[Pkg-openssl-changes] r897 - in openssl/tags: . 1.0.1e-1 1.0.1e-1/1.1.0/debian 1.0.1e-1/1.1.0/debian/patches 1.1.0e-1/debian 1.1.0e-1/debian/patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Thu Feb 16 18:29:10 UTC 2017
Author: kroeckx
Date: 2017-02-16 18:29:10 +0000 (Thu, 16 Feb 2017)
New Revision: 897
Added:
openssl/tags/1.0.1e-1/1.1.0/
openssl/tags/1.0.1e-1/1.1.0/debian/changelog
openssl/tags/1.0.1e-1/1.1.0/debian/patches/series
openssl/tags/1.1.0e-1/
openssl/tags/1.1.0e-1/debian/changelog
openssl/tags/1.1.0e-1/debian/patches/series
Removed:
openssl/tags/1.0.1e-1/1.1.0/debian/changelog
openssl/tags/1.0.1e-1/1.1.0/debian/patches/Add-a-couple-of-test-to-check-CRL-fingerprint.patch
openssl/tags/1.0.1e-1/1.1.0/debian/patches/Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch
openssl/tags/1.0.1e-1/1.1.0/debian/patches/X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch
openssl/tags/1.0.1e-1/1.1.0/debian/patches/series
openssl/tags/1.1.0e-1/debian/changelog
openssl/tags/1.1.0e-1/debian/patches/Add-a-couple-of-test-to-check-CRL-fingerprint.patch
openssl/tags/1.1.0e-1/debian/patches/Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch
openssl/tags/1.1.0e-1/debian/patches/X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch
openssl/tags/1.1.0e-1/debian/patches/series
Log:
1.1.0e-1
Deleted: openssl/tags/1.0.1e-1/1.1.0/debian/changelog
===================================================================
--- openssl/branches/1.1.0/debian/changelog 2017-01-30 22:20:45 UTC (rev 894)
+++ openssl/tags/1.0.1e-1/1.1.0/debian/changelog 2017-02-16 18:29:10 UTC (rev 897)
@@ -1,2130 +0,0 @@
-openssl (1.1.0d-2) unstable; urgency=medium
-
- * Fix building of arch and all packages in a minimal environment
- (Closes: #852900).
- * Fix precomputing SHA1 by adding the following patches from upstream:
- - Add-a-couple-of-test-to-check-CRL-fingerprint.patch
- - Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch
- - X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch
- (Closes: #852920).
-
- -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Mon, 30 Jan 2017 23:20:07 +0100
-
-openssl (1.1.0d-1) unstable; urgency=medium
-
- * New Upstream release
- - Fixes CVE-2017-3731
- - Fixes CVE-2017-3730
- - Fixes CVE-2017-3732
- - drop revert_ssl_read.patch and
- 0001-Add-missing-zdelete-for-some-linux-arches.patch, applied upstream.
- * add new symbols.
-
- -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Thu, 26 Jan 2017 16:38:34 +0100
-
-openssl (1.1.0c-4) unstable; urgency=medium
-
- * Make build-indep build again.
- * Don't depend on perl:any in openssl as it breaks debootstrap
- ("Closes: #852017).
-
- -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Fri, 20 Jan 2017 22:18:15 +0100
-
-openssl (1.1.0c-3) unstable; urgency=medium
-
- * Add myself as Uploader.
- * Add support for tilegx, patch by Helmut Grohne (Closes: #848957).
- * redo the rules file to some newer debhelper:
- - everyfile should remain, nothing should get lost
- - the scripts in the doc package gained an exec bit
- - openssl gained a dep on perl (the package contains perl scripts)
- - libssl1.0.2-dbg is gone, we have dbgsym now
- - dh compat 10
- - pkg.install instead of pkg.files is used for install
- * Mark libssl-doc as MA foreign
- * Update Standards-Version from 3.9.5 to 3.9.8. No changes required.
- * Document the change for openssl's enc command between 1.1.0 and pre 1.1.0
- in the NEWS file (Closes: #843064).
- * Add an override for lintian for the non-standard private directory
-
- -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Thu, 19 Jan 2017 23:00:01 +0100
-
-openssl (1.1.0c-2) unstable; urgency=medium
-
- * Revert behaviour of SSL_read() and SSL_write(), and update documentation.
- (Closes: #844234)
- * Add missing -zdelete on x32 (Closes: #844715)
- * Add a Breaks on salt-common. Addresses #844706
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 21 Nov 2016 22:20:00 +0100
-
-openssl (1.1.0c-1) unstable; urgency=medium
-
- * New upstrem release
- - Fix CVE-2016-7053
- - Fix CVE-2016-7054
- - Fix CVE-2016-7055
- * remove no-rpath.patch, applied upstream.
- * Remove old d2i test cases, use the one from the upstream tarball.
- * Update libssl1.1.symbols for new sysmbols.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 10 Nov 2016 19:05:44 +0100
-
-openssl (1.1.0b-2) unstable; urgency=low
-
- * Upload to unstable
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 01 Nov 2016 22:02:32 +0100
-
-openssl (1.1.0b-1) experimental; urgency=medium
-
- * New upstream release
- - Fixes CVE-2016-6309
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 26 Sep 2016 18:21:09 +0200
-
-openssl (1.1.0a-1) experimental; urgency=medium
-
- * New upstream release
- - Fix CVE-2016-6304
- - Fix CVE-2016-6305
- - Fix CVE-2016-6307
- - Fix CVE-2016-6308
- * Update c_rehash-compat.patch to apply to new version.
- * Update symbol file.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 22 Sep 2016 20:13:59 +0200
-
-openssl (1.1.0-1) experimental; urgency=medium
-
- [ Kurt Roeckx ]
- * New upstream version
- * Use Package-Type instead of XC-Package-Type
- * Remove "Priority: optional" in the binary packages.
- * Add Homepage
- * Use dpkg-buildflags's LDFLAGS also for building the shared libraries.
-
- [ Sebastian Andrzej Siewior ]
- * drop config-hurd.patch, we don't use `config' and it works without the
- patch.
- * Drop depend on zlib1g-dev since we don't use it anymore (Closes: #767207)
- * Make the openssl package Multi-Arch: foregin (Closes: #827028)
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 25 Aug 2016 18:52:22 +0200
-
-openssl (1.1.0~pre6-1) experimental; urgency=medium
-
- [ Sebastian Andrzej Siewior ]
- * drop engines-path.patch. Upstream uses a 1.1 suffixes now.
-
- [ Kurt Roeckx ]
- * New upstream version
- * Drop upstream snapshot
- * Update symbols file
- * Use some https instead of http URLs
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 04 Aug 2016 18:33:24 +0200
-
-openssl (1.1.0~pre5-5) experimental; urgency=medium
-
- * Update snapshot to commit fe964f0c88f6780fd30b26e306484b981b0a8480
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 02 Jul 2016 14:54:51 +0200
-
-openssl (1.1.0~pre5-4) experimental; urgency=medium
-
- * Update snapshot to commit c32bdbf171ce6650ef045ec47b5abe0de7c264db
- * Remove utils-mkdir-p-check-if-dir-exists-also-after-mkdir-f.patch, applied
- upstream
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 26 Jun 2016 15:07:48 +0200
-
-openssl (1.1.0~pre5-3) experimental; urgency=medium
-
- [ Kurt Roeckx ]
- * Don't use assembler on hppa, it's not writen for Linux.
-
- -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Fri, 10 Jun 2016 22:33:06 +0200
-
-openssl (1.1.0~pre5-2) experimental; urgency=medium
-
- [ Sebastian Andrzej Siewior ]
- * Run the testsuite with verbose output.
- * Use $(MAKE) so the whole make environment is passed to its child and we
- can build in parallel with -jX
- * Update snapshot to commit 5000a6d1215e ("Fix an error path leak in int
- X509_ATTRIBUTE_set1_data()")
-
- -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Fri, 10 Jun 2016 21:49:55 +0200
-
-openssl (1.1.0~pre5-1) experimental; urgency=medium
-
- * New upstream version with soname change. Upload to experimental.
- - Rename binary packages
- - Remove patches:
- - block_diginotar.patch: All cross certificates expired in 2013
- - block_digicert_malaysia.patch: intermediate certificates expired in
- 2015
- - man-dir.patch: Fixed upstream
- - valgrind.patch: Upstream no longer adds the uninitialized data to the
- RNG
- - shared-lib-ext.patch: No longer needed
- - version-script.patch: Upstream does symbol versioning itself now
- - disable_freelist.patch: No longer needed
- - soname.patch: Was to change to the 1.0.2 soname that upstream never had
- - disable_sslv3_test.patch: Fixed upstream
- - libdoc-manpgs-pod-spell.patch: Fixed upstream (Closes: #813191)
- - Rewrite debian-targets.patch to work with the new configuration system.
- - Update other patches to apply
- - Update list of install docs
- - Use DESTDIR instead of INSTALL_PREFIX
- - Clean up more files
- - Remove the configure option enable-tlsext no-ssl2 since they're no
- longer supported.
- * Add upstream snapshot:
- - Add d2i-tests.tar to get new binary test files.
- * Don't build i686 optimized version anymore on i386, it's now the default.
- (Closes: #823774)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 28 May 2016 20:58:31 +0200
-
-openssl (1.0.2h-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2016-2107
- - Fixes CVE-2016-2105
- - Fixes CVE-2016-2106
- - Fixes CVE-2016-2109
- - Fixes CVE-2016-2176
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 03 May 2016 18:31:22 +0200
-
-openssl (1.0.2g-2) unstable; urgency=medium
-
- * Use assembler of arm64 (Closes: #794326)
- Patch from Riku Voipio <riku.voipio at iki.fi>
- * Add a udeb for libssl, based on similar changes done in Ubuntu
- starting in version 0.9.8o-4ubuntu1 (Closes: #802591)
- Patch from Margarita Manterola <marga at google.com>
- * Add support for nios2 (Closes: #816239)
- Based on patch from Marek Vasut <marex at denx.de>
- * Update Spanish translation from Manuel "Venturi" Porras Peralta
- <venturi at openmailbox.org> (Closes: #773601)
- * Don't build an i586 optimized version anymore, the default
- already targets that. Patch from Sven Joachim <svenjoac at gmx.de>
- (Closes: #759811)
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 21 Apr 2016 23:43:06 +0200
-
-openssl (1.0.2g-1) unstable; urgency=high
-
- * New upstream version
- * Fix CVE-2016-0797
- * Fix CVE-2016-0798
- * Fix CVE-2016-0799
- * Fix CVE-2016-0702
- * Fix CVE-2016-0705
- * Disable EXPORT and LOW ciphers: The DROWN attack (CVE-2016-0800)
- makes use of those, and SLOTH attack (CVE-2015-7575) can make use of them
- too.
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 01 Mar 2016 18:31:09 +0100
-
-openssl (1.0.2f-2) unstable; urgency=high
-
- * New upstream version.
- - Fixes CVE-2016-0701
- - Not affected by CVE-2015-3197 because SSLv2 is disabled.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 28 Jan 2016 19:32:02 +0100
-
-openssl (1.0.2e-1) unstable; urgency=high
-
- * New upstream release
- - Fix CVE-2015-3193
- - Fix CVE-2015-3194
- - Fix CVE-2015-3195
- - Fix CVE-2015-3196
- * Remove all symlinks during clean
- * Run make depend after configure
- * Remove openssl_button.* from the doc package
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 03 Dec 2015 19:33:05 +0100
-
-openssl (1.0.2d-3) unstable; urgency=medium
-
- * Upload to unstable
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 01 Nov 2015 19:14:34 +0100
-
-openssl (1.0.2d-2) experimental; urgency=medium
-
- * Build with no-ssl3-method to remove all SSLv3 support. This results in
- the functions SSLv3_method(), SSLv3_server_method() and
- SSLv3_client_method() being removed from libssl. Change the soname as
- result of that and also changes name of the binary package.
- (Closes: #768476)
- * Enable rfc3779 and cms support (Closes: #630790)
- * Fix cross compilation for mips architectures. (Closes: #782492)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 06 Sep 2015 14:21:27 +0200
-
-openssl (1.0.2d-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2015-1793
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 09 Jul 2015 18:22:26 +0200
-
-openssl (1.0.2c-1) unstable; urgency=medium
-
- * New upstream version
- - Fixes ABI (Closes: #788511)
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 12 Jun 2015 20:35:12 +0200
-
-openssl (1.0.2b-1) unstable; urgency=high
-
- * New upstream version
- - Fix CVE-2015-4000
- - Fix CVE-2015-1788
- - Fix CVE-2015-1789
- - Fix CVE-2015-1790
- - Fix CVE-2015-1792
- - Fix CVE-2015-1791
- * Update c_rehash-compat.patch to make it apply to the new version.
- * Remove openssl-pod-misspell.patch applied upstream
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 11 Jun 2015 18:20:38 +0200
-
-openssl (1.0.2a-1) unstable; urgency=medium
-
- * New upstrema version
- - Fix CVE-2015-0286
- - Fix CVE-2015-0287
- - Fix CVE-2015-0289
- - Fix CVE-2015-0293 (not affected, SSLv2 disabled)
- - Fix CVE-2015-0209
- - Fix CVE-2015-0288
- - Fix CVE-2015-0291
- - Fix CVE-2015-0290
- - Fix CVE-2015-0207
- - Fix CVE-2015-0208
- - Fix CVE-2015-1787
- - Fix CVE-2015-0285
- * Temporary enable SSLv3 methods again, but they will go away.
- * Don't set TERMIO anymore, use the default TERMIOS instead.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 30 Apr 2015 23:37:27 +0200
-
-openssl (1.0.2-1) experimental; urgency=medium
-
- * New upstream release
- - Fixes CVE-2014-3571
- - Fixes CVE-2015-0206
- - Fixes CVE-2014-3569
- - Fixes CVE-2014-3572
- - Fixes CVE-2015-0204
- - Fixes CVE-2015-0205
- - Fixes CVE-2014-8275
- - Fixes CVE-2014-3570
- - Drop git_snapshot.patch
- * Drop gnu_source.patch, dgst_hmac.patch, stddef.patch,
- no_ssl3_method.patch: applied upstream
- * Update patches to apply
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 23 Jan 2015 18:54:13 +0100
-
-openssl (1.0.2~beta3-1) experimental; urgency=low
-
- * New usptream beta version
- * Add git snapshot
- * Merge changes between 1.0.1h-3 and 1.0.1j-1:
- - Disables SSLv3 because of CVE-2014-3566
- * Drop patch rehash-crt.patch: partially applied upstream.
- c_rehash now doesn't support files in DER format anymore.
- * Drop patch rehash_pod.patch: applied upstream
- * Update c_rehash-compat.patch to apply to new upstream version. This
- undoes upstream's "-old" option and creates both the new and old again.
- It now also does it for CRLs.
- * Drop defaults.patch, applied upstream
- * dgst_hmac.patch updated to apply to upstream version.
- * engines-path.patch updated to apply to upstream version.
- * Update list of exported symbols
- * Update symbols files to require beta3
- * Enable unit tests
- * Add patch to add support for the no-ssl3-method option that completly
- disable SSLv3 and pass the option. This drops the following functions
- from the library: SSLv3_method, SSLv3_server_method and
- SSLv3_client_method
- * Build using OPENSSL_NO_BUF_FREELISTS
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 07 Nov 2014 00:20:10 +0100
-
-openssl (1.0.2~beta2-1) experimental; urgency=medium
-
- * New usptream beta version
- - Fix CVE-2014-0224
- - Fix CVE-2014-0221
- - Fix CVE-2014-0195
- - Fix CVE-2014-3470
- - Fix CVE-2014-0198
- - Fix CVE-2010-5298
- - Fix CVE-2014-0160
- - Fix CVE-2014-0076
- * Merge changes between 1.0.1f-1 and 1.0.1h-3:
- - postinst: Updated check for restarting services
- * libdoc-manpgs-pod-spell.patch and openssl-pod-misspell.patch
- partially applied upstream
- * Drop fix-pod-errors.patch, applied upstream.
- * Add support for ppc64le (Closes: #745657)
- * Add support for OpenRISC (Closes: #736772)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 23 Jul 2014 19:54:09 +0200
-
-openssl (1.0.2~beta1-1) experimental; urgency=medium
-
- * New upstream beta version
- - Update list of symbols that should be exported and adjust the symbols
- file. This also removes a bunch of duplicate symbols in the linker
- file.
- - Fix additional pod errors
- - Following patches have been applied upstream and are removed:
- libssl-misspell.patch, pod_req_misspell2.patch,
- pod_pksc12.misspell.patch, pod_s_server.misspell.patch,
- pod_x509setflags.misspell.patch, pod_ec.misspell.patch,
- pkcs12-doc.patch, req_bits.patch
- - Following patches have been partially applied upstream:
- libdoc-manpgs-pod-spell.patch, openssl-pod-misspell.patch
- - Remove openssl_fix_for_x32.patch, different patch applied upstream.
- * Add support for cross compiling (Closes: #465248)
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 25 Feb 2014 00:36:51 +0100
-
-openssl (1.0.1f-1) unstable; urgency=high
-
- * New upstream version
- - Fix for TLS record tampering bug CVE-2013-4353
- - Drop the snapshot patch
- * update watch file to check for upstream signature and add upstream pgp key.
- * Drop conflicts against openssh since we now on a released version again.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 06 Jan 2014 18:50:54 +0100
-
-openssl (1.0.1e-6) unstable; urgency=medium
-
- * Add Breaks: openssh-client (<< 1:6.4p1-1.1), openssh-server (<<
- 1:6.4p1-1.1). This is to prevent people running into #732940.
- This Breaks can be removed again when we stop using a git snapshot.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 23 Dec 2013 15:19:17 +0100
-
-openssl (1.0.1e-5) unstable; urgency=low
-
- * Change default digest to SHA256 instead of SHA1. (Closes: #694738)
- * Drop support for multiple certificates in 1 file. It never worked
- properly in the first place, and the only one shipping in
- ca-certificates has been split.
- * Fix libdoc-manpgs-pod-spell.patch to only fix spalling errors
- * Remove make-targets.patch. It prevented the test dir from being cleaned.
- * Update to a git snapshot of the OpenSSL_1_0_1-stable branch.
- - Fixes CVE-2013-6449 (Closes: #732754)
- - Fixes CVE-2013-6450
- - Drop patches ssltest_no_sslv2.patch cpuid.patch aesni-mac.patch
- dtls_version.patch get_certificate.patch, since they where all
- already commited upstream.
- - adjust fix-pod-errors.patch for the reordering of items in the
- documentation they've done trying to fix those pod errors.
- - disable rdrand engine by default (Closes: #732710)
- * disable zlib support. Fixes CVE-2012-4929 (Closes: #728055)
- * Add arm64 support (Closes: #732348)
- * Properly use the default number of bits in req when none are given
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 22 Dec 2013 19:25:35 +0100
-
-openssl (1.0.1e-4) unstable; urgency=low
-
- [ Peter Michael Green ]
- * Fix pod errors (Closes: #723954)
- * Fix clean target
-
- [ Kurt Roeckx ]
- * Add mipsn32 and mips64 targets. Patch from Eleanor Chen
- <chenyueg at gmail.com> (Closes: #720654)
- * Add support for nocheck in DEB_BUILD_OPTIONS
- * Update Norwegian translation (Closes: #653574)
- * Update description of the packages. Patch by Justin B Rye
- (Closes: #719262)
- * change to debhelper compat level 9:
- - change dh_strip call so only the files from libssl1.0.0 get debug
- symbols.
- - change dh_makeshlibs call so the engines don't get added to the
- shlibs
- * Update Standards-Version from 3.8.0 to 3.9.5. No changes required.
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 01 Nov 2013 17:11:53 +0100
-
-openssl (1.0.1e-3) unstable; urgency=low
-
- * Move <openssl/opensslconf.h> to /usr/include/$(DEB_HOST_MULTIARCH), and
- mark libssl-dev Multi-Arch: same.
- Patch by Colin Watson <cjwatson at ubuntu.com> (Closes: #689093)
- * Add Polish translation (Closes: #658162)
- * Add Turkish translation (Closes: #660971)
- * Enable assembler for the arm targets, and remove armeb.
- Patch by Riku Voipio <riku.voipio at iki.fi> (Closes: #676533)
- * Add support for x32 (Closes: #698406)
- * enable ec_nistp_64_gcc_128 on *-amd64 (Closes: #698447)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 20 May 2013 16:56:06 +0200
-
-openssl (1.0.1e-2) unstable; urgency=high
-
- * Bump shlibs. It's needed for the udeb.
- * Make cpuid work on cpu's that don't set ecx (Closes: #699692)
- * Fix problem with AES-NI causing bad record mac (Closes: #701868, #702635, #678353)
- * Fix problem with DTLS version check (Closes: #701826)
- * Fix segfault in SSL_get_certificate (Closes: #703031)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 18 Mar 2013 20:37:11 +0100
-
-openssl (1.0.1e-1) unstable; urgency=high
-
- * New upstream version (Closes: #699889)
- - Fixes CVE-2013-0169, CVE-2012-2686, CVE-2013-0166
- - Drop renegiotate_tls.patch, applied upstream
- - Export new CRYPTO_memcmp symbol, update symbol file
- * Add ssltest_no_sslv2.patch so that "make test" works.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 11 Feb 2013 19:39:44 +0100
-
-openssl (1.0.1c-5) unstable; urgency=low
-
- * Re-enable assembler versions on sparc. They shouldn't have
- been disabled for sparc v9. (Closes: #649841)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 09 Sep 2012 08:43:40 +0200
-
-openssl (1.0.1c-4) unstable; urgency=low
-
- * Fix the configure rules for alpha (Closes: #672710)
- * Switch the postinst to sh again, there never was a reason to
- switch it to bash (Closes: #676398)
- * Fix pic.patch to not use #ifdef in x86cpuid.s, only .S files are
- preprocessed. We generate the file again for pic anyway.
- (Closes: #677468)
- * Drop Breaks against openssh as it was only for upgrades
- between versions that were only in testing/unstable.
- (Closes: #668600)
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 17 Jul 2012 11:49:19 +0200
-
-openssl (1.0.1c-3) unstable; urgency=low
-
- * Disable padlock engine again, causes problems for hosts not supporting it.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 06 Jun 2012 18:29:37 +0200
-
-openssl (1.0.1c-2) unstable; urgency=high
-
- * Fix renegiotation when using TLS > 1.0. This breaks tor. Patch from
- upstream. (Closes: #675990)
- * Enable the padlock engine by default.
- * Change default bits from 1024 to 2048 (Closes: #487152)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 06 Jun 2012 00:55:42 +0200
-
-openssl (1.0.1c-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2012-2333 (Closes: #672452)
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 11 May 2012 18:44:51 +0200
-
-openssl (1.0.1b-1) unstable; urgency=high
-
- * New upstream version
- - Remaps SSL_OP_NO_TLSv1_1, so applications linked to 1.0.0
- can talk to servers supporting TLS 1.1 but not TLS 1.2
- - Drop rc4_hmac_md5.patch, applied upstream
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 26 Apr 2012 23:34:34 +0200
-
-openssl (1.0.1a-3) unstable; urgency=low
-
- * Use patch from upstream for the rc4_hmac_md5 issue.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 23:16:30 +0200
-
-openssl (1.0.1a-2) unstable; urgency=low
-
- * Fix rc4_hmac_md5 on non-i386/amd64 arches.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 21:54:42 +0200
-
-openssl (1.0.1a-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2012-2110
- - Fix crash in rc4_hmac_md5 (Closes: #666405)
- - Fixes some issues with talking to other servers when TLS 1.1 and 1.2 is
- supported
- - Drop patches no_ssl2.patch vpaes.patch tls1.2_client_algorithms.patch,
- applied upstream.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 19:54:12 +0200
-
-openssl (1.0.1-4) unstable; urgency=low
-
- * Use official patch for the vpaes problem, also covering amd64.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 31 Mar 2012 20:54:13 +0200
-
-openssl (1.0.1-3) unstable; urgency=high
-
- * Fix crash in vpaes (Closes: #665836)
- * use client version when deciding whether to send supported signature
- algorithms extension
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 31 Mar 2012 18:35:59 +0200
-
-openssl (1.0.1-2) unstable; urgency=low
-
- * Properly quote the new cflags in Configure
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 19 Mar 2012 19:56:05 +0100
-
-openssl (1.0.1-1) unstable; urgency=low
-
- * New upstream version
- - Remove kfreebsd-pipe.patch, fixed upstream
- - Update pic.patch, openssl-pod-misspell.patch and make-targets.patch
- - Add OPENSSL_1.0.1 to version-script.patch and libssl1.0.0.symbols for
- the new functions.
- - AES-NI support (Closes: #644743)
- * pic.patch: upstream made OPENSSL_ia32cap_P and OPENSSL_cpuid_setup
- hidden on amd64, no need to access it PIC anymore.
- * pic.patch: Make OPENSSL_ia32cap_P hidden on i386 too (Closes: #663977)
- * Enable hardening using dpkg-buildflags (Closes: #653495)
- * s_client and s_server were forcing SSLv3 only connection when SSLv2 was
- disabled instead of the SSLv2 with upgrade method. (Closes: #664454)
- * Add Breaks on openssh < 1:5.9p1-4, it has a too strict version check.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 19 Mar 2012 18:23:32 +0100
-
-openssl (1.0.0h-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2012-0884
- - Fixes CVE-2012-1165
- - Properly fix CVE-2011-4619
- - pkg-config.patch applied upstream, remove it.
- * Enable assembler for all i386 arches. The assembler does proper
- detection of CPU support, including cpuid support.
- This should fix a problem with AES 192 and 256 with the padlock
- engine because of the difference in NO_ASM between the between
- the i686 optimized library and the engine.
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 13 Mar 2012 21:08:17 +0100
-
-openssl (1.0.0g-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2012-0050
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 18 Jan 2012 20:46:13 +0100
-
-openssl (1.0.0f-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2011-4108, CVE-2011-4576, CVE-2011-4619, CVE-2012-0027,
- CVE-2011-4577
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 12 Jan 2012 19:02:43 +0100
-
-openssl (1.0.0e-3) unstable; urgency=low
-
- * Don't build v8 and v9 variants of sparc anymore, they're older than
- the default. (Closes: #649841)
- * Don't build i486 optimized version, that's the default anyway, and
- it uses assembler that doesn't always work on i486.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 28 Nov 2011 22:17:26 +0100
-
-openssl (1.0.0e-2.1) unstable; urgency=high
-
- * Non-maintainer upload by the Security Team.
- * Block Malaysian's Digicert Sdn. Bhd. certificates by marking them
- as revoked.
-
- -- Raphael Geissert <geissert at debian.org> Sun, 06 Nov 2011 01:39:30 -0600
-
-openssl (1.0.0e-2) unstable; urgency=low
-
- * Add a missing $(DEB_HOST_MULTIARCH)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Sep 2011 17:02:29 +0200
-
-openssl (1.0.0e-1) unstable; urgency=low
-
- * New upstream version
- - Fix bug where CRLs with nextUpdate in the past are sometimes accepted
- by initialising X509_STORE_CTX properly. (CVE-2011-3207)
- - Fix SSL memory handling for (EC)DH ciphersuites, in particular
- for multi-threaded use of ECDH. (CVE-2011-3210)
- - Add protection against ECDSA timing attacks (CVE-2011-1945)
- * Block DigiNotar certifiates. Patch from
- Raphael Geissert <geissert at debian.org>
- * Generate hashes for all certs in a file (Closes: #628780, #594524)
- Patch from Klaus Ethgen <Klaus at Ethgen.de>
- * Add multiarch support (Closs: #638137)
- Patch from Steve Langasek / Ubuntu
- * Symbols from the gost engine were removed because it didn't have
- a linker file. Thanks to Roman I Khimov <khimov at altell.ru>
- (Closes: #631503)
- * Add support for s390x. Patch from Aurelien Jarno <aurel32 at debian.org>
- (Closes: #641100)
- * Add build-arch and build-indep targets to the rules file.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Sep 2011 12:03:13 +0200
-
-openssl (1.0.0d-3) unstable; urgency=low
-
- * Make it build on sparc64. Patch from Aurelien Jarno. (Closes: #626060)
- * Apply patches from Scott Schaefer <saschaefer at neurodiverse.org> to
- fix various pod and spelling errors. (Closes: #622820, #605561)
- * Add missing symbols for the engines (Closes: #623038)
- * More spelling fixes from Scott Schaefer (Closes: #395424)
- * Patch from Scott Schaefer to better document pkcs12 password options
- (Closes: #462489)
- * Document dgst -hmac option. Patch by Thorsten Glaser <tg at mirbsd.de>
- (Closes: #529586)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 13 Jun 2011 12:39:54 +0200
-
-openssl (1.0.0d-2) unstable; urgency=high
-
- * Make c_rehash also generate the old subject hash. Gnutls applications
- seem to require it. (Closes: #611102)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Apr 2011 22:36:49 +0200
-
-openssl (1.0.0d-1) unstable; urgency=low
-
- * New upstream version
- - Fixes CVE-2011-0014
- * Make libssl-doc Replaces/Breaks with old libssl-dev packages
- (Closes: #607609)
- * Only export the symbols we should, instead of all.
- * Add symbol file.
- * Upload to unstable
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 02 Apr 2011 13:19:19 +0000
-
-openssl (1.0.0c-2) experimental; urgency=low
-
- * Set $ in front of {sparcv9_asm} so that the sparc v9 variant builds.
- * Always define _GNU_SOURCE, not only for Linux.
- * Drop SSL2 support (Closes: #589706)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 19 Dec 2010 16:24:16 +0100
-
-openssl (1.0.0c-1) experimental; urgency=low
-
- * New upstream version (Closes: #578376)
- - New soname: Rename library packages
- - Drop patch perl-path.diff, not needed anymore
- - Drop patches CVE-2010-2939.patch, CVE-2010-3864.patch
- and CVE-2010-4180.patch: applied upstream.
- - Update Configure for the new fields for the assembler options
- per arch. alpha now makes use of assembler.
- * Move man3 manpages and demos to libssl-doc (Closes: #470594)
- * Drop .pod files from openssl package (Closes: #518167)
- * Don't use RC4_CHAR on amd64 and drop rc4-amd64.patch
- * Stop using BF_PTR2 on (kfreebd-)amd64.
- * Drop debian-arm from the list of arches.
- * Update arm arches to use BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
- BF_PTR instead of BN_LLONG DES_RISC1
- * ia64: Drop RC4_CHAR, add DES_UNROLL DES_INT
- * powerpc: Use RC4_CHAR RC4_CHUNK DES_RISC1 instead
- of DES_RISC2 DES_PTR MD2_CHAR RC4_INDEX
- * s390: Use RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL instead of BN_LLONG
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 12 Dec 2010 15:37:21 +0100
-
-openssl (0.9.8o-4) unstable; urgency=low
-
- * Fix CVE-2010-4180 (Closes: #529221)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 06 Dec 2010 20:33:21 +0100
-
-openssl (0.9.8o-3) unstable; urgency=high
-
- * Fix TLS extension parsing race condition (CVE-2010-3864) (Closes: #603709)
- * Re-add the engines. They were missing since 0.9.8m-1.
- Patch by Joerg Schneider. (Closes: #603693)
- * Not all architectures were build using -g (Closes: #570702)
- * Add powerpcspe support (Closes: #579805)
- * Add armhf support (Closes: #596881)
- * Update translations:
- - Brazilian Portuguese (Closes: #592154)
- - Danish (Closes: #599459)
- - Vietnamese (Closes: #601536)
- - Arabic (Closes: #596166)
- * Generate the proper stamp file so that everything doesn't get build twice.
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 16 Nov 2010 19:20:55 +0100
-
-openssl (0.9.8o-2) unstable; urgency=high
-
- * Fix CVE-2010-2939: Double free using ECDH. (Closes: #594415)
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 26 Aug 2010 18:25:29 +0200
-
-openssl (0.9.8o-1) unstable; urgency=low
-
- * New upstream version
- - Add SHA2 algorithms to SSL_library_init().
- - aes-x86_64.pl is now PIC, update pic.patch.
- * Add sparc64 support (Closes: #560240)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 18 Apr 2010 01:42:44 +0200
-
-openssl (0.9.8n-1) unstable; urgency=high
-
- * New upstream version.
- - Fixes CVE-2010-0740.
- - Drop cfb.patch, applied upstream.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 25 Mar 2010 20:30:52 +0100
-
-openssl (0.9.8m-2) unstable; urgency=low
-
- * Revert CFB block length change preventing reading older files.
- (Closes: #571810, #571940)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 28 Feb 2010 22:08:49 +0100
-
-openssl (0.9.8m-1) unstable; urgency=low
-
- * New upstream version
- - Implements RFC5746, reenables renegotiation but requires the extension.
- - Fixes CVE-2009-3245
- - Drop patches CVE-2009-4355.patch, CVE-2009-1378.patch,
- CVE-2009-1377.patch, CVE-2009-1379.patch, CVE-2009-3555.patch,
- CVE-2009-2409.patch, CVE-2009-1387.patch, tls_ext_v3.patch,
- no_check_self_signed.patch: applied upstream
- - pk7_mime_free.patch removed, code rewritten
- - ca.diff partially applied upstream
- - engines-path.patch adjusted, upstream made some minor changes to the
- build system.
- - some flags changed values, bump shlibs.
- * Switch to 3.0 (quilt) source package.
- * Make sure the package is properly cleaned.
- * Add ${misc:Depends} to the Depends on all packages.
- * Fix spelling of extension in the changelog file.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 27 Feb 2010 12:24:03 +0000
-
-openssl (0.9.8k-8) unstable; urgency=high
-
- * Clean up zlib state so that it will be reinitialized on next use and
- not cause a memory leak. (CVE-2009-4355, CVE-2008-1678)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Jan 2010 21:26:49 +0100
-
-openssl (0.9.8k-7) unstable; urgency=low
-
- * Bump the shlibs to require 0.9.8k-1. The following symbols
- to added between g and k: AES_wrap_key, AES_unwrap_key,
- ASN1_TYPE_set1, ASN1_STRING_set0, asn1_output_data_fn,
- SMIME_read_ASN1, BN_X931_generate_Xpq, BN_X931_derive_prime_ex,
- BN_X931_generate_prime_ex, COMP_zlib_cleanup, CRYPTO_malloc_debug_init,
- int_CRYPTO_set_do_dynlock_callback, CRYPTO_set_mem_info_functions,
- CRYPTO_strdup, CRYPTO_dbg_push_info, CRYPTO_dbg_pop_info,
- CRYPTO_dbg_remove_all_info, OPENSSL_isservice, OPENSSL_init,
- ENGINE_set_load_ssl_client_cert_function,
- ENGINE_get_ssl_client_cert_function, ENGINE_load_ssl_client_cert,
- EVP_CIPHER_CTX_set_flags, EVP_CIPHER_CTX_clear_flags,
- EVP_CIPHER_CTX_test_flags, HMAC_CTX_set_flags, OCSP_sendreq_new
- OCSP_sendreq_nbio, OCSP_REQ_CTX_free, RSA_X931_derive_ex,
- RSA_X931_generate_key_ex, X509_ALGOR_set0, X509_ALGOR_get0,
- X509at_get0_data_by_OBJ, X509_get1_ocsp
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 28 Nov 2009 14:34:26 +0100
-
-openssl (0.9.8k-6) unstable; urgency=low
-
- * Disable SSL/TLS renegotiation (CVE-2009-3555) (Closes: #555829)
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 12 Nov 2009 18:10:31 +0000
-
-openssl (0.9.8k-5) unstable; urgency=low
-
- * Don't check self signed certificate signatures in X509_verify_cert()
- (Closes: #541735)
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 11 Sep 2009 15:42:32 +0200
-
-openssl (0.9.8k-4) unstable; urgency=low
-
- * Split all the patches into a separate files
- * Stop undefinging HZ, the issue on alpha should be fixed.
- * Remove MD2 from digest algorithm table. (CVE-2009-2409) (Closes: #539899)
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 11 Aug 2009 21:19:18 +0200
-
-openssl (0.9.8k-3) unstable; urgency=low
-
- * Make rc4-x86_64 PIC. Based on patch from Petr Salinger (Closes: #532336)
- * Add workaround for kfreebsd that can't see the different between
- two pipes. Patch from Petr Salinger.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 13 Jun 2009 18:15:46 +0200
-
-openssl (0.9.8k-2) unstable; urgency=low
-
- * Move libssl0.9.8-dbg to the debug section.
- * Use the rc4 assembler on kfreebsd-amd64 (Closes: #532336)
- * Split the line to generate md5-x86_64.s in the Makefile. This will
- hopefully fix the build issue on kfreebsd that now outputs the file
- to stdout instead of the file.
- * Fix denial of service via an out-of-sequence DTLS handshake message
- (CVE-2009-1387) (Closes: #532037)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 08 Jun 2009 19:05:56 +0200
-
-openssl (0.9.8k-1) unstable; urgency=low
-
- * New upstream release
- - 0.9.8i fixed denial of service via a DTLS ChangeCipherSpec packet
- that occurs before ClientHello (CVE-2009-1386)
- * Make aes-x86_64.pl use PIC.
- * Fix security issues (Closes: #530400)
- - "DTLS record buffer limitation bug." (CVE-2009-1377)
- - "DTLS fragment handling" (CVE-2009-1378)
- - "DTLS use after free" (CVE-2009-1379)
- * Fixed Configure for hurd: use -mtune=i486 instead of -m486
- Patch by Marc Dequènes (Duck) <duck at hurdfr.org> (Closes: #530459)
- * Add support for avr32 (Closes: #528648)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 16 May 2009 17:33:55 +0200
-
-openssl (0.9.8g-16) unstable; urgency=high
-
- * Properly validate the length of an encoded BMPString and UniversalString
- (CVE-2009-0590) (Closes: #522002)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 01 Apr 2009 22:04:53 +0200
-
-openssl (0.9.8g-15) unstable; urgency=low
-
- * Internal calls to didn't properly check for errors which
- resulted in malformed DSA and ECDSA signatures being treated as
- a good signature rather than as an error. (CVE-2008-5077)
- * ipv6_from_asc() could write 1 byte longer than the buffer in case
- the ipv6 address didn't have "::" part. (Closes: #506111)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 05 Jan 2009 21:14:31 +0100
-
-openssl (0.9.8g-14) unstable; urgency=low
-
- * Don't give the warning about security updates when upgrading
- from etch since it doesn't have any known security problems.
- * Automaticly use engines that succesfully initialised. Patch
- from the 0.9.8h upstream version. (Closes: #502177)
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 31 Oct 2008 22:45:14 +0100
-
-openssl (0.9.8g-13) unstable; urgency=low
-
- * Fix a problem with tlsext preventing firefox 3 from connection.
- Patch from upstream CVS and part of 0.9.8h.
- (Closes: #492758)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 03 Aug 2008 19:47:10 +0200
-
-openssl (0.9.8g-12) unstable; urgency=low
-
- * add the changelog of the 10.1 NMU to make bugtracking happy
-
- -- Christoph Martin <Christoph.Martin at Uni-Mainz.DE> Tue, 22 Jul 2008 14:58:26 +0200
-
-openssl (0.9.8g-11) unstable; urgency=low
-
- [ Christoph Martin ]
- * updated cs, gl, sv, ru, ro debconf translation (closes: #480926, #480967,
- #482465, #484324, #488595)
- * add Vcs-Svn header (closes: #481654)
- * fix debian-kfreebsd-i386 build flags (closes: #482275)
- * add stunnel4 to restart list (closes: #482111)
- * include fixes from 10.1 NMU by Security team
- - Fix double free in TLS server name extension which leads to a remote
- denial of service (CVE-2008-0891; Closes: #483379).
- - Fix denial of service if the 'Server Key exchange message'
- is omitted from a TLS handshake which could lead to a client
- crash (CVE-2008-1672; Closes: #483379).
- This only works if openssl is compiled with enable-tlsext which is
- done in Debian.
- * fix some lintian warnings
- * update to newest standards version
-
- -- Christoph Martin <Christoph.Martin at Uni-Mainz.DE> Thu, 17 Jul 2008 09:53:01 +0200
-
-openssl (0.9.8g-10.1) unstable; urgency=high
-
- * Non-maintainer upload by the Security team.
- * Fix denial of service if the 'Server Key exchange message'
- is omitted from a TLS handshake which could lead to a client
- crash (CVE-2008-1672; Closes: #483379).
- This only works if openssl is compiled with enable-tlsext which is
- done in Debian.
- * Fix double free in TLS server name extension which leads to a remote
- denial of service (CVE-2008-0891; Closes: #483379).
-
- -- Nico Golde <nion at debian.org> Tue, 27 May 2008 11:13:44 +0200
-
-openssl (0.9.8g-10) unstable; urgency=low
-
- * undefine HZ so that the code falls back to sysconf(_SC_CLK_TCK)
- to fix a build failure on alpha.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 08 May 2008 17:56:13 +0000
-
-openssl (0.9.8g-9) unstable; urgency=high
-
- [ Christoph Martin ]
- * Include updated debconf translations (closes: #473477, #461597,
- #461880, #462011, #465517, #475439)
-
- [ Kurt Roeckx ]
- * ssleay_rand_add() really needs to call MD_Update() for buf.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 07 May 2008 20:32:12 +0200
-
-openssl (0.9.8g-8) unstable; urgency=high
-
- * Don't add extensions to ssl v3 connections. It breaks with some
- other software. (Closes: #471681)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 23 Mar 2008 17:50:04 +0000
-
-openssl (0.9.8g-7) unstable; urgency=low
-
- * Upload to unstable.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Feb 2008 22:22:29 +0000
-
-openssl (0.9.8g-6) experimental; urgency=low
-
- * Bump shlibs.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 09 Feb 2008 15:42:22 +0100
-
-openssl (0.9.8g-5) experimental; urgency=low
-
- * Enable tlsext. This changes the ABI, but should hopefully
- not cause any problems. (Closes: #462596)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 09 Feb 2008 13:32:49 +0100
-
-openssl (0.9.8g-4) unstable; urgency=low
-
- * Fix aes ige test speed not to overwrite it's buffer and
- cause segfauls. Thanks to Tim Hudson (Closes: #459619)
- * Mark some strings in the templates as non translatable.
- Patch from Christian Perrier <bubulle at debian.org> (Closes: #450418)
- * Update Dutch debconf translation (Closes: #451290)
- * Update French debconf translation (Closes: #451375)
- * Update Catalan debconf translation (Closes: #452694)
- * Update Basque debconf translation (Closes: #457285)
- * Update Finnish debconf translation (Closes: #458261)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 16 Jan 2008 21:49:43 +0100
-
-openssl (0.9.8g-3) unstable; urgency=low
-
- * aes-586.pl: push %ebx on the stack before we put some things on the
- stack and call a function, giving AES_decrypt() wrong values to work
- with. (Closes: #449200)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 04 Nov 2007 21:49:00 +0100
-
-openssl (0.9.8g-2) unstable; urgency=low
-
- * Avoid text relocations on i386 caused by the assembler versions:
- - x86unix.pl: Create a function_begin_B_static to create a
- static/local assembler function.
- - aes-586.pl: Use the function_begin_B_static for _x86_AES_decrypt
- so that it doesn't get exported and doesn't have any (text) relocations.
- - aes-586.pl: Set up ebx to point to the GOT and call AES_set_encrypt_key
- via the PLT to avoid a relocation.
- - x86unix.pl: Call the init function via the PLT, avoiding a relocation
- in case of a PIC object.
- - cbc.pl: Call functions via the PLT.
- - desboth.pl: Call DES_encrypt2 via the PLT.
- * CA.sh should use the v3_ca extension when called with -newca
- (Closes: #428051)
- * Use -Wa,--noexecstack for all arches in Debian. (Closes: #430583)
- * Convert the failure message when services fail restart to a debconf
- message.
- * To restart a service, just restart, instead of stop and start.
- Hopefully fixes #444946
- * Also remove igetest from the test dir in the clean target.
- (Closes: #424362)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 03 Nov 2007 13:25:45 +0100
-
-openssl (0.9.8g-1) unstable; urgency=low
-
- * New upstream release
- - Fixes version number not to say it's a development version.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 20 Oct 2007 12:47:10 +0200
-
-openssl (0.9.8f-1) unstable; urgency=low
-
- * New upstream release
- - Fixes DTLS issues, also fixes CVE-2007-4995 (Closes: #335703, #439737)
- - Proper inclusion of opensslconf.h in pq_compat.h (Closes: #408686)
- - New function SSL_set_SSL_CTX: bump shlibs.
- * Remove build dependency on gcc > 4.2
- * Remove the openssl preinst, it looks like a workaround
- for a change in 0.9.2b where config files got moved. (Closes: #445095)
- * Update debconf translations:
- - Vietnamese (Closes: #426988)
- - Danish (Closes: #426774)
- - Slovak (Closes: #440723)
- - Finnish (Closes: #444258)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 13 Oct 2007 00:47:22 +0200
-
-openssl (0.9.8e-9) unstable; urgency=high
-
- * CVE-2007-5135: Fix off by one error in SSL_get_shared_ciphers().
- (Closes: #444435)
- * Add postgresql-8.2 to the list of services to check.
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 28 Sep 2007 19:47:33 +0200
-
-openssl (0.9.8e-8) unstable; urgency=low
-
- * Fix another case of the "if this code is reached, the program will abort"
- (Closes: #429740)
- * Temporary force to build with gcc >= 4.2
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 02 Sep 2007 18:12:11 +0200
-
-openssl (0.9.8e-7) unstable; urgency=low
-
- * Fix problems with gcc-4.2 (Closes: #429740)
- * Stop using -Bsymbolic to create the shared library.
- * Make x86_64cpuid.pl use PIC.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 02 Sep 2007 16:15:18 +0200
-
-openssl (0.9.8e-6) unstable; urgency=high
-
- * Add fix for CVE-2007-3108 (Closes: #438142)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 15 Aug 2007 19:49:54 +0200
-
-openssl (0.9.8e-5) unstable; urgency=low
-
- [ Christian Perrier ]
- * Debconf templates proofread and slightly rewritten by
- the debian-l10n-english team as part of the Smith Review Project.
- Closes: #418584
- * Debconf templates translations:
- - Arabic. Closes: #418669
- - Russian. Closes: #418670
- - Galician. Closes: #418671
- - Swedish. Closes: #418679
- - Korean. Closes: #418755
- - Czech. Closes: #418768
- - Basque. Closes: #418784
- - German. Closes: #418785
- - Traditional Chinese. Closes: #419915
- - Brazilian Portuguese. Closes: #419959
- - French. Closes: #420429
- - Italian. Closes: #420461
- - Japanese. Closes: #420482
- - Catalan. Closes: #420833
- - Dutch. Closes: #420925
- - Malayalam. Closes: #420986
- - Portuguese. Closes: #421032
- - Romanian. Closes: #421708
-
- [ Kurt Roeckx ]
- * Remove the Provides for the udeb. Patch from Frans Pop. (Closes: #419608)
- * Updated Spanish debconf template. (Closes: #421336)
- * Do the header changes, changing those defines into real functions,
- and bump the shlibs to match.
- * Update Japanese debconf translation. (Closes: #422270)
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 15 May 2007 17:21:08 +0000
-
-openssl (0.9.8e-4) unstable; urgency=low
-
- * openssl should depend on libssl0.9.8 0.9.8e-1 since it
- uses some of the defines that changed to functions.
- Other things build against libssl or libcrypto shouldn't
- have this problem since they use the old headers.
- (Closes: #414283)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Mar 2007 17:11:46 +0000
-
-openssl (0.9.8e-3) unstable; urgency=low
-
- * Add nagios-nrpe-server to the list of services to be checked
- (Closes: #391188)
- * EVP_CIPHER_CTX_key_length() should return the set key length in the
- EVP_CIPHER_CTX structure which may not be the same as the underlying
- cipher key length for variable length ciphers.
- From upstream CVS. (Closes: #412979)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 4 Mar 2007 23:22:51 +0000
-
-openssl (0.9.8e-2) unstable; urgency=low
-
- * Undo include changes that change defines into real functions,
- but keep the new functions in the library.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 25 Feb 2007 19:19:19 +0000
-
-openssl (0.9.8e-1) unstable; urgency=low
-
- * New upstream release
- - Inludes security fixes for CVE-2006-2937, CVE-2006-2940,
- CVE-2006-3738, CVE-2006-4343 (Closes: #408902)
- - s_client now properly works with SMTP. Also added support
- for IMAP. (closes: #221689)
- - Load padlock modules (Closes: #345656, #368476)
- * Add clamav-freshclam and clamav-daemon to the list of service that
- need to be restarted. (Closes: #391191)
- * Add armel support. Thanks to Guillem Jover <guillem.jover at nokia.com>
- for the patch. (Closes: #407196)
- * Add Portuguese translations. Thanks to Carlos Lisboa. (Closes: 408157)
- * Add Norwegian translations. Thanks to Bjørn Steensrud
- <bjornst at powertech.no> (Closes: #412326)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 25 Feb 2007 18:06:28 +0000
-
-openssl (0.9.8c-4) unstable; urgency=low
-
- * Add German debconf translation. Thanks to
- Johannes Starosta <feedback-an-johannes at arcor.de> (Closes: #388108)
- * Make c_rehash look for both .pem and .crt files. Also make it support
- files in DER format. Patch by "Yauheni Kaliuta" <y.kaliuta at gmail.com>
- (Closes: #387089)
- * Use & instead of && to check a flag in the X509 policy checking.
- Patch from upstream cvs. (Closes: #397151)
- * Also restart slapd for security updates (Closes: #400221)
- * Add Romanian debconf translation. Thanks to
- stan ioan-eugen <stan.ieugen at gmail.com> (Closes: #393507)
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 30 Nov 2006 20:57:46 +0000
-
-openssl (0.9.8c-3) unstable; urgency=low
-
- * Fix patch for CVE-2006-2940, it left ctx unintiliased.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 2 Oct 2006 18:05:00 +0200
-
-openssl (0.9.8c-2) unstable; urgency=high
-
- * Fix security vulnerabilities (CVE-2006-2937, CVE-2006-2940,
- CVE-2006-3738, CVE-2006-4343). Urgency set to high.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 27 Sep 2006 21:24:55 +0000
-
-openssl (0.9.8c-1) unstable; urgency=low
-
- * New upstream release
- - block padding bug with compression now fixed upstream, using
- their patch.
- - Includes the RSA Signature Forgery (CVE-2006-4339) patch.
- - New functions AES_bi_ige_encrypt and AES_ige_encrypt:
- bumping shlibs to require 0.9.8c-1.
- * Change the postinst script to check that ntp is installed instead
- of ntp-refclock and ntp-simple. The binary is now in the ntp
- package.
- * Move the modified rand/md_rand.c file to the right place,
- really fixing #363516.
- * Add partimage-server conserver-server and tor to the list of service
- to check for restart. Add workaround for openssh-server so it finds
- the init script. (Closes: #386365, #386400, #386513)
- * Add manpage for c_rehash.
- Thanks to James Westby <jw+debian at jameswestby.net> (Closes: #215618)
- * Add Lithuanian debconf translation.
- Thanks to Gintautas Miliauskas <gintas at akl.lt> (Closes: #374364)
- * Add m32r support.
- Thanks to Kazuhiro Inaoka <inaoka.kazuhiro at renesas.com>
- (Closes: #378689)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 17 Sep 2006 14:47:59 +0000
-
-openssl (0.9.8b-3) unstable; urgency=high
-
- * Fix RSA Signature Forgery (CVE-2006-4339) using patch provided
- by upstream.
- * Restart services using a smaller version that 0.9.8b-3, so
- they get the fixed version.
- * Change the postinst to check for postfix instead of postfix-tls.
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 5 Sep 2006 18:26:10 +0000
-
-openssl (0.9.8b-2) unstable; urgency=low
-
- * Don't call gcc with -mcpu on i386, we already use -march, so no need for
- -mtune either.
- * Always make all directories when building something:
- - The engines directory didn't get build for the static directory, so
- where missing in libcrypo.a
- - The apps directory didn't always get build, so we didn't have an openssl
- and a small part of the regression tests failed.
- * Make the package fail to build if the regression tests fail.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 15 May 2006 16:00:58 +0000
-
-openssl (0.9.8b-1) unstable; urgency=low
-
- * New upstream release
- - New functions added (EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_free), bump shlibs.
- - CA.pl/CA.sh now calls openssl ca with -extensions v3_ca, setting CA:TRUE
- instead of FALSE.
- - CA.pl/CA.sh creates crlnumber now. (Closes: #347612)
- * Run debconf-updatepo, which really already was in the 0.9.8a-8 version
- as it was uploaded.
- * Add Galician debconf translation. Patch from
- Jacobo Tarrio <jtarrio at trasno.net> (Closes: #361266)
- * libssl0.9.8.postinst makes uses of bashisms (local variables)
- so use #!/bin/bash
- * libssl0.9.8.postinst: Call set -e after sourcing the debconf
- script.
- * libssl0.9.8.postinst: Change list of service that may need
- to be restarted:
- - Replace ssh by openssh-server
- - Split postgresql in postgresql-7.4 postgresql-8.0 postgresql-8.1
- - Add: dovecot-common bind9 ntp-refclock ntp-simple openntpd clamcour
- fetchmail ftpd-ssl proftpd proftpd-ldap proftpd-mysql proftpd-pgsql
- * libssl0.9.8.postinst: The check to see if something was installed
- wasn't working.
- * libssl0.9.8.postinst: Add workaround to find the name of the init
- script for proftpd and dovecot.
- * libssl0.9.8.postinst: Use invoke-rc.d when it's available.
- * Change Standards-Version to 3.7.0:
- - Make use of invoke-rc.d
- * Add comment to README.Debian that rc5, mdc2 and idea have been
- disabled (since 0.9.6b-3) (Closes: #362754)
- * Don't add uninitialised data to the random number generator. This stop
- valgrind from giving error messages in unrelated code.
- (Closes: #363516)
- * Put the FAQ in the openssl docs.
- * Add russian debconf translations from Yuriy Talakan <yt at amur.elektra.ru>
- (Closes #367216)
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 4 May 2006 20:40:03 +0200
-
-openssl (0.9.8a-8) unstable; urgency=low
-
- * Call pod2man with the proper section. Section changed
- from 1/3/5/7 to 1SSL/3SSL/5SSL/7SSL. The name of the files
- already had the ssl in, the section didn't. The references
- to other manpage is still wrong.
- * Don't install the LICENSE file, it's already in the copyright file.
- * Don't set an rpath on openssl to point to /usr/lib.
- * Add support for kfreebsd-amd64. (Closes: #355277)
- * Add udeb to the shlibs. Patch from Frans Pop <aragorn at tiscali.nl>
- (Closes: #356908)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 11 Feb 2006 14:14:37 +0100
-
-openssl (0.9.8a-7) unstable; urgency=high
-
- * Add italian debconf templates. Thanks to Luca Monducci.
- (Closes: #350249)
- * Change the debconf question to use version 0.9.8-3
- instead of 0.9.8-1, since that's the last version
- with a security fix.
- * Call conn_state() if the BIO is not in the BIO_CONN_S_OK state
- (Closes: #352047). RC bug affecting testing, so urgency high.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 9 Feb 2006 19:07:56 +0100
-
-openssl (0.9.8a-6) unstable; urgency=low
-
- * Remove empty postinst/preinst/prerm scripts. There is no need
- to have empty ones, debhelper will add them when needed.
- * Remove the static pic libraries. Nobody should be linking
- it's shared libraries static to libssl or libcrypto.
- This was added for opensc who now links to it shared.
- * Do not assume that in case the sequence number is 0 and the
- packet has an odd number of bytes that the other side has
- the block padding bug, but try to check that it actually
- has the bug. The wrong detection of this bug resulted
- in an "decryption failed or bad record mac" error in case
- both sides were using zlib compression. (Closes: #338006)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 21 Jan 2006 16:25:41 +0100
-
-openssl (0.9.8a-5) unstable; urgency=low
-
- * Stop ssh from crashing randomly on sparc (Closes: #335912)
- Patch from upstream cvs.
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 13 Dec 2005 21:37:42 +0100
-
-openssl (0.9.8a-4) unstable; urgency=low
-
- * Call dh_makeshlibs with the proper version instead of putting
- it in shlibs.local, which doesn't seem to do anything. 0.9.8a-1
- added symbol versioning, so it should have bumped the shlibs.
- (Closes: #338284)
- * The openssl package had a duplicate dependency on libssl0.9.8,
- only require the version as required by the shlibs.
- * Make libssl-dev depend on zlib1g-dev, since it's now required for
- static linking. (Closes: #338313)
- * Generate .pc files that make use of Libs.private, so things only
- link to the libraries they should when linking shared.
- * Use -m64 instead of -bpowerpc64-linux on ppc64. (Closes: #335486)
- * Make powerpc and ppc64 use the assembler version for bn. ppc64
- had the location in the string wrong, powerpc had it missing.
- * Add includes for stddef to get size_t in md2.h, md4.h, md5.h,
- ripemd.h and sha.h. (Closes: #333101)
- * Run make test for each of the versions we build, make it
- not fail the build process if an error is found.
- * Add build dependency on bc for the regression tests.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Nov 2005 16:01:05 +0100
-
-openssl (0.9.8a-3) unstable; urgency=high
-
- * Link to libz instead of dynamicly loading it. It gets loaded
- at the moment the library is initialised, so there is no point
- in not linking to it. It's now failing in some cases since
- it's not opened by it's soname, but by the symlink to it.
- This should hopefully solve most of the bugs people have reported
- since the move to libssl0.9.8.
- (Closes: #334180, #336140, #335271)
- * Urgency set to high because it fixes a grave bug affecting testing.
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 1 Nov 2005 14:56:40 +0100
-
-openssl (0.9.8a-2) unstable; urgency=low
-
- * Add Build-Dependency on m4, since sparc needs it to generate
- it's assembler files. (Closes: #334542)
- * Don't use rc4-x86_64.o on amd64 for now, it seems to be broken
- and causes a segfault. (Closes: #334501, #334502)
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 18 Oct 2005 19:05:53 +0200
-
-openssl (0.9.8a-1) unstable; urgency=low
-
- Christoph Martin:
- * fix asm entries for some architectures, fixing #332758 properly.
- * add noexecstack option to i386 subarch
- * include symbol versioning in Configure (closes: #330867)
- * include debian-armeb arch (closes: #333579)
- * include new upstream patches; includes some minor fixes
- * fix dh_shlibdeps line, removing the redundant dependency on
- libssl0.9.8 (closes: #332755)
- * add swedish debconf template (closes: #330554)
-
- Kurt Roeckx:
- * Also add noexecstack option for amd64, since it now has an
- executable stack with the assembler fixes for amd64.
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 17 Oct 2005 17:01:06 +0200
-
-openssl (0.9.8-3) unstable; urgency=low
-
- * Apply security fix for CAN-2005-2969. (Closes: #333500)
- * Change priority of -dbg package to extra.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 12 Oct 2005 22:38:58 +0200
-
-openssl (0.9.8-2) unstable; urgency=low
-
- * Don't use arch specific assembler. Should fix build failure on
- ia64, sparc and amd64. (Closes: #332758)
- * Add myself to the uploaders.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 10 Oct 2005 19:22:36 +0200
-
-openssl (0.9.8-1) unstable; urgency=low
-
- * New upstream release (closes: #311826)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 29 Sep 2005 14:20:04 +0200
-
-openssl (0.9.7g-3) unstable; urgency=low
-
- * change Configure line for debian-freebsd-i386 to debian-kfreebsd-i386
- (closes: #327692)
- * include -dbg version. That implies compiling with -g and without
- -fomit-frame-pointer (closes: #293823, #153811)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 23 Sep 2005 13:51:57 +0200
-
-openssl (0.9.7g-2) unstable; urgency=low
-
- * really include nl translation
- * remove special ia64 code from rc4 code to make the abi compatible to
- older 0.9.7 versions (closes: #310489, #309274)
- * fix compile flag for debian-ppc64 (closes: #318750)
- * small fix in libssl0.9.7.postinst (closes: #239956)
- * fix pk7_mime.c to prevent garbled messages because of to early memory
- free (closes: #310184)
- * include vietnamese debconf translation (closes: #316689)
- * make optimized i386 libraries have non executable stack (closes:
- #321721)
- * remove leftover files from ssleay
- * move from dh_installmanpages to dh_installman
- * change Maintainer to pkg-openssl-devel at lists.alioth.debian.org
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 7 Sep 2005 15:32:54 +0200
-
-openssl (0.9.7g-1) unstable; urgency=low
-
- * New upstream release
- * Added support for proxy certificates according to RFC 3820.
- Because they may be a security thread to unaware applications,
- they must be explicitely allowed in run-time. See
- docs/HOWTO/proxy_certificates.txt for further information.
- * Prompt for pass phrases when appropriate for PKCS12 input format.
- * Back-port of selected performance improvements from development
- branch, as well as improved support for PowerPC platforms.
- * Add lots of checks for memory allocation failure, error codes to indicate
- failure and freeing up memory if a failure occurs.
- * Perform some character comparisons of different types in X509_NAME_cmp:
- this is needed for some certificates that reencode DNs into UTF8Strings
- (in violation of RFC3280) and can't or wont issue name rollover
- certificates.
- * corrected watchfile
- * added upstream source url (closes: #292904)
- * fix typo in CA.pl.1 (closes: #290271)
- * change debian-powerpc64 to debian-ppc64 and adapt the configure
- options to be the same like upstream (closes: #289841)
- * include -signcert option in CA.pl usage
- * compile with zlib-dynamic to use system zlib (closes: #289872)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 9 May 2005 23:32:03 +0200
-
-openssl (0.9.7e-3) unstable; urgency=high
-
- * really fix der_chop. The fix from -1 was not really included (closes:
- #281212)
- * still fixes security problem CAN-2004-0975 etc.
- - tempfile raise condition in der_chop
- - Avoid a race condition when CRLs are checked in a multi threaded
- environment.
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Dec 2004 18:41:29 +0100
-
-openssl (0.9.7e-2) unstable; urgency=high
-
- * fix perl path in der_chop and c_rehash (closes: #281212)
- * still fixes security problem CAN-2004-0975 etc.
- - tempfile raise condition in der_chop
- - Avoid a race condition when CRLs are checked in a multi threaded
- environment.
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 14 Nov 2004 20:16:21 +0100
-
-openssl (0.9.7e-1) unstable; urgency=high
-
- * SECURITY UPDATE: fix insecure temporary file handling
- * apps/der_chop:
- - replaced $$-style creation of temporary files with
- File::Temp::tempfile()
- - removed unused temporary file name in do_certificate()
- * References:
- CAN-2004-0975 (closes: #278260)
- * fix ASN1_STRING_to_UTF8 with UTF8 (closes: #260357)
- * New upstream release with security fixes
- - Avoid a race condition when CRLs are checked in a multi threaded
- environment.
- - Various fixes to s3_pkt.c so alerts are sent properly.
- - Reduce the chances of duplicate issuer name and serial numbers (in
- violation of RFC3280) using the OpenSSL certificate creation
- utilities.
- * depends openssl on perl-base instead of perl (closes: #280225)
- * support powerpc64 in Configure (closes: #275224)
- * include cs translation (closes: #273517)
- * include nl translation (closes: #272479)
- * Fix default dir of c_rehash (closes: #253126)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 12 Nov 2004 14:11:15 +0100
-
-openssl (0.9.7d-5) unstable; urgency=low
-
- * Make S/MIME encrypt work again (backport from CVS) (closes: #241407,
- #241386)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 26 Jul 2004 17:22:42 +0200
-
-openssl (0.9.7d-4) unstable; urgency=low
-
- * add Catalan translation (closes: #248749)
- * add Spanish translation (closes: #254561)
- * include NMU fixes: see below
- * decrease optimisation level for debian-arm to work around gcc bug
- (closes: #253848) (thanks to Steve Langasek and Thom May)
- * Add libcrypto0.9.7-udeb. (closes: #250010) (thanks to Bastian Blank)
- * Add watchfile
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 14 Jul 2004 14:31:02 +0200
-
-openssl (0.9.7d-3) unstable; urgency=low
-
- * rename -pic.a libraries to _pic.a (closes: #250016)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 24 May 2004 17:02:29 +0200
-
-openssl (0.9.7d-2) unstable; urgency=low
-
- * include PIC libs (libcrypto-pic.a and libssl-pic.a) to libssl-dev
- (closes: #246928, #243999)
- * add racoon to restart list (closes: #242652)
- * add Brazilian, Japanese and Danish translations (closes: #242087,
- #241830, #241705)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 11 May 2004 10:13:49 +0200
-
-openssl (0.9.7d-1) unstable; urgency=high
-
- * new upstream
- * fixes security holes (http://www.openssl.org/news/secadv_20040317.txt)
- (closes: #238661)
- * includes support for debian-amd64 (closes: #235551, #232310)
- * fix typo in pem.pod (closes: #219873)
- * fix typo in libssl0.9.7.templates (closes: #224690)
- * openssl suggests ca-certificates (closes: #217180)
- * change debconf template to gettext format (closes: #219013)
- * include french debconf template (closes: #219014)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 18 Mar 2004 16:18:43 +0100
-
-openssl (0.9.7c-5) unstable; urgency=low
-
- * include openssl.pc into libssl-dev (closes: #212545)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Oct 2003 16:31:32 +0200
-
-openssl (0.9.7c-4) unstable; urgency=low
-
- * change question to restart services to debconf (closes: #214840)
- * stop using dh_undocumented (closes: #214831)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 10 Oct 2003 15:40:48 +0200
-
-openssl (0.9.7c-3) unstable; urgency=low
-
- * fix POSIX conformance for head in libssl0.9.7.postinst (closes:
- #214700)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 8 Oct 2003 14:02:38 +0200
-
-openssl (0.9.7c-2) unstable; urgency=low
-
- * add filerc macro to libssl0.9.7.postinst (closes: #213906)
- * restart spamassassins spamd on upgrade (closes: #214106)
- * restart more services on upgrade
- * fix EVP_BytesToKey manpage (closes: #213715)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 7 Oct 2003 15:01:32 +0200
-
-openssl (0.9.7c-1) unstable; urgency=high
-
- * upstream security fix (closes: #213451)
- - Fix various bugs revealed by running the NISCC test suite:
- Stop out of bounds reads in the ASN1 code when presented with
- invalid tags (CAN-2003-0543 and CAN-2003-0544).
- Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
- If verify callback ignores invalid public key errors don't try to check
- certificate signature with the NULL public key.
- - In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
- if the server requested one: as stated in TLS 1.0 and SSL 3.0
- specifications.
- * more minor upstream bugfixes
- * fix formatting in c_issuer (closes: #190026)
- * fix Debian-FreeBSD support (closes: #200381)
- * restart some services in postinst to make them use the new libraries
- * remove duplicated openssl.1, crypto.3 and ssl.3 (closes: #198594)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 1 Oct 2003 08:54:27 +0200
-
-openssl (0.9.7b-2) unstable; urgency=high
-
- * fix permission of /etc/ssl/private to 700 again
- * change section of libssl-dev to libdevel
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 23 Apr 2003 11:13:24 +0200
-
-openssl (0.9.7b-1) unstable; urgency=high
-
- * upstream security fix
- - Countermeasure against the Klima-Pokorny-Rosa extension of
- Bleichbacher's attack on PKCS #1 v1.5 padding: treat
- a protocol version number mismatch like a decryption error
- in ssl3_get_client_key_exchange (ssl/s3_srvr.c). (CAN-2003-0131)
- (closes: #189087)
- - Turn on RSA blinding by default in the default implementation
- to avoid a timing attack. Applications that don't want it can call
- RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
- They would be ill-advised to do so in most cases. (CAN-2003-0147)
- - Change RSA blinding code so that it works when the PRNG is not
- seeded (in this case, the secret RSA exponent is abused as
- an unpredictable seed -- if it is not unpredictable, there
- is no point in blinding anyway). Make RSA blinding thread-safe
- by remembering the creator's thread ID in rsa->blinding and
- having all other threads use local one-time blinding factors
- (this requires more computation than sharing rsa->blinding, but
- avoids excessive locking; and if an RSA object is not shared
- between threads, blinding will still be very fast).
- for more details see the CHANGES file
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 16 Apr 2003 10:32:57 +0200
-
-openssl (0.9.7a-1) unstable; urgency=high
-
- * upstream Security fix
- - In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
- via timing by performing a MAC computation even if incorrrect
- block cipher padding has been found. This is a countermeasure
- against active attacks where the attacker has to distinguish
- between bad padding and a MAC verification error. (CAN-2003-0078)
- for more details see the CHANGES file
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 21 Feb 2003 22:39:40 +0100
-
-openssl (0.9.7-4) unstable; urgency=low
-
- * use DH_COMPAT=3 to build
- * move i686 to i686/cmov to fix problems on Via C3. For that to work we
- have to depend on the newest libc6 on i386 (closes: #177891)
- * fix bug in ui_util.c (closes: #177615)
- * fix typo in md5.h (closes: #178112)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 24 Jan 2003 10:22:56 +0100
-
-openssl (0.9.7-3) unstable; urgency=low
-
- * enable build of ultrasparc code on non ultrasparc machines (closes:
- #177024)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 17 Jan 2003 08:22:13 +0100
-
-openssl (0.9.7-2) unstable; urgency=low
-
- * include changes between 0.9.6g-9 and -10
- * fix problem in build-process on i386 with libc6 version number
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 13 Jan 2003 14:26:56 +0100
-
-openssl (0.9.7-1) unstable; urgency=low
-
- * new upstream
- * includes engine support
- * a lot of bugfixes and enhancements, see the CHANGES file
- * include AES encryption
- * makes preview of certificate configurable (closes: #176059)
- * fix x509 manpage (closes: #168070)
- * fix declaration of ERR_load_PEM_string in pem.h (closes: #141360)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 11 Jan 2003 09:12:16 +0100
-
-openssl (0.9.6g-10) unstable; urgency=low
-
- * fix problem in build-process on i386 with libc6 version number
- (closes: #167096)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 4 Nov 2002 12:27:21 +0100
-
-openssl (0.9.6g-9) unstable; urgency=low
-
- * fix typo in i386 libc6 depend (sigh) (closes: #163848)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 8 Oct 2002 23:29:20 +0200
-
-openssl (0.9.6g-8) unstable; urgency=low
-
- * fix libc6 depends. Only needed for i386 (closes: #163701)
- * remove SHLIB section for bsds from Configure (closes: #163585)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 8 Oct 2002 10:57:35 +0200
-
-openssl (0.9.6g-7) unstable; urgency=low
-
- * enable i686 optimisation and depend on fixed glibc (closes: #163500)
- * remove transition package ssleay
- * include optimisation vor sparcv8 (closes: #139996)
- * improve optimisation vor sparcv9
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 6 Oct 2002 14:07:12 +0200
-
-openssl (0.9.6g-6) unstable; urgency=low
-
- * temporarily disable i686 optimisation (See bug in glibc #161788)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 21 Sep 2002 18:56:49 +0200
-
-openssl (0.9.6g-5) unstable; urgency=low
-
- * i486 can use i586 assembler
- * include set -xe in the for loops in the rules files to make it abort
- on error (closes: #161768)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 21 Sep 2002 16:23:11 +0200
-
-openssl (0.9.6g-4) unstable; urgency=low
-
- * fix optimization for alpha and sparc
- * add optimization for i486
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 20 Sep 2002 22:36:19 +0200
-
-openssl (0.9.6g-3) unstable; urgency=low
-
- * add optimized libraries for i586, i686, ev4, ev5 and v9 (closes: #139783)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 19 Sep 2002 18:33:04 +0200
-
-openssl (0.9.6g-2) unstable; urgency=low
-
- * fix manpage names (closes: #156717, #156718, #156719, #156721)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 15 Aug 2002 11:26:37 +0200
-
-openssl (0.9.6g-1) unstable; urgency=low
-
- * new upstream version
- * Use proper error handling instead of 'assertions' in buffer
- overflow checks added in 0.9.6e. This prevents DoS (the
- assertions could call abort()). (closes: #155985, #156495)
- * Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
- and get fix the header length calculation.
- * include support for new sh* architectures (closes: #155117)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 14 Aug 2002 13:59:22 +0200
-
-openssl (0.9.6e-1) unstable; urgency=high
-
- * fixes remote exploits (see DSA-136-1)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 30 Jul 2002 18:32:28 +0200
-
-openssl (0.9.6d-1) unstable; urgency=low
-
- * new upstream (minor) version
- * includes Configure lines for debian-*bsd-* (closes: #130413)
- * fix wrong prototype for BN_pseudo_rand_range in BN_rand(3ssl) (closes:
- #144586)
- * fix typos in package description (closes: #141469)
- * fix typo in SSL_CTX_set_cert_store manpage (closes: #135297)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 3 Jun 2002 19:42:10 +0200
-
-openssl (0.9.6c-2) unstable; urgency=low
-
- * moved from non-US to main
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 19 Mar 2002 14:48:39 +0100
-
-openssl (0.9.6c-1) unstable; urgency=low
-
- * new upstream version with a lot of bugfixes
- * remove directory /usr/include/openssl from openssl package (closes:
- bug #121226)
- * remove selfdepends from libssl0.9.6
- * link openssl binary shared again
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 5 Jan 2002 19:04:31 +0100
-
-openssl (0.9.6b-4) unstable; urgency=low
-
- * build with -D_REENTRANT for threads support on all architectures
- (closes: #112329, #119239)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 24 Nov 2001 12:17:51 +0100
-
-openssl (0.9.6b-3) unstable; urgency=low
-
- * disable idea, mdc2 and rc5 because they are not free (closes: #65368)
- * ready to be moved from nonus to main
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 21 Nov 2001 17:51:41 +0100
-
-openssl (0.9.6b-2) unstable; urgency=high
-
- * fix definition of crypt in des.h (closes: #107533)
- * fix descriptions (closes: #109503)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 17 Sep 2001 15:38:27 +0200
-
-openssl (0.9.6b-1) unstable; urgency=medium
-
- * new upstream fixes some security issues (closes: #105835, #100146)
- * added support for s390 (closes: #105681)
- * added support for sh (closes: #100003)
- * change priority of libssl096 to standard as ssh depends on it (closes:
- #105440)
- * don't optimize for i486 to support i386. (closes: #104127, #82194)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 20 Jul 2001 15:52:42 +0200
-
-openssl (0.9.6a-3) unstable; urgency=medium
-
- * add perl-base to builddeps
- * include static libraries in libssl-dev (closes: #93688)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 14 May 2001 20:16:06 +0200
-
-openssl (0.9.6a-2) unstable; urgency=medium
-
- * change Architecture of ssleay from any to all (closes: #92913)
- * depend libssl-dev on the exact same version of libssl0.9.6 (closes:
- #88939)
- * remove lib{crypto,ssl}.a from openssl (closes: #93666)
- * rebuild with newer gcc to fix atexit problem (closes: #94036)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 2 May 2001 12:28:39 +0200
-
-openssl (0.9.6a-1) unstable; urgency=medium
-
- * new upstream, fixes some security bugs (closes: #90584)
- * fix typo in s_server manpage (closes: #89756)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 10 Apr 2001 12:13:11 +0200
-
-openssl (0.9.6-2) unstable; urgency=low
-
- * policy: reorganisation of package names: libssl096 -> libssl0.9.6,
- libssl096-dev -> libssl-dev (closes: #83426)
- * libssl0.9.6 drops replaces libssl09 (Closes: #83425)
- * install upstream CHANGES files (Closes: #83430)
- * added support for hppa and ia64 (Closes: #88790)
- * move man3 manpages to libssl-dev (Closes: #87546)
- * fix formating problem in rand_add(1) (Closes: #87547)
- * remove manpage duplicates (Closes: #87545, #74986)
- * make package descriptions clearer (Closes: #83518, #83444)
- * increase default emailAddress_max from 40 to 60 (Closes: #67238)
- * removed RSAREF warning (Closes: #84122)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 8 Mar 2001 14:24:00 +0100
-
-openssl (0.9.6-1) unstable; urgency=low
-
- * New upstream version (Thanks to Enrique Zanardi <ezanard at debian.org>)
- (closes: #72388)
- * Add support for debian-hurd (closes: #76032)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 13 Nov 2000 22:30:46 +0100
-
-openssl (0.9.5a-5) unstable; urgency=low
-
- * move manpages in standard directories with section ssl (closes:
- #72152, #69809)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 5 Oct 2000 19:56:20 +0200
-
-openssl (0.9.5a-4) unstable; urgency=low
-
- * include edg_rand_bytes patch from and for apache-ssl
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 23 Sep 2000 16:48:06 +0200
-
-openssl (0.9.5a-3) unstable; urgency=low
-
- * fix call to dh_makeshlibs to create correct shlibs file and make
- dependend programs link correctly (closes: Bug#61658)
- * include a note in README.debian concerning the location of the
- subcommand manpages (closes: Bug#69809)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 16 Sep 2000 19:10:50 +0200
-
-openssl (0.9.5a-2) unstable; urgency=low
-
- * try to fix the sharedlib problem. change soname of library
- (closes: Bug#4622, #66102, #66538, #66123)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 12 Jul 2000 03:26:30 +0200
-
-openssl (0.9.5a-1) unstable; urgency=low
-
- * new upstream version (major changes see file NEWS) (closes: Bug#63976,
- #65239, #65358)
- * new library package libssl095a because of probably changed library
- interface (closes: Bug#46222)
- * added architecture mips and mipsel (closes: Bug#62437, #60366)
- * provide shlibs.local file in build to help build if libraries are not
- yet installed (closes: Bug#63984)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 11 Jun 2000 15:17:35 +0200
-
-openssl (0.9.4-5) frozen unstable; urgency=medium
-
- * cleanup of move of doc directories to /usr/share/doc (closes:
- Bug#56430)
- * lintian issues (closes: Bug#49358)
- * move demos from openssl to libssl09-dev (closes: Bug#59201)
- * move to debhelpers
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 11 Mar 2000 10:38:04 +0100
-
-openssl (0.9.4-4) unstable; urgency=medium
-
- * Added 'debian-arm' in 'Configure'. (closes: Bug#54251, #54766)
- * Fixed Configure for 'debian-m68k' (closes: Bug#53636)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 15 Jan 2000 13:16:18 +0100
-
-openssl (0.9.4-3) unstable; urgency=low
-
- * define symbol SSLeay_add_ssl_algorithms for backward compatibility
- (closes: Bug#46882)
- * remove manpages from /usr/doc/openssl (closes: Bug#46791)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 14 Oct 1999 16:51:08 +0200
-
-openssl (0.9.4-2) unstable; urgency=low
-
- * include some more docu in pod format (Bug #43933)
- * removed -mv8 from sparc flags (Bug #44769)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 14 Sep 1999 22:04:06 +0200
-
-openssl (0.9.4-1) unstable; urgency=low
-
- * new upstream version (Closes: #42926)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 28 Aug 1999 17:04:23 +0200
-
-openssl (0.9.3a-1) unstable; urgency=low
-
- * new upstream version (Bug #38345, #38627)
- * sparc is big-endian (Bug #39973)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 7 Jul 1999 16:03:37 +0200
-
-openssl (0.9.2b-3) unstable; urgency=low
-
- * correct move conffiles to /etc/ssl (Bug #38570)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 31 May 1999 21:08:07 +0200
-
-openssl (0.9.2b-2) unstable; urgency=low
-
- * added convenience package ssleay to help upgrade to openssl (Bug
- #37185, #37623, #36326)
- * added some missing dependencies from libssl09 (Bug #36681, #35867,
- #36326)
- * move lib*.so to libssl09-dev (Bug #36761)
- * corrected version numbers of library files
- * introduce link from /usr/lib/ssl to /etc/ssl (Bug #36710)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 23 May 1999 14:57:48 +0200
-
-openssl (0.9.2b-1) unstable; urgency=medium
-
- * First openssl version
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 31 Mar 1999 15:54:26 +0200
-
-ssleay (0.9.0b-2) unstable; urgency=low
-
- * Include message about the (not)usage of RSAREF (#24409)
- * Move configfiles from /usr/lib/ssl to /etc/ssl (#26406)
- * Change definitions for sparc (#26487)
- * Added missing dependency (#28591)
- * Make debian/libtool executable (#29708)
- * /etc/ssl/lib/ssleay.cnf is now a confile (#32624)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 21 Mar 1999 19:41:04 +0100
-
-ssleay (0.9.0b-1) unstable; urgency=low
-
- * new upstream version (Bug #21227, #25971)
- * build shared libraries with -fPIC (Bug #20027)
- * support sparc architecture (Bug #28467)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 13 Oct 1998 10:20:13 +0200
-
-ssleay (0.8.1-7) frozen unstable; urgency=high
-
- * security fix patch to 0.8.1b (bug #24022)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 6 Jul 1998 15:42:15 +0200
-
-ssleay (0.8.1-6) frozen unstable; urgency=low
-
- * second try to fix bug #15235 (copyright was still missing)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 22 Jun 1998 08:56:27 +0200
-
-ssleay (0.8.1-5) frozen unstable; urgency=high
-
- * changed /dev/random to /dev/urandom (Bug #23169, #17817)
- * copyright contains now the full licence (Bug #15235)
- * fixed bug #19410 (md5sums-lists-nonexisting-file)
- * added demos to /usr/doc (Bug #17372)
- * fixed type in package description (Bug #18969)
- * fixed bug in adding documentation (Bug #21463)
- * added patch for support of debian-powerpc (Bug #21579)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 18 Jun 1998 23:09:13 +0200
-
-ssleay (0.8.1-4) unstable; urgency=low
-
- * purged dependency from libc5
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 11 Nov 1997 15:31:50 +0100
-
-ssleay (0.8.1-3) unstable; urgency=low
-
- * changed packagename libssl to libssl08 to get better dependancies
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 7 Nov 1997 14:23:17 +0100
-
-ssleay (0.8.1-2) unstable; urgency=low
-
- * linked shared libraries against libc6
- * use /dev/random for randomseed
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 5 Nov 1997 11:21:40 +0100
-
-ssleay (0.8.1-1) unstable; urgency=low
-
- * new upstream version
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Oct 1997 16:15:43 +0200
-
-ssleay (0.6.6-2) unstable; urgency=low
-
- * cleanup in diffs
- * removed INSTALL from docs (bug #13205)
- * split libssl and libssl-dev (but #13735)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 15 Oct 1997 17:38:38 +0200
-
-ssleay (0.6.6-1) unstable; urgency=low
-
- * New upstream version
- * added shared libraries for libcrypto and libssl
-
- -- Christoph Martin <martin at uni-mainz.de> Thu, 26 Jun 1997 19:26:14 +0200
-
-ssleay (0.6.4-2) unstable; urgency=low
-
- * changed doc filenames from .doc to .txt to be able to read them
- over with webbrowser
-
- -- Christoph Martin <martin at uni-mainz.de> Tue, 25 Feb 1997 14:02:53 +0100
-
-ssleay (0.6.4-1) unstable; urgency=low
-
- * Initial Release.
-
- -- Christoph Martin <martin at uni-mainz.de> Fri, 22 Nov 1996 21:29:51 +0100
Copied: openssl/tags/1.0.1e-1/1.1.0/debian/changelog (from rev 896, openssl/branches/1.1.0/debian/changelog)
===================================================================
--- openssl/tags/1.0.1e-1/1.1.0/debian/changelog (rev 0)
+++ openssl/tags/1.0.1e-1/1.1.0/debian/changelog 2017-02-16 18:29:10 UTC (rev 897)
@@ -0,0 +1,2138 @@
+openssl (1.1.0e-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2017-3733
+ - Remove patches that are applied upstream.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 16 Feb 2017 18:57:58 +0100
+
+openssl (1.1.0d-2) unstable; urgency=medium
+
+ * Fix building of arch and all packages in a minimal environment
+ (Closes: #852900).
+ * Fix precomputing SHA1 by adding the following patches from upstream:
+ - Add-a-couple-of-test-to-check-CRL-fingerprint.patch
+ - Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch
+ - X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch
+ (Closes: #852920).
+
+ -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Mon, 30 Jan 2017 23:20:07 +0100
+
+openssl (1.1.0d-1) unstable; urgency=medium
+
+ * New Upstream release
+ - Fixes CVE-2017-3731
+ - Fixes CVE-2017-3730
+ - Fixes CVE-2017-3732
+ - drop revert_ssl_read.patch and
+ 0001-Add-missing-zdelete-for-some-linux-arches.patch, applied upstream.
+ * add new symbols.
+
+ -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Thu, 26 Jan 2017 16:38:34 +0100
+
+openssl (1.1.0c-4) unstable; urgency=medium
+
+ * Make build-indep build again.
+ * Don't depend on perl:any in openssl as it breaks debootstrap
+ ("Closes: #852017).
+
+ -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Fri, 20 Jan 2017 22:18:15 +0100
+
+openssl (1.1.0c-3) unstable; urgency=medium
+
+ * Add myself as Uploader.
+ * Add support for tilegx, patch by Helmut Grohne (Closes: #848957).
+ * redo the rules file to some newer debhelper:
+ - everyfile should remain, nothing should get lost
+ - the scripts in the doc package gained an exec bit
+ - openssl gained a dep on perl (the package contains perl scripts)
+ - libssl1.0.2-dbg is gone, we have dbgsym now
+ - dh compat 10
+ - pkg.install instead of pkg.files is used for install
+ * Mark libssl-doc as MA foreign
+ * Update Standards-Version from 3.9.5 to 3.9.8. No changes required.
+ * Document the change for openssl's enc command between 1.1.0 and pre 1.1.0
+ in the NEWS file (Closes: #843064).
+ * Add an override for lintian for the non-standard private directory
+
+ -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Thu, 19 Jan 2017 23:00:01 +0100
+
+openssl (1.1.0c-2) unstable; urgency=medium
+
+ * Revert behaviour of SSL_read() and SSL_write(), and update documentation.
+ (Closes: #844234)
+ * Add missing -zdelete on x32 (Closes: #844715)
+ * Add a Breaks on salt-common. Addresses #844706
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 21 Nov 2016 22:20:00 +0100
+
+openssl (1.1.0c-1) unstable; urgency=medium
+
+ * New upstrem release
+ - Fix CVE-2016-7053
+ - Fix CVE-2016-7054
+ - Fix CVE-2016-7055
+ * remove no-rpath.patch, applied upstream.
+ * Remove old d2i test cases, use the one from the upstream tarball.
+ * Update libssl1.1.symbols for new sysmbols.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 10 Nov 2016 19:05:44 +0100
+
+openssl (1.1.0b-2) unstable; urgency=low
+
+ * Upload to unstable
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 01 Nov 2016 22:02:32 +0100
+
+openssl (1.1.0b-1) experimental; urgency=medium
+
+ * New upstream release
+ - Fixes CVE-2016-6309
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 26 Sep 2016 18:21:09 +0200
+
+openssl (1.1.0a-1) experimental; urgency=medium
+
+ * New upstream release
+ - Fix CVE-2016-6304
+ - Fix CVE-2016-6305
+ - Fix CVE-2016-6307
+ - Fix CVE-2016-6308
+ * Update c_rehash-compat.patch to apply to new version.
+ * Update symbol file.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 22 Sep 2016 20:13:59 +0200
+
+openssl (1.1.0-1) experimental; urgency=medium
+
+ [ Kurt Roeckx ]
+ * New upstream version
+ * Use Package-Type instead of XC-Package-Type
+ * Remove "Priority: optional" in the binary packages.
+ * Add Homepage
+ * Use dpkg-buildflags's LDFLAGS also for building the shared libraries.
+
+ [ Sebastian Andrzej Siewior ]
+ * drop config-hurd.patch, we don't use `config' and it works without the
+ patch.
+ * Drop depend on zlib1g-dev since we don't use it anymore (Closes: #767207)
+ * Make the openssl package Multi-Arch: foregin (Closes: #827028)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 25 Aug 2016 18:52:22 +0200
+
+openssl (1.1.0~pre6-1) experimental; urgency=medium
+
+ [ Sebastian Andrzej Siewior ]
+ * drop engines-path.patch. Upstream uses a 1.1 suffixes now.
+
+ [ Kurt Roeckx ]
+ * New upstream version
+ * Drop upstream snapshot
+ * Update symbols file
+ * Use some https instead of http URLs
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 04 Aug 2016 18:33:24 +0200
+
+openssl (1.1.0~pre5-5) experimental; urgency=medium
+
+ * Update snapshot to commit fe964f0c88f6780fd30b26e306484b981b0a8480
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 02 Jul 2016 14:54:51 +0200
+
+openssl (1.1.0~pre5-4) experimental; urgency=medium
+
+ * Update snapshot to commit c32bdbf171ce6650ef045ec47b5abe0de7c264db
+ * Remove utils-mkdir-p-check-if-dir-exists-also-after-mkdir-f.patch, applied
+ upstream
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 26 Jun 2016 15:07:48 +0200
+
+openssl (1.1.0~pre5-3) experimental; urgency=medium
+
+ [ Kurt Roeckx ]
+ * Don't use assembler on hppa, it's not writen for Linux.
+
+ -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Fri, 10 Jun 2016 22:33:06 +0200
+
+openssl (1.1.0~pre5-2) experimental; urgency=medium
+
+ [ Sebastian Andrzej Siewior ]
+ * Run the testsuite with verbose output.
+ * Use $(MAKE) so the whole make environment is passed to its child and we
+ can build in parallel with -jX
+ * Update snapshot to commit 5000a6d1215e ("Fix an error path leak in int
+ X509_ATTRIBUTE_set1_data()")
+
+ -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Fri, 10 Jun 2016 21:49:55 +0200
+
+openssl (1.1.0~pre5-1) experimental; urgency=medium
+
+ * New upstream version with soname change. Upload to experimental.
+ - Rename binary packages
+ - Remove patches:
+ - block_diginotar.patch: All cross certificates expired in 2013
+ - block_digicert_malaysia.patch: intermediate certificates expired in
+ 2015
+ - man-dir.patch: Fixed upstream
+ - valgrind.patch: Upstream no longer adds the uninitialized data to the
+ RNG
+ - shared-lib-ext.patch: No longer needed
+ - version-script.patch: Upstream does symbol versioning itself now
+ - disable_freelist.patch: No longer needed
+ - soname.patch: Was to change to the 1.0.2 soname that upstream never had
+ - disable_sslv3_test.patch: Fixed upstream
+ - libdoc-manpgs-pod-spell.patch: Fixed upstream (Closes: #813191)
+ - Rewrite debian-targets.patch to work with the new configuration system.
+ - Update other patches to apply
+ - Update list of install docs
+ - Use DESTDIR instead of INSTALL_PREFIX
+ - Clean up more files
+ - Remove the configure option enable-tlsext no-ssl2 since they're no
+ longer supported.
+ * Add upstream snapshot:
+ - Add d2i-tests.tar to get new binary test files.
+ * Don't build i686 optimized version anymore on i386, it's now the default.
+ (Closes: #823774)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 28 May 2016 20:58:31 +0200
+
+openssl (1.0.2h-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2016-2107
+ - Fixes CVE-2016-2105
+ - Fixes CVE-2016-2106
+ - Fixes CVE-2016-2109
+ - Fixes CVE-2016-2176
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 03 May 2016 18:31:22 +0200
+
+openssl (1.0.2g-2) unstable; urgency=medium
+
+ * Use assembler of arm64 (Closes: #794326)
+ Patch from Riku Voipio <riku.voipio at iki.fi>
+ * Add a udeb for libssl, based on similar changes done in Ubuntu
+ starting in version 0.9.8o-4ubuntu1 (Closes: #802591)
+ Patch from Margarita Manterola <marga at google.com>
+ * Add support for nios2 (Closes: #816239)
+ Based on patch from Marek Vasut <marex at denx.de>
+ * Update Spanish translation from Manuel "Venturi" Porras Peralta
+ <venturi at openmailbox.org> (Closes: #773601)
+ * Don't build an i586 optimized version anymore, the default
+ already targets that. Patch from Sven Joachim <svenjoac at gmx.de>
+ (Closes: #759811)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 21 Apr 2016 23:43:06 +0200
+
+openssl (1.0.2g-1) unstable; urgency=high
+
+ * New upstream version
+ * Fix CVE-2016-0797
+ * Fix CVE-2016-0798
+ * Fix CVE-2016-0799
+ * Fix CVE-2016-0702
+ * Fix CVE-2016-0705
+ * Disable EXPORT and LOW ciphers: The DROWN attack (CVE-2016-0800)
+ makes use of those, and SLOTH attack (CVE-2015-7575) can make use of them
+ too.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 01 Mar 2016 18:31:09 +0100
+
+openssl (1.0.2f-2) unstable; urgency=high
+
+ * New upstream version.
+ - Fixes CVE-2016-0701
+ - Not affected by CVE-2015-3197 because SSLv2 is disabled.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 28 Jan 2016 19:32:02 +0100
+
+openssl (1.0.2e-1) unstable; urgency=high
+
+ * New upstream release
+ - Fix CVE-2015-3193
+ - Fix CVE-2015-3194
+ - Fix CVE-2015-3195
+ - Fix CVE-2015-3196
+ * Remove all symlinks during clean
+ * Run make depend after configure
+ * Remove openssl_button.* from the doc package
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 03 Dec 2015 19:33:05 +0100
+
+openssl (1.0.2d-3) unstable; urgency=medium
+
+ * Upload to unstable
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 01 Nov 2015 19:14:34 +0100
+
+openssl (1.0.2d-2) experimental; urgency=medium
+
+ * Build with no-ssl3-method to remove all SSLv3 support. This results in
+ the functions SSLv3_method(), SSLv3_server_method() and
+ SSLv3_client_method() being removed from libssl. Change the soname as
+ result of that and also changes name of the binary package.
+ (Closes: #768476)
+ * Enable rfc3779 and cms support (Closes: #630790)
+ * Fix cross compilation for mips architectures. (Closes: #782492)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 06 Sep 2015 14:21:27 +0200
+
+openssl (1.0.2d-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2015-1793
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 09 Jul 2015 18:22:26 +0200
+
+openssl (1.0.2c-1) unstable; urgency=medium
+
+ * New upstream version
+ - Fixes ABI (Closes: #788511)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 12 Jun 2015 20:35:12 +0200
+
+openssl (1.0.2b-1) unstable; urgency=high
+
+ * New upstream version
+ - Fix CVE-2015-4000
+ - Fix CVE-2015-1788
+ - Fix CVE-2015-1789
+ - Fix CVE-2015-1790
+ - Fix CVE-2015-1792
+ - Fix CVE-2015-1791
+ * Update c_rehash-compat.patch to make it apply to the new version.
+ * Remove openssl-pod-misspell.patch applied upstream
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 11 Jun 2015 18:20:38 +0200
+
+openssl (1.0.2a-1) unstable; urgency=medium
+
+ * New upstrema version
+ - Fix CVE-2015-0286
+ - Fix CVE-2015-0287
+ - Fix CVE-2015-0289
+ - Fix CVE-2015-0293 (not affected, SSLv2 disabled)
+ - Fix CVE-2015-0209
+ - Fix CVE-2015-0288
+ - Fix CVE-2015-0291
+ - Fix CVE-2015-0290
+ - Fix CVE-2015-0207
+ - Fix CVE-2015-0208
+ - Fix CVE-2015-1787
+ - Fix CVE-2015-0285
+ * Temporary enable SSLv3 methods again, but they will go away.
+ * Don't set TERMIO anymore, use the default TERMIOS instead.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 30 Apr 2015 23:37:27 +0200
+
+openssl (1.0.2-1) experimental; urgency=medium
+
+ * New upstream release
+ - Fixes CVE-2014-3571
+ - Fixes CVE-2015-0206
+ - Fixes CVE-2014-3569
+ - Fixes CVE-2014-3572
+ - Fixes CVE-2015-0204
+ - Fixes CVE-2015-0205
+ - Fixes CVE-2014-8275
+ - Fixes CVE-2014-3570
+ - Drop git_snapshot.patch
+ * Drop gnu_source.patch, dgst_hmac.patch, stddef.patch,
+ no_ssl3_method.patch: applied upstream
+ * Update patches to apply
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 23 Jan 2015 18:54:13 +0100
+
+openssl (1.0.2~beta3-1) experimental; urgency=low
+
+ * New usptream beta version
+ * Add git snapshot
+ * Merge changes between 1.0.1h-3 and 1.0.1j-1:
+ - Disables SSLv3 because of CVE-2014-3566
+ * Drop patch rehash-crt.patch: partially applied upstream.
+ c_rehash now doesn't support files in DER format anymore.
+ * Drop patch rehash_pod.patch: applied upstream
+ * Update c_rehash-compat.patch to apply to new upstream version. This
+ undoes upstream's "-old" option and creates both the new and old again.
+ It now also does it for CRLs.
+ * Drop defaults.patch, applied upstream
+ * dgst_hmac.patch updated to apply to upstream version.
+ * engines-path.patch updated to apply to upstream version.
+ * Update list of exported symbols
+ * Update symbols files to require beta3
+ * Enable unit tests
+ * Add patch to add support for the no-ssl3-method option that completly
+ disable SSLv3 and pass the option. This drops the following functions
+ from the library: SSLv3_method, SSLv3_server_method and
+ SSLv3_client_method
+ * Build using OPENSSL_NO_BUF_FREELISTS
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 07 Nov 2014 00:20:10 +0100
+
+openssl (1.0.2~beta2-1) experimental; urgency=medium
+
+ * New usptream beta version
+ - Fix CVE-2014-0224
+ - Fix CVE-2014-0221
+ - Fix CVE-2014-0195
+ - Fix CVE-2014-3470
+ - Fix CVE-2014-0198
+ - Fix CVE-2010-5298
+ - Fix CVE-2014-0160
+ - Fix CVE-2014-0076
+ * Merge changes between 1.0.1f-1 and 1.0.1h-3:
+ - postinst: Updated check for restarting services
+ * libdoc-manpgs-pod-spell.patch and openssl-pod-misspell.patch
+ partially applied upstream
+ * Drop fix-pod-errors.patch, applied upstream.
+ * Add support for ppc64le (Closes: #745657)
+ * Add support for OpenRISC (Closes: #736772)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 23 Jul 2014 19:54:09 +0200
+
+openssl (1.0.2~beta1-1) experimental; urgency=medium
+
+ * New upstream beta version
+ - Update list of symbols that should be exported and adjust the symbols
+ file. This also removes a bunch of duplicate symbols in the linker
+ file.
+ - Fix additional pod errors
+ - Following patches have been applied upstream and are removed:
+ libssl-misspell.patch, pod_req_misspell2.patch,
+ pod_pksc12.misspell.patch, pod_s_server.misspell.patch,
+ pod_x509setflags.misspell.patch, pod_ec.misspell.patch,
+ pkcs12-doc.patch, req_bits.patch
+ - Following patches have been partially applied upstream:
+ libdoc-manpgs-pod-spell.patch, openssl-pod-misspell.patch
+ - Remove openssl_fix_for_x32.patch, different patch applied upstream.
+ * Add support for cross compiling (Closes: #465248)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 25 Feb 2014 00:36:51 +0100
+
+openssl (1.0.1f-1) unstable; urgency=high
+
+ * New upstream version
+ - Fix for TLS record tampering bug CVE-2013-4353
+ - Drop the snapshot patch
+ * update watch file to check for upstream signature and add upstream pgp key.
+ * Drop conflicts against openssh since we now on a released version again.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 06 Jan 2014 18:50:54 +0100
+
+openssl (1.0.1e-6) unstable; urgency=medium
+
+ * Add Breaks: openssh-client (<< 1:6.4p1-1.1), openssh-server (<<
+ 1:6.4p1-1.1). This is to prevent people running into #732940.
+ This Breaks can be removed again when we stop using a git snapshot.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 23 Dec 2013 15:19:17 +0100
+
+openssl (1.0.1e-5) unstable; urgency=low
+
+ * Change default digest to SHA256 instead of SHA1. (Closes: #694738)
+ * Drop support for multiple certificates in 1 file. It never worked
+ properly in the first place, and the only one shipping in
+ ca-certificates has been split.
+ * Fix libdoc-manpgs-pod-spell.patch to only fix spalling errors
+ * Remove make-targets.patch. It prevented the test dir from being cleaned.
+ * Update to a git snapshot of the OpenSSL_1_0_1-stable branch.
+ - Fixes CVE-2013-6449 (Closes: #732754)
+ - Fixes CVE-2013-6450
+ - Drop patches ssltest_no_sslv2.patch cpuid.patch aesni-mac.patch
+ dtls_version.patch get_certificate.patch, since they where all
+ already commited upstream.
+ - adjust fix-pod-errors.patch for the reordering of items in the
+ documentation they've done trying to fix those pod errors.
+ - disable rdrand engine by default (Closes: #732710)
+ * disable zlib support. Fixes CVE-2012-4929 (Closes: #728055)
+ * Add arm64 support (Closes: #732348)
+ * Properly use the default number of bits in req when none are given
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 22 Dec 2013 19:25:35 +0100
+
+openssl (1.0.1e-4) unstable; urgency=low
+
+ [ Peter Michael Green ]
+ * Fix pod errors (Closes: #723954)
+ * Fix clean target
+
+ [ Kurt Roeckx ]
+ * Add mipsn32 and mips64 targets. Patch from Eleanor Chen
+ <chenyueg at gmail.com> (Closes: #720654)
+ * Add support for nocheck in DEB_BUILD_OPTIONS
+ * Update Norwegian translation (Closes: #653574)
+ * Update description of the packages. Patch by Justin B Rye
+ (Closes: #719262)
+ * change to debhelper compat level 9:
+ - change dh_strip call so only the files from libssl1.0.0 get debug
+ symbols.
+ - change dh_makeshlibs call so the engines don't get added to the
+ shlibs
+ * Update Standards-Version from 3.8.0 to 3.9.5. No changes required.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 01 Nov 2013 17:11:53 +0100
+
+openssl (1.0.1e-3) unstable; urgency=low
+
+ * Move <openssl/opensslconf.h> to /usr/include/$(DEB_HOST_MULTIARCH), and
+ mark libssl-dev Multi-Arch: same.
+ Patch by Colin Watson <cjwatson at ubuntu.com> (Closes: #689093)
+ * Add Polish translation (Closes: #658162)
+ * Add Turkish translation (Closes: #660971)
+ * Enable assembler for the arm targets, and remove armeb.
+ Patch by Riku Voipio <riku.voipio at iki.fi> (Closes: #676533)
+ * Add support for x32 (Closes: #698406)
+ * enable ec_nistp_64_gcc_128 on *-amd64 (Closes: #698447)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 20 May 2013 16:56:06 +0200
+
+openssl (1.0.1e-2) unstable; urgency=high
+
+ * Bump shlibs. It's needed for the udeb.
+ * Make cpuid work on cpu's that don't set ecx (Closes: #699692)
+ * Fix problem with AES-NI causing bad record mac (Closes: #701868, #702635, #678353)
+ * Fix problem with DTLS version check (Closes: #701826)
+ * Fix segfault in SSL_get_certificate (Closes: #703031)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 18 Mar 2013 20:37:11 +0100
+
+openssl (1.0.1e-1) unstable; urgency=high
+
+ * New upstream version (Closes: #699889)
+ - Fixes CVE-2013-0169, CVE-2012-2686, CVE-2013-0166
+ - Drop renegiotate_tls.patch, applied upstream
+ - Export new CRYPTO_memcmp symbol, update symbol file
+ * Add ssltest_no_sslv2.patch so that "make test" works.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 11 Feb 2013 19:39:44 +0100
+
+openssl (1.0.1c-5) unstable; urgency=low
+
+ * Re-enable assembler versions on sparc. They shouldn't have
+ been disabled for sparc v9. (Closes: #649841)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 09 Sep 2012 08:43:40 +0200
+
+openssl (1.0.1c-4) unstable; urgency=low
+
+ * Fix the configure rules for alpha (Closes: #672710)
+ * Switch the postinst to sh again, there never was a reason to
+ switch it to bash (Closes: #676398)
+ * Fix pic.patch to not use #ifdef in x86cpuid.s, only .S files are
+ preprocessed. We generate the file again for pic anyway.
+ (Closes: #677468)
+ * Drop Breaks against openssh as it was only for upgrades
+ between versions that were only in testing/unstable.
+ (Closes: #668600)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 17 Jul 2012 11:49:19 +0200
+
+openssl (1.0.1c-3) unstable; urgency=low
+
+ * Disable padlock engine again, causes problems for hosts not supporting it.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 06 Jun 2012 18:29:37 +0200
+
+openssl (1.0.1c-2) unstable; urgency=high
+
+ * Fix renegiotation when using TLS > 1.0. This breaks tor. Patch from
+ upstream. (Closes: #675990)
+ * Enable the padlock engine by default.
+ * Change default bits from 1024 to 2048 (Closes: #487152)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 06 Jun 2012 00:55:42 +0200
+
+openssl (1.0.1c-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2012-2333 (Closes: #672452)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 11 May 2012 18:44:51 +0200
+
+openssl (1.0.1b-1) unstable; urgency=high
+
+ * New upstream version
+ - Remaps SSL_OP_NO_TLSv1_1, so applications linked to 1.0.0
+ can talk to servers supporting TLS 1.1 but not TLS 1.2
+ - Drop rc4_hmac_md5.patch, applied upstream
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 26 Apr 2012 23:34:34 +0200
+
+openssl (1.0.1a-3) unstable; urgency=low
+
+ * Use patch from upstream for the rc4_hmac_md5 issue.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 23:16:30 +0200
+
+openssl (1.0.1a-2) unstable; urgency=low
+
+ * Fix rc4_hmac_md5 on non-i386/amd64 arches.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 21:54:42 +0200
+
+openssl (1.0.1a-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2012-2110
+ - Fix crash in rc4_hmac_md5 (Closes: #666405)
+ - Fixes some issues with talking to other servers when TLS 1.1 and 1.2 is
+ supported
+ - Drop patches no_ssl2.patch vpaes.patch tls1.2_client_algorithms.patch,
+ applied upstream.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 19:54:12 +0200
+
+openssl (1.0.1-4) unstable; urgency=low
+
+ * Use official patch for the vpaes problem, also covering amd64.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 31 Mar 2012 20:54:13 +0200
+
+openssl (1.0.1-3) unstable; urgency=high
+
+ * Fix crash in vpaes (Closes: #665836)
+ * use client version when deciding whether to send supported signature
+ algorithms extension
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 31 Mar 2012 18:35:59 +0200
+
+openssl (1.0.1-2) unstable; urgency=low
+
+ * Properly quote the new cflags in Configure
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 19 Mar 2012 19:56:05 +0100
+
+openssl (1.0.1-1) unstable; urgency=low
+
+ * New upstream version
+ - Remove kfreebsd-pipe.patch, fixed upstream
+ - Update pic.patch, openssl-pod-misspell.patch and make-targets.patch
+ - Add OPENSSL_1.0.1 to version-script.patch and libssl1.0.0.symbols for
+ the new functions.
+ - AES-NI support (Closes: #644743)
+ * pic.patch: upstream made OPENSSL_ia32cap_P and OPENSSL_cpuid_setup
+ hidden on amd64, no need to access it PIC anymore.
+ * pic.patch: Make OPENSSL_ia32cap_P hidden on i386 too (Closes: #663977)
+ * Enable hardening using dpkg-buildflags (Closes: #653495)
+ * s_client and s_server were forcing SSLv3 only connection when SSLv2 was
+ disabled instead of the SSLv2 with upgrade method. (Closes: #664454)
+ * Add Breaks on openssh < 1:5.9p1-4, it has a too strict version check.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 19 Mar 2012 18:23:32 +0100
+
+openssl (1.0.0h-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2012-0884
+ - Fixes CVE-2012-1165
+ - Properly fix CVE-2011-4619
+ - pkg-config.patch applied upstream, remove it.
+ * Enable assembler for all i386 arches. The assembler does proper
+ detection of CPU support, including cpuid support.
+ This should fix a problem with AES 192 and 256 with the padlock
+ engine because of the difference in NO_ASM between the between
+ the i686 optimized library and the engine.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 13 Mar 2012 21:08:17 +0100
+
+openssl (1.0.0g-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2012-0050
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 18 Jan 2012 20:46:13 +0100
+
+openssl (1.0.0f-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2011-4108, CVE-2011-4576, CVE-2011-4619, CVE-2012-0027,
+ CVE-2011-4577
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 12 Jan 2012 19:02:43 +0100
+
+openssl (1.0.0e-3) unstable; urgency=low
+
+ * Don't build v8 and v9 variants of sparc anymore, they're older than
+ the default. (Closes: #649841)
+ * Don't build i486 optimized version, that's the default anyway, and
+ it uses assembler that doesn't always work on i486.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 28 Nov 2011 22:17:26 +0100
+
+openssl (1.0.0e-2.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Block Malaysian's Digicert Sdn. Bhd. certificates by marking them
+ as revoked.
+
+ -- Raphael Geissert <geissert at debian.org> Sun, 06 Nov 2011 01:39:30 -0600
+
+openssl (1.0.0e-2) unstable; urgency=low
+
+ * Add a missing $(DEB_HOST_MULTIARCH)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Sep 2011 17:02:29 +0200
+
+openssl (1.0.0e-1) unstable; urgency=low
+
+ * New upstream version
+ - Fix bug where CRLs with nextUpdate in the past are sometimes accepted
+ by initialising X509_STORE_CTX properly. (CVE-2011-3207)
+ - Fix SSL memory handling for (EC)DH ciphersuites, in particular
+ for multi-threaded use of ECDH. (CVE-2011-3210)
+ - Add protection against ECDSA timing attacks (CVE-2011-1945)
+ * Block DigiNotar certifiates. Patch from
+ Raphael Geissert <geissert at debian.org>
+ * Generate hashes for all certs in a file (Closes: #628780, #594524)
+ Patch from Klaus Ethgen <Klaus at Ethgen.de>
+ * Add multiarch support (Closs: #638137)
+ Patch from Steve Langasek / Ubuntu
+ * Symbols from the gost engine were removed because it didn't have
+ a linker file. Thanks to Roman I Khimov <khimov at altell.ru>
+ (Closes: #631503)
+ * Add support for s390x. Patch from Aurelien Jarno <aurel32 at debian.org>
+ (Closes: #641100)
+ * Add build-arch and build-indep targets to the rules file.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Sep 2011 12:03:13 +0200
+
+openssl (1.0.0d-3) unstable; urgency=low
+
+ * Make it build on sparc64. Patch from Aurelien Jarno. (Closes: #626060)
+ * Apply patches from Scott Schaefer <saschaefer at neurodiverse.org> to
+ fix various pod and spelling errors. (Closes: #622820, #605561)
+ * Add missing symbols for the engines (Closes: #623038)
+ * More spelling fixes from Scott Schaefer (Closes: #395424)
+ * Patch from Scott Schaefer to better document pkcs12 password options
+ (Closes: #462489)
+ * Document dgst -hmac option. Patch by Thorsten Glaser <tg at mirbsd.de>
+ (Closes: #529586)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 13 Jun 2011 12:39:54 +0200
+
+openssl (1.0.0d-2) unstable; urgency=high
+
+ * Make c_rehash also generate the old subject hash. Gnutls applications
+ seem to require it. (Closes: #611102)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Apr 2011 22:36:49 +0200
+
+openssl (1.0.0d-1) unstable; urgency=low
+
+ * New upstream version
+ - Fixes CVE-2011-0014
+ * Make libssl-doc Replaces/Breaks with old libssl-dev packages
+ (Closes: #607609)
+ * Only export the symbols we should, instead of all.
+ * Add symbol file.
+ * Upload to unstable
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 02 Apr 2011 13:19:19 +0000
+
+openssl (1.0.0c-2) experimental; urgency=low
+
+ * Set $ in front of {sparcv9_asm} so that the sparc v9 variant builds.
+ * Always define _GNU_SOURCE, not only for Linux.
+ * Drop SSL2 support (Closes: #589706)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 19 Dec 2010 16:24:16 +0100
+
+openssl (1.0.0c-1) experimental; urgency=low
+
+ * New upstream version (Closes: #578376)
+ - New soname: Rename library packages
+ - Drop patch perl-path.diff, not needed anymore
+ - Drop patches CVE-2010-2939.patch, CVE-2010-3864.patch
+ and CVE-2010-4180.patch: applied upstream.
+ - Update Configure for the new fields for the assembler options
+ per arch. alpha now makes use of assembler.
+ * Move man3 manpages and demos to libssl-doc (Closes: #470594)
+ * Drop .pod files from openssl package (Closes: #518167)
+ * Don't use RC4_CHAR on amd64 and drop rc4-amd64.patch
+ * Stop using BF_PTR2 on (kfreebd-)amd64.
+ * Drop debian-arm from the list of arches.
+ * Update arm arches to use BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
+ BF_PTR instead of BN_LLONG DES_RISC1
+ * ia64: Drop RC4_CHAR, add DES_UNROLL DES_INT
+ * powerpc: Use RC4_CHAR RC4_CHUNK DES_RISC1 instead
+ of DES_RISC2 DES_PTR MD2_CHAR RC4_INDEX
+ * s390: Use RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL instead of BN_LLONG
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 12 Dec 2010 15:37:21 +0100
+
+openssl (0.9.8o-4) unstable; urgency=low
+
+ * Fix CVE-2010-4180 (Closes: #529221)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 06 Dec 2010 20:33:21 +0100
+
+openssl (0.9.8o-3) unstable; urgency=high
+
+ * Fix TLS extension parsing race condition (CVE-2010-3864) (Closes: #603709)
+ * Re-add the engines. They were missing since 0.9.8m-1.
+ Patch by Joerg Schneider. (Closes: #603693)
+ * Not all architectures were build using -g (Closes: #570702)
+ * Add powerpcspe support (Closes: #579805)
+ * Add armhf support (Closes: #596881)
+ * Update translations:
+ - Brazilian Portuguese (Closes: #592154)
+ - Danish (Closes: #599459)
+ - Vietnamese (Closes: #601536)
+ - Arabic (Closes: #596166)
+ * Generate the proper stamp file so that everything doesn't get build twice.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 16 Nov 2010 19:20:55 +0100
+
+openssl (0.9.8o-2) unstable; urgency=high
+
+ * Fix CVE-2010-2939: Double free using ECDH. (Closes: #594415)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 26 Aug 2010 18:25:29 +0200
+
+openssl (0.9.8o-1) unstable; urgency=low
+
+ * New upstream version
+ - Add SHA2 algorithms to SSL_library_init().
+ - aes-x86_64.pl is now PIC, update pic.patch.
+ * Add sparc64 support (Closes: #560240)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 18 Apr 2010 01:42:44 +0200
+
+openssl (0.9.8n-1) unstable; urgency=high
+
+ * New upstream version.
+ - Fixes CVE-2010-0740.
+ - Drop cfb.patch, applied upstream.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 25 Mar 2010 20:30:52 +0100
+
+openssl (0.9.8m-2) unstable; urgency=low
+
+ * Revert CFB block length change preventing reading older files.
+ (Closes: #571810, #571940)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 28 Feb 2010 22:08:49 +0100
+
+openssl (0.9.8m-1) unstable; urgency=low
+
+ * New upstream version
+ - Implements RFC5746, reenables renegotiation but requires the extension.
+ - Fixes CVE-2009-3245
+ - Drop patches CVE-2009-4355.patch, CVE-2009-1378.patch,
+ CVE-2009-1377.patch, CVE-2009-1379.patch, CVE-2009-3555.patch,
+ CVE-2009-2409.patch, CVE-2009-1387.patch, tls_ext_v3.patch,
+ no_check_self_signed.patch: applied upstream
+ - pk7_mime_free.patch removed, code rewritten
+ - ca.diff partially applied upstream
+ - engines-path.patch adjusted, upstream made some minor changes to the
+ build system.
+ - some flags changed values, bump shlibs.
+ * Switch to 3.0 (quilt) source package.
+ * Make sure the package is properly cleaned.
+ * Add ${misc:Depends} to the Depends on all packages.
+ * Fix spelling of extension in the changelog file.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 27 Feb 2010 12:24:03 +0000
+
+openssl (0.9.8k-8) unstable; urgency=high
+
+ * Clean up zlib state so that it will be reinitialized on next use and
+ not cause a memory leak. (CVE-2009-4355, CVE-2008-1678)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Jan 2010 21:26:49 +0100
+
+openssl (0.9.8k-7) unstable; urgency=low
+
+ * Bump the shlibs to require 0.9.8k-1. The following symbols
+ to added between g and k: AES_wrap_key, AES_unwrap_key,
+ ASN1_TYPE_set1, ASN1_STRING_set0, asn1_output_data_fn,
+ SMIME_read_ASN1, BN_X931_generate_Xpq, BN_X931_derive_prime_ex,
+ BN_X931_generate_prime_ex, COMP_zlib_cleanup, CRYPTO_malloc_debug_init,
+ int_CRYPTO_set_do_dynlock_callback, CRYPTO_set_mem_info_functions,
+ CRYPTO_strdup, CRYPTO_dbg_push_info, CRYPTO_dbg_pop_info,
+ CRYPTO_dbg_remove_all_info, OPENSSL_isservice, OPENSSL_init,
+ ENGINE_set_load_ssl_client_cert_function,
+ ENGINE_get_ssl_client_cert_function, ENGINE_load_ssl_client_cert,
+ EVP_CIPHER_CTX_set_flags, EVP_CIPHER_CTX_clear_flags,
+ EVP_CIPHER_CTX_test_flags, HMAC_CTX_set_flags, OCSP_sendreq_new
+ OCSP_sendreq_nbio, OCSP_REQ_CTX_free, RSA_X931_derive_ex,
+ RSA_X931_generate_key_ex, X509_ALGOR_set0, X509_ALGOR_get0,
+ X509at_get0_data_by_OBJ, X509_get1_ocsp
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 28 Nov 2009 14:34:26 +0100
+
+openssl (0.9.8k-6) unstable; urgency=low
+
+ * Disable SSL/TLS renegotiation (CVE-2009-3555) (Closes: #555829)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 12 Nov 2009 18:10:31 +0000
+
+openssl (0.9.8k-5) unstable; urgency=low
+
+ * Don't check self signed certificate signatures in X509_verify_cert()
+ (Closes: #541735)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 11 Sep 2009 15:42:32 +0200
+
+openssl (0.9.8k-4) unstable; urgency=low
+
+ * Split all the patches into a separate files
+ * Stop undefinging HZ, the issue on alpha should be fixed.
+ * Remove MD2 from digest algorithm table. (CVE-2009-2409) (Closes: #539899)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 11 Aug 2009 21:19:18 +0200
+
+openssl (0.9.8k-3) unstable; urgency=low
+
+ * Make rc4-x86_64 PIC. Based on patch from Petr Salinger (Closes: #532336)
+ * Add workaround for kfreebsd that can't see the different between
+ two pipes. Patch from Petr Salinger.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 13 Jun 2009 18:15:46 +0200
+
+openssl (0.9.8k-2) unstable; urgency=low
+
+ * Move libssl0.9.8-dbg to the debug section.
+ * Use the rc4 assembler on kfreebsd-amd64 (Closes: #532336)
+ * Split the line to generate md5-x86_64.s in the Makefile. This will
+ hopefully fix the build issue on kfreebsd that now outputs the file
+ to stdout instead of the file.
+ * Fix denial of service via an out-of-sequence DTLS handshake message
+ (CVE-2009-1387) (Closes: #532037)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 08 Jun 2009 19:05:56 +0200
+
+openssl (0.9.8k-1) unstable; urgency=low
+
+ * New upstream release
+ - 0.9.8i fixed denial of service via a DTLS ChangeCipherSpec packet
+ that occurs before ClientHello (CVE-2009-1386)
+ * Make aes-x86_64.pl use PIC.
+ * Fix security issues (Closes: #530400)
+ - "DTLS record buffer limitation bug." (CVE-2009-1377)
+ - "DTLS fragment handling" (CVE-2009-1378)
+ - "DTLS use after free" (CVE-2009-1379)
+ * Fixed Configure for hurd: use -mtune=i486 instead of -m486
+ Patch by Marc Dequènes (Duck) <duck at hurdfr.org> (Closes: #530459)
+ * Add support for avr32 (Closes: #528648)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 16 May 2009 17:33:55 +0200
+
+openssl (0.9.8g-16) unstable; urgency=high
+
+ * Properly validate the length of an encoded BMPString and UniversalString
+ (CVE-2009-0590) (Closes: #522002)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 01 Apr 2009 22:04:53 +0200
+
+openssl (0.9.8g-15) unstable; urgency=low
+
+ * Internal calls to didn't properly check for errors which
+ resulted in malformed DSA and ECDSA signatures being treated as
+ a good signature rather than as an error. (CVE-2008-5077)
+ * ipv6_from_asc() could write 1 byte longer than the buffer in case
+ the ipv6 address didn't have "::" part. (Closes: #506111)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 05 Jan 2009 21:14:31 +0100
+
+openssl (0.9.8g-14) unstable; urgency=low
+
+ * Don't give the warning about security updates when upgrading
+ from etch since it doesn't have any known security problems.
+ * Automaticly use engines that succesfully initialised. Patch
+ from the 0.9.8h upstream version. (Closes: #502177)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 31 Oct 2008 22:45:14 +0100
+
+openssl (0.9.8g-13) unstable; urgency=low
+
+ * Fix a problem with tlsext preventing firefox 3 from connection.
+ Patch from upstream CVS and part of 0.9.8h.
+ (Closes: #492758)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 03 Aug 2008 19:47:10 +0200
+
+openssl (0.9.8g-12) unstable; urgency=low
+
+ * add the changelog of the 10.1 NMU to make bugtracking happy
+
+ -- Christoph Martin <Christoph.Martin at Uni-Mainz.DE> Tue, 22 Jul 2008 14:58:26 +0200
+
+openssl (0.9.8g-11) unstable; urgency=low
+
+ [ Christoph Martin ]
+ * updated cs, gl, sv, ru, ro debconf translation (closes: #480926, #480967,
+ #482465, #484324, #488595)
+ * add Vcs-Svn header (closes: #481654)
+ * fix debian-kfreebsd-i386 build flags (closes: #482275)
+ * add stunnel4 to restart list (closes: #482111)
+ * include fixes from 10.1 NMU by Security team
+ - Fix double free in TLS server name extension which leads to a remote
+ denial of service (CVE-2008-0891; Closes: #483379).
+ - Fix denial of service if the 'Server Key exchange message'
+ is omitted from a TLS handshake which could lead to a client
+ crash (CVE-2008-1672; Closes: #483379).
+ This only works if openssl is compiled with enable-tlsext which is
+ done in Debian.
+ * fix some lintian warnings
+ * update to newest standards version
+
+ -- Christoph Martin <Christoph.Martin at Uni-Mainz.DE> Thu, 17 Jul 2008 09:53:01 +0200
+
+openssl (0.9.8g-10.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security team.
+ * Fix denial of service if the 'Server Key exchange message'
+ is omitted from a TLS handshake which could lead to a client
+ crash (CVE-2008-1672; Closes: #483379).
+ This only works if openssl is compiled with enable-tlsext which is
+ done in Debian.
+ * Fix double free in TLS server name extension which leads to a remote
+ denial of service (CVE-2008-0891; Closes: #483379).
+
+ -- Nico Golde <nion at debian.org> Tue, 27 May 2008 11:13:44 +0200
+
+openssl (0.9.8g-10) unstable; urgency=low
+
+ * undefine HZ so that the code falls back to sysconf(_SC_CLK_TCK)
+ to fix a build failure on alpha.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 08 May 2008 17:56:13 +0000
+
+openssl (0.9.8g-9) unstable; urgency=high
+
+ [ Christoph Martin ]
+ * Include updated debconf translations (closes: #473477, #461597,
+ #461880, #462011, #465517, #475439)
+
+ [ Kurt Roeckx ]
+ * ssleay_rand_add() really needs to call MD_Update() for buf.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 07 May 2008 20:32:12 +0200
+
+openssl (0.9.8g-8) unstable; urgency=high
+
+ * Don't add extensions to ssl v3 connections. It breaks with some
+ other software. (Closes: #471681)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 23 Mar 2008 17:50:04 +0000
+
+openssl (0.9.8g-7) unstable; urgency=low
+
+ * Upload to unstable.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Feb 2008 22:22:29 +0000
+
+openssl (0.9.8g-6) experimental; urgency=low
+
+ * Bump shlibs.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 09 Feb 2008 15:42:22 +0100
+
+openssl (0.9.8g-5) experimental; urgency=low
+
+ * Enable tlsext. This changes the ABI, but should hopefully
+ not cause any problems. (Closes: #462596)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 09 Feb 2008 13:32:49 +0100
+
+openssl (0.9.8g-4) unstable; urgency=low
+
+ * Fix aes ige test speed not to overwrite it's buffer and
+ cause segfauls. Thanks to Tim Hudson (Closes: #459619)
+ * Mark some strings in the templates as non translatable.
+ Patch from Christian Perrier <bubulle at debian.org> (Closes: #450418)
+ * Update Dutch debconf translation (Closes: #451290)
+ * Update French debconf translation (Closes: #451375)
+ * Update Catalan debconf translation (Closes: #452694)
+ * Update Basque debconf translation (Closes: #457285)
+ * Update Finnish debconf translation (Closes: #458261)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 16 Jan 2008 21:49:43 +0100
+
+openssl (0.9.8g-3) unstable; urgency=low
+
+ * aes-586.pl: push %ebx on the stack before we put some things on the
+ stack and call a function, giving AES_decrypt() wrong values to work
+ with. (Closes: #449200)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 04 Nov 2007 21:49:00 +0100
+
+openssl (0.9.8g-2) unstable; urgency=low
+
+ * Avoid text relocations on i386 caused by the assembler versions:
+ - x86unix.pl: Create a function_begin_B_static to create a
+ static/local assembler function.
+ - aes-586.pl: Use the function_begin_B_static for _x86_AES_decrypt
+ so that it doesn't get exported and doesn't have any (text) relocations.
+ - aes-586.pl: Set up ebx to point to the GOT and call AES_set_encrypt_key
+ via the PLT to avoid a relocation.
+ - x86unix.pl: Call the init function via the PLT, avoiding a relocation
+ in case of a PIC object.
+ - cbc.pl: Call functions via the PLT.
+ - desboth.pl: Call DES_encrypt2 via the PLT.
+ * CA.sh should use the v3_ca extension when called with -newca
+ (Closes: #428051)
+ * Use -Wa,--noexecstack for all arches in Debian. (Closes: #430583)
+ * Convert the failure message when services fail restart to a debconf
+ message.
+ * To restart a service, just restart, instead of stop and start.
+ Hopefully fixes #444946
+ * Also remove igetest from the test dir in the clean target.
+ (Closes: #424362)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 03 Nov 2007 13:25:45 +0100
+
+openssl (0.9.8g-1) unstable; urgency=low
+
+ * New upstream release
+ - Fixes version number not to say it's a development version.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 20 Oct 2007 12:47:10 +0200
+
+openssl (0.9.8f-1) unstable; urgency=low
+
+ * New upstream release
+ - Fixes DTLS issues, also fixes CVE-2007-4995 (Closes: #335703, #439737)
+ - Proper inclusion of opensslconf.h in pq_compat.h (Closes: #408686)
+ - New function SSL_set_SSL_CTX: bump shlibs.
+ * Remove build dependency on gcc > 4.2
+ * Remove the openssl preinst, it looks like a workaround
+ for a change in 0.9.2b where config files got moved. (Closes: #445095)
+ * Update debconf translations:
+ - Vietnamese (Closes: #426988)
+ - Danish (Closes: #426774)
+ - Slovak (Closes: #440723)
+ - Finnish (Closes: #444258)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 13 Oct 2007 00:47:22 +0200
+
+openssl (0.9.8e-9) unstable; urgency=high
+
+ * CVE-2007-5135: Fix off by one error in SSL_get_shared_ciphers().
+ (Closes: #444435)
+ * Add postgresql-8.2 to the list of services to check.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 28 Sep 2007 19:47:33 +0200
+
+openssl (0.9.8e-8) unstable; urgency=low
+
+ * Fix another case of the "if this code is reached, the program will abort"
+ (Closes: #429740)
+ * Temporary force to build with gcc >= 4.2
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 02 Sep 2007 18:12:11 +0200
+
+openssl (0.9.8e-7) unstable; urgency=low
+
+ * Fix problems with gcc-4.2 (Closes: #429740)
+ * Stop using -Bsymbolic to create the shared library.
+ * Make x86_64cpuid.pl use PIC.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 02 Sep 2007 16:15:18 +0200
+
+openssl (0.9.8e-6) unstable; urgency=high
+
+ * Add fix for CVE-2007-3108 (Closes: #438142)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 15 Aug 2007 19:49:54 +0200
+
+openssl (0.9.8e-5) unstable; urgency=low
+
+ [ Christian Perrier ]
+ * Debconf templates proofread and slightly rewritten by
+ the debian-l10n-english team as part of the Smith Review Project.
+ Closes: #418584
+ * Debconf templates translations:
+ - Arabic. Closes: #418669
+ - Russian. Closes: #418670
+ - Galician. Closes: #418671
+ - Swedish. Closes: #418679
+ - Korean. Closes: #418755
+ - Czech. Closes: #418768
+ - Basque. Closes: #418784
+ - German. Closes: #418785
+ - Traditional Chinese. Closes: #419915
+ - Brazilian Portuguese. Closes: #419959
+ - French. Closes: #420429
+ - Italian. Closes: #420461
+ - Japanese. Closes: #420482
+ - Catalan. Closes: #420833
+ - Dutch. Closes: #420925
+ - Malayalam. Closes: #420986
+ - Portuguese. Closes: #421032
+ - Romanian. Closes: #421708
+
+ [ Kurt Roeckx ]
+ * Remove the Provides for the udeb. Patch from Frans Pop. (Closes: #419608)
+ * Updated Spanish debconf template. (Closes: #421336)
+ * Do the header changes, changing those defines into real functions,
+ and bump the shlibs to match.
+ * Update Japanese debconf translation. (Closes: #422270)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 15 May 2007 17:21:08 +0000
+
+openssl (0.9.8e-4) unstable; urgency=low
+
+ * openssl should depend on libssl0.9.8 0.9.8e-1 since it
+ uses some of the defines that changed to functions.
+ Other things build against libssl or libcrypto shouldn't
+ have this problem since they use the old headers.
+ (Closes: #414283)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Mar 2007 17:11:46 +0000
+
+openssl (0.9.8e-3) unstable; urgency=low
+
+ * Add nagios-nrpe-server to the list of services to be checked
+ (Closes: #391188)
+ * EVP_CIPHER_CTX_key_length() should return the set key length in the
+ EVP_CIPHER_CTX structure which may not be the same as the underlying
+ cipher key length for variable length ciphers.
+ From upstream CVS. (Closes: #412979)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 4 Mar 2007 23:22:51 +0000
+
+openssl (0.9.8e-2) unstable; urgency=low
+
+ * Undo include changes that change defines into real functions,
+ but keep the new functions in the library.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 25 Feb 2007 19:19:19 +0000
+
+openssl (0.9.8e-1) unstable; urgency=low
+
+ * New upstream release
+ - Inludes security fixes for CVE-2006-2937, CVE-2006-2940,
+ CVE-2006-3738, CVE-2006-4343 (Closes: #408902)
+ - s_client now properly works with SMTP. Also added support
+ for IMAP. (closes: #221689)
+ - Load padlock modules (Closes: #345656, #368476)
+ * Add clamav-freshclam and clamav-daemon to the list of service that
+ need to be restarted. (Closes: #391191)
+ * Add armel support. Thanks to Guillem Jover <guillem.jover at nokia.com>
+ for the patch. (Closes: #407196)
+ * Add Portuguese translations. Thanks to Carlos Lisboa. (Closes: 408157)
+ * Add Norwegian translations. Thanks to Bjørn Steensrud
+ <bjornst at powertech.no> (Closes: #412326)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 25 Feb 2007 18:06:28 +0000
+
+openssl (0.9.8c-4) unstable; urgency=low
+
+ * Add German debconf translation. Thanks to
+ Johannes Starosta <feedback-an-johannes at arcor.de> (Closes: #388108)
+ * Make c_rehash look for both .pem and .crt files. Also make it support
+ files in DER format. Patch by "Yauheni Kaliuta" <y.kaliuta at gmail.com>
+ (Closes: #387089)
+ * Use & instead of && to check a flag in the X509 policy checking.
+ Patch from upstream cvs. (Closes: #397151)
+ * Also restart slapd for security updates (Closes: #400221)
+ * Add Romanian debconf translation. Thanks to
+ stan ioan-eugen <stan.ieugen at gmail.com> (Closes: #393507)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 30 Nov 2006 20:57:46 +0000
+
+openssl (0.9.8c-3) unstable; urgency=low
+
+ * Fix patch for CVE-2006-2940, it left ctx unintiliased.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 2 Oct 2006 18:05:00 +0200
+
+openssl (0.9.8c-2) unstable; urgency=high
+
+ * Fix security vulnerabilities (CVE-2006-2937, CVE-2006-2940,
+ CVE-2006-3738, CVE-2006-4343). Urgency set to high.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 27 Sep 2006 21:24:55 +0000
+
+openssl (0.9.8c-1) unstable; urgency=low
+
+ * New upstream release
+ - block padding bug with compression now fixed upstream, using
+ their patch.
+ - Includes the RSA Signature Forgery (CVE-2006-4339) patch.
+ - New functions AES_bi_ige_encrypt and AES_ige_encrypt:
+ bumping shlibs to require 0.9.8c-1.
+ * Change the postinst script to check that ntp is installed instead
+ of ntp-refclock and ntp-simple. The binary is now in the ntp
+ package.
+ * Move the modified rand/md_rand.c file to the right place,
+ really fixing #363516.
+ * Add partimage-server conserver-server and tor to the list of service
+ to check for restart. Add workaround for openssh-server so it finds
+ the init script. (Closes: #386365, #386400, #386513)
+ * Add manpage for c_rehash.
+ Thanks to James Westby <jw+debian at jameswestby.net> (Closes: #215618)
+ * Add Lithuanian debconf translation.
+ Thanks to Gintautas Miliauskas <gintas at akl.lt> (Closes: #374364)
+ * Add m32r support.
+ Thanks to Kazuhiro Inaoka <inaoka.kazuhiro at renesas.com>
+ (Closes: #378689)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 17 Sep 2006 14:47:59 +0000
+
+openssl (0.9.8b-3) unstable; urgency=high
+
+ * Fix RSA Signature Forgery (CVE-2006-4339) using patch provided
+ by upstream.
+ * Restart services using a smaller version that 0.9.8b-3, so
+ they get the fixed version.
+ * Change the postinst to check for postfix instead of postfix-tls.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 5 Sep 2006 18:26:10 +0000
+
+openssl (0.9.8b-2) unstable; urgency=low
+
+ * Don't call gcc with -mcpu on i386, we already use -march, so no need for
+ -mtune either.
+ * Always make all directories when building something:
+ - The engines directory didn't get build for the static directory, so
+ where missing in libcrypo.a
+ - The apps directory didn't always get build, so we didn't have an openssl
+ and a small part of the regression tests failed.
+ * Make the package fail to build if the regression tests fail.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 15 May 2006 16:00:58 +0000
+
+openssl (0.9.8b-1) unstable; urgency=low
+
+ * New upstream release
+ - New functions added (EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_free), bump shlibs.
+ - CA.pl/CA.sh now calls openssl ca with -extensions v3_ca, setting CA:TRUE
+ instead of FALSE.
+ - CA.pl/CA.sh creates crlnumber now. (Closes: #347612)
+ * Run debconf-updatepo, which really already was in the 0.9.8a-8 version
+ as it was uploaded.
+ * Add Galician debconf translation. Patch from
+ Jacobo Tarrio <jtarrio at trasno.net> (Closes: #361266)
+ * libssl0.9.8.postinst makes uses of bashisms (local variables)
+ so use #!/bin/bash
+ * libssl0.9.8.postinst: Call set -e after sourcing the debconf
+ script.
+ * libssl0.9.8.postinst: Change list of service that may need
+ to be restarted:
+ - Replace ssh by openssh-server
+ - Split postgresql in postgresql-7.4 postgresql-8.0 postgresql-8.1
+ - Add: dovecot-common bind9 ntp-refclock ntp-simple openntpd clamcour
+ fetchmail ftpd-ssl proftpd proftpd-ldap proftpd-mysql proftpd-pgsql
+ * libssl0.9.8.postinst: The check to see if something was installed
+ wasn't working.
+ * libssl0.9.8.postinst: Add workaround to find the name of the init
+ script for proftpd and dovecot.
+ * libssl0.9.8.postinst: Use invoke-rc.d when it's available.
+ * Change Standards-Version to 3.7.0:
+ - Make use of invoke-rc.d
+ * Add comment to README.Debian that rc5, mdc2 and idea have been
+ disabled (since 0.9.6b-3) (Closes: #362754)
+ * Don't add uninitialised data to the random number generator. This stop
+ valgrind from giving error messages in unrelated code.
+ (Closes: #363516)
+ * Put the FAQ in the openssl docs.
+ * Add russian debconf translations from Yuriy Talakan <yt at amur.elektra.ru>
+ (Closes #367216)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 4 May 2006 20:40:03 +0200
+
+openssl (0.9.8a-8) unstable; urgency=low
+
+ * Call pod2man with the proper section. Section changed
+ from 1/3/5/7 to 1SSL/3SSL/5SSL/7SSL. The name of the files
+ already had the ssl in, the section didn't. The references
+ to other manpage is still wrong.
+ * Don't install the LICENSE file, it's already in the copyright file.
+ * Don't set an rpath on openssl to point to /usr/lib.
+ * Add support for kfreebsd-amd64. (Closes: #355277)
+ * Add udeb to the shlibs. Patch from Frans Pop <aragorn at tiscali.nl>
+ (Closes: #356908)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 11 Feb 2006 14:14:37 +0100
+
+openssl (0.9.8a-7) unstable; urgency=high
+
+ * Add italian debconf templates. Thanks to Luca Monducci.
+ (Closes: #350249)
+ * Change the debconf question to use version 0.9.8-3
+ instead of 0.9.8-1, since that's the last version
+ with a security fix.
+ * Call conn_state() if the BIO is not in the BIO_CONN_S_OK state
+ (Closes: #352047). RC bug affecting testing, so urgency high.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 9 Feb 2006 19:07:56 +0100
+
+openssl (0.9.8a-6) unstable; urgency=low
+
+ * Remove empty postinst/preinst/prerm scripts. There is no need
+ to have empty ones, debhelper will add them when needed.
+ * Remove the static pic libraries. Nobody should be linking
+ it's shared libraries static to libssl or libcrypto.
+ This was added for opensc who now links to it shared.
+ * Do not assume that in case the sequence number is 0 and the
+ packet has an odd number of bytes that the other side has
+ the block padding bug, but try to check that it actually
+ has the bug. The wrong detection of this bug resulted
+ in an "decryption failed or bad record mac" error in case
+ both sides were using zlib compression. (Closes: #338006)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 21 Jan 2006 16:25:41 +0100
+
+openssl (0.9.8a-5) unstable; urgency=low
+
+ * Stop ssh from crashing randomly on sparc (Closes: #335912)
+ Patch from upstream cvs.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 13 Dec 2005 21:37:42 +0100
+
+openssl (0.9.8a-4) unstable; urgency=low
+
+ * Call dh_makeshlibs with the proper version instead of putting
+ it in shlibs.local, which doesn't seem to do anything. 0.9.8a-1
+ added symbol versioning, so it should have bumped the shlibs.
+ (Closes: #338284)
+ * The openssl package had a duplicate dependency on libssl0.9.8,
+ only require the version as required by the shlibs.
+ * Make libssl-dev depend on zlib1g-dev, since it's now required for
+ static linking. (Closes: #338313)
+ * Generate .pc files that make use of Libs.private, so things only
+ link to the libraries they should when linking shared.
+ * Use -m64 instead of -bpowerpc64-linux on ppc64. (Closes: #335486)
+ * Make powerpc and ppc64 use the assembler version for bn. ppc64
+ had the location in the string wrong, powerpc had it missing.
+ * Add includes for stddef to get size_t in md2.h, md4.h, md5.h,
+ ripemd.h and sha.h. (Closes: #333101)
+ * Run make test for each of the versions we build, make it
+ not fail the build process if an error is found.
+ * Add build dependency on bc for the regression tests.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Nov 2005 16:01:05 +0100
+
+openssl (0.9.8a-3) unstable; urgency=high
+
+ * Link to libz instead of dynamicly loading it. It gets loaded
+ at the moment the library is initialised, so there is no point
+ in not linking to it. It's now failing in some cases since
+ it's not opened by it's soname, but by the symlink to it.
+ This should hopefully solve most of the bugs people have reported
+ since the move to libssl0.9.8.
+ (Closes: #334180, #336140, #335271)
+ * Urgency set to high because it fixes a grave bug affecting testing.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 1 Nov 2005 14:56:40 +0100
+
+openssl (0.9.8a-2) unstable; urgency=low
+
+ * Add Build-Dependency on m4, since sparc needs it to generate
+ it's assembler files. (Closes: #334542)
+ * Don't use rc4-x86_64.o on amd64 for now, it seems to be broken
+ and causes a segfault. (Closes: #334501, #334502)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 18 Oct 2005 19:05:53 +0200
+
+openssl (0.9.8a-1) unstable; urgency=low
+
+ Christoph Martin:
+ * fix asm entries for some architectures, fixing #332758 properly.
+ * add noexecstack option to i386 subarch
+ * include symbol versioning in Configure (closes: #330867)
+ * include debian-armeb arch (closes: #333579)
+ * include new upstream patches; includes some minor fixes
+ * fix dh_shlibdeps line, removing the redundant dependency on
+ libssl0.9.8 (closes: #332755)
+ * add swedish debconf template (closes: #330554)
+
+ Kurt Roeckx:
+ * Also add noexecstack option for amd64, since it now has an
+ executable stack with the assembler fixes for amd64.
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 17 Oct 2005 17:01:06 +0200
+
+openssl (0.9.8-3) unstable; urgency=low
+
+ * Apply security fix for CAN-2005-2969. (Closes: #333500)
+ * Change priority of -dbg package to extra.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 12 Oct 2005 22:38:58 +0200
+
+openssl (0.9.8-2) unstable; urgency=low
+
+ * Don't use arch specific assembler. Should fix build failure on
+ ia64, sparc and amd64. (Closes: #332758)
+ * Add myself to the uploaders.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 10 Oct 2005 19:22:36 +0200
+
+openssl (0.9.8-1) unstable; urgency=low
+
+ * New upstream release (closes: #311826)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 29 Sep 2005 14:20:04 +0200
+
+openssl (0.9.7g-3) unstable; urgency=low
+
+ * change Configure line for debian-freebsd-i386 to debian-kfreebsd-i386
+ (closes: #327692)
+ * include -dbg version. That implies compiling with -g and without
+ -fomit-frame-pointer (closes: #293823, #153811)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 23 Sep 2005 13:51:57 +0200
+
+openssl (0.9.7g-2) unstable; urgency=low
+
+ * really include nl translation
+ * remove special ia64 code from rc4 code to make the abi compatible to
+ older 0.9.7 versions (closes: #310489, #309274)
+ * fix compile flag for debian-ppc64 (closes: #318750)
+ * small fix in libssl0.9.7.postinst (closes: #239956)
+ * fix pk7_mime.c to prevent garbled messages because of to early memory
+ free (closes: #310184)
+ * include vietnamese debconf translation (closes: #316689)
+ * make optimized i386 libraries have non executable stack (closes:
+ #321721)
+ * remove leftover files from ssleay
+ * move from dh_installmanpages to dh_installman
+ * change Maintainer to pkg-openssl-devel at lists.alioth.debian.org
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 7 Sep 2005 15:32:54 +0200
+
+openssl (0.9.7g-1) unstable; urgency=low
+
+ * New upstream release
+ * Added support for proxy certificates according to RFC 3820.
+ Because they may be a security thread to unaware applications,
+ they must be explicitely allowed in run-time. See
+ docs/HOWTO/proxy_certificates.txt for further information.
+ * Prompt for pass phrases when appropriate for PKCS12 input format.
+ * Back-port of selected performance improvements from development
+ branch, as well as improved support for PowerPC platforms.
+ * Add lots of checks for memory allocation failure, error codes to indicate
+ failure and freeing up memory if a failure occurs.
+ * Perform some character comparisons of different types in X509_NAME_cmp:
+ this is needed for some certificates that reencode DNs into UTF8Strings
+ (in violation of RFC3280) and can't or wont issue name rollover
+ certificates.
+ * corrected watchfile
+ * added upstream source url (closes: #292904)
+ * fix typo in CA.pl.1 (closes: #290271)
+ * change debian-powerpc64 to debian-ppc64 and adapt the configure
+ options to be the same like upstream (closes: #289841)
+ * include -signcert option in CA.pl usage
+ * compile with zlib-dynamic to use system zlib (closes: #289872)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 9 May 2005 23:32:03 +0200
+
+openssl (0.9.7e-3) unstable; urgency=high
+
+ * really fix der_chop. The fix from -1 was not really included (closes:
+ #281212)
+ * still fixes security problem CAN-2004-0975 etc.
+ - tempfile raise condition in der_chop
+ - Avoid a race condition when CRLs are checked in a multi threaded
+ environment.
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Dec 2004 18:41:29 +0100
+
+openssl (0.9.7e-2) unstable; urgency=high
+
+ * fix perl path in der_chop and c_rehash (closes: #281212)
+ * still fixes security problem CAN-2004-0975 etc.
+ - tempfile raise condition in der_chop
+ - Avoid a race condition when CRLs are checked in a multi threaded
+ environment.
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 14 Nov 2004 20:16:21 +0100
+
+openssl (0.9.7e-1) unstable; urgency=high
+
+ * SECURITY UPDATE: fix insecure temporary file handling
+ * apps/der_chop:
+ - replaced $$-style creation of temporary files with
+ File::Temp::tempfile()
+ - removed unused temporary file name in do_certificate()
+ * References:
+ CAN-2004-0975 (closes: #278260)
+ * fix ASN1_STRING_to_UTF8 with UTF8 (closes: #260357)
+ * New upstream release with security fixes
+ - Avoid a race condition when CRLs are checked in a multi threaded
+ environment.
+ - Various fixes to s3_pkt.c so alerts are sent properly.
+ - Reduce the chances of duplicate issuer name and serial numbers (in
+ violation of RFC3280) using the OpenSSL certificate creation
+ utilities.
+ * depends openssl on perl-base instead of perl (closes: #280225)
+ * support powerpc64 in Configure (closes: #275224)
+ * include cs translation (closes: #273517)
+ * include nl translation (closes: #272479)
+ * Fix default dir of c_rehash (closes: #253126)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 12 Nov 2004 14:11:15 +0100
+
+openssl (0.9.7d-5) unstable; urgency=low
+
+ * Make S/MIME encrypt work again (backport from CVS) (closes: #241407,
+ #241386)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 26 Jul 2004 17:22:42 +0200
+
+openssl (0.9.7d-4) unstable; urgency=low
+
+ * add Catalan translation (closes: #248749)
+ * add Spanish translation (closes: #254561)
+ * include NMU fixes: see below
+ * decrease optimisation level for debian-arm to work around gcc bug
+ (closes: #253848) (thanks to Steve Langasek and Thom May)
+ * Add libcrypto0.9.7-udeb. (closes: #250010) (thanks to Bastian Blank)
+ * Add watchfile
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 14 Jul 2004 14:31:02 +0200
+
+openssl (0.9.7d-3) unstable; urgency=low
+
+ * rename -pic.a libraries to _pic.a (closes: #250016)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 24 May 2004 17:02:29 +0200
+
+openssl (0.9.7d-2) unstable; urgency=low
+
+ * include PIC libs (libcrypto-pic.a and libssl-pic.a) to libssl-dev
+ (closes: #246928, #243999)
+ * add racoon to restart list (closes: #242652)
+ * add Brazilian, Japanese and Danish translations (closes: #242087,
+ #241830, #241705)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 11 May 2004 10:13:49 +0200
+
+openssl (0.9.7d-1) unstable; urgency=high
+
+ * new upstream
+ * fixes security holes (http://www.openssl.org/news/secadv_20040317.txt)
+ (closes: #238661)
+ * includes support for debian-amd64 (closes: #235551, #232310)
+ * fix typo in pem.pod (closes: #219873)
+ * fix typo in libssl0.9.7.templates (closes: #224690)
+ * openssl suggests ca-certificates (closes: #217180)
+ * change debconf template to gettext format (closes: #219013)
+ * include french debconf template (closes: #219014)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 18 Mar 2004 16:18:43 +0100
+
+openssl (0.9.7c-5) unstable; urgency=low
+
+ * include openssl.pc into libssl-dev (closes: #212545)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Oct 2003 16:31:32 +0200
+
+openssl (0.9.7c-4) unstable; urgency=low
+
+ * change question to restart services to debconf (closes: #214840)
+ * stop using dh_undocumented (closes: #214831)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 10 Oct 2003 15:40:48 +0200
+
+openssl (0.9.7c-3) unstable; urgency=low
+
+ * fix POSIX conformance for head in libssl0.9.7.postinst (closes:
+ #214700)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 8 Oct 2003 14:02:38 +0200
+
+openssl (0.9.7c-2) unstable; urgency=low
+
+ * add filerc macro to libssl0.9.7.postinst (closes: #213906)
+ * restart spamassassins spamd on upgrade (closes: #214106)
+ * restart more services on upgrade
+ * fix EVP_BytesToKey manpage (closes: #213715)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 7 Oct 2003 15:01:32 +0200
+
+openssl (0.9.7c-1) unstable; urgency=high
+
+ * upstream security fix (closes: #213451)
+ - Fix various bugs revealed by running the NISCC test suite:
+ Stop out of bounds reads in the ASN1 code when presented with
+ invalid tags (CAN-2003-0543 and CAN-2003-0544).
+ Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
+ If verify callback ignores invalid public key errors don't try to check
+ certificate signature with the NULL public key.
+ - In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
+ if the server requested one: as stated in TLS 1.0 and SSL 3.0
+ specifications.
+ * more minor upstream bugfixes
+ * fix formatting in c_issuer (closes: #190026)
+ * fix Debian-FreeBSD support (closes: #200381)
+ * restart some services in postinst to make them use the new libraries
+ * remove duplicated openssl.1, crypto.3 and ssl.3 (closes: #198594)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 1 Oct 2003 08:54:27 +0200
+
+openssl (0.9.7b-2) unstable; urgency=high
+
+ * fix permission of /etc/ssl/private to 700 again
+ * change section of libssl-dev to libdevel
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 23 Apr 2003 11:13:24 +0200
+
+openssl (0.9.7b-1) unstable; urgency=high
+
+ * upstream security fix
+ - Countermeasure against the Klima-Pokorny-Rosa extension of
+ Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+ a protocol version number mismatch like a decryption error
+ in ssl3_get_client_key_exchange (ssl/s3_srvr.c). (CAN-2003-0131)
+ (closes: #189087)
+ - Turn on RSA blinding by default in the default implementation
+ to avoid a timing attack. Applications that don't want it can call
+ RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
+ They would be ill-advised to do so in most cases. (CAN-2003-0147)
+ - Change RSA blinding code so that it works when the PRNG is not
+ seeded (in this case, the secret RSA exponent is abused as
+ an unpredictable seed -- if it is not unpredictable, there
+ is no point in blinding anyway). Make RSA blinding thread-safe
+ by remembering the creator's thread ID in rsa->blinding and
+ having all other threads use local one-time blinding factors
+ (this requires more computation than sharing rsa->blinding, but
+ avoids excessive locking; and if an RSA object is not shared
+ between threads, blinding will still be very fast).
+ for more details see the CHANGES file
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 16 Apr 2003 10:32:57 +0200
+
+openssl (0.9.7a-1) unstable; urgency=high
+
+ * upstream Security fix
+ - In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
+ via timing by performing a MAC computation even if incorrrect
+ block cipher padding has been found. This is a countermeasure
+ against active attacks where the attacker has to distinguish
+ between bad padding and a MAC verification error. (CAN-2003-0078)
+ for more details see the CHANGES file
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 21 Feb 2003 22:39:40 +0100
+
+openssl (0.9.7-4) unstable; urgency=low
+
+ * use DH_COMPAT=3 to build
+ * move i686 to i686/cmov to fix problems on Via C3. For that to work we
+ have to depend on the newest libc6 on i386 (closes: #177891)
+ * fix bug in ui_util.c (closes: #177615)
+ * fix typo in md5.h (closes: #178112)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 24 Jan 2003 10:22:56 +0100
+
+openssl (0.9.7-3) unstable; urgency=low
+
+ * enable build of ultrasparc code on non ultrasparc machines (closes:
+ #177024)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 17 Jan 2003 08:22:13 +0100
+
+openssl (0.9.7-2) unstable; urgency=low
+
+ * include changes between 0.9.6g-9 and -10
+ * fix problem in build-process on i386 with libc6 version number
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 13 Jan 2003 14:26:56 +0100
+
+openssl (0.9.7-1) unstable; urgency=low
+
+ * new upstream
+ * includes engine support
+ * a lot of bugfixes and enhancements, see the CHANGES file
+ * include AES encryption
+ * makes preview of certificate configurable (closes: #176059)
+ * fix x509 manpage (closes: #168070)
+ * fix declaration of ERR_load_PEM_string in pem.h (closes: #141360)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 11 Jan 2003 09:12:16 +0100
+
+openssl (0.9.6g-10) unstable; urgency=low
+
+ * fix problem in build-process on i386 with libc6 version number
+ (closes: #167096)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 4 Nov 2002 12:27:21 +0100
+
+openssl (0.9.6g-9) unstable; urgency=low
+
+ * fix typo in i386 libc6 depend (sigh) (closes: #163848)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 8 Oct 2002 23:29:20 +0200
+
+openssl (0.9.6g-8) unstable; urgency=low
+
+ * fix libc6 depends. Only needed for i386 (closes: #163701)
+ * remove SHLIB section for bsds from Configure (closes: #163585)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 8 Oct 2002 10:57:35 +0200
+
+openssl (0.9.6g-7) unstable; urgency=low
+
+ * enable i686 optimisation and depend on fixed glibc (closes: #163500)
+ * remove transition package ssleay
+ * include optimisation vor sparcv8 (closes: #139996)
+ * improve optimisation vor sparcv9
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 6 Oct 2002 14:07:12 +0200
+
+openssl (0.9.6g-6) unstable; urgency=low
+
+ * temporarily disable i686 optimisation (See bug in glibc #161788)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 21 Sep 2002 18:56:49 +0200
+
+openssl (0.9.6g-5) unstable; urgency=low
+
+ * i486 can use i586 assembler
+ * include set -xe in the for loops in the rules files to make it abort
+ on error (closes: #161768)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 21 Sep 2002 16:23:11 +0200
+
+openssl (0.9.6g-4) unstable; urgency=low
+
+ * fix optimization for alpha and sparc
+ * add optimization for i486
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 20 Sep 2002 22:36:19 +0200
+
+openssl (0.9.6g-3) unstable; urgency=low
+
+ * add optimized libraries for i586, i686, ev4, ev5 and v9 (closes: #139783)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 19 Sep 2002 18:33:04 +0200
+
+openssl (0.9.6g-2) unstable; urgency=low
+
+ * fix manpage names (closes: #156717, #156718, #156719, #156721)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 15 Aug 2002 11:26:37 +0200
+
+openssl (0.9.6g-1) unstable; urgency=low
+
+ * new upstream version
+ * Use proper error handling instead of 'assertions' in buffer
+ overflow checks added in 0.9.6e. This prevents DoS (the
+ assertions could call abort()). (closes: #155985, #156495)
+ * Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
+ and get fix the header length calculation.
+ * include support for new sh* architectures (closes: #155117)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 14 Aug 2002 13:59:22 +0200
+
+openssl (0.9.6e-1) unstable; urgency=high
+
+ * fixes remote exploits (see DSA-136-1)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 30 Jul 2002 18:32:28 +0200
+
+openssl (0.9.6d-1) unstable; urgency=low
+
+ * new upstream (minor) version
+ * includes Configure lines for debian-*bsd-* (closes: #130413)
+ * fix wrong prototype for BN_pseudo_rand_range in BN_rand(3ssl) (closes:
+ #144586)
+ * fix typos in package description (closes: #141469)
+ * fix typo in SSL_CTX_set_cert_store manpage (closes: #135297)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 3 Jun 2002 19:42:10 +0200
+
+openssl (0.9.6c-2) unstable; urgency=low
+
+ * moved from non-US to main
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 19 Mar 2002 14:48:39 +0100
+
+openssl (0.9.6c-1) unstable; urgency=low
+
+ * new upstream version with a lot of bugfixes
+ * remove directory /usr/include/openssl from openssl package (closes:
+ bug #121226)
+ * remove selfdepends from libssl0.9.6
+ * link openssl binary shared again
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 5 Jan 2002 19:04:31 +0100
+
+openssl (0.9.6b-4) unstable; urgency=low
+
+ * build with -D_REENTRANT for threads support on all architectures
+ (closes: #112329, #119239)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 24 Nov 2001 12:17:51 +0100
+
+openssl (0.9.6b-3) unstable; urgency=low
+
+ * disable idea, mdc2 and rc5 because they are not free (closes: #65368)
+ * ready to be moved from nonus to main
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 21 Nov 2001 17:51:41 +0100
+
+openssl (0.9.6b-2) unstable; urgency=high
+
+ * fix definition of crypt in des.h (closes: #107533)
+ * fix descriptions (closes: #109503)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 17 Sep 2001 15:38:27 +0200
+
+openssl (0.9.6b-1) unstable; urgency=medium
+
+ * new upstream fixes some security issues (closes: #105835, #100146)
+ * added support for s390 (closes: #105681)
+ * added support for sh (closes: #100003)
+ * change priority of libssl096 to standard as ssh depends on it (closes:
+ #105440)
+ * don't optimize for i486 to support i386. (closes: #104127, #82194)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 20 Jul 2001 15:52:42 +0200
+
+openssl (0.9.6a-3) unstable; urgency=medium
+
+ * add perl-base to builddeps
+ * include static libraries in libssl-dev (closes: #93688)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 14 May 2001 20:16:06 +0200
+
+openssl (0.9.6a-2) unstable; urgency=medium
+
+ * change Architecture of ssleay from any to all (closes: #92913)
+ * depend libssl-dev on the exact same version of libssl0.9.6 (closes:
+ #88939)
+ * remove lib{crypto,ssl}.a from openssl (closes: #93666)
+ * rebuild with newer gcc to fix atexit problem (closes: #94036)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 2 May 2001 12:28:39 +0200
+
+openssl (0.9.6a-1) unstable; urgency=medium
+
+ * new upstream, fixes some security bugs (closes: #90584)
+ * fix typo in s_server manpage (closes: #89756)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 10 Apr 2001 12:13:11 +0200
+
+openssl (0.9.6-2) unstable; urgency=low
+
+ * policy: reorganisation of package names: libssl096 -> libssl0.9.6,
+ libssl096-dev -> libssl-dev (closes: #83426)
+ * libssl0.9.6 drops replaces libssl09 (Closes: #83425)
+ * install upstream CHANGES files (Closes: #83430)
+ * added support for hppa and ia64 (Closes: #88790)
+ * move man3 manpages to libssl-dev (Closes: #87546)
+ * fix formating problem in rand_add(1) (Closes: #87547)
+ * remove manpage duplicates (Closes: #87545, #74986)
+ * make package descriptions clearer (Closes: #83518, #83444)
+ * increase default emailAddress_max from 40 to 60 (Closes: #67238)
+ * removed RSAREF warning (Closes: #84122)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 8 Mar 2001 14:24:00 +0100
+
+openssl (0.9.6-1) unstable; urgency=low
+
+ * New upstream version (Thanks to Enrique Zanardi <ezanard at debian.org>)
+ (closes: #72388)
+ * Add support for debian-hurd (closes: #76032)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 13 Nov 2000 22:30:46 +0100
+
+openssl (0.9.5a-5) unstable; urgency=low
+
+ * move manpages in standard directories with section ssl (closes:
+ #72152, #69809)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 5 Oct 2000 19:56:20 +0200
+
+openssl (0.9.5a-4) unstable; urgency=low
+
+ * include edg_rand_bytes patch from and for apache-ssl
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 23 Sep 2000 16:48:06 +0200
+
+openssl (0.9.5a-3) unstable; urgency=low
+
+ * fix call to dh_makeshlibs to create correct shlibs file and make
+ dependend programs link correctly (closes: Bug#61658)
+ * include a note in README.debian concerning the location of the
+ subcommand manpages (closes: Bug#69809)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 16 Sep 2000 19:10:50 +0200
+
+openssl (0.9.5a-2) unstable; urgency=low
+
+ * try to fix the sharedlib problem. change soname of library
+ (closes: Bug#4622, #66102, #66538, #66123)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 12 Jul 2000 03:26:30 +0200
+
+openssl (0.9.5a-1) unstable; urgency=low
+
+ * new upstream version (major changes see file NEWS) (closes: Bug#63976,
+ #65239, #65358)
+ * new library package libssl095a because of probably changed library
+ interface (closes: Bug#46222)
+ * added architecture mips and mipsel (closes: Bug#62437, #60366)
+ * provide shlibs.local file in build to help build if libraries are not
+ yet installed (closes: Bug#63984)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 11 Jun 2000 15:17:35 +0200
+
+openssl (0.9.4-5) frozen unstable; urgency=medium
+
+ * cleanup of move of doc directories to /usr/share/doc (closes:
+ Bug#56430)
+ * lintian issues (closes: Bug#49358)
+ * move demos from openssl to libssl09-dev (closes: Bug#59201)
+ * move to debhelpers
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 11 Mar 2000 10:38:04 +0100
+
+openssl (0.9.4-4) unstable; urgency=medium
+
+ * Added 'debian-arm' in 'Configure'. (closes: Bug#54251, #54766)
+ * Fixed Configure for 'debian-m68k' (closes: Bug#53636)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 15 Jan 2000 13:16:18 +0100
+
+openssl (0.9.4-3) unstable; urgency=low
+
+ * define symbol SSLeay_add_ssl_algorithms for backward compatibility
+ (closes: Bug#46882)
+ * remove manpages from /usr/doc/openssl (closes: Bug#46791)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 14 Oct 1999 16:51:08 +0200
+
+openssl (0.9.4-2) unstable; urgency=low
+
+ * include some more docu in pod format (Bug #43933)
+ * removed -mv8 from sparc flags (Bug #44769)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 14 Sep 1999 22:04:06 +0200
+
+openssl (0.9.4-1) unstable; urgency=low
+
+ * new upstream version (Closes: #42926)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 28 Aug 1999 17:04:23 +0200
+
+openssl (0.9.3a-1) unstable; urgency=low
+
+ * new upstream version (Bug #38345, #38627)
+ * sparc is big-endian (Bug #39973)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 7 Jul 1999 16:03:37 +0200
+
+openssl (0.9.2b-3) unstable; urgency=low
+
+ * correct move conffiles to /etc/ssl (Bug #38570)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 31 May 1999 21:08:07 +0200
+
+openssl (0.9.2b-2) unstable; urgency=low
+
+ * added convenience package ssleay to help upgrade to openssl (Bug
+ #37185, #37623, #36326)
+ * added some missing dependencies from libssl09 (Bug #36681, #35867,
+ #36326)
+ * move lib*.so to libssl09-dev (Bug #36761)
+ * corrected version numbers of library files
+ * introduce link from /usr/lib/ssl to /etc/ssl (Bug #36710)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 23 May 1999 14:57:48 +0200
+
+openssl (0.9.2b-1) unstable; urgency=medium
+
+ * First openssl version
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 31 Mar 1999 15:54:26 +0200
+
+ssleay (0.9.0b-2) unstable; urgency=low
+
+ * Include message about the (not)usage of RSAREF (#24409)
+ * Move configfiles from /usr/lib/ssl to /etc/ssl (#26406)
+ * Change definitions for sparc (#26487)
+ * Added missing dependency (#28591)
+ * Make debian/libtool executable (#29708)
+ * /etc/ssl/lib/ssleay.cnf is now a confile (#32624)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 21 Mar 1999 19:41:04 +0100
+
+ssleay (0.9.0b-1) unstable; urgency=low
+
+ * new upstream version (Bug #21227, #25971)
+ * build shared libraries with -fPIC (Bug #20027)
+ * support sparc architecture (Bug #28467)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 13 Oct 1998 10:20:13 +0200
+
+ssleay (0.8.1-7) frozen unstable; urgency=high
+
+ * security fix patch to 0.8.1b (bug #24022)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 6 Jul 1998 15:42:15 +0200
+
+ssleay (0.8.1-6) frozen unstable; urgency=low
+
+ * second try to fix bug #15235 (copyright was still missing)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 22 Jun 1998 08:56:27 +0200
+
+ssleay (0.8.1-5) frozen unstable; urgency=high
+
+ * changed /dev/random to /dev/urandom (Bug #23169, #17817)
+ * copyright contains now the full licence (Bug #15235)
+ * fixed bug #19410 (md5sums-lists-nonexisting-file)
+ * added demos to /usr/doc (Bug #17372)
+ * fixed type in package description (Bug #18969)
+ * fixed bug in adding documentation (Bug #21463)
+ * added patch for support of debian-powerpc (Bug #21579)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 18 Jun 1998 23:09:13 +0200
+
+ssleay (0.8.1-4) unstable; urgency=low
+
+ * purged dependency from libc5
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 11 Nov 1997 15:31:50 +0100
+
+ssleay (0.8.1-3) unstable; urgency=low
+
+ * changed packagename libssl to libssl08 to get better dependancies
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 7 Nov 1997 14:23:17 +0100
+
+ssleay (0.8.1-2) unstable; urgency=low
+
+ * linked shared libraries against libc6
+ * use /dev/random for randomseed
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 5 Nov 1997 11:21:40 +0100
+
+ssleay (0.8.1-1) unstable; urgency=low
+
+ * new upstream version
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Oct 1997 16:15:43 +0200
+
+ssleay (0.6.6-2) unstable; urgency=low
+
+ * cleanup in diffs
+ * removed INSTALL from docs (bug #13205)
+ * split libssl and libssl-dev (but #13735)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 15 Oct 1997 17:38:38 +0200
+
+ssleay (0.6.6-1) unstable; urgency=low
+
+ * New upstream version
+ * added shared libraries for libcrypto and libssl
+
+ -- Christoph Martin <martin at uni-mainz.de> Thu, 26 Jun 1997 19:26:14 +0200
+
+ssleay (0.6.4-2) unstable; urgency=low
+
+ * changed doc filenames from .doc to .txt to be able to read them
+ over with webbrowser
+
+ -- Christoph Martin <martin at uni-mainz.de> Tue, 25 Feb 1997 14:02:53 +0100
+
+ssleay (0.6.4-1) unstable; urgency=low
+
+ * Initial Release.
+
+ -- Christoph Martin <martin at uni-mainz.de> Fri, 22 Nov 1996 21:29:51 +0100
Deleted: openssl/tags/1.0.1e-1/1.1.0/debian/patches/Add-a-couple-of-test-to-check-CRL-fingerprint.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/Add-a-couple-of-test-to-check-CRL-fingerprint.patch 2017-01-30 22:20:45 UTC (rev 894)
+++ openssl/tags/1.0.1e-1/1.1.0/debian/patches/Add-a-couple-of-test-to-check-CRL-fingerprint.patch 2017-02-16 18:29:10 UTC (rev 897)
@@ -1,45 +0,0 @@
-From: Richard Levitte <levitte at openssl.org>
-Date: Sat, 28 Jan 2017 18:24:40 +0100
-Subject: [PATCH 3/3] Add a couple of test to check CRL fingerprint
-
-BTS: #852920
-
-Reviewed-by: Kurt Roeckx <kurt at openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/2314)
-(cherry picked from commit 929860d0e6112f5c7766d9ea036c3f8bd8d3d719)
----
- test/recipes/25-test_crl.t | 19 ++++++++++++++++++-
- 1 file changed, 18 insertions(+), 1 deletion(-)
-
---- a/test/recipes/25-test_crl.t
-+++ b/test/recipes/25-test_crl.t
-@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_fil
-
- setup("test_crl");
-
--plan tests => 3;
-+plan tests => 5;
-
- require_ok(srctop_file('test','recipes','tconversion.pl'));
-
-@@ -24,3 +24,20 @@ subtest 'crl conversions' => sub {
- };
-
- ok(run(test(['crltest'])));
-+
-+ok(compare1stline([qw{openssl crl -noout -fingerprint -in},
-+ srctop_file('test', 'testcrl.pem')],
-+ 'SHA1 Fingerprint=BA:F4:1B:AD:7A:9B:2F:09:16:BC:60:A7:0E:CE:79:2E:36:00:E7:B2'));
-+ok(compare1stline([qw{openssl crl -noout -fingerprint -sha256 -in},
-+ srctop_file('test', 'testcrl.pem')],
-+ 'SHA256 Fingerprint=B3:A9:FD:A7:2E:8C:3D:DF:D0:F1:C3:1A:96:60:B5:FD:B0:99:7C:7F:0E:E4:34:F5:DB:87:62:36:BC:F1:BC:1B'));
-+
-+sub compare1stline {
-+ my ($cmdarray, $str) = @_;
-+ my @lines = run(app($cmdarray), capture => 1);
-+
-+ return 1 if $lines[0] =~ m|^\Q${str}\E\R$|;
-+ note "Got ", $lines[0];
-+ note "Expected ", $str;
-+ return 0;
-+}
Deleted: openssl/tags/1.0.1e-1/1.1.0/debian/patches/Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch 2017-01-30 22:20:45 UTC (rev 894)
+++ openssl/tags/1.0.1e-1/1.1.0/debian/patches/Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch 2017-02-16 18:29:10 UTC (rev 897)
@@ -1,23 +0,0 @@
-From: Richard Levitte <levitte at openssl.org>
-Date: Sat, 28 Jan 2017 18:02:12 +0100
-Subject: [PATCH 2/3] Document what EXFLAG_SET is for in x509v3.h
-
-BTS: #852920
-
-Reviewed-by: Kurt Roeckx <kurt at openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/2314)
-(cherry picked from commit 2d60c923141e7853c268364f26195343a5e995bf)
----
- include/openssl/x509v3.h | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/include/openssl/x509v3.h
-+++ b/include/openssl/x509v3.h
-@@ -355,6 +355,7 @@ struct ISSUING_DIST_POINT_st {
- # define EXFLAG_SI 0x20
- # define EXFLAG_V1 0x40
- # define EXFLAG_INVALID 0x80
-+/* EXFLAG_SET is set to indicate that some values have been precomputed */
- # define EXFLAG_SET 0x100
- # define EXFLAG_CRITICAL 0x200
- # define EXFLAG_PROXY 0x400
Deleted: openssl/tags/1.0.1e-1/1.1.0/debian/patches/X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch 2017-01-30 22:20:45 UTC (rev 894)
+++ openssl/tags/1.0.1e-1/1.1.0/debian/patches/X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch 2017-02-16 18:29:10 UTC (rev 897)
@@ -1,40 +0,0 @@
-From: Richard Levitte <levitte at openssl.org>
-Date: Sat, 28 Jan 2017 17:43:17 +0100
-Subject: [PATCH 1/3] X509_CRL_digest() - ensure precomputed sha1 hash before
- returning it
-
-X509_CRL_digest() didn't check if the precomputed sha1 hash was actually
-present. This also makes sure there's an appropriate flag to check.
-
-BTS: #852920
-
-Reviewed-by: Kurt Roeckx <kurt at openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/2314)
-(cherry picked from commit 6195848b2eea627c47f74b63eb2ba3dc3d5b6436)
----
- crypto/x509/x_all.c | 2 +-
- crypto/x509/x_crl.c | 2 ++
- 2 files changed, 3 insertions(+), 1 deletion(-)
-
---- a/crypto/x509/x_all.c
-+++ b/crypto/x509/x_all.c
-@@ -377,7 +377,7 @@ int X509_digest(const X509 *data, const
- int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
- unsigned char *md, unsigned int *len)
- {
-- if (type == EVP_sha1()) {
-+ if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0) {
- /* Asking for SHA1; always computed in CRL d2i. */
- if (len != NULL)
- *len = sizeof(data->sha1_hash);
---- a/crypto/x509/x_crl.c
-+++ b/crypto/x509/x_crl.c
-@@ -226,6 +226,8 @@ static int crl_cb(int operation, ASN1_VA
- if (crl->meth->crl_init(crl) == 0)
- return 0;
- }
-+
-+ crl->flags |= EXFLAG_SET;
- break;
-
- case ASN1_OP_FREE_POST:
Deleted: openssl/tags/1.0.1e-1/1.1.0/debian/patches/series
===================================================================
--- openssl/branches/1.1.0/debian/patches/series 2017-01-30 22:20:45 UTC (rev 894)
+++ openssl/tags/1.0.1e-1/1.1.0/debian/patches/series 2017-02-16 18:29:10 UTC (rev 897)
@@ -1,9 +0,0 @@
-debian-targets.patch
-man-section.patch
-no-symbolic.patch
-pic.patch
-c_rehash-compat.patch
-#padlock_conf.patch
-X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch
-Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch
-Add-a-couple-of-test-to-check-CRL-fingerprint.patch
Copied: openssl/tags/1.0.1e-1/1.1.0/debian/patches/series (from rev 896, openssl/branches/1.1.0/debian/patches/series)
===================================================================
--- openssl/tags/1.0.1e-1/1.1.0/debian/patches/series (rev 0)
+++ openssl/tags/1.0.1e-1/1.1.0/debian/patches/series 2017-02-16 18:29:10 UTC (rev 897)
@@ -0,0 +1,6 @@
+debian-targets.patch
+man-section.patch
+no-symbolic.patch
+pic.patch
+c_rehash-compat.patch
+#padlock_conf.patch
Deleted: openssl/tags/1.1.0e-1/debian/changelog
===================================================================
--- openssl/branches/1.1.0/debian/changelog 2017-01-30 22:20:45 UTC (rev 894)
+++ openssl/tags/1.1.0e-1/debian/changelog 2017-02-16 18:29:10 UTC (rev 897)
@@ -1,2130 +0,0 @@
-openssl (1.1.0d-2) unstable; urgency=medium
-
- * Fix building of arch and all packages in a minimal environment
- (Closes: #852900).
- * Fix precomputing SHA1 by adding the following patches from upstream:
- - Add-a-couple-of-test-to-check-CRL-fingerprint.patch
- - Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch
- - X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch
- (Closes: #852920).
-
- -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Mon, 30 Jan 2017 23:20:07 +0100
-
-openssl (1.1.0d-1) unstable; urgency=medium
-
- * New Upstream release
- - Fixes CVE-2017-3731
- - Fixes CVE-2017-3730
- - Fixes CVE-2017-3732
- - drop revert_ssl_read.patch and
- 0001-Add-missing-zdelete-for-some-linux-arches.patch, applied upstream.
- * add new symbols.
-
- -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Thu, 26 Jan 2017 16:38:34 +0100
-
-openssl (1.1.0c-4) unstable; urgency=medium
-
- * Make build-indep build again.
- * Don't depend on perl:any in openssl as it breaks debootstrap
- ("Closes: #852017).
-
- -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Fri, 20 Jan 2017 22:18:15 +0100
-
-openssl (1.1.0c-3) unstable; urgency=medium
-
- * Add myself as Uploader.
- * Add support for tilegx, patch by Helmut Grohne (Closes: #848957).
- * redo the rules file to some newer debhelper:
- - everyfile should remain, nothing should get lost
- - the scripts in the doc package gained an exec bit
- - openssl gained a dep on perl (the package contains perl scripts)
- - libssl1.0.2-dbg is gone, we have dbgsym now
- - dh compat 10
- - pkg.install instead of pkg.files is used for install
- * Mark libssl-doc as MA foreign
- * Update Standards-Version from 3.9.5 to 3.9.8. No changes required.
- * Document the change for openssl's enc command between 1.1.0 and pre 1.1.0
- in the NEWS file (Closes: #843064).
- * Add an override for lintian for the non-standard private directory
-
- -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Thu, 19 Jan 2017 23:00:01 +0100
-
-openssl (1.1.0c-2) unstable; urgency=medium
-
- * Revert behaviour of SSL_read() and SSL_write(), and update documentation.
- (Closes: #844234)
- * Add missing -zdelete on x32 (Closes: #844715)
- * Add a Breaks on salt-common. Addresses #844706
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 21 Nov 2016 22:20:00 +0100
-
-openssl (1.1.0c-1) unstable; urgency=medium
-
- * New upstrem release
- - Fix CVE-2016-7053
- - Fix CVE-2016-7054
- - Fix CVE-2016-7055
- * remove no-rpath.patch, applied upstream.
- * Remove old d2i test cases, use the one from the upstream tarball.
- * Update libssl1.1.symbols for new sysmbols.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 10 Nov 2016 19:05:44 +0100
-
-openssl (1.1.0b-2) unstable; urgency=low
-
- * Upload to unstable
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 01 Nov 2016 22:02:32 +0100
-
-openssl (1.1.0b-1) experimental; urgency=medium
-
- * New upstream release
- - Fixes CVE-2016-6309
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 26 Sep 2016 18:21:09 +0200
-
-openssl (1.1.0a-1) experimental; urgency=medium
-
- * New upstream release
- - Fix CVE-2016-6304
- - Fix CVE-2016-6305
- - Fix CVE-2016-6307
- - Fix CVE-2016-6308
- * Update c_rehash-compat.patch to apply to new version.
- * Update symbol file.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 22 Sep 2016 20:13:59 +0200
-
-openssl (1.1.0-1) experimental; urgency=medium
-
- [ Kurt Roeckx ]
- * New upstream version
- * Use Package-Type instead of XC-Package-Type
- * Remove "Priority: optional" in the binary packages.
- * Add Homepage
- * Use dpkg-buildflags's LDFLAGS also for building the shared libraries.
-
- [ Sebastian Andrzej Siewior ]
- * drop config-hurd.patch, we don't use `config' and it works without the
- patch.
- * Drop depend on zlib1g-dev since we don't use it anymore (Closes: #767207)
- * Make the openssl package Multi-Arch: foregin (Closes: #827028)
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 25 Aug 2016 18:52:22 +0200
-
-openssl (1.1.0~pre6-1) experimental; urgency=medium
-
- [ Sebastian Andrzej Siewior ]
- * drop engines-path.patch. Upstream uses a 1.1 suffixes now.
-
- [ Kurt Roeckx ]
- * New upstream version
- * Drop upstream snapshot
- * Update symbols file
- * Use some https instead of http URLs
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 04 Aug 2016 18:33:24 +0200
-
-openssl (1.1.0~pre5-5) experimental; urgency=medium
-
- * Update snapshot to commit fe964f0c88f6780fd30b26e306484b981b0a8480
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 02 Jul 2016 14:54:51 +0200
-
-openssl (1.1.0~pre5-4) experimental; urgency=medium
-
- * Update snapshot to commit c32bdbf171ce6650ef045ec47b5abe0de7c264db
- * Remove utils-mkdir-p-check-if-dir-exists-also-after-mkdir-f.patch, applied
- upstream
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 26 Jun 2016 15:07:48 +0200
-
-openssl (1.1.0~pre5-3) experimental; urgency=medium
-
- [ Kurt Roeckx ]
- * Don't use assembler on hppa, it's not writen for Linux.
-
- -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Fri, 10 Jun 2016 22:33:06 +0200
-
-openssl (1.1.0~pre5-2) experimental; urgency=medium
-
- [ Sebastian Andrzej Siewior ]
- * Run the testsuite with verbose output.
- * Use $(MAKE) so the whole make environment is passed to its child and we
- can build in parallel with -jX
- * Update snapshot to commit 5000a6d1215e ("Fix an error path leak in int
- X509_ATTRIBUTE_set1_data()")
-
- -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Fri, 10 Jun 2016 21:49:55 +0200
-
-openssl (1.1.0~pre5-1) experimental; urgency=medium
-
- * New upstream version with soname change. Upload to experimental.
- - Rename binary packages
- - Remove patches:
- - block_diginotar.patch: All cross certificates expired in 2013
- - block_digicert_malaysia.patch: intermediate certificates expired in
- 2015
- - man-dir.patch: Fixed upstream
- - valgrind.patch: Upstream no longer adds the uninitialized data to the
- RNG
- - shared-lib-ext.patch: No longer needed
- - version-script.patch: Upstream does symbol versioning itself now
- - disable_freelist.patch: No longer needed
- - soname.patch: Was to change to the 1.0.2 soname that upstream never had
- - disable_sslv3_test.patch: Fixed upstream
- - libdoc-manpgs-pod-spell.patch: Fixed upstream (Closes: #813191)
- - Rewrite debian-targets.patch to work with the new configuration system.
- - Update other patches to apply
- - Update list of install docs
- - Use DESTDIR instead of INSTALL_PREFIX
- - Clean up more files
- - Remove the configure option enable-tlsext no-ssl2 since they're no
- longer supported.
- * Add upstream snapshot:
- - Add d2i-tests.tar to get new binary test files.
- * Don't build i686 optimized version anymore on i386, it's now the default.
- (Closes: #823774)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 28 May 2016 20:58:31 +0200
-
-openssl (1.0.2h-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2016-2107
- - Fixes CVE-2016-2105
- - Fixes CVE-2016-2106
- - Fixes CVE-2016-2109
- - Fixes CVE-2016-2176
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 03 May 2016 18:31:22 +0200
-
-openssl (1.0.2g-2) unstable; urgency=medium
-
- * Use assembler of arm64 (Closes: #794326)
- Patch from Riku Voipio <riku.voipio at iki.fi>
- * Add a udeb for libssl, based on similar changes done in Ubuntu
- starting in version 0.9.8o-4ubuntu1 (Closes: #802591)
- Patch from Margarita Manterola <marga at google.com>
- * Add support for nios2 (Closes: #816239)
- Based on patch from Marek Vasut <marex at denx.de>
- * Update Spanish translation from Manuel "Venturi" Porras Peralta
- <venturi at openmailbox.org> (Closes: #773601)
- * Don't build an i586 optimized version anymore, the default
- already targets that. Patch from Sven Joachim <svenjoac at gmx.de>
- (Closes: #759811)
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 21 Apr 2016 23:43:06 +0200
-
-openssl (1.0.2g-1) unstable; urgency=high
-
- * New upstream version
- * Fix CVE-2016-0797
- * Fix CVE-2016-0798
- * Fix CVE-2016-0799
- * Fix CVE-2016-0702
- * Fix CVE-2016-0705
- * Disable EXPORT and LOW ciphers: The DROWN attack (CVE-2016-0800)
- makes use of those, and SLOTH attack (CVE-2015-7575) can make use of them
- too.
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 01 Mar 2016 18:31:09 +0100
-
-openssl (1.0.2f-2) unstable; urgency=high
-
- * New upstream version.
- - Fixes CVE-2016-0701
- - Not affected by CVE-2015-3197 because SSLv2 is disabled.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 28 Jan 2016 19:32:02 +0100
-
-openssl (1.0.2e-1) unstable; urgency=high
-
- * New upstream release
- - Fix CVE-2015-3193
- - Fix CVE-2015-3194
- - Fix CVE-2015-3195
- - Fix CVE-2015-3196
- * Remove all symlinks during clean
- * Run make depend after configure
- * Remove openssl_button.* from the doc package
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 03 Dec 2015 19:33:05 +0100
-
-openssl (1.0.2d-3) unstable; urgency=medium
-
- * Upload to unstable
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 01 Nov 2015 19:14:34 +0100
-
-openssl (1.0.2d-2) experimental; urgency=medium
-
- * Build with no-ssl3-method to remove all SSLv3 support. This results in
- the functions SSLv3_method(), SSLv3_server_method() and
- SSLv3_client_method() being removed from libssl. Change the soname as
- result of that and also changes name of the binary package.
- (Closes: #768476)
- * Enable rfc3779 and cms support (Closes: #630790)
- * Fix cross compilation for mips architectures. (Closes: #782492)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 06 Sep 2015 14:21:27 +0200
-
-openssl (1.0.2d-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2015-1793
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 09 Jul 2015 18:22:26 +0200
-
-openssl (1.0.2c-1) unstable; urgency=medium
-
- * New upstream version
- - Fixes ABI (Closes: #788511)
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 12 Jun 2015 20:35:12 +0200
-
-openssl (1.0.2b-1) unstable; urgency=high
-
- * New upstream version
- - Fix CVE-2015-4000
- - Fix CVE-2015-1788
- - Fix CVE-2015-1789
- - Fix CVE-2015-1790
- - Fix CVE-2015-1792
- - Fix CVE-2015-1791
- * Update c_rehash-compat.patch to make it apply to the new version.
- * Remove openssl-pod-misspell.patch applied upstream
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 11 Jun 2015 18:20:38 +0200
-
-openssl (1.0.2a-1) unstable; urgency=medium
-
- * New upstrema version
- - Fix CVE-2015-0286
- - Fix CVE-2015-0287
- - Fix CVE-2015-0289
- - Fix CVE-2015-0293 (not affected, SSLv2 disabled)
- - Fix CVE-2015-0209
- - Fix CVE-2015-0288
- - Fix CVE-2015-0291
- - Fix CVE-2015-0290
- - Fix CVE-2015-0207
- - Fix CVE-2015-0208
- - Fix CVE-2015-1787
- - Fix CVE-2015-0285
- * Temporary enable SSLv3 methods again, but they will go away.
- * Don't set TERMIO anymore, use the default TERMIOS instead.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 30 Apr 2015 23:37:27 +0200
-
-openssl (1.0.2-1) experimental; urgency=medium
-
- * New upstream release
- - Fixes CVE-2014-3571
- - Fixes CVE-2015-0206
- - Fixes CVE-2014-3569
- - Fixes CVE-2014-3572
- - Fixes CVE-2015-0204
- - Fixes CVE-2015-0205
- - Fixes CVE-2014-8275
- - Fixes CVE-2014-3570
- - Drop git_snapshot.patch
- * Drop gnu_source.patch, dgst_hmac.patch, stddef.patch,
- no_ssl3_method.patch: applied upstream
- * Update patches to apply
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 23 Jan 2015 18:54:13 +0100
-
-openssl (1.0.2~beta3-1) experimental; urgency=low
-
- * New usptream beta version
- * Add git snapshot
- * Merge changes between 1.0.1h-3 and 1.0.1j-1:
- - Disables SSLv3 because of CVE-2014-3566
- * Drop patch rehash-crt.patch: partially applied upstream.
- c_rehash now doesn't support files in DER format anymore.
- * Drop patch rehash_pod.patch: applied upstream
- * Update c_rehash-compat.patch to apply to new upstream version. This
- undoes upstream's "-old" option and creates both the new and old again.
- It now also does it for CRLs.
- * Drop defaults.patch, applied upstream
- * dgst_hmac.patch updated to apply to upstream version.
- * engines-path.patch updated to apply to upstream version.
- * Update list of exported symbols
- * Update symbols files to require beta3
- * Enable unit tests
- * Add patch to add support for the no-ssl3-method option that completly
- disable SSLv3 and pass the option. This drops the following functions
- from the library: SSLv3_method, SSLv3_server_method and
- SSLv3_client_method
- * Build using OPENSSL_NO_BUF_FREELISTS
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 07 Nov 2014 00:20:10 +0100
-
-openssl (1.0.2~beta2-1) experimental; urgency=medium
-
- * New usptream beta version
- - Fix CVE-2014-0224
- - Fix CVE-2014-0221
- - Fix CVE-2014-0195
- - Fix CVE-2014-3470
- - Fix CVE-2014-0198
- - Fix CVE-2010-5298
- - Fix CVE-2014-0160
- - Fix CVE-2014-0076
- * Merge changes between 1.0.1f-1 and 1.0.1h-3:
- - postinst: Updated check for restarting services
- * libdoc-manpgs-pod-spell.patch and openssl-pod-misspell.patch
- partially applied upstream
- * Drop fix-pod-errors.patch, applied upstream.
- * Add support for ppc64le (Closes: #745657)
- * Add support for OpenRISC (Closes: #736772)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 23 Jul 2014 19:54:09 +0200
-
-openssl (1.0.2~beta1-1) experimental; urgency=medium
-
- * New upstream beta version
- - Update list of symbols that should be exported and adjust the symbols
- file. This also removes a bunch of duplicate symbols in the linker
- file.
- - Fix additional pod errors
- - Following patches have been applied upstream and are removed:
- libssl-misspell.patch, pod_req_misspell2.patch,
- pod_pksc12.misspell.patch, pod_s_server.misspell.patch,
- pod_x509setflags.misspell.patch, pod_ec.misspell.patch,
- pkcs12-doc.patch, req_bits.patch
- - Following patches have been partially applied upstream:
- libdoc-manpgs-pod-spell.patch, openssl-pod-misspell.patch
- - Remove openssl_fix_for_x32.patch, different patch applied upstream.
- * Add support for cross compiling (Closes: #465248)
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 25 Feb 2014 00:36:51 +0100
-
-openssl (1.0.1f-1) unstable; urgency=high
-
- * New upstream version
- - Fix for TLS record tampering bug CVE-2013-4353
- - Drop the snapshot patch
- * update watch file to check for upstream signature and add upstream pgp key.
- * Drop conflicts against openssh since we now on a released version again.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 06 Jan 2014 18:50:54 +0100
-
-openssl (1.0.1e-6) unstable; urgency=medium
-
- * Add Breaks: openssh-client (<< 1:6.4p1-1.1), openssh-server (<<
- 1:6.4p1-1.1). This is to prevent people running into #732940.
- This Breaks can be removed again when we stop using a git snapshot.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 23 Dec 2013 15:19:17 +0100
-
-openssl (1.0.1e-5) unstable; urgency=low
-
- * Change default digest to SHA256 instead of SHA1. (Closes: #694738)
- * Drop support for multiple certificates in 1 file. It never worked
- properly in the first place, and the only one shipping in
- ca-certificates has been split.
- * Fix libdoc-manpgs-pod-spell.patch to only fix spalling errors
- * Remove make-targets.patch. It prevented the test dir from being cleaned.
- * Update to a git snapshot of the OpenSSL_1_0_1-stable branch.
- - Fixes CVE-2013-6449 (Closes: #732754)
- - Fixes CVE-2013-6450
- - Drop patches ssltest_no_sslv2.patch cpuid.patch aesni-mac.patch
- dtls_version.patch get_certificate.patch, since they where all
- already commited upstream.
- - adjust fix-pod-errors.patch for the reordering of items in the
- documentation they've done trying to fix those pod errors.
- - disable rdrand engine by default (Closes: #732710)
- * disable zlib support. Fixes CVE-2012-4929 (Closes: #728055)
- * Add arm64 support (Closes: #732348)
- * Properly use the default number of bits in req when none are given
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 22 Dec 2013 19:25:35 +0100
-
-openssl (1.0.1e-4) unstable; urgency=low
-
- [ Peter Michael Green ]
- * Fix pod errors (Closes: #723954)
- * Fix clean target
-
- [ Kurt Roeckx ]
- * Add mipsn32 and mips64 targets. Patch from Eleanor Chen
- <chenyueg at gmail.com> (Closes: #720654)
- * Add support for nocheck in DEB_BUILD_OPTIONS
- * Update Norwegian translation (Closes: #653574)
- * Update description of the packages. Patch by Justin B Rye
- (Closes: #719262)
- * change to debhelper compat level 9:
- - change dh_strip call so only the files from libssl1.0.0 get debug
- symbols.
- - change dh_makeshlibs call so the engines don't get added to the
- shlibs
- * Update Standards-Version from 3.8.0 to 3.9.5. No changes required.
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 01 Nov 2013 17:11:53 +0100
-
-openssl (1.0.1e-3) unstable; urgency=low
-
- * Move <openssl/opensslconf.h> to /usr/include/$(DEB_HOST_MULTIARCH), and
- mark libssl-dev Multi-Arch: same.
- Patch by Colin Watson <cjwatson at ubuntu.com> (Closes: #689093)
- * Add Polish translation (Closes: #658162)
- * Add Turkish translation (Closes: #660971)
- * Enable assembler for the arm targets, and remove armeb.
- Patch by Riku Voipio <riku.voipio at iki.fi> (Closes: #676533)
- * Add support for x32 (Closes: #698406)
- * enable ec_nistp_64_gcc_128 on *-amd64 (Closes: #698447)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 20 May 2013 16:56:06 +0200
-
-openssl (1.0.1e-2) unstable; urgency=high
-
- * Bump shlibs. It's needed for the udeb.
- * Make cpuid work on cpu's that don't set ecx (Closes: #699692)
- * Fix problem with AES-NI causing bad record mac (Closes: #701868, #702635, #678353)
- * Fix problem with DTLS version check (Closes: #701826)
- * Fix segfault in SSL_get_certificate (Closes: #703031)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 18 Mar 2013 20:37:11 +0100
-
-openssl (1.0.1e-1) unstable; urgency=high
-
- * New upstream version (Closes: #699889)
- - Fixes CVE-2013-0169, CVE-2012-2686, CVE-2013-0166
- - Drop renegiotate_tls.patch, applied upstream
- - Export new CRYPTO_memcmp symbol, update symbol file
- * Add ssltest_no_sslv2.patch so that "make test" works.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 11 Feb 2013 19:39:44 +0100
-
-openssl (1.0.1c-5) unstable; urgency=low
-
- * Re-enable assembler versions on sparc. They shouldn't have
- been disabled for sparc v9. (Closes: #649841)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 09 Sep 2012 08:43:40 +0200
-
-openssl (1.0.1c-4) unstable; urgency=low
-
- * Fix the configure rules for alpha (Closes: #672710)
- * Switch the postinst to sh again, there never was a reason to
- switch it to bash (Closes: #676398)
- * Fix pic.patch to not use #ifdef in x86cpuid.s, only .S files are
- preprocessed. We generate the file again for pic anyway.
- (Closes: #677468)
- * Drop Breaks against openssh as it was only for upgrades
- between versions that were only in testing/unstable.
- (Closes: #668600)
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 17 Jul 2012 11:49:19 +0200
-
-openssl (1.0.1c-3) unstable; urgency=low
-
- * Disable padlock engine again, causes problems for hosts not supporting it.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 06 Jun 2012 18:29:37 +0200
-
-openssl (1.0.1c-2) unstable; urgency=high
-
- * Fix renegiotation when using TLS > 1.0. This breaks tor. Patch from
- upstream. (Closes: #675990)
- * Enable the padlock engine by default.
- * Change default bits from 1024 to 2048 (Closes: #487152)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 06 Jun 2012 00:55:42 +0200
-
-openssl (1.0.1c-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2012-2333 (Closes: #672452)
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 11 May 2012 18:44:51 +0200
-
-openssl (1.0.1b-1) unstable; urgency=high
-
- * New upstream version
- - Remaps SSL_OP_NO_TLSv1_1, so applications linked to 1.0.0
- can talk to servers supporting TLS 1.1 but not TLS 1.2
- - Drop rc4_hmac_md5.patch, applied upstream
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 26 Apr 2012 23:34:34 +0200
-
-openssl (1.0.1a-3) unstable; urgency=low
-
- * Use patch from upstream for the rc4_hmac_md5 issue.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 23:16:30 +0200
-
-openssl (1.0.1a-2) unstable; urgency=low
-
- * Fix rc4_hmac_md5 on non-i386/amd64 arches.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 21:54:42 +0200
-
-openssl (1.0.1a-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2012-2110
- - Fix crash in rc4_hmac_md5 (Closes: #666405)
- - Fixes some issues with talking to other servers when TLS 1.1 and 1.2 is
- supported
- - Drop patches no_ssl2.patch vpaes.patch tls1.2_client_algorithms.patch,
- applied upstream.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 19:54:12 +0200
-
-openssl (1.0.1-4) unstable; urgency=low
-
- * Use official patch for the vpaes problem, also covering amd64.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 31 Mar 2012 20:54:13 +0200
-
-openssl (1.0.1-3) unstable; urgency=high
-
- * Fix crash in vpaes (Closes: #665836)
- * use client version when deciding whether to send supported signature
- algorithms extension
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 31 Mar 2012 18:35:59 +0200
-
-openssl (1.0.1-2) unstable; urgency=low
-
- * Properly quote the new cflags in Configure
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 19 Mar 2012 19:56:05 +0100
-
-openssl (1.0.1-1) unstable; urgency=low
-
- * New upstream version
- - Remove kfreebsd-pipe.patch, fixed upstream
- - Update pic.patch, openssl-pod-misspell.patch and make-targets.patch
- - Add OPENSSL_1.0.1 to version-script.patch and libssl1.0.0.symbols for
- the new functions.
- - AES-NI support (Closes: #644743)
- * pic.patch: upstream made OPENSSL_ia32cap_P and OPENSSL_cpuid_setup
- hidden on amd64, no need to access it PIC anymore.
- * pic.patch: Make OPENSSL_ia32cap_P hidden on i386 too (Closes: #663977)
- * Enable hardening using dpkg-buildflags (Closes: #653495)
- * s_client and s_server were forcing SSLv3 only connection when SSLv2 was
- disabled instead of the SSLv2 with upgrade method. (Closes: #664454)
- * Add Breaks on openssh < 1:5.9p1-4, it has a too strict version check.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 19 Mar 2012 18:23:32 +0100
-
-openssl (1.0.0h-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2012-0884
- - Fixes CVE-2012-1165
- - Properly fix CVE-2011-4619
- - pkg-config.patch applied upstream, remove it.
- * Enable assembler for all i386 arches. The assembler does proper
- detection of CPU support, including cpuid support.
- This should fix a problem with AES 192 and 256 with the padlock
- engine because of the difference in NO_ASM between the between
- the i686 optimized library and the engine.
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 13 Mar 2012 21:08:17 +0100
-
-openssl (1.0.0g-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2012-0050
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 18 Jan 2012 20:46:13 +0100
-
-openssl (1.0.0f-1) unstable; urgency=high
-
- * New upstream version
- - Fixes CVE-2011-4108, CVE-2011-4576, CVE-2011-4619, CVE-2012-0027,
- CVE-2011-4577
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 12 Jan 2012 19:02:43 +0100
-
-openssl (1.0.0e-3) unstable; urgency=low
-
- * Don't build v8 and v9 variants of sparc anymore, they're older than
- the default. (Closes: #649841)
- * Don't build i486 optimized version, that's the default anyway, and
- it uses assembler that doesn't always work on i486.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 28 Nov 2011 22:17:26 +0100
-
-openssl (1.0.0e-2.1) unstable; urgency=high
-
- * Non-maintainer upload by the Security Team.
- * Block Malaysian's Digicert Sdn. Bhd. certificates by marking them
- as revoked.
-
- -- Raphael Geissert <geissert at debian.org> Sun, 06 Nov 2011 01:39:30 -0600
-
-openssl (1.0.0e-2) unstable; urgency=low
-
- * Add a missing $(DEB_HOST_MULTIARCH)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Sep 2011 17:02:29 +0200
-
-openssl (1.0.0e-1) unstable; urgency=low
-
- * New upstream version
- - Fix bug where CRLs with nextUpdate in the past are sometimes accepted
- by initialising X509_STORE_CTX properly. (CVE-2011-3207)
- - Fix SSL memory handling for (EC)DH ciphersuites, in particular
- for multi-threaded use of ECDH. (CVE-2011-3210)
- - Add protection against ECDSA timing attacks (CVE-2011-1945)
- * Block DigiNotar certifiates. Patch from
- Raphael Geissert <geissert at debian.org>
- * Generate hashes for all certs in a file (Closes: #628780, #594524)
- Patch from Klaus Ethgen <Klaus at Ethgen.de>
- * Add multiarch support (Closs: #638137)
- Patch from Steve Langasek / Ubuntu
- * Symbols from the gost engine were removed because it didn't have
- a linker file. Thanks to Roman I Khimov <khimov at altell.ru>
- (Closes: #631503)
- * Add support for s390x. Patch from Aurelien Jarno <aurel32 at debian.org>
- (Closes: #641100)
- * Add build-arch and build-indep targets to the rules file.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Sep 2011 12:03:13 +0200
-
-openssl (1.0.0d-3) unstable; urgency=low
-
- * Make it build on sparc64. Patch from Aurelien Jarno. (Closes: #626060)
- * Apply patches from Scott Schaefer <saschaefer at neurodiverse.org> to
- fix various pod and spelling errors. (Closes: #622820, #605561)
- * Add missing symbols for the engines (Closes: #623038)
- * More spelling fixes from Scott Schaefer (Closes: #395424)
- * Patch from Scott Schaefer to better document pkcs12 password options
- (Closes: #462489)
- * Document dgst -hmac option. Patch by Thorsten Glaser <tg at mirbsd.de>
- (Closes: #529586)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 13 Jun 2011 12:39:54 +0200
-
-openssl (1.0.0d-2) unstable; urgency=high
-
- * Make c_rehash also generate the old subject hash. Gnutls applications
- seem to require it. (Closes: #611102)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Apr 2011 22:36:49 +0200
-
-openssl (1.0.0d-1) unstable; urgency=low
-
- * New upstream version
- - Fixes CVE-2011-0014
- * Make libssl-doc Replaces/Breaks with old libssl-dev packages
- (Closes: #607609)
- * Only export the symbols we should, instead of all.
- * Add symbol file.
- * Upload to unstable
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 02 Apr 2011 13:19:19 +0000
-
-openssl (1.0.0c-2) experimental; urgency=low
-
- * Set $ in front of {sparcv9_asm} so that the sparc v9 variant builds.
- * Always define _GNU_SOURCE, not only for Linux.
- * Drop SSL2 support (Closes: #589706)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 19 Dec 2010 16:24:16 +0100
-
-openssl (1.0.0c-1) experimental; urgency=low
-
- * New upstream version (Closes: #578376)
- - New soname: Rename library packages
- - Drop patch perl-path.diff, not needed anymore
- - Drop patches CVE-2010-2939.patch, CVE-2010-3864.patch
- and CVE-2010-4180.patch: applied upstream.
- - Update Configure for the new fields for the assembler options
- per arch. alpha now makes use of assembler.
- * Move man3 manpages and demos to libssl-doc (Closes: #470594)
- * Drop .pod files from openssl package (Closes: #518167)
- * Don't use RC4_CHAR on amd64 and drop rc4-amd64.patch
- * Stop using BF_PTR2 on (kfreebd-)amd64.
- * Drop debian-arm from the list of arches.
- * Update arm arches to use BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
- BF_PTR instead of BN_LLONG DES_RISC1
- * ia64: Drop RC4_CHAR, add DES_UNROLL DES_INT
- * powerpc: Use RC4_CHAR RC4_CHUNK DES_RISC1 instead
- of DES_RISC2 DES_PTR MD2_CHAR RC4_INDEX
- * s390: Use RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL instead of BN_LLONG
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 12 Dec 2010 15:37:21 +0100
-
-openssl (0.9.8o-4) unstable; urgency=low
-
- * Fix CVE-2010-4180 (Closes: #529221)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 06 Dec 2010 20:33:21 +0100
-
-openssl (0.9.8o-3) unstable; urgency=high
-
- * Fix TLS extension parsing race condition (CVE-2010-3864) (Closes: #603709)
- * Re-add the engines. They were missing since 0.9.8m-1.
- Patch by Joerg Schneider. (Closes: #603693)
- * Not all architectures were build using -g (Closes: #570702)
- * Add powerpcspe support (Closes: #579805)
- * Add armhf support (Closes: #596881)
- * Update translations:
- - Brazilian Portuguese (Closes: #592154)
- - Danish (Closes: #599459)
- - Vietnamese (Closes: #601536)
- - Arabic (Closes: #596166)
- * Generate the proper stamp file so that everything doesn't get build twice.
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 16 Nov 2010 19:20:55 +0100
-
-openssl (0.9.8o-2) unstable; urgency=high
-
- * Fix CVE-2010-2939: Double free using ECDH. (Closes: #594415)
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 26 Aug 2010 18:25:29 +0200
-
-openssl (0.9.8o-1) unstable; urgency=low
-
- * New upstream version
- - Add SHA2 algorithms to SSL_library_init().
- - aes-x86_64.pl is now PIC, update pic.patch.
- * Add sparc64 support (Closes: #560240)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 18 Apr 2010 01:42:44 +0200
-
-openssl (0.9.8n-1) unstable; urgency=high
-
- * New upstream version.
- - Fixes CVE-2010-0740.
- - Drop cfb.patch, applied upstream.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 25 Mar 2010 20:30:52 +0100
-
-openssl (0.9.8m-2) unstable; urgency=low
-
- * Revert CFB block length change preventing reading older files.
- (Closes: #571810, #571940)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 28 Feb 2010 22:08:49 +0100
-
-openssl (0.9.8m-1) unstable; urgency=low
-
- * New upstream version
- - Implements RFC5746, reenables renegotiation but requires the extension.
- - Fixes CVE-2009-3245
- - Drop patches CVE-2009-4355.patch, CVE-2009-1378.patch,
- CVE-2009-1377.patch, CVE-2009-1379.patch, CVE-2009-3555.patch,
- CVE-2009-2409.patch, CVE-2009-1387.patch, tls_ext_v3.patch,
- no_check_self_signed.patch: applied upstream
- - pk7_mime_free.patch removed, code rewritten
- - ca.diff partially applied upstream
- - engines-path.patch adjusted, upstream made some minor changes to the
- build system.
- - some flags changed values, bump shlibs.
- * Switch to 3.0 (quilt) source package.
- * Make sure the package is properly cleaned.
- * Add ${misc:Depends} to the Depends on all packages.
- * Fix spelling of extension in the changelog file.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 27 Feb 2010 12:24:03 +0000
-
-openssl (0.9.8k-8) unstable; urgency=high
-
- * Clean up zlib state so that it will be reinitialized on next use and
- not cause a memory leak. (CVE-2009-4355, CVE-2008-1678)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Jan 2010 21:26:49 +0100
-
-openssl (0.9.8k-7) unstable; urgency=low
-
- * Bump the shlibs to require 0.9.8k-1. The following symbols
- to added between g and k: AES_wrap_key, AES_unwrap_key,
- ASN1_TYPE_set1, ASN1_STRING_set0, asn1_output_data_fn,
- SMIME_read_ASN1, BN_X931_generate_Xpq, BN_X931_derive_prime_ex,
- BN_X931_generate_prime_ex, COMP_zlib_cleanup, CRYPTO_malloc_debug_init,
- int_CRYPTO_set_do_dynlock_callback, CRYPTO_set_mem_info_functions,
- CRYPTO_strdup, CRYPTO_dbg_push_info, CRYPTO_dbg_pop_info,
- CRYPTO_dbg_remove_all_info, OPENSSL_isservice, OPENSSL_init,
- ENGINE_set_load_ssl_client_cert_function,
- ENGINE_get_ssl_client_cert_function, ENGINE_load_ssl_client_cert,
- EVP_CIPHER_CTX_set_flags, EVP_CIPHER_CTX_clear_flags,
- EVP_CIPHER_CTX_test_flags, HMAC_CTX_set_flags, OCSP_sendreq_new
- OCSP_sendreq_nbio, OCSP_REQ_CTX_free, RSA_X931_derive_ex,
- RSA_X931_generate_key_ex, X509_ALGOR_set0, X509_ALGOR_get0,
- X509at_get0_data_by_OBJ, X509_get1_ocsp
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 28 Nov 2009 14:34:26 +0100
-
-openssl (0.9.8k-6) unstable; urgency=low
-
- * Disable SSL/TLS renegotiation (CVE-2009-3555) (Closes: #555829)
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 12 Nov 2009 18:10:31 +0000
-
-openssl (0.9.8k-5) unstable; urgency=low
-
- * Don't check self signed certificate signatures in X509_verify_cert()
- (Closes: #541735)
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 11 Sep 2009 15:42:32 +0200
-
-openssl (0.9.8k-4) unstable; urgency=low
-
- * Split all the patches into a separate files
- * Stop undefinging HZ, the issue on alpha should be fixed.
- * Remove MD2 from digest algorithm table. (CVE-2009-2409) (Closes: #539899)
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 11 Aug 2009 21:19:18 +0200
-
-openssl (0.9.8k-3) unstable; urgency=low
-
- * Make rc4-x86_64 PIC. Based on patch from Petr Salinger (Closes: #532336)
- * Add workaround for kfreebsd that can't see the different between
- two pipes. Patch from Petr Salinger.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 13 Jun 2009 18:15:46 +0200
-
-openssl (0.9.8k-2) unstable; urgency=low
-
- * Move libssl0.9.8-dbg to the debug section.
- * Use the rc4 assembler on kfreebsd-amd64 (Closes: #532336)
- * Split the line to generate md5-x86_64.s in the Makefile. This will
- hopefully fix the build issue on kfreebsd that now outputs the file
- to stdout instead of the file.
- * Fix denial of service via an out-of-sequence DTLS handshake message
- (CVE-2009-1387) (Closes: #532037)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 08 Jun 2009 19:05:56 +0200
-
-openssl (0.9.8k-1) unstable; urgency=low
-
- * New upstream release
- - 0.9.8i fixed denial of service via a DTLS ChangeCipherSpec packet
- that occurs before ClientHello (CVE-2009-1386)
- * Make aes-x86_64.pl use PIC.
- * Fix security issues (Closes: #530400)
- - "DTLS record buffer limitation bug." (CVE-2009-1377)
- - "DTLS fragment handling" (CVE-2009-1378)
- - "DTLS use after free" (CVE-2009-1379)
- * Fixed Configure for hurd: use -mtune=i486 instead of -m486
- Patch by Marc Dequènes (Duck) <duck at hurdfr.org> (Closes: #530459)
- * Add support for avr32 (Closes: #528648)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 16 May 2009 17:33:55 +0200
-
-openssl (0.9.8g-16) unstable; urgency=high
-
- * Properly validate the length of an encoded BMPString and UniversalString
- (CVE-2009-0590) (Closes: #522002)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 01 Apr 2009 22:04:53 +0200
-
-openssl (0.9.8g-15) unstable; urgency=low
-
- * Internal calls to didn't properly check for errors which
- resulted in malformed DSA and ECDSA signatures being treated as
- a good signature rather than as an error. (CVE-2008-5077)
- * ipv6_from_asc() could write 1 byte longer than the buffer in case
- the ipv6 address didn't have "::" part. (Closes: #506111)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 05 Jan 2009 21:14:31 +0100
-
-openssl (0.9.8g-14) unstable; urgency=low
-
- * Don't give the warning about security updates when upgrading
- from etch since it doesn't have any known security problems.
- * Automaticly use engines that succesfully initialised. Patch
- from the 0.9.8h upstream version. (Closes: #502177)
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 31 Oct 2008 22:45:14 +0100
-
-openssl (0.9.8g-13) unstable; urgency=low
-
- * Fix a problem with tlsext preventing firefox 3 from connection.
- Patch from upstream CVS and part of 0.9.8h.
- (Closes: #492758)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 03 Aug 2008 19:47:10 +0200
-
-openssl (0.9.8g-12) unstable; urgency=low
-
- * add the changelog of the 10.1 NMU to make bugtracking happy
-
- -- Christoph Martin <Christoph.Martin at Uni-Mainz.DE> Tue, 22 Jul 2008 14:58:26 +0200
-
-openssl (0.9.8g-11) unstable; urgency=low
-
- [ Christoph Martin ]
- * updated cs, gl, sv, ru, ro debconf translation (closes: #480926, #480967,
- #482465, #484324, #488595)
- * add Vcs-Svn header (closes: #481654)
- * fix debian-kfreebsd-i386 build flags (closes: #482275)
- * add stunnel4 to restart list (closes: #482111)
- * include fixes from 10.1 NMU by Security team
- - Fix double free in TLS server name extension which leads to a remote
- denial of service (CVE-2008-0891; Closes: #483379).
- - Fix denial of service if the 'Server Key exchange message'
- is omitted from a TLS handshake which could lead to a client
- crash (CVE-2008-1672; Closes: #483379).
- This only works if openssl is compiled with enable-tlsext which is
- done in Debian.
- * fix some lintian warnings
- * update to newest standards version
-
- -- Christoph Martin <Christoph.Martin at Uni-Mainz.DE> Thu, 17 Jul 2008 09:53:01 +0200
-
-openssl (0.9.8g-10.1) unstable; urgency=high
-
- * Non-maintainer upload by the Security team.
- * Fix denial of service if the 'Server Key exchange message'
- is omitted from a TLS handshake which could lead to a client
- crash (CVE-2008-1672; Closes: #483379).
- This only works if openssl is compiled with enable-tlsext which is
- done in Debian.
- * Fix double free in TLS server name extension which leads to a remote
- denial of service (CVE-2008-0891; Closes: #483379).
-
- -- Nico Golde <nion at debian.org> Tue, 27 May 2008 11:13:44 +0200
-
-openssl (0.9.8g-10) unstable; urgency=low
-
- * undefine HZ so that the code falls back to sysconf(_SC_CLK_TCK)
- to fix a build failure on alpha.
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 08 May 2008 17:56:13 +0000
-
-openssl (0.9.8g-9) unstable; urgency=high
-
- [ Christoph Martin ]
- * Include updated debconf translations (closes: #473477, #461597,
- #461880, #462011, #465517, #475439)
-
- [ Kurt Roeckx ]
- * ssleay_rand_add() really needs to call MD_Update() for buf.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 07 May 2008 20:32:12 +0200
-
-openssl (0.9.8g-8) unstable; urgency=high
-
- * Don't add extensions to ssl v3 connections. It breaks with some
- other software. (Closes: #471681)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 23 Mar 2008 17:50:04 +0000
-
-openssl (0.9.8g-7) unstable; urgency=low
-
- * Upload to unstable.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Feb 2008 22:22:29 +0000
-
-openssl (0.9.8g-6) experimental; urgency=low
-
- * Bump shlibs.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 09 Feb 2008 15:42:22 +0100
-
-openssl (0.9.8g-5) experimental; urgency=low
-
- * Enable tlsext. This changes the ABI, but should hopefully
- not cause any problems. (Closes: #462596)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 09 Feb 2008 13:32:49 +0100
-
-openssl (0.9.8g-4) unstable; urgency=low
-
- * Fix aes ige test speed not to overwrite it's buffer and
- cause segfauls. Thanks to Tim Hudson (Closes: #459619)
- * Mark some strings in the templates as non translatable.
- Patch from Christian Perrier <bubulle at debian.org> (Closes: #450418)
- * Update Dutch debconf translation (Closes: #451290)
- * Update French debconf translation (Closes: #451375)
- * Update Catalan debconf translation (Closes: #452694)
- * Update Basque debconf translation (Closes: #457285)
- * Update Finnish debconf translation (Closes: #458261)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 16 Jan 2008 21:49:43 +0100
-
-openssl (0.9.8g-3) unstable; urgency=low
-
- * aes-586.pl: push %ebx on the stack before we put some things on the
- stack and call a function, giving AES_decrypt() wrong values to work
- with. (Closes: #449200)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 04 Nov 2007 21:49:00 +0100
-
-openssl (0.9.8g-2) unstable; urgency=low
-
- * Avoid text relocations on i386 caused by the assembler versions:
- - x86unix.pl: Create a function_begin_B_static to create a
- static/local assembler function.
- - aes-586.pl: Use the function_begin_B_static for _x86_AES_decrypt
- so that it doesn't get exported and doesn't have any (text) relocations.
- - aes-586.pl: Set up ebx to point to the GOT and call AES_set_encrypt_key
- via the PLT to avoid a relocation.
- - x86unix.pl: Call the init function via the PLT, avoiding a relocation
- in case of a PIC object.
- - cbc.pl: Call functions via the PLT.
- - desboth.pl: Call DES_encrypt2 via the PLT.
- * CA.sh should use the v3_ca extension when called with -newca
- (Closes: #428051)
- * Use -Wa,--noexecstack for all arches in Debian. (Closes: #430583)
- * Convert the failure message when services fail restart to a debconf
- message.
- * To restart a service, just restart, instead of stop and start.
- Hopefully fixes #444946
- * Also remove igetest from the test dir in the clean target.
- (Closes: #424362)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 03 Nov 2007 13:25:45 +0100
-
-openssl (0.9.8g-1) unstable; urgency=low
-
- * New upstream release
- - Fixes version number not to say it's a development version.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 20 Oct 2007 12:47:10 +0200
-
-openssl (0.9.8f-1) unstable; urgency=low
-
- * New upstream release
- - Fixes DTLS issues, also fixes CVE-2007-4995 (Closes: #335703, #439737)
- - Proper inclusion of opensslconf.h in pq_compat.h (Closes: #408686)
- - New function SSL_set_SSL_CTX: bump shlibs.
- * Remove build dependency on gcc > 4.2
- * Remove the openssl preinst, it looks like a workaround
- for a change in 0.9.2b where config files got moved. (Closes: #445095)
- * Update debconf translations:
- - Vietnamese (Closes: #426988)
- - Danish (Closes: #426774)
- - Slovak (Closes: #440723)
- - Finnish (Closes: #444258)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 13 Oct 2007 00:47:22 +0200
-
-openssl (0.9.8e-9) unstable; urgency=high
-
- * CVE-2007-5135: Fix off by one error in SSL_get_shared_ciphers().
- (Closes: #444435)
- * Add postgresql-8.2 to the list of services to check.
-
- -- Kurt Roeckx <kurt at roeckx.be> Fri, 28 Sep 2007 19:47:33 +0200
-
-openssl (0.9.8e-8) unstable; urgency=low
-
- * Fix another case of the "if this code is reached, the program will abort"
- (Closes: #429740)
- * Temporary force to build with gcc >= 4.2
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 02 Sep 2007 18:12:11 +0200
-
-openssl (0.9.8e-7) unstable; urgency=low
-
- * Fix problems with gcc-4.2 (Closes: #429740)
- * Stop using -Bsymbolic to create the shared library.
- * Make x86_64cpuid.pl use PIC.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 02 Sep 2007 16:15:18 +0200
-
-openssl (0.9.8e-6) unstable; urgency=high
-
- * Add fix for CVE-2007-3108 (Closes: #438142)
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 15 Aug 2007 19:49:54 +0200
-
-openssl (0.9.8e-5) unstable; urgency=low
-
- [ Christian Perrier ]
- * Debconf templates proofread and slightly rewritten by
- the debian-l10n-english team as part of the Smith Review Project.
- Closes: #418584
- * Debconf templates translations:
- - Arabic. Closes: #418669
- - Russian. Closes: #418670
- - Galician. Closes: #418671
- - Swedish. Closes: #418679
- - Korean. Closes: #418755
- - Czech. Closes: #418768
- - Basque. Closes: #418784
- - German. Closes: #418785
- - Traditional Chinese. Closes: #419915
- - Brazilian Portuguese. Closes: #419959
- - French. Closes: #420429
- - Italian. Closes: #420461
- - Japanese. Closes: #420482
- - Catalan. Closes: #420833
- - Dutch. Closes: #420925
- - Malayalam. Closes: #420986
- - Portuguese. Closes: #421032
- - Romanian. Closes: #421708
-
- [ Kurt Roeckx ]
- * Remove the Provides for the udeb. Patch from Frans Pop. (Closes: #419608)
- * Updated Spanish debconf template. (Closes: #421336)
- * Do the header changes, changing those defines into real functions,
- and bump the shlibs to match.
- * Update Japanese debconf translation. (Closes: #422270)
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 15 May 2007 17:21:08 +0000
-
-openssl (0.9.8e-4) unstable; urgency=low
-
- * openssl should depend on libssl0.9.8 0.9.8e-1 since it
- uses some of the defines that changed to functions.
- Other things build against libssl or libcrypto shouldn't
- have this problem since they use the old headers.
- (Closes: #414283)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Mar 2007 17:11:46 +0000
-
-openssl (0.9.8e-3) unstable; urgency=low
-
- * Add nagios-nrpe-server to the list of services to be checked
- (Closes: #391188)
- * EVP_CIPHER_CTX_key_length() should return the set key length in the
- EVP_CIPHER_CTX structure which may not be the same as the underlying
- cipher key length for variable length ciphers.
- From upstream CVS. (Closes: #412979)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 4 Mar 2007 23:22:51 +0000
-
-openssl (0.9.8e-2) unstable; urgency=low
-
- * Undo include changes that change defines into real functions,
- but keep the new functions in the library.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 25 Feb 2007 19:19:19 +0000
-
-openssl (0.9.8e-1) unstable; urgency=low
-
- * New upstream release
- - Inludes security fixes for CVE-2006-2937, CVE-2006-2940,
- CVE-2006-3738, CVE-2006-4343 (Closes: #408902)
- - s_client now properly works with SMTP. Also added support
- for IMAP. (closes: #221689)
- - Load padlock modules (Closes: #345656, #368476)
- * Add clamav-freshclam and clamav-daemon to the list of service that
- need to be restarted. (Closes: #391191)
- * Add armel support. Thanks to Guillem Jover <guillem.jover at nokia.com>
- for the patch. (Closes: #407196)
- * Add Portuguese translations. Thanks to Carlos Lisboa. (Closes: 408157)
- * Add Norwegian translations. Thanks to Bjørn Steensrud
- <bjornst at powertech.no> (Closes: #412326)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 25 Feb 2007 18:06:28 +0000
-
-openssl (0.9.8c-4) unstable; urgency=low
-
- * Add German debconf translation. Thanks to
- Johannes Starosta <feedback-an-johannes at arcor.de> (Closes: #388108)
- * Make c_rehash look for both .pem and .crt files. Also make it support
- files in DER format. Patch by "Yauheni Kaliuta" <y.kaliuta at gmail.com>
- (Closes: #387089)
- * Use & instead of && to check a flag in the X509 policy checking.
- Patch from upstream cvs. (Closes: #397151)
- * Also restart slapd for security updates (Closes: #400221)
- * Add Romanian debconf translation. Thanks to
- stan ioan-eugen <stan.ieugen at gmail.com> (Closes: #393507)
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 30 Nov 2006 20:57:46 +0000
-
-openssl (0.9.8c-3) unstable; urgency=low
-
- * Fix patch for CVE-2006-2940, it left ctx unintiliased.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 2 Oct 2006 18:05:00 +0200
-
-openssl (0.9.8c-2) unstable; urgency=high
-
- * Fix security vulnerabilities (CVE-2006-2937, CVE-2006-2940,
- CVE-2006-3738, CVE-2006-4343). Urgency set to high.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 27 Sep 2006 21:24:55 +0000
-
-openssl (0.9.8c-1) unstable; urgency=low
-
- * New upstream release
- - block padding bug with compression now fixed upstream, using
- their patch.
- - Includes the RSA Signature Forgery (CVE-2006-4339) patch.
- - New functions AES_bi_ige_encrypt and AES_ige_encrypt:
- bumping shlibs to require 0.9.8c-1.
- * Change the postinst script to check that ntp is installed instead
- of ntp-refclock and ntp-simple. The binary is now in the ntp
- package.
- * Move the modified rand/md_rand.c file to the right place,
- really fixing #363516.
- * Add partimage-server conserver-server and tor to the list of service
- to check for restart. Add workaround for openssh-server so it finds
- the init script. (Closes: #386365, #386400, #386513)
- * Add manpage for c_rehash.
- Thanks to James Westby <jw+debian at jameswestby.net> (Closes: #215618)
- * Add Lithuanian debconf translation.
- Thanks to Gintautas Miliauskas <gintas at akl.lt> (Closes: #374364)
- * Add m32r support.
- Thanks to Kazuhiro Inaoka <inaoka.kazuhiro at renesas.com>
- (Closes: #378689)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 17 Sep 2006 14:47:59 +0000
-
-openssl (0.9.8b-3) unstable; urgency=high
-
- * Fix RSA Signature Forgery (CVE-2006-4339) using patch provided
- by upstream.
- * Restart services using a smaller version that 0.9.8b-3, so
- they get the fixed version.
- * Change the postinst to check for postfix instead of postfix-tls.
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 5 Sep 2006 18:26:10 +0000
-
-openssl (0.9.8b-2) unstable; urgency=low
-
- * Don't call gcc with -mcpu on i386, we already use -march, so no need for
- -mtune either.
- * Always make all directories when building something:
- - The engines directory didn't get build for the static directory, so
- where missing in libcrypo.a
- - The apps directory didn't always get build, so we didn't have an openssl
- and a small part of the regression tests failed.
- * Make the package fail to build if the regression tests fail.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 15 May 2006 16:00:58 +0000
-
-openssl (0.9.8b-1) unstable; urgency=low
-
- * New upstream release
- - New functions added (EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_free), bump shlibs.
- - CA.pl/CA.sh now calls openssl ca with -extensions v3_ca, setting CA:TRUE
- instead of FALSE.
- - CA.pl/CA.sh creates crlnumber now. (Closes: #347612)
- * Run debconf-updatepo, which really already was in the 0.9.8a-8 version
- as it was uploaded.
- * Add Galician debconf translation. Patch from
- Jacobo Tarrio <jtarrio at trasno.net> (Closes: #361266)
- * libssl0.9.8.postinst makes uses of bashisms (local variables)
- so use #!/bin/bash
- * libssl0.9.8.postinst: Call set -e after sourcing the debconf
- script.
- * libssl0.9.8.postinst: Change list of service that may need
- to be restarted:
- - Replace ssh by openssh-server
- - Split postgresql in postgresql-7.4 postgresql-8.0 postgresql-8.1
- - Add: dovecot-common bind9 ntp-refclock ntp-simple openntpd clamcour
- fetchmail ftpd-ssl proftpd proftpd-ldap proftpd-mysql proftpd-pgsql
- * libssl0.9.8.postinst: The check to see if something was installed
- wasn't working.
- * libssl0.9.8.postinst: Add workaround to find the name of the init
- script for proftpd and dovecot.
- * libssl0.9.8.postinst: Use invoke-rc.d when it's available.
- * Change Standards-Version to 3.7.0:
- - Make use of invoke-rc.d
- * Add comment to README.Debian that rc5, mdc2 and idea have been
- disabled (since 0.9.6b-3) (Closes: #362754)
- * Don't add uninitialised data to the random number generator. This stop
- valgrind from giving error messages in unrelated code.
- (Closes: #363516)
- * Put the FAQ in the openssl docs.
- * Add russian debconf translations from Yuriy Talakan <yt at amur.elektra.ru>
- (Closes #367216)
-
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 4 May 2006 20:40:03 +0200
-
-openssl (0.9.8a-8) unstable; urgency=low
-
- * Call pod2man with the proper section. Section changed
- from 1/3/5/7 to 1SSL/3SSL/5SSL/7SSL. The name of the files
- already had the ssl in, the section didn't. The references
- to other manpage is still wrong.
- * Don't install the LICENSE file, it's already in the copyright file.
- * Don't set an rpath on openssl to point to /usr/lib.
- * Add support for kfreebsd-amd64. (Closes: #355277)
- * Add udeb to the shlibs. Patch from Frans Pop <aragorn at tiscali.nl>
- (Closes: #356908)
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 11 Feb 2006 14:14:37 +0100
-
-openssl (0.9.8a-7) unstable; urgency=high
-
- * Add italian debconf templates. Thanks to Luca Monducci.
- (Closes: #350249)
- * Change the debconf question to use version 0.9.8-3
- instead of 0.9.8-1, since that's the last version
- with a security fix.
- * Call conn_state() if the BIO is not in the BIO_CONN_S_OK state
- (Closes: #352047). RC bug affecting testing, so urgency high.
-
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 9 Feb 2006 19:07:56 +0100
-
-openssl (0.9.8a-6) unstable; urgency=low
-
- * Remove empty postinst/preinst/prerm scripts. There is no need
- to have empty ones, debhelper will add them when needed.
- * Remove the static pic libraries. Nobody should be linking
- it's shared libraries static to libssl or libcrypto.
- This was added for opensc who now links to it shared.
- * Do not assume that in case the sequence number is 0 and the
- packet has an odd number of bytes that the other side has
- the block padding bug, but try to check that it actually
- has the bug. The wrong detection of this bug resulted
- in an "decryption failed or bad record mac" error in case
- both sides were using zlib compression. (Closes: #338006)
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 21 Jan 2006 16:25:41 +0100
-
-openssl (0.9.8a-5) unstable; urgency=low
-
- * Stop ssh from crashing randomly on sparc (Closes: #335912)
- Patch from upstream cvs.
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 13 Dec 2005 21:37:42 +0100
-
-openssl (0.9.8a-4) unstable; urgency=low
-
- * Call dh_makeshlibs with the proper version instead of putting
- it in shlibs.local, which doesn't seem to do anything. 0.9.8a-1
- added symbol versioning, so it should have bumped the shlibs.
- (Closes: #338284)
- * The openssl package had a duplicate dependency on libssl0.9.8,
- only require the version as required by the shlibs.
- * Make libssl-dev depend on zlib1g-dev, since it's now required for
- static linking. (Closes: #338313)
- * Generate .pc files that make use of Libs.private, so things only
- link to the libraries they should when linking shared.
- * Use -m64 instead of -bpowerpc64-linux on ppc64. (Closes: #335486)
- * Make powerpc and ppc64 use the assembler version for bn. ppc64
- had the location in the string wrong, powerpc had it missing.
- * Add includes for stddef to get size_t in md2.h, md4.h, md5.h,
- ripemd.h and sha.h. (Closes: #333101)
- * Run make test for each of the versions we build, make it
- not fail the build process if an error is found.
- * Add build dependency on bc for the regression tests.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Nov 2005 16:01:05 +0100
-
-openssl (0.9.8a-3) unstable; urgency=high
-
- * Link to libz instead of dynamicly loading it. It gets loaded
- at the moment the library is initialised, so there is no point
- in not linking to it. It's now failing in some cases since
- it's not opened by it's soname, but by the symlink to it.
- This should hopefully solve most of the bugs people have reported
- since the move to libssl0.9.8.
- (Closes: #334180, #336140, #335271)
- * Urgency set to high because it fixes a grave bug affecting testing.
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 1 Nov 2005 14:56:40 +0100
-
-openssl (0.9.8a-2) unstable; urgency=low
-
- * Add Build-Dependency on m4, since sparc needs it to generate
- it's assembler files. (Closes: #334542)
- * Don't use rc4-x86_64.o on amd64 for now, it seems to be broken
- and causes a segfault. (Closes: #334501, #334502)
-
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 18 Oct 2005 19:05:53 +0200
-
-openssl (0.9.8a-1) unstable; urgency=low
-
- Christoph Martin:
- * fix asm entries for some architectures, fixing #332758 properly.
- * add noexecstack option to i386 subarch
- * include symbol versioning in Configure (closes: #330867)
- * include debian-armeb arch (closes: #333579)
- * include new upstream patches; includes some minor fixes
- * fix dh_shlibdeps line, removing the redundant dependency on
- libssl0.9.8 (closes: #332755)
- * add swedish debconf template (closes: #330554)
-
- Kurt Roeckx:
- * Also add noexecstack option for amd64, since it now has an
- executable stack with the assembler fixes for amd64.
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 17 Oct 2005 17:01:06 +0200
-
-openssl (0.9.8-3) unstable; urgency=low
-
- * Apply security fix for CAN-2005-2969. (Closes: #333500)
- * Change priority of -dbg package to extra.
-
- -- Kurt Roeckx <kurt at roeckx.be> Wed, 12 Oct 2005 22:38:58 +0200
-
-openssl (0.9.8-2) unstable; urgency=low
-
- * Don't use arch specific assembler. Should fix build failure on
- ia64, sparc and amd64. (Closes: #332758)
- * Add myself to the uploaders.
-
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 10 Oct 2005 19:22:36 +0200
-
-openssl (0.9.8-1) unstable; urgency=low
-
- * New upstream release (closes: #311826)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 29 Sep 2005 14:20:04 +0200
-
-openssl (0.9.7g-3) unstable; urgency=low
-
- * change Configure line for debian-freebsd-i386 to debian-kfreebsd-i386
- (closes: #327692)
- * include -dbg version. That implies compiling with -g and without
- -fomit-frame-pointer (closes: #293823, #153811)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 23 Sep 2005 13:51:57 +0200
-
-openssl (0.9.7g-2) unstable; urgency=low
-
- * really include nl translation
- * remove special ia64 code from rc4 code to make the abi compatible to
- older 0.9.7 versions (closes: #310489, #309274)
- * fix compile flag for debian-ppc64 (closes: #318750)
- * small fix in libssl0.9.7.postinst (closes: #239956)
- * fix pk7_mime.c to prevent garbled messages because of to early memory
- free (closes: #310184)
- * include vietnamese debconf translation (closes: #316689)
- * make optimized i386 libraries have non executable stack (closes:
- #321721)
- * remove leftover files from ssleay
- * move from dh_installmanpages to dh_installman
- * change Maintainer to pkg-openssl-devel at lists.alioth.debian.org
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 7 Sep 2005 15:32:54 +0200
-
-openssl (0.9.7g-1) unstable; urgency=low
-
- * New upstream release
- * Added support for proxy certificates according to RFC 3820.
- Because they may be a security thread to unaware applications,
- they must be explicitely allowed in run-time. See
- docs/HOWTO/proxy_certificates.txt for further information.
- * Prompt for pass phrases when appropriate for PKCS12 input format.
- * Back-port of selected performance improvements from development
- branch, as well as improved support for PowerPC platforms.
- * Add lots of checks for memory allocation failure, error codes to indicate
- failure and freeing up memory if a failure occurs.
- * Perform some character comparisons of different types in X509_NAME_cmp:
- this is needed for some certificates that reencode DNs into UTF8Strings
- (in violation of RFC3280) and can't or wont issue name rollover
- certificates.
- * corrected watchfile
- * added upstream source url (closes: #292904)
- * fix typo in CA.pl.1 (closes: #290271)
- * change debian-powerpc64 to debian-ppc64 and adapt the configure
- options to be the same like upstream (closes: #289841)
- * include -signcert option in CA.pl usage
- * compile with zlib-dynamic to use system zlib (closes: #289872)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 9 May 2005 23:32:03 +0200
-
-openssl (0.9.7e-3) unstable; urgency=high
-
- * really fix der_chop. The fix from -1 was not really included (closes:
- #281212)
- * still fixes security problem CAN-2004-0975 etc.
- - tempfile raise condition in der_chop
- - Avoid a race condition when CRLs are checked in a multi threaded
- environment.
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Dec 2004 18:41:29 +0100
-
-openssl (0.9.7e-2) unstable; urgency=high
-
- * fix perl path in der_chop and c_rehash (closes: #281212)
- * still fixes security problem CAN-2004-0975 etc.
- - tempfile raise condition in der_chop
- - Avoid a race condition when CRLs are checked in a multi threaded
- environment.
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 14 Nov 2004 20:16:21 +0100
-
-openssl (0.9.7e-1) unstable; urgency=high
-
- * SECURITY UPDATE: fix insecure temporary file handling
- * apps/der_chop:
- - replaced $$-style creation of temporary files with
- File::Temp::tempfile()
- - removed unused temporary file name in do_certificate()
- * References:
- CAN-2004-0975 (closes: #278260)
- * fix ASN1_STRING_to_UTF8 with UTF8 (closes: #260357)
- * New upstream release with security fixes
- - Avoid a race condition when CRLs are checked in a multi threaded
- environment.
- - Various fixes to s3_pkt.c so alerts are sent properly.
- - Reduce the chances of duplicate issuer name and serial numbers (in
- violation of RFC3280) using the OpenSSL certificate creation
- utilities.
- * depends openssl on perl-base instead of perl (closes: #280225)
- * support powerpc64 in Configure (closes: #275224)
- * include cs translation (closes: #273517)
- * include nl translation (closes: #272479)
- * Fix default dir of c_rehash (closes: #253126)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 12 Nov 2004 14:11:15 +0100
-
-openssl (0.9.7d-5) unstable; urgency=low
-
- * Make S/MIME encrypt work again (backport from CVS) (closes: #241407,
- #241386)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 26 Jul 2004 17:22:42 +0200
-
-openssl (0.9.7d-4) unstable; urgency=low
-
- * add Catalan translation (closes: #248749)
- * add Spanish translation (closes: #254561)
- * include NMU fixes: see below
- * decrease optimisation level for debian-arm to work around gcc bug
- (closes: #253848) (thanks to Steve Langasek and Thom May)
- * Add libcrypto0.9.7-udeb. (closes: #250010) (thanks to Bastian Blank)
- * Add watchfile
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 14 Jul 2004 14:31:02 +0200
-
-openssl (0.9.7d-3) unstable; urgency=low
-
- * rename -pic.a libraries to _pic.a (closes: #250016)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 24 May 2004 17:02:29 +0200
-
-openssl (0.9.7d-2) unstable; urgency=low
-
- * include PIC libs (libcrypto-pic.a and libssl-pic.a) to libssl-dev
- (closes: #246928, #243999)
- * add racoon to restart list (closes: #242652)
- * add Brazilian, Japanese and Danish translations (closes: #242087,
- #241830, #241705)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 11 May 2004 10:13:49 +0200
-
-openssl (0.9.7d-1) unstable; urgency=high
-
- * new upstream
- * fixes security holes (http://www.openssl.org/news/secadv_20040317.txt)
- (closes: #238661)
- * includes support for debian-amd64 (closes: #235551, #232310)
- * fix typo in pem.pod (closes: #219873)
- * fix typo in libssl0.9.7.templates (closes: #224690)
- * openssl suggests ca-certificates (closes: #217180)
- * change debconf template to gettext format (closes: #219013)
- * include french debconf template (closes: #219014)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 18 Mar 2004 16:18:43 +0100
-
-openssl (0.9.7c-5) unstable; urgency=low
-
- * include openssl.pc into libssl-dev (closes: #212545)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Oct 2003 16:31:32 +0200
-
-openssl (0.9.7c-4) unstable; urgency=low
-
- * change question to restart services to debconf (closes: #214840)
- * stop using dh_undocumented (closes: #214831)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 10 Oct 2003 15:40:48 +0200
-
-openssl (0.9.7c-3) unstable; urgency=low
-
- * fix POSIX conformance for head in libssl0.9.7.postinst (closes:
- #214700)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 8 Oct 2003 14:02:38 +0200
-
-openssl (0.9.7c-2) unstable; urgency=low
-
- * add filerc macro to libssl0.9.7.postinst (closes: #213906)
- * restart spamassassins spamd on upgrade (closes: #214106)
- * restart more services on upgrade
- * fix EVP_BytesToKey manpage (closes: #213715)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 7 Oct 2003 15:01:32 +0200
-
-openssl (0.9.7c-1) unstable; urgency=high
-
- * upstream security fix (closes: #213451)
- - Fix various bugs revealed by running the NISCC test suite:
- Stop out of bounds reads in the ASN1 code when presented with
- invalid tags (CAN-2003-0543 and CAN-2003-0544).
- Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
- If verify callback ignores invalid public key errors don't try to check
- certificate signature with the NULL public key.
- - In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
- if the server requested one: as stated in TLS 1.0 and SSL 3.0
- specifications.
- * more minor upstream bugfixes
- * fix formatting in c_issuer (closes: #190026)
- * fix Debian-FreeBSD support (closes: #200381)
- * restart some services in postinst to make them use the new libraries
- * remove duplicated openssl.1, crypto.3 and ssl.3 (closes: #198594)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 1 Oct 2003 08:54:27 +0200
-
-openssl (0.9.7b-2) unstable; urgency=high
-
- * fix permission of /etc/ssl/private to 700 again
- * change section of libssl-dev to libdevel
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 23 Apr 2003 11:13:24 +0200
-
-openssl (0.9.7b-1) unstable; urgency=high
-
- * upstream security fix
- - Countermeasure against the Klima-Pokorny-Rosa extension of
- Bleichbacher's attack on PKCS #1 v1.5 padding: treat
- a protocol version number mismatch like a decryption error
- in ssl3_get_client_key_exchange (ssl/s3_srvr.c). (CAN-2003-0131)
- (closes: #189087)
- - Turn on RSA blinding by default in the default implementation
- to avoid a timing attack. Applications that don't want it can call
- RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
- They would be ill-advised to do so in most cases. (CAN-2003-0147)
- - Change RSA blinding code so that it works when the PRNG is not
- seeded (in this case, the secret RSA exponent is abused as
- an unpredictable seed -- if it is not unpredictable, there
- is no point in blinding anyway). Make RSA blinding thread-safe
- by remembering the creator's thread ID in rsa->blinding and
- having all other threads use local one-time blinding factors
- (this requires more computation than sharing rsa->blinding, but
- avoids excessive locking; and if an RSA object is not shared
- between threads, blinding will still be very fast).
- for more details see the CHANGES file
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 16 Apr 2003 10:32:57 +0200
-
-openssl (0.9.7a-1) unstable; urgency=high
-
- * upstream Security fix
- - In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
- via timing by performing a MAC computation even if incorrrect
- block cipher padding has been found. This is a countermeasure
- against active attacks where the attacker has to distinguish
- between bad padding and a MAC verification error. (CAN-2003-0078)
- for more details see the CHANGES file
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 21 Feb 2003 22:39:40 +0100
-
-openssl (0.9.7-4) unstable; urgency=low
-
- * use DH_COMPAT=3 to build
- * move i686 to i686/cmov to fix problems on Via C3. For that to work we
- have to depend on the newest libc6 on i386 (closes: #177891)
- * fix bug in ui_util.c (closes: #177615)
- * fix typo in md5.h (closes: #178112)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 24 Jan 2003 10:22:56 +0100
-
-openssl (0.9.7-3) unstable; urgency=low
-
- * enable build of ultrasparc code on non ultrasparc machines (closes:
- #177024)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 17 Jan 2003 08:22:13 +0100
-
-openssl (0.9.7-2) unstable; urgency=low
-
- * include changes between 0.9.6g-9 and -10
- * fix problem in build-process on i386 with libc6 version number
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 13 Jan 2003 14:26:56 +0100
-
-openssl (0.9.7-1) unstable; urgency=low
-
- * new upstream
- * includes engine support
- * a lot of bugfixes and enhancements, see the CHANGES file
- * include AES encryption
- * makes preview of certificate configurable (closes: #176059)
- * fix x509 manpage (closes: #168070)
- * fix declaration of ERR_load_PEM_string in pem.h (closes: #141360)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 11 Jan 2003 09:12:16 +0100
-
-openssl (0.9.6g-10) unstable; urgency=low
-
- * fix problem in build-process on i386 with libc6 version number
- (closes: #167096)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 4 Nov 2002 12:27:21 +0100
-
-openssl (0.9.6g-9) unstable; urgency=low
-
- * fix typo in i386 libc6 depend (sigh) (closes: #163848)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 8 Oct 2002 23:29:20 +0200
-
-openssl (0.9.6g-8) unstable; urgency=low
-
- * fix libc6 depends. Only needed for i386 (closes: #163701)
- * remove SHLIB section for bsds from Configure (closes: #163585)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 8 Oct 2002 10:57:35 +0200
-
-openssl (0.9.6g-7) unstable; urgency=low
-
- * enable i686 optimisation and depend on fixed glibc (closes: #163500)
- * remove transition package ssleay
- * include optimisation vor sparcv8 (closes: #139996)
- * improve optimisation vor sparcv9
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 6 Oct 2002 14:07:12 +0200
-
-openssl (0.9.6g-6) unstable; urgency=low
-
- * temporarily disable i686 optimisation (See bug in glibc #161788)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 21 Sep 2002 18:56:49 +0200
-
-openssl (0.9.6g-5) unstable; urgency=low
-
- * i486 can use i586 assembler
- * include set -xe in the for loops in the rules files to make it abort
- on error (closes: #161768)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 21 Sep 2002 16:23:11 +0200
-
-openssl (0.9.6g-4) unstable; urgency=low
-
- * fix optimization for alpha and sparc
- * add optimization for i486
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 20 Sep 2002 22:36:19 +0200
-
-openssl (0.9.6g-3) unstable; urgency=low
-
- * add optimized libraries for i586, i686, ev4, ev5 and v9 (closes: #139783)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 19 Sep 2002 18:33:04 +0200
-
-openssl (0.9.6g-2) unstable; urgency=low
-
- * fix manpage names (closes: #156717, #156718, #156719, #156721)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 15 Aug 2002 11:26:37 +0200
-
-openssl (0.9.6g-1) unstable; urgency=low
-
- * new upstream version
- * Use proper error handling instead of 'assertions' in buffer
- overflow checks added in 0.9.6e. This prevents DoS (the
- assertions could call abort()). (closes: #155985, #156495)
- * Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
- and get fix the header length calculation.
- * include support for new sh* architectures (closes: #155117)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 14 Aug 2002 13:59:22 +0200
-
-openssl (0.9.6e-1) unstable; urgency=high
-
- * fixes remote exploits (see DSA-136-1)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 30 Jul 2002 18:32:28 +0200
-
-openssl (0.9.6d-1) unstable; urgency=low
-
- * new upstream (minor) version
- * includes Configure lines for debian-*bsd-* (closes: #130413)
- * fix wrong prototype for BN_pseudo_rand_range in BN_rand(3ssl) (closes:
- #144586)
- * fix typos in package description (closes: #141469)
- * fix typo in SSL_CTX_set_cert_store manpage (closes: #135297)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 3 Jun 2002 19:42:10 +0200
-
-openssl (0.9.6c-2) unstable; urgency=low
-
- * moved from non-US to main
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 19 Mar 2002 14:48:39 +0100
-
-openssl (0.9.6c-1) unstable; urgency=low
-
- * new upstream version with a lot of bugfixes
- * remove directory /usr/include/openssl from openssl package (closes:
- bug #121226)
- * remove selfdepends from libssl0.9.6
- * link openssl binary shared again
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 5 Jan 2002 19:04:31 +0100
-
-openssl (0.9.6b-4) unstable; urgency=low
-
- * build with -D_REENTRANT for threads support on all architectures
- (closes: #112329, #119239)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 24 Nov 2001 12:17:51 +0100
-
-openssl (0.9.6b-3) unstable; urgency=low
-
- * disable idea, mdc2 and rc5 because they are not free (closes: #65368)
- * ready to be moved from nonus to main
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 21 Nov 2001 17:51:41 +0100
-
-openssl (0.9.6b-2) unstable; urgency=high
-
- * fix definition of crypt in des.h (closes: #107533)
- * fix descriptions (closes: #109503)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 17 Sep 2001 15:38:27 +0200
-
-openssl (0.9.6b-1) unstable; urgency=medium
-
- * new upstream fixes some security issues (closes: #105835, #100146)
- * added support for s390 (closes: #105681)
- * added support for sh (closes: #100003)
- * change priority of libssl096 to standard as ssh depends on it (closes:
- #105440)
- * don't optimize for i486 to support i386. (closes: #104127, #82194)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 20 Jul 2001 15:52:42 +0200
-
-openssl (0.9.6a-3) unstable; urgency=medium
-
- * add perl-base to builddeps
- * include static libraries in libssl-dev (closes: #93688)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 14 May 2001 20:16:06 +0200
-
-openssl (0.9.6a-2) unstable; urgency=medium
-
- * change Architecture of ssleay from any to all (closes: #92913)
- * depend libssl-dev on the exact same version of libssl0.9.6 (closes:
- #88939)
- * remove lib{crypto,ssl}.a from openssl (closes: #93666)
- * rebuild with newer gcc to fix atexit problem (closes: #94036)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 2 May 2001 12:28:39 +0200
-
-openssl (0.9.6a-1) unstable; urgency=medium
-
- * new upstream, fixes some security bugs (closes: #90584)
- * fix typo in s_server manpage (closes: #89756)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 10 Apr 2001 12:13:11 +0200
-
-openssl (0.9.6-2) unstable; urgency=low
-
- * policy: reorganisation of package names: libssl096 -> libssl0.9.6,
- libssl096-dev -> libssl-dev (closes: #83426)
- * libssl0.9.6 drops replaces libssl09 (Closes: #83425)
- * install upstream CHANGES files (Closes: #83430)
- * added support for hppa and ia64 (Closes: #88790)
- * move man3 manpages to libssl-dev (Closes: #87546)
- * fix formating problem in rand_add(1) (Closes: #87547)
- * remove manpage duplicates (Closes: #87545, #74986)
- * make package descriptions clearer (Closes: #83518, #83444)
- * increase default emailAddress_max from 40 to 60 (Closes: #67238)
- * removed RSAREF warning (Closes: #84122)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 8 Mar 2001 14:24:00 +0100
-
-openssl (0.9.6-1) unstable; urgency=low
-
- * New upstream version (Thanks to Enrique Zanardi <ezanard at debian.org>)
- (closes: #72388)
- * Add support for debian-hurd (closes: #76032)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 13 Nov 2000 22:30:46 +0100
-
-openssl (0.9.5a-5) unstable; urgency=low
-
- * move manpages in standard directories with section ssl (closes:
- #72152, #69809)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 5 Oct 2000 19:56:20 +0200
-
-openssl (0.9.5a-4) unstable; urgency=low
-
- * include edg_rand_bytes patch from and for apache-ssl
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 23 Sep 2000 16:48:06 +0200
-
-openssl (0.9.5a-3) unstable; urgency=low
-
- * fix call to dh_makeshlibs to create correct shlibs file and make
- dependend programs link correctly (closes: Bug#61658)
- * include a note in README.debian concerning the location of the
- subcommand manpages (closes: Bug#69809)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 16 Sep 2000 19:10:50 +0200
-
-openssl (0.9.5a-2) unstable; urgency=low
-
- * try to fix the sharedlib problem. change soname of library
- (closes: Bug#4622, #66102, #66538, #66123)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 12 Jul 2000 03:26:30 +0200
-
-openssl (0.9.5a-1) unstable; urgency=low
-
- * new upstream version (major changes see file NEWS) (closes: Bug#63976,
- #65239, #65358)
- * new library package libssl095a because of probably changed library
- interface (closes: Bug#46222)
- * added architecture mips and mipsel (closes: Bug#62437, #60366)
- * provide shlibs.local file in build to help build if libraries are not
- yet installed (closes: Bug#63984)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 11 Jun 2000 15:17:35 +0200
-
-openssl (0.9.4-5) frozen unstable; urgency=medium
-
- * cleanup of move of doc directories to /usr/share/doc (closes:
- Bug#56430)
- * lintian issues (closes: Bug#49358)
- * move demos from openssl to libssl09-dev (closes: Bug#59201)
- * move to debhelpers
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 11 Mar 2000 10:38:04 +0100
-
-openssl (0.9.4-4) unstable; urgency=medium
-
- * Added 'debian-arm' in 'Configure'. (closes: Bug#54251, #54766)
- * Fixed Configure for 'debian-m68k' (closes: Bug#53636)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 15 Jan 2000 13:16:18 +0100
-
-openssl (0.9.4-3) unstable; urgency=low
-
- * define symbol SSLeay_add_ssl_algorithms for backward compatibility
- (closes: Bug#46882)
- * remove manpages from /usr/doc/openssl (closes: Bug#46791)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 14 Oct 1999 16:51:08 +0200
-
-openssl (0.9.4-2) unstable; urgency=low
-
- * include some more docu in pod format (Bug #43933)
- * removed -mv8 from sparc flags (Bug #44769)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 14 Sep 1999 22:04:06 +0200
-
-openssl (0.9.4-1) unstable; urgency=low
-
- * new upstream version (Closes: #42926)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 28 Aug 1999 17:04:23 +0200
-
-openssl (0.9.3a-1) unstable; urgency=low
-
- * new upstream version (Bug #38345, #38627)
- * sparc is big-endian (Bug #39973)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 7 Jul 1999 16:03:37 +0200
-
-openssl (0.9.2b-3) unstable; urgency=low
-
- * correct move conffiles to /etc/ssl (Bug #38570)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 31 May 1999 21:08:07 +0200
-
-openssl (0.9.2b-2) unstable; urgency=low
-
- * added convenience package ssleay to help upgrade to openssl (Bug
- #37185, #37623, #36326)
- * added some missing dependencies from libssl09 (Bug #36681, #35867,
- #36326)
- * move lib*.so to libssl09-dev (Bug #36761)
- * corrected version numbers of library files
- * introduce link from /usr/lib/ssl to /etc/ssl (Bug #36710)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 23 May 1999 14:57:48 +0200
-
-openssl (0.9.2b-1) unstable; urgency=medium
-
- * First openssl version
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 31 Mar 1999 15:54:26 +0200
-
-ssleay (0.9.0b-2) unstable; urgency=low
-
- * Include message about the (not)usage of RSAREF (#24409)
- * Move configfiles from /usr/lib/ssl to /etc/ssl (#26406)
- * Change definitions for sparc (#26487)
- * Added missing dependency (#28591)
- * Make debian/libtool executable (#29708)
- * /etc/ssl/lib/ssleay.cnf is now a confile (#32624)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 21 Mar 1999 19:41:04 +0100
-
-ssleay (0.9.0b-1) unstable; urgency=low
-
- * new upstream version (Bug #21227, #25971)
- * build shared libraries with -fPIC (Bug #20027)
- * support sparc architecture (Bug #28467)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 13 Oct 1998 10:20:13 +0200
-
-ssleay (0.8.1-7) frozen unstable; urgency=high
-
- * security fix patch to 0.8.1b (bug #24022)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 6 Jul 1998 15:42:15 +0200
-
-ssleay (0.8.1-6) frozen unstable; urgency=low
-
- * second try to fix bug #15235 (copyright was still missing)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 22 Jun 1998 08:56:27 +0200
-
-ssleay (0.8.1-5) frozen unstable; urgency=high
-
- * changed /dev/random to /dev/urandom (Bug #23169, #17817)
- * copyright contains now the full licence (Bug #15235)
- * fixed bug #19410 (md5sums-lists-nonexisting-file)
- * added demos to /usr/doc (Bug #17372)
- * fixed type in package description (Bug #18969)
- * fixed bug in adding documentation (Bug #21463)
- * added patch for support of debian-powerpc (Bug #21579)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 18 Jun 1998 23:09:13 +0200
-
-ssleay (0.8.1-4) unstable; urgency=low
-
- * purged dependency from libc5
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 11 Nov 1997 15:31:50 +0100
-
-ssleay (0.8.1-3) unstable; urgency=low
-
- * changed packagename libssl to libssl08 to get better dependancies
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 7 Nov 1997 14:23:17 +0100
-
-ssleay (0.8.1-2) unstable; urgency=low
-
- * linked shared libraries against libc6
- * use /dev/random for randomseed
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 5 Nov 1997 11:21:40 +0100
-
-ssleay (0.8.1-1) unstable; urgency=low
-
- * new upstream version
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Oct 1997 16:15:43 +0200
-
-ssleay (0.6.6-2) unstable; urgency=low
-
- * cleanup in diffs
- * removed INSTALL from docs (bug #13205)
- * split libssl and libssl-dev (but #13735)
-
- -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 15 Oct 1997 17:38:38 +0200
-
-ssleay (0.6.6-1) unstable; urgency=low
-
- * New upstream version
- * added shared libraries for libcrypto and libssl
-
- -- Christoph Martin <martin at uni-mainz.de> Thu, 26 Jun 1997 19:26:14 +0200
-
-ssleay (0.6.4-2) unstable; urgency=low
-
- * changed doc filenames from .doc to .txt to be able to read them
- over with webbrowser
-
- -- Christoph Martin <martin at uni-mainz.de> Tue, 25 Feb 1997 14:02:53 +0100
-
-ssleay (0.6.4-1) unstable; urgency=low
-
- * Initial Release.
-
- -- Christoph Martin <martin at uni-mainz.de> Fri, 22 Nov 1996 21:29:51 +0100
Copied: openssl/tags/1.1.0e-1/debian/changelog (from rev 896, openssl/branches/1.1.0/debian/changelog)
===================================================================
--- openssl/tags/1.1.0e-1/debian/changelog (rev 0)
+++ openssl/tags/1.1.0e-1/debian/changelog 2017-02-16 18:29:10 UTC (rev 897)
@@ -0,0 +1,2138 @@
+openssl (1.1.0e-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2017-3733
+ - Remove patches that are applied upstream.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 16 Feb 2017 18:57:58 +0100
+
+openssl (1.1.0d-2) unstable; urgency=medium
+
+ * Fix building of arch and all packages in a minimal environment
+ (Closes: #852900).
+ * Fix precomputing SHA1 by adding the following patches from upstream:
+ - Add-a-couple-of-test-to-check-CRL-fingerprint.patch
+ - Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch
+ - X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch
+ (Closes: #852920).
+
+ -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Mon, 30 Jan 2017 23:20:07 +0100
+
+openssl (1.1.0d-1) unstable; urgency=medium
+
+ * New Upstream release
+ - Fixes CVE-2017-3731
+ - Fixes CVE-2017-3730
+ - Fixes CVE-2017-3732
+ - drop revert_ssl_read.patch and
+ 0001-Add-missing-zdelete-for-some-linux-arches.patch, applied upstream.
+ * add new symbols.
+
+ -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Thu, 26 Jan 2017 16:38:34 +0100
+
+openssl (1.1.0c-4) unstable; urgency=medium
+
+ * Make build-indep build again.
+ * Don't depend on perl:any in openssl as it breaks debootstrap
+ ("Closes: #852017).
+
+ -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Fri, 20 Jan 2017 22:18:15 +0100
+
+openssl (1.1.0c-3) unstable; urgency=medium
+
+ * Add myself as Uploader.
+ * Add support for tilegx, patch by Helmut Grohne (Closes: #848957).
+ * redo the rules file to some newer debhelper:
+ - everyfile should remain, nothing should get lost
+ - the scripts in the doc package gained an exec bit
+ - openssl gained a dep on perl (the package contains perl scripts)
+ - libssl1.0.2-dbg is gone, we have dbgsym now
+ - dh compat 10
+ - pkg.install instead of pkg.files is used for install
+ * Mark libssl-doc as MA foreign
+ * Update Standards-Version from 3.9.5 to 3.9.8. No changes required.
+ * Document the change for openssl's enc command between 1.1.0 and pre 1.1.0
+ in the NEWS file (Closes: #843064).
+ * Add an override for lintian for the non-standard private directory
+
+ -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Thu, 19 Jan 2017 23:00:01 +0100
+
+openssl (1.1.0c-2) unstable; urgency=medium
+
+ * Revert behaviour of SSL_read() and SSL_write(), and update documentation.
+ (Closes: #844234)
+ * Add missing -zdelete on x32 (Closes: #844715)
+ * Add a Breaks on salt-common. Addresses #844706
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 21 Nov 2016 22:20:00 +0100
+
+openssl (1.1.0c-1) unstable; urgency=medium
+
+ * New upstrem release
+ - Fix CVE-2016-7053
+ - Fix CVE-2016-7054
+ - Fix CVE-2016-7055
+ * remove no-rpath.patch, applied upstream.
+ * Remove old d2i test cases, use the one from the upstream tarball.
+ * Update libssl1.1.symbols for new sysmbols.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 10 Nov 2016 19:05:44 +0100
+
+openssl (1.1.0b-2) unstable; urgency=low
+
+ * Upload to unstable
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 01 Nov 2016 22:02:32 +0100
+
+openssl (1.1.0b-1) experimental; urgency=medium
+
+ * New upstream release
+ - Fixes CVE-2016-6309
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 26 Sep 2016 18:21:09 +0200
+
+openssl (1.1.0a-1) experimental; urgency=medium
+
+ * New upstream release
+ - Fix CVE-2016-6304
+ - Fix CVE-2016-6305
+ - Fix CVE-2016-6307
+ - Fix CVE-2016-6308
+ * Update c_rehash-compat.patch to apply to new version.
+ * Update symbol file.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 22 Sep 2016 20:13:59 +0200
+
+openssl (1.1.0-1) experimental; urgency=medium
+
+ [ Kurt Roeckx ]
+ * New upstream version
+ * Use Package-Type instead of XC-Package-Type
+ * Remove "Priority: optional" in the binary packages.
+ * Add Homepage
+ * Use dpkg-buildflags's LDFLAGS also for building the shared libraries.
+
+ [ Sebastian Andrzej Siewior ]
+ * drop config-hurd.patch, we don't use `config' and it works without the
+ patch.
+ * Drop depend on zlib1g-dev since we don't use it anymore (Closes: #767207)
+ * Make the openssl package Multi-Arch: foregin (Closes: #827028)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 25 Aug 2016 18:52:22 +0200
+
+openssl (1.1.0~pre6-1) experimental; urgency=medium
+
+ [ Sebastian Andrzej Siewior ]
+ * drop engines-path.patch. Upstream uses a 1.1 suffixes now.
+
+ [ Kurt Roeckx ]
+ * New upstream version
+ * Drop upstream snapshot
+ * Update symbols file
+ * Use some https instead of http URLs
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 04 Aug 2016 18:33:24 +0200
+
+openssl (1.1.0~pre5-5) experimental; urgency=medium
+
+ * Update snapshot to commit fe964f0c88f6780fd30b26e306484b981b0a8480
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 02 Jul 2016 14:54:51 +0200
+
+openssl (1.1.0~pre5-4) experimental; urgency=medium
+
+ * Update snapshot to commit c32bdbf171ce6650ef045ec47b5abe0de7c264db
+ * Remove utils-mkdir-p-check-if-dir-exists-also-after-mkdir-f.patch, applied
+ upstream
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 26 Jun 2016 15:07:48 +0200
+
+openssl (1.1.0~pre5-3) experimental; urgency=medium
+
+ [ Kurt Roeckx ]
+ * Don't use assembler on hppa, it's not writen for Linux.
+
+ -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Fri, 10 Jun 2016 22:33:06 +0200
+
+openssl (1.1.0~pre5-2) experimental; urgency=medium
+
+ [ Sebastian Andrzej Siewior ]
+ * Run the testsuite with verbose output.
+ * Use $(MAKE) so the whole make environment is passed to its child and we
+ can build in parallel with -jX
+ * Update snapshot to commit 5000a6d1215e ("Fix an error path leak in int
+ X509_ATTRIBUTE_set1_data()")
+
+ -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Fri, 10 Jun 2016 21:49:55 +0200
+
+openssl (1.1.0~pre5-1) experimental; urgency=medium
+
+ * New upstream version with soname change. Upload to experimental.
+ - Rename binary packages
+ - Remove patches:
+ - block_diginotar.patch: All cross certificates expired in 2013
+ - block_digicert_malaysia.patch: intermediate certificates expired in
+ 2015
+ - man-dir.patch: Fixed upstream
+ - valgrind.patch: Upstream no longer adds the uninitialized data to the
+ RNG
+ - shared-lib-ext.patch: No longer needed
+ - version-script.patch: Upstream does symbol versioning itself now
+ - disable_freelist.patch: No longer needed
+ - soname.patch: Was to change to the 1.0.2 soname that upstream never had
+ - disable_sslv3_test.patch: Fixed upstream
+ - libdoc-manpgs-pod-spell.patch: Fixed upstream (Closes: #813191)
+ - Rewrite debian-targets.patch to work with the new configuration system.
+ - Update other patches to apply
+ - Update list of install docs
+ - Use DESTDIR instead of INSTALL_PREFIX
+ - Clean up more files
+ - Remove the configure option enable-tlsext no-ssl2 since they're no
+ longer supported.
+ * Add upstream snapshot:
+ - Add d2i-tests.tar to get new binary test files.
+ * Don't build i686 optimized version anymore on i386, it's now the default.
+ (Closes: #823774)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 28 May 2016 20:58:31 +0200
+
+openssl (1.0.2h-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2016-2107
+ - Fixes CVE-2016-2105
+ - Fixes CVE-2016-2106
+ - Fixes CVE-2016-2109
+ - Fixes CVE-2016-2176
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 03 May 2016 18:31:22 +0200
+
+openssl (1.0.2g-2) unstable; urgency=medium
+
+ * Use assembler of arm64 (Closes: #794326)
+ Patch from Riku Voipio <riku.voipio at iki.fi>
+ * Add a udeb for libssl, based on similar changes done in Ubuntu
+ starting in version 0.9.8o-4ubuntu1 (Closes: #802591)
+ Patch from Margarita Manterola <marga at google.com>
+ * Add support for nios2 (Closes: #816239)
+ Based on patch from Marek Vasut <marex at denx.de>
+ * Update Spanish translation from Manuel "Venturi" Porras Peralta
+ <venturi at openmailbox.org> (Closes: #773601)
+ * Don't build an i586 optimized version anymore, the default
+ already targets that. Patch from Sven Joachim <svenjoac at gmx.de>
+ (Closes: #759811)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 21 Apr 2016 23:43:06 +0200
+
+openssl (1.0.2g-1) unstable; urgency=high
+
+ * New upstream version
+ * Fix CVE-2016-0797
+ * Fix CVE-2016-0798
+ * Fix CVE-2016-0799
+ * Fix CVE-2016-0702
+ * Fix CVE-2016-0705
+ * Disable EXPORT and LOW ciphers: The DROWN attack (CVE-2016-0800)
+ makes use of those, and SLOTH attack (CVE-2015-7575) can make use of them
+ too.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 01 Mar 2016 18:31:09 +0100
+
+openssl (1.0.2f-2) unstable; urgency=high
+
+ * New upstream version.
+ - Fixes CVE-2016-0701
+ - Not affected by CVE-2015-3197 because SSLv2 is disabled.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 28 Jan 2016 19:32:02 +0100
+
+openssl (1.0.2e-1) unstable; urgency=high
+
+ * New upstream release
+ - Fix CVE-2015-3193
+ - Fix CVE-2015-3194
+ - Fix CVE-2015-3195
+ - Fix CVE-2015-3196
+ * Remove all symlinks during clean
+ * Run make depend after configure
+ * Remove openssl_button.* from the doc package
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 03 Dec 2015 19:33:05 +0100
+
+openssl (1.0.2d-3) unstable; urgency=medium
+
+ * Upload to unstable
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 01 Nov 2015 19:14:34 +0100
+
+openssl (1.0.2d-2) experimental; urgency=medium
+
+ * Build with no-ssl3-method to remove all SSLv3 support. This results in
+ the functions SSLv3_method(), SSLv3_server_method() and
+ SSLv3_client_method() being removed from libssl. Change the soname as
+ result of that and also changes name of the binary package.
+ (Closes: #768476)
+ * Enable rfc3779 and cms support (Closes: #630790)
+ * Fix cross compilation for mips architectures. (Closes: #782492)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 06 Sep 2015 14:21:27 +0200
+
+openssl (1.0.2d-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2015-1793
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 09 Jul 2015 18:22:26 +0200
+
+openssl (1.0.2c-1) unstable; urgency=medium
+
+ * New upstream version
+ - Fixes ABI (Closes: #788511)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 12 Jun 2015 20:35:12 +0200
+
+openssl (1.0.2b-1) unstable; urgency=high
+
+ * New upstream version
+ - Fix CVE-2015-4000
+ - Fix CVE-2015-1788
+ - Fix CVE-2015-1789
+ - Fix CVE-2015-1790
+ - Fix CVE-2015-1792
+ - Fix CVE-2015-1791
+ * Update c_rehash-compat.patch to make it apply to the new version.
+ * Remove openssl-pod-misspell.patch applied upstream
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 11 Jun 2015 18:20:38 +0200
+
+openssl (1.0.2a-1) unstable; urgency=medium
+
+ * New upstrema version
+ - Fix CVE-2015-0286
+ - Fix CVE-2015-0287
+ - Fix CVE-2015-0289
+ - Fix CVE-2015-0293 (not affected, SSLv2 disabled)
+ - Fix CVE-2015-0209
+ - Fix CVE-2015-0288
+ - Fix CVE-2015-0291
+ - Fix CVE-2015-0290
+ - Fix CVE-2015-0207
+ - Fix CVE-2015-0208
+ - Fix CVE-2015-1787
+ - Fix CVE-2015-0285
+ * Temporary enable SSLv3 methods again, but they will go away.
+ * Don't set TERMIO anymore, use the default TERMIOS instead.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 30 Apr 2015 23:37:27 +0200
+
+openssl (1.0.2-1) experimental; urgency=medium
+
+ * New upstream release
+ - Fixes CVE-2014-3571
+ - Fixes CVE-2015-0206
+ - Fixes CVE-2014-3569
+ - Fixes CVE-2014-3572
+ - Fixes CVE-2015-0204
+ - Fixes CVE-2015-0205
+ - Fixes CVE-2014-8275
+ - Fixes CVE-2014-3570
+ - Drop git_snapshot.patch
+ * Drop gnu_source.patch, dgst_hmac.patch, stddef.patch,
+ no_ssl3_method.patch: applied upstream
+ * Update patches to apply
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 23 Jan 2015 18:54:13 +0100
+
+openssl (1.0.2~beta3-1) experimental; urgency=low
+
+ * New usptream beta version
+ * Add git snapshot
+ * Merge changes between 1.0.1h-3 and 1.0.1j-1:
+ - Disables SSLv3 because of CVE-2014-3566
+ * Drop patch rehash-crt.patch: partially applied upstream.
+ c_rehash now doesn't support files in DER format anymore.
+ * Drop patch rehash_pod.patch: applied upstream
+ * Update c_rehash-compat.patch to apply to new upstream version. This
+ undoes upstream's "-old" option and creates both the new and old again.
+ It now also does it for CRLs.
+ * Drop defaults.patch, applied upstream
+ * dgst_hmac.patch updated to apply to upstream version.
+ * engines-path.patch updated to apply to upstream version.
+ * Update list of exported symbols
+ * Update symbols files to require beta3
+ * Enable unit tests
+ * Add patch to add support for the no-ssl3-method option that completly
+ disable SSLv3 and pass the option. This drops the following functions
+ from the library: SSLv3_method, SSLv3_server_method and
+ SSLv3_client_method
+ * Build using OPENSSL_NO_BUF_FREELISTS
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 07 Nov 2014 00:20:10 +0100
+
+openssl (1.0.2~beta2-1) experimental; urgency=medium
+
+ * New usptream beta version
+ - Fix CVE-2014-0224
+ - Fix CVE-2014-0221
+ - Fix CVE-2014-0195
+ - Fix CVE-2014-3470
+ - Fix CVE-2014-0198
+ - Fix CVE-2010-5298
+ - Fix CVE-2014-0160
+ - Fix CVE-2014-0076
+ * Merge changes between 1.0.1f-1 and 1.0.1h-3:
+ - postinst: Updated check for restarting services
+ * libdoc-manpgs-pod-spell.patch and openssl-pod-misspell.patch
+ partially applied upstream
+ * Drop fix-pod-errors.patch, applied upstream.
+ * Add support for ppc64le (Closes: #745657)
+ * Add support for OpenRISC (Closes: #736772)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 23 Jul 2014 19:54:09 +0200
+
+openssl (1.0.2~beta1-1) experimental; urgency=medium
+
+ * New upstream beta version
+ - Update list of symbols that should be exported and adjust the symbols
+ file. This also removes a bunch of duplicate symbols in the linker
+ file.
+ - Fix additional pod errors
+ - Following patches have been applied upstream and are removed:
+ libssl-misspell.patch, pod_req_misspell2.patch,
+ pod_pksc12.misspell.patch, pod_s_server.misspell.patch,
+ pod_x509setflags.misspell.patch, pod_ec.misspell.patch,
+ pkcs12-doc.patch, req_bits.patch
+ - Following patches have been partially applied upstream:
+ libdoc-manpgs-pod-spell.patch, openssl-pod-misspell.patch
+ - Remove openssl_fix_for_x32.patch, different patch applied upstream.
+ * Add support for cross compiling (Closes: #465248)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 25 Feb 2014 00:36:51 +0100
+
+openssl (1.0.1f-1) unstable; urgency=high
+
+ * New upstream version
+ - Fix for TLS record tampering bug CVE-2013-4353
+ - Drop the snapshot patch
+ * update watch file to check for upstream signature and add upstream pgp key.
+ * Drop conflicts against openssh since we now on a released version again.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 06 Jan 2014 18:50:54 +0100
+
+openssl (1.0.1e-6) unstable; urgency=medium
+
+ * Add Breaks: openssh-client (<< 1:6.4p1-1.1), openssh-server (<<
+ 1:6.4p1-1.1). This is to prevent people running into #732940.
+ This Breaks can be removed again when we stop using a git snapshot.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 23 Dec 2013 15:19:17 +0100
+
+openssl (1.0.1e-5) unstable; urgency=low
+
+ * Change default digest to SHA256 instead of SHA1. (Closes: #694738)
+ * Drop support for multiple certificates in 1 file. It never worked
+ properly in the first place, and the only one shipping in
+ ca-certificates has been split.
+ * Fix libdoc-manpgs-pod-spell.patch to only fix spalling errors
+ * Remove make-targets.patch. It prevented the test dir from being cleaned.
+ * Update to a git snapshot of the OpenSSL_1_0_1-stable branch.
+ - Fixes CVE-2013-6449 (Closes: #732754)
+ - Fixes CVE-2013-6450
+ - Drop patches ssltest_no_sslv2.patch cpuid.patch aesni-mac.patch
+ dtls_version.patch get_certificate.patch, since they where all
+ already commited upstream.
+ - adjust fix-pod-errors.patch for the reordering of items in the
+ documentation they've done trying to fix those pod errors.
+ - disable rdrand engine by default (Closes: #732710)
+ * disable zlib support. Fixes CVE-2012-4929 (Closes: #728055)
+ * Add arm64 support (Closes: #732348)
+ * Properly use the default number of bits in req when none are given
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 22 Dec 2013 19:25:35 +0100
+
+openssl (1.0.1e-4) unstable; urgency=low
+
+ [ Peter Michael Green ]
+ * Fix pod errors (Closes: #723954)
+ * Fix clean target
+
+ [ Kurt Roeckx ]
+ * Add mipsn32 and mips64 targets. Patch from Eleanor Chen
+ <chenyueg at gmail.com> (Closes: #720654)
+ * Add support for nocheck in DEB_BUILD_OPTIONS
+ * Update Norwegian translation (Closes: #653574)
+ * Update description of the packages. Patch by Justin B Rye
+ (Closes: #719262)
+ * change to debhelper compat level 9:
+ - change dh_strip call so only the files from libssl1.0.0 get debug
+ symbols.
+ - change dh_makeshlibs call so the engines don't get added to the
+ shlibs
+ * Update Standards-Version from 3.8.0 to 3.9.5. No changes required.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 01 Nov 2013 17:11:53 +0100
+
+openssl (1.0.1e-3) unstable; urgency=low
+
+ * Move <openssl/opensslconf.h> to /usr/include/$(DEB_HOST_MULTIARCH), and
+ mark libssl-dev Multi-Arch: same.
+ Patch by Colin Watson <cjwatson at ubuntu.com> (Closes: #689093)
+ * Add Polish translation (Closes: #658162)
+ * Add Turkish translation (Closes: #660971)
+ * Enable assembler for the arm targets, and remove armeb.
+ Patch by Riku Voipio <riku.voipio at iki.fi> (Closes: #676533)
+ * Add support for x32 (Closes: #698406)
+ * enable ec_nistp_64_gcc_128 on *-amd64 (Closes: #698447)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 20 May 2013 16:56:06 +0200
+
+openssl (1.0.1e-2) unstable; urgency=high
+
+ * Bump shlibs. It's needed for the udeb.
+ * Make cpuid work on cpu's that don't set ecx (Closes: #699692)
+ * Fix problem with AES-NI causing bad record mac (Closes: #701868, #702635, #678353)
+ * Fix problem with DTLS version check (Closes: #701826)
+ * Fix segfault in SSL_get_certificate (Closes: #703031)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 18 Mar 2013 20:37:11 +0100
+
+openssl (1.0.1e-1) unstable; urgency=high
+
+ * New upstream version (Closes: #699889)
+ - Fixes CVE-2013-0169, CVE-2012-2686, CVE-2013-0166
+ - Drop renegiotate_tls.patch, applied upstream
+ - Export new CRYPTO_memcmp symbol, update symbol file
+ * Add ssltest_no_sslv2.patch so that "make test" works.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 11 Feb 2013 19:39:44 +0100
+
+openssl (1.0.1c-5) unstable; urgency=low
+
+ * Re-enable assembler versions on sparc. They shouldn't have
+ been disabled for sparc v9. (Closes: #649841)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 09 Sep 2012 08:43:40 +0200
+
+openssl (1.0.1c-4) unstable; urgency=low
+
+ * Fix the configure rules for alpha (Closes: #672710)
+ * Switch the postinst to sh again, there never was a reason to
+ switch it to bash (Closes: #676398)
+ * Fix pic.patch to not use #ifdef in x86cpuid.s, only .S files are
+ preprocessed. We generate the file again for pic anyway.
+ (Closes: #677468)
+ * Drop Breaks against openssh as it was only for upgrades
+ between versions that were only in testing/unstable.
+ (Closes: #668600)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 17 Jul 2012 11:49:19 +0200
+
+openssl (1.0.1c-3) unstable; urgency=low
+
+ * Disable padlock engine again, causes problems for hosts not supporting it.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 06 Jun 2012 18:29:37 +0200
+
+openssl (1.0.1c-2) unstable; urgency=high
+
+ * Fix renegiotation when using TLS > 1.0. This breaks tor. Patch from
+ upstream. (Closes: #675990)
+ * Enable the padlock engine by default.
+ * Change default bits from 1024 to 2048 (Closes: #487152)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 06 Jun 2012 00:55:42 +0200
+
+openssl (1.0.1c-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2012-2333 (Closes: #672452)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 11 May 2012 18:44:51 +0200
+
+openssl (1.0.1b-1) unstable; urgency=high
+
+ * New upstream version
+ - Remaps SSL_OP_NO_TLSv1_1, so applications linked to 1.0.0
+ can talk to servers supporting TLS 1.1 but not TLS 1.2
+ - Drop rc4_hmac_md5.patch, applied upstream
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 26 Apr 2012 23:34:34 +0200
+
+openssl (1.0.1a-3) unstable; urgency=low
+
+ * Use patch from upstream for the rc4_hmac_md5 issue.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 23:16:30 +0200
+
+openssl (1.0.1a-2) unstable; urgency=low
+
+ * Fix rc4_hmac_md5 on non-i386/amd64 arches.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 21:54:42 +0200
+
+openssl (1.0.1a-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2012-2110
+ - Fix crash in rc4_hmac_md5 (Closes: #666405)
+ - Fixes some issues with talking to other servers when TLS 1.1 and 1.2 is
+ supported
+ - Drop patches no_ssl2.patch vpaes.patch tls1.2_client_algorithms.patch,
+ applied upstream.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 19:54:12 +0200
+
+openssl (1.0.1-4) unstable; urgency=low
+
+ * Use official patch for the vpaes problem, also covering amd64.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 31 Mar 2012 20:54:13 +0200
+
+openssl (1.0.1-3) unstable; urgency=high
+
+ * Fix crash in vpaes (Closes: #665836)
+ * use client version when deciding whether to send supported signature
+ algorithms extension
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 31 Mar 2012 18:35:59 +0200
+
+openssl (1.0.1-2) unstable; urgency=low
+
+ * Properly quote the new cflags in Configure
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 19 Mar 2012 19:56:05 +0100
+
+openssl (1.0.1-1) unstable; urgency=low
+
+ * New upstream version
+ - Remove kfreebsd-pipe.patch, fixed upstream
+ - Update pic.patch, openssl-pod-misspell.patch and make-targets.patch
+ - Add OPENSSL_1.0.1 to version-script.patch and libssl1.0.0.symbols for
+ the new functions.
+ - AES-NI support (Closes: #644743)
+ * pic.patch: upstream made OPENSSL_ia32cap_P and OPENSSL_cpuid_setup
+ hidden on amd64, no need to access it PIC anymore.
+ * pic.patch: Make OPENSSL_ia32cap_P hidden on i386 too (Closes: #663977)
+ * Enable hardening using dpkg-buildflags (Closes: #653495)
+ * s_client and s_server were forcing SSLv3 only connection when SSLv2 was
+ disabled instead of the SSLv2 with upgrade method. (Closes: #664454)
+ * Add Breaks on openssh < 1:5.9p1-4, it has a too strict version check.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 19 Mar 2012 18:23:32 +0100
+
+openssl (1.0.0h-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2012-0884
+ - Fixes CVE-2012-1165
+ - Properly fix CVE-2011-4619
+ - pkg-config.patch applied upstream, remove it.
+ * Enable assembler for all i386 arches. The assembler does proper
+ detection of CPU support, including cpuid support.
+ This should fix a problem with AES 192 and 256 with the padlock
+ engine because of the difference in NO_ASM between the between
+ the i686 optimized library and the engine.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 13 Mar 2012 21:08:17 +0100
+
+openssl (1.0.0g-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2012-0050
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 18 Jan 2012 20:46:13 +0100
+
+openssl (1.0.0f-1) unstable; urgency=high
+
+ * New upstream version
+ - Fixes CVE-2011-4108, CVE-2011-4576, CVE-2011-4619, CVE-2012-0027,
+ CVE-2011-4577
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 12 Jan 2012 19:02:43 +0100
+
+openssl (1.0.0e-3) unstable; urgency=low
+
+ * Don't build v8 and v9 variants of sparc anymore, they're older than
+ the default. (Closes: #649841)
+ * Don't build i486 optimized version, that's the default anyway, and
+ it uses assembler that doesn't always work on i486.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 28 Nov 2011 22:17:26 +0100
+
+openssl (1.0.0e-2.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Block Malaysian's Digicert Sdn. Bhd. certificates by marking them
+ as revoked.
+
+ -- Raphael Geissert <geissert at debian.org> Sun, 06 Nov 2011 01:39:30 -0600
+
+openssl (1.0.0e-2) unstable; urgency=low
+
+ * Add a missing $(DEB_HOST_MULTIARCH)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Sep 2011 17:02:29 +0200
+
+openssl (1.0.0e-1) unstable; urgency=low
+
+ * New upstream version
+ - Fix bug where CRLs with nextUpdate in the past are sometimes accepted
+ by initialising X509_STORE_CTX properly. (CVE-2011-3207)
+ - Fix SSL memory handling for (EC)DH ciphersuites, in particular
+ for multi-threaded use of ECDH. (CVE-2011-3210)
+ - Add protection against ECDSA timing attacks (CVE-2011-1945)
+ * Block DigiNotar certifiates. Patch from
+ Raphael Geissert <geissert at debian.org>
+ * Generate hashes for all certs in a file (Closes: #628780, #594524)
+ Patch from Klaus Ethgen <Klaus at Ethgen.de>
+ * Add multiarch support (Closs: #638137)
+ Patch from Steve Langasek / Ubuntu
+ * Symbols from the gost engine were removed because it didn't have
+ a linker file. Thanks to Roman I Khimov <khimov at altell.ru>
+ (Closes: #631503)
+ * Add support for s390x. Patch from Aurelien Jarno <aurel32 at debian.org>
+ (Closes: #641100)
+ * Add build-arch and build-indep targets to the rules file.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Sep 2011 12:03:13 +0200
+
+openssl (1.0.0d-3) unstable; urgency=low
+
+ * Make it build on sparc64. Patch from Aurelien Jarno. (Closes: #626060)
+ * Apply patches from Scott Schaefer <saschaefer at neurodiverse.org> to
+ fix various pod and spelling errors. (Closes: #622820, #605561)
+ * Add missing symbols for the engines (Closes: #623038)
+ * More spelling fixes from Scott Schaefer (Closes: #395424)
+ * Patch from Scott Schaefer to better document pkcs12 password options
+ (Closes: #462489)
+ * Document dgst -hmac option. Patch by Thorsten Glaser <tg at mirbsd.de>
+ (Closes: #529586)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 13 Jun 2011 12:39:54 +0200
+
+openssl (1.0.0d-2) unstable; urgency=high
+
+ * Make c_rehash also generate the old subject hash. Gnutls applications
+ seem to require it. (Closes: #611102)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Apr 2011 22:36:49 +0200
+
+openssl (1.0.0d-1) unstable; urgency=low
+
+ * New upstream version
+ - Fixes CVE-2011-0014
+ * Make libssl-doc Replaces/Breaks with old libssl-dev packages
+ (Closes: #607609)
+ * Only export the symbols we should, instead of all.
+ * Add symbol file.
+ * Upload to unstable
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 02 Apr 2011 13:19:19 +0000
+
+openssl (1.0.0c-2) experimental; urgency=low
+
+ * Set $ in front of {sparcv9_asm} so that the sparc v9 variant builds.
+ * Always define _GNU_SOURCE, not only for Linux.
+ * Drop SSL2 support (Closes: #589706)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 19 Dec 2010 16:24:16 +0100
+
+openssl (1.0.0c-1) experimental; urgency=low
+
+ * New upstream version (Closes: #578376)
+ - New soname: Rename library packages
+ - Drop patch perl-path.diff, not needed anymore
+ - Drop patches CVE-2010-2939.patch, CVE-2010-3864.patch
+ and CVE-2010-4180.patch: applied upstream.
+ - Update Configure for the new fields for the assembler options
+ per arch. alpha now makes use of assembler.
+ * Move man3 manpages and demos to libssl-doc (Closes: #470594)
+ * Drop .pod files from openssl package (Closes: #518167)
+ * Don't use RC4_CHAR on amd64 and drop rc4-amd64.patch
+ * Stop using BF_PTR2 on (kfreebd-)amd64.
+ * Drop debian-arm from the list of arches.
+ * Update arm arches to use BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
+ BF_PTR instead of BN_LLONG DES_RISC1
+ * ia64: Drop RC4_CHAR, add DES_UNROLL DES_INT
+ * powerpc: Use RC4_CHAR RC4_CHUNK DES_RISC1 instead
+ of DES_RISC2 DES_PTR MD2_CHAR RC4_INDEX
+ * s390: Use RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL instead of BN_LLONG
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 12 Dec 2010 15:37:21 +0100
+
+openssl (0.9.8o-4) unstable; urgency=low
+
+ * Fix CVE-2010-4180 (Closes: #529221)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 06 Dec 2010 20:33:21 +0100
+
+openssl (0.9.8o-3) unstable; urgency=high
+
+ * Fix TLS extension parsing race condition (CVE-2010-3864) (Closes: #603709)
+ * Re-add the engines. They were missing since 0.9.8m-1.
+ Patch by Joerg Schneider. (Closes: #603693)
+ * Not all architectures were build using -g (Closes: #570702)
+ * Add powerpcspe support (Closes: #579805)
+ * Add armhf support (Closes: #596881)
+ * Update translations:
+ - Brazilian Portuguese (Closes: #592154)
+ - Danish (Closes: #599459)
+ - Vietnamese (Closes: #601536)
+ - Arabic (Closes: #596166)
+ * Generate the proper stamp file so that everything doesn't get build twice.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 16 Nov 2010 19:20:55 +0100
+
+openssl (0.9.8o-2) unstable; urgency=high
+
+ * Fix CVE-2010-2939: Double free using ECDH. (Closes: #594415)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 26 Aug 2010 18:25:29 +0200
+
+openssl (0.9.8o-1) unstable; urgency=low
+
+ * New upstream version
+ - Add SHA2 algorithms to SSL_library_init().
+ - aes-x86_64.pl is now PIC, update pic.patch.
+ * Add sparc64 support (Closes: #560240)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 18 Apr 2010 01:42:44 +0200
+
+openssl (0.9.8n-1) unstable; urgency=high
+
+ * New upstream version.
+ - Fixes CVE-2010-0740.
+ - Drop cfb.patch, applied upstream.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 25 Mar 2010 20:30:52 +0100
+
+openssl (0.9.8m-2) unstable; urgency=low
+
+ * Revert CFB block length change preventing reading older files.
+ (Closes: #571810, #571940)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 28 Feb 2010 22:08:49 +0100
+
+openssl (0.9.8m-1) unstable; urgency=low
+
+ * New upstream version
+ - Implements RFC5746, reenables renegotiation but requires the extension.
+ - Fixes CVE-2009-3245
+ - Drop patches CVE-2009-4355.patch, CVE-2009-1378.patch,
+ CVE-2009-1377.patch, CVE-2009-1379.patch, CVE-2009-3555.patch,
+ CVE-2009-2409.patch, CVE-2009-1387.patch, tls_ext_v3.patch,
+ no_check_self_signed.patch: applied upstream
+ - pk7_mime_free.patch removed, code rewritten
+ - ca.diff partially applied upstream
+ - engines-path.patch adjusted, upstream made some minor changes to the
+ build system.
+ - some flags changed values, bump shlibs.
+ * Switch to 3.0 (quilt) source package.
+ * Make sure the package is properly cleaned.
+ * Add ${misc:Depends} to the Depends on all packages.
+ * Fix spelling of extension in the changelog file.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 27 Feb 2010 12:24:03 +0000
+
+openssl (0.9.8k-8) unstable; urgency=high
+
+ * Clean up zlib state so that it will be reinitialized on next use and
+ not cause a memory leak. (CVE-2009-4355, CVE-2008-1678)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Jan 2010 21:26:49 +0100
+
+openssl (0.9.8k-7) unstable; urgency=low
+
+ * Bump the shlibs to require 0.9.8k-1. The following symbols
+ to added between g and k: AES_wrap_key, AES_unwrap_key,
+ ASN1_TYPE_set1, ASN1_STRING_set0, asn1_output_data_fn,
+ SMIME_read_ASN1, BN_X931_generate_Xpq, BN_X931_derive_prime_ex,
+ BN_X931_generate_prime_ex, COMP_zlib_cleanup, CRYPTO_malloc_debug_init,
+ int_CRYPTO_set_do_dynlock_callback, CRYPTO_set_mem_info_functions,
+ CRYPTO_strdup, CRYPTO_dbg_push_info, CRYPTO_dbg_pop_info,
+ CRYPTO_dbg_remove_all_info, OPENSSL_isservice, OPENSSL_init,
+ ENGINE_set_load_ssl_client_cert_function,
+ ENGINE_get_ssl_client_cert_function, ENGINE_load_ssl_client_cert,
+ EVP_CIPHER_CTX_set_flags, EVP_CIPHER_CTX_clear_flags,
+ EVP_CIPHER_CTX_test_flags, HMAC_CTX_set_flags, OCSP_sendreq_new
+ OCSP_sendreq_nbio, OCSP_REQ_CTX_free, RSA_X931_derive_ex,
+ RSA_X931_generate_key_ex, X509_ALGOR_set0, X509_ALGOR_get0,
+ X509at_get0_data_by_OBJ, X509_get1_ocsp
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 28 Nov 2009 14:34:26 +0100
+
+openssl (0.9.8k-6) unstable; urgency=low
+
+ * Disable SSL/TLS renegotiation (CVE-2009-3555) (Closes: #555829)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 12 Nov 2009 18:10:31 +0000
+
+openssl (0.9.8k-5) unstable; urgency=low
+
+ * Don't check self signed certificate signatures in X509_verify_cert()
+ (Closes: #541735)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 11 Sep 2009 15:42:32 +0200
+
+openssl (0.9.8k-4) unstable; urgency=low
+
+ * Split all the patches into a separate files
+ * Stop undefinging HZ, the issue on alpha should be fixed.
+ * Remove MD2 from digest algorithm table. (CVE-2009-2409) (Closes: #539899)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 11 Aug 2009 21:19:18 +0200
+
+openssl (0.9.8k-3) unstable; urgency=low
+
+ * Make rc4-x86_64 PIC. Based on patch from Petr Salinger (Closes: #532336)
+ * Add workaround for kfreebsd that can't see the different between
+ two pipes. Patch from Petr Salinger.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 13 Jun 2009 18:15:46 +0200
+
+openssl (0.9.8k-2) unstable; urgency=low
+
+ * Move libssl0.9.8-dbg to the debug section.
+ * Use the rc4 assembler on kfreebsd-amd64 (Closes: #532336)
+ * Split the line to generate md5-x86_64.s in the Makefile. This will
+ hopefully fix the build issue on kfreebsd that now outputs the file
+ to stdout instead of the file.
+ * Fix denial of service via an out-of-sequence DTLS handshake message
+ (CVE-2009-1387) (Closes: #532037)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 08 Jun 2009 19:05:56 +0200
+
+openssl (0.9.8k-1) unstable; urgency=low
+
+ * New upstream release
+ - 0.9.8i fixed denial of service via a DTLS ChangeCipherSpec packet
+ that occurs before ClientHello (CVE-2009-1386)
+ * Make aes-x86_64.pl use PIC.
+ * Fix security issues (Closes: #530400)
+ - "DTLS record buffer limitation bug." (CVE-2009-1377)
+ - "DTLS fragment handling" (CVE-2009-1378)
+ - "DTLS use after free" (CVE-2009-1379)
+ * Fixed Configure for hurd: use -mtune=i486 instead of -m486
+ Patch by Marc Dequènes (Duck) <duck at hurdfr.org> (Closes: #530459)
+ * Add support for avr32 (Closes: #528648)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 16 May 2009 17:33:55 +0200
+
+openssl (0.9.8g-16) unstable; urgency=high
+
+ * Properly validate the length of an encoded BMPString and UniversalString
+ (CVE-2009-0590) (Closes: #522002)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 01 Apr 2009 22:04:53 +0200
+
+openssl (0.9.8g-15) unstable; urgency=low
+
+ * Internal calls to didn't properly check for errors which
+ resulted in malformed DSA and ECDSA signatures being treated as
+ a good signature rather than as an error. (CVE-2008-5077)
+ * ipv6_from_asc() could write 1 byte longer than the buffer in case
+ the ipv6 address didn't have "::" part. (Closes: #506111)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 05 Jan 2009 21:14:31 +0100
+
+openssl (0.9.8g-14) unstable; urgency=low
+
+ * Don't give the warning about security updates when upgrading
+ from etch since it doesn't have any known security problems.
+ * Automaticly use engines that succesfully initialised. Patch
+ from the 0.9.8h upstream version. (Closes: #502177)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 31 Oct 2008 22:45:14 +0100
+
+openssl (0.9.8g-13) unstable; urgency=low
+
+ * Fix a problem with tlsext preventing firefox 3 from connection.
+ Patch from upstream CVS and part of 0.9.8h.
+ (Closes: #492758)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 03 Aug 2008 19:47:10 +0200
+
+openssl (0.9.8g-12) unstable; urgency=low
+
+ * add the changelog of the 10.1 NMU to make bugtracking happy
+
+ -- Christoph Martin <Christoph.Martin at Uni-Mainz.DE> Tue, 22 Jul 2008 14:58:26 +0200
+
+openssl (0.9.8g-11) unstable; urgency=low
+
+ [ Christoph Martin ]
+ * updated cs, gl, sv, ru, ro debconf translation (closes: #480926, #480967,
+ #482465, #484324, #488595)
+ * add Vcs-Svn header (closes: #481654)
+ * fix debian-kfreebsd-i386 build flags (closes: #482275)
+ * add stunnel4 to restart list (closes: #482111)
+ * include fixes from 10.1 NMU by Security team
+ - Fix double free in TLS server name extension which leads to a remote
+ denial of service (CVE-2008-0891; Closes: #483379).
+ - Fix denial of service if the 'Server Key exchange message'
+ is omitted from a TLS handshake which could lead to a client
+ crash (CVE-2008-1672; Closes: #483379).
+ This only works if openssl is compiled with enable-tlsext which is
+ done in Debian.
+ * fix some lintian warnings
+ * update to newest standards version
+
+ -- Christoph Martin <Christoph.Martin at Uni-Mainz.DE> Thu, 17 Jul 2008 09:53:01 +0200
+
+openssl (0.9.8g-10.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security team.
+ * Fix denial of service if the 'Server Key exchange message'
+ is omitted from a TLS handshake which could lead to a client
+ crash (CVE-2008-1672; Closes: #483379).
+ This only works if openssl is compiled with enable-tlsext which is
+ done in Debian.
+ * Fix double free in TLS server name extension which leads to a remote
+ denial of service (CVE-2008-0891; Closes: #483379).
+
+ -- Nico Golde <nion at debian.org> Tue, 27 May 2008 11:13:44 +0200
+
+openssl (0.9.8g-10) unstable; urgency=low
+
+ * undefine HZ so that the code falls back to sysconf(_SC_CLK_TCK)
+ to fix a build failure on alpha.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 08 May 2008 17:56:13 +0000
+
+openssl (0.9.8g-9) unstable; urgency=high
+
+ [ Christoph Martin ]
+ * Include updated debconf translations (closes: #473477, #461597,
+ #461880, #462011, #465517, #475439)
+
+ [ Kurt Roeckx ]
+ * ssleay_rand_add() really needs to call MD_Update() for buf.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 07 May 2008 20:32:12 +0200
+
+openssl (0.9.8g-8) unstable; urgency=high
+
+ * Don't add extensions to ssl v3 connections. It breaks with some
+ other software. (Closes: #471681)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 23 Mar 2008 17:50:04 +0000
+
+openssl (0.9.8g-7) unstable; urgency=low
+
+ * Upload to unstable.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Feb 2008 22:22:29 +0000
+
+openssl (0.9.8g-6) experimental; urgency=low
+
+ * Bump shlibs.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 09 Feb 2008 15:42:22 +0100
+
+openssl (0.9.8g-5) experimental; urgency=low
+
+ * Enable tlsext. This changes the ABI, but should hopefully
+ not cause any problems. (Closes: #462596)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 09 Feb 2008 13:32:49 +0100
+
+openssl (0.9.8g-4) unstable; urgency=low
+
+ * Fix aes ige test speed not to overwrite it's buffer and
+ cause segfauls. Thanks to Tim Hudson (Closes: #459619)
+ * Mark some strings in the templates as non translatable.
+ Patch from Christian Perrier <bubulle at debian.org> (Closes: #450418)
+ * Update Dutch debconf translation (Closes: #451290)
+ * Update French debconf translation (Closes: #451375)
+ * Update Catalan debconf translation (Closes: #452694)
+ * Update Basque debconf translation (Closes: #457285)
+ * Update Finnish debconf translation (Closes: #458261)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 16 Jan 2008 21:49:43 +0100
+
+openssl (0.9.8g-3) unstable; urgency=low
+
+ * aes-586.pl: push %ebx on the stack before we put some things on the
+ stack and call a function, giving AES_decrypt() wrong values to work
+ with. (Closes: #449200)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 04 Nov 2007 21:49:00 +0100
+
+openssl (0.9.8g-2) unstable; urgency=low
+
+ * Avoid text relocations on i386 caused by the assembler versions:
+ - x86unix.pl: Create a function_begin_B_static to create a
+ static/local assembler function.
+ - aes-586.pl: Use the function_begin_B_static for _x86_AES_decrypt
+ so that it doesn't get exported and doesn't have any (text) relocations.
+ - aes-586.pl: Set up ebx to point to the GOT and call AES_set_encrypt_key
+ via the PLT to avoid a relocation.
+ - x86unix.pl: Call the init function via the PLT, avoiding a relocation
+ in case of a PIC object.
+ - cbc.pl: Call functions via the PLT.
+ - desboth.pl: Call DES_encrypt2 via the PLT.
+ * CA.sh should use the v3_ca extension when called with -newca
+ (Closes: #428051)
+ * Use -Wa,--noexecstack for all arches in Debian. (Closes: #430583)
+ * Convert the failure message when services fail restart to a debconf
+ message.
+ * To restart a service, just restart, instead of stop and start.
+ Hopefully fixes #444946
+ * Also remove igetest from the test dir in the clean target.
+ (Closes: #424362)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 03 Nov 2007 13:25:45 +0100
+
+openssl (0.9.8g-1) unstable; urgency=low
+
+ * New upstream release
+ - Fixes version number not to say it's a development version.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 20 Oct 2007 12:47:10 +0200
+
+openssl (0.9.8f-1) unstable; urgency=low
+
+ * New upstream release
+ - Fixes DTLS issues, also fixes CVE-2007-4995 (Closes: #335703, #439737)
+ - Proper inclusion of opensslconf.h in pq_compat.h (Closes: #408686)
+ - New function SSL_set_SSL_CTX: bump shlibs.
+ * Remove build dependency on gcc > 4.2
+ * Remove the openssl preinst, it looks like a workaround
+ for a change in 0.9.2b where config files got moved. (Closes: #445095)
+ * Update debconf translations:
+ - Vietnamese (Closes: #426988)
+ - Danish (Closes: #426774)
+ - Slovak (Closes: #440723)
+ - Finnish (Closes: #444258)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 13 Oct 2007 00:47:22 +0200
+
+openssl (0.9.8e-9) unstable; urgency=high
+
+ * CVE-2007-5135: Fix off by one error in SSL_get_shared_ciphers().
+ (Closes: #444435)
+ * Add postgresql-8.2 to the list of services to check.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 28 Sep 2007 19:47:33 +0200
+
+openssl (0.9.8e-8) unstable; urgency=low
+
+ * Fix another case of the "if this code is reached, the program will abort"
+ (Closes: #429740)
+ * Temporary force to build with gcc >= 4.2
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 02 Sep 2007 18:12:11 +0200
+
+openssl (0.9.8e-7) unstable; urgency=low
+
+ * Fix problems with gcc-4.2 (Closes: #429740)
+ * Stop using -Bsymbolic to create the shared library.
+ * Make x86_64cpuid.pl use PIC.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 02 Sep 2007 16:15:18 +0200
+
+openssl (0.9.8e-6) unstable; urgency=high
+
+ * Add fix for CVE-2007-3108 (Closes: #438142)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 15 Aug 2007 19:49:54 +0200
+
+openssl (0.9.8e-5) unstable; urgency=low
+
+ [ Christian Perrier ]
+ * Debconf templates proofread and slightly rewritten by
+ the debian-l10n-english team as part of the Smith Review Project.
+ Closes: #418584
+ * Debconf templates translations:
+ - Arabic. Closes: #418669
+ - Russian. Closes: #418670
+ - Galician. Closes: #418671
+ - Swedish. Closes: #418679
+ - Korean. Closes: #418755
+ - Czech. Closes: #418768
+ - Basque. Closes: #418784
+ - German. Closes: #418785
+ - Traditional Chinese. Closes: #419915
+ - Brazilian Portuguese. Closes: #419959
+ - French. Closes: #420429
+ - Italian. Closes: #420461
+ - Japanese. Closes: #420482
+ - Catalan. Closes: #420833
+ - Dutch. Closes: #420925
+ - Malayalam. Closes: #420986
+ - Portuguese. Closes: #421032
+ - Romanian. Closes: #421708
+
+ [ Kurt Roeckx ]
+ * Remove the Provides for the udeb. Patch from Frans Pop. (Closes: #419608)
+ * Updated Spanish debconf template. (Closes: #421336)
+ * Do the header changes, changing those defines into real functions,
+ and bump the shlibs to match.
+ * Update Japanese debconf translation. (Closes: #422270)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 15 May 2007 17:21:08 +0000
+
+openssl (0.9.8e-4) unstable; urgency=low
+
+ * openssl should depend on libssl0.9.8 0.9.8e-1 since it
+ uses some of the defines that changed to functions.
+ Other things build against libssl or libcrypto shouldn't
+ have this problem since they use the old headers.
+ (Closes: #414283)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 10 Mar 2007 17:11:46 +0000
+
+openssl (0.9.8e-3) unstable; urgency=low
+
+ * Add nagios-nrpe-server to the list of services to be checked
+ (Closes: #391188)
+ * EVP_CIPHER_CTX_key_length() should return the set key length in the
+ EVP_CIPHER_CTX structure which may not be the same as the underlying
+ cipher key length for variable length ciphers.
+ From upstream CVS. (Closes: #412979)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 4 Mar 2007 23:22:51 +0000
+
+openssl (0.9.8e-2) unstable; urgency=low
+
+ * Undo include changes that change defines into real functions,
+ but keep the new functions in the library.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 25 Feb 2007 19:19:19 +0000
+
+openssl (0.9.8e-1) unstable; urgency=low
+
+ * New upstream release
+ - Inludes security fixes for CVE-2006-2937, CVE-2006-2940,
+ CVE-2006-3738, CVE-2006-4343 (Closes: #408902)
+ - s_client now properly works with SMTP. Also added support
+ for IMAP. (closes: #221689)
+ - Load padlock modules (Closes: #345656, #368476)
+ * Add clamav-freshclam and clamav-daemon to the list of service that
+ need to be restarted. (Closes: #391191)
+ * Add armel support. Thanks to Guillem Jover <guillem.jover at nokia.com>
+ for the patch. (Closes: #407196)
+ * Add Portuguese translations. Thanks to Carlos Lisboa. (Closes: 408157)
+ * Add Norwegian translations. Thanks to Bjørn Steensrud
+ <bjornst at powertech.no> (Closes: #412326)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 25 Feb 2007 18:06:28 +0000
+
+openssl (0.9.8c-4) unstable; urgency=low
+
+ * Add German debconf translation. Thanks to
+ Johannes Starosta <feedback-an-johannes at arcor.de> (Closes: #388108)
+ * Make c_rehash look for both .pem and .crt files. Also make it support
+ files in DER format. Patch by "Yauheni Kaliuta" <y.kaliuta at gmail.com>
+ (Closes: #387089)
+ * Use & instead of && to check a flag in the X509 policy checking.
+ Patch from upstream cvs. (Closes: #397151)
+ * Also restart slapd for security updates (Closes: #400221)
+ * Add Romanian debconf translation. Thanks to
+ stan ioan-eugen <stan.ieugen at gmail.com> (Closes: #393507)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 30 Nov 2006 20:57:46 +0000
+
+openssl (0.9.8c-3) unstable; urgency=low
+
+ * Fix patch for CVE-2006-2940, it left ctx unintiliased.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 2 Oct 2006 18:05:00 +0200
+
+openssl (0.9.8c-2) unstable; urgency=high
+
+ * Fix security vulnerabilities (CVE-2006-2937, CVE-2006-2940,
+ CVE-2006-3738, CVE-2006-4343). Urgency set to high.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 27 Sep 2006 21:24:55 +0000
+
+openssl (0.9.8c-1) unstable; urgency=low
+
+ * New upstream release
+ - block padding bug with compression now fixed upstream, using
+ their patch.
+ - Includes the RSA Signature Forgery (CVE-2006-4339) patch.
+ - New functions AES_bi_ige_encrypt and AES_ige_encrypt:
+ bumping shlibs to require 0.9.8c-1.
+ * Change the postinst script to check that ntp is installed instead
+ of ntp-refclock and ntp-simple. The binary is now in the ntp
+ package.
+ * Move the modified rand/md_rand.c file to the right place,
+ really fixing #363516.
+ * Add partimage-server conserver-server and tor to the list of service
+ to check for restart. Add workaround for openssh-server so it finds
+ the init script. (Closes: #386365, #386400, #386513)
+ * Add manpage for c_rehash.
+ Thanks to James Westby <jw+debian at jameswestby.net> (Closes: #215618)
+ * Add Lithuanian debconf translation.
+ Thanks to Gintautas Miliauskas <gintas at akl.lt> (Closes: #374364)
+ * Add m32r support.
+ Thanks to Kazuhiro Inaoka <inaoka.kazuhiro at renesas.com>
+ (Closes: #378689)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 17 Sep 2006 14:47:59 +0000
+
+openssl (0.9.8b-3) unstable; urgency=high
+
+ * Fix RSA Signature Forgery (CVE-2006-4339) using patch provided
+ by upstream.
+ * Restart services using a smaller version that 0.9.8b-3, so
+ they get the fixed version.
+ * Change the postinst to check for postfix instead of postfix-tls.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 5 Sep 2006 18:26:10 +0000
+
+openssl (0.9.8b-2) unstable; urgency=low
+
+ * Don't call gcc with -mcpu on i386, we already use -march, so no need for
+ -mtune either.
+ * Always make all directories when building something:
+ - The engines directory didn't get build for the static directory, so
+ where missing in libcrypo.a
+ - The apps directory didn't always get build, so we didn't have an openssl
+ and a small part of the regression tests failed.
+ * Make the package fail to build if the regression tests fail.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 15 May 2006 16:00:58 +0000
+
+openssl (0.9.8b-1) unstable; urgency=low
+
+ * New upstream release
+ - New functions added (EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_free), bump shlibs.
+ - CA.pl/CA.sh now calls openssl ca with -extensions v3_ca, setting CA:TRUE
+ instead of FALSE.
+ - CA.pl/CA.sh creates crlnumber now. (Closes: #347612)
+ * Run debconf-updatepo, which really already was in the 0.9.8a-8 version
+ as it was uploaded.
+ * Add Galician debconf translation. Patch from
+ Jacobo Tarrio <jtarrio at trasno.net> (Closes: #361266)
+ * libssl0.9.8.postinst makes uses of bashisms (local variables)
+ so use #!/bin/bash
+ * libssl0.9.8.postinst: Call set -e after sourcing the debconf
+ script.
+ * libssl0.9.8.postinst: Change list of service that may need
+ to be restarted:
+ - Replace ssh by openssh-server
+ - Split postgresql in postgresql-7.4 postgresql-8.0 postgresql-8.1
+ - Add: dovecot-common bind9 ntp-refclock ntp-simple openntpd clamcour
+ fetchmail ftpd-ssl proftpd proftpd-ldap proftpd-mysql proftpd-pgsql
+ * libssl0.9.8.postinst: The check to see if something was installed
+ wasn't working.
+ * libssl0.9.8.postinst: Add workaround to find the name of the init
+ script for proftpd and dovecot.
+ * libssl0.9.8.postinst: Use invoke-rc.d when it's available.
+ * Change Standards-Version to 3.7.0:
+ - Make use of invoke-rc.d
+ * Add comment to README.Debian that rc5, mdc2 and idea have been
+ disabled (since 0.9.6b-3) (Closes: #362754)
+ * Don't add uninitialised data to the random number generator. This stop
+ valgrind from giving error messages in unrelated code.
+ (Closes: #363516)
+ * Put the FAQ in the openssl docs.
+ * Add russian debconf translations from Yuriy Talakan <yt at amur.elektra.ru>
+ (Closes #367216)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 4 May 2006 20:40:03 +0200
+
+openssl (0.9.8a-8) unstable; urgency=low
+
+ * Call pod2man with the proper section. Section changed
+ from 1/3/5/7 to 1SSL/3SSL/5SSL/7SSL. The name of the files
+ already had the ssl in, the section didn't. The references
+ to other manpage is still wrong.
+ * Don't install the LICENSE file, it's already in the copyright file.
+ * Don't set an rpath on openssl to point to /usr/lib.
+ * Add support for kfreebsd-amd64. (Closes: #355277)
+ * Add udeb to the shlibs. Patch from Frans Pop <aragorn at tiscali.nl>
+ (Closes: #356908)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 11 Feb 2006 14:14:37 +0100
+
+openssl (0.9.8a-7) unstable; urgency=high
+
+ * Add italian debconf templates. Thanks to Luca Monducci.
+ (Closes: #350249)
+ * Change the debconf question to use version 0.9.8-3
+ instead of 0.9.8-1, since that's the last version
+ with a security fix.
+ * Call conn_state() if the BIO is not in the BIO_CONN_S_OK state
+ (Closes: #352047). RC bug affecting testing, so urgency high.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 9 Feb 2006 19:07:56 +0100
+
+openssl (0.9.8a-6) unstable; urgency=low
+
+ * Remove empty postinst/preinst/prerm scripts. There is no need
+ to have empty ones, debhelper will add them when needed.
+ * Remove the static pic libraries. Nobody should be linking
+ it's shared libraries static to libssl or libcrypto.
+ This was added for opensc who now links to it shared.
+ * Do not assume that in case the sequence number is 0 and the
+ packet has an odd number of bytes that the other side has
+ the block padding bug, but try to check that it actually
+ has the bug. The wrong detection of this bug resulted
+ in an "decryption failed or bad record mac" error in case
+ both sides were using zlib compression. (Closes: #338006)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 21 Jan 2006 16:25:41 +0100
+
+openssl (0.9.8a-5) unstable; urgency=low
+
+ * Stop ssh from crashing randomly on sparc (Closes: #335912)
+ Patch from upstream cvs.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 13 Dec 2005 21:37:42 +0100
+
+openssl (0.9.8a-4) unstable; urgency=low
+
+ * Call dh_makeshlibs with the proper version instead of putting
+ it in shlibs.local, which doesn't seem to do anything. 0.9.8a-1
+ added symbol versioning, so it should have bumped the shlibs.
+ (Closes: #338284)
+ * The openssl package had a duplicate dependency on libssl0.9.8,
+ only require the version as required by the shlibs.
+ * Make libssl-dev depend on zlib1g-dev, since it's now required for
+ static linking. (Closes: #338313)
+ * Generate .pc files that make use of Libs.private, so things only
+ link to the libraries they should when linking shared.
+ * Use -m64 instead of -bpowerpc64-linux on ppc64. (Closes: #335486)
+ * Make powerpc and ppc64 use the assembler version for bn. ppc64
+ had the location in the string wrong, powerpc had it missing.
+ * Add includes for stddef to get size_t in md2.h, md4.h, md5.h,
+ ripemd.h and sha.h. (Closes: #333101)
+ * Run make test for each of the versions we build, make it
+ not fail the build process if an error is found.
+ * Add build dependency on bc for the regression tests.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 13 Nov 2005 16:01:05 +0100
+
+openssl (0.9.8a-3) unstable; urgency=high
+
+ * Link to libz instead of dynamicly loading it. It gets loaded
+ at the moment the library is initialised, so there is no point
+ in not linking to it. It's now failing in some cases since
+ it's not opened by it's soname, but by the symlink to it.
+ This should hopefully solve most of the bugs people have reported
+ since the move to libssl0.9.8.
+ (Closes: #334180, #336140, #335271)
+ * Urgency set to high because it fixes a grave bug affecting testing.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 1 Nov 2005 14:56:40 +0100
+
+openssl (0.9.8a-2) unstable; urgency=low
+
+ * Add Build-Dependency on m4, since sparc needs it to generate
+ it's assembler files. (Closes: #334542)
+ * Don't use rc4-x86_64.o on amd64 for now, it seems to be broken
+ and causes a segfault. (Closes: #334501, #334502)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 18 Oct 2005 19:05:53 +0200
+
+openssl (0.9.8a-1) unstable; urgency=low
+
+ Christoph Martin:
+ * fix asm entries for some architectures, fixing #332758 properly.
+ * add noexecstack option to i386 subarch
+ * include symbol versioning in Configure (closes: #330867)
+ * include debian-armeb arch (closes: #333579)
+ * include new upstream patches; includes some minor fixes
+ * fix dh_shlibdeps line, removing the redundant dependency on
+ libssl0.9.8 (closes: #332755)
+ * add swedish debconf template (closes: #330554)
+
+ Kurt Roeckx:
+ * Also add noexecstack option for amd64, since it now has an
+ executable stack with the assembler fixes for amd64.
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 17 Oct 2005 17:01:06 +0200
+
+openssl (0.9.8-3) unstable; urgency=low
+
+ * Apply security fix for CAN-2005-2969. (Closes: #333500)
+ * Change priority of -dbg package to extra.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 12 Oct 2005 22:38:58 +0200
+
+openssl (0.9.8-2) unstable; urgency=low
+
+ * Don't use arch specific assembler. Should fix build failure on
+ ia64, sparc and amd64. (Closes: #332758)
+ * Add myself to the uploaders.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 10 Oct 2005 19:22:36 +0200
+
+openssl (0.9.8-1) unstable; urgency=low
+
+ * New upstream release (closes: #311826)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 29 Sep 2005 14:20:04 +0200
+
+openssl (0.9.7g-3) unstable; urgency=low
+
+ * change Configure line for debian-freebsd-i386 to debian-kfreebsd-i386
+ (closes: #327692)
+ * include -dbg version. That implies compiling with -g and without
+ -fomit-frame-pointer (closes: #293823, #153811)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 23 Sep 2005 13:51:57 +0200
+
+openssl (0.9.7g-2) unstable; urgency=low
+
+ * really include nl translation
+ * remove special ia64 code from rc4 code to make the abi compatible to
+ older 0.9.7 versions (closes: #310489, #309274)
+ * fix compile flag for debian-ppc64 (closes: #318750)
+ * small fix in libssl0.9.7.postinst (closes: #239956)
+ * fix pk7_mime.c to prevent garbled messages because of to early memory
+ free (closes: #310184)
+ * include vietnamese debconf translation (closes: #316689)
+ * make optimized i386 libraries have non executable stack (closes:
+ #321721)
+ * remove leftover files from ssleay
+ * move from dh_installmanpages to dh_installman
+ * change Maintainer to pkg-openssl-devel at lists.alioth.debian.org
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 7 Sep 2005 15:32:54 +0200
+
+openssl (0.9.7g-1) unstable; urgency=low
+
+ * New upstream release
+ * Added support for proxy certificates according to RFC 3820.
+ Because they may be a security thread to unaware applications,
+ they must be explicitely allowed in run-time. See
+ docs/HOWTO/proxy_certificates.txt for further information.
+ * Prompt for pass phrases when appropriate for PKCS12 input format.
+ * Back-port of selected performance improvements from development
+ branch, as well as improved support for PowerPC platforms.
+ * Add lots of checks for memory allocation failure, error codes to indicate
+ failure and freeing up memory if a failure occurs.
+ * Perform some character comparisons of different types in X509_NAME_cmp:
+ this is needed for some certificates that reencode DNs into UTF8Strings
+ (in violation of RFC3280) and can't or wont issue name rollover
+ certificates.
+ * corrected watchfile
+ * added upstream source url (closes: #292904)
+ * fix typo in CA.pl.1 (closes: #290271)
+ * change debian-powerpc64 to debian-ppc64 and adapt the configure
+ options to be the same like upstream (closes: #289841)
+ * include -signcert option in CA.pl usage
+ * compile with zlib-dynamic to use system zlib (closes: #289872)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 9 May 2005 23:32:03 +0200
+
+openssl (0.9.7e-3) unstable; urgency=high
+
+ * really fix der_chop. The fix from -1 was not really included (closes:
+ #281212)
+ * still fixes security problem CAN-2004-0975 etc.
+ - tempfile raise condition in der_chop
+ - Avoid a race condition when CRLs are checked in a multi threaded
+ environment.
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Dec 2004 18:41:29 +0100
+
+openssl (0.9.7e-2) unstable; urgency=high
+
+ * fix perl path in der_chop and c_rehash (closes: #281212)
+ * still fixes security problem CAN-2004-0975 etc.
+ - tempfile raise condition in der_chop
+ - Avoid a race condition when CRLs are checked in a multi threaded
+ environment.
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 14 Nov 2004 20:16:21 +0100
+
+openssl (0.9.7e-1) unstable; urgency=high
+
+ * SECURITY UPDATE: fix insecure temporary file handling
+ * apps/der_chop:
+ - replaced $$-style creation of temporary files with
+ File::Temp::tempfile()
+ - removed unused temporary file name in do_certificate()
+ * References:
+ CAN-2004-0975 (closes: #278260)
+ * fix ASN1_STRING_to_UTF8 with UTF8 (closes: #260357)
+ * New upstream release with security fixes
+ - Avoid a race condition when CRLs are checked in a multi threaded
+ environment.
+ - Various fixes to s3_pkt.c so alerts are sent properly.
+ - Reduce the chances of duplicate issuer name and serial numbers (in
+ violation of RFC3280) using the OpenSSL certificate creation
+ utilities.
+ * depends openssl on perl-base instead of perl (closes: #280225)
+ * support powerpc64 in Configure (closes: #275224)
+ * include cs translation (closes: #273517)
+ * include nl translation (closes: #272479)
+ * Fix default dir of c_rehash (closes: #253126)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 12 Nov 2004 14:11:15 +0100
+
+openssl (0.9.7d-5) unstable; urgency=low
+
+ * Make S/MIME encrypt work again (backport from CVS) (closes: #241407,
+ #241386)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 26 Jul 2004 17:22:42 +0200
+
+openssl (0.9.7d-4) unstable; urgency=low
+
+ * add Catalan translation (closes: #248749)
+ * add Spanish translation (closes: #254561)
+ * include NMU fixes: see below
+ * decrease optimisation level for debian-arm to work around gcc bug
+ (closes: #253848) (thanks to Steve Langasek and Thom May)
+ * Add libcrypto0.9.7-udeb. (closes: #250010) (thanks to Bastian Blank)
+ * Add watchfile
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 14 Jul 2004 14:31:02 +0200
+
+openssl (0.9.7d-3) unstable; urgency=low
+
+ * rename -pic.a libraries to _pic.a (closes: #250016)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 24 May 2004 17:02:29 +0200
+
+openssl (0.9.7d-2) unstable; urgency=low
+
+ * include PIC libs (libcrypto-pic.a and libssl-pic.a) to libssl-dev
+ (closes: #246928, #243999)
+ * add racoon to restart list (closes: #242652)
+ * add Brazilian, Japanese and Danish translations (closes: #242087,
+ #241830, #241705)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 11 May 2004 10:13:49 +0200
+
+openssl (0.9.7d-1) unstable; urgency=high
+
+ * new upstream
+ * fixes security holes (http://www.openssl.org/news/secadv_20040317.txt)
+ (closes: #238661)
+ * includes support for debian-amd64 (closes: #235551, #232310)
+ * fix typo in pem.pod (closes: #219873)
+ * fix typo in libssl0.9.7.templates (closes: #224690)
+ * openssl suggests ca-certificates (closes: #217180)
+ * change debconf template to gettext format (closes: #219013)
+ * include french debconf template (closes: #219014)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 18 Mar 2004 16:18:43 +0100
+
+openssl (0.9.7c-5) unstable; urgency=low
+
+ * include openssl.pc into libssl-dev (closes: #212545)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Oct 2003 16:31:32 +0200
+
+openssl (0.9.7c-4) unstable; urgency=low
+
+ * change question to restart services to debconf (closes: #214840)
+ * stop using dh_undocumented (closes: #214831)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 10 Oct 2003 15:40:48 +0200
+
+openssl (0.9.7c-3) unstable; urgency=low
+
+ * fix POSIX conformance for head in libssl0.9.7.postinst (closes:
+ #214700)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 8 Oct 2003 14:02:38 +0200
+
+openssl (0.9.7c-2) unstable; urgency=low
+
+ * add filerc macro to libssl0.9.7.postinst (closes: #213906)
+ * restart spamassassins spamd on upgrade (closes: #214106)
+ * restart more services on upgrade
+ * fix EVP_BytesToKey manpage (closes: #213715)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 7 Oct 2003 15:01:32 +0200
+
+openssl (0.9.7c-1) unstable; urgency=high
+
+ * upstream security fix (closes: #213451)
+ - Fix various bugs revealed by running the NISCC test suite:
+ Stop out of bounds reads in the ASN1 code when presented with
+ invalid tags (CAN-2003-0543 and CAN-2003-0544).
+ Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
+ If verify callback ignores invalid public key errors don't try to check
+ certificate signature with the NULL public key.
+ - In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
+ if the server requested one: as stated in TLS 1.0 and SSL 3.0
+ specifications.
+ * more minor upstream bugfixes
+ * fix formatting in c_issuer (closes: #190026)
+ * fix Debian-FreeBSD support (closes: #200381)
+ * restart some services in postinst to make them use the new libraries
+ * remove duplicated openssl.1, crypto.3 and ssl.3 (closes: #198594)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 1 Oct 2003 08:54:27 +0200
+
+openssl (0.9.7b-2) unstable; urgency=high
+
+ * fix permission of /etc/ssl/private to 700 again
+ * change section of libssl-dev to libdevel
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 23 Apr 2003 11:13:24 +0200
+
+openssl (0.9.7b-1) unstable; urgency=high
+
+ * upstream security fix
+ - Countermeasure against the Klima-Pokorny-Rosa extension of
+ Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+ a protocol version number mismatch like a decryption error
+ in ssl3_get_client_key_exchange (ssl/s3_srvr.c). (CAN-2003-0131)
+ (closes: #189087)
+ - Turn on RSA blinding by default in the default implementation
+ to avoid a timing attack. Applications that don't want it can call
+ RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
+ They would be ill-advised to do so in most cases. (CAN-2003-0147)
+ - Change RSA blinding code so that it works when the PRNG is not
+ seeded (in this case, the secret RSA exponent is abused as
+ an unpredictable seed -- if it is not unpredictable, there
+ is no point in blinding anyway). Make RSA blinding thread-safe
+ by remembering the creator's thread ID in rsa->blinding and
+ having all other threads use local one-time blinding factors
+ (this requires more computation than sharing rsa->blinding, but
+ avoids excessive locking; and if an RSA object is not shared
+ between threads, blinding will still be very fast).
+ for more details see the CHANGES file
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 16 Apr 2003 10:32:57 +0200
+
+openssl (0.9.7a-1) unstable; urgency=high
+
+ * upstream Security fix
+ - In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
+ via timing by performing a MAC computation even if incorrrect
+ block cipher padding has been found. This is a countermeasure
+ against active attacks where the attacker has to distinguish
+ between bad padding and a MAC verification error. (CAN-2003-0078)
+ for more details see the CHANGES file
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 21 Feb 2003 22:39:40 +0100
+
+openssl (0.9.7-4) unstable; urgency=low
+
+ * use DH_COMPAT=3 to build
+ * move i686 to i686/cmov to fix problems on Via C3. For that to work we
+ have to depend on the newest libc6 on i386 (closes: #177891)
+ * fix bug in ui_util.c (closes: #177615)
+ * fix typo in md5.h (closes: #178112)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 24 Jan 2003 10:22:56 +0100
+
+openssl (0.9.7-3) unstable; urgency=low
+
+ * enable build of ultrasparc code on non ultrasparc machines (closes:
+ #177024)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 17 Jan 2003 08:22:13 +0100
+
+openssl (0.9.7-2) unstable; urgency=low
+
+ * include changes between 0.9.6g-9 and -10
+ * fix problem in build-process on i386 with libc6 version number
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 13 Jan 2003 14:26:56 +0100
+
+openssl (0.9.7-1) unstable; urgency=low
+
+ * new upstream
+ * includes engine support
+ * a lot of bugfixes and enhancements, see the CHANGES file
+ * include AES encryption
+ * makes preview of certificate configurable (closes: #176059)
+ * fix x509 manpage (closes: #168070)
+ * fix declaration of ERR_load_PEM_string in pem.h (closes: #141360)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 11 Jan 2003 09:12:16 +0100
+
+openssl (0.9.6g-10) unstable; urgency=low
+
+ * fix problem in build-process on i386 with libc6 version number
+ (closes: #167096)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 4 Nov 2002 12:27:21 +0100
+
+openssl (0.9.6g-9) unstable; urgency=low
+
+ * fix typo in i386 libc6 depend (sigh) (closes: #163848)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 8 Oct 2002 23:29:20 +0200
+
+openssl (0.9.6g-8) unstable; urgency=low
+
+ * fix libc6 depends. Only needed for i386 (closes: #163701)
+ * remove SHLIB section for bsds from Configure (closes: #163585)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 8 Oct 2002 10:57:35 +0200
+
+openssl (0.9.6g-7) unstable; urgency=low
+
+ * enable i686 optimisation and depend on fixed glibc (closes: #163500)
+ * remove transition package ssleay
+ * include optimisation vor sparcv8 (closes: #139996)
+ * improve optimisation vor sparcv9
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 6 Oct 2002 14:07:12 +0200
+
+openssl (0.9.6g-6) unstable; urgency=low
+
+ * temporarily disable i686 optimisation (See bug in glibc #161788)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 21 Sep 2002 18:56:49 +0200
+
+openssl (0.9.6g-5) unstable; urgency=low
+
+ * i486 can use i586 assembler
+ * include set -xe in the for loops in the rules files to make it abort
+ on error (closes: #161768)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 21 Sep 2002 16:23:11 +0200
+
+openssl (0.9.6g-4) unstable; urgency=low
+
+ * fix optimization for alpha and sparc
+ * add optimization for i486
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 20 Sep 2002 22:36:19 +0200
+
+openssl (0.9.6g-3) unstable; urgency=low
+
+ * add optimized libraries for i586, i686, ev4, ev5 and v9 (closes: #139783)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 19 Sep 2002 18:33:04 +0200
+
+openssl (0.9.6g-2) unstable; urgency=low
+
+ * fix manpage names (closes: #156717, #156718, #156719, #156721)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 15 Aug 2002 11:26:37 +0200
+
+openssl (0.9.6g-1) unstable; urgency=low
+
+ * new upstream version
+ * Use proper error handling instead of 'assertions' in buffer
+ overflow checks added in 0.9.6e. This prevents DoS (the
+ assertions could call abort()). (closes: #155985, #156495)
+ * Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
+ and get fix the header length calculation.
+ * include support for new sh* architectures (closes: #155117)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 14 Aug 2002 13:59:22 +0200
+
+openssl (0.9.6e-1) unstable; urgency=high
+
+ * fixes remote exploits (see DSA-136-1)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 30 Jul 2002 18:32:28 +0200
+
+openssl (0.9.6d-1) unstable; urgency=low
+
+ * new upstream (minor) version
+ * includes Configure lines for debian-*bsd-* (closes: #130413)
+ * fix wrong prototype for BN_pseudo_rand_range in BN_rand(3ssl) (closes:
+ #144586)
+ * fix typos in package description (closes: #141469)
+ * fix typo in SSL_CTX_set_cert_store manpage (closes: #135297)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 3 Jun 2002 19:42:10 +0200
+
+openssl (0.9.6c-2) unstable; urgency=low
+
+ * moved from non-US to main
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 19 Mar 2002 14:48:39 +0100
+
+openssl (0.9.6c-1) unstable; urgency=low
+
+ * new upstream version with a lot of bugfixes
+ * remove directory /usr/include/openssl from openssl package (closes:
+ bug #121226)
+ * remove selfdepends from libssl0.9.6
+ * link openssl binary shared again
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 5 Jan 2002 19:04:31 +0100
+
+openssl (0.9.6b-4) unstable; urgency=low
+
+ * build with -D_REENTRANT for threads support on all architectures
+ (closes: #112329, #119239)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 24 Nov 2001 12:17:51 +0100
+
+openssl (0.9.6b-3) unstable; urgency=low
+
+ * disable idea, mdc2 and rc5 because they are not free (closes: #65368)
+ * ready to be moved from nonus to main
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 21 Nov 2001 17:51:41 +0100
+
+openssl (0.9.6b-2) unstable; urgency=high
+
+ * fix definition of crypt in des.h (closes: #107533)
+ * fix descriptions (closes: #109503)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 17 Sep 2001 15:38:27 +0200
+
+openssl (0.9.6b-1) unstable; urgency=medium
+
+ * new upstream fixes some security issues (closes: #105835, #100146)
+ * added support for s390 (closes: #105681)
+ * added support for sh (closes: #100003)
+ * change priority of libssl096 to standard as ssh depends on it (closes:
+ #105440)
+ * don't optimize for i486 to support i386. (closes: #104127, #82194)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 20 Jul 2001 15:52:42 +0200
+
+openssl (0.9.6a-3) unstable; urgency=medium
+
+ * add perl-base to builddeps
+ * include static libraries in libssl-dev (closes: #93688)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 14 May 2001 20:16:06 +0200
+
+openssl (0.9.6a-2) unstable; urgency=medium
+
+ * change Architecture of ssleay from any to all (closes: #92913)
+ * depend libssl-dev on the exact same version of libssl0.9.6 (closes:
+ #88939)
+ * remove lib{crypto,ssl}.a from openssl (closes: #93666)
+ * rebuild with newer gcc to fix atexit problem (closes: #94036)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 2 May 2001 12:28:39 +0200
+
+openssl (0.9.6a-1) unstable; urgency=medium
+
+ * new upstream, fixes some security bugs (closes: #90584)
+ * fix typo in s_server manpage (closes: #89756)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 10 Apr 2001 12:13:11 +0200
+
+openssl (0.9.6-2) unstable; urgency=low
+
+ * policy: reorganisation of package names: libssl096 -> libssl0.9.6,
+ libssl096-dev -> libssl-dev (closes: #83426)
+ * libssl0.9.6 drops replaces libssl09 (Closes: #83425)
+ * install upstream CHANGES files (Closes: #83430)
+ * added support for hppa and ia64 (Closes: #88790)
+ * move man3 manpages to libssl-dev (Closes: #87546)
+ * fix formating problem in rand_add(1) (Closes: #87547)
+ * remove manpage duplicates (Closes: #87545, #74986)
+ * make package descriptions clearer (Closes: #83518, #83444)
+ * increase default emailAddress_max from 40 to 60 (Closes: #67238)
+ * removed RSAREF warning (Closes: #84122)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 8 Mar 2001 14:24:00 +0100
+
+openssl (0.9.6-1) unstable; urgency=low
+
+ * New upstream version (Thanks to Enrique Zanardi <ezanard at debian.org>)
+ (closes: #72388)
+ * Add support for debian-hurd (closes: #76032)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 13 Nov 2000 22:30:46 +0100
+
+openssl (0.9.5a-5) unstable; urgency=low
+
+ * move manpages in standard directories with section ssl (closes:
+ #72152, #69809)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 5 Oct 2000 19:56:20 +0200
+
+openssl (0.9.5a-4) unstable; urgency=low
+
+ * include edg_rand_bytes patch from and for apache-ssl
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 23 Sep 2000 16:48:06 +0200
+
+openssl (0.9.5a-3) unstable; urgency=low
+
+ * fix call to dh_makeshlibs to create correct shlibs file and make
+ dependend programs link correctly (closes: Bug#61658)
+ * include a note in README.debian concerning the location of the
+ subcommand manpages (closes: Bug#69809)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 16 Sep 2000 19:10:50 +0200
+
+openssl (0.9.5a-2) unstable; urgency=low
+
+ * try to fix the sharedlib problem. change soname of library
+ (closes: Bug#4622, #66102, #66538, #66123)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 12 Jul 2000 03:26:30 +0200
+
+openssl (0.9.5a-1) unstable; urgency=low
+
+ * new upstream version (major changes see file NEWS) (closes: Bug#63976,
+ #65239, #65358)
+ * new library package libssl095a because of probably changed library
+ interface (closes: Bug#46222)
+ * added architecture mips and mipsel (closes: Bug#62437, #60366)
+ * provide shlibs.local file in build to help build if libraries are not
+ yet installed (closes: Bug#63984)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 11 Jun 2000 15:17:35 +0200
+
+openssl (0.9.4-5) frozen unstable; urgency=medium
+
+ * cleanup of move of doc directories to /usr/share/doc (closes:
+ Bug#56430)
+ * lintian issues (closes: Bug#49358)
+ * move demos from openssl to libssl09-dev (closes: Bug#59201)
+ * move to debhelpers
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 11 Mar 2000 10:38:04 +0100
+
+openssl (0.9.4-4) unstable; urgency=medium
+
+ * Added 'debian-arm' in 'Configure'. (closes: Bug#54251, #54766)
+ * Fixed Configure for 'debian-m68k' (closes: Bug#53636)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 15 Jan 2000 13:16:18 +0100
+
+openssl (0.9.4-3) unstable; urgency=low
+
+ * define symbol SSLeay_add_ssl_algorithms for backward compatibility
+ (closes: Bug#46882)
+ * remove manpages from /usr/doc/openssl (closes: Bug#46791)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 14 Oct 1999 16:51:08 +0200
+
+openssl (0.9.4-2) unstable; urgency=low
+
+ * include some more docu in pod format (Bug #43933)
+ * removed -mv8 from sparc flags (Bug #44769)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 14 Sep 1999 22:04:06 +0200
+
+openssl (0.9.4-1) unstable; urgency=low
+
+ * new upstream version (Closes: #42926)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sat, 28 Aug 1999 17:04:23 +0200
+
+openssl (0.9.3a-1) unstable; urgency=low
+
+ * new upstream version (Bug #38345, #38627)
+ * sparc is big-endian (Bug #39973)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 7 Jul 1999 16:03:37 +0200
+
+openssl (0.9.2b-3) unstable; urgency=low
+
+ * correct move conffiles to /etc/ssl (Bug #38570)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 31 May 1999 21:08:07 +0200
+
+openssl (0.9.2b-2) unstable; urgency=low
+
+ * added convenience package ssleay to help upgrade to openssl (Bug
+ #37185, #37623, #36326)
+ * added some missing dependencies from libssl09 (Bug #36681, #35867,
+ #36326)
+ * move lib*.so to libssl09-dev (Bug #36761)
+ * corrected version numbers of library files
+ * introduce link from /usr/lib/ssl to /etc/ssl (Bug #36710)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 23 May 1999 14:57:48 +0200
+
+openssl (0.9.2b-1) unstable; urgency=medium
+
+ * First openssl version
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 31 Mar 1999 15:54:26 +0200
+
+ssleay (0.9.0b-2) unstable; urgency=low
+
+ * Include message about the (not)usage of RSAREF (#24409)
+ * Move configfiles from /usr/lib/ssl to /etc/ssl (#26406)
+ * Change definitions for sparc (#26487)
+ * Added missing dependency (#28591)
+ * Make debian/libtool executable (#29708)
+ * /etc/ssl/lib/ssleay.cnf is now a confile (#32624)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Sun, 21 Mar 1999 19:41:04 +0100
+
+ssleay (0.9.0b-1) unstable; urgency=low
+
+ * new upstream version (Bug #21227, #25971)
+ * build shared libraries with -fPIC (Bug #20027)
+ * support sparc architecture (Bug #28467)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 13 Oct 1998 10:20:13 +0200
+
+ssleay (0.8.1-7) frozen unstable; urgency=high
+
+ * security fix patch to 0.8.1b (bug #24022)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 6 Jul 1998 15:42:15 +0200
+
+ssleay (0.8.1-6) frozen unstable; urgency=low
+
+ * second try to fix bug #15235 (copyright was still missing)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Mon, 22 Jun 1998 08:56:27 +0200
+
+ssleay (0.8.1-5) frozen unstable; urgency=high
+
+ * changed /dev/random to /dev/urandom (Bug #23169, #17817)
+ * copyright contains now the full licence (Bug #15235)
+ * fixed bug #19410 (md5sums-lists-nonexisting-file)
+ * added demos to /usr/doc (Bug #17372)
+ * fixed type in package description (Bug #18969)
+ * fixed bug in adding documentation (Bug #21463)
+ * added patch for support of debian-powerpc (Bug #21579)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 18 Jun 1998 23:09:13 +0200
+
+ssleay (0.8.1-4) unstable; urgency=low
+
+ * purged dependency from libc5
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Tue, 11 Nov 1997 15:31:50 +0100
+
+ssleay (0.8.1-3) unstable; urgency=low
+
+ * changed packagename libssl to libssl08 to get better dependancies
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Fri, 7 Nov 1997 14:23:17 +0100
+
+ssleay (0.8.1-2) unstable; urgency=low
+
+ * linked shared libraries against libc6
+ * use /dev/random for randomseed
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 5 Nov 1997 11:21:40 +0100
+
+ssleay (0.8.1-1) unstable; urgency=low
+
+ * new upstream version
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Thu, 16 Oct 1997 16:15:43 +0200
+
+ssleay (0.6.6-2) unstable; urgency=low
+
+ * cleanup in diffs
+ * removed INSTALL from docs (bug #13205)
+ * split libssl and libssl-dev (but #13735)
+
+ -- Christoph Martin <christoph.martin at uni-mainz.de> Wed, 15 Oct 1997 17:38:38 +0200
+
+ssleay (0.6.6-1) unstable; urgency=low
+
+ * New upstream version
+ * added shared libraries for libcrypto and libssl
+
+ -- Christoph Martin <martin at uni-mainz.de> Thu, 26 Jun 1997 19:26:14 +0200
+
+ssleay (0.6.4-2) unstable; urgency=low
+
+ * changed doc filenames from .doc to .txt to be able to read them
+ over with webbrowser
+
+ -- Christoph Martin <martin at uni-mainz.de> Tue, 25 Feb 1997 14:02:53 +0100
+
+ssleay (0.6.4-1) unstable; urgency=low
+
+ * Initial Release.
+
+ -- Christoph Martin <martin at uni-mainz.de> Fri, 22 Nov 1996 21:29:51 +0100
Deleted: openssl/tags/1.1.0e-1/debian/patches/Add-a-couple-of-test-to-check-CRL-fingerprint.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/Add-a-couple-of-test-to-check-CRL-fingerprint.patch 2017-01-30 22:20:45 UTC (rev 894)
+++ openssl/tags/1.1.0e-1/debian/patches/Add-a-couple-of-test-to-check-CRL-fingerprint.patch 2017-02-16 18:29:10 UTC (rev 897)
@@ -1,45 +0,0 @@
-From: Richard Levitte <levitte at openssl.org>
-Date: Sat, 28 Jan 2017 18:24:40 +0100
-Subject: [PATCH 3/3] Add a couple of test to check CRL fingerprint
-
-BTS: #852920
-
-Reviewed-by: Kurt Roeckx <kurt at openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/2314)
-(cherry picked from commit 929860d0e6112f5c7766d9ea036c3f8bd8d3d719)
----
- test/recipes/25-test_crl.t | 19 ++++++++++++++++++-
- 1 file changed, 18 insertions(+), 1 deletion(-)
-
---- a/test/recipes/25-test_crl.t
-+++ b/test/recipes/25-test_crl.t
-@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_fil
-
- setup("test_crl");
-
--plan tests => 3;
-+plan tests => 5;
-
- require_ok(srctop_file('test','recipes','tconversion.pl'));
-
-@@ -24,3 +24,20 @@ subtest 'crl conversions' => sub {
- };
-
- ok(run(test(['crltest'])));
-+
-+ok(compare1stline([qw{openssl crl -noout -fingerprint -in},
-+ srctop_file('test', 'testcrl.pem')],
-+ 'SHA1 Fingerprint=BA:F4:1B:AD:7A:9B:2F:09:16:BC:60:A7:0E:CE:79:2E:36:00:E7:B2'));
-+ok(compare1stline([qw{openssl crl -noout -fingerprint -sha256 -in},
-+ srctop_file('test', 'testcrl.pem')],
-+ 'SHA256 Fingerprint=B3:A9:FD:A7:2E:8C:3D:DF:D0:F1:C3:1A:96:60:B5:FD:B0:99:7C:7F:0E:E4:34:F5:DB:87:62:36:BC:F1:BC:1B'));
-+
-+sub compare1stline {
-+ my ($cmdarray, $str) = @_;
-+ my @lines = run(app($cmdarray), capture => 1);
-+
-+ return 1 if $lines[0] =~ m|^\Q${str}\E\R$|;
-+ note "Got ", $lines[0];
-+ note "Expected ", $str;
-+ return 0;
-+}
Deleted: openssl/tags/1.1.0e-1/debian/patches/Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch 2017-01-30 22:20:45 UTC (rev 894)
+++ openssl/tags/1.1.0e-1/debian/patches/Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch 2017-02-16 18:29:10 UTC (rev 897)
@@ -1,23 +0,0 @@
-From: Richard Levitte <levitte at openssl.org>
-Date: Sat, 28 Jan 2017 18:02:12 +0100
-Subject: [PATCH 2/3] Document what EXFLAG_SET is for in x509v3.h
-
-BTS: #852920
-
-Reviewed-by: Kurt Roeckx <kurt at openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/2314)
-(cherry picked from commit 2d60c923141e7853c268364f26195343a5e995bf)
----
- include/openssl/x509v3.h | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/include/openssl/x509v3.h
-+++ b/include/openssl/x509v3.h
-@@ -355,6 +355,7 @@ struct ISSUING_DIST_POINT_st {
- # define EXFLAG_SI 0x20
- # define EXFLAG_V1 0x40
- # define EXFLAG_INVALID 0x80
-+/* EXFLAG_SET is set to indicate that some values have been precomputed */
- # define EXFLAG_SET 0x100
- # define EXFLAG_CRITICAL 0x200
- # define EXFLAG_PROXY 0x400
Deleted: openssl/tags/1.1.0e-1/debian/patches/X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch 2017-01-30 22:20:45 UTC (rev 894)
+++ openssl/tags/1.1.0e-1/debian/patches/X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch 2017-02-16 18:29:10 UTC (rev 897)
@@ -1,40 +0,0 @@
-From: Richard Levitte <levitte at openssl.org>
-Date: Sat, 28 Jan 2017 17:43:17 +0100
-Subject: [PATCH 1/3] X509_CRL_digest() - ensure precomputed sha1 hash before
- returning it
-
-X509_CRL_digest() didn't check if the precomputed sha1 hash was actually
-present. This also makes sure there's an appropriate flag to check.
-
-BTS: #852920
-
-Reviewed-by: Kurt Roeckx <kurt at openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/2314)
-(cherry picked from commit 6195848b2eea627c47f74b63eb2ba3dc3d5b6436)
----
- crypto/x509/x_all.c | 2 +-
- crypto/x509/x_crl.c | 2 ++
- 2 files changed, 3 insertions(+), 1 deletion(-)
-
---- a/crypto/x509/x_all.c
-+++ b/crypto/x509/x_all.c
-@@ -377,7 +377,7 @@ int X509_digest(const X509 *data, const
- int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
- unsigned char *md, unsigned int *len)
- {
-- if (type == EVP_sha1()) {
-+ if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0) {
- /* Asking for SHA1; always computed in CRL d2i. */
- if (len != NULL)
- *len = sizeof(data->sha1_hash);
---- a/crypto/x509/x_crl.c
-+++ b/crypto/x509/x_crl.c
-@@ -226,6 +226,8 @@ static int crl_cb(int operation, ASN1_VA
- if (crl->meth->crl_init(crl) == 0)
- return 0;
- }
-+
-+ crl->flags |= EXFLAG_SET;
- break;
-
- case ASN1_OP_FREE_POST:
Deleted: openssl/tags/1.1.0e-1/debian/patches/series
===================================================================
--- openssl/branches/1.1.0/debian/patches/series 2017-01-30 22:20:45 UTC (rev 894)
+++ openssl/tags/1.1.0e-1/debian/patches/series 2017-02-16 18:29:10 UTC (rev 897)
@@ -1,9 +0,0 @@
-debian-targets.patch
-man-section.patch
-no-symbolic.patch
-pic.patch
-c_rehash-compat.patch
-#padlock_conf.patch
-X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch
-Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch
-Add-a-couple-of-test-to-check-CRL-fingerprint.patch
Copied: openssl/tags/1.1.0e-1/debian/patches/series (from rev 896, openssl/branches/1.1.0/debian/patches/series)
===================================================================
--- openssl/tags/1.1.0e-1/debian/patches/series (rev 0)
+++ openssl/tags/1.1.0e-1/debian/patches/series 2017-02-16 18:29:10 UTC (rev 897)
@@ -0,0 +1,6 @@
+debian-targets.patch
+man-section.patch
+no-symbolic.patch
+pic.patch
+c_rehash-compat.patch
+#padlock_conf.patch
More information about the Pkg-openssl-changes
mailing list