diff -Nru openssl-1.0.0d/debian/changelog openssl-1.0.0d/debian/changelog --- openssl-1.0.0d/debian/changelog 2011-04-13 22:39:58.000000000 +0200 +++ openssl-1.0.0d/debian/changelog 2011-05-01 00:16:45.000000000 +0200 @@ -1,3 +1,31 @@ +openssl (1.0.0d-2ubuntu1) oneiric; urgency=low + + * Merge from debian/unstable, remaining changes: (LP: #675566) + - d/libssl1.0.0.postinst: + + Display a system restart required notification bubble + on libssl1.0.0 upgrade. + + Use a different priority for libssl0.9.8/restart-services + depending on whether a desktop, or server dist-upgrade + is being performed. + - d/{libssl1.0.0-udeb.dirs, control, rules}: Create + libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb + package in Debian). + - d/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, + rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. + - d/p/Bsymbolic-functions.patch: Link using -Bsymbolic-functions. + - d/rules: + + Don't run 'make test' when cross-building. + + Use host compiler when cross-building. Patch from Neil Williams. + (Closes: #465248) + + Don't build for processors no longer supported: i486, i586 + (on i386), v8 (on sparc). + + Fix Makefile to properly clean up libs/ dirs in clean target. + (Closes: #611667) + + Replace duplicate files in the doc directory with symlinks. + * Fixes install of engines (LP: #769372) + + -- Andreas Moog Sat, 30 Apr 2011 22:05:02 +0200 + openssl (1.0.0d-2) unstable; urgency=high * Make c_rehash also generate the old subject hash. Gnutls applications @@ -48,12 +76,128 @@ -- Kurt Roeckx Sun, 12 Dec 2010 15:37:21 +0100 +openssl (0.9.8o-5ubuntu1) natty; urgency=low + + * Merge from debian unstable. Remaining changes: (LP: #718205) + - d/libssl0.9.8.postinst: + + Display a system restart required notification bubble + on libssl0.9.8 upgrade. + + Use a different priority for libssl0.9.8/restart-services + depending on whether a desktop, or server dist-upgrade + is being performed. + - d/{libssl0.9.8-udeb.dirs, control, rules}: Create + libssl0.9.8-udeb, for the benefit of wget-udeb (no wget-udeb + package in Debian). + - d/{libcrypto0.9.8-udeb.dirs, libssl0.9.8.dirs, libssl0.9.8.files, + rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. + - d/{control, openssl-doc.docs, openssl.docs, openssl.dirs}: + + Ship documentation in openssl-doc, suggested by the package. + (Closes: #470594) + - d/p/aesni.patch: Backport Intel AES-NI support from + http://rt.openssl.org/Ticket/Display.html?id=2067 (refreshed) + - d/p/Bsymbolic-functions.patch: Link using -Bsymbolic-functions. + - d/p/perlpath-quilt.patch: Don't change perl #! paths under .pc. + - d/p/no-sslv2.patch: Disable SSLv2 to match NSS and GnuTLS. + The protocol is unsafe and extremely deprecated. (Closes: #589706) + - d/rules: + + Disable SSLv2 during compile. (Closes: #589706) + + Don't run 'make test' when cross-building. + + Use host compiler when cross-building. Patch from Neil Williams. + (Closes: #465248) + + Don't build for processors no longer supported: i486, i586 + (on i386), v8 (on sparc). + + Fix Makefile to properly clean up libs/ dirs in clean target. + (Closes: #611667) + + Replace duplicate files in the doc directory with symlinks. + * This upload fixed CVE: (LP: #718208) + - CVE-2011-0014 + + -- Artur Rona Sun, 13 Feb 2011 16:10:24 +0100 + +openssl (0.9.8o-5) unstable; urgency=low + + * Fix OCSP stapling parse error (CVE-2011-0014) + + -- Kurt Roeckx Thu, 10 Feb 2011 20:43:43 +0100 + +openssl (0.9.8o-4ubuntu2) natty; urgency=low + + [ Peter Pearse ] + * Fix Makefile to properly clean up libs/ dirs in clean target + + -- Steve Langasek Mon, 31 Jan 2011 10:47:30 -0800 + +openssl (0.9.8o-4ubuntu1) natty; urgency=low + + * Merge from debian unstable. Remaining changes: (LP: #693902) + - debian/patches/Bsymbolic-functions.patch: Link using + -Bsymbolic-functions. + - Use a different priority for libssl0.9.8/restart-services + depending on whether a desktop, or server dist-upgrade is being + performed. + - Display a system restart required notification bubble on libssl0.9.8 + upgrade. + - Don't build for processors no longer supported: i486, i586 + (on i386), v8 (on sparc). + - Create libssl0.9.8-udeb, for the benefit of wget-udeb (no + wget-udeb package in Debian). + - Replace duplicate files in the doc directory with symlinks. + - Move runtime libraries to /lib, for the benefit of wpasupplicant. + - Ship documentation in openssl-doc, suggested by the package. + (Closes: #470594) + - Use host compiler when cross-building. Patch from Neil Williams. + (Closes: #465248). + - Don't run 'make test' when cross-building. + - debian/patches/aesni.patch: Backport Intel AES-NI support from + http://rt.openssl.org/Ticket/Display.html?id=2067 (refreshed) + - debian/patches/perlpath-quilt.patch: Don't change perl #! paths + under .pc. + - debian/patches/no-sslv2.patch: disable SSLv2 to match NSS + and GnuTLS. The protocol is unsafe and extremely deprecated. + (Closes: #589706) + + -- Artur Rona Thu, 23 Dec 2010 20:20:03 +0100 + openssl (0.9.8o-4) unstable; urgency=low * Fix CVE-2010-4180 (Closes: #529221) -- Kurt Roeckx Mon, 06 Dec 2010 20:33:21 +0100 +openssl (0.9.8o-3ubuntu1) natty; urgency=low + + * Merge from debian unstable (LP: #677756). Remaining changes: + - debian/patches/Bsymbolic-functions.patch: Link using + -Bsymbolic-functions (refreshed) + - Use a different priority for libssl0.9.8/restart-services + depending on whether a desktop, or server dist-upgrade is being + performed. + - Display a system restart required notification bubble on libssl0.9.8 + upgrade. + - Don't build for processors no longer supported: i486, i586 + (on i386), v8 (on sparc). + - Create libssl0.9.8-udeb, for the benefit of wget-udeb (no + wget-udeb package in Debian) + - Replace duplicate files in the doc directory with symlinks. + - Move runtime libraries to /lib, for the benefit of wpasupplicant + - Ship documentation in openssl-doc, suggested by the package. + (Debian bug 470594) + - Use host compiler when cross-building (patch from Neil Williams in + Debian bug 465248). + - Don't run 'make test' when cross-building. + - debian/patches/aesni.patch: Backport Intel AES-NI support from + http://rt.openssl.org/Ticket/Display.html?id=2067 (refreshed) + - debian/patches/perlpath-quilt.patch: Don't change perl #! paths + under .pc. + - debian/patches/no-sslv2.patch: disable SSLv2 to match NSS + and GnuTLS. The protocol is unsafe and extremely deprecated. + (Debian bug 589706) + * Dropped patches, now upstream: + - debian/patches/CVE-2010-2939.patch (Debian patch is identically + named) + + -- Steve Beattie Thu, 18 Nov 2010 12:54:37 -0800 + openssl (0.9.8o-3) unstable; urgency=high * Fix TLS extension parsing race condition (CVE-2010-3864) (Closes: #603709) @@ -77,6 +221,72 @@ -- Kurt Roeckx Thu, 26 Aug 2010 18:25:29 +0200 +openssl (0.9.8o-1ubuntu4.1) maverick-security; urgency=low + + * SECURITY UPDATE: denial of service and possible code execution via + crafted private key with an invalid prime. + - debian/patches/CVE-2010-2939.patch: set bn_ctx to NULL after freeing + it in ssl/s3_clnt.c. + - CVE-2010-2939 + + -- Marc Deslauriers Wed, 06 Oct 2010 16:46:36 -0400 + +openssl (0.9.8o-1ubuntu4) maverick; urgency=low + + * Update AES-NI patch to openssl-0.9.8-aesni-modes-perlasm-win32-v4.patch + from http://rt.openssl.org/Ticket/Display.html?id=2067, fixing segfault + on engine initialisation (LP: #590639). + + -- Colin Watson Fri, 24 Sep 2010 12:20:49 +0100 + +openssl (0.9.8o-1ubuntu3) maverick; urgency=low + + * debian/patches/no-sslv2.patch: disable SSLv2 to match NSS and GnuTLS. + The protocol is unsafe and extremely deprecated. (Debian bug 589706) + + -- Kees Cook Tue, 20 Jul 2010 08:24:13 -0700 + +openssl (0.9.8o-1ubuntu2) maverick; urgency=low + + * Don't build anymore for processors not supported anymore in maverick: + - i486, i586 (on i386). + - v8 (on sparc). + + -- Matthias Klose Mon, 19 Jul 2010 16:44:10 +0200 + +openssl (0.9.8o-1ubuntu1) maverick; urgency=low + + * Merge from debian unstable, remaining changes (LP: #581167): + - debian/patches/Bsymbolic-functions.patch: Link using + -Bsymbolic-functions + - Ship documentation in openssl-doc, suggested by the package. + - Use a different priority for libssl0.9.8/restart-services + depending on whether a desktop, or server dist-upgrade is being + performed. + - Display a system restart required notification bubble on libssl0.9.8 + upgrade. + - Replace duplicate files in the doc directory with symlinks. + - Move runtime libraries to /lib, for the benefit of wpasupplicant + - Use host compiler when cross-building (patch from Neil Williams in + Debian #465248). + - Don't run 'make test' when cross-building. + - Create libssl0.9.8-udeb, for the benefit of wget-udeb (LP: #503339). + - debian/patches/aesni.patch: Backport Intel AES-NI support from + http://rt.openssl.org/Ticket/Display.html?id=2067 (LP: #485518). + - debian/patches/perlpath-quilt.patch: Don't change perl #! paths + under .pc. + * Dropped patches, now upstream: + - debian/patches/CVE-2009-3245.patch + - debian/patches/CVE-2010-0740.patch + - debian/patches/dtls-compatibility.patch + - debian/patches/CVE-2009-4355.patch + * Dropped "Add support for lpia". + * Dropped "Disable SSLv2 during compile" as this had never actually + disabled SSLv2. + * Don't disable CVE-2009-3555.patch for Maverick. + + -- Marc Deslauriers Mon, 14 Jun 2010 09:08:29 -0400 + openssl (0.9.8o-1) unstable; urgency=low * New upstream version @@ -129,6 +339,87 @@ -- Kurt Roeckx Wed, 13 Jan 2010 21:26:49 +0100 +openssl (0.9.8k-7ubuntu8) lucid; urgency=low + + * SECURITY UPDATE: denial of service and possible arbitrary code + execution via unchecked return values + - debian/patches/CVE-2009-3245.patch: check bn_wexpand return value in + crypto/bn/{bn_div.c,bn_gf2m.c,bn_mul.c}, crypto/ec/ec2_smpl.c, + engines/e_ubsec.c. + - CVE-2009-3245 + * SECURITY UPDATE: denial of service via "record of death" + - debian/patches/CVE-2010-0740.patch: only send back minor version + number in ssl/s3_pkt.c. + - CVE-2010-0740 + + -- Marc Deslauriers Tue, 30 Mar 2010 08:57:51 -0400 + +openssl (0.9.8k-7ubuntu7) lucid; urgency=low + + * debian/patches/dtls-compatibility.patch: backport dtls compatibility + code from 0.9.8m to fix interopability. (LP: #516318) + + -- Marc Deslauriers Fri, 26 Mar 2010 08:31:09 -0400 + +openssl (0.9.8k-7ubuntu6) lucid; urgency=low + + * Backport Intel AES-NI support from + http://rt.openssl.org/Ticket/Display.html?id=2067 (LP: #485518). + * Don't change perl #! paths under .pc. + + -- Colin Watson Mon, 01 Feb 2010 15:40:27 -0800 + +openssl (0.9.8k-7ubuntu5) lucid; urgency=low + + * SECURITY UPDATE: memory leak possible during state clean-up. + - Add CVE-2009-4355.patch, upstream fixes thanks to Debian. + + -- Kees Cook Fri, 22 Jan 2010 09:50:01 -0800 + +openssl (0.9.8k-7ubuntu4) lucid; urgency=low + + * Use host compiler when cross-building (patch from Neil Williams in + Debian #465248). + * Don't run 'make test' when cross-building. + * Create libssl0.9.8-udeb, for the benefit of wget-udeb (LP: #503339). + + -- Colin Watson Tue, 05 Jan 2010 16:09:38 +0000 + +openssl (0.9.8k-7ubuntu3) lucid; urgency=low + + * debian/patches/disable-sslv2.patch: remove and apply inline to fix + FTBFS when patch won't revert during the build process. + + -- Marc Deslauriers Mon, 07 Dec 2009 21:00:47 -0500 + +openssl (0.9.8k-7ubuntu2) lucid; urgency=low + + * debian/patches/{disable-sslv2,Bsymbolic-functions}.patch: apply + Makefile sections inline as once the package is configured during the + build process, the patches wouldn't revert anymore, causing a FTBFS on + anything other than amd64. + + -- Marc Deslauriers Mon, 07 Dec 2009 19:52:15 -0500 + +openssl (0.9.8k-7ubuntu1) lucid; urgency=low + + * Merge from debian unstable, remaining changes (LP: #493392): + - Link using -Bsymbolic-functions + - Add support for lpia + - Disable SSLv2 during compile + - Ship documentation in openssl-doc, suggested by the package. + - Use a different priority for libssl0.9.8/restart-services + depending on whether a desktop, or server dist-upgrade is being + performed. + - Display a system restart required notification bubble on libssl0.9.8 + upgrade. + - Replace duplicate files in the doc directory with symlinks. + - Move runtime libraries to /lib, for the benefit of wpasupplicant + * Strip the patches out of the source into quilt patches + * Disable CVE-2009-3555.patch + + -- Nicolas Valcárcel Scerpella (Canonical) Sun, 06 Dec 2009 20:16:24 -0500 + openssl (0.9.8k-7) unstable; urgency=low * Bump the shlibs to require 0.9.8k-1. The following symbols @@ -206,6 +497,70 @@ -- Kurt Roeckx Sat, 16 May 2009 17:33:55 +0200 +openssl (0.9.8g-16ubuntu3) karmic; urgency=low + + * SECURITY UPDATE: certificate spoofing via hash collisions from MD2 + design flaws. + - crypto/evp/c_alld.c, ssl/ssl_algs.c: disable MD2 digest. + - crypto/x509/x509_vfy.c: skip signature check for self signed + certificates + - http://marc.info/?l=openssl-cvs&m=124508133203041&w=2 + - http://marc.info/?l=openssl-cvs&m=124704528713852&w=2 + - CVE-2009-2409 + + -- Marc Deslauriers Tue, 08 Sep 2009 14:59:05 -0400 + +openssl (0.9.8g-16ubuntu2) karmic; urgency=low + + * Patches forward ported from http://www.ubuntu.com/usn/USN-792-1 (by + Marc Deslauriers) + * SECURITY UPDATE: denial of service via memory consumption from large + number of future epoch DTLS records. + - crypto/pqueue.*: add new pqueue_size counter function. + - ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100. + - http://cvs.openssl.org/chngview?cn=18187 + - CVE-2009-1377 + * SECURITY UPDATE: denial of service via memory consumption from + duplicate or invalid sequence numbers in DTLS records. + - ssl/d1_both.c: discard message if it's a duplicate or too far in the + future. + - http://marc.info/?l=openssl-dev&m=124263491424212&w=2 + - CVE-2009-1378 + * SECURITY UPDATE: denial of service or other impact via use-after-free + in dtls1_retrieve_buffered_fragment. + - ssl/d1_both.c: use temp frag_len instead of freed frag. + - http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest + - CVE-2009-1379 + * SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet + that occurs before ClientHello. + - ssl/s3_pkt.c: abort if s->session is NULL. + - ssl/{ssl.h,ssl_err.c}: add new error codes. + - http://cvs.openssl.org/chngview?cn=17369 + - CVE-2009-1386 + * SECURITY UPDATE: denial of service via an out-of-sequence DTLS + handshake message. + - ssl/d1_both.c: don't buffer fragments with no data. + - http://cvs.openssl.org/chngview?cn=17958 + - CVE-2009-1387 + + -- Jamie Strandboge Fri, 10 Jul 2009 14:44:47 -0500 + +openssl (0.9.8g-16ubuntu1) karmic; urgency=low + + * Merge from debian unstable, remaining changes: + - Link using -Bsymbolic-functions + - Add support for lpia + - Disable SSLv2 during compile + - Ship documentation in openssl-doc, suggested by the package. + - Use a different priority for libssl0.9.8/restart-services + depending on whether a desktop, or server dist-upgrade is being + performed. + - Display a system restart required notification bubble on libssl0.9.8 + upgrade. + - Replace duplicate files in the doc directory with symlinks. + + -- Jamie Strandboge Thu, 14 May 2009 14:11:05 -0500 + openssl (0.9.8g-16) unstable; urgency=high * Properly validate the length of an encoded BMPString and UniversalString @@ -213,6 +568,45 @@ -- Kurt Roeckx Wed, 01 Apr 2009 22:04:53 +0200 +openssl (0.9.8g-15ubuntu3) jaunty; urgency=low + + * SECURITY UPDATE: crash via invalid memory access when printing BMPString + or UniversalString with invalid length + - crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h: + return error if invalid length + - CVE-2009-0590 + - http://www.openssl.org/news/secadv_20090325.txt + - patch from upstream CVS: + crypto/asn1/asn1.h:1.128.2.11->1.128.2.12 + crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5 + crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11 + + -- Jamie Strandboge Fri, 27 Mar 2009 08:23:35 -0500 + +openssl (0.9.8g-15ubuntu2) jaunty; urgency=low + + * Move runtime libraries to /lib, for the benefit of wpasupplicant + (LP: #44194). Leave symlinks behind in /usr/lib (except on the Hurd) + since we used to set an rpath there. + + -- Colin Watson Fri, 06 Mar 2009 12:48:52 +0000 + +openssl (0.9.8g-15ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes: LP: #314984 + - Link using -Bsymbolic-functions + - Add support for lpia + - Disable SSLv2 during compile + - Ship documentation in openssl-doc, suggested by the package. + - Use a different priority for libssl0.9.8/restart-services + depending on whether a desktop, or server dist-upgrade is being + performed. + - Display a system restart required notification bubble on libssl0.9.8 + upgrade. + - Replace duplicate files in the doc directory with symlinks. + + -- Bhavani Shankar Thu, 08 Jan 2009 12:38:06 +0530 + openssl (0.9.8g-15) unstable; urgency=low * Internal calls to didn't properly check for errors which @@ -223,6 +617,34 @@ -- Kurt Roeckx Mon, 05 Jan 2009 21:14:31 +0100 +openssl (0.9.8g-14ubuntu2) jaunty; urgency=low + + * SECURITY UPDATE: clients treat malformed signatures as good when verifying + server DSA and ECDSA certificates + - update apps/speed.c, apps/spkac.c, apps/verify.c, apps/x509.c, + ssl/s2_clnt.c, ssl/s2_srvr.c, ssl/s3_clnt.c, s3_srvr.c, and + ssl/ssltest.c to properly check the return code of EVP_VerifyFinal() + - patch based on upstream patch for #2008-016 + - CVE-2008-5077 + + -- Jamie Strandboge Tue, 06 Jan 2009 00:44:19 -0600 + +openssl (0.9.8g-14ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes: + - Link using -Bsymbolic-functions + - Add support for lpia + - Disable SSLv2 during compile + - Ship documentation in openssl-doc, suggested by the package. + - Use a different priority for libssl0.9.8/restart-services + depending on whether a desktop, or server dist-upgrade is being + performed. + - Display a system restart required notification bubble on libssl0.9.8 + upgrade. + - Replace duplicate files in the doc directory with symlinks. + + -- Scott James Remnant Tue, 11 Nov 2008 17:24:44 +0000 + openssl (0.9.8g-14) unstable; urgency=low * Don't give the warning about security updates when upgrading @@ -267,6 +689,29 @@ -- Christoph Martin Thu, 17 Jul 2008 09:53:01 +0200 +openssl (0.9.8g-10.1ubuntu2) intrepid; urgency=low + + * debian/rules: + - disable SSLv2 during compile + * debian/README.debian + - add note about disabled SSLv2 in Ubuntu + + -- Ante Karamatic Thu, 24 Jul 2008 12:47:09 +0200 + +openssl (0.9.8g-10.1ubuntu1) intrepid; urgency=low + + * Merge from debian unstable, remaining changes: + - use a different priority for libssl0.9.8/restart-services depending on whether + a desktop, or server dist-upgrade is being performed. + - display a system restart required notification bubble on libssl0.9.8 upgrade. + - ship documentation in new openssl-doc package. + - configure: add support for lpia. + - replace duplicate files in the doc directory with symlinks. + - link using -bsymbolic-functions. + - update maintainer as per spec. + + -- Luke Yelavich Tue, 10 Jun 2008 11:50:07 +1000 + openssl (0.9.8g-10.1) unstable; urgency=high * Non-maintainer upload by the Security team. @@ -280,6 +725,20 @@ -- Nico Golde Tue, 27 May 2008 11:13:44 +0200 +openssl (0.9.8g-10ubuntu1) intrepid; urgency=low + + * Merge from debian unstable, remaining changes: + - Use a different priority for libssl0.9.8/restart-services depending on whether + a desktop, or server dist-upgrade is being performed. + - Display a system restart required notification bubble on libssl0.9.8 upgrade. + - Ship documentation in new openssl-doc package. + - Configure: Add support for lpia. + - Replace duplicate files in the doc directory with symlinks. + - Link using -Bsymbolic-functions. + - Update maintainer as per spec. + + -- Luke Yelavich Mon, 12 May 2008 22:49:33 +1000 + openssl (0.9.8g-10) unstable; urgency=low * undefine HZ so that the code falls back to sysconf(_SC_CLK_TCK) @@ -298,6 +757,20 @@ -- Kurt Roeckx Wed, 07 May 2008 20:32:12 +0200 +openssl (0.9.8g-8ubuntu1) intrepid; urgency=low + + * Merge from debian unstable, remaining changes: + - Use a different priority for libssl0.9.8/restart-services depending on whether + a desktop, or server dist-upgrade is being performed. + - Display a system restart required notification bubble on libssl0.9.8 upgrade. + - Ship documentation in new openssl-doc package. + - Configure: Add support for lpia. + - Replace duplicate files in the doc directory with symlinks. + - Link using -Bsymbolic-functions. + - Update maintainer as per spec. + + -- Luke Yelavich Mon, 12 May 2008 10:09:20 +1000 + openssl (0.9.8g-8) unstable; urgency=high * Don't add extensions to ssl v3 connections. It breaks with some @@ -324,6 +797,30 @@ -- Kurt Roeckx Sat, 09 Feb 2008 13:32:49 +0100 +openssl (0.9.8g-4ubuntu3) hardy; urgency=low + + * Use a different priority for libssl0.9.8/restart-services depending on whether + a desktop, or server dist-upgrade is being performed. (LP: #91814) + * Display a system restart required notification bubble on libssl0.9.8 upgrade. + + -- Luke Yelavich Tue, 22 Apr 2008 10:50:53 +1000 + +openssl (0.9.8g-4ubuntu2) hardy; urgency=low + + * Ship documentation in new openssl-doc package, since it is very large and + not terribly useful for the casual desktop user. + + -- Martin Pitt Tue, 11 Mar 2008 22:52:28 +0100 + +openssl (0.9.8g-4ubuntu1) hardy; urgency=low + + * Merge from unstable; remaining changes: + - Configure: Add support for lpia. + - Replace duplicate files in the doc directory with symlinks. + - Link using -Bsymbolic-functions. + + -- Matthias Klose Tue, 29 Jan 2008 14:32:12 +0100 + openssl (0.9.8g-4) unstable; urgency=low * Fix aes ige test speed not to overwrite it's buffer and @@ -338,6 +835,14 @@ -- Kurt Roeckx Wed, 16 Jan 2008 21:49:43 +0100 +openssl (0.9.8g-3ubuntu1) hardy; urgency=low + + * Merge with Debian; remaining changes: + - Configure: Add support for lpia. + - Replace duplicate files in the doc directory with symlinks. + + -- Matthias Klose Wed, 05 Dec 2007 00:13:39 +0100 + openssl (0.9.8g-3) unstable; urgency=low * aes-586.pl: push %ebx on the stack before we put some things on the @@ -425,6 +930,41 @@ -- Kurt Roeckx Wed, 15 Aug 2007 19:49:54 +0200 +openssl (0.9.8e-5ubuntu3) gutsy; urgency=low + + * Replace duplicate files in the doc directory with symlinks. + + -- Matthias Klose Thu, 04 Oct 2007 16:27:53 +0000 + +openssl (0.9.8e-5ubuntu2) gutsy; urgency=low + + [ Jamie Strandboge ] + * SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in + buffer overflow + * ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to + Stephan Hermann + * References: + CVE-2007-5135 + http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded + Fixes LP: #146269 + * Modify Maintainer value to match the DebianMaintainerField + specification. + + [ Kees Cook ] + * SECURITY UPDATE: side-channel attacks via BN_from_montgomery function. + * crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian. + * References + CVE-2007-3108 + + -- Kees Cook Fri, 28 Sep 2007 13:02:19 -0700 + +openssl (0.9.8e-5ubuntu1) gutsy; urgency=low + + * Configure: Add support for lpia. + * Explicitely build using gcc-4.1 (PR other/31359). + + -- Matthias Klose Tue, 31 Jul 2007 12:47:38 +0000 + openssl (0.9.8e-5) unstable; urgency=low [ Christian Perrier ] @@ -1424,3 +1964,4 @@ * Initial Release. -- Christoph Martin Fri, 22 Nov 1996 21:29:51 +0100 + diff -Nru openssl-1.0.0d/debian/control openssl-1.0.0d/debian/control --- openssl-1.0.0d/debian/control 2010-12-24 12:15:46.000000000 +0100 +++ openssl-1.0.0d/debian/control 2011-04-30 22:37:41.000000000 +0200 @@ -2,7 +2,8 @@ Build-Depends: debhelper (>= 5.0.22), zlib1g-dev, m4, bc Section: utils Priority: optional -Maintainer: Debian OpenSSL Team +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian OpenSSL Team Uploaders: Christoph Martin , Kurt Roeckx Standards-Version: 3.8.0 Vcs-Browser: http://svn.debian.org/wsvn/pkg-openssl/openssl @@ -48,6 +49,17 @@ . Do not install it on a normal system. +Package: libssl1.0.0-udeb +XC-Package-Type: udeb +Section: debian-installer +Priority: optional +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: ssl shared library - udeb + libssl shared library. + . + Do not install it on a normal system. + Package: libssl-dev Section: libdevel Priority: optional diff -Nru openssl-1.0.0d/debian/libcrypto1.0.0-udeb.dirs openssl-1.0.0d/debian/libcrypto1.0.0-udeb.dirs --- openssl-1.0.0d/debian/libcrypto1.0.0-udeb.dirs 2010-12-12 15:35:56.000000000 +0100 +++ openssl-1.0.0d/debian/libcrypto1.0.0-udeb.dirs 2011-04-30 22:12:25.000000000 +0200 @@ -1 +1 @@ -usr/lib +lib diff -Nru openssl-1.0.0d/debian/libssl1.0.0.dirs openssl-1.0.0d/debian/libssl1.0.0.dirs --- openssl-1.0.0d/debian/libssl1.0.0.dirs 2010-12-13 20:28:52.000000000 +0100 +++ openssl-1.0.0d/debian/libssl1.0.0.dirs 2011-04-30 22:12:32.000000000 +0200 @@ -1,2 +1,2 @@ -usr/lib +lib usr/share/doc/libssl1.0.0 diff -Nru openssl-1.0.0d/debian/libssl1.0.0.files openssl-1.0.0d/debian/libssl1.0.0.files --- openssl-1.0.0d/debian/libssl1.0.0.files 2010-12-13 21:12:34.000000000 +0100 +++ openssl-1.0.0d/debian/libssl1.0.0.files 2011-04-30 23:28:12.000000000 +0200 @@ -1,4 +1,5 @@ +lib/*.so.*.*.* +lib/*/*.so.*.*.* +lib/i686/cmov/*.so.*.*.* usr/lib/*.so.*.*.* -usr/lib/*/*.so.*.*.* -usr/lib/i686/cmov/*.so.*.*.* usr/lib/openssl-1.0.0/engines diff -Nru openssl-1.0.0d/debian/libssl1.0.0.postinst openssl-1.0.0d/debian/libssl1.0.0.postinst --- openssl-1.0.0d/debian/libssl1.0.0.postinst 2010-12-13 20:29:43.000000000 +0100 +++ openssl-1.0.0d/debian/libssl1.0.0.postinst 2011-04-30 22:03:08.000000000 +0200 @@ -117,7 +117,11 @@ if [ -n "$services" ]; then db_reset libssl1.0.0/restart-services db_set libssl1.0.0/restart-services "$services" - db_input critical libssl1.0.0/restart-services || true + if [ "$RELEASE_UPGRADE_MODE" = desktop ]; then + db_input medium libssl1.0.0/restart-services || true + else + db_input critical libssl1.0.0/restart-services || true + fi db_go || true db_get libssl1.0.0/restart-services @@ -164,6 +168,8 @@ db_stop fi # end upgrading and $2 lt 0.9.8c-2 fi # Upgrading + + [ -x /usr/share/update-notifier/notify-reboot-required ] && /usr/share/update-notifier/notify-reboot-required fi #DEBHELPER# diff -Nru openssl-1.0.0d/debian/libssl1.0.0-udeb.dirs openssl-1.0.0d/debian/libssl1.0.0-udeb.dirs --- openssl-1.0.0d/debian/libssl1.0.0-udeb.dirs 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.0.0d/debian/libssl1.0.0-udeb.dirs 2011-01-31 18:42:11.000000000 +0100 @@ -0,0 +1 @@ +lib diff -Nru openssl-1.0.0d/debian/patches/Bsymbolic-functions.patch openssl-1.0.0d/debian/patches/Bsymbolic-functions.patch --- openssl-1.0.0d/debian/patches/Bsymbolic-functions.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.0.0d/debian/patches/Bsymbolic-functions.patch 2011-04-30 22:27:31.000000000 +0200 @@ -0,0 +1,51 @@ +--- + Configure | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +Index: openssl-1.0.0d/Configure +=================================================================== +--- openssl-1.0.0d.orig/Configure 2011-04-30 22:00:20.000000000 +0200 ++++ openssl-1.0.0d/Configure 2011-04-30 22:27:21.441732535 +0200 +@@ -338,17 +338,17 @@ + "debian-armeb","gcc:-DB_ENDIAN -DTERMIO -O2 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-armel","gcc:-DL_ENDIAN -DTERMIO -O2 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-armhf","gcc:-DL_ENDIAN -DTERMIO -O2 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", ++"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl -Wl,-Bsymbolic-functions:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", + "debian-avr32", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -fomit-frame-pointer -g -Wall::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debian-hppa","gcc:-DB_ENDIAN -DTERMIO -O2 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-hppa","gcc:-DB_ENDIAN -DTERMIO -O2 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl -Wl,-Bsymbolic-functions:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debian-ia64","gcc:-DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debian-i386","gcc:-DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO -O3 -march=i486 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO -O3 -march=i586 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO -O3 -march=i686 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-ia64","gcc:-DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl -Wl,-Bsymbolic-functions:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386","gcc:-DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl -Wl,-Bsymbolic-functions:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO -O3 -march=i486 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl -Wl,-Bsymbolic-functions:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO -O3 -march=i586 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl -Wl,-Bsymbolic-functions:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO -O3 -march=i686 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl -Wl,-Bsymbolic-functions:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-m68k","gcc:-DB_ENDIAN -DTERMIO -O2 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +@@ -358,7 +358,7 @@ + "debian-openbsd-alpha","gcc:-DTERMIOS -O3 -Wa,--noexecstack -g::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-openbsd-mips","gcc:-O2 -Wa,--noexecstack -g -DL_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl -Wl,-Bsymbolic-functions:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-s390","gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +@@ -367,7 +367,7 @@ + "debian-sh3eb", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-sh4eb", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-m32r","gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debian-sparc","gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc","gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl -Wl,-Bsymbolic-functions:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -mcpu=v8 -g -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO -O3 -mcpu=v9 -Wa,--noexecstack -Wa,-Av8plus -g -Wall -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff -Nru openssl-1.0.0d/debian/patches/series openssl-1.0.0d/debian/patches/series --- openssl-1.0.0d/debian/patches/series 2011-04-13 22:36:11.000000000 +0200 +++ openssl-1.0.0d/debian/patches/series 2011-04-30 22:24:28.000000000 +0200 @@ -18,3 +18,4 @@ version-script.patch gnu_source.patch c_rehash-compat.patch +Bsymbolic-functions.patch diff -Nru openssl-1.0.0d/debian/rules openssl-1.0.0d/debian/rules --- openssl-1.0.0d/debian/rules 2011-04-02 15:02:25.000000000 +0200 +++ openssl-1.0.0d/debian/rules 2011-04-30 22:09:42.000000000 +0200 @@ -17,11 +17,20 @@ # The binary architeture DEB_HOST_ARCH = $(shell dpkg-architecture -qDEB_HOST_ARCH) +DEB_HOST_ARCH_OS = $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) -CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl no-idea no-mdc2 no-rc5 zlib enable-tlsext no-ssl2 +DEB_HOST_GNU_TYPE=$(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE=$(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +ifneq ($(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE)) +CROSS=CC=$(DEB_HOST_GNU_TYPE)-gcc +MAKE_TEST=: +else +CROSS=CC=$(CC) +MAKE_TEST=make test +endif + +CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl no-idea no-mdc2 no-rc5 zlib enable-tlsext no-sslv2 OPT_alpha = ev4 ev5 -OPT_i386 = i486 i586 i686/cmov -OPT_sparc = v8 v9 ARCHOPTS = OPT_$(DEB_HOST_ARCH) OPTS = $($(ARCHOPTS)) WANTED_LIBC_VERSION = 2.3.1-10 @@ -32,8 +41,8 @@ # perl util/ssldir.pl /usr/lib/ssl # chmod +x debian/libtool ./Configure no-shared $(CONFARGS) debian-$(DEB_HOST_ARCH) - make -f Makefile all - make test + make $(CROSS) -f Makefile all + $(MAKE_TEST) mv libcrypto.a libcrypto.static mv libssl.a libssl.static make -f Makefile clean @@ -41,22 +50,22 @@ do \ set -xe; \ ./Configure shared $(CONFARGS) debian-$(DEB_HOST_ARCH)-$$opt; \ - make -f Makefile all; \ - make test; \ + make $(CROSS) -f Makefile all; \ + $(MAKE_TEST); \ mkdir -p $$opt; \ mv libcrypto.so* libssl.so* $$opt/; \ make -f Makefile clean; \ done ./Configure shared $(CONFARGS) debian-$(DEB_HOST_ARCH) - #make -f Makefile depend + #make $(CROSS) -f Makefile depend ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/ -# make -f Makefile linux-shared - make -f Makefile all - make test +# make $(CROSS) -f Makefile linux-shared + make $(CROSS) -f Makefile all + $(MAKE_TEST) # strip apps/openssl # make -f Makefile clean # ./Configure --prefix=/usr --openssldir=/usr/lib/ssl no-idea no-mdc2 no-rc5 debian-$(DEB_HOST_ARCH) -# make -f Makefile all +# make $(CROSS) -f Makefile all touch build-stamp clean: @@ -64,6 +73,7 @@ dh_testroot -rm -f build-stamp -./Configure $(CONFARGS) debian-$(DEB_HOST_ARCH) + -sed -i -e 's/rm -f/rm -rf/' Makefile [ ! -f Makefile ] || make -f Makefile clean clean-shared #-make -f Makefile dclean # perl util/ssldir.pl /usr/local/ssl @@ -81,70 +91,107 @@ -rm Makefile apps/CA.pl tools/c_rehash crypto/opensslconf.h crypto/x86_64cpuid.S dh_clean -install: build - dh_testdir - dh_testroot - dh_clean - dh_installdirs - make -f Makefile install INSTALL_PREFIX=`pwd`/debian/tmp - -binary-indep: build install +binary-indep: build dh_testdir dh_testroot - dh_installdirs -i - dh_installman -plibssl-doc - dh_installdocs -i - dh_movefiles -i - dh_installchangelogs -i CHANGES - dh_compress -i - dh_fixperms -i - dh_gencontrol -i - dh_installdeb -i - dh_md5sums -i - dh_builddeb -i +# There are no architecture-independent files to be uploaded +# generated by this package. If there were any they would be +# made here. -binary-arch: build install +binary-arch: build dh_testdir dh_testroot - dh_installdirs -a + dh_clean +# -rm -rf debian/tmp `find debian/* -type d` + install -d debian/tmp debian/libssl1.0.0 debian/libssl-dev +# cd debian/tmp && install -d `cat ../dirs` +# cd debian/libssl09 && install -d `cat ../libssl09.dirs` +# cd debian/libssl09-dev && install -d `cat ../libssl09-dev.dirs` + dh_installdirs +#openssl install + make -f Makefile install INSTALL_PREFIX=`pwd`/debian/tmp +# rm debian/tmp/usr/share/man/man1/openssl.1 +# rm debian/tmp/usr/share/man/man3/crypto.3 +# rm debian/tmp/usr/share/man/man3/ssl.3 +# rm debian/tmp/usr/lib/libcrypto.a +# rm debian/tmp/usr/lib/libssl.a # pic static libraries, nobody should need them # mv debian/tmp/usr/lib/libcrypto.a debian/tmp/usr/lib/libcrypto_pic.a # mv debian/tmp/usr/lib/libssl.a debian/tmp/usr/lib/libssl_pic.a cp -pf libcrypto.static debian/tmp/usr/lib/libcrypto.a cp -pf libssl.static debian/tmp/usr/lib/libssl.a +# mv debian/tmp/usr/lib/ssl/bin debian/tmp/usr/bin/ssl +# (cd debian/tmp/usr/lib/ssl; ln -s /usr/bin/ssl bin) +# mv debian/tmp/usr/lib/ssl/include debian/tmp/usr/include/ssl +# (cd debian/tmp/usr/lib/ssl; ln -s /usr/include/ssl include) +# chmod -x debian/tmp/usr/lib/*.so.* +# mv debian/tmp/usr/lib/*.a debian/libssl09-dev/usr/lib/ +# mv debian/tmp/usr/lib/*.so debian/libssl09-dev/usr/lib/ +# mv debian/tmp/usr/lib/*.so.*.*.* debian/libssl09/usr/lib/ +# mv debian/tmp/usr/lib/*.la debian/libssl09-dev/usr/lib/ +# mv debian/tmp/usr/include debian/libssl09-dev/usr/ + # move runtime libraries to /lib + install -d debian/tmp/lib + mv debian/tmp/usr/lib/lib*.so.* debian/tmp/lib/ + ln -sf /lib/$$(readlink debian/tmp/usr/lib/libcrypto.so) debian/tmp/usr/lib/libcrypto.so + ln -sf /lib/$$(readlink debian/tmp/usr/lib/libssl.so) debian/tmp/usr/lib/libssl.so +ifneq ($(DEB_HOST_ARCH_OS),hurd) + # leave symlinks behind due to rpath in old versions + for x in debian/tmp/lib/lib*.so.*; do ln -s /lib/$$(basename $$x) debian/tmp/usr/lib/$$(basename $$x); done +endif mkdir -p debian/tmp/etc/ssl mv debian/tmp/usr/lib/ssl/{certs,openssl.cnf,private} debian/tmp/etc/ssl/ ln -s /etc/ssl/{certs,openssl.cnf,private} debian/tmp/usr/lib/ssl/ - cp -pf debian/tmp/usr/lib/libcrypto.so.* debian/libcrypto1.0.0-udeb/usr/lib/ - cp -auv lib*.so* debian/tmp/usr/lib/ - for opt in $(OPTS); do set -xe; mkdir -p debian/tmp/usr/lib/$$opt; cp -auv $$opt/lib*.so* debian/tmp/usr/lib/$$opt/; done + cp -pf debian/tmp/lib/libcrypto.so.* debian/libcrypto1.0.0-udeb/lib/ + cp -pf debian/tmp/lib/libssl.so.* debian/libssl1.0.0-udeb/lib/ + for opt in $(OPTS); do set -xe; mkdir -p debian/tmp/lib/$$opt; cp -auv $$opt/lib*.so* debian/tmp/lib/$$opt/; done install debian/copyright debian/libssl1.0.0/usr/share/doc/libssl1.0.0/ install debian/changelog debian/libssl1.0.0/usr/share/doc/libssl1.0.0/changelog.Debian install debian/copyright debian/libssl-dev/usr/share/doc/libssl-dev/ install debian/changelog debian/libssl-dev/usr/share/doc/libssl-dev/changelog.Debian - - dh_installdocs -a CHANGES.SSLeay README NEWS debian/README.optimization - dh_installexamples -a - dh_installchangelogs -a CHANGES +# (cd debian/tmp/usr/doc/openssl/doc; for f in *.doc*; do mv "$$f" "$$(echo $$f | sed -e 's/doc/txt/')";done) +# (cd doc; for f in *; do install "$$f" ../debian/tmp/usr/share/doc/openssl/doc/"$$(echo $$f | sed -e 's/doc/txt/')";done) +# debstd -u CHANGES* LICENSE README NEWS + + dh_installdocs CHANGES.SSLeay README NEWS debian/README.optimization + dh_installexamples + dh_installchangelogs CHANGES +# dh_installmenu +# dh_installcron dh_installman -popenssl - dh_installdebconf -a - dh_movefiles -a - dh_compress -a + dh_installdebconf +# dh_undocumented c_rehash.1 + dh_movefiles +# rmdir debian/tmp/usr/lib/ssl/lib +# rmdir debian/tmp/usr/include/openssl +# rmdir debian/tmp/usr/include +# for opt in $(OPTS); do set -xe; rm -fr debian/tmp/lib/$$opt; done + dh_compress +# symlink doc files + for p in openssl libssl-dev; do \ + for f in changelog.Debian.gz changelog.gz copyright; do \ + ln -sf ../libssl1.0.0/$$f debian/$$p/usr/share/doc/$$p/$$f; \ + done; \ + done chmod 700 debian/openssl/etc/ssl/private - dh_fixperms -a -X etc/ssl/private - dh_strip -a --dbg-package=libssl1.0.0 - dh_perl -a -d - dpkg-gensymbols -Pdebian/libssl1.0.0/ -plibssl1.0.0 -c4 - dh_makeshlibs -a -V "libssl1.0.0 (>= 1.0.0)" --add-udeb="libcrypto1.0.0-udeb" - dh_shlibdeps -a -L libssl1.0.0 -l debian/libssl1.0.0/usr/lib - dh_gencontrol -a - dh_installdeb -a - dh_md5sums -a - dh_builddeb -a + dh_fixperms -X etc/ssl/private + dh_strip --dbg-package=libssl1.0.0 + dh_perl -d +# dh_suidregister + dh_makeshlibs -V "libssl1.0.0 (>= 1.0.0)" --add-udeb="libcrypto1.0.0-udeb" + sed -i '/^udeb: libssl/s/libcrypto1.0.0-udeb/libssl1.0.0-udeb/' debian/libssl1.0.0/DEBIAN/shlibs + dh_shlibdeps -L libssl1.0.0 -l debian/libssl1.0.0/lib + dh_gencontrol + dh_installdeb + dh_md5sums + dh_builddeb echo -en "\a" # Below here is fairly generic really binary: binary-indep binary-arch -.PHONY: binary binary-arch binary-indep clean install +source diff: + @echo >&2 'source and diff are obsolete - use dpkg-source -b'; false + +.PHONY: binary binary-arch binary-indep clean