-
openssl (3.4.0-1) experimental; urgency=medium
* Import 3.4.0
-- Sebastian Andrzej Siewior <email address hidden> Wed, 23 Oct 2024 21:18:43 +0200
-
openssl (3.4.0~~beta1-2) experimental; urgency=medium
* Add a patch to avoid using other memory allocations if custom malloc is
provided.
* Add a patch to check length in the SPARC assembly implementation of
AES-CBC.
-- Sebastian Andrzej Siewior <email address hidden> Sun, 13 Oct 2024 22:07:10 +0200
-
openssl (3.4.0~~beta1-1) experimental; urgency=medium
* Import 3.4.0-beta1
-- Sebastian Andrzej Siewior <email address hidden> Mon, 07 Oct 2024 23:03:28 +0200
-
openssl (3.3.1-5) experimental; urgency=medium
* Split the legacy provider into its own package (Closes: #965041).
* Add the FIPS provider (Closes: #1050210).
* Reintroduce the provider section back in the default openssl.cnf. This is
was to keep compatibility with the openssl 1.1 series. Adding makes it
easier to add/ enable provides such as fips.
-- Sebastian Andrzej Siewior <email address hidden> Sun, 04 Aug 2024 23:22:06 +0200
-
openssl (3.3.1-1) experimental; urgency=medium
* Import 3.3.1.
- CVE-2024-4603 (Excessive time spent checking DSA keys and parameters)
(Closes: #1071972).
- CVE-2024-4741 (Use After Free with SSL_free_buffers)
(Closes: #1072113).
-- Sebastian Andrzej Siewior <email address hidden> Tue, 04 Jun 2024 18:37:30 +0200
-
openssl (3.3.0-1) experimental; urgency=medium
* Import 3.3.0.
- CVE-2024-2511 (Unbounded memory growth with session handling in TLSv1.3)
(Closes: #1068658).
-- Sebastian Andrzej Siewior <email address hidden> Thu, 11 Apr 2024 21:49:45 +0200
-
openssl (3.3.0~beta1-1) experimental; urgency=medium
* Import 3.3.0-beta1.
-- Sebastian Andrzej Siewior <email address hidden> Fri, 05 Apr 2024 23:09:03 +0200
-
openssl (3.2.1-2) experimental; urgency=medium
* Disable brotli and enable zlib for certificate compression.
* Update to latest openssl-3.2 branch.
-- Sebastian Andrzej Siewior <email address hidden> Thu, 22 Feb 2024 21:41:18 +0100
-
openssl (3.2.1-1.1~exp1) experimental; urgency=medium
* Non-maintainer upload.
* Rename libraries for 64-bit time_t transition.
-- Steve Langasek <email address hidden> Mon, 19 Feb 2024 07:33:51 +0000
-
openssl (3.2.1-1) experimental; urgency=medium
* Import 3.2.1
- CVE-2024-0727 (PKCS12 Decoding crashes). (Closes: #1061582).
- CVE-2023-6237 (Excessive time spent checking invalid RSA public keys)
(Closes: #1060858).
- CVE-2023-6129 (POLY1305 MAC implementation corrupts vector registers on
PowerPC) (Closes: #1060347).
-- Sebastian Andrzej Siewior <email address hidden> Sat, 03 Feb 2024 17:23:00 +0100
-
openssl (3.2.0-2) experimental; urgency=medium
* Use generic target for riscv64.
* Update to latest openssl-3.2 branch.
-- Sebastian Andrzej Siewior <email address hidden> Thu, 14 Dec 2023 21:13:53 +0100
-
openssl (3.2.0-1) experimental; urgency=medium
* Import 3.2.0
* Enable zstd, brotli and for certificate compression.
-- Sebastian Andrzej Siewior <email address hidden> Sun, 26 Nov 2023 13:37:14 +0100
-
openssl (3.1.5-1) unstable; urgency=medium
* Import 3.1.5
- CVE-2024-0727 (PKCS12 Decoding crashes). (Closes: #1061582).
- CVE-2023-6237 (Excessive time spent checking invalid RSA public keys)
(Closes: #1060858).
- CVE-2023-6129 (POLY1305 MAC implementation corrupts vector registers on
PowerPC) (Closes: #1060347).
-- Sebastian Andrzej Siewior <email address hidden> Sat, 03 Feb 2024 17:11:24 +0100
-
openssl (3.1.4-2) unstable; urgency=medium
* Invoke clean up from the openssl binary as a temporary workaround to avoid
a crash in libp11/SoftHSM engine (Closes: #1054546).
* CVE-2023-5678 (Excessive time spent in DH check / generation with large Q
parameter value) (Closes: #1055473).
* Upload to unstable.
-- Sebastian Andrzej Siewior <email address hidden> Sat, 25 Nov 2023 21:35:59 +0100
-
openssl (3.1.4-1) experimental; urgency=medium
* Import 3.1.4
- CVE-2023-5363 (Incorrect cipher key and IV length processing).
-- Sebastian Andrzej Siewior <email address hidden> Tue, 24 Oct 2023 21:58:49 +0200
-
openssl (3.1.3-1) experimental; urgency=medium
* Import 3.1.3
-- Sebastian Andrzej Siewior <email address hidden> Tue, 19 Sep 2023 18:57:49 +0200
-
openssl (3.1.2-1) experimental; urgency=medium
* Import 3.1.2
- CVE-2023-2975 (AES-SIV implementation ignores empty associated data
entries) (Closes: #1041818).
- CVE-2023-3446 (Excessive time spent checking DH keys and parameters).
(Closes: #1041817).
- CVE-2023-3817 (Excessive time spent checking DH q parameter value).
- Drop bc and m4 from B-D.
-- Sebastian Andrzej Siewior <email address hidden> Tue, 01 Aug 2023 22:51:25 +0200
-
openssl (3.1.1-1) experimental; urgency=medium
* Import 3.1.1
- CVE-2023-0464 (Excessive Resource Usage Verifying X.509 Policy
Constraints) (Closes: #1034720).
- CVE-2023-0465 (Invalid certificate policies in leaf certificates are
silently ignored).
- CVE-2023-0466 (Certificate policy check not enabled).
- Alternative fix for CVE-2022-4304 (Timing Oracle in RSA Decryption).
- CVE-2023-2650 (Possible DoS translating ASN.1 object identifiers).
- CVE-2023-1255 (Input buffer over-read in AES-XTS implementation on 64 bit ARM).
- Add new symbol.
-- Sebastian Andrzej Siewior <email address hidden> Tue, 30 May 2023 19:46:00 +0200
-
openssl (3.1.0-1) experimental; urgency=medium
* Import 3.1.0
* Add new symbols.
-- Sebastian Andrzej Siewior <email address hidden> Sat, 06 May 2023 12:11:09 +0200
-
openssl (3.0.3-1) experimental; urgency=medium
* Import 3.0.3
- CVE-2022-1292 (The c_rehash script allows command injection).
- CVE-2022-1343 (OCSP_basic_verify may incorrectly verify the response
signing certificate).
- CVE-2022-1434 (Incorrect MAC key used in the RC4-MD5 ciphersuite).
- CVE-2022-1473 (Resource leakage when decoding certificates and keys).
- Add new symbols.
* Correct the openssl.cnf to provide proper default configuration. Thanks to
Matthias Blümel (Closes: #1010360).
* Use a separator in the CipherString in openssl.cnf (Closes: #948800).
* Remove the postinst script which was used to restart daemons after a
library upgrade. It is not updated and essentially dead code. Users are
advised to switch to checkrestart/ needrestart or a similar service.
Thanks to Helmut Grohne (Closes: #983722).
-- Sebastian Andrzej Siewior <email address hidden> Fri, 06 May 2022 22:21:52 +0200
-
openssl (3.0.2-1) experimental; urgency=medium
* Import 3.0.2
- CVE-2022-0778 (Infinite loop in BN_mod_sqrt() reachable when parsing
certificates).
-- Sebastian Andrzej Siewior <email address hidden> Tue, 15 Mar 2022 20:54:57 +0100
-
openssl (3.0.1-1) experimental; urgency=medium
* Import 3.0.1
- CVE-2021-4044 (Fixed invalid handling of X509_verify_cert() internal
errors in libssl).
* Zero used registers at function exit.
-- Sebastian Andrzej Siewior <email address hidden> Mon, 27 Dec 2021 11:44:50 +0100
-
openssl (3.0.0-1) experimental; urgency=medium
* Import 3.0.0.
* Add avr32, patch by Vineet Gupta (Closes: #989442).
-- Sebastian Andrzej Siewior <email address hidden> Sat, 11 Sep 2021 10:41:54 +0200
-
openssl (3.0.0~~beta2-1) experimental; urgency=medium
* Import 3.0.0-beta2.
-- Sebastian Andrzej Siewior <email address hidden> Fri, 30 Jul 2021 07:51:18 +0200
-
openssl (3.0.0~~beta1-1) experimental; urgency=medium
* Import 3.0.0-beta1.
* Use HARNESS_VERBOSE again (otherwise the test suite might killed since no
progress is visible).
-- Sebastian Andrzej Siewior <email address hidden> Wed, 23 Jun 2021 19:32:27 +0200
-
openssl (3.0.0~~alpha16-1) experimental; urgency=medium
* Import 3.0.0-alpha16.
* Use VERBOSE_FAILURE to log only failures in the build log.
-- Sebastian Andrzej Siewior <email address hidden> Thu, 06 May 2021 21:54:38 +0200
-
openssl (3.0.0~~alpha15-1) experimental; urgency=medium
* Import 3.0.0-alpha15.
-- Sebastian Andrzej Siewior <email address hidden> Wed, 28 Apr 2021 23:26:47 +0200
-
openssl (3.0.0~~alpha13-2) experimental; urgency=medium
* Add a proposed patch from upstream to skip negativ errno number in the
testsuite to pass the testsute on hurd.
* Always link against libatomic.
-- Sebastian Andrzej Siewior <email address hidden> Wed, 07 Apr 2021 21:36:02 +0200
-
openssl (3.0.0~~alpha13-1) experimental; urgency=medium
* Import 3.0.0-alpha13.
* Move configuration.h to architecture specific include folder. Patch from
Antonio Terceiro (Closes: #985555).
* Enable LFS. Thanks to Dan Nicholson for debugging (Closes: #923479).
* drop `lsof', the testsuite is not using it anymore.
* Enable ktls.
-- Sebastian Andrzej Siewior <email address hidden> Thu, 01 Apr 2021 23:07:05 +0200
-
openssl (3.0.0~~alpha4-1) experimental; urgency=medium
* Import 3.0.0-alpha4.
* Add `lsof' which is needed by the test suite.
* Add ossl-modules to libcrypto's udeb.
-- Sebastian Andrzej Siewior <email address hidden> Tue, 07 Jul 2020 00:16:54 +0200
-
openssl (3.0.0~~alpha3-1) experimental; urgency=medium
* Import 3.0.0-alpha3
* Install the .so files only in the -dev package (Closes: #962548).
-- Sebastian Andrzej Siewior <email address hidden> Wed, 17 Jun 2020 23:24:43 +0200
-
openssl (3.0.0~~alpha1-1) experimental; urgency=medium
* Import 3.0.0-alpha1 (Closes: #934836).
-- Sebastian Andrzej Siewior <email address hidden> Sat, 25 Apr 2020 23:08:44 +0200
-
openssl (1.1.1~~pre8-1) experimental; urgency=medium
* New upstream version.
-- Sebastian Andrzej Siewior <email address hidden> Thu, 05 Jul 2018 00:21:00 +0200
-
openssl (1.1.1~~pre7-1) experimental; urgency=medium
* Drop afalgeng on kfreebsd-* which go enabled because they inherit from
the linux target.
* Fix debian-rules-sets-dpkg-architecture-variable.
* Update to policy 4.1.4
- only Suggest: libssl-doc instead Recommends (only documentation and
example code is shipped).
- drop Priority: important.
- use signing-key.asc and a https links for downloads
* Use compat 11.
- this moves the examples to /usr/share/doc/libssl-{doc->dev}/demos but it
seems to make sense.
* Add a 25-test_verify.t for autopkgtest which runs against intalled
openssl binary.
* Fix CVE-2018-0737 (Closes: #895844).
-- Sebastian Andrzej Siewior <email address hidden> Wed, 30 May 2018 19:49:26 +0200
-
openssl (1.1.1~~pre6-2) experimental; urgency=medium
* Update libssl1.1.symbols
-- Kurt Roeckx <email address hidden> Tue, 01 May 2018 16:34:27 +0200
-
openssl (1.1.1~~pre4-1) experimental; urgency=medium
* Update to 1.1.1-pre4 (Closes: #892276, #894282).
* Add riscv64 target (Closes: #891797).
-- Sebastian Andrzej Siewior <email address hidden> Tue, 03 Apr 2018 21:41:55 +0200
-
openssl (1.1.1~~pre3-1) experimental; urgency=medium
* Update to 1.1.1-pre3
* Don't suggest 1024 bit RSA key to be typical (Closes: #878303).
* Don't insist on TLS1.3 cipher for <TLS1.3 connections (Closes: #891570).
* Enable system default config to enforce TLS1.2 as a minimum.
-- Sebastian Andrzej Siewior <email address hidden> Wed, 21 Mar 2018 00:01:08 +0100
-
openssl (1.1.1~~pre2-1) experimental; urgency=medium
* Update to 1.1.1-pre2
-- Sebastian Andrzej Siewior <email address hidden> Tue, 27 Feb 2018 21:25:09 +0100
-
openssl (1.1.0b-1) experimental; urgency=medium
* New upstream release
- Fixes CVE-2016-6309
-- Kurt Roeckx <email address hidden> Mon, 26 Sep 2016 18:21:09 +0200
-
openssl (1.1.0a-1) experimental; urgency=medium
* New upstream release
- Fix CVE-2016-6304
- Fix CVE-2016-6305
- Fix CVE-2016-6307
- Fix CVE-2016-6308
* Update c_rehash-compat.patch to apply to new version.
* Update symbol file.
-- Kurt Roeckx <email address hidden> Thu, 22 Sep 2016 20:13:59 +0200
-
openssl (1.1.0-1) experimental; urgency=medium
[ Kurt Roeckx ]
* New upstream version
* Use Package-Type instead of XC-Package-Type
* Remove "Priority: optional" in the binary packages.
* Add Homepage
* Use dpkg-buildflags's LDFLAGS also for building the shared libraries.
[ Sebastian Andrzej Siewior ]
* drop config-hurd.patch, we don't use `config' and it works without the
patch.
* Drop depend on zlib1g-dev since we don't use it anymore (Closes: #767207)
* Make the openssl package Multi-Arch: foregin (Closes: #827028)
-- Kurt Roeckx <email address hidden> Thu, 25 Aug 2016 18:52:22 +0200
-
openssl (1.1.0~pre6-1) experimental; urgency=medium
[ Sebastian Andrzej Siewior ]
* drop engines-path.patch. Upstream uses a 1.1 suffixes now.
[ Kurt Roeckx ]
* New upstream version
* Drop upstream snapshot
* Update symbols file
* Use some https instead of http URLs
-- Kurt Roeckx <email address hidden> Thu, 04 Aug 2016 18:33:24 +0200
-
openssl (1.1.0~pre5-5) experimental; urgency=medium
* Update snapshot to commit fe964f0c88f6780fd30b26e306484b981b0a8480
-- Kurt Roeckx <email address hidden> Sat, 02 Jul 2016 14:54:51 +0200
-
openssl (1.1.0~pre5-4) experimental; urgency=medium
* Update snapshot to commit c32bdbf171ce6650ef045ec47b5abe0de7c264db
* Remove utils-mkdir-p-check-if-dir-exists-also-after-mkdir-f.patch, applied
upstream
-- Kurt Roeckx <email address hidden> Sun, 26 Jun 2016 15:07:48 +0200
-
openssl (1.1.0~pre5-3) experimental; urgency=medium
[ Kurt Roeckx ]
* Don't use assembler on hppa, it's not writen for Linux.
-- Sebastian Andrzej Siewior <email address hidden> Fri, 10 Jun 2016 22:33:06 +0200
-
openssl (1.1.0~pre5-1) experimental; urgency=medium
* New upstream version with soname change. Upload to experimental.
- Rename binary packages
- Remove patches:
- block_diginotar.patch: All cross certificates expired in 2013
- block_digicert_malaysia.patch: intermediate certificates expired in
2015
- man-dir.patch: Fixed upstream
- valgrind.patch: Upstream no longer adds the uninitialized data to the
RNG
- shared-lib-ext.patch: No longer needed
- version-script.patch: Upstream does symbol versioning itself now
- disable_freelist.patch: No longer needed
- soname.patch: Was to change to the 1.0.2 soname that upstream never had
- disable_sslv3_test.patch: Fixed upstream
- libdoc-manpgs-pod-spell.patch: Fixed upstream (Closes: #813191)
- Rewrite debian-targets.patch to work with the new configuration system.
- Update other patches to apply
- Update list of install docs
- Use DESTDIR instead of INSTALL_PREFIX
- Clean up more files
- Remove the configure option enable-tlsext no-ssl2 since they're no
longer supported.
* Add upstream snapshot:
- Add d2i-tests.tar to get new binary test files.
* Don't build i686 optimized version anymore on i386, it's now the default.
(Closes: #823774)
-- Kurt Roeckx <email address hidden> Sat, 28 May 2016 20:58:31 +0200
-
openssl (1.0.2d-2) experimental; urgency=medium
* Build with no-ssl3-method to remove all SSLv3 support. This results in
the functions SSLv3_method(), SSLv3_server_method() and
SSLv3_client_method() being removed from libssl. Change the soname as
result of that and also changes name of the binary package.
(Closes: #768476)
* Enable rfc3779 and cms support (Closes: #630790)
* Fix cross compilation for mips architectures. (Closes: #782492)
-- Kurt Roeckx <email address hidden> Sun, 06 Sep 2015 14:21:27 +0200
-
openssl (1.0.2-1) experimental; urgency=medium
* New upstream release
- Fixes CVE-2014-3571
- Fixes CVE-2015-0206
- Fixes CVE-2014-3569
- Fixes CVE-2014-3572
- Fixes CVE-2015-0204
- Fixes CVE-2015-0205
- Fixes CVE-2014-8275
- Fixes CVE-2014-3570
- Drop git_snapshot.patch
* Drop gnu_source.patch, dgst_hmac.patch, stddef.patch,
no_ssl3_method.patch: applied upstream
* Update patches to apply
-- Kurt Roeckx <email address hidden> Fri, 23 Jan 2015 18:54:13 +0100
-
openssl (1.0.2~beta3-1) experimental; urgency=low
* New usptream beta version
* Add git snapshot
* Merge changes between 1.0.1h-3 and 1.0.1j-1:
- Disables SSLv3 because of CVE-2014-3566
* Drop patch rehash-crt.patch: partially applied upstream.
c_rehash now doesn't support files in DER format anymore.
* Drop patch rehash_pod.patch: applied upstream
* Update c_rehash-compat.patch to apply to new upstream version. This
undoes upstream's "-old" option and creates both the new and old again.
It now also does it for CRLs.
* Drop defaults.patch, applied upstream
* dgst_hmac.patch updated to apply to upstream version.
* engines-path.patch updated to apply to upstream version.
* Update list of exported symbols
* Update symbols files to require beta3
* Enable unit tests
* Add patch to add support for the no-ssl3-method option that completly
disable SSLv3 and pass the option. This drops the following functions
from the library: SSLv3_method, SSLv3_server_method and
SSLv3_client_method
* Build using OPENSSL_NO_BUF_FREELISTS
-- Kurt Roeckx <email address hidden> Fri, 07 Nov 2014 00:20:10 +0100
-
openssl (1.0.2~beta2-1) experimental; urgency=medium
* New usptream beta version
- Fix CVE-2014-0224
- Fix CVE-2014-0221
- Fix CVE-2014-0195
- Fix CVE-2014-3470
- Fix CVE-2014-0198
- Fix CVE-2010-5298
- Fix CVE-2014-0160
- Fix CVE-2014-0076
* Merge changes between 1.0.1f-1 and 1.0.1h-3:
- postinst: Updated check for restarting services
* libdoc-manpgs-pod-spell.patch and openssl-pod-misspell.patch
partially applied upstream
* Drop fix-pod-errors.patch, applied upstream.
* Add support for ppc64le (Closes: #745657)
* Add support for OpenRISC (Closes: #736772)
-- Kurt Roeckx <email address hidden> Wed, 23 Jul 2014 19:54:09 +0200
-
openssl (1.0.2~beta1-1) experimental; urgency=medium
* New upstream beta version
- Update list of symbols that should be exported and adjust the symbols
file. This also removes a bunch of duplicate symbols in the linker
file.
- Fix additional pod errors
- Following patches have been applied upstream and are removed:
libssl-misspell.patch, pod_req_misspell2.patch,
pod_pksc12.misspell.patch, pod_s_server.misspell.patch,
pod_x509setflags.misspell.patch, pod_ec.misspell.patch,
pkcs12-doc.patch, req_bits.patch
- Following patches have been partially applied upstream:
libdoc-manpgs-pod-spell.patch, openssl-pod-misspell.patch
- Remove openssl_fix_for_x32.patch, different patch applied upstream.
* Add support for cross compiling (Closes: #465248)
-- Kurt Roeckx <email address hidden> Tue, 25 Feb 2014 00:36:51 +0100
-
openssl (1.0.0c-2) experimental; urgency=low
* Set $ in front of {sparcv9_asm} so that the sparc v9 variant builds. * Always define _GNU_SOURCE, not only for Linux. * Drop SSL2 support (Closes: #589706) -- Kurt Roeckx <email address hidden> Sun, 19 Dec 2010 16:24:16 +0100
-
openssl (1.0.0c-1) experimental; urgency=low
* New upstream version (Closes: #578376) - New soname: Rename library packages - Drop patch perl-path.diff, not needed anymore - Drop patches CVE-2010-2939.patch, CVE-2010-3864.patch and CVE-2010-4180.patch: applied upstream. - Update Configure for the new fields for the assembler options per arch. alpha now makes use of assembler. * Move man3 manpages and demos to libssl-doc (Closes: #470594) * Drop .pod files from openssl package (Closes: #518167) * Don't use RC4_CHAR on amd64 and drop rc4-amd64.patch * Stop using BF_PTR2 on (kfreebd-)amd64. * Drop debian-arm from the list of arches. * Update arm arches to use BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR instead of BN_LLONG DES_RISC1 * ia64: Drop RC4_CHAR, add DES_UNROLL DES_INT * powerpc: Use RC4_CHAR RC4_CHUNK DES_RISC1 instead of DES_RISC2 DES_PTR MD2_CHAR RC4_INDEX * s390: Use RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL instead of BN_LLONG -- Kurt Roeckx <email address hidden> Sun, 12 Dec 2010 15:37:21 +0100