openssl-blacklist (0.4.2~bpo40+1) etch-backports; urgency=low

  * backports to etch
  * Pre-Depend on dpkg (>= 1.10.24)

 -- Christoph Martin <Christoph.Martin@Uni-Mainz.DE>  Thu, 19 Jun 2008 21:54:20 +0200

openssl-blacklist (0.4.2) unstable; urgency=low

  * Add openssl to the Build-Deps, since it is required for the tests.

 -- Kees Cook <kees@outflux.net>  Tue, 17 Jun 2008 15:27:38 -0700

openssl-blacklist (0.4.1) unstable; urgency=low

  [ Jamie Strandboge ]
  * add RSA-4096 blacklist for le64
  * install RSA-4096 blacklist
  * don't send STDERR to STDOUT as this may interfere with obtaining the
    modulus with long bits

  [ Kees Cook ]
  * debian/rules:
    - add new examples (using wildcards)
    - include run of internal tests during build
  * debian/control: bump to standards version 3.8.0 (no changes needed)

 -- Kees Cook <kees@outflux.net>  Mon, 16 Jun 2008 11:48:09 -0700

openssl-blacklist (0.4) unstable; urgency=low

  * allow checking of certificate requests
  * only check moduli with an exponent of 65537 (the default on Debian/Ubuntu)
  * update gen_certs.sh for when ~/.rnd does not exist when openssl is run
    which can happen with openssl 0.9.8g and higher
  * update gen_certs.sh to use '0' (in case of PID randomization)
  * added more examples
  * only prompt once for password (Closes: #483500)
  * properly cache database reads when bits are same
  * added '-m' and '-b' arguments. This is helpful for applications calling
    openssl-vulnkey when the modulus and bits are known, such as openvpn.
  * man page updates
  * added test.sh
  * added blacklists for when ~/.rnd does not exist when openssl is run
    (LP: #232104)
  * added 512 bit and partial 4096 blacklists (need le64) (LP: #231014)
  * reorganized source databases, and ship the new gen_certs.sh format
  * debian/rules: updated to use new blacklist format and organization
  * create openssl-blacklist-extra package (but don't ship 4096 yet)

 -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 10 Jun 2008 09:09:48 -0400

openssl-blacklist (0.3.2) unstable; urgency=low

  * debian/{rules,dirs,openssl-blacklist.install}: move openssl-vulnkey to
    /usr/bin (Closes: #482435).
  * examples/gen_certs.sh:
    - test for fixed libssl versions (Closes: #483310).
    - correctly skip pre-existing PEM files, thanks to Michel Meyers
      (Closes: #483542).
    - skip invalid pid 32768.
  * openssl-vulnkey: allow reading from stding, based on patch from
    Daniel Kahn Gillmor (Closes: #482427).
  * debian/control: swap maintainer so Ubuntu syncs do not get confused.

 -- Kees Cook <kees@outflux.net>  Thu, 29 May 2008 15:19:16 -0700

openssl-blacklist (0.3.1) unstable; urgency=low

  * openssl-vulnkey: fix typo in manpage.
  * debian/control: add Vcs details, adjust uploaders line.
  * debian/rules: switch to using dh_installexamples.

 -- Kees Cook <kees@outflux.net>  Wed, 28 May 2008 13:25:46 -0700

openssl-blacklist (0.3) unstable; urgency=low

  * Initial Debian release (keeping changelog for clarity), Closes: #482047.

 -- Kees Cook <kees@outflux.net>  Wed, 21 May 2008 03:58:17 -0700

openssl-blacklist (0.2) intrepid; urgency=low

  * update openssl-vulnkey to also check x509 certificates, with corresponding
    manpage update
  * support 512, 4096 and 8192 databases
  * don't exit if can't open the database (this way databases can optionally be
    added
  * publish complete RSA-1024 and RSA-2048 blacklist for all available
    architectures on Ubuntu
  * fix manpage typos
  * debian/control: use net/optional
  * use python-central and follow DebianPython/NewPolicy
  * added get_certs.sh and getpid.c

 -- Jamie Strandboge <jamie@ubuntu.com>  Fri, 16 May 2008 08:32:13 -0400

openssl-blacklist (0.1-0ubuntu0.8.04.2) hardy-security; urgency=low

  * openssl-vulnkey: 
    - Don't exit if the key cannot be parsed.
    - Don't fail if stderr is not available. (LP: #230193)

 -- Mathias Gug <mathiaz@ubuntu.com>  Wed, 14 May 2008 14:24:07 +0200

openssl-blacklist (0.1-0ubuntu0.8.04.1) hardy-security; urgency=low

  * no change rebuild for -security 

 -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 13 May 2008 04:02:50 -0400

openssl-blacklist (0.1) unstable; urgency=low

  * Initial release.

 -- Jamie Strandboge <jamie@ubuntu.com>  Fri, 12 May 2008 15:44:32 -0400

