openssl (0.9.8c-2) unstable; urgency=high
* Fix security vulnerabilities (CVE-2006-2937, CVE-2006-2940,
CVE-2006-3738, CVE-2006-4343). Urgency set to high.
-- Kurt Roeckx <kurt@roeckx.be> Wed, 27 Sep 2006 21:24:55 +0000
openssl (0.9.8c-1) unstable; urgency=low
* New upstream release
- block padding bug with compression now fixed upstream, using
their patch.
- Includes the RSA Signature Forgery (CVE-2006-4339) patch.
- New functions AES_bi_ige_encrypt and AES_ige_encrypt:
bumping shlibs to require 0.9.8c-1.
* Change the postinst script to check that ntp is installed instead
of ntp-refclock and ntp-simple. The binary is now in the ntp
package.
* Move the modified rand/md_rand.c file to the right place,
really fixing #363516.
* Add partimage-server conserver-server and tor to the list of service
to check for restart. Add workaround for openssh-server so it finds
the init script. (Closes: #386365, #386400, #386513)
* Add manpage for c_rehash.
Thanks to James Westby <jw+debian@jameswestby.net> (Closes: #215618)
* Add Lithuanian debconf translation.
Thanks to Gintautas Miliauskas <gintas@akl.lt> (Closes: #374364)
* Add m32r support.
Thanks to Kazuhiro Inaoka <inaoka.kazuhiro@renesas.com>
(Closes: #378689)
-- Kurt Roeckx <kurt@roeckx.be> Sun, 17 Sep 2006 14:47:59 +0000
openssl (0.9.8b-3) unstable; urgency=high
* Fix RSA Signature Forgery (CVE-2006-4339) using patch provided
by upstream.
* Restart services using a smaller version that 0.9.8b-3, so
they get the fixed version.
* Change the postinst to check for postfix instead of postfix-tls.
-- Kurt Roeckx <kurt@roeckx.be> Tue, 5 Sep 2006 18:26:10 +0000
openssl (0.9.8b-2) unstable; urgency=low
* Don't call gcc with -mcpu on i386, we already use -march, so no need for
-mtune either.
* Always make all directories when building something:
- The engines directory didn't get build for the static directory, so
where missing in libcrypo.a
- The apps directory didn't always get build, so we didn't have an openssl
and a small part of the regression tests failed.
* Make the package fail to build if the regression tests fail.
-- Kurt Roeckx <kurt@roeckx.be> Mon, 15 May 2006 16:00:58 +0000
openssl (0.9.8b-1) unstable; urgency=low
* New upstream release
- New functions added (EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_free), bump shlibs.
- CA.pl/CA.sh now calls openssl ca with -extensions v3_ca, setting CA:TRUE
instead of FALSE.
- CA.pl/CA.sh creates crlnumber now. (Closes: #347612)
* Run debconf-updatepo, which really already was in the 0.9.8a-8 version
as it was uploaded.
* Add Galician debconf translation. Patch from
Jacobo Tarrio <jtarrio@trasno.net> (Closes: #361266)
* libssl0.9.8.postinst makes uses of bashisms (local variables)
so use #!/bin/bash
* libssl0.9.8.postinst: Call set -e after sourcing the debconf
script.
* libssl0.9.8.postinst: Change list of service that may need
to be restarted:
- Replace ssh by openssh-server
- Split postgresql in postgresql-7.4 postgresql-8.0 postgresql-8.1
- Add: dovecot-common bind9 ntp-refclock ntp-simple openntpd clamcour
fetchmail ftpd-ssl proftpd proftpd-ldap proftpd-mysql proftpd-pgsql
* libssl0.9.8.postinst: The check to see if something was installed
wasn't working.
* libssl0.9.8.postinst: Add workaround to find the name of the init
script for proftpd and dovecot.
* libssl0.9.8.postinst: Use invoke-rc.d when it's available.
* Change Standards-Version to 3.7.0:
- Make use of invoke-rc.d
* Add comment to README.Debian that rc5, mdc2 and idea have been
disabled (since 0.9.6b-3) (Closes: #362754)
* Don't add uninitialised data to the random number generator. This stop
valgrind from giving error messages in unrelated code.
(Closes: #363516)
* Put the FAQ in the openssl docs.
* Add russian debconf translations from Yuriy Talakan <yt@amur.elektra.ru>
(Closes #367216)
-- Kurt Roeckx <kurt@roeckx.be> Thu, 4 May 2006 20:40:03 +0200
openssl (0.9.8a-8) unstable; urgency=low
* Call pod2man with the proper section. Section changed
from 1/3/5/7 to 1SSL/3SSL/5SSL/7SSL. The name of the files
already had the ssl in, the section didn't. The references
to other manpage is still wrong.
* Don't install the LICENSE file, it's already in the copyright file.
* Don't set an rpath on openssl to point to /usr/lib.
* Add support for kfreebsd-amd64. (Closes: #355277)
* Add udeb to the shlibs. Patch from Frans Pop <aragorn@tiscali.nl>
(Closes: #356908)
-- Kurt Roeckx <kurt@roeckx.be> Sat, 11 Feb 2006 14:14:37 +0100
openssl (0.9.8a-7) unstable; urgency=high
* Add italian debconf templates. Thanks to Luca Monducci.
(Closes: #350249)
* Change the debconf question to use version 0.9.8-3
instead of 0.9.8-1, since that's the last version
with a security fix.
* Call conn_state() if the BIO is not in the BIO_CONN_S_OK state
(Closes: #352047). RC bug affecting testing, so urgency high.
-- Kurt Roeckx <kurt@roeckx.be> Sat, 9 Feb 2006 19:07:56 +0100
openssl (0.9.8a-6) unstable; urgency=low
* Remove empty postinst/preinst/prerm scripts. There is no need
to have empty ones, debhelper will add them when needed.
* Remove the static pic libraries. Nobody should be linking
it's shared libraries static to libssl or libcrypto.
This was added for opensc who now links to it shared.
* Do not assume that in case the sequence number is 0 and the
packet has an odd number of bytes that the other side has
the block padding bug, but try to check that it actually
has the bug. The wrong detection of this bug resulted
in an "decryption failed or bad record mac" error in case
both sides were using zlib compression. (Closes: #338006)
-- Kurt Roeckx <kurt@roeckx.be> Mon, 21 Jan 2006 16:25:41 +0100
openssl (0.9.8a-5) unstable; urgency=low
* Stop ssh from crashing randomly on sparc (Closes: #335912)
Patch from upstream cvs.
-- Kurt Roeckx <kurt@roeckx.be> Tue, 13 Dec 2005 21:37:42 +0100
openssl (0.9.8a-4) unstable; urgency=low
* Call dh_makeshlibs with the proper version instead of putting
it in shlibs.local, which doesn't seem to do anything. 0.9.8a-1
added symbol versioning, so it should have bumped the shlibs.
(Closes: #338284)
* The openssl package had a duplicate dependency on libssl0.9.8,
only require the version as required by the shlibs.
* Make libssl-dev depend on zlib1g-dev, since it's now required for
static linking. (Closes: #338313)
* Generate .pc files that make use of Libs.private, so things only
link to the libraries they should when linking shared.
* Use -m64 instead of -bpowerpc64-linux on ppc64. (Closes: #335486)
* Make powerpc and ppc64 use the assembler version for bn. ppc64
had the location in the string wrong, powerpc had it missing.
* Add includes for stddef to get size_t in md2.h, md4.h, md5.h,
ripemd.h and sha.h. (Closes: #333101)
* Run make test for each of the versions we build, make it
not fail the build process if an error is found.
* Add build dependency on bc for the regression tests.
-- Kurt Roeckx <kurt@roeckx.be> Wed, 13 Nov 2005 16:01:05 +0100
openssl (0.9.8a-3) unstable; urgency=high
* Link to libz instead of dynamicly loading it. It gets loaded
at the moment the library is initialised, so there is no point
in not linking to it. It's now failing in some cases since
it's not opened by it's soname, but by the symlink to it.
This should hopefully solve most of the bugs people have reported
since the move to libssl0.9.8.
(Closes: #334180, #336140, #335271)
* Urgency set to high because it fixes a grave bug affecting testing.
-- Kurt Roeckx <kurt@roeckx.be> Tue, 1 Nov 2005 14:56:40 +0100
openssl (0.9.8a-2) unstable; urgency=low
* Add Build-Dependency on m4, since sparc needs it to generate
it's assembler files. (Closes: #334542)
* Don't use rc4-x86_64.o on amd64 for now, it seems to be broken
and causes a segfault. (Closes: #334501, #334502)
-- Kurt Roeckx <kurt@roeckx.be> Tue, 18 Oct 2005 19:05:53 +0200
openssl (0.9.8a-1) unstable; urgency=low
Christoph Martin:
* fix asm entries for some architectures, fixing #332758 properly.
* add noexecstack option to i386 subarch
* include symbol versioning in Configure (closes: #330867)
* include debian-armeb arch (closes: #333579)
* include new upstream patches; includes some minor fixes
* fix dh_shlibdeps line, removing the redundant dependency on
libssl0.9.8 (closes: #332755)
* add swedish debconf template (closes: #330554)
Kurt Roeckx:
* Also add noexecstack option for amd64, since it now has an
executable stack with the assembler fixes for amd64.
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 17 Oct 2005 17:01:06 +0200
openssl (0.9.8-3) unstable; urgency=low
* Apply security fix for CAN-2005-2969. (Closes: #333500)
* Change priority of -dbg package to extra.
-- Kurt Roeckx <kurt@roeckx.be> Wed, 12 Oct 2005 22:38:58 +0200
openssl (0.9.8-2) unstable; urgency=low
* Don't use arch specific assembler. Should fix build failure on
ia64, sparc and amd64. (Closes: #332758)
* Add myself to the uploaders.
-- Kurt Roeckx <kurt@roeckx.be> Mon, 10 Oct 2005 19:22:36 +0200
openssl (0.9.8-1) unstable; urgency=low
* New upstream release (closes: #311826)
-- Christoph Martin <christoph.martin@uni-mainz.de> Thu, 29 Sep 2005 14:20:04 +0200
openssl (0.9.7g-3) unstable; urgency=low
* change Configure line for debian-freebsd-i386 to debian-kfreebsd-i386
(closes: #327692)
* include -dbg version. That implies compiling with -g and without
-fomit-frame-pointer (closes: #293823, #153811)
-- Christoph Martin <christoph.martin@uni-mainz.de> Fri, 23 Sep 2005 13:51:57 +0200
openssl (0.9.7g-2) unstable; urgency=low
* really include nl translation
* remove special ia64 code from rc4 code to make the abi compatible to
older 0.9.7 versions (closes: #310489, #309274)
* fix compile flag for debian-ppc64 (closes: #318750)
* small fix in libssl0.9.7.postinst (closes: #239956)
* fix pk7_mime.c to prevent garbled messages because of to early memory
free (closes: #310184)
* include vietnamese debconf translation (closes: #316689)
* make optimized i386 libraries have non executable stack (closes:
#321721)
* remove leftover files from ssleay
* move from dh_installmanpages to dh_installman
* change Maintainer to pkg-openssl-devel@lists.alioth.debian.org
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 7 Sep 2005 15:32:54 +0200
openssl (0.9.7g-1) unstable; urgency=low
* New upstream release
* Added support for proxy certificates according to RFC 3820.
Because they may be a security thread to unaware applications,
they must be explicitely allowed in run-time. See
docs/HOWTO/proxy_certificates.txt for further information.
* Prompt for pass phrases when appropriate for PKCS12 input format.
* Back-port of selected performance improvements from development
branch, as well as improved support for PowerPC platforms.
* Add lots of checks for memory allocation failure, error codes to indicate
failure and freeing up memory if a failure occurs.
* Perform some character comparisons of different types in X509_NAME_cmp:
this is needed for some certificates that reencode DNs into UTF8Strings
(in violation of RFC3280) and can't or wont issue name rollover
certificates.
* corrected watchfile
* added upstream source url (closes: #292904)
* fix typo in CA.pl.1 (closes: #290271)
* change debian-powerpc64 to debian-ppc64 and adapt the configure
options to be the same like upstream (closes: #289841)
* include -signcert option in CA.pl usage
* compile with zlib-dynamic to use system zlib (closes: #289872)
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 9 May 2005 23:32:03 +0200
openssl (0.9.7e-3) unstable; urgency=high
* really fix der_chop. The fix from -1 was not really included (closes:
#281212)
* still fixes security problem CAN-2004-0975 etc.
- tempfile raise condition in der_chop
- Avoid a race condition when CRLs are checked in a multi threaded
environment.
-- Christoph Martin <christoph.martin@uni-mainz.de> Thu, 16 Dec 2004 18:41:29 +0100
openssl (0.9.7e-2) unstable; urgency=high
* fix perl path in der_chop and c_rehash (closes: #281212)
* still fixes security problem CAN-2004-0975 etc.
- tempfile raise condition in der_chop
- Avoid a race condition when CRLs are checked in a multi threaded
environment.
-- Christoph Martin <christoph.martin@uni-mainz.de> Sun, 14 Nov 2004 20:16:21 +0100
openssl (0.9.7e-1) unstable; urgency=high
* SECURITY UPDATE: fix insecure temporary file handling
* apps/der_chop:
- replaced $$-style creation of temporary files with
File::Temp::tempfile()
- removed unused temporary file name in do_certificate()
* References:
CAN-2004-0975 (closes: #278260)
* fix ASN1_STRING_to_UTF8 with UTF8 (closes: #260357)
* New upstream release with security fixes
- Avoid a race condition when CRLs are checked in a multi threaded
environment.
- Various fixes to s3_pkt.c so alerts are sent properly.
- Reduce the chances of duplicate issuer name and serial numbers (in
violation of RFC3280) using the OpenSSL certificate creation
utilities.
* depends openssl on perl-base instead of perl (closes: #280225)
* support powerpc64 in Configure (closes: #275224)
* include cs translation (closes: #273517)
* include nl translation (closes: #272479)
* Fix default dir of c_rehash (closes: #253126)
-- Christoph Martin <christoph.martin@uni-mainz.de> Fri, 12 Nov 2004 14:11:15 +0100
openssl (0.9.7d-5) unstable; urgency=low
* Make S/MIME encrypt work again (backport from CVS) (closes: #241407,
#241386)
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 26 Jul 2004 17:22:42 +0200
openssl (0.9.7d-4) unstable; urgency=low
* add Catalan translation (closes: #248749)
* add Spanish translation (closes: #254561)
* include NMU fixes: see below
* decrease optimisation level for debian-arm to work around gcc bug
(closes: #253848) (thanks to Steve Langasek and Thom May)
* Add libcrypto0.9.7-udeb. (closes: #250010) (thanks to Bastian Blank)
* Add watchfile
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 14 Jul 2004 14:31:02 +0200
openssl (0.9.7d-3) unstable; urgency=low
* rename -pic.a libraries to _pic.a (closes: #250016)
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 24 May 2004 17:02:29 +0200
openssl (0.9.7d-2) unstable; urgency=low
* include PIC libs (libcrypto-pic.a and libssl-pic.a) to libssl-dev
(closes: #246928, #243999)
* add racoon to restart list (closes: #242652)
* add Brazilian, Japanese and Danish translations (closes: #242087,
#241830, #241705)
-- Christoph Martin <christoph.martin@uni-mainz.de> Tue, 11 May 2004 10:13:49 +0200
openssl (0.9.7d-1) unstable; urgency=high
* new upstream
* fixes security holes (http://www.openssl.org/news/secadv_20040317.txt)
(closes: #238661)
* includes support for debian-amd64 (closes: #235551, #232310)
* fix typo in pem.pod (closes: #219873)
* fix typo in libssl0.9.7.templates (closes: #224690)
* openssl suggests ca-certificates (closes: #217180)
* change debconf template to gettext format (closes: #219013)
* include french debconf template (closes: #219014)
-- Christoph Martin <christoph.martin@uni-mainz.de> Thu, 18 Mar 2004 16:18:43 +0100
openssl (0.9.7c-5) unstable; urgency=low
* include openssl.pc into libssl-dev (closes: #212545)
-- Christoph Martin <christoph.martin@uni-mainz.de> Thu, 16 Oct 2003 16:31:32 +0200
openssl (0.9.7c-4) unstable; urgency=low
* change question to restart services to debconf (closes: #214840)
* stop using dh_undocumented (closes: #214831)
-- Christoph Martin <christoph.martin@uni-mainz.de> Fri, 10 Oct 2003 15:40:48 +0200
openssl (0.9.7c-3) unstable; urgency=low
* fix POSIX conformance for head in libssl0.9.7.postinst (closes:
#214700)
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 8 Oct 2003 14:02:38 +0200
openssl (0.9.7c-2) unstable; urgency=low
* add filerc macro to libssl0.9.7.postinst (closes: #213906)
* restart spamassassins spamd on upgrade (closes: #214106)
* restart more services on upgrade
* fix EVP_BytesToKey manpage (closes: #213715)
-- Christoph Martin <christoph.martin@uni-mainz.de> Tue, 7 Oct 2003 15:01:32 +0200
openssl (0.9.7c-1) unstable; urgency=high
* upstream security fix (closes: #213451)
- Fix various bugs revealed by running the NISCC test suite:
Stop out of bounds reads in the ASN1 code when presented with
invalid tags (CAN-2003-0543 and CAN-2003-0544).
Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
If verify callback ignores invalid public key errors don't try to check
certificate signature with the NULL public key.
- In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
if the server requested one: as stated in TLS 1.0 and SSL 3.0
specifications.
* more minor upstream bugfixes
* fix formatting in c_issuer (closes: #190026)
* fix Debian-FreeBSD support (closes: #200381)
* restart some services in postinst to make them use the new libraries
* remove duplicated openssl.1, crypto.3 and ssl.3 (closes: #198594)
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 1 Oct 2003 08:54:27 +0200
openssl (0.9.7b-2) unstable; urgency=high
* fix permission of /etc/ssl/private to 700 again
* change section of libssl-dev to libdevel
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 23 Apr 2003 11:13:24 +0200
openssl (0.9.7b-1) unstable; urgency=high
* upstream security fix
- Countermeasure against the Klima-Pokorny-Rosa extension of
Bleichbacher's attack on PKCS #1 v1.5 padding: treat
a protocol version number mismatch like a decryption error
in ssl3_get_client_key_exchange (ssl/s3_srvr.c). (CAN-2003-0131)
(closes: #189087)
- Turn on RSA blinding by default in the default implementation
to avoid a timing attack. Applications that don't want it can call
RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
They would be ill-advised to do so in most cases. (CAN-2003-0147)
- Change RSA blinding code so that it works when the PRNG is not
seeded (in this case, the secret RSA exponent is abused as
an unpredictable seed -- if it is not unpredictable, there
is no point in blinding anyway). Make RSA blinding thread-safe
by remembering the creator's thread ID in rsa->blinding and
having all other threads use local one-time blinding factors
(this requires more computation than sharing rsa->blinding, but
avoids excessive locking; and if an RSA object is not shared
between threads, blinding will still be very fast).
for more details see the CHANGES file
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 16 Apr 2003 10:32:57 +0200
openssl (0.9.7a-1) unstable; urgency=high
* upstream Security fix
- In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
via timing by performing a MAC computation even if incorrrect
block cipher padding has been found. This is a countermeasure
against active attacks where the attacker has to distinguish
between bad padding and a MAC verification error. (CAN-2003-0078)
for more details see the CHANGES file
-- Christoph Martin <christoph.martin@uni-mainz.de> Fri, 21 Feb 2003 22:39:40 +0100
openssl (0.9.7-4) unstable; urgency=low
* use DH_COMPAT=3 to build
* move i686 to i686/cmov to fix problems on Via C3. For that to work we
have to depend on the newest libc6 on i386 (closes: #177891)
* fix bug in ui_util.c (closes: #177615)
* fix typo in md5.h (closes: #178112)
-- Christoph Martin <christoph.martin@uni-mainz.de> Fri, 24 Jan 2003 10:22:56 +0100
openssl (0.9.7-3) unstable; urgency=low
* enable build of ultrasparc code on non ultrasparc machines (closes:
#177024)
-- Christoph Martin <christoph.martin@uni-mainz.de> Fri, 17 Jan 2003 08:22:13 +0100
openssl (0.9.7-2) unstable; urgency=low
* include changes between 0.9.6g-9 and -10
* fix problem in build-process on i386 with libc6 version number
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 13 Jan 2003 14:26:56 +0100
openssl (0.9.7-1) unstable; urgency=low
* new upstream
* includes engine support
* a lot of bugfixes and enhancements, see the CHANGES file
* include AES encryption
* makes preview of certificate configurable (closes: #176059)
* fix x509 manpage (closes: #168070)
* fix declaration of ERR_load_PEM_string in pem.h (closes: #141360)
-- Christoph Martin <christoph.martin@uni-mainz.de> Sat, 11 Jan 2003 09:12:16 +0100
openssl (0.9.6g-10) unstable; urgency=low
* fix problem in build-process on i386 with libc6 version number
(closes: #167096)
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 4 Nov 2002 12:27:21 +0100
openssl (0.9.6g-9) unstable; urgency=low
* fix typo in i386 libc6 depend (sigh) (closes: #163848)
-- Christoph Martin <christoph.martin@uni-mainz.de> Tue, 8 Oct 2002 23:29:20 +0200
openssl (0.9.6g-8) unstable; urgency=low
* fix libc6 depends. Only needed for i386 (closes: #163701)
* remove SHLIB section for bsds from Configure (closes: #163585)
-- Christoph Martin <christoph.martin@uni-mainz.de> Tue, 8 Oct 2002 10:57:35 +0200
openssl (0.9.6g-7) unstable; urgency=low
* enable i686 optimisation and depend on fixed glibc (closes: #163500)
* remove transition package ssleay
* include optimisation vor sparcv8 (closes: #139996)
* improve optimisation vor sparcv9
-- Christoph Martin <christoph.martin@uni-mainz.de> Sun, 6 Oct 2002 14:07:12 +0200
openssl (0.9.6g-6) unstable; urgency=low
* temporarily disable i686 optimisation (See bug in glibc #161788)
-- Christoph Martin <christoph.martin@uni-mainz.de> Sat, 21 Sep 2002 18:56:49 +0200
openssl (0.9.6g-5) unstable; urgency=low
* i486 can use i586 assembler
* include set -xe in the for loops in the rules files to make it abort
on error (closes: #161768)
-- Christoph Martin <christoph.martin@uni-mainz.de> Sat, 21 Sep 2002 16:23:11 +0200
openssl (0.9.6g-4) unstable; urgency=low
* fix optimization for alpha and sparc
* add optimization for i486
-- Christoph Martin <christoph.martin@uni-mainz.de> Fri, 20 Sep 2002 22:36:19 +0200
openssl (0.9.6g-3) unstable; urgency=low
* add optimized libraries for i586, i686, ev4, ev5 and v9 (closes: #139783)
-- Christoph Martin <christoph.martin@uni-mainz.de> Thu, 19 Sep 2002 18:33:04 +0200
openssl (0.9.6g-2) unstable; urgency=low
* fix manpage names (closes: #156717, #156718, #156719, #156721)
-- Christoph Martin <christoph.martin@uni-mainz.de> Thu, 15 Aug 2002 11:26:37 +0200
openssl (0.9.6g-1) unstable; urgency=low
* new upstream version
* Use proper error handling instead of 'assertions' in buffer
overflow checks added in 0.9.6e. This prevents DoS (the
assertions could call abort()). (closes: #155985, #156495)
* Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
and get fix the header length calculation.
* include support for new sh* architectures (closes: #155117)
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 14 Aug 2002 13:59:22 +0200
openssl (0.9.6e-1) unstable; urgency=high
* fixes remote exploits (see DSA-136-1)
-- Christoph Martin <christoph.martin@uni-mainz.de> Tue, 30 Jul 2002 18:32:28 +0200
openssl (0.9.6d-1) unstable; urgency=low
* new upstream (minor) version
* includes Configure lines for debian-*bsd-* (closes: #130413)
* fix wrong prototype for BN_pseudo_rand_range in BN_rand(3ssl) (closes:
#144586)
* fix typos in package description (closes: #141469)
* fix typo in SSL_CTX_set_cert_store manpage (closes: #135297)
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 3 Jun 2002 19:42:10 +0200
openssl (0.9.6c-2) unstable; urgency=low
* moved from non-US to main
-- Christoph Martin <christoph.martin@uni-mainz.de> Tue, 19 Mar 2002 14:48:39 +0100
openssl (0.9.6c-1) unstable; urgency=low
* new upstream version with a lot of bugfixes
* remove directory /usr/include/openssl from openssl package (closes:
bug #121226)
* remove selfdepends from libssl0.9.6
* link openssl binary shared again
-- Christoph Martin <christoph.martin@uni-mainz.de> Sat, 5 Jan 2002 19:04:31 +0100
openssl (0.9.6b-4) unstable; urgency=low
* build with -D_REENTRANT for threads support on all architectures
(closes: #112329, #119239)
-- Christoph Martin <christoph.martin@uni-mainz.de> Sat, 24 Nov 2001 12:17:51 +0100
openssl (0.9.6b-3) unstable; urgency=low
* disable idea, mdc2 and rc5 because they are not free (closes: #65368)
* ready to be moved from nonus to main
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 21 Nov 2001 17:51:41 +0100
openssl (0.9.6b-2) unstable; urgency=high
* fix definition of crypt in des.h (closes: #107533)
* fix descriptions (closes: #109503)
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 17 Sep 2001 15:38:27 +0200
openssl (0.9.6b-1) unstable; urgency=medium
* new upstream fixes some security issues (closes: #105835, #100146)
* added support for s390 (closes: #105681)
* added support for sh (closes: #100003)
* change priority of libssl096 to standard as ssh depends on it (closes:
#105440)
* don't optimize for i486 to support i386. (closes: #104127, #82194)
-- Christoph Martin <christoph.martin@uni-mainz.de> Fri, 20 Jul 2001 15:52:42 +0200
openssl (0.9.6a-3) unstable; urgency=medium
* add perl-base to builddeps
* include static libraries in libssl-dev (closes: #93688)
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 14 May 2001 20:16:06 +0200
openssl (0.9.6a-2) unstable; urgency=medium
* change Architecture of ssleay from any to all (closes: #92913)
* depend libssl-dev on the exact same version of libssl0.9.6 (closes:
#88939)
* remove lib{crypto,ssl}.a from openssl (closes: #93666)
* rebuild with newer gcc to fix atexit problem (closes: #94036)
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 2 May 2001 12:28:39 +0200
openssl (0.9.6a-1) unstable; urgency=medium
* new upstream, fixes some security bugs (closes: #90584)
* fix typo in s_server manpage (closes: #89756)
-- Christoph Martin <christoph.martin@uni-mainz.de> Tue, 10 Apr 2001 12:13:11 +0200
openssl (0.9.6-2) unstable; urgency=low
* policy: reorganisation of package names: libssl096 -> libssl0.9.6,
libssl096-dev -> libssl-dev (closes: #83426)
* libssl0.9.6 drops replaces libssl09 (Closes: #83425)
* install upstream CHANGES files (Closes: #83430)
* added support for hppa and ia64 (Closes: #88790)
* move man3 manpages to libssl-dev (Closes: #87546)
* fix formating problem in rand_add(1) (Closes: #87547)
* remove manpage duplicates (Closes: #87545, #74986)
* make package descriptions clearer (Closes: #83518, #83444)
* increase default emailAddress_max from 40 to 60 (Closes: #67238)
* removed RSAREF warning (Closes: #84122)
-- Christoph Martin <christoph.martin@uni-mainz.de> Thu, 8 Mar 2001 14:24:00 +0100
openssl (0.9.6-1) unstable; urgency=low
* New upstream version (Thanks to Enrique Zanardi <ezanard@debian.org>)
(closes: #72388)
* Add support for debian-hurd (closes: #76032)
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 13 Nov 2000 22:30:46 +0100
openssl (0.9.5a-5) unstable; urgency=low
* move manpages in standard directories with section ssl (closes:
#72152, #69809)
-- Christoph Martin <christoph.martin@uni-mainz.de> Thu, 5 Oct 2000 19:56:20 +0200
openssl (0.9.5a-4) unstable; urgency=low
* include edg_rand_bytes patch from and for apache-ssl
-- Christoph Martin <christoph.martin@uni-mainz.de> Sat, 23 Sep 2000 16:48:06 +0200
openssl (0.9.5a-3) unstable; urgency=low
* fix call to dh_makeshlibs to create correct shlibs file and make
dependend programs link correctly (closes: Bug#61658)
* include a note in README.debian concerning the location of the
subcommand manpages (closes: Bug#69809)
-- Christoph Martin <christoph.martin@uni-mainz.de> Sat, 16 Sep 2000 19:10:50 +0200
openssl (0.9.5a-2) unstable; urgency=low
* try to fix the sharedlib problem. change soname of library
(closes: Bug#4622, #66102, #66538, #66123)
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 12 Jul 2000 03:26:30 +0200
openssl (0.9.5a-1) unstable; urgency=low
* new upstream version (major changes see file NEWS) (closes: Bug#63976,
#65239, #65358)
* new library package libssl095a because of probably changed library
interface (closes: Bug#46222)
* added architecture mips and mipsel (closes: Bug#62437, #60366)
* provide shlibs.local file in build to help build if libraries are not
yet installed (closes: Bug#63984)
-- Christoph Martin <christoph.martin@uni-mainz.de> Sun, 11 Jun 2000 15:17:35 +0200
openssl (0.9.4-5) frozen unstable; urgency=medium
* cleanup of move of doc directories to /usr/share/doc (closes:
Bug#56430)
* lintian issues (closes: Bug#49358)
* move demos from openssl to libssl09-dev (closes: Bug#59201)
* move to debhelpers
-- Christoph Martin <christoph.martin@uni-mainz.de> Sat, 11 Mar 2000 10:38:04 +0100
openssl (0.9.4-4) unstable; urgency=medium
* Added 'debian-arm' in 'Configure'. (closes: Bug#54251, #54766)
* Fixed Configure for 'debian-m68k' (closes: Bug#53636)
-- Christoph Martin <christoph.martin@uni-mainz.de> Sat, 15 Jan 2000 13:16:18 +0100
openssl (0.9.4-3) unstable; urgency=low
* define symbol SSLeay_add_ssl_algorithms for backward compatibility
(closes: Bug#46882)
* remove manpages from /usr/doc/openssl (closes: Bug#46791)
-- Christoph Martin <christoph.martin@uni-mainz.de> Thu, 14 Oct 1999 16:51:08 +0200
openssl (0.9.4-2) unstable; urgency=low
* include some more docu in pod format (Bug #43933)
* removed -mv8 from sparc flags (Bug #44769)
-- Christoph Martin <christoph.martin@uni-mainz.de> Tue, 14 Sep 1999 22:04:06 +0200
openssl (0.9.4-1) unstable; urgency=low
* new upstream version (Closes: #42926)
-- Christoph Martin <christoph.martin@uni-mainz.de> Sat, 28 Aug 1999 17:04:23 +0200
openssl (0.9.3a-1) unstable; urgency=low
* new upstream version (Bug #38345, #38627)
* sparc is big-endian (Bug #39973)
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 7 Jul 1999 16:03:37 +0200
openssl (0.9.2b-3) unstable; urgency=low
* correct move conffiles to /etc/ssl (Bug #38570)
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 31 May 1999 21:08:07 +0200
openssl (0.9.2b-2) unstable; urgency=low
* added convenience package ssleay to help upgrade to openssl (Bug
#37185, #37623, #36326)
* added some missing dependencies from libssl09 (Bug #36681, #35867,
#36326)
* move lib*.so to libssl09-dev (Bug #36761)
* corrected version numbers of library files
* introduce link from /usr/lib/ssl to /etc/ssl (Bug #36710)
-- Christoph Martin <christoph.martin@uni-mainz.de> Sun, 23 May 1999 14:57:48 +0200
openssl (0.9.2b-1) unstable; urgency=medium
* First openssl version
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 31 Mar 1999 15:54:26 +0200
ssleay (0.9.0b-2) unstable; urgency=low
* Include message about the (not)usage of RSAREF (#24409)
* Move configfiles from /usr/lib/ssl to /etc/ssl (#26406)
* Change definitions for sparc (#26487)
* Added missing dependency (#28591)
* Make debian/libtool executable (#29708)
* /etc/ssl/lib/ssleay.cnf is now a confile (#32624)
-- Christoph Martin <christoph.martin@uni-mainz.de> Sun, 21 Mar 1999 19:41:04 +0100
ssleay (0.9.0b-1) unstable; urgency=low
* new upstream version (Bug #21227, #25971)
* build shared libraries with -fPIC (Bug #20027)
* support sparc architecture (Bug #28467)
-- Christoph Martin <christoph.martin@uni-mainz.de> Tue, 13 Oct 1998 10:20:13 +0200
ssleay (0.8.1-7) frozen unstable; urgency=high
* security fix patch to 0.8.1b (bug #24022)
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 6 Jul 1998 15:42:15 +0200
ssleay (0.8.1-6) frozen unstable; urgency=low
* second try to fix bug #15235 (copyright was still missing)
-- Christoph Martin <christoph.martin@uni-mainz.de> Mon, 22 Jun 1998 08:56:27 +0200
ssleay (0.8.1-5) frozen unstable; urgency=high
* changed /dev/random to /dev/urandom (Bug #23169, #17817)
* copyright contains now the full licence (Bug #15235)
* fixed bug #19410 (md5sums-lists-nonexisting-file)
* added demos to /usr/doc (Bug #17372)
* fixed type in package description (Bug #18969)
* fixed bug in adding documentation (Bug #21463)
* added patch for support of debian-powerpc (Bug #21579)
-- Christoph Martin <christoph.martin@uni-mainz.de> Thu, 18 Jun 1998 23:09:13 +0200
ssleay (0.8.1-4) unstable; urgency=low
* purged dependency from libc5
-- Christoph Martin <christoph.martin@uni-mainz.de> Tue, 11 Nov 1997 15:31:50 +0100
ssleay (0.8.1-3) unstable; urgency=low
* changed packagename libssl to libssl08 to get better dependancies
-- Christoph Martin <christoph.martin@uni-mainz.de> Fri, 7 Nov 1997 14:23:17 +0100
ssleay (0.8.1-2) unstable; urgency=low
* linked shared libraries against libc6
* use /dev/random for randomseed
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 5 Nov 1997 11:21:40 +0100
ssleay (0.8.1-1) unstable; urgency=low
* new upstream version
-- Christoph Martin <christoph.martin@uni-mainz.de> Thu, 16 Oct 1997 16:15:43 +0200
ssleay (0.6.6-2) unstable; urgency=low
* cleanup in diffs
* removed INSTALL from docs (bug #13205)
* split libssl and libssl-dev (but #13735)
-- Christoph Martin <christoph.martin@uni-mainz.de> Wed, 15 Oct 1997 17:38:38 +0200
ssleay (0.6.6-1) unstable; urgency=low
* New upstream version
* added shared libraries for libcrypto and libssl
-- Christoph Martin <martin@uni-mainz.de> Thu, 26 Jun 1997 19:26:14 +0200
ssleay (0.6.4-2) unstable; urgency=low
* changed doc filenames from .doc to .txt to be able to read them
over with webbrowser
-- Christoph Martin <martin@uni-mainz.de> Tue, 25 Feb 1997 14:02:53 +0100
ssleay (0.6.4-1) unstable; urgency=low
* Initial Release.
-- Christoph Martin <martin@uni-mainz.de> Fri, 22 Nov 1996 21:29:51 +0100