openssl-blacklist (0.3.3+0.4-0ubuntu0.7.04.2) feisty-security; urgency=low * add RSA-4096 blacklist for le64 * install RSA-4096 blacklist * don't send STDERR to STDOUT as this may interfere with obtaining the modulus with long bits -- Jamie Strandboge Mon, 16 Jun 2008 13:55:40 -0400 openssl-blacklist (0.3.3+0.4-0ubuntu0.7.04.1) feisty-security; urgency=low * allow checking of certificate requests * only check moduli with an exponent of 65537 (the default on Debian/Ubuntu) * update gen_certs.sh for when ~/.rnd does not exist when openssl is run which can happen with openssl 0.9.8g and higher * update gen_certs.sh to use '0' (in case of PID randomization) * added more examples * only prompt once for password (Closes: #483500) * properly cache database reads when bits are same * added '-m' and '-b' arguments. This is helpful for applications calling openssl-vulnkey when the modulus and bits are known, such as openvpn. * man page updates * added test.sh * added blacklists for when ~/.rnd does not exist when openssl is run (LP: #232104) * added 512 bit and partial 4096 blacklists (need le64) (LP: #231014) * reorganized source databases, and ship the new gen_certs.sh format * debian/rules: updated to use new blacklist format and organization * create openssl-blacklist-extra package (but don't ship 4096 yet) * Modify Maintainer value to match the DebianMaintainerField specification. -- Jamie Strandboge Wed, 11 Jun 2008 16:43:29 -0400 openssl-blacklist (0.3.2) unstable; urgency=low * debian/{rules,dirs,openssl-blacklist.install}: move openssl-vulnkey to /usr/bin (Closes: #482435). * examples/gen_certs.sh: - test for fixed libssl versions (Closes: #483310). - correctly skip pre-existing PEM files, thanks to Michel Meyers (Closes: #483542). - skip invalid pid 32768. * openssl-vulnkey: allow reading from stding, based on patch from Daniel Kahn Gillmor (Closes: #482427). * debian/control: swap maintainer so Ubuntu syncs do not get confused. -- Kees Cook Thu, 29 May 2008 15:19:16 -0700 openssl-blacklist (0.3.1) unstable; urgency=low * openssl-vulnkey: fix typo in manpage. * debian/control: add Vcs details, adjust uploaders line. * debian/rules: switch to using dh_installexamples. -- Kees Cook Wed, 28 May 2008 13:25:46 -0700 openssl-blacklist (0.3) unstable; urgency=low * Initial Debian release (keeping changelog for clarity), Closes: #482047. -- Kees Cook Wed, 21 May 2008 03:58:17 -0700 openssl-blacklist (0.2) intrepid; urgency=low * update openssl-vulnkey to also check x509 certificates, with corresponding manpage update * support 512, 4096 and 8192 databases * don't exit if can't open the database (this way databases can optionally be added * publish complete RSA-1024 and RSA-2048 blacklist for all available architectures on Ubuntu * fix manpage typos * debian/control: use net/optional * use python-central and follow DebianPython/NewPolicy * added get_certs.sh and getpid.c -- Jamie Strandboge Fri, 16 May 2008 08:32:13 -0400 openssl-blacklist (0.1-0ubuntu0.8.04.2) hardy-security; urgency=low * openssl-vulnkey: - Don't exit if the key cannot be parsed. - Don't fail if stderr is not available. (LP: #230193) -- Mathias Gug Wed, 14 May 2008 14:24:07 +0200 openssl-blacklist (0.1-0ubuntu0.8.04.1) hardy-security; urgency=low * no change rebuild for -security -- Jamie Strandboge Tue, 13 May 2008 04:02:50 -0400 openssl-blacklist (0.1) unstable; urgency=low * Initial release. -- Jamie Strandboge Fri, 12 May 2008 15:44:32 -0400