2084 lines
76 KiB
Plaintext
2084 lines
76 KiB
Plaintext
openssl1.0 (1.0.2s-1~deb9u1) stretch-security; urgency=medium
|
|
|
|
* New upstream version
|
|
|
|
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Wed, 26 Jun 2019 20:25:01 +0200
|
|
|
|
openssl1.0 (1.0.2r-1~deb9u1) stretch-security; urgency=medium
|
|
|
|
[ Kurt Roeckx ]
|
|
* New upstream version
|
|
- Fixes CVE-2019-1559
|
|
|
|
[ Sebastian Andrzej Siewior ]
|
|
* Use openssl.cnf from the build directory for the testsuite.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Wed, 27 Feb 2019 21:58:52 +0100
|
|
|
|
openssl1.0 (1.0.2q-1~deb9u1) stretch-security; urgency=medium
|
|
|
|
* use signing-key.asc and a https links for downloads
|
|
* Import 1.0.2q stable release.
|
|
- CVE-2018-0737 (Cache timing vulnerability in RSA Key Generation)
|
|
- CVE-2018-0732 (Client DoS due to large DH parameter)
|
|
- CVE-2018-0734 (Timing vulnerability in DSA signature generation)
|
|
- CVE-2018-5407 (Microarchitecture timing vulnerability in ECC scalar
|
|
multiplication)
|
|
|
|
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Sun, 16 Dec 2018 21:07:51 +0100
|
|
|
|
openssl1.0 (1.0.2l-2+deb9u3) stretch-security; urgency=high
|
|
|
|
* CVE-2018-0739 (Constructed ASN.1 types with a recursive definition could
|
|
exceed the stack)
|
|
|
|
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Thu, 29 Mar 2018 13:10:14 +0200
|
|
|
|
openssl1.0 (1.0.2l-2+deb9u2) stretch-security; urgency=high
|
|
|
|
* CVE-2017-3737 (Read/write after SSL object in error state)
|
|
* Add a testcase for CVE-2017-3737
|
|
* CVE-2017-3738 (rsaz_1024_mul_avx2 overflow bug on x86_64)
|
|
|
|
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Wed, 13 Dec 2017 23:09:47 +0100
|
|
|
|
openssl1.0 (1.0.2l-2+deb9u1) stretch-security; urgency=medium
|
|
|
|
* Fix CVE-2017-3735
|
|
* Fix CVE-2017-3736
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Thu, 02 Nov 2017 14:03:53 +0100
|
|
|
|
openssl1.0 (1.0.2l-2) unstable; urgency=medium
|
|
|
|
* Make the udeb use a versioned depends (Closes: #864081)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sun, 04 Jun 2017 19:15:33 +0200
|
|
|
|
openssl1.0 (1.0.2l-1) unstable; urgency=medium
|
|
|
|
* New upstream release
|
|
- Properly detect features on the AMD Ryzen processor (Closes: #861145)
|
|
* Refresh valgrind.patch
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Thu, 25 May 2017 22:53:57 +0200
|
|
|
|
openssl1.0 (1.0.2k-1) unstable; urgency=medium
|
|
|
|
* New upstream release
|
|
- Fixes CVE-2017-3731
|
|
- Fixes CVE-2017-3732
|
|
- Fixes CVE-2016-7055
|
|
|
|
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Thu, 26 Jan 2017 16:39:16 +0100
|
|
|
|
openssl1.0 (1.0.2j-5) unstable; urgency=medium
|
|
|
|
* Add myself as Uploader.
|
|
* Drop zlib1g-dev from libssl1.0-dev's deps (Closes: #845945).
|
|
* Mark RC4 and 3DES as weak which removes them from the SSL/TLS protocol
|
|
(Closes: #736687).
|
|
* Update Standards-Version, no change required.
|
|
* Drop asm support for X32 because the testsuite segfaults.
|
|
* Limit the watchfile to the 1.0.2x series.
|
|
* Redo rules file to newer debhelper syntax
|
|
* Add homepage filed
|
|
* Remove recommends for libssl-doc because the doc package from 1.1.0 is not
|
|
really matching the -dev package from 1.0.2
|
|
|
|
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Sat, 31 Dec 2016 14:09:16 +0100
|
|
|
|
openssl1.0 (1.0.2j-4) unstable; urgency=medium
|
|
|
|
* Re-add udebs
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sun, 06 Nov 2016 12:07:19 +0100
|
|
|
|
openssl1.0 (1.0.2j-3) unstable; urgency=medium
|
|
|
|
* Upload to unstable
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Tue, 01 Nov 2016 22:05:22 +0100
|
|
|
|
openssl1.0 (1.0.2j-2) experimental; urgency=medium
|
|
|
|
* Provide an 1.0.2 version of the library for Stretch.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Thu, 27 Oct 2016 21:10:24 +0200
|
|
|
|
openssl (1.0.2j-1) unstable; urgency=medium
|
|
|
|
* New upstream release
|
|
- Fixes CVE-2016-7052
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Mon, 26 Sep 2016 18:17:39 +0200
|
|
|
|
openssl (1.0.2i-1) unstable; urgency=high
|
|
|
|
* New upstream version
|
|
- Fix CVE-2016-2177
|
|
- Fix CVE-2016-2178
|
|
- Fix CVE-2016-2179
|
|
- Fix CVE-2016-2180
|
|
- Fix CVE-2016-2181
|
|
- Fix CVE-2016-2182
|
|
- Fix CVE-2016-2183
|
|
- Fix CVE-2016-6302
|
|
- Fix CVE-2016-6303
|
|
- Fix CVE-2016-6304
|
|
- Fix CVE-2016-6306
|
|
* Drop ca.patch, option is now documented upstream
|
|
* Update engines-path.patch to also update the libcrypto.pc, now that that
|
|
has an enginesdir in it.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Thu, 22 Sep 2016 19:39:36 +0200
|
|
|
|
openssl (1.0.2h-2) unstable; urgency=medium
|
|
|
|
* Re-add libdoc-manpgs-pod-spell.patch to series files (Closes: #813191)
|
|
* Don't build i686 optimized version anymore on i386, it's now the default.
|
|
(Closes: #823774)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sun, 08 May 2016 13:16:29 +0200
|
|
|
|
openssl (1.0.2h-1) unstable; urgency=high
|
|
|
|
* New upstream version
|
|
- Fixes CVE-2016-2107
|
|
- Fixes CVE-2016-2105
|
|
- Fixes CVE-2016-2106
|
|
- Fixes CVE-2016-2109
|
|
- Fixes CVE-2016-2176
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Tue, 03 May 2016 18:31:22 +0200
|
|
|
|
openssl (1.0.2g-2) unstable; urgency=medium
|
|
|
|
* Use assembler of arm64 (Closes: #794326)
|
|
Patch from Riku Voipio <riku.voipio@iki.fi>
|
|
* Add a udeb for libssl, based on similar changes done in Ubuntu
|
|
starting in version 0.9.8o-4ubuntu1 (Closes: #802591)
|
|
Patch from Margarita Manterola <marga@google.com>
|
|
* Add support for nios2 (Closes: #816239)
|
|
Based on patch from Marek Vasut <marex@denx.de>
|
|
* Update Spanish translation from Manuel "Venturi" Porras Peralta
|
|
<venturi@openmailbox.org> (Closes: #773601)
|
|
* Don't build an i586 optimized version anymore, the default
|
|
already targets that. Patch from Sven Joachim <svenjoac@gmx.de>
|
|
(Closes: #759811)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Thu, 21 Apr 2016 23:43:06 +0200
|
|
|
|
openssl (1.0.2g-1) unstable; urgency=high
|
|
|
|
* New upstream version
|
|
* Fix CVE-2016-0797
|
|
* Fix CVE-2016-0798
|
|
* Fix CVE-2016-0799
|
|
* Fix CVE-2016-0702
|
|
* Fix CVE-2016-0705
|
|
* Disable EXPORT and LOW ciphers: The DROWN attack (CVE-2016-0800)
|
|
makes use of those, and SLOTH attack (CVE-2015-7575) can make use of them
|
|
too.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Tue, 01 Mar 2016 18:31:09 +0100
|
|
|
|
openssl (1.0.2f-2) unstable; urgency=high
|
|
|
|
* New upstream version.
|
|
- Fixes CVE-2016-0701
|
|
- Not affected by CVE-2015-3197 because SSLv2 is disabled.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Thu, 28 Jan 2016 19:32:02 +0100
|
|
|
|
openssl (1.0.2e-1) unstable; urgency=high
|
|
|
|
* New upstream release
|
|
- Fix CVE-2015-3193
|
|
- Fix CVE-2015-3194
|
|
- Fix CVE-2015-3195
|
|
- Fix CVE-2015-3196
|
|
* Remove all symlinks during clean
|
|
* Run make depend after configure
|
|
* Remove openssl_button.* from the doc package
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Thu, 03 Dec 2015 19:33:05 +0100
|
|
|
|
openssl (1.0.2d-3) unstable; urgency=medium
|
|
|
|
* Upload to unstable
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sun, 01 Nov 2015 19:14:34 +0100
|
|
|
|
openssl (1.0.2d-2) experimental; urgency=medium
|
|
|
|
* Build with no-ssl3-method to remove all SSLv3 support. This results in
|
|
the functions SSLv3_method(), SSLv3_server_method() and
|
|
SSLv3_client_method() being removed from libssl. Change the soname as
|
|
result of that and also changes name of the binary package.
|
|
(Closes: #768476)
|
|
* Enable rfc3779 and cms support (Closes: #630790)
|
|
* Fix cross compilation for mips architectures. (Closes: #782492)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sun, 06 Sep 2015 14:21:27 +0200
|
|
|
|
openssl (1.0.2d-1) unstable; urgency=high
|
|
|
|
* New upstream version
|
|
- Fixes CVE-2015-1793
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Thu, 09 Jul 2015 18:22:26 +0200
|
|
|
|
openssl (1.0.2c-1) unstable; urgency=medium
|
|
|
|
* New upstream version
|
|
- Fixes ABI (Closes: #788511)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Fri, 12 Jun 2015 20:35:12 +0200
|
|
|
|
openssl (1.0.2b-1) unstable; urgency=high
|
|
|
|
* New upstream version
|
|
- Fix CVE-2015-4000
|
|
- Fix CVE-2015-1788
|
|
- Fix CVE-2015-1789
|
|
- Fix CVE-2015-1790
|
|
- Fix CVE-2015-1792
|
|
- Fix CVE-2015-1791
|
|
* Update c_rehash-compat.patch to make it apply to the new version.
|
|
* Remove openssl-pod-misspell.patch applied upstream
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Thu, 11 Jun 2015 18:20:38 +0200
|
|
|
|
openssl (1.0.2a-1) unstable; urgency=medium
|
|
|
|
* New upstrema version
|
|
- Fix CVE-2015-0286
|
|
- Fix CVE-2015-0287
|
|
- Fix CVE-2015-0289
|
|
- Fix CVE-2015-0293 (not affected, SSLv2 disabled)
|
|
- Fix CVE-2015-0209
|
|
- Fix CVE-2015-0288
|
|
- Fix CVE-2015-0291
|
|
- Fix CVE-2015-0290
|
|
- Fix CVE-2015-0207
|
|
- Fix CVE-2015-0208
|
|
- Fix CVE-2015-1787
|
|
- Fix CVE-2015-0285
|
|
* Temporary enable SSLv3 methods again, but they will go away.
|
|
* Don't set TERMIO anymore, use the default TERMIOS instead.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Thu, 30 Apr 2015 23:37:27 +0200
|
|
|
|
openssl (1.0.2-1) experimental; urgency=medium
|
|
|
|
* New upstream release
|
|
- Fixes CVE-2014-3571
|
|
- Fixes CVE-2015-0206
|
|
- Fixes CVE-2014-3569
|
|
- Fixes CVE-2014-3572
|
|
- Fixes CVE-2015-0204
|
|
- Fixes CVE-2015-0205
|
|
- Fixes CVE-2014-8275
|
|
- Fixes CVE-2014-3570
|
|
- Drop git_snapshot.patch
|
|
* Drop gnu_source.patch, dgst_hmac.patch, stddef.patch,
|
|
no_ssl3_method.patch: applied upstream
|
|
* Update patches to apply
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Fri, 23 Jan 2015 18:54:13 +0100
|
|
|
|
openssl (1.0.2~beta3-1) experimental; urgency=low
|
|
|
|
* New usptream beta version
|
|
* Add git snapshot
|
|
* Merge changes between 1.0.1h-3 and 1.0.1j-1:
|
|
- Disables SSLv3 because of CVE-2014-3566
|
|
* Drop patch rehash-crt.patch: partially applied upstream.
|
|
c_rehash now doesn't support files in DER format anymore.
|
|
* Drop patch rehash_pod.patch: applied upstream
|
|
* Update c_rehash-compat.patch to apply to new upstream version. This
|
|
undoes upstream's "-old" option and creates both the new and old again.
|
|
It now also does it for CRLs.
|
|
* Drop defaults.patch, applied upstream
|
|
* dgst_hmac.patch updated to apply to upstream version.
|
|
* engines-path.patch updated to apply to upstream version.
|
|
* Update list of exported symbols
|
|
* Update symbols files to require beta3
|
|
* Enable unit tests
|
|
* Add patch to add support for the no-ssl3-method option that completly
|
|
disable SSLv3 and pass the option. This drops the following functions
|
|
from the library: SSLv3_method, SSLv3_server_method and
|
|
SSLv3_client_method
|
|
* Build using OPENSSL_NO_BUF_FREELISTS
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Fri, 07 Nov 2014 00:20:10 +0100
|
|
|
|
openssl (1.0.2~beta2-1) experimental; urgency=medium
|
|
|
|
* New usptream beta version
|
|
- Fix CVE-2014-0224
|
|
- Fix CVE-2014-0221
|
|
- Fix CVE-2014-0195
|
|
- Fix CVE-2014-3470
|
|
- Fix CVE-2014-0198
|
|
- Fix CVE-2010-5298
|
|
- Fix CVE-2014-0160
|
|
- Fix CVE-2014-0076
|
|
* Merge changes between 1.0.1f-1 and 1.0.1h-3:
|
|
- postinst: Updated check for restarting services
|
|
* libdoc-manpgs-pod-spell.patch and openssl-pod-misspell.patch
|
|
partially applied upstream
|
|
* Drop fix-pod-errors.patch, applied upstream.
|
|
* Add support for ppc64le (Closes: #745657)
|
|
* Add support for OpenRISC (Closes: #736772)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Wed, 23 Jul 2014 19:54:09 +0200
|
|
|
|
openssl (1.0.2~beta1-1) experimental; urgency=medium
|
|
|
|
* New upstream beta version
|
|
- Update list of symbols that should be exported and adjust the symbols
|
|
file. This also removes a bunch of duplicate symbols in the linker
|
|
file.
|
|
- Fix additional pod errors
|
|
- Following patches have been applied upstream and are removed:
|
|
libssl-misspell.patch, pod_req_misspell2.patch,
|
|
pod_pksc12.misspell.patch, pod_s_server.misspell.patch,
|
|
pod_x509setflags.misspell.patch, pod_ec.misspell.patch,
|
|
pkcs12-doc.patch, req_bits.patch
|
|
- Following patches have been partially applied upstream:
|
|
libdoc-manpgs-pod-spell.patch, openssl-pod-misspell.patch
|
|
- Remove openssl_fix_for_x32.patch, different patch applied upstream.
|
|
* Add support for cross compiling (Closes: #465248)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Tue, 25 Feb 2014 00:36:51 +0100
|
|
|
|
openssl (1.0.1f-1) unstable; urgency=high
|
|
|
|
* New upstream version
|
|
- Fix for TLS record tampering bug CVE-2013-4353
|
|
- Drop the snapshot patch
|
|
* update watch file to check for upstream signature and add upstream pgp key.
|
|
* Drop conflicts against openssh since we now on a released version again.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Mon, 06 Jan 2014 18:50:54 +0100
|
|
|
|
openssl (1.0.1e-6) unstable; urgency=medium
|
|
|
|
* Add Breaks: openssh-client (<< 1:6.4p1-1.1), openssh-server (<<
|
|
1:6.4p1-1.1). This is to prevent people running into #732940.
|
|
This Breaks can be removed again when we stop using a git snapshot.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Mon, 23 Dec 2013 15:19:17 +0100
|
|
|
|
openssl (1.0.1e-5) unstable; urgency=low
|
|
|
|
* Change default digest to SHA256 instead of SHA1. (Closes: #694738)
|
|
* Drop support for multiple certificates in 1 file. It never worked
|
|
properly in the first place, and the only one shipping in
|
|
ca-certificates has been split.
|
|
* Fix libdoc-manpgs-pod-spell.patch to only fix spalling errors
|
|
* Remove make-targets.patch. It prevented the test dir from being cleaned.
|
|
* Update to a git snapshot of the OpenSSL_1_0_1-stable branch.
|
|
- Fixes CVE-2013-6449 (Closes: #732754)
|
|
- Fixes CVE-2013-6450
|
|
- Drop patches ssltest_no_sslv2.patch cpuid.patch aesni-mac.patch
|
|
dtls_version.patch get_certificate.patch, since they where all
|
|
already commited upstream.
|
|
- adjust fix-pod-errors.patch for the reordering of items in the
|
|
documentation they've done trying to fix those pod errors.
|
|
- disable rdrand engine by default (Closes: #732710)
|
|
* disable zlib support. Fixes CVE-2012-4929 (Closes: #728055)
|
|
* Add arm64 support (Closes: #732348)
|
|
* Properly use the default number of bits in req when none are given
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sun, 22 Dec 2013 19:25:35 +0100
|
|
|
|
openssl (1.0.1e-4) unstable; urgency=low
|
|
|
|
[ Peter Michael Green ]
|
|
* Fix pod errors (Closes: #723954)
|
|
* Fix clean target
|
|
|
|
[ Kurt Roeckx ]
|
|
* Add mipsn32 and mips64 targets. Patch from Eleanor Chen
|
|
<chenyueg@gmail.com> (Closes: #720654)
|
|
* Add support for nocheck in DEB_BUILD_OPTIONS
|
|
* Update Norwegian translation (Closes: #653574)
|
|
* Update description of the packages. Patch by Justin B Rye
|
|
(Closes: #719262)
|
|
* change to debhelper compat level 9:
|
|
- change dh_strip call so only the files from libssl1.0.0 get debug
|
|
symbols.
|
|
- change dh_makeshlibs call so the engines don't get added to the
|
|
shlibs
|
|
* Update Standards-Version from 3.8.0 to 3.9.5. No changes required.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Fri, 01 Nov 2013 17:11:53 +0100
|
|
|
|
openssl (1.0.1e-3) unstable; urgency=low
|
|
|
|
* Move <openssl/opensslconf.h> to /usr/include/$(DEB_HOST_MULTIARCH), and
|
|
mark libssl-dev Multi-Arch: same.
|
|
Patch by Colin Watson <cjwatson@ubuntu.com> (Closes: #689093)
|
|
* Add Polish translation (Closes: #658162)
|
|
* Add Turkish translation (Closes: #660971)
|
|
* Enable assembler for the arm targets, and remove armeb.
|
|
Patch by Riku Voipio <riku.voipio@iki.fi> (Closes: #676533)
|
|
* Add support for x32 (Closes: #698406)
|
|
* enable ec_nistp_64_gcc_128 on *-amd64 (Closes: #698447)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Mon, 20 May 2013 16:56:06 +0200
|
|
|
|
openssl (1.0.1e-2) unstable; urgency=high
|
|
|
|
* Bump shlibs. It's needed for the udeb.
|
|
* Make cpuid work on cpu's that don't set ecx (Closes: #699692)
|
|
* Fix problem with AES-NI causing bad record mac (Closes: #701868, #702635, #678353)
|
|
* Fix problem with DTLS version check (Closes: #701826)
|
|
* Fix segfault in SSL_get_certificate (Closes: #703031)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Mon, 18 Mar 2013 20:37:11 +0100
|
|
|
|
openssl (1.0.1e-1) unstable; urgency=high
|
|
|
|
* New upstream version (Closes: #699889)
|
|
- Fixes CVE-2013-0169, CVE-2012-2686, CVE-2013-0166
|
|
- Drop renegiotate_tls.patch, applied upstream
|
|
- Export new CRYPTO_memcmp symbol, update symbol file
|
|
* Add ssltest_no_sslv2.patch so that "make test" works.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Mon, 11 Feb 2013 19:39:44 +0100
|
|
|
|
openssl (1.0.1c-5) unstable; urgency=low
|
|
|
|
* Re-enable assembler versions on sparc. They shouldn't have
|
|
been disabled for sparc v9. (Closes: #649841)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sun, 09 Sep 2012 08:43:40 +0200
|
|
|
|
openssl (1.0.1c-4) unstable; urgency=low
|
|
|
|
* Fix the configure rules for alpha (Closes: #672710)
|
|
* Switch the postinst to sh again, there never was a reason to
|
|
switch it to bash (Closes: #676398)
|
|
* Fix pic.patch to not use #ifdef in x86cpuid.s, only .S files are
|
|
preprocessed. We generate the file again for pic anyway.
|
|
(Closes: #677468)
|
|
* Drop Breaks against openssh as it was only for upgrades
|
|
between versions that were only in testing/unstable.
|
|
(Closes: #668600)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Tue, 17 Jul 2012 11:49:19 +0200
|
|
|
|
openssl (1.0.1c-3) unstable; urgency=low
|
|
|
|
* Disable padlock engine again, causes problems for hosts not supporting it.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Wed, 06 Jun 2012 18:29:37 +0200
|
|
|
|
openssl (1.0.1c-2) unstable; urgency=high
|
|
|
|
* Fix renegiotation when using TLS > 1.0. This breaks tor. Patch from
|
|
upstream. (Closes: #675990)
|
|
* Enable the padlock engine by default.
|
|
* Change default bits from 1024 to 2048 (Closes: #487152)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Wed, 06 Jun 2012 00:55:42 +0200
|
|
|
|
openssl (1.0.1c-1) unstable; urgency=high
|
|
|
|
* New upstream version
|
|
- Fixes CVE-2012-2333 (Closes: #672452)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Fri, 11 May 2012 18:44:51 +0200
|
|
|
|
openssl (1.0.1b-1) unstable; urgency=high
|
|
|
|
* New upstream version
|
|
- Remaps SSL_OP_NO_TLSv1_1, so applications linked to 1.0.0
|
|
can talk to servers supporting TLS 1.1 but not TLS 1.2
|
|
- Drop rc4_hmac_md5.patch, applied upstream
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Thu, 26 Apr 2012 23:34:34 +0200
|
|
|
|
openssl (1.0.1a-3) unstable; urgency=low
|
|
|
|
* Use patch from upstream for the rc4_hmac_md5 issue.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Thu, 19 Apr 2012 23:16:30 +0200
|
|
|
|
openssl (1.0.1a-2) unstable; urgency=low
|
|
|
|
* Fix rc4_hmac_md5 on non-i386/amd64 arches.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Thu, 19 Apr 2012 21:54:42 +0200
|
|
|
|
openssl (1.0.1a-1) unstable; urgency=high
|
|
|
|
* New upstream version
|
|
- Fixes CVE-2012-2110
|
|
- Fix crash in rc4_hmac_md5 (Closes: #666405)
|
|
- Fixes some issues with talking to other servers when TLS 1.1 and 1.2 is
|
|
supported
|
|
- Drop patches no_ssl2.patch vpaes.patch tls1.2_client_algorithms.patch,
|
|
applied upstream.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Thu, 19 Apr 2012 19:54:12 +0200
|
|
|
|
openssl (1.0.1-4) unstable; urgency=low
|
|
|
|
* Use official patch for the vpaes problem, also covering amd64.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sat, 31 Mar 2012 20:54:13 +0200
|
|
|
|
openssl (1.0.1-3) unstable; urgency=high
|
|
|
|
* Fix crash in vpaes (Closes: #665836)
|
|
* use client version when deciding whether to send supported signature
|
|
algorithms extension
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sat, 31 Mar 2012 18:35:59 +0200
|
|
|
|
openssl (1.0.1-2) unstable; urgency=low
|
|
|
|
* Properly quote the new cflags in Configure
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Mon, 19 Mar 2012 19:56:05 +0100
|
|
|
|
openssl (1.0.1-1) unstable; urgency=low
|
|
|
|
* New upstream version
|
|
- Remove kfreebsd-pipe.patch, fixed upstream
|
|
- Update pic.patch, openssl-pod-misspell.patch and make-targets.patch
|
|
- Add OPENSSL_1.0.1 to version-script.patch and libssl1.0.0.symbols for
|
|
the new functions.
|
|
- AES-NI support (Closes: #644743)
|
|
* pic.patch: upstream made OPENSSL_ia32cap_P and OPENSSL_cpuid_setup
|
|
hidden on amd64, no need to access it PIC anymore.
|
|
* pic.patch: Make OPENSSL_ia32cap_P hidden on i386 too (Closes: #663977)
|
|
* Enable hardening using dpkg-buildflags (Closes: #653495)
|
|
* s_client and s_server were forcing SSLv3 only connection when SSLv2 was
|
|
disabled instead of the SSLv2 with upgrade method. (Closes: #664454)
|
|
* Add Breaks on openssh < 1:5.9p1-4, it has a too strict version check.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Mon, 19 Mar 2012 18:23:32 +0100
|
|
|
|
openssl (1.0.0h-1) unstable; urgency=high
|
|
|
|
* New upstream version
|
|
- Fixes CVE-2012-0884
|
|
- Fixes CVE-2012-1165
|
|
- Properly fix CVE-2011-4619
|
|
- pkg-config.patch applied upstream, remove it.
|
|
* Enable assembler for all i386 arches. The assembler does proper
|
|
detection of CPU support, including cpuid support.
|
|
This should fix a problem with AES 192 and 256 with the padlock
|
|
engine because of the difference in NO_ASM between the between
|
|
the i686 optimized library and the engine.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Tue, 13 Mar 2012 21:08:17 +0100
|
|
|
|
openssl (1.0.0g-1) unstable; urgency=high
|
|
|
|
* New upstream version
|
|
- Fixes CVE-2012-0050
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Wed, 18 Jan 2012 20:46:13 +0100
|
|
|
|
openssl (1.0.0f-1) unstable; urgency=high
|
|
|
|
* New upstream version
|
|
- Fixes CVE-2011-4108, CVE-2011-4576, CVE-2011-4619, CVE-2012-0027,
|
|
CVE-2011-4577
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Thu, 12 Jan 2012 19:02:43 +0100
|
|
|
|
openssl (1.0.0e-3) unstable; urgency=low
|
|
|
|
* Don't build v8 and v9 variants of sparc anymore, they're older than
|
|
the default. (Closes: #649841)
|
|
* Don't build i486 optimized version, that's the default anyway, and
|
|
it uses assembler that doesn't always work on i486.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Mon, 28 Nov 2011 22:17:26 +0100
|
|
|
|
openssl (1.0.0e-2.1) unstable; urgency=high
|
|
|
|
* Non-maintainer upload by the Security Team.
|
|
* Block Malaysian's Digicert Sdn. Bhd. certificates by marking them
|
|
as revoked.
|
|
|
|
-- Raphael Geissert <geissert@debian.org> Sun, 06 Nov 2011 01:39:30 -0600
|
|
|
|
openssl (1.0.0e-2) unstable; urgency=low
|
|
|
|
* Add a missing $(DEB_HOST_MULTIARCH)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sat, 10 Sep 2011 17:02:29 +0200
|
|
|
|
openssl (1.0.0e-1) unstable; urgency=low
|
|
|
|
* New upstream version
|
|
- Fix bug where CRLs with nextUpdate in the past are sometimes accepted
|
|
by initialising X509_STORE_CTX properly. (CVE-2011-3207)
|
|
- Fix SSL memory handling for (EC)DH ciphersuites, in particular
|
|
for multi-threaded use of ECDH. (CVE-2011-3210)
|
|
- Add protection against ECDSA timing attacks (CVE-2011-1945)
|
|
* Block DigiNotar certifiates. Patch from
|
|
Raphael Geissert <geissert@debian.org>
|
|
* Generate hashes for all certs in a file (Closes: #628780, #594524)
|
|
Patch from Klaus Ethgen <Klaus@Ethgen.de>
|
|
* Add multiarch support (Closs: #638137)
|
|
Patch from Steve Langasek / Ubuntu
|
|
* Symbols from the gost engine were removed because it didn't have
|
|
a linker file. Thanks to Roman I Khimov <khimov@altell.ru>
|
|
(Closes: #631503)
|
|
* Add support for s390x. Patch from Aurelien Jarno <aurel32@debian.org>
|
|
(Closes: #641100)
|
|
* Add build-arch and build-indep targets to the rules file.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sat, 10 Sep 2011 12:03:13 +0200
|
|
|
|
openssl (1.0.0d-3) unstable; urgency=low
|
|
|
|
* Make it build on sparc64. Patch from Aurelien Jarno. (Closes: #626060)
|
|
* Apply patches from Scott Schaefer <saschaefer@neurodiverse.org> to
|
|
fix various pod and spelling errors. (Closes: #622820, #605561)
|
|
* Add missing symbols for the engines (Closes: #623038)
|
|
* More spelling fixes from Scott Schaefer (Closes: #395424)
|
|
* Patch from Scott Schaefer to better document pkcs12 password options
|
|
(Closes: #462489)
|
|
* Document dgst -hmac option. Patch by Thorsten Glaser <tg@mirbsd.de>
|
|
(Closes: #529586)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Mon, 13 Jun 2011 12:39:54 +0200
|
|
|
|
openssl (1.0.0d-2) unstable; urgency=high
|
|
|
|
* Make c_rehash also generate the old subject hash. Gnutls applications
|
|
seem to require it. (Closes: #611102)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Wed, 13 Apr 2011 22:36:49 +0200
|
|
|
|
openssl (1.0.0d-1) unstable; urgency=low
|
|
|
|
* New upstream version
|
|
- Fixes CVE-2011-0014
|
|
* Make libssl-doc Replaces/Breaks with old libssl-dev packages
|
|
(Closes: #607609)
|
|
* Only export the symbols we should, instead of all.
|
|
* Add symbol file.
|
|
* Upload to unstable
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sat, 02 Apr 2011 13:19:19 +0000
|
|
|
|
openssl (1.0.0c-2) experimental; urgency=low
|
|
|
|
* Set $ in front of {sparcv9_asm} so that the sparc v9 variant builds.
|
|
* Always define _GNU_SOURCE, not only for Linux.
|
|
* Drop SSL2 support (Closes: #589706)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sun, 19 Dec 2010 16:24:16 +0100
|
|
|
|
openssl (1.0.0c-1) experimental; urgency=low
|
|
|
|
* New upstream version (Closes: #578376)
|
|
- New soname: Rename library packages
|
|
- Drop patch perl-path.diff, not needed anymore
|
|
- Drop patches CVE-2010-2939.patch, CVE-2010-3864.patch
|
|
and CVE-2010-4180.patch: applied upstream.
|
|
- Update Configure for the new fields for the assembler options
|
|
per arch. alpha now makes use of assembler.
|
|
* Move man3 manpages and demos to libssl-doc (Closes: #470594)
|
|
* Drop .pod files from openssl package (Closes: #518167)
|
|
* Don't use RC4_CHAR on amd64 and drop rc4-amd64.patch
|
|
* Stop using BF_PTR2 on (kfreebd-)amd64.
|
|
* Drop debian-arm from the list of arches.
|
|
* Update arm arches to use BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
|
|
BF_PTR instead of BN_LLONG DES_RISC1
|
|
* ia64: Drop RC4_CHAR, add DES_UNROLL DES_INT
|
|
* powerpc: Use RC4_CHAR RC4_CHUNK DES_RISC1 instead
|
|
of DES_RISC2 DES_PTR MD2_CHAR RC4_INDEX
|
|
* s390: Use RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL instead of BN_LLONG
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sun, 12 Dec 2010 15:37:21 +0100
|
|
|
|
openssl (0.9.8o-4) unstable; urgency=low
|
|
|
|
* Fix CVE-2010-4180 (Closes: #529221)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Mon, 06 Dec 2010 20:33:21 +0100
|
|
|
|
openssl (0.9.8o-3) unstable; urgency=high
|
|
|
|
* Fix TLS extension parsing race condition (CVE-2010-3864) (Closes: #603709)
|
|
* Re-add the engines. They were missing since 0.9.8m-1.
|
|
Patch by Joerg Schneider. (Closes: #603693)
|
|
* Not all architectures were build using -g (Closes: #570702)
|
|
* Add powerpcspe support (Closes: #579805)
|
|
* Add armhf support (Closes: #596881)
|
|
* Update translations:
|
|
- Brazilian Portuguese (Closes: #592154)
|
|
- Danish (Closes: #599459)
|
|
- Vietnamese (Closes: #601536)
|
|
- Arabic (Closes: #596166)
|
|
* Generate the proper stamp file so that everything doesn't get build twice.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Tue, 16 Nov 2010 19:20:55 +0100
|
|
|
|
openssl (0.9.8o-2) unstable; urgency=high
|
|
|
|
* Fix CVE-2010-2939: Double free using ECDH. (Closes: #594415)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Thu, 26 Aug 2010 18:25:29 +0200
|
|
|
|
openssl (0.9.8o-1) unstable; urgency=low
|
|
|
|
* New upstream version
|
|
- Add SHA2 algorithms to SSL_library_init().
|
|
- aes-x86_64.pl is now PIC, update pic.patch.
|
|
* Add sparc64 support (Closes: #560240)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sun, 18 Apr 2010 01:42:44 +0200
|
|
|
|
openssl (0.9.8n-1) unstable; urgency=high
|
|
|
|
* New upstream version.
|
|
- Fixes CVE-2010-0740.
|
|
- Drop cfb.patch, applied upstream.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Thu, 25 Mar 2010 20:30:52 +0100
|
|
|
|
openssl (0.9.8m-2) unstable; urgency=low
|
|
|
|
* Revert CFB block length change preventing reading older files.
|
|
(Closes: #571810, #571940)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sun, 28 Feb 2010 22:08:49 +0100
|
|
|
|
openssl (0.9.8m-1) unstable; urgency=low
|
|
|
|
* New upstream version
|
|
- Implements RFC5746, reenables renegotiation but requires the extension.
|
|
- Fixes CVE-2009-3245
|
|
- Drop patches CVE-2009-4355.patch, CVE-2009-1378.patch,
|
|
CVE-2009-1377.patch, CVE-2009-1379.patch, CVE-2009-3555.patch,
|
|
CVE-2009-2409.patch, CVE-2009-1387.patch, tls_ext_v3.patch,
|
|
no_check_self_signed.patch: applied upstream
|
|
- pk7_mime_free.patch removed, code rewritten
|
|
- ca.diff partially applied upstream
|
|
- engines-path.patch adjusted, upstream made some minor changes to the
|
|
build system.
|
|
- some flags changed values, bump shlibs.
|
|
* Switch to 3.0 (quilt) source package.
|
|
* Make sure the package is properly cleaned.
|
|
* Add ${misc:Depends} to the Depends on all packages.
|
|
* Fix spelling of extension in the changelog file.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sat, 27 Feb 2010 12:24:03 +0000
|
|
|
|
openssl (0.9.8k-8) unstable; urgency=high
|
|
|
|
* Clean up zlib state so that it will be reinitialized on next use and
|
|
not cause a memory leak. (CVE-2009-4355, CVE-2008-1678)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Wed, 13 Jan 2010 21:26:49 +0100
|
|
|
|
openssl (0.9.8k-7) unstable; urgency=low
|
|
|
|
* Bump the shlibs to require 0.9.8k-1. The following symbols
|
|
to added between g and k: AES_wrap_key, AES_unwrap_key,
|
|
ASN1_TYPE_set1, ASN1_STRING_set0, asn1_output_data_fn,
|
|
SMIME_read_ASN1, BN_X931_generate_Xpq, BN_X931_derive_prime_ex,
|
|
BN_X931_generate_prime_ex, COMP_zlib_cleanup, CRYPTO_malloc_debug_init,
|
|
int_CRYPTO_set_do_dynlock_callback, CRYPTO_set_mem_info_functions,
|
|
CRYPTO_strdup, CRYPTO_dbg_push_info, CRYPTO_dbg_pop_info,
|
|
CRYPTO_dbg_remove_all_info, OPENSSL_isservice, OPENSSL_init,
|
|
ENGINE_set_load_ssl_client_cert_function,
|
|
ENGINE_get_ssl_client_cert_function, ENGINE_load_ssl_client_cert,
|
|
EVP_CIPHER_CTX_set_flags, EVP_CIPHER_CTX_clear_flags,
|
|
EVP_CIPHER_CTX_test_flags, HMAC_CTX_set_flags, OCSP_sendreq_new
|
|
OCSP_sendreq_nbio, OCSP_REQ_CTX_free, RSA_X931_derive_ex,
|
|
RSA_X931_generate_key_ex, X509_ALGOR_set0, X509_ALGOR_get0,
|
|
X509at_get0_data_by_OBJ, X509_get1_ocsp
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sat, 28 Nov 2009 14:34:26 +0100
|
|
|
|
openssl (0.9.8k-6) unstable; urgency=low
|
|
|
|
* Disable SSL/TLS renegotiation (CVE-2009-3555) (Closes: #555829)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Thu, 12 Nov 2009 18:10:31 +0000
|
|
|
|
openssl (0.9.8k-5) unstable; urgency=low
|
|
|
|
* Don't check self signed certificate signatures in X509_verify_cert()
|
|
(Closes: #541735)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Fri, 11 Sep 2009 15:42:32 +0200
|
|
|
|
openssl (0.9.8k-4) unstable; urgency=low
|
|
|
|
* Split all the patches into a separate files
|
|
* Stop undefinging HZ, the issue on alpha should be fixed.
|
|
* Remove MD2 from digest algorithm table. (CVE-2009-2409) (Closes: #539899)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Tue, 11 Aug 2009 21:19:18 +0200
|
|
|
|
openssl (0.9.8k-3) unstable; urgency=low
|
|
|
|
* Make rc4-x86_64 PIC. Based on patch from Petr Salinger (Closes: #532336)
|
|
* Add workaround for kfreebsd that can't see the different between
|
|
two pipes. Patch from Petr Salinger.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sat, 13 Jun 2009 18:15:46 +0200
|
|
|
|
openssl (0.9.8k-2) unstable; urgency=low
|
|
|
|
* Move libssl0.9.8-dbg to the debug section.
|
|
* Use the rc4 assembler on kfreebsd-amd64 (Closes: #532336)
|
|
* Split the line to generate md5-x86_64.s in the Makefile. This will
|
|
hopefully fix the build issue on kfreebsd that now outputs the file
|
|
to stdout instead of the file.
|
|
* Fix denial of service via an out-of-sequence DTLS handshake message
|
|
(CVE-2009-1387) (Closes: #532037)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Mon, 08 Jun 2009 19:05:56 +0200
|
|
|
|
openssl (0.9.8k-1) unstable; urgency=low
|
|
|
|
* New upstream release
|
|
- 0.9.8i fixed denial of service via a DTLS ChangeCipherSpec packet
|
|
that occurs before ClientHello (CVE-2009-1386)
|
|
* Make aes-x86_64.pl use PIC.
|
|
* Fix security issues (Closes: #530400)
|
|
- "DTLS record buffer limitation bug." (CVE-2009-1377)
|
|
- "DTLS fragment handling" (CVE-2009-1378)
|
|
- "DTLS use after free" (CVE-2009-1379)
|
|
* Fixed Configure for hurd: use -mtune=i486 instead of -m486
|
|
Patch by Marc Dequènes (Duck) <duck@hurdfr.org> (Closes: #530459)
|
|
* Add support for avr32 (Closes: #528648)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sat, 16 May 2009 17:33:55 +0200
|
|
|
|
openssl (0.9.8g-16) unstable; urgency=high
|
|
|
|
* Properly validate the length of an encoded BMPString and UniversalString
|
|
(CVE-2009-0590) (Closes: #522002)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Wed, 01 Apr 2009 22:04:53 +0200
|
|
|
|
openssl (0.9.8g-15) unstable; urgency=low
|
|
|
|
* Internal calls to didn't properly check for errors which
|
|
resulted in malformed DSA and ECDSA signatures being treated as
|
|
a good signature rather than as an error. (CVE-2008-5077)
|
|
* ipv6_from_asc() could write 1 byte longer than the buffer in case
|
|
the ipv6 address didn't have "::" part. (Closes: #506111)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Mon, 05 Jan 2009 21:14:31 +0100
|
|
|
|
openssl (0.9.8g-14) unstable; urgency=low
|
|
|
|
* Don't give the warning about security updates when upgrading
|
|
from etch since it doesn't have any known security problems.
|
|
* Automaticly use engines that succesfully initialised. Patch
|
|
from the 0.9.8h upstream version. (Closes: #502177)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Fri, 31 Oct 2008 22:45:14 +0100
|
|
|
|
openssl (0.9.8g-13) unstable; urgency=low
|
|
|
|
* Fix a problem with tlsext preventing firefox 3 from connection.
|
|
Patch from upstream CVS and part of 0.9.8h.
|
|
(Closes: #492758)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sun, 03 Aug 2008 19:47:10 +0200
|
|
|
|
openssl (0.9.8g-12) unstable; urgency=low
|
|
|
|
* add the changelog of the 10.1 NMU to make bugtracking happy
|
|
|
|
-- Christoph Martin <Christoph.Martin@Uni-Mainz.DE> Tue, 22 Jul 2008 14:58:26 +0200
|
|
|
|
openssl (0.9.8g-11) unstable; urgency=low
|
|
|
|
[ Christoph Martin ]
|
|
* updated cs, gl, sv, ru, ro debconf translation (closes: #480926, #480967,
|
|
#482465, #484324, #488595)
|
|
* add Vcs-Svn header (closes: #481654)
|
|
* fix debian-kfreebsd-i386 build flags (closes: #482275)
|
|
* add stunnel4 to restart list (closes: #482111)
|
|
* include fixes from 10.1 NMU by Security team
|
|
- Fix double free in TLS server name extension which leads to a remote
|
|
denial of service (CVE-2008-0891; Closes: #483379).
|
|
- Fix denial of service if the 'Server Key exchange message'
|
|
is omitted from a TLS handshake which could lead to a client
|
|
crash (CVE-2008-1672; Closes: #483379).
|
|
This only works if openssl is compiled with enable-tlsext which is
|
|
done in Debian.
|
|
* fix some lintian warnings
|
|
* update to newest standards version
|
|
|
|
-- Christoph Martin <Christoph.Martin@Uni-Mainz.DE> Thu, 17 Jul 2008 09:53:01 +0200
|
|
|
|
openssl (0.9.8g-10.1) unstable; urgency=high
|
|
|
|
* Non-maintainer upload by the Security team.
|
|
* Fix denial of service if the 'Server Key exchange message'
|
|
is omitted from a TLS handshake which could lead to a client
|
|
crash (CVE-2008-1672; Closes: #483379).
|
|
This only works if openssl is compiled with enable-tlsext which is
|
|
done in Debian.
|
|
* Fix double free in TLS server name extension which leads to a remote
|
|
denial of service (CVE-2008-0891; Closes: #483379).
|
|
|
|
-- Nico Golde <nion@debian.org> Tue, 27 May 2008 11:13:44 +0200
|
|
|
|
openssl (0.9.8g-10) unstable; urgency=low
|
|
|
|
* undefine HZ so that the code falls back to sysconf(_SC_CLK_TCK)
|
|
to fix a build failure on alpha.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Thu, 08 May 2008 17:56:13 +0000
|
|
|
|
openssl (0.9.8g-9) unstable; urgency=high
|
|
|
|
[ Christoph Martin ]
|
|
* Include updated debconf translations (closes: #473477, #461597,
|
|
#461880, #462011, #465517, #475439)
|
|
|
|
[ Kurt Roeckx ]
|
|
* ssleay_rand_add() really needs to call MD_Update() for buf.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Wed, 07 May 2008 20:32:12 +0200
|
|
|
|
openssl (0.9.8g-8) unstable; urgency=high
|
|
|
|
* Don't add extensions to ssl v3 connections. It breaks with some
|
|
other software. (Closes: #471681)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sun, 23 Mar 2008 17:50:04 +0000
|
|
|
|
openssl (0.9.8g-7) unstable; urgency=low
|
|
|
|
* Upload to unstable.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Wed, 13 Feb 2008 22:22:29 +0000
|
|
|
|
openssl (0.9.8g-6) experimental; urgency=low
|
|
|
|
* Bump shlibs.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sat, 09 Feb 2008 15:42:22 +0100
|
|
|
|
openssl (0.9.8g-5) experimental; urgency=low
|
|
|
|
* Enable tlsext. This changes the ABI, but should hopefully
|
|
not cause any problems. (Closes: #462596)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sat, 09 Feb 2008 13:32:49 +0100
|
|
|
|
openssl (0.9.8g-4) unstable; urgency=low
|
|
|
|
* Fix aes ige test speed not to overwrite it's buffer and
|
|
cause segfauls. Thanks to Tim Hudson (Closes: #459619)
|
|
* Mark some strings in the templates as non translatable.
|
|
Patch from Christian Perrier <bubulle@debian.org> (Closes: #450418)
|
|
* Update Dutch debconf translation (Closes: #451290)
|
|
* Update French debconf translation (Closes: #451375)
|
|
* Update Catalan debconf translation (Closes: #452694)
|
|
* Update Basque debconf translation (Closes: #457285)
|
|
* Update Finnish debconf translation (Closes: #458261)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Wed, 16 Jan 2008 21:49:43 +0100
|
|
|
|
openssl (0.9.8g-3) unstable; urgency=low
|
|
|
|
* aes-586.pl: push %ebx on the stack before we put some things on the
|
|
stack and call a function, giving AES_decrypt() wrong values to work
|
|
with. (Closes: #449200)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sun, 04 Nov 2007 21:49:00 +0100
|
|
|
|
openssl (0.9.8g-2) unstable; urgency=low
|
|
|
|
* Avoid text relocations on i386 caused by the assembler versions:
|
|
- x86unix.pl: Create a function_begin_B_static to create a
|
|
static/local assembler function.
|
|
- aes-586.pl: Use the function_begin_B_static for _x86_AES_decrypt
|
|
so that it doesn't get exported and doesn't have any (text) relocations.
|
|
- aes-586.pl: Set up ebx to point to the GOT and call AES_set_encrypt_key
|
|
via the PLT to avoid a relocation.
|
|
- x86unix.pl: Call the init function via the PLT, avoiding a relocation
|
|
in case of a PIC object.
|
|
- cbc.pl: Call functions via the PLT.
|
|
- desboth.pl: Call DES_encrypt2 via the PLT.
|
|
* CA.sh should use the v3_ca extension when called with -newca
|
|
(Closes: #428051)
|
|
* Use -Wa,--noexecstack for all arches in Debian. (Closes: #430583)
|
|
* Convert the failure message when services fail restart to a debconf
|
|
message.
|
|
* To restart a service, just restart, instead of stop and start.
|
|
Hopefully fixes #444946
|
|
* Also remove igetest from the test dir in the clean target.
|
|
(Closes: #424362)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sat, 03 Nov 2007 13:25:45 +0100
|
|
|
|
openssl (0.9.8g-1) unstable; urgency=low
|
|
|
|
* New upstream release
|
|
- Fixes version number not to say it's a development version.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sat, 20 Oct 2007 12:47:10 +0200
|
|
|
|
openssl (0.9.8f-1) unstable; urgency=low
|
|
|
|
* New upstream release
|
|
- Fixes DTLS issues, also fixes CVE-2007-4995 (Closes: #335703, #439737)
|
|
- Proper inclusion of opensslconf.h in pq_compat.h (Closes: #408686)
|
|
- New function SSL_set_SSL_CTX: bump shlibs.
|
|
* Remove build dependency on gcc > 4.2
|
|
* Remove the openssl preinst, it looks like a workaround
|
|
for a change in 0.9.2b where config files got moved. (Closes: #445095)
|
|
* Update debconf translations:
|
|
- Vietnamese (Closes: #426988)
|
|
- Danish (Closes: #426774)
|
|
- Slovak (Closes: #440723)
|
|
- Finnish (Closes: #444258)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sat, 13 Oct 2007 00:47:22 +0200
|
|
|
|
openssl (0.9.8e-9) unstable; urgency=high
|
|
|
|
* CVE-2007-5135: Fix off by one error in SSL_get_shared_ciphers().
|
|
(Closes: #444435)
|
|
* Add postgresql-8.2 to the list of services to check.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Fri, 28 Sep 2007 19:47:33 +0200
|
|
|
|
openssl (0.9.8e-8) unstable; urgency=low
|
|
|
|
* Fix another case of the "if this code is reached, the program will abort"
|
|
(Closes: #429740)
|
|
* Temporary force to build with gcc >= 4.2
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sun, 02 Sep 2007 18:12:11 +0200
|
|
|
|
openssl (0.9.8e-7) unstable; urgency=low
|
|
|
|
* Fix problems with gcc-4.2 (Closes: #429740)
|
|
* Stop using -Bsymbolic to create the shared library.
|
|
* Make x86_64cpuid.pl use PIC.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sun, 02 Sep 2007 16:15:18 +0200
|
|
|
|
openssl (0.9.8e-6) unstable; urgency=high
|
|
|
|
* Add fix for CVE-2007-3108 (Closes: #438142)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Wed, 15 Aug 2007 19:49:54 +0200
|
|
|
|
openssl (0.9.8e-5) unstable; urgency=low
|
|
|
|
[ Christian Perrier ]
|
|
* Debconf templates proofread and slightly rewritten by
|
|
the debian-l10n-english team as part of the Smith Review Project.
|
|
Closes: #418584
|
|
* Debconf templates translations:
|
|
- Arabic. Closes: #418669
|
|
- Russian. Closes: #418670
|
|
- Galician. Closes: #418671
|
|
- Swedish. Closes: #418679
|
|
- Korean. Closes: #418755
|
|
- Czech. Closes: #418768
|
|
- Basque. Closes: #418784
|
|
- German. Closes: #418785
|
|
- Traditional Chinese. Closes: #419915
|
|
- Brazilian Portuguese. Closes: #419959
|
|
- French. Closes: #420429
|
|
- Italian. Closes: #420461
|
|
- Japanese. Closes: #420482
|
|
- Catalan. Closes: #420833
|
|
- Dutch. Closes: #420925
|
|
- Malayalam. Closes: #420986
|
|
- Portuguese. Closes: #421032
|
|
- Romanian. Closes: #421708
|
|
|
|
[ Kurt Roeckx ]
|
|
* Remove the Provides for the udeb. Patch from Frans Pop. (Closes: #419608)
|
|
* Updated Spanish debconf template. (Closes: #421336)
|
|
* Do the header changes, changing those defines into real functions,
|
|
and bump the shlibs to match.
|
|
* Update Japanese debconf translation. (Closes: #422270)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Tue, 15 May 2007 17:21:08 +0000
|
|
|
|
openssl (0.9.8e-4) unstable; urgency=low
|
|
|
|
* openssl should depend on libssl0.9.8 0.9.8e-1 since it
|
|
uses some of the defines that changed to functions.
|
|
Other things build against libssl or libcrypto shouldn't
|
|
have this problem since they use the old headers.
|
|
(Closes: #414283)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sat, 10 Mar 2007 17:11:46 +0000
|
|
|
|
openssl (0.9.8e-3) unstable; urgency=low
|
|
|
|
* Add nagios-nrpe-server to the list of services to be checked
|
|
(Closes: #391188)
|
|
* EVP_CIPHER_CTX_key_length() should return the set key length in the
|
|
EVP_CIPHER_CTX structure which may not be the same as the underlying
|
|
cipher key length for variable length ciphers.
|
|
From upstream CVS. (Closes: #412979)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sun, 4 Mar 2007 23:22:51 +0000
|
|
|
|
openssl (0.9.8e-2) unstable; urgency=low
|
|
|
|
* Undo include changes that change defines into real functions,
|
|
but keep the new functions in the library.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sun, 25 Feb 2007 19:19:19 +0000
|
|
|
|
openssl (0.9.8e-1) unstable; urgency=low
|
|
|
|
* New upstream release
|
|
- Inludes security fixes for CVE-2006-2937, CVE-2006-2940,
|
|
CVE-2006-3738, CVE-2006-4343 (Closes: #408902)
|
|
- s_client now properly works with SMTP. Also added support
|
|
for IMAP. (closes: #221689)
|
|
- Load padlock modules (Closes: #345656, #368476)
|
|
* Add clamav-freshclam and clamav-daemon to the list of service that
|
|
need to be restarted. (Closes: #391191)
|
|
* Add armel support. Thanks to Guillem Jover <guillem.jover@nokia.com>
|
|
for the patch. (Closes: #407196)
|
|
* Add Portuguese translations. Thanks to Carlos Lisboa. (Closes: 408157)
|
|
* Add Norwegian translations. Thanks to Bjørn Steensrud
|
|
<bjornst@powertech.no> (Closes: #412326)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sun, 25 Feb 2007 18:06:28 +0000
|
|
|
|
openssl (0.9.8c-4) unstable; urgency=low
|
|
|
|
* Add German debconf translation. Thanks to
|
|
Johannes Starosta <feedback-an-johannes@arcor.de> (Closes: #388108)
|
|
* Make c_rehash look for both .pem and .crt files. Also make it support
|
|
files in DER format. Patch by "Yauheni Kaliuta" <y.kaliuta@gmail.com>
|
|
(Closes: #387089)
|
|
* Use & instead of && to check a flag in the X509 policy checking.
|
|
Patch from upstream cvs. (Closes: #397151)
|
|
* Also restart slapd for security updates (Closes: #400221)
|
|
* Add Romanian debconf translation. Thanks to
|
|
stan ioan-eugen <stan.ieugen@gmail.com> (Closes: #393507)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Thu, 30 Nov 2006 20:57:46 +0000
|
|
|
|
openssl (0.9.8c-3) unstable; urgency=low
|
|
|
|
* Fix patch for CVE-2006-2940, it left ctx unintiliased.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Mon, 2 Oct 2006 18:05:00 +0200
|
|
|
|
openssl (0.9.8c-2) unstable; urgency=high
|
|
|
|
* Fix security vulnerabilities (CVE-2006-2937, CVE-2006-2940,
|
|
CVE-2006-3738, CVE-2006-4343). Urgency set to high.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Wed, 27 Sep 2006 21:24:55 +0000
|
|
|
|
openssl (0.9.8c-1) unstable; urgency=low
|
|
|
|
* New upstream release
|
|
- block padding bug with compression now fixed upstream, using
|
|
their patch.
|
|
- Includes the RSA Signature Forgery (CVE-2006-4339) patch.
|
|
- New functions AES_bi_ige_encrypt and AES_ige_encrypt:
|
|
bumping shlibs to require 0.9.8c-1.
|
|
* Change the postinst script to check that ntp is installed instead
|
|
of ntp-refclock and ntp-simple. The binary is now in the ntp
|
|
package.
|
|
* Move the modified rand/md_rand.c file to the right place,
|
|
really fixing #363516.
|
|
* Add partimage-server conserver-server and tor to the list of service
|
|
to check for restart. Add workaround for openssh-server so it finds
|
|
the init script. (Closes: #386365, #386400, #386513)
|
|
* Add manpage for c_rehash.
|
|
Thanks to James Westby <jw+debian@jameswestby.net> (Closes: #215618)
|
|
* Add Lithuanian debconf translation.
|
|
Thanks to Gintautas Miliauskas <gintas@akl.lt> (Closes: #374364)
|
|
* Add m32r support.
|
|
Thanks to Kazuhiro Inaoka <inaoka.kazuhiro@renesas.com>
|
|
(Closes: #378689)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sun, 17 Sep 2006 14:47:59 +0000
|
|
|
|
openssl (0.9.8b-3) unstable; urgency=high
|
|
|
|
* Fix RSA Signature Forgery (CVE-2006-4339) using patch provided
|
|
by upstream.
|
|
* Restart services using a smaller version that 0.9.8b-3, so
|
|
they get the fixed version.
|
|
* Change the postinst to check for postfix instead of postfix-tls.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Tue, 5 Sep 2006 18:26:10 +0000
|
|
|
|
openssl (0.9.8b-2) unstable; urgency=low
|
|
|
|
* Don't call gcc with -mcpu on i386, we already use -march, so no need for
|
|
-mtune either.
|
|
* Always make all directories when building something:
|
|
- The engines directory didn't get build for the static directory, so
|
|
where missing in libcrypo.a
|
|
- The apps directory didn't always get build, so we didn't have an openssl
|
|
and a small part of the regression tests failed.
|
|
* Make the package fail to build if the regression tests fail.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Mon, 15 May 2006 16:00:58 +0000
|
|
|
|
openssl (0.9.8b-1) unstable; urgency=low
|
|
|
|
* New upstream release
|
|
- New functions added (EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_free), bump shlibs.
|
|
- CA.pl/CA.sh now calls openssl ca with -extensions v3_ca, setting CA:TRUE
|
|
instead of FALSE.
|
|
- CA.pl/CA.sh creates crlnumber now. (Closes: #347612)
|
|
* Run debconf-updatepo, which really already was in the 0.9.8a-8 version
|
|
as it was uploaded.
|
|
* Add Galician debconf translation. Patch from
|
|
Jacobo Tarrio <jtarrio@trasno.net> (Closes: #361266)
|
|
* libssl0.9.8.postinst makes uses of bashisms (local variables)
|
|
so use #!/bin/bash
|
|
* libssl0.9.8.postinst: Call set -e after sourcing the debconf
|
|
script.
|
|
* libssl0.9.8.postinst: Change list of service that may need
|
|
to be restarted:
|
|
- Replace ssh by openssh-server
|
|
- Split postgresql in postgresql-7.4 postgresql-8.0 postgresql-8.1
|
|
- Add: dovecot-common bind9 ntp-refclock ntp-simple openntpd clamcour
|
|
fetchmail ftpd-ssl proftpd proftpd-ldap proftpd-mysql proftpd-pgsql
|
|
* libssl0.9.8.postinst: The check to see if something was installed
|
|
wasn't working.
|
|
* libssl0.9.8.postinst: Add workaround to find the name of the init
|
|
script for proftpd and dovecot.
|
|
* libssl0.9.8.postinst: Use invoke-rc.d when it's available.
|
|
* Change Standards-Version to 3.7.0:
|
|
- Make use of invoke-rc.d
|
|
* Add comment to README.Debian that rc5, mdc2 and idea have been
|
|
disabled (since 0.9.6b-3) (Closes: #362754)
|
|
* Don't add uninitialised data to the random number generator. This stop
|
|
valgrind from giving error messages in unrelated code.
|
|
(Closes: #363516)
|
|
* Put the FAQ in the openssl docs.
|
|
* Add russian debconf translations from Yuriy Talakan <yt@amur.elektra.ru>
|
|
(Closes #367216)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Thu, 4 May 2006 20:40:03 +0200
|
|
|
|
openssl (0.9.8a-8) unstable; urgency=low
|
|
|
|
* Call pod2man with the proper section. Section changed
|
|
from 1/3/5/7 to 1SSL/3SSL/5SSL/7SSL. The name of the files
|
|
already had the ssl in, the section didn't. The references
|
|
to other manpage is still wrong.
|
|
* Don't install the LICENSE file, it's already in the copyright file.
|
|
* Don't set an rpath on openssl to point to /usr/lib.
|
|
* Add support for kfreebsd-amd64. (Closes: #355277)
|
|
* Add udeb to the shlibs. Patch from Frans Pop <aragorn@tiscali.nl>
|
|
(Closes: #356908)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sat, 11 Feb 2006 14:14:37 +0100
|
|
|
|
openssl (0.9.8a-7) unstable; urgency=high
|
|
|
|
* Add italian debconf templates. Thanks to Luca Monducci.
|
|
(Closes: #350249)
|
|
* Change the debconf question to use version 0.9.8-3
|
|
instead of 0.9.8-1, since that's the last version
|
|
with a security fix.
|
|
* Call conn_state() if the BIO is not in the BIO_CONN_S_OK state
|
|
(Closes: #352047). RC bug affecting testing, so urgency high.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Sat, 9 Feb 2006 19:07:56 +0100
|
|
|
|
openssl (0.9.8a-6) unstable; urgency=low
|
|
|
|
* Remove empty postinst/preinst/prerm scripts. There is no need
|
|
to have empty ones, debhelper will add them when needed.
|
|
* Remove the static pic libraries. Nobody should be linking
|
|
it's shared libraries static to libssl or libcrypto.
|
|
This was added for opensc who now links to it shared.
|
|
* Do not assume that in case the sequence number is 0 and the
|
|
packet has an odd number of bytes that the other side has
|
|
the block padding bug, but try to check that it actually
|
|
has the bug. The wrong detection of this bug resulted
|
|
in an "decryption failed or bad record mac" error in case
|
|
both sides were using zlib compression. (Closes: #338006)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Mon, 21 Jan 2006 16:25:41 +0100
|
|
|
|
openssl (0.9.8a-5) unstable; urgency=low
|
|
|
|
* Stop ssh from crashing randomly on sparc (Closes: #335912)
|
|
Patch from upstream cvs.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Tue, 13 Dec 2005 21:37:42 +0100
|
|
|
|
openssl (0.9.8a-4) unstable; urgency=low
|
|
|
|
* Call dh_makeshlibs with the proper version instead of putting
|
|
it in shlibs.local, which doesn't seem to do anything. 0.9.8a-1
|
|
added symbol versioning, so it should have bumped the shlibs.
|
|
(Closes: #338284)
|
|
* The openssl package had a duplicate dependency on libssl0.9.8,
|
|
only require the version as required by the shlibs.
|
|
* Make libssl-dev depend on zlib1g-dev, since it's now required for
|
|
static linking. (Closes: #338313)
|
|
* Generate .pc files that make use of Libs.private, so things only
|
|
link to the libraries they should when linking shared.
|
|
* Use -m64 instead of -bpowerpc64-linux on ppc64. (Closes: #335486)
|
|
* Make powerpc and ppc64 use the assembler version for bn. ppc64
|
|
had the location in the string wrong, powerpc had it missing.
|
|
* Add includes for stddef to get size_t in md2.h, md4.h, md5.h,
|
|
ripemd.h and sha.h. (Closes: #333101)
|
|
* Run make test for each of the versions we build, make it
|
|
not fail the build process if an error is found.
|
|
* Add build dependency on bc for the regression tests.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Wed, 13 Nov 2005 16:01:05 +0100
|
|
|
|
openssl (0.9.8a-3) unstable; urgency=high
|
|
|
|
* Link to libz instead of dynamicly loading it. It gets loaded
|
|
at the moment the library is initialised, so there is no point
|
|
in not linking to it. It's now failing in some cases since
|
|
it's not opened by it's soname, but by the symlink to it.
|
|
This should hopefully solve most of the bugs people have reported
|
|
since the move to libssl0.9.8.
|
|
(Closes: #334180, #336140, #335271)
|
|
* Urgency set to high because it fixes a grave bug affecting testing.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Tue, 1 Nov 2005 14:56:40 +0100
|
|
|
|
openssl (0.9.8a-2) unstable; urgency=low
|
|
|
|
* Add Build-Dependency on m4, since sparc needs it to generate
|
|
it's assembler files. (Closes: #334542)
|
|
* Don't use rc4-x86_64.o on amd64 for now, it seems to be broken
|
|
and causes a segfault. (Closes: #334501, #334502)
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Tue, 18 Oct 2005 19:05:53 +0200
|
|
|
|
openssl (0.9.8a-1) unstable; urgency=low
|
|
|
|
Christoph Martin:
|
|
* fix asm entries for some architectures, fixing #332758 properly.
|
|
* add noexecstack option to i386 subarch
|
|
* include symbol versioning in Configure (closes: #330867)
|
|
* include debian-armeb arch (closes: #333579)
|
|
* include new upstream patches; includes some minor fixes
|
|
* fix dh_shlibdeps line, removing the redundant dependency on
|
|
libssl0.9.8 (closes: #332755)
|
|
* add swedish debconf template (closes: #330554)
|
|
|
|
Kurt Roeckx:
|
|
* Also add noexecstack option for amd64, since it now has an
|
|
executable stack with the assembler fixes for amd64.
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 17 Oct 2005 17:01:06 +0200
|
|
|
|
openssl (0.9.8-3) unstable; urgency=low
|
|
|
|
* Apply security fix for CAN-2005-2969. (Closes: #333500)
|
|
* Change priority of -dbg package to extra.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Wed, 12 Oct 2005 22:38:58 +0200
|
|
|
|
openssl (0.9.8-2) unstable; urgency=low
|
|
|
|
* Don't use arch specific assembler. Should fix build failure on
|
|
ia64, sparc and amd64. (Closes: #332758)
|
|
* Add myself to the uploaders.
|
|
|
|
-- Kurt Roeckx <kurt@roeckx.be> Mon, 10 Oct 2005 19:22:36 +0200
|
|
|
|
openssl (0.9.8-1) unstable; urgency=low
|
|
|
|
* New upstream release (closes: #311826)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Thu, 29 Sep 2005 14:20:04 +0200
|
|
|
|
openssl (0.9.7g-3) unstable; urgency=low
|
|
|
|
* change Configure line for debian-freebsd-i386 to debian-kfreebsd-i386
|
|
(closes: #327692)
|
|
* include -dbg version. That implies compiling with -g and without
|
|
-fomit-frame-pointer (closes: #293823, #153811)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Fri, 23 Sep 2005 13:51:57 +0200
|
|
|
|
openssl (0.9.7g-2) unstable; urgency=low
|
|
|
|
* really include nl translation
|
|
* remove special ia64 code from rc4 code to make the abi compatible to
|
|
older 0.9.7 versions (closes: #310489, #309274)
|
|
* fix compile flag for debian-ppc64 (closes: #318750)
|
|
* small fix in libssl0.9.7.postinst (closes: #239956)
|
|
* fix pk7_mime.c to prevent garbled messages because of to early memory
|
|
free (closes: #310184)
|
|
* include vietnamese debconf translation (closes: #316689)
|
|
* make optimized i386 libraries have non executable stack (closes:
|
|
#321721)
|
|
* remove leftover files from ssleay
|
|
* move from dh_installmanpages to dh_installman
|
|
* change Maintainer to pkg-openssl-devel@lists.alioth.debian.org
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 7 Sep 2005 15:32:54 +0200
|
|
|
|
openssl (0.9.7g-1) unstable; urgency=low
|
|
|
|
* New upstream release
|
|
* Added support for proxy certificates according to RFC 3820.
|
|
Because they may be a security thread to unaware applications,
|
|
they must be explicitely allowed in run-time. See
|
|
docs/HOWTO/proxy_certificates.txt for further information.
|
|
* Prompt for pass phrases when appropriate for PKCS12 input format.
|
|
* Back-port of selected performance improvements from development
|
|
branch, as well as improved support for PowerPC platforms.
|
|
* Add lots of checks for memory allocation failure, error codes to indicate
|
|
failure and freeing up memory if a failure occurs.
|
|
* Perform some character comparisons of different types in X509_NAME_cmp:
|
|
this is needed for some certificates that reencode DNs into UTF8Strings
|
|
(in violation of RFC3280) and can't or wont issue name rollover
|
|
certificates.
|
|
* corrected watchfile
|
|
* added upstream source url (closes: #292904)
|
|
* fix typo in CA.pl.1 (closes: #290271)
|
|
* change debian-powerpc64 to debian-ppc64 and adapt the configure
|
|
options to be the same like upstream (closes: #289841)
|
|
* include -signcert option in CA.pl usage
|
|
* compile with zlib-dynamic to use system zlib (closes: #289872)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 9 May 2005 23:32:03 +0200
|
|
|
|
openssl (0.9.7e-3) unstable; urgency=high
|
|
|
|
* really fix der_chop. The fix from -1 was not really included (closes:
|
|
#281212)
|
|
* still fixes security problem CAN-2004-0975 etc.
|
|
- tempfile raise condition in der_chop
|
|
- Avoid a race condition when CRLs are checked in a multi threaded
|
|
environment.
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Thu, 16 Dec 2004 18:41:29 +0100
|
|
|
|
openssl (0.9.7e-2) unstable; urgency=high
|
|
|
|
* fix perl path in der_chop and c_rehash (closes: #281212)
|
|
* still fixes security problem CAN-2004-0975 etc.
|
|
- tempfile raise condition in der_chop
|
|
- Avoid a race condition when CRLs are checked in a multi threaded
|
|
environment.
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Sun, 14 Nov 2004 20:16:21 +0100
|
|
|
|
openssl (0.9.7e-1) unstable; urgency=high
|
|
|
|
* SECURITY UPDATE: fix insecure temporary file handling
|
|
* apps/der_chop:
|
|
- replaced $$-style creation of temporary files with
|
|
File::Temp::tempfile()
|
|
- removed unused temporary file name in do_certificate()
|
|
* References:
|
|
CAN-2004-0975 (closes: #278260)
|
|
* fix ASN1_STRING_to_UTF8 with UTF8 (closes: #260357)
|
|
* New upstream release with security fixes
|
|
- Avoid a race condition when CRLs are checked in a multi threaded
|
|
environment.
|
|
- Various fixes to s3_pkt.c so alerts are sent properly.
|
|
- Reduce the chances of duplicate issuer name and serial numbers (in
|
|
violation of RFC3280) using the OpenSSL certificate creation
|
|
utilities.
|
|
* depends openssl on perl-base instead of perl (closes: #280225)
|
|
* support powerpc64 in Configure (closes: #275224)
|
|
* include cs translation (closes: #273517)
|
|
* include nl translation (closes: #272479)
|
|
* Fix default dir of c_rehash (closes: #253126)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Fri, 12 Nov 2004 14:11:15 +0100
|
|
|
|
openssl (0.9.7d-5) unstable; urgency=low
|
|
|
|
* Make S/MIME encrypt work again (backport from CVS) (closes: #241407,
|
|
#241386)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 26 Jul 2004 17:22:42 +0200
|
|
|
|
openssl (0.9.7d-4) unstable; urgency=low
|
|
|
|
* add Catalan translation (closes: #248749)
|
|
* add Spanish translation (closes: #254561)
|
|
* include NMU fixes: see below
|
|
* decrease optimisation level for debian-arm to work around gcc bug
|
|
(closes: #253848) (thanks to Steve Langasek and Thom May)
|
|
* Add libcrypto0.9.7-udeb. (closes: #250010) (thanks to Bastian Blank)
|
|
* Add watchfile
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 14 Jul 2004 14:31:02 +0200
|
|
|
|
openssl (0.9.7d-3) unstable; urgency=low
|
|
|
|
* rename -pic.a libraries to _pic.a (closes: #250016)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 24 May 2004 17:02:29 +0200
|
|
|
|
openssl (0.9.7d-2) unstable; urgency=low
|
|
|
|
* include PIC libs (libcrypto-pic.a and libssl-pic.a) to libssl-dev
|
|
(closes: #246928, #243999)
|
|
* add racoon to restart list (closes: #242652)
|
|
* add Brazilian, Japanese and Danish translations (closes: #242087,
|
|
#241830, #241705)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Tue, 11 May 2004 10:13:49 +0200
|
|
|
|
openssl (0.9.7d-1) unstable; urgency=high
|
|
|
|
* new upstream
|
|
* fixes security holes (http://www.openssl.org/news/secadv_20040317.txt)
|
|
(closes: #238661)
|
|
* includes support for debian-amd64 (closes: #235551, #232310)
|
|
* fix typo in pem.pod (closes: #219873)
|
|
* fix typo in libssl0.9.7.templates (closes: #224690)
|
|
* openssl suggests ca-certificates (closes: #217180)
|
|
* change debconf template to gettext format (closes: #219013)
|
|
* include french debconf template (closes: #219014)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Thu, 18 Mar 2004 16:18:43 +0100
|
|
|
|
openssl (0.9.7c-5) unstable; urgency=low
|
|
|
|
* include openssl.pc into libssl-dev (closes: #212545)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Thu, 16 Oct 2003 16:31:32 +0200
|
|
|
|
openssl (0.9.7c-4) unstable; urgency=low
|
|
|
|
* change question to restart services to debconf (closes: #214840)
|
|
* stop using dh_undocumented (closes: #214831)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Fri, 10 Oct 2003 15:40:48 +0200
|
|
|
|
openssl (0.9.7c-3) unstable; urgency=low
|
|
|
|
* fix POSIX conformance for head in libssl0.9.7.postinst (closes:
|
|
#214700)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 8 Oct 2003 14:02:38 +0200
|
|
|
|
openssl (0.9.7c-2) unstable; urgency=low
|
|
|
|
* add filerc macro to libssl0.9.7.postinst (closes: #213906)
|
|
* restart spamassassins spamd on upgrade (closes: #214106)
|
|
* restart more services on upgrade
|
|
* fix EVP_BytesToKey manpage (closes: #213715)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Tue, 7 Oct 2003 15:01:32 +0200
|
|
|
|
openssl (0.9.7c-1) unstable; urgency=high
|
|
|
|
* upstream security fix (closes: #213451)
|
|
- Fix various bugs revealed by running the NISCC test suite:
|
|
Stop out of bounds reads in the ASN1 code when presented with
|
|
invalid tags (CAN-2003-0543 and CAN-2003-0544).
|
|
Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
|
|
If verify callback ignores invalid public key errors don't try to check
|
|
certificate signature with the NULL public key.
|
|
- In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
|
|
if the server requested one: as stated in TLS 1.0 and SSL 3.0
|
|
specifications.
|
|
* more minor upstream bugfixes
|
|
* fix formatting in c_issuer (closes: #190026)
|
|
* fix Debian-FreeBSD support (closes: #200381)
|
|
* restart some services in postinst to make them use the new libraries
|
|
* remove duplicated openssl.1, crypto.3 and ssl.3 (closes: #198594)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 1 Oct 2003 08:54:27 +0200
|
|
|
|
openssl (0.9.7b-2) unstable; urgency=high
|
|
|
|
* fix permission of /etc/ssl/private to 700 again
|
|
* change section of libssl-dev to libdevel
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 23 Apr 2003 11:13:24 +0200
|
|
|
|
openssl (0.9.7b-1) unstable; urgency=high
|
|
|
|
* upstream security fix
|
|
- Countermeasure against the Klima-Pokorny-Rosa extension of
|
|
Bleichbacher's attack on PKCS #1 v1.5 padding: treat
|
|
a protocol version number mismatch like a decryption error
|
|
in ssl3_get_client_key_exchange (ssl/s3_srvr.c). (CAN-2003-0131)
|
|
(closes: #189087)
|
|
- Turn on RSA blinding by default in the default implementation
|
|
to avoid a timing attack. Applications that don't want it can call
|
|
RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
|
|
They would be ill-advised to do so in most cases. (CAN-2003-0147)
|
|
- Change RSA blinding code so that it works when the PRNG is not
|
|
seeded (in this case, the secret RSA exponent is abused as
|
|
an unpredictable seed -- if it is not unpredictable, there
|
|
is no point in blinding anyway). Make RSA blinding thread-safe
|
|
by remembering the creator's thread ID in rsa->blinding and
|
|
having all other threads use local one-time blinding factors
|
|
(this requires more computation than sharing rsa->blinding, but
|
|
avoids excessive locking; and if an RSA object is not shared
|
|
between threads, blinding will still be very fast).
|
|
for more details see the CHANGES file
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 16 Apr 2003 10:32:57 +0200
|
|
|
|
openssl (0.9.7a-1) unstable; urgency=high
|
|
|
|
* upstream Security fix
|
|
- In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
|
|
via timing by performing a MAC computation even if incorrrect
|
|
block cipher padding has been found. This is a countermeasure
|
|
against active attacks where the attacker has to distinguish
|
|
between bad padding and a MAC verification error. (CAN-2003-0078)
|
|
for more details see the CHANGES file
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Fri, 21 Feb 2003 22:39:40 +0100
|
|
|
|
openssl (0.9.7-4) unstable; urgency=low
|
|
|
|
* use DH_COMPAT=3 to build
|
|
* move i686 to i686/cmov to fix problems on Via C3. For that to work we
|
|
have to depend on the newest libc6 on i386 (closes: #177891)
|
|
* fix bug in ui_util.c (closes: #177615)
|
|
* fix typo in md5.h (closes: #178112)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Fri, 24 Jan 2003 10:22:56 +0100
|
|
|
|
openssl (0.9.7-3) unstable; urgency=low
|
|
|
|
* enable build of ultrasparc code on non ultrasparc machines (closes:
|
|
#177024)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Fri, 17 Jan 2003 08:22:13 +0100
|
|
|
|
openssl (0.9.7-2) unstable; urgency=low
|
|
|
|
* include changes between 0.9.6g-9 and -10
|
|
* fix problem in build-process on i386 with libc6 version number
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 13 Jan 2003 14:26:56 +0100
|
|
|
|
openssl (0.9.7-1) unstable; urgency=low
|
|
|
|
* new upstream
|
|
* includes engine support
|
|
* a lot of bugfixes and enhancements, see the CHANGES file
|
|
* include AES encryption
|
|
* makes preview of certificate configurable (closes: #176059)
|
|
* fix x509 manpage (closes: #168070)
|
|
* fix declaration of ERR_load_PEM_string in pem.h (closes: #141360)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Sat, 11 Jan 2003 09:12:16 +0100
|
|
|
|
openssl (0.9.6g-10) unstable; urgency=low
|
|
|
|
* fix problem in build-process on i386 with libc6 version number
|
|
(closes: #167096)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 4 Nov 2002 12:27:21 +0100
|
|
|
|
openssl (0.9.6g-9) unstable; urgency=low
|
|
|
|
* fix typo in i386 libc6 depend (sigh) (closes: #163848)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Tue, 8 Oct 2002 23:29:20 +0200
|
|
|
|
openssl (0.9.6g-8) unstable; urgency=low
|
|
|
|
* fix libc6 depends. Only needed for i386 (closes: #163701)
|
|
* remove SHLIB section for bsds from Configure (closes: #163585)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Tue, 8 Oct 2002 10:57:35 +0200
|
|
|
|
openssl (0.9.6g-7) unstable; urgency=low
|
|
|
|
* enable i686 optimisation and depend on fixed glibc (closes: #163500)
|
|
* remove transition package ssleay
|
|
* include optimisation vor sparcv8 (closes: #139996)
|
|
* improve optimisation vor sparcv9
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Sun, 6 Oct 2002 14:07:12 +0200
|
|
|
|
openssl (0.9.6g-6) unstable; urgency=low
|
|
|
|
* temporarily disable i686 optimisation (See bug in glibc #161788)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Sat, 21 Sep 2002 18:56:49 +0200
|
|
|
|
openssl (0.9.6g-5) unstable; urgency=low
|
|
|
|
* i486 can use i586 assembler
|
|
* include set -xe in the for loops in the rules files to make it abort
|
|
on error (closes: #161768)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Sat, 21 Sep 2002 16:23:11 +0200
|
|
|
|
openssl (0.9.6g-4) unstable; urgency=low
|
|
|
|
* fix optimization for alpha and sparc
|
|
* add optimization for i486
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Fri, 20 Sep 2002 22:36:19 +0200
|
|
|
|
openssl (0.9.6g-3) unstable; urgency=low
|
|
|
|
* add optimized libraries for i586, i686, ev4, ev5 and v9 (closes: #139783)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Thu, 19 Sep 2002 18:33:04 +0200
|
|
|
|
openssl (0.9.6g-2) unstable; urgency=low
|
|
|
|
* fix manpage names (closes: #156717, #156718, #156719, #156721)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Thu, 15 Aug 2002 11:26:37 +0200
|
|
|
|
openssl (0.9.6g-1) unstable; urgency=low
|
|
|
|
* new upstream version
|
|
* Use proper error handling instead of 'assertions' in buffer
|
|
overflow checks added in 0.9.6e. This prevents DoS (the
|
|
assertions could call abort()). (closes: #155985, #156495)
|
|
* Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
|
|
and get fix the header length calculation.
|
|
* include support for new sh* architectures (closes: #155117)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 14 Aug 2002 13:59:22 +0200
|
|
|
|
openssl (0.9.6e-1) unstable; urgency=high
|
|
|
|
* fixes remote exploits (see DSA-136-1)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Tue, 30 Jul 2002 18:32:28 +0200
|
|
|
|
openssl (0.9.6d-1) unstable; urgency=low
|
|
|
|
* new upstream (minor) version
|
|
* includes Configure lines for debian-*bsd-* (closes: #130413)
|
|
* fix wrong prototype for BN_pseudo_rand_range in BN_rand(3ssl) (closes:
|
|
#144586)
|
|
* fix typos in package description (closes: #141469)
|
|
* fix typo in SSL_CTX_set_cert_store manpage (closes: #135297)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 3 Jun 2002 19:42:10 +0200
|
|
|
|
openssl (0.9.6c-2) unstable; urgency=low
|
|
|
|
* moved from non-US to main
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Tue, 19 Mar 2002 14:48:39 +0100
|
|
|
|
openssl (0.9.6c-1) unstable; urgency=low
|
|
|
|
* new upstream version with a lot of bugfixes
|
|
* remove directory /usr/include/openssl from openssl package (closes:
|
|
bug #121226)
|
|
* remove selfdepends from libssl0.9.6
|
|
* link openssl binary shared again
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Sat, 5 Jan 2002 19:04:31 +0100
|
|
|
|
openssl (0.9.6b-4) unstable; urgency=low
|
|
|
|
* build with -D_REENTRANT for threads support on all architectures
|
|
(closes: #112329, #119239)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Sat, 24 Nov 2001 12:17:51 +0100
|
|
|
|
openssl (0.9.6b-3) unstable; urgency=low
|
|
|
|
* disable idea, mdc2 and rc5 because they are not free (closes: #65368)
|
|
* ready to be moved from nonus to main
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 21 Nov 2001 17:51:41 +0100
|
|
|
|
openssl (0.9.6b-2) unstable; urgency=high
|
|
|
|
* fix definition of crypt in des.h (closes: #107533)
|
|
* fix descriptions (closes: #109503)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 17 Sep 2001 15:38:27 +0200
|
|
|
|
openssl (0.9.6b-1) unstable; urgency=medium
|
|
|
|
* new upstream fixes some security issues (closes: #105835, #100146)
|
|
* added support for s390 (closes: #105681)
|
|
* added support for sh (closes: #100003)
|
|
* change priority of libssl096 to standard as ssh depends on it (closes:
|
|
#105440)
|
|
* don't optimize for i486 to support i386. (closes: #104127, #82194)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Fri, 20 Jul 2001 15:52:42 +0200
|
|
|
|
openssl (0.9.6a-3) unstable; urgency=medium
|
|
|
|
* add perl-base to builddeps
|
|
* include static libraries in libssl-dev (closes: #93688)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 14 May 2001 20:16:06 +0200
|
|
|
|
openssl (0.9.6a-2) unstable; urgency=medium
|
|
|
|
* change Architecture of ssleay from any to all (closes: #92913)
|
|
* depend libssl-dev on the exact same version of libssl0.9.6 (closes:
|
|
#88939)
|
|
* remove lib{crypto,ssl}.a from openssl (closes: #93666)
|
|
* rebuild with newer gcc to fix atexit problem (closes: #94036)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 2 May 2001 12:28:39 +0200
|
|
|
|
openssl (0.9.6a-1) unstable; urgency=medium
|
|
|
|
* new upstream, fixes some security bugs (closes: #90584)
|
|
* fix typo in s_server manpage (closes: #89756)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Tue, 10 Apr 2001 12:13:11 +0200
|
|
|
|
openssl (0.9.6-2) unstable; urgency=low
|
|
|
|
* policy: reorganisation of package names: libssl096 -> libssl0.9.6,
|
|
libssl096-dev -> libssl-dev (closes: #83426)
|
|
* libssl0.9.6 drops replaces libssl09 (Closes: #83425)
|
|
* install upstream CHANGES files (Closes: #83430)
|
|
* added support for hppa and ia64 (Closes: #88790)
|
|
* move man3 manpages to libssl-dev (Closes: #87546)
|
|
* fix formating problem in rand_add(1) (Closes: #87547)
|
|
* remove manpage duplicates (Closes: #87545, #74986)
|
|
* make package descriptions clearer (Closes: #83518, #83444)
|
|
* increase default emailAddress_max from 40 to 60 (Closes: #67238)
|
|
* removed RSAREF warning (Closes: #84122)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Thu, 8 Mar 2001 14:24:00 +0100
|
|
|
|
openssl (0.9.6-1) unstable; urgency=low
|
|
|
|
* New upstream version (Thanks to Enrique Zanardi <ezanard@debian.org>)
|
|
(closes: #72388)
|
|
* Add support for debian-hurd (closes: #76032)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 13 Nov 2000 22:30:46 +0100
|
|
|
|
openssl (0.9.5a-5) unstable; urgency=low
|
|
|
|
* move manpages in standard directories with section ssl (closes:
|
|
#72152, #69809)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Thu, 5 Oct 2000 19:56:20 +0200
|
|
|
|
openssl (0.9.5a-4) unstable; urgency=low
|
|
|
|
* include edg_rand_bytes patch from and for apache-ssl
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Sat, 23 Sep 2000 16:48:06 +0200
|
|
|
|
openssl (0.9.5a-3) unstable; urgency=low
|
|
|
|
* fix call to dh_makeshlibs to create correct shlibs file and make
|
|
dependend programs link correctly (closes: Bug#61658)
|
|
* include a note in README.debian concerning the location of the
|
|
subcommand manpages (closes: Bug#69809)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Sat, 16 Sep 2000 19:10:50 +0200
|
|
|
|
openssl (0.9.5a-2) unstable; urgency=low
|
|
|
|
* try to fix the sharedlib problem. change soname of library
|
|
(closes: Bug#4622, #66102, #66538, #66123)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 12 Jul 2000 03:26:30 +0200
|
|
|
|
openssl (0.9.5a-1) unstable; urgency=low
|
|
|
|
* new upstream version (major changes see file NEWS) (closes: Bug#63976,
|
|
#65239, #65358)
|
|
* new library package libssl095a because of probably changed library
|
|
interface (closes: Bug#46222)
|
|
* added architecture mips and mipsel (closes: Bug#62437, #60366)
|
|
* provide shlibs.local file in build to help build if libraries are not
|
|
yet installed (closes: Bug#63984)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Sun, 11 Jun 2000 15:17:35 +0200
|
|
|
|
openssl (0.9.4-5) frozen unstable; urgency=medium
|
|
|
|
* cleanup of move of doc directories to /usr/share/doc (closes:
|
|
Bug#56430)
|
|
* lintian issues (closes: Bug#49358)
|
|
* move demos from openssl to libssl09-dev (closes: Bug#59201)
|
|
* move to debhelpers
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Sat, 11 Mar 2000 10:38:04 +0100
|
|
|
|
openssl (0.9.4-4) unstable; urgency=medium
|
|
|
|
* Added 'debian-arm' in 'Configure'. (closes: Bug#54251, #54766)
|
|
* Fixed Configure for 'debian-m68k' (closes: Bug#53636)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Sat, 15 Jan 2000 13:16:18 +0100
|
|
|
|
openssl (0.9.4-3) unstable; urgency=low
|
|
|
|
* define symbol SSLeay_add_ssl_algorithms for backward compatibility
|
|
(closes: Bug#46882)
|
|
* remove manpages from /usr/doc/openssl (closes: Bug#46791)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Thu, 14 Oct 1999 16:51:08 +0200
|
|
|
|
openssl (0.9.4-2) unstable; urgency=low
|
|
|
|
* include some more docu in pod format (Bug #43933)
|
|
* removed -mv8 from sparc flags (Bug #44769)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Tue, 14 Sep 1999 22:04:06 +0200
|
|
|
|
openssl (0.9.4-1) unstable; urgency=low
|
|
|
|
* new upstream version (Closes: #42926)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Sat, 28 Aug 1999 17:04:23 +0200
|
|
|
|
openssl (0.9.3a-1) unstable; urgency=low
|
|
|
|
* new upstream version (Bug #38345, #38627)
|
|
* sparc is big-endian (Bug #39973)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 7 Jul 1999 16:03:37 +0200
|
|
|
|
openssl (0.9.2b-3) unstable; urgency=low
|
|
|
|
* correct move conffiles to /etc/ssl (Bug #38570)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 31 May 1999 21:08:07 +0200
|
|
|
|
openssl (0.9.2b-2) unstable; urgency=low
|
|
|
|
* added convenience package ssleay to help upgrade to openssl (Bug
|
|
#37185, #37623, #36326)
|
|
* added some missing dependencies from libssl09 (Bug #36681, #35867,
|
|
#36326)
|
|
* move lib*.so to libssl09-dev (Bug #36761)
|
|
* corrected version numbers of library files
|
|
* introduce link from /usr/lib/ssl to /etc/ssl (Bug #36710)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Sun, 23 May 1999 14:57:48 +0200
|
|
|
|
openssl (0.9.2b-1) unstable; urgency=medium
|
|
|
|
* First openssl version
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 31 Mar 1999 15:54:26 +0200
|
|
|
|
ssleay (0.9.0b-2) unstable; urgency=low
|
|
|
|
* Include message about the (not)usage of RSAREF (#24409)
|
|
* Move configfiles from /usr/lib/ssl to /etc/ssl (#26406)
|
|
* Change definitions for sparc (#26487)
|
|
* Added missing dependency (#28591)
|
|
* Make debian/libtool executable (#29708)
|
|
* /etc/ssl/lib/ssleay.cnf is now a confile (#32624)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Sun, 21 Mar 1999 19:41:04 +0100
|
|
|
|
ssleay (0.9.0b-1) unstable; urgency=low
|
|
|
|
* new upstream version (Bug #21227, #25971)
|
|
* build shared libraries with -fPIC (Bug #20027)
|
|
* support sparc architecture (Bug #28467)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Tue, 13 Oct 1998 10:20:13 +0200
|
|
|
|
ssleay (0.8.1-7) frozen unstable; urgency=high
|
|
|
|
* security fix patch to 0.8.1b (bug #24022)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 6 Jul 1998 15:42:15 +0200
|
|
|
|
ssleay (0.8.1-6) frozen unstable; urgency=low
|
|
|
|
* second try to fix bug #15235 (copyright was still missing)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 22 Jun 1998 08:56:27 +0200
|
|
|
|
ssleay (0.8.1-5) frozen unstable; urgency=high
|
|
|
|
* changed /dev/random to /dev/urandom (Bug #23169, #17817)
|
|
* copyright contains now the full licence (Bug #15235)
|
|
* fixed bug #19410 (md5sums-lists-nonexisting-file)
|
|
* added demos to /usr/doc (Bug #17372)
|
|
* fixed type in package description (Bug #18969)
|
|
* fixed bug in adding documentation (Bug #21463)
|
|
* added patch for support of debian-powerpc (Bug #21579)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Thu, 18 Jun 1998 23:09:13 +0200
|
|
|
|
ssleay (0.8.1-4) unstable; urgency=low
|
|
|
|
* purged dependency from libc5
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Tue, 11 Nov 1997 15:31:50 +0100
|
|
|
|
ssleay (0.8.1-3) unstable; urgency=low
|
|
|
|
* changed packagename libssl to libssl08 to get better dependancies
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Fri, 7 Nov 1997 14:23:17 +0100
|
|
|
|
ssleay (0.8.1-2) unstable; urgency=low
|
|
|
|
* linked shared libraries against libc6
|
|
* use /dev/random for randomseed
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 5 Nov 1997 11:21:40 +0100
|
|
|
|
ssleay (0.8.1-1) unstable; urgency=low
|
|
|
|
* new upstream version
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Thu, 16 Oct 1997 16:15:43 +0200
|
|
|
|
ssleay (0.6.6-2) unstable; urgency=low
|
|
|
|
* cleanup in diffs
|
|
* removed INSTALL from docs (bug #13205)
|
|
* split libssl and libssl-dev (but #13735)
|
|
|
|
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 15 Oct 1997 17:38:38 +0200
|
|
|
|
ssleay (0.6.6-1) unstable; urgency=low
|
|
|
|
* New upstream version
|
|
* added shared libraries for libcrypto and libssl
|
|
|
|
-- Christoph Martin <martin@uni-mainz.de> Thu, 26 Jun 1997 19:26:14 +0200
|
|
|
|
ssleay (0.6.4-2) unstable; urgency=low
|
|
|
|
* changed doc filenames from .doc to .txt to be able to read them
|
|
over with webbrowser
|
|
|
|
-- Christoph Martin <martin@uni-mainz.de> Tue, 25 Feb 1997 14:02:53 +0100
|
|
|
|
ssleay (0.6.4-1) unstable; urgency=low
|
|
|
|
* Initial Release.
|
|
|
|
-- Christoph Martin <martin@uni-mainz.de> Fri, 22 Nov 1996 21:29:51 +0100
|