1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
|
mbedtls (2.4.2-1+deb9u3) stretch-security; urgency=high
* Fix CVE-2018-0497:
Remote plaintext recovery on use of CBC based ciphersuites through a
timing side-channel. (Closes: #904821)
* Fix CVE-2018-0498:
Plaintext recovery on use of CBC based ciphersuites through a cache
based side-channel.
-- James Cowgill <jcowgill@debian.org> Sun, 09 Sep 2018 17:02:04 +0100
mbedtls (2.4.2-1+deb9u2) stretch-security; urgency=high
* Fix CVE-2017-18187:
Unsafe bounds check in ssl_parse_client_psk_identity().
* Fix CVE-2018-0487:
Buffer overflow when verifying RSASSA-PSS signatures. (Closes: #890288)
* Fix CVE-2018-0488:
Buffer overflow when truncated HMAC is enabled. (Closes: #890287)
-- James Cowgill <jcowgill@debian.org> Mon, 05 Mar 2018 18:24:47 +0000
mbedtls (2.4.2-1+deb9u1) stretch-security; urgency=high
* Fix CVE-2017-14032:
If optional authentication is configured, allows remote attackers to
bypass peer authentication via an X.509 certificate chain with many
intermediates. (Closes: #873557)
-- James Cowgill <jcowgill@debian.org> Fri, 01 Sep 2017 09:29:59 +0100
mbedtls (2.4.2-1) unstable; urgency=high
* New upstream version.
- Fixes CVE-2017-2784 - freeing of memory allocated on the stack when
validating a public key with a secp224k1 curve. (Closes: #857560)
* debian/rules:
- Run testsuite inside faketime to prevent it suddenly failing in the
future. Thanks Niels Thykier!
-- James Cowgill <jcowgill@debian.org> Tue, 14 Mar 2017 10:54:33 +0000
mbedtls (2.4.0-1) unstable; urgency=medium
* New upstream version.
* debian/control:
- Mark libmbedtls-doc multi-arch foreign.
* debian/libmbedtls10.symbols:
- Add new symbols found in 2.4.
* debian/patches:
- Drop 02_ssl_time_t.patch - alternate fix applied upstream.
- Refresh 01_config.patch.
-- James Cowgill <jcowgill@debian.org> Tue, 18 Oct 2016 20:16:37 +0100
mbedtls (2.3.0-1) unstable; urgency=medium
* New upstream version.
* debian/copyright:
- Update dates and my email address.
* debian/patches:
- Refresh 01_config.patch.
- Drop 02_x32.patch -- applied upstream.
- Add 02_ssl_time_t.patch. Fixes compile error when including
mbedtls/ssl.h.
-- James Cowgill <jcowgill@debian.org> Tue, 28 Jun 2016 18:11:54 +0100
mbedtls (2.2.1-3) unstable; urgency=medium
* debian/control:
- Use my debian.org email address.
- Bump standards to 3.9.8 (no changes).
* debian/patches:
- Add 02_x32.patch to fix FTBFS on x32.
* debian/rules:
- Enable all hardening options.
-- James Cowgill <jcowgill@debian.org> Wed, 18 May 2016 17:21:39 +0100
mbedtls (2.2.1-2) unstable; urgency=medium
* debian/control:
- Use secure Vcs-Git URL.
* debian/libmbedcrypto0.lintian-override:
- Drop now that lintian itself has been fixed.
* debian/rules:
- Don't build arch:any packages in arch:all build.
* debian/*.symbols:
- Drop unnecessary patch level from symbol file versions.
* debian/tests:
- Add an autopkgtest which compiles and runs the selftest program.
-- James Cowgill <james410@cowgill.org.uk> Sat, 16 Jan 2016 00:12:49 +0000
mbedtls (2.2.1-1) unstable; urgency=medium
* New upstream version.
-- James Cowgill <james410@cowgill.org.uk> Tue, 05 Jan 2016 13:15:33 +0000
mbedtls (2.2.0-1) unstable; urgency=medium
* New upstream version.
* debian/changelog:
- Include changelog entries from the polarssl package.
* debian/*.symbols:
- Add new symbols introduced in 2.2.
* debian/rules:
- Don't build documentation in binary-only builds.
-- James Cowgill <james410@cowgill.org.uk> Tue, 15 Dec 2015 14:43:09 +0000
mbedtls (2.1.2-1) unstable; urgency=medium
* Initial release. (Closes: #801420)
-- James Cowgill <james410@cowgill.org.uk> Fri, 16 Oct 2015 12:55:27 +0100
polarssl (1.3.9-2.1) unstable; urgency=high
* Non-maintainer upload.
* Add CVE-2015-1182.patch patch.
CVE-2015-1182: Denial of service and possible remote code execution
using crafted certificates. (Closes: #775776)
-- Salvatore Bonaccorso <carnil@debian.org> Wed, 21 Jan 2015 22:09:05 +0100
polarssl (1.3.9-2) unstable; urgency=medium
* Disabled POLARSSL_SSL_PROTO_SSL3 at compile time to prevent potential
attacks, TLS considered standard for clients now, and consistency w/
OpenSSL in Debian
-- Roland Stigge <stigge@antcom.de> Fri, 07 Nov 2014 10:28:34 +0100
polarssl (1.3.9-1) unstable; urgency=medium
* New upstream release
-- Roland Stigge <stigge@antcom.de> Wed, 05 Nov 2014 18:34:31 +0100
polarssl (1.3.8-1) unstable; urgency=medium
* New upstream release
* debian/control: Adjust package description, thanks to Paul Bakker
(upstream)
* Removed CVE-2014-4911.patch (integrated upstream)
-- Roland Stigge <stigge@antcom.de> Sun, 31 Aug 2014 14:13:55 +0200
polarssl (1.3.7-2.1) unstable; urgency=high
* Non-maintainer upload with maintainers approval.
* Add CVE-2014-4911.patch patch.
CVE-2014-4911: Fix Denial of Service against GCM enabled servers (and
clients). (Closes: #754655)
-- Salvatore Bonaccorso <carnil@debian.org> Tue, 15 Jul 2014 21:39:13 +0200
polarssl (1.3.7-2) unstable; urgency=medium
* Enabled POLARSSL_THREADING_C and POLARSSL_THREADING_PTHREAD in config,
recommended for Debian by upstream
-- Roland Stigge <stigge@antcom.de> Mon, 05 May 2014 21:35:56 +0200
polarssl (1.3.7-1) unstable; urgency=medium
* New upstream release (Closes: #745720)
* Fixed .so link in libpolarssl-dev.links (Closes: #745716)
-- Roland Stigge <stigge@antcom.de> Fri, 02 May 2014 16:36:34 +0200
polarssl (1.3.6-1) unstable; urgency=medium
* New upstream release, SONAME version 6
-- Roland Stigge <stigge@antcom.de> Sat, 12 Apr 2014 10:18:43 +0200
polarssl (1.3.4-1) unstable; urgency=medium
* New upstream release
-- Roland Stigge <stigge@antcom.de> Sun, 02 Feb 2014 11:42:57 +0100
polarssl (1.3.3-1) unstable; urgency=medium
* New upstream release
* debian/control: Standards-Version: 3.9.5
-- Roland Stigge <stigge@antcom.de> Wed, 01 Jan 2014 19:07:10 +0100
polarssl (1.3.2-1) unstable; urgency=low
* New upstream release
* New SONAME (and adjustment to upstream SONAME counting) required new
libpolarssl5
-- Roland Stigge <stigge@antcom.de> Tue, 05 Nov 2013 22:08:08 +0100
polarssl (1.3.1-2) unstable; urgency=low
* Fixed FTBFS on big endian arches via upstream patch (Closes: #727116)
-- Roland Stigge <stigge@antcom.de> Tue, 22 Oct 2013 16:56:09 +0200
polarssl (1.3.1-1) unstable; urgency=low
* New upstream release
- Fixes CVE-2013-5914, CVE-2013-5915 (Closes: #725359)
- Fixes CVE-2013-4623 (Closes: #719954)
- Fixes CVE-2009-3555 (Closes: #704946)
-- Roland Stigge <stigge@antcom.de> Wed, 16 Oct 2013 19:35:28 +0200
polarssl (1.2.8-2) unstable; urgency=low
* Activate HAVEGE config option manually, needed since 1.2.8
-- Roland Stigge <stigge@antcom.de> Sun, 23 Jun 2013 11:11:31 +0200
polarssl (1.2.8-1) unstable; urgency=low
* New upstream release
-- Roland Stigge <stigge@antcom.de> Sat, 22 Jun 2013 14:18:26 +0200
polarssl (1.2.7-1) unstable; urgency=low
* New upstream release
-- Roland Stigge <stigge@antcom.de> Sun, 05 May 2013 14:05:39 +0200
polarssl (1.2.6-1) experimental; urgency=low
* New upstream release
* debian/control: Standards-Version: 3.9.4
-- Roland Stigge <stigge@antcom.de> Tue, 12 Mar 2013 20:37:01 +0100
polarssl (1.2.5-1) experimental; urgency=low
* New upstream release (Closes: #699887)
* Fixes CVE-2013-0169: Lucky 13 TLS protocol timing flaw
(Including CVE-2013-1621 and CVE-2013-1622)
-- Roland Stigge <stigge@antcom.de> Wed, 06 Feb 2013 21:13:35 +0100
polarssl (1.2.4-1) experimental; urgency=low
* New upstream release
-- Roland Stigge <stigge@antcom.de> Sat, 26 Jan 2013 14:56:16 +0100
polarssl (1.2.3-1) experimental; urgency=low
* New upstream release
-- Roland Stigge <stigge@antcom.de> Sat, 01 Dec 2012 11:07:42 +0100
polarssl (1.2.2-1) experimental; urgency=low
* New upstream release
-- Roland Stigge <stigge@antcom.de> Sun, 25 Nov 2012 11:22:55 +0100
polarssl (1.2.0-1) experimental; urgency=low
* New upstream release
* debian/control: Build-Depends: debhelper (>= 9) (debian/compat also)
-- Roland Stigge <stigge@antcom.de> Sat, 03 Nov 2012 14:41:30 +0100
polarssl (1.1.4-1) unstable; urgency=low
* New upstream release
-- Roland Stigge <stigge@antcom.de> Sat, 02 Jun 2012 12:46:22 +0200
polarssl (1.1.3-1) unstable; urgency=low
* New upstream release
-- Roland Stigge <stigge@antcom.de> Tue, 01 May 2012 16:59:47 +0200
polarssl (1.1.2-1) unstable; urgency=low
* New upstream release
* debian/control: Standards-Version: 3.9.3
-- Roland Stigge <stigge@antcom.de> Sat, 28 Apr 2012 12:46:20 +0200
polarssl (1.1.1-1) unstable; urgency=low
* New upstream release
-- Roland Stigge <stigge@antcom.de> Tue, 24 Jan 2012 00:19:31 +0100
polarssl (1.1.0-1) unstable; urgency=low
* New upstream release
* Updated debian/copyright
* Removed the following patches (fixed upstream now):
- 04-fix-type-rename.patch
- 05-fix-testsuite-hangs.patch
-- Roland Stigge <stigge@antcom.de> Fri, 23 Dec 2011 18:11:18 +0100
polarssl (1.0.0-3) unstable; urgency=low
* Added patch to fix testsuite hangs on s390x and sparc64, thanks
to Aurelien Jarno (Closes: #650045)
-- Roland Stigge <stigge@antcom.de> Sun, 27 Nov 2011 19:36:02 +0100
polarssl (1.0.0-2) unstable; urgency=low
* Fixed bad SO file link in libpolarssl-dev
-- Roland Stigge <stigge@antcom.de> Sun, 13 Nov 2011 13:54:08 +0100
polarssl (1.0.0-1) unstable; urgency=low
* New upstream release
-- Roland Stigge <stigge@antcom.de> Thu, 11 Aug 2011 23:10:01 +0200
polarssl (0.14.3-1) unstable; urgency=low
* New upstream release (Closes: #616114)
* New maintainer (Closes: #615247)
* Fixed debian/watch, thanks to Mats Erik Andersson (Closes: #620983)
* debian/control: Standards-Version: 3.9.2
* Source format: 3.0 (quilt)
* Included binaries in libpolarssl-runtime
* Included shared library in libpolarssl0
* Added testsuite build/run to build process
-- Roland Stigge <stigge@antcom.de> Mon, 25 Jul 2011 10:28:54 +0200
polarssl (0.12.1-1) unstable; urgency=low
* New upstream release.
* Use dh --with quilt for sexyness.
* Bump standards-version, no change needed.
* Tighten up dh build depend version.
* Add debian/README.source.
* Update watch file.
* Refresh patches.
-- Arnaud Cornet <acornet@debian.org> Sat, 07 Nov 2009 22:38:20 +0000
polarssl (0.11.1-1) unstable; urgency=low
* Fork xyssl package to polarssl to reflect upstream fork/takeover (Closes:
#536697).
* Refresh patches.
* Switch to DH 7.
* Bump Standards-Version, no change needed.
-- Arnaud Cornet <acornet@debian.org> Thu, 16 Jul 2009 14:34:32 +0200
xyssl (0.9-2) unstable; urgency=low
* Include md2 and md4 hashes algorithms (Closes: #496328).
-- Arnaud Cornet <acornet@debian.org> Mon, 25 Aug 2008 18:28:22 +0200
xyssl (0.9-1) unstable; urgency=low
* Add Homepage header.
* Fix watch file to match tarball name change (Closes: #453609).
* New Upstream Version
* Move libxyssl-dev to libdevel section.
* Move standards-version to 3.7.3 (no change).
* Licence change from LGPL to GPL, fix debian/copyright.
-- Arnaud Cornet <acornet@debian.org> Mon, 22 Oct 2007 23:35:33 +0200
xyssl (0.8-1) unstable; urgency=low
* New Upstream Version
* Drop makefile-install.patch.
* Update my mail address.
-- Arnaud Cornet <acornet@debian.org> Mon, 22 Oct 2007 23:22:53 +0200
xyssl (0.7-1) unstable; urgency=low
* New Upstream Version.
* Switch to quilt patch system.
* Dropped old makefile fix. Made new makefile fix in makefile-install.patch.
* Updated examples list.
-- Arnaud Cornet <arnaud.cornet@gmail.com> Sun, 08 Jul 2007 17:59:16 +0200
xyssl (0.6-1) unstable; urgency=low
* New upstream release
* Make watchfile stricter.
* makefile.patch: Fix completly wrong Makefile.
-- Arnaud Cornet <arnaud.cornet@gmail.com> Sun, 08 Apr 2007 11:39:33 +0200
xyssl (0.3-1) unstable; urgency=low
* New upstream release.
* No need for a dfsg anymore (files removed upstream).
* Now build/works on all archs (Closes:#402467).
-- Arnaud Cornet <arnaud.cornet@gmail.com> Mon, 1 Jan 2007 15:22:48 +0100
xyssl (0.2.dfsg.1-1) unstable; urgency=low
* New upstream release
* New architectures supported: arm and mips.
* Removed files that had an unclear copyright and licence from source
tarball (hence the dfsg in version).
-- Arnaud Cornet <arnaud.cornet@gmail.com> Fri, 8 Dec 2006 00:08:22 +0100
xyssl (0.1-1) unstable; urgency=low
* Initial release. (Closes:#396927)
-- Arnaud Cornet <arnaud.cornet@gmail.com> Thu, 02 Nov 2006 19:36:08 +0100
|
