Change log for openssl package in Debian

175 of 131 results
Published in buster-release on 2017-11-06
Published in sid-release on 2017-11-04
openssl (1.1.0g-2) unstable; urgency=high

  * Avoid problems with aes assembler on armhf using binutils 2.29

 -- Kurt Roeckx <email address hidden>  Sat, 04 Nov 2017 12:48:13 +0100
Superseded in sid-release on 2017-11-04
openssl (1.1.0g-1) unstable; urgency=medium

  * New upstream version
    - Fixes CVE-2017-3735
    - Fixes CVE-2017-3736
  * Remove patches applied upstream
  * Temporary enable TLS 1.0 and 1.1 again (#875423)
  * Attempt to fix testsuite race condition
  * update no-symbolic.patch to apply

 -- Kurt Roeckx <email address hidden>  Thu, 02 Nov 2017 15:22:48 +0100
Published in buster-release on 2017-09-03
Published in sid-release on 2017-08-25
openssl (1.1.0f-5) unstable; urgency=medium

  * Instead of completly disabling TLS 1.0 and 1.1, just set the minimum
    version to TLS 1.2 by default. TLS 1.0 and 1.1 can be enabled again by
    calling SSL_CTX_set_min_proto_version() or SSL_set_min_proto_version().

 -- Kurt Roeckx <email address hidden>  Tue, 08 Aug 2017 16:13:54 +0200
Published in sid-release on 2017-08-28
Published in buster-release on 2017-08-12
Superseded in sid-release on 2017-08-26
openssl (1.1.0f-4) unstable; urgency=medium

  [ Sebastian Andrzej Siewior ]
  * Add support for arm64ilp32, patch by Wookey (Closes: #867240)

  [ Kurt Roeckx ]
  * Disable TLS 1.0 and 1.1, leaving 1.2 as the only supported SSL/TLS
    version. This will likely break things, but the hope is that by
    the release of Buster everything will speak at least TLS 1.2. This will be
    reconsidered before the Buster release.
  * Fix a race condition in the test suite (Closes: #869856)

 -- Kurt Roeckx <email address hidden>  Mon, 07 Aug 2017 01:08:45 +0200
Published in buster-release on 2017-07-17
Published in stretch-release on 2017-06-07
Published in sid-release on 2017-06-05
openssl (1.1.0f-3) unstable; urgency=medium

  * Don't cleanup a thread-local key we didn't create it (Closes: #863707)

 -- Kurt Roeckx <email address hidden>  Mon, 05 Jun 2017 11:40:42 +0200
Superseded in sid-release on 2017-06-05
openssl (1.1.0f-2) unstable; urgency=medium

  * Make the udeb use a versioned depends (Closes: #864080)
  * Conflict with libssl1.0-dev (Closes: #863367)

 -- Kurt Roeckx <email address hidden>  Sun, 04 Jun 2017 12:07:38 +0200
Superseded in sid-release on 2017-06-04
openssl (1.1.0f-1) unstable; urgency=medium

  * New upstream version
    - Fix regression in req -x509 (Closes: #839575)
    - Properly detect features on the AMD Ryzen processor (Closes: #861145)
    - Don't mention -tls1_3 in the manpage (Closes: #859191)
  * Update libssl1.1.symbols for new symbols
  * Update man-section.patch

 -- Kurt Roeckx <email address hidden>  Thu, 25 May 2017 18:29:01 +0200
Published in jessie-release on 2017-05-07
openssl (1.0.1t-1+deb8u6) jessie-security; urgency=medium

  * Fix CVE-2016-8610
  * Fix CVE-2017-3731
  * Fix CVE-2016-7056

 -- Kurt Roeckx <email address hidden>  Thu, 26 Jan 2017 23:44:23 +0100
Superseded in stretch-release on 2017-06-10
Published in sid-release on 2017-05-03
openssl (1.1.0e-2) unstable; urgency=medium

  * Make openssl depend on perl-base (Closes: #860254)

 -- Sebastian Andrzej Siewior <email address hidden>  Mon, 01 May 2017 21:50:37 +0200
Superseded in stretch-release on 2017-05-20
Superseded in sid-release on 2017-05-25
openssl (1.1.0e-1) unstable; urgency=high

  * New upstream version
    - Fixes CVE-2017-3733
    - Remove patches that are applied upstream.

 -- Kurt Roeckx <email address hidden>  Thu, 16 Feb 2017 18:57:58 +0100
Superseded in stretch-release on 2017-02-20
Superseded in sid-release on 2017-02-16
openssl (1.1.0d-2) unstable; urgency=medium

  * Fix building of arch and all packages in a minimal environment
    (Closes: #852900).
  * Fix precomputing SHA1 by adding the following patches from upstream:
    - Add-a-couple-of-test-to-check-CRL-fingerprint.patch
    - Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch
    - X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch
    (Closes: #852920).

 -- Sebastian Andrzej Siewior <email address hidden>  Mon, 30 Jan 2017 23:20:07 +0100
Superseded in sid-release on 2017-01-31
openssl (1.1.0d-1) unstable; urgency=medium

  * New Upstream release
    - Fixes CVE-2017-3731
    - Fixes CVE-2017-3730
    - Fixes CVE-2017-3732
    - drop revert_ssl_read.patch and
      0001-Add-missing-zdelete-for-some-linux-arches.patch, applied upstream.
  * add new symbols.

 -- Sebastian Andrzej Siewior <email address hidden>  Thu, 26 Jan 2017 16:38:34 +0100
Superseded in sid-release on 2017-01-27
openssl (1.1.0c-4) unstable; urgency=medium

  * Make build-indep build again.
  * Don't depend on perl:any in openssl as it breaks debootstrap
   ("Closes: #852017).

 -- Sebastian Andrzej Siewior <email address hidden>  Fri, 20 Jan 2017 22:18:15 +0100
Superseded in sid-release on 2017-01-21
openssl (1.1.0c-3) unstable; urgency=medium

  * Add myself as Uploader.
  * Add support for tilegx, patch by Helmut Grohne (Closes: #848957).
  * redo the rules file to some newer debhelper:
    - everyfile should remain, nothing should get lost
    - the scripts in the doc package gained an exec bit
    - openssl gained a dep on perl (the package contains perl scripts)
    - libssl1.0.2-dbg is gone, we have dbgsym now
    - dh compat 10
    - pkg.install instead of pkg.files is used for install
  * Mark libssl-doc as MA foreign
  * Update Standards-Version from 3.9.5 to 3.9.8. No changes required.
  * Document the change for openssl's enc command between 1.1.0 and pre 1.1.0
    in the NEWS file (Closes: #843064).
  * Add an override for lintian for the non-standard private directory

 -- Sebastian Andrzej Siewior <email address hidden>  Thu, 19 Jan 2017 23:00:01 +0100
Superseded in jessie-release on 2017-05-07
openssl (1.0.1t-1+deb8u5) jessie-security; urgency=medium

  * The patch for CVE-2016-2182 was missing a fix.  (Closes: #838652, #838659)

 -- Kurt Roeckx <email address hidden>  Fri, 23 Sep 2016 19:48:42 +0200
Superseded in stretch-release on 2017-02-14
Superseded in sid-release on 2017-01-27
openssl (1.1.0c-2) unstable; urgency=medium

  * Revert behaviour of SSL_read() and SSL_write(), and update documentation.
    (Closes: #844234)
  * Add missing -zdelete on x32 (Closes: #844715)
  * Add a Breaks on salt-common. Addresses #844706

 -- Kurt Roeckx <email address hidden>  Mon, 21 Nov 2016 22:20:00 +0100
Superseded in sid-release on 2016-11-22
openssl (1.1.0c-1) unstable; urgency=medium

  * New upstrem release
    - Fix CVE-2016-7053
    - Fix CVE-2016-7054
    - Fix CVE-2016-7055
  * remove no-rpath.patch, applied upstream.
  * Remove old d2i test cases, use the one from the upstream tarball.
  * Update libssl1.1.symbols for new sysmbols.

 -- Kurt Roeckx <email address hidden>  Thu, 10 Nov 2016 19:05:44 +0100
Superseded in sid-release on 2016-11-10
openssl (1.1.0b-2) unstable; urgency=low

  * Upload to unstable

 -- Kurt Roeckx <email address hidden>  Tue, 01 Nov 2016 22:02:32 +0100
Superseded in stretch-release on 2017-01-25
Superseded in sid-release on 2017-04-08
openssl (1.0.2j-1) unstable; urgency=medium

  * New upstream release
    - Fixes CVE-2016-7052

 -- Kurt Roeckx <email address hidden>  Mon, 26 Sep 2016 18:17:39 +0200
Deleted in experimental-release (Reason: None provided.)
openssl (1.1.0b-1) experimental; urgency=medium

  * New upstream release
    - Fixes CVE-2016-6309

 -- Kurt Roeckx <email address hidden>  Mon, 26 Sep 2016 18:21:09 +0200
Superseded in sid-release on 2016-09-27
openssl (1.0.2i-1) unstable; urgency=high

  * New upstream version
    - Fix CVE-2016-2177
    - Fix CVE-2016-2178
    - Fix CVE-2016-2179
    - Fix CVE-2016-2180
    - Fix CVE-2016-2181
    - Fix CVE-2016-2182
    - Fix CVE-2016-2183
    - Fix CVE-2016-6302
    - Fix CVE-2016-6303
    - Fix CVE-2016-6304
    - Fix CVE-2016-6306
  * Drop ca.patch, option is now documented upstream
  * Update engines-path.patch to also update the libcrypto.pc, now that that
    has an enginesdir in it.

 -- Kurt Roeckx <email address hidden>  Thu, 22 Sep 2016 19:39:36 +0200
Superseded in experimental-release on 2016-09-27
openssl (1.1.0a-1) experimental; urgency=medium

  * New upstream release
    - Fix CVE-2016-6304
    - Fix CVE-2016-6305
    - Fix CVE-2016-6307
    - Fix CVE-2016-6308
  * Update c_rehash-compat.patch to apply to new version.
  * Update symbol file.

 -- Kurt Roeckx <email address hidden>  Thu, 22 Sep 2016 20:13:59 +0200
Superseded in stretch-release on 2016-11-21
Superseded in sid-release on 2016-11-15
Superseded in jessie-release on 2017-01-14
openssl (1.0.1t-1+deb8u3) jessie; urgency=medium

  [ Kurt Roeckx ]
  * Fix length check for CRLs. (Closes: #826552)

  [ Sebastian Andrzej Siewior ]
  * Enable asm optimisation for s390x. Patch by Dimitri John Ledkov.
    (Closes: #833156).

 -- Kurt Roeckx <email address hidden>  Sat, 11 Jun 2016 19:18:11 +0200
Superseded in experimental-release on 2016-09-23
openssl (1.1.0-1) experimental; urgency=medium

  [ Kurt Roeckx ]
  * New upstream version
  * Use Package-Type instead of XC-Package-Type
  * Remove "Priority: optional" in the binary packages.
  * Add Homepage
  * Use dpkg-buildflags's LDFLAGS also for building the shared libraries.

  [ Sebastian Andrzej Siewior ]
  * drop config-hurd.patch, we don't use `config' and it works without the
    patch.
  * Drop depend on zlib1g-dev since we don't use it anymore (Closes: #767207)
  * Make the openssl package Multi-Arch: foregin (Closes: #827028)

 -- Kurt Roeckx <email address hidden>  Thu, 25 Aug 2016 18:52:22 +0200
Superseded in experimental-release on 2016-08-26
openssl (1.1.0~pre6-1) experimental; urgency=medium

  [ Sebastian Andrzej Siewior ]
  * drop engines-path.patch. Upstream uses a 1.1 suffixes now.

  [ Kurt Roeckx ]
  * New upstream version
  * Drop upstream snapshot
  * Update symbols file
  * Use some https instead of http URLs

 -- Kurt Roeckx <email address hidden>  Thu, 04 Aug 2016 18:33:24 +0200
Superseded in experimental-release on 2016-08-15
openssl (1.1.0~pre5-5) experimental; urgency=medium

  * Update snapshot to commit fe964f0c88f6780fd30b26e306484b981b0a8480

 -- Kurt Roeckx <email address hidden>  Sat, 02 Jul 2016 14:54:51 +0200
Superseded in experimental-release on 2016-07-03
openssl (1.1.0~pre5-4) experimental; urgency=medium

  * Update snapshot to commit c32bdbf171ce6650ef045ec47b5abe0de7c264db
  * Remove utils-mkdir-p-check-if-dir-exists-also-after-mkdir-f.patch, applied
    upstream

 -- Kurt Roeckx <email address hidden>  Sun, 26 Jun 2016 15:07:48 +0200
Superseded in experimental-release on 2016-06-27
openssl (1.1.0~pre5-3) experimental; urgency=medium

  [ Kurt Roeckx ]
  * Don't use assembler on hppa, it's not writen for Linux.

 -- Sebastian Andrzej Siewior <email address hidden>  Fri, 10 Jun 2016 22:33:06 +0200
Superseded in sid-release on 2016-09-17
Superseded in jessie-release on 2016-09-17
Superseded in stretch-release on 2016-09-17
openssl (1.0.1t-1+deb8u2) jessie; urgency=medium

  * add Update-S-MIME-certificates.patch to update expired certificates to
    pass the test suite

 -- Sebastian Andrzej Siewior <email address hidden>  Wed, 11 May 2016 23:22:52 +0200
Superseded in experimental-release on 2016-06-11
openssl (1.1.0~pre5-1) experimental; urgency=medium

  * New upstream version with soname change.  Upload to experimental.
    - Rename binary packages
    - Remove patches:
      - block_diginotar.patch: All cross certificates expired in 2013
      - block_digicert_malaysia.patch: intermediate certificates expired in
        2015
      - man-dir.patch: Fixed upstream
      - valgrind.patch: Upstream no longer adds the uninitialized data to the
        RNG
      - shared-lib-ext.patch: No longer needed
      - version-script.patch: Upstream does symbol versioning itself now
      - disable_freelist.patch: No longer needed
      - soname.patch: Was to change to the 1.0.2 soname that upstream never had
      - disable_sslv3_test.patch: Fixed upstream
      - libdoc-manpgs-pod-spell.patch: Fixed upstream (Closes: #813191)
    - Rewrite debian-targets.patch to work with the new configuration system.
    - Update other patches to apply
    - Update list of install docs
    - Use DESTDIR instead of INSTALL_PREFIX
    - Clean up more files
    - Remove the configure option enable-tlsext no-ssl2 since they're no
      longer supported.
  * Add upstream snapshot:
    - Add d2i-tests.tar to get new binary test files.
  * Don't build i686 optimized version anymore on i386, it's now the default.
    (Closes: #823774)

 -- Kurt Roeckx <email address hidden>  Sat, 28 May 2016 20:58:31 +0200
Superseded in stretch-release on 2016-11-01
Superseded in sid-release on 2016-10-31
openssl (1.0.2h-1) unstable; urgency=high

  * New upstream version
    - Fixes CVE-2016-2107
    - Fixes CVE-2016-2105
    - Fixes CVE-2016-2106
    - Fixes CVE-2016-2109
    - Fixes CVE-2016-2176

 -- Kurt Roeckx <email address hidden>  Tue, 03 May 2016 18:31:22 +0200
Superseded in stretch-release on 2016-05-07
Superseded in sid-release on 2016-05-04
openssl (1.0.2g-2) unstable; urgency=medium

  * Use assembler of arm64 (Closes: #794326)
    Patch from Riku Voipio <email address hidden>
  * Add a udeb for libssl, based on similar changes done in Ubuntu
    starting in version 0.9.8o-4ubuntu1 (Closes: #802591)
    Patch from Margarita Manterola <email address hidden>
  * Add support for nios2 (Closes: #816239)
    Based on patch from Marek Vasut <email address hidden>
  * Update Spanish translation from Manuel "Venturi" Porras Peralta
    <email address hidden> (Closes: #773601)
  * Don't build an i586 optimized version anymore, the default
    already targets that.  Patch from Sven Joachim <email address hidden>
    (Closes: #759811)

 -- Kurt Roeckx <email address hidden>  Thu, 21 Apr 2016 23:43:06 +0200
Published in wheezy-release on 2016-04-02
openssl (1.0.1e-2+deb7u20) wheezy-security; urgency=medium

  * Fix CVE-2016-0797
  * Fix CVE-2016-0798
  * Fix CVE-2016-0799
  * Fix CVE-2016-0702
  * Fix CVE-2016-0705
  * Disable EXPORT and LOW ciphers: The DROWN attack (CVE-2016-0800)
    makes use of those, and SLOTH attack (CVE-2015-7575) can make use of them
    too.

 -- Kurt Roeckx <email address hidden>  Sun, 28 Feb 2016 23:36:32 +0100
Superseded in jessie-release on 2016-06-05
Superseded in stretch-release on 2016-06-05
Superseded in sid-release on 2016-06-05
openssl (1.0.1k-3+deb8u4) jessie-security; urgency=medium

  * Fix CVE-2016-0797
  * Fix CVE-2016-0798
  * Fix CVE-2016-0799
  * Fix CVE-2016-0702
  * Fix CVE-2016-0705
  * Disable EXPORT and LOW ciphers: The DROWN attack (CVE-2016-0800)
    makes use of those, and SLOTH attack (CVE-2015-7575) can make use of them
    too.

 -- Kurt Roeckx <email address hidden>  Sun, 28 Feb 2016 15:29:46 +0100
Superseded in stretch-release on 2016-04-28
Superseded in sid-release on 2016-04-23
openssl (1.0.2g-1) unstable; urgency=high

  * New upstream version
  * Fix CVE-2016-0797
  * Fix CVE-2016-0798
  * Fix CVE-2016-0799
  * Fix CVE-2016-0702
  * Fix CVE-2016-0705
  * Disable EXPORT and LOW ciphers: The DROWN attack (CVE-2016-0800)
    makes use of those, and SLOTH attack (CVE-2015-7575) can make use of them
    too.

 -- Kurt Roeckx <email address hidden>  Tue, 01 Mar 2016 18:31:09 +0100
Superseded in stretch-release on 2016-03-05
Superseded in sid-release on 2016-03-02
openssl (1.0.2f-2) unstable; urgency=high

  * New upstream version.
    - Fixes CVE-2016-0701
    - Not affected by CVE-2015-3197 because SSLv2 is disabled.

 -- Kurt Roeckx <email address hidden>  Thu, 28 Jan 2016 19:32:02 +0100
Superseded in jessie-release on 2016-04-02
Superseded in stretch-release on 2016-04-02
Superseded in sid-release on 2016-04-02
openssl (1.0.1k-3+deb8u2) jessie-security; urgency=medium

  * Fix CVE-2015-3194
  * Fix CVE-2015-3195
  * Fix CVE-2015-3196

 -- Kurt Roeckx <email address hidden>  Thu, 03 Dec 2015 18:39:46 +0100
Superseded in stretch-release on 2016-05-17
Superseded in sid-release on 2016-05-17
openssl (1.0.2e-1) unstable; urgency=high

  * New upstream release
    - Fix CVE-2015-3193
    - Fix CVE-2015-3194
    - Fix CVE-2015-3195
    - Fix CVE-2015-3196
  * Remove all symlinks during clean
  * Run make depend after configure
  * Remove openssl_button.* from the doc package

 -- Kurt Roeckx <email address hidden>  Thu, 03 Dec 2015 19:33:05 +0100
Superseded in stretch-release on 2015-12-18
Superseded in sid-release on 2015-12-04
openssl (1.0.2d-3) unstable; urgency=medium

  * Upload to unstable

 -- Kurt Roeckx <email address hidden>  Sun, 01 Nov 2015 19:14:34 +0100
Deleted in experimental-release (Reason: None provided.)
openssl (1.0.2d-2) experimental; urgency=medium

  * Build with no-ssl3-method to remove all SSLv3 support.  This results in
    the functions SSLv3_method(), SSLv3_server_method() and
    SSLv3_client_method() being removed from libssl.  Change the soname as
    result of that and also changes name of the binary package.
    (Closes: #768476)
  * Enable rfc3779 and cms support (Closes: #630790)
  * Fix cross compilation for mips architectures. (Closes: #782492)

 -- Kurt Roeckx <email address hidden>  Sun, 06 Sep 2015 14:21:27 +0200
Superseded in wheezy-release on 2016-04-02
openssl (1.0.1e-2+deb7u17) wheezy-security; urgency=medium

  * Fix CVE-2015-1791
  * Fix CVE-2015-1792
  * Fix CVE-2015-1789
  * Fix CVE-2015-1790
  * Fix CVE-2015-1788
  * Fix CVE-2015-4000
  * Fix CVE-2014-8176

 -- Kurt Roeckx <email address hidden>  Sat, 13 Jun 2015 12:18:30 +0200
Superseded in stretch-release on 2016-01-23
Superseded in sid-release on 2016-01-23
Superseded in jessie-release on 2016-01-23
openssl (1.0.1k-3+deb8u1) jessie-security; urgency=medium

  * Fix CVE-2015-1791
  * Fix CVE-2015-1792
  * Fix CVE-2015-1789
  * Fix CVE-2015-1790
  * Fix CVE-2015-1788
  * CVE-2015-4000: Have minimum of 768 bit for DH

 -- Kurt Roeckx <email address hidden>  Thu, 11 Jun 2015 20:55:20 +0200
Superseded in stretch-release on 2016-07-14
Superseded in stretch-release on 2016-02-04
Superseded in stretch-release on 2016-01-26
Superseded in sid-release on 2016-07-14
openssl (1.0.2d-1) unstable; urgency=high

  * New upstream version
    - Fixes CVE-2015-1793

 -- Kurt Roeckx <email address hidden>  Thu, 09 Jul 2015 18:22:26 +0200
Superseded in stretch-release on 2015-07-12
Superseded in sid-release on 2015-07-10
openssl (1.0.2c-1) unstable; urgency=medium

  * New upstream version
    - Fixes ABI (Closes: #788511)

 -- Kurt Roeckx <email address hidden>  Fri, 12 Jun 2015 20:35:12 +0200
Superseded in sid-release on 2015-06-13
openssl (1.0.2b-1) unstable; urgency=high

  * New upstream version
    - Fix CVE-2015-4000
    - Fix CVE-2015-1788
    - Fix CVE-2015-1789
    - Fix CVE-2015-1790
    - Fix CVE-2015-1792
    - Fix CVE-2015-1791
  * Update c_rehash-compat.patch to make it apply to the new version.
  * Remove openssl-pod-misspell.patch applied upstream

 -- Kurt Roeckx <email address hidden>  Thu, 11 Jun 2015 18:20:38 +0200
Superseded in stretch-release on 2015-06-16
Superseded in sid-release on 2015-06-12
openssl (1.0.2a-1) unstable; urgency=medium

  * New upstrema version
    - Fix CVE-2015-0286
    - Fix CVE-2015-0287
    - Fix CVE-2015-0289
    - Fix CVE-2015-0293 (not affected, SSLv2 disabled)
    - Fix CVE-2015-0209
    - Fix CVE-2015-0288
    - Fix CVE-2015-0291
    - Fix CVE-2015-0290
    - Fix CVE-2015-0207
    - Fix CVE-2015-0208
    - Fix CVE-2015-1787
    - Fix CVE-2015-0285
  * Temporary enable SSLv3 methods again, but they will go away.
  * Don't set TERMIO anymore, use the default TERMIOS instead.

 -- Kurt Roeckx <email address hidden>  Thu, 30 Apr 2015 23:37:27 +0200
Superseded in stretch-release on 2015-09-05
Superseded in jessie-release on 2015-09-05
Superseded in sid-release on 2015-09-05
openssl (1.0.1k-3) unstable; urgency=medium


  * Drop patch 0003-Free-up-passed-ASN.1-structure-if-reused.patch, it at
    least breaks voms, possibly others. (Closes: #781081)

 -- Kurt Roeckx <email address hidden>  Tue, 24 Mar 2015 21:34:00 +0100
Superseded in sid-release on 2015-03-28
openssl (1.0.1k-2) unstable; urgency=high


  * Fix CVE-2015-0286
  * Fix CVE-2015-0287
  * Fix CVE-2015-0289
  * Fix CVE-2015-0293 (not affected, SSLv2 disabled)
  * Fix CVE-2015-0209
  * Fix CVE-2015-0288
  * Remove export ciphers from DEFAULT.
  * Make DTLS always act as if read_ahead is set.  This fixes a regression
    introduce by the fix for CVE-2014-3571.  (Closes: #775502)

 -- Kurt Roeckx <email address hidden>  Fri, 20 Mar 2015 18:24:15 +0100
Deleted in experimental-release (Reason: None provided.)
openssl (1.0.2-1) experimental; urgency=medium


  * New upstream release
    - Fixes CVE-2014-3571
    - Fixes CVE-2015-0206
    - Fixes CVE-2014-3569
    - Fixes CVE-2014-3572
    - Fixes CVE-2015-0204
    - Fixes CVE-2015-0205
    - Fixes CVE-2014-8275
    - Fixes CVE-2014-3570
    - Drop git_snapshot.patch
  * Drop gnu_source.patch, dgst_hmac.patch, stddef.patch,
    no_ssl3_method.patch: applied upstream
  * Update patches to apply

 -- Kurt Roeckx <email address hidden>  Fri, 23 Jan 2015 18:54:13 +0100
Superseded in wheezy-release on 2015-09-05
Superseded in jessie-release on 2015-03-09
Superseded in sid-release on 2015-01-30
openssl (1.0.1e-2+deb7u13) wheezy-security; urgency=medium


  * Fixes CVE-2014-3513
  * Fixes CVE-2014-3567
  * Add Fallback SCSV support to mitigate CVE-2014-3566
  * Fixes CVE-2014-3568

 -- Kurt Roeckx <email address hidden>  Wed, 15 Oct 2014 19:45:25 +0200
Superseded in sid-release on 2015-04-19
Superseded in jessie-release on 2015-04-24
Superseded in sid-release on 2015-03-21
openssl (1.0.1k-1) unstable; urgency=medium


  * New upstream version
    - Fixes CVE-2014-3571
    - Fixes CVE-2015-0206
    - Fixes CVE-2014-3569
    - Fixes CVE-2014-3572
    - Fixes CVE-2015-0204
    - Fixes CVE-2015-0205
    - Fixes CVE-2014-8275
    - Fixes CVE-2014-3570
  * Drop gnu_source.patch, dgst_hmac.patch: applied upstream

 -- Kurt Roeckx <email address hidden>  Thu, 08 Jan 2015 20:55:26 +0100
Superseded in experimental-release on 2015-01-24
openssl (1.0.2~beta3-1) experimental; urgency=low


  * New usptream beta version
  * Add git snapshot
  * Merge changes between 1.0.1h-3 and 1.0.1j-1:
    - Disables SSLv3 because of CVE-2014-3566
  * Drop patch rehash-crt.patch: partially applied upstream.
    c_rehash now doesn't support files in DER format anymore.
  * Drop patch rehash_pod.patch: applied upstream
  * Update c_rehash-compat.patch to apply to new upstream version.  This
    undoes upstream's "-old" option and creates both the new and old again.
    It now also does it for CRLs.
  * Drop defaults.patch, applied upstream
  * dgst_hmac.patch updated to apply to upstream version.
  * engines-path.patch updated to apply to upstream version.
  * Update list of exported symbols
  * Update symbols files to require beta3
  * Enable unit tests
  * Add patch to add support for the no-ssl3-method option that completly
    disable SSLv3 and pass the option.  This drops the following functions
    from the library: SSLv3_method, SSLv3_server_method and
    SSLv3_client_method
  * Build using OPENSSL_NO_BUF_FREELISTS

 -- Kurt Roeckx <email address hidden>  Fri, 07 Nov 2014 00:20:10 +0100
Superseded in wheezy-release on 2015-01-10
Superseded in jessie-release on 2015-01-10
Superseded in sid-release on 2015-01-10
openssl (1.0.1e-2+deb7u12) wheezy-security; urgency=medium


  * Fix for CVE-2014-3512
  * Fix for CVE-2014-3511
  * Fix for CVE-2014-3510
  * Fix for CVE-2014-3507
  * Fix for CVE-2014-3506
  * Fix for CVE-2014-3505
  * Fix for CVE-2014-3509
  * Fix for CVE-2014-5139
  * Fix for CVE-2014-3508

 -- Kurt Roeckx <email address hidden>  Wed, 06 Aug 2014 20:01:34 +0200
Superseded in jessie-release on 2015-04-10
Superseded in sid-release on 2015-03-30
openssl (1.0.1j-1) unstable; urgency=high


  * New upstream release
    - Fixes CVE-2014-3513
    - Fixes CVE-2014-3567
    - Add Fallback SCSV support to mitigate CVE-2014-3566
    - Fixes CVE-2014-3568
  * Disables SSLv3 because of CVE-2014-3566
  * Update dgst_hmac.patch to apply to new upstream version
  * Drop rehash_pod.patch, applied upstream
  * Fix openssl_fix_for_x32.patch to apply to new upstream version

 -- Kurt Roeckx <email address hidden>  Wed, 15 Oct 2014 19:06:38 +0200
Superseded in jessie-release on 2015-01-08
Superseded in sid-release on 2015-01-07
openssl (1.0.1i-2) unstable; urgency=medium


  * Fix assembler for ppc64le (Closes: #745657)

 -- Kurt Roeckx <email address hidden>  Mon, 11 Aug 2014 21:37:47 +0200
Superseded in jessie-release on 2014-08-17
Superseded in sid-release on 2014-08-12
openssl (1.0.1i-1) unstable; urgency=high


  * New upstream release
    - Fix for CVE-2014-3512
    - Fix for CVE-2014-3511
    - Fix for CVE-2014-3510
    - Fix for CVE-2014-3507
    - Fix for CVE-2014-3506
    - Fix for CVE-2014-3505
    - Fix for CVE-2014-3509
    - Fix for CVE-2014-5139
    - Fix for CVE-2014-3508
    - Drop upstream git snapshot patch.
  * Add support for ppc64le (Closes: #745657)
  * Add support for OpenRISC (Closes: #736772)

 -- Kurt Roeckx <email address hidden>  Thu, 07 Aug 2014 00:02:41 +0200
Superseded in experimental-release on 2014-11-08
openssl (1.0.2~beta2-1) experimental; urgency=medium


  * New usptream beta version
    - Fix CVE-2014-0224
    - Fix CVE-2014-0221
    - Fix CVE-2014-0195
    - Fix CVE-2014-3470
    - Fix CVE-2014-0198
    - Fix CVE-2010-5298
    - Fix CVE-2014-0160
    - Fix CVE-2014-0076
  * Merge changes between 1.0.1f-1 and 1.0.1h-3:
    - postinst: Updated check for restarting services
  * libdoc-manpgs-pod-spell.patch and openssl-pod-misspell.patch
    partially applied upstream
  * Drop fix-pod-errors.patch, applied upstream.
  * Add support for ppc64le (Closes: #745657)
  * Add support for OpenRISC (Closes: #736772)

 -- Kurt Roeckx <email address hidden>  Wed, 23 Jul 2014 19:54:09 +0200
Superseded in wheezy-release on 2014-10-18
Superseded in jessie-release on 2014-10-18
Superseded in sid-release on 2014-10-18
openssl (1.0.1e-2+deb7u11) wheezy-security; urgency=medium


  * Update fix for CVE-2014-0224 to work with more renegiotation and
    resumption cases. (Closes: #751093)
  * Fix CVE-2012-4929 (CRiME) by disabling zlib compression by default.
    It can be enabled again by setting the environment variable
    OPENSSL_NO_DEFAULT_ZLIB.  (Closes: #728055)
  * Update ECDHE-ECDSA_Safari.patch to define SSL_OP_MSIE_SSLV2_RSA_PADDING
    again but to 0 so things keep building.  (Closes: #751457)

 -- Kurt Roeckx <email address hidden>  Sun, 15 Jun 2014 12:31:21 +0200
Superseded in jessie-release on 2014-10-03
Superseded in sid-release on 2014-10-02
openssl (1.0.1h-3) unstable; urgency=medium


  * New upstream git snapshot
    - Allows CCS after finished message, needed for some renegiotation cases.
      (Closes: #751093)

 -- Kurt Roeckx <email address hidden>  Sat, 14 Jun 2014 22:23:21 +0200
Superseded in jessie-release on 2014-06-20
Superseded in sid-release on 2014-06-26
openssl (1.0.1h-2) unstable; urgency=medium


  * Use upstream git snapshot:
    - Fix resumption problem when using tls_session_secret_cb
    - Create ~/.rnd with mode 0600 (Closes: #750103)
    - Fix building on heartbeat test, drop patch to disable it.

 -- Kurt Roeckx <email address hidden>  Mon, 09 Jun 2014 11:21:51 +0200
Superseded in sid-release on 2014-06-09
openssl (1.0.1h-1) unstable; urgency=high


  * New upstream release
    - Fix CVE-2014-0224
    - Fix CVE-2014-0221
    - Fix CVE-2014-0195
    - Fix CVE-2014-3470
    - Drop patch git_snapshot.patch
  * Disable the heartbeat test since it fails to build.

 -- Kurt Roeckx <email address hidden>  Thu, 05 Jun 2014 18:42:05 +0200
Superseded in jessie-release on 2014-06-12
Superseded in sid-release on 2014-06-10
openssl (1.0.1g-4) unstable; urgency=medium


  * Update to git snapshot
    - Fixes CVE-2014-0198 (Closes: #747432)
    - Drop the following patches that got applied upstream:
      fix-pod-errors.patch, CVE-2010-5298.patch,
      CVE-2014-XXXX-Extension-checking-fixes.patch
  * Actually restart the services when restart-without-asking is set.
    (Closes: #745801)

 -- Kurt Roeckx <email address hidden>  Mon, 12 May 2014 22:22:16 +0200
Superseded in wheezy-release on 2014-10-18
Superseded in jessie-release on 2014-07-12
Superseded in sid-release on 2014-07-12
openssl (1.0.1e-2+deb7u7) wheezy-security; urgency=high


  * Non-maintainer upload by the Security Team.
  * Fix CVE-2010-5298: use-after-free race condition.
  * Add a versioned dependency from openssl to libssl1.0.0 to a version
    that has the fix for CVE-2014-0160 (Closes: #744194).
  * Propose restarting prosody on upgrade (Closes: #744871).
  * Correctly detect apache2 installations and propose it to be
    restarted (Closes: #744141).
  * Add more services to be checked for restart.
  * Fix a bug where the critical flag for TSA extended key usage is not
    always detected, and two other similar cases.
  * Add support for 'libraries/restart-without-asking', which allows
    services to be restarted automatically without prompting, or
    requiring a response instead.
  * Fix CVE-2014-0076: "Yarom/Benger FLUSH+RELOAD Cache Side-channel Attack"
    (Closes: #742923).

 -- Raphael Geissert <email address hidden>  Thu, 17 Apr 2014 22:11:33 +0200
Superseded in jessie-release on 2014-05-18
Superseded in sid-release on 2014-05-13
openssl (1.0.1g-3) unstable; urgency=medium


  * Fix CVE-2010-5298: use-after-free race condition.
  * Propose restarting prosody on upgrade (Closes: #744871).
  * Add more services to be checked for restart.
  * Fix a bug where the critical flag for TSA extended key usage is not
    always detected, and two other similar cases.
  * Add support for 'libraries/restart-without-asking', which allows
    services to be restarted automatically without prompting, or
    requiring a response instead.

 -- Kurt Roeckx <email address hidden>  Sat, 19 Apr 2014 18:38:32 +0200
Superseded in jessie-release on 2014-04-25
Superseded in sid-release on 2014-04-20
openssl (1.0.1g-2) unstable; urgency=emergency


  * Enable checking for services that may need to be restarted (Closes: #743889)
  * Update list of services to possibly restart

 -- Kurt Roeckx <email address hidden>  Tue, 08 Apr 2014 19:13:08 +0200
Superseded in jessie-release on 2014-04-09
Superseded in sid-release on 2014-04-09
openssl (1.0.1g-1) unstable; urgency=high


  * New upstream release
    - Fixes CVE-2014-0160
    - Fixes CVE-2014-0076
    - Drop patches applied upstream

 -- Kurt Roeckx <email address hidden>  Mon, 07 Apr 2014 23:17:42 +0200
Superseded in experimental-release on 2015-01-23
openssl (1.0.2~beta1-1) experimental; urgency=medium


  * New upstream beta version
    - Update list of symbols that should be exported and adjust the symbols
      file.  This also removes a bunch of duplicate symbols in the linker
      file.
    - Fix additional pod errors
    - Following patches have been applied upstream and are removed:
      libssl-misspell.patch, pod_req_misspell2.patch,
      pod_pksc12.misspell.patch, pod_s_server.misspell.patch,
      pod_x509setflags.misspell.patch, pod_ec.misspell.patch,
      pkcs12-doc.patch, req_bits.patch
    - Following patches have been partially applied upstream:
      libdoc-manpgs-pod-spell.patch, openssl-pod-misspell.patch
    - Remove openssl_fix_for_x32.patch, different patch applied upstream.
  * Add support for cross compiling (Closes: #465248)

 -- Kurt Roeckx <email address hidden>  Tue, 25 Feb 2014 00:36:51 +0100
Superseded in wheezy-release on 2014-04-26
Superseded in jessie-release on 2014-04-26
Superseded in sid-release on 2014-04-26
openssl (1.0.1e-2+deb7u4) stable; urgency=medium


  * enable ec_nistp_64_gcc_128 on *-amd64 (Closes: #698447)
  * Enable assembler for the arm targets, and remove armeb.
    Patch by Riku Voipio <email address hidden> (Closes: #676533)

 -- Kurt Roeckx <email address hidden>  Sat, 01 Feb 2014 21:25:20 +0100
Superseded in jessie-release on 2014-08-03
Superseded in sid-release on 2014-08-02
openssl (1.0.1f-1) unstable; urgency=high


  * New upstream version
    - Fix for TLS record tampering bug CVE-2013-4353
    - Drop the snapshot patch
  * update watch file to check for upstream signature and add upstream pgp key.
  * Drop conflicts against openssh since we now on a released version again.

 -- Kurt Roeckx <email address hidden>  Mon, 06 Jan 2014 18:50:54 +0100
Superseded in jessie-release on 2014-01-09
Superseded in sid-release on 2014-01-07
openssl (1.0.1e-6) unstable; urgency=medium


  * Add Breaks: openssh-client (<< 1:6.4p1-1.1), openssh-server (<<
    1:6.4p1-1.1).  This is to prevent people running into #732940.
    This Breaks can be removed again when we stop using a git snapshot.

 -- Kurt Roeckx <email address hidden>  Mon, 23 Dec 2013 15:19:17 +0100
Superseded in sid-release on 2013-12-25
openssl (1.0.1e-5) unstable; urgency=low


  * Change default digest to SHA256 instead of SHA1.  (Closes: #694738)
  * Drop support for multiple certificates in 1 file.  It never worked
    properly in the first place, and the only one shipping in
    ca-certificates has been split.
  * Fix libdoc-manpgs-pod-spell.patch to only fix spalling errors
  * Remove make-targets.patch.  It prevented the test dir from being cleaned.
  * Update to a git snapshot of the OpenSSL_1_0_1-stable branch. 
    - Fixes CVE-2013-6449 (Closes: #732754)
    - Fixes CVE-2013-6450
    - Drop patches ssltest_no_sslv2.patch cpuid.patch aesni-mac.patch
      dtls_version.patch get_certificate.patch, since they where all
      already commited upstream.
    - adjust fix-pod-errors.patch for the reordering of items in the
      documentation they've done trying to fix those pod errors.
    - disable rdrand engine by default (Closes: #732710)
  * disable zlib support.  Fixes CVE-2012-4929 (Closes: #728055)
  * Add arm64 support (Closes: #732348)
  * Properly use the default number of bits in req when none are given

 -- Kurt Roeckx <email address hidden>  Sun, 22 Dec 2013 19:25:35 +0100
Superseded in jessie-release on 2014-02-19
Superseded in sid-release on 2014-02-15
openssl (1.0.1e-4) unstable; urgency=low


  [ Peter Michael Green ]
  * Fix pod errors (Closes: #723954)
  * Fix clean target

  [ Kurt Roeckx ]
  * Add mipsn32 and mips64 targets.  Patch from Eleanor Chen
    <email address hidden>  (Closes: #720654)
  * Add support for nocheck in DEB_BUILD_OPTIONS
  * Update Norwegian translation (Closes: #653574)
  * Update description of the packages.  Patch by Justin B Rye
    (Closes: #719262)
  * change to debhelper compat level 9:
    - change dh_strip call so only the files from libssl1.0.0 get debug
      symbols.
    - change dh_makeshlibs call so the engines don't get added to the
      shlibs
  * Update Standards-Version from 3.8.0 to 3.9.5.  No changes required.

 -- Kurt Roeckx <email address hidden>  Fri, 01 Nov 2013 17:11:53 +0100
Superseded in jessie-release on 2013-11-07
Superseded in sid-release on 2013-12-13
openssl (1.0.1e-3) unstable; urgency=low


  * Move <openssl/opensslconf.h> to /usr/include/$(DEB_HOST_MULTIARCH), and
    mark libssl-dev Multi-Arch: same.
    Patch by Colin Watson <email address hidden> (Closes: #689093)
  * Add Polish translation (Closes: #658162)
  * Add Turkish translation (Closes: #660971)
  * Enable assembler for the arm targets, and remove armeb.
    Patch by Riku Voipio <email address hidden> (Closes: #676533)
  * Add support for x32 (Closes: #698406)
  * enable ec_nistp_64_gcc_128 on *-amd64 (Closes: #698447)

 -- Kurt Roeckx <email address hidden>  Mon, 20 May 2013 16:56:06 +0200
Superseded in jessie-release on 2014-02-08
Superseded in wheezy-release on 2014-02-08
Superseded in sid-release on 2014-02-08
openssl (1.0.1e-2) unstable; urgency=high


  * Bump shlibs.  It's needed for the udeb.
  * Make cpuid work on cpu's that don't set ecx (Closes: #699692)
  * Fix problem with AES-NI causing bad record mac (Closes: #701868, #702635, #678353)
  * Fix problem with DTLS version check (Closes: #701826)
  * Fix segfault in SSL_get_certificate (Closes: #703031)

 -- Kurt Roeckx <email address hidden>  Mon, 18 Mar 2013 20:37:11 +0100
Published in squeeze-release on 2013-02-23
openssl (0.9.8o-4squeeze14) squeeze-security; urgency=low


  * Fix CVE-2013-0166 and CVE-2013-0169

 -- Kurt Roeckx <email address hidden>  Mon, 11 Feb 2013 20:41:07 +0100
175 of 131 results