openssl 1.0.1c-3ubuntu1 source package in Ubuntu

Changelog

openssl (1.0.1c-3ubuntu1) quantal; urgency=low

  * Resynchronise with Debian. Remaining changes:
    - debian/libssl1.0.0.postinst:
      + Display a system restart required notification on libssl1.0.0
        upgrade on servers.
      + Use a different priority for libssl1.0.0/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
    - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
      libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
      in Debian).
    - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
      rules}: Move runtime libraries to /lib, for the benefit of
      wpasupplicant.
    - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
      .pc.
    - debian/rules:
      + Don't run 'make test' when cross-building.
      + Use host compiler when cross-building.  Patch from Neil Williams.
      + Don't build for processors no longer supported: i586 (on i386)
      + Fix Makefile to properly clean up libs/ dirs in clean target.
      + Replace duplicate files in the doc directory with symlinks.
    - Unapply patch c_rehash-multi and comment it out in the series as it
      breaks parsing of certificates with CRLF line endings and other cases
      (see Debian #642314 for discussion), it also changes the semantics of
      c_rehash directories by requiring applications to parse hash link
      targets as files containing potentially *multiple* certificates rather
      than exactly one.
    - Bump version passed to dh_makeshlibs to 1.0.1 for new symbols.
    - debian/patches/tls12_workarounds.patch: workaround large client hello
      issue: Compile with -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 and
      with -DOPENSSL_NO_TLS1_2_CLIENT.
  * Dropped upstreamed patches:
    - debian/patches/CVE-2012-2110.patch
    - debian/patches/CVE-2012-2110b.patch
    - debian/patches/CVE-2012-2333.patch
    - debian/patches/CVE-2012-0884-extra.patch
    - most of debian/patches/tls12_workarounds.patch

openssl (1.0.1c-3) unstable; urgency=low

  * Disable padlock engine again, causes problems for hosts not supporting it.

openssl (1.0.1c-2) unstable; urgency=high

  * Fix renegiotation when using TLS > 1.0.  This breaks tor.  Patch from
    upstream.  (Closes: #675990)
  * Enable the padlock engine by default.
  * Change default bits from 1024 to 2048 (Closes: #487152)

openssl (1.0.1c-1) unstable; urgency=high

  * New upstream version
    - Fixes CVE-2012-2333 (Closes: #672452)

openssl (1.0.1b-1) unstable; urgency=high

  * New upstream version
    - Remaps SSL_OP_NO_TLSv1_1, so applications linked to 1.0.0
      can talk to servers supporting TLS 1.1 but not TLS 1.2
    - Drop rc4_hmac_md5.patch, applied upstream

openssl (1.0.1a-3) unstable; urgency=low

  * Use patch from upstream for the rc4_hmac_md5 issue.

openssl (1.0.1a-2) unstable; urgency=low

  * Fix rc4_hmac_md5 on non-i386/amd64 arches.

openssl (1.0.1a-1) unstable; urgency=high

  * New upstream version
    - Fixes CVE-2012-2110
    - Fix crash in rc4_hmac_md5 (Closes: #666405)
    - Fixes some issues with talking to other servers when TLS 1.1 and 1.2 is
      supported
    - Drop patches no_ssl2.patch vpaes.patch tls1.2_client_algorithms.patch,
      applied upstream.
 -- Marc Deslauriers <email address hidden>   Fri, 29 Jun 2012 13:01:30 -0400