Superseded
by openssl - 1.1.1a-2+ubuntu14.04.1+deb.sury.org+1
Published
Changelog
openssl (1.1.1-3+ubuntu14.04.1+deb.sury.org+3) trusty; urgency=medium
[ Sebastian Andrzej Siewior ]
* Add Breaks on python-boto (See: #909545)
[ Ondřej Surý ]
* No-change backport to trusty
openssl (1.1.1-2) unstable; urgency=medium
[ Sebastian Andrzej Siewior ]
* Add Breaks on isync (See: #906955)
* Fix autopkgtest (Closes: #910459)
[ Kurt Roeckx ]
* Add Breaks on python-imaplib2 (See: #907079)
* Add news entry regarding default TLS version and security level
(Closes: #875423, #907631, #911389, #912067).
openssl (1.1.1-1) unstable; urgency=medium
* New upstream version.
- Update symbol file for 1.1.1
- CVE-2018-0732 (actually since pre8).
* Add Breaks on python-httplib2 (See: #907278)
* Add hardening=+all.
* Update to policy 4.2.1
- Less verbose testsuite with terse
- Use RRR=no
openssl (1.1.1~~pre9-1) unstable; urgency=medium
* New upstream version.
- Support the final TLS 1.3 version (RFC 8446)
* Upload to unstable
openssl (1.1.1~~pre8-1) experimental; urgency=medium
* New upstream version.
openssl (1.1.1~~pre7-1) experimental; urgency=medium
* Drop afalgeng on kfreebsd-* which go enabled because they inherit from
the linux target.
* Fix debian-rules-sets-dpkg-architecture-variable.
* Update to policy 4.1.4
- only Suggest: libssl-doc instead Recommends (only documentation and
example code is shipped).
- drop Priority: important.
- use signing-key.asc and a https links for downloads
* Use compat 11.
- this moves the examples to /usr/share/doc/libssl-{doc->dev}/demos but it
seems to make sense.
* Add a 25-test_verify.t for autopkgtest which runs against intalled
openssl binary.
* Fix CVE-2018-0737 (Closes: #895844).
openssl (1.1.1~~pre6-2) experimental; urgency=medium
* Update libssl1.1.symbols
openssl (1.1.1~~pre6-1) experimental; urgency=medium
* New upstream version
* Increase default security level from 1 to 2. This moves from the 80 bit
security level to the 112 bit securit level and will require 2048 bit RSA
and DHE keys.
openssl (1.1.1~~pre4-1) experimental; urgency=medium
* Update to 1.1.1-pre4 (Closes: #892276, #894282).
* Add riscv64 target (Closes: #891797).
openssl (1.1.1~~pre3-1) experimental; urgency=medium
* Update to 1.1.1-pre3
* Don't suggest 1024 bit RSA key to be typical (Closes: #878303).
* Don't insist on TLS1.3 cipher for <TLS1.3 connections (Closes: #891570).
* Enable system default config to enforce TLS1.2 as a minimum.
openssl (1.1.1~~pre2-1) experimental; urgency=medium
* Update to 1.1.1-pre2
openssl (1.1.1~~pre1-1) experimental; urgency=medium
* Abort the build if symbols are discovered which are not part of the
symbols file.
* Add config support for MIPS R6, patch by YunQiang Su (Closes: #882007).
* Enable afalgeng on Linux targets (Closes: #888305)
* Update 1.1.1-pre1.
openssl (1.1.0g-2) unstable; urgency=high
* Avoid problems with aes assembler on armhf using binutils 2.29
openssl (1.1.0g-1) unstable; urgency=medium
[ Kurt Roeckx ]
* New upstream version
- Fixes CVE-2017-3735
- Fixes CVE-2017-3736
* Remove patches applied upstream
* Temporary enable TLS 1.0 and 1.1 again (#875423)
* Attempt to fix testsuite race condition
* update no-symbolic.patch to apply
openssl (1.1.0f-5) unstable; urgency=medium
* Instead of completly disabling TLS 1.0 and 1.1, just set the minimum
version to TLS 1.2 by default. TLS 1.0 and 1.1 can be enabled again by
calling SSL_CTX_set_min_proto_version() or SSL_set_min_proto_version().
openssl (1.1.0f-4) unstable; urgency=medium
[ Sebastian Andrzej Siewior ]
* Add support for arm64ilp32, patch by Wookey (Closes: #867240)
[ Kurt Roeckx ]
* Disable TLS 1.0 and 1.1, leaving 1.2 as the only supported SSL/TLS
version. This will likely break things, but the hope is that by
the release of Buster everything will speak at least TLS 1.2. This will be
reconsidered before the Buster release.
* Fix a race condition in the test suite (Closes: #869856)
openssl (1.1.0f-3) unstable; urgency=medium
* Don't cleanup a thread-local key we didn't create it (Closes: #863707)
openssl (1.1.0f-2) unstable; urgency=medium
* Make the udeb use a versioned depends (Closes: #864080)
* Conflict with libssl1.0-dev (Closes: #863367)
openssl (1.1.0f-1) unstable; urgency=medium
* New upstream version
- Fix regression in req -x509 (Closes: #839575)
- Properly detect features on the AMD Ryzen processor (Closes: #861145)
- Don't mention -tls1_3 in the manpage (Closes: #859191)
* Update libssl1.1.symbols for new symbols
* Update man-section.patch
openssl (1.1.0e-2) unstable; urgency=medium
* Make openssl depend on perl-base (Closes: #860254)
openssl (1.1.0e-1) unstable; urgency=high
* New upstream version
- Fixes CVE-2017-3733
- Remove patches that are applied upstream.
openssl (1.1.0d-2) unstable; urgency=medium
* Fix building of arch and all packages in a minimal environment
(Closes: #852900).
* Fix precomputing SHA1 by adding the following patches from upstream:
- Add-a-couple-of-test-to-check-CRL-fingerprint.patch
- Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch
- X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch
(Closes: #852920).
openssl (1.1.0d-1) unstable; urgency=medium
* New Upstream release
- Fixes CVE-2017-3731
- Fixes CVE-2017-3730
- Fixes CVE-2017-3732
- drop revert_ssl_read.patch and
0001-Add-missing-zdelete-for-some-linux-arches.patch, applied upstream.
* add new symbols.
openssl (1.1.0c-4) unstable; urgency=medium
* Make build-indep build again.
* Don't depend on perl:any in openssl as it breaks debootstrap
("Closes: #852017).
openssl (1.1.0c-3) unstable; urgency=medium
* Add myself as Uploader.
* Add support for tilegx, patch by Helmut Grohne (Closes: #848957).
* redo the rules file to some newer debhelper:
- everyfile should remain, nothing should get lost
- the scripts in the doc package gained an exec bit
- openssl gained a dep on perl (the package contains perl scripts)
- libssl1.0.2-dbg is gone, we have dbgsym now
- dh compat 10
- pkg.install instead of pkg.files is used for install
* Mark libssl-doc as MA foreign
* Update Standards-Version from 3.9.5 to 3.9.8. No changes required.
* Document the change for openssl's enc command between 1.1.0 and pre 1.1.0
in the NEWS file (Closes: #843064).
* Add an override for lintian for the non-standard private directory
openssl (1.1.0c-2) unstable; urgency=medium
* Revert behaviour of SSL_read() and SSL_write(), and update documentation.
(Closes: #844234)
* Add missing -zdelete on x32 (Closes: #844715)
* Add a Breaks on salt-common. Addresses #844706
openssl (1.1.0c-1) unstable; urgency=medium
* New upstrem release
- Fix CVE-2016-7053
- Fix CVE-2016-7054
- Fix CVE-2016-7055
* remove no-rpath.patch, applied upstream.
* Remove old d2i test cases, use the one from the upstream tarball.
* Update libssl1.1.symbols for new sysmbols.
openssl (1.1.0b-2) unstable; urgency=low
* Upload to unstable
openssl (1.1.0b-1) experimental; urgency=medium
* New upstream release
- Fixes CVE-2016-6309
openssl (1.1.0a-1) experimental; urgency=medium
* New upstream release
- Fix CVE-2016-6304
- Fix CVE-2016-6305
- Fix CVE-2016-6307
- Fix CVE-2016-6308
* Update c_rehash-compat.patch to apply to new version.
* Update symbol file.
openssl (1.1.0-1) experimental; urgency=medium
[ Kurt Roeckx ]
* New upstream version
* Use Package-Type instead of XC-Package-Type
* Remove "Priority: optional" in the binary packages.
* Add Homepage
* Use dpkg-buildflags's LDFLAGS also for building the shared libraries.
[ Sebastian Andrzej Siewior ]
* drop config-hurd.patch, we don't use `config' and it works without the
patch.
* Drop depend on zlib1g-dev since we don't use it anymore (Closes: #767207)
* Make the openssl package Multi-Arch: foregin (Closes: #827028)
openssl (1.1.0~pre6-1) experimental; urgency=medium
[ Sebastian Andrzej Siewior ]
* drop engines-path.patch. Upstream uses a 1.1 suffixes now.
[ Kurt Roeckx ]
* New upstream version
* Drop upstream snapshot
* Update symbols file
* Use some https instead of http URLs
openssl (1.1.0~pre5-5) experimental; urgency=medium
* Update snapshot to commit fe964f0c88f6780fd30b26e306484b981b0a8480
openssl (1.1.0~pre5-4) experimental; urgency=medium
* Update snapshot to commit c32bdbf171ce6650ef045ec47b5abe0de7c264db
* Remove utils-mkdir-p-check-if-dir-exists-also-after-mkdir-f.patch, applied
upstream
openssl (1.1.0~pre5-3) experimental; urgency=medium
[ Kurt Roeckx ]
* Don't use assembler on hppa, it's not writen for Linux.
openssl (1.1.0~pre5-2) experimental; urgency=medium
[ Sebastian Andrzej Siewior ]
* Run the testsuite with verbose output.
* Use $(MAKE) so the whole make environment is passed to its child and we
can build in parallel with -jX
* Update snapshot to commit 5000a6d1215e ("Fix an error path leak in int
X509_ATTRIBUTE_set1_data()")
openssl (1.1.0~pre5-1) experimental; urgency=medium
* New upstream version with soname change. Upload to experimental.
- Rename binary packages
- Remove patches:
- block_diginotar.patch: All cross certificates expired in 2013
- block_digicert_malaysia.patch: intermediate certificates expired in
2015
- man-dir.patch: Fixed upstream
- valgrind.patch: Upstream no longer adds the uninitialized data to the
RNG
- shared-lib-ext.patch: No longer needed
- version-script.patch: Upstream does symbol versioning itself now
- disable_freelist.patch: No longer needed
- soname.patch: Was to change to the 1.0.2 soname that upstream never had
- disable_sslv3_test.patch: Fixed upstream
- libdoc-manpgs-pod-spell.patch: Fixed upstream (Closes: #813191)
- Rewrite debian-targets.patch to work with the new configuration system.
- Update other patches to apply
- Update list of install docs
- Use DESTDIR instead of INSTALL_PREFIX
- Clean up more files
- Remove the configure option enable-tlsext no-ssl2 since they're no
longer supported.
* Add upstream snapshot:
- Add d2i-tests.tar to get new binary test files.
* Don't build i686 optimized version anymore on i386, it's now the default.
(Closes: #823774)
openssl (1.0.2h-1) unstable; urgency=high
* New upstream version
- Fixes CVE-2016-2107
- Fixes CVE-2016-2105
- Fixes CVE-2016-2106
- Fixes CVE-2016-2109
- Fixes CVE-2016-2176
openssl (1.0.2g-2) unstable; urgency=medium
* Use assembler of arm64 (Closes: #794326)
Patch from Riku Voipio <email address hidden>
* Add a udeb for libssl, based on similar changes done in Ubuntu
starting in version 0.9.8o-4ubuntu1 (Closes: #802591)
Patch from Margarita Manterola <email address hidden>
* Add support for nios2 (Closes: #816239)
Based on patch from Marek Vasut <email address hidden>
* Update Spanish translation from Manuel "Venturi" Porras Peralta
<email address hidden> (Closes: #773601)
* Don't build an i586 optimized version anymore, the default
already targets that. Patch from Sven Joachim <email address hidden>
(Closes: #759811)
openssl (1.0.2g-1) unstable; urgency=high
* New upstream version
* Fix CVE-2016-0797
* Fix CVE-2016-0798
* Fix CVE-2016-0799
* Fix CVE-2016-0702
* Fix CVE-2016-0705
* Disable EXPORT and LOW ciphers: The DROWN attack (CVE-2016-0800)
makes use of those, and SLOTH attack (CVE-2015-7575) can make use of them
too.
openssl (1.0.2f-2) unstable; urgency=high
* New upstream version.
- Fixes CVE-2016-0701
- Not affected by CVE-2015-3197 because SSLv2 is disabled.
openssl (1.0.2e-1) unstable; urgency=high
* New upstream release
- Fix CVE-2015-3193
- Fix CVE-2015-3194
- Fix CVE-2015-3195
- Fix CVE-2015-3196
* Remove all symlinks during clean
* Run make depend after configure
* Remove openssl_button.* from the doc package
openssl (1.0.2d-3) unstable; urgency=medium
* Upload to unstable
openssl (1.0.2d-2) experimental; urgency=medium
* Build with no-ssl3-method to remove all SSLv3 support. This results in
the functions SSLv3_method(), SSLv3_server_method() and
SSLv3_client_method() being removed from libssl. Change the soname as
result of that and also changes name of the binary package.
(Closes: #768476)
* Enable rfc3779 and cms support (Closes: #630790)
* Fix cross compilation for mips architectures. (Closes: #782492)
openssl (1.0.2d-1) unstable; urgency=high
* New upstream version
- Fixes CVE-2015-1793
openssl (1.0.2c-1) unstable; urgency=medium
* New upstream version
- Fixes ABI (Closes: #788511)
openssl (1.0.2b-1) unstable; urgency=high
* New upstream version
- Fix CVE-2015-4000
- Fix CVE-2015-1788
- Fix CVE-2015-1789
- Fix CVE-2015-1790
- Fix CVE-2015-1792
- Fix CVE-2015-1791
* Update c_rehash-compat.patch to make it apply to the new version.
* Remove openssl-pod-misspell.patch applied upstream
openssl (1.0.2a-1) unstable; urgency=medium
* New upstrema version
- Fix CVE-2015-0286
- Fix CVE-2015-0287
- Fix CVE-2015-0289
- Fix CVE-2015-0293 (not affected, SSLv2 disabled)
- Fix CVE-2015-0209
- Fix CVE-2015-0288
- Fix CVE-2015-0291
- Fix CVE-2015-0290
- Fix CVE-2015-0207
- Fix CVE-2015-0208
- Fix CVE-2015-1787
- Fix CVE-2015-0285
* Temporary enable SSLv3 methods again, but they will go away.
* Don't set TERMIO anymore, use the default TERMIOS instead.
openssl (1.0.2-1) experimental; urgency=medium
* New upstream release
- Fixes CVE-2014-3571
- Fixes CVE-2015-0206
- Fixes CVE-2014-3569
- Fixes CVE-2014-3572
- Fixes CVE-2015-0204
- Fixes CVE-2015-0205
- Fixes CVE-2014-8275
- Fixes CVE-2014-3570
- Drop git_snapshot.patch
* Drop gnu_source.patch, dgst_hmac.patch, stddef.patch,
no_ssl3_method.patch: applied upstream
* Update patches to apply
openssl (1.0.2~beta3-1) experimental; urgency=low
* New usptream beta version
* Add git snapshot
* Merge changes between 1.0.1h-3 and 1.0.1j-1:
- Disables SSLv3 because of CVE-2014-3566
* Drop patch rehash-crt.patch: partially applied upstream.
c_rehash now doesn't support files in DER format anymore.
* Drop patch rehash_pod.patch: applied upstream
* Update c_rehash-compat.patch to apply to new upstream version. This
undoes upstream's "-old" option and creates both the new and old again.
It now also does it for CRLs.
* Drop defaults.patch, applied upstream
* dgst_hmac.patch updated to apply to upstream version.
* engines-path.patch updated to apply to upstream version.
* Update list of exported symbols
* Update symbols files to require beta3
* Enable unit tests
* Add patch to add support for the no-ssl3-method option that completly
disable SSLv3 and pass the option. This drops the following functions
from the library: SSLv3_method, SSLv3_server_method and
SSLv3_client_method
* Build using OPENSSL_NO_BUF_FREELISTS
openssl (1.0.2~beta2-1) experimental; urgency=medium
* New usptream beta version
- Fix CVE-2014-0224
- Fix CVE-2014-0221
- Fix CVE-2014-0195
- Fix CVE-2014-3470
- Fix CVE-2014-0198
- Fix CVE-2010-5298
- Fix CVE-2014-0160
- Fix CVE-2014-0076
* Merge changes between 1.0.1f-1 and 1.0.1h-3:
- postinst: Updated check for restarting services
* libdoc-manpgs-pod-spell.patch and openssl-pod-misspell.patch
partially applied upstream
* Drop fix-pod-errors.patch, applied upstream.
* Add support for ppc64le (Closes: #745657)
* Add support for OpenRISC (Closes: #736772)
openssl (1.0.2~beta1-1) experimental; urgency=medium
* New upstream beta version
- Update list of symbols that should be exported and adjust the symbols
file. This also removes a bunch of duplicate symbols in the linker
file.
- Fix additional pod errors
- Following patches have been applied upstream and are removed:
libssl-misspell.patch, pod_req_misspell2.patch,
pod_pksc12.misspell.patch, pod_s_server.misspell.patch,
pod_x509setflags.misspell.patch, pod_ec.misspell.patch,
pkcs12-doc.patch, req_bits.patch
- Following patches have been partially applied upstream:
libdoc-manpgs-pod-spell.patch, openssl-pod-misspell.patch
- Remove openssl_fix_for_x32.patch, different patch applied upstream.
* Add support for cross compiling (Closes: #465248)
-- Ondřej Surý <email address hidden> Mon, 12 Nov 2018 14:20:13 +0000