since it
- uses some of the defines that changed to functions.
- Other things build against libssl or libcrypto shouldn't
- have this problem since they use the old headers.
- (Closes: #414283)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Mar 2007 17:11:46 +0000
-
-openssl (0.9.8e-3) unstable; urgency=low
-
- * Add nagios-nrpe-server to the list of services to be checked
- (Closes: #391188)
- * EVP_CIPHER_CTX_key_length() should return the set key length in the
- EVP_CIPHER_CTX structure which may not be the same as the underlying
- cipher key length for variable length ciphers.
- From upstream CVS. (Closes: #412979)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 4 Mar 2007 23:22:51 +0000
-
-openssl (0.9.8e-2) unstable; urgency=low
-
- * Undo include changes that change defines into real functions,
- but keep the new functions in the library.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 25 Feb 2007 19:19:19 +0000
-
-openssl (0.9.8e-1) unstable; urgency=low
-
- * New upstream release
- - Inludes security fixes for CVE-2006-2937, CVE-2006-2940,
- CVE-2006-3738, CVE-2006-4343 (Closes: #408902)
- - s_client now properly works with SMTP. Also added support
- for IMAP. (closes: #221689)
- - Load padlock modules (Closes: #345656, #368476)
- * Add clamav-freshclam and clamav-daemon to the list of service that
- need to be restarted. (Closes: #391191)
- * Add armel support. Thanks to Guillem Jover <guillem.jover at nokia.com>
- for the patch. (Closes: #407196)
- * Add Portuguese translations. Thanks to Carlos Lisboa. (Closes: 408157)
- * Add Norwegian translations. Thanks to Bjørn Steensrud
- <bjornst at powertech.no> (Closes: #412326)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 25 Feb 2007 18:06:28 +0000
-
-openssl (0.9.8c-4) unstable; urgency=low
-
- * Add German debconf translation. Thanks to
- Johannes Starosta <feedback-an-johannes at arcor.de> (Closes: #388108)
- * Make c_rehash look for both .pem and .crt files. Also make it support
- files in DER format. Patch by "Yauheni Kaliuta" <y.kaliuta at gmail.com>
- (Closes: #387089)
- * Use & instead of && to check a flag in the X509 policy checking.
- Patch from upstream cvs. (Closes: #397151)
- * Also restart slapd for security updates (Closes: #400221)
- * Add Romanian debconf translation. Thanks to
- stan ioan-eugen <stan.ieugen at gmail.com> (Closes: #393507)
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 30 Nov 2006 20:57:46 +0000
-
-openssl (0.9.8c-3) unstable; urgency=low
-
- * Fix patch for CVE-2006-2940, it left ctx unintiliased.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 2 Oct 2006 18:05:00 +0200
-
-openssl (0.9.8c-2) unstable; urgency=high
-
- * Fix security vulnerabilities (CVE-2006-2937, CVE-2006-2940,
- CVE-2006-3738, CVE-2006-4343). Urgency set to high.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 27 Sep 2006 21:24:55 +0000
-
-openssl (0.9.8c-1) unstable; urgency=low
-
- * New upstream release
- - block padding bug with compression now fixed upstream, using
- their patch.
- - Includes the RSA Signature Forgery (CVE-2006-4339) patch.
- - New functions AES_bi_ige_encrypt and AES_ige_encrypt:
- bumping shlibs to require 0.9.8c-1.
- * Change the postinst script to check that ntp is installed instead
- of ntp-refclock and ntp-simple. The binary is now in the ntp
- package.
- * Move the modified rand/md_rand.c file to the right place,
- really fixing #363516.
- * Add partimage-server conserver-server and tor to the list of service
- to check for restart. Add workaround for openssh-server so it finds
- the init script. (Closes: #386365, #386400, #386513)
- * Add manpage for c_rehash.
- Thanks to James Westby <jw+debian at jameswestby.net> (Closes: #215618)
- * Add Lithuanian debconf translation.
- Thanks to Gintautas Miliauskas <gintas at akl.lt> (Closes: #374364)
- * Add m32r support.
- Thanks to Kazuhiro Inaoka <inaoka.kazuhiro at renesas.com>
- (Closes: #378689)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 17 Sep 2006 14:47:59 +0000
-
-openssl (0.9.8b-3) unstable; urgency=high
-
- * Fix RSA Signature Forgery (CVE-2006-4339) using patch provided
- by upstream.
- * Restart services using a smaller version that 0.9.8b-3, so
- they get the fixed version.
- * Change the postinst to check for postfix instead of postfix-tls.
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 5 Sep 2006 18:26:10 +0000
-
-openssl (0.9.8b-2) unstable; urgency=low
-
- * Don't call gcc with -mcpu on i386, we already use -march, so no need for
- -mtune either.
- * Always make all directories when building something:
- - The engines directory didn't get build for the static directory, so
- where missing in libcrypo.a
- - The apps directory didn't always get build, so we didn't have an openssl
- and a small part of the regression tests failed.
- * Make the package fail to build if the regression tests fail.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 15 May 2006 16:00:58 +0000
-
-openssl (0.9.8b-1) unstable; urgency=low
-
- * New upstream release
- - New functions added (EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_free), bump shlibs.
- - CA.pl/CA.sh now calls openssl ca with -extensions v3_ca, setting CA:TRUE
- instead of FALSE.
- - CA.pl/CA.sh creates crlnumber now. (Closes: #347612)
- * Run debconf-updatepo, which really already was in the 0.9.8a-8 version
- as it was uploaded.
- * Add Galician debconf translation. Patch from
- Jacobo Tarrio <jtarrio at trasno.net> (Closes: #361266)
- * libssl0.9.8.postinst makes uses of bashisms (local variables)
- so use #!/bin/bash
- * libssl0.9.8.postinst: Call set -e after sourcing the debconf
- script.
- * libssl0.9.8.postinst: Change list of service that may need
- to be restarted:
- - Replace ssh by openssh-server
- - Split postgresql in postgresql-7.4 postgresql-8.0 postgresql-8.1
- - Add: dovecot-common bind9 ntp-refclock ntp-simple openntpd clamcour
- fetchmail ftpd-ssl proftpd proftpd-ldap proftpd-mysql proftpd-pgsql
- * libssl0.9.8.postinst: The check to see if something was installed
- wasn't working.
- * libssl0.9.8.postinst: Add workaround to find the name of the init
- script for proftpd and dovecot.
- * libssl0.9.8.postinst: Use invoke-rc.d when it's available.
- * Change Standards-Version to 3.7.0:
- - Make use of invoke-rc.d
- * Add comment to README.Debian that rc5, mdc2 and idea have been
- disabled (since 0.9.6b-3) (Closes: #362754)
- * Don't add uninitialised data to the random number generator. This stop
- valgrind from giving error messages in unrelated code.
- (Closes: #363516)
- * Put the FAQ in the openssl docs.
- * Add russian debconf translations from Yuriy Talakan <yt at amur.elektra.ru>
- (Closes #367216)
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 4 May 2006 20:40:03 +0200
-
-openssl (0.9.8a-8) unstable; urgency=low
-
- * Call pod2man with the proper section. Section changed
- from 1/3/5/7 to 1SSL/3SSL/5SSL/7SSL. The name of the files
- already had the ssl in, the section didn't. The references
- to other manpage is still wrong.
- * Don't install the LICENSE file, it's already in the copyright file.
- * Don't set an rpath on openssl to point to /usr/lib.
- * Add support for kfreebsd-amd64. (Closes: #355277)
- * Add udeb to the shlibs. Patch from Frans Pop <aragorn at tiscali.nl>
- (Closes: #356908)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 11 Feb 2006 14:14:37 +0100
-
-openssl (0.9.8a-7) unstable; urgency=high
-
- * Add italian debconf templates. Thanks to Luca Monducci.
- (Closes: #350249)
- * Change the debconf question to use version 0.9.8-3
- instead of 0.9.8-1, since that's the last version
- with a security fix.
- * Call conn_state() if the BIO is not in the BIO_CONN_S_OK state
- (Closes: #352047). RC bug affecting testing, so urgency high.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 9 Feb 2006 19:07:56 +0100
-
-openssl (0.9.8a-6) unstable; urgency=low
-
- * Remove empty postinst/preinst/prerm scripts. There is no need
- to have empty ones, debhelper will add them when needed.
- * Remove the static pic libraries. Nobody should be linking
- it's shared libraries static to libssl or libcrypto.
- This was added for opensc who now links to it shared.
- * Do not assume that in case the sequence number is 0 and the
- packet has an odd number of bytes that the other side has
- the block padding bug, but try to check that it actually
- has the bug. The wrong detection of this bug resulted
- in an "decryption failed or bad record mac" error in case
- both sides were using zlib compression. (Closes: #338006)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 21 Jan 2006 16:25:41 +0100
-
-openssl (0.9.8a-5) unstable; urgency=low
-
- * Stop ssh from crashing randomly on sparc (Closes: #335912)
- Patch from upstream cvs.
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 13 Dec 2005 21:37:42 +0100
-
-openssl (0.9.8a-4) unstable; urgency=low
-
- * Call dh_makeshlibs with the proper version instead of putting
- it in shlibs.local, which doesn't seem to do anything. 0.9.8a-1
- added symbol versioning, so it should have bumped the shlibs.
- (Closes: #338284)
- * The openssl package had a duplicate dependency on libssl0.9.8,
- only require the version as required by the shlibs.
- * Make libssl-dev depend on zlib1g-dev, since it's now required for
- static linking. (Closes: #338313)
- * Generate .pc files that make use of Libs.private, so things only
- link to the libraries they should when linking shared.
- * Use -m64 instead of -bpowerpc64-linux on ppc64. (Closes: #335486)
- * Make powerpc and ppc64 use the assembler version for bn. ppc64
- had the location in the string wrong, powerpc had it missing.
- * Add includes for stddef to get size_t in md2.h, md4.h, md5.h,
- ripemd.h and sha.h. (Closes: #333101)
- * Run make test for each of the versions we build, make it
- not fail the build process if an error is found.
- * Add build dependency on bc for the regression tests.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Nov 2005 16:01:05 +0100
-
-openssl (0.9.8a-3) unstable; urgency=high
-
- * Link to libz instead of dynamicly loading it. It gets loaded
- at the moment the library is initialised, so there is no point
- in not linking to it. It's now failing in some cases since
- it's not opened by it's soname, but by the symlink to it.
- This should hopefully solve most of the bugs people have reported
- since the move to libssl0.9.8.
- (Closes: #334180, #336140, #335271)
- * Urgency set to high because it fixes a grave bug affecting testing.
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 1 Nov 2005 14:56:40 +0100
-
-openssl (0.9.8a-2) unstable; urgency=low
-
- * Add Build-Dependency on m4, since sparc needs it to generate
- it's assembler files. (Closes: #334542)
- * Don't use rc4-x86_64.o on amd64 for now, it seems to be broken
- and causes a segfault. (Closes: #334501, #334502)
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 18 Oct 2005 19:05:53 +0200
-
-openssl (0.9.8a-1) unstable; urgency=low
-
- Christoph Martin:
- * fix asm entries for some architectures, fixing #332758 properly.
- * add noexecstack option to i386 subarch
- * include symbol versioning in Configure (closes: #330867)
- * include debian-armeb arch (closes: #333579)
- * include new upstream patches; includes some minor fixes
- * fix dh_shlibdeps line, removing the redundant dependency on
- libssl0.9.8 (closes: #332755)
- * add swedish debconf template (closes: #330554)
-
- Kurt Roeckx:
- * Also add noexecstack option for amd64, since it now has an
- executable stack with the assembler fixes for amd64.
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 17 Oct 2005 17:01:06 +0200
-
-openssl (0.9.8-3) unstable; urgency=low
-
- * Apply security fix for CAN-2005-2969. (Closes: #333500)
- * Change priority of -dbg package to extra.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 12 Oct 2005 22:38:58 +0200
-
-openssl (0.9.8-2) unstable; urgency=low
-
- * Don't use arch specific assembler. Should fix build failure on
- ia64, sparc and amd64. (Closes: #332758)
- * Add myself to the uploaders.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 10 Oct 2005 19:22:36 +0200
-
-openssl (0.9.8-1) unstable; urgency=low
-
- * New upstream release (closes: #311826)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 29 Sep 2005 14:20:04 +0200
-
-openssl (0.9.7g-3) unstable; urgency=low
-
- * change Configure line for debian-freebsd-i386 to debian-kfreebsd-i386
- (closes: #327692)
- * include -dbg version. That implies compiling with -g and without
- -fomit-frame-pointer (closes: #293823, #153811)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 23 Sep 2005 13:51:57 +0200
-
-openssl (0.9.7g-2) unstable; urgency=low
-
- * really include nl translation
- * remove special ia64 code from rc4 code to make the abi compatible to
- older 0.9.7 versions (closes: #310489, #309274)
- * fix compile flag for debian-ppc64 (closes: #318750)
- * small fix in libssl0.9.7.postinst (closes: #239956)
- * fix pk7_mime.c to prevent garbled messages because of to early memory
- free (closes: #310184)
- * include vietnamese debconf translation (closes: #316689)
- * make optimized i386 libraries have non executable stack (closes:
- #321721)
- * remove leftover files from ssleay
- * move from dh_installmanpages to dh_installman
- * change Maintainer to pkg-openssl-devel at lists.alioth.debian.org
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 7 Sep 2005 15:32:54 +0200
-
-openssl (0.9.7g-1) unstable; urgency=low
-
- * New upstream release
- * Added support for proxy certificates according to RFC 3820.
- Because they may be a security thread to unaware applications,
- they must be explicitely allowed in run-time. See
- docs/HOWTO/proxy_certificates.txt for further information.
- * Prompt for pass phrases when appropriate for PKCS12 input format.
- * Back-port of selected performance improvements from development
- branch, as well as improved support for PowerPC platforms.
- * Add lots of checks for memory allocation failure, error codes to indicate
- failure and freeing up memory if a failure occurs.
- * Perform some character comparisons of different types in X509_NAME_cmp:
- this is needed for some certificates that reencode DNs into UTF8Strings
- (in violation of RFC3280) and can't or wont issue name rollover
- certificates.
- * corrected watchfile
- * added upstream source url (closes: #292904)
- * fix typo in CA.pl.1 (closes: #290271)
- * change debian-powerpc64 to debian-ppc64 and adapt the configure
- options to be the same like upstream (closes: #289841)
- * include -signcert option in CA.pl usage
- * compile with zlib-dynamic to use system zlib (closes: #289872)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 9 May 2005 23:32:03 +0200
-
-openssl (0.9.7e-3) unstable; urgency=high
-
- * really fix der_chop. The fix from -1 was not really included (closes:
- #281212)
- * still fixes security problem CAN-2004-0975 etc.
- - tempfile raise condition in der_chop
- - Avoid a race condition when CRLs are checked in a multi threaded
- environment.
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Dec 2004 18:41:29 +0100
-
-openssl (0.9.7e-2) unstable; urgency=high
-
- * fix perl path in der_chop and c_rehash (closes: #281212)
- * still fixes security problem CAN-2004-0975 etc.
- - tempfile raise condition in der_chop
- - Avoid a race condition when CRLs are checked in a multi threaded
- environment.
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 14 Nov 2004 20:16:21 +0100
-
-openssl (0.9.7e-1) unstable; urgency=high
-
- * SECURITY UPDATE: fix insecure temporary file handling
- * apps/der_chop:
- - replaced $$-style creation of temporary files with
- File::Temp::tempfile()
- - removed unused temporary file name in do_certificate()
- * References:
- CAN-2004-0975 (closes: #278260)
- * fix ASN1_STRING_to_UTF8 with UTF8 (closes: #260357)
- * New upstream release with security fixes
- - Avoid a race condition when CRLs are checked in a multi threaded
- environment.
- - Various fixes to s3_pkt.c so alerts are sent properly.
- - Reduce the chances of duplicate issuer name and serial numbers (in
- violation of RFC3280) using the OpenSSL certificate creation
- utilities.
- * depends openssl on perl-base instead of perl (closes: #280225)
- * support powerpc64 in Configure (closes: #275224)
- * include cs translation (closes: #273517)
- * include nl translation (closes: #272479)
- * Fix default dir of c_rehash (closes: #253126)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 12 Nov 2004 14:11:15 +0100
-
-openssl (0.9.7d-5) unstable; urgency=low
-
- * Make S/MIME encrypt work again (backport from CVS) (closes: #241407,
- #241386)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 26 Jul 2004 17:22:42 +0200
-
-openssl (0.9.7d-4) unstable; urgency=low
-
- * add Catalan translation (closes: #248749)
- * add Spanish translation (closes: #254561)
- * include NMU fixes: see below
- * decrease optimisation level for debian-arm to work around gcc bug
- (closes: #253848) (thanks to Steve Langasek and Thom May)
- * Add libcrypto0.9.7-udeb. (closes: #250010) (thanks to Bastian Blank)
- * Add watchfile
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 14 Jul 2004 14:31:02 +0200
-
-openssl (0.9.7d-3) unstable; urgency=low
-
- * rename -pic.a libraries to _pic.a (closes: #250016)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 24 May 2004 17:02:29 +0200
-
-openssl (0.9.7d-2) unstable; urgency=low
-
- * include PIC libs (libcrypto-pic.a and libssl-pic.a) to libssl-dev
- (closes: #246928, #243999)
- * add racoon to restart list (closes: #242652)
- * add Brazilian, Japanese and Danish translations (closes: #242087,
- #241830, #241705)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 11 May 2004 10:13:49 +0200
-
-openssl (0.9.7d-1) unstable; urgency=high
-
- * new upstream
- * fixes security holes (http://www.openssl.org/news/secadv_20040317.txt)
- (closes: #238661)
- * includes support for debian-amd64 (closes: #235551, #232310)
- * fix typo in pem.pod (closes: #219873)
- * fix typo in libssl0.9.7.templates (closes: #224690)
- * openssl suggests ca-certificates (closes: #217180)
- * change debconf template to gettext format (closes: #219013)
- * include french debconf template (closes: #219014)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 18 Mar 2004 16:18:43 +0100
-
-openssl (0.9.7c-5) unstable; urgency=low
-
- * include openssl.pc into libssl-dev (closes: #212545)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Oct 2003 16:31:32 +0200
-
-openssl (0.9.7c-4) unstable; urgency=low
-
- * change question to restart services to debconf (closes: #214840)
- * stop using dh_undocumented (closes: #214831)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 10 Oct 2003 15:40:48 +0200
-
-openssl (0.9.7c-3) unstable; urgency=low
-
- * fix POSIX conformance for head in libssl0.9.7.postinst (closes:
- #214700)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 8 Oct 2003 14:02:38 +0200
-
-openssl (0.9.7c-2) unstable; urgency=low
-
- * add filerc macro to libssl0.9.7.postinst (closes: #213906)
- * restart spamassassins spamd on upgrade (closes: #214106)
- * restart more services on upgrade
- * fix EVP_BytesToKey manpage (closes: #213715)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 7 Oct 2003 15:01:32 +0200
-
-openssl (0.9.7c-1) unstable; urgency=high
-
- * upstream security fix (closes: #213451)
- - Fix various bugs revealed by running the NISCC test suite:
- Stop out of bounds reads in the ASN1 code when presented with
- invalid tags (CAN-2003-0543 and CAN-2003-0544).
- Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
- If verify callback ignores invalid public key errors don't try to check
- certificate signature with the NULL public key.
- - In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
- if the server requested one: as stated in TLS 1.0 and SSL 3.0
- specifications.
- * more minor upstream bugfixes
- * fix formatting in c_issuer (closes: #190026)
- * fix Debian-FreeBSD support (closes: #200381)
- * restart some services in postinst to make them use the new libraries
- * remove duplicated openssl.1, crypto.3 and ssl.3 (closes: #198594)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 1 Oct 2003 08:54:27 +0200
-
-openssl (0.9.7b-2) unstable; urgency=high
-
- * fix permission of /etc/ssl/private to 700 again
- * change section of libssl-dev to libdevel
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 23 Apr 2003 11:13:24 +0200
-
-openssl (0.9.7b-1) unstable; urgency=high
-
- * upstream security fix
- - Countermeasure against the Klima-Pokorny-Rosa extension of
- Bleichbacher's attack on PKCS #1 v1.5 padding: treat
- a protocol version number mismatch like a decryption error
- in ssl3_get_client_key_exchange (ssl/s3_srvr.c). (CAN-2003-0131)
- (closes: #189087)
- - Turn on RSA blinding by default in the default implementation
- to avoid a timing attack. Applications that don't want it can call
- RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
- They would be ill-advised to do so in most cases. (CAN-2003-0147)
- - Change RSA blinding code so that it works when the PRNG is not
- seeded (in this case, the secret RSA exponent is abused as
- an unpredictable seed -- if it is not unpredictable, there
- is no point in blinding anyway). Make RSA blinding thread-safe
- by remembering the creator's thread ID in rsa->blinding and
- having all other threads use local one-time blinding factors
- (this requires more computation than sharing rsa->blinding, but
- avoids excessive locking; and if an RSA object is not shared
- between threads, blinding will still be very fast).
- for more details see the CHANGES file
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 16 Apr 2003 10:32:57 +0200
-
-openssl (0.9.7a-1) unstable; urgency=high
-
- * upstream Security fix
- - In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
- via timing by performing a MAC computation even if incorrrect
- block cipher padding has been found. This is a countermeasure
- against active attacks where the attacker has to distinguish
- between bad padding and a MAC verification error. (CAN-2003-0078)
- for more details see the CHANGES file
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 21 Feb 2003 22:39:40 +0100
-
-openssl (0.9.7-4) unstable; urgency=low
-
- * use DH_COMPAT=3 to build
- * move i686 to i686/cmov to fix problems on Via C3. For that to work we
- have to depend on the newest libc6 on i386 (closes: #177891)
- * fix bug in ui_util.c (closes: #177615)
- * fix typo in md5.h (closes: #178112)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 24 Jan 2003 10:22:56 +0100
-
-openssl (0.9.7-3) unstable; urgency=low
-
- * enable build of ultrasparc code on non ultrasparc machines (closes:
- #177024)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 17 Jan 2003 08:22:13 +0100
-
-openssl (0.9.7-2) unstable; urgency=low
-
- * include changes between 0.9.6g-9 and -10
- * fix problem in build-process on i386 with libc6 version number
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 13 Jan 2003 14:26:56 +0100
-
-openssl (0.9.7-1) unstable; urgency=low
-
- * new upstream
- * includes engine support
- * a lot of bugfixes and enhancements, see the CHANGES file
- * include AES encryption
- * makes preview of certificate configurable (closes: #176059)
- * fix x509 manpage (closes: #168070)
- * fix declaration of ERR_load_PEM_string in pem.h (closes: #141360)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 11 Jan 2003 09:12:16 +0100
-
-openssl (0.9.6g-10) unstable; urgency=low
-
- * fix problem in build-process on i386 with libc6 version number
- (closes: #167096)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 4 Nov 2002 12:27:21 +0100
-
-openssl (0.9.6g-9) unstable; urgency=low
-
- * fix typo in i386 libc6 depend (sigh) (closes: #163848)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 8 Oct 2002 23:29:20 +0200
-
-openssl (0.9.6g-8) unstable; urgency=low
-
- * fix libc6 depends. Only needed for i386 (closes: #163701)
- * remove SHLIB section for bsds from Configure (closes: #163585)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 8 Oct 2002 10:57:35 +0200
-
-openssl (0.9.6g-7) unstable; urgency=low
-
- * enable i686 optimisation and depend on fixed glibc (closes: #163500)
- * remove transition package ssleay
- * include optimisation vor sparcv8 (closes: #139996)
- * improve optimisation vor sparcv9
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 6 Oct 2002 14:07:12 +0200
-
-openssl (0.9.6g-6) unstable; urgency=low
-
- * temporarily disable i686 optimisation (See bug in glibc #161788)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 21 Sep 2002 18:56:49 +0200
-
-openssl (0.9.6g-5) unstable; urgency=low
-
- * i486 can use i586 assembler
- * include set -xe in the for loops in the rules files to make it abort
- on error (closes: #161768)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 21 Sep 2002 16:23:11 +0200
-
-openssl (0.9.6g-4) unstable; urgency=low
-
- * fix optimization for alpha and sparc
- * add optimization for i486
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 20 Sep 2002 22:36:19 +0200
-
-openssl (0.9.6g-3) unstable; urgency=low
-
- * add optimized libraries for i586, i686, ev4, ev5 and v9 (closes: #139783)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 19 Sep 2002 18:33:04 +0200
-
-openssl (0.9.6g-2) unstable; urgency=low
-
- * fix manpage names (closes: #156717, #156718, #156719, #156721)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 15 Aug 2002 11:26:37 +0200
-
-openssl (0.9.6g-1) unstable; urgency=low
-
- * new upstream version
- * Use proper error handling instead of 'assertions' in buffer
- overflow checks added in 0.9.6e. This prevents DoS (the
- assertions could call abort()). (closes: #155985, #156495)
- * Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
- and get fix the header length calculation.
- * include support for new sh* architectures (closes: #155117)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 14 Aug 2002 13:59:22 +0200
-
-openssl (0.9.6e-1) unstable; urgency=high
-
- * fixes remote exploits (see DSA-136-1)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 30 Jul 2002 18:32:28 +0200
-
-openssl (0.9.6d-1) unstable; urgency=low
-
- * new upstream (minor) version
- * includes Configure lines for debian-*bsd-* (closes: #130413)
- * fix wrong prototype for BN_pseudo_rand_range in BN_rand(3ssl) (closes:
- #144586)
- * fix typos in package description (closes: #141469)
- * fix typo in SSL_CTX_set_cert_store manpage (closes: #135297)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 3 Jun 2002 19:42:10 +0200
-
-openssl (0.9.6c-2) unstable; urgency=low
-
- * moved from non-US to main
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 19 Mar 2002 14:48:39 +0100
-
-openssl (0.9.6c-1) unstable; urgency=low
-
- * new upstream version with a lot of bugfixes
- * remove directory /usr/include/openssl from openssl package (closes:
- bug #121226)
- * remove selfdepends from libssl0.9.6
- * link openssl binary shared again
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 5 Jan 2002 19:04:31 +0100
-
-openssl (0.9.6b-4) unstable; urgency=low
-
- * build with -D_REENTRANT for threads support on all architectures
- (closes: #112329, #119239)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 24 Nov 2001 12:17:51 +0100
-
-openssl (0.9.6b-3) unstable; urgency=low
-
- * disable idea, mdc2 and rc5 because they are not free (closes: #65368)
- * ready to be moved from nonus to main
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 21 Nov 2001 17:51:41 +0100
-
-openssl (0.9.6b-2) unstable; urgency=high
-
- * fix definition of crypt in des.h (closes: #107533)
- * fix descriptions (closes: #109503)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 17 Sep 2001 15:38:27 +0200
-
-openssl (0.9.6b-1) unstable; urgency=medium
-
- * new upstream fixes some security issues (closes: #105835, #100146)
- * added support for s390 (closes: #105681)
- * added support for sh (closes: #100003)
- * change priority of libssl096 to standard as ssh depends on it (closes:
- #105440)
- * don't optimize for i486 to support i386. (closes: #104127, #82194)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 20 Jul 2001 15:52:42 +0200
-
-openssl (0.9.6a-3) unstable; urgency=medium
-
- * add perl-base to builddeps
- * include static libraries in libssl-dev (closes: #93688)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 14 May 2001 20:16:06 +0200
-
-openssl (0.9.6a-2) unstable; urgency=medium
-
- * change Architecture of ssleay from any to all (closes: #92913)
- * depend libssl-dev on the exact same version of libssl0.9.6 (closes:
- #88939)
- * remove lib{crypto,ssl}.a from openssl (closes: #93666)
- * rebuild with newer gcc to fix atexit problem (closes: #94036)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 2 May 2001 12:28:39 +0200
-
-openssl (0.9.6a-1) unstable; urgency=medium
-
- * new upstream, fixes some security bugs (closes: #90584)
- * fix typo in s_server manpage (closes: #89756)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 10 Apr 2001 12:13:11 +0200
-
-openssl (0.9.6-2) unstable; urgency=low
-
- * policy: reorganisation of package names: libssl096 -> libssl0.9.6,
- libssl096-dev -> libssl-dev (closes: #83426)
- * libssl0.9.6 drops replaces libssl09 (Closes: #83425)
- * install upstream CHANGES files (Closes: #83430)
- * added support for hppa and ia64 (Closes: #88790)
- * move man3 manpages to libssl-dev (Closes: #87546)
- * fix formating problem in rand_add(1) (Closes: #87547)
- * remove manpage duplicates (Closes: #87545, #74986)
- * make package descriptions clearer (Closes: #83518, #83444)
- * increase default emailAddress_max from 40 to 60 (Closes: #67238)
- * removed RSAREF warning (Closes: #84122)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 8 Mar 2001 14:24:00 +0100
-
-openssl (0.9.6-1) unstable; urgency=low
-
- * New upstream version (Thanks to Enrique Zanardi <ezanard at debian.org>)
- (closes: #72388)
- * Add support for debian-hurd (closes: #76032)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 13 Nov 2000 22:30:46 +0100
-
-openssl (0.9.5a-5) unstable; urgency=low
-
- * move manpages in standard directories with section ssl (closes:
- #72152, #69809)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 5 Oct 2000 19:56:20 +0200
-
-openssl (0.9.5a-4) unstable; urgency=low
-
- * include edg_rand_bytes patch from and for apache-ssl
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 23 Sep 2000 16:48:06 +0200
-
-openssl (0.9.5a-3) unstable; urgency=low
-
- * fix call to dh_makeshlibs to create correct shlibs file and make
- dependend programs link correctly (closes: Bug#61658)
- * include a note in README.debian concerning the location of the
- subcommand manpages (closes: Bug#69809)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 16 Sep 2000 19:10:50 +0200
-
-openssl (0.9.5a-2) unstable; urgency=low
-
- * try to fix the sharedlib problem. change soname of library
- (closes: Bug#4622, #66102, #66538, #66123)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 12 Jul 2000 03:26:30 +0200
-
-openssl (0.9.5a-1) unstable; urgency=low
-
- * new upstream version (major changes see file NEWS) (closes: Bug#63976,
- #65239, #65358)
- * new library package libssl095a because of probably changed library
- interface (closes: Bug#46222)
- * added architecture mips and mipsel (closes: Bug#62437, #60366)
- * provide shlibs.local file in build to help build if libraries are not
- yet installed (closes: Bug#63984)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 11 Jun 2000 15:17:35 +0200
-
-openssl (0.9.4-5) frozen unstable; urgency=medium
-
- * cleanup of move of doc directories to /usr/share/doc (closes:
- Bug#56430)
- * lintian issues (closes: Bug#49358)
- * move demos from openssl to libssl09-dev (closes: Bug#59201)
- * move to debhelpers
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 11 Mar 2000 10:38:04 +0100
-
-openssl (0.9.4-4) unstable; urgency=medium
-
- * Added 'debian-arm' in 'Configure'. (closes: Bug#54251, #54766)
- * Fixed Configure for 'debian-m68k' (closes: Bug#53636)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 15 Jan 2000 13:16:18 +0100
-
-openssl (0.9.4-3) unstable; urgency=low
-
- * define symbol SSLeay_add_ssl_algorithms for backward compatibility
- (closes: Bug#46882)
- * remove manpages from /usr/doc/openssl (closes: Bug#46791)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 14 Oct 1999 16:51:08 +0200
-
-openssl (0.9.4-2) unstable; urgency=low
-
- * include some more docu in pod format (Bug #43933)
- * removed -mv8 from sparc flags (Bug #44769)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 14 Sep 1999 22:04:06 +0200
-
-openssl (0.9.4-1) unstable; urgency=low
-
- * new upstream version (Closes: #42926)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 28 Aug 1999 17:04:23 +0200
-
-openssl (0.9.3a-1) unstable; urgency=low
-
- * new upstream version (Bug #38345, #38627)
- * sparc is big-endian (Bug #39973)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 7 Jul 1999 16:03:37 +0200
-
-openssl (0.9.2b-3) unstable; urgency=low
-
- * correct move conffiles to /etc/ssl (Bug #38570)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 31 May 1999 21:08:07 +0200
-
-openssl (0.9.2b-2) unstable; urgency=low
-
- * added convenience package ssleay to help upgrade to openssl (Bug
- #37185, #37623, #36326)
- * added some missing dependencies from libssl09 (Bug #36681, #35867,
- #36326)
- * move lib*.so to libssl09-dev (Bug #36761)
- * corrected version numbers of library files
- * introduce link from /usr/lib/ssl to /etc/ssl (Bug #36710)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 23 May 1999 14:57:48 +0200
-
-openssl (0.9.2b-1) unstable; urgency=medium
-
- * First openssl version
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 31 Mar 1999 15:54:26 +0200
-
-ssleay (0.9.0b-2) unstable; urgency=low
-
- * Include message about the (not)usage of RSAREF (#24409)
- * Move configfiles from /usr/lib/ssl to /etc/ssl (#26406)
- * Change definitions for sparc (#26487)
- * Added missing dependency (#28591)
- * Make debian/libtool executable (#29708)
- * /etc/ssl/lib/ssleay.cnf is now a confile (#32624)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 21 Mar 1999 19:41:04 +0100
-
-ssleay (0.9.0b-1) unstable; urgency=low
-
- * new upstream version (Bug #21227, #25971)
- * build shared libraries with -fPIC (Bug #20027)
- * support sparc architecture (Bug #28467)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 13 Oct 1998 10:20:13 +0200
-
-ssleay (0.8.1-7) frozen unstable; urgency=high
-
- * security fix patch to 0.8.1b (bug #24022)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 6 Jul 1998 15:42:15 +0200
-
-ssleay (0.8.1-6) frozen unstable; urgency=low
-
- * second try to fix bug #15235 (copyright was still missing)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 22 Jun 1998 08:56:27 +0200
-
-ssleay (0.8.1-5) frozen unstable; urgency=high
-
- * changed /dev/random to /dev/urandom (Bug #23169, #17817)
- * copyright contains now the full licence (Bug #15235)
- * fixed bug #19410 (md5sums-lists-nonexisting-file)
- * added demos to /usr/doc (Bug #17372)
- * fixed type in package description (Bug #18969)
- * fixed bug in adding documentation (Bug #21463)
- * added patch for support of debian-powerpc (Bug #21579)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 18 Jun 1998 23:09:13 +0200
-
-ssleay (0.8.1-4) unstable; urgency=low
-
- * purged dependency from libc5
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 11 Nov 1997 15:31:50 +0100
-
-ssleay (0.8.1-3) unstable; urgency=low
-
- * changed packagename libssl to libssl08 to get better dependancies
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 7 Nov 1997 14:23:17 +0100
-
-ssleay (0.8.1-2) unstable; urgency=low
-
- * linked shared libraries against libc6
- * use /dev/random for randomseed
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 5 Nov 1997 11:21:40 +0100
-
-ssleay (0.8.1-1) unstable; urgency=low
-
- * new upstream version
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Oct 1997 16:15:43 +0200
-
-ssleay (0.6.6-2) unstable; urgency=low
-
- * cleanup in diffs
- * removed INSTALL from docs (bug #13205)
- * split libssl and libssl-dev (but #13735)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 15 Oct 1997 17:38:38 +0200
-
-ssleay (0.6.6-1) unstable; urgency=low
-
- * New upstream version
- * added shared libraries for libcrypto and libssl
-
- -- Christoph Martin <martin at uni-mainz.de> Thu, 26 Jun 1997 19:26:14 +0200
-
-ssleay (0.6.4-2) unstable; urgency=low
-
- * changed doc filenames from .doc to .txt to be able to read them
- over with webbrowser
-
- -- Christoph Martin <martin at uni-mainz.de> Tue, 25 Feb 1997 14:02:53 +0100
-
-ssleay (0.6.4-1) unstable; urgency=low
-
- * Initial Release.
-
- -- Christoph Martin <martin at uni-mainz.de> Fri, 22 Nov 1996 21:29:51 +0100
Copied: openssl/tags/1.0.1g-4/debian/changelog (from rev 661, openssl/branches/1.0.1/debian/changelog)
===================================================================
--- openssl/tags/1.0.1g-4/debian/changelog (rev 0)
+++ openssl/tags/1.0.1g-4/debian/changelog 2014-05-12 21:15:20 UTC (rev 662)
@@ -0,0 +1,1768 @@
+openssl (1.0.1g-4) unstable; urgency=medium
+
+ * Update to git snapshot
+ - Fixes CVE-2014-0198 (Closes: #747432)
+ - Drop the following patches that got applied upstream:
+ fix-pod-errors.patch, CVE-2010-5298.patch,
+ CVE-2014-XXXX-Extension-checking-fixes.patch
+ * Actually restart the services when restart-without-asking is set.
+ (Closes: #745801)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 12 May 2014 22:22:16 +0200
+
+openssl (1.0.1g-3) unstable; urgency=medium
+
+ * Fix CVE-2010-5298: use-after-free race condition.
+ * Propose restarting prosody on upgrade (Closes: #744871).
+ * Add more services to be checked for restart.
+ * Fix a bug where the critical flag for TSA extended key usage is not
+ always detected, and two other similar cases.
+ * Add support for 'libraries/restart-without-asking', which allows
+ services to be restarted automatically without prompting, or
+ requiring a response instead.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 19 Apr 2014 18:38:32 +0200
+
+openssl (1.0.1g-2) unstable; urgency=emergency
+
+ * Enable checking for services that may need to be restarted (Closes: #743889)
+ * Update list of services to possibly restart
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 08 Apr 2014 19:13:08 +0200
+
+openssl (1.0.1g-1) unstable; urgency=high
+
+ * New upstream release
+ - Fixes CVE-2014-0160
+ - Fixes CVE-2014-0076
+ - Drop patches applied upstream
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 07 Apr 2014 23:17:42 +0200
+
+openssl (1.0.1f-1) unstable; urgency=high
+
+ * New upstream version
+ - Fix for TLS record tampering bug CVE-2013-4353
+ - Drop the snapshot patch
+ * update watch file to check for upstream signature and add upstream pgp key.
+ * Drop conflicts against openssh since we now on a released version again.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 06 Jan 2014 18:50:54 +0100
+
+openssl (1.0.1e-6) unstable; urgency=medium
+
+ * Add Breaks: openssh-client (<< 1:6.4p1-1.1), openssh-server (<<
+ 1:6.4p1-1.1). This is to prevent people running into #732940.
+ This Breaks can be removed again when we stop using a git snapshot.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 23 Dec 2013 15:19:17 +0100
+
+openssl (1.0.1e-5) unstable; urgency=low
+
+ * Change default digest to SHA256 instead of SHA1. (Closes: #694738)
+ * Drop support for multiple certificates in 1 file. It never worked
+ properly in the first place, and the only one shipping in
+ ca-certificates has been split.
+ * Fix libdoc-manpgs-pod-spell.patch to only fix spalling errors
+ * Remove make-targets.patch. It prevented the test dir from being cleaned.
+ * Update to a git snapshot of the OpenSSL_1_0_1-stable branch.
+ - Fixes CVE-2013-6449 (Closes: #732754)
+ - Fixes CVE-2013-6450
+ - Drop patches ssltest_no_sslv2.patch cpuid.patch aesni-mac.patch
+ dtls_version.patch get_certificate.patch, since they where all
+ already commited upstream.
+ - adjust fix-pod-errors.patch for the reordering of items in the
+ documentation they've done trying to fix those pod errors.
+ - disable rdrand engine by default (Closes: #732710)
+ * disable zlib support. Fixes CVE-2012-4929 (Closes: #728055)
+ * Add arm64 support (Closes: #732348)
+ * Properly use the default number of bits in req when none are given
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 22 Dec 2013 19:25:35 +0100
+
+openssl (1.0.1e-4) unstable; urgency=low
+
+ [ Peter Michael Green ]
+ * Fix pod errors (Closes: #723954)
+ * Fix clean target
+
+ [ Kurt Roeckx ]
+ * Add mipsn32 and mips64 targets. Patch from Eleanor Chen
+ <chenyueg at gmail.com> (Closes: #720654)
+ * Add support for nocheck in DEB_BUILD_OPTIONS
+ * Update Norwegian translation (Closes: #653574)
+ * Update description of the packages. Patch by Justin B Rye
+ (Closes: #719262)
+ * change to debhelper compat level 9:
+ - change dh_strip call so only the files from libssl1.0.0 get debug
+ symbols.
+ - change dh_makeshlibs call so the engines don't get added to the
+ shlibs
+ * Update Standards-Version from 3.8.0 to 3.9.5. No changes required.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 01 Nov 2013 17:11:53 +0100
+
+openssl (1.0.1e-3) unstable; urgency=low
+
+ * Move <openssl/opensslconf.h> to /usr/include/$(DEB_HOST_MULTIARCH), and
+ mark libssl-dev Multi-Arch: same.
+ Patch by Colin Watson <cjwatson at ubuntu.com> (Closes: #689093)
+ * Add Polish translation (Closes: #658162)
+ * Add Turkish translation (Closes: #660971)
+ * Enable assembler for the arm targets, and remove armeb.
+ Patch by Riku Voipio <riku.voipio at iki.fi> (Closes: #676533)
+ * Add support for x32 (Closes: #698406)
+ * enable ec_nistp_64_gcc_128 on *-amd64 (Closes: #698447)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 20 May 2013 16:56:06 +0200
+
+openssl (1.0.1e-2) unstable; urgency=high
+
+ * Bump shlibs. It's needed for the udeb.
+ * Make cpuid work on cpu's that don't set ecx (Closes: #699692)
+ * Fix problem with AES-NI causing bad record mac (Closes: #701868, #702635, #678353)
+ * Fix problem with DTLS version check (Closes: #701826)
+ * Fix segfault in SSL_get_certificate (Closes: #703031)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 18 Mar 2013 20:37:11 +0100
+
+openssl (1.0.1e-1) unstable; urgency=high
+
+ * New upstream version (Closes: #699889)
+ - Fixes CVE-2013-0169, CVE-2012-2686, CVE-2013-0166
+ - Drop renegiotate_tls.patch, applied upstream
+ - Export new CRYPTO_memcmp symbol, update symbol file
+ * Add ssltest_no_sslv2.patch so that "make test" works.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 11 Feb 2013 19:39:44 +0100
+
+openssl (1.0.1c-5) unstable; urgency=low
+
+ * Re-enable assembler versions on sparc. They shouldn't have
+ been disabled for sparc v9. (Closes: #649841)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 09 Sep 2012 08:43:40 +0200
+
+openssl (1.0.1c-4) unstable; urgency=low
+
+ * Fix the configure rules for alpha (Closes: #672710)
+ * Switch the postinst to sh again, there never was a reason to
+ switch it to bash (Closes: #676398)
+ * Fix pic.patch to not use #ifdef in x86cpuid.s, only .S files are
+ preprocessed. We generate the file again for pic anyway.
+ (Closes: #677468)
+ * Drop Breaks against openssh as it was only for upgrades
+ between versions that were only in testing/unstable.
+ (Closes: #668600)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 17 Jul 2012 11:49:19 +0200
+
+openssl (1.0.1c-3) unstable; urgency=low
+
+ * Disable padlock engine again, causes problems for hosts not supporting it.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 06 Jun 2012 18:29:37 +0200
+
+openssl (1.0.1c-2) unstable; urgency=high
+
+ * Fix renegiotation when using TLS > 1.0. This breaks tor. Patch from
+ upstream. (Closes: #675990)
+ * Enable the padlock engine by default.
+ * Change default bits from 1024 to 2048 (Closes: #487152)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 06 Jun 2012 00:55:42 +0200
+
+openssl (1.0.1c-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2012-2333 (Closes: #672452)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 11 May 2012 18:44:51 +0200
+
+openssl (1.0.1b-1) unstable; urgency=high
+
+ * New upstream version
+ - Remaps SSL_OP_NO_TLSv1_1, so applications linked to 1.0.0
+ can talk to servers supporting TLS 1.1 but not TLS 1.2
+ - Drop rc4_hmac_md5.patch, applied upstream
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 26 Apr 2012 23:34:34 +0200
+
+openssl (1.0.1a-3) unstable; urgency=low
+
+ * Use patch from upstream for the rc4_hmac_md5 issue.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 23:16:30 +0200
+
+openssl (1.0.1a-2) unstable; urgency=low
+
+ * Fix rc4_hmac_md5 on non-i386/amd64 arches.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 21:54:42 +0200
+
+openssl (1.0.1a-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2012-2110
+ - Fix crash in rc4_hmac_md5 (Closes: #666405)
+ - Fixes some issues with talking to other servers when TLS 1.1 and 1.2 is
+ supported
+ - Drop patches no_ssl2.patch vpaes.patch tls1.2_client_algorithms.patch,
+ applied upstream.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 19:54:12 +0200
+
+openssl (1.0.1-4) unstable; urgency=low
+
+ * Use official patch for the vpaes problem, also covering amd64.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 31 Mar 2012 20:54:13 +0200
+
+openssl (1.0.1-3) unstable; urgency=high
+
+ * Fix crash in vpaes (Closes: #665836)
+ * use client version when deciding whether to send supported signature
+ algorithms extension
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 31 Mar 2012 18:35:59 +0200
+
+openssl (1.0.1-2) unstable; urgency=low
+
+ * Properly quote the new cflags in Configure
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 19 Mar 2012 19:56:05 +0100
+
+openssl (1.0.1-1) unstable; urgency=low
+
+ * New upstream version
+ - Remove kfreebsd-pipe.patch, fixed upstream
+ - Update pic.patch, openssl-pod-misspell.patch and make-targets.patch
+ - Add OPENSSL_1.0.1 to version-script.patch and libssl1.0.0.symbols for
+ the new functions.
+ - AES-NI support (Closes: #644743)
+ * pic.patch: upstream made OPENSSL_ia32cap_P and OPENSSL_cpuid_setup
+ hidden on amd64, no need to access it PIC anymore.
+ * pic.patch: Make OPENSSL_ia32cap_P hidden on i386 too (Closes: #663977)
+ * Enable hardening using dpkg-buildflags (Closes: #653495)
+ * s_client and s_server were forcing SSLv3 only connection when SSLv2 was
+ disabled instead of the SSLv2 with upgrade method. (Closes: #664454)
+ * Add Breaks on openssh < 1:5.9p1-4, it has a too strict version check.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 19 Mar 2012 18:23:32 +0100
+
+openssl (1.0.0h-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2012-0884
+ - Fixes CVE-2012-1165
+ - Properly fix CVE-2011-4619
+ - pkg-config.patch applied upstream, remove it.
+ * Enable assembler for all i386 arches. The assembler does proper
+ detection of CPU support, including cpuid support.
+ This should fix a problem with AES 192 and 256 with the padlock
+ engine because of the difference in NO_ASM between the between
+ the i686 optimized library and the engine.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 13 Mar 2012 21:08:17 +0100
+
+openssl (1.0.0g-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2012-0050
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 18 Jan 2012 20:46:13 +0100
+
+openssl (1.0.0f-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2011-4108, CVE-2011-4576, CVE-2011-4619, CVE-2012-0027,
+ CVE-2011-4577
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 12 Jan 2012 19:02:43 +0100
+
+openssl (1.0.0e-3) unstable; urgency=low
+
+ * Don't build v8 and v9 variants of sparc anymore, they're older than
+ the default. (Closes: #649841)
+ * Don't build i486 optimized version, that's the default anyway, and
+ it uses assembler that doesn't always work on i486.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 28 Nov 2011 22:17:26 +0100
+
+openssl (1.0.0e-2.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Block Malaysian's Digicert Sdn. Bhd. certificates by marking them
+ as revoked.
+
+ -- Raphael Geissert <geissert at debian.org> Sun, 06 Nov 2011 01:39:30 -0600
+
+openssl (1.0.0e-2) unstable; urgency=low
+
+ * Add a missing $(DEB_HOST_MULTIARCH)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Sep 2011 17:02:29 +0200
+
+openssl (1.0.0e-1) unstable; urgency=low
+
+ * New upstream version
+ - Fix bug where CRLs with nextUpdate in the past are sometimes accepted
+ by initialising X509_STORE_CTX properly. (CVE-2011-3207)
+ - Fix SSL memory handling for (EC)DH ciphersuites, in particular
+ for multi-threaded use of ECDH. (CVE-2011-3210)
+ - Add protection against ECDSA timing attacks (CVE-2011-1945)
+ * Block DigiNotar certifiates. Patch from
+ Raphael Geissert <geissert at debian.org>
+ * Generate hashes for all certs in a file (Closes: #628780, #594524)
+ Patch from Klaus Ethgen <Klaus at Ethgen.de>
+ * Add multiarch support (Closs: #638137)
+ Patch from Steve Langasek / Ubuntu
+ * Symbols from the gost engine were removed because it didn't have
+ a linker file. Thanks to Roman I Khimov <khimov at altell.ru>
+ (Closes: #631503)
+ * Add support for s390x. Patch from Aurelien Jarno <aurel32 at debian.org>
+ (Closes: #641100)
+ * Add build-arch and build-indep targets to the rules file.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Sep 2011 12:03:13 +0200
+
+openssl (1.0.0d-3) unstable; urgency=low
+
+ * Make it build on sparc64. Patch from Aurelien Jarno. (Closes: #626060)
+ * Apply patches from Scott Schaefer <saschaefer at neurodiverse.org> to
+ fix various pod and spelling errors. (Closes: #622820, #605561)
+ * Add missing symbols for the engines (Closes: #623038)
+ * More spelling fixes from Scott Schaefer (Closes: #395424)
+ * Patch from Scott Schaefer to better document pkcs12 password options
+ (Closes: #462489)
+ * Document dgst -hmac option. Patch by Thorsten Glaser <tg at mirbsd.de>
+ (Closes: #529586)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 13 Jun 2011 12:39:54 +0200
+
+openssl (1.0.0d-2) unstable; urgency=high
+
+ * Make c_rehash also generate the old subject hash. Gnutls applications
+ seem to require it. (Closes: #611102)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Apr 2011 22:36:49 +0200
+
+openssl (1.0.0d-1) unstable; urgency=low
+
+ * New upstream version
+ - Fixes CVE-2011-0014
+ * Make libssl-doc Replaces/Breaks with old libssl-dev packages
+ (Closes: #607609)
+ * Only export the symbols we should, instead of all.
+ * Add symbol file.
+ * Upload to unstable
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 02 Apr 2011 13:19:19 +0000
+
+openssl (1.0.0c-2) experimental; urgency=low
+
+ * Set $ in front of {sparcv9_asm} so that the sparc v9 variant builds.
+ * Always define _GNU_SOURCE, not only for Linux.
+ * Drop SSL2 support (Closes: #589706)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 19 Dec 2010 16:24:16 +0100
+
+openssl (1.0.0c-1) experimental; urgency=low
+
+ * New upstream version (Closes: #578376)
+ - New soname: Rename library packages
+ - Drop patch perl-path.diff, not needed anymore
+ - Drop patches CVE-2010-2939.patch, CVE-2010-3864.patch
+ and CVE-2010-4180.patch: applied upstream.
+ - Update Configure for the new fields for the assembler options
+ per arch. alpha now makes use of assembler.
+ * Move man3 manpages and demos to libssl-doc (Closes: #470594)
+ * Drop .pod files from openssl package (Closes: #518167)
+ * Don't use RC4_CHAR on amd64 and drop rc4-amd64.patch
+ * Stop using BF_PTR2 on (kfreebd-)amd64.
+ * Drop debian-arm from the list of arches.
+ * Update arm arches to use BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
+ BF_PTR instead of BN_LLONG DES_RISC1
+ * ia64: Drop RC4_CHAR, add DES_UNROLL DES_INT
+ * powerpc: Use RC4_CHAR RC4_CHUNK DES_RISC1 instead
+ of DES_RISC2 DES_PTR MD2_CHAR RC4_INDEX
+ * s390: Use RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL instead of BN_LLONG
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 12 Dec 2010 15:37:21 +0100
+
+openssl (0.9.8o-4) unstable; urgency=low
+
+ * Fix CVE-2010-4180 (Closes: #529221)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 06 Dec 2010 20:33:21 +0100
+
+openssl (0.9.8o-3) unstable; urgency=high
+
+ * Fix TLS extension parsing race condition (CVE-2010-3864) (Closes: #603709)
+ * Re-add the engines. They were missing since 0.9.8m-1.
+ Patch by Joerg Schneider. (Closes: #603693)
+ * Not all architectures were build using -g (Closes: #570702)
+ * Add powerpcspe support (Closes: #579805)
+ * Add armhf support (Closes: #596881)
+ * Update translations:
+ - Brazilian Portuguese (Closes: #592154)
+ - Danish (Closes: #599459)
+ - Vietnamese (Closes: #601536)
+ - Arabic (Closes: #596166)
+ * Generate the proper stamp file so that everything doesn't get build twice.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 16 Nov 2010 19:20:55 +0100
+
+openssl (0.9.8o-2) unstable; urgency=high
+
+ * Fix CVE-2010-2939: Double free using ECDH. (Closes: #594415)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 26 Aug 2010 18:25:29 +0200
+
+openssl (0.9.8o-1) unstable; urgency=low
+
+ * New upstream version
+ - Add SHA2 algorithms to SSL_library_init().
+ - aes-x86_64.pl is now PIC, update pic.patch.
+ * Add sparc64 support (Closes: #560240)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 18 Apr 2010 01:42:44 +0200
+
+openssl (0.9.8n-1) unstable; urgency=high
+
+ * New upstream version.
+ - Fixes CVE-2010-0740.
+ - Drop cfb.patch, applied upstream.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 25 Mar 2010 20:30:52 +0100
+
+openssl (0.9.8m-2) unstable; urgency=low
+
+ * Revert CFB block length change preventing reading older files.
+ (Closes: #571810, #571940)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 28 Feb 2010 22:08:49 +0100
+
+openssl (0.9.8m-1) unstable; urgency=low
+
+ * New upstream version
+ - Implements RFC5746, reenables renegotiation but requires the extension.
+ - Fixes CVE-2009-3245
+ - Drop patches CVE-2009-4355.patch, CVE-2009-1378.patch,
+ CVE-2009-1377.patch, CVE-2009-1379.patch, CVE-2009-3555.patch,
+ CVE-2009-2409.patch, CVE-2009-1387.patch, tls_ext_v3.patch,
+ no_check_self_signed.patch: applied upstream
+ - pk7_mime_free.patch removed, code rewritten
+ - ca.diff partially applied upstream
+ - engines-path.patch adjusted, upstream made some minor changes to the
+ build system.
+ - some flags changed values, bump shlibs.
+ * Switch to 3.0 (quilt) source package.
+ * Make sure the package is properly cleaned.
+ * Add ${misc:Depends} to the Depends on all packages.
+ * Fix spelling of extension in the changelog file.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 27 Feb 2010 12:24:03 +0000
+
+openssl (0.9.8k-8) unstable; urgency=high
+
+ * Clean up zlib state so that it will be reinitialized on next use and
+ not cause a memory leak. (CVE-2009-4355, CVE-2008-1678)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Jan 2010 21:26:49 +0100
+
+openssl (0.9.8k-7) unstable; urgency=low
+
+ * Bump the shlibs to require 0.9.8k-1. The following symbols
+ to added between g and k: AES_wrap_key, AES_unwrap_key,
+ ASN1_TYPE_set1, ASN1_STRING_set0, asn1_output_data_fn,
+ SMIME_read_ASN1, BN_X931_generate_Xpq, BN_X931_derive_prime_ex,
+ BN_X931_generate_prime_ex, COMP_zlib_cleanup, CRYPTO_malloc_debug_init,
+ int_CRYPTO_set_do_dynlock_callback, CRYPTO_set_mem_info_functions,
+ CRYPTO_strdup, CRYPTO_dbg_push_info, CRYPTO_dbg_pop_info,
+ CRYPTO_dbg_remove_all_info, OPENSSL_isservice, OPENSSL_init,
+ ENGINE_set_load_ssl_client_cert_function,
+ ENGINE_get_ssl_client_cert_function, ENGINE_load_ssl_client_cert,
+ EVP_CIPHER_CTX_set_flags, EVP_CIPHER_CTX_clear_flags,
+ EVP_CIPHER_CTX_test_flags, HMAC_CTX_set_flags, OCSP_sendreq_new
+ OCSP_sendreq_nbio, OCSP_REQ_CTX_free, RSA_X931_derive_ex,
+ RSA_X931_generate_key_ex, X509_ALGOR_set0, X509_ALGOR_get0,
+ X509at_get0_data_by_OBJ, X509_get1_ocsp
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 28 Nov 2009 14:34:26 +0100
+
+openssl (0.9.8k-6) unstable; urgency=low
+
+ * Disable SSL/TLS renegotiation (CVE-2009-3555) (Closes: #555829)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 12 Nov 2009 18:10:31 +0000
+
+openssl (0.9.8k-5) unstable; urgency=low
+
+ * Don't check self signed certificate signatures in X509_verify_cert()
+ (Closes: #541735)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 11 Sep 2009 15:42:32 +0200
+
+openssl (0.9.8k-4) unstable; urgency=low
+
+ * Split all the patches into a separate files
+ * Stop undefinging HZ, the issue on alpha should be fixed.
+ * Remove MD2 from digest algorithm table. (CVE-2009-2409) (Closes: #539899)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 11 Aug 2009 21:19:18 +0200
+
+openssl (0.9.8k-3) unstable; urgency=low
+
+ * Make rc4-x86_64 PIC. Based on patch from Petr Salinger (Closes: #532336)
+ * Add workaround for kfreebsd that can't see the different between
+ two pipes. Patch from Petr Salinger.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 13 Jun 2009 18:15:46 +0200
+
+openssl (0.9.8k-2) unstable; urgency=low
+
+ * Move libssl0.9.8-dbg to the debug section.
+ * Use the rc4 assembler on kfreebsd-amd64 (Closes: #532336)
+ * Split the line to generate md5-x86_64.s in the Makefile. This will
+ hopefully fix the build issue on kfreebsd that now outputs the file
+ to stdout instead of the file.
+ * Fix denial of service via an out-of-sequence DTLS handshake message
+ (CVE-2009-1387) (Closes: #532037)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 08 Jun 2009 19:05:56 +0200
+
+openssl (0.9.8k-1) unstable; urgency=low
+
+ * New upstream release
+ - 0.9.8i fixed denial of service via a DTLS ChangeCipherSpec packet
+ that occurs before ClientHello (CVE-2009-1386)
+ * Make aes-x86_64.pl use PIC.
+ * Fix security issues (Closes: #530400)
+ - "DTLS record buffer limitation bug." (CVE-2009-1377)
+ - "DTLS fragment handling" (CVE-2009-1378)
+ - "DTLS use after free" (CVE-2009-1379)
+ * Fixed Configure for hurd: use -mtune=i486 instead of -m486
+ Patch by Marc Dequènes (Duck) <duck at hurdfr.org> (Closes: #530459)
+ * Add support for avr32 (Closes: #528648)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 16 May 2009 17:33:55 +0200
+
+openssl (0.9.8g-16) unstable; urgency=high
+
+ * Properly validate the length of an encoded BMPString and UniversalString
+ (CVE-2009-0590) (Closes: #522002)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 01 Apr 2009 22:04:53 +0200
+
+openssl (0.9.8g-15) unstable; urgency=low
+
+ * Internal calls to didn't properly check for errors which
+ resulted in malformed DSA and ECDSA signatures being treated as
+ a good signature rather than as an error. (CVE-2008-5077)
+ * ipv6_from_asc() could write 1 byte longer than the buffer in case
+ the ipv6 address didn't have "::" part. (Closes: #506111)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 05 Jan 2009 21:14:31 +0100
+
+openssl (0.9.8g-14) unstable; urgency=low
+
+ * Don't give the warning about security updates when upgrading
+ from etch since it doesn't have any known security problems.
+ * Automaticly use engines that succesfully initialised. Patch
+ from the 0.9.8h upstream version. (Closes: #502177)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 31 Oct 2008 22:45:14 +0100
+
+openssl (0.9.8g-13) unstable; urgency=low
+
+ * Fix a problem with tlsext preventing firefox 3 from connection.
+ Patch from upstream CVS and part of 0.9.8h.
+ (Closes: #492758)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 03 Aug 2008 19:47:10 +0200
+
+openssl (0.9.8g-12) unstable; urgency=low
+
+ * add the changelog of the 10.1 NMU to make bugtracking happy
+
+ -- Christoph Martin <Christoph.Martin at Uni-Mainz.DE> Tue, 22 Jul 2008 14:58:26 +0200
+
+openssl (0.9.8g-11) unstable; urgency=low
+
+ [ Christoph Martin ]
+ * updated cs, gl, sv, ru, ro debconf translation (closes: #480926, #480967,
+ #482465, #484324, #488595)
+ * add Vcs-Svn header (closes: #481654)
+ * fix debian-kfreebsd-i386 build flags (closes: #482275)
+ * add stunnel4 to restart list (closes: #482111)
+ * include fixes from 10.1 NMU by Security team
+ - Fix double free in TLS server name extension which leads to a remote
+ denial of service (CVE-2008-0891; Closes: #483379).
+ - Fix denial of service if the 'Server Key exchange message'
+ is omitted from a TLS handshake which could lead to a client
+ crash (CVE-2008-1672; Closes: #483379).
+ This only works if openssl is compiled with enable-tlsext which is
+ done in Debian.
+ * fix some lintian warnings
+ * update to newest standards version
+
+ -- Christoph Martin <Christoph.Martin at Uni-Mainz.DE> Thu, 17 Jul 2008 09:53:01 +0200
+
+openssl (0.9.8g-10.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security team.
+ * Fix denial of service if the 'Server Key exchange message'
+ is omitted from a TLS handshake which could lead to a client
+ crash (CVE-2008-1672; Closes: #483379).
+ This only works if openssl is compiled with enable-tlsext which is
+ done in Debian.
+ * Fix double free in TLS server name extension which leads to a remote
+ denial of service (CVE-2008-0891; Closes: #483379).
+
+ -- Nico Golde <nion at debian.org> Tue, 27 May 2008 11:13:44 +0200
+
+openssl (0.9.8g-10) unstable; urgency=low
+
+ * undefine HZ so that the code falls back to sysconf(_SC_CLK_TCK)
+ to fix a build failure on alpha.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 08 May 2008 17:56:13 +0000
+
+openssl (0.9.8g-9) unstable; urgency=high
+
+ [ Christoph Martin ]
+ * Include updated debconf translations (closes: #473477, #461597,
+ #461880, #462011, #465517, #475439)
+
+ [ Kurt Roeckx ]
+ * ssleay_rand_add() really needs to call MD_Update() for buf.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 07 May 2008 20:32:12 +0200
+
+openssl (0.9.8g-8) unstable; urgency=high
+
+ * Don't add extensions to ssl v3 connections. It breaks with some
+ other software. (Closes: #471681)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 23 Mar 2008 17:50:04 +0000
+
+openssl (0.9.8g-7) unstable; urgency=low
+
+ * Upload to unstable.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Feb 2008 22:22:29 +0000
+
+openssl (0.9.8g-6) experimental; urgency=low
+
+ * Bump shlibs.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 09 Feb 2008 15:42:22 +0100
+
+openssl (0.9.8g-5) experimental; urgency=low
+
+ * Enable tlsext. This changes the ABI, but should hopefully
+ not cause any problems. (Closes: #462596)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 09 Feb 2008 13:32:49 +0100
+
+openssl (0.9.8g-4) unstable; urgency=low
+
+ * Fix aes ige test speed not to overwrite it's buffer and
+ cause segfauls. Thanks to Tim Hudson (Closes: #459619)
+ * Mark some strings in the templates as non translatable.
+ Patch from Christian Perrier <bubulle at debian.org> (Closes: #450418)
+ * Update Dutch debconf translation (Closes: #451290)
+ * Update French debconf translation (Closes: #451375)
+ * Update Catalan debconf translation (Closes: #452694)
+ * Update Basque debconf translation (Closes: #457285)
+ * Update Finnish debconf translation (Closes: #458261)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 16 Jan 2008 21:49:43 +0100
+
+openssl (0.9.8g-3) unstable; urgency=low
+
+ * aes-586.pl: push %ebx on the stack before we put some things on the
+ stack and call a function, giving AES_decrypt() wrong values to work
+ with. (Closes: #449200)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 04 Nov 2007 21:49:00 +0100
+
+openssl (0.9.8g-2) unstable; urgency=low
+
+ * Avoid text relocations on i386 caused by the assembler versions:
+ - x86unix.pl: Create a function_begin_B_static to create a
+ static/local assembler function.
+ - aes-586.pl: Use the function_begin_B_static for _x86_AES_decrypt
+ so that it doesn't get exported and doesn't have any (text) relocations.
+ - aes-586.pl: Set up ebx to point to the GOT and call AES_set_encrypt_key
+ via the PLT to avoid a relocation.
+ - x86unix.pl: Call the init function via the PLT, avoiding a relocation
+ in case of a PIC object.
+ - cbc.pl: Call functions via the PLT.
+ - desboth.pl: Call DES_encrypt2 via the PLT.
+ * CA.sh should use the v3_ca extension when called with -newca
+ (Closes: #428051)
+ * Use -Wa,--noexecstack for all arches in Debian. (Closes: #430583)
+ * Convert the failure message when services fail restart to a debconf
+ message.
+ * To restart a service, just restart, instead of stop and start.
+ Hopefully fixes #444946
+ * Also remove igetest from the test dir in the clean target.
+ (Closes: #424362)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 03 Nov 2007 13:25:45 +0100
+
+openssl (0.9.8g-1) unstable; urgency=low
+
+ * New upstream release
+ - Fixes version number not to say it's a development version.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 20 Oct 2007 12:47:10 +0200
+
+openssl (0.9.8f-1) unstable; urgency=low
+
+ * New upstream release
+ - Fixes DTLS issues, also fixes CVE-2007-4995 (Closes: #335703, #439737)
+ - Proper inclusion of opensslconf.h in pq_compat.h (Closes: #408686)
+ - New function SSL_set_SSL_CTX: bump shlibs.
+ * Remove build dependency on gcc > 4.2
+ * Remove the openssl preinst, it looks like a workaround
+ for a change in 0.9.2b where config files got moved. (Closes: #445095)
+ * Update debconf translations:
+ - Vietnamese (Closes: #426988)
+ - Danish (Closes: #426774)
+ - Slovak (Closes: #440723)
+ - Finnish (Closes: #444258)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 13 Oct 2007 00:47:22 +0200
+
+openssl (0.9.8e-9) unstable; urgency=high
+
+ * CVE-2007-5135: Fix off by one error in SSL_get_shared_ciphers().
+ (Closes: #444435)
+ * Add postgresql-8.2 to the list of services to check.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 28 Sep 2007 19:47:33 +0200
+
+openssl (0.9.8e-8) unstable; urgency=low
+
+ * Fix another case of the "if this code is reached, the program will abort"
+ (Closes: #429740)
+ * Temporary force to build with gcc >= 4.2
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 02 Sep 2007 18:12:11 +0200
+
+openssl (0.9.8e-7) unstable; urgency=low
+
+ * Fix problems with gcc-4.2 (Closes: #429740)
+ * Stop using -Bsymbolic to create the shared library.
+ * Make x86_64cpuid.pl use PIC.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 02 Sep 2007 16:15:18 +0200
+
+openssl (0.9.8e-6) unstable; urgency=high
+
+ * Add fix for CVE-2007-3108 (Closes: #438142)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 15 Aug 2007 19:49:54 +0200
+
+openssl (0.9.8e-5) unstable; urgency=low
+
+ [ Christian Perrier ]
+ * Debconf templates proofread and slightly rewritten by
+ the debian-l10n-english team as part of the Smith Review Project.
+ Closes: #418584
+ * Debconf templates translations:
+ - Arabic. Closes: #418669
+ - Russian. Closes: #418670
+ - Galician. Closes: #418671
+ - Swedish. Closes: #418679
+ - Korean. Closes: #418755
+ - Czech. Closes: #418768
+ - Basque. Closes: #418784
+ - German. Closes: #418785
+ - Traditional Chinese. Closes: #419915
+ - Brazilian Portuguese. Closes: #419959
+ - French. Closes: #420429
+ - Italian. Closes: #420461
+ - Japanese. Closes: #420482
+ - Catalan. Closes: #420833
+ - Dutch. Closes: #420925
+ - Malayalam. Closes: #420986
+ - Portuguese. Closes: #421032
+ - Romanian. Closes: #421708
+
+ [ Kurt Roeckx ]
+ * Remove the Provides for the udeb. Patch from Frans Pop. (Closes: #419608)
+ * Updated Spanish debconf template. (Closes: #421336)
+ * Do the header changes, changing those defines into real functions,
+ and bump the shlibs to match.
+ * Update Japanese debconf translation. (Closes: #422270)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 15 May 2007 17:21:08 +0000
+
+openssl (0.9.8e-4) unstable; urgency=low
+
+ * openssl should depend on libssl0.9.8 0.9.8e-1 since it
+ uses some of the defines that changed to functions.
+ Other things build against libssl or libcrypto shouldn't
+ have this problem since they use the old headers.
+ (Closes: #414283)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Mar 2007 17:11:46 +0000
+
+openssl (0.9.8e-3) unstable; urgency=low
+
+ * Add nagios-nrpe-server to the list of services to be checked
+ (Closes: #391188)
+ * EVP_CIPHER_CTX_key_length() should return the set key length in the
+ EVP_CIPHER_CTX structure which may not be the same as the underlying
+ cipher key length for variable length ciphers.
+ From upstream CVS. (Closes: #412979)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 4 Mar 2007 23:22:51 +0000
+
+openssl (0.9.8e-2) unstable; urgency=low
+
+ * Undo include changes that change defines into real functions,
+ but keep the new functions in the library.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 25 Feb 2007 19:19:19 +0000
+
+openssl (0.9.8e-1) unstable; urgency=low
+
+ * New upstream release
+ - Inludes security fixes for CVE-2006-2937, CVE-2006-2940,
+ CVE-2006-3738, CVE-2006-4343 (Closes: #408902)
+ - s_client now properly works with SMTP. Also added support
+ for IMAP. (closes: #221689)
+ - Load padlock modules (Closes: #345656, #368476)
+ * Add clamav-freshclam and clamav-daemon to the list of service that
+ need to be restarted. (Closes: #391191)
+ * Add armel support. Thanks to Guillem Jover <guillem.jover at nokia.com>
+ for the patch. (Closes: #407196)
+ * Add Portuguese translations. Thanks to Carlos Lisboa. (Closes: 408157)
+ * Add Norwegian translations. Thanks to Bjørn Steensrud
+ <bjornst at powertech.no> (Closes: #412326)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 25 Feb 2007 18:06:28 +0000
+
+openssl (0.9.8c-4) unstable; urgency=low
+
+ * Add German debconf translation. Thanks to
+ Johannes Starosta <feedback-an-johannes at arcor.de> (Closes: #388108)
+ * Make c_rehash look for both .pem and .crt files. Also make it support
+ files in DER format. Patch by "Yauheni Kaliuta" <y.kaliuta at gmail.com>
+ (Closes: #387089)
+ * Use & instead of && to check a flag in the X509 policy checking.
+ Patch from upstream cvs. (Closes: #397151)
+ * Also restart slapd for security updates (Closes: #400221)
+ * Add Romanian debconf translation. Thanks to
+ stan ioan-eugen <stan.ieugen at gmail.com> (Closes: #393507)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 30 Nov 2006 20:57:46 +0000
+
+openssl (0.9.8c-3) unstable; urgency=low
+
+ * Fix patch for CVE-2006-2940, it left ctx unintiliased.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 2 Oct 2006 18:05:00 +0200
+
+openssl (0.9.8c-2) unstable; urgency=high
+
+ * Fix security vulnerabilities (CVE-2006-2937, CVE-2006-2940,
+ CVE-2006-3738, CVE-2006-4343). Urgency set to high.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 27 Sep 2006 21:24:55 +0000
+
+openssl (0.9.8c-1) unstable; urgency=low
+
+ * New upstream release
+ - block padding bug with compression now fixed upstream, using
+ their patch.
+ - Includes the RSA Signature Forgery (CVE-2006-4339) patch.
+ - New functions AES_bi_ige_encrypt and AES_ige_encrypt:
+ bumping shlibs to require 0.9.8c-1.
+ * Change the postinst script to check that ntp is installed instead
+ of ntp-refclock and ntp-simple. The binary is now in the ntp
+ package.
+ * Move the modified rand/md_rand.c file to the right place,
+ really fixing #363516.
+ * Add partimage-server conserver-server and tor to the list of service
+ to check for restart. Add workaround for openssh-server so it finds
+ the init script. (Closes: #386365, #386400, #386513)
+ * Add manpage for c_rehash.
+ Thanks to James Westby <jw+debian at jameswestby.net> (Closes: #215618)
+ * Add Lithuanian debconf translation.
+ Thanks to Gintautas Miliauskas <gintas at akl.lt> (Closes: #374364)
+ * Add m32r support.
+ Thanks to Kazuhiro Inaoka <inaoka.kazuhiro at renesas.com>
+ (Closes: #378689)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 17 Sep 2006 14:47:59 +0000
+
+openssl (0.9.8b-3) unstable; urgency=high
+
+ * Fix RSA Signature Forgery (CVE-2006-4339) using patch provided
+ by upstream.
+ * Restart services using a smaller version that 0.9.8b-3, so
+ they get the fixed version.
+ * Change the postinst to check for postfix instead of postfix-tls.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 5 Sep 2006 18:26:10 +0000
+
+openssl (0.9.8b-2) unstable; urgency=low
+
+ * Don't call gcc with -mcpu on i386, we already use -march, so no need for
+ -mtune either.
+ * Always make all directories when building something:
+ - The engines directory didn't get build for the static directory, so
+ where missing in libcrypo.a
+ - The apps directory didn't always get build, so we didn't have an openssl
+ and a small part of the regression tests failed.
+ * Make the package fail to build if the regression tests fail.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 15 May 2006 16:00:58 +0000
+
+openssl (0.9.8b-1) unstable; urgency=low
+
+ * New upstream release
+ - New functions added (EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_free), bump shlibs.
+ - CA.pl/CA.sh now calls openssl ca with -extensions v3_ca, setting CA:TRUE
+ instead of FALSE.
+ - CA.pl/CA.sh creates crlnumber now. (Closes: #347612)
+ * Run debconf-updatepo, which really already was in the 0.9.8a-8 version
+ as it was uploaded.
+ * Add Galician debconf translation. Patch from
+ Jacobo Tarrio <jtarrio at trasno.net> (Closes: #361266)
+ * libssl0.9.8.postinst makes uses of bashisms (local variables)
+ so use #!/bin/bash
+ * libssl0.9.8.postinst: Call set -e after sourcing the debconf
+ script.
+ * libssl0.9.8.postinst: Change list of service that may need
+ to be restarted:
+ - Replace ssh by openssh-server
+ - Split postgresql in postgresql-7.4 postgresql-8.0 postgresql-8.1
+ - Add: dovecot-common bind9 ntp-refclock ntp-simple openntpd clamcour
+ fetchmail ftpd-ssl proftpd proftpd-ldap proftpd-mysql proftpd-pgsql
+ * libssl0.9.8.postinst: The check to see if something was installed
+ wasn't working.
+ * libssl0.9.8.postinst: Add workaround to find the name of the init
+ script for proftpd and dovecot.
+ * libssl0.9.8.postinst: Use invoke-rc.d when it's available.
+ * Change Standards-Version to 3.7.0:
+ - Make use of invoke-rc.d
+ * Add comment to README.Debian that rc5, mdc2 and idea have been
+ disabled (since 0.9.6b-3) (Closes: #362754)
+ * Don't add uninitialised data to the random number generator. This stop
+ valgrind from giving error messages in unrelated code.
+ (Closes: #363516)
+ * Put the FAQ in the openssl docs.
+ * Add russian debconf translations from Yuriy Talakan <yt at amur.elektra.ru>
+ (Closes #367216)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 4 May 2006 20:40:03 +0200
+
+openssl (0.9.8a-8) unstable; urgency=low
+
+ * Call pod2man with the proper section. Section changed
+ from 1/3/5/7 to 1SSL/3SSL/5SSL/7SSL. The name of the files
+ already had the ssl in, the section didn't. The references
+ to other manpage is still wrong.
+ * Don't install the LICENSE file, it's already in the copyright file.
+ * Don't set an rpath on openssl to point to /usr/lib.
+ * Add support for kfreebsd-amd64. (Closes: #355277)
+ * Add udeb to the shlibs. Patch from Frans Pop <aragorn at tiscali.nl>
+ (Closes: #356908)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 11 Feb 2006 14:14:37 +0100
+
+openssl (0.9.8a-7) unstable; urgency=high
+
+ * Add italian debconf templates. Thanks to Luca Monducci.
+ (Closes: #350249)
+ * Change the debconf question to use version 0.9.8-3
+ instead of 0.9.8-1, since that's the last version
+ with a security fix.
+ * Call conn_state() if the BIO is not in the BIO_CONN_S_OK state
+ (Closes: #352047). RC bug affecting testing, so urgency high.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 9 Feb 2006 19:07:56 +0100
+
+openssl (0.9.8a-6) unstable; urgency=low
+
+ * Remove empty postinst/preinst/prerm scripts. There is no need
+ to have empty ones, debhelper will add them when needed.
+ * Remove the static pic libraries. Nobody should be linking
+ it's shared libraries static to libssl or libcrypto.
+ This was added for opensc who now links to it shared.
+ * Do not assume that in case the sequence number is 0 and the
+ packet has an odd number of bytes that the other side has
+ the block padding bug, but try to check that it actually
+ has the bug. The wrong detection of this bug resulted
+ in an "decryption failed or bad record mac" error in case
+ both sides were using zlib compression. (Closes: #338006)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 21 Jan 2006 16:25:41 +0100
+
+openssl (0.9.8a-5) unstable; urgency=low
+
+ * Stop ssh from crashing randomly on sparc (Closes: #335912)
+ Patch from upstream cvs.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 13 Dec 2005 21:37:42 +0100
+
+openssl (0.9.8a-4) unstable; urgency=low
+
+ * Call dh_makeshlibs with the proper version instead of putting
+ it in shlibs.local, which doesn't seem to do anything. 0.9.8a-1
+ added symbol versioning, so it should have bumped the shlibs.
+ (Closes: #338284)
+ * The openssl package had a duplicate dependency on libssl0.9.8,
+ only require the version as required by the shlibs.
+ * Make libssl-dev depend on zlib1g-dev, since it's now required for
+ static linking. (Closes: #338313)
+ * Generate .pc files that make use of Libs.private, so things only
+ link to the libraries they should when linking shared.
+ * Use -m64 instead of -bpowerpc64-linux on ppc64. (Closes: #335486)
+ * Make powerpc and ppc64 use the assembler version for bn. ppc64
+ had the location in the string wrong, powerpc had it missing.
+ * Add includes for stddef to get size_t in md2.h, md4.h, md5.h,
+ ripemd.h and sha.h. (Closes: #333101)
+ * Run make test for each of the versions we build, make it
+ not fail the build process if an error is found.
+ * Add build dependency on bc for the regression tests.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Nov 2005 16:01:05 +0100
+
+openssl (0.9.8a-3) unstable; urgency=high
+
+ * Link to libz instead of dynamicly loading it. It gets loaded
+ at the moment the library is initialised, so there is no point
+ in not linking to it. It's now failing in some cases since
+ it's not opened by it's soname, but by the symlink to it.
+ This should hopefully solve most of the bugs people have reported
+ since the move to libssl0.9.8.
+ (Closes: #334180, #336140, #335271)
+ * Urgency set to high because it fixes a grave bug affecting testing.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 1 Nov 2005 14:56:40 +0100
+
+openssl (0.9.8a-2) unstable; urgency=low
+
+ * Add Build-Dependency on m4, since sparc needs it to generate
+ it's assembler files. (Closes: #334542)
+ * Don't use rc4-x86_64.o on amd64 for now, it seems to be broken
+ and causes a segfault. (Closes: #334501, #334502)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 18 Oct 2005 19:05:53 +0200
+
+openssl (0.9.8a-1) unstable; urgency=low
+
+ Christoph Martin:
+ * fix asm entries for some architectures, fixing #332758 properly.
+ * add noexecstack option to i386 subarch
+ * include symbol versioning in Configure (closes: #330867)
+ * include debian-armeb arch (closes: #333579)
+ * include new upstream patches; includes some minor fixes
+ * fix dh_shlibdeps line, removing the redundant dependency on
+ libssl0.9.8 (closes: #332755)
+ * add swedish debconf template (closes: #330554)
+
+ Kurt Roeckx:
+ * Also add noexecstack option for amd64, since it now has an
+ executable stack with the assembler fixes for amd64.
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 17 Oct 2005 17:01:06 +0200
+
+openssl (0.9.8-3) unstable; urgency=low
+
+ * Apply security fix for CAN-2005-2969. (Closes: #333500)
+ * Change priority of -dbg package to extra.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 12 Oct 2005 22:38:58 +0200
+
+openssl (0.9.8-2) unstable; urgency=low
+
+ * Don't use arch specific assembler. Should fix build failure on
+ ia64, sparc and amd64. (Closes: #332758)
+ * Add myself to the uploaders.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 10 Oct 2005 19:22:36 +0200
+
+openssl (0.9.8-1) unstable; urgency=low
+
+ * New upstream release (closes: #311826)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 29 Sep 2005 14:20:04 +0200
+
+openssl (0.9.7g-3) unstable; urgency=low
+
+ * change Configure line for debian-freebsd-i386 to debian-kfreebsd-i386
+ (closes: #327692)
+ * include -dbg version. That implies compiling with -g and without
+ -fomit-frame-pointer (closes: #293823, #153811)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 23 Sep 2005 13:51:57 +0200
+
+openssl (0.9.7g-2) unstable; urgency=low
+
+ * really include nl translation
+ * remove special ia64 code from rc4 code to make the abi compatible to
+ older 0.9.7 versions (closes: #310489, #309274)
+ * fix compile flag for debian-ppc64 (closes: #318750)
+ * small fix in libssl0.9.7.postinst (closes: #239956)
+ * fix pk7_mime.c to prevent garbled messages because of to early memory
+ free (closes: #310184)
+ * include vietnamese debconf translation (closes: #316689)
+ * make optimized i386 libraries have non executable stack (closes:
+ #321721)
+ * remove leftover files from ssleay
+ * move from dh_installmanpages to dh_installman
+ * change Maintainer to pkg-openssl-devel at lists.alioth.debian.org
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 7 Sep 2005 15:32:54 +0200
+
+openssl (0.9.7g-1) unstable; urgency=low
+
+ * New upstream release
+ * Added support for proxy certificates according to RFC 3820.
+ Because they may be a security thread to unaware applications,
+ they must be explicitely allowed in run-time. See
+ docs/HOWTO/proxy_certificates.txt for further information.
+ * Prompt for pass phrases when appropriate for PKCS12 input format.
+ * Back-port of selected performance improvements from development
+ branch, as well as improved support for PowerPC platforms.
+ * Add lots of checks for memory allocation failure, error codes to indicate
+ failure and freeing up memory if a failure occurs.
+ * Perform some character comparisons of different types in X509_NAME_cmp:
+ this is needed for some certificates that reencode DNs into UTF8Strings
+ (in violation of RFC3280) and can't or wont issue name rollover
+ certificates.
+ * corrected watchfile
+ * added upstream source url (closes: #292904)
+ * fix typo in CA.pl.1 (closes: #290271)
+ * change debian-powerpc64 to debian-ppc64 and adapt the configure
+ options to be the same like upstream (closes: #289841)
+ * include -signcert option in CA.pl usage
+ * compile with zlib-dynamic to use system zlib (closes: #289872)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 9 May 2005 23:32:03 +0200
+
+openssl (0.9.7e-3) unstable; urgency=high
+
+ * really fix der_chop. The fix from -1 was not really included (closes:
+ #281212)
+ * still fixes security problem CAN-2004-0975 etc.
+ - tempfile raise condition in der_chop
+ - Avoid a race condition when CRLs are checked in a multi threaded
+ environment.
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Dec 2004 18:41:29 +0100
+
+openssl (0.9.7e-2) unstable; urgency=high
+
+ * fix perl path in der_chop and c_rehash (closes: #281212)
+ * still fixes security problem CAN-2004-0975 etc.
+ - tempfile raise condition in der_chop
+ - Avoid a race condition when CRLs are checked in a multi threaded
+ environment.
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 14 Nov 2004 20:16:21 +0100
+
+openssl (0.9.7e-1) unstable; urgency=high
+
+ * SECURITY UPDATE: fix insecure temporary file handling
+ * apps/der_chop:
+ - replaced $$-style creation of temporary files with
+ File::Temp::tempfile()
+ - removed unused temporary file name in do_certificate()
+ * References:
+ CAN-2004-0975 (closes: #278260)
+ * fix ASN1_STRING_to_UTF8 with UTF8 (closes: #260357)
+ * New upstream release with security fixes
+ - Avoid a race condition when CRLs are checked in a multi threaded
+ environment.
+ - Various fixes to s3_pkt.c so alerts are sent properly.
+ - Reduce the chances of duplicate issuer name and serial numbers (in
+ violation of RFC3280) using the OpenSSL certificate creation
+ utilities.
+ * depends openssl on perl-base instead of perl (closes: #280225)
+ * support powerpc64 in Configure (closes: #275224)
+ * include cs translation (closes: #273517)
+ * include nl translation (closes: #272479)
+ * Fix default dir of c_rehash (closes: #253126)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 12 Nov 2004 14:11:15 +0100
+
+openssl (0.9.7d-5) unstable; urgency=low
+
+ * Make S/MIME encrypt work again (backport from CVS) (closes: #241407,
+ #241386)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 26 Jul 2004 17:22:42 +0200
+
+openssl (0.9.7d-4) unstable; urgency=low
+
+ * add Catalan translation (closes: #248749)
+ * add Spanish translation (closes: #254561)
+ * include NMU fixes: see below
+ * decrease optimisation level for debian-arm to work around gcc bug
+ (closes: #253848) (thanks to Steve Langasek and Thom May)
+ * Add libcrypto0.9.7-udeb. (closes: #250010) (thanks to Bastian Blank)
+ * Add watchfile
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 14 Jul 2004 14:31:02 +0200
+
+openssl (0.9.7d-3) unstable; urgency=low
+
+ * rename -pic.a libraries to _pic.a (closes: #250016)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 24 May 2004 17:02:29 +0200
+
+openssl (0.9.7d-2) unstable; urgency=low
+
+ * include PIC libs (libcrypto-pic.a and libssl-pic.a) to libssl-dev
+ (closes: #246928, #243999)
+ * add racoon to restart list (closes: #242652)
+ * add Brazilian, Japanese and Danish translations (closes: #242087,
+ #241830, #241705)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 11 May 2004 10:13:49 +0200
+
+openssl (0.9.7d-1) unstable; urgency=high
+
+ * new upstream
+ * fixes security holes (http://www.openssl.org/news/secadv_20040317.txt)
+ (closes: #238661)
+ * includes support for debian-amd64 (closes: #235551, #232310)
+ * fix typo in pem.pod (closes: #219873)
+ * fix typo in libssl0.9.7.templates (closes: #224690)
+ * openssl suggests ca-certificates (closes: #217180)
+ * change debconf template to gettext format (closes: #219013)
+ * include french debconf template (closes: #219014)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 18 Mar 2004 16:18:43 +0100
+
+openssl (0.9.7c-5) unstable; urgency=low
+
+ * include openssl.pc into libssl-dev (closes: #212545)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Oct 2003 16:31:32 +0200
+
+openssl (0.9.7c-4) unstable; urgency=low
+
+ * change question to restart services to debconf (closes: #214840)
+ * stop using dh_undocumented (closes: #214831)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 10 Oct 2003 15:40:48 +0200
+
+openssl (0.9.7c-3) unstable; urgency=low
+
+ * fix POSIX conformance for head in libssl0.9.7.postinst (closes:
+ #214700)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 8 Oct 2003 14:02:38 +0200
+
+openssl (0.9.7c-2) unstable; urgency=low
+
+ * add filerc macro to libssl0.9.7.postinst (closes: #213906)
+ * restart spamassassins spamd on upgrade (closes: #214106)
+ * restart more services on upgrade
+ * fix EVP_BytesToKey manpage (closes: #213715)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 7 Oct 2003 15:01:32 +0200
+
+openssl (0.9.7c-1) unstable; urgency=high
+
+ * upstream security fix (closes: #213451)
+ - Fix various bugs revealed by running the NISCC test suite:
+ Stop out of bounds reads in the ASN1 code when presented with
+ invalid tags (CAN-2003-0543 and CAN-2003-0544).
+ Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
+ If verify callback ignores invalid public key errors don't try to check
+ certificate signature with the NULL public key.
+ - In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
+ if the server requested one: as stated in TLS 1.0 and SSL 3.0
+ specifications.
+ * more minor upstream bugfixes
+ * fix formatting in c_issuer (closes: #190026)
+ * fix Debian-FreeBSD support (closes: #200381)
+ * restart some services in postinst to make them use the new libraries
+ * remove duplicated openssl.1, crypto.3 and ssl.3 (closes: #198594)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 1 Oct 2003 08:54:27 +0200
+
+openssl (0.9.7b-2) unstable; urgency=high
+
+ * fix permission of /etc/ssl/private to 700 again
+ * change section of libssl-dev to libdevel
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 23 Apr 2003 11:13:24 +0200
+
+openssl (0.9.7b-1) unstable; urgency=high
+
+ * upstream security fix
+ - Countermeasure against the Klima-Pokorny-Rosa extension of
+ Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+ a protocol version number mismatch like a decryption error
+ in ssl3_get_client_key_exchange (ssl/s3_srvr.c). (CAN-2003-0131)
+ (closes: #189087)
+ - Turn on RSA blinding by default in the default implementation
+ to avoid a timing attack. Applications that don't want it can call
+ RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
+ They would be ill-advised to do so in most cases. (CAN-2003-0147)
+ - Change RSA blinding code so that it works when the PRNG is not
+ seeded (in this case, the secret RSA exponent is abused as
+ an unpredictable seed -- if it is not unpredictable, there
+ is no point in blinding anyway). Make RSA blinding thread-safe
+ by remembering the creator's thread ID in rsa->blinding and
+ having all other threads use local one-time blinding factors
+ (this requires more computation than sharing rsa->blinding, but
+ avoids excessive locking; and if an RSA object is not shared
+ between threads, blinding will still be very fast).
+ for more details see the CHANGES file
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 16 Apr 2003 10:32:57 +0200
+
+openssl (0.9.7a-1) unstable; urgency=high
+
+ * upstream Security fix
+ - In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
+ via timing by performing a MAC computation even if incorrrect
+ block cipher padding has been found. This is a countermeasure
+ against active attacks where the attacker has to distinguish
+ between bad padding and a MAC verification error. (CAN-2003-0078)
+ for more details see the CHANGES file
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 21 Feb 2003 22:39:40 +0100
+
+openssl (0.9.7-4) unstable; urgency=low
+
+ * use DH_COMPAT=3 to build
+ * move i686 to i686/cmov to fix problems on Via C3. For that to work we
+ have to depend on the newest libc6 on i386 (closes: #177891)
+ * fix bug in ui_util.c (closes: #177615)
+ * fix typo in md5.h (closes: #178112)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 24 Jan 2003 10:22:56 +0100
+
+openssl (0.9.7-3) unstable; urgency=low
+
+ * enable build of ultrasparc code on non ultrasparc machines (closes:
+ #177024)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 17 Jan 2003 08:22:13 +0100
+
+openssl (0.9.7-2) unstable; urgency=low
+
+ * include changes between 0.9.6g-9 and -10
+ * fix problem in build-process on i386 with libc6 version number
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 13 Jan 2003 14:26:56 +0100
+
+openssl (0.9.7-1) unstable; urgency=low
+
+ * new upstream
+ * includes engine support
+ * a lot of bugfixes and enhancements, see the CHANGES file
+ * include AES encryption
+ * makes preview of certificate configurable (closes: #176059)
+ * fix x509 manpage (closes: #168070)
+ * fix declaration of ERR_load_PEM_string in pem.h (closes: #141360)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 11 Jan 2003 09:12:16 +0100
+
+openssl (0.9.6g-10) unstable; urgency=low
+
+ * fix problem in build-process on i386 with libc6 version number
+ (closes: #167096)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 4 Nov 2002 12:27:21 +0100
+
+openssl (0.9.6g-9) unstable; urgency=low
+
+ * fix typo in i386 libc6 depend (sigh) (closes: #163848)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 8 Oct 2002 23:29:20 +0200
+
+openssl (0.9.6g-8) unstable; urgency=low
+
+ * fix libc6 depends. Only needed for i386 (closes: #163701)
+ * remove SHLIB section for bsds from Configure (closes: #163585)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 8 Oct 2002 10:57:35 +0200
+
+openssl (0.9.6g-7) unstable; urgency=low
+
+ * enable i686 optimisation and depend on fixed glibc (closes: #163500)
+ * remove transition package ssleay
+ * include optimisation vor sparcv8 (closes: #139996)
+ * improve optimisation vor sparcv9
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 6 Oct 2002 14:07:12 +0200
+
+openssl (0.9.6g-6) unstable; urgency=low
+
+ * temporarily disable i686 optimisation (See bug in glibc #161788)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 21 Sep 2002 18:56:49 +0200
+
+openssl (0.9.6g-5) unstable; urgency=low
+
+ * i486 can use i586 assembler
+ * include set -xe in the for loops in the rules files to make it abort
+ on error (closes: #161768)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 21 Sep 2002 16:23:11 +0200
+
+openssl (0.9.6g-4) unstable; urgency=low
+
+ * fix optimization for alpha and sparc
+ * add optimization for i486
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 20 Sep 2002 22:36:19 +0200
+
+openssl (0.9.6g-3) unstable; urgency=low
+
+ * add optimized libraries for i586, i686, ev4, ev5 and v9 (closes: #139783)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 19 Sep 2002 18:33:04 +0200
+
+openssl (0.9.6g-2) unstable; urgency=low
+
+ * fix manpage names (closes: #156717, #156718, #156719, #156721)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 15 Aug 2002 11:26:37 +0200
+
+openssl (0.9.6g-1) unstable; urgency=low
+
+ * new upstream version
+ * Use proper error handling instead of 'assertions' in buffer
+ overflow checks added in 0.9.6e. This prevents DoS (the
+ assertions could call abort()). (closes: #155985, #156495)
+ * Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
+ and get fix the header length calculation.
+ * include support for new sh* architectures (closes: #155117)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 14 Aug 2002 13:59:22 +0200
+
+openssl (0.9.6e-1) unstable; urgency=high
+
+ * fixes remote exploits (see DSA-136-1)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 30 Jul 2002 18:32:28 +0200
+
+openssl (0.9.6d-1) unstable; urgency=low
+
+ * new upstream (minor) version
+ * includes Configure lines for debian-*bsd-* (closes: #130413)
+ * fix wrong prototype for BN_pseudo_rand_range in BN_rand(3ssl) (closes:
+ #144586)
+ * fix typos in package description (closes: #141469)
+ * fix typo in SSL_CTX_set_cert_store manpage (closes: #135297)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 3 Jun 2002 19:42:10 +0200
+
+openssl (0.9.6c-2) unstable; urgency=low
+
+ * moved from non-US to main
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 19 Mar 2002 14:48:39 +0100
+
+openssl (0.9.6c-1) unstable; urgency=low
+
+ * new upstream version with a lot of bugfixes
+ * remove directory /usr/include/openssl from openssl package (closes:
+ bug #121226)
+ * remove selfdepends from libssl0.9.6
+ * link openssl binary shared again
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 5 Jan 2002 19:04:31 +0100
+
+openssl (0.9.6b-4) unstable; urgency=low
+
+ * build with -D_REENTRANT for threads support on all architectures
+ (closes: #112329, #119239)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 24 Nov 2001 12:17:51 +0100
+
+openssl (0.9.6b-3) unstable; urgency=low
+
+ * disable idea, mdc2 and rc5 because they are not free (closes: #65368)
+ * ready to be moved from nonus to main
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 21 Nov 2001 17:51:41 +0100
+
+openssl (0.9.6b-2) unstable; urgency=high
+
+ * fix definition of crypt in des.h (closes: #107533)
+ * fix descriptions (closes: #109503)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 17 Sep 2001 15:38:27 +0200
+
+openssl (0.9.6b-1) unstable; urgency=medium
+
+ * new upstream fixes some security issues (closes: #105835, #100146)
+ * added support for s390 (closes: #105681)
+ * added support for sh (closes: #100003)
+ * change priority of libssl096 to standard as ssh depends on it (closes:
+ #105440)
+ * don't optimize for i486 to support i386. (closes: #104127, #82194)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 20 Jul 2001 15:52:42 +0200
+
+openssl (0.9.6a-3) unstable; urgency=medium
+
+ * add perl-base to builddeps
+ * include static libraries in libssl-dev (closes: #93688)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 14 May 2001 20:16:06 +0200
+
+openssl (0.9.6a-2) unstable; urgency=medium
+
+ * change Architecture of ssleay from any to all (closes: #92913)
+ * depend libssl-dev on the exact same version of libssl0.9.6 (closes:
+ #88939)
+ * remove lib{crypto,ssl}.a from openssl (closes: #93666)
+ * rebuild with newer gcc to fix atexit problem (closes: #94036)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 2 May 2001 12:28:39 +0200
+
+openssl (0.9.6a-1) unstable; urgency=medium
+
+ * new upstream, fixes some security bugs (closes: #90584)
+ * fix typo in s_server manpage (closes: #89756)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 10 Apr 2001 12:13:11 +0200
+
+openssl (0.9.6-2) unstable; urgency=low
+
+ * policy: reorganisation of package names: libssl096 -> libssl0.9.6,
+ libssl096-dev -> libssl-dev (closes: #83426)
+ * libssl0.9.6 drops replaces libssl09 (Closes: #83425)
+ * install upstream CHANGES files (Closes: #83430)
+ * added support for hppa and ia64 (Closes: #88790)
+ * move man3 manpages to libssl-dev (Closes: #87546)
+ * fix formating problem in rand_add(1) (Closes: #87547)
+ * remove manpage duplicates (Closes: #87545, #74986)
+ * make package descriptions clearer (Closes: #83518, #83444)
+ * increase default emailAddress_max from 40 to 60 (Closes: #67238)
+ * removed RSAREF warning (Closes: #84122)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 8 Mar 2001 14:24:00 +0100
+
+openssl (0.9.6-1) unstable; urgency=low
+
+ * New upstream version (Thanks to Enrique Zanardi <ezanard at debian.org>)
+ (closes: #72388)
+ * Add support for debian-hurd (closes: #76032)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 13 Nov 2000 22:30:46 +0100
+
+openssl (0.9.5a-5) unstable; urgency=low
+
+ * move manpages in standard directories with section ssl (closes:
+ #72152, #69809)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 5 Oct 2000 19:56:20 +0200
+
+openssl (0.9.5a-4) unstable; urgency=low
+
+ * include edg_rand_bytes patch from and for apache-ssl
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 23 Sep 2000 16:48:06 +0200
+
+openssl (0.9.5a-3) unstable; urgency=low
+
+ * fix call to dh_makeshlibs to create correct shlibs file and make
+ dependend programs link correctly (closes: Bug#61658)
+ * include a note in README.debian concerning the location of the
+ subcommand manpages (closes: Bug#69809)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 16 Sep 2000 19:10:50 +0200
+
+openssl (0.9.5a-2) unstable; urgency=low
+
+ * try to fix the sharedlib problem. change soname of library
+ (closes: Bug#4622, #66102, #66538, #66123)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 12 Jul 2000 03:26:30 +0200
+
+openssl (0.9.5a-1) unstable; urgency=low
+
+ * new upstream version (major changes see file NEWS) (closes: Bug#63976,
+ #65239, #65358)
+ * new library package libssl095a because of probably changed library
+ interface (closes: Bug#46222)
+ * added architecture mips and mipsel (closes: Bug#62437, #60366)
+ * provide shlibs.local file in build to help build if libraries are not
+ yet installed (closes: Bug#63984)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 11 Jun 2000 15:17:35 +0200
+
+openssl (0.9.4-5) frozen unstable; urgency=medium
+
+ * cleanup of move of doc directories to /usr/share/doc (closes:
+ Bug#56430)
+ * lintian issues (closes: Bug#49358)
+ * move demos from openssl to libssl09-dev (closes: Bug#59201)
+ * move to debhelpers
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 11 Mar 2000 10:38:04 +0100
+
+openssl (0.9.4-4) unstable; urgency=medium
+
+ * Added 'debian-arm' in 'Configure'. (closes: Bug#54251, #54766)
+ * Fixed Configure for 'debian-m68k' (closes: Bug#53636)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 15 Jan 2000 13:16:18 +0100
+
+openssl (0.9.4-3) unstable; urgency=low
+
+ * define symbol SSLeay_add_ssl_algorithms for backward compatibility
+ (closes: Bug#46882)
+ * remove manpages from /usr/doc/openssl (closes: Bug#46791)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 14 Oct 1999 16:51:08 +0200
+
+openssl (0.9.4-2) unstable; urgency=low
+
+ * include some more docu in pod format (Bug #43933)
+ * removed -mv8 from sparc flags (Bug #44769)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 14 Sep 1999 22:04:06 +0200
+
+openssl (0.9.4-1) unstable; urgency=low
+
+ * new upstream version (Closes: #42926)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 28 Aug 1999 17:04:23 +0200
+
+openssl (0.9.3a-1) unstable; urgency=low
+
+ * new upstream version (Bug #38345, #38627)
+ * sparc is big-endian (Bug #39973)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 7 Jul 1999 16:03:37 +0200
+
+openssl (0.9.2b-3) unstable; urgency=low
+
+ * correct move conffiles to /etc/ssl (Bug #38570)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 31 May 1999 21:08:07 +0200
+
+openssl (0.9.2b-2) unstable; urgency=low
+
+ * added convenience package ssleay to help upgrade to openssl (Bug
+ #37185, #37623, #36326)
+ * added some missing dependencies from libssl09 (Bug #36681, #35867,
+ #36326)
+ * move lib*.so to libssl09-dev (Bug #36761)
+ * corrected version numbers of library files
+ * introduce link from /usr/lib/ssl to /etc/ssl (Bug #36710)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 23 May 1999 14:57:48 +0200
+
+openssl (0.9.2b-1) unstable; urgency=medium
+
+ * First openssl version
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 31 Mar 1999 15:54:26 +0200
+
+ssleay (0.9.0b-2) unstable; urgency=low
+
+ * Include message about the (not)usage of RSAREF (#24409)
+ * Move configfiles from /usr/lib/ssl to /etc/ssl (#26406)
+ * Change definitions for sparc (#26487)
+ * Added missing dependency (#28591)
+ * Make debian/libtool executable (#29708)
+ * /etc/ssl/lib/ssleay.cnf is now a confile (#32624)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 21 Mar 1999 19:41:04 +0100
+
+ssleay (0.9.0b-1) unstable; urgency=low
+
+ * new upstream version (Bug #21227, #25971)
+ * build shared libraries with -fPIC (Bug #20027)
+ * support sparc architecture (Bug #28467)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 13 Oct 1998 10:20:13 +0200
+
+ssleay (0.8.1-7) frozen unstable; urgency=high
+
+ * security fix patch to 0.8.1b (bug #24022)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 6 Jul 1998 15:42:15 +0200
+
+ssleay (0.8.1-6) frozen unstable; urgency=low
+
+ * second try to fix bug #15235 (copyright was still missing)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 22 Jun 1998 08:56:27 +0200
+
+ssleay (0.8.1-5) frozen unstable; urgency=high
+
+ * changed /dev/random to /dev/urandom (Bug #23169, #17817)
+ * copyright contains now the full licence (Bug #15235)
+ * fixed bug #19410 (md5sums-lists-nonexisting-file)
+ * added demos to /usr/doc (Bug #17372)
+ * fixed type in package description (Bug #18969)
+ * fixed bug in adding documentation (Bug #21463)
+ * added patch for support of debian-powerpc (Bug #21579)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 18 Jun 1998 23:09:13 +0200
+
+ssleay (0.8.1-4) unstable; urgency=low
+
+ * purged dependency from libc5
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 11 Nov 1997 15:31:50 +0100
+
+ssleay (0.8.1-3) unstable; urgency=low
+
+ * changed packagename libssl to libssl08 to get better dependancies
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 7 Nov 1997 14:23:17 +0100
+
+ssleay (0.8.1-2) unstable; urgency=low
+
+ * linked shared libraries against libc6
+ * use /dev/random for randomseed
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 5 Nov 1997 11:21:40 +0100
+
+ssleay (0.8.1-1) unstable; urgency=low
+
+ * new upstream version
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Oct 1997 16:15:43 +0200
+
+ssleay (0.6.6-2) unstable; urgency=low
+
+ * cleanup in diffs
+ * removed INSTALL from docs (bug #13205)
+ * split libssl and libssl-dev (but #13735)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 15 Oct 1997 17:38:38 +0200
+
+ssleay (0.6.6-1) unstable; urgency=low
+
+ * New upstream version
+ * added shared libraries for libcrypto and libssl
+
+ -- Christoph Martin <martin at uni-mainz.de> Thu, 26 Jun 1997 19:26:14 +0200
+
+ssleay (0.6.4-2) unstable; urgency=low
+
+ * changed doc filenames from .doc to .txt to be able to read them
+ over with webbrowser
+
+ -- Christoph Martin <martin at uni-mainz.de> Tue, 25 Feb 1997 14:02:53 +0100
+
+ssleay (0.6.4-1) unstable; urgency=low
+
+ * Initial Release.
+
+ -- Christoph Martin <martin at uni-mainz.de> Fri, 22 Nov 1996 21:29:51 +0100
Deleted: openssl/tags/1.0.1g-4/debian/libssl1.0.0.postinst
===================================================================
--- openssl/branches/1.0.1/debian/libssl1.0.0.postinst 2014-05-12 21:05:05 UTC (rev 657)
+++ openssl/tags/1.0.1g-4/debian/libssl1.0.0.postinst 2014-05-12 21:15:20 UTC (rev 662)
@@ -1,169 +0,0 @@
-#!/bin/sh
-
-. /usr/share/debconf/confmodule
-
-set -e
-
-package_name()
-{
- echo $(basename $0 .postinst)
-}
-
-# element() is a helper function for file-rc:
-element() {
- local element list IFS
-
- element="$1"
-
- [ "$2" = "in" ] && shift
- list="$2"
- [ "$list" = "-" ] && return 1
- [ "$list" = "*" ] && return 0
-
- IFS=","
- set -- $list
- case $element in
- "$1"|"$2"|"$3"|"$4"|"$5"|"$6"|"$7"|"$8"|"$9")
- return 0
- esac
- return 1
-}
-
-# filerc (runlevel, service) returns /etc/init.d/service, if service is
-# running in $runlevel:
-filerc() {
- local runlevel basename
- runlevel=$1
- basename=$2
- while read LINE
- do
- case $LINE in
- \#*|"") continue
- esac
-
- set -- $LINE
- SORT_NO="$1"; STOP="$2"; START="$3"; CMD="$4"
- [ "$CMD" = "/etc/init.d/$basename" ] || continue
-
- if element "$runlevel" in "$START" || element "S" in "$START"
- then
- echo "/etc/init.d/$basename"
- return 0
- fi
- done < /etc/runlevel.conf
- echo ""
-}
-
-if [ "$1" = "configure" ]
-then
- if [ ! -z "$2" ]; then
- if dpkg --compare-versions "$2" lt 0.9.8g-9 && dpkg --compare-versions "$2" gt 0.9.8c-4etch3; then
- db_version 2.0
-
- echo -n "Checking for services that may need to be restarted..."
-
- check="sendmail openssh-server"
- check="$check apache2-common ssh-nonfree exim4"
- check="$check apache-ssl libapache-mod-ssl openvpn spamassassin"
- check="$check courier-imap-ssl courier-mta-ssl courier-pop-ssl"
- check="$check postfix cyrus21-imapd cyrus21-pop3d"
- check="$check postgresql-7.4 postgresql-8.0 postgresql-8.1"
- check="$check postgresql-8.2"
- check="$check racoon dovecot-common bind9"
- check="$check ntp openntpd clamcour nagios-nrpe-server"
- check="$check clamav-freshclam clamav-daemon"
- check="$check fetchmail ftpd-ssl slapd"
- check="$check proftpd proftpd-ldap proftpd-mysql proftpd-pgsql"
- check="$check partimage-server conserver-server tor"
- check="$check stunnel4"
- # Only get the ones that are installed, and configured
- check=$(dpkg -s $check 2> /dev/null | egrep '^Package:|^Status:' | awk '{if ($1 ~ /^Package:/) { package=$2 } else if ($0 ~ /^Status: .* installed$/) { print package }}')
- # apache2 ships its init script in apache2-common, but the
- # script is apache2
- check=$(echo $check | sed 's/apache2-common/apache2/g')
- # For mod-ssl apache has to be restarted
- check=$(echo $check | sed 's/libapache-mod-ssl/apache/g')
- # The name of proftpd-{ldap,mysql,pgsql} init script is
- # same as "proftpd".
- check=$(echo $check | sed 's/proftpd-.*/proftpd/g')
- # dovecot-common ships its init script, but the
- # script name is dovecot for dovecot-{imapd,pop3d}.
- check=$(echo $check | sed 's/dovecot-common/dovecot/g')
- # openssh-server's init script it called ssh
- check=$(echo $check | sed 's/openssh-server/ssh/g')
- echo "done."
-
- echo "Checking init scripts..."
- for service in $check; do
- if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
- idl=$(ls /etc/init.d/${service} 2> /dev/null | head -n 1)
- if [ -n "$idl" ] && [ -x $idl ]; then
- services="$service $services"
- else
- echo "WARNING: init script for $service not found."
- fi
- else
- if [ -f /usr/share/file-rc/rc ] || [ -f /usr/lib/file-rc/rc ] && [ -f /etc/runlevel.conf ]; then
-
- idl=$(filerc $rl $service)
- else
- idl=$(ls /etc/rc${rl}.d/S??${service} 2> /dev/null | head -n 1)
- fi
- if [ -n "$idl" ] && [ -x $idl ]; then
- services="$service $services"
- fi
- fi
- done
- if [ -n "$services" ]; then
- db_reset libssl1.0.0/restart-services
- db_set libssl1.0.0/restart-services "$services"
- db_input critical libssl1.0.0/restart-services || true
- db_go || true
- db_get libssl1.0.0/restart-services
-
- if [ "x$RET" != "x" ]
- then
- services=$RET
- answer=yes
- else
- answer=no
- fi
- echo
- if [ "$answer" = yes ] && [ "$services" != "" ]; then
- echo "Restarting services possibly affected by the upgrade:"
- failed=""
- rl=$(runlevel | sed 's/.*\ //')
- for service in $services; do
- if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
- idl="invoke-rc.d ${service}"
- elif [ -f /usr/share/file-rc/rc ] || [ -f /usr/lib/file-rc/rc ] && [ -f /etc/runlevel.conf ]; then
- idl=$(filerc $rl $service)
- else
- idl=$(ls /etc/rc${rl}.d/S??${service} 2> /dev/null | head -n 1)
- fi
-
- if ! $idl restart; then
- failed="$service $failed"
- fi
- done
- echo
- if [ -n "$failed" ]; then
- db_subst libssl1.0.0/restart-failed services "$failed"
- db_input critical libssl1.0.0/restart-failed || true
- db_go || true
- else
- echo "Services restarted successfully."
- fi
- echo
- fi
- else
- echo "Nothing to restart."
- fi
- # Shut down the frontend, to make sure none of the
- # restarted services keep a connection open to it
- db_stop
- fi # end upgrading and $2 lt 0.9.8c-2
- fi # Upgrading
-fi
-
-#DEBHELPER#
Copied: openssl/tags/1.0.1g-4/debian/libssl1.0.0.postinst (from rev 661, openssl/branches/1.0.1/debian/libssl1.0.0.postinst)
===================================================================
--- openssl/tags/1.0.1g-4/debian/libssl1.0.0.postinst (rev 0)
+++ openssl/tags/1.0.1g-4/debian/libssl1.0.0.postinst 2014-05-12 21:15:20 UTC (rev 662)
@@ -0,0 +1,207 @@
+#!/bin/sh
+
+. /usr/share/debconf/confmodule
+
+set -e
+
+package_name()
+{
+ echo $(basename $0 .postinst)
+}
+
+# element() is a helper function for file-rc:
+element() {
+ local element list IFS
+
+ element="$1"
+
+ [ "$2" = "in" ] && shift
+ list="$2"
+ [ "$list" = "-" ] && return 1
+ [ "$list" = "*" ] && return 0
+
+ IFS=","
+ set -- $list
+ case $element in
+ "$1"|"$2"|"$3"|"$4"|"$5"|"$6"|"$7"|"$8"|"$9")
+ return 0
+ esac
+ return 1
+}
+
+# filerc (runlevel, service) returns /etc/init.d/service, if service is
+# running in $runlevel:
+filerc() {
+ local runlevel basename
+ runlevel=$1
+ basename=$2
+ while read LINE
+ do
+ case $LINE in
+ \#*|"") continue
+ esac
+
+ set -- $LINE
+ SORT_NO="$1"; STOP="$2"; START="$3"; CMD="$4"
+ [ "$CMD" = "/etc/init.d/$basename" ] || continue
+
+ if element "$runlevel" in "$START" || element "S" in "$START"
+ then
+ echo "/etc/init.d/$basename"
+ return 0
+ fi
+ done < /etc/runlevel.conf
+ echo ""
+}
+
+if [ "$1" = "configure" ]
+then
+ if [ ! -z "$2" ]; then
+ if dpkg --compare-versions "$2" lt 1.0.1g-2; then
+ echo -n "Checking for services that may need to be restarted..."
+ check="amanda-server anon-proxy apache2 apache-ssl"
+ check="$check apf-firewall asterisk bacula-director-common"
+ check="$check bacula-fd bacula-sd bind9 bip boinc-client"
+ check="$check boxbackup-client boxbackup-server bozo cfengine2"
+ check="$check cfengine3 citadel-server clamav-daemon clamav-freshclam"
+ check="$check clamcour collectd-core conserver-server courier-imap-ssl"
+ check="$check courier-mta-ssl courier-pop-ssl cyrus21-imapd"
+ check="$check cyrus21-pop3d cyrus-common cyrus-imspd dovecot-core"
+ check="$check ejabberd exim4 fetchmail freeradius ftpd-ssl gatling"
+ check="$check globus-gatekeeper inn inn2 libapache-mod-ssl lighttpd lldpd"
+ check="$check lwresd monit myproxy-server nagios-nrpe-server nginx-common"
+ check="$check ntp openntpd openssh-server openvpn partimage-server"
+ check="$check postfix postgresql-7.4 postgresql-8.0 postgresql-8.1"
+ check="$check postgresql-8.2 postgresql-9.1 postgresql-9.2 postgresql-9.3"
+ check="$check proftpd proftpd-ldap proftpd-basic"
+ check="$check proftpd-mysql proftpd-pgsql racoon sendmail slapd"
+ check="$check spamassassin ssh-nonfree stunnel4 syslog-ng tor unbound"
+ check="$check vsftpd"
+ # Only get the ones that are installed, and configured
+ check=$(dpkg -s $check 2> /dev/null | egrep '^Package:|^Status:' | awk '{if ($1 ~ /^Package:/) { package=$2 } else if ($0 ~ /^Status: .* installed$/) { print package }}')
+ # init script rewrites
+ check=$(echo $check | sed "
+ # The name of proftpd-{ldap,mysql,pgsql,basic} init script is
+ # same as "proftpd".
+ s/proftpd-.*/proftpd/g;
+ # dovecot-core ships its init script, but the
+ # script name is dovecot for dovecot-{imapd,pop3d}.
+ s/dovecot-core/dovecot/g;
+ # openssh-server's init script it called ssh
+ s/openssh-server/ssh/g;
+ # bacula-director-common's init is bacula-director
+ s/bacula-director-common/bacula-director/g;
+ # citadel server
+ s/citadel-server/citadel/g;
+ # collectd
+ s/collectd-core/collectd/g;
+ # cyrus
+ s/cyrus-common/cyrus-imapd/g;
+ # nginx
+ s/nginx-common/nginx/g;
+ ")
+ echo "done."
+ fi
+ if dpkg --compare-versions "$2" lt 1.0.1g-3; then
+ echo -n "Checking for services that may need to be restarted..."
+ check2="chef chef-expander chef-server-api"
+ check2="$check2 chef-solr pound postgresql-common"
+ check2="$check2 prosody puppet puppetmaster snmpd"
+
+ # Only get the ones that are installed, and configured
+ check2=$(dpkg -s $check2 2> /dev/null | egrep '^Package:|^Status:' | awk '{if ($1 ~ /^Package:/) { package=$2 } else if ($0 ~ /^Status: .* installed$/) { print package }}')
+ # init script rewrites
+ check2=$(echo $check2 | sed -r "
+ s/chef\s/chef-client/g;
+ s/chef-server-api/chef-server/g;
+ s/postgresql-common/postgresql/g;
+ ")
+ echo "done."
+ if [ -n "$check2" ]; then
+ check="$check $check2"
+ fi
+ fi
+
+ if [ -n "$check" ]; then
+ db_version 2.0
+ echo "Checking init scripts..."
+ for service in $check; do
+ if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
+ idl=$(ls /etc/init.d/${service} 2> /dev/null | head -n 1)
+ if [ -n "$idl" ] && [ -x $idl ]; then
+ services="$service $services"
+ else
+ echo "WARNING: init script for $service not found."
+ fi
+ else
+ if [ -f /usr/share/file-rc/rc ] || [ -f /usr/lib/file-rc/rc ] && [ -f /etc/runlevel.conf ]; then
+
+ idl=$(filerc $rl $service)
+ else
+ idl=$(ls /etc/rc${rl}.d/S??${service} 2> /dev/null | head -n 1)
+ fi
+ if [ -n "$idl" ] && [ -x $idl ]; then
+ services="$service $services"
+ fi
+ fi
+ done
+ if [ -n "$services" ]; then
+ db_input critical libraries/restart-without-asking || true
+ db_go || true
+ db_get libraries/restart-without-asking
+ if [ "x$RET" != xtrue ]; then
+ db_reset libssl1.0.0/restart-services
+ db_set libssl1.0.0/restart-services "$services"
+ db_input critical libssl1.0.0/restart-services || true
+ db_go || true
+ db_get libssl1.0.0/restart-services
+
+ if [ "x$RET" != "x" ]
+ then
+ services=$RET
+ answer=yes
+ else
+ answer=no
+ fi
+ else
+ answer=yes
+ fi
+ echo
+ if [ "$answer" = yes ] && [ "$services" != "" ]; then
+ echo "Restarting services possibly affected by the upgrade:"
+ failed=""
+ rl=$(runlevel | sed 's/.*\ //')
+ for service in $services; do
+ if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
+ idl="invoke-rc.d ${service}"
+ elif [ -f /usr/share/file-rc/rc ] || [ -f /usr/lib/file-rc/rc ] && [ -f /etc/runlevel.conf ]; then
+ idl=$(filerc $rl $service)
+ else
+ idl=$(ls /etc/rc${rl}.d/S??${service} 2> /dev/null | head -n 1)
+ fi
+
+ if ! $idl restart; then
+ failed="$service $failed"
+ fi
+ done
+ echo
+ if [ -n "$failed" ]; then
+ db_subst libssl1.0.0/restart-failed services "$failed"
+ db_input critical libssl1.0.0/restart-failed || true
+ db_go || true
+ else
+ echo "Services restarted successfully."
+ fi
+ echo
+ fi
+ else
+ echo "Nothing to restart."
+ fi
+ # Shut down the frontend, to make sure none of the
+ # restarted services keep a connection open to it
+ db_stop
+ fi # end upgrading and $2 lt 0.9.8c-2
+ fi # Upgrading
+fi
+
+#DEBHELPER#
Copied: openssl/tags/1.0.1g-4/debian/patches/CVE-2010-5298.patch (from rev 660, openssl/branches/1.0.1/debian/patches/CVE-2010-5298.patch)
===================================================================
--- openssl/tags/1.0.1g-4/debian/patches/CVE-2010-5298.patch (rev 0)
+++ openssl/tags/1.0.1g-4/debian/patches/CVE-2010-5298.patch 2014-05-12 21:15:20 UTC (rev 662)
@@ -0,0 +1,27 @@
+From db978be7388852059cf54e42539a363d549c5bfd Mon Sep 17 00:00:00 2001
+From: Kurt Roeckx <kurt at roeckx.be>
+Date: Sun, 13 Apr 2014 15:05:30 +0200
+Subject: [PATCH] Don't release the buffer when there still is data in it
+
+RT: 2167, 3265
+---
+ ssl/s3_pkt.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
+index b9e45c7..32e9207 100644
+--- a/ssl/s3_pkt.c
++++ b/ssl/s3_pkt.c
+@@ -1055,7 +1055,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
+ {
+ s->rstate=SSL_ST_READ_HEADER;
+ rr->off=0;
+- if (s->mode & SSL_MODE_RELEASE_BUFFERS)
++ if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
++ s->s3->rbuf.left == 0)
+ ssl3_release_read_buffer(s);
+ }
+ }
+--
+1.9.1
+
Copied: openssl/tags/1.0.1g-4/debian/patches/CVE-2014-XXXX-Extension-checking-fixes.patch (from rev 660, openssl/branches/1.0.1/debian/patches/CVE-2014-XXXX-Extension-checking-fixes.patch)
===================================================================
--- openssl/tags/1.0.1g-4/debian/patches/CVE-2014-XXXX-Extension-checking-fixes.patch (rev 0)
+++ openssl/tags/1.0.1g-4/debian/patches/CVE-2014-XXXX-Extension-checking-fixes.patch 2014-05-12 21:15:20 UTC (rev 662)
@@ -0,0 +1,40 @@
+From 300b9f0b704048f60776881f1d378c74d9c32fbd Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve at openssl.org>
+Date: Tue, 15 Apr 2014 18:48:54 +0100
+Subject: [PATCH] Extension checking fixes.
+
+When looking for an extension we need to set the last found
+position to -1 to properly search all extensions.
+
+PR#3309.
+---
+ crypto/x509v3/v3_purp.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
+index 6c40c7d..5f931db 100644
+--- a/crypto/x509v3/v3_purp.c
++++ b/crypto/x509v3/v3_purp.c
+@@ -389,8 +389,8 @@ static void x509v3_cache_extensions(X509 *x)
+ /* Handle proxy certificates */
+ if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
+ if (x->ex_flags & EXFLAG_CA
+- || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0
+- || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) {
++ || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0
++ || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {
+ x->ex_flags |= EXFLAG_INVALID;
+ }
+ if (pci->pcPathLengthConstraint) {
+@@ -670,7 +670,7 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
+ return 0;
+
+ /* Extended Key Usage MUST be critical */
+- i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, 0);
++ i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, -1);
+ if (i_ext >= 0)
+ {
+ X509_EXTENSION *ext = X509_get_ext((X509 *) x, i_ext);
+--
+1.9.1
+
Deleted: openssl/tags/1.0.1g-4/debian/patches/fix-pod-errors.patch
===================================================================
--- openssl/branches/1.0.1/debian/patches/fix-pod-errors.patch 2014-05-12 21:05:05 UTC (rev 657)
+++ openssl/tags/1.0.1g-4/debian/patches/fix-pod-errors.patch 2014-05-12 21:15:20 UTC (rev 662)
@@ -1,409 +0,0 @@
-Description: Fix pod errors
- The version of pod from perl 5.18 is fussier than previous versions changing
- thigs that were previously warnings into errors. This patch fixes the errors
- and makes the package build but I have not checked the correctness of the
- output.
-Author: Peter Michael Green <plugwash at raspbian.org>
-Bug-Debian: http://bugs.debian.org/723954
-Bug: http://rt.openssl.org/Ticket/Display.html?id=3146&user=guest&pass=guest
-
-Index: openssl-1.0.1e/doc/apps/smime.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/apps/smime.pod 2013-12-22 17:21:52.913435572 +0100
-+++ openssl-1.0.1e/doc/apps/smime.pod 2013-12-22 17:21:52.909435656 +0100
-@@ -308,28 +308,28 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- the operation was completely successfully.
-
--=item 1
-+=item C<1>
-
- an error occurred parsing the command options.
-
--=item 2
-+=item C<2>
-
- one of the input files could not be read.
-
--=item 3
-+=item C<3>
-
- an error occurred creating the PKCS#7 file or when reading the MIME
- message.
-
--=item 4
-+=item C<4>
-
- an error occurred decrypting or verifying the message.
-
--=item 5
-+=item C<5>
-
- the message was verified correctly but an error occurred writing out
- the signers certificates.
-Index: openssl-1.0.1e/doc/apps/cms.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/apps/cms.pod 2013-12-22 17:21:52.913435572 +0100
-+++ openssl-1.0.1e/doc/apps/cms.pod 2013-12-22 17:21:52.909435656 +0100
-@@ -450,28 +450,28 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- the operation was completely successfully.
-
--=item 1
-+=item C<1>
-
- an error occurred parsing the command options.
-
--=item 2
-+=item C<2>
-
- one of the input files could not be read.
-
--=item 3
-+=item C<3>
-
- an error occurred creating the CMS file or when reading the MIME
- message.
-
--=item 4
-+=item C<4>
-
- an error occurred decrypting or verifying the message.
-
--=item 5
-+=item C<5>
-
- the message was verified correctly but an error occurred writing out
- the signers certificates.
-Index: openssl-1.0.1e/doc/ssl/SSL_clear.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/ssl/SSL_clear.pod 2013-12-22 17:21:52.913435572 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_clear.pod 2013-12-22 17:21:52.909435656 +0100
-@@ -56,12 +56,12 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The SSL_clear() operation could not be performed. Check the error stack to
- find out the reason.
-
--=item 1
-+=item C<1>
-
- The SSL_clear() operation was successful.
-
-Index: openssl-1.0.1e/doc/ssl/SSL_session_reused.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/ssl/SSL_session_reused.pod 2013-12-22 17:21:52.913435572 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod 2013-12-22 17:21:52.909435656 +0100
-@@ -27,11 +27,11 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- A new session was negotiated.
-
--=item 1
-+=item C<1>
-
- A session was reused.
-
-Index: openssl-1.0.1e/doc/ssl/SSL_set_session.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/ssl/SSL_set_session.pod 2013-12-22 17:21:52.913435572 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod 2013-12-22 17:21:52.909435656 +0100
-@@ -37,11 +37,11 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The operation failed; check the error stack to find out the reason.
-
--=item 1
-+=item C<1>
-
- The operation succeeded.
-
-Index: openssl-1.0.1e/doc/ssl/SSL_connect.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/ssl/SSL_connect.pod 2013-12-22 17:21:52.913435572 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_connect.pod 2013-12-22 17:22:42.956402467 +0100
-@@ -41,13 +41,13 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
- return value B<ret> to find out the reason.
-
--=item 1
-+=item C<1>
-
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
-Index: openssl-1.0.1e/doc/ssl/SSL_shutdown.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/ssl/SSL_shutdown.pod 2013-12-22 17:21:52.913435572 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod 2013-12-22 17:23:49.347031915 +0100
-@@ -92,14 +92,14 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The shutdown is not yet finished. Call SSL_shutdown() for a second time,
- if a bidirectional shutdown shall be performed.
- The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
- erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
-
--=item 1
-+=item C<1>
-
- The shutdown was successfully completed. The "close notify" alert was sent
- and the peer's "close notify" alert was received.
-Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-12-22 17:21:52.913435572 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-12-22 17:24:41.985942861 +0100
-@@ -66,13 +66,13 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- A failure while manipulating the STACK_OF(X509_NAME) object occurred or
- the X509_NAME could not be extracted from B<cacert>. Check the error stack
- to find out the reason.
-
--=item 1
-+=item C<1>
-
- The operation succeeded.
-
-Index: openssl-1.0.1e/doc/ssl/SSL_accept.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/ssl/SSL_accept.pod 2013-12-22 17:21:52.913435572 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_accept.pod 2013-12-22 17:24:17.466450402 +0100
-@@ -44,13 +44,13 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
- return value B<ret> to find out the reason.
-
--=item 1
-+=item C<1>
-
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
-Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-12-22 17:21:52.913435572 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-12-22 17:21:52.909435656 +0100
-@@ -64,13 +64,13 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
- the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
- is logged to the error stack.
-
--=item 1
-+=item C<1>
-
- The operation succeeded.
-
-Index: openssl-1.0.1e/doc/ssl/SSL_write.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/ssl/SSL_write.pod 2013-12-22 17:21:52.913435572 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_write.pod 2013-12-22 17:21:52.909435656 +0100
-@@ -79,7 +79,7 @@
- The write operation was successful, the return value is the number of
- bytes actually written to the TLS/SSL connection.
-
--=item 0
-+=item C<0>
-
- The write operation was not successful. Probably the underlying connection
- was closed. Call SSL_get_error() with the return value B<ret> to find out,
-Index: openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-12-22 17:21:52.913435572 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-12-22 17:21:52.909435656 +0100
-@@ -100,13 +100,13 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The operation failed because B<CAfile> and B<CApath> are NULL or the
- processing at one of the locations specified failed. Check the error
- stack to find out the reason.
-
--=item 1
-+=item C<1>
-
- The operation succeeded.
-
-Index: openssl-1.0.1e/doc/ssl/SSL_set_fd.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/ssl/SSL_set_fd.pod 2013-12-22 17:21:52.913435572 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod 2013-12-22 17:21:52.909435656 +0100
-@@ -35,11 +35,11 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The operation failed. Check the error stack to find out why.
-
--=item 1
-+=item C<1>
-
- The operation succeeded.
-
-Index: openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-12-22 17:21:52.913435572 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-12-22 17:21:52.909435656 +0100
-@@ -96,7 +96,7 @@
- connection will fail with decryption_error before it will be finished
- completely.
-
--=item 0
-+=item C<0>
-
- PSK identity was not found. An "unknown_psk_identity" alert message
- will be sent and the connection setup fails.
-Index: openssl-1.0.1e/doc/ssl/SSL_read.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/ssl/SSL_read.pod 2013-12-22 17:21:52.913435572 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_read.pod 2013-12-22 17:21:52.909435656 +0100
-@@ -86,7 +86,7 @@
- The read operation was successful; the return value is the number of
- bytes actually read from the TLS/SSL connection.
-
--=item 0
-+=item C<0>
-
- The read operation was not successful. The reason may either be a clean
- shutdown due to a "close notify" alert sent by the peer (in which case
-Index: openssl-1.0.1e/doc/ssl/SSL_set_shutdown.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/ssl/SSL_set_shutdown.pod 2013-12-22 17:21:52.913435572 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_set_shutdown.pod 2013-12-22 17:21:52.909435656 +0100
-@@ -24,7 +24,7 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- No shutdown setting, yet.
-
-Index: openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_add_session.pod 2013-12-22 17:21:52.913435572 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod 2013-12-22 17:21:52.909435656 +0100
-@@ -52,13 +52,13 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The operation failed. In case of the add operation, it was tried to add
- the same (identical) session twice. In case of the remove operation, the
- session was not found in the cache.
-
--=item 1
-+=item C<1>
-
- The operation succeeded.
-
-Index: openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/ssl/SSL_do_handshake.pod 2013-12-22 17:21:52.913435572 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod 2013-12-22 17:23:09.503854843 +0100
-@@ -45,13 +45,13 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
- return value B<ret> to find out the reason.
-
--=item 1
-+=item C<1>
-
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
-Index: openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2013-12-22 17:21:52.913435572 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod 2013-12-22 17:21:52.909435656 +0100
-@@ -53,11 +53,11 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The operation succeeded.
-
--=item 1
-+=item C<1>
-
- The operation failed. Check the error queue to find out the reason.
-
-Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-12-22 17:21:52.913435572 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-12-22 17:21:52.909435656 +0100
-@@ -42,11 +42,11 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The new choice failed, check the error stack to find out the reason.
-
--=item 1
-+=item C<1>
-
- The operation succeeded.
-
Copied: openssl/tags/1.0.1g-4/debian/patches/fix-pod-errors.patch (from rev 658, openssl/branches/1.0.1/debian/patches/fix-pod-errors.patch)
===================================================================
--- openssl/tags/1.0.1g-4/debian/patches/fix-pod-errors.patch (rev 0)
+++ openssl/tags/1.0.1g-4/debian/patches/fix-pod-errors.patch 2014-05-12 21:15:20 UTC (rev 662)
@@ -0,0 +1,396 @@
+Description: Fix pod errors
+ The version of pod from perl 5.18 is fussier than previous versions changing
+ thigs that were previously warnings into errors. This patch fixes the errors
+ and makes the package build but I have not checked the correctness of the
+ output.
+Author: Peter Michael Green <plugwash at raspbian.org>
+Bug-Debian: http://bugs.debian.org/723954
+Bug: http://rt.openssl.org/Ticket/Display.html?id=3146&user=guest&pass=guest
+
+Index: openssl-1.0.1g/doc/apps/smime.pod
+===================================================================
+--- openssl-1.0.1g.orig/doc/apps/smime.pod 2014-04-07 23:21:03.985184135 +0200
++++ openssl-1.0.1g/doc/apps/smime.pod 2014-04-07 23:21:03.985184135 +0200
+@@ -308,28 +308,28 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ the operation was completely successfully.
+
+-=item 1
++=item C<1>
+
+ an error occurred parsing the command options.
+
+-=item 2
++=item C<2>
+
+ one of the input files could not be read.
+
+-=item 3
++=item C<3>
+
+ an error occurred creating the PKCS#7 file or when reading the MIME
+ message.
+
+-=item 4
++=item C<4>
+
+ an error occurred decrypting or verifying the message.
+
+-=item 5
++=item C<5>
+
+ the message was verified correctly but an error occurred writing out
+ the signers certificates.
+Index: openssl-1.0.1g/doc/apps/cms.pod
+===================================================================
+--- openssl-1.0.1g.orig/doc/apps/cms.pod 2014-04-07 23:21:03.985184135 +0200
++++ openssl-1.0.1g/doc/apps/cms.pod 2014-04-07 23:21:03.985184135 +0200
+@@ -450,28 +450,28 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ the operation was completely successfully.
+
+-=item 1
++=item C<1>
+
+ an error occurred parsing the command options.
+
+-=item 2
++=item C<2>
+
+ one of the input files could not be read.
+
+-=item 3
++=item C<3>
+
+ an error occurred creating the CMS file or when reading the MIME
+ message.
+
+-=item 4
++=item C<4>
+
+ an error occurred decrypting or verifying the message.
+
+-=item 5
++=item C<5>
+
+ the message was verified correctly but an error occurred writing out
+ the signers certificates.
+Index: openssl-1.0.1g/doc/ssl/SSL_clear.pod
+===================================================================
+--- openssl-1.0.1g.orig/doc/ssl/SSL_clear.pod 2014-04-07 23:21:03.985184135 +0200
++++ openssl-1.0.1g/doc/ssl/SSL_clear.pod 2014-04-07 23:21:03.985184135 +0200
+@@ -56,12 +56,12 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The SSL_clear() operation could not be performed. Check the error stack to
+ find out the reason.
+
+-=item 1
++=item C<1>
+
+ The SSL_clear() operation was successful.
+
+Index: openssl-1.0.1g/doc/ssl/SSL_session_reused.pod
+===================================================================
+--- openssl-1.0.1g.orig/doc/ssl/SSL_session_reused.pod 2014-04-07 23:21:03.985184135 +0200
++++ openssl-1.0.1g/doc/ssl/SSL_session_reused.pod 2014-04-07 23:21:03.985184135 +0200
+@@ -27,11 +27,11 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ A new session was negotiated.
+
+-=item 1
++=item C<1>
+
+ A session was reused.
+
+Index: openssl-1.0.1g/doc/ssl/SSL_set_session.pod
+===================================================================
+--- openssl-1.0.1g.orig/doc/ssl/SSL_set_session.pod 2014-04-07 23:21:03.985184135 +0200
++++ openssl-1.0.1g/doc/ssl/SSL_set_session.pod 2014-04-07 23:21:03.985184135 +0200
+@@ -37,11 +37,11 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The operation failed; check the error stack to find out the reason.
+
+-=item 1
++=item C<1>
+
+ The operation succeeded.
+
+Index: openssl-1.0.1g/doc/ssl/SSL_connect.pod
+===================================================================
+--- openssl-1.0.1g.orig/doc/ssl/SSL_connect.pod 2014-04-07 23:21:03.985184135 +0200
++++ openssl-1.0.1g/doc/ssl/SSL_connect.pod 2014-04-07 23:21:03.985184135 +0200
+@@ -41,13 +41,13 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The TLS/SSL handshake was not successful but was shut down controlled and
+ by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+ return value B<ret> to find out the reason.
+
+-=item 1
++=item C<1>
+
+ The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+ established.
+Index: openssl-1.0.1g/doc/ssl/SSL_shutdown.pod
+===================================================================
+--- openssl-1.0.1g.orig/doc/ssl/SSL_shutdown.pod 2014-04-07 23:21:03.985184135 +0200
++++ openssl-1.0.1g/doc/ssl/SSL_shutdown.pod 2014-04-07 23:21:03.985184135 +0200
+@@ -92,14 +92,14 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The shutdown is not yet finished. Call SSL_shutdown() for a second time,
+ if a bidirectional shutdown shall be performed.
+ The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
+ erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
+
+-=item 1
++=item C<1>
+
+ The shutdown was successfully completed. The "close notify" alert was sent
+ and the peer's "close notify" alert was received.
+Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_client_CA_list.pod
+===================================================================
+--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-04-07 23:21:03.985184135 +0200
++++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-04-07 23:21:03.985184135 +0200
+@@ -66,13 +66,13 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ A failure while manipulating the STACK_OF(X509_NAME) object occurred or
+ the X509_NAME could not be extracted from B<cacert>. Check the error stack
+ to find out the reason.
+
+-=item 1
++=item C<1>
+
+ The operation succeeded.
+
+Index: openssl-1.0.1g/doc/ssl/SSL_accept.pod
+===================================================================
+--- openssl-1.0.1g.orig/doc/ssl/SSL_accept.pod 2014-04-07 23:21:03.985184135 +0200
++++ openssl-1.0.1g/doc/ssl/SSL_accept.pod 2014-04-07 23:21:03.985184135 +0200
+@@ -44,13 +44,13 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The TLS/SSL handshake was not successful but was shut down controlled and
+ by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+ return value B<ret> to find out the reason.
+
+-=item 1
++=item C<1>
+
+ The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+ established.
+Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_session_id_context.pod
+===================================================================
+--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-04-07 23:21:03.985184135 +0200
++++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-04-07 23:21:03.985184135 +0200
+@@ -64,13 +64,13 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
+ the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
+ is logged to the error stack.
+
+-=item 1
++=item C<1>
+
+ The operation succeeded.
+
+Index: openssl-1.0.1g/doc/ssl/SSL_write.pod
+===================================================================
+--- openssl-1.0.1g.orig/doc/ssl/SSL_write.pod 2014-04-07 23:21:03.985184135 +0200
++++ openssl-1.0.1g/doc/ssl/SSL_write.pod 2014-04-07 23:21:03.985184135 +0200
+@@ -79,7 +79,7 @@
+ The write operation was successful, the return value is the number of
+ bytes actually written to the TLS/SSL connection.
+
+-=item 0
++=item C<0>
+
+ The write operation was not successful. Probably the underlying connection
+ was closed. Call SSL_get_error() with the return value B<ret> to find out,
+Index: openssl-1.0.1g/doc/ssl/SSL_CTX_load_verify_locations.pod
+===================================================================
+--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-04-07 23:21:03.985184135 +0200
++++ openssl-1.0.1g/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-04-07 23:21:03.985184135 +0200
+@@ -100,13 +100,13 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The operation failed because B<CAfile> and B<CApath> are NULL or the
+ processing at one of the locations specified failed. Check the error
+ stack to find out the reason.
+
+-=item 1
++=item C<1>
+
+ The operation succeeded.
+
+Index: openssl-1.0.1g/doc/ssl/SSL_set_fd.pod
+===================================================================
+--- openssl-1.0.1g.orig/doc/ssl/SSL_set_fd.pod 2014-04-07 23:21:03.985184135 +0200
++++ openssl-1.0.1g/doc/ssl/SSL_set_fd.pod 2014-04-07 23:21:03.985184135 +0200
+@@ -35,11 +35,11 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The operation failed. Check the error stack to find out why.
+
+-=item 1
++=item C<1>
+
+ The operation succeeded.
+
+Index: openssl-1.0.1g/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
+===================================================================
+--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-04-07 23:21:03.985184135 +0200
++++ openssl-1.0.1g/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-04-07 23:21:03.985184135 +0200
+@@ -96,7 +96,7 @@
+ connection will fail with decryption_error before it will be finished
+ completely.
+
+-=item 0
++=item C<0>
+
+ PSK identity was not found. An "unknown_psk_identity" alert message
+ will be sent and the connection setup fails.
+Index: openssl-1.0.1g/doc/ssl/SSL_read.pod
+===================================================================
+--- openssl-1.0.1g.orig/doc/ssl/SSL_read.pod 2014-04-07 23:21:03.985184135 +0200
++++ openssl-1.0.1g/doc/ssl/SSL_read.pod 2014-04-07 23:21:03.985184135 +0200
+@@ -86,7 +86,7 @@
+ The read operation was successful; the return value is the number of
+ bytes actually read from the TLS/SSL connection.
+
+-=item 0
++=item C<0>
+
+ The read operation was not successful. The reason may either be a clean
+ shutdown due to a "close notify" alert sent by the peer (in which case
+Index: openssl-1.0.1g/doc/ssl/SSL_CTX_add_session.pod
+===================================================================
+--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_add_session.pod 2014-04-07 23:21:03.985184135 +0200
++++ openssl-1.0.1g/doc/ssl/SSL_CTX_add_session.pod 2014-04-07 23:21:03.985184135 +0200
+@@ -52,13 +52,13 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The operation failed. In case of the add operation, it was tried to add
+ the same (identical) session twice. In case of the remove operation, the
+ session was not found in the cache.
+
+-=item 1
++=item C<1>
+
+ The operation succeeded.
+
+Index: openssl-1.0.1g/doc/ssl/SSL_do_handshake.pod
+===================================================================
+--- openssl-1.0.1g.orig/doc/ssl/SSL_do_handshake.pod 2014-04-07 23:21:03.985184135 +0200
++++ openssl-1.0.1g/doc/ssl/SSL_do_handshake.pod 2014-04-07 23:21:03.985184135 +0200
+@@ -45,13 +45,13 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The TLS/SSL handshake was not successful but was shut down controlled and
+ by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+ return value B<ret> to find out the reason.
+
+-=item 1
++=item C<1>
+
+ The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+ established.
+Index: openssl-1.0.1g/doc/ssl/SSL_COMP_add_compression_method.pod
+===================================================================
+--- openssl-1.0.1g.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2014-04-07 23:21:03.985184135 +0200
++++ openssl-1.0.1g/doc/ssl/SSL_COMP_add_compression_method.pod 2014-04-07 23:21:03.985184135 +0200
+@@ -53,11 +53,11 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The operation succeeded.
+
+-=item 1
++=item C<1>
+
+ The operation failed. Check the error queue to find out the reason.
+
+Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_ssl_version.pod
+===================================================================
+--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-04-07 23:21:03.985184135 +0200
++++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-04-07 23:21:03.985184135 +0200
+@@ -42,11 +42,11 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The new choice failed, check the error stack to find out the reason.
+
+-=item 1
++=item C<1>
+
+ The operation succeeded.
+
Deleted: openssl/tags/1.0.1g-4/debian/patches/series
===================================================================
--- openssl/branches/1.0.1/debian/patches/series 2014-05-12 21:05:05 UTC (rev 657)
+++ openssl/tags/1.0.1g-4/debian/patches/series 2014-05-12 21:15:20 UTC (rev 662)
@@ -1,34 +0,0 @@
-ca.patch
-config-hurd.patch
-debian-targets.patch
-engines-path.patch
-man-dir.patch
-man-section.patch
-no-rpath.patch
-no-symbolic.patch
-pic.patch
-valgrind.patch
-rehash-crt.patch
-rehash_pod.patch
-shared-lib-ext.patch
-stddef.patch
-version-script.patch
-gnu_source.patch
-c_rehash-compat.patch
-libdoc-manpgs-pod-spell.patch
-libssl-misspell.patch
-openssl-pod-misspell.patch
-pod_req_misspell2.patch
-pod_pksc12.misspell.patch
-pod_s_server.misspell.patch
-pod_x509setflags.misspell.patch
-pod_ec.misspell.patch
-pkcs12-doc.patch
-dgst_hmac.patch
-block_diginotar.patch
-block_digicert_malaysia.patch
-#padlock_conf.patch
-defaults.patch
-openssl_fix_for_x32.patch
-fix-pod-errors.patch
-req_bits.patch
Copied: openssl/tags/1.0.1g-4/debian/patches/series (from rev 661, openssl/branches/1.0.1/debian/patches/series)
===================================================================
--- openssl/tags/1.0.1g-4/debian/patches/series (rev 0)
+++ openssl/tags/1.0.1g-4/debian/patches/series 2014-05-12 21:15:20 UTC (rev 662)
@@ -0,0 +1,24 @@
+ca.patch
+config-hurd.patch
+debian-targets.patch
+engines-path.patch
+man-dir.patch
+man-section.patch
+no-rpath.patch
+no-symbolic.patch
+pic.patch
+valgrind.patch
+rehash-crt.patch
+rehash_pod.patch
+shared-lib-ext.patch
+stddef.patch
+version-script.patch
+gnu_source.patch
+c_rehash-compat.patch
+dgst_hmac.patch
+block_diginotar.patch
+block_digicert_malaysia.patch
+#padlock_conf.patch
+defaults.patch
+openssl_fix_for_x32.patch
+git_snapshot.patch
Deleted: openssl/tags/1.0.1g-4/debian/rules
===================================================================
--- openssl/branches/1.0.1/debian/rules 2014-05-12 21:05:05 UTC (rev 657)
+++ openssl/tags/1.0.1g-4/debian/rules 2014-05-12 21:15:20 UTC (rev 662)
@@ -1,168 +0,0 @@
-#!/usr/bin/make -f
-# Sample debian.rules file - for GNU Hello (1.3).
-# Copyright 1994,1995 by Ian Jackson.
-# I hereby give you perpetual unlimited permission to copy,
-# modify and relicense this file, provided that you do not remove
-# my name from the file itself. (I assert my moral right of
-# paternity under the Copyright, Designs and Patents Act 1988.)
-# This file may have to be extensively modified
-#
-# Modified to be a prototype for debmake by Christoph Lameter <clameter at debian.org>
-SHELL=/bin/bash
-
-package=openssl
-
-# For generating the manpages
-export VERSION=$(shell dpkg-parsechangelog | grep '^Version:' | sed -e 's/^.*://' -e 's/-.*//')
-
-# The binary architeture
-DEB_HOST_ARCH = $(shell dpkg-architecture -qDEB_HOST_ARCH)
-DEB_HOST_MULTIARCH=$(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
-DEB_HOST_ARCH_CPU=$(shell dpkg-architecture -qDEB_HOST_ARCH_CPU)
-
-CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 no-zlib enable-tlsext no-ssl2
-OPT_alpha = ev4 ev5
-OPT_i386 = i586 i686/cmov
-ARCHOPTS = OPT_$(DEB_HOST_ARCH)
-OPTS = $($(ARCHOPTS))
-WANTED_LIBC_VERSION = 2.3.1-10
-
-ifeq ($(DEB_HOST_ARCH_CPU), amd64)
- CONFARGS += enable-ec_nistp_64_gcc_128
-endif
-
-MAKE_TEST = make test
-ifneq (,$(findstring nocheck,$(DEB_BUILD_OPTIONS)))
- MAKE_TEST = :
-endif
-
-build: build-arch build-indep
-build-arch: build-stamp
-build-indep: build-stamp
-build-stamp:
- dh_testdir
-# perl util/ssldir.pl /usr/lib/ssl
-# chmod +x debian/libtool
- ./Configure no-shared $(CONFARGS) debian-$(DEB_HOST_ARCH)
- make -f Makefile all
- $(MAKE_TEST)
- mv libcrypto.a libcrypto.static
- mv libssl.a libssl.static
- make -f Makefile clean
- test -z "$(OPTS)" || for opt in $(OPTS); \
- do \
- set -xe; \
- ./Configure shared $(CONFARGS) debian-$(DEB_HOST_ARCH)-$$opt; \
- make -f Makefile all; \
- $(MAKE_TEST); \
- mkdir -p $$opt; \
- mv libcrypto.so* libssl.so* $$opt/; \
- make -f Makefile clean; \
- done
- ./Configure shared $(CONFARGS) debian-$(DEB_HOST_ARCH)
- #make -f Makefile depend
- ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
-# make -f Makefile linux-shared
- make -f Makefile all
- $(MAKE_TEST)
-# strip apps/openssl
-# make -f Makefile clean
-# ./Configure --prefix=/usr --openssldir=/usr/lib/ssl no-idea no-mdc2 no-rc5 debian-$(DEB_HOST_ARCH)
-# make -f Makefile all
- touch build-stamp
-
-clean:
- dh_testdir
- dh_testroot
- -rm -f build-stamp
- -./Configure $(CONFARGS) debian-$(DEB_HOST_ARCH)
- [ ! -f Makefile ] || make -f Makefile clean clean-shared
- #-make -f Makefile dclean
-# perl util/ssldir.pl /usr/local/ssl
- -rm -f test/.rnd test/testkey.pem test/testreq.pem test/certCA.srl
- -rm -f util/mk1mf.bak Makefile.bak `find . -name Makefile.save`
- -rm -f crypto/pem/ctx_size
- -rm -f `find . -name "*~"`
- -rm -f `find . -name "*.orig" -o -name "*.rej"`
- -rm -f certs/*.0 certs/*.1
-# -rm -rf debian/tmp debian/files* core `find debian/* -type d`
- -rm -rf core $(OPTS)
- -rm doc/*.pod
- -rm -f libcrypto.* libssl.*
- -cd test && rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bntest ectest ecdsatest ecdhtest ideatest md2test md4test md5test hmactest rc2test rc4test rc5test destest shatest sha1test sha256t sha512t mdc2test rmdtest randtest dhtest enginetest bftest casttest ssltest exptest dsatest rsa_test evp_test *.ss *.srl log dummytest newkey.pem igetest
- -rm Makefile apps/CA.pl tools/c_rehash crypto/opensslconf.h crypto/x86_64cpuid.S
- rm -f test/asn1test test/wp_test test/srptest test/jpaketest
- rm -f certs/demo/*.0
- rm -rf crypto/aes/aes-armv4.S crypto/bn/armv4-gf2m.S crypto/modes/ghash-armv4.S crypto/sha/*.S
- dh_clean
-
-install: build
- dh_testdir
- dh_testroot
- dh_clean
- dh_installdirs
- make -f Makefile install INSTALL_PREFIX=`pwd`/debian/tmp
-
-binary-indep: build install
- dh_testdir
- dh_testroot
- dh_installdirs -i
- dh_installman -plibssl-doc
- dh_installdocs -i
- dh_movefiles -i
- dh_installchangelogs -i CHANGES
- dh_compress -i
- dh_fixperms -i
- dh_gencontrol -i
- dh_installdeb -i
- dh_md5sums -i
- dh_builddeb -i
-
-binary-arch: build install
- dh_testdir
- dh_testroot
- dh_installdirs -a
- # pic static libraries, nobody should need them
-# mv debian/tmp/usr/lib/libcrypto.a debian/tmp/usr/lib/libcrypto_pic.a
-# mv debian/tmp/usr/lib/libssl.a debian/tmp/usr/lib/libssl_pic.a
- cp -pf libcrypto.static debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.a
- cp -pf libssl.static debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libssl.a
- mkdir -p debian/tmp/etc/ssl
- mv debian/tmp/usr/lib/ssl/{certs,openssl.cnf,private} debian/tmp/etc/ssl/
- ln -s /etc/ssl/{certs,openssl.cnf,private} debian/tmp/usr/lib/ssl/
- cp -pf debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.so.* debian/libcrypto1.0.0-udeb/usr/lib/
- cp -auv lib*.so* debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/
- for opt in $(OPTS); do set -xe; mkdir -p debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/$$opt; cp -auv $$opt/lib*.so* debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/$$opt/; done
- mkdir -p debian/tmp/usr/include/$(DEB_HOST_MULTIARCH)/openssl
- mv debian/tmp/usr/include/openssl/opensslconf.h debian/tmp/usr/include/$(DEB_HOST_MULTIARCH)/openssl/
- install debian/copyright debian/libssl1.0.0/usr/share/doc/libssl1.0.0/
- install debian/changelog debian/libssl1.0.0/usr/share/doc/libssl1.0.0/changelog.Debian
- install debian/copyright debian/libssl-dev/usr/share/doc/libssl-dev/
- install debian/changelog debian/libssl-dev/usr/share/doc/libssl-dev/changelog.Debian
-
- dh_installdocs -a CHANGES.SSLeay README NEWS debian/README.optimization
- dh_installexamples -a
- dh_installchangelogs -a CHANGES
- dh_installman -popenssl
- dh_installdebconf -a
- dh_movefiles -a
- dh_compress -a
- chmod 700 debian/openssl/etc/ssl/private
- dh_fixperms -a -X etc/ssl/private
- dh_strip -plibssl1.0.0 --dbg-package=libssl1.0.0-dbg
- dh_strip -a -Nlibssl1.0.0
- dh_perl -a -d
- dpkg-gensymbols -Pdebian/libssl1.0.0/ -plibssl1.0.0 -c4
- dh_makeshlibs -a -V "libssl1.0.0 (>= 1.0.1d)" --add-udeb="libcrypto1.0.0-udeb" -Xengines
- dh_shlibdeps -a -L libssl1.0.0 -l debian/libssl1.0.0/usr/lib/$(DEB_HOST_MULTIARCH)
- dh_gencontrol -a
- dh_installdeb -a
- dh_md5sums -a
- dh_builddeb -a
- echo -en "\a"
-
-# Below here is fairly generic really
-
-binary: binary-indep binary-arch
-
-.PHONY: binary binary-arch binary-indep clean install
Copied: openssl/tags/1.0.1g-4/debian/rules (from rev 658, openssl/branches/1.0.1/debian/rules)
===================================================================
--- openssl/tags/1.0.1g-4/debian/rules (rev 0)
+++ openssl/tags/1.0.1g-4/debian/rules 2014-05-12 21:15:20 UTC (rev 662)
@@ -0,0 +1,174 @@
+#!/usr/bin/make -f
+# Sample debian.rules file - for GNU Hello (1.3).
+# Copyright 1994,1995 by Ian Jackson.
+# I hereby give you perpetual unlimited permission to copy,
+# modify and relicense this file, provided that you do not remove
+# my name from the file itself. (I assert my moral right of
+# paternity under the Copyright, Designs and Patents Act 1988.)
+# This file may have to be extensively modified
+#
+# Modified to be a prototype for debmake by Christoph Lameter <clameter at debian.org>
+SHELL=/bin/bash
+
+package=openssl
+
+# For generating the manpages
+export VERSION=$(shell dpkg-parsechangelog | grep '^Version:' | sed -e 's/^.*://' -e 's/-.*//')
+
+# The binary architeture
+DEB_HOST_ARCH = $(shell dpkg-architecture -qDEB_HOST_ARCH)
+DEB_HOST_MULTIARCH=$(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
+DEB_HOST_ARCH_CPU=$(shell dpkg-architecture -qDEB_HOST_ARCH_CPU)
+
+DEB_HOST_GNU_TYPE=$(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+DEB_BUILD_GNU_TYPE=$(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+ifneq ($(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE))
+ export CROSS_COMPILE ?= $(DEB_HOST_GNU_TYPE)-
+endif
+
+CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 no-zlib enable-tlsext no-ssl2
+OPT_alpha = ev4 ev5
+OPT_i386 = i586 i686/cmov
+ARCHOPTS = OPT_$(DEB_HOST_ARCH)
+OPTS = $($(ARCHOPTS))
+WANTED_LIBC_VERSION = 2.3.1-10
+
+ifeq ($(DEB_HOST_ARCH_CPU), amd64)
+ CONFARGS += enable-ec_nistp_64_gcc_128
+endif
+
+MAKE_TEST = make test
+ifneq (,$(findstring nocheck,$(DEB_BUILD_OPTIONS)))
+ MAKE_TEST = :
+endif
+
+build: build-arch build-indep
+build-arch: build-stamp
+build-indep: build-stamp
+build-stamp:
+ dh_testdir
+# perl util/ssldir.pl /usr/lib/ssl
+# chmod +x debian/libtool
+ ./Configure no-shared $(CONFARGS) debian-$(DEB_HOST_ARCH)
+ make -f Makefile all
+ $(MAKE_TEST)
+ mv libcrypto.a libcrypto.static
+ mv libssl.a libssl.static
+ make -f Makefile clean
+ test -z "$(OPTS)" || for opt in $(OPTS); \
+ do \
+ set -xe; \
+ ./Configure shared $(CONFARGS) debian-$(DEB_HOST_ARCH)-$$opt; \
+ make -f Makefile all; \
+ $(MAKE_TEST); \
+ mkdir -p $$opt; \
+ mv libcrypto.so* libssl.so* $$opt/; \
+ make -f Makefile clean; \
+ done
+ ./Configure shared $(CONFARGS) debian-$(DEB_HOST_ARCH)
+ #make -f Makefile depend
+ ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
+# make -f Makefile linux-shared
+ make -f Makefile all
+ $(MAKE_TEST)
+# strip apps/openssl
+# make -f Makefile clean
+# ./Configure --prefix=/usr --openssldir=/usr/lib/ssl no-idea no-mdc2 no-rc5 debian-$(DEB_HOST_ARCH)
+# make -f Makefile all
+ touch build-stamp
+
+clean:
+ dh_testdir
+ dh_testroot
+ -rm -f build-stamp
+ -./Configure $(CONFARGS) debian-$(DEB_HOST_ARCH)
+ [ ! -f Makefile ] || make -f Makefile clean clean-shared
+ #-make -f Makefile dclean
+# perl util/ssldir.pl /usr/local/ssl
+ -rm -f test/.rnd test/testkey.pem test/testreq.pem test/certCA.srl
+ -rm -f util/mk1mf.bak Makefile.bak `find . -name Makefile.save`
+ -rm -f crypto/pem/ctx_size
+ -rm -f `find . -name "*~"`
+ -rm -f `find . -name "*.orig" -o -name "*.rej"`
+ -rm -f certs/*.0 certs/*.1
+# -rm -rf debian/tmp debian/files* core `find debian/* -type d`
+ -rm -rf core $(OPTS)
+ -rm doc/*.pod
+ -rm -f libcrypto.* libssl.*
+ -cd test && rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bntest ectest ecdsatest ecdhtest ideatest md2test md4test md5test hmactest rc2test rc4test rc5test destest shatest sha1test sha256t sha512t mdc2test rmdtest randtest dhtest enginetest bftest casttest ssltest exptest dsatest rsa_test evp_test *.ss *.srl log dummytest newkey.pem igetest
+ -rm Makefile apps/CA.pl tools/c_rehash crypto/opensslconf.h crypto/x86_64cpuid.S
+ rm -f test/asn1test test/wp_test test/srptest test/jpaketest
+ rm -f certs/demo/*.0
+ rm -rf crypto/aes/aes-armv4.S crypto/bn/armv4-gf2m.S crypto/modes/ghash-armv4.S crypto/sha/*.S
+ dh_clean
+
+install: build
+ dh_testdir
+ dh_testroot
+ dh_clean
+ dh_installdirs
+ make -f Makefile install INSTALL_PREFIX=`pwd`/debian/tmp
+
+binary-indep: build install
+ dh_testdir
+ dh_testroot
+ dh_installdirs -i
+ dh_installman -plibssl-doc
+ dh_installdocs -i
+ dh_movefiles -i
+ dh_installchangelogs -i CHANGES
+ dh_compress -i
+ dh_fixperms -i
+ dh_gencontrol -i
+ dh_installdeb -i
+ dh_md5sums -i
+ dh_builddeb -i
+
+binary-arch: build install
+ dh_testdir
+ dh_testroot
+ dh_installdirs -a
+ # pic static libraries, nobody should need them
+# mv debian/tmp/usr/lib/libcrypto.a debian/tmp/usr/lib/libcrypto_pic.a
+# mv debian/tmp/usr/lib/libssl.a debian/tmp/usr/lib/libssl_pic.a
+ cp -pf libcrypto.static debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.a
+ cp -pf libssl.static debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libssl.a
+ mkdir -p debian/tmp/etc/ssl
+ mv debian/tmp/usr/lib/ssl/{certs,openssl.cnf,private} debian/tmp/etc/ssl/
+ ln -s /etc/ssl/{certs,openssl.cnf,private} debian/tmp/usr/lib/ssl/
+ cp -pf debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.so.* debian/libcrypto1.0.0-udeb/usr/lib/
+ cp -auv lib*.so* debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/
+ for opt in $(OPTS); do set -xe; mkdir -p debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/$$opt; cp -auv $$opt/lib*.so* debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/$$opt/; done
+ mkdir -p debian/tmp/usr/include/$(DEB_HOST_MULTIARCH)/openssl
+ mv debian/tmp/usr/include/openssl/opensslconf.h debian/tmp/usr/include/$(DEB_HOST_MULTIARCH)/openssl/
+ install debian/copyright debian/libssl1.0.0/usr/share/doc/libssl1.0.0/
+ install debian/changelog debian/libssl1.0.0/usr/share/doc/libssl1.0.0/changelog.Debian
+ install debian/copyright debian/libssl-dev/usr/share/doc/libssl-dev/
+ install debian/changelog debian/libssl-dev/usr/share/doc/libssl-dev/changelog.Debian
+
+ dh_installdocs -a CHANGES.SSLeay README NEWS debian/README.optimization
+ dh_installexamples -a
+ dh_installchangelogs -a CHANGES
+ dh_installman -popenssl
+ dh_installdebconf -a
+ dh_movefiles -a
+ dh_compress -a
+ chmod 700 debian/openssl/etc/ssl/private
+ dh_fixperms -a -X etc/ssl/private
+ dh_strip -plibssl1.0.0 --dbg-package=libssl1.0.0-dbg
+ dh_strip -a -Nlibssl1.0.0
+ dh_perl -a -d
+ dpkg-gensymbols -Pdebian/libssl1.0.0/ -plibssl1.0.0 -c4
+ dh_makeshlibs -a -V "libssl1.0.0 (>= 1.0.1d)" --add-udeb="libcrypto1.0.0-udeb" -Xengines
+ dh_shlibdeps -a -L libssl1.0.0 -l debian/libssl1.0.0/usr/lib/$(DEB_HOST_MULTIARCH)
+ dh_gencontrol -a
+ dh_installdeb -a
+ dh_md5sums -a
+ dh_builddeb -a
+ echo -en "\a"
+
+# Below here is fairly generic really
+
+binary: binary-indep binary-arch
+
+.PHONY: binary binary-arch binary-indep clean install
Copied: openssl/tags/1.0.1g-4/debian/source/include-binaries (from rev 658, openssl/branches/1.0.1/debian/source/include-binaries)
===================================================================
--- openssl/tags/1.0.1g-4/debian/source/include-binaries (rev 0)
+++ openssl/tags/1.0.1g-4/debian/source/include-binaries 2014-05-12 21:15:20 UTC (rev 662)
@@ -0,0 +1 @@
+debian/upstream-signing-key.pgp
More information about the Pkg-openssl-changes
mailing list