openssl (0.9.6c-2.woody.8) oldstable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to remove SSLv2 fallback in order to fix a possibility to use a weaker protocol version [ssl/s23_srvr.c, CVE-2005-2969] -- Martin Schulze Thu, 20 Oct 2005 07:39:31 +0200 openssl (0.9.6c-2.woody.7) stable-security; urgency=high * Non-Maintainer upload by the Security Team * Applied patch by Martin Pitt to fix insecure temporary file creation by replacing $$-style creation of temporary files with File::Temp::tempfile() [apps/der_chop, CAN-2004-0975] -- Martin Schulze Thu, 25 Nov 2004 11:30:49 +0100 openssl (0.9.6c-2.woody.6) stable-security; urgency=high * Non-maintainer upload by the Security Team * Apply upstream patch to fix denial of service (infinite loop) (CAN-2004-0081) -- Matt Zimmerman Wed, 3 Mar 2004 11:06:01 -0800 openssl (0.9.6c-2.woody.5) stable-security; urgency=high * Non-maintainer upload by the Security Team * Apply upstream patch to fix NULL pointer dereference in do_change_cipher_spec (CAN-2004-0079) -- Matt Zimmerman Fri, 27 Feb 2004 09:16:45 -0800 openssl (0.9.6c-2.woody.4) stable-security; urgency=low * Non-maintainer upload by the Security Team * Apply upstream changes from CVS to fix ASN1 parsing bugs documented in CAN-2003-0544 and CAN-2003-0543 -- Noah Meyerhans Tue, 30 Sep 2003 19:07:16 -0400 openssl (0.9.6c-2.woody.3) stable-security; urgency=high * Non-maintainer upload by the Security Team * [rsa_eay.c, rsa_lib.c] Apply upstream patch from http://www.openssl.org/news/secadv_20030317.txt to fix CAN-2003-0147 by enabling RSA blinding to prevent a timing attack * [ssl/s3_srvr.c] Apply upstream patch from http://www.openssl.org/news/secadv_20030319.txt to fix CAN-2003-0131 (The Klima-Pokorny-Rosa extension of Bleichenbacher's attack) -- Matt Zimmerman Mon, 7 Apr 2003 16:51:30 -0400 openssl (0.9.6c-2.woody.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch to fix vulnerability to timing-based attacks (see CAN-2003-0078) * Applied preventative measure patch by Richard Levitte -- Martin Schulze Fri, 21 Feb 2003 16:34:17 +0100 openssl (0.9.6c-2.woody.1) stable-security; urgency=low * Update to asn1 fix corrects bounds checking error. -- Michael Stone Sat, 03 Aug 2002 08:08:15 -0400 openssl (0.9.6c-2.woody.0) stable-security; urgency=low * SECURITY: patch for various overflows (upstream security patch 0.9.6d->0.9.6e) -- Michael Stone Mon, 29 Jul 2002 21:34:41 -0400 openssl (0.9.6c-1) unstable; urgency=low * new upstream version with a lot of bugfixes * remove directory /usr/include/openssl from openssl package (closes: bug #121226) * remove selfdepends from libssl0.9.6 * link openssl binary shared again -- Christoph Martin Sat, 5 Jan 2002 19:04:31 +0100 openssl (0.9.6b-4) unstable; urgency=low * build with -D_REENTRANT for threads support on all architectures (closes: #112329, #119239) -- Christoph Martin Sat, 24 Nov 2001 12:17:51 +0100 openssl (0.9.6b-3) unstable; urgency=low * disable idea, mdc2 and rc5 because they are not free (closes: #65368) * ready to be moved from nonus to main -- Christoph Martin Wed, 21 Nov 2001 17:51:41 +0100 openssl (0.9.6b-2) unstable; urgency=high * fix definition of crypt in des.h (closes: #107533) * fix descriptions (closes: #109503) -- Christoph Martin Mon, 17 Sep 2001 15:38:27 +0200 openssl (0.9.6b-1) unstable; urgency=medium * new upstream fixes some security issues (closes: #105835, #100146) * added support for s390 (closes: #105681) * added support for sh (closes: #100003) * change priority of libssl096 to standard as ssh depends on it (closes: #105440) * don't optimize for i486 to support i386. (closes: #104127, #82194) -- Christoph Martin Fri, 20 Jul 2001 15:52:42 +0200 openssl (0.9.6a-3) unstable; urgency=medium * add perl-base to builddeps * include static libraries in libssl-dev (closes: #93688) -- Christoph Martin Mon, 14 May 2001 20:16:06 +0200 openssl (0.9.6a-2) unstable; urgency=medium * change Architecture of ssleay from any to all (closes: #92913) * depend libssl-dev on the exact same version of libssl0.9.6 (closes: #88939) * remove lib{crypto,ssl}.a from openssl (closes: #93666) * rebuild with newer gcc to fix atexit problem (closes: #94036) -- Christoph Martin Wed, 2 May 2001 12:28:39 +0200 openssl (0.9.6a-1) unstable; urgency=medium * new upstream, fixes some security bugs (closes: #90584) * fix typo in s_server manpage (closes: #89756) -- Christoph Martin Tue, 10 Apr 2001 12:13:11 +0200 openssl (0.9.6-2) unstable; urgency=low * policy: reorganisation of package names: libssl096 -> libssl0.9.6, libssl096-dev -> libssl-dev (closes: #83426) * libssl0.9.6 drops replaces libssl09 (Closes: #83425) * install upstream CHANGES files (Closes: #83430) * added support for hppa and ia64 (Closes: #88790) * move man3 manpages to libssl-dev (Closes: #87546) * fix formating problem in rand_add(1) (Closes: #87547) * remove manpage duplicates (Closes: #87545, #74986) * make package descriptions clearer (Closes: #83518, #83444) * increase default emailAddress_max from 40 to 60 (Closes: #67238) * removed RSAREF warning (Closes: #84122) -- Christoph Martin Thu, 8 Mar 2001 14:24:00 +0100 openssl (0.9.6-1) unstable; urgency=low * New upstream version (Thanks to Enrique Zanardi ) (closes: #72388) * Add support for debian-hurd (closes: #76032) -- Christoph Martin Mon, 13 Nov 2000 22:30:46 +0100 openssl (0.9.5a-5) unstable; urgency=low * move manpages in standard directories with section ssl (closes: #72152, #69809) -- Christoph Martin Thu, 5 Oct 2000 19:56:20 +0200 openssl (0.9.5a-4) unstable; urgency=low * include edg_rand_bytes patch from and for apache-ssl -- Christoph Martin Sat, 23 Sep 2000 16:48:06 +0200 openssl (0.9.5a-3) unstable; urgency=low * fix call to dh_makeshlibs to create correct shlibs file and make dependend programs link correctly (closes: Bug#61658) * include a note in README.debian concerning the location of the subcommand manpages (closes: Bug#69809) -- Christoph Martin Sat, 16 Sep 2000 19:10:50 +0200 openssl (0.9.5a-2) unstable; urgency=low * try to fix the sharedlib problem. change soname of library (closes: Bug#4622, #66102, #66538, #66123) -- Christoph Martin Wed, 12 Jul 2000 03:26:30 +0200 openssl (0.9.5a-1) unstable; urgency=low * new upstream version (major changes see file NEWS) (closes: Bug#63976, #65239, #65358) * new library package libssl095a because of probably changed library interface (closes: Bug#46222) * added architecture mips and mipsel (closes: Bug#62437, #60366) * provide shlibs.local file in build to help build if libraries are not yet installed (closes: Bug#63984) -- Christoph Martin Sun, 11 Jun 2000 15:17:35 +0200 openssl (0.9.4-5) frozen unstable; urgency=medium * cleanup of move of doc directories to /usr/share/doc (closes: Bug#56430) * lintian issues (closes: Bug#49358) * move demos from openssl to libssl09-dev (closes: Bug#59201) * move to debhelpers -- Christoph Martin Sat, 11 Mar 2000 10:38:04 +0100 openssl (0.9.4-4) unstable; urgency=medium * Added 'debian-arm' in 'Configure'. (closes: Bug#54251, #54766) * Fixed Configure for 'debian-m68k' (closes: Bug#53636) -- Christoph Martin Sat, 15 Jan 2000 13:16:18 +0100 openssl (0.9.4-3) unstable; urgency=low * define symbol SSLeay_add_ssl_algorithms for backward compatibility (closes: Bug#46882) * remove manpages from /usr/doc/openssl (closes: Bug#46791) -- Christoph Martin Thu, 14 Oct 1999 16:51:08 +0200 openssl (0.9.4-2) unstable; urgency=low * include some more docu in pod format (Bug #43933) * removed -mv8 from sparc flags (Bug #44769) -- Christoph Martin Tue, 14 Sep 1999 22:04:06 +0200 openssl (0.9.4-1) unstable; urgency=low * new upstream version (Closes: #42926) -- Christoph Martin Sat, 28 Aug 1999 17:04:23 +0200 openssl (0.9.3a-1) unstable; urgency=low * new upstream version (Bug #38345, #38627) * sparc is big-endian (Bug #39973) -- Christoph Martin Wed, 7 Jul 1999 16:03:37 +0200 openssl (0.9.2b-3) unstable; urgency=low * correct move conffiles to /etc/ssl (Bug #38570) -- Christoph Martin Mon, 31 May 1999 21:08:07 +0200 openssl (0.9.2b-2) unstable; urgency=low * added convenience package ssleay to help upgrade to openssl (Bug #37185, #37623, #36326) * added some missing dependencies from libssl09 (Bug #36681, #35867, #36326) * move lib*.so to libssl09-dev (Bug #36761) * corrected version numbers of library files * introduce link from /usr/lib/ssl to /etc/ssl (Bug #36710) -- Christoph Martin Sun, 23 May 1999 14:57:48 +0200 openssl (0.9.2b-1) unstable; urgency=medium * First openssl version -- Christoph Martin Wed, 31 Mar 1999 15:54:26 +0200 ssleay (0.9.0b-2) unstable; urgency=low * Include message about the (not)usage of RSAREF (#24409) * Move configfiles from /usr/lib/ssl to /etc/ssl (#26406) * Change definitions for sparc (#26487) * Added missing dependency (#28591) * Make debian/libtool executable (#29708) * /etc/ssl/lib/ssleay.cnf is now a confile (#32624) -- Christoph Martin Sun, 21 Mar 1999 19:41:04 +0100 ssleay (0.9.0b-1) unstable; urgency=low * new upstream version (Bug #21227, #25971) * build shared libraries with -fPIC (Bug #20027) * support sparc architecture (Bug #28467) -- Christoph Martin Tue, 13 Oct 1998 10:20:13 +0200 ssleay (0.8.1-7) frozen unstable; urgency=high * security fix patch to 0.8.1b (bug #24022) -- Christoph Martin Mon, 6 Jul 1998 15:42:15 +0200 ssleay (0.8.1-6) frozen unstable; urgency=low * second try to fix bug #15235 (copyright was still missing) -- Christoph Martin Mon, 22 Jun 1998 08:56:27 +0200 ssleay (0.8.1-5) frozen unstable; urgency=high * changed /dev/random to /dev/urandom (Bug #23169, #17817) * copyright contains now the full licence (Bug #15235) * fixed bug #19410 (md5sums-lists-nonexisting-file) * added demos to /usr/doc (Bug #17372) * fixed type in package description (Bug #18969) * fixed bug in adding documentation (Bug #21463) * added patch for support of debian-powerpc (Bug #21579) -- Christoph Martin Thu, 18 Jun 1998 23:09:13 +0200 ssleay (0.8.1-4) unstable; urgency=low * purged dependency from libc5 -- Christoph Martin Tue, 11 Nov 1997 15:31:50 +0100 ssleay (0.8.1-3) unstable; urgency=low * changed packagename libssl to libssl08 to get better dependancies -- Christoph Martin Fri, 7 Nov 1997 14:23:17 +0100 ssleay (0.8.1-2) unstable; urgency=low * linked shared libraries against libc6 * use /dev/random for randomseed -- Christoph Martin Wed, 5 Nov 1997 11:21:40 +0100 ssleay (0.8.1-1) unstable; urgency=low * new upstream version -- Christoph Martin Thu, 16 Oct 1997 16:15:43 +0200 ssleay (0.6.6-2) unstable; urgency=low * cleanup in diffs * removed INSTALL from docs (bug #13205) * split libssl and libssl-dev (but #13735) -- Christoph Martin Wed, 15 Oct 1997 17:38:38 +0200 ssleay (0.6.6-1) unstable; urgency=low * New upstream version * added shared libraries for libcrypto and libssl -- Christoph Martin Thu, 26 Jun 1997 19:26:14 +0200 ssleay (0.6.4-2) unstable; urgency=low * changed doc filenames from .doc to .txt to be able to read them over with webbrowser -- Christoph Martin Tue, 25 Feb 1997 14:02:53 +0100 ssleay (0.6.4-1) unstable; urgency=low * Initial Release. -- Christoph Martin Fri, 22 Nov 1996 21:29:51 +0100