[Pkg-openssl-changes] r849 - in openssl/branches: . openssl1.0/debian openssl1.0/debian/patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Thu Oct 27 21:27:45 UTC 2016
Author: kroeckx
Date: 2016-10-27 21:27:44 +0000 (Thu, 27 Oct 2016)
New Revision: 849
Added:
openssl/branches/openssl1.0/
openssl/branches/openssl1.0/debian/changelog
openssl/branches/openssl1.0/debian/libssl1.0-dev.dirs
openssl/branches/openssl1.0/debian/libssl1.0-dev.files
openssl/branches/openssl1.0/debian/patches/engines-path.patch
openssl/branches/openssl1.0/debian/patches/series
Removed:
openssl/branches/openssl1.0/debian/README.debian
openssl/branches/openssl1.0/debian/README.optimization
openssl/branches/openssl1.0/debian/changelog
openssl/branches/openssl1.0/debian/libcrypto1.0.2-udeb.dirs
openssl/branches/openssl1.0/debian/libssl-dev.dirs
openssl/branches/openssl1.0/debian/libssl-dev.files
openssl/branches/openssl1.0/debian/libssl-doc.docs
openssl/branches/openssl1.0/debian/libssl-doc.files
openssl/branches/openssl1.0/debian/libssl1.0.2-udeb.dirs
openssl/branches/openssl1.0/debian/openssl.dirs
openssl/branches/openssl1.0/debian/openssl.docs
openssl/branches/openssl1.0/debian/openssl.files
openssl/branches/openssl1.0/debian/openssl.postinst
openssl/branches/openssl1.0/debian/patches/ca.patch
openssl/branches/openssl1.0/debian/patches/engines-path.patch
openssl/branches/openssl1.0/debian/patches/series
Modified:
openssl/branches/openssl1.0/debian/control
openssl/branches/openssl1.0/debian/rules
Log:
Make an openssl1.0 package
Deleted: openssl/branches/openssl1.0/debian/README.debian
===================================================================
--- openssl/trunk/debian/README.debian 2016-09-22 16:54:33 UTC (rev 832)
+++ openssl/branches/openssl1.0/debian/README.debian 2016-10-27 21:27:44 UTC (rev 849)
@@ -1,62 +0,0 @@
-openssl for DEBIAN
-----------------------
-
-openssl replaces ssleay.
-
-The application links to openssl like req, ca, verify and s_client
-have been removed.
-
-Instead of `<application>` please call now `openssl <application>`
-
-eg:
-instead of `req` please call `openssl req`
-
-
-PATENT ISSUES
--------------
-
-Some algorithms used in the library are covered by patents. As
-a result, the following algorithms in libcrypto have been disabled:
-- RC5
-- MDC2
-- IDEA
-
-Also see the patents section in the README file.
-
-
-Self-signed certs and webservers:
----------------------------------
-
-If you get with a selfsigned certificate and a webserver:
- > "The certificate is not approved for the attempted operation."
-
-Bodo_Moeller at public.uni-hamburg.de (Bodo Moeller) writes:
->Probably you are using a CA certificate for your server; if you use
->"openssl req" to generate a new key and self-signed certificate with
->the default openssl.cnf, the certificate you get includes certain
->X.509v3 extensions that make it unfit for use as a server certificate.
->This was not so with earlier versions of the software because back
->then there was far less X.509v3 support.
->
->To look at the certificate some HTTPS server presents to its cliens,
->use "openssl s_client -port 443 -host your.server", store the output
->(at least the part from "-----BEGIN CERTIFICATE-----" up to "-----END
->CERTIFICATE-----", including these separators) in a file and use
->"openssl x509 -in the_file_you_just_stored -text" to look at it in
->readable form. If it has in the "X509v3 extensions section" any of
->the following entries, it is not usable as a server certificate:
->
-> X509v3 Basic Constraints:
-> CA:TRUE
->
-> X509v3 Key Usage:
-> Certificate Sign, CRL Sign
->
->To quickly create a new server key and certificate that works with
->Netscape, you can just copy the original openssl.cnf file and comment
->out the "x509_extensions" entry in the "[ req ]" section.
->The, use "openssl req ..." as before to create a new certificate and
->key.
-
-
-Christoph Martin <martin at uni-mainz.de>, Wed, 31 Mar 1999 16:00:51 +0200
Deleted: openssl/branches/openssl1.0/debian/README.optimization
===================================================================
--- openssl/trunk/debian/README.optimization 2016-09-22 16:54:33 UTC (rev 832)
+++ openssl/branches/openssl1.0/debian/README.optimization 2016-10-27 21:27:44 UTC (rev 849)
@@ -1,32 +0,0 @@
-openssl ships optimized libraries for some cpus. The loading of these
-libraries depends on the ability of the dynamic linker to automaticly
-search additional directories depending on the cpu. If you want to
-find out which are these directories for your computer, run the
-following command:
-
-LD_LIBRARY_PATH=/usr/lib strace true 2>&1 | fgrep "open(\"/usr/lib"
-
-On a Pentium III this gives:
-
-open("/usr/lib/i686/mmx/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
-open("/usr/lib/i686/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
-open("/usr/lib/mmx/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
-open("/usr/lib/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
-
-Following is a list of cpus, library paths and possible optimizations:
-
-486 /usr/lib/i486 -march=i486 -mcpu=i486 +asm
-Pentium /usr/lib/i586 -march=i586 -mcpu=i586 +asm
-Pentium MMX /usr/lib/i586 -march=i586 -mcpu=i586 +asm
-Pentium II /usr/lib/i686 -march=i686 -mcpu=i686 +asm
-Pentium III /usr/lib/i686 -march=i686 -mcpu=i686 +asm
-AMD-K6 /usr/lib/i586 -march=i586 -mcpu=i586 +asm
-AMD-K7 /usr/lib/i686 -march=i686 -mcpu=i686 +asm
-
-Sparc v8 /usr/lib/v8 -mcpu=v8 +asm
-Sparc v9 /usr/lib/v9 -mcpu=v9 -Wa,-Av8plus +asm
-
-Alpha EV4 /usr/lib/ev4 -mcpu=ev4
-Alpha EV5 /usr/lib/ev5 -mcpu=ev5
-
-+asm means that the handcrafted 586 assembler routines can be used.
Deleted: openssl/branches/openssl1.0/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog 2016-09-22 16:54:33 UTC (rev 832)
+++ openssl/branches/openssl1.0/debian/changelog 2016-10-27 21:27:44 UTC (rev 849)
@@ -1,1948 +0,0 @@
-openssl (1.0.2h-2) unstable; urgency=medium
-
- * Re-add libdoc-manpgs-pod-spell.patch to series files (Closes: #813191)
- * Don't build i686 optimized version anymore on i386, it's now the default.
- (Closes: #823774)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 08 May 2016 13:16:29 +0200
-
-openssl (1.0.2h-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2016-2107
- - Fixes CVE-2016-2105
- - Fixes CVE-2016-2106
- - Fixes CVE-2016-2109
- - Fixes CVE-2016-2176
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 03 May 2016 18:31:22 +0200
-
-openssl (1.0.2g-2) unstable; urgency=medium
-
- * Use assembler of arm64 (Closes: #794326)
- Patch from Riku Voipio <riku.voipio at iki.fi>
- * Add a udeb for libssl, based on similar changes done in Ubuntu
- starting in version 0.9.8o-4ubuntu1 (Closes: #802591)
- Patch from Margarita Manterola <marga at google.com>
- * Add support for nios2 (Closes: #816239)
- Based on patch from Marek Vasut <marex at denx.de>
- * Update Spanish translation from Manuel "Venturi" Porras Peralta
- <venturi at openmailbox.org> (Closes: #773601)
- * Don't build an i586 optimized version anymore, the default
- already targets that. Patch from Sven Joachim <svenjoac at gmx.de>
- (Closes: #759811)
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 21 Apr 2016 23:43:06 +0200
-
-openssl (1.0.2g-1) unstable; urgency=high
-
- * New upstream version
- * Fix CVE-2016-0797
- * Fix CVE-2016-0798
- * Fix CVE-2016-0799
- * Fix CVE-2016-0702
- * Fix CVE-2016-0705
- * Disable EXPORT and LOW ciphers: The DROWN attack (CVE-2016-0800)
- makes use of those, and SLOTH attack (CVE-2015-7575) can make use of them
- too.
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 01 Mar 2016 18:31:09 +0100
-
-openssl (1.0.2f-2) unstable; urgency=high
-
- * New upstream version.
- - Fixes CVE-2016-0701
- - Not affected by CVE-2015-3197 because SSLv2 is disabled.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 28 Jan 2016 19:32:02 +0100
-
-openssl (1.0.2e-1) unstable; urgency=high
-
- * New upstream release
- - Fix CVE-2015-3193
- - Fix CVE-2015-3194
- - Fix CVE-2015-3195
- - Fix CVE-2015-3196
- * Remove all symlinks during clean
- * Run make depend after configure
- * Remove openssl_button.* from the doc package
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 03 Dec 2015 19:33:05 +0100
-
-openssl (1.0.2d-3) unstable; urgency=medium
-
- * Upload to unstable
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 01 Nov 2015 19:14:34 +0100
-
-openssl (1.0.2d-2) experimental; urgency=medium
-
- * Build with no-ssl3-method to remove all SSLv3 support. This results in
- the functions SSLv3_method(), SSLv3_server_method() and
- SSLv3_client_method() being removed from libssl. Change the soname as
- result of that and also changes name of the binary package.
- (Closes: #768476)
- * Enable rfc3779 and cms support (Closes: #630790)
- * Fix cross compilation for mips architectures. (Closes: #782492)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 06 Sep 2015 14:21:27 +0200
-
-openssl (1.0.2d-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2015-1793
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 09 Jul 2015 18:22:26 +0200
-
-openssl (1.0.2c-1) unstable; urgency=medium
-
- * New upstream version
- - Fixes ABI (Closes: #788511)
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 12 Jun 2015 20:35:12 +0200
-
-openssl (1.0.2b-1) unstable; urgency=high
-
- * New upstream version
- - Fix CVE-2015-4000
- - Fix CVE-2015-1788
- - Fix CVE-2015-1789
- - Fix CVE-2015-1790
- - Fix CVE-2015-1792
- - Fix CVE-2015-1791
- * Update c_rehash-compat.patch to make it apply to the new version.
- * Remove openssl-pod-misspell.patch applied upstream
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 11 Jun 2015 18:20:38 +0200
-
-openssl (1.0.2a-1) unstable; urgency=medium
-
- * New upstrema version
- - Fix CVE-2015-0286
- - Fix CVE-2015-0287
- - Fix CVE-2015-0289
- - Fix CVE-2015-0293 (not affected, SSLv2 disabled)
- - Fix CVE-2015-0209
- - Fix CVE-2015-0288
- - Fix CVE-2015-0291
- - Fix CVE-2015-0290
- - Fix CVE-2015-0207
- - Fix CVE-2015-0208
- - Fix CVE-2015-1787
- - Fix CVE-2015-0285
- * Temporary enable SSLv3 methods again, but they will go away.
- * Don't set TERMIO anymore, use the default TERMIOS instead.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 30 Apr 2015 23:37:27 +0200
-
-openssl (1.0.2-1) experimental; urgency=medium
-
- * New upstream release
- - Fixes CVE-2014-3571
- - Fixes CVE-2015-0206
- - Fixes CVE-2014-3569
- - Fixes CVE-2014-3572
- - Fixes CVE-2015-0204
- - Fixes CVE-2015-0205
- - Fixes CVE-2014-8275
- - Fixes CVE-2014-3570
- - Drop git_snapshot.patch
- * Drop gnu_source.patch, dgst_hmac.patch, stddef.patch,
- no_ssl3_method.patch: applied upstream
- * Update patches to apply
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 23 Jan 2015 18:54:13 +0100
-
-openssl (1.0.2~beta3-1) experimental; urgency=low
-
- * New usptream beta version
- * Add git snapshot
- * Merge changes between 1.0.1h-3 and 1.0.1j-1:
- - Disables SSLv3 because of CVE-2014-3566
- * Drop patch rehash-crt.patch: partially applied upstream.
- c_rehash now doesn't support files in DER format anymore.
- * Drop patch rehash_pod.patch: applied upstream
- * Update c_rehash-compat.patch to apply to new upstream version. This
- undoes upstream's "-old" option and creates both the new and old again.
- It now also does it for CRLs.
- * Drop defaults.patch, applied upstream
- * dgst_hmac.patch updated to apply to upstream version.
- * engines-path.patch updated to apply to upstream version.
- * Update list of exported symbols
- * Update symbols files to require beta3
- * Enable unit tests
- * Add patch to add support for the no-ssl3-method option that completly
- disable SSLv3 and pass the option. This drops the following functions
- from the library: SSLv3_method, SSLv3_server_method and
- SSLv3_client_method
- * Build using OPENSSL_NO_BUF_FREELISTS
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 07 Nov 2014 00:20:10 +0100
-
-openssl (1.0.2~beta2-1) experimental; urgency=medium
-
- * New usptream beta version
- - Fix CVE-2014-0224
- - Fix CVE-2014-0221
- - Fix CVE-2014-0195
- - Fix CVE-2014-3470
- - Fix CVE-2014-0198
- - Fix CVE-2010-5298
- - Fix CVE-2014-0160
- - Fix CVE-2014-0076
- * Merge changes between 1.0.1f-1 and 1.0.1h-3:
- - postinst: Updated check for restarting services
- * libdoc-manpgs-pod-spell.patch and openssl-pod-misspell.patch
- partially applied upstream
- * Drop fix-pod-errors.patch, applied upstream.
- * Add support for ppc64le (Closes: #745657)
- * Add support for OpenRISC (Closes: #736772)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 23 Jul 2014 19:54:09 +0200
-
-openssl (1.0.2~beta1-1) experimental; urgency=medium
-
- * New upstream beta version
- - Update list of symbols that should be exported and adjust the symbols
- file. This also removes a bunch of duplicate symbols in the linker
- file.
- - Fix additional pod errors
- - Following patches have been applied upstream and are removed:
- libssl-misspell.patch, pod_req_misspell2.patch,
- pod_pksc12.misspell.patch, pod_s_server.misspell.patch,
- pod_x509setflags.misspell.patch, pod_ec.misspell.patch,
- pkcs12-doc.patch, req_bits.patch
- - Following patches have been partially applied upstream:
- libdoc-manpgs-pod-spell.patch, openssl-pod-misspell.patch
- - Remove openssl_fix_for_x32.patch, different patch applied upstream.
- * Add support for cross compiling (Closes: #465248)
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 25 Feb 2014 00:36:51 +0100
-
-openssl (1.0.1f-1) unstable; urgency=high
-
- * New upstream version
- - Fix for TLS record tampering bug CVE-2013-4353
- - Drop the snapshot patch
- * update watch file to check for upstream signature and add upstream pgp key.
- * Drop conflicts against openssh since we now on a released version again.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 06 Jan 2014 18:50:54 +0100
-
-openssl (1.0.1e-6) unstable; urgency=medium
-
- * Add Breaks: openssh-client (<< 1:6.4p1-1.1), openssh-server (<<
- 1:6.4p1-1.1). This is to prevent people running into #732940.
- This Breaks can be removed again when we stop using a git snapshot.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 23 Dec 2013 15:19:17 +0100
-
-openssl (1.0.1e-5) unstable; urgency=low
-
- * Change default digest to SHA256 instead of SHA1. (Closes: #694738)
- * Drop support for multiple certificates in 1 file. It never worked
- properly in the first place, and the only one shipping in
- ca-certificates has been split.
- * Fix libdoc-manpgs-pod-spell.patch to only fix spalling errors
- * Remove make-targets.patch. It prevented the test dir from being cleaned.
- * Update to a git snapshot of the OpenSSL_1_0_1-stable branch.
- - Fixes CVE-2013-6449 (Closes: #732754)
- - Fixes CVE-2013-6450
- - Drop patches ssltest_no_sslv2.patch cpuid.patch aesni-mac.patch
- dtls_version.patch get_certificate.patch, since they where all
- already commited upstream.
- - adjust fix-pod-errors.patch for the reordering of items in the
- documentation they've done trying to fix those pod errors.
- - disable rdrand engine by default (Closes: #732710)
- * disable zlib support. Fixes CVE-2012-4929 (Closes: #728055)
- * Add arm64 support (Closes: #732348)
- * Properly use the default number of bits in req when none are given
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 22 Dec 2013 19:25:35 +0100
-
-openssl (1.0.1e-4) unstable; urgency=low
-
- [ Peter Michael Green ]
- * Fix pod errors (Closes: #723954)
- * Fix clean target
-
- [ Kurt Roeckx ]
- * Add mipsn32 and mips64 targets. Patch from Eleanor Chen
- <chenyueg at gmail.com> (Closes: #720654)
- * Add support for nocheck in DEB_BUILD_OPTIONS
- * Update Norwegian translation (Closes: #653574)
- * Update description of the packages. Patch by Justin B Rye
- (Closes: #719262)
- * change to debhelper compat level 9:
- - change dh_strip call so only the files from libssl1.0.0 get debug
- symbols.
- - change dh_makeshlibs call so the engines don't get added to the
- shlibs
- * Update Standards-Version from 3.8.0 to 3.9.5. No changes required.
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 01 Nov 2013 17:11:53 +0100
-
-openssl (1.0.1e-3) unstable; urgency=low
-
- * Move <openssl/opensslconf.h> to /usr/include/$(DEB_HOST_MULTIARCH), and
- mark libssl-dev Multi-Arch: same.
- Patch by Colin Watson <cjwatson at ubuntu.com> (Closes: #689093)
- * Add Polish translation (Closes: #658162)
- * Add Turkish translation (Closes: #660971)
- * Enable assembler for the arm targets, and remove armeb.
- Patch by Riku Voipio <riku.voipio at iki.fi> (Closes: #676533)
- * Add support for x32 (Closes: #698406)
- * enable ec_nistp_64_gcc_128 on *-amd64 (Closes: #698447)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 20 May 2013 16:56:06 +0200
-
-openssl (1.0.1e-2) unstable; urgency=high
-
- * Bump shlibs. It's needed for the udeb.
- * Make cpuid work on cpu's that don't set ecx (Closes: #699692)
- * Fix problem with AES-NI causing bad record mac (Closes: #701868, #702635, #678353)
- * Fix problem with DTLS version check (Closes: #701826)
- * Fix segfault in SSL_get_certificate (Closes: #703031)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 18 Mar 2013 20:37:11 +0100
-
-openssl (1.0.1e-1) unstable; urgency=high
-
- * New upstream version (Closes: #699889)
- - Fixes CVE-2013-0169, CVE-2012-2686, CVE-2013-0166
- - Drop renegiotate_tls.patch, applied upstream
- - Export new CRYPTO_memcmp symbol, update symbol file
- * Add ssltest_no_sslv2.patch so that "make test" works.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 11 Feb 2013 19:39:44 +0100
-
-openssl (1.0.1c-5) unstable; urgency=low
-
- * Re-enable assembler versions on sparc. They shouldn't have
- been disabled for sparc v9. (Closes: #649841)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 09 Sep 2012 08:43:40 +0200
-
-openssl (1.0.1c-4) unstable; urgency=low
-
- * Fix the configure rules for alpha (Closes: #672710)
- * Switch the postinst to sh again, there never was a reason to
- switch it to bash (Closes: #676398)
- * Fix pic.patch to not use #ifdef in x86cpuid.s, only .S files are
- preprocessed. We generate the file again for pic anyway.
- (Closes: #677468)
- * Drop Breaks against openssh as it was only for upgrades
- between versions that were only in testing/unstable.
- (Closes: #668600)
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 17 Jul 2012 11:49:19 +0200
-
-openssl (1.0.1c-3) unstable; urgency=low
-
- * Disable padlock engine again, causes problems for hosts not supporting it.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 06 Jun 2012 18:29:37 +0200
-
-openssl (1.0.1c-2) unstable; urgency=high
-
- * Fix renegiotation when using TLS > 1.0. This breaks tor. Patch from
- upstream. (Closes: #675990)
- * Enable the padlock engine by default.
- * Change default bits from 1024 to 2048 (Closes: #487152)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 06 Jun 2012 00:55:42 +0200
-
-openssl (1.0.1c-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2012-2333 (Closes: #672452)
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 11 May 2012 18:44:51 +0200
-
-openssl (1.0.1b-1) unstable; urgency=high
-
- * New upstream version
- - Remaps SSL_OP_NO_TLSv1_1, so applications linked to 1.0.0
- can talk to servers supporting TLS 1.1 but not TLS 1.2
- - Drop rc4_hmac_md5.patch, applied upstream
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 26 Apr 2012 23:34:34 +0200
-
-openssl (1.0.1a-3) unstable; urgency=low
-
- * Use patch from upstream for the rc4_hmac_md5 issue.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 23:16:30 +0200
-
-openssl (1.0.1a-2) unstable; urgency=low
-
- * Fix rc4_hmac_md5 on non-i386/amd64 arches.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 21:54:42 +0200
-
-openssl (1.0.1a-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2012-2110
- - Fix crash in rc4_hmac_md5 (Closes: #666405)
- - Fixes some issues with talking to other servers when TLS 1.1 and 1.2 is
- supported
- - Drop patches no_ssl2.patch vpaes.patch tls1.2_client_algorithms.patch,
- applied upstream.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 19:54:12 +0200
-
-openssl (1.0.1-4) unstable; urgency=low
-
- * Use official patch for the vpaes problem, also covering amd64.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 31 Mar 2012 20:54:13 +0200
-
-openssl (1.0.1-3) unstable; urgency=high
-
- * Fix crash in vpaes (Closes: #665836)
- * use client version when deciding whether to send supported signature
- algorithms extension
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 31 Mar 2012 18:35:59 +0200
-
-openssl (1.0.1-2) unstable; urgency=low
-
- * Properly quote the new cflags in Configure
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 19 Mar 2012 19:56:05 +0100
-
-openssl (1.0.1-1) unstable; urgency=low
-
- * New upstream version
- - Remove kfreebsd-pipe.patch, fixed upstream
- - Update pic.patch, openssl-pod-misspell.patch and make-targets.patch
- - Add OPENSSL_1.0.1 to version-script.patch and libssl1.0.0.symbols for
- the new functions.
- - AES-NI support (Closes: #644743)
- * pic.patch: upstream made OPENSSL_ia32cap_P and OPENSSL_cpuid_setup
- hidden on amd64, no need to access it PIC anymore.
- * pic.patch: Make OPENSSL_ia32cap_P hidden on i386 too (Closes: #663977)
- * Enable hardening using dpkg-buildflags (Closes: #653495)
- * s_client and s_server were forcing SSLv3 only connection when SSLv2 was
- disabled instead of the SSLv2 with upgrade method. (Closes: #664454)
- * Add Breaks on openssh < 1:5.9p1-4, it has a too strict version check.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 19 Mar 2012 18:23:32 +0100
-
-openssl (1.0.0h-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2012-0884
- - Fixes CVE-2012-1165
- - Properly fix CVE-2011-4619
- - pkg-config.patch applied upstream, remove it.
- * Enable assembler for all i386 arches. The assembler does proper
- detection of CPU support, including cpuid support.
- This should fix a problem with AES 192 and 256 with the padlock
- engine because of the difference in NO_ASM between the between
- the i686 optimized library and the engine.
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 13 Mar 2012 21:08:17 +0100
-
-openssl (1.0.0g-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2012-0050
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 18 Jan 2012 20:46:13 +0100
-
-openssl (1.0.0f-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2011-4108, CVE-2011-4576, CVE-2011-4619, CVE-2012-0027,
- CVE-2011-4577
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 12 Jan 2012 19:02:43 +0100
-
-openssl (1.0.0e-3) unstable; urgency=low
-
- * Don't build v8 and v9 variants of sparc anymore, they're older than
- the default. (Closes: #649841)
- * Don't build i486 optimized version, that's the default anyway, and
- it uses assembler that doesn't always work on i486.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 28 Nov 2011 22:17:26 +0100
-
-openssl (1.0.0e-2.1) unstable; urgency=high
-
- * Non-maintainer upload by the Security Team.
- * Block Malaysian's Digicert Sdn. Bhd. certificates by marking them
- as revoked.
-
- -- Raphael Geissert <geissert at debian.org> Sun, 06 Nov 2011 01:39:30 -0600
-
-openssl (1.0.0e-2) unstable; urgency=low
-
- * Add a missing $(DEB_HOST_MULTIARCH)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Sep 2011 17:02:29 +0200
-
-openssl (1.0.0e-1) unstable; urgency=low
-
- * New upstream version
- - Fix bug where CRLs with nextUpdate in the past are sometimes accepted
- by initialising X509_STORE_CTX properly. (CVE-2011-3207)
- - Fix SSL memory handling for (EC)DH ciphersuites, in particular
- for multi-threaded use of ECDH. (CVE-2011-3210)
- - Add protection against ECDSA timing attacks (CVE-2011-1945)
- * Block DigiNotar certifiates. Patch from
- Raphael Geissert <geissert at debian.org>
- * Generate hashes for all certs in a file (Closes: #628780, #594524)
- Patch from Klaus Ethgen <Klaus at Ethgen.de>
- * Add multiarch support (Closs: #638137)
- Patch from Steve Langasek / Ubuntu
- * Symbols from the gost engine were removed because it didn't have
- a linker file. Thanks to Roman I Khimov <khimov at altell.ru>
- (Closes: #631503)
- * Add support for s390x. Patch from Aurelien Jarno <aurel32 at debian.org>
- (Closes: #641100)
- * Add build-arch and build-indep targets to the rules file.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Sep 2011 12:03:13 +0200
-
-openssl (1.0.0d-3) unstable; urgency=low
-
- * Make it build on sparc64. Patch from Aurelien Jarno. (Closes: #626060)
- * Apply patches from Scott Schaefer <saschaefer at neurodiverse.org> to
- fix various pod and spelling errors. (Closes: #622820, #605561)
- * Add missing symbols for the engines (Closes: #623038)
- * More spelling fixes from Scott Schaefer (Closes: #395424)
- * Patch from Scott Schaefer to better document pkcs12 password options
- (Closes: #462489)
- * Document dgst -hmac option. Patch by Thorsten Glaser <tg at mirbsd.de>
- (Closes: #529586)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 13 Jun 2011 12:39:54 +0200
-
-openssl (1.0.0d-2) unstable; urgency=high
-
- * Make c_rehash also generate the old subject hash. Gnutls applications
- seem to require it. (Closes: #611102)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Apr 2011 22:36:49 +0200
-
-openssl (1.0.0d-1) unstable; urgency=low
-
- * New upstream version
- - Fixes CVE-2011-0014
- * Make libssl-doc Replaces/Breaks with old libssl-dev packages
- (Closes: #607609)
- * Only export the symbols we should, instead of all.
- * Add symbol file.
- * Upload to unstable
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 02 Apr 2011 13:19:19 +0000
-
-openssl (1.0.0c-2) experimental; urgency=low
-
- * Set $ in front of {sparcv9_asm} so that the sparc v9 variant builds.
- * Always define _GNU_SOURCE, not only for Linux.
- * Drop SSL2 support (Closes: #589706)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 19 Dec 2010 16:24:16 +0100
-
-openssl (1.0.0c-1) experimental; urgency=low
-
- * New upstream version (Closes: #578376)
- - New soname: Rename library packages
- - Drop patch perl-path.diff, not needed anymore
- - Drop patches CVE-2010-2939.patch, CVE-2010-3864.patch
- and CVE-2010-4180.patch: applied upstream.
- - Update Configure for the new fields for the assembler options
- per arch. alpha now makes use of assembler.
- * Move man3 manpages and demos to libssl-doc (Closes: #470594)
- * Drop .pod files from openssl package (Closes: #518167)
- * Don't use RC4_CHAR on amd64 and drop rc4-amd64.patch
- * Stop using BF_PTR2 on (kfreebd-)amd64.
- * Drop debian-arm from the list of arches.
- * Update arm arches to use BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
- BF_PTR instead of BN_LLONG DES_RISC1
- * ia64: Drop RC4_CHAR, add DES_UNROLL DES_INT
- * powerpc: Use RC4_CHAR RC4_CHUNK DES_RISC1 instead
- of DES_RISC2 DES_PTR MD2_CHAR RC4_INDEX
- * s390: Use RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL instead of BN_LLONG
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 12 Dec 2010 15:37:21 +0100
-
-openssl (0.9.8o-4) unstable; urgency=low
-
- * Fix CVE-2010-4180 (Closes: #529221)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 06 Dec 2010 20:33:21 +0100
-
-openssl (0.9.8o-3) unstable; urgency=high
-
- * Fix TLS extension parsing race condition (CVE-2010-3864) (Closes: #603709)
- * Re-add the engines. They were missing since 0.9.8m-1.
- Patch by Joerg Schneider. (Closes: #603693)
- * Not all architectures were build using -g (Closes: #570702)
- * Add powerpcspe support (Closes: #579805)
- * Add armhf support (Closes: #596881)
- * Update translations:
- - Brazilian Portuguese (Closes: #592154)
- - Danish (Closes: #599459)
- - Vietnamese (Closes: #601536)
- - Arabic (Closes: #596166)
- * Generate the proper stamp file so that everything doesn't get build twice.
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 16 Nov 2010 19:20:55 +0100
-
-openssl (0.9.8o-2) unstable; urgency=high
-
- * Fix CVE-2010-2939: Double free using ECDH. (Closes: #594415)
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 26 Aug 2010 18:25:29 +0200
-
-openssl (0.9.8o-1) unstable; urgency=low
-
- * New upstream version
- - Add SHA2 algorithms to SSL_library_init().
- - aes-x86_64.pl is now PIC, update pic.patch.
- * Add sparc64 support (Closes: #560240)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 18 Apr 2010 01:42:44 +0200
-
-openssl (0.9.8n-1) unstable; urgency=high
-
- * New upstream version.
- - Fixes CVE-2010-0740.
- - Drop cfb.patch, applied upstream.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 25 Mar 2010 20:30:52 +0100
-
-openssl (0.9.8m-2) unstable; urgency=low
-
- * Revert CFB block length change preventing reading older files.
- (Closes: #571810, #571940)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 28 Feb 2010 22:08:49 +0100
-
-openssl (0.9.8m-1) unstable; urgency=low
-
- * New upstream version
- - Implements RFC5746, reenables renegotiation but requires the extension.
- - Fixes CVE-2009-3245
- - Drop patches CVE-2009-4355.patch, CVE-2009-1378.patch,
- CVE-2009-1377.patch, CVE-2009-1379.patch, CVE-2009-3555.patch,
- CVE-2009-2409.patch, CVE-2009-1387.patch, tls_ext_v3.patch,
- no_check_self_signed.patch: applied upstream
- - pk7_mime_free.patch removed, code rewritten
- - ca.diff partially applied upstream
- - engines-path.patch adjusted, upstream made some minor changes to the
- build system.
- - some flags changed values, bump shlibs.
- * Switch to 3.0 (quilt) source package.
- * Make sure the package is properly cleaned.
- * Add ${misc:Depends} to the Depends on all packages.
- * Fix spelling of extension in the changelog file.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 27 Feb 2010 12:24:03 +0000
-
-openssl (0.9.8k-8) unstable; urgency=high
-
- * Clean up zlib state so that it will be reinitialized on next use and
- not cause a memory leak. (CVE-2009-4355, CVE-2008-1678)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Jan 2010 21:26:49 +0100
-
-openssl (0.9.8k-7) unstable; urgency=low
-
- * Bump the shlibs to require 0.9.8k-1. The following symbols
- to added between g and k: AES_wrap_key, AES_unwrap_key,
- ASN1_TYPE_set1, ASN1_STRING_set0, asn1_output_data_fn,
- SMIME_read_ASN1, BN_X931_generate_Xpq, BN_X931_derive_prime_ex,
- BN_X931_generate_prime_ex, COMP_zlib_cleanup, CRYPTO_malloc_debug_init,
- int_CRYPTO_set_do_dynlock_callback, CRYPTO_set_mem_info_functions,
- CRYPTO_strdup, CRYPTO_dbg_push_info, CRYPTO_dbg_pop_info,
- CRYPTO_dbg_remove_all_info, OPENSSL_isservice, OPENSSL_init,
- ENGINE_set_load_ssl_client_cert_function,
- ENGINE_get_ssl_client_cert_function, ENGINE_load_ssl_client_cert,
- EVP_CIPHER_CTX_set_flags, EVP_CIPHER_CTX_clear_flags,
- EVP_CIPHER_CTX_test_flags, HMAC_CTX_set_flags, OCSP_sendreq_new
- OCSP_sendreq_nbio, OCSP_REQ_CTX_free, RSA_X931_derive_ex,
- RSA_X931_generate_key_ex, X509_ALGOR_set0, X509_ALGOR_get0,
- X509at_get0_data_by_OBJ, X509_get1_ocsp
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 28 Nov 2009 14:34:26 +0100
-
-openssl (0.9.8k-6) unstable; urgency=low
-
- * Disable SSL/TLS renegotiation (CVE-2009-3555) (Closes: #555829)
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 12 Nov 2009 18:10:31 +0000
-
-openssl (0.9.8k-5) unstable; urgency=low
-
- * Don't check self signed certificate signatures in X509_verify_cert()
- (Closes: #541735)
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 11 Sep 2009 15:42:32 +0200
-
-openssl (0.9.8k-4) unstable; urgency=low
-
- * Split all the patches into a separate files
- * Stop undefinging HZ, the issue on alpha should be fixed.
- * Remove MD2 from digest algorithm table. (CVE-2009-2409) (Closes: #539899)
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 11 Aug 2009 21:19:18 +0200
-
-openssl (0.9.8k-3) unstable; urgency=low
-
- * Make rc4-x86_64 PIC. Based on patch from Petr Salinger (Closes: #532336)
- * Add workaround for kfreebsd that can't see the different between
- two pipes. Patch from Petr Salinger.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 13 Jun 2009 18:15:46 +0200
-
-openssl (0.9.8k-2) unstable; urgency=low
-
- * Move libssl0.9.8-dbg to the debug section.
- * Use the rc4 assembler on kfreebsd-amd64 (Closes: #532336)
- * Split the line to generate md5-x86_64.s in the Makefile. This will
- hopefully fix the build issue on kfreebsd that now outputs the file
- to stdout instead of the file.
- * Fix denial of service via an out-of-sequence DTLS handshake message
- (CVE-2009-1387) (Closes: #532037)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 08 Jun 2009 19:05:56 +0200
-
-openssl (0.9.8k-1) unstable; urgency=low
-
- * New upstream release
- - 0.9.8i fixed denial of service via a DTLS ChangeCipherSpec packet
- that occurs before ClientHello (CVE-2009-1386)
- * Make aes-x86_64.pl use PIC.
- * Fix security issues (Closes: #530400)
- - "DTLS record buffer limitation bug." (CVE-2009-1377)
- - "DTLS fragment handling" (CVE-2009-1378)
- - "DTLS use after free" (CVE-2009-1379)
- * Fixed Configure for hurd: use -mtune=i486 instead of -m486
- Patch by Marc Dequènes (Duck) <duck at hurdfr.org> (Closes: #530459)
- * Add support for avr32 (Closes: #528648)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 16 May 2009 17:33:55 +0200
-
-openssl (0.9.8g-16) unstable; urgency=high
-
- * Properly validate the length of an encoded BMPString and UniversalString
- (CVE-2009-0590) (Closes: #522002)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 01 Apr 2009 22:04:53 +0200
-
-openssl (0.9.8g-15) unstable; urgency=low
-
- * Internal calls to didn't properly check for errors which
- resulted in malformed DSA and ECDSA signatures being treated as
- a good signature rather than as an error. (CVE-2008-5077)
- * ipv6_from_asc() could write 1 byte longer than the buffer in case
- the ipv6 address didn't have "::" part. (Closes: #506111)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 05 Jan 2009 21:14:31 +0100
-
-openssl (0.9.8g-14) unstable; urgency=low
-
- * Don't give the warning about security updates when upgrading
- from etch since it doesn't have any known security problems.
- * Automaticly use engines that succesfully initialised. Patch
- from the 0.9.8h upstream version. (Closes: #502177)
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 31 Oct 2008 22:45:14 +0100
-
-openssl (0.9.8g-13) unstable; urgency=low
-
- * Fix a problem with tlsext preventing firefox 3 from connection.
- Patch from upstream CVS and part of 0.9.8h.
- (Closes: #492758)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 03 Aug 2008 19:47:10 +0200
-
-openssl (0.9.8g-12) unstable; urgency=low
-
- * add the changelog of the 10.1 NMU to make bugtracking happy
-
- -- Christoph Martin <Christoph.Martin at Uni-Mainz.DE> Tue, 22 Jul 2008 14:58:26 +0200
-
-openssl (0.9.8g-11) unstable; urgency=low
-
- [ Christoph Martin ]
- * updated cs, gl, sv, ru, ro debconf translation (closes: #480926, #480967,
- #482465, #484324, #488595)
- * add Vcs-Svn header (closes: #481654)
- * fix debian-kfreebsd-i386 build flags (closes: #482275)
- * add stunnel4 to restart list (closes: #482111)
- * include fixes from 10.1 NMU by Security team
- - Fix double free in TLS server name extension which leads to a remote
- denial of service (CVE-2008-0891; Closes: #483379).
- - Fix denial of service if the 'Server Key exchange message'
- is omitted from a TLS handshake which could lead to a client
- crash (CVE-2008-1672; Closes: #483379).
- This only works if openssl is compiled with enable-tlsext which is
- done in Debian.
- * fix some lintian warnings
- * update to newest standards version
-
- -- Christoph Martin <Christoph.Martin at Uni-Mainz.DE> Thu, 17 Jul 2008 09:53:01 +0200
-
-openssl (0.9.8g-10.1) unstable; urgency=high
-
- * Non-maintainer upload by the Security team.
- * Fix denial of service if the 'Server Key exchange message'
- is omitted from a TLS handshake which could lead to a client
- crash (CVE-2008-1672; Closes: #483379).
- This only works if openssl is compiled with enable-tlsext which is
- done in Debian.
- * Fix double free in TLS server name extension which leads to a remote
- denial of service (CVE-2008-0891; Closes: #483379).
-
- -- Nico Golde <nion at debian.org> Tue, 27 May 2008 11:13:44 +0200
-
-openssl (0.9.8g-10) unstable; urgency=low
-
- * undefine HZ so that the code falls back to sysconf(_SC_CLK_TCK)
- to fix a build failure on alpha.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 08 May 2008 17:56:13 +0000
-
-openssl (0.9.8g-9) unstable; urgency=high
-
- [ Christoph Martin ]
- * Include updated debconf translations (closes: #473477, #461597,
- #461880, #462011, #465517, #475439)
-
- [ Kurt Roeckx ]
- * ssleay_rand_add() really needs to call MD_Update() for buf.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 07 May 2008 20:32:12 +0200
-
-openssl (0.9.8g-8) unstable; urgency=high
-
- * Don't add extensions to ssl v3 connections. It breaks with some
- other software. (Closes: #471681)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 23 Mar 2008 17:50:04 +0000
-
-openssl (0.9.8g-7) unstable; urgency=low
-
- * Upload to unstable.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Feb 2008 22:22:29 +0000
-
-openssl (0.9.8g-6) experimental; urgency=low
-
- * Bump shlibs.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 09 Feb 2008 15:42:22 +0100
-
-openssl (0.9.8g-5) experimental; urgency=low
-
- * Enable tlsext. This changes the ABI, but should hopefully
- not cause any problems. (Closes: #462596)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 09 Feb 2008 13:32:49 +0100
-
-openssl (0.9.8g-4) unstable; urgency=low
-
- * Fix aes ige test speed not to overwrite it's buffer and
- cause segfauls. Thanks to Tim Hudson (Closes: #459619)
- * Mark some strings in the templates as non translatable.
- Patch from Christian Perrier <bubulle at debian.org> (Closes: #450418)
- * Update Dutch debconf translation (Closes: #451290)
- * Update French debconf translation (Closes: #451375)
- * Update Catalan debconf translation (Closes: #452694)
- * Update Basque debconf translation (Closes: #457285)
- * Update Finnish debconf translation (Closes: #458261)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 16 Jan 2008 21:49:43 +0100
-
-openssl (0.9.8g-3) unstable; urgency=low
-
- * aes-586.pl: push %ebx on the stack before we put some things on the
- stack and call a function, giving AES_decrypt() wrong values to work
- with. (Closes: #449200)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 04 Nov 2007 21:49:00 +0100
-
-openssl (0.9.8g-2) unstable; urgency=low
-
- * Avoid text relocations on i386 caused by the assembler versions:
- - x86unix.pl: Create a function_begin_B_static to create a
- static/local assembler function.
- - aes-586.pl: Use the function_begin_B_static for _x86_AES_decrypt
- so that it doesn't get exported and doesn't have any (text) relocations.
- - aes-586.pl: Set up ebx to point to the GOT and call AES_set_encrypt_key
- via the PLT to avoid a relocation.
- - x86unix.pl: Call the init function via the PLT, avoiding a relocation
- in case of a PIC object.
- - cbc.pl: Call functions via the PLT.
- - desboth.pl: Call DES_encrypt2 via the PLT.
- * CA.sh should use the v3_ca extension when called with -newca
- (Closes: #428051)
- * Use -Wa,--noexecstack for all arches in Debian. (Closes: #430583)
- * Convert the failure message when services fail restart to a debconf
- message.
- * To restart a service, just restart, instead of stop and start.
- Hopefully fixes #444946
- * Also remove igetest from the test dir in the clean target.
- (Closes: #424362)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 03 Nov 2007 13:25:45 +0100
-
-openssl (0.9.8g-1) unstable; urgency=low
-
- * New upstream release
- - Fixes version number not to say it's a development version.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 20 Oct 2007 12:47:10 +0200
-
-openssl (0.9.8f-1) unstable; urgency=low
-
- * New upstream release
- - Fixes DTLS issues, also fixes CVE-2007-4995 (Closes: #335703, #439737)
- - Proper inclusion of opensslconf.h in pq_compat.h (Closes: #408686)
- - New function SSL_set_SSL_CTX: bump shlibs.
- * Remove build dependency on gcc > 4.2
- * Remove the openssl preinst, it looks like a workaround
- for a change in 0.9.2b where config files got moved. (Closes: #445095)
- * Update debconf translations:
- - Vietnamese (Closes: #426988)
- - Danish (Closes: #426774)
- - Slovak (Closes: #440723)
- - Finnish (Closes: #444258)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 13 Oct 2007 00:47:22 +0200
-
-openssl (0.9.8e-9) unstable; urgency=high
-
- * CVE-2007-5135: Fix off by one error in SSL_get_shared_ciphers().
- (Closes: #444435)
- * Add postgresql-8.2 to the list of services to check.
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 28 Sep 2007 19:47:33 +0200
-
-openssl (0.9.8e-8) unstable; urgency=low
-
- * Fix another case of the "if this code is reached, the program will abort"
- (Closes: #429740)
- * Temporary force to build with gcc >= 4.2
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 02 Sep 2007 18:12:11 +0200
-
-openssl (0.9.8e-7) unstable; urgency=low
-
- * Fix problems with gcc-4.2 (Closes: #429740)
- * Stop using -Bsymbolic to create the shared library.
- * Make x86_64cpuid.pl use PIC.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 02 Sep 2007 16:15:18 +0200
-
-openssl (0.9.8e-6) unstable; urgency=high
-
- * Add fix for CVE-2007-3108 (Closes: #438142)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 15 Aug 2007 19:49:54 +0200
-
-openssl (0.9.8e-5) unstable; urgency=low
-
- [ Christian Perrier ]
- * Debconf templates proofread and slightly rewritten by
- the debian-l10n-english team as part of the Smith Review Project.
- Closes: #418584
- * Debconf templates translations:
- - Arabic. Closes: #418669
- - Russian. Closes: #418670
- - Galician. Closes: #418671
- - Swedish. Closes: #418679
- - Korean. Closes: #418755
- - Czech. Closes: #418768
- - Basque. Closes: #418784
- - German. Closes: #418785
- - Traditional Chinese. Closes: #419915
- - Brazilian Portuguese. Closes: #419959
- - French. Closes: #420429
- - Italian. Closes: #420461
- - Japanese. Closes: #420482
- - Catalan. Closes: #420833
- - Dutch. Closes: #420925
- - Malayalam. Closes: #420986
- - Portuguese. Closes: #421032
- - Romanian. Closes: #421708
-
- [ Kurt Roeckx ]
- * Remove the Provides for the udeb. Patch from Frans Pop. (Closes: #419608)
- * Updated Spanish debconf template. (Closes: #421336)
- * Do the header changes, changing those defines into real functions,
- and bump the shlibs to match.
- * Update Japanese debconf translation. (Closes: #422270)
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 15 May 2007 17:21:08 +0000
-
-openssl (0.9.8e-4) unstable; urgency=low
-
- * openssl should depend on libssl0.9.8 0.9.8e-1 since it
- uses some of the defines that changed to functions.
- Other things build against libssl or libcrypto shouldn't
- have this problem since they use the old headers.
- (Closes: #414283)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Mar 2007 17:11:46 +0000
-
-openssl (0.9.8e-3) unstable; urgency=low
-
- * Add nagios-nrpe-server to the list of services to be checked
- (Closes: #391188)
- * EVP_CIPHER_CTX_key_length() should return the set key length in the
- EVP_CIPHER_CTX structure which may not be the same as the underlying
- cipher key length for variable length ciphers.
- From upstream CVS. (Closes: #412979)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 4 Mar 2007 23:22:51 +0000
-
-openssl (0.9.8e-2) unstable; urgency=low
-
- * Undo include changes that change defines into real functions,
- but keep the new functions in the library.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 25 Feb 2007 19:19:19 +0000
-
-openssl (0.9.8e-1) unstable; urgency=low
-
- * New upstream release
- - Inludes security fixes for CVE-2006-2937, CVE-2006-2940,
- CVE-2006-3738, CVE-2006-4343 (Closes: #408902)
- - s_client now properly works with SMTP. Also added support
- for IMAP. (closes: #221689)
- - Load padlock modules (Closes: #345656, #368476)
- * Add clamav-freshclam and clamav-daemon to the list of service that
- need to be restarted. (Closes: #391191)
- * Add armel support. Thanks to Guillem Jover <guillem.jover at nokia.com>
- for the patch. (Closes: #407196)
- * Add Portuguese translations. Thanks to Carlos Lisboa. (Closes: 408157)
- * Add Norwegian translations. Thanks to Bjørn Steensrud
- <bjornst at powertech.no> (Closes: #412326)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 25 Feb 2007 18:06:28 +0000
-
-openssl (0.9.8c-4) unstable; urgency=low
-
- * Add German debconf translation. Thanks to
- Johannes Starosta <feedback-an-johannes at arcor.de> (Closes: #388108)
- * Make c_rehash look for both .pem and .crt files. Also make it support
- files in DER format. Patch by "Yauheni Kaliuta" <y.kaliuta at gmail.com>
- (Closes: #387089)
- * Use & instead of && to check a flag in the X509 policy checking.
- Patch from upstream cvs. (Closes: #397151)
- * Also restart slapd for security updates (Closes: #400221)
- * Add Romanian debconf translation. Thanks to
- stan ioan-eugen <stan.ieugen at gmail.com> (Closes: #393507)
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 30 Nov 2006 20:57:46 +0000
-
-openssl (0.9.8c-3) unstable; urgency=low
-
- * Fix patch for CVE-2006-2940, it left ctx unintiliased.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 2 Oct 2006 18:05:00 +0200
-
-openssl (0.9.8c-2) unstable; urgency=high
-
- * Fix security vulnerabilities (CVE-2006-2937, CVE-2006-2940,
- CVE-2006-3738, CVE-2006-4343). Urgency set to high.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 27 Sep 2006 21:24:55 +0000
-
-openssl (0.9.8c-1) unstable; urgency=low
-
- * New upstream release
- - block padding bug with compression now fixed upstream, using
- their patch.
- - Includes the RSA Signature Forgery (CVE-2006-4339) patch.
- - New functions AES_bi_ige_encrypt and AES_ige_encrypt:
- bumping shlibs to require 0.9.8c-1.
- * Change the postinst script to check that ntp is installed instead
- of ntp-refclock and ntp-simple. The binary is now in the ntp
- package.
- * Move the modified rand/md_rand.c file to the right place,
- really fixing #363516.
- * Add partimage-server conserver-server and tor to the list of service
- to check for restart. Add workaround for openssh-server so it finds
- the init script. (Closes: #386365, #386400, #386513)
- * Add manpage for c_rehash.
- Thanks to James Westby <jw+debian at jameswestby.net> (Closes: #215618)
- * Add Lithuanian debconf translation.
- Thanks to Gintautas Miliauskas <gintas at akl.lt> (Closes: #374364)
- * Add m32r support.
- Thanks to Kazuhiro Inaoka <inaoka.kazuhiro at renesas.com>
- (Closes: #378689)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 17 Sep 2006 14:47:59 +0000
-
-openssl (0.9.8b-3) unstable; urgency=high
-
- * Fix RSA Signature Forgery (CVE-2006-4339) using patch provided
- by upstream.
- * Restart services using a smaller version that 0.9.8b-3, so
- they get the fixed version.
- * Change the postinst to check for postfix instead of postfix-tls.
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 5 Sep 2006 18:26:10 +0000
-
-openssl (0.9.8b-2) unstable; urgency=low
-
- * Don't call gcc with -mcpu on i386, we already use -march, so no need for
- -mtune either.
- * Always make all directories when building something:
- - The engines directory didn't get build for the static directory, so
- where missing in libcrypo.a
- - The apps directory didn't always get build, so we didn't have an openssl
- and a small part of the regression tests failed.
- * Make the package fail to build if the regression tests fail.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 15 May 2006 16:00:58 +0000
-
-openssl (0.9.8b-1) unstable; urgency=low
-
- * New upstream release
- - New functions added (EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_free), bump shlibs.
- - CA.pl/CA.sh now calls openssl ca with -extensions v3_ca, setting CA:TRUE
- instead of FALSE.
- - CA.pl/CA.sh creates crlnumber now. (Closes: #347612)
- * Run debconf-updatepo, which really already was in the 0.9.8a-8 version
- as it was uploaded.
- * Add Galician debconf translation. Patch from
- Jacobo Tarrio <jtarrio at trasno.net> (Closes: #361266)
- * libssl0.9.8.postinst makes uses of bashisms (local variables)
- so use #!/bin/bash
- * libssl0.9.8.postinst: Call set -e after sourcing the debconf
- script.
- * libssl0.9.8.postinst: Change list of service that may need
- to be restarted:
- - Replace ssh by openssh-server
- - Split postgresql in postgresql-7.4 postgresql-8.0 postgresql-8.1
- - Add: dovecot-common bind9 ntp-refclock ntp-simple openntpd clamcour
- fetchmail ftpd-ssl proftpd proftpd-ldap proftpd-mysql proftpd-pgsql
- * libssl0.9.8.postinst: The check to see if something was installed
- wasn't working.
- * libssl0.9.8.postinst: Add workaround to find the name of the init
- script for proftpd and dovecot.
- * libssl0.9.8.postinst: Use invoke-rc.d when it's available.
- * Change Standards-Version to 3.7.0:
- - Make use of invoke-rc.d
- * Add comment to README.Debian that rc5, mdc2 and idea have been
- disabled (since 0.9.6b-3) (Closes: #362754)
- * Don't add uninitialised data to the random number generator. This stop
- valgrind from giving error messages in unrelated code.
- (Closes: #363516)
- * Put the FAQ in the openssl docs.
- * Add russian debconf translations from Yuriy Talakan <yt at amur.elektra.ru>
- (Closes #367216)
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 4 May 2006 20:40:03 +0200
-
-openssl (0.9.8a-8) unstable; urgency=low
-
- * Call pod2man with the proper section. Section changed
- from 1/3/5/7 to 1SSL/3SSL/5SSL/7SSL. The name of the files
- already had the ssl in, the section didn't. The references
- to other manpage is still wrong.
- * Don't install the LICENSE file, it's already in the copyright file.
- * Don't set an rpath on openssl to point to /usr/lib.
- * Add support for kfreebsd-amd64. (Closes: #355277)
- * Add udeb to the shlibs. Patch from Frans Pop <aragorn at tiscali.nl>
- (Closes: #356908)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 11 Feb 2006 14:14:37 +0100
-
-openssl (0.9.8a-7) unstable; urgency=high
-
- * Add italian debconf templates. Thanks to Luca Monducci.
- (Closes: #350249)
- * Change the debconf question to use version 0.9.8-3
- instead of 0.9.8-1, since that's the last version
- with a security fix.
- * Call conn_state() if the BIO is not in the BIO_CONN_S_OK state
- (Closes: #352047). RC bug affecting testing, so urgency high.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 9 Feb 2006 19:07:56 +0100
-
-openssl (0.9.8a-6) unstable; urgency=low
-
- * Remove empty postinst/preinst/prerm scripts. There is no need
- to have empty ones, debhelper will add them when needed.
- * Remove the static pic libraries. Nobody should be linking
- it's shared libraries static to libssl or libcrypto.
- This was added for opensc who now links to it shared.
- * Do not assume that in case the sequence number is 0 and the
- packet has an odd number of bytes that the other side has
- the block padding bug, but try to check that it actually
- has the bug. The wrong detection of this bug resulted
- in an "decryption failed or bad record mac" error in case
- both sides were using zlib compression. (Closes: #338006)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 21 Jan 2006 16:25:41 +0100
-
-openssl (0.9.8a-5) unstable; urgency=low
-
- * Stop ssh from crashing randomly on sparc (Closes: #335912)
- Patch from upstream cvs.
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 13 Dec 2005 21:37:42 +0100
-
-openssl (0.9.8a-4) unstable; urgency=low
-
- * Call dh_makeshlibs with the proper version instead of putting
- it in shlibs.local, which doesn't seem to do anything. 0.9.8a-1
- added symbol versioning, so it should have bumped the shlibs.
- (Closes: #338284)
- * The openssl package had a duplicate dependency on libssl0.9.8,
- only require the version as required by the shlibs.
- * Make libssl-dev depend on zlib1g-dev, since it's now required for
- static linking. (Closes: #338313)
- * Generate .pc files that make use of Libs.private, so things only
- link to the libraries they should when linking shared.
- * Use -m64 instead of -bpowerpc64-linux on ppc64. (Closes: #335486)
- * Make powerpc and ppc64 use the assembler version for bn. ppc64
- had the location in the string wrong, powerpc had it missing.
- * Add includes for stddef to get size_t in md2.h, md4.h, md5.h,
- ripemd.h and sha.h. (Closes: #333101)
- * Run make test for each of the versions we build, make it
- not fail the build process if an error is found.
- * Add build dependency on bc for the regression tests.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Nov 2005 16:01:05 +0100
-
-openssl (0.9.8a-3) unstable; urgency=high
-
- * Link to libz instead of dynamicly loading it. It gets loaded
- at the moment the library is initialised, so there is no point
- in not linking to it. It's now failing in some cases since
- it's not opened by it's soname, but by the symlink to it.
- This should hopefully solve most of the bugs people have reported
- since the move to libssl0.9.8.
- (Closes: #334180, #336140, #335271)
- * Urgency set to high because it fixes a grave bug affecting testing.
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 1 Nov 2005 14:56:40 +0100
-
-openssl (0.9.8a-2) unstable; urgency=low
-
- * Add Build-Dependency on m4, since sparc needs it to generate
- it's assembler files. (Closes: #334542)
- * Don't use rc4-x86_64.o on amd64 for now, it seems to be broken
- and causes a segfault. (Closes: #334501, #334502)
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 18 Oct 2005 19:05:53 +0200
-
-openssl (0.9.8a-1) unstable; urgency=low
-
- Christoph Martin:
- * fix asm entries for some architectures, fixing #332758 properly.
- * add noexecstack option to i386 subarch
- * include symbol versioning in Configure (closes: #330867)
- * include debian-armeb arch (closes: #333579)
- * include new upstream patches; includes some minor fixes
- * fix dh_shlibdeps line, removing the redundant dependency on
- libssl0.9.8 (closes: #332755)
- * add swedish debconf template (closes: #330554)
-
- Kurt Roeckx:
- * Also add noexecstack option for amd64, since it now has an
- executable stack with the assembler fixes for amd64.
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 17 Oct 2005 17:01:06 +0200
-
-openssl (0.9.8-3) unstable; urgency=low
-
- * Apply security fix for CAN-2005-2969. (Closes: #333500)
- * Change priority of -dbg package to extra.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 12 Oct 2005 22:38:58 +0200
-
-openssl (0.9.8-2) unstable; urgency=low
-
- * Don't use arch specific assembler. Should fix build failure on
- ia64, sparc and amd64. (Closes: #332758)
- * Add myself to the uploaders.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 10 Oct 2005 19:22:36 +0200
-
-openssl (0.9.8-1) unstable; urgency=low
-
- * New upstream release (closes: #311826)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 29 Sep 2005 14:20:04 +0200
-
-openssl (0.9.7g-3) unstable; urgency=low
-
- * change Configure line for debian-freebsd-i386 to debian-kfreebsd-i386
- (closes: #327692)
- * include -dbg version. That implies compiling with -g and without
- -fomit-frame-pointer (closes: #293823, #153811)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 23 Sep 2005 13:51:57 +0200
-
-openssl (0.9.7g-2) unstable; urgency=low
-
- * really include nl translation
- * remove special ia64 code from rc4 code to make the abi compatible to
- older 0.9.7 versions (closes: #310489, #309274)
- * fix compile flag for debian-ppc64 (closes: #318750)
- * small fix in libssl0.9.7.postinst (closes: #239956)
- * fix pk7_mime.c to prevent garbled messages because of to early memory
- free (closes: #310184)
- * include vietnamese debconf translation (closes: #316689)
- * make optimized i386 libraries have non executable stack (closes:
- #321721)
- * remove leftover files from ssleay
- * move from dh_installmanpages to dh_installman
- * change Maintainer to pkg-openssl-devel at lists.alioth.debian.org
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 7 Sep 2005 15:32:54 +0200
-
-openssl (0.9.7g-1) unstable; urgency=low
-
- * New upstream release
- * Added support for proxy certificates according to RFC 3820.
- Because they may be a security thread to unaware applications,
- they must be explicitely allowed in run-time. See
- docs/HOWTO/proxy_certificates.txt for further information.
- * Prompt for pass phrases when appropriate for PKCS12 input format.
- * Back-port of selected performance improvements from development
- branch, as well as improved support for PowerPC platforms.
- * Add lots of checks for memory allocation failure, error codes to indicate
- failure and freeing up memory if a failure occurs.
- * Perform some character comparisons of different types in X509_NAME_cmp:
- this is needed for some certificates that reencode DNs into UTF8Strings
- (in violation of RFC3280) and can't or wont issue name rollover
- certificates.
- * corrected watchfile
- * added upstream source url (closes: #292904)
- * fix typo in CA.pl.1 (closes: #290271)
- * change debian-powerpc64 to debian-ppc64 and adapt the configure
- options to be the same like upstream (closes: #289841)
- * include -signcert option in CA.pl usage
- * compile with zlib-dynamic to use system zlib (closes: #289872)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 9 May 2005 23:32:03 +0200
-
-openssl (0.9.7e-3) unstable; urgency=high
-
- * really fix der_chop. The fix from -1 was not really included (closes:
- #281212)
- * still fixes security problem CAN-2004-0975 etc.
- - tempfile raise condition in der_chop
- - Avoid a race condition when CRLs are checked in a multi threaded
- environment.
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Dec 2004 18:41:29 +0100
-
-openssl (0.9.7e-2) unstable; urgency=high
-
- * fix perl path in der_chop and c_rehash (closes: #281212)
- * still fixes security problem CAN-2004-0975 etc.
- - tempfile raise condition in der_chop
- - Avoid a race condition when CRLs are checked in a multi threaded
- environment.
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 14 Nov 2004 20:16:21 +0100
-
-openssl (0.9.7e-1) unstable; urgency=high
-
- * SECURITY UPDATE: fix insecure temporary file handling
- * apps/der_chop:
- - replaced $$-style creation of temporary files with
- File::Temp::tempfile()
- - removed unused temporary file name in do_certificate()
- * References:
- CAN-2004-0975 (closes: #278260)
- * fix ASN1_STRING_to_UTF8 with UTF8 (closes: #260357)
- * New upstream release with security fixes
- - Avoid a race condition when CRLs are checked in a multi threaded
- environment.
- - Various fixes to s3_pkt.c so alerts are sent properly.
- - Reduce the chances of duplicate issuer name and serial numbers (in
- violation of RFC3280) using the OpenSSL certificate creation
- utilities.
- * depends openssl on perl-base instead of perl (closes: #280225)
- * support powerpc64 in Configure (closes: #275224)
- * include cs translation (closes: #273517)
- * include nl translation (closes: #272479)
- * Fix default dir of c_rehash (closes: #253126)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 12 Nov 2004 14:11:15 +0100
-
-openssl (0.9.7d-5) unstable; urgency=low
-
- * Make S/MIME encrypt work again (backport from CVS) (closes: #241407,
- #241386)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 26 Jul 2004 17:22:42 +0200
-
-openssl (0.9.7d-4) unstable; urgency=low
-
- * add Catalan translation (closes: #248749)
- * add Spanish translation (closes: #254561)
- * include NMU fixes: see below
- * decrease optimisation level for debian-arm to work around gcc bug
- (closes: #253848) (thanks to Steve Langasek and Thom May)
- * Add libcrypto0.9.7-udeb. (closes: #250010) (thanks to Bastian Blank)
- * Add watchfile
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 14 Jul 2004 14:31:02 +0200
-
-openssl (0.9.7d-3) unstable; urgency=low
-
- * rename -pic.a libraries to _pic.a (closes: #250016)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 24 May 2004 17:02:29 +0200
-
-openssl (0.9.7d-2) unstable; urgency=low
-
- * include PIC libs (libcrypto-pic.a and libssl-pic.a) to libssl-dev
- (closes: #246928, #243999)
- * add racoon to restart list (closes: #242652)
- * add Brazilian, Japanese and Danish translations (closes: #242087,
- #241830, #241705)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 11 May 2004 10:13:49 +0200
-
-openssl (0.9.7d-1) unstable; urgency=high
-
- * new upstream
- * fixes security holes (http://www.openssl.org/news/secadv_20040317.txt)
- (closes: #238661)
- * includes support for debian-amd64 (closes: #235551, #232310)
- * fix typo in pem.pod (closes: #219873)
- * fix typo in libssl0.9.7.templates (closes: #224690)
- * openssl suggests ca-certificates (closes: #217180)
- * change debconf template to gettext format (closes: #219013)
- * include french debconf template (closes: #219014)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 18 Mar 2004 16:18:43 +0100
-
-openssl (0.9.7c-5) unstable; urgency=low
-
- * include openssl.pc into libssl-dev (closes: #212545)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Oct 2003 16:31:32 +0200
-
-openssl (0.9.7c-4) unstable; urgency=low
-
- * change question to restart services to debconf (closes: #214840)
- * stop using dh_undocumented (closes: #214831)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 10 Oct 2003 15:40:48 +0200
-
-openssl (0.9.7c-3) unstable; urgency=low
-
- * fix POSIX conformance for head in libssl0.9.7.postinst (closes:
- #214700)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 8 Oct 2003 14:02:38 +0200
-
-openssl (0.9.7c-2) unstable; urgency=low
-
- * add filerc macro to libssl0.9.7.postinst (closes: #213906)
- * restart spamassassins spamd on upgrade (closes: #214106)
- * restart more services on upgrade
- * fix EVP_BytesToKey manpage (closes: #213715)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 7 Oct 2003 15:01:32 +0200
-
-openssl (0.9.7c-1) unstable; urgency=high
-
- * upstream security fix (closes: #213451)
- - Fix various bugs revealed by running the NISCC test suite:
- Stop out of bounds reads in the ASN1 code when presented with
- invalid tags (CAN-2003-0543 and CAN-2003-0544).
- Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
- If verify callback ignores invalid public key errors don't try to check
- certificate signature with the NULL public key.
- - In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
- if the server requested one: as stated in TLS 1.0 and SSL 3.0
- specifications.
- * more minor upstream bugfixes
- * fix formatting in c_issuer (closes: #190026)
- * fix Debian-FreeBSD support (closes: #200381)
- * restart some services in postinst to make them use the new libraries
- * remove duplicated openssl.1, crypto.3 and ssl.3 (closes: #198594)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 1 Oct 2003 08:54:27 +0200
-
-openssl (0.9.7b-2) unstable; urgency=high
-
- * fix permission of /etc/ssl/private to 700 again
- * change section of libssl-dev to libdevel
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 23 Apr 2003 11:13:24 +0200
-
-openssl (0.9.7b-1) unstable; urgency=high
-
- * upstream security fix
- - Countermeasure against the Klima-Pokorny-Rosa extension of
- Bleichbacher's attack on PKCS #1 v1.5 padding: treat
- a protocol version number mismatch like a decryption error
- in ssl3_get_client_key_exchange (ssl/s3_srvr.c). (CAN-2003-0131)
- (closes: #189087)
- - Turn on RSA blinding by default in the default implementation
- to avoid a timing attack. Applications that don't want it can call
- RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
- They would be ill-advised to do so in most cases. (CAN-2003-0147)
- - Change RSA blinding code so that it works when the PRNG is not
- seeded (in this case, the secret RSA exponent is abused as
- an unpredictable seed -- if it is not unpredictable, there
- is no point in blinding anyway). Make RSA blinding thread-safe
- by remembering the creator's thread ID in rsa->blinding and
- having all other threads use local one-time blinding factors
- (this requires more computation than sharing rsa->blinding, but
- avoids excessive locking; and if an RSA object is not shared
- between threads, blinding will still be very fast).
- for more details see the CHANGES file
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 16 Apr 2003 10:32:57 +0200
-
-openssl (0.9.7a-1) unstable; urgency=high
-
- * upstream Security fix
- - In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
- via timing by performing a MAC computation even if incorrrect
- block cipher padding has been found. This is a countermeasure
- against active attacks where the attacker has to distinguish
- between bad padding and a MAC verification error. (CAN-2003-0078)
- for more details see the CHANGES file
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 21 Feb 2003 22:39:40 +0100
-
-openssl (0.9.7-4) unstable; urgency=low
-
- * use DH_COMPAT=3 to build
- * move i686 to i686/cmov to fix problems on Via C3. For that to work we
- have to depend on the newest libc6 on i386 (closes: #177891)
- * fix bug in ui_util.c (closes: #177615)
- * fix typo in md5.h (closes: #178112)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 24 Jan 2003 10:22:56 +0100
-
-openssl (0.9.7-3) unstable; urgency=low
-
- * enable build of ultrasparc code on non ultrasparc machines (closes:
- #177024)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 17 Jan 2003 08:22:13 +0100
-
-openssl (0.9.7-2) unstable; urgency=low
-
- * include changes between 0.9.6g-9 and -10
- * fix problem in build-process on i386 with libc6 version number
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 13 Jan 2003 14:26:56 +0100
-
-openssl (0.9.7-1) unstable; urgency=low
-
- * new upstream
- * includes engine support
- * a lot of bugfixes and enhancements, see the CHANGES file
- * include AES encryption
- * makes preview of certificate configurable (closes: #176059)
- * fix x509 manpage (closes: #168070)
- * fix declaration of ERR_load_PEM_string in pem.h (closes: #141360)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 11 Jan 2003 09:12:16 +0100
-
-openssl (0.9.6g-10) unstable; urgency=low
-
- * fix problem in build-process on i386 with libc6 version number
- (closes: #167096)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 4 Nov 2002 12:27:21 +0100
-
-openssl (0.9.6g-9) unstable; urgency=low
-
- * fix typo in i386 libc6 depend (sigh) (closes: #163848)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 8 Oct 2002 23:29:20 +0200
-
-openssl (0.9.6g-8) unstable; urgency=low
-
- * fix libc6 depends. Only needed for i386 (closes: #163701)
- * remove SHLIB section for bsds from Configure (closes: #163585)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 8 Oct 2002 10:57:35 +0200
-
-openssl (0.9.6g-7) unstable; urgency=low
-
- * enable i686 optimisation and depend on fixed glibc (closes: #163500)
- * remove transition package ssleay
- * include optimisation vor sparcv8 (closes: #139996)
- * improve optimisation vor sparcv9
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 6 Oct 2002 14:07:12 +0200
-
-openssl (0.9.6g-6) unstable; urgency=low
-
- * temporarily disable i686 optimisation (See bug in glibc #161788)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 21 Sep 2002 18:56:49 +0200
-
-openssl (0.9.6g-5) unstable; urgency=low
-
- * i486 can use i586 assembler
- * include set -xe in the for loops in the rules files to make it abort
- on error (closes: #161768)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 21 Sep 2002 16:23:11 +0200
-
-openssl (0.9.6g-4) unstable; urgency=low
-
- * fix optimization for alpha and sparc
- * add optimization for i486
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 20 Sep 2002 22:36:19 +0200
-
-openssl (0.9.6g-3) unstable; urgency=low
-
- * add optimized libraries for i586, i686, ev4, ev5 and v9 (closes: #139783)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 19 Sep 2002 18:33:04 +0200
-
-openssl (0.9.6g-2) unstable; urgency=low
-
- * fix manpage names (closes: #156717, #156718, #156719, #156721)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 15 Aug 2002 11:26:37 +0200
-
-openssl (0.9.6g-1) unstable; urgency=low
-
- * new upstream version
- * Use proper error handling instead of 'assertions' in buffer
- overflow checks added in 0.9.6e. This prevents DoS (the
- assertions could call abort()). (closes: #155985, #156495)
- * Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
- and get fix the header length calculation.
- * include support for new sh* architectures (closes: #155117)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 14 Aug 2002 13:59:22 +0200
-
-openssl (0.9.6e-1) unstable; urgency=high
-
- * fixes remote exploits (see DSA-136-1)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 30 Jul 2002 18:32:28 +0200
-
-openssl (0.9.6d-1) unstable; urgency=low
-
- * new upstream (minor) version
- * includes Configure lines for debian-*bsd-* (closes: #130413)
- * fix wrong prototype for BN_pseudo_rand_range in BN_rand(3ssl) (closes:
- #144586)
- * fix typos in package description (closes: #141469)
- * fix typo in SSL_CTX_set_cert_store manpage (closes: #135297)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 3 Jun 2002 19:42:10 +0200
-
-openssl (0.9.6c-2) unstable; urgency=low
-
- * moved from non-US to main
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 19 Mar 2002 14:48:39 +0100
-
-openssl (0.9.6c-1) unstable; urgency=low
-
- * new upstream version with a lot of bugfixes
- * remove directory /usr/include/openssl from openssl package (closes:
- bug #121226)
- * remove selfdepends from libssl0.9.6
- * link openssl binary shared again
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 5 Jan 2002 19:04:31 +0100
-
-openssl (0.9.6b-4) unstable; urgency=low
-
- * build with -D_REENTRANT for threads support on all architectures
- (closes: #112329, #119239)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 24 Nov 2001 12:17:51 +0100
-
-openssl (0.9.6b-3) unstable; urgency=low
-
- * disable idea, mdc2 and rc5 because they are not free (closes: #65368)
- * ready to be moved from nonus to main
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 21 Nov 2001 17:51:41 +0100
-
-openssl (0.9.6b-2) unstable; urgency=high
-
- * fix definition of crypt in des.h (closes: #107533)
- * fix descriptions (closes: #109503)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 17 Sep 2001 15:38:27 +0200
-
-openssl (0.9.6b-1) unstable; urgency=medium
-
- * new upstream fixes some security issues (closes: #105835, #100146)
- * added support for s390 (closes: #105681)
- * added support for sh (closes: #100003)
- * change priority of libssl096 to standard as ssh depends on it (closes:
- #105440)
- * don't optimize for i486 to support i386. (closes: #104127, #82194)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 20 Jul 2001 15:52:42 +0200
-
-openssl (0.9.6a-3) unstable; urgency=medium
-
- * add perl-base to builddeps
- * include static libraries in libssl-dev (closes: #93688)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 14 May 2001 20:16:06 +0200
-
-openssl (0.9.6a-2) unstable; urgency=medium
-
- * change Architecture of ssleay from any to all (closes: #92913)
- * depend libssl-dev on the exact same version of libssl0.9.6 (closes:
- #88939)
- * remove lib{crypto,ssl}.a from openssl (closes: #93666)
- * rebuild with newer gcc to fix atexit problem (closes: #94036)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 2 May 2001 12:28:39 +0200
-
-openssl (0.9.6a-1) unstable; urgency=medium
-
- * new upstream, fixes some security bugs (closes: #90584)
- * fix typo in s_server manpage (closes: #89756)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 10 Apr 2001 12:13:11 +0200
-
-openssl (0.9.6-2) unstable; urgency=low
-
- * policy: reorganisation of package names: libssl096 -> libssl0.9.6,
- libssl096-dev -> libssl-dev (closes: #83426)
- * libssl0.9.6 drops replaces libssl09 (Closes: #83425)
- * install upstream CHANGES files (Closes: #83430)
- * added support for hppa and ia64 (Closes: #88790)
- * move man3 manpages to libssl-dev (Closes: #87546)
- * fix formating problem in rand_add(1) (Closes: #87547)
- * remove manpage duplicates (Closes: #87545, #74986)
- * make package descriptions clearer (Closes: #83518, #83444)
- * increase default emailAddress_max from 40 to 60 (Closes: #67238)
- * removed RSAREF warning (Closes: #84122)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 8 Mar 2001 14:24:00 +0100
-
-openssl (0.9.6-1) unstable; urgency=low
-
- * New upstream version (Thanks to Enrique Zanardi <ezanard at debian.org>)
- (closes: #72388)
- * Add support for debian-hurd (closes: #76032)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 13 Nov 2000 22:30:46 +0100
-
-openssl (0.9.5a-5) unstable; urgency=low
-
- * move manpages in standard directories with section ssl (closes:
- #72152, #69809)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 5 Oct 2000 19:56:20 +0200
-
-openssl (0.9.5a-4) unstable; urgency=low
-
- * include edg_rand_bytes patch from and for apache-ssl
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 23 Sep 2000 16:48:06 +0200
-
-openssl (0.9.5a-3) unstable; urgency=low
-
- * fix call to dh_makeshlibs to create correct shlibs file and make
- dependend programs link correctly (closes: Bug#61658)
- * include a note in README.debian concerning the location of the
- subcommand manpages (closes: Bug#69809)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 16 Sep 2000 19:10:50 +0200
-
-openssl (0.9.5a-2) unstable; urgency=low
-
- * try to fix the sharedlib problem. change soname of library
- (closes: Bug#4622, #66102, #66538, #66123)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 12 Jul 2000 03:26:30 +0200
-
-openssl (0.9.5a-1) unstable; urgency=low
-
- * new upstream version (major changes see file NEWS) (closes: Bug#63976,
- #65239, #65358)
- * new library package libssl095a because of probably changed library
- interface (closes: Bug#46222)
- * added architecture mips and mipsel (closes: Bug#62437, #60366)
- * provide shlibs.local file in build to help build if libraries are not
- yet installed (closes: Bug#63984)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 11 Jun 2000 15:17:35 +0200
-
-openssl (0.9.4-5) frozen unstable; urgency=medium
-
- * cleanup of move of doc directories to /usr/share/doc (closes:
- Bug#56430)
- * lintian issues (closes: Bug#49358)
- * move demos from openssl to libssl09-dev (closes: Bug#59201)
- * move to debhelpers
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 11 Mar 2000 10:38:04 +0100
-
-openssl (0.9.4-4) unstable; urgency=medium
-
- * Added 'debian-arm' in 'Configure'. (closes: Bug#54251, #54766)
- * Fixed Configure for 'debian-m68k' (closes: Bug#53636)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 15 Jan 2000 13:16:18 +0100
-
-openssl (0.9.4-3) unstable; urgency=low
-
- * define symbol SSLeay_add_ssl_algorithms for backward compatibility
- (closes: Bug#46882)
- * remove manpages from /usr/doc/openssl (closes: Bug#46791)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 14 Oct 1999 16:51:08 +0200
-
-openssl (0.9.4-2) unstable; urgency=low
-
- * include some more docu in pod format (Bug #43933)
- * removed -mv8 from sparc flags (Bug #44769)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 14 Sep 1999 22:04:06 +0200
-
-openssl (0.9.4-1) unstable; urgency=low
-
- * new upstream version (Closes: #42926)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 28 Aug 1999 17:04:23 +0200
-
-openssl (0.9.3a-1) unstable; urgency=low
-
- * new upstream version (Bug #38345, #38627)
- * sparc is big-endian (Bug #39973)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 7 Jul 1999 16:03:37 +0200
-
-openssl (0.9.2b-3) unstable; urgency=low
-
- * correct move conffiles to /etc/ssl (Bug #38570)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 31 May 1999 21:08:07 +0200
-
-openssl (0.9.2b-2) unstable; urgency=low
-
- * added convenience package ssleay to help upgrade to openssl (Bug
- #37185, #37623, #36326)
- * added some missing dependencies from libssl09 (Bug #36681, #35867,
- #36326)
- * move lib*.so to libssl09-dev (Bug #36761)
- * corrected version numbers of library files
- * introduce link from /usr/lib/ssl to /etc/ssl (Bug #36710)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 23 May 1999 14:57:48 +0200
-
-openssl (0.9.2b-1) unstable; urgency=medium
-
- * First openssl version
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 31 Mar 1999 15:54:26 +0200
-
-ssleay (0.9.0b-2) unstable; urgency=low
-
- * Include message about the (not)usage of RSAREF (#24409)
- * Move configfiles from /usr/lib/ssl to /etc/ssl (#26406)
- * Change definitions for sparc (#26487)
- * Added missing dependency (#28591)
- * Make debian/libtool executable (#29708)
- * /etc/ssl/lib/ssleay.cnf is now a confile (#32624)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 21 Mar 1999 19:41:04 +0100
-
-ssleay (0.9.0b-1) unstable; urgency=low
-
- * new upstream version (Bug #21227, #25971)
- * build shared libraries with -fPIC (Bug #20027)
- * support sparc architecture (Bug #28467)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 13 Oct 1998 10:20:13 +0200
-
-ssleay (0.8.1-7) frozen unstable; urgency=high
-
- * security fix patch to 0.8.1b (bug #24022)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 6 Jul 1998 15:42:15 +0200
-
-ssleay (0.8.1-6) frozen unstable; urgency=low
-
- * second try to fix bug #15235 (copyright was still missing)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 22 Jun 1998 08:56:27 +0200
-
-ssleay (0.8.1-5) frozen unstable; urgency=high
-
- * changed /dev/random to /dev/urandom (Bug #23169, #17817)
- * copyright contains now the full licence (Bug #15235)
- * fixed bug #19410 (md5sums-lists-nonexisting-file)
- * added demos to /usr/doc (Bug #17372)
- * fixed type in package description (Bug #18969)
- * fixed bug in adding documentation (Bug #21463)
- * added patch for support of debian-powerpc (Bug #21579)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 18 Jun 1998 23:09:13 +0200
-
-ssleay (0.8.1-4) unstable; urgency=low
-
- * purged dependency from libc5
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 11 Nov 1997 15:31:50 +0100
-
-ssleay (0.8.1-3) unstable; urgency=low
-
- * changed packagename libssl to libssl08 to get better dependancies
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 7 Nov 1997 14:23:17 +0100
-
-ssleay (0.8.1-2) unstable; urgency=low
-
- * linked shared libraries against libc6
- * use /dev/random for randomseed
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 5 Nov 1997 11:21:40 +0100
-
-ssleay (0.8.1-1) unstable; urgency=low
-
- * new upstream version
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Oct 1997 16:15:43 +0200
-
-ssleay (0.6.6-2) unstable; urgency=low
-
- * cleanup in diffs
- * removed INSTALL from docs (bug #13205)
- * split libssl and libssl-dev (but #13735)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 15 Oct 1997 17:38:38 +0200
-
-ssleay (0.6.6-1) unstable; urgency=low
-
- * New upstream version
- * added shared libraries for libcrypto and libssl
-
- -- Christoph Martin <martin at uni-mainz.de> Thu, 26 Jun 1997 19:26:14 +0200
-
-ssleay (0.6.4-2) unstable; urgency=low
-
- * changed doc filenames from .doc to .txt to be able to read them
- over with webbrowser
-
- -- Christoph Martin <martin at uni-mainz.de> Tue, 25 Feb 1997 14:02:53 +0100
-
-ssleay (0.6.4-1) unstable; urgency=low
-
- * Initial Release.
-
- -- Christoph Martin <martin at uni-mainz.de> Fri, 22 Nov 1996 21:29:51 +0100
Copied: openssl/branches/openssl1.0/debian/changelog (from rev 845, openssl/trunk/debian/changelog)
===================================================================
--- openssl/branches/openssl1.0/debian/changelog (rev 0)
+++ openssl/branches/openssl1.0/debian/changelog 2016-10-27 21:27:44 UTC (rev 849)
@@ -0,0 +1,1981 @@
+openssl1.0 (1.0.2j-2) unstable; urgency=medium
+
+ * Provide an 1.0.2 version of the library for Stretch.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 27 Oct 2016 21:10:24 +0200
+
+openssl (1.0.2j-1) unstable; urgency=medium
+
+ * New upstream release
+ - Fixes CVE-2016-7052
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 26 Sep 2016 18:17:39 +0200
+
+openssl (1.0.2i-1) unstable; urgency=high
+
+ * New upstream version
+ - Fix CVE-2016-2177
+ - Fix CVE-2016-2178
+ - Fix CVE-2016-2179
+ - Fix CVE-2016-2180
+ - Fix CVE-2016-2181
+ - Fix CVE-2016-2182
+ - Fix CVE-2016-2183
+ - Fix CVE-2016-6302
+ - Fix CVE-2016-6303
+ - Fix CVE-2016-6304
+ - Fix CVE-2016-6306
+ * Drop ca.patch, option is now documented upstream
+ * Update engines-path.patch to also update the libcrypto.pc, now that that
+ has an enginesdir in it.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 22 Sep 2016 19:39:36 +0200
+
+openssl (1.0.2h-2) unstable; urgency=medium
+
+ * Re-add libdoc-manpgs-pod-spell.patch to series files (Closes: #813191)
+ * Don't build i686 optimized version anymore on i386, it's now the default.
+ (Closes: #823774)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 08 May 2016 13:16:29 +0200
+
+openssl (1.0.2h-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2016-2107
+ - Fixes CVE-2016-2105
+ - Fixes CVE-2016-2106
+ - Fixes CVE-2016-2109
+ - Fixes CVE-2016-2176
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 03 May 2016 18:31:22 +0200
+
+openssl (1.0.2g-2) unstable; urgency=medium
+
+ * Use assembler of arm64 (Closes: #794326)
+ Patch from Riku Voipio <riku.voipio at iki.fi>
+ * Add a udeb for libssl, based on similar changes done in Ubuntu
+ starting in version 0.9.8o-4ubuntu1 (Closes: #802591)
+ Patch from Margarita Manterola <marga at google.com>
+ * Add support for nios2 (Closes: #816239)
+ Based on patch from Marek Vasut <marex at denx.de>
+ * Update Spanish translation from Manuel "Venturi" Porras Peralta
+ <venturi at openmailbox.org> (Closes: #773601)
+ * Don't build an i586 optimized version anymore, the default
+ already targets that. Patch from Sven Joachim <svenjoac at gmx.de>
+ (Closes: #759811)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 21 Apr 2016 23:43:06 +0200
+
+openssl (1.0.2g-1) unstable; urgency=high
+
+ * New upstream version
+ * Fix CVE-2016-0797
+ * Fix CVE-2016-0798
+ * Fix CVE-2016-0799
+ * Fix CVE-2016-0702
+ * Fix CVE-2016-0705
+ * Disable EXPORT and LOW ciphers: The DROWN attack (CVE-2016-0800)
+ makes use of those, and SLOTH attack (CVE-2015-7575) can make use of them
+ too.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 01 Mar 2016 18:31:09 +0100
+
+openssl (1.0.2f-2) unstable; urgency=high
+
+ * New upstream version.
+ - Fixes CVE-2016-0701
+ - Not affected by CVE-2015-3197 because SSLv2 is disabled.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 28 Jan 2016 19:32:02 +0100
+
+openssl (1.0.2e-1) unstable; urgency=high
+
+ * New upstream release
+ - Fix CVE-2015-3193
+ - Fix CVE-2015-3194
+ - Fix CVE-2015-3195
+ - Fix CVE-2015-3196
+ * Remove all symlinks during clean
+ * Run make depend after configure
+ * Remove openssl_button.* from the doc package
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 03 Dec 2015 19:33:05 +0100
+
+openssl (1.0.2d-3) unstable; urgency=medium
+
+ * Upload to unstable
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 01 Nov 2015 19:14:34 +0100
+
+openssl (1.0.2d-2) experimental; urgency=medium
+
+ * Build with no-ssl3-method to remove all SSLv3 support. This results in
+ the functions SSLv3_method(), SSLv3_server_method() and
+ SSLv3_client_method() being removed from libssl. Change the soname as
+ result of that and also changes name of the binary package.
+ (Closes: #768476)
+ * Enable rfc3779 and cms support (Closes: #630790)
+ * Fix cross compilation for mips architectures. (Closes: #782492)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 06 Sep 2015 14:21:27 +0200
+
+openssl (1.0.2d-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2015-1793
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 09 Jul 2015 18:22:26 +0200
+
+openssl (1.0.2c-1) unstable; urgency=medium
+
+ * New upstream version
+ - Fixes ABI (Closes: #788511)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 12 Jun 2015 20:35:12 +0200
+
+openssl (1.0.2b-1) unstable; urgency=high
+
+ * New upstream version
+ - Fix CVE-2015-4000
+ - Fix CVE-2015-1788
+ - Fix CVE-2015-1789
+ - Fix CVE-2015-1790
+ - Fix CVE-2015-1792
+ - Fix CVE-2015-1791
+ * Update c_rehash-compat.patch to make it apply to the new version.
+ * Remove openssl-pod-misspell.patch applied upstream
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 11 Jun 2015 18:20:38 +0200
+
+openssl (1.0.2a-1) unstable; urgency=medium
+
+ * New upstrema version
+ - Fix CVE-2015-0286
+ - Fix CVE-2015-0287
+ - Fix CVE-2015-0289
+ - Fix CVE-2015-0293 (not affected, SSLv2 disabled)
+ - Fix CVE-2015-0209
+ - Fix CVE-2015-0288
+ - Fix CVE-2015-0291
+ - Fix CVE-2015-0290
+ - Fix CVE-2015-0207
+ - Fix CVE-2015-0208
+ - Fix CVE-2015-1787
+ - Fix CVE-2015-0285
+ * Temporary enable SSLv3 methods again, but they will go away.
+ * Don't set TERMIO anymore, use the default TERMIOS instead.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 30 Apr 2015 23:37:27 +0200
+
+openssl (1.0.2-1) experimental; urgency=medium
+
+ * New upstream release
+ - Fixes CVE-2014-3571
+ - Fixes CVE-2015-0206
+ - Fixes CVE-2014-3569
+ - Fixes CVE-2014-3572
+ - Fixes CVE-2015-0204
+ - Fixes CVE-2015-0205
+ - Fixes CVE-2014-8275
+ - Fixes CVE-2014-3570
+ - Drop git_snapshot.patch
+ * Drop gnu_source.patch, dgst_hmac.patch, stddef.patch,
+ no_ssl3_method.patch: applied upstream
+ * Update patches to apply
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 23 Jan 2015 18:54:13 +0100
+
+openssl (1.0.2~beta3-1) experimental; urgency=low
+
+ * New usptream beta version
+ * Add git snapshot
+ * Merge changes between 1.0.1h-3 and 1.0.1j-1:
+ - Disables SSLv3 because of CVE-2014-3566
+ * Drop patch rehash-crt.patch: partially applied upstream.
+ c_rehash now doesn't support files in DER format anymore.
+ * Drop patch rehash_pod.patch: applied upstream
+ * Update c_rehash-compat.patch to apply to new upstream version. This
+ undoes upstream's "-old" option and creates both the new and old again.
+ It now also does it for CRLs.
+ * Drop defaults.patch, applied upstream
+ * dgst_hmac.patch updated to apply to upstream version.
+ * engines-path.patch updated to apply to upstream version.
+ * Update list of exported symbols
+ * Update symbols files to require beta3
+ * Enable unit tests
+ * Add patch to add support for the no-ssl3-method option that completly
+ disable SSLv3 and pass the option. This drops the following functions
+ from the library: SSLv3_method, SSLv3_server_method and
+ SSLv3_client_method
+ * Build using OPENSSL_NO_BUF_FREELISTS
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 07 Nov 2014 00:20:10 +0100
+
+openssl (1.0.2~beta2-1) experimental; urgency=medium
+
+ * New usptream beta version
+ - Fix CVE-2014-0224
+ - Fix CVE-2014-0221
+ - Fix CVE-2014-0195
+ - Fix CVE-2014-3470
+ - Fix CVE-2014-0198
+ - Fix CVE-2010-5298
+ - Fix CVE-2014-0160
+ - Fix CVE-2014-0076
+ * Merge changes between 1.0.1f-1 and 1.0.1h-3:
+ - postinst: Updated check for restarting services
+ * libdoc-manpgs-pod-spell.patch and openssl-pod-misspell.patch
+ partially applied upstream
+ * Drop fix-pod-errors.patch, applied upstream.
+ * Add support for ppc64le (Closes: #745657)
+ * Add support for OpenRISC (Closes: #736772)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 23 Jul 2014 19:54:09 +0200
+
+openssl (1.0.2~beta1-1) experimental; urgency=medium
+
+ * New upstream beta version
+ - Update list of symbols that should be exported and adjust the symbols
+ file. This also removes a bunch of duplicate symbols in the linker
+ file.
+ - Fix additional pod errors
+ - Following patches have been applied upstream and are removed:
+ libssl-misspell.patch, pod_req_misspell2.patch,
+ pod_pksc12.misspell.patch, pod_s_server.misspell.patch,
+ pod_x509setflags.misspell.patch, pod_ec.misspell.patch,
+ pkcs12-doc.patch, req_bits.patch
+ - Following patches have been partially applied upstream:
+ libdoc-manpgs-pod-spell.patch, openssl-pod-misspell.patch
+ - Remove openssl_fix_for_x32.patch, different patch applied upstream.
+ * Add support for cross compiling (Closes: #465248)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 25 Feb 2014 00:36:51 +0100
+
+openssl (1.0.1f-1) unstable; urgency=high
+
+ * New upstream version
+ - Fix for TLS record tampering bug CVE-2013-4353
+ - Drop the snapshot patch
+ * update watch file to check for upstream signature and add upstream pgp key.
+ * Drop conflicts against openssh since we now on a released version again.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 06 Jan 2014 18:50:54 +0100
+
+openssl (1.0.1e-6) unstable; urgency=medium
+
+ * Add Breaks: openssh-client (<< 1:6.4p1-1.1), openssh-server (<<
+ 1:6.4p1-1.1). This is to prevent people running into #732940.
+ This Breaks can be removed again when we stop using a git snapshot.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 23 Dec 2013 15:19:17 +0100
+
+openssl (1.0.1e-5) unstable; urgency=low
+
+ * Change default digest to SHA256 instead of SHA1. (Closes: #694738)
+ * Drop support for multiple certificates in 1 file. It never worked
+ properly in the first place, and the only one shipping in
+ ca-certificates has been split.
+ * Fix libdoc-manpgs-pod-spell.patch to only fix spalling errors
+ * Remove make-targets.patch. It prevented the test dir from being cleaned.
+ * Update to a git snapshot of the OpenSSL_1_0_1-stable branch.
+ - Fixes CVE-2013-6449 (Closes: #732754)
+ - Fixes CVE-2013-6450
+ - Drop patches ssltest_no_sslv2.patch cpuid.patch aesni-mac.patch
+ dtls_version.patch get_certificate.patch, since they where all
+ already commited upstream.
+ - adjust fix-pod-errors.patch for the reordering of items in the
+ documentation they've done trying to fix those pod errors.
+ - disable rdrand engine by default (Closes: #732710)
+ * disable zlib support. Fixes CVE-2012-4929 (Closes: #728055)
+ * Add arm64 support (Closes: #732348)
+ * Properly use the default number of bits in req when none are given
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 22 Dec 2013 19:25:35 +0100
+
+openssl (1.0.1e-4) unstable; urgency=low
+
+ [ Peter Michael Green ]
+ * Fix pod errors (Closes: #723954)
+ * Fix clean target
+
+ [ Kurt Roeckx ]
+ * Add mipsn32 and mips64 targets. Patch from Eleanor Chen
+ <chenyueg at gmail.com> (Closes: #720654)
+ * Add support for nocheck in DEB_BUILD_OPTIONS
+ * Update Norwegian translation (Closes: #653574)
+ * Update description of the packages. Patch by Justin B Rye
+ (Closes: #719262)
+ * change to debhelper compat level 9:
+ - change dh_strip call so only the files from libssl1.0.0 get debug
+ symbols.
+ - change dh_makeshlibs call so the engines don't get added to the
+ shlibs
+ * Update Standards-Version from 3.8.0 to 3.9.5. No changes required.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 01 Nov 2013 17:11:53 +0100
+
+openssl (1.0.1e-3) unstable; urgency=low
+
+ * Move <openssl/opensslconf.h> to /usr/include/$(DEB_HOST_MULTIARCH), and
+ mark libssl-dev Multi-Arch: same.
+ Patch by Colin Watson <cjwatson at ubuntu.com> (Closes: #689093)
+ * Add Polish translation (Closes: #658162)
+ * Add Turkish translation (Closes: #660971)
+ * Enable assembler for the arm targets, and remove armeb.
+ Patch by Riku Voipio <riku.voipio at iki.fi> (Closes: #676533)
+ * Add support for x32 (Closes: #698406)
+ * enable ec_nistp_64_gcc_128 on *-amd64 (Closes: #698447)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 20 May 2013 16:56:06 +0200
+
+openssl (1.0.1e-2) unstable; urgency=high
+
+ * Bump shlibs. It's needed for the udeb.
+ * Make cpuid work on cpu's that don't set ecx (Closes: #699692)
+ * Fix problem with AES-NI causing bad record mac (Closes: #701868, #702635, #678353)
+ * Fix problem with DTLS version check (Closes: #701826)
+ * Fix segfault in SSL_get_certificate (Closes: #703031)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 18 Mar 2013 20:37:11 +0100
+
+openssl (1.0.1e-1) unstable; urgency=high
+
+ * New upstream version (Closes: #699889)
+ - Fixes CVE-2013-0169, CVE-2012-2686, CVE-2013-0166
+ - Drop renegiotate_tls.patch, applied upstream
+ - Export new CRYPTO_memcmp symbol, update symbol file
+ * Add ssltest_no_sslv2.patch so that "make test" works.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 11 Feb 2013 19:39:44 +0100
+
+openssl (1.0.1c-5) unstable; urgency=low
+
+ * Re-enable assembler versions on sparc. They shouldn't have
+ been disabled for sparc v9. (Closes: #649841)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 09 Sep 2012 08:43:40 +0200
+
+openssl (1.0.1c-4) unstable; urgency=low
+
+ * Fix the configure rules for alpha (Closes: #672710)
+ * Switch the postinst to sh again, there never was a reason to
+ switch it to bash (Closes: #676398)
+ * Fix pic.patch to not use #ifdef in x86cpuid.s, only .S files are
+ preprocessed. We generate the file again for pic anyway.
+ (Closes: #677468)
+ * Drop Breaks against openssh as it was only for upgrades
+ between versions that were only in testing/unstable.
+ (Closes: #668600)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 17 Jul 2012 11:49:19 +0200
+
+openssl (1.0.1c-3) unstable; urgency=low
+
+ * Disable padlock engine again, causes problems for hosts not supporting it.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 06 Jun 2012 18:29:37 +0200
+
+openssl (1.0.1c-2) unstable; urgency=high
+
+ * Fix renegiotation when using TLS > 1.0. This breaks tor. Patch from
+ upstream. (Closes: #675990)
+ * Enable the padlock engine by default.
+ * Change default bits from 1024 to 2048 (Closes: #487152)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 06 Jun 2012 00:55:42 +0200
+
+openssl (1.0.1c-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2012-2333 (Closes: #672452)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 11 May 2012 18:44:51 +0200
+
+openssl (1.0.1b-1) unstable; urgency=high
+
+ * New upstream version
+ - Remaps SSL_OP_NO_TLSv1_1, so applications linked to 1.0.0
+ can talk to servers supporting TLS 1.1 but not TLS 1.2
+ - Drop rc4_hmac_md5.patch, applied upstream
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 26 Apr 2012 23:34:34 +0200
+
+openssl (1.0.1a-3) unstable; urgency=low
+
+ * Use patch from upstream for the rc4_hmac_md5 issue.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 23:16:30 +0200
+
+openssl (1.0.1a-2) unstable; urgency=low
+
+ * Fix rc4_hmac_md5 on non-i386/amd64 arches.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 21:54:42 +0200
+
+openssl (1.0.1a-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2012-2110
+ - Fix crash in rc4_hmac_md5 (Closes: #666405)
+ - Fixes some issues with talking to other servers when TLS 1.1 and 1.2 is
+ supported
+ - Drop patches no_ssl2.patch vpaes.patch tls1.2_client_algorithms.patch,
+ applied upstream.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 19:54:12 +0200
+
+openssl (1.0.1-4) unstable; urgency=low
+
+ * Use official patch for the vpaes problem, also covering amd64.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 31 Mar 2012 20:54:13 +0200
+
+openssl (1.0.1-3) unstable; urgency=high
+
+ * Fix crash in vpaes (Closes: #665836)
+ * use client version when deciding whether to send supported signature
+ algorithms extension
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 31 Mar 2012 18:35:59 +0200
+
+openssl (1.0.1-2) unstable; urgency=low
+
+ * Properly quote the new cflags in Configure
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 19 Mar 2012 19:56:05 +0100
+
+openssl (1.0.1-1) unstable; urgency=low
+
+ * New upstream version
+ - Remove kfreebsd-pipe.patch, fixed upstream
+ - Update pic.patch, openssl-pod-misspell.patch and make-targets.patch
+ - Add OPENSSL_1.0.1 to version-script.patch and libssl1.0.0.symbols for
+ the new functions.
+ - AES-NI support (Closes: #644743)
+ * pic.patch: upstream made OPENSSL_ia32cap_P and OPENSSL_cpuid_setup
+ hidden on amd64, no need to access it PIC anymore.
+ * pic.patch: Make OPENSSL_ia32cap_P hidden on i386 too (Closes: #663977)
+ * Enable hardening using dpkg-buildflags (Closes: #653495)
+ * s_client and s_server were forcing SSLv3 only connection when SSLv2 was
+ disabled instead of the SSLv2 with upgrade method. (Closes: #664454)
+ * Add Breaks on openssh < 1:5.9p1-4, it has a too strict version check.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 19 Mar 2012 18:23:32 +0100
+
+openssl (1.0.0h-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2012-0884
+ - Fixes CVE-2012-1165
+ - Properly fix CVE-2011-4619
+ - pkg-config.patch applied upstream, remove it.
+ * Enable assembler for all i386 arches. The assembler does proper
+ detection of CPU support, including cpuid support.
+ This should fix a problem with AES 192 and 256 with the padlock
+ engine because of the difference in NO_ASM between the between
+ the i686 optimized library and the engine.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 13 Mar 2012 21:08:17 +0100
+
+openssl (1.0.0g-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2012-0050
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 18 Jan 2012 20:46:13 +0100
+
+openssl (1.0.0f-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2011-4108, CVE-2011-4576, CVE-2011-4619, CVE-2012-0027,
+ CVE-2011-4577
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 12 Jan 2012 19:02:43 +0100
+
+openssl (1.0.0e-3) unstable; urgency=low
+
+ * Don't build v8 and v9 variants of sparc anymore, they're older than
+ the default. (Closes: #649841)
+ * Don't build i486 optimized version, that's the default anyway, and
+ it uses assembler that doesn't always work on i486.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 28 Nov 2011 22:17:26 +0100
+
+openssl (1.0.0e-2.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Block Malaysian's Digicert Sdn. Bhd. certificates by marking them
+ as revoked.
+
+ -- Raphael Geissert <geissert at debian.org> Sun, 06 Nov 2011 01:39:30 -0600
+
+openssl (1.0.0e-2) unstable; urgency=low
+
+ * Add a missing $(DEB_HOST_MULTIARCH)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Sep 2011 17:02:29 +0200
+
+openssl (1.0.0e-1) unstable; urgency=low
+
+ * New upstream version
+ - Fix bug where CRLs with nextUpdate in the past are sometimes accepted
+ by initialising X509_STORE_CTX properly. (CVE-2011-3207)
+ - Fix SSL memory handling for (EC)DH ciphersuites, in particular
+ for multi-threaded use of ECDH. (CVE-2011-3210)
+ - Add protection against ECDSA timing attacks (CVE-2011-1945)
+ * Block DigiNotar certifiates. Patch from
+ Raphael Geissert <geissert at debian.org>
+ * Generate hashes for all certs in a file (Closes: #628780, #594524)
+ Patch from Klaus Ethgen <Klaus at Ethgen.de>
+ * Add multiarch support (Closs: #638137)
+ Patch from Steve Langasek / Ubuntu
+ * Symbols from the gost engine were removed because it didn't have
+ a linker file. Thanks to Roman I Khimov <khimov at altell.ru>
+ (Closes: #631503)
+ * Add support for s390x. Patch from Aurelien Jarno <aurel32 at debian.org>
+ (Closes: #641100)
+ * Add build-arch and build-indep targets to the rules file.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Sep 2011 12:03:13 +0200
+
+openssl (1.0.0d-3) unstable; urgency=low
+
+ * Make it build on sparc64. Patch from Aurelien Jarno. (Closes: #626060)
+ * Apply patches from Scott Schaefer <saschaefer at neurodiverse.org> to
+ fix various pod and spelling errors. (Closes: #622820, #605561)
+ * Add missing symbols for the engines (Closes: #623038)
+ * More spelling fixes from Scott Schaefer (Closes: #395424)
+ * Patch from Scott Schaefer to better document pkcs12 password options
+ (Closes: #462489)
+ * Document dgst -hmac option. Patch by Thorsten Glaser <tg at mirbsd.de>
+ (Closes: #529586)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 13 Jun 2011 12:39:54 +0200
+
+openssl (1.0.0d-2) unstable; urgency=high
+
+ * Make c_rehash also generate the old subject hash. Gnutls applications
+ seem to require it. (Closes: #611102)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Apr 2011 22:36:49 +0200
+
+openssl (1.0.0d-1) unstable; urgency=low
+
+ * New upstream version
+ - Fixes CVE-2011-0014
+ * Make libssl-doc Replaces/Breaks with old libssl-dev packages
+ (Closes: #607609)
+ * Only export the symbols we should, instead of all.
+ * Add symbol file.
+ * Upload to unstable
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 02 Apr 2011 13:19:19 +0000
+
+openssl (1.0.0c-2) experimental; urgency=low
+
+ * Set $ in front of {sparcv9_asm} so that the sparc v9 variant builds.
+ * Always define _GNU_SOURCE, not only for Linux.
+ * Drop SSL2 support (Closes: #589706)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 19 Dec 2010 16:24:16 +0100
+
+openssl (1.0.0c-1) experimental; urgency=low
+
+ * New upstream version (Closes: #578376)
+ - New soname: Rename library packages
+ - Drop patch perl-path.diff, not needed anymore
+ - Drop patches CVE-2010-2939.patch, CVE-2010-3864.patch
+ and CVE-2010-4180.patch: applied upstream.
+ - Update Configure for the new fields for the assembler options
+ per arch. alpha now makes use of assembler.
+ * Move man3 manpages and demos to libssl-doc (Closes: #470594)
+ * Drop .pod files from openssl package (Closes: #518167)
+ * Don't use RC4_CHAR on amd64 and drop rc4-amd64.patch
+ * Stop using BF_PTR2 on (kfreebd-)amd64.
+ * Drop debian-arm from the list of arches.
+ * Update arm arches to use BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
+ BF_PTR instead of BN_LLONG DES_RISC1
+ * ia64: Drop RC4_CHAR, add DES_UNROLL DES_INT
+ * powerpc: Use RC4_CHAR RC4_CHUNK DES_RISC1 instead
+ of DES_RISC2 DES_PTR MD2_CHAR RC4_INDEX
+ * s390: Use RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL instead of BN_LLONG
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 12 Dec 2010 15:37:21 +0100
+
+openssl (0.9.8o-4) unstable; urgency=low
+
+ * Fix CVE-2010-4180 (Closes: #529221)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 06 Dec 2010 20:33:21 +0100
+
+openssl (0.9.8o-3) unstable; urgency=high
+
+ * Fix TLS extension parsing race condition (CVE-2010-3864) (Closes: #603709)
+ * Re-add the engines. They were missing since 0.9.8m-1.
+ Patch by Joerg Schneider. (Closes: #603693)
+ * Not all architectures were build using -g (Closes: #570702)
+ * Add powerpcspe support (Closes: #579805)
+ * Add armhf support (Closes: #596881)
+ * Update translations:
+ - Brazilian Portuguese (Closes: #592154)
+ - Danish (Closes: #599459)
+ - Vietnamese (Closes: #601536)
+ - Arabic (Closes: #596166)
+ * Generate the proper stamp file so that everything doesn't get build twice.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 16 Nov 2010 19:20:55 +0100
+
+openssl (0.9.8o-2) unstable; urgency=high
+
+ * Fix CVE-2010-2939: Double free using ECDH. (Closes: #594415)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 26 Aug 2010 18:25:29 +0200
+
+openssl (0.9.8o-1) unstable; urgency=low
+
+ * New upstream version
+ - Add SHA2 algorithms to SSL_library_init().
+ - aes-x86_64.pl is now PIC, update pic.patch.
+ * Add sparc64 support (Closes: #560240)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 18 Apr 2010 01:42:44 +0200
+
+openssl (0.9.8n-1) unstable; urgency=high
+
+ * New upstream version.
+ - Fixes CVE-2010-0740.
+ - Drop cfb.patch, applied upstream.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 25 Mar 2010 20:30:52 +0100
+
+openssl (0.9.8m-2) unstable; urgency=low
+
+ * Revert CFB block length change preventing reading older files.
+ (Closes: #571810, #571940)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 28 Feb 2010 22:08:49 +0100
+
+openssl (0.9.8m-1) unstable; urgency=low
+
+ * New upstream version
+ - Implements RFC5746, reenables renegotiation but requires the extension.
+ - Fixes CVE-2009-3245
+ - Drop patches CVE-2009-4355.patch, CVE-2009-1378.patch,
+ CVE-2009-1377.patch, CVE-2009-1379.patch, CVE-2009-3555.patch,
+ CVE-2009-2409.patch, CVE-2009-1387.patch, tls_ext_v3.patch,
+ no_check_self_signed.patch: applied upstream
+ - pk7_mime_free.patch removed, code rewritten
+ - ca.diff partially applied upstream
+ - engines-path.patch adjusted, upstream made some minor changes to the
+ build system.
+ - some flags changed values, bump shlibs.
+ * Switch to 3.0 (quilt) source package.
+ * Make sure the package is properly cleaned.
+ * Add ${misc:Depends} to the Depends on all packages.
+ * Fix spelling of extension in the changelog file.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 27 Feb 2010 12:24:03 +0000
+
+openssl (0.9.8k-8) unstable; urgency=high
+
+ * Clean up zlib state so that it will be reinitialized on next use and
+ not cause a memory leak. (CVE-2009-4355, CVE-2008-1678)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Jan 2010 21:26:49 +0100
+
+openssl (0.9.8k-7) unstable; urgency=low
+
+ * Bump the shlibs to require 0.9.8k-1. The following symbols
+ to added between g and k: AES_wrap_key, AES_unwrap_key,
+ ASN1_TYPE_set1, ASN1_STRING_set0, asn1_output_data_fn,
+ SMIME_read_ASN1, BN_X931_generate_Xpq, BN_X931_derive_prime_ex,
+ BN_X931_generate_prime_ex, COMP_zlib_cleanup, CRYPTO_malloc_debug_init,
+ int_CRYPTO_set_do_dynlock_callback, CRYPTO_set_mem_info_functions,
+ CRYPTO_strdup, CRYPTO_dbg_push_info, CRYPTO_dbg_pop_info,
+ CRYPTO_dbg_remove_all_info, OPENSSL_isservice, OPENSSL_init,
+ ENGINE_set_load_ssl_client_cert_function,
+ ENGINE_get_ssl_client_cert_function, ENGINE_load_ssl_client_cert,
+ EVP_CIPHER_CTX_set_flags, EVP_CIPHER_CTX_clear_flags,
+ EVP_CIPHER_CTX_test_flags, HMAC_CTX_set_flags, OCSP_sendreq_new
+ OCSP_sendreq_nbio, OCSP_REQ_CTX_free, RSA_X931_derive_ex,
+ RSA_X931_generate_key_ex, X509_ALGOR_set0, X509_ALGOR_get0,
+ X509at_get0_data_by_OBJ, X509_get1_ocsp
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 28 Nov 2009 14:34:26 +0100
+
+openssl (0.9.8k-6) unstable; urgency=low
+
+ * Disable SSL/TLS renegotiation (CVE-2009-3555) (Closes: #555829)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 12 Nov 2009 18:10:31 +0000
+
+openssl (0.9.8k-5) unstable; urgency=low
+
+ * Don't check self signed certificate signatures in X509_verify_cert()
+ (Closes: #541735)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 11 Sep 2009 15:42:32 +0200
+
+openssl (0.9.8k-4) unstable; urgency=low
+
+ * Split all the patches into a separate files
+ * Stop undefinging HZ, the issue on alpha should be fixed.
+ * Remove MD2 from digest algorithm table. (CVE-2009-2409) (Closes: #539899)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 11 Aug 2009 21:19:18 +0200
+
+openssl (0.9.8k-3) unstable; urgency=low
+
+ * Make rc4-x86_64 PIC. Based on patch from Petr Salinger (Closes: #532336)
+ * Add workaround for kfreebsd that can't see the different between
+ two pipes. Patch from Petr Salinger.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 13 Jun 2009 18:15:46 +0200
+
+openssl (0.9.8k-2) unstable; urgency=low
+
+ * Move libssl0.9.8-dbg to the debug section.
+ * Use the rc4 assembler on kfreebsd-amd64 (Closes: #532336)
+ * Split the line to generate md5-x86_64.s in the Makefile. This will
+ hopefully fix the build issue on kfreebsd that now outputs the file
+ to stdout instead of the file.
+ * Fix denial of service via an out-of-sequence DTLS handshake message
+ (CVE-2009-1387) (Closes: #532037)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 08 Jun 2009 19:05:56 +0200
+
+openssl (0.9.8k-1) unstable; urgency=low
+
+ * New upstream release
+ - 0.9.8i fixed denial of service via a DTLS ChangeCipherSpec packet
+ that occurs before ClientHello (CVE-2009-1386)
+ * Make aes-x86_64.pl use PIC.
+ * Fix security issues (Closes: #530400)
+ - "DTLS record buffer limitation bug." (CVE-2009-1377)
+ - "DTLS fragment handling" (CVE-2009-1378)
+ - "DTLS use after free" (CVE-2009-1379)
+ * Fixed Configure for hurd: use -mtune=i486 instead of -m486
+ Patch by Marc Dequènes (Duck) <duck at hurdfr.org> (Closes: #530459)
+ * Add support for avr32 (Closes: #528648)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 16 May 2009 17:33:55 +0200
+
+openssl (0.9.8g-16) unstable; urgency=high
+
+ * Properly validate the length of an encoded BMPString and UniversalString
+ (CVE-2009-0590) (Closes: #522002)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 01 Apr 2009 22:04:53 +0200
+
+openssl (0.9.8g-15) unstable; urgency=low
+
+ * Internal calls to didn't properly check for errors which
+ resulted in malformed DSA and ECDSA signatures being treated as
+ a good signature rather than as an error. (CVE-2008-5077)
+ * ipv6_from_asc() could write 1 byte longer than the buffer in case
+ the ipv6 address didn't have "::" part. (Closes: #506111)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 05 Jan 2009 21:14:31 +0100
+
+openssl (0.9.8g-14) unstable; urgency=low
+
+ * Don't give the warning about security updates when upgrading
+ from etch since it doesn't have any known security problems.
+ * Automaticly use engines that succesfully initialised. Patch
+ from the 0.9.8h upstream version. (Closes: #502177)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 31 Oct 2008 22:45:14 +0100
+
+openssl (0.9.8g-13) unstable; urgency=low
+
+ * Fix a problem with tlsext preventing firefox 3 from connection.
+ Patch from upstream CVS and part of 0.9.8h.
+ (Closes: #492758)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 03 Aug 2008 19:47:10 +0200
+
+openssl (0.9.8g-12) unstable; urgency=low
+
+ * add the changelog of the 10.1 NMU to make bugtracking happy
+
+ -- Christoph Martin <Christoph.Martin at Uni-Mainz.DE> Tue, 22 Jul 2008 14:58:26 +0200
+
+openssl (0.9.8g-11) unstable; urgency=low
+
+ [ Christoph Martin ]
+ * updated cs, gl, sv, ru, ro debconf translation (closes: #480926, #480967,
+ #482465, #484324, #488595)
+ * add Vcs-Svn header (closes: #481654)
+ * fix debian-kfreebsd-i386 build flags (closes: #482275)
+ * add stunnel4 to restart list (closes: #482111)
+ * include fixes from 10.1 NMU by Security team
+ - Fix double free in TLS server name extension which leads to a remote
+ denial of service (CVE-2008-0891; Closes: #483379).
+ - Fix denial of service if the 'Server Key exchange message'
+ is omitted from a TLS handshake which could lead to a client
+ crash (CVE-2008-1672; Closes: #483379).
+ This only works if openssl is compiled with enable-tlsext which is
+ done in Debian.
+ * fix some lintian warnings
+ * update to newest standards version
+
+ -- Christoph Martin <Christoph.Martin at Uni-Mainz.DE> Thu, 17 Jul 2008 09:53:01 +0200
+
+openssl (0.9.8g-10.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security team.
+ * Fix denial of service if the 'Server Key exchange message'
+ is omitted from a TLS handshake which could lead to a client
+ crash (CVE-2008-1672; Closes: #483379).
+ This only works if openssl is compiled with enable-tlsext which is
+ done in Debian.
+ * Fix double free in TLS server name extension which leads to a remote
+ denial of service (CVE-2008-0891; Closes: #483379).
+
+ -- Nico Golde <nion at debian.org> Tue, 27 May 2008 11:13:44 +0200
+
+openssl (0.9.8g-10) unstable; urgency=low
+
+ * undefine HZ so that the code falls back to sysconf(_SC_CLK_TCK)
+ to fix a build failure on alpha.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 08 May 2008 17:56:13 +0000
+
+openssl (0.9.8g-9) unstable; urgency=high
+
+ [ Christoph Martin ]
+ * Include updated debconf translations (closes: #473477, #461597,
+ #461880, #462011, #465517, #475439)
+
+ [ Kurt Roeckx ]
+ * ssleay_rand_add() really needs to call MD_Update() for buf.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 07 May 2008 20:32:12 +0200
+
+openssl (0.9.8g-8) unstable; urgency=high
+
+ * Don't add extensions to ssl v3 connections. It breaks with some
+ other software. (Closes: #471681)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 23 Mar 2008 17:50:04 +0000
+
+openssl (0.9.8g-7) unstable; urgency=low
+
+ * Upload to unstable.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Feb 2008 22:22:29 +0000
+
+openssl (0.9.8g-6) experimental; urgency=low
+
+ * Bump shlibs.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 09 Feb 2008 15:42:22 +0100
+
+openssl (0.9.8g-5) experimental; urgency=low
+
+ * Enable tlsext. This changes the ABI, but should hopefully
+ not cause any problems. (Closes: #462596)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 09 Feb 2008 13:32:49 +0100
+
+openssl (0.9.8g-4) unstable; urgency=low
+
+ * Fix aes ige test speed not to overwrite it's buffer and
+ cause segfauls. Thanks to Tim Hudson (Closes: #459619)
+ * Mark some strings in the templates as non translatable.
+ Patch from Christian Perrier <bubulle at debian.org> (Closes: #450418)
+ * Update Dutch debconf translation (Closes: #451290)
+ * Update French debconf translation (Closes: #451375)
+ * Update Catalan debconf translation (Closes: #452694)
+ * Update Basque debconf translation (Closes: #457285)
+ * Update Finnish debconf translation (Closes: #458261)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 16 Jan 2008 21:49:43 +0100
+
+openssl (0.9.8g-3) unstable; urgency=low
+
+ * aes-586.pl: push %ebx on the stack before we put some things on the
+ stack and call a function, giving AES_decrypt() wrong values to work
+ with. (Closes: #449200)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 04 Nov 2007 21:49:00 +0100
+
+openssl (0.9.8g-2) unstable; urgency=low
+
+ * Avoid text relocations on i386 caused by the assembler versions:
+ - x86unix.pl: Create a function_begin_B_static to create a
+ static/local assembler function.
+ - aes-586.pl: Use the function_begin_B_static for _x86_AES_decrypt
+ so that it doesn't get exported and doesn't have any (text) relocations.
+ - aes-586.pl: Set up ebx to point to the GOT and call AES_set_encrypt_key
+ via the PLT to avoid a relocation.
+ - x86unix.pl: Call the init function via the PLT, avoiding a relocation
+ in case of a PIC object.
+ - cbc.pl: Call functions via the PLT.
+ - desboth.pl: Call DES_encrypt2 via the PLT.
+ * CA.sh should use the v3_ca extension when called with -newca
+ (Closes: #428051)
+ * Use -Wa,--noexecstack for all arches in Debian. (Closes: #430583)
+ * Convert the failure message when services fail restart to a debconf
+ message.
+ * To restart a service, just restart, instead of stop and start.
+ Hopefully fixes #444946
+ * Also remove igetest from the test dir in the clean target.
+ (Closes: #424362)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 03 Nov 2007 13:25:45 +0100
+
+openssl (0.9.8g-1) unstable; urgency=low
+
+ * New upstream release
+ - Fixes version number not to say it's a development version.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 20 Oct 2007 12:47:10 +0200
+
+openssl (0.9.8f-1) unstable; urgency=low
+
+ * New upstream release
+ - Fixes DTLS issues, also fixes CVE-2007-4995 (Closes: #335703, #439737)
+ - Proper inclusion of opensslconf.h in pq_compat.h (Closes: #408686)
+ - New function SSL_set_SSL_CTX: bump shlibs.
+ * Remove build dependency on gcc > 4.2
+ * Remove the openssl preinst, it looks like a workaround
+ for a change in 0.9.2b where config files got moved. (Closes: #445095)
+ * Update debconf translations:
+ - Vietnamese (Closes: #426988)
+ - Danish (Closes: #426774)
+ - Slovak (Closes: #440723)
+ - Finnish (Closes: #444258)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 13 Oct 2007 00:47:22 +0200
+
+openssl (0.9.8e-9) unstable; urgency=high
+
+ * CVE-2007-5135: Fix off by one error in SSL_get_shared_ciphers().
+ (Closes: #444435)
+ * Add postgresql-8.2 to the list of services to check.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 28 Sep 2007 19:47:33 +0200
+
+openssl (0.9.8e-8) unstable; urgency=low
+
+ * Fix another case of the "if this code is reached, the program will abort"
+ (Closes: #429740)
+ * Temporary force to build with gcc >= 4.2
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 02 Sep 2007 18:12:11 +0200
+
+openssl (0.9.8e-7) unstable; urgency=low
+
+ * Fix problems with gcc-4.2 (Closes: #429740)
+ * Stop using -Bsymbolic to create the shared library.
+ * Make x86_64cpuid.pl use PIC.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 02 Sep 2007 16:15:18 +0200
+
+openssl (0.9.8e-6) unstable; urgency=high
+
+ * Add fix for CVE-2007-3108 (Closes: #438142)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 15 Aug 2007 19:49:54 +0200
+
+openssl (0.9.8e-5) unstable; urgency=low
+
+ [ Christian Perrier ]
+ * Debconf templates proofread and slightly rewritten by
+ the debian-l10n-english team as part of the Smith Review Project.
+ Closes: #418584
+ * Debconf templates translations:
+ - Arabic. Closes: #418669
+ - Russian. Closes: #418670
+ - Galician. Closes: #418671
+ - Swedish. Closes: #418679
+ - Korean. Closes: #418755
+ - Czech. Closes: #418768
+ - Basque. Closes: #418784
+ - German. Closes: #418785
+ - Traditional Chinese. Closes: #419915
+ - Brazilian Portuguese. Closes: #419959
+ - French. Closes: #420429
+ - Italian. Closes: #420461
+ - Japanese. Closes: #420482
+ - Catalan. Closes: #420833
+ - Dutch. Closes: #420925
+ - Malayalam. Closes: #420986
+ - Portuguese. Closes: #421032
+ - Romanian. Closes: #421708
+
+ [ Kurt Roeckx ]
+ * Remove the Provides for the udeb. Patch from Frans Pop. (Closes: #419608)
+ * Updated Spanish debconf template. (Closes: #421336)
+ * Do the header changes, changing those defines into real functions,
+ and bump the shlibs to match.
+ * Update Japanese debconf translation. (Closes: #422270)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 15 May 2007 17:21:08 +0000
+
+openssl (0.9.8e-4) unstable; urgency=low
+
+ * openssl should depend on libssl0.9.8 0.9.8e-1 since it
+ uses some of the defines that changed to functions.
+ Other things build against libssl or libcrypto shouldn't
+ have this problem since they use the old headers.
+ (Closes: #414283)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Mar 2007 17:11:46 +0000
+
+openssl (0.9.8e-3) unstable; urgency=low
+
+ * Add nagios-nrpe-server to the list of services to be checked
+ (Closes: #391188)
+ * EVP_CIPHER_CTX_key_length() should return the set key length in the
+ EVP_CIPHER_CTX structure which may not be the same as the underlying
+ cipher key length for variable length ciphers.
+ From upstream CVS. (Closes: #412979)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 4 Mar 2007 23:22:51 +0000
+
+openssl (0.9.8e-2) unstable; urgency=low
+
+ * Undo include changes that change defines into real functions,
+ but keep the new functions in the library.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 25 Feb 2007 19:19:19 +0000
+
+openssl (0.9.8e-1) unstable; urgency=low
+
+ * New upstream release
+ - Inludes security fixes for CVE-2006-2937, CVE-2006-2940,
+ CVE-2006-3738, CVE-2006-4343 (Closes: #408902)
+ - s_client now properly works with SMTP. Also added support
+ for IMAP. (closes: #221689)
+ - Load padlock modules (Closes: #345656, #368476)
+ * Add clamav-freshclam and clamav-daemon to the list of service that
+ need to be restarted. (Closes: #391191)
+ * Add armel support. Thanks to Guillem Jover <guillem.jover at nokia.com>
+ for the patch. (Closes: #407196)
+ * Add Portuguese translations. Thanks to Carlos Lisboa. (Closes: 408157)
+ * Add Norwegian translations. Thanks to Bjørn Steensrud
+ <bjornst at powertech.no> (Closes: #412326)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 25 Feb 2007 18:06:28 +0000
+
+openssl (0.9.8c-4) unstable; urgency=low
+
+ * Add German debconf translation. Thanks to
+ Johannes Starosta <feedback-an-johannes at arcor.de> (Closes: #388108)
+ * Make c_rehash look for both .pem and .crt files. Also make it support
+ files in DER format. Patch by "Yauheni Kaliuta" <y.kaliuta at gmail.com>
+ (Closes: #387089)
+ * Use & instead of && to check a flag in the X509 policy checking.
+ Patch from upstream cvs. (Closes: #397151)
+ * Also restart slapd for security updates (Closes: #400221)
+ * Add Romanian debconf translation. Thanks to
+ stan ioan-eugen <stan.ieugen at gmail.com> (Closes: #393507)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 30 Nov 2006 20:57:46 +0000
+
+openssl (0.9.8c-3) unstable; urgency=low
+
+ * Fix patch for CVE-2006-2940, it left ctx unintiliased.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 2 Oct 2006 18:05:00 +0200
+
+openssl (0.9.8c-2) unstable; urgency=high
+
+ * Fix security vulnerabilities (CVE-2006-2937, CVE-2006-2940,
+ CVE-2006-3738, CVE-2006-4343). Urgency set to high.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 27 Sep 2006 21:24:55 +0000
+
+openssl (0.9.8c-1) unstable; urgency=low
+
+ * New upstream release
+ - block padding bug with compression now fixed upstream, using
+ their patch.
+ - Includes the RSA Signature Forgery (CVE-2006-4339) patch.
+ - New functions AES_bi_ige_encrypt and AES_ige_encrypt:
+ bumping shlibs to require 0.9.8c-1.
+ * Change the postinst script to check that ntp is installed instead
+ of ntp-refclock and ntp-simple. The binary is now in the ntp
+ package.
+ * Move the modified rand/md_rand.c file to the right place,
+ really fixing #363516.
+ * Add partimage-server conserver-server and tor to the list of service
+ to check for restart. Add workaround for openssh-server so it finds
+ the init script. (Closes: #386365, #386400, #386513)
+ * Add manpage for c_rehash.
+ Thanks to James Westby <jw+debian at jameswestby.net> (Closes: #215618)
+ * Add Lithuanian debconf translation.
+ Thanks to Gintautas Miliauskas <gintas at akl.lt> (Closes: #374364)
+ * Add m32r support.
+ Thanks to Kazuhiro Inaoka <inaoka.kazuhiro at renesas.com>
+ (Closes: #378689)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 17 Sep 2006 14:47:59 +0000
+
+openssl (0.9.8b-3) unstable; urgency=high
+
+ * Fix RSA Signature Forgery (CVE-2006-4339) using patch provided
+ by upstream.
+ * Restart services using a smaller version that 0.9.8b-3, so
+ they get the fixed version.
+ * Change the postinst to check for postfix instead of postfix-tls.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 5 Sep 2006 18:26:10 +0000
+
+openssl (0.9.8b-2) unstable; urgency=low
+
+ * Don't call gcc with -mcpu on i386, we already use -march, so no need for
+ -mtune either.
+ * Always make all directories when building something:
+ - The engines directory didn't get build for the static directory, so
+ where missing in libcrypo.a
+ - The apps directory didn't always get build, so we didn't have an openssl
+ and a small part of the regression tests failed.
+ * Make the package fail to build if the regression tests fail.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 15 May 2006 16:00:58 +0000
+
+openssl (0.9.8b-1) unstable; urgency=low
+
+ * New upstream release
+ - New functions added (EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_free), bump shlibs.
+ - CA.pl/CA.sh now calls openssl ca with -extensions v3_ca, setting CA:TRUE
+ instead of FALSE.
+ - CA.pl/CA.sh creates crlnumber now. (Closes: #347612)
+ * Run debconf-updatepo, which really already was in the 0.9.8a-8 version
+ as it was uploaded.
+ * Add Galician debconf translation. Patch from
+ Jacobo Tarrio <jtarrio at trasno.net> (Closes: #361266)
+ * libssl0.9.8.postinst makes uses of bashisms (local variables)
+ so use #!/bin/bash
+ * libssl0.9.8.postinst: Call set -e after sourcing the debconf
+ script.
+ * libssl0.9.8.postinst: Change list of service that may need
+ to be restarted:
+ - Replace ssh by openssh-server
+ - Split postgresql in postgresql-7.4 postgresql-8.0 postgresql-8.1
+ - Add: dovecot-common bind9 ntp-refclock ntp-simple openntpd clamcour
+ fetchmail ftpd-ssl proftpd proftpd-ldap proftpd-mysql proftpd-pgsql
+ * libssl0.9.8.postinst: The check to see if something was installed
+ wasn't working.
+ * libssl0.9.8.postinst: Add workaround to find the name of the init
+ script for proftpd and dovecot.
+ * libssl0.9.8.postinst: Use invoke-rc.d when it's available.
+ * Change Standards-Version to 3.7.0:
+ - Make use of invoke-rc.d
+ * Add comment to README.Debian that rc5, mdc2 and idea have been
+ disabled (since 0.9.6b-3) (Closes: #362754)
+ * Don't add uninitialised data to the random number generator. This stop
+ valgrind from giving error messages in unrelated code.
+ (Closes: #363516)
+ * Put the FAQ in the openssl docs.
+ * Add russian debconf translations from Yuriy Talakan <yt at amur.elektra.ru>
+ (Closes #367216)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 4 May 2006 20:40:03 +0200
+
+openssl (0.9.8a-8) unstable; urgency=low
+
+ * Call pod2man with the proper section. Section changed
+ from 1/3/5/7 to 1SSL/3SSL/5SSL/7SSL. The name of the files
+ already had the ssl in, the section didn't. The references
+ to other manpage is still wrong.
+ * Don't install the LICENSE file, it's already in the copyright file.
+ * Don't set an rpath on openssl to point to /usr/lib.
+ * Add support for kfreebsd-amd64. (Closes: #355277)
+ * Add udeb to the shlibs. Patch from Frans Pop <aragorn at tiscali.nl>
+ (Closes: #356908)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 11 Feb 2006 14:14:37 +0100
+
+openssl (0.9.8a-7) unstable; urgency=high
+
+ * Add italian debconf templates. Thanks to Luca Monducci.
+ (Closes: #350249)
+ * Change the debconf question to use version 0.9.8-3
+ instead of 0.9.8-1, since that's the last version
+ with a security fix.
+ * Call conn_state() if the BIO is not in the BIO_CONN_S_OK state
+ (Closes: #352047). RC bug affecting testing, so urgency high.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 9 Feb 2006 19:07:56 +0100
+
+openssl (0.9.8a-6) unstable; urgency=low
+
+ * Remove empty postinst/preinst/prerm scripts. There is no need
+ to have empty ones, debhelper will add them when needed.
+ * Remove the static pic libraries. Nobody should be linking
+ it's shared libraries static to libssl or libcrypto.
+ This was added for opensc who now links to it shared.
+ * Do not assume that in case the sequence number is 0 and the
+ packet has an odd number of bytes that the other side has
+ the block padding bug, but try to check that it actually
+ has the bug. The wrong detection of this bug resulted
+ in an "decryption failed or bad record mac" error in case
+ both sides were using zlib compression. (Closes: #338006)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 21 Jan 2006 16:25:41 +0100
+
+openssl (0.9.8a-5) unstable; urgency=low
+
+ * Stop ssh from crashing randomly on sparc (Closes: #335912)
+ Patch from upstream cvs.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 13 Dec 2005 21:37:42 +0100
+
+openssl (0.9.8a-4) unstable; urgency=low
+
+ * Call dh_makeshlibs with the proper version instead of putting
+ it in shlibs.local, which doesn't seem to do anything. 0.9.8a-1
+ added symbol versioning, so it should have bumped the shlibs.
+ (Closes: #338284)
+ * The openssl package had a duplicate dependency on libssl0.9.8,
+ only require the version as required by the shlibs.
+ * Make libssl-dev depend on zlib1g-dev, since it's now required for
+ static linking. (Closes: #338313)
+ * Generate .pc files that make use of Libs.private, so things only
+ link to the libraries they should when linking shared.
+ * Use -m64 instead of -bpowerpc64-linux on ppc64. (Closes: #335486)
+ * Make powerpc and ppc64 use the assembler version for bn. ppc64
+ had the location in the string wrong, powerpc had it missing.
+ * Add includes for stddef to get size_t in md2.h, md4.h, md5.h,
+ ripemd.h and sha.h. (Closes: #333101)
+ * Run make test for each of the versions we build, make it
+ not fail the build process if an error is found.
+ * Add build dependency on bc for the regression tests.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Nov 2005 16:01:05 +0100
+
+openssl (0.9.8a-3) unstable; urgency=high
+
+ * Link to libz instead of dynamicly loading it. It gets loaded
+ at the moment the library is initialised, so there is no point
+ in not linking to it. It's now failing in some cases since
+ it's not opened by it's soname, but by the symlink to it.
+ This should hopefully solve most of the bugs people have reported
+ since the move to libssl0.9.8.
+ (Closes: #334180, #336140, #335271)
+ * Urgency set to high because it fixes a grave bug affecting testing.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 1 Nov 2005 14:56:40 +0100
+
+openssl (0.9.8a-2) unstable; urgency=low
+
+ * Add Build-Dependency on m4, since sparc needs it to generate
+ it's assembler files. (Closes: #334542)
+ * Don't use rc4-x86_64.o on amd64 for now, it seems to be broken
+ and causes a segfault. (Closes: #334501, #334502)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 18 Oct 2005 19:05:53 +0200
+
+openssl (0.9.8a-1) unstable; urgency=low
+
+ Christoph Martin:
+ * fix asm entries for some architectures, fixing #332758 properly.
+ * add noexecstack option to i386 subarch
+ * include symbol versioning in Configure (closes: #330867)
+ * include debian-armeb arch (closes: #333579)
+ * include new upstream patches; includes some minor fixes
+ * fix dh_shlibdeps line, removing the redundant dependency on
+ libssl0.9.8 (closes: #332755)
+ * add swedish debconf template (closes: #330554)
+
+ Kurt Roeckx:
+ * Also add noexecstack option for amd64, since it now has an
+ executable stack with the assembler fixes for amd64.
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 17 Oct 2005 17:01:06 +0200
+
+openssl (0.9.8-3) unstable; urgency=low
+
+ * Apply security fix for CAN-2005-2969. (Closes: #333500)
+ * Change priority of -dbg package to extra.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 12 Oct 2005 22:38:58 +0200
+
+openssl (0.9.8-2) unstable; urgency=low
+
+ * Don't use arch specific assembler. Should fix build failure on
+ ia64, sparc and amd64. (Closes: #332758)
+ * Add myself to the uploaders.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 10 Oct 2005 19:22:36 +0200
+
+openssl (0.9.8-1) unstable; urgency=low
+
+ * New upstream release (closes: #311826)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 29 Sep 2005 14:20:04 +0200
+
+openssl (0.9.7g-3) unstable; urgency=low
+
+ * change Configure line for debian-freebsd-i386 to debian-kfreebsd-i386
+ (closes: #327692)
+ * include -dbg version. That implies compiling with -g and without
+ -fomit-frame-pointer (closes: #293823, #153811)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 23 Sep 2005 13:51:57 +0200
+
+openssl (0.9.7g-2) unstable; urgency=low
+
+ * really include nl translation
+ * remove special ia64 code from rc4 code to make the abi compatible to
+ older 0.9.7 versions (closes: #310489, #309274)
+ * fix compile flag for debian-ppc64 (closes: #318750)
+ * small fix in libssl0.9.7.postinst (closes: #239956)
+ * fix pk7_mime.c to prevent garbled messages because of to early memory
+ free (closes: #310184)
+ * include vietnamese debconf translation (closes: #316689)
+ * make optimized i386 libraries have non executable stack (closes:
+ #321721)
+ * remove leftover files from ssleay
+ * move from dh_installmanpages to dh_installman
+ * change Maintainer to pkg-openssl-devel at lists.alioth.debian.org
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 7 Sep 2005 15:32:54 +0200
+
+openssl (0.9.7g-1) unstable; urgency=low
+
+ * New upstream release
+ * Added support for proxy certificates according to RFC 3820.
+ Because they may be a security thread to unaware applications,
+ they must be explicitely allowed in run-time. See
+ docs/HOWTO/proxy_certificates.txt for further information.
+ * Prompt for pass phrases when appropriate for PKCS12 input format.
+ * Back-port of selected performance improvements from development
+ branch, as well as improved support for PowerPC platforms.
+ * Add lots of checks for memory allocation failure, error codes to indicate
+ failure and freeing up memory if a failure occurs.
+ * Perform some character comparisons of different types in X509_NAME_cmp:
+ this is needed for some certificates that reencode DNs into UTF8Strings
+ (in violation of RFC3280) and can't or wont issue name rollover
+ certificates.
+ * corrected watchfile
+ * added upstream source url (closes: #292904)
+ * fix typo in CA.pl.1 (closes: #290271)
+ * change debian-powerpc64 to debian-ppc64 and adapt the configure
+ options to be the same like upstream (closes: #289841)
+ * include -signcert option in CA.pl usage
+ * compile with zlib-dynamic to use system zlib (closes: #289872)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 9 May 2005 23:32:03 +0200
+
+openssl (0.9.7e-3) unstable; urgency=high
+
+ * really fix der_chop. The fix from -1 was not really included (closes:
+ #281212)
+ * still fixes security problem CAN-2004-0975 etc.
+ - tempfile raise condition in der_chop
+ - Avoid a race condition when CRLs are checked in a multi threaded
+ environment.
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Dec 2004 18:41:29 +0100
+
+openssl (0.9.7e-2) unstable; urgency=high
+
+ * fix perl path in der_chop and c_rehash (closes: #281212)
+ * still fixes security problem CAN-2004-0975 etc.
+ - tempfile raise condition in der_chop
+ - Avoid a race condition when CRLs are checked in a multi threaded
+ environment.
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 14 Nov 2004 20:16:21 +0100
+
+openssl (0.9.7e-1) unstable; urgency=high
+
+ * SECURITY UPDATE: fix insecure temporary file handling
+ * apps/der_chop:
+ - replaced $$-style creation of temporary files with
+ File::Temp::tempfile()
+ - removed unused temporary file name in do_certificate()
+ * References:
+ CAN-2004-0975 (closes: #278260)
+ * fix ASN1_STRING_to_UTF8 with UTF8 (closes: #260357)
+ * New upstream release with security fixes
+ - Avoid a race condition when CRLs are checked in a multi threaded
+ environment.
+ - Various fixes to s3_pkt.c so alerts are sent properly.
+ - Reduce the chances of duplicate issuer name and serial numbers (in
+ violation of RFC3280) using the OpenSSL certificate creation
+ utilities.
+ * depends openssl on perl-base instead of perl (closes: #280225)
+ * support powerpc64 in Configure (closes: #275224)
+ * include cs translation (closes: #273517)
+ * include nl translation (closes: #272479)
+ * Fix default dir of c_rehash (closes: #253126)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 12 Nov 2004 14:11:15 +0100
+
+openssl (0.9.7d-5) unstable; urgency=low
+
+ * Make S/MIME encrypt work again (backport from CVS) (closes: #241407,
+ #241386)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 26 Jul 2004 17:22:42 +0200
+
+openssl (0.9.7d-4) unstable; urgency=low
+
+ * add Catalan translation (closes: #248749)
+ * add Spanish translation (closes: #254561)
+ * include NMU fixes: see below
+ * decrease optimisation level for debian-arm to work around gcc bug
+ (closes: #253848) (thanks to Steve Langasek and Thom May)
+ * Add libcrypto0.9.7-udeb. (closes: #250010) (thanks to Bastian Blank)
+ * Add watchfile
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 14 Jul 2004 14:31:02 +0200
+
+openssl (0.9.7d-3) unstable; urgency=low
+
+ * rename -pic.a libraries to _pic.a (closes: #250016)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 24 May 2004 17:02:29 +0200
+
+openssl (0.9.7d-2) unstable; urgency=low
+
+ * include PIC libs (libcrypto-pic.a and libssl-pic.a) to libssl-dev
+ (closes: #246928, #243999)
+ * add racoon to restart list (closes: #242652)
+ * add Brazilian, Japanese and Danish translations (closes: #242087,
+ #241830, #241705)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 11 May 2004 10:13:49 +0200
+
+openssl (0.9.7d-1) unstable; urgency=high
+
+ * new upstream
+ * fixes security holes (http://www.openssl.org/news/secadv_20040317.txt)
+ (closes: #238661)
+ * includes support for debian-amd64 (closes: #235551, #232310)
+ * fix typo in pem.pod (closes: #219873)
+ * fix typo in libssl0.9.7.templates (closes: #224690)
+ * openssl suggests ca-certificates (closes: #217180)
+ * change debconf template to gettext format (closes: #219013)
+ * include french debconf template (closes: #219014)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 18 Mar 2004 16:18:43 +0100
+
+openssl (0.9.7c-5) unstable; urgency=low
+
+ * include openssl.pc into libssl-dev (closes: #212545)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Oct 2003 16:31:32 +0200
+
+openssl (0.9.7c-4) unstable; urgency=low
+
+ * change question to restart services to debconf (closes: #214840)
+ * stop using dh_undocumented (closes: #214831)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 10 Oct 2003 15:40:48 +0200
+
+openssl (0.9.7c-3) unstable; urgency=low
+
+ * fix POSIX conformance for head in libssl0.9.7.postinst (closes:
+ #214700)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 8 Oct 2003 14:02:38 +0200
+
+openssl (0.9.7c-2) unstable; urgency=low
+
+ * add filerc macro to libssl0.9.7.postinst (closes: #213906)
+ * restart spamassassins spamd on upgrade (closes: #214106)
+ * restart more services on upgrade
+ * fix EVP_BytesToKey manpage (closes: #213715)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 7 Oct 2003 15:01:32 +0200
+
+openssl (0.9.7c-1) unstable; urgency=high
+
+ * upstream security fix (closes: #213451)
+ - Fix various bugs revealed by running the NISCC test suite:
+ Stop out of bounds reads in the ASN1 code when presented with
+ invalid tags (CAN-2003-0543 and CAN-2003-0544).
+ Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
+ If verify callback ignores invalid public key errors don't try to check
+ certificate signature with the NULL public key.
+ - In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
+ if the server requested one: as stated in TLS 1.0 and SSL 3.0
+ specifications.
+ * more minor upstream bugfixes
+ * fix formatting in c_issuer (closes: #190026)
+ * fix Debian-FreeBSD support (closes: #200381)
+ * restart some services in postinst to make them use the new libraries
+ * remove duplicated openssl.1, crypto.3 and ssl.3 (closes: #198594)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 1 Oct 2003 08:54:27 +0200
+
+openssl (0.9.7b-2) unstable; urgency=high
+
+ * fix permission of /etc/ssl/private to 700 again
+ * change section of libssl-dev to libdevel
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 23 Apr 2003 11:13:24 +0200
+
+openssl (0.9.7b-1) unstable; urgency=high
+
+ * upstream security fix
+ - Countermeasure against the Klima-Pokorny-Rosa extension of
+ Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+ a protocol version number mismatch like a decryption error
+ in ssl3_get_client_key_exchange (ssl/s3_srvr.c). (CAN-2003-0131)
+ (closes: #189087)
+ - Turn on RSA blinding by default in the default implementation
+ to avoid a timing attack. Applications that don't want it can call
+ RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
+ They would be ill-advised to do so in most cases. (CAN-2003-0147)
+ - Change RSA blinding code so that it works when the PRNG is not
+ seeded (in this case, the secret RSA exponent is abused as
+ an unpredictable seed -- if it is not unpredictable, there
+ is no point in blinding anyway). Make RSA blinding thread-safe
+ by remembering the creator's thread ID in rsa->blinding and
+ having all other threads use local one-time blinding factors
+ (this requires more computation than sharing rsa->blinding, but
+ avoids excessive locking; and if an RSA object is not shared
+ between threads, blinding will still be very fast).
+ for more details see the CHANGES file
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 16 Apr 2003 10:32:57 +0200
+
+openssl (0.9.7a-1) unstable; urgency=high
+
+ * upstream Security fix
+ - In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
+ via timing by performing a MAC computation even if incorrrect
+ block cipher padding has been found. This is a countermeasure
+ against active attacks where the attacker has to distinguish
+ between bad padding and a MAC verification error. (CAN-2003-0078)
+ for more details see the CHANGES file
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 21 Feb 2003 22:39:40 +0100
+
+openssl (0.9.7-4) unstable; urgency=low
+
+ * use DH_COMPAT=3 to build
+ * move i686 to i686/cmov to fix problems on Via C3. For that to work we
+ have to depend on the newest libc6 on i386 (closes: #177891)
+ * fix bug in ui_util.c (closes: #177615)
+ * fix typo in md5.h (closes: #178112)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 24 Jan 2003 10:22:56 +0100
+
+openssl (0.9.7-3) unstable; urgency=low
+
+ * enable build of ultrasparc code on non ultrasparc machines (closes:
+ #177024)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 17 Jan 2003 08:22:13 +0100
+
+openssl (0.9.7-2) unstable; urgency=low
+
+ * include changes between 0.9.6g-9 and -10
+ * fix problem in build-process on i386 with libc6 version number
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 13 Jan 2003 14:26:56 +0100
+
+openssl (0.9.7-1) unstable; urgency=low
+
+ * new upstream
+ * includes engine support
+ * a lot of bugfixes and enhancements, see the CHANGES file
+ * include AES encryption
+ * makes preview of certificate configurable (closes: #176059)
+ * fix x509 manpage (closes: #168070)
+ * fix declaration of ERR_load_PEM_string in pem.h (closes: #141360)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 11 Jan 2003 09:12:16 +0100
+
+openssl (0.9.6g-10) unstable; urgency=low
+
+ * fix problem in build-process on i386 with libc6 version number
+ (closes: #167096)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 4 Nov 2002 12:27:21 +0100
+
+openssl (0.9.6g-9) unstable; urgency=low
+
+ * fix typo in i386 libc6 depend (sigh) (closes: #163848)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 8 Oct 2002 23:29:20 +0200
+
+openssl (0.9.6g-8) unstable; urgency=low
+
+ * fix libc6 depends. Only needed for i386 (closes: #163701)
+ * remove SHLIB section for bsds from Configure (closes: #163585)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 8 Oct 2002 10:57:35 +0200
+
+openssl (0.9.6g-7) unstable; urgency=low
+
+ * enable i686 optimisation and depend on fixed glibc (closes: #163500)
+ * remove transition package ssleay
+ * include optimisation vor sparcv8 (closes: #139996)
+ * improve optimisation vor sparcv9
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 6 Oct 2002 14:07:12 +0200
+
+openssl (0.9.6g-6) unstable; urgency=low
+
+ * temporarily disable i686 optimisation (See bug in glibc #161788)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 21 Sep 2002 18:56:49 +0200
+
+openssl (0.9.6g-5) unstable; urgency=low
+
+ * i486 can use i586 assembler
+ * include set -xe in the for loops in the rules files to make it abort
+ on error (closes: #161768)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 21 Sep 2002 16:23:11 +0200
+
+openssl (0.9.6g-4) unstable; urgency=low
+
+ * fix optimization for alpha and sparc
+ * add optimization for i486
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 20 Sep 2002 22:36:19 +0200
+
+openssl (0.9.6g-3) unstable; urgency=low
+
+ * add optimized libraries for i586, i686, ev4, ev5 and v9 (closes: #139783)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 19 Sep 2002 18:33:04 +0200
+
+openssl (0.9.6g-2) unstable; urgency=low
+
+ * fix manpage names (closes: #156717, #156718, #156719, #156721)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 15 Aug 2002 11:26:37 +0200
+
+openssl (0.9.6g-1) unstable; urgency=low
+
+ * new upstream version
+ * Use proper error handling instead of 'assertions' in buffer
+ overflow checks added in 0.9.6e. This prevents DoS (the
+ assertions could call abort()). (closes: #155985, #156495)
+ * Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
+ and get fix the header length calculation.
+ * include support for new sh* architectures (closes: #155117)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 14 Aug 2002 13:59:22 +0200
+
+openssl (0.9.6e-1) unstable; urgency=high
+
+ * fixes remote exploits (see DSA-136-1)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 30 Jul 2002 18:32:28 +0200
+
+openssl (0.9.6d-1) unstable; urgency=low
+
+ * new upstream (minor) version
+ * includes Configure lines for debian-*bsd-* (closes: #130413)
+ * fix wrong prototype for BN_pseudo_rand_range in BN_rand(3ssl) (closes:
+ #144586)
+ * fix typos in package description (closes: #141469)
+ * fix typo in SSL_CTX_set_cert_store manpage (closes: #135297)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 3 Jun 2002 19:42:10 +0200
+
+openssl (0.9.6c-2) unstable; urgency=low
+
+ * moved from non-US to main
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 19 Mar 2002 14:48:39 +0100
+
+openssl (0.9.6c-1) unstable; urgency=low
+
+ * new upstream version with a lot of bugfixes
+ * remove directory /usr/include/openssl from openssl package (closes:
+ bug #121226)
+ * remove selfdepends from libssl0.9.6
+ * link openssl binary shared again
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 5 Jan 2002 19:04:31 +0100
+
+openssl (0.9.6b-4) unstable; urgency=low
+
+ * build with -D_REENTRANT for threads support on all architectures
+ (closes: #112329, #119239)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 24 Nov 2001 12:17:51 +0100
+
+openssl (0.9.6b-3) unstable; urgency=low
+
+ * disable idea, mdc2 and rc5 because they are not free (closes: #65368)
+ * ready to be moved from nonus to main
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 21 Nov 2001 17:51:41 +0100
+
+openssl (0.9.6b-2) unstable; urgency=high
+
+ * fix definition of crypt in des.h (closes: #107533)
+ * fix descriptions (closes: #109503)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 17 Sep 2001 15:38:27 +0200
+
+openssl (0.9.6b-1) unstable; urgency=medium
+
+ * new upstream fixes some security issues (closes: #105835, #100146)
+ * added support for s390 (closes: #105681)
+ * added support for sh (closes: #100003)
+ * change priority of libssl096 to standard as ssh depends on it (closes:
+ #105440)
+ * don't optimize for i486 to support i386. (closes: #104127, #82194)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 20 Jul 2001 15:52:42 +0200
+
+openssl (0.9.6a-3) unstable; urgency=medium
+
+ * add perl-base to builddeps
+ * include static libraries in libssl-dev (closes: #93688)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 14 May 2001 20:16:06 +0200
+
+openssl (0.9.6a-2) unstable; urgency=medium
+
+ * change Architecture of ssleay from any to all (closes: #92913)
+ * depend libssl-dev on the exact same version of libssl0.9.6 (closes:
+ #88939)
+ * remove lib{crypto,ssl}.a from openssl (closes: #93666)
+ * rebuild with newer gcc to fix atexit problem (closes: #94036)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 2 May 2001 12:28:39 +0200
+
+openssl (0.9.6a-1) unstable; urgency=medium
+
+ * new upstream, fixes some security bugs (closes: #90584)
+ * fix typo in s_server manpage (closes: #89756)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 10 Apr 2001 12:13:11 +0200
+
+openssl (0.9.6-2) unstable; urgency=low
+
+ * policy: reorganisation of package names: libssl096 -> libssl0.9.6,
+ libssl096-dev -> libssl-dev (closes: #83426)
+ * libssl0.9.6 drops replaces libssl09 (Closes: #83425)
+ * install upstream CHANGES files (Closes: #83430)
+ * added support for hppa and ia64 (Closes: #88790)
+ * move man3 manpages to libssl-dev (Closes: #87546)
+ * fix formating problem in rand_add(1) (Closes: #87547)
+ * remove manpage duplicates (Closes: #87545, #74986)
+ * make package descriptions clearer (Closes: #83518, #83444)
+ * increase default emailAddress_max from 40 to 60 (Closes: #67238)
+ * removed RSAREF warning (Closes: #84122)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 8 Mar 2001 14:24:00 +0100
+
+openssl (0.9.6-1) unstable; urgency=low
+
+ * New upstream version (Thanks to Enrique Zanardi <ezanard at debian.org>)
+ (closes: #72388)
+ * Add support for debian-hurd (closes: #76032)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 13 Nov 2000 22:30:46 +0100
+
+openssl (0.9.5a-5) unstable; urgency=low
+
+ * move manpages in standard directories with section ssl (closes:
+ #72152, #69809)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 5 Oct 2000 19:56:20 +0200
+
+openssl (0.9.5a-4) unstable; urgency=low
+
+ * include edg_rand_bytes patch from and for apache-ssl
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 23 Sep 2000 16:48:06 +0200
+
+openssl (0.9.5a-3) unstable; urgency=low
+
+ * fix call to dh_makeshlibs to create correct shlibs file and make
+ dependend programs link correctly (closes: Bug#61658)
+ * include a note in README.debian concerning the location of the
+ subcommand manpages (closes: Bug#69809)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 16 Sep 2000 19:10:50 +0200
+
+openssl (0.9.5a-2) unstable; urgency=low
+
+ * try to fix the sharedlib problem. change soname of library
+ (closes: Bug#4622, #66102, #66538, #66123)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 12 Jul 2000 03:26:30 +0200
+
+openssl (0.9.5a-1) unstable; urgency=low
+
+ * new upstream version (major changes see file NEWS) (closes: Bug#63976,
+ #65239, #65358)
+ * new library package libssl095a because of probably changed library
+ interface (closes: Bug#46222)
+ * added architecture mips and mipsel (closes: Bug#62437, #60366)
+ * provide shlibs.local file in build to help build if libraries are not
+ yet installed (closes: Bug#63984)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 11 Jun 2000 15:17:35 +0200
+
+openssl (0.9.4-5) frozen unstable; urgency=medium
+
+ * cleanup of move of doc directories to /usr/share/doc (closes:
+ Bug#56430)
+ * lintian issues (closes: Bug#49358)
+ * move demos from openssl to libssl09-dev (closes: Bug#59201)
+ * move to debhelpers
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 11 Mar 2000 10:38:04 +0100
+
+openssl (0.9.4-4) unstable; urgency=medium
+
+ * Added 'debian-arm' in 'Configure'. (closes: Bug#54251, #54766)
+ * Fixed Configure for 'debian-m68k' (closes: Bug#53636)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 15 Jan 2000 13:16:18 +0100
+
+openssl (0.9.4-3) unstable; urgency=low
+
+ * define symbol SSLeay_add_ssl_algorithms for backward compatibility
+ (closes: Bug#46882)
+ * remove manpages from /usr/doc/openssl (closes: Bug#46791)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 14 Oct 1999 16:51:08 +0200
+
+openssl (0.9.4-2) unstable; urgency=low
+
+ * include some more docu in pod format (Bug #43933)
+ * removed -mv8 from sparc flags (Bug #44769)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 14 Sep 1999 22:04:06 +0200
+
+openssl (0.9.4-1) unstable; urgency=low
+
+ * new upstream version (Closes: #42926)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 28 Aug 1999 17:04:23 +0200
+
+openssl (0.9.3a-1) unstable; urgency=low
+
+ * new upstream version (Bug #38345, #38627)
+ * sparc is big-endian (Bug #39973)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 7 Jul 1999 16:03:37 +0200
+
+openssl (0.9.2b-3) unstable; urgency=low
+
+ * correct move conffiles to /etc/ssl (Bug #38570)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 31 May 1999 21:08:07 +0200
+
+openssl (0.9.2b-2) unstable; urgency=low
+
+ * added convenience package ssleay to help upgrade to openssl (Bug
+ #37185, #37623, #36326)
+ * added some missing dependencies from libssl09 (Bug #36681, #35867,
+ #36326)
+ * move lib*.so to libssl09-dev (Bug #36761)
+ * corrected version numbers of library files
+ * introduce link from /usr/lib/ssl to /etc/ssl (Bug #36710)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 23 May 1999 14:57:48 +0200
+
+openssl (0.9.2b-1) unstable; urgency=medium
+
+ * First openssl version
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 31 Mar 1999 15:54:26 +0200
+
+ssleay (0.9.0b-2) unstable; urgency=low
+
+ * Include message about the (not)usage of RSAREF (#24409)
+ * Move configfiles from /usr/lib/ssl to /etc/ssl (#26406)
+ * Change definitions for sparc (#26487)
+ * Added missing dependency (#28591)
+ * Make debian/libtool executable (#29708)
+ * /etc/ssl/lib/ssleay.cnf is now a confile (#32624)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 21 Mar 1999 19:41:04 +0100
+
+ssleay (0.9.0b-1) unstable; urgency=low
+
+ * new upstream version (Bug #21227, #25971)
+ * build shared libraries with -fPIC (Bug #20027)
+ * support sparc architecture (Bug #28467)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 13 Oct 1998 10:20:13 +0200
+
+ssleay (0.8.1-7) frozen unstable; urgency=high
+
+ * security fix patch to 0.8.1b (bug #24022)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 6 Jul 1998 15:42:15 +0200
+
+ssleay (0.8.1-6) frozen unstable; urgency=low
+
+ * second try to fix bug #15235 (copyright was still missing)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 22 Jun 1998 08:56:27 +0200
+
+ssleay (0.8.1-5) frozen unstable; urgency=high
+
+ * changed /dev/random to /dev/urandom (Bug #23169, #17817)
+ * copyright contains now the full licence (Bug #15235)
+ * fixed bug #19410 (md5sums-lists-nonexisting-file)
+ * added demos to /usr/doc (Bug #17372)
+ * fixed type in package description (Bug #18969)
+ * fixed bug in adding documentation (Bug #21463)
+ * added patch for support of debian-powerpc (Bug #21579)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 18 Jun 1998 23:09:13 +0200
+
+ssleay (0.8.1-4) unstable; urgency=low
+
+ * purged dependency from libc5
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 11 Nov 1997 15:31:50 +0100
+
+ssleay (0.8.1-3) unstable; urgency=low
+
+ * changed packagename libssl to libssl08 to get better dependancies
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 7 Nov 1997 14:23:17 +0100
+
+ssleay (0.8.1-2) unstable; urgency=low
+
+ * linked shared libraries against libc6
+ * use /dev/random for randomseed
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 5 Nov 1997 11:21:40 +0100
+
+ssleay (0.8.1-1) unstable; urgency=low
+
+ * new upstream version
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Oct 1997 16:15:43 +0200
+
+ssleay (0.6.6-2) unstable; urgency=low
+
+ * cleanup in diffs
+ * removed INSTALL from docs (bug #13205)
+ * split libssl and libssl-dev (but #13735)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 15 Oct 1997 17:38:38 +0200
+
+ssleay (0.6.6-1) unstable; urgency=low
+
+ * New upstream version
+ * added shared libraries for libcrypto and libssl
+
+ -- Christoph Martin <martin at uni-mainz.de> Thu, 26 Jun 1997 19:26:14 +0200
+
+ssleay (0.6.4-2) unstable; urgency=low
+
+ * changed doc filenames from .doc to .txt to be able to read them
+ over with webbrowser
+
+ -- Christoph Martin <martin at uni-mainz.de> Tue, 25 Feb 1997 14:02:53 +0100
+
+ssleay (0.6.4-1) unstable; urgency=low
+
+ * Initial Release.
+
+ -- Christoph Martin <martin at uni-mainz.de> Fri, 22 Nov 1996 21:29:51 +0100
Modified: openssl/branches/openssl1.0/debian/control
===================================================================
--- openssl/trunk/debian/control 2016-09-22 16:54:33 UTC (rev 832)
+++ openssl/branches/openssl1.0/debian/control 2016-10-27 21:27:44 UTC (rev 849)
@@ -1,4 +1,4 @@
-Source: openssl
+Source: openssl1.0
Build-Depends: debhelper (>= 9), m4, bc, dpkg-dev (>= 1.15.7)
Section: utils
Priority: optional
@@ -8,25 +8,6 @@
Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-openssl/openssl
Vcs-Svn: svn://anonscm.debian.org/pkg-openssl/openssl/
-Package: openssl
-Priority: optional
-Architecture: any
-Depends: ${shlibs:Depends}, ${perl:Depends}, ${misc:Depends}
-Suggests: ca-certificates
-Description: Secure Sockets Layer toolkit - cryptographic utility
- This package is part of the OpenSSL project's implementation of the SSL
- and TLS cryptographic protocols for secure communication over the
- Internet.
- .
- It contains the general-purpose command line binary /usr/bin/openssl,
- useful for cryptographic operations such as:
- * creating RSA, DH, and DSA key parameters;
- * creating X.509 certificates, CSRs, and CRLs;
- * calculating message digests;
- * encrypting and decrypting with ciphers;
- * testing SSL/TLS clients and servers;
- * handling S/MIME signed or encrypted mail.
-
Package: libssl1.0.2
Section: libs
Priority: important
@@ -41,37 +22,13 @@
.
It provides the libssl and libcrypto shared libraries.
-Package: libcrypto1.0.2-udeb
-XC-Package-Type: udeb
-Section: debian-installer
-Priority: optional
-Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Description: Secure Sockets Layer toolkit - libcrypto udeb
- This package is part of the OpenSSL project's implementation of the SSL
- and TLS cryptographic protocols for secure communication over the
- Internet.
- .
- It contains a version of the libcrypto shared library for use with the
- Debian Installer. Do not install it on a normal system.
-
-Package: libssl1.0.2-udeb
-XC-Package-Type: udeb
-Section: debian-installer
-Priority: optional
-Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Description: ssl shared library - udeb
- libssl shared library.
- .
- Do not install it on a normal system.
-
-Package: libssl-dev
+Package: libssl1.0-dev
Section: libdevel
Priority: optional
Architecture: any
Multi-Arch: same
Recommends: libssl-doc
+Conflicts: libssl-dev
Depends: libssl1.0.2 (= ${binary:Version}), zlib1g-dev, ${misc:Depends}
Description: Secure Sockets Layer toolkit - development files
This package is part of the OpenSSL project's implementation of the SSL
@@ -80,20 +37,10 @@
.
It contains development libraries, header files, and manpages for libssl
and libcrypto.
-
-Package: libssl-doc
-Section: doc
-Priority: optional
-Architecture: all
-Replaces: libssl-dev (<< 1.0.0)
-Breaks: libssl-dev (<< 1.0.0)
-Depends: ${shlibs:Depends}, ${perl:Depends}, ${misc:Depends}
-Description: Secure Sockets Layer toolkit - development documentation
- This package is part of the OpenSSL project's implementation of the SSL
- and TLS cryptographic protocols for secure communication over the
- Internet.
.
- It contains manpages and demo files for libssl and libcrypto.
+ This is a transition package that will go away after the stretch release
+ to provide the 1.0.X APIs for those packages that are not ready for the
+ 1.1 version yet.
Package: libssl1.0.2-dbg
Section: debug
Deleted: openssl/branches/openssl1.0/debian/libcrypto1.0.2-udeb.dirs
===================================================================
--- openssl/trunk/debian/libcrypto1.0.2-udeb.dirs 2016-09-22 16:54:33 UTC (rev 832)
+++ openssl/branches/openssl1.0/debian/libcrypto1.0.2-udeb.dirs 2016-10-27 21:27:44 UTC (rev 849)
@@ -1 +0,0 @@
-usr/lib
Deleted: openssl/branches/openssl1.0/debian/libssl-dev.dirs
===================================================================
--- openssl/trunk/debian/libssl-dev.dirs 2016-09-22 16:54:33 UTC (rev 832)
+++ openssl/branches/openssl1.0/debian/libssl-dev.dirs 2016-10-27 21:27:44 UTC (rev 849)
@@ -1,2 +0,0 @@
-usr/lib
-usr/share/doc/libssl-dev
Deleted: openssl/branches/openssl1.0/debian/libssl-dev.files
===================================================================
--- openssl/trunk/debian/libssl-dev.files 2016-09-22 16:54:33 UTC (rev 832)
+++ openssl/branches/openssl1.0/debian/libssl-dev.files 2016-10-27 21:27:44 UTC (rev 849)
@@ -1,6 +0,0 @@
-usr/lib/*/libssl.so
-usr/lib/*/libcrypto.so
-usr/lib/*/libssl.a
-usr/lib/*/libcrypto.a
-usr/lib/*/pkgconfig
-usr/include
Deleted: openssl/branches/openssl1.0/debian/libssl-doc.docs
===================================================================
--- openssl/trunk/debian/libssl-doc.docs 2016-09-22 16:54:33 UTC (rev 832)
+++ openssl/branches/openssl1.0/debian/libssl-doc.docs 2016-10-27 21:27:44 UTC (rev 849)
@@ -1 +0,0 @@
-demos
Deleted: openssl/branches/openssl1.0/debian/libssl-doc.files
===================================================================
--- openssl/trunk/debian/libssl-doc.files 2016-09-22 16:54:33 UTC (rev 832)
+++ openssl/branches/openssl1.0/debian/libssl-doc.files 2016-10-27 21:27:44 UTC (rev 849)
@@ -1 +0,0 @@
-usr/share/man/man3
Copied: openssl/branches/openssl1.0/debian/libssl1.0-dev.dirs (from rev 832, openssl/trunk/debian/libssl-dev.dirs)
===================================================================
--- openssl/branches/openssl1.0/debian/libssl1.0-dev.dirs (rev 0)
+++ openssl/branches/openssl1.0/debian/libssl1.0-dev.dirs 2016-10-27 21:27:44 UTC (rev 849)
@@ -0,0 +1,2 @@
+usr/lib
+usr/share/doc/libssl1.0-dev
Copied: openssl/branches/openssl1.0/debian/libssl1.0-dev.files (from rev 832, openssl/trunk/debian/libssl-dev.files)
===================================================================
--- openssl/branches/openssl1.0/debian/libssl1.0-dev.files (rev 0)
+++ openssl/branches/openssl1.0/debian/libssl1.0-dev.files 2016-10-27 21:27:44 UTC (rev 849)
@@ -0,0 +1,6 @@
+usr/lib/*/libssl.so
+usr/lib/*/libcrypto.so
+usr/lib/*/libssl.a
+usr/lib/*/libcrypto.a
+usr/lib/*/pkgconfig
+usr/include
Deleted: openssl/branches/openssl1.0/debian/libssl1.0.2-udeb.dirs
===================================================================
--- openssl/trunk/debian/libssl1.0.2-udeb.dirs 2016-09-22 16:54:33 UTC (rev 832)
+++ openssl/branches/openssl1.0/debian/libssl1.0.2-udeb.dirs 2016-10-27 21:27:44 UTC (rev 849)
@@ -1 +0,0 @@
-usr/lib
Deleted: openssl/branches/openssl1.0/debian/openssl.dirs
===================================================================
--- openssl/trunk/debian/openssl.dirs 2016-09-22 16:54:33 UTC (rev 832)
+++ openssl/branches/openssl1.0/debian/openssl.dirs 2016-10-27 21:27:44 UTC (rev 849)
@@ -1,4 +0,0 @@
-usr/bin
-usr/lib
-etc/ssl/certs
-etc/ssl/private
Deleted: openssl/branches/openssl1.0/debian/openssl.docs
===================================================================
--- openssl/trunk/debian/openssl.docs 2016-09-22 16:54:33 UTC (rev 832)
+++ openssl/branches/openssl1.0/debian/openssl.docs 2016-10-27 21:27:44 UTC (rev 849)
@@ -1,6 +0,0 @@
-doc/fingerprints.txt
-doc/HOWTO
-doc/openssl.txt
-doc/README
-doc/standards.txt
-FAQ
Deleted: openssl/branches/openssl1.0/debian/openssl.files
===================================================================
--- openssl/trunk/debian/openssl.files 2016-09-22 16:54:33 UTC (rev 832)
+++ openssl/branches/openssl1.0/debian/openssl.files 2016-10-27 21:27:44 UTC (rev 849)
@@ -1,9 +0,0 @@
-usr/share/man/man1
-usr/share/man/man5
-usr/share/man/man7
-usr/bin
-usr/lib/ssl/misc
-usr/lib/ssl/certs
-usr/lib/ssl/openssl.cnf
-usr/lib/ssl/private
-etc/ssl
Deleted: openssl/branches/openssl1.0/debian/openssl.postinst
===================================================================
--- openssl/trunk/debian/openssl.postinst 2016-09-22 16:54:33 UTC (rev 832)
+++ openssl/branches/openssl1.0/debian/openssl.postinst 2016-10-27 21:27:44 UTC (rev 849)
@@ -1,9 +0,0 @@
-#!/bin/sh -e
-
-if [ ! -e /usr/lib/ssl ]
-then
- echo Linking /usr/lib/ssl to /etc/ssl
- ln -sf /etc/ssl /usr/lib/ssl
-fi
-
-#DEBHELPER#
Deleted: openssl/branches/openssl1.0/debian/patches/ca.patch
===================================================================
--- openssl/trunk/debian/patches/ca.patch 2016-09-22 16:54:33 UTC (rev 832)
+++ openssl/branches/openssl1.0/debian/patches/ca.patch 2016-10-27 21:27:44 UTC (rev 849)
@@ -1,20 +0,0 @@
-Index: openssl-0.9.8m/apps/CA.pl.in
-===================================================================
---- openssl-0.9.8m.orig/apps/CA.pl.in 2006-04-28 00:28:51.000000000 +0000
-+++ openssl-0.9.8m/apps/CA.pl.in 2010-02-27 00:36:51.000000000 +0000
-@@ -65,6 +65,7 @@
- foreach (@ARGV) {
- if ( /^(-\?|-h|-help)$/ ) {
- print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
-+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
- exit 0;
- } elsif (/^-newcert$/) {
- # create a certificate
-@@ -165,6 +166,7 @@
- } else {
- print STDERR "Unknown arg $_\n";
- print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
-+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
- exit 1;
- }
- }
Deleted: openssl/branches/openssl1.0/debian/patches/engines-path.patch
===================================================================
--- openssl/trunk/debian/patches/engines-path.patch 2016-09-22 16:54:33 UTC (rev 832)
+++ openssl/branches/openssl1.0/debian/patches/engines-path.patch 2016-10-27 21:27:44 UTC (rev 849)
@@ -1,87 +0,0 @@
-Index: openssl-1.0.2~beta3/Makefile.org
-===================================================================
---- openssl-1.0.2~beta3.orig/Makefile.org
-+++ openssl-1.0.2~beta3/Makefile.org
-@@ -541,7 +541,7 @@ install: all install_docs install_sw
- install_sw:
- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
-- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
- $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
-Index: openssl-1.0.2~beta3/engines/Makefile
-===================================================================
---- openssl-1.0.2~beta3.orig/engines/Makefile
-+++ openssl-1.0.2~beta3/engines/Makefile
-@@ -107,13 +107,13 @@ install:
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
- @if [ -n "$(SHARED_LIBS)" ]; then \
- set -e; \
-- $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \
-+ $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines; \
- for l in $(LIBNAMES); do \
- ( echo installing $$l; \
- pfx=lib; \
- if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
- sfx=".so"; \
-- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
-+ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$$pfx$$l$$sfx.new; \
- else \
- case "$(CFLAGS)" in \
- *DSO_BEOS*) sfx=".so";; \
-@@ -122,10 +122,10 @@ install:
- *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
- *) sfx=".bad";; \
- esac; \
-- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
-+ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$$pfx$$l$$sfx.new; \
- fi; \
-- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
-- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
-+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$$pfx$$l$$sfx.new; \
-+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$$pfx$$l$$sfx ); \
- done; \
- fi
- @target=install; $(RECURSIVE_MAKE)
-Index: openssl-1.0.2~beta3/Configure
-===================================================================
---- openssl-1.0.2~beta3.orig/Configure
-+++ openssl-1.0.2~beta3/Configure
-@@ -1893,7 +1893,7 @@ while (<IN>)
- }
- elsif (/^#define\s+ENGINESDIR/)
- {
-- my $foo = "$prefix/$libdir/engines";
-+ my $foo = "$prefix/$libdir/openssl-1.0.2/engines";
- $foo =~ s/\\/\\\\/g;
- print OUT "#define ENGINESDIR \"$foo\"\n";
- }
-Index: openssl-1.0.2~beta3/engines/ccgost/Makefile
-===================================================================
---- openssl-1.0.2~beta3.orig/engines/ccgost/Makefile
-+++ openssl-1.0.2~beta3/engines/ccgost/Makefile
-@@ -47,7 +47,7 @@ install:
- pfx=lib; \
- if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
- sfx=".so"; \
-- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-+ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- else \
- case "$(CFLAGS)" in \
- *DSO_BEOS*) sfx=".so";; \
-@@ -56,10 +56,10 @@ install:
- *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
- *) sfx=".bad";; \
- esac; \
-- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-+ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- fi; \
-- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
-+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$${pfx}$(LIBNAME)$$sfx; \
- fi
-
- links:
Copied: openssl/branches/openssl1.0/debian/patches/engines-path.patch (from rev 836, openssl/trunk/debian/patches/engines-path.patch)
===================================================================
--- openssl/branches/openssl1.0/debian/patches/engines-path.patch (rev 0)
+++ openssl/branches/openssl1.0/debian/patches/engines-path.patch 2016-10-27 21:27:44 UTC (rev 849)
@@ -0,0 +1,96 @@
+Index: openssl-1.0.2i/Makefile.org
+===================================================================
+--- openssl-1.0.2i.orig/Makefile.org
++++ openssl-1.0.2i/Makefile.org
+@@ -368,7 +368,7 @@ libcrypto.pc: Makefile
+ echo 'exec_prefix=$${prefix}'; \
+ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+ echo 'includedir=$${prefix}/include'; \
+- echo 'enginesdir=$${libdir}/engines'; \
++ echo 'enginesdir=$${libdir}/openssl-1.0.2/engines'; \
+ echo ''; \
+ echo 'Name: OpenSSL-libcrypto'; \
+ echo 'Description: OpenSSL cryptography library'; \
+@@ -536,7 +536,7 @@ install: all install_docs install_sw
+ install_sw:
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
++ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+Index: openssl-1.0.2i/engines/Makefile
+===================================================================
+--- openssl-1.0.2i.orig/engines/Makefile
++++ openssl-1.0.2i/engines/Makefile
+@@ -107,13 +107,13 @@ install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @if [ -n "$(SHARED_LIBS)" ]; then \
+ set -e; \
+- $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \
++ $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines; \
+ for l in $(LIBNAMES); do \
+ ( echo installing $$l; \
+ pfx=lib; \
+ if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
+ sfx=".so"; \
+- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$$pfx$$l$$sfx.new; \
+ else \
+ case "$(CFLAGS)" in \
+ *DSO_BEOS*) sfx=".so";; \
+@@ -122,10 +122,10 @@ install:
+ *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
+ *) sfx=".bad";; \
+ esac; \
+- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$$pfx$$l$$sfx.new; \
+ fi; \
+- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
++ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$$pfx$$l$$sfx.new; \
++ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$$pfx$$l$$sfx ); \
+ done; \
+ fi
+ @target=install; $(RECURSIVE_MAKE)
+Index: openssl-1.0.2i/Configure
+===================================================================
+--- openssl-1.0.2i.orig/Configure
++++ openssl-1.0.2i/Configure
+@@ -1969,7 +1969,7 @@ while (<IN>)
+ }
+ elsif (/^#define\s+ENGINESDIR/)
+ {
+- my $foo = "$prefix/$libdir/engines";
++ my $foo = "$prefix/$libdir/openssl-1.0.2/engines";
+ $foo =~ s/\\/\\\\/g;
+ print OUT "#define ENGINESDIR \"$foo\"\n";
+ }
+Index: openssl-1.0.2i/engines/ccgost/Makefile
+===================================================================
+--- openssl-1.0.2i.orig/engines/ccgost/Makefile
++++ openssl-1.0.2i/engines/ccgost/Makefile
+@@ -47,7 +47,7 @@ install:
+ pfx=lib; \
+ if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
+ sfx=".so"; \
+- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+ else \
+ case "$(CFLAGS)" in \
+ *DSO_BEOS*) sfx=".so";; \
+@@ -56,10 +56,10 @@ install:
+ *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
+ *) sfx=".bad";; \
+ esac; \
+- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+ fi; \
+- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
++ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$${pfx}$(LIBNAME)$$sfx; \
+ fi
+
+ links:
Deleted: openssl/branches/openssl1.0/debian/patches/series
===================================================================
--- openssl/trunk/debian/patches/series 2016-09-22 16:54:33 UTC (rev 832)
+++ openssl/branches/openssl1.0/debian/patches/series 2016-10-27 21:27:44 UTC (rev 849)
@@ -1,20 +0,0 @@
-ca.patch
-config-hurd.patch
-debian-targets.patch
-engines-path.patch
-man-dir.patch
-man-section.patch
-no-rpath.patch
-no-symbolic.patch
-pic.patch
-valgrind.patch
-shared-lib-ext.patch
-version-script.patch
-c_rehash-compat.patch
-block_diginotar.patch
-block_digicert_malaysia.patch
-#padlock_conf.patch
-disable_freelist.patch
-soname.patch
-disable_sslv3_test.patch
-libdoc-manpgs-pod-spell.patch
Copied: openssl/branches/openssl1.0/debian/patches/series (from rev 834, openssl/trunk/debian/patches/series)
===================================================================
--- openssl/branches/openssl1.0/debian/patches/series (rev 0)
+++ openssl/branches/openssl1.0/debian/patches/series 2016-10-27 21:27:44 UTC (rev 849)
@@ -0,0 +1,19 @@
+config-hurd.patch
+debian-targets.patch
+engines-path.patch
+man-dir.patch
+man-section.patch
+no-rpath.patch
+no-symbolic.patch
+pic.patch
+valgrind.patch
+shared-lib-ext.patch
+version-script.patch
+c_rehash-compat.patch
+block_diginotar.patch
+block_digicert_malaysia.patch
+#padlock_conf.patch
+disable_freelist.patch
+soname.patch
+disable_sslv3_test.patch
+libdoc-manpgs-pod-spell.patch
Modified: openssl/branches/openssl1.0/debian/rules
===================================================================
--- openssl/trunk/debian/rules 2016-09-22 16:54:33 UTC (rev 832)
+++ openssl/branches/openssl1.0/debian/rules 2016-10-27 21:27:44 UTC (rev 849)
@@ -134,35 +134,28 @@
# mv debian/tmp/usr/lib/libssl.a debian/tmp/usr/lib/libssl_pic.a
cp -pf libcrypto.static debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.a
cp -pf libssl.static debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libssl.a
- mkdir -p debian/tmp/etc/ssl
- mv debian/tmp/usr/lib/ssl/{certs,openssl.cnf,private} debian/tmp/etc/ssl/
- ln -s /etc/ssl/{certs,openssl.cnf,private} debian/tmp/usr/lib/ssl/
- cp -pf debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.so.* debian/libcrypto1.0.2-udeb/usr/lib/
- cp -pf debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libssl.so.* debian/libssl1.0.2-udeb/usr/lib/
cp -auv lib*.so* debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/
for opt in $(OPTS); do set -xe; mkdir -p debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/$$opt; cp -auv $$opt/lib*.so* debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/$$opt/; done
mkdir -p debian/tmp/usr/include/$(DEB_HOST_MULTIARCH)/openssl
mv debian/tmp/usr/include/openssl/opensslconf.h debian/tmp/usr/include/$(DEB_HOST_MULTIARCH)/openssl/
install debian/copyright debian/libssl1.0.2/usr/share/doc/libssl1.0.2/
install debian/changelog debian/libssl1.0.2/usr/share/doc/libssl1.0.2/changelog.Debian
- install debian/copyright debian/libssl-dev/usr/share/doc/libssl-dev/
- install debian/changelog debian/libssl-dev/usr/share/doc/libssl-dev/changelog.Debian
+ install debian/copyright debian/libssl1.0-dev/usr/share/doc/libssl1.0-dev/
+ install debian/changelog debian/libssl1.0-dev/usr/share/doc/libssl1.0-dev/changelog.Debian
- dh_installdocs -a CHANGES.SSLeay README NEWS debian/README.optimization
+ dh_installdocs -a
dh_installexamples -a
dh_installchangelogs -a CHANGES
dh_installman -popenssl
dh_installdebconf -a
dh_movefiles -a
dh_compress -a
- chmod 700 debian/openssl/etc/ssl/private
- dh_fixperms -a -X etc/ssl/private
+ dh_fixperms -a
dh_strip -plibssl1.0.2 --dbg-package=libssl1.0.2-dbg
dh_strip -a -Nlibssl1.0.2
dh_perl -a -d
dpkg-gensymbols -Pdebian/libssl1.0.2/ -plibssl1.0.2 -c4
- dh_makeshlibs -a -V "libssl1.0.2" --add-udeb="libcrypto1.0.2-udeb" -Xengines
- sed -i '/^udeb: libssl/s/libcrypto1.0.2-udeb/libssl1.0.2-udeb/' debian/libssl1.0.2/DEBIAN/shlibs
+ dh_makeshlibs -a -V "libssl1.0.2" -Xengines
dh_shlibdeps -a -L libssl1.0.2 -l debian/libssl1.0.2/usr/lib/$(DEB_HOST_MULTIARCH)
dh_gencontrol -a
dh_installdeb -a
More information about the Pkg-openssl-changes
mailing list