source: pkg/security/vinnie/main/openssl/trunk/debian/changelog @ 7084

Revision 7084, 51.8 KB checked in by alanbach-guest, 3 years ago (diff)
  • Committed CVE-2010-4180 Fix
Line 
1openssl (0.9.8o-4) unstable; urgency=low
2
3  * Fix CVE-2010-4180 (Closes: #529221)
4
5 -- Kurt Roeckx <kurt@roeckx.be>  Mon, 06 Dec 2010 20:33:21 +0100
6
7openssl (0.9.8o-3) unstable; urgency=high
8
9  * Fix TLS extension parsing race condition (CVE-2010-3864) (Closes: #603709)
10  * Re-add the engines.  They were missing since 0.9.8m-1.
11    Patch by Joerg Schneider. (Closes: #603693)
12  * Not all architectures were build using -g (Closes: #570702)
13  * Add powerpcspe support (Closes: #579805)
14  * Add armhf support (Closes: #596881)
15  * Update translations:
16    - Brazilian Portuguese (Closes: #592154)
17    - Danish (Closes: #599459)
18    - Vietnamese (Closes: #601536)
19    - Arabic (Closes: #596166)
20  * Generate the proper stamp file so that everything doesn't get build twice.
21
22 -- Kurt Roeckx <kurt@roeckx.be>  Tue, 16 Nov 2010 19:20:55 +0100
23
24openssl (0.9.8o-2) unstable; urgency=high
25
26  * Fix CVE-2010-2939: Double free using ECDH. (Closes: #594415)
27
28 -- Kurt Roeckx <kurt@roeckx.be>  Thu, 26 Aug 2010 18:25:29 +0200
29
30openssl (0.9.8o-1) unstable; urgency=low
31
32  * New upstream version
33    - Add SHA2 algorithms to SSL_library_init().
34    - aes-x86_64.pl is now PIC, update pic.patch.
35  * Add sparc64 support (Closes: #560240)
36
37 -- Kurt Roeckx <kurt@roeckx.be>  Sun, 18 Apr 2010 01:42:44 +0200
38
39openssl (0.9.8n-1) unstable; urgency=high
40
41  * New upstream version.
42    - Fixes CVE-2010-0740.
43    - Drop cfb.patch, applied upstream.
44
45 -- Kurt Roeckx <kurt@roeckx.be>  Thu, 25 Mar 2010 20:30:52 +0100
46
47openssl (0.9.8m-2) unstable; urgency=low
48
49  * Revert CFB block length change preventing reading older files.
50    (Closes: #571810, #571940)
51
52 -- Kurt Roeckx <kurt@roeckx.be>  Sun, 28 Feb 2010 22:08:49 +0100
53
54openssl (0.9.8m-1) unstable; urgency=low
55
56  * New upstream version
57    - Implements RFC5746, reenables renegotiation but requires the extension.
58    - Fixes CVE-2009-3245
59    - Drop patches CVE-2009-4355.patch, CVE-2009-1378.patch,
60      CVE-2009-1377.patch, CVE-2009-1379.patch, CVE-2009-3555.patch,
61      CVE-2009-2409.patch, CVE-2009-1387.patch, tls_ext_v3.patch,
62      no_check_self_signed.patch: applied upstream
63    - pk7_mime_free.patch removed, code rewritten
64    - ca.diff partially applied upstream
65    - engines-path.patch adjusted, upstream made some minor changes to the
66      build system.
67    - some flags changed values, bump shlibs.
68  * Switch to 3.0 (quilt) source package.
69  * Make sure the package is properly cleaned.
70  * Add ${misc:Depends} to the Depends on all packages.
71  * Fix spelling of extension in the changelog file.
72
73 -- Kurt Roeckx <kurt@roeckx.be>  Sat, 27 Feb 2010 12:24:03 +0000
74
75openssl (0.9.8k-8) unstable; urgency=high
76
77  * Clean up zlib state so that it will be reinitialized on next use and
78    not cause a memory leak.  (CVE-2009-4355, CVE-2008-1678)
79
80 -- Kurt Roeckx <kurt@roeckx.be>  Wed, 13 Jan 2010 21:26:49 +0100
81
82openssl (0.9.8k-7) unstable; urgency=low
83
84  * Bump the shlibs to require 0.9.8k-1.  The following symbols
85    to added between g and k: AES_wrap_key, AES_unwrap_key,
86    ASN1_TYPE_set1, ASN1_STRING_set0, asn1_output_data_fn,
87    SMIME_read_ASN1, BN_X931_generate_Xpq, BN_X931_derive_prime_ex,
88    BN_X931_generate_prime_ex, COMP_zlib_cleanup, CRYPTO_malloc_debug_init,
89    int_CRYPTO_set_do_dynlock_callback, CRYPTO_set_mem_info_functions,
90    CRYPTO_strdup, CRYPTO_dbg_push_info, CRYPTO_dbg_pop_info,
91    CRYPTO_dbg_remove_all_info, OPENSSL_isservice, OPENSSL_init,
92    ENGINE_set_load_ssl_client_cert_function,
93    ENGINE_get_ssl_client_cert_function, ENGINE_load_ssl_client_cert,
94    EVP_CIPHER_CTX_set_flags, EVP_CIPHER_CTX_clear_flags,
95    EVP_CIPHER_CTX_test_flags, HMAC_CTX_set_flags, OCSP_sendreq_new
96    OCSP_sendreq_nbio, OCSP_REQ_CTX_free, RSA_X931_derive_ex,
97    RSA_X931_generate_key_ex, X509_ALGOR_set0, X509_ALGOR_get0,
98    X509at_get0_data_by_OBJ, X509_get1_ocsp
99
100 -- Kurt Roeckx <kurt@roeckx.be>  Sat, 28 Nov 2009 14:34:26 +0100
101
102openssl (0.9.8k-6) unstable; urgency=low
103
104  * Disable SSL/TLS renegotiation (CVE-2009-3555) (Closes: #555829)
105
106 -- Kurt Roeckx <kurt@roeckx.be>  Thu, 12 Nov 2009 18:10:31 +0000
107
108openssl (0.9.8k-5) unstable; urgency=low
109
110  * Don't check self signed certificate signatures in X509_verify_cert()
111    (Closes: #541735)
112
113 -- Kurt Roeckx <kurt@roeckx.be>  Fri, 11 Sep 2009 15:42:32 +0200
114
115openssl (0.9.8k-4) unstable; urgency=low
116
117  * Split all the patches into a separate files
118  * Stop undefinging HZ, the issue on alpha should be fixed.
119  * Remove MD2 from digest algorithm table.  (CVE-2009-2409) (Closes: #539899)
120
121 -- Kurt Roeckx <kurt@roeckx.be>  Tue, 11 Aug 2009 21:19:18 +0200
122
123openssl (0.9.8k-3) unstable; urgency=low
124
125  * Make rc4-x86_64 PIC.  Based on patch from Petr Salinger (Closes: #532336)
126  * Add workaround for kfreebsd that can't see the different between
127    two pipes.  Patch from Petr Salinger.
128
129 -- Kurt Roeckx <kurt@roeckx.be>  Sat, 13 Jun 2009 18:15:46 +0200
130
131openssl (0.9.8k-2) unstable; urgency=low
132
133  * Move libssl0.9.8-dbg to the debug section.
134  * Use the rc4 assembler on kfreebsd-amd64 (Closes: #532336)
135  * Split the line to generate md5-x86_64.s in the Makefile.  This will
136    hopefully fix the build issue on kfreebsd that now outputs the file
137    to stdout instead of the file.
138  * Fix denial of service via an out-of-sequence DTLS handshake message
139    (CVE-2009-1387) (Closes: #532037)
140
141 -- Kurt Roeckx <kurt@roeckx.be>  Mon, 08 Jun 2009 19:05:56 +0200
142
143openssl (0.9.8k-1) unstable; urgency=low
144
145  * New upstream release
146    - 0.9.8i fixed denial of service via a DTLS ChangeCipherSpec packet
147      that occurs before ClientHello (CVE-2009-1386)
148  * Make aes-x86_64.pl use PIC.
149  * Fix security issues (Closes: #530400)
150    - "DTLS record buffer limitation bug." (CVE-2009-1377)
151    - "DTLS fragment handling" (CVE-2009-1378)
152    - "DTLS use after free" (CVE-2009-1379)
153  * Fixed Configure for hurd: use -mtune=i486 instead of -m486
154    Patch by Marc DequÚnes (Duck) <duck@hurdfr.org> (Closes: #530459)
155  * Add support for avr32 (Closes: #528648)
156
157 -- Kurt Roeckx <kurt@roeckx.be>  Sat, 16 May 2009 17:33:55 +0200
158
159openssl (0.9.8g-16) unstable; urgency=high
160
161  * Properly validate the length of an encoded BMPString and UniversalString
162    (CVE-2009-0590)  (Closes: #522002)
163
164 -- Kurt Roeckx <kurt@roeckx.be>  Wed, 01 Apr 2009 22:04:53 +0200
165
166openssl (0.9.8g-15) unstable; urgency=low
167
168  * Internal calls to didn't properly check for errors which
169    resulted in malformed DSA and ECDSA signatures being treated as
170    a good signature rather than as an error.  (CVE-2008-5077)
171  * ipv6_from_asc() could write 1 byte longer than the buffer in case
172    the ipv6 address didn't have "::" part.  (Closes: #506111)
173
174 -- Kurt Roeckx <kurt@roeckx.be>  Mon, 05 Jan 2009 21:14:31 +0100
175
176openssl (0.9.8g-14) unstable; urgency=low
177
178  * Don't give the warning about security updates when upgrading
179    from etch since it doesn't have any known security problems.
180  * Automaticly use engines that succesfully initialised.  Patch
181    from the 0.9.8h upstream version.  (Closes: #502177)
182
183 -- Kurt Roeckx <kurt@roeckx.be>  Fri, 31 Oct 2008 22:45:14 +0100
184
185openssl (0.9.8g-13) unstable; urgency=low
186
187  * Fix a problem with tlsext preventing firefox 3 from connection.
188    Patch from upstream CVS and part of 0.9.8h.
189    (Closes: #492758)
190
191 -- Kurt Roeckx <kurt@roeckx.be>  Sun, 03 Aug 2008 19:47:10 +0200
192
193openssl (0.9.8g-12) unstable; urgency=low
194
195  * add the changelog of the 10.1 NMU to make bugtracking happy
196
197 -- Christoph Martin <Christoph.Martin@Uni-Mainz.DE>  Tue, 22 Jul 2008 14:58:26 +0200
198
199openssl (0.9.8g-11) unstable; urgency=low
200
201  [ Christoph Martin ]
202  * updated cs, gl, sv, ru, ro debconf translation (closes: #480926, #480967,
203    #482465, #484324, #488595)
204  * add Vcs-Svn header (closes: #481654)
205  * fix debian-kfreebsd-i386 build flags (closes: #482275)
206  * add stunnel4 to restart list (closes: #482111)
207  * include fixes from 10.1 NMU by Security team
208    - Fix double free in TLS server name extension which leads to a remote
209      denial of service (CVE-2008-0891; Closes: #483379).
210    - Fix denial of service if the 'Server Key exchange message'
211      is omitted from a TLS handshake which could lead to a client
212      crash (CVE-2008-1672; Closes: #483379).
213      This only works if openssl is compiled with enable-tlsext which is
214      done in Debian.
215  * fix some lintian warnings
216  * update to newest standards version
217
218 -- Christoph Martin <Christoph.Martin@Uni-Mainz.DE>  Thu, 17 Jul 2008 09:53:01 +0200
219
220openssl (0.9.8g-10.1) unstable; urgency=high
221 
222  * Non-maintainer upload by the Security team.
223  * Fix denial of service if the 'Server Key exchange message'
224    is omitted from a TLS handshake which could lead to a client
225    crash (CVE-2008-1672; Closes: #483379).
226    This only works if openssl is compiled with enable-tlsext which is
227    done in Debian.
228  * Fix double free in TLS server name extension which leads to a remote
229    denial of service (CVE-2008-0891; Closes: #483379).
230 
231 -- Nico Golde <nion@debian.org>  Tue, 27 May 2008 11:13:44 +0200
232
233openssl (0.9.8g-10) unstable; urgency=low
234
235  * undefine HZ so that the code falls back to sysconf(_SC_CLK_TCK)
236    to fix a build failure on alpha.
237
238 -- Kurt Roeckx <kurt@roeckx.be>  Thu, 08 May 2008 17:56:13 +0000
239
240openssl (0.9.8g-9) unstable; urgency=high
241
242  [ Christoph Martin ]
243  * Include updated debconf translations (closes: #473477, #461597,
244    #461880, #462011, #465517, #475439)
245
246  [ Kurt Roeckx ]
247  * ssleay_rand_add() really needs to call MD_Update() for buf.
248
249 -- Kurt Roeckx <kurt@roeckx.be>  Wed, 07 May 2008 20:32:12 +0200
250
251openssl (0.9.8g-8) unstable; urgency=high
252
253  * Don't add extensions to ssl v3 connections.  It breaks with some
254    other software.  (Closes: #471681)
255
256 -- Kurt Roeckx <kurt@roeckx.be>  Sun, 23 Mar 2008 17:50:04 +0000
257
258openssl (0.9.8g-7) unstable; urgency=low
259
260  * Upload to unstable.
261
262 -- Kurt Roeckx <kurt@roeckx.be>  Wed, 13 Feb 2008 22:22:29 +0000
263
264openssl (0.9.8g-6) experimental; urgency=low
265
266  * Bump shlibs.
267
268 -- Kurt Roeckx <kurt@roeckx.be>  Sat, 09 Feb 2008 15:42:22 +0100
269
270openssl (0.9.8g-5) experimental; urgency=low
271
272  * Enable tlsext.  This changes the ABI, but should hopefully
273    not cause any problems. (Closes: #462596)
274
275 -- Kurt Roeckx <kurt@roeckx.be>  Sat, 09 Feb 2008 13:32:49 +0100
276
277openssl (0.9.8g-4) unstable; urgency=low
278
279  * Fix aes ige test speed not to overwrite it's buffer and
280    cause segfauls.  Thanks to Tim Hudson (Closes: #459619)
281  * Mark some strings in the templates as non translatable.
282    Patch from Christian Perrier <bubulle@debian.org> (Closes: #450418)
283  * Update Dutch debconf translation (Closes: #451290)
284  * Update French debconf translation (Closes: #451375)
285  * Update Catalan debconf translation (Closes: #452694)
286  * Update Basque debconf translation (Closes: #457285)
287  * Update Finnish debconf translation (Closes: #458261)
288
289 -- Kurt Roeckx <kurt@roeckx.be>  Wed, 16 Jan 2008 21:49:43 +0100
290
291openssl (0.9.8g-3) unstable; urgency=low
292
293  * aes-586.pl: push %ebx on the stack before we put some things on the
294    stack and call a function, giving AES_decrypt() wrong values to work
295    with.  (Closes: #449200)
296
297 -- Kurt Roeckx <kurt@roeckx.be>  Sun, 04 Nov 2007 21:49:00 +0100
298
299openssl (0.9.8g-2) unstable; urgency=low
300
301  * Avoid text relocations on i386 caused by the assembler versions:
302    - x86unix.pl: Create a function_begin_B_static to create a
303      static/local assembler function.
304    - aes-586.pl: Use the function_begin_B_static for _x86_AES_decrypt
305      so that it doesn't get exported and doesn't have any (text) relocations.
306    - aes-586.pl: Set up ebx to point to the GOT and call AES_set_encrypt_key
307      via the PLT to avoid a relocation.
308    - x86unix.pl: Call the init function via the PLT, avoiding a relocation
309      in case of a PIC object.
310    - cbc.pl: Call functions via the PLT.
311    - desboth.pl: Call DES_encrypt2 via the PLT.
312  * CA.sh should use the v3_ca extension when called with -newca
313    (Closes: #428051)
314  * Use -Wa,--noexecstack for all arches in Debian.  (Closes: #430583)
315  * Convert the failure message when services fail restart to a debconf
316    message.
317  * To restart a service, just restart, instead of stop and start.
318    Hopefully fixes #444946
319  * Also remove igetest from the test dir in the clean target.
320    (Closes: #424362)
321
322 -- Kurt Roeckx <kurt@roeckx.be>  Sat, 03 Nov 2007 13:25:45 +0100
323
324openssl (0.9.8g-1) unstable; urgency=low
325
326  * New upstream release
327    - Fixes version number not to say it's a development version.
328
329 -- Kurt Roeckx <kurt@roeckx.be>  Sat, 20 Oct 2007 12:47:10 +0200
330
331openssl (0.9.8f-1) unstable; urgency=low
332
333  * New upstream release
334    - Fixes DTLS issues, also fixes CVE-2007-4995 (Closes: #335703, #439737)
335    - Proper inclusion of opensslconf.h in pq_compat.h (Closes: #408686)
336    - New function SSL_set_SSL_CTX: bump shlibs.
337  * Remove build dependency on gcc > 4.2
338  * Remove the openssl preinst, it looks like a workaround
339    for a change in 0.9.2b where config files got moved.  (Closes: #445095)
340  * Update debconf translations:
341    - Vietnamese (Closes: #426988)
342    - Danish (Closes: #426774)
343    - Slovak (Closes: #440723)
344    - Finnish (Closes: #444258)
345
346 -- Kurt Roeckx <kurt@roeckx.be>  Sat, 13 Oct 2007 00:47:22 +0200
347
348openssl (0.9.8e-9) unstable; urgency=high
349
350  * CVE-2007-5135: Fix off by one error in SSL_get_shared_ciphers().
351    (Closes: #444435)
352  * Add postgresql-8.2 to the list of services to check.
353
354 -- Kurt Roeckx <kurt@roeckx.be>  Fri, 28 Sep 2007 19:47:33 +0200
355
356openssl (0.9.8e-8) unstable; urgency=low
357
358  * Fix another case of the "if this code is reached, the program will abort"
359    (Closes: #429740)
360  * Temporary force to build with gcc >= 4.2
361
362 -- Kurt Roeckx <kurt@roeckx.be>  Sun, 02 Sep 2007 18:12:11 +0200
363
364openssl (0.9.8e-7) unstable; urgency=low
365
366  * Fix problems with gcc-4.2 (Closes: #429740)
367  * Stop using -Bsymbolic to create the shared library.
368  * Make x86_64cpuid.pl use PIC.
369
370 -- Kurt Roeckx <kurt@roeckx.be>  Sun, 02 Sep 2007 16:15:18 +0200
371
372openssl (0.9.8e-6) unstable; urgency=high
373
374  * Add fix for CVE-2007-3108 (Closes: #438142)
375
376 -- Kurt Roeckx <kurt@roeckx.be>  Wed, 15 Aug 2007 19:49:54 +0200
377
378openssl (0.9.8e-5) unstable; urgency=low
379
380  [ Christian Perrier ]
381  * Debconf templates proofread and slightly rewritten by
382    the debian-l10n-english team as part of the Smith Review Project.
383    Closes: #418584
384  * Debconf templates translations:
385    - Arabic. Closes: #418669
386    - Russian. Closes: #418670
387    - Galician. Closes: #418671
388    - Swedish. Closes: #418679
389    - Korean. Closes: #418755
390    - Czech. Closes: #418768
391    - Basque. Closes: #418784
392    - German. Closes: #418785
393    - Traditional Chinese. Closes: #419915
394    - Brazilian Portuguese. Closes: #419959
395    - French. Closes: #420429
396    - Italian. Closes: #420461
397    - Japanese. Closes: #420482
398    - Catalan. Closes: #420833
399    - Dutch. Closes: #420925
400    - Malayalam. Closes: #420986
401    - Portuguese. Closes: #421032
402    - Romanian. Closes: #421708
403
404  [ Kurt Roeckx ]
405  * Remove the Provides for the udeb. Patch from Frans Pop. (Closes: #419608)
406  * Updated Spanish debconf template.  (Closes: #421336)
407  * Do the header changes, changing those defines into real functions,
408    and bump the shlibs to match.
409  * Update Japanese debconf translation.  (Closes: #422270)
410
411 -- Kurt Roeckx <kurt@roeckx.be>  Tue, 15 May 2007 17:21:08 +0000
412
413openssl (0.9.8e-4) unstable; urgency=low
414
415  * openssl should depend on libssl0.9.8 0.9.8e-1 since it
416    uses some of the defines that changed to functions.
417    Other things build against libssl or libcrypto shouldn't
418    have this problem since they use the old headers.
419    (Closes: #414283)
420
421 -- Kurt Roeckx <kurt@roeckx.be>  Sat, 10 Mar 2007 17:11:46 +0000
422
423openssl (0.9.8e-3) unstable; urgency=low
424
425  * Add nagios-nrpe-server to the list of services to be checked
426    (Closes: #391188)
427  * EVP_CIPHER_CTX_key_length() should return the set key length in the
428    EVP_CIPHER_CTX structure which may not be the same as the underlying
429    cipher key length for variable length ciphers.
430    From upstream CVS.  (Closes: #412979)
431
432 -- Kurt Roeckx <kurt@roeckx.be>  Sun,  4 Mar 2007 23:22:51 +0000
433
434openssl (0.9.8e-2) unstable; urgency=low
435
436  * Undo include changes that change defines into real functions,
437    but keep the new functions in the library.
438
439 -- Kurt Roeckx <kurt@roeckx.be>  Sun, 25 Feb 2007 19:19:19 +0000
440
441openssl (0.9.8e-1) unstable; urgency=low
442
443  * New upstream release
444    - Inludes security fixes for CVE-2006-2937, CVE-2006-2940,
445      CVE-2006-3738, CVE-2006-4343 (Closes: #408902)
446    - s_client now properly works with SMTP.  Also added support
447      for IMAP.  (closes: #221689)
448    - Load padlock modules (Closes: #345656, #368476)
449  * Add clamav-freshclam and clamav-daemon to the list of service that
450    need to be restarted.  (Closes: #391191)
451  * Add armel support.  Thanks to Guillem Jover <guillem.jover@nokia.com>
452    for the patch.  (Closes: #407196)
453  * Add Portuguese translations.  Thanks to Carlos Lisboa.  (Closes: 408157)
454  * Add Norwegian translations.  Thanks to BjÞrn Steensrud
455    <bjornst@powertech.no> (Closes: #412326)
456
457 -- Kurt Roeckx <kurt@roeckx.be>  Sun, 25 Feb 2007 18:06:28 +0000
458
459openssl (0.9.8c-4) unstable; urgency=low
460
461  * Add German debconf translation.  Thanks to
462    Johannes Starosta <feedback-an-johannes@arcor.de> (Closes: #388108)
463  * Make c_rehash look for both .pem and .crt files.  Also make it support
464    files in DER format.  Patch by "Yauheni Kaliuta" <y.kaliuta@gmail.com>
465    (Closes: #387089)
466  * Use & instead of && to check a flag in the X509 policy checking.
467    Patch from upstream cvs.  (Closes: #397151)
468  * Also restart slapd for security updates (Closes: #400221)
469  * Add Romanian debconf translation.  Thanks to
470    stan ioan-eugen <stan.ieugen@gmail.com> (Closes: #393507)
471
472 -- Kurt Roeckx <kurt@roeckx.be>  Thu, 30 Nov 2006 20:57:46 +0000
473
474openssl (0.9.8c-3) unstable; urgency=low
475
476  * Fix patch for CVE-2006-2940, it left ctx unintiliased.
477
478 -- Kurt Roeckx <kurt@roeckx.be>  Mon,  2 Oct 2006 18:05:00 +0200
479
480openssl (0.9.8c-2) unstable; urgency=high
481
482  * Fix security vulnerabilities (CVE-2006-2937, CVE-2006-2940,
483    CVE-2006-3738, CVE-2006-4343).  Urgency set to high.
484
485 -- Kurt Roeckx <kurt@roeckx.be>  Wed, 27 Sep 2006 21:24:55 +0000
486
487openssl (0.9.8c-1) unstable; urgency=low
488
489  * New upstream release
490    - block padding bug with compression now fixed upstream, using
491      their patch.
492    - Includes the RSA Signature Forgery (CVE-2006-4339) patch.
493    - New functions AES_bi_ige_encrypt and AES_ige_encrypt:
494      bumping shlibs to require 0.9.8c-1.
495  * Change the postinst script to check that ntp is installed instead
496    of ntp-refclock and ntp-simple.  The binary is now in the ntp
497    package.
498  * Move the modified rand/md_rand.c file to the right place,
499    really fixing #363516.
500  * Add partimage-server conserver-server and tor to the list of service
501    to check for restart.  Add workaround for openssh-server so it finds
502    the init script.  (Closes: #386365, #386400, #386513)
503  * Add manpage for c_rehash.
504    Thanks to James Westby <jw+debian@jameswestby.net> (Closes: #215618)
505  * Add Lithuanian debconf translation.
506    Thanks to Gintautas Miliauskas <gintas@akl.lt>  (Closes: #374364)
507  * Add m32r support.
508    Thanks to Kazuhiro Inaoka <inaoka.kazuhiro@renesas.com>
509    (Closes: #378689)
510
511 -- Kurt Roeckx <kurt@roeckx.be>  Sun, 17 Sep 2006 14:47:59 +0000
512
513openssl (0.9.8b-3) unstable; urgency=high
514
515  * Fix RSA Signature Forgery (CVE-2006-4339) using patch provided
516    by upstream.
517  * Restart services using a smaller version that 0.9.8b-3, so
518    they get the fixed version.
519  * Change the postinst to check for postfix instead of postfix-tls.
520
521 -- Kurt Roeckx <kurt@roeckx.be>  Tue,  5 Sep 2006 18:26:10 +0000
522
523openssl (0.9.8b-2) unstable; urgency=low
524
525  * Don't call gcc with -mcpu on i386, we already use -march, so no need for
526    -mtune either.
527  * Always make all directories when building something:
528    - The engines directory didn't get build for the static directory, so
529      where missing in libcrypo.a
530    - The apps directory didn't always get build, so we didn't have an openssl
531      and a small part of the regression tests failed.
532  * Make the package fail to build if the regression tests fail.
533
534 -- Kurt Roeckx <kurt@roeckx.be>  Mon, 15 May 2006 16:00:58 +0000
535
536openssl (0.9.8b-1) unstable; urgency=low
537
538  * New upstream release
539    - New functions added (EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_free), bump shlibs.
540    - CA.pl/CA.sh now calls openssl ca with -extensions v3_ca, setting CA:TRUE
541      instead of FALSE.
542    - CA.pl/CA.sh creates crlnumber now.  (Closes: #347612)
543  * Run debconf-updatepo, which really already was in the 0.9.8a-8 version
544    as it was uploaded.
545  * Add Galician debconf translation.  Patch from
546    Jacobo Tarrio <jtarrio@trasno.net>  (Closes: #361266)
547  * libssl0.9.8.postinst makes uses of bashisms (local variables)
548    so use #!/bin/bash
549  * libssl0.9.8.postinst: Call set -e after sourcing the debconf
550    script.
551  * libssl0.9.8.postinst: Change list of service that may need
552    to be restarted:
553    - Replace ssh by openssh-server
554    - Split postgresql in postgresql-7.4 postgresql-8.0 postgresql-8.1
555    - Add: dovecot-common bind9 ntp-refclock ntp-simple openntpd clamcour
556      fetchmail ftpd-ssl proftpd proftpd-ldap proftpd-mysql proftpd-pgsql
557  * libssl0.9.8.postinst: The check to see if something was installed
558    wasn't working.
559  * libssl0.9.8.postinst: Add workaround to find the name of the init
560    script for proftpd and dovecot.
561  * libssl0.9.8.postinst: Use invoke-rc.d when it's available.
562  * Change Standards-Version to 3.7.0:
563    - Make use of invoke-rc.d
564  * Add comment to README.Debian that rc5, mdc2 and idea have been
565    disabled (since 0.9.6b-3)  (Closes: #362754)
566  * Don't add uninitialised data to the random number generator.  This stop
567    valgrind from giving error messages in unrelated code.
568    (Closes: #363516)
569  * Put the FAQ in the openssl docs.
570  * Add russian debconf translations from Yuriy Talakan <yt@amur.elektra.ru>
571    (Closes #367216)
572
573 -- Kurt Roeckx <kurt@roeckx.be>  Thu,  4 May 2006 20:40:03 +0200
574
575openssl (0.9.8a-8) unstable; urgency=low
576
577  * Call pod2man with the proper section.  Section changed
578    from 1/3/5/7 to 1SSL/3SSL/5SSL/7SSL.  The name of the files
579    already had the ssl in, the section didn't.  The references
580    to other manpage is still wrong.
581  * Don't install the LICENSE file, it's already in the copyright file.
582  * Don't set an rpath on openssl to point to /usr/lib.
583  * Add support for kfreebsd-amd64. (Closes: #355277)
584  * Add udeb to the shlibs.  Patch from Frans Pop <aragorn@tiscali.nl>
585    (Closes: #356908)
586
587 -- Kurt Roeckx <kurt@roeckx.be>  Sat, 11 Feb 2006 14:14:37 +0100
588
589openssl (0.9.8a-7) unstable; urgency=high
590
591  * Add italian debconf templates.  Thanks to Luca Monducci.
592    (Closes: #350249)
593  * Change the debconf question to use version 0.9.8-3
594    instead of 0.9.8-1, since that's the last version
595    with a security fix.
596  * Call conn_state() if the BIO is not in the BIO_CONN_S_OK state
597    (Closes: #352047).  RC bug affecting testing, so urgency high.
598
599 -- Kurt Roeckx <kurt@roeckx.be>  Sat,  9 Feb 2006 19:07:56 +0100
600
601openssl (0.9.8a-6) unstable; urgency=low
602
603  * Remove empty postinst/preinst/prerm scripts.  There is no need
604    to have empty ones, debhelper will add them when needed.
605  * Remove the static pic libraries.  Nobody should be linking
606    it's shared libraries static to libssl or libcrypto.
607    This was added for opensc who now links to it shared.
608  * Do not assume that in case the sequence number is 0 and the
609    packet has an odd number of bytes that the other side has
610    the block padding bug, but try to check that it actually
611    has the bug.  The wrong detection of this bug resulted
612    in an "decryption failed or bad record mac" error in case
613    both sides were using zlib compression.  (Closes: #338006)
614
615 -- Kurt Roeckx <kurt@roeckx.be>  Mon, 21 Jan 2006 16:25:41 +0100
616
617openssl (0.9.8a-5) unstable; urgency=low
618
619  * Stop ssh from crashing randomly on sparc (Closes: #335912)
620    Patch from upstream cvs.
621
622 -- Kurt Roeckx <kurt@roeckx.be>  Tue, 13 Dec 2005 21:37:42 +0100
623
624openssl (0.9.8a-4) unstable; urgency=low
625
626  * Call dh_makeshlibs with the proper version instead of putting
627    it in shlibs.local, which doesn't seem to do anything.  0.9.8a-1
628    added symbol versioning, so it should have bumped the shlibs.
629    (Closes: #338284)
630  * The openssl package had a duplicate dependency on libssl0.9.8,
631    only require the version as required by the shlibs.
632  * Make libssl-dev depend on zlib1g-dev, since it's now required for
633    static linking. (Closes: #338313)
634  * Generate .pc files that make use of Libs.private, so things only
635    link to the libraries they should when linking shared.
636  * Use -m64 instead of -bpowerpc64-linux on ppc64. (Closes: #335486)
637  * Make powerpc and ppc64 use the assembler version for bn.  ppc64
638    had the location in the string wrong, powerpc had it missing.
639  * Add includes for stddef to get size_t in md2.h, md4.h, md5.h,
640    ripemd.h and sha.h.  (Closes: #333101)
641  * Run make test for each of the versions we build, make it
642    not fail the build process if an error is found.
643  * Add build dependency on bc for the regression tests.
644
645 -- Kurt Roeckx <kurt@roeckx.be>  Wed, 13 Nov 2005 16:01:05 +0100
646
647openssl (0.9.8a-3) unstable; urgency=high
648
649  * Link to libz instead of dynamicly loading it.  It gets loaded
650    at the moment the library is initialised, so there is no point
651    in not linking to it.  It's now failing in some cases since
652    it's not opened by it's soname, but by the symlink to it.
653    This should hopefully solve most of the bugs people have reported
654    since the move to libssl0.9.8.
655    (Closes: #334180, #336140, #335271)
656  * Urgency set to high because it fixes a grave bug affecting testing.
657
658 -- Kurt Roeckx <kurt@roeckx.be>  Tue,  1 Nov 2005 14:56:40 +0100
659
660openssl (0.9.8a-2) unstable; urgency=low
661
662  * Add Build-Dependency on m4, since sparc needs it to generate
663    it's assembler files.  (Closes: #334542)
664  * Don't use rc4-x86_64.o on amd64 for now, it seems to be broken
665    and causes a segfault.  (Closes: #334501, #334502)
666
667 -- Kurt Roeckx <kurt@roeckx.be>  Tue, 18 Oct 2005 19:05:53 +0200
668
669openssl (0.9.8a-1) unstable; urgency=low
670
671  Christoph Martin:
672  * fix asm entries for some architectures, fixing #332758 properly.
673  * add noexecstack option to i386 subarch
674  * include symbol versioning in Configure (closes: #330867)
675  * include debian-armeb arch (closes: #333579)
676  * include new upstream patches; includes some minor fixes
677  * fix dh_shlibdeps line, removing the redundant dependency on
678    libssl0.9.8 (closes: #332755)
679  * add swedish debconf template (closes: #330554)
680
681  Kurt Roeckx:
682  * Also add noexecstack option for amd64, since it now has an
683    executable stack with the assembler fixes for amd64.
684
685 -- Christoph Martin <christoph.martin@uni-mainz.de>  Mon, 17 Oct 2005 17:01:06 +0200
686
687openssl (0.9.8-3) unstable; urgency=low
688
689  * Apply security fix for CAN-2005-2969. (Closes: #333500)
690  * Change priority of -dbg package to extra.
691
692 -- Kurt Roeckx <kurt@roeckx.be>  Wed, 12 Oct 2005 22:38:58 +0200
693
694openssl (0.9.8-2) unstable; urgency=low
695
696  * Don't use arch specific assembler.  Should fix build failure on
697    ia64, sparc and amd64. (Closes: #332758)
698  * Add myself to the uploaders.
699
700 -- Kurt Roeckx <kurt@roeckx.be>  Mon, 10 Oct 2005 19:22:36 +0200
701
702openssl (0.9.8-1) unstable; urgency=low
703
704  * New upstream release (closes: #311826)
705
706 -- Christoph Martin <christoph.martin@uni-mainz.de>  Thu, 29 Sep 2005 14:20:04 +0200
707
708openssl (0.9.7g-3) unstable; urgency=low
709
710  * change Configure line for debian-freebsd-i386 to debian-kfreebsd-i386
711    (closes: #327692)
712  * include -dbg version. That implies compiling with -g and without
713    -fomit-frame-pointer (closes: #293823, #153811)
714
715 -- Christoph Martin <christoph.martin@uni-mainz.de>  Fri, 23 Sep 2005 13:51:57 +0200
716
717openssl (0.9.7g-2) unstable; urgency=low
718
719  * really include nl translation
720  * remove special ia64 code from rc4 code to make the abi compatible to
721    older 0.9.7 versions (closes: #310489, #309274)
722  * fix compile flag for debian-ppc64 (closes: #318750)
723  * small fix in libssl0.9.7.postinst (closes: #239956)
724  * fix pk7_mime.c to prevent garbled messages because of to early memory
725    free (closes: #310184)
726  * include vietnamese debconf translation (closes: #316689)
727  * make optimized i386 libraries have non executable stack (closes:
728    #321721)
729  * remove leftover files from ssleay
730  * move from dh_installmanpages to dh_installman
731  * change Maintainer to pkg-openssl-devel@lists.alioth.debian.org
732
733 -- Christoph Martin <christoph.martin@uni-mainz.de>  Wed,  7 Sep 2005 15:32:54 +0200
734
735openssl (0.9.7g-1) unstable; urgency=low
736
737  * New upstream release
738    * Added support for proxy certificates according to RFC 3820.
739      Because they may be a security thread to unaware applications,
740      they must be explicitely allowed in run-time.  See
741      docs/HOWTO/proxy_certificates.txt for further information.
742    * Prompt for pass phrases when appropriate for PKCS12 input format.
743    * Back-port of selected performance improvements from development
744      branch, as well as improved support for PowerPC platforms.
745    * Add lots of checks for memory allocation failure, error codes to indicate
746      failure and freeing up memory if a failure occurs.
747    * Perform some character comparisons of different types in X509_NAME_cmp:
748      this is needed for some certificates that reencode DNs into UTF8Strings
749      (in violation of RFC3280) and can't or wont issue name rollover
750      certificates.
751  * corrected watchfile
752  * added upstream source url (closes: #292904)
753  * fix typo in CA.pl.1 (closes: #290271)
754  * change debian-powerpc64 to debian-ppc64 and adapt the configure
755    options to be the same like upstream (closes: #289841)
756  * include -signcert option in CA.pl usage
757  * compile with zlib-dynamic to use system zlib (closes: #289872)
758
759 -- Christoph Martin <christoph.martin@uni-mainz.de>  Mon,  9 May 2005 23:32:03 +0200
760
761openssl (0.9.7e-3) unstable; urgency=high
762
763  * really fix der_chop. The fix from -1 was not really included (closes:
764    #281212)
765  * still fixes security problem CAN-2004-0975 etc.
766    - tempfile raise condition in der_chop
767    - Avoid a race condition when CRLs are checked in a multi threaded
768      environment.
769
770 -- Christoph Martin <christoph.martin@uni-mainz.de>  Thu, 16 Dec 2004 18:41:29 +0100
771
772openssl (0.9.7e-2) unstable; urgency=high
773
774  * fix perl path in der_chop and c_rehash (closes: #281212)
775  * still fixes security problem CAN-2004-0975 etc.
776    - tempfile raise condition in der_chop
777    - Avoid a race condition when CRLs are checked in a multi threaded
778      environment.
779
780 -- Christoph Martin <christoph.martin@uni-mainz.de>  Sun, 14 Nov 2004 20:16:21 +0100
781
782openssl (0.9.7e-1) unstable; urgency=high
783
784  * SECURITY UPDATE: fix insecure temporary file handling
785  * apps/der_chop:
786    - replaced $$-style creation of temporary files with
787      File::Temp::tempfile()
788    - removed unused temporary file name in do_certificate()
789  * References:
790    CAN-2004-0975 (closes: #278260)
791  * fix ASN1_STRING_to_UTF8 with UTF8 (closes: #260357)
792  * New upstream release with security fixes
793    - Avoid a race condition when CRLs are checked in a multi threaded
794      environment.
795    - Various fixes to s3_pkt.c so alerts are sent properly.
796    - Reduce the chances of duplicate issuer name and serial numbers (in
797      violation of RFC3280) using the OpenSSL certificate creation
798      utilities.
799  * depends openssl on perl-base instead of perl (closes: #280225)
800  * support powerpc64 in Configure (closes: #275224)
801  * include cs translation (closes: #273517)
802  * include nl translation (closes: #272479)
803  * Fix default dir of c_rehash (closes: #253126)
804
805 -- Christoph Martin <christoph.martin@uni-mainz.de>  Fri, 12 Nov 2004 14:11:15 +0100
806
807openssl (0.9.7d-5) unstable; urgency=low
808
809  * Make S/MIME encrypt work again (backport from CVS) (closes: #241407,
810    #241386)
811
812 -- Christoph Martin <christoph.martin@uni-mainz.de>  Mon, 26 Jul 2004 17:22:42 +0200
813
814openssl (0.9.7d-4) unstable; urgency=low
815
816  * add Catalan translation (closes: #248749)
817  * add Spanish translation (closes: #254561)
818  * include NMU fixes: see below
819  * decrease optimisation level for debian-arm to work around gcc bug
820    (closes: #253848) (thanks to Steve Langasek and Thom May)
821  * Add libcrypto0.9.7-udeb. (closes: #250010) (thanks to Bastian Blank)
822  * Add watchfile
823
824 -- Christoph Martin <christoph.martin@uni-mainz.de>  Wed, 14 Jul 2004 14:31:02 +0200
825
826openssl (0.9.7d-3) unstable; urgency=low
827
828  * rename -pic.a libraries to _pic.a (closes: #250016)
829
830 -- Christoph Martin <christoph.martin@uni-mainz.de>  Mon, 24 May 2004 17:02:29 +0200
831
832openssl (0.9.7d-2) unstable; urgency=low
833
834  * include PIC libs (libcrypto-pic.a and libssl-pic.a) to libssl-dev
835    (closes: #246928, #243999)
836  * add racoon to restart list (closes: #242652)
837  * add Brazilian, Japanese and Danish translations (closes: #242087,
838    #241830, #241705)
839
840 -- Christoph Martin <christoph.martin@uni-mainz.de>  Tue, 11 May 2004 10:13:49 +0200
841
842openssl (0.9.7d-1) unstable; urgency=high
843
844  * new upstream
845  * fixes security holes (http://www.openssl.org/news/secadv_20040317.txt)
846    (closes: #238661)
847  * includes support for debian-amd64 (closes: #235551, #232310)
848  * fix typo in pem.pod (closes: #219873)
849  * fix typo in libssl0.9.7.templates (closes: #224690)
850  * openssl suggests ca-certificates (closes: #217180)
851  * change debconf template to gettext format (closes: #219013)
852  * include french debconf template (closes: #219014)
853
854 -- Christoph Martin <christoph.martin@uni-mainz.de>  Thu, 18 Mar 2004 16:18:43 +0100
855
856openssl (0.9.7c-5) unstable; urgency=low
857
858  * include openssl.pc into libssl-dev (closes: #212545)
859
860 -- Christoph Martin <christoph.martin@uni-mainz.de>  Thu, 16 Oct 2003 16:31:32 +0200
861
862openssl (0.9.7c-4) unstable; urgency=low
863
864  * change question to restart services to debconf (closes: #214840)
865  * stop using dh_undocumented (closes: #214831)
866
867 -- Christoph Martin <christoph.martin@uni-mainz.de>  Fri, 10 Oct 2003 15:40:48 +0200
868
869openssl (0.9.7c-3) unstable; urgency=low
870
871  * fix POSIX conformance for head in libssl0.9.7.postinst (closes:
872    #214700)
873
874 -- Christoph Martin <christoph.martin@uni-mainz.de>  Wed,  8 Oct 2003 14:02:38 +0200
875
876openssl (0.9.7c-2) unstable; urgency=low
877
878  * add filerc macro to libssl0.9.7.postinst (closes: #213906)
879  * restart spamassassins spamd on upgrade (closes: #214106)
880  * restart more services on upgrade
881  * fix EVP_BytesToKey manpage (closes: #213715)
882
883 -- Christoph Martin <christoph.martin@uni-mainz.de>  Tue,  7 Oct 2003 15:01:32 +0200
884
885openssl (0.9.7c-1) unstable; urgency=high
886
887  * upstream security fix (closes: #213451)
888   - Fix various bugs revealed by running the NISCC test suite:
889     Stop out of bounds reads in the ASN1 code when presented with
890     invalid tags (CAN-2003-0543 and CAN-2003-0544).
891     Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
892     If verify callback ignores invalid public key errors don't try to check
893     certificate signature with the NULL public key.
894   - In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
895     if the server requested one: as stated in TLS 1.0 and SSL 3.0
896     specifications.
897  * more minor upstream bugfixes
898  * fix formatting in c_issuer (closes: #190026)
899  * fix Debian-FreeBSD support (closes: #200381)
900  * restart some services in postinst to make them use the new libraries
901  * remove duplicated openssl.1, crypto.3 and ssl.3 (closes: #198594)
902
903 -- Christoph Martin <christoph.martin@uni-mainz.de>  Wed,  1 Oct 2003 08:54:27 +0200
904
905openssl (0.9.7b-2) unstable; urgency=high
906
907  * fix permission of /etc/ssl/private to 700 again
908  * change section of libssl-dev to libdevel
909
910 -- Christoph Martin <christoph.martin@uni-mainz.de>  Wed, 23 Apr 2003 11:13:24 +0200
911
912openssl (0.9.7b-1) unstable; urgency=high
913
914  * upstream security fix
915   - Countermeasure against the Klima-Pokorny-Rosa extension of
916     Bleichbacher's attack on PKCS #1 v1.5 padding: treat
917     a protocol version number mismatch like a decryption error
918     in ssl3_get_client_key_exchange (ssl/s3_srvr.c). (CAN-2003-0131)
919    (closes: #189087)
920   - Turn on RSA blinding by default in the default implementation
921     to avoid a timing attack. Applications that don't want it can call
922     RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
923     They would be ill-advised to do so in most cases. (CAN-2003-0147)
924   - Change RSA blinding code so that it works when the PRNG is not
925     seeded (in this case, the secret RSA exponent is abused as
926     an unpredictable seed -- if it is not unpredictable, there
927     is no point in blinding anyway).  Make RSA blinding thread-safe
928     by remembering the creator's thread ID in rsa->blinding and
929     having all other threads use local one-time blinding factors
930     (this requires more computation than sharing rsa->blinding, but
931     avoids excessive locking; and if an RSA object is not shared
932     between threads, blinding will still be very fast).
933    for more details see the CHANGES file
934
935 -- Christoph Martin <christoph.martin@uni-mainz.de>  Wed, 16 Apr 2003 10:32:57 +0200
936
937openssl (0.9.7a-1) unstable; urgency=high
938
939  * upstream Security fix
940    - In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
941      via timing by performing a MAC computation even if incorrrect
942      block cipher padding has been found.  This is a countermeasure
943      against active attacks where the attacker has to distinguish
944      between bad padding and a MAC verification error. (CAN-2003-0078)
945    for more details see the CHANGES file
946
947 -- Christoph Martin <christoph.martin@uni-mainz.de>  Fri, 21 Feb 2003 22:39:40 +0100
948
949openssl (0.9.7-4) unstable; urgency=low
950
951  * use DH_COMPAT=3 to build
952  * move i686 to i686/cmov to fix problems on Via C3. For that to work we
953    have to depend on the newest libc6 on i386 (closes: #177891)
954  * fix bug in ui_util.c (closes: #177615)
955  * fix typo in md5.h (closes: #178112)
956
957 -- Christoph Martin <christoph.martin@uni-mainz.de>  Fri, 24 Jan 2003 10:22:56 +0100
958
959openssl (0.9.7-3) unstable; urgency=low
960
961  * enable build of ultrasparc code on non ultrasparc machines (closes:
962    #177024)
963
964 -- Christoph Martin <christoph.martin@uni-mainz.de>  Fri, 17 Jan 2003 08:22:13 +0100
965
966openssl (0.9.7-2) unstable; urgency=low
967
968  * include changes between 0.9.6g-9 and -10
969    * fix problem in build-process on i386 with libc6 version number
970
971 -- Christoph Martin <christoph.martin@uni-mainz.de>  Mon, 13 Jan 2003 14:26:56 +0100
972
973openssl (0.9.7-1) unstable; urgency=low
974
975  * new upstream
976    * includes engine support
977    * a lot of bugfixes and enhancements, see the CHANGES file
978    * include AES encryption
979    * makes preview of certificate configurable (closes: #176059)
980    * fix x509 manpage (closes: #168070)
981    * fix declaration of ERR_load_PEM_string in pem.h (closes: #141360)
982
983 -- Christoph Martin <christoph.martin@uni-mainz.de>  Sat, 11 Jan 2003 09:12:16 +0100
984
985openssl (0.9.6g-10) unstable; urgency=low
986
987  * fix problem in build-process on i386 with libc6 version number
988    (closes: #167096)
989
990 -- Christoph Martin <christoph.martin@uni-mainz.de>  Mon,  4 Nov 2002 12:27:21 +0100
991
992openssl (0.9.6g-9) unstable; urgency=low
993
994  * fix typo in i386 libc6 depend (sigh) (closes: #163848)
995
996 -- Christoph Martin <christoph.martin@uni-mainz.de>  Tue,  8 Oct 2002 23:29:20 +0200
997
998openssl (0.9.6g-8) unstable; urgency=low
999
1000  * fix libc6 depends. Only needed for i386 (closes: #163701)
1001  * remove SHLIB section for bsds from Configure (closes: #163585)
1002
1003 -- Christoph Martin <christoph.martin@uni-mainz.de>  Tue,  8 Oct 2002 10:57:35 +0200
1004
1005openssl (0.9.6g-7) unstable; urgency=low
1006
1007  * enable i686 optimisation and depend on fixed glibc (closes: #163500)
1008  * remove transition package ssleay
1009  * include optimisation vor sparcv8 (closes: #139996)
1010  * improve optimisation vor sparcv9
1011
1012 -- Christoph Martin <christoph.martin@uni-mainz.de>  Sun,  6 Oct 2002 14:07:12 +0200
1013
1014openssl (0.9.6g-6) unstable; urgency=low
1015
1016  * temporarily disable i686 optimisation (See bug in glibc #161788)
1017
1018 -- Christoph Martin <christoph.martin@uni-mainz.de>  Sat, 21 Sep 2002 18:56:49 +0200
1019
1020openssl (0.9.6g-5) unstable; urgency=low
1021
1022  * i486 can use i586 assembler
1023  * include set -xe in the for loops in the rules files to make it abort
1024    on error (closes: #161768)
1025
1026 -- Christoph Martin <christoph.martin@uni-mainz.de>  Sat, 21 Sep 2002 16:23:11 +0200
1027
1028openssl (0.9.6g-4) unstable; urgency=low
1029
1030  * fix optimization for alpha and sparc
1031  * add optimization for i486
1032
1033 -- Christoph Martin <christoph.martin@uni-mainz.de>  Fri, 20 Sep 2002 22:36:19 +0200
1034
1035openssl (0.9.6g-3) unstable; urgency=low
1036
1037  * add optimized libraries for i586, i686, ev4, ev5 and v9 (closes: #139783)
1038
1039 -- Christoph Martin <christoph.martin@uni-mainz.de>  Thu, 19 Sep 2002 18:33:04 +0200
1040
1041openssl (0.9.6g-2) unstable; urgency=low
1042
1043  * fix manpage names (closes: #156717, #156718, #156719, #156721)
1044
1045 -- Christoph Martin <christoph.martin@uni-mainz.de>  Thu, 15 Aug 2002 11:26:37 +0200
1046
1047openssl (0.9.6g-1) unstable; urgency=low
1048
1049  * new upstream version
1050  * Use proper error handling instead of 'assertions' in buffer
1051    overflow checks added in 0.9.6e.  This prevents DoS (the
1052    assertions could call abort()). (closes: #155985, #156495)
1053  * Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
1054    and get fix the header length calculation.
1055  * include support for new sh* architectures (closes: #155117)
1056
1057 -- Christoph Martin <christoph.martin@uni-mainz.de>  Wed, 14 Aug 2002 13:59:22 +0200
1058
1059openssl (0.9.6e-1) unstable; urgency=high
1060
1061  * fixes remote exploits (see DSA-136-1)
1062
1063 -- Christoph Martin <christoph.martin@uni-mainz.de>  Tue, 30 Jul 2002 18:32:28 +0200
1064
1065openssl (0.9.6d-1) unstable; urgency=low
1066
1067  * new upstream (minor) version
1068  * includes Configure lines for debian-*bsd-* (closes: #130413)
1069  * fix wrong prototype for BN_pseudo_rand_range in BN_rand(3ssl) (closes:
1070    #144586)
1071  * fix typos in package description (closes: #141469)
1072  * fix typo in SSL_CTX_set_cert_store manpage (closes: #135297)
1073
1074 -- Christoph Martin <christoph.martin@uni-mainz.de>  Mon,  3 Jun 2002 19:42:10 +0200
1075
1076openssl (0.9.6c-2) unstable; urgency=low
1077
1078  * moved from non-US to main
1079
1080 -- Christoph Martin <christoph.martin@uni-mainz.de>  Tue, 19 Mar 2002 14:48:39 +0100
1081
1082openssl (0.9.6c-1) unstable; urgency=low
1083
1084  * new upstream version with a lot of bugfixes
1085  * remove directory /usr/include/openssl from openssl package (closes:
1086    bug #121226) 
1087  * remove selfdepends from libssl0.9.6
1088  * link openssl binary shared again
1089
1090 -- Christoph Martin <christoph.martin@uni-mainz.de>  Sat,  5 Jan 2002 19:04:31 +0100
1091
1092openssl (0.9.6b-4) unstable; urgency=low
1093
1094  * build with -D_REENTRANT for threads support on all architectures
1095    (closes: #112329, #119239)
1096
1097 -- Christoph Martin <christoph.martin@uni-mainz.de>  Sat, 24 Nov 2001 12:17:51 +0100
1098
1099openssl (0.9.6b-3) unstable; urgency=low
1100
1101  * disable idea, mdc2 and rc5 because they are not free (closes: #65368)
1102  * ready to be moved from nonus to main
1103
1104 -- Christoph Martin <christoph.martin@uni-mainz.de>  Wed, 21 Nov 2001 17:51:41 +0100
1105
1106openssl (0.9.6b-2) unstable; urgency=high
1107
1108  * fix definition of crypt in des.h (closes: #107533)
1109  * fix descriptions (closes: #109503)
1110
1111 -- Christoph Martin <christoph.martin@uni-mainz.de>  Mon, 17 Sep 2001 15:38:27 +0200
1112
1113openssl (0.9.6b-1) unstable; urgency=medium
1114
1115  * new upstream fixes some security issues (closes: #105835, #100146)
1116  * added support for s390 (closes: #105681)
1117  * added support for sh (closes: #100003)
1118  * change priority of libssl096 to standard as ssh depends on it (closes:
1119    #105440)
1120  * don't optimize for i486 to support i386. (closes: #104127, #82194)
1121
1122 -- Christoph Martin <christoph.martin@uni-mainz.de>  Fri, 20 Jul 2001 15:52:42 +0200
1123
1124openssl (0.9.6a-3) unstable; urgency=medium
1125
1126  * add perl-base to builddeps
1127  * include static libraries in libssl-dev (closes: #93688)
1128
1129 -- Christoph Martin <christoph.martin@uni-mainz.de>  Mon, 14 May 2001 20:16:06 +0200
1130
1131openssl (0.9.6a-2) unstable; urgency=medium
1132
1133  * change Architecture of ssleay from any to all (closes: #92913)
1134  * depend libssl-dev on the exact same version of libssl0.9.6 (closes:
1135    #88939)
1136  * remove lib{crypto,ssl}.a from openssl (closes: #93666)
1137  * rebuild with newer gcc to fix atexit problem (closes: #94036)
1138
1139 -- Christoph Martin <christoph.martin@uni-mainz.de>  Wed,  2 May 2001 12:28:39 +0200
1140
1141openssl (0.9.6a-1) unstable; urgency=medium
1142
1143  * new upstream, fixes some security bugs (closes: #90584)
1144  * fix typo in s_server manpage (closes: #89756)
1145
1146 -- Christoph Martin <christoph.martin@uni-mainz.de>  Tue, 10 Apr 2001 12:13:11 +0200
1147
1148openssl (0.9.6-2) unstable; urgency=low
1149
1150  * policy: reorganisation of package names: libssl096 -> libssl0.9.6,
1151    libssl096-dev -> libssl-dev (closes: #83426)
1152  * libssl0.9.6 drops replaces libssl09 (Closes: #83425)
1153  * install upstream CHANGES files (Closes: #83430)
1154  * added support for hppa and ia64 (Closes: #88790)
1155  * move man3 manpages to libssl-dev (Closes: #87546)
1156  * fix formating problem in rand_add(1) (Closes: #87547)
1157  * remove manpage duplicates (Closes: #87545, #74986)
1158  * make package descriptions clearer (Closes: #83518, #83444)
1159  * increase default emailAddress_max from 40 to 60 (Closes: #67238)
1160  * removed RSAREF warning (Closes: #84122)
1161
1162 -- Christoph Martin <christoph.martin@uni-mainz.de>  Thu,  8 Mar 2001 14:24:00 +0100
1163
1164openssl (0.9.6-1) unstable; urgency=low
1165
1166  * New upstream version (Thanks to Enrique Zanardi <ezanard@debian.org>)
1167    (closes: #72388)
1168  * Add support for debian-hurd (closes: #76032)
1169
1170 -- Christoph Martin <christoph.martin@uni-mainz.de>  Mon, 13 Nov 2000 22:30:46 +0100
1171
1172openssl (0.9.5a-5) unstable; urgency=low
1173
1174  * move manpages in standard directories with section ssl (closes:
1175    #72152, #69809)
1176
1177 -- Christoph Martin <christoph.martin@uni-mainz.de>  Thu,  5 Oct 2000 19:56:20 +0200
1178
1179openssl (0.9.5a-4) unstable; urgency=low
1180
1181  * include edg_rand_bytes patch from and for apache-ssl
1182
1183 -- Christoph Martin <christoph.martin@uni-mainz.de>  Sat, 23 Sep 2000 16:48:06 +0200
1184
1185openssl (0.9.5a-3) unstable; urgency=low
1186
1187  * fix call to dh_makeshlibs to create correct shlibs file and make
1188    dependend programs link correctly (closes: Bug#61658)
1189  * include a note in README.debian concerning the location of the
1190    subcommand manpages (closes: Bug#69809)
1191
1192 -- Christoph Martin <christoph.martin@uni-mainz.de>  Sat, 16 Sep 2000 19:10:50 +0200
1193
1194openssl (0.9.5a-2) unstable; urgency=low
1195
1196  * try to fix the sharedlib problem. change soname of library
1197  (closes: Bug#4622, #66102, #66538, #66123)
1198
1199 -- Christoph Martin <christoph.martin@uni-mainz.de>  Wed, 12 Jul 2000 03:26:30 +0200
1200
1201openssl (0.9.5a-1) unstable; urgency=low
1202
1203  * new upstream version (major changes see file NEWS) (closes: Bug#63976,
1204    #65239, #65358)
1205  * new library package libssl095a because of probably changed library
1206    interface (closes: Bug#46222)
1207  * added architecture mips and mipsel (closes: Bug#62437, #60366)
1208  * provide shlibs.local file in build to help build if libraries are not
1209    yet installed (closes: Bug#63984)
1210
1211 -- Christoph Martin <christoph.martin@uni-mainz.de>  Sun, 11 Jun 2000 15:17:35 +0200
1212
1213openssl (0.9.4-5) frozen unstable; urgency=medium
1214
1215  * cleanup of move of doc directories to /usr/share/doc (closes:
1216    Bug#56430)
1217  * lintian issues (closes: Bug#49358)
1218  * move demos from openssl to libssl09-dev (closes: Bug#59201)
1219  * move to debhelpers
1220
1221 -- Christoph Martin <christoph.martin@uni-mainz.de>  Sat, 11 Mar 2000 10:38:04 +0100
1222
1223openssl (0.9.4-4) unstable; urgency=medium
1224
1225  * Added 'debian-arm' in 'Configure'. (closes: Bug#54251, #54766)
1226  * Fixed Configure for 'debian-m68k' (closes: Bug#53636)
1227
1228 -- Christoph Martin <christoph.martin@uni-mainz.de>  Sat, 15 Jan 2000 13:16:18 +0100
1229
1230openssl (0.9.4-3) unstable; urgency=low
1231
1232  * define symbol SSLeay_add_ssl_algorithms for backward compatibility
1233    (closes: Bug#46882)
1234  * remove manpages from /usr/doc/openssl (closes: Bug#46791)
1235
1236 -- Christoph Martin <christoph.martin@uni-mainz.de>  Thu, 14 Oct 1999 16:51:08 +0200
1237
1238openssl (0.9.4-2) unstable; urgency=low
1239
1240  * include some more docu in pod format (Bug #43933)
1241  * removed -mv8 from sparc flags (Bug #44769)
1242
1243 -- Christoph Martin <christoph.martin@uni-mainz.de>  Tue, 14 Sep 1999 22:04:06 +0200
1244
1245openssl (0.9.4-1) unstable; urgency=low
1246
1247  * new upstream version (Closes: #42926)
1248
1249 -- Christoph Martin <christoph.martin@uni-mainz.de>  Sat, 28 Aug 1999 17:04:23 +0200
1250
1251openssl (0.9.3a-1) unstable; urgency=low
1252
1253  * new upstream version (Bug #38345, #38627)
1254  * sparc is big-endian (Bug #39973)
1255
1256 -- Christoph Martin <christoph.martin@uni-mainz.de>  Wed,  7 Jul 1999 16:03:37 +0200
1257
1258openssl (0.9.2b-3) unstable; urgency=low
1259
1260  * correct move conffiles to /etc/ssl (Bug #38570)
1261
1262 -- Christoph Martin <christoph.martin@uni-mainz.de>  Mon, 31 May 1999 21:08:07 +0200
1263
1264openssl (0.9.2b-2) unstable; urgency=low
1265
1266  * added convenience package ssleay to help upgrade to openssl (Bug
1267    #37185, #37623, #36326)
1268  * added some missing dependencies from libssl09 (Bug #36681, #35867,
1269    #36326)
1270  * move lib*.so to libssl09-dev (Bug #36761)
1271  * corrected version numbers of library files
1272  * introduce link from /usr/lib/ssl to /etc/ssl (Bug #36710)
1273
1274 -- Christoph Martin <christoph.martin@uni-mainz.de>  Sun, 23 May 1999 14:57:48 +0200
1275
1276openssl (0.9.2b-1) unstable; urgency=medium
1277
1278  * First openssl version
1279
1280 -- Christoph Martin <christoph.martin@uni-mainz.de>  Wed, 31 Mar 1999 15:54:26 +0200
1281
1282ssleay (0.9.0b-2) unstable; urgency=low
1283
1284  * Include message about the (not)usage of RSAREF (#24409)
1285  * Move configfiles from /usr/lib/ssl to /etc/ssl (#26406)
1286  * Change definitions for sparc (#26487)
1287  * Added missing dependency (#28591)
1288  * Make debian/libtool executable (#29708)
1289  * /etc/ssl/lib/ssleay.cnf is now a confile (#32624)
1290
1291 -- Christoph Martin <christoph.martin@uni-mainz.de>  Sun, 21 Mar 1999 19:41:04 +0100
1292
1293ssleay (0.9.0b-1) unstable; urgency=low
1294
1295  * new upstream version (Bug #21227, #25971)
1296  * build shared libraries with -fPIC (Bug #20027)
1297  * support sparc architecture (Bug #28467)
1298
1299 -- Christoph Martin <christoph.martin@uni-mainz.de>  Tue, 13 Oct 1998 10:20:13 +0200
1300
1301ssleay (0.8.1-7) frozen unstable; urgency=high
1302
1303  * security fix patch to 0.8.1b (bug #24022)
1304
1305 -- Christoph Martin <christoph.martin@uni-mainz.de>  Mon,  6 Jul 1998 15:42:15 +0200
1306
1307ssleay (0.8.1-6) frozen unstable; urgency=low
1308
1309  * second try to fix bug #15235 (copyright was still missing)
1310
1311 -- Christoph Martin <christoph.martin@uni-mainz.de>  Mon, 22 Jun 1998 08:56:27 +0200
1312
1313ssleay (0.8.1-5) frozen unstable; urgency=high
1314
1315  * changed /dev/random to /dev/urandom (Bug #23169, #17817)
1316  * copyright contains now the full licence (Bug #15235)
1317  * fixed bug #19410 (md5sums-lists-nonexisting-file)
1318  * added demos to /usr/doc (Bug #17372)
1319  * fixed type in package description (Bug #18969)
1320  * fixed bug in adding documentation (Bug #21463)
1321  * added patch for support of debian-powerpc (Bug #21579)
1322
1323 -- Christoph Martin <christoph.martin@uni-mainz.de>  Thu, 18 Jun 1998 23:09:13 +0200
1324
1325ssleay (0.8.1-4) unstable; urgency=low
1326
1327  * purged dependency from libc5
1328
1329 -- Christoph Martin <christoph.martin@uni-mainz.de>  Tue, 11 Nov 1997 15:31:50 +0100
1330
1331ssleay (0.8.1-3) unstable; urgency=low
1332
1333  * changed packagename libssl to libssl08 to get better dependancies
1334
1335 -- Christoph Martin <christoph.martin@uni-mainz.de>  Fri,  7 Nov 1997 14:23:17 +0100
1336
1337ssleay (0.8.1-2) unstable; urgency=low
1338
1339  * linked shared libraries against libc6
1340  * use /dev/random for randomseed
1341
1342 -- Christoph Martin <christoph.martin@uni-mainz.de>  Wed,  5 Nov 1997 11:21:40 +0100
1343
1344ssleay (0.8.1-1) unstable; urgency=low
1345
1346  * new upstream version
1347
1348 -- Christoph Martin <christoph.martin@uni-mainz.de>  Thu, 16 Oct 1997 16:15:43 +0200
1349
1350ssleay (0.6.6-2) unstable; urgency=low
1351
1352  * cleanup in diffs
1353  * removed INSTALL from docs (bug #13205)
1354  * split libssl and libssl-dev (but #13735)
1355
1356 -- Christoph Martin <christoph.martin@uni-mainz.de>  Wed, 15 Oct 1997 17:38:38 +0200
1357
1358ssleay (0.6.6-1) unstable; urgency=low
1359
1360  * New upstream version
1361  * added shared libraries for libcrypto and libssl
1362
1363 -- Christoph Martin <martin@uni-mainz.de>  Thu, 26 Jun 1997 19:26:14 +0200
1364
1365ssleay (0.6.4-2) unstable; urgency=low
1366
1367  * changed doc filenames from .doc to .txt to be able to read them
1368    over with webbrowser
1369
1370 -- Christoph Martin <martin@uni-mainz.de>  Tue, 25 Feb 1997 14:02:53 +0100
1371
1372ssleay (0.6.4-1) unstable; urgency=low
1373
1374  * Initial Release.
1375
1376 -- Christoph Martin <martin@uni-mainz.de>  Fri, 22 Nov 1996 21:29:51 +0100
Note: See TracBrowser for help on using the repository browser.