debian/0000775000000000000000000000000012320577513007175 5ustar debian/libssl1.0.0.files0000664000000000000000000000016412263334623012066 0ustar lib/*/*.so.*.*.* lib/*/*/*.so.*.*.* lib/*/i686/cmov/*.so.*.*.* usr/lib/*/*.so.*.*.* usr/lib/*/openssl-1.0.0/engines debian/control0000664000000000000000000000742112263334623010603 0ustar Source: openssl Build-Depends: debhelper (>= 9), m4, bc, dpkg-dev (>= 1.15.7) Section: utils Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Debian OpenSSL Team Uploaders: Christoph Martin , Kurt Roeckx Standards-Version: 3.9.5 XS-Debian-Vcs-Browser: http://svn.debian.org/wsvn/pkg-openssl/openssl XS-Debian-Vcs-Svn: svn://svn.debian.org/pkg-openssl/openssl/ Package: openssl Priority: optional Architecture: any Depends: ${shlibs:Depends}, ${perl:Depends}, ${misc:Depends} Suggests: ca-certificates Description: Secure Sockets Layer toolkit - cryptographic utility This package is part of the OpenSSL project's implementation of the SSL and TLS cryptographic protocols for secure communication over the Internet. . It contains the general-purpose command line binary /usr/bin/openssl, useful for cryptographic operations such as: * creating RSA, DH, and DSA key parameters; * creating X.509 certificates, CSRs, and CRLs; * calculating message digests; * encrypting and decrypting with ciphers; * testing SSL/TLS clients and servers; * handling S/MIME signed or encrypted mail. Package: libssl1.0.0 Section: libs Priority: important Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends} Description: Secure Sockets Layer toolkit - shared libraries This package is part of the OpenSSL project's implementation of the SSL and TLS cryptographic protocols for secure communication over the Internet. . It provides the libssl and libcrypto shared libraries. Package: libcrypto1.0.0-udeb XC-Package-Type: udeb Section: debian-installer Priority: optional Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: Secure Sockets Layer toolkit - libcrypto udeb This package is part of the OpenSSL project's implementation of the SSL and TLS cryptographic protocols for secure communication over the Internet. . It contains a version of the libcrypto shared library for use with the Debian Installer. Do not install it on a normal system. Package: libssl1.0.0-udeb XC-Package-Type: udeb Section: debian-installer Priority: optional Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: ssl shared library - udeb libssl shared library. . Do not install it on a normal system. Package: libssl-dev Section: libdevel Priority: optional Architecture: any Multi-Arch: same Recommends: libssl-doc Depends: libssl1.0.0 (= ${binary:Version}), zlib1g-dev, ${misc:Depends} Description: Secure Sockets Layer toolkit - development files This package is part of the OpenSSL project's implementation of the SSL and TLS cryptographic protocols for secure communication over the Internet. . It contains development libraries, header files, and manpages for libssl and libcrypto. Package: libssl-doc Section: doc Priority: optional Architecture: all Replaces: libssl-dev (<< 1.0.0) Breaks: libssl-dev (<< 1.0.0) Depends: ${shlibs:Depends}, ${perl:Depends}, ${misc:Depends} Description: Secure Sockets Layer toolkit - development documentation This package is part of the OpenSSL project's implementation of the SSL and TLS cryptographic protocols for secure communication over the Internet. . It contains manpages and demo files for libssl and libcrypto. Package: libssl1.0.0-dbg Section: debug Priority: extra Architecture: any Multi-Arch: same Depends: libssl1.0.0 (= ${binary:Version}), ${misc:Depends} Description: Secure Sockets Layer toolkit - debug information This package is part of the OpenSSL project's implementation of the SSL and TLS cryptographic protocols for secure communication over the Internet. . It contains debugging symbols for libssl and libcrypto. debian/openssl.files0000664000000000000000000000023010323246103011664 0ustar usr/share/man/man1 usr/share/man/man5 usr/share/man/man7 usr/bin usr/lib/ssl/misc usr/lib/ssl/certs usr/lib/ssl/openssl.cnf usr/lib/ssl/private etc/ssl debian/libssl1.0.0.symbols0000664000000000000000000000033312104524230012437 0ustar libcrypto.so.1.0.0 libssl1.0.0 #MINVER# *@OPENSSL_1.0.0 1.0.0 *@OPENSSL_1.0.1 1.0.1 *@OPENSSL_1.0.1d 1.0.1d libssl.so.1.0.0 libssl1.0.0 #MINVER# *@OPENSSL_1.0.0 1.0.0 *@OPENSSL_1.0.1 1.0.1 *@OPENSSL_1.0.1d 1.0.1d debian/openssl.docs0000664000000000000000000000017711501500627011527 0ustar doc/fingerprints.txt doc/HOWTO doc/openssl_button.gif doc/openssl_button.html doc/openssl.txt doc/README doc/standards.txt FAQ debian/README.debian0000664000000000000000000000411210425453631011272 0ustar openssl for DEBIAN ---------------------- openssl replaces ssleay. The application links to openssl like req, ca, verify and s_client have been removed. Instead of `` please call now `openssl ` eg: instead of `req` please call `openssl req` PATENT ISSUES ------------- Some algorithms used in the library are covered by patents. As a result, the following algorithms in libcrypto have been disabled: - RC5 - MDC2 - IDEA Also see the patents section in the README file. Self-signed certs and webservers: --------------------------------- If you get with a selfsigned certificate and a webserver: > "The certificate is not approved for the attempted operation." Bodo_Moeller@public.uni-hamburg.de (Bodo Moeller) writes: >Probably you are using a CA certificate for your server; if you use >"openssl req" to generate a new key and self-signed certificate with >the default openssl.cnf, the certificate you get includes certain >X.509v3 extensions that make it unfit for use as a server certificate. >This was not so with earlier versions of the software because back >then there was far less X.509v3 support. > >To look at the certificate some HTTPS server presents to its cliens, >use "openssl s_client -port 443 -host your.server", store the output >(at least the part from "-----BEGIN CERTIFICATE-----" up to "-----END >CERTIFICATE-----", including these separators) in a file and use >"openssl x509 -in the_file_you_just_stored -text" to look at it in >readable form. If it has in the "X509v3 extensions section" any of >the following entries, it is not usable as a server certificate: > > X509v3 Basic Constraints: > CA:TRUE > > X509v3 Key Usage: > Certificate Sign, CRL Sign > >To quickly create a new server key and certificate that works with >Netscape, you can just copy the original openssl.cnf file and comment >out the "x509_extensions" entry in the "[ req ]" section. >The, use "openssl req ..." as before to create a new certificate and >key. Christoph Martin , Wed, 31 Mar 1999 16:00:51 +0200 debian/po/0000775000000000000000000000000012262570146007613 5ustar debian/po/nl.po0000664000000000000000000000730211501472257010565 0ustar # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # # Developers do not need to manually edit POT or PO files. # msgid "" msgstr "" "Project-Id-Version: openssl\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2007-11-14 20:03+0100\n" "Last-Translator: Bart Cornelis \n" "Language-Team: debian-l10n-dutch \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Poedit-Language: Dutch\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "" "Welke diensten moeten herstart worden (zodat ze de nieuwe bibliotheken " "gebruiken)?" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Deze uitgave van OpenSSL dicht een aantal veiligheidslekken. Andere " "achtergronddiensten maken pas gebruik van de nieuwe versie eens ze herstart " "zijn. Herstarten van de SSH-server (sshd) heeft normaal geen gevolgen voor " "bestande verbindingen." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Hierna volgt een lijst van gedetecteerde diensten die herstart moeten " "worden. Verbeter de lijst, als u denkt dat ze incorrect is. De namen moeten " "overeenkomen met de script-namen in /etc/init.d en moeten gescheiden worden " "door spaties. Als de lijst leeg is worden er geen diensten herstart." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Als er andere diensten mysterieus beginnen te falen na deze opwaardering, " "dient u deze te herstarten. Er wordt u ten zeerste aanbevolen uw machine te " "herstarten om SSL-gerelateerde problemen te vermijden." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Herstarten van sommige diensten na de OpenSSL-opwaardering is mislukt." #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "De volgende diensten konden niet herstart worden na de opwaardering van de " "OpenSSL-bibliotheek:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "U zult deze handmatig moeten herstarten via het commando '/etc/init.d/" " start'." #~ msgid "${services}" #~ msgstr "${services}" debian/po/nb.po0000664000000000000000000000656612234744477010600 0ustar # translation of openssl_0.9.8c-4_templates.po to Norwegian Bokmål # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Bjørn Steensrud , 2007. # Bjørn Steensrud , 2011. msgid "" msgstr "" "Project-Id-Version: openssl_0.9.8c-4_templates\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2011-12-29 14:19+0100\n" "Last-Translator: Bjørn Steensrud \n" "Language-Team: Norwegian Bokmål \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 1.2\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "" "Tjenester som skal startes på nytt slik at de bruker de nye bibliotekene." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Denne utgaven av OpenSSL retter noen sikkerhetsproblemer. Tjenester kan ikke " "bruke disse rettelsene før de er startet på nytt. Merk: om sshd startes på " "nytt blir antakelig ingen eksisterende tilkoblinger påvirket." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Kontroller lista over funne tjenester som trenger omstart. Rett på lista " "om den er feil. Tjenestenavnene må være lik skript-navnene i /etc/init.d, og " "være atskilt med mellomrom. Hvis du tømmer lista blir ingen tjenester " "omstartet." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Hvis andre tjenester begynner å svikte på mystisk måte etter denne " "oppgraderingen, så blir det anbefalt at maskinen stoppes og startes for å " "unngå vansker i " "forbindelse med SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Noen tjenester kunne ikke restartes for OpenSSL-oppgradering" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Følgende tjenester kunne ikke restartes for oppgradering av " "OpenSSL-biblioteket:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "Du må starte disse manuelt ved å kjøre «/etc/init.d/ start»." debian/po/ar.po0000664000000000000000000000743711501472257010567 0ustar # translation of openssl-ar.po to Arabic # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Ossama M. Khayat , 2007, 2010. msgid "" msgstr "" "Project-Id-Version: openssl-ar\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2010-09-09 01:29+0300\n" "Last-Translator: Ossama M. Khayat \n" "Language-Team: Arabic \n" "Language: ar\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 1.0\n" "Plural-Forms: nplurals=6; plural=n==1 ? 0 : n==0 ? 1 : n==2 ? 2: n%100>=3 && " "n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "الخدمات المطلوب إعادة تشغيلها لجعلها تستخدم المكتبات الجديدة:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "هذا الإصدار من OpenSSL يحل بعض المشاكل الأمنية. ولن تستخدم الخدمات هذه " "الحلول حتى يتم إعادة تشغيلها. الرجاء التنبه إلى أن إعادة تشغيل خادم SSH " "(sshd) لا يؤثر على أية اتصالات حالية." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "الرجاء التحقق من قائمة الخدمات المكتشفة والتي يجب إعادة تشغيلها وقم بتصحيحها " "إن كانت هناك حاجة لذلك. يجب أن تكون أسماء الخدمات مطابقة لأسماء ملفات شيفرات " "التشغيل في /etc/init.d وتفصلها مسافات. لن تتم إعادة تشغيل أية خدمات إن كانت " "القائمة فارغة." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "يجب إعادة تشغيل أية خدمة تفشل بشكل غير متوقع عقب عملية الترقية هذه. كما أنه " "من المستحسن إعادة تشغيل هذا الجهاز لتجنب أية مشاكل متعلقة بخدمة SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "فشل إعادة تشغيل بعض الخدمات لترقية OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "تعذر إعادة تشغيل الخدمات التالية لترقية مكتبة OpenSSL:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "يجب أن تقوم بتشغيل هذه الخدمات يدوياً بتفيذ الأمر '/etc/init.d/ " "start'." debian/po/tr.po0000664000000000000000000000634312146432460010603 0ustar # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Atila KOÇ , 2012. # msgid "" msgstr "" "Project-Id-Version: openssl\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2012-02-20 11:55+0200\n" "Last-Translator: Atila KOÇ \n" "Language-Team: Turkish \n" "Language: tr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "Yeni kitaplıkları kullanmaları için yeniden başlatılacak hizmetler:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "This release of OpenSSL fixes some security issues. Services will not use these fixes until they are restarted. Please note that restarting the SSH server (sshd) should not affect any existing connections." msgstr "OpenSSL paketinin bu sürümü bazı güvenlik sorunlarını düzeltmiştir. Hizmetler yeniden başlatılmadıkça bu düzeltmeleri kullanamayacaklar. SSH sunucusunun (sshd) yeniden başlatılması kurulu bağlantıları etkilemeyecektir." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Please check the list of detected services that need to be restarted and correct it, if needed. The services names must be identical to the initialization script names in /etc/init.d and separated by spaces. No services will be restarted if the list is empty." msgstr "Yeniden başlatılması gerektiği algılanan hizmetleri gözden geçiriniz ve gerekirse düzeltiniz. Hizmetlerin adları boşluklarla ayrılmalı ve /etc/init.d dizinindeki başlatma betikleri ile özdeş olmalıdır. Bu liste boş ise hiçbir hizmetin yeniden başlatılmasına gerek yoktur." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Any service that later fails unexpectedly after this upgrade should be restarted. It is recommended to reboot this host to avoid any SSL-related trouble." msgstr "Bu yükseltmeden sonra beklenmedik bir şekilde duran herhangi bir hizmet yeniden başlatılmalıdır. SSL ile bağlantılı bir sorun yaşamamak için en doğrusu bu sunucunun yeniden başlatılmasıdır." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "OpenSSL yükseltmesi sırasında bazı hizmetler yeniden başlatılamadı" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "The following services could not be restarted for the OpenSSL library upgrade:" msgstr "Aşağıdaki hizmetler OpenSSL kitaplıkları yükseltilirken yeniden başlatılamadı:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "You will need to start these manually by running '/etc/init.d/ start'." msgstr " '/etc/init.d/ start' komutunu çalıştırarak bu hizmetleri elle başlatmalısınız." debian/po/ml.po0000664000000000000000000001121111501472257010556 0ustar # English translation of openssl. # Copyright (C) 2007 THE openssl'S COPYRIGHT HOLDER # This file is distributed under the same license as the openssl package. # Praveen|പ്രവീണ്‍ A|എ , 2007. # # msgid "" msgstr "" "Project-Id-Version: openssl 20070415\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2007-04-14 07:15+0530\n" "Last-Translator: Praveen|പ്രവീണ്‍ A|എ \n" "Language-Team: Swathanthra|സ്വതന്ത്ര Malayalam|മലയാളം Computing|കമ്പ്യൂട്ടിങ്ങ് \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "പുിതിയ ലൈബ്രറികള്‍ ഉപയോഗിയ്ക്കാന്‍ പുനരാരംഭിയ്ക്കേണ്ട സേവനങ്ങള്‍:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "OpenSSL ന്റെ ഈ പതിപ്പ് ചില സുരക്ഷാ പ്രശ്നങ്ങളെ പരിഹരിയ്ക്കുന്നുണ്ട്. പുനരാരംഭിയ്ക്കുന്നത് വരെ " "സേവനങ്ങള്‍ ഈ പരിഹാരങ്ങള്‍ ഉപയോഗിയ്ക്കുന്നതല്ല. SSH സേവകന്‍ (sshd) പുനരാരംഭിയ്ക്കുന്നത് " "നേരത്തെയുള്ള ബന്ധങ്ങളെ ബാധിയ്ക്കുകയില്ല." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "ദയവായി പുനരാരംഭിയ്ക്കേണ്ടതായി കണ്ടുപിടിയ്ക്കപ്പെട്ട സേവനങ്ങളുടെ പട്ടിക ദയവായി " "പരിശോദിയ്ക്കുകയും ആവശ്യമെങ്കില്‍ തിരുത്തുകയും ചെയ്യുക. സേവന നാമങ്ങള്‍ /etc/init.d യിലെ ആരംഭ " "സ്ക്രിപ്റ്റ് നാമങ്ങളുമായി സമാനമായിരിയ്ക്കുയും സ്പേയ്സുകള്‍ കൊണ്ട് " "വേര്‍തിരിയ്ക്കപ്പെട്ടവയുമായിരിയ്ക്കണം. പട്ടിക ശൂന്യമാണെങ്കില്‍ സേവനങ്ങളൊന്നും പുനരാരംഭിയ്ക്കുന്നതല്ല." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "ഈ പുതുക്കലിന് ശേഷം പിന്നീട് അപ്രതീക്ഷിതമായി മുടങ്ങുന്ന ഏതൊരു സേവനങ്ങളേയും " "പുനരാരംഭിയ്ക്കേണ്ടതുണ്ട്. SSL ലുമായി ബന്ധപ്പെട്ട പ്രശ്നം ഒഴിവാക്കാന്‍ ഈ ഹോസ്റ്റിനെ " "പുനരാരംഭിയ്ക്കാന്‍ ശുപാര്‍ശ ചെയ്തിരിയ്ക്കുന്നു." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" debian/po/pt_BR.po0000664000000000000000000000735011501472257011165 0ustar # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # # Developers do not need to manually edit POT or PO files. # Flamarion Jorge , 2010. # msgid "" msgstr "" "Project-Id-Version: openssl\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2010-07-18 15:03-0300\n" "Last-Translator: Flamarion Jorge \n" "Language-Team: Brazilian Portuguese \n" "Language: pt_BR\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n > 1);\n" "pt_BR utf-8\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "" "Serviços a serem reiniciados para que possam utilizar as novas bibliotecas:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Esta versão do OpenSSL corrige alguns problemas de segurança. Os serviços " "não utilizarão essas correções até que sejam reiniciados. Por favor, note " "que reiniciar o servidor SSH (sshd) não deve afetar nenhuma conexão " "existente." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Por favor, confira a lista de serviços detectados que precisam ser " "reiniciados e a corrija, caso necessário. Os nomes dos serviços devem ser " "idênticos aos nomes dos scripts de inicialização em /etc/init.d e devem ser " "separados por espaços. Nenhum serviço será reiniciado caso a lista esteja " "vazia." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Qualquer serviço que falhar inesperadamente após esta atualização deverá ser " "reiniciado. É recomendado reinicializar este host para evitar qualquer " "problema relacionado a SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Falha ao reiniciar alguns serviços para a atualização do OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Os seguintes serviços não puderam ser reiniciados para a atualização da " "biblioteca OpenSSL:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Você terá que iniciá-los manualmente executando '/etc/init.d/ " "start'." debian/po/es.po0000664000000000000000000001041711501472257010564 0ustar # openssl translation to spanish # Copyright (C) 2004 Software in the Public Interest # This file is distributed under the same license as the openssl package. # # Changes: # - Initial translation # Lucas Wall , 2004 # # - Last revision # Manuel Porras Peralta «Venturi», 2007 # Maximiliano Marín, 2007 # # # Traductores, si no conoce el formato PO, merece la pena leer la # documentación de gettext, especialmente las secciones dedicadas a este # formato, por ejemplo ejecutando: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Equipo de traducción al español, por favor lean antes de traducir # los siguientes documentos: # # - El proyecto de traducción de Debian al español # http://www.debian.org/intl/spanish/coordinacion # especialmente las notas de traducción en # http://www.debian.org/intl/spanish/notas # # - La guía de traducción de po's de debconf: # /usr/share/doc/po-debconf/README-trans # o http://www.debian.org/intl/l10n/po-debconf/README-trans # msgid "" msgstr "" "Project-Id-Version: openssl 0.9.7d-3\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2007-05-01 17:20+0200\n" "Last-Translator: Manuel Porras Peralta «Venturi» \n" "Language-Team: Debian Spanish \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "" "Servicios que tienen que reiniciarse para que usen las nuevas bibliotecas:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Esta versión de OpenSSL corrige algunos problemas de seguridad. Los " "servicios no usarán los arreglos hasta que se reinicien. Tenga en cuenta que " "reiniciar el servicio SSH (sshd) no debería afectar a ninguna de las " "conexiones existentes." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Por favor, compruebe la lista de los servicios detectados que necesitan " "reiniciarse y corríjala si fuese necesario. Los nombres de los servicios " "deben ser idénticos a los nombres de los programas de inicio en «/etc/init." "d» y deben estar separados por espacios. No se reiniciará ningún servicio si " "deja la lista en blanco." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Tras esta actualización, debería reiniciar más tarde cualquier servicio que " "falle inesperadamente. Se recomienda reiniciar el sistema para evitar " "cualquier problema relacionado con SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Fallo al reiniciar algunos servicios por la actualización de OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "No fue posible reiniciar los servicios indicados a continuación por la " "actualización de OpenSSL: " #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Tendrá que iniciarlos manualmente ejecutando « /etc/init.d/ start " "» " #~ msgid "${services}" #~ msgstr "${services}" debian/po/lt.po0000664000000000000000000000745211501472257010601 0ustar # translation of openssl_0.9.8b-2_templates.po to Lithuanian # opensll debconf translation templates. # Copyright (C) 2003 Christoph Martin # This file is distributed under the same license as the openssl package. # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry'# # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans# # Developers do not need to manually edit POT or PO files. # # Gintautas Miliauskas , 2006. msgid "" msgstr "" "Project-Id-Version: openssl_0.9.8b-2_templates\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2006-06-19 01:32+0300\n" "Last-Translator: Gintautas Miliauskas \n" "Language-Team: Lithuanian \n" "Language: lt\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.11.2\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && (n" "%100<10 || n%100>=20) ? 1 : 2);\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 #, fuzzy msgid "Services to restart to make them use the new libraries:" msgstr "" "Kuriuos servisus norėtumėte paleisti iš naujo, kad jie naudotų naujas " "bibliotekas?" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 #, fuzzy msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Šioje versijoje ištaisytos saugumo skylės. Servisai nenaudos šių pataisymų, " "kol nebus iš naujo paleisti. Pastaba: sshd paleidimas iš naujo neturėtų " "turėti įtakos esamiems prisijungimams." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 #, fuzzy msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Pateiktas servisų, kuriuos reikėtų paleisti iš naujo, sąrašas. Jei matote " "klaidų, sąrašą pataisykite. Servisų vardai turi būti identiški atitinkamų " "paleidžiamųjų failų /etc/init.d kataloge vardams ir turi būti atskirti " "tarpais. Jei sąrašą paliksite tuščią, nė vienas servisas nebus iš naujo " "paleistas." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 #, fuzzy msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Jei kiti servisai po šio atnaujinimo sutriks, gali reikėti ir juos paleisti " "iš naujo. Rekomenduojame perkrauti sistemą, jei norite išvengti problemų, " "susijusių su SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" debian/po/sk.po0000664000000000000000000000620611501472260010565 0ustar msgid "" msgstr "" "Project-Id-Version: openssl 0.9.8e-5\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2008-01-21 11:41+0100\n" "Last-Translator: Ivan Masár \n" "Language-Team: Slovak \n" "Language: sk\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "Služby, ktoré sa majú reštartovať, aby začali používať nové knižnice:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Táto verzia OpenSSL opravuje niektoré bezpečnostné problémy. Služby nezačnú " "používať tieto opravy až pokým nebudú reštartované. Prosím, pamätajte, že " "reštartovanie SSH servera (sshd) by nemalo mať vplyv na žiadne už nadviazané " "spojenia." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Prosím, skontrolujte zoznam zistených služieb, ktoré sa majú reštartovať a " "ak je to potrebné, opravte ho. Názvy služieb musia byť rovnaké ako názvy " "inicializačných skriptov v /etc/init.d a oddelené medzerami. Ak tento zoznam " "bude prázdny, žiadne služby sa nebudú reštartovať." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Každá služba, ktorá po vykonaní tejto aktualizácie zlyhá, by mala byť " "reštartovaná. Odporúča sa reštartovať tento počítač, aby ste sa vyhli " "akýmkoľvek problémom týkajúcim sa SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "" "Počas aktualizácie knižnice OpenSSL sa nepodarilo sa reštartovať niektoré " "služby." #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Nasledovné služby nebolo možné reštartovať počas aktualizácie knižnice " "OpenSSL:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Budete ich musieť reštartovať ručne spustením „/etc/init.d/ start“." debian/po/ru.po0000664000000000000000000001026711501472260010600 0ustar # translation of openssl_0.9.8g-10.1_ru.po to Russian # This file is distributed under the same license as the PACKAGE package. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER. # # Yuriy Talakan' , 2006. # Yuriy Talakan' , 2007. # Yuri Kozlov , 2008. msgid "" msgstr "" "Project-Id-Version: openssl 0.9.8g-10.1\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2008-06-03 21:21+0400\n" "Last-Translator: Yuri Kozlov \n" "Language-Team: Russian \n" "Language: ru\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.11.4\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "Перезапускаемые службы для использования новой библиотеки:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Этот выпуск OpenSSL исправляет некоторые проблемы безопасности. Службы не " "могут использовать эти исправления, пока не будут перезапущены. Обратите " "внимание, что перезапуск сервера SSH (sshd) не повлияет на существующие " "соединения." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Проверьте список обнаруженных служб, которые надо перезапустить и поправьте " "его, если необходимо. Имена служб должны соответствовать именам сценариев " "запуска в /etc/init.d и должны быть разделены пробелами. Если список пустой, " "службы не будут перезапущены." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Надо перезапустить любую службу, которая после этого обновления неожиданно " "начнёт работать с ошибками. Рекомендуется перегрузить машину во избежание " "проблем, связанных с SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Не удалось перезапустить некоторые службы при обновлении OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Следующие службы не удалось перезапустить при обновлении библиотеки OpenSSL:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Вам нужно будет перезапустить их вручную с помощью команд '/etc/init.d/" "<служба> start'." debian/po/pl.po0000664000000000000000000000671412146432247010576 0ustar # Copyright (C) 2010 # This file is distributed under the same license as the openssl package. # # Michał Kułach , 2012. msgid "" msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2012-01-31 18:52+0100\n" "Last-Translator: Michał Kułach \n" "Language-Team: Polish \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 1.2\n" "Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " "|| n%100>=20) ? 1 : 2);\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "" "Usługi które mają być zrestartowane, aby mogły używać nowych bibliotek:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "To wydanie OpenSSL naprawia kilka problemów bezpieczeństwa. Usługi nie będą " "mogły skorzystać z tych poprawek, dopóki nie zostaną zrestartowane. Proszę " "zauważyć, że zrestartowanie serwera SSH (sshd) nie powinno mieć wpływu na " "istniejące połączenia." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Proszę sprawdzić listę wykrytych usług, które powinny zostać zrestartowane, i " "poprawić ją, jeśli to konieczne. Nazwy usług muszą się zgadzać z nazwami " "skryptów startowych w /etc/init.d i muszą być rozdzielone spacjami. Jeśli " "lista będzie pusta, żadne usługi nie zostaną zrestartowane." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Każda usługa w której wystąpi nieoczekiwany błąd po tej aktualizacji, powinna " "zostać zrestartowana. Zaleca się ponowne uruchomienie komputera, co umożliwi " "uniknięcie wszystkich problemów związanych z SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "" "Zrestartowanie niektórych usług podczas aktualizacji OpenSSL nie powiodło się" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Następujące usługi nie mogły zostać zrestartowane w celu aktualizacji " "biblioteki OpenSSL:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Należy zrestartować te usługi ręcznie, przez wykonanie \"/etc/init.d/ " "start\"" debian/po/fr.po0000664000000000000000000000731211501472257010564 0ustar # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans# # Developers do not need to manually edit POT or PO files. # msgid "" msgstr "" "Project-Id-Version: openssl_0.9.8e-4\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2007-11-11 18:47+0100\n" "Last-Translator: Michel Grentzinger \n" "Language-Team: French \n" "Language: fr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "Services à redémarrer afin d'utiliser les nouvelles bibliothèques :" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Cette version d'OpenSSL corrige certaines failles de sécurité. Les services " "n'utiliseront pas ces correctifs tant qu'ils n'auront pas été redémarrés. " "Veuillez noter que le redémarrage du serveur SSH (sshd) n'affectera aucune " "connexion existante." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Veuillez vérifier et corriger si nécessaire la liste des services devant " "être redémarrés. Les noms des services doivent être identiques aux noms des " "scripts présents dans /etc/init.d et doivent être séparés par des espaces. " "Si la liste est vide, aucun service ne sera redémarré." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Si d'autres services ne fonctionnent plus correctement après cette mise à " "jour, ils devront être redémarrés. Il est fortement recommandé de redémarrer " "le système pour éviter les problèmes liés à SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "" "Impossible de redémarrer certains services lors de la mise à jour d'OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Les services suivants ne peuvent pas être redémarrés lors de la mise à jour " "de la bibliothèque OpenSSL :" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Vous devrez les redémarrer vous-même avec la commande « /etc/init.d/" " start »." #~ msgid "${services}" #~ msgstr "${services}" debian/po/da.po0000664000000000000000000000647211501472257010547 0ustar # Danish translation openssl. # Copyright (C) 2010 openssl & Joe Hansen. # This file is distributed under the same license as the openssl package. # Claus Hindsgaul , 2004. # Claus Hindsgaul , 2007. # Joe Hansen , 2010. # msgid "" msgstr "" "Project-Id-Version: openssl\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2010-10-07 05:26+0100\n" "Last-Translator: Joe Hansen \n" "Language-Team: Danish \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "" "Tjenester der skal genstartes for at få dem til at benytte de nye " "biblioteker:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Denne version af OpenSSL retter nogle sikkerhedsproblemer. Tjenester vil " "ikke benytte disse rettelser, før de er blevet genstartet. Bemærk at det " "ikke vil påvirke eksisterende forbindelser at genstarte SSH-serveren (sshd)." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Tjek listen over fundne tjenester, som skal genstartes, og ret den om " "nødvendigt. Tjenestenavnene skal være identiske med " "initialiseringsskriptenes navne i /etc/init.d, og være adskilt med " "mellemrum. Hvis listen er tom, vil ingen tjenester blive genstartet." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Enhver tjeneste, der fejler uden grund efter denne opgradering, bør " "genstartes. Det anbefales at genstarte denne maskine for at undgå SSL-" "relaterede problemer." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Fejl ved genstart af nogle tjenester for OpenSSl-opgradering" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "De følgende tjenester kunne ikke genstartes for OpenSSL-" "biblioteksopgraderingen:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Du skal genstarte disse manuelt ved at køre '/etc/init.d/ start'." debian/po/it.po0000664000000000000000000000650511501472257010574 0ustar # openssl po-debconf translation to Italian (it) # Copyright (C) 2006 Software in the Public Interest # This file is distributed under the same license as the openssl package. # Luca Monducci , 2006-2008. # Giuseppe Sacco , 2007 # msgid "" msgstr "" "Project-Id-Version: openssl 0.9.8g italian debconf templates\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2008-01-19 21:17+0100\n" "Last-Translator: Luca Monducci \n" "Language-Team: Italian \n" "Language: it\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "Servizi da riavviare per l'uso delle nuove librerie:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Questo rilascio di OpenSSL corregge alcuni problemi legati alla sicurezza, " "ma i servizi non utilizzeranno queste correzioni finché non verranno " "riavviati. Notare che il riavvio del server SSH (sshd) non ha effetti sulle " "connessioni attive." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Controllare ed eventualmente correggere l'elenco dei servizi che devono " "essere riavviati. Il nome dei servizi, separati da spazi, devono essere gli " "stessi degli script di inizializzazione che si trovano in /etc/init.d. Se " "l'elenco è vuoto non verrà riavviato nessun servizio." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Qualsiasi servizio che si bloccasse in maniera imprevista dopo questo " "aggiornamento dovrà essere riavviato. Si consiglia di riavviare la macchina " "per evitare qualsiasi problema legato a SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Errore nel riavvio di alcuni servizi per l'aggiornamento di OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Non è stato possibile riavviare i seguenti servizi per l'aggiornamento di " "OpenSSL:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "È necessario avviarli manualmente con \"/etc/init.d/ start\"." debian/po/pt.po0000664000000000000000000000645411501472257010606 0ustar # Portuguese translation for openssl's debconf messages # Copyright (C) 2007, Carlos Lisboa # This file is distributed under the same license as the openssl package. # Carlos Lisboa , 2007. # msgid "" msgstr "" "Project-Id-Version: openssl\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2008-04-10 20:36+0100\n" "Last-Translator: Carlos Lisboa \n" "Language-Team: Portuguese \n" "Language: pt\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "Serviços a reiniciar para que usem as novas bibliotecas:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Este lançamento do OpenSSL resolve alguns problemas de segurança. Os " "serviços podem não usar as correcções até que sejam reiniciados. Note que " "reiniciar o servidor SSH (sshd) não deve afectar quaisquer ligações " "existentes." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Por favor verifique a lista de serviços detectados que necessitam de ser " "reiniciados e corrija-a, se necessário. Os nomes dos serviços devem ser " "idênticos aos nomes dos scripts de inicialização em /etc/init.d e separados " "por espaços. Nennhum serviço será reiniciado se a lista estiver vazia." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Qualquer serviço que mais tarde falhe de forma inesperada após esta " "actualização deverá ser reiniciado. É recomendado que reinicie este " "computador para evitar qualquer problema relacionado como SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Falha ao reiniciar alguns serviços para a actualização do OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Os seguintes serviços não poderam ser reiniciados para a actualização da " "biblioteca OpenSSL:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Terá que iniciá-los manualmente correndo '/etc/init.d/ start'." debian/po/cs.po0000664000000000000000000000707611501472257010571 0ustar # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # # Developers do not need to manually edit POT or PO files. # msgid "" msgstr "" "Project-Id-Version: openssl\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2008-05-12 19:14+0200\n" "Last-Translator: Miroslav Kure \n" "Language-Team: Czech \n" "Language: cs\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "Služby, které se mají restartovat, aby začaly využívat nové knihovny:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Toto vydání OpenSSL opravuje některé bezpečnostní problémy. Tyto opravy se v " "programech projeví až po jejich restartu. Poznamenejme, že restart SSH " "serveru (sshd) by neměl ovlivnit stávající spojení." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Zkontrolujte prosím seznam rozpoznaných služeb, které je třeba restartovat. " "Jestliže se vám zdá, že je seznam chybný, můžete jej upravit. Názvy služeb " "musí být shodné s názvy skriptů v adresáři /etc/init.d a musí být odděleny " "mezerami. Pokud seznam vymažete, nebude restartována žádná služba." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Jestliže po této aktualizaci začnou neočekávaně selhávat některé služby, " "měli byste je taktéž restartovat. Abyste se vyhnuli problémům spojeným se " "SSL, doporučujeme restartovat celý počítač." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Chyba při restartu některých služeb po aktualizaci OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Následující služby se nepodařilo po aktualizaci knihovny OpenSSL restartovat:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "Budete je muset spustit ručně příkazem „/etc/init.d/ start“." debian/po/ro.po0000664000000000000000000000700311501472257010572 0ustar # translation of ro.po to Romanian # Romanian translation of openssl. # Copyright (C) 2006 THE openssl'S COPYRIGHT HOLDER # This file is distributed under the same license as the openssl package. # # Stan Ioan-Eugen , 2006. # Eddy Petrișor , 2007, 2008. msgid "" msgstr "" "Project-Id-Version: ro\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2008-06-30 02:26+0300\n" "Last-Translator: Eddy Petrișor \n" "Language-Team: Romanian \n" "Language: ro\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.11.4\n" "Plural-Forms: nplurals=3; plural=n==1 ? 0 : (n==0 || (n%100 > 0 && n%100 < " "20)) ? 1 : 2;\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "Serviciile repornite pentru a asigura folosirea noilor biblioteci:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Cu această nouă versiune s-au rezolvat probleme de securitate. Serviciile nu " "vor folosi aceste îmbunătățiri dacă nu sunt repornite. A se reține că " "repornirea serverului SSH (sshd) nu ar trebui să afecteze conexiunile deja " "existente." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Verificați și corectați, dacă este nevoie, lista cu serviciile detectate " "care ar trebui repornite. Numele serviciilor trebuie să fie identice cu " "numele scripturilor de inițializare din /etc/init.d și trebuie să fie " "separate prin spații. Dacă lista este goală, nu va fi repornit nici un " "serviciu." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Orice alt serviciu care prezintă probleme neașteptate după această " "actualizare, ar trebui repornit. Recomandăm să reporniți calculatorul pentru " "a evita probleme legate de SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Eșec la repornirea unor servicii pentru actualizarea lui OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Următoarele servicii nu au putut fi repornite pentru actualizarea " "bibliotecii OpenSSL:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Va trebui să le porniți manual cu o comandă de tipul „/etc/init.d/ " "start'." debian/po/gl.po0000664000000000000000000000634711501472257010566 0ustar # Galician translation of openssl's debconf templates. # This file is distributed under the same license as the openssl package. # Jacobo Tarrio , 2006, 2007, 2008. # msgid "" msgstr "" "Project-Id-Version: openssl\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2008-05-13 00:08+0100\n" "Last-Translator: Jacobo Tarrio \n" "Language-Team: Galician \n" "Language: gl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "Servizos a reiniciar para facer que empreguen as novas bibliotecas:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Esta versión de OpenSSL arranxa algúns fallos de seguridade. Os servizos non " "han ter eses fallos arranxados ata que se reinicien. Teña en conta que " "reiniciar o servidor de SSH (sshd) non debería afectar a ningunha conexión " "existente." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Verifique a lista de servizos detectados que hai que reiniciar e corríxaa se " "é preciso. Os nomes dos servizos deben ser idénticos aos nomes dos scripts " "de inicialización de /etc/init.d e deben ir separados por espazos. Non se ha " "reiniciar ningún servizo se a lista está baleira." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Tamén se debería reiniciar calquera servizo que falle de xeito inesperado " "trala actualización. Recoméndase reiniciar esta máquina para evitar " "experimentar problemas relacionados con SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Problemas ao reiniciar algúns servizos para a actualización de OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Non se puido reiniciar os seguintes servizos para a actualización da " "biblioteca OpenSSL:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Ha ter que reinicialos manualmente executando \"/etc/init.d/ start" "\"." debian/po/ca.po0000664000000000000000000000664511501472257010550 0ustar # # Catalan translation for openssl package. # Copyright (C) 2007 Debian OpenSSL Team. # This file is distributed under the same license as the openssl package. # # Aleix Badia i Bosch , 2004 # Jordà Polo , 2007. # msgid "" msgstr "" "Project-Id-Version: openssl_0.9.8g-3\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2007-11-24 16:43+0100\n" "Last-Translator: Jordà Polo \n" "Language-Team: Català \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "Serveis que cal reiniciar perquè utilitzin les noves biblioteques:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Aquesta versió d'OpenSSL resol alguns problemes de seguretat. Els serveis no " "utilitzaran les correccions fins que no es tornin a iniciar. Fixeu-vos que " "reiniciar el servidor SSH (sshd) no hauria d'afectar cap de les connexions " "existents." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Si us plau, comproveu la llista de serveis detectats que caldria reiniciar, " "i esmeneu-la si és necessari. Els noms dels serveis han de ser idèntics als " "noms dels scripts que hi ha al directori /etc/init.d, i haurien d'estar " "separats per espais. Si la llista és buida no es reiniciarà cap servei." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Si després de l'actualització fallen altres serveis de forma inesperada, és " "possible que també calgui tornar a iniciar-los. Si els problemes relacionats " "amb SSL persisteixen, podeu reiniciar l'ordinador." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "" "S'ha trobat un error mentre es reiniciaven alguns serveis per " "l'actualització de l'OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "No s'han pogut reiniciar els següents serveis per l'actualització de la " "biblioteca OpenSSL:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Aquests els haureu d'iniciar manualment executant «/etc/init.d/ " "start»." #~ msgid "${services}" #~ msgstr "${services}" debian/po/zh_TW.po0000664000000000000000000000543211501472260011203 0ustar msgid "" msgstr "" "Project-Id-Version: openssl\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2007-04-18 01:10+0800\n" "Last-Translator: Tetralet \n" "Language-Team: Debian-user in Chinese [Big5] \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "必須重新啟動才能使用新函式庫的服務程式:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "這個 OpenSSL 的釋出版修正了一些安全上的問題。這些服務程式必須重新啟動否則無法" "套用這些修正。請注意到,重新啟動 SSH 服務程式 (sshd) 並不會影響到任何現有的連" "線。" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "請檢視被偵測到需重新啟動的服務程式之列表,有必要時請加以修正。這些服務程式名" "稱必須和 /etc/init.d 裡的初始化 Script 名稱一致,並以空白分隔。如果列表裡空無" "一物,就表示沒有服務程式會被重新啟動。" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "在此更新之後,必須將任何預料之外無法成功運行的服務程式重新啟動。建議重新啟動" "這台主機以避免發生任何 SSL 相關的問題。" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" debian/po/ko.po0000664000000000000000000000625711501472257010575 0ustar # Korean translations for openssl package # openssl 패키지에 대한 한국어 번역문. # Copyright (C) 2007 THE openssl'S COPYRIGHT HOLDER # This file is distributed under the same license as the openssl package. # Sunjae Park , 2007. # msgid "" msgstr "" "Project-Id-Version: openssl\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2007-04-11 13:43-0400\n" "Last-Translator: Sunjae Park \n" "Language-Team: Korean \n" "Language: ko\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "새 라이브러리를 사용하도록 재시작할 서비스 목록:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "이번 OpenSSL 릴리즈는 보안 문제를 몇 개 해결합니다. 서비스들을 재시작시킬 때" "까지는 이 문제들이 해결되지 않습니다. 참고로 SSH 서버(sshd)를 재시작시키더라" "도 기존 연결에는 영향을 주지 않을 것입니다." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "재시작시킬 서비스의 목록을 확인하시고 필요할 경우 목록을 수정하십시오. 서비스" "의 이름들은 /etc/init.d에 있는 초기화 스크립트의 이름과 같아야 하며 빈칸으로 " "구분되어야 합니다. 목록이 비어있을 경우에는 서비스를 재시작시키지 않습니다." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "이 업그레이드를 적용한 후 갑자기 오동작을 하는 서비스는 재시작시키십시오. " "SSL 관련된 문제가 없도록 이 호스트를 재부팅하시길 권장합니다." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" debian/po/POTFILES.in0000664000000000000000000000006011501472251011355 0ustar [type: gettext/rfc822deb] libssl1.0.0.templates debian/po/eu.po0000664000000000000000000000652611501472257010574 0ustar # translation of eu.po to Euskara # Openssl debconf template basque translation # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Piarres Beobide , 2007. msgid "" msgstr "" "Project-Id-Version: eu\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2007-12-21 10:56+0100\n" "Last-Translator: Piarres Beobide \n" "Language-Team: Euskara \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.11.4\n" "Plural-Forms: nplurals=2; plural=(n != 1)\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "" "Liburutegi berriak erabili ditzaten berrabiarazi behar diren zerbitzuak:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "OpenSSL bertsio honek zenbait segurtasun arazo konpontzen ditu. Zerbitzuak " "ez dituzte konponketa hauek erabiliko berrabiarazi arte. Kontutan izan SSH " "zerbitzua berrabiarazteak ez dituela sorturik dauden konexioei eragingo." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Mesedez egiaztatu antzemandako berrabiarazi beharra dute zerbitzuen zerrenda " "eta zuzendu behar izanez gero. Zerbitzu izenak /etc/init.d-eko abiarazte " "Script-en berdinak izan behar dira. Zerrenda hutsik utziaz ez da zerbitzurik " "berrabiaraziko." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Bertsio berritze honen ondoren esperogabe huts egiten duen edozein zerbitzu " "berrabiarazi egin beharko zenuke. Ostalari osoa berrabiaraztea gomendatzen " "da SSL inguruko arazoak saihesteko." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Huts OpenSSL bertsio-berritzerako zerbitzu batzuek berrabiaraztean." #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Hurrengo zerbitzuak ezin izan dira berrabiarazi OpenSSL liburutegi bertsio-" "berritzerako:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Eskuz berrabiarazi beharko dituzu '/etc/ init.d/ start' eginez." #~ msgid "${services}" #~ msgstr "${services}" debian/po/fi.po0000664000000000000000000000644311501472257010557 0ustar msgid "" msgstr "" "Project-Id-Version: openssl_0.9.8e-8\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2007-12-30 00:00+0200\n" "Last-Translator: Esko Arajärvi \n" "Language-Team: Finnish \n" "Language: fi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Poedit-Language: Finnish\n" "X-Poedit-Country: FINLAND\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "" "Palvelut, jotka käynnistetään uudelleen uusien kirjastojen käyttämiseksi:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Tämä OpenSSL:n julkaisu sisältää joitain turvapäivityksiä. Palvelut eivät " "käytä näitä päivityksiä ennen kuin ne on käynnistetty uudelleen. Huomaa, " "että SSH-palvelimen (sshd) uudelleenkäynnistyksen ei pitäisi vaikuttaa " "olemassa oleviin yhteyksiin." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Tarkista alla oleva lista löydetyistä palveluista, jotka pitää käynnistää " "uudelleen, ja korjaa sitä tarvittaessa. Palveluiden nimien pitää täsmätä " "hakemistossa /etc/init.d olevien alustustiedostojen nimiin ja olla " "välilyönnein eroteltuja. Jos lista on tyhjä, mitään palveluita ei " "käynnistetä uudelleen." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Palvelut, joissa esiintyy odottamattomia häiriöitä päivityksen jälkeen " "tulisi käynnistää uudelleen. On suositeltavaa käynnistää kone uudelleen SSL:" "än liittyvien ongelmien välttämiseksi." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "" "Joidenkin palveluiden käynnistäminen uudelleen OpenSSL:n päivityksen " "yhteydessä epäonnistui." #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Seuraavia palveluita ei voitu käynnistää uudelleen päivitettäessä OpenSSL-" "kirjasto:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Nämä tarvitsee käynnistää käsin ajamalla ”/etc/init.d/ start”." #~ msgid "${services}" #~ msgstr "${services}" debian/po/templates.pot0000664000000000000000000000430211501472257012333 0ustar # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" debian/po/vi.po0000775000000000000000000000675011501472260010575 0ustar # Vietnamese translation for OpenSSL. # Copyright © 2010 Free Software Foundation, Inc. # Clytie Siddall , 2005-2010. # msgid "" msgstr "" "Project-Id-Version: openssl 0.9.8o-2\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2010-10-27 15:40+1030\n" "Last-Translator: Clytie Siddall \n" "Language-Team: Vietnamese \n" "Language: vi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: LocFactoryEditor 1.8\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "Dịch vụ cần khởi chạy lại để sử dụng thư viện mới:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Phiên bản OpenSSL này sửa chữa một số vấn đề bảo mật. Dịch vụ sẽ chỉ sử dụng " "những sự sửa này sau khi khởi chạy lại. Ghi chú rằng việc khởi chạy lại " "trình phục vụ SSH (sshd) không nên ảnh hưởng đến kết nối đã có." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Hãy kiểm tra danh sách các dịch vụ đã phát hiện cần khởi chạy lại, và sửa " "chữa nếu cần thiết. Tên mỗi dịch vụ phải trùng với tên văn lệnh sơ khởi " "trong « /etc/init.d », các tên dịch vụ cũng định giới bằng dấu cách. Bỏ " "trống trường này thì không khời chạy dịch vụ nào." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Dịch vụ nào bị lỗi bất thường sau khi nâng cấp thì nên được khởi chạy lại. " "Khuyên bạn khởi động lại máy này để tránh vấn đề liên quan đến SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Lỗi khởi chạy lại một số dịch vụ để nâng cấp OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Những dịch vụ theo đây không khởi chạy lại được để nâng cấp thư viện OpenSSL:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Vì thế bạn cần phải khởi chạy bằng tay, bằng cách chạy câu lệnh « /etc/init." "d/ start »." debian/po/ja.po0000664000000000000000000000652411501472257010553 0ustar msgid "" msgstr "" "Project-Id-Version: openssl 0.9.8e-4\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2008-01-22 07:37+0900\n" "Last-Translator: Hideki Yamane (Debian-JP) \n" "Language-Team: Japanese \n" "Language: ja\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "新しいライブラリを使うために再起動するサービス:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "OpenSSL は、今回のリリースでセキュリティホールが修正されました。各サービスは" "再起動を行わないと、この修正されたライブラリを利用しません。注意: SSH サーバ " "(sshd) を再起動しても、現状の接続には何ら影響しません。" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "再起動が必要だと判断されたサービスのリストを確認してください。必要であれば修" "正してください。サービス名は /etc/init.d にあるスクリプトの名前を指し、空白で" "区切る必要があります。リストが空の場合は、どのサービスも再起動されません。" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "他のサービスがここでのアップグレードの後に何故かエラーを起こし始めた場合、そ" "れらも再起動する必要があります。SSL 関連のトラブルを避けるためには、マシンを" "再起動するのをお勧めします。" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "OpenSSL のアップグレードによって再起動に失敗したサービス" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "以下のサービスは OpenSSL ライブラリのアップグレードに伴った再起動を行うことが" "できませんでした。" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "開始するには '/etc/init.d/ start' を手動で実行する必要があります。" debian/po/de.po0000664000000000000000000000663711501472257010556 0ustar # German translation of openssl's debconf templates # Copyright (C) 2006-2008 Johannes Starosta # This file is distributed under the same license as the openssl package. # msgid "" msgstr "" "Project-Id-Version: openssl 0.9.8e-4\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2008-03-24 22:48+0100\n" "Last-Translator: Johannes Starosta \n" "Language-Team: German \n" "Language: de\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "" "Welche Dienste sollen erneut gestartet werden, damit sie die neuen " "Bibliotheken verwenden?" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "In dieser Version von OpenSSL wurden Sicherheitsprobleme behoben. Dienste " "werden diese Aktualisierungen nicht nutzen, bis sie neugestartet werden. " "Hinweis: Den SSH-Server (sshd) neu zu starten, dürfte keine bestehenden " "Verbindungen beeinträchtigen." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Es folgt nun eine Liste der erkannten Dienste, die neu gestartet werden " "sollten. Bitte berichtigen Sie die Liste, falls Sie glauben, dass sie Fehler " "enthält. Die Namen der Dienste müssen den Namen der Skripte in /etc/init.d " "entsprechen und werden durch Leerzeichen getrennt. Es wird kein Dienst neu " "gestartet, falls die Liste leer bleibt." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Falls andere Dienste nach diesem Upgrade ein merkwürdiges Fehlverhalten " "zeigen, könnte es nötig werden, sie ebenfalls neu zu starten. Es wird " "empfohlen, den Rechner neu zu starten, um Probleme mit SSL zu vermeiden." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Neustarten einiger Dienste beim OpenSSL-Upgrade fehlgeschlagen" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Die folgenden Dienste konnten beim Upgrade der OpenSSL-Bibliothek nicht neu " "gestartet werden:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Sie werden sie manuell durch Aufruf von »/etc/init.d/ start« starten " "müssen." debian/po/sv.po0000664000000000000000000000716511501472260010605 0ustar # translation of openssl_0.9.8g-10_sv.po to swedish # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # Developers do not need to manually edit POT or PO files. # # Martin Bagge , 2008. msgid "" msgstr "" "Project-Id-Version: openssl_0.9.8g-10_sv\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2008-05-23 00:17+0200\n" "Last-Translator: Martin Bagge \n" "Language-Team: swedish \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=ISO-8859-1\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.11.4\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "" "Tjnster som ska startas om fr att f dem att anvnda de nya biblioteken:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Den hr utgvan av OpenSSL rttar till ett antal skerhetsproblem. " "Tjnsterna kommer inte att anvnda dessa rttningar frrn de har startats " "om. Observera att omstart av SSH-servern (sshd) inte kommer att pverka " "befintliga anslutningar." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Undersk listan ver identifierade tjnster som behver startas om och gr " "ndringar i den om det behvs. Tjnstenamnen mste vara identiska fr " "initieringsskripten i /etc/init.d och mste separeras med blanksteg. Inga " "tjnster kommer att startas om om listan r tom." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Om andra tjnster senare brjar att f underliga problem efter denna " "uppgradering br de startas om. Vi rekommenderar att du startar om din " "dator fr att undvika SSL-relaterade problem." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Misslyckades med att starta om tjnster fr uppgraderingen av OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Fljande tjnster kunde inte startas om vid uppgraderingen av OpenSSL " "biblioteket:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Du mste starta om dessa tjnster manuellt genom att kra '/etc/init.d/" " start'" debian/changelog0000664000000000000000000035005012320577513011052 0ustar openssl (1.0.1f-1ubuntu2) trusty; urgency=medium * SECURITY UPDATE: side-channel attack on Montgomery ladder implementation - debian/patches/CVE-2014-0076.patch: add and use constant time swap in crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c, util/libeay.num. - CVE-2014-0076 * SECURITY UPDATE: memory disclosure in TLS heartbeat extension - debian/patches/CVE-2014-0160.patch: use correct lengths in ssl/d1_both.c, ssl/t1_lib.c. - CVE-2014-0160 -- Marc Deslauriers Mon, 07 Apr 2014 15:37:53 -0400 openssl (1.0.1f-1ubuntu1) trusty; urgency=low * Merge with Debian, remaining changes. - debian/libssl1.0.0.postinst: + Display a system restart required notification on libssl1.0.0 upgrade on servers. + Use a different priority for libssl1.0.0/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/rules: + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. + Don't build for processors no longer supported: i586 (on i386) + Fix Makefile to properly clean up libs/ dirs in clean target. + Replace duplicate files in the doc directory with symlinks. - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-* - debian/patches/ubuntu_deb676533_arm_asm.patch: Enable arm assembly code. - debian/rules: Enable optimized 64bit elliptic curve code contributed by Google. * Dropped changes: - debian/patches/arm64-support: included in debian-targets.patch - debian/patches/no_default_rdrand.patch: upstream - debian/patches/openssl-1.0.1e-env-zlib.patch: zlib is now completely disabled in debian/rules -- Marc Deslauriers Wed, 08 Jan 2014 15:57:24 -0500 openssl (1.0.1f-1) unstable; urgency=high * New upstream version - Fix for TLS record tampering bug CVE-2013-4353 - Drop the snapshot patch * update watch file to check for upstream signature and add upstream pgp key. * Drop conflicts against openssh since we now on a released version again. -- Kurt Roeckx Mon, 06 Jan 2014 18:50:54 +0100 openssl (1.0.1e-6) unstable; urgency=medium * Add Breaks: openssh-client (<< 1:6.4p1-1.1), openssh-server (<< 1:6.4p1-1.1). This is to prevent people running into #732940. This Breaks can be removed again when we stop using a git snapshot. -- Kurt Roeckx Mon, 23 Dec 2013 15:19:17 +0100 openssl (1.0.1e-5) unstable; urgency=low * Change default digest to SHA256 instead of SHA1. (Closes: #694738) * Drop support for multiple certificates in 1 file. It never worked properly in the first place, and the only one shipping in ca-certificates has been split. * Fix libdoc-manpgs-pod-spell.patch to only fix spalling errors * Remove make-targets.patch. It prevented the test dir from being cleaned. * Update to a git snapshot of the OpenSSL_1_0_1-stable branch. - Fixes CVE-2013-6449 (Closes: #732754) - Fixes CVE-2013-6450 - Drop patches ssltest_no_sslv2.patch cpuid.patch aesni-mac.patch dtls_version.patch get_certificate.patch, since they where all already commited upstream. - adjust fix-pod-errors.patch for the reordering of items in the documentation they've done trying to fix those pod errors. - disable rdrand engine by default (Closes: #732710) * disable zlib support. Fixes CVE-2012-4929 (Closes: #728055) * Add arm64 support (Closes: #732348) * Properly use the default number of bits in req when none are given -- Kurt Roeckx Sun, 22 Dec 2013 19:25:35 +0100 openssl (1.0.1e-4ubuntu4) trusty; urgency=low * debian/patches/no_default_rdrand.patch: Don't use rdrand engine as default unless explicitly requested. -- Marc Deslauriers Thu, 19 Dec 2013 15:39:22 -0500 openssl (1.0.1e-4ubuntu3) trusty; urgency=medium * Update debian configuration. -- Matthias Klose Thu, 05 Dec 2013 14:34:48 +0100 openssl (1.0.1e-4ubuntu2) trusty; urgency=low * Re-enable full TLSv1.2 support (LP: #1257877) - debian/patches/tls12_workarounds.patch: disable patch to re-enable full TLSv1.2 support. Most problematic sites have been fixed now, and we really want proper TLSv1.2 support in an LTS. -- Marc Deslauriers Wed, 04 Dec 2013 12:33:44 -0500 openssl (1.0.1e-4ubuntu1) trusty; urgency=low * Merge with Debian; remaining changes same as in 1.0.1e-3ubuntu1. -- Matthias Klose Wed, 04 Dec 2013 11:28:00 +0100 openssl (1.0.1e-4) unstable; urgency=low [ Peter Michael Green ] * Fix pod errors (Closes: #723954) * Fix clean target [ Kurt Roeckx ] * Add mipsn32 and mips64 targets. Patch from Eleanor Chen (Closes: #720654) * Add support for nocheck in DEB_BUILD_OPTIONS * Update Norwegian translation (Closes: #653574) * Update description of the packages. Patch by Justin B Rye (Closes: #719262) * change to debhelper compat level 9: - change dh_strip call so only the files from libssl1.0.0 get debug symbols. - change dh_makeshlibs call so the engines don't get added to the shlibs * Update Standards-Version from 3.8.0 to 3.9.5. No changes required. -- Kurt Roeckx Fri, 01 Nov 2013 17:11:53 +0100 openssl (1.0.1e-3ubuntu1) saucy; urgency=low * Merge with Debian, remaining changes. - debian/libssl1.0.0.postinst: + Display a system restart required notification on libssl1.0.0 upgrade on servers. + Use a different priority for libssl1.0.0/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/rules: + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. + Don't build for processors no longer supported: i586 (on i386) + Fix Makefile to properly clean up libs/ dirs in clean target. + Replace duplicate files in the doc directory with symlinks. - Unapply patch c_rehash-multi and comment it out in the series as it breaks parsing of certificates with CRLF line endings and other cases (see Debian #642314 for discussion), it also changes the semantics of c_rehash directories by requiring applications to parse hash link targets as files containing potentially *multiple* certificates rather than exactly one. - debian/patches/tls12_workarounds.patch: Workaround large client hello issues when TLS 1.1 and lower is in use - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-* - debian/patches/ubuntu_deb676533_arm_asm.patch: Enable arm assembly code. - debian/patches/arm64-support: Add basic arm64 support (no assembler) - debian/rules: Enable optimized 64bit elliptic curve code contributed by Google. * debian/patches/tls12_workarounds.patch: updated to also disable TLS 1.2 in test suite since we disable it in the client. * Disable compression to avoid CRIME systemwide (CVE-2012-4929). * Dropped changes: - debian/patches/ubuntu_deb676533_arm_asm.patch, applied in Debian. -- Matthias Klose Mon, 15 Jul 2013 14:07:52 +0200 openssl (1.0.1e-3) unstable; urgency=low * Move to /usr/include/$(DEB_HOST_MULTIARCH), and mark libssl-dev Multi-Arch: same. Patch by Colin Watson (Closes: #689093) * Add Polish translation (Closes: #658162) * Add Turkish translation (Closes: #660971) * Enable assembler for the arm targets, and remove armeb. Patch by Riku Voipio (Closes: #676533) * Add support for x32 (Closes: #698406) * enable ec_nistp_64_gcc_128 on *-amd64 (Closes: #698447) -- Kurt Roeckx Mon, 20 May 2013 16:56:06 +0200 openssl (1.0.1e-2ubuntu1.1) saucy-security; urgency=low * SECURITY UPDATE: Disable compression to avoid CRIME systemwide (LP: #1187195) - CVE-2012-4929 - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of zlib to compress SSL/TLS unless the environment variable OPENSSL_DEFAULT_ZLIB is set in the environment during library initialization. - Introduced to assist with programs not yet updated to provide their own controls on compression, such as Postfix - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch -- Seth Arnold Mon, 03 Jun 2013 18:14:05 -0700 openssl (1.0.1e-2ubuntu1) saucy; urgency=low * Resynchronise with Debian unstable. Remaining changes: - debian/libssl1.0.0.postinst: + Display a system restart required notification on libssl1.0.0 upgrade on servers. + Use a different priority for libssl1.0.0/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/rules: + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. + Don't build for processors no longer supported: i586 (on i386) + Fix Makefile to properly clean up libs/ dirs in clean target. + Replace duplicate files in the doc directory with symlinks. - Unapply patch c_rehash-multi and comment it out in the series as it breaks parsing of certificates with CRLF line endings and other cases (see Debian #642314 for discussion), it also changes the semantics of c_rehash directories by requiring applications to parse hash link targets as files containing potentially *multiple* certificates rather than exactly one. - debian/patches/tls12_workarounds.patch: Workaround large client hello issues when TLS 1.1 and lower is in use - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-* - debian/patches/ubuntu_deb676533_arm_asm.patch: Enable arm assembly code. - debian/patches/arm64-support: Add basic arm64 support (no assembler) - debian/rules: Enable optimized 64bit elliptic curve code contributed by Google. * debian/patches/tls12_workarounds.patch: updated to also disable TLS 1.2 in test suite since we disable it in the client. * Dropped changes: - debian/patches/CVE-2013-0169.patch: upstream. - debian/patches/fix_key_decoding_deadlock.patch: upstream. - debian/patches/CVE-2013-0166.patch: upstream. -- Marc Deslauriers Tue, 21 May 2013 16:31:47 -0400 openssl (1.0.1e-2) unstable; urgency=high * Bump shlibs. It's needed for the udeb. * Make cpuid work on cpu's that don't set ecx (Closes: #699692) * Fix problem with AES-NI causing bad record mac (Closes: #701868, #702635, #678353) * Fix problem with DTLS version check (Closes: #701826) * Fix segfault in SSL_get_certificate (Closes: #703031) -- Kurt Roeckx Mon, 18 Mar 2013 20:37:11 +0100 openssl (1.0.1e-1) unstable; urgency=high * New upstream version (Closes: #699889) - Fixes CVE-2013-0169, CVE-2012-2686, CVE-2013-0166 - Drop renegiotate_tls.patch, applied upstream - Export new CRYPTO_memcmp symbol, update symbol file * Add ssltest_no_sslv2.patch so that "make test" works. -- Kurt Roeckx Mon, 11 Feb 2013 19:39:44 +0100 openssl (1.0.1c-5) unstable; urgency=low * Re-enable assembler versions on sparc. They shouldn't have been disabled for sparc v9. (Closes: #649841) -- Kurt Roeckx Sun, 09 Sep 2012 08:43:40 +0200 openssl (1.0.1c-4ubuntu8) raring; urgency=low * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack - debian/patches/CVE-2013-0169.patch: re-enabled patch and added extra commit from upstream to fix regression. - CVE-2013-0169 -- Marc Deslauriers Tue, 19 Mar 2013 14:33:14 -0400 openssl (1.0.1c-4ubuntu7) raring; urgency=low * Enable optimized 64bit elliptic curve code contributed by Google. (LP: #1018522) -- Dmitrijs Ledkovs Thu, 07 Mar 2013 15:36:16 +0000 openssl (1.0.1c-4ubuntu6) raring; urgency=low * debian/patches/fix_key_decoding_deadlock.patch: Fix possible deadlock when decoding public keys. (LP: #1066032) -- Marc Deslauriers Wed, 06 Mar 2013 08:11:19 -0500 openssl (1.0.1c-4ubuntu5) raring; urgency=low * REGRESSION FIX: decryption errors on AES-NI hardware (LP: #1134873, LP: #1133333) - debian/patches/CVE-2013-0169.patch: disabled for now until fix is available from upstream. -- Marc Deslauriers Thu, 28 Feb 2013 11:01:29 -0500 openssl (1.0.1c-4ubuntu4) raring; urgency=low * SECURITY UPDATE: denial of service via invalid OCSP key - debian/patches/CVE-2013-0166.patch: properly handle NULL key in crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c. - CVE-2013-0166 * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack - debian/patches/CVE-2013-0169.patch: massive code changes - CVE-2013-0169 * SECURITY UPDATE: denial of service via AES-NI and crafted CBC data - Fix included in CVE-2013-0169 patch - CVE-2012-2686 -- Marc Deslauriers Tue, 19 Feb 2013 13:25:24 -0500 openssl (1.0.1c-4ubuntu3) raring; urgency=low * Add basic arm64 support (no assembler) (LP: #1102107) -- Wookey Sun, 20 Jan 2013 17:30:15 +0000 openssl (1.0.1c-4ubuntu2) raring; urgency=low * Enable arm assembly code. (LP: #1083498) (Closes: #676533) -- Dmitrijs Ledkovs Wed, 28 Nov 2012 00:08:45 +0000 openssl (1.0.1c-4ubuntu1) raring; urgency=low * Resynchronise with Debian (LP: #1077228). Remaining changes: - debian/libssl1.0.0.postinst: + Display a system restart required notification on libssl1.0.0 upgrade on servers. + Use a different priority for libssl1.0.0/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/rules: + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. + Don't build for processors no longer supported: i586 (on i386) + Fix Makefile to properly clean up libs/ dirs in clean target. + Replace duplicate files in the doc directory with symlinks. - Unapply patch c_rehash-multi and comment it out in the series as it breaks parsing of certificates with CRLF line endings and other cases (see Debian #642314 for discussion), it also changes the semantics of c_rehash directories by requiring applications to parse hash link targets as files containing potentially *multiple* certificates rather than exactly one. - Bump version passed to dh_makeshlibs to 1.0.1 for new symbols. - debian/patches/tls12_workarounds.patch: Workaround large client hello issues when TLS 1.1 and lower is in use - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-* * Dropped changes: - Drop openssl-doc in favour of the libssl-doc package introduced by Debian. Add Conflicts/Replaces until the next LTS release. + Drop the Conflicts/Replaces because 12.04 LTS was 'the next LTS release' -- Tyler Hicks Fri, 09 Nov 2012 14:49:13 -0800 openssl (1.0.1c-4) unstable; urgency=low * Fix the configure rules for alpha (Closes: #672710) * Switch the postinst to sh again, there never was a reason to switch it to bash (Closes: #676398) * Fix pic.patch to not use #ifdef in x86cpuid.s, only .S files are preprocessed. We generate the file again for pic anyway. (Closes: #677468) * Drop Breaks against openssh as it was only for upgrades between versions that were only in testing/unstable. (Closes: #668600) -- Kurt Roeckx Tue, 17 Jul 2012 11:49:19 +0200 openssl (1.0.1c-3ubuntu2) quantal; urgency=low [ Tyler Hicks ] * debian/patches/tls12_workarounds.patch: Readd the change to check TLS1_get_client_version rather than TLS1_get_version to fix incorrect client hello cipher list truncation when TLS 1.1 and lower is in use. (LP: #1051892) [ Micah Gersten ] * Mark Debian Vcs-* as XS-Debian-Vcs-* - update debian/control -- Tyler Hicks Thu, 04 Oct 2012 10:34:57 -0700 openssl (1.0.1c-3ubuntu1) quantal; urgency=low * Resynchronise with Debian. Remaining changes: - debian/libssl1.0.0.postinst: + Display a system restart required notification on libssl1.0.0 upgrade on servers. + Use a different priority for libssl1.0.0/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/rules: + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. + Don't build for processors no longer supported: i586 (on i386) + Fix Makefile to properly clean up libs/ dirs in clean target. + Replace duplicate files in the doc directory with symlinks. - Unapply patch c_rehash-multi and comment it out in the series as it breaks parsing of certificates with CRLF line endings and other cases (see Debian #642314 for discussion), it also changes the semantics of c_rehash directories by requiring applications to parse hash link targets as files containing potentially *multiple* certificates rather than exactly one. - Bump version passed to dh_makeshlibs to 1.0.1 for new symbols. - debian/patches/tls12_workarounds.patch: workaround large client hello issue: Compile with -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 and with -DOPENSSL_NO_TLS1_2_CLIENT. * Dropped upstreamed patches: - debian/patches/CVE-2012-2110.patch - debian/patches/CVE-2012-2110b.patch - debian/patches/CVE-2012-2333.patch - debian/patches/CVE-2012-0884-extra.patch - most of debian/patches/tls12_workarounds.patch -- Marc Deslauriers Fri, 29 Jun 2012 13:01:30 -0400 openssl (1.0.1c-3) unstable; urgency=low * Disable padlock engine again, causes problems for hosts not supporting it. -- Kurt Roeckx Wed, 06 Jun 2012 18:29:37 +0200 openssl (1.0.1c-2) unstable; urgency=high * Fix renegiotation when using TLS > 1.0. This breaks tor. Patch from upstream. (Closes: #675990) * Enable the padlock engine by default. * Change default bits from 1024 to 2048 (Closes: #487152) -- Kurt Roeckx Wed, 06 Jun 2012 00:55:42 +0200 openssl (1.0.1c-1) unstable; urgency=high * New upstream version - Fixes CVE-2012-2333 (Closes: #672452) -- Kurt Roeckx Fri, 11 May 2012 18:44:51 +0200 openssl (1.0.1b-1) unstable; urgency=high * New upstream version - Remaps SSL_OP_NO_TLSv1_1, so applications linked to 1.0.0 can talk to servers supporting TLS 1.1 but not TLS 1.2 - Drop rc4_hmac_md5.patch, applied upstream -- Kurt Roeckx Thu, 26 Apr 2012 23:34:34 +0200 openssl (1.0.1a-3) unstable; urgency=low * Use patch from upstream for the rc4_hmac_md5 issue. -- Kurt Roeckx Thu, 19 Apr 2012 23:16:30 +0200 openssl (1.0.1a-2) unstable; urgency=low * Fix rc4_hmac_md5 on non-i386/amd64 arches. -- Kurt Roeckx Thu, 19 Apr 2012 21:54:42 +0200 openssl (1.0.1a-1) unstable; urgency=high * New upstream version - Fixes CVE-2012-2110 - Fix crash in rc4_hmac_md5 (Closes: #666405) - Fixes some issues with talking to other servers when TLS 1.1 and 1.2 is supported - Drop patches no_ssl2.patch vpaes.patch tls1.2_client_algorithms.patch, applied upstream. -- Kurt Roeckx Thu, 19 Apr 2012 19:54:12 +0200 openssl (1.0.1-4ubuntu6) quantal; urgency=low * SECURITY UPDATE: denial of service attack in DTLS, TLS v1.1 and TLS v1.2 implementation - debian/patches/CVE_2012-2333.patch: guard for integer overflow before skipping explicit IV - CVE-2012-2333 * debian/patches/CVE-2012-0884-extra.patch: initialize tkeylen properly when encrypting CMS messages. -- Steve Beattie Thu, 24 May 2012 16:05:04 -0700 openssl (1.0.1-4ubuntu5) precise-proposed; urgency=low * debian/patches/CVE-2012-2110b.patch: Use correct error code in BUF_MEM_grow_clean() -- Jamie Strandboge Tue, 24 Apr 2012 08:29:32 -0500 openssl (1.0.1-4ubuntu4) precise-proposed; urgency=low * Check TLS1_get_client_version rather than TLS1_get_version for client hello cipher list truncation, in a further attempt to get things working again for everyone (LP: #986147). -- Colin Watson Tue, 24 Apr 2012 14:05:50 +0100 openssl (1.0.1-4ubuntu3) precise-proposed; urgency=low * SECURITY UPDATE: fix various overflows - debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c, crypto/buffer.c and crypto/mem.c to verify size of lengths - CVE-2012-2110 -- Jamie Strandboge Thu, 19 Apr 2012 10:31:06 -0500 openssl (1.0.1-4ubuntu2) precise-proposed; urgency=low * Backport more upstream patches to work around TLS 1.2 failures (LP #965371): - Do not use record version number > TLS 1.0 in initial client hello: some (but not all) hanging servers will now work. - Truncate the number of ciphers sent in the client hello to 50. Most broken servers should now work. - Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections. * Don't re-enable TLS 1.2 client support by default yet, since more of the sites listed in the above bug and its duplicates still fail if I do that versus leaving it disabled. -- Colin Watson Wed, 18 Apr 2012 15:03:56 +0100 openssl (1.0.1-4ubuntu1) precise; urgency=low * Resynchronise with Debian (LP: #968753). Remaining changes: - debian/libssl1.0.0.postinst: + Display a system restart required notification on libssl1.0.0 upgrade on servers. + Use a different priority for libssl1.0.0/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/rules: + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. + Don't build for processors no longer supported: i586 (on i386) + Fix Makefile to properly clean up libs/ dirs in clean target. + Replace duplicate files in the doc directory with symlinks. - Unapply patch c_rehash-multi and comment it out in the series as it breaks parsing of certificates with CRLF line endings and other cases (see Debian #642314 for discussion), it also changes the semantics of c_rehash directories by requiring applications to parse hash link targets as files containing potentially *multiple* certificates rather than exactly one. - Bump version passed to dh_makeshlibs to 1.0.1 for new symbols. - Experimental workaround to large client hello issue: if OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients only. - Compile with -DOPENSSL_NO_TLS1_2_CLIENT. -- Colin Watson Tue, 10 Apr 2012 20:50:52 +0100 openssl (1.0.1-4) unstable; urgency=low * Use official patch for the vpaes problem, also covering amd64. -- Kurt Roeckx Sat, 31 Mar 2012 20:54:13 +0200 openssl (1.0.1-3) unstable; urgency=high * Fix crash in vpaes (Closes: #665836) * use client version when deciding whether to send supported signature algorithms extension -- Kurt Roeckx Sat, 31 Mar 2012 18:35:59 +0200 openssl (1.0.1-2ubuntu4) precise; urgency=low * Pass cross-compiling options to 'make install' as well, since apparently it likes to rebuild fips_premain_dso. -- Colin Watson Sat, 31 Mar 2012 00:48:38 +0100 openssl (1.0.1-2ubuntu3) precise; urgency=low * Temporarily work around TLS 1.2 failures as suggested by upstream (LP #965371): - Use client version when deciding whether to send supported signature algorithms extension. - Experimental workaround to large client hello issue: if OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients only. - Compile with -DOPENSSL_NO_TLS1_2_CLIENT. This fixes most of the reported problems, but does not fix the case of servers that reject version numbers they don't support rather than trying to negotiate a lower version (e.g. www.mediafire.com). -- Colin Watson Fri, 30 Mar 2012 17:11:45 +0100 openssl (1.0.1-2ubuntu2) precise; urgency=low * Remove compat symlinks from /usr/lib to /lib, as they cause some serious issued with symbol generation, and are not needed. * Bump version passed to dh_makeshlibs to 1.0.1 for new symbols. -- Adam Conrad Fri, 23 Mar 2012 21:39:39 -0600 openssl (1.0.1-2ubuntu1) precise; urgency=low * Resynchronise with Debian (LP: #958430). Remaining changes: - debian/libssl1.0.0.postinst: + Display a system restart required notification on libssl1.0.0 upgrade on servers. + Use a different priority for libssl1.0.0/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/rules: + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. + Don't build for processors no longer supported: i586 (on i386) + Fix Makefile to properly clean up libs/ dirs in clean target. + Replace duplicate files in the doc directory with symlinks. - Unapply patch c_rehash-multi and comment it out in the series as it breaks parsing of certificates with CRLF line endings and other cases (see Debian #642314 for discussion), it also changes the semantics of c_rehash directories by requiring applications to parse hash link targets as files containing potentially *multiple* certificates rather than exactly one. * Drop aesni.patch, applied upstream. * Drop Bsymbolic-functions.patch, now handled using dpkg-buildflags. -- Colin Watson Thu, 22 Mar 2012 17:54:09 +0000 openssl (1.0.1-2) unstable; urgency=low * Properly quote the new cflags in Configure -- Kurt Roeckx Mon, 19 Mar 2012 19:56:05 +0100 openssl (1.0.1-1) unstable; urgency=low * New upstream version - Remove kfreebsd-pipe.patch, fixed upstream - Update pic.patch, openssl-pod-misspell.patch and make-targets.patch - Add OPENSSL_1.0.1 to version-script.patch and libssl1.0.0.symbols for the new functions. - AES-NI support (Closes: #644743) * pic.patch: upstream made OPENSSL_ia32cap_P and OPENSSL_cpuid_setup hidden on amd64, no need to access it PIC anymore. * pic.patch: Make OPENSSL_ia32cap_P hidden on i386 too (Closes: #663977) * Enable hardening using dpkg-buildflags (Closes: #653495) * s_client and s_server were forcing SSLv3 only connection when SSLv2 was disabled instead of the SSLv2 with upgrade method. (Closes: #664454) * Add Breaks on openssh < 1:5.9p1-4, it has a too strict version check. -- Kurt Roeckx Mon, 19 Mar 2012 18:23:32 +0100 openssl (1.0.0h-1) unstable; urgency=high * New upstream version - Fixes CVE-2012-0884 - Fixes CVE-2012-1165 - Properly fix CVE-2011-4619 - pkg-config.patch applied upstream, remove it. * Enable assembler for all i386 arches. The assembler does proper detection of CPU support, including cpuid support. This should fix a problem with AES 192 and 256 with the padlock engine because of the difference in NO_ASM between the between the i686 optimized library and the engine. -- Kurt Roeckx Tue, 13 Mar 2012 21:08:17 +0100 openssl (1.0.0g-1ubuntu1) precise; urgency=low * Resynchronise with Debian. Remaining changes: - debian/libssl1.0.0.postinst: + Display a system restart required notification on libssl1.0.0 upgrade on servers. + Use a different priority for libssl1.0.0/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/aesni.patch: Backport Intel AES-NI support, now from http://rt.openssl.org/Ticket/Display.html?id=2065 rather than the 0.9.8 variant. - debian/patches/Bsymbolic-functions.patch: Link using -Bsymbolic-functions. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/rules: + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. + Don't build for processors no longer supported: i586 (on i386) + Fix Makefile to properly clean up libs/ dirs in clean target. + Replace duplicate files in the doc directory with symlinks. - Unapply patch c_rehash-multi and comment it out in the series as it breaks parsing of certificates with CRLF line endings and other cases (see Debian #642314 for discussion), it also changes the semantics of c_rehash directories by requiring applications to parse hash link targets as files containing potentially *multiple* certificates rather than exactly one. -- Marc Deslauriers Sat, 11 Feb 2012 13:27:31 -0500 openssl (1.0.0g-1) unstable; urgency=high * New upstream version - Fixes CVE-2012-0050 -- Kurt Roeckx Wed, 18 Jan 2012 20:46:13 +0100 openssl (1.0.0f-1) unstable; urgency=high * New upstream version - Fixes CVE-2011-4108, CVE-2011-4576, CVE-2011-4619, CVE-2012-0027, CVE-2011-4577 -- Kurt Roeckx Thu, 12 Jan 2012 19:02:43 +0100 openssl (1.0.0e-3ubuntu1) precise; urgency=low * Resynchronise with Debian. Remaining changes: - debian/libssl1.0.0.postinst: + Display a system restart required notification on libssl1.0.0 upgrade on servers. + Use a different priority for libssl1.0.0/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/aesni.patch: Backport Intel AES-NI support, now from http://rt.openssl.org/Ticket/Display.html?id=2065 rather than the 0.9.8 variant. - debian/patches/Bsymbolic-functions.patch: Link using -Bsymbolic-functions. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/rules: + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. + Don't build for processors no longer supported: i586 (on i386) + Fix Makefile to properly clean up libs/ dirs in clean target. + Replace duplicate files in the doc directory with symlinks. - Unapply patch c_rehash-multi and comment it out in the series as it breaks parsing of certificates with CRLF line endings and other cases (see Debian #642314 for discussion), it also changes the semantics of c_rehash directories by requiring applications to parse hash link targets as files containing potentially *multiple* certificates rather than exactly one. -- Marc Deslauriers Thu, 12 Jan 2012 11:30:17 +0100 openssl (1.0.0e-3) unstable; urgency=low * Don't build v8 and v9 variants of sparc anymore, they're older than the default. (Closes: #649841) * Don't build i486 optimized version, that's the default anyway, and it uses assembler that doesn't always work on i486. -- Kurt Roeckx Mon, 28 Nov 2011 22:17:26 +0100 openssl (1.0.0e-2.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Block Malaysian's Digicert Sdn. Bhd. certificates by marking them as revoked. -- Raphael Geissert Sun, 06 Nov 2011 01:39:30 -0600 openssl (1.0.0e-2ubuntu4) oneiric; urgency=low * The previous change moved the notification to major upgrades only, but in fact, we do want the sysadmin to be notified when security updates are installed, without having services automatically restarted. (LP: #244250) -- Marc Deslauriers Tue, 04 Oct 2011 09:31:22 -0400 openssl (1.0.0e-2ubuntu3) oneiric; urgency=low * Only issue a restart required notification on important upgrades, and not other actions such as reconfiguration or initial installation. (LP: #244250) -- Anders Kaseorg Tue, 04 Oct 2011 13:33:35 +0100 openssl (1.0.0e-2ubuntu2) oneiric; urgency=low * Unapply patch c_rehash-multi and comment it out in the series as it breaks parsing of certificates with CRLF line endings and other cases (see Debian #642314 for discussion), it also changes the semantics of c_rehash directories by requiring applications to parse hash link targets as files containing potentially *multiple* certificates rather than exactly one. LP: #855454. -- Loïc Minier Tue, 27 Sep 2011 18:13:07 +0200 openssl (1.0.0e-2ubuntu1) oneiric; urgency=low * Resynchronise with Debian, fixes CVE-2011-1945, CVE-2011-3207 and CVE-2011-3210 (LP: #850608). Remaining changes: - debian/libssl1.0.0.postinst: + Display a system restart required notification bubble on libssl1.0.0 upgrade. + Use a different priority for libssl1.0.0/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/aesni.patch: Backport Intel AES-NI support, now from http://rt.openssl.org/Ticket/Display.html?id=2065 rather than the 0.9.8 variant. - debian/patches/Bsymbolic-functions.patch: Link using -Bsymbolic-functions. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/rules: + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. + Don't build for processors no longer supported: i486, i586 (on i386), v8 (on sparc). + Fix Makefile to properly clean up libs/ dirs in clean target. + Replace duplicate files in the doc directory with symlinks. * debian/libssl1.0.0.postinst: only display restart notification on servers (LP: #244250) -- Steve Beattie Wed, 14 Sep 2011 22:06:03 -0700 openssl (1.0.0e-2) unstable; urgency=low * Add a missing $(DEB_HOST_MULTIARCH) -- Kurt Roeckx Sat, 10 Sep 2011 17:02:29 +0200 openssl (1.0.0e-1) unstable; urgency=low * New upstream version - Fix bug where CRLs with nextUpdate in the past are sometimes accepted by initialising X509_STORE_CTX properly. (CVE-2011-3207) - Fix SSL memory handling for (EC)DH ciphersuites, in particular for multi-threaded use of ECDH. (CVE-2011-3210) - Add protection against ECDSA timing attacks (CVE-2011-1945) * Block DigiNotar certifiates. Patch from Raphael Geissert * Generate hashes for all certs in a file (Closes: #628780, #594524) Patch from Klaus Ethgen * Add multiarch support (Closs: #638137) Patch from Steve Langasek / Ubuntu * Symbols from the gost engine were removed because it didn't have a linker file. Thanks to Roman I Khimov (Closes: #631503) * Add support for s390x. Patch from Aurelien Jarno (Closes: #641100) * Add build-arch and build-indep targets to the rules file. -- Kurt Roeckx Sat, 10 Sep 2011 12:03:13 +0200 openssl (1.0.0d-3) unstable; urgency=low * Make it build on sparc64. Patch from Aurelien Jarno. (Closes: #626060) * Apply patches from Scott Schaefer to fix various pod and spelling errors. (Closes: #622820, #605561) * Add missing symbols for the engines (Closes: #623038) * More spelling fixes from Scott Schaefer (Closes: #395424) * Patch from Scott Schaefer to better document pkcs12 password options (Closes: #462489) * Document dgst -hmac option. Patch by Thorsten Glaser (Closes: #529586) -- Kurt Roeckx Mon, 13 Jun 2011 12:39:54 +0200 openssl (1.0.0d-2ubuntu2) oneiric; urgency=low * Build for multiarch. LP: #826601. -- Steve Langasek Mon, 15 Aug 2011 01:58:35 -0700 openssl (1.0.0d-2ubuntu1) oneiric; urgency=low * Resynchronise with Debian (LP: #675566). Remaining changes: - debian/libssl1.0.0.postinst: + Display a system restart required notification bubble on libssl1.0.0 upgrade. + Use a different priority for libssl1.0.0/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/aesni.patch: Backport Intel AES-NI support, now from http://rt.openssl.org/Ticket/Display.html?id=2065 rather than the 0.9.8 variant. - debian/patches/Bsymbolic-functions.patch: Link using -Bsymbolic-functions. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/rules: + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. + Don't build for processors no longer supported: i486, i586 (on i386), v8 (on sparc). + Fix Makefile to properly clean up libs/ dirs in clean target. + Replace duplicate files in the doc directory with symlinks. * Update architectures affected by Bsymbolic-functions.patch. * Drop debian/patches/no-sslv2.patch; Debian now adds the 'no-ssl2' configure option, which compiles out SSLv2 support entirely, so this is no longer needed. * Drop openssl-doc in favour of the libssl-doc package introduced by Debian. Add Conflicts/Replaces until the next LTS release. -- Colin Watson Sun, 01 May 2011 23:51:53 +0100 openssl (1.0.0d-2) unstable; urgency=high * Make c_rehash also generate the old subject hash. Gnutls applications seem to require it. (Closes: #611102) -- Kurt Roeckx Wed, 13 Apr 2011 22:36:49 +0200 openssl (1.0.0d-1) unstable; urgency=low * New upstream version - Fixes CVE-2011-0014 * Make libssl-doc Replaces/Breaks with old libssl-dev packages (Closes: #607609) * Only export the symbols we should, instead of all. * Add symbol file. * Upload to unstable -- Kurt Roeckx Sat, 02 Apr 2011 13:19:19 +0000 openssl (1.0.0c-2) experimental; urgency=low * Set $ in front of {sparcv9_asm} so that the sparc v9 variant builds. * Always define _GNU_SOURCE, not only for Linux. * Drop SSL2 support (Closes: #589706) -- Kurt Roeckx Sun, 19 Dec 2010 16:24:16 +0100 openssl (1.0.0c-1) experimental; urgency=low * New upstream version (Closes: #578376) - New soname: Rename library packages - Drop patch perl-path.diff, not needed anymore - Drop patches CVE-2010-2939.patch, CVE-2010-3864.patch and CVE-2010-4180.patch: applied upstream. - Update Configure for the new fields for the assembler options per arch. alpha now makes use of assembler. * Move man3 manpages and demos to libssl-doc (Closes: #470594) * Drop .pod files from openssl package (Closes: #518167) * Don't use RC4_CHAR on amd64 and drop rc4-amd64.patch * Stop using BF_PTR2 on (kfreebd-)amd64. * Drop debian-arm from the list of arches. * Update arm arches to use BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR instead of BN_LLONG DES_RISC1 * ia64: Drop RC4_CHAR, add DES_UNROLL DES_INT * powerpc: Use RC4_CHAR RC4_CHUNK DES_RISC1 instead of DES_RISC2 DES_PTR MD2_CHAR RC4_INDEX * s390: Use RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL instead of BN_LLONG -- Kurt Roeckx Sun, 12 Dec 2010 15:37:21 +0100 openssl (0.9.8o-5ubuntu1) natty; urgency=low * Merge from debian unstable. Remaining changes: (LP: #718205) - d/libssl0.9.8.postinst: + Display a system restart required notification bubble on libssl0.9.8 upgrade. + Use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - d/{libssl0.9.8-udeb.dirs, control, rules}: Create libssl0.9.8-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - d/{libcrypto0.9.8-udeb.dirs, libssl0.9.8.dirs, libssl0.9.8.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - d/{control, openssl-doc.docs, openssl.docs, openssl.dirs}: + Ship documentation in openssl-doc, suggested by the package. (Closes: #470594) - d/p/aesni.patch: Backport Intel AES-NI support from http://rt.openssl.org/Ticket/Display.html?id=2067 (refreshed) - d/p/Bsymbolic-functions.patch: Link using -Bsymbolic-functions. - d/p/perlpath-quilt.patch: Don't change perl #! paths under .pc. - d/p/no-sslv2.patch: Disable SSLv2 to match NSS and GnuTLS. The protocol is unsafe and extremely deprecated. (Closes: #589706) - d/rules: + Disable SSLv2 during compile. (Closes: #589706) + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. (Closes: #465248) + Don't build for processors no longer supported: i486, i586 (on i386), v8 (on sparc). + Fix Makefile to properly clean up libs/ dirs in clean target. (Closes: #611667) + Replace duplicate files in the doc directory with symlinks. * This upload fixed CVE: (LP: #718208) - CVE-2011-0014 -- Artur Rona Sun, 13 Feb 2011 16:10:24 +0100 openssl (0.9.8o-5) unstable; urgency=low * Fix OCSP stapling parse error (CVE-2011-0014) -- Kurt Roeckx Thu, 10 Feb 2011 20:43:43 +0100 openssl (0.9.8o-4ubuntu2) natty; urgency=low [ Peter Pearse ] * Fix Makefile to properly clean up libs/ dirs in clean target -- Steve Langasek Mon, 31 Jan 2011 10:47:30 -0800 openssl (0.9.8o-4ubuntu1) natty; urgency=low * Merge from debian unstable. Remaining changes: (LP: #693902) - debian/patches/Bsymbolic-functions.patch: Link using -Bsymbolic-functions. - Use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - Display a system restart required notification bubble on libssl0.9.8 upgrade. - Don't build for processors no longer supported: i486, i586 (on i386), v8 (on sparc). - Create libssl0.9.8-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - Replace duplicate files in the doc directory with symlinks. - Move runtime libraries to /lib, for the benefit of wpasupplicant. - Ship documentation in openssl-doc, suggested by the package. (Closes: #470594) - Use host compiler when cross-building. Patch from Neil Williams. (Closes: #465248). - Don't run 'make test' when cross-building. - debian/patches/aesni.patch: Backport Intel AES-NI support from http://rt.openssl.org/Ticket/Display.html?id=2067 (refreshed) - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/patches/no-sslv2.patch: disable SSLv2 to match NSS and GnuTLS. The protocol is unsafe and extremely deprecated. (Closes: #589706) -- Artur Rona Thu, 23 Dec 2010 20:20:03 +0100 openssl (0.9.8o-4) unstable; urgency=low * Fix CVE-2010-4180 (Closes: #529221) -- Kurt Roeckx Mon, 06 Dec 2010 20:33:21 +0100 openssl (0.9.8o-3ubuntu1) natty; urgency=low * Merge from debian unstable (LP: #677756). Remaining changes: - debian/patches/Bsymbolic-functions.patch: Link using -Bsymbolic-functions (refreshed) - Use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - Display a system restart required notification bubble on libssl0.9.8 upgrade. - Don't build for processors no longer supported: i486, i586 (on i386), v8 (on sparc). - Create libssl0.9.8-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian) - Replace duplicate files in the doc directory with symlinks. - Move runtime libraries to /lib, for the benefit of wpasupplicant - Ship documentation in openssl-doc, suggested by the package. (Debian bug 470594) - Use host compiler when cross-building (patch from Neil Williams in Debian bug 465248). - Don't run 'make test' when cross-building. - debian/patches/aesni.patch: Backport Intel AES-NI support from http://rt.openssl.org/Ticket/Display.html?id=2067 (refreshed) - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/patches/no-sslv2.patch: disable SSLv2 to match NSS and GnuTLS. The protocol is unsafe and extremely deprecated. (Debian bug 589706) * Dropped patches, now upstream: - debian/patches/CVE-2010-2939.patch (Debian patch is identically named) -- Steve Beattie Thu, 18 Nov 2010 12:54:37 -0800 openssl (0.9.8o-3) unstable; urgency=high * Fix TLS extension parsing race condition (CVE-2010-3864) (Closes: #603709) * Re-add the engines. They were missing since 0.9.8m-1. Patch by Joerg Schneider. (Closes: #603693) * Not all architectures were build using -g (Closes: #570702) * Add powerpcspe support (Closes: #579805) * Add armhf support (Closes: #596881) * Update translations: - Brazilian Portuguese (Closes: #592154) - Danish (Closes: #599459) - Vietnamese (Closes: #601536) - Arabic (Closes: #596166) * Generate the proper stamp file so that everything doesn't get build twice. -- Kurt Roeckx Tue, 16 Nov 2010 19:20:55 +0100 openssl (0.9.8o-2) unstable; urgency=high * Fix CVE-2010-2939: Double free using ECDH. (Closes: #594415) -- Kurt Roeckx Thu, 26 Aug 2010 18:25:29 +0200 openssl (0.9.8o-1ubuntu4.1) maverick-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via crafted private key with an invalid prime. - debian/patches/CVE-2010-2939.patch: set bn_ctx to NULL after freeing it in ssl/s3_clnt.c. - CVE-2010-2939 -- Marc Deslauriers Wed, 06 Oct 2010 16:46:36 -0400 openssl (0.9.8o-1ubuntu4) maverick; urgency=low * Update AES-NI patch to openssl-0.9.8-aesni-modes-perlasm-win32-v4.patch from http://rt.openssl.org/Ticket/Display.html?id=2067, fixing segfault on engine initialisation (LP: #590639). -- Colin Watson Fri, 24 Sep 2010 12:20:49 +0100 openssl (0.9.8o-1ubuntu3) maverick; urgency=low * debian/patches/no-sslv2.patch: disable SSLv2 to match NSS and GnuTLS. The protocol is unsafe and extremely deprecated. (Debian bug 589706) -- Kees Cook Tue, 20 Jul 2010 08:24:13 -0700 openssl (0.9.8o-1ubuntu2) maverick; urgency=low * Don't build anymore for processors not supported anymore in maverick: - i486, i586 (on i386). - v8 (on sparc). -- Matthias Klose Mon, 19 Jul 2010 16:44:10 +0200 openssl (0.9.8o-1ubuntu1) maverick; urgency=low * Merge from debian unstable, remaining changes (LP: #581167): - debian/patches/Bsymbolic-functions.patch: Link using -Bsymbolic-functions - Ship documentation in openssl-doc, suggested by the package. - Use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - Display a system restart required notification bubble on libssl0.9.8 upgrade. - Replace duplicate files in the doc directory with symlinks. - Move runtime libraries to /lib, for the benefit of wpasupplicant - Use host compiler when cross-building (patch from Neil Williams in Debian #465248). - Don't run 'make test' when cross-building. - Create libssl0.9.8-udeb, for the benefit of wget-udeb (LP: #503339). - debian/patches/aesni.patch: Backport Intel AES-NI support from http://rt.openssl.org/Ticket/Display.html?id=2067 (LP: #485518). - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. * Dropped patches, now upstream: - debian/patches/CVE-2009-3245.patch - debian/patches/CVE-2010-0740.patch - debian/patches/dtls-compatibility.patch - debian/patches/CVE-2009-4355.patch * Dropped "Add support for lpia". * Dropped "Disable SSLv2 during compile" as this had never actually disabled SSLv2. * Don't disable CVE-2009-3555.patch for Maverick. -- Marc Deslauriers Mon, 14 Jun 2010 09:08:29 -0400 openssl (0.9.8o-1) unstable; urgency=low * New upstream version - Add SHA2 algorithms to SSL_library_init(). - aes-x86_64.pl is now PIC, update pic.patch. * Add sparc64 support (Closes: #560240) -- Kurt Roeckx Sun, 18 Apr 2010 01:42:44 +0200 openssl (0.9.8n-1) unstable; urgency=high * New upstream version. - Fixes CVE-2010-0740. - Drop cfb.patch, applied upstream. -- Kurt Roeckx Thu, 25 Mar 2010 20:30:52 +0100 openssl (0.9.8m-2) unstable; urgency=low * Revert CFB block length change preventing reading older files. (Closes: #571810, #571940) -- Kurt Roeckx Sun, 28 Feb 2010 22:08:49 +0100 openssl (0.9.8m-1) unstable; urgency=low * New upstream version - Implements RFC5746, reenables renegotiation but requires the extension. - Fixes CVE-2009-3245 - Drop patches CVE-2009-4355.patch, CVE-2009-1378.patch, CVE-2009-1377.patch, CVE-2009-1379.patch, CVE-2009-3555.patch, CVE-2009-2409.patch, CVE-2009-1387.patch, tls_ext_v3.patch, no_check_self_signed.patch: applied upstream - pk7_mime_free.patch removed, code rewritten - ca.diff partially applied upstream - engines-path.patch adjusted, upstream made some minor changes to the build system. - some flags changed values, bump shlibs. * Switch to 3.0 (quilt) source package. * Make sure the package is properly cleaned. * Add ${misc:Depends} to the Depends on all packages. * Fix spelling of extension in the changelog file. -- Kurt Roeckx Sat, 27 Feb 2010 12:24:03 +0000 openssl (0.9.8k-8) unstable; urgency=high * Clean up zlib state so that it will be reinitialized on next use and not cause a memory leak. (CVE-2009-4355, CVE-2008-1678) -- Kurt Roeckx Wed, 13 Jan 2010 21:26:49 +0100 openssl (0.9.8k-7ubuntu8) lucid; urgency=low * SECURITY UPDATE: denial of service and possible arbitrary code execution via unchecked return values - debian/patches/CVE-2009-3245.patch: check bn_wexpand return value in crypto/bn/{bn_div.c,bn_gf2m.c,bn_mul.c}, crypto/ec/ec2_smpl.c, engines/e_ubsec.c. - CVE-2009-3245 * SECURITY UPDATE: denial of service via "record of death" - debian/patches/CVE-2010-0740.patch: only send back minor version number in ssl/s3_pkt.c. - CVE-2010-0740 -- Marc Deslauriers Tue, 30 Mar 2010 08:57:51 -0400 openssl (0.9.8k-7ubuntu7) lucid; urgency=low * debian/patches/dtls-compatibility.patch: backport dtls compatibility code from 0.9.8m to fix interopability. (LP: #516318) -- Marc Deslauriers Fri, 26 Mar 2010 08:31:09 -0400 openssl (0.9.8k-7ubuntu6) lucid; urgency=low * Backport Intel AES-NI support from http://rt.openssl.org/Ticket/Display.html?id=2067 (LP: #485518). * Don't change perl #! paths under .pc. -- Colin Watson Mon, 01 Feb 2010 15:40:27 -0800 openssl (0.9.8k-7ubuntu5) lucid; urgency=low * SECURITY UPDATE: memory leak possible during state clean-up. - Add CVE-2009-4355.patch, upstream fixes thanks to Debian. -- Kees Cook Fri, 22 Jan 2010 09:50:01 -0800 openssl (0.9.8k-7ubuntu4) lucid; urgency=low * Use host compiler when cross-building (patch from Neil Williams in Debian #465248). * Don't run 'make test' when cross-building. * Create libssl0.9.8-udeb, for the benefit of wget-udeb (LP: #503339). -- Colin Watson Tue, 05 Jan 2010 16:09:38 +0000 openssl (0.9.8k-7ubuntu3) lucid; urgency=low * debian/patches/disable-sslv2.patch: remove and apply inline to fix FTBFS when patch won't revert during the build process. -- Marc Deslauriers Mon, 07 Dec 2009 21:00:47 -0500 openssl (0.9.8k-7ubuntu2) lucid; urgency=low * debian/patches/{disable-sslv2,Bsymbolic-functions}.patch: apply Makefile sections inline as once the package is configured during the build process, the patches wouldn't revert anymore, causing a FTBFS on anything other than amd64. -- Marc Deslauriers Mon, 07 Dec 2009 19:52:15 -0500 openssl (0.9.8k-7ubuntu1) lucid; urgency=low * Merge from debian unstable, remaining changes (LP: #493392): - Link using -Bsymbolic-functions - Add support for lpia - Disable SSLv2 during compile - Ship documentation in openssl-doc, suggested by the package. - Use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - Display a system restart required notification bubble on libssl0.9.8 upgrade. - Replace duplicate files in the doc directory with symlinks. - Move runtime libraries to /lib, for the benefit of wpasupplicant * Strip the patches out of the source into quilt patches * Disable CVE-2009-3555.patch -- Nicolas Valcárcel Scerpella (Canonical) Sun, 06 Dec 2009 20:16:24 -0500 openssl (0.9.8k-7) unstable; urgency=low * Bump the shlibs to require 0.9.8k-1. The following symbols to added between g and k: AES_wrap_key, AES_unwrap_key, ASN1_TYPE_set1, ASN1_STRING_set0, asn1_output_data_fn, SMIME_read_ASN1, BN_X931_generate_Xpq, BN_X931_derive_prime_ex, BN_X931_generate_prime_ex, COMP_zlib_cleanup, CRYPTO_malloc_debug_init, int_CRYPTO_set_do_dynlock_callback, CRYPTO_set_mem_info_functions, CRYPTO_strdup, CRYPTO_dbg_push_info, CRYPTO_dbg_pop_info, CRYPTO_dbg_remove_all_info, OPENSSL_isservice, OPENSSL_init, ENGINE_set_load_ssl_client_cert_function, ENGINE_get_ssl_client_cert_function, ENGINE_load_ssl_client_cert, EVP_CIPHER_CTX_set_flags, EVP_CIPHER_CTX_clear_flags, EVP_CIPHER_CTX_test_flags, HMAC_CTX_set_flags, OCSP_sendreq_new OCSP_sendreq_nbio, OCSP_REQ_CTX_free, RSA_X931_derive_ex, RSA_X931_generate_key_ex, X509_ALGOR_set0, X509_ALGOR_get0, X509at_get0_data_by_OBJ, X509_get1_ocsp -- Kurt Roeckx Sat, 28 Nov 2009 14:34:26 +0100 openssl (0.9.8k-6) unstable; urgency=low * Disable SSL/TLS renegotiation (CVE-2009-3555) (Closes: #555829) -- Kurt Roeckx Thu, 12 Nov 2009 18:10:31 +0000 openssl (0.9.8k-5) unstable; urgency=low * Don't check self signed certificate signatures in X509_verify_cert() (Closes: #541735) -- Kurt Roeckx Fri, 11 Sep 2009 15:42:32 +0200 openssl (0.9.8k-4) unstable; urgency=low * Split all the patches into a separate files * Stop undefinging HZ, the issue on alpha should be fixed. * Remove MD2 from digest algorithm table. (CVE-2009-2409) (Closes: #539899) -- Kurt Roeckx Tue, 11 Aug 2009 21:19:18 +0200 openssl (0.9.8k-3) unstable; urgency=low * Make rc4-x86_64 PIC. Based on patch from Petr Salinger (Closes: #532336) * Add workaround for kfreebsd that can't see the different between two pipes. Patch from Petr Salinger. -- Kurt Roeckx Sat, 13 Jun 2009 18:15:46 +0200 openssl (0.9.8k-2) unstable; urgency=low * Move libssl0.9.8-dbg to the debug section. * Use the rc4 assembler on kfreebsd-amd64 (Closes: #532336) * Split the line to generate md5-x86_64.s in the Makefile. This will hopefully fix the build issue on kfreebsd that now outputs the file to stdout instead of the file. * Fix denial of service via an out-of-sequence DTLS handshake message (CVE-2009-1387) (Closes: #532037) -- Kurt Roeckx Mon, 08 Jun 2009 19:05:56 +0200 openssl (0.9.8k-1) unstable; urgency=low * New upstream release - 0.9.8i fixed denial of service via a DTLS ChangeCipherSpec packet that occurs before ClientHello (CVE-2009-1386) * Make aes-x86_64.pl use PIC. * Fix security issues (Closes: #530400) - "DTLS record buffer limitation bug." (CVE-2009-1377) - "DTLS fragment handling" (CVE-2009-1378) - "DTLS use after free" (CVE-2009-1379) * Fixed Configure for hurd: use -mtune=i486 instead of -m486 Patch by Marc Dequènes (Duck) (Closes: #530459) * Add support for avr32 (Closes: #528648) -- Kurt Roeckx Sat, 16 May 2009 17:33:55 +0200 openssl (0.9.8g-16ubuntu3) karmic; urgency=low * SECURITY UPDATE: certificate spoofing via hash collisions from MD2 design flaws. - crypto/evp/c_alld.c, ssl/ssl_algs.c: disable MD2 digest. - crypto/x509/x509_vfy.c: skip signature check for self signed certificates - http://marc.info/?l=openssl-cvs&m=124508133203041&w=2 - http://marc.info/?l=openssl-cvs&m=124704528713852&w=2 - CVE-2009-2409 -- Marc Deslauriers Tue, 08 Sep 2009 14:59:05 -0400 openssl (0.9.8g-16ubuntu2) karmic; urgency=low * Patches forward ported from http://www.ubuntu.com/usn/USN-792-1 (by Marc Deslauriers) * SECURITY UPDATE: denial of service via memory consumption from large number of future epoch DTLS records. - crypto/pqueue.*: add new pqueue_size counter function. - ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100. - http://cvs.openssl.org/chngview?cn=18187 - CVE-2009-1377 * SECURITY UPDATE: denial of service via memory consumption from duplicate or invalid sequence numbers in DTLS records. - ssl/d1_both.c: discard message if it's a duplicate or too far in the future. - http://marc.info/?l=openssl-dev&m=124263491424212&w=2 - CVE-2009-1378 * SECURITY UPDATE: denial of service or other impact via use-after-free in dtls1_retrieve_buffered_fragment. - ssl/d1_both.c: use temp frag_len instead of freed frag. - http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest - CVE-2009-1379 * SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet that occurs before ClientHello. - ssl/s3_pkt.c: abort if s->session is NULL. - ssl/{ssl.h,ssl_err.c}: add new error codes. - http://cvs.openssl.org/chngview?cn=17369 - CVE-2009-1386 * SECURITY UPDATE: denial of service via an out-of-sequence DTLS handshake message. - ssl/d1_both.c: don't buffer fragments with no data. - http://cvs.openssl.org/chngview?cn=17958 - CVE-2009-1387 -- Jamie Strandboge Fri, 10 Jul 2009 14:44:47 -0500 openssl (0.9.8g-16ubuntu1) karmic; urgency=low * Merge from debian unstable, remaining changes: - Link using -Bsymbolic-functions - Add support for lpia - Disable SSLv2 during compile - Ship documentation in openssl-doc, suggested by the package. - Use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - Display a system restart required notification bubble on libssl0.9.8 upgrade. - Replace duplicate files in the doc directory with symlinks. -- Jamie Strandboge Thu, 14 May 2009 14:11:05 -0500 openssl (0.9.8g-16) unstable; urgency=high * Properly validate the length of an encoded BMPString and UniversalString (CVE-2009-0590) (Closes: #522002) -- Kurt Roeckx Wed, 01 Apr 2009 22:04:53 +0200 openssl (0.9.8g-15ubuntu3) jaunty; urgency=low * SECURITY UPDATE: crash via invalid memory access when printing BMPString or UniversalString with invalid length - crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h: return error if invalid length - CVE-2009-0590 - http://www.openssl.org/news/secadv_20090325.txt - patch from upstream CVS: crypto/asn1/asn1.h:1.128.2.11->1.128.2.12 crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5 crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11 -- Jamie Strandboge Fri, 27 Mar 2009 08:23:35 -0500 openssl (0.9.8g-15ubuntu2) jaunty; urgency=low * Move runtime libraries to /lib, for the benefit of wpasupplicant (LP: #44194). Leave symlinks behind in /usr/lib (except on the Hurd) since we used to set an rpath there. -- Colin Watson Fri, 06 Mar 2009 12:48:52 +0000 openssl (0.9.8g-15ubuntu1) jaunty; urgency=low * Merge from debian unstable, remaining changes: LP: #314984 - Link using -Bsymbolic-functions - Add support for lpia - Disable SSLv2 during compile - Ship documentation in openssl-doc, suggested by the package. - Use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - Display a system restart required notification bubble on libssl0.9.8 upgrade. - Replace duplicate files in the doc directory with symlinks. -- Bhavani Shankar Thu, 08 Jan 2009 12:38:06 +0530 openssl (0.9.8g-15) unstable; urgency=low * Internal calls to didn't properly check for errors which resulted in malformed DSA and ECDSA signatures being treated as a good signature rather than as an error. (CVE-2008-5077) * ipv6_from_asc() could write 1 byte longer than the buffer in case the ipv6 address didn't have "::" part. (Closes: #506111) -- Kurt Roeckx Mon, 05 Jan 2009 21:14:31 +0100 openssl (0.9.8g-14ubuntu2) jaunty; urgency=low * SECURITY UPDATE: clients treat malformed signatures as good when verifying server DSA and ECDSA certificates - update apps/speed.c, apps/spkac.c, apps/verify.c, apps/x509.c, ssl/s2_clnt.c, ssl/s2_srvr.c, ssl/s3_clnt.c, s3_srvr.c, and ssl/ssltest.c to properly check the return code of EVP_VerifyFinal() - patch based on upstream patch for #2008-016 - CVE-2008-5077 -- Jamie Strandboge Tue, 06 Jan 2009 00:44:19 -0600 openssl (0.9.8g-14ubuntu1) jaunty; urgency=low * Merge from debian unstable, remaining changes: - Link using -Bsymbolic-functions - Add support for lpia - Disable SSLv2 during compile - Ship documentation in openssl-doc, suggested by the package. - Use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - Display a system restart required notification bubble on libssl0.9.8 upgrade. - Replace duplicate files in the doc directory with symlinks. -- Scott James Remnant Tue, 11 Nov 2008 17:24:44 +0000 openssl (0.9.8g-14) unstable; urgency=low * Don't give the warning about security updates when upgrading from etch since it doesn't have any known security problems. * Automaticly use engines that succesfully initialised. Patch from the 0.9.8h upstream version. (Closes: #502177) -- Kurt Roeckx Fri, 31 Oct 2008 22:45:14 +0100 openssl (0.9.8g-13) unstable; urgency=low * Fix a problem with tlsext preventing firefox 3 from connection. Patch from upstream CVS and part of 0.9.8h. (Closes: #492758) -- Kurt Roeckx Sun, 03 Aug 2008 19:47:10 +0200 openssl (0.9.8g-12) unstable; urgency=low * add the changelog of the 10.1 NMU to make bugtracking happy -- Christoph Martin Tue, 22 Jul 2008 14:58:26 +0200 openssl (0.9.8g-11) unstable; urgency=low [ Christoph Martin ] * updated cs, gl, sv, ru, ro debconf translation (closes: #480926, #480967, #482465, #484324, #488595) * add Vcs-Svn header (closes: #481654) * fix debian-kfreebsd-i386 build flags (closes: #482275) * add stunnel4 to restart list (closes: #482111) * include fixes from 10.1 NMU by Security team - Fix double free in TLS server name extension which leads to a remote denial of service (CVE-2008-0891; Closes: #483379). - Fix denial of service if the 'Server Key exchange message' is omitted from a TLS handshake which could lead to a client crash (CVE-2008-1672; Closes: #483379). This only works if openssl is compiled with enable-tlsext which is done in Debian. * fix some lintian warnings * update to newest standards version -- Christoph Martin Thu, 17 Jul 2008 09:53:01 +0200 openssl (0.9.8g-10.1ubuntu2) intrepid; urgency=low * debian/rules: - disable SSLv2 during compile * debian/README.debian - add note about disabled SSLv2 in Ubuntu -- Ante Karamatic Thu, 24 Jul 2008 12:47:09 +0200 openssl (0.9.8g-10.1ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - display a system restart required notification bubble on libssl0.9.8 upgrade. - ship documentation in new openssl-doc package. - configure: add support for lpia. - replace duplicate files in the doc directory with symlinks. - link using -bsymbolic-functions. - update maintainer as per spec. -- Luke Yelavich Tue, 10 Jun 2008 11:50:07 +1000 openssl (0.9.8g-10.1) unstable; urgency=high * Non-maintainer upload by the Security team. * Fix denial of service if the 'Server Key exchange message' is omitted from a TLS handshake which could lead to a client crash (CVE-2008-1672; Closes: #483379). This only works if openssl is compiled with enable-tlsext which is done in Debian. * Fix double free in TLS server name extension which leads to a remote denial of service (CVE-2008-0891; Closes: #483379). -- Nico Golde Tue, 27 May 2008 11:13:44 +0200 openssl (0.9.8g-10ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - Use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - Display a system restart required notification bubble on libssl0.9.8 upgrade. - Ship documentation in new openssl-doc package. - Configure: Add support for lpia. - Replace duplicate files in the doc directory with symlinks. - Link using -Bsymbolic-functions. - Update maintainer as per spec. -- Luke Yelavich Mon, 12 May 2008 22:49:33 +1000 openssl (0.9.8g-10) unstable; urgency=low * undefine HZ so that the code falls back to sysconf(_SC_CLK_TCK) to fix a build failure on alpha. -- Kurt Roeckx Thu, 08 May 2008 17:56:13 +0000 openssl (0.9.8g-9) unstable; urgency=high [ Christoph Martin ] * Include updated debconf translations (closes: #473477, #461597, #461880, #462011, #465517, #475439) [ Kurt Roeckx ] * ssleay_rand_add() really needs to call MD_Update() for buf. -- Kurt Roeckx Wed, 07 May 2008 20:32:12 +0200 openssl (0.9.8g-8ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - Use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - Display a system restart required notification bubble on libssl0.9.8 upgrade. - Ship documentation in new openssl-doc package. - Configure: Add support for lpia. - Replace duplicate files in the doc directory with symlinks. - Link using -Bsymbolic-functions. - Update maintainer as per spec. -- Luke Yelavich Mon, 12 May 2008 10:09:20 +1000 openssl (0.9.8g-8) unstable; urgency=high * Don't add extensions to ssl v3 connections. It breaks with some other software. (Closes: #471681) -- Kurt Roeckx Sun, 23 Mar 2008 17:50:04 +0000 openssl (0.9.8g-7) unstable; urgency=low * Upload to unstable. -- Kurt Roeckx Wed, 13 Feb 2008 22:22:29 +0000 openssl (0.9.8g-6) experimental; urgency=low * Bump shlibs. -- Kurt Roeckx Sat, 09 Feb 2008 15:42:22 +0100 openssl (0.9.8g-5) experimental; urgency=low * Enable tlsext. This changes the ABI, but should hopefully not cause any problems. (Closes: #462596) -- Kurt Roeckx Sat, 09 Feb 2008 13:32:49 +0100 openssl (0.9.8g-4ubuntu3) hardy; urgency=low * Use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. (LP: #91814) * Display a system restart required notification bubble on libssl0.9.8 upgrade. -- Luke Yelavich Tue, 22 Apr 2008 10:50:53 +1000 openssl (0.9.8g-4ubuntu2) hardy; urgency=low * Ship documentation in new openssl-doc package, since it is very large and not terribly useful for the casual desktop user. -- Martin Pitt Tue, 11 Mar 2008 22:52:28 +0100 openssl (0.9.8g-4ubuntu1) hardy; urgency=low * Merge from unstable; remaining changes: - Configure: Add support for lpia. - Replace duplicate files in the doc directory with symlinks. - Link using -Bsymbolic-functions. -- Matthias Klose Tue, 29 Jan 2008 14:32:12 +0100 openssl (0.9.8g-4) unstable; urgency=low * Fix aes ige test speed not to overwrite it's buffer and cause segfauls. Thanks to Tim Hudson (Closes: #459619) * Mark some strings in the templates as non translatable. Patch from Christian Perrier (Closes: #450418) * Update Dutch debconf translation (Closes: #451290) * Update French debconf translation (Closes: #451375) * Update Catalan debconf translation (Closes: #452694) * Update Basque debconf translation (Closes: #457285) * Update Finnish debconf translation (Closes: #458261) -- Kurt Roeckx Wed, 16 Jan 2008 21:49:43 +0100 openssl (0.9.8g-3ubuntu1) hardy; urgency=low * Merge with Debian; remaining changes: - Configure: Add support for lpia. - Replace duplicate files in the doc directory with symlinks. -- Matthias Klose Wed, 05 Dec 2007 00:13:39 +0100 openssl (0.9.8g-3) unstable; urgency=low * aes-586.pl: push %ebx on the stack before we put some things on the stack and call a function, giving AES_decrypt() wrong values to work with. (Closes: #449200) -- Kurt Roeckx Sun, 04 Nov 2007 21:49:00 +0100 openssl (0.9.8g-2) unstable; urgency=low * Avoid text relocations on i386 caused by the assembler versions: - x86unix.pl: Create a function_begin_B_static to create a static/local assembler function. - aes-586.pl: Use the function_begin_B_static for _x86_AES_decrypt so that it doesn't get exported and doesn't have any (text) relocations. - aes-586.pl: Set up ebx to point to the GOT and call AES_set_encrypt_key via the PLT to avoid a relocation. - x86unix.pl: Call the init function via the PLT, avoiding a relocation in case of a PIC object. - cbc.pl: Call functions via the PLT. - desboth.pl: Call DES_encrypt2 via the PLT. * CA.sh should use the v3_ca extension when called with -newca (Closes: #428051) * Use -Wa,--noexecstack for all arches in Debian. (Closes: #430583) * Convert the failure message when services fail restart to a debconf message. * To restart a service, just restart, instead of stop and start. Hopefully fixes #444946 * Also remove igetest from the test dir in the clean target. (Closes: #424362) -- Kurt Roeckx Sat, 03 Nov 2007 13:25:45 +0100 openssl (0.9.8g-1) unstable; urgency=low * New upstream release - Fixes version number not to say it's a development version. -- Kurt Roeckx Sat, 20 Oct 2007 12:47:10 +0200 openssl (0.9.8f-1) unstable; urgency=low * New upstream release - Fixes DTLS issues, also fixes CVE-2007-4995 (Closes: #335703, #439737) - Proper inclusion of opensslconf.h in pq_compat.h (Closes: #408686) - New function SSL_set_SSL_CTX: bump shlibs. * Remove build dependency on gcc > 4.2 * Remove the openssl preinst, it looks like a workaround for a change in 0.9.2b where config files got moved. (Closes: #445095) * Update debconf translations: - Vietnamese (Closes: #426988) - Danish (Closes: #426774) - Slovak (Closes: #440723) - Finnish (Closes: #444258) -- Kurt Roeckx Sat, 13 Oct 2007 00:47:22 +0200 openssl (0.9.8e-9) unstable; urgency=high * CVE-2007-5135: Fix off by one error in SSL_get_shared_ciphers(). (Closes: #444435) * Add postgresql-8.2 to the list of services to check. -- Kurt Roeckx Fri, 28 Sep 2007 19:47:33 +0200 openssl (0.9.8e-8) unstable; urgency=low * Fix another case of the "if this code is reached, the program will abort" (Closes: #429740) * Temporary force to build with gcc >= 4.2 -- Kurt Roeckx Sun, 02 Sep 2007 18:12:11 +0200 openssl (0.9.8e-7) unstable; urgency=low * Fix problems with gcc-4.2 (Closes: #429740) * Stop using -Bsymbolic to create the shared library. * Make x86_64cpuid.pl use PIC. -- Kurt Roeckx Sun, 02 Sep 2007 16:15:18 +0200 openssl (0.9.8e-6) unstable; urgency=high * Add fix for CVE-2007-3108 (Closes: #438142) -- Kurt Roeckx Wed, 15 Aug 2007 19:49:54 +0200 openssl (0.9.8e-5ubuntu3) gutsy; urgency=low * Replace duplicate files in the doc directory with symlinks. -- Matthias Klose Thu, 04 Oct 2007 16:27:53 +0000 openssl (0.9.8e-5ubuntu2) gutsy; urgency=low [ Jamie Strandboge ] * SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in buffer overflow * ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to Stephan Hermann * References: CVE-2007-5135 http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded Fixes LP: #146269 * Modify Maintainer value to match the DebianMaintainerField specification. [ Kees Cook ] * SECURITY UPDATE: side-channel attacks via BN_from_montgomery function. * crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian. * References CVE-2007-3108 -- Kees Cook Fri, 28 Sep 2007 13:02:19 -0700 openssl (0.9.8e-5ubuntu1) gutsy; urgency=low * Configure: Add support for lpia. * Explicitely build using gcc-4.1 (PR other/31359). -- Matthias Klose Tue, 31 Jul 2007 12:47:38 +0000 openssl (0.9.8e-5) unstable; urgency=low [ Christian Perrier ] * Debconf templates proofread and slightly rewritten by the debian-l10n-english team as part of the Smith Review Project. Closes: #418584 * Debconf templates translations: - Arabic. Closes: #418669 - Russian. Closes: #418670 - Galician. Closes: #418671 - Swedish. Closes: #418679 - Korean. Closes: #418755 - Czech. Closes: #418768 - Basque. Closes: #418784 - German. Closes: #418785 - Traditional Chinese. Closes: #419915 - Brazilian Portuguese. Closes: #419959 - French. Closes: #420429 - Italian. Closes: #420461 - Japanese. Closes: #420482 - Catalan. Closes: #420833 - Dutch. Closes: #420925 - Malayalam. Closes: #420986 - Portuguese. Closes: #421032 - Romanian. Closes: #421708 [ Kurt Roeckx ] * Remove the Provides for the udeb. Patch from Frans Pop. (Closes: #419608) * Updated Spanish debconf template. (Closes: #421336) * Do the header changes, changing those defines into real functions, and bump the shlibs to match. * Update Japanese debconf translation. (Closes: #422270) -- Kurt Roeckx Tue, 15 May 2007 17:21:08 +0000 openssl (0.9.8e-4) unstable; urgency=low * openssl should depend on libssl0.9.8 0.9.8e-1 since it uses some of the defines that changed to functions. Other things build against libssl or libcrypto shouldn't have this problem since they use the old headers. (Closes: #414283) -- Kurt Roeckx Sat, 10 Mar 2007 17:11:46 +0000 openssl (0.9.8e-3) unstable; urgency=low * Add nagios-nrpe-server to the list of services to be checked (Closes: #391188) * EVP_CIPHER_CTX_key_length() should return the set key length in the EVP_CIPHER_CTX structure which may not be the same as the underlying cipher key length for variable length ciphers. From upstream CVS. (Closes: #412979) -- Kurt Roeckx Sun, 4 Mar 2007 23:22:51 +0000 openssl (0.9.8e-2) unstable; urgency=low * Undo include changes that change defines into real functions, but keep the new functions in the library. -- Kurt Roeckx Sun, 25 Feb 2007 19:19:19 +0000 openssl (0.9.8e-1) unstable; urgency=low * New upstream release - Inludes security fixes for CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4343 (Closes: #408902) - s_client now properly works with SMTP. Also added support for IMAP. (closes: #221689) - Load padlock modules (Closes: #345656, #368476) * Add clamav-freshclam and clamav-daemon to the list of service that need to be restarted. (Closes: #391191) * Add armel support. Thanks to Guillem Jover for the patch. (Closes: #407196) * Add Portuguese translations. Thanks to Carlos Lisboa. (Closes: 408157) * Add Norwegian translations. Thanks to Bjørn Steensrud (Closes: #412326) -- Kurt Roeckx Sun, 25 Feb 2007 18:06:28 +0000 openssl (0.9.8c-4) unstable; urgency=low * Add German debconf translation. Thanks to Johannes Starosta (Closes: #388108) * Make c_rehash look for both .pem and .crt files. Also make it support files in DER format. Patch by "Yauheni Kaliuta" (Closes: #387089) * Use & instead of && to check a flag in the X509 policy checking. Patch from upstream cvs. (Closes: #397151) * Also restart slapd for security updates (Closes: #400221) * Add Romanian debconf translation. Thanks to stan ioan-eugen (Closes: #393507) -- Kurt Roeckx Thu, 30 Nov 2006 20:57:46 +0000 openssl (0.9.8c-3) unstable; urgency=low * Fix patch for CVE-2006-2940, it left ctx unintiliased. -- Kurt Roeckx Mon, 2 Oct 2006 18:05:00 +0200 openssl (0.9.8c-2) unstable; urgency=high * Fix security vulnerabilities (CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4343). Urgency set to high. -- Kurt Roeckx Wed, 27 Sep 2006 21:24:55 +0000 openssl (0.9.8c-1) unstable; urgency=low * New upstream release - block padding bug with compression now fixed upstream, using their patch. - Includes the RSA Signature Forgery (CVE-2006-4339) patch. - New functions AES_bi_ige_encrypt and AES_ige_encrypt: bumping shlibs to require 0.9.8c-1. * Change the postinst script to check that ntp is installed instead of ntp-refclock and ntp-simple. The binary is now in the ntp package. * Move the modified rand/md_rand.c file to the right place, really fixing #363516. * Add partimage-server conserver-server and tor to the list of service to check for restart. Add workaround for openssh-server so it finds the init script. (Closes: #386365, #386400, #386513) * Add manpage for c_rehash. Thanks to James Westby (Closes: #215618) * Add Lithuanian debconf translation. Thanks to Gintautas Miliauskas (Closes: #374364) * Add m32r support. Thanks to Kazuhiro Inaoka (Closes: #378689) -- Kurt Roeckx Sun, 17 Sep 2006 14:47:59 +0000 openssl (0.9.8b-3) unstable; urgency=high * Fix RSA Signature Forgery (CVE-2006-4339) using patch provided by upstream. * Restart services using a smaller version that 0.9.8b-3, so they get the fixed version. * Change the postinst to check for postfix instead of postfix-tls. -- Kurt Roeckx Tue, 5 Sep 2006 18:26:10 +0000 openssl (0.9.8b-2) unstable; urgency=low * Don't call gcc with -mcpu on i386, we already use -march, so no need for -mtune either. * Always make all directories when building something: - The engines directory didn't get build for the static directory, so where missing in libcrypo.a - The apps directory didn't always get build, so we didn't have an openssl and a small part of the regression tests failed. * Make the package fail to build if the regression tests fail. -- Kurt Roeckx Mon, 15 May 2006 16:00:58 +0000 openssl (0.9.8b-1) unstable; urgency=low * New upstream release - New functions added (EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_free), bump shlibs. - CA.pl/CA.sh now calls openssl ca with -extensions v3_ca, setting CA:TRUE instead of FALSE. - CA.pl/CA.sh creates crlnumber now. (Closes: #347612) * Run debconf-updatepo, which really already was in the 0.9.8a-8 version as it was uploaded. * Add Galician debconf translation. Patch from Jacobo Tarrio (Closes: #361266) * libssl0.9.8.postinst makes uses of bashisms (local variables) so use #!/bin/bash * libssl0.9.8.postinst: Call set -e after sourcing the debconf script. * libssl0.9.8.postinst: Change list of service that may need to be restarted: - Replace ssh by openssh-server - Split postgresql in postgresql-7.4 postgresql-8.0 postgresql-8.1 - Add: dovecot-common bind9 ntp-refclock ntp-simple openntpd clamcour fetchmail ftpd-ssl proftpd proftpd-ldap proftpd-mysql proftpd-pgsql * libssl0.9.8.postinst: The check to see if something was installed wasn't working. * libssl0.9.8.postinst: Add workaround to find the name of the init script for proftpd and dovecot. * libssl0.9.8.postinst: Use invoke-rc.d when it's available. * Change Standards-Version to 3.7.0: - Make use of invoke-rc.d * Add comment to README.Debian that rc5, mdc2 and idea have been disabled (since 0.9.6b-3) (Closes: #362754) * Don't add uninitialised data to the random number generator. This stop valgrind from giving error messages in unrelated code. (Closes: #363516) * Put the FAQ in the openssl docs. * Add russian debconf translations from Yuriy Talakan (Closes #367216) -- Kurt Roeckx Thu, 4 May 2006 20:40:03 +0200 openssl (0.9.8a-8) unstable; urgency=low * Call pod2man with the proper section. Section changed from 1/3/5/7 to 1SSL/3SSL/5SSL/7SSL. The name of the files already had the ssl in, the section didn't. The references to other manpage is still wrong. * Don't install the LICENSE file, it's already in the copyright file. * Don't set an rpath on openssl to point to /usr/lib. * Add support for kfreebsd-amd64. (Closes: #355277) * Add udeb to the shlibs. Patch from Frans Pop (Closes: #356908) -- Kurt Roeckx Sat, 11 Feb 2006 14:14:37 +0100 openssl (0.9.8a-7) unstable; urgency=high * Add italian debconf templates. Thanks to Luca Monducci. (Closes: #350249) * Change the debconf question to use version 0.9.8-3 instead of 0.9.8-1, since that's the last version with a security fix. * Call conn_state() if the BIO is not in the BIO_CONN_S_OK state (Closes: #352047). RC bug affecting testing, so urgency high. -- Kurt Roeckx Sat, 9 Feb 2006 19:07:56 +0100 openssl (0.9.8a-6) unstable; urgency=low * Remove empty postinst/preinst/prerm scripts. There is no need to have empty ones, debhelper will add them when needed. * Remove the static pic libraries. Nobody should be linking it's shared libraries static to libssl or libcrypto. This was added for opensc who now links to it shared. * Do not assume that in case the sequence number is 0 and the packet has an odd number of bytes that the other side has the block padding bug, but try to check that it actually has the bug. The wrong detection of this bug resulted in an "decryption failed or bad record mac" error in case both sides were using zlib compression. (Closes: #338006) -- Kurt Roeckx Mon, 21 Jan 2006 16:25:41 +0100 openssl (0.9.8a-5) unstable; urgency=low * Stop ssh from crashing randomly on sparc (Closes: #335912) Patch from upstream cvs. -- Kurt Roeckx Tue, 13 Dec 2005 21:37:42 +0100 openssl (0.9.8a-4) unstable; urgency=low * Call dh_makeshlibs with the proper version instead of putting it in shlibs.local, which doesn't seem to do anything. 0.9.8a-1 added symbol versioning, so it should have bumped the shlibs. (Closes: #338284) * The openssl package had a duplicate dependency on libssl0.9.8, only require the version as required by the shlibs. * Make libssl-dev depend on zlib1g-dev, since it's now required for static linking. (Closes: #338313) * Generate .pc files that make use of Libs.private, so things only link to the libraries they should when linking shared. * Use -m64 instead of -bpowerpc64-linux on ppc64. (Closes: #335486) * Make powerpc and ppc64 use the assembler version for bn. ppc64 had the location in the string wrong, powerpc had it missing. * Add includes for stddef to get size_t in md2.h, md4.h, md5.h, ripemd.h and sha.h. (Closes: #333101) * Run make test for each of the versions we build, make it not fail the build process if an error is found. * Add build dependency on bc for the regression tests. -- Kurt Roeckx Wed, 13 Nov 2005 16:01:05 +0100 openssl (0.9.8a-3) unstable; urgency=high * Link to libz instead of dynamicly loading it. It gets loaded at the moment the library is initialised, so there is no point in not linking to it. It's now failing in some cases since it's not opened by it's soname, but by the symlink to it. This should hopefully solve most of the bugs people have reported since the move to libssl0.9.8. (Closes: #334180, #336140, #335271) * Urgency set to high because it fixes a grave bug affecting testing. -- Kurt Roeckx Tue, 1 Nov 2005 14:56:40 +0100 openssl (0.9.8a-2) unstable; urgency=low * Add Build-Dependency on m4, since sparc needs it to generate it's assembler files. (Closes: #334542) * Don't use rc4-x86_64.o on amd64 for now, it seems to be broken and causes a segfault. (Closes: #334501, #334502) -- Kurt Roeckx Tue, 18 Oct 2005 19:05:53 +0200 openssl (0.9.8a-1) unstable; urgency=low Christoph Martin: * fix asm entries for some architectures, fixing #332758 properly. * add noexecstack option to i386 subarch * include symbol versioning in Configure (closes: #330867) * include debian-armeb arch (closes: #333579) * include new upstream patches; includes some minor fixes * fix dh_shlibdeps line, removing the redundant dependency on libssl0.9.8 (closes: #332755) * add swedish debconf template (closes: #330554) Kurt Roeckx: * Also add noexecstack option for amd64, since it now has an executable stack with the assembler fixes for amd64. -- Christoph Martin Mon, 17 Oct 2005 17:01:06 +0200 openssl (0.9.8-3) unstable; urgency=low * Apply security fix for CAN-2005-2969. (Closes: #333500) * Change priority of -dbg package to extra. -- Kurt Roeckx Wed, 12 Oct 2005 22:38:58 +0200 openssl (0.9.8-2) unstable; urgency=low * Don't use arch specific assembler. Should fix build failure on ia64, sparc and amd64. (Closes: #332758) * Add myself to the uploaders. -- Kurt Roeckx Mon, 10 Oct 2005 19:22:36 +0200 openssl (0.9.8-1) unstable; urgency=low * New upstream release (closes: #311826) -- Christoph Martin Thu, 29 Sep 2005 14:20:04 +0200 openssl (0.9.7g-3) unstable; urgency=low * change Configure line for debian-freebsd-i386 to debian-kfreebsd-i386 (closes: #327692) * include -dbg version. That implies compiling with -g and without -fomit-frame-pointer (closes: #293823, #153811) -- Christoph Martin Fri, 23 Sep 2005 13:51:57 +0200 openssl (0.9.7g-2) unstable; urgency=low * really include nl translation * remove special ia64 code from rc4 code to make the abi compatible to older 0.9.7 versions (closes: #310489, #309274) * fix compile flag for debian-ppc64 (closes: #318750) * small fix in libssl0.9.7.postinst (closes: #239956) * fix pk7_mime.c to prevent garbled messages because of to early memory free (closes: #310184) * include vietnamese debconf translation (closes: #316689) * make optimized i386 libraries have non executable stack (closes: #321721) * remove leftover files from ssleay * move from dh_installmanpages to dh_installman * change Maintainer to pkg-openssl-devel@lists.alioth.debian.org -- Christoph Martin Wed, 7 Sep 2005 15:32:54 +0200 openssl (0.9.7g-1) unstable; urgency=low * New upstream release * Added support for proxy certificates according to RFC 3820. Because they may be a security thread to unaware applications, they must be explicitely allowed in run-time. See docs/HOWTO/proxy_certificates.txt for further information. * Prompt for pass phrases when appropriate for PKCS12 input format. * Back-port of selected performance improvements from development branch, as well as improved support for PowerPC platforms. * Add lots of checks for memory allocation failure, error codes to indicate failure and freeing up memory if a failure occurs. * Perform some character comparisons of different types in X509_NAME_cmp: this is needed for some certificates that reencode DNs into UTF8Strings (in violation of RFC3280) and can't or wont issue name rollover certificates. * corrected watchfile * added upstream source url (closes: #292904) * fix typo in CA.pl.1 (closes: #290271) * change debian-powerpc64 to debian-ppc64 and adapt the configure options to be the same like upstream (closes: #289841) * include -signcert option in CA.pl usage * compile with zlib-dynamic to use system zlib (closes: #289872) -- Christoph Martin Mon, 9 May 2005 23:32:03 +0200 openssl (0.9.7e-3) unstable; urgency=high * really fix der_chop. The fix from -1 was not really included (closes: #281212) * still fixes security problem CAN-2004-0975 etc. - tempfile raise condition in der_chop - Avoid a race condition when CRLs are checked in a multi threaded environment. -- Christoph Martin Thu, 16 Dec 2004 18:41:29 +0100 openssl (0.9.7e-2) unstable; urgency=high * fix perl path in der_chop and c_rehash (closes: #281212) * still fixes security problem CAN-2004-0975 etc. - tempfile raise condition in der_chop - Avoid a race condition when CRLs are checked in a multi threaded environment. -- Christoph Martin Sun, 14 Nov 2004 20:16:21 +0100 openssl (0.9.7e-1) unstable; urgency=high * SECURITY UPDATE: fix insecure temporary file handling * apps/der_chop: - replaced $$-style creation of temporary files with File::Temp::tempfile() - removed unused temporary file name in do_certificate() * References: CAN-2004-0975 (closes: #278260) * fix ASN1_STRING_to_UTF8 with UTF8 (closes: #260357) * New upstream release with security fixes - Avoid a race condition when CRLs are checked in a multi threaded environment. - Various fixes to s3_pkt.c so alerts are sent properly. - Reduce the chances of duplicate issuer name and serial numbers (in violation of RFC3280) using the OpenSSL certificate creation utilities. * depends openssl on perl-base instead of perl (closes: #280225) * support powerpc64 in Configure (closes: #275224) * include cs translation (closes: #273517) * include nl translation (closes: #272479) * Fix default dir of c_rehash (closes: #253126) -- Christoph Martin Fri, 12 Nov 2004 14:11:15 +0100 openssl (0.9.7d-5) unstable; urgency=low * Make S/MIME encrypt work again (backport from CVS) (closes: #241407, #241386) -- Christoph Martin Mon, 26 Jul 2004 17:22:42 +0200 openssl (0.9.7d-4) unstable; urgency=low * add Catalan translation (closes: #248749) * add Spanish translation (closes: #254561) * include NMU fixes: see below * decrease optimisation level for debian-arm to work around gcc bug (closes: #253848) (thanks to Steve Langasek and Thom May) * Add libcrypto0.9.7-udeb. (closes: #250010) (thanks to Bastian Blank) * Add watchfile -- Christoph Martin Wed, 14 Jul 2004 14:31:02 +0200 openssl (0.9.7d-3) unstable; urgency=low * rename -pic.a libraries to _pic.a (closes: #250016) -- Christoph Martin Mon, 24 May 2004 17:02:29 +0200 openssl (0.9.7d-2) unstable; urgency=low * include PIC libs (libcrypto-pic.a and libssl-pic.a) to libssl-dev (closes: #246928, #243999) * add racoon to restart list (closes: #242652) * add Brazilian, Japanese and Danish translations (closes: #242087, #241830, #241705) -- Christoph Martin Tue, 11 May 2004 10:13:49 +0200 openssl (0.9.7d-1) unstable; urgency=high * new upstream * fixes security holes (http://www.openssl.org/news/secadv_20040317.txt) (closes: #238661) * includes support for debian-amd64 (closes: #235551, #232310) * fix typo in pem.pod (closes: #219873) * fix typo in libssl0.9.7.templates (closes: #224690) * openssl suggests ca-certificates (closes: #217180) * change debconf template to gettext format (closes: #219013) * include french debconf template (closes: #219014) -- Christoph Martin Thu, 18 Mar 2004 16:18:43 +0100 openssl (0.9.7c-5) unstable; urgency=low * include openssl.pc into libssl-dev (closes: #212545) -- Christoph Martin Thu, 16 Oct 2003 16:31:32 +0200 openssl (0.9.7c-4) unstable; urgency=low * change question to restart services to debconf (closes: #214840) * stop using dh_undocumented (closes: #214831) -- Christoph Martin Fri, 10 Oct 2003 15:40:48 +0200 openssl (0.9.7c-3) unstable; urgency=low * fix POSIX conformance for head in libssl0.9.7.postinst (closes: #214700) -- Christoph Martin Wed, 8 Oct 2003 14:02:38 +0200 openssl (0.9.7c-2) unstable; urgency=low * add filerc macro to libssl0.9.7.postinst (closes: #213906) * restart spamassassins spamd on upgrade (closes: #214106) * restart more services on upgrade * fix EVP_BytesToKey manpage (closes: #213715) -- Christoph Martin Tue, 7 Oct 2003 15:01:32 +0200 openssl (0.9.7c-1) unstable; urgency=high * upstream security fix (closes: #213451) - Fix various bugs revealed by running the NISCC test suite: Stop out of bounds reads in the ASN1 code when presented with invalid tags (CAN-2003-0543 and CAN-2003-0544). Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545). If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. - In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate if the server requested one: as stated in TLS 1.0 and SSL 3.0 specifications. * more minor upstream bugfixes * fix formatting in c_issuer (closes: #190026) * fix Debian-FreeBSD support (closes: #200381) * restart some services in postinst to make them use the new libraries * remove duplicated openssl.1, crypto.3 and ssl.3 (closes: #198594) -- Christoph Martin Wed, 1 Oct 2003 08:54:27 +0200 openssl (0.9.7b-2) unstable; urgency=high * fix permission of /etc/ssl/private to 700 again * change section of libssl-dev to libdevel -- Christoph Martin Wed, 23 Apr 2003 11:13:24 +0200 openssl (0.9.7b-1) unstable; urgency=high * upstream security fix - Countermeasure against the Klima-Pokorny-Rosa extension of Bleichbacher's attack on PKCS #1 v1.5 padding: treat a protocol version number mismatch like a decryption error in ssl3_get_client_key_exchange (ssl/s3_srvr.c). (CAN-2003-0131) (closes: #189087) - Turn on RSA blinding by default in the default implementation to avoid a timing attack. Applications that don't want it can call RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING. They would be ill-advised to do so in most cases. (CAN-2003-0147) - Change RSA blinding code so that it works when the PRNG is not seeded (in this case, the secret RSA exponent is abused as an unpredictable seed -- if it is not unpredictable, there is no point in blinding anyway). Make RSA blinding thread-safe by remembering the creator's thread ID in rsa->blinding and having all other threads use local one-time blinding factors (this requires more computation than sharing rsa->blinding, but avoids excessive locking; and if an RSA object is not shared between threads, blinding will still be very fast). for more details see the CHANGES file -- Christoph Martin Wed, 16 Apr 2003 10:32:57 +0200 openssl (0.9.7a-1) unstable; urgency=high * upstream Security fix - In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This is a countermeasure against active attacks where the attacker has to distinguish between bad padding and a MAC verification error. (CAN-2003-0078) for more details see the CHANGES file -- Christoph Martin Fri, 21 Feb 2003 22:39:40 +0100 openssl (0.9.7-4) unstable; urgency=low * use DH_COMPAT=3 to build * move i686 to i686/cmov to fix problems on Via C3. For that to work we have to depend on the newest libc6 on i386 (closes: #177891) * fix bug in ui_util.c (closes: #177615) * fix typo in md5.h (closes: #178112) -- Christoph Martin Fri, 24 Jan 2003 10:22:56 +0100 openssl (0.9.7-3) unstable; urgency=low * enable build of ultrasparc code on non ultrasparc machines (closes: #177024) -- Christoph Martin Fri, 17 Jan 2003 08:22:13 +0100 openssl (0.9.7-2) unstable; urgency=low * include changes between 0.9.6g-9 and -10 * fix problem in build-process on i386 with libc6 version number -- Christoph Martin Mon, 13 Jan 2003 14:26:56 +0100 openssl (0.9.7-1) unstable; urgency=low * new upstream * includes engine support * a lot of bugfixes and enhancements, see the CHANGES file * include AES encryption * makes preview of certificate configurable (closes: #176059) * fix x509 manpage (closes: #168070) * fix declaration of ERR_load_PEM_string in pem.h (closes: #141360) -- Christoph Martin Sat, 11 Jan 2003 09:12:16 +0100 openssl (0.9.6g-10) unstable; urgency=low * fix problem in build-process on i386 with libc6 version number (closes: #167096) -- Christoph Martin Mon, 4 Nov 2002 12:27:21 +0100 openssl (0.9.6g-9) unstable; urgency=low * fix typo in i386 libc6 depend (sigh) (closes: #163848) -- Christoph Martin Tue, 8 Oct 2002 23:29:20 +0200 openssl (0.9.6g-8) unstable; urgency=low * fix libc6 depends. Only needed for i386 (closes: #163701) * remove SHLIB section for bsds from Configure (closes: #163585) -- Christoph Martin Tue, 8 Oct 2002 10:57:35 +0200 openssl (0.9.6g-7) unstable; urgency=low * enable i686 optimisation and depend on fixed glibc (closes: #163500) * remove transition package ssleay * include optimisation vor sparcv8 (closes: #139996) * improve optimisation vor sparcv9 -- Christoph Martin Sun, 6 Oct 2002 14:07:12 +0200 openssl (0.9.6g-6) unstable; urgency=low * temporarily disable i686 optimisation (See bug in glibc #161788) -- Christoph Martin Sat, 21 Sep 2002 18:56:49 +0200 openssl (0.9.6g-5) unstable; urgency=low * i486 can use i586 assembler * include set -xe in the for loops in the rules files to make it abort on error (closes: #161768) -- Christoph Martin Sat, 21 Sep 2002 16:23:11 +0200 openssl (0.9.6g-4) unstable; urgency=low * fix optimization for alpha and sparc * add optimization for i486 -- Christoph Martin Fri, 20 Sep 2002 22:36:19 +0200 openssl (0.9.6g-3) unstable; urgency=low * add optimized libraries for i586, i686, ev4, ev5 and v9 (closes: #139783) -- Christoph Martin Thu, 19 Sep 2002 18:33:04 +0200 openssl (0.9.6g-2) unstable; urgency=low * fix manpage names (closes: #156717, #156718, #156719, #156721) -- Christoph Martin Thu, 15 Aug 2002 11:26:37 +0200 openssl (0.9.6g-1) unstable; urgency=low * new upstream version * Use proper error handling instead of 'assertions' in buffer overflow checks added in 0.9.6e. This prevents DoS (the assertions could call abort()). (closes: #155985, #156495) * Fix ASN1 checks. Check for overflow by comparing with LONG_MAX and get fix the header length calculation. * include support for new sh* architectures (closes: #155117) -- Christoph Martin Wed, 14 Aug 2002 13:59:22 +0200 openssl (0.9.6e-1) unstable; urgency=high * fixes remote exploits (see DSA-136-1) -- Christoph Martin Tue, 30 Jul 2002 18:32:28 +0200 openssl (0.9.6d-1) unstable; urgency=low * new upstream (minor) version * includes Configure lines for debian-*bsd-* (closes: #130413) * fix wrong prototype for BN_pseudo_rand_range in BN_rand(3ssl) (closes: #144586) * fix typos in package description (closes: #141469) * fix typo in SSL_CTX_set_cert_store manpage (closes: #135297) -- Christoph Martin Mon, 3 Jun 2002 19:42:10 +0200 openssl (0.9.6c-2) unstable; urgency=low * moved from non-US to main -- Christoph Martin Tue, 19 Mar 2002 14:48:39 +0100 openssl (0.9.6c-1) unstable; urgency=low * new upstream version with a lot of bugfixes * remove directory /usr/include/openssl from openssl package (closes: bug #121226) * remove selfdepends from libssl0.9.6 * link openssl binary shared again -- Christoph Martin Sat, 5 Jan 2002 19:04:31 +0100 openssl (0.9.6b-4) unstable; urgency=low * build with -D_REENTRANT for threads support on all architectures (closes: #112329, #119239) -- Christoph Martin Sat, 24 Nov 2001 12:17:51 +0100 openssl (0.9.6b-3) unstable; urgency=low * disable idea, mdc2 and rc5 because they are not free (closes: #65368) * ready to be moved from nonus to main -- Christoph Martin Wed, 21 Nov 2001 17:51:41 +0100 openssl (0.9.6b-2) unstable; urgency=high * fix definition of crypt in des.h (closes: #107533) * fix descriptions (closes: #109503) -- Christoph Martin Mon, 17 Sep 2001 15:38:27 +0200 openssl (0.9.6b-1) unstable; urgency=medium * new upstream fixes some security issues (closes: #105835, #100146) * added support for s390 (closes: #105681) * added support for sh (closes: #100003) * change priority of libssl096 to standard as ssh depends on it (closes: #105440) * don't optimize for i486 to support i386. (closes: #104127, #82194) -- Christoph Martin Fri, 20 Jul 2001 15:52:42 +0200 openssl (0.9.6a-3) unstable; urgency=medium * add perl-base to builddeps * include static libraries in libssl-dev (closes: #93688) -- Christoph Martin Mon, 14 May 2001 20:16:06 +0200 openssl (0.9.6a-2) unstable; urgency=medium * change Architecture of ssleay from any to all (closes: #92913) * depend libssl-dev on the exact same version of libssl0.9.6 (closes: #88939) * remove lib{crypto,ssl}.a from openssl (closes: #93666) * rebuild with newer gcc to fix atexit problem (closes: #94036) -- Christoph Martin Wed, 2 May 2001 12:28:39 +0200 openssl (0.9.6a-1) unstable; urgency=medium * new upstream, fixes some security bugs (closes: #90584) * fix typo in s_server manpage (closes: #89756) -- Christoph Martin Tue, 10 Apr 2001 12:13:11 +0200 openssl (0.9.6-2) unstable; urgency=low * policy: reorganisation of package names: libssl096 -> libssl0.9.6, libssl096-dev -> libssl-dev (closes: #83426) * libssl0.9.6 drops replaces libssl09 (Closes: #83425) * install upstream CHANGES files (Closes: #83430) * added support for hppa and ia64 (Closes: #88790) * move man3 manpages to libssl-dev (Closes: #87546) * fix formating problem in rand_add(1) (Closes: #87547) * remove manpage duplicates (Closes: #87545, #74986) * make package descriptions clearer (Closes: #83518, #83444) * increase default emailAddress_max from 40 to 60 (Closes: #67238) * removed RSAREF warning (Closes: #84122) -- Christoph Martin Thu, 8 Mar 2001 14:24:00 +0100 openssl (0.9.6-1) unstable; urgency=low * New upstream version (Thanks to Enrique Zanardi ) (closes: #72388) * Add support for debian-hurd (closes: #76032) -- Christoph Martin Mon, 13 Nov 2000 22:30:46 +0100 openssl (0.9.5a-5) unstable; urgency=low * move manpages in standard directories with section ssl (closes: #72152, #69809) -- Christoph Martin Thu, 5 Oct 2000 19:56:20 +0200 openssl (0.9.5a-4) unstable; urgency=low * include edg_rand_bytes patch from and for apache-ssl -- Christoph Martin Sat, 23 Sep 2000 16:48:06 +0200 openssl (0.9.5a-3) unstable; urgency=low * fix call to dh_makeshlibs to create correct shlibs file and make dependend programs link correctly (closes: Bug#61658) * include a note in README.debian concerning the location of the subcommand manpages (closes: Bug#69809) -- Christoph Martin Sat, 16 Sep 2000 19:10:50 +0200 openssl (0.9.5a-2) unstable; urgency=low * try to fix the sharedlib problem. change soname of library (closes: Bug#4622, #66102, #66538, #66123) -- Christoph Martin Wed, 12 Jul 2000 03:26:30 +0200 openssl (0.9.5a-1) unstable; urgency=low * new upstream version (major changes see file NEWS) (closes: Bug#63976, #65239, #65358) * new library package libssl095a because of probably changed library interface (closes: Bug#46222) * added architecture mips and mipsel (closes: Bug#62437, #60366) * provide shlibs.local file in build to help build if libraries are not yet installed (closes: Bug#63984) -- Christoph Martin Sun, 11 Jun 2000 15:17:35 +0200 openssl (0.9.4-5) frozen unstable; urgency=medium * cleanup of move of doc directories to /usr/share/doc (closes: Bug#56430) * lintian issues (closes: Bug#49358) * move demos from openssl to libssl09-dev (closes: Bug#59201) * move to debhelpers -- Christoph Martin Sat, 11 Mar 2000 10:38:04 +0100 openssl (0.9.4-4) unstable; urgency=medium * Added 'debian-arm' in 'Configure'. (closes: Bug#54251, #54766) * Fixed Configure for 'debian-m68k' (closes: Bug#53636) -- Christoph Martin Sat, 15 Jan 2000 13:16:18 +0100 openssl (0.9.4-3) unstable; urgency=low * define symbol SSLeay_add_ssl_algorithms for backward compatibility (closes: Bug#46882) * remove manpages from /usr/doc/openssl (closes: Bug#46791) -- Christoph Martin Thu, 14 Oct 1999 16:51:08 +0200 openssl (0.9.4-2) unstable; urgency=low * include some more docu in pod format (Bug #43933) * removed -mv8 from sparc flags (Bug #44769) -- Christoph Martin Tue, 14 Sep 1999 22:04:06 +0200 openssl (0.9.4-1) unstable; urgency=low * new upstream version (Closes: #42926) -- Christoph Martin Sat, 28 Aug 1999 17:04:23 +0200 openssl (0.9.3a-1) unstable; urgency=low * new upstream version (Bug #38345, #38627) * sparc is big-endian (Bug #39973) -- Christoph Martin Wed, 7 Jul 1999 16:03:37 +0200 openssl (0.9.2b-3) unstable; urgency=low * correct move conffiles to /etc/ssl (Bug #38570) -- Christoph Martin Mon, 31 May 1999 21:08:07 +0200 openssl (0.9.2b-2) unstable; urgency=low * added convenience package ssleay to help upgrade to openssl (Bug #37185, #37623, #36326) * added some missing dependencies from libssl09 (Bug #36681, #35867, #36326) * move lib*.so to libssl09-dev (Bug #36761) * corrected version numbers of library files * introduce link from /usr/lib/ssl to /etc/ssl (Bug #36710) -- Christoph Martin Sun, 23 May 1999 14:57:48 +0200 openssl (0.9.2b-1) unstable; urgency=medium * First openssl version -- Christoph Martin Wed, 31 Mar 1999 15:54:26 +0200 ssleay (0.9.0b-2) unstable; urgency=low * Include message about the (not)usage of RSAREF (#24409) * Move configfiles from /usr/lib/ssl to /etc/ssl (#26406) * Change definitions for sparc (#26487) * Added missing dependency (#28591) * Make debian/libtool executable (#29708) * /etc/ssl/lib/ssleay.cnf is now a confile (#32624) -- Christoph Martin Sun, 21 Mar 1999 19:41:04 +0100 ssleay (0.9.0b-1) unstable; urgency=low * new upstream version (Bug #21227, #25971) * build shared libraries with -fPIC (Bug #20027) * support sparc architecture (Bug #28467) -- Christoph Martin Tue, 13 Oct 1998 10:20:13 +0200 ssleay (0.8.1-7) frozen unstable; urgency=high * security fix patch to 0.8.1b (bug #24022) -- Christoph Martin Mon, 6 Jul 1998 15:42:15 +0200 ssleay (0.8.1-6) frozen unstable; urgency=low * second try to fix bug #15235 (copyright was still missing) -- Christoph Martin Mon, 22 Jun 1998 08:56:27 +0200 ssleay (0.8.1-5) frozen unstable; urgency=high * changed /dev/random to /dev/urandom (Bug #23169, #17817) * copyright contains now the full licence (Bug #15235) * fixed bug #19410 (md5sums-lists-nonexisting-file) * added demos to /usr/doc (Bug #17372) * fixed type in package description (Bug #18969) * fixed bug in adding documentation (Bug #21463) * added patch for support of debian-powerpc (Bug #21579) -- Christoph Martin Thu, 18 Jun 1998 23:09:13 +0200 ssleay (0.8.1-4) unstable; urgency=low * purged dependency from libc5 -- Christoph Martin Tue, 11 Nov 1997 15:31:50 +0100 ssleay (0.8.1-3) unstable; urgency=low * changed packagename libssl to libssl08 to get better dependancies -- Christoph Martin Fri, 7 Nov 1997 14:23:17 +0100 ssleay (0.8.1-2) unstable; urgency=low * linked shared libraries against libc6 * use /dev/random for randomseed -- Christoph Martin Wed, 5 Nov 1997 11:21:40 +0100 ssleay (0.8.1-1) unstable; urgency=low * new upstream version -- Christoph Martin Thu, 16 Oct 1997 16:15:43 +0200 ssleay (0.6.6-2) unstable; urgency=low * cleanup in diffs * removed INSTALL from docs (bug #13205) * split libssl and libssl-dev (but #13735) -- Christoph Martin Wed, 15 Oct 1997 17:38:38 +0200 ssleay (0.6.6-1) unstable; urgency=low * New upstream version * added shared libraries for libcrypto and libssl -- Christoph Martin Thu, 26 Jun 1997 19:26:14 +0200 ssleay (0.6.4-2) unstable; urgency=low * changed doc filenames from .doc to .txt to be able to read them over with webbrowser -- Christoph Martin Tue, 25 Feb 1997 14:02:53 +0100 ssleay (0.6.4-1) unstable; urgency=low * Initial Release. -- Christoph Martin Fri, 22 Nov 1996 21:29:51 +0100 debian/libssl1.0.0.dirs0000664000000000000000000000003211632643401011713 0ustar usr/share/doc/libssl1.0.0 debian/source/0000775000000000000000000000000012263334623010474 5ustar debian/source/include-binaries0000664000000000000000000000004012262570015013622 0ustar debian/upstream-signing-key.pgp debian/source/format0000664000000000000000000000001411342175337011704 0ustar 3.0 (quilt) debian/source/options0000664000000000000000000000021412263334623012107 0ustar # If building on amd64, Makefiles are regenerated # We could move .save Makefiles back in place.... extend-diff-ignore = "(^|/)(Makefile)$" debian/compat0000664000000000000000000000000212234750600010365 0ustar 9 debian/libcrypto1.0.0-udeb.dirs0000664000000000000000000000000412263334623013352 0ustar lib debian/patches/0000775000000000000000000000000012320577634010630 5ustar debian/patches/gnu_source.patch0000664000000000000000000000167211503421631014013 0ustar From: Kurt Roeckx Subject: Always define _GNU_SOURCE We need this atleast for kfreebsd because they also use glibc. There shouldn't be a problem defining this on systems not using glibc. Index: openssl-1.0.0c.obsolete.0.297891860202984/crypto/dso/dso_dlfcn.c =================================================================== --- openssl-1.0.0c.obsolete.0.297891860202984.orig/crypto/dso/dso_dlfcn.c 2010-12-19 16:18:36.000000000 +0100 +++ openssl-1.0.0c.obsolete.0.297891860202984/crypto/dso/dso_dlfcn.c 2010-12-19 16:19:01.000000000 +0100 @@ -60,10 +60,8 @@ that handle _GNU_SOURCE and other similar macros. Defining it later is simply too late, because those headers are protected from re- inclusion. */ -#ifdef __linux -# ifndef _GNU_SOURCE -# define _GNU_SOURCE /* make sure dladdr is declared */ -# endif +#ifndef _GNU_SOURCE +# define _GNU_SOURCE /* make sure dladdr is declared */ #endif #include debian/patches/libdoc-manpgs-pod-spell.patch0000664000000000000000000001203612255603224016257 0ustar Index: openssl-1.0.1e/doc/crypto/ASN1_generate_nconf.pod =================================================================== --- openssl-1.0.1e.orig/doc/crypto/ASN1_generate_nconf.pod 2013-12-22 16:16:44.695836636 +0100 +++ openssl-1.0.1e/doc/crypto/ASN1_generate_nconf.pod 2013-12-22 16:16:44.691836721 +0100 @@ -61,7 +61,7 @@ =item B, B Encodes an ASN1 B type. The B string represents -the value of the integer, it can be preceeded by a minus sign and +the value of the integer, it can be preceded by a minus sign and is normally interpreted as a decimal value unless the prefix B<0x> is included. Index: openssl-1.0.1e/doc/crypto/BN_BLINDING_new.pod =================================================================== --- openssl-1.0.1e.orig/doc/crypto/BN_BLINDING_new.pod 2013-12-22 16:16:44.695836636 +0100 +++ openssl-1.0.1e/doc/crypto/BN_BLINDING_new.pod 2013-12-22 16:16:44.691836721 +0100 @@ -48,7 +48,7 @@ BN_BLINDING_convert_ex() multiplies B with the blinding factor B. If B is not NULL a copy the inverse blinding factor B will be -returned in B (this is useful if a B object is shared amoung +returned in B (this is useful if a B object is shared among several threads). BN_BLINDING_invert_ex() multiplies B with the inverse blinding factor B. If B is not NULL it will be used as the inverse blinding. Index: openssl-1.0.1e/doc/crypto/EVP_BytesToKey.pod =================================================================== --- openssl-1.0.1e.orig/doc/crypto/EVP_BytesToKey.pod 2013-12-22 16:16:44.695836636 +0100 +++ openssl-1.0.1e/doc/crypto/EVP_BytesToKey.pod 2013-12-22 16:16:44.691836721 +0100 @@ -17,7 +17,7 @@ EVP_BytesToKey() derives a key and IV from various parameters. B is the cipher to derive the key and IV for. B is the message digest to use. -The B paramter is used as a salt in the derivation: it should point to +The B parameter is used as a salt in the derivation: it should point to an 8 byte buffer or NULL if no salt is used. B is a buffer containing B bytes which is used to derive the keying data. B is the iteration count to use. The derived key and IV will be written to B Index: openssl-1.0.1e/doc/crypto/EVP_EncryptInit.pod =================================================================== --- openssl-1.0.1e.orig/doc/crypto/EVP_EncryptInit.pod 2013-12-22 16:16:44.695836636 +0100 +++ openssl-1.0.1e/doc/crypto/EVP_EncryptInit.pod 2013-12-22 16:16:44.691836721 +0100 @@ -152,7 +152,7 @@ EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and -EVP_CipherInit_ex() except the B paramter does not need to be +EVP_CipherInit_ex() except the B parameter does not need to be initialized and they always use the default cipher implementation. EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a Index: openssl-1.0.1e/doc/crypto/EVP_PKEY_cmp.pod =================================================================== --- openssl-1.0.1e.orig/doc/crypto/EVP_PKEY_cmp.pod 2013-12-22 16:16:44.695836636 +0100 +++ openssl-1.0.1e/doc/crypto/EVP_PKEY_cmp.pod 2013-12-22 16:16:44.691836721 +0100 @@ -26,7 +26,7 @@ The funcion EVP_PKEY_cmp_parameters() compares the parameters of keys B and B. -The funcion EVP_PKEY_cmp() compares the public key components and paramters +The funcion EVP_PKEY_cmp() compares the public key components and parameters (if present) of keys B and B. =head1 NOTES Index: openssl-1.0.1e/doc/crypto/pem.pod =================================================================== --- openssl-1.0.1e.orig/doc/crypto/pem.pod 2013-12-22 16:16:44.695836636 +0100 +++ openssl-1.0.1e/doc/crypto/pem.pod 2013-12-22 16:16:44.691836721 +0100 @@ -201,7 +201,7 @@ PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey() write a private key in an EVP_PKEY structure in PKCS#8 EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption -algorithms. The B argument specifies the encryption algoritm to +algorithms. The B argument specifies the encryption algorithm to use: unlike all other PEM routines the encryption is applied at the PKCS#8 level and not in the PEM headers. If B is NULL then no encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead. Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_verify.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_verify.pod 2013-12-22 16:16:44.695836636 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_verify.pod 2013-12-22 16:16:44.695836636 +0100 @@ -169,8 +169,8 @@ failure, if wished. The callback realizes a verification depth limit with more informational output. -All verification errors are printed, informations about the certificate chain -are printed on request. +All verification errors are printed; information about the certificate chain +is printed on request. The example is realized for a server that does allow but not require client certificates. debian/patches/block_diginotar.patch0000664000000000000000000000376411632637645015021 0ustar From: Raphael Geissert Description: make X509_verify_cert indicate that any certificate whose name contains "DigiNotar" is revoked. Forwarded: not-needed Origin: vendor Last-Update: 2011-09-08 Bug: http://bugs.debian.org/639744 Reviewed-by: Kurt Roeckx Reviewed-by: Dr Stephen N Henson This is not meant as final patch. Index: openssl-1.0.0d/crypto/x509/x509_vfy.c =================================================================== --- openssl-1.0.0d.orig/crypto/x509/x509_vfy.c +++ openssl-1.0.0d/crypto/x509/x509_vfy.c @@ -117,6 +117,7 @@ static int check_trust(X509_STORE_CTX *c static int check_revocation(X509_STORE_CTX *ctx); static int check_cert(X509_STORE_CTX *ctx); static int check_policy(X509_STORE_CTX *ctx); +static int check_ca_blacklist(X509_STORE_CTX *ctx); static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, unsigned int *preasons, @@ -374,6 +375,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx ok=internal_verify(ctx); if(!ok) goto end; + ok = check_ca_blacklist(ctx); + if(!ok) goto end; + #ifndef OPENSSL_NO_RFC3779 /* RFC 3779 path validation, now that CRL check has been done */ ok = v3_asid_validate_path(ctx); @@ -820,6 +824,29 @@ static int check_crl_time(X509_STORE_CTX return 1; } +static int check_ca_blacklist(X509_STORE_CTX *ctx) + { + X509 *x; + int i; + /* Check all certificates against the blacklist */ + for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) + { + x = sk_X509_value(ctx->chain, i); + /* Mark DigiNotar certificates as revoked, no matter + * where in the chain they are. + */ + if (x->name && strstr(x->name, "DigiNotar")) + { + ctx->error = X509_V_ERR_CERT_REVOKED; + ctx->error_depth = i; + ctx->current_cert = x; + if (!ctx->verify_cb(0,ctx)) + return 0; + } + } + return 1; + } + static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, X509 **pissuer, int *pscore, unsigned int *preasons, STACK_OF(X509_CRL) *crls) debian/patches/valgrind.patch0000664000000000000000000000130311501173436013444 0ustar Index: openssl-1.0.0c/crypto/rand/md_rand.c =================================================================== --- openssl-1.0.0c.orig/crypto/rand/md_rand.c 2010-06-16 15:17:22.000000000 +0200 +++ openssl-1.0.0c/crypto/rand/md_rand.c 2010-12-12 17:02:50.000000000 +0100 @@ -476,6 +476,7 @@ MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); #ifndef PURIFY /* purify complains */ +#if 0 /* The following line uses the supplied buffer as a small * source of entropy: since this buffer is often uninitialised * it may cause programs such as purify or valgrind to @@ -485,6 +486,7 @@ */ MD_Update(&m,buf,j); #endif +#endif k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; if (k > 0) debian/patches/CVE-2014-0076.patch0000664000000000000000000001371012320577604013243 0ustar Description: fix side-channel attack on Montgomery ladder implementation Origin: upstream, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4b7a4ba29cafa432fc4266fe6e59e60bc1c96332 Origin: upstream, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=40acdb192e035f463d3c39c23fd8a68cf54df378 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742923 Index: openssl-1.0.1f/crypto/bn/bn.h =================================================================== --- openssl-1.0.1f.orig/crypto/bn/bn.h 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/crypto/bn/bn.h 2014-04-07 15:37:00.924343048 -0400 @@ -538,6 +538,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + /* Deprecated versions */ #ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, @@ -774,11 +776,20 @@ #define bn_fix_top(a) bn_check_top(a) +#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) +#define bn_wcheck_size(bn, words) \ + do { \ + const BIGNUM *_bnum2 = (bn); \ + assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ + } while(0) + #else /* !BN_DEBUG */ #define bn_pollute(a) #define bn_check_top(a) #define bn_fix_top(a) bn_correct_top(a) +#define bn_check_size(bn, bits) +#define bn_wcheck_size(bn, words) #endif Index: openssl-1.0.1f/crypto/bn/bn_lib.c =================================================================== --- openssl-1.0.1f.orig/crypto/bn/bn_lib.c 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/crypto/bn/bn_lib.c 2014-04-07 15:37:00.924343048 -0400 @@ -824,3 +824,55 @@ } return bn_cmp_words(a,b,cl); } + +/* + * Constant-time conditional swap of a and b. + * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. + * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, + * and that no more than nwords are used by either a or b. + * a and b cannot be the same number + */ +void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) + { + BN_ULONG t; + int i; + + bn_wcheck_size(a, nwords); + bn_wcheck_size(b, nwords); + + assert(a != b); + assert((condition & (condition - 1)) == 0); + assert(sizeof(BN_ULONG) >= sizeof(int)); + + condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; + + t = (a->top^b->top) & condition; + a->top ^= t; + b->top ^= t; + +#define BN_CONSTTIME_SWAP(ind) \ + do { \ + t = (a->d[ind] ^ b->d[ind]) & condition; \ + a->d[ind] ^= t; \ + b->d[ind] ^= t; \ + } while (0) + + + switch (nwords) { + default: + for (i = 10; i < nwords; i++) + BN_CONSTTIME_SWAP(i); + /* Fallthrough */ + case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ + case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ + case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ + case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ + case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ + case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ + case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ + case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ + case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ + case 1: BN_CONSTTIME_SWAP(0); + } +#undef BN_CONSTTIME_SWAP +} Index: openssl-1.0.1f/crypto/ec/ec2_mult.c =================================================================== --- openssl-1.0.1f.orig/crypto/ec/ec2_mult.c 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/crypto/ec/ec2_mult.c 2014-04-07 15:37:00.924343048 -0400 @@ -208,11 +208,15 @@ return ret; } + /* Computes scalar*point and stores the result in r. * point can not equal r. - * Uses algorithm 2P of + * Uses a modified algorithm 2P of * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over * GF(2^m) without precomputation" (CHES '99, LNCS 1717). + * + * To protect against side-channel attack the function uses constant time swap, + * avoiding conditional branches. */ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx) @@ -246,6 +250,11 @@ x2 = &r->X; z2 = &r->Y; + bn_wexpand(x1, group->field.top); + bn_wexpand(z1, group->field.top); + bn_wexpand(x2, group->field.top); + bn_wexpand(z2, group->field.top); + if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ if (!BN_one(z1)) goto err; /* z1 = 1 */ if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ @@ -270,16 +279,12 @@ word = scalar->d[i]; while (mask) { - if (word & mask) - { - if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; - if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; - } - else - { - if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; - if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; - } + BN_consttime_swap(word & mask, x1, x2, group->field.top); + BN_consttime_swap(word & mask, z1, z2, group->field.top); + if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; + if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; + BN_consttime_swap(word & mask, x1, x2, group->field.top); + BN_consttime_swap(word & mask, z1, z2, group->field.top); mask >>= 1; } mask = BN_TBIT; Index: openssl-1.0.1f/util/libeay.num =================================================================== --- openssl-1.0.1f.orig/util/libeay.num 2014-01-06 09:35:55.000000000 -0500 +++ openssl-1.0.1f/util/libeay.num 2014-04-07 15:37:03.976343033 -0400 @@ -3511,6 +3511,7 @@ d2i_ASIdOrRange 3904 EXIST::FUNCTION:RFC3779 i2d_ASIdentifiers 3905 EXIST::FUNCTION:RFC3779 CRYPTO_memcmp 3906 EXIST::FUNCTION: +BN_consttime_swap 3907 EXIST::FUNCTION: SEED_decrypt 3908 EXIST::FUNCTION:SEED SEED_encrypt 3909 EXIST::FUNCTION:SEED SEED_cbc_encrypt 3910 EXIST::FUNCTION:SEED debian/patches/block_digicert_malaysia.patch0000664000000000000000000000200511664774704016501 0ustar From: Raphael Geissert Description: make X509_verify_cert indicate that any certificate whose name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked. Forwarded: not-needed Origin: vendor Last-Update: 2011-11-05 Index: openssl-1.0.0e/crypto/x509/x509_vfy.c =================================================================== --- openssl-1.0.0e.orig/crypto/x509/x509_vfy.c +++ openssl-1.0.0e/crypto/x509/x509_vfy.c @@ -833,10 +833,11 @@ static int check_ca_blacklist(X509_STORE for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) { x = sk_X509_value(ctx->chain, i); - /* Mark DigiNotar certificates as revoked, no matter - * where in the chain they are. + /* Mark certificates containing the following names as + * revoked, no matter where in the chain they are. */ - if (x->name && strstr(x->name, "DigiNotar")) + if (x->name && (strstr(x->name, "DigiNotar") || + strstr(x->name, "Digicert Sdn. Bhd."))) { ctx->error = X509_V_ERR_CERT_REVOKED; ctx->error_depth = i; debian/patches/engines-path.patch0000664000000000000000000001013511501477031014221 0ustar Index: openssl-1.0.0c/Makefile.org =================================================================== --- openssl-1.0.0c.orig/Makefile.org 2010-01-27 17:06:58.000000000 +0100 +++ openssl-1.0.0c/Makefile.org 2010-12-13 19:41:03.000000000 +0100 @@ -497,7 +497,7 @@ install_sw: @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines \ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ Index: openssl-1.0.0c/engines/Makefile =================================================================== --- openssl-1.0.0c.orig/engines/Makefile 2010-08-24 23:46:34.000000000 +0200 +++ openssl-1.0.0c/engines/Makefile 2010-12-12 19:16:22.000000000 +0100 @@ -107,7 +107,7 @@ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... @if [ -n "$(SHARED_LIBS)" ]; then \ set -e; \ - $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \ + $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines; \ for l in $(LIBNAMES); do \ ( echo installing $$l; \ pfx=lib; \ @@ -119,13 +119,13 @@ *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ *) sfx=".bad";; \ esac; \ - cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ + cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \ else \ sfx=".so"; \ - cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ + cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \ fi; \ - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ + chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx ); \ done; \ fi @target=install; $(RECURSIVE_MAKE) Index: openssl-1.0.0c/Configure =================================================================== --- openssl-1.0.0c.orig/Configure 2010-12-12 19:16:22.000000000 +0100 +++ openssl-1.0.0c/Configure 2010-12-13 19:40:53.000000000 +0100 @@ -1732,7 +1732,7 @@ } elsif (/^#define\s+ENGINESDIR/) { - my $foo = "$prefix/$libdir/engines"; + my $foo = "$prefix/$libdir/openssl-1.0.0/engines"; $foo =~ s/\\/\\\\/g; print OUT "#define ENGINESDIR \"$foo\"\n"; } Index: openssl-1.0.0c/engines/ccgost/Makefile =================================================================== --- openssl-1.0.0c.orig/engines/ccgost/Makefile 2010-12-13 19:41:14.000000000 +0100 +++ openssl-1.0.0c/engines/ccgost/Makefile 2010-12-13 19:42:21.000000000 +0100 @@ -53,13 +53,13 @@ *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ *) sfx=".bad";; \ esac; \ - cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new; \ else \ sfx=".so"; \ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ fi; \ - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ + chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx; \ fi links: debian/patches/shared-lib-ext.patch0000664000000000000000000000130411501173436014447 0ustar Index: openssl-1.0.0c/Configure =================================================================== --- openssl-1.0.0c.orig/Configure 2010-12-12 16:10:12.000000000 +0100 +++ openssl-1.0.0c/Configure 2010-12-12 17:12:38.000000000 +0100 @@ -1605,7 +1605,8 @@ elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) { my $sotmp = $1; - s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; +# s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; + s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/; } elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/) { debian/patches/openssl-pod-misspell.patch0000664000000000000000000001313111731055330015726 0ustar Index: openssl-1.0.1/apps/ca.c =================================================================== --- openssl-1.0.1.orig/apps/ca.c 2012-01-12 16:28:02.000000000 +0000 +++ openssl-1.0.1/apps/ca.c 2012-03-17 09:31:48.000000000 +0000 @@ -148,7 +148,7 @@ static const char *ca_usage[]={ "usage: ca args\n", "\n", -" -verbose - Talk alot while doing things\n", +" -verbose - Talk a lot while doing things\n", " -config file - A config file\n", " -name arg - The particular CA definition to use\n", " -gencrl - Generate a new CRL\n", Index: openssl-1.0.1/apps/ecparam.c =================================================================== --- openssl-1.0.1.orig/apps/ecparam.c 2010-06-15 17:25:02.000000000 +0000 +++ openssl-1.0.1/apps/ecparam.c 2012-03-17 09:31:48.000000000 +0000 @@ -105,7 +105,7 @@ * in the asn1 der encoding * possible values: named_curve (default) * explicit - * -no_seed - if 'explicit' parameters are choosen do not use the seed + * -no_seed - if 'explicit' parameters are chosen do not use the seed * -genkey - generate ec key * -rand file - files to use for random number input * -engine e - use engine e, possibly a hardware device @@ -286,7 +286,7 @@ BIO_printf(bio_err, " " " explicit\n"); BIO_printf(bio_err, " -no_seed if 'explicit'" - " parameters are choosen do not" + " parameters are chosen do not" " use the seed\n"); BIO_printf(bio_err, " -genkey generate ec" " key\n"); Index: openssl-1.0.1/crypto/evp/encode.c =================================================================== --- openssl-1.0.1.orig/crypto/evp/encode.c 2010-06-15 17:25:09.000000000 +0000 +++ openssl-1.0.1/crypto/evp/encode.c 2012-03-17 09:31:48.000000000 +0000 @@ -250,7 +250,7 @@ /* We parse the input data */ for (i=0; i 80 characters, scream alot */ + /* If the current line is > 80 characters, scream a lot */ if (ln >= 80) { rv= -1; goto end; } /* Get char and put it into the buffer */ Index: openssl-1.0.1/doc/apps/config.pod =================================================================== --- openssl-1.0.1.orig/doc/apps/config.pod 2004-11-25 17:47:29.000000000 +0000 +++ openssl-1.0.1/doc/apps/config.pod 2012-03-17 09:31:48.000000000 +0000 @@ -119,7 +119,7 @@ information. The section pointed to by B is a table of engine names (though see -B below) and further sections containing configuration informations +B below) and further sections containing configuration information specific to each ENGINE. Each ENGINE specific section is used to set default algorithms, load Index: openssl-1.0.1/doc/apps/req.pod =================================================================== --- openssl-1.0.1.orig/doc/apps/req.pod 2009-04-10 16:42:28.000000000 +0000 +++ openssl-1.0.1/doc/apps/req.pod 2012-03-17 09:31:48.000000000 +0000 @@ -159,7 +159,7 @@ the algorithm is determined by the parameters. B use algorithm B and parameter file B: the two algorithms must match or an error occurs. B just uses algorithm B, and parameters, -if neccessary should be specified via B<-pkeyopt> parameter. +if necessary should be specified via B<-pkeyopt> parameter. B generates a DSA key using the parameters in the file B. B generates EC key (usable both with Index: openssl-1.0.1/doc/apps/ts.pod =================================================================== --- openssl-1.0.1.orig/doc/apps/ts.pod 2009-04-10 11:25:54.000000000 +0000 +++ openssl-1.0.1/doc/apps/ts.pod 2012-03-17 09:31:48.000000000 +0000 @@ -352,7 +352,7 @@ This is the main section and it specifies the name of another section that contains all the options for the B<-reply> command. This default -section can be overriden with the B<-section> command line switch. (Optional) +section can be overridden with the B<-section> command line switch. (Optional) =item B @@ -453,7 +453,7 @@ =head1 ENVIRONMENT VARIABLES B contains the path of the configuration file and can be -overriden by the B<-config> command line option. +overridden by the B<-config> command line option. =head1 EXAMPLES Index: openssl-1.0.1/doc/apps/tsget.pod =================================================================== --- openssl-1.0.1.orig/doc/apps/tsget.pod 2010-01-05 17:17:20.000000000 +0000 +++ openssl-1.0.1/doc/apps/tsget.pod 2012-03-17 09:31:48.000000000 +0000 @@ -124,7 +124,7 @@ =item [request]... List of files containing B DER-encoded time stamp requests. If no -requests are specifed only one request will be sent to the server and it will be +requests are specified only one request will be sent to the server and it will be read from the standard input. (Optional) =back Index: openssl-1.0.1/doc/apps/x509v3_config.pod =================================================================== --- openssl-1.0.1.orig/doc/apps/x509v3_config.pod 2006-11-07 13:44:03.000000000 +0000 +++ openssl-1.0.1/doc/apps/x509v3_config.pod 2012-03-17 09:31:48.000000000 +0000 @@ -174,7 +174,7 @@ The value of B should point to a section containing the distinguished name to use as a set of name value pairs. Multi values AVAs can be formed by -preceeding the name with a B<+> character. +preceding the name with a B<+> character. otherName can include arbitrary data associated with an OID: the value should be the OID followed by a semicolon and the content in standard debian/patches/c_rehash-compat.patch0000664000000000000000000000242511551405233014677 0ustar From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Wed, 21 Apr 2010 15:52:10 +0200 Subject: [PATCH] also create old hash for compatibility --- tools/c_rehash.in | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletions(-) Index: openssl-1.0.0d/tools/c_rehash.in =================================================================== --- openssl-1.0.0d.orig/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000 +++ openssl-1.0.0d/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000 @@ -86,6 +86,7 @@ } } link_hash_cert($fname) if($cert); + link_hash_cert_old($fname) if($cert); link_hash_crl($fname) if($crl); } } @@ -119,8 +120,9 @@ sub link_hash_cert { my $fname = $_[0]; + my $hashopt = $_[1] || '-subject_hash'; $fname =~ s/'/'\\''/g; - my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`; + my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; @@ -150,6 +152,10 @@ $hashlist{$hash} = $fprint; } +sub link_hash_cert_old { + link_hash_cert($_[0], '-subject_hash_old'); +} + # Same as above except for a CRL. CRL links are of the form .r sub link_hash_crl { debian/patches/debian-targets.patch0000664000000000000000000002456512255614625014555 0ustar Index: openssl-1.0.1e/Configure =================================================================== --- openssl-1.0.1e.orig/Configure 2013-08-24 07:46:42.292313320 +0000 +++ openssl-1.0.1e/Configure 2013-08-24 07:49:19.252316478 +0000 @@ -105,6 +105,10 @@ my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; +# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS +my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall"; +$debian_cflags =~ s/\n/ /g; + my $strict_warnings = 0; my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; @@ -340,6 +344,53 @@ "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", +# Debian GNU/* (various architectures) +"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", +"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-hppa","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-ia64","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-i386","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-mipsn32", "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-mipsn32el", "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-mips64", "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-mips64el", "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-sh4", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-sh3eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-sh4eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-m32r","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-sparc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", + #### #### Variety of LINUX:-) #### debian/patches/version-script.patch0000664000000000000000000033020312104523054014624 0ustar Index: openssl-1.0.1d/Configure =================================================================== --- openssl-1.0.1d.orig/Configure 2013-02-06 19:41:43.000000000 +0100 +++ openssl-1.0.1d/Configure 2013-02-06 19:41:43.000000000 +0100 @@ -1621,6 +1621,8 @@ } } +$shared_ldflag .= " -Wl,--version-script=openssl.ld"; + open(IN,'$Makefile.new") || die "unable to create $Makefile.new:$!\n"; Index: openssl-1.0.1d/openssl.ld =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.1d/openssl.ld 2013-02-06 19:44:25.000000000 +0100 @@ -0,0 +1,4620 @@ +OPENSSL_1.0.0 { + global: + BIO_f_ssl; + BIO_new_buffer_ssl_connect; + BIO_new_ssl; + BIO_new_ssl_connect; + BIO_proxy_ssl_copy_session_id; + BIO_ssl_copy_session_id; + BIO_ssl_shutdown; + d2i_SSL_SESSION; + DTLSv1_client_method; + DTLSv1_method; + DTLSv1_server_method; + ERR_load_SSL_strings; + i2d_SSL_SESSION; + kssl_build_principal_2; + kssl_cget_tkt; + kssl_check_authent; + kssl_ctx_free; + kssl_ctx_new; + kssl_ctx_setkey; + kssl_ctx_setprinc; + kssl_ctx_setstring; + kssl_ctx_show; + kssl_err_set; + kssl_krb5_free_data_contents; + kssl_sget_tkt; + kssl_skip_confound; + kssl_validate_times; + PEM_read_bio_SSL_SESSION; + PEM_read_SSL_SESSION; + PEM_write_bio_SSL_SESSION; + PEM_write_SSL_SESSION; + SSL_accept; + SSL_add_client_CA; + SSL_add_dir_cert_subjects_to_stack; + SSL_add_dir_cert_subjs_to_stk; + SSL_add_file_cert_subjects_to_stack; + SSL_add_file_cert_subjs_to_stk; + SSL_alert_desc_string; + SSL_alert_desc_string_long; + SSL_alert_type_string; + SSL_alert_type_string_long; + SSL_callback_ctrl; + SSL_check_private_key; + SSL_CIPHER_description; + SSL_CIPHER_get_bits; + SSL_CIPHER_get_name; + SSL_CIPHER_get_version; + SSL_clear; + SSL_COMP_add_compression_method; + SSL_COMP_get_compression_methods; + SSL_COMP_get_compress_methods; + SSL_COMP_get_name; + SSL_connect; + SSL_copy_session_id; + SSL_ctrl; + SSL_CTX_add_client_CA; + SSL_CTX_add_session; + SSL_CTX_callback_ctrl; + SSL_CTX_check_private_key; + SSL_CTX_ctrl; + SSL_CTX_flush_sessions; + SSL_CTX_free; + SSL_CTX_get_cert_store; + SSL_CTX_get_client_CA_list; + SSL_CTX_get_client_cert_cb; + SSL_CTX_get_ex_data; + SSL_CTX_get_ex_new_index; + SSL_CTX_get_info_callback; + SSL_CTX_get_quiet_shutdown; + SSL_CTX_get_timeout; + SSL_CTX_get_verify_callback; + SSL_CTX_get_verify_depth; + SSL_CTX_get_verify_mode; + SSL_CTX_load_verify_locations; + SSL_CTX_new; + SSL_CTX_remove_session; + SSL_CTX_sess_get_get_cb; + SSL_CTX_sess_get_new_cb; + SSL_CTX_sess_get_remove_cb; + SSL_CTX_sessions; + SSL_CTX_sess_set_get_cb; + SSL_CTX_sess_set_new_cb; + SSL_CTX_sess_set_remove_cb; + SSL_CTX_set1_param; + SSL_CTX_set_cert_store; + SSL_CTX_set_cert_verify_callback; + SSL_CTX_set_cert_verify_cb; + SSL_CTX_set_cipher_list; + SSL_CTX_set_client_CA_list; + SSL_CTX_set_client_cert_cb; + SSL_CTX_set_client_cert_engine; + SSL_CTX_set_cookie_generate_cb; + SSL_CTX_set_cookie_verify_cb; + SSL_CTX_set_default_passwd_cb; + SSL_CTX_set_default_passwd_cb_userdata; + SSL_CTX_set_default_verify_paths; + SSL_CTX_set_def_passwd_cb_ud; + SSL_CTX_set_def_verify_paths; + SSL_CTX_set_ex_data; + SSL_CTX_set_generate_session_id; + SSL_CTX_set_info_callback; + SSL_CTX_set_msg_callback; + SSL_CTX_set_psk_client_callback; + SSL_CTX_set_psk_server_callback; + SSL_CTX_set_purpose; + SSL_CTX_set_quiet_shutdown; + SSL_CTX_set_session_id_context; + SSL_CTX_set_ssl_version; + SSL_CTX_set_timeout; + SSL_CTX_set_tmp_dh_callback; + SSL_CTX_set_tmp_ecdh_callback; + SSL_CTX_set_tmp_rsa_callback; + SSL_CTX_set_trust; + SSL_CTX_set_verify; + SSL_CTX_set_verify_depth; + SSL_CTX_use_cert_chain_file; + SSL_CTX_use_certificate; + SSL_CTX_use_certificate_ASN1; + SSL_CTX_use_certificate_chain_file; + SSL_CTX_use_certificate_file; + SSL_CTX_use_PrivateKey; + SSL_CTX_use_PrivateKey_ASN1; + SSL_CTX_use_PrivateKey_file; + SSL_CTX_use_psk_identity_hint; + SSL_CTX_use_RSAPrivateKey; + SSL_CTX_use_RSAPrivateKey_ASN1; + SSL_CTX_use_RSAPrivateKey_file; + SSL_do_handshake; + SSL_dup; + SSL_dup_CA_list; + SSLeay_add_ssl_algorithms; + SSL_free; + SSL_get1_session; + SSL_get_certificate; + SSL_get_cipher_list; + SSL_get_ciphers; + SSL_get_client_CA_list; + SSL_get_current_cipher; + SSL_get_current_compression; + SSL_get_current_expansion; + SSL_get_default_timeout; + SSL_get_error; + SSL_get_ex_data; + SSL_get_ex_data_X509_STORE_CTX_idx; + SSL_get_ex_d_X509_STORE_CTX_idx; + SSL_get_ex_new_index; + SSL_get_fd; + SSL_get_finished; + SSL_get_info_callback; + SSL_get_peer_cert_chain; + SSL_get_peer_certificate; + SSL_get_peer_finished; + SSL_get_privatekey; + SSL_get_psk_identity; + SSL_get_psk_identity_hint; + SSL_get_quiet_shutdown; + SSL_get_rbio; + SSL_get_read_ahead; + SSL_get_rfd; + SSL_get_servername; + SSL_get_servername_type; + SSL_get_session; + SSL_get_shared_ciphers; + SSL_get_shutdown; + SSL_get_SSL_CTX; + SSL_get_ssl_method; + SSL_get_verify_callback; + SSL_get_verify_depth; + SSL_get_verify_mode; + SSL_get_verify_result; + SSL_get_version; + SSL_get_wbio; + SSL_get_wfd; + SSL_has_matching_session_id; + SSL_library_init; + SSL_load_client_CA_file; + SSL_load_error_strings; + SSL_new; + SSL_peek; + SSL_pending; + SSL_read; + SSL_renegotiate; + SSL_renegotiate_pending; + SSL_rstate_string; + SSL_rstate_string_long; + SSL_SESSION_cmp; + SSL_SESSION_free; + SSL_SESSION_get_ex_data; + SSL_SESSION_get_ex_new_index; + SSL_SESSION_get_id; + SSL_SESSION_get_time; + SSL_SESSION_get_timeout; + SSL_SESSION_hash; + SSL_SESSION_new; + SSL_SESSION_print; + SSL_SESSION_print_fp; + SSL_SESSION_set_ex_data; + SSL_SESSION_set_time; + SSL_SESSION_set_timeout; + SSL_set1_param; + SSL_set_accept_state; + SSL_set_bio; + SSL_set_cipher_list; + SSL_set_client_CA_list; + SSL_set_connect_state; + SSL_set_ex_data; + SSL_set_fd; + SSL_set_generate_session_id; + SSL_set_info_callback; + SSL_set_msg_callback; + SSL_set_psk_client_callback; + SSL_set_psk_server_callback; + SSL_set_purpose; + SSL_set_quiet_shutdown; + SSL_set_read_ahead; + SSL_set_rfd; + SSL_set_session; + SSL_set_session_id_context; + SSL_set_session_secret_cb; + SSL_set_session_ticket_ext; + SSL_set_session_ticket_ext_cb; + SSL_set_shutdown; + SSL_set_SSL_CTX; + SSL_set_ssl_method; + SSL_set_tmp_dh_callback; + SSL_set_tmp_ecdh_callback; + SSL_set_tmp_rsa_callback; + SSL_set_trust; + SSL_set_verify; + SSL_set_verify_depth; + SSL_set_verify_result; + SSL_set_wfd; + SSL_shutdown; + SSL_state; + SSL_state_string; + SSL_state_string_long; + SSL_use_certificate; + SSL_use_certificate_ASN1; + SSL_use_certificate_file; + SSL_use_PrivateKey; + SSL_use_PrivateKey_ASN1; + SSL_use_PrivateKey_file; + SSL_use_psk_identity_hint; + SSL_use_RSAPrivateKey; + SSL_use_RSAPrivateKey_ASN1; + SSL_use_RSAPrivateKey_file; + SSLv23_client_method; + SSLv23_method; + SSLv23_server_method; + SSLv2_client_method; + SSLv2_method; + SSLv2_server_method; + SSLv3_client_method; + SSLv3_method; + SSLv3_server_method; + SSL_version; + SSL_want; + SSL_write; + TLSv1_client_method; + TLSv1_method; + TLSv1_server_method; + + + SSLeay; + SSLeay_version; + ASN1_BIT_STRING_asn1_meth; + ASN1_HEADER_free; + ASN1_HEADER_new; + ASN1_IA5STRING_asn1_meth; + ASN1_INTEGER_get; + ASN1_INTEGER_set; + ASN1_INTEGER_to_BN; + ASN1_OBJECT_create; + ASN1_OBJECT_free; + ASN1_OBJECT_new; + ASN1_PRINTABLE_type; + ASN1_STRING_cmp; + ASN1_STRING_dup; + ASN1_STRING_free; + ASN1_STRING_new; + ASN1_STRING_print; + ASN1_STRING_set; + ASN1_STRING_type_new; + ASN1_TYPE_free; + ASN1_TYPE_new; + ASN1_UNIVERSALSTRING_to_string; + ASN1_UTCTIME_check; + ASN1_UTCTIME_print; + ASN1_UTCTIME_set; + ASN1_check_infinite_end; + ASN1_d2i_bio; + ASN1_d2i_fp; + ASN1_digest; + ASN1_dup; + ASN1_get_object; + ASN1_i2d_bio; + ASN1_i2d_fp; + ASN1_object_size; + ASN1_parse; + ASN1_put_object; + ASN1_sign; + ASN1_verify; + BF_cbc_encrypt; + BF_cfb64_encrypt; + BF_ecb_encrypt; + BF_encrypt; + BF_ofb64_encrypt; + BF_options; + BF_set_key; + BIO_CONNECT_free; + BIO_CONNECT_new; + BIO_accept; + BIO_ctrl; + BIO_int_ctrl; + BIO_debug_callback; + BIO_dump; + BIO_dup_chain; + BIO_f_base64; + BIO_f_buffer; + BIO_f_cipher; + BIO_f_md; + BIO_f_null; + BIO_f_proxy_server; + BIO_fd_non_fatal_error; + BIO_fd_should_retry; + BIO_find_type; + BIO_free; + BIO_free_all; + BIO_get_accept_socket; + BIO_get_filter_bio; + BIO_get_host_ip; + BIO_get_port; + BIO_get_retry_BIO; + BIO_get_retry_reason; + BIO_gethostbyname; + BIO_gets; + BIO_new; + BIO_new_accept; + BIO_new_connect; + BIO_new_fd; + BIO_new_file; + BIO_new_fp; + BIO_new_socket; + BIO_pop; + BIO_printf; + BIO_push; + BIO_puts; + BIO_read; + BIO_s_accept; + BIO_s_connect; + BIO_s_fd; + BIO_s_file; + BIO_s_mem; + BIO_s_null; + BIO_s_proxy_client; + BIO_s_socket; + BIO_set; + BIO_set_cipher; + BIO_set_tcp_ndelay; + BIO_sock_cleanup; + BIO_sock_error; + BIO_sock_init; + BIO_sock_non_fatal_error; + BIO_sock_should_retry; + BIO_socket_ioctl; + BIO_write; + BN_CTX_free; + BN_CTX_new; + BN_MONT_CTX_free; + BN_MONT_CTX_new; + BN_MONT_CTX_set; + BN_add; + BN_add_word; + BN_hex2bn; + BN_bin2bn; + BN_bn2hex; + BN_bn2bin; + BN_clear; + BN_clear_bit; + BN_clear_free; + BN_cmp; + BN_copy; + BN_div; + BN_div_word; + BN_dup; + BN_free; + BN_from_montgomery; + BN_gcd; + BN_generate_prime; + BN_get_word; + BN_is_bit_set; + BN_is_prime; + BN_lshift; + BN_lshift1; + BN_mask_bits; + BN_mod; + BN_mod_exp; + BN_mod_exp_mont; + BN_mod_exp_simple; + BN_mod_inverse; + BN_mod_mul; + BN_mod_mul_montgomery; + BN_mod_word; + BN_mul; + BN_new; + BN_num_bits; + BN_num_bits_word; + BN_options; + BN_print; + BN_print_fp; + BN_rand; + BN_reciprocal; + BN_rshift; + BN_rshift1; + BN_set_bit; + BN_set_word; + BN_sqr; + BN_sub; + BN_to_ASN1_INTEGER; + BN_ucmp; + BN_value_one; + BUF_MEM_free; + BUF_MEM_grow; + BUF_MEM_new; + BUF_strdup; + CONF_free; + CONF_get_number; + CONF_get_section; + CONF_get_string; + CONF_load; + CRYPTO_add_lock; + CRYPTO_dbg_free; + CRYPTO_dbg_malloc; + CRYPTO_dbg_realloc; + CRYPTO_dbg_remalloc; + CRYPTO_free; + CRYPTO_get_add_lock_callback; + CRYPTO_get_id_callback; + CRYPTO_get_lock_name; + CRYPTO_get_locking_callback; + CRYPTO_get_mem_functions; + CRYPTO_lock; + CRYPTO_malloc; + CRYPTO_mem_ctrl; + CRYPTO_mem_leaks; + CRYPTO_mem_leaks_cb; + CRYPTO_mem_leaks_fp; + CRYPTO_realloc; + CRYPTO_remalloc; + CRYPTO_set_add_lock_callback; + CRYPTO_set_id_callback; + CRYPTO_set_locking_callback; + CRYPTO_set_mem_functions; + CRYPTO_thread_id; + DH_check; + DH_compute_key; + DH_free; + DH_generate_key; + DH_generate_parameters; + DH_new; + DH_size; + DHparams_print; + DHparams_print_fp; + DSA_free; + DSA_generate_key; + DSA_generate_parameters; + DSA_is_prime; + DSA_new; + DSA_print; + DSA_print_fp; + DSA_sign; + DSA_sign_setup; + DSA_size; + DSA_verify; + DSAparams_print; + DSAparams_print_fp; + ERR_clear_error; + ERR_error_string; + ERR_free_strings; + ERR_func_error_string; + ERR_get_err_state_table; + ERR_get_error; + ERR_get_error_line; + ERR_get_state; + ERR_get_string_table; + ERR_lib_error_string; + ERR_load_ASN1_strings; + ERR_load_BIO_strings; + ERR_load_BN_strings; + ERR_load_BUF_strings; + ERR_load_CONF_strings; + ERR_load_DH_strings; + ERR_load_DSA_strings; + ERR_load_ERR_strings; + ERR_load_EVP_strings; + ERR_load_OBJ_strings; + ERR_load_PEM_strings; + ERR_load_PROXY_strings; + ERR_load_RSA_strings; + ERR_load_X509_strings; + ERR_load_crypto_strings; + ERR_load_strings; + ERR_peek_error; + ERR_peek_error_line; + ERR_print_errors; + ERR_print_errors_fp; + ERR_put_error; + ERR_reason_error_string; + ERR_remove_state; + EVP_BytesToKey; + EVP_CIPHER_CTX_cleanup; + EVP_CipherFinal; + EVP_CipherInit; + EVP_CipherUpdate; + EVP_DecodeBlock; + EVP_DecodeFinal; + EVP_DecodeInit; + EVP_DecodeUpdate; + EVP_DecryptFinal; + EVP_DecryptInit; + EVP_DecryptUpdate; + EVP_DigestFinal; + EVP_DigestInit; + EVP_DigestUpdate; + EVP_EncodeBlock; + EVP_EncodeFinal; + EVP_EncodeInit; + EVP_EncodeUpdate; + EVP_EncryptFinal; + EVP_EncryptInit; + EVP_EncryptUpdate; + EVP_OpenFinal; + EVP_OpenInit; + EVP_PKEY_assign; + EVP_PKEY_copy_parameters; + EVP_PKEY_free; + EVP_PKEY_missing_parameters; + EVP_PKEY_new; + EVP_PKEY_save_parameters; + EVP_PKEY_size; + EVP_PKEY_type; + EVP_SealFinal; + EVP_SealInit; + EVP_SignFinal; + EVP_VerifyFinal; + EVP_add_alias; + EVP_add_cipher; + EVP_add_digest; + EVP_bf_cbc; + EVP_bf_cfb64; + EVP_bf_ecb; + EVP_bf_ofb; + EVP_cleanup; + EVP_des_cbc; + EVP_des_cfb64; + EVP_des_ecb; + EVP_des_ede; + EVP_des_ede3; + EVP_des_ede3_cbc; + EVP_des_ede3_cfb64; + EVP_des_ede3_ofb; + EVP_des_ede_cbc; + EVP_des_ede_cfb64; + EVP_des_ede_ofb; + EVP_des_ofb; + EVP_desx_cbc; + EVP_dss; + EVP_dss1; + EVP_enc_null; + EVP_get_cipherbyname; + EVP_get_digestbyname; + EVP_get_pw_prompt; + EVP_idea_cbc; + EVP_idea_cfb64; + EVP_idea_ecb; + EVP_idea_ofb; + EVP_md2; + EVP_md5; + EVP_md_null; + EVP_rc2_cbc; + EVP_rc2_cfb64; + EVP_rc2_ecb; + EVP_rc2_ofb; + EVP_rc4; + EVP_read_pw_string; + EVP_set_pw_prompt; + EVP_sha; + EVP_sha1; + MD2; + MD2_Final; + MD2_Init; + MD2_Update; + MD2_options; + MD5; + MD5_Final; + MD5_Init; + MD5_Update; + MDC2; + MDC2_Final; + MDC2_Init; + MDC2_Update; + NETSCAPE_SPKAC_free; + NETSCAPE_SPKAC_new; + NETSCAPE_SPKI_free; + NETSCAPE_SPKI_new; + NETSCAPE_SPKI_sign; + NETSCAPE_SPKI_verify; + OBJ_add_object; + OBJ_bsearch; + OBJ_cleanup; + OBJ_cmp; + OBJ_create; + OBJ_dup; + OBJ_ln2nid; + OBJ_new_nid; + OBJ_nid2ln; + OBJ_nid2obj; + OBJ_nid2sn; + OBJ_obj2nid; + OBJ_sn2nid; + OBJ_txt2nid; + PEM_ASN1_read; + PEM_ASN1_read_bio; + PEM_ASN1_write; + PEM_ASN1_write_bio; + PEM_SealFinal; + PEM_SealInit; + PEM_SealUpdate; + PEM_SignFinal; + PEM_SignInit; + PEM_SignUpdate; + PEM_X509_INFO_read; + PEM_X509_INFO_read_bio; + PEM_X509_INFO_write_bio; + PEM_dek_info; + PEM_do_header; + PEM_get_EVP_CIPHER_INFO; + PEM_proc_type; + PEM_read; + PEM_read_DHparams; + PEM_read_DSAPrivateKey; + PEM_read_DSAparams; + PEM_read_PKCS7; + PEM_read_PrivateKey; + PEM_read_RSAPrivateKey; + PEM_read_X509; + PEM_read_X509_CRL; + PEM_read_X509_REQ; + PEM_read_bio; + PEM_read_bio_DHparams; + PEM_read_bio_DSAPrivateKey; + PEM_read_bio_DSAparams; + PEM_read_bio_PKCS7; + PEM_read_bio_PrivateKey; + PEM_read_bio_RSAPrivateKey; + PEM_read_bio_X509; + PEM_read_bio_X509_CRL; + PEM_read_bio_X509_REQ; + PEM_write; + PEM_write_DHparams; + PEM_write_DSAPrivateKey; + PEM_write_DSAparams; + PEM_write_PKCS7; + PEM_write_PrivateKey; + PEM_write_RSAPrivateKey; + PEM_write_X509; + PEM_write_X509_CRL; + PEM_write_X509_REQ; + PEM_write_bio; + PEM_write_bio_DHparams; + PEM_write_bio_DSAPrivateKey; + PEM_write_bio_DSAparams; + PEM_write_bio_PKCS7; + PEM_write_bio_PrivateKey; + PEM_write_bio_RSAPrivateKey; + PEM_write_bio_X509; + PEM_write_bio_X509_CRL; + PEM_write_bio_X509_REQ; + PKCS7_DIGEST_free; + PKCS7_DIGEST_new; + PKCS7_ENCRYPT_free; + PKCS7_ENCRYPT_new; + PKCS7_ENC_CONTENT_free; + PKCS7_ENC_CONTENT_new; + PKCS7_ENVELOPE_free; + PKCS7_ENVELOPE_new; + PKCS7_ISSUER_AND_SERIAL_digest; + PKCS7_ISSUER_AND_SERIAL_free; + PKCS7_ISSUER_AND_SERIAL_new; + PKCS7_RECIP_INFO_free; + PKCS7_RECIP_INFO_new; + PKCS7_SIGNED_free; + PKCS7_SIGNED_new; + PKCS7_SIGNER_INFO_free; + PKCS7_SIGNER_INFO_new; + PKCS7_SIGN_ENVELOPE_free; + PKCS7_SIGN_ENVELOPE_new; + PKCS7_dup; + PKCS7_free; + PKCS7_new; + PROXY_ENTRY_add_noproxy; + PROXY_ENTRY_clear_noproxy; + PROXY_ENTRY_free; + PROXY_ENTRY_get_noproxy; + PROXY_ENTRY_new; + PROXY_ENTRY_set_server; + PROXY_add_noproxy; + PROXY_add_server; + PROXY_check_by_host; + PROXY_check_url; + PROXY_clear_noproxy; + PROXY_free; + PROXY_get_noproxy; + PROXY_get_proxies; + PROXY_get_proxy_entry; + PROXY_load_conf; + PROXY_new; + PROXY_print; + RAND_bytes; + RAND_cleanup; + RAND_file_name; + RAND_load_file; + RAND_screen; + RAND_seed; + RAND_write_file; + RC2_cbc_encrypt; + RC2_cfb64_encrypt; + RC2_ecb_encrypt; + RC2_encrypt; + RC2_ofb64_encrypt; + RC2_set_key; + RC4; + RC4_options; + RC4_set_key; + RSAPrivateKey_asn1_meth; + RSAPrivateKey_dup; + RSAPublicKey_dup; + RSA_PKCS1_SSLeay; + RSA_free; + RSA_generate_key; + RSA_new; + RSA_new_method; + RSA_print; + RSA_print_fp; + RSA_private_decrypt; + RSA_private_encrypt; + RSA_public_decrypt; + RSA_public_encrypt; + RSA_set_default_method; + RSA_sign; + RSA_sign_ASN1_OCTET_STRING; + RSA_size; + RSA_verify; + RSA_verify_ASN1_OCTET_STRING; + SHA; + SHA1; + SHA1_Final; + SHA1_Init; + SHA1_Update; + SHA_Final; + SHA_Init; + SHA_Update; + OpenSSL_add_all_algorithms; + OpenSSL_add_all_ciphers; + OpenSSL_add_all_digests; + TXT_DB_create_index; + TXT_DB_free; + TXT_DB_get_by_index; + TXT_DB_insert; + TXT_DB_read; + TXT_DB_write; + X509_ALGOR_free; + X509_ALGOR_new; + X509_ATTRIBUTE_free; + X509_ATTRIBUTE_new; + X509_CINF_free; + X509_CINF_new; + X509_CRL_INFO_free; + X509_CRL_INFO_new; + X509_CRL_add_ext; + X509_CRL_cmp; + X509_CRL_delete_ext; + X509_CRL_dup; + X509_CRL_free; + X509_CRL_get_ext; + X509_CRL_get_ext_by_NID; + X509_CRL_get_ext_by_OBJ; + X509_CRL_get_ext_by_critical; + X509_CRL_get_ext_count; + X509_CRL_new; + X509_CRL_sign; + X509_CRL_verify; + X509_EXTENSION_create_by_NID; + X509_EXTENSION_create_by_OBJ; + X509_EXTENSION_dup; + X509_EXTENSION_free; + X509_EXTENSION_get_critical; + X509_EXTENSION_get_data; + X509_EXTENSION_get_object; + X509_EXTENSION_new; + X509_EXTENSION_set_critical; + X509_EXTENSION_set_data; + X509_EXTENSION_set_object; + X509_INFO_free; + X509_INFO_new; + X509_LOOKUP_by_alias; + X509_LOOKUP_by_fingerprint; + X509_LOOKUP_by_issuer_serial; + X509_LOOKUP_by_subject; + X509_LOOKUP_ctrl; + X509_LOOKUP_file; + X509_LOOKUP_free; + X509_LOOKUP_hash_dir; + X509_LOOKUP_init; + X509_LOOKUP_new; + X509_LOOKUP_shutdown; + X509_NAME_ENTRY_create_by_NID; + X509_NAME_ENTRY_create_by_OBJ; + X509_NAME_ENTRY_dup; + X509_NAME_ENTRY_free; + X509_NAME_ENTRY_get_data; + X509_NAME_ENTRY_get_object; + X509_NAME_ENTRY_new; + X509_NAME_ENTRY_set_data; + X509_NAME_ENTRY_set_object; + X509_NAME_add_entry; + X509_NAME_cmp; + X509_NAME_delete_entry; + X509_NAME_digest; + X509_NAME_dup; + X509_NAME_entry_count; + X509_NAME_free; + X509_NAME_get_entry; + X509_NAME_get_index_by_NID; + X509_NAME_get_index_by_OBJ; + X509_NAME_get_text_by_NID; + X509_NAME_get_text_by_OBJ; + X509_NAME_hash; + X509_NAME_new; + X509_NAME_oneline; + X509_NAME_print; + X509_NAME_set; + X509_OBJECT_free_contents; + X509_OBJECT_retrieve_by_subject; + X509_OBJECT_up_ref_count; + X509_PKEY_free; + X509_PKEY_new; + X509_PUBKEY_free; + X509_PUBKEY_get; + X509_PUBKEY_new; + X509_PUBKEY_set; + X509_REQ_INFO_free; + X509_REQ_INFO_new; + X509_REQ_dup; + X509_REQ_free; + X509_REQ_get_pubkey; + X509_REQ_new; + X509_REQ_print; + X509_REQ_print_fp; + X509_REQ_set_pubkey; + X509_REQ_set_subject_name; + X509_REQ_set_version; + X509_REQ_sign; + X509_REQ_to_X509; + X509_REQ_verify; + X509_REVOKED_add_ext; + X509_REVOKED_delete_ext; + X509_REVOKED_free; + X509_REVOKED_get_ext; + X509_REVOKED_get_ext_by_NID; + X509_REVOKED_get_ext_by_OBJ; + X509_REVOKED_get_ext_by_critical; + X509_REVOKED_get_ext_by_critic; + X509_REVOKED_get_ext_count; + X509_REVOKED_new; + X509_SIG_free; + X509_SIG_new; + X509_STORE_CTX_cleanup; + X509_STORE_CTX_init; + X509_STORE_add_cert; + X509_STORE_add_lookup; + X509_STORE_free; + X509_STORE_get_by_subject; + X509_STORE_load_locations; + X509_STORE_new; + X509_STORE_set_default_paths; + X509_VAL_free; + X509_VAL_new; + X509_add_ext; + X509_asn1_meth; + X509_certificate_type; + X509_check_private_key; + X509_cmp_current_time; + X509_delete_ext; + X509_digest; + X509_dup; + X509_free; + X509_get_default_cert_area; + X509_get_default_cert_dir; + X509_get_default_cert_dir_env; + X509_get_default_cert_file; + X509_get_default_cert_file_env; + X509_get_default_private_dir; + X509_get_ext; + X509_get_ext_by_NID; + X509_get_ext_by_OBJ; + X509_get_ext_by_critical; + X509_get_ext_count; + X509_get_issuer_name; + X509_get_pubkey; + X509_get_pubkey_parameters; + X509_get_serialNumber; + X509_get_subject_name; + X509_gmtime_adj; + X509_issuer_and_serial_cmp; + X509_issuer_and_serial_hash; + X509_issuer_name_cmp; + X509_issuer_name_hash; + X509_load_cert_file; + X509_new; + X509_print; + X509_print_fp; + X509_set_issuer_name; + X509_set_notAfter; + X509_set_notBefore; + X509_set_pubkey; + X509_set_serialNumber; + X509_set_subject_name; + X509_set_version; + X509_sign; + X509_subject_name_cmp; + X509_subject_name_hash; + X509_to_X509_REQ; + X509_verify; + X509_verify_cert; + X509_verify_cert_error_string; + X509v3_add_ext; + X509v3_add_extension; + X509v3_add_netscape_extensions; + X509v3_add_standard_extensions; + X509v3_cleanup_extensions; + X509v3_data_type_by_NID; + X509v3_data_type_by_OBJ; + X509v3_delete_ext; + X509v3_get_ext; + X509v3_get_ext_by_NID; + X509v3_get_ext_by_OBJ; + X509v3_get_ext_by_critical; + X509v3_get_ext_count; + X509v3_pack_string; + X509v3_pack_type_by_NID; + X509v3_pack_type_by_OBJ; + X509v3_unpack_string; + _des_crypt; + a2d_ASN1_OBJECT; + a2i_ASN1_INTEGER; + a2i_ASN1_STRING; + asn1_Finish; + asn1_GetSequence; + bn_div_words; + bn_expand2; + bn_mul_add_words; + bn_mul_words; + BN_uadd; + BN_usub; + bn_sqr_words; + _ossl_old_crypt; + d2i_ASN1_BIT_STRING; + d2i_ASN1_BOOLEAN; + d2i_ASN1_HEADER; + d2i_ASN1_IA5STRING; + d2i_ASN1_INTEGER; + d2i_ASN1_OBJECT; + d2i_ASN1_OCTET_STRING; + d2i_ASN1_PRINTABLE; + d2i_ASN1_PRINTABLESTRING; + d2i_ASN1_SET; + d2i_ASN1_T61STRING; + d2i_ASN1_TYPE; + d2i_ASN1_UTCTIME; + d2i_ASN1_bytes; + d2i_ASN1_type_bytes; + d2i_DHparams; + d2i_DSAPrivateKey; + d2i_DSAPrivateKey_bio; + d2i_DSAPrivateKey_fp; + d2i_DSAPublicKey; + d2i_DSAparams; + d2i_NETSCAPE_SPKAC; + d2i_NETSCAPE_SPKI; + d2i_Netscape_RSA; + d2i_PKCS7; + d2i_PKCS7_DIGEST; + d2i_PKCS7_ENCRYPT; + d2i_PKCS7_ENC_CONTENT; + d2i_PKCS7_ENVELOPE; + d2i_PKCS7_ISSUER_AND_SERIAL; + d2i_PKCS7_RECIP_INFO; + d2i_PKCS7_SIGNED; + d2i_PKCS7_SIGNER_INFO; + d2i_PKCS7_SIGN_ENVELOPE; + d2i_PKCS7_bio; + d2i_PKCS7_fp; + d2i_PrivateKey; + d2i_PublicKey; + d2i_RSAPrivateKey; + d2i_RSAPrivateKey_bio; + d2i_RSAPrivateKey_fp; + d2i_RSAPublicKey; + d2i_X509; + d2i_X509_ALGOR; + d2i_X509_ATTRIBUTE; + d2i_X509_CINF; + d2i_X509_CRL; + d2i_X509_CRL_INFO; + d2i_X509_CRL_bio; + d2i_X509_CRL_fp; + d2i_X509_EXTENSION; + d2i_X509_NAME; + d2i_X509_NAME_ENTRY; + d2i_X509_PKEY; + d2i_X509_PUBKEY; + d2i_X509_REQ; + d2i_X509_REQ_INFO; + d2i_X509_REQ_bio; + d2i_X509_REQ_fp; + d2i_X509_REVOKED; + d2i_X509_SIG; + d2i_X509_VAL; + d2i_X509_bio; + d2i_X509_fp; + DES_cbc_cksum; + DES_cbc_encrypt; + DES_cblock_print_file; + DES_cfb64_encrypt; + DES_cfb_encrypt; + DES_decrypt3; + DES_ecb3_encrypt; + DES_ecb_encrypt; + DES_ede3_cbc_encrypt; + DES_ede3_cfb64_encrypt; + DES_ede3_ofb64_encrypt; + DES_enc_read; + DES_enc_write; + DES_encrypt1; + DES_encrypt2; + DES_encrypt3; + DES_fcrypt; + DES_is_weak_key; + DES_key_sched; + DES_ncbc_encrypt; + DES_ofb64_encrypt; + DES_ofb_encrypt; + DES_options; + DES_pcbc_encrypt; + DES_quad_cksum; + DES_random_key; + _ossl_old_des_random_seed; + _ossl_old_des_read_2passwords; + _ossl_old_des_read_password; + _ossl_old_des_read_pw; + _ossl_old_des_read_pw_string; + DES_set_key; + DES_set_odd_parity; + DES_string_to_2keys; + DES_string_to_key; + DES_xcbc_encrypt; + DES_xwhite_in2out; + fcrypt_body; + i2a_ASN1_INTEGER; + i2a_ASN1_OBJECT; + i2a_ASN1_STRING; + i2d_ASN1_BIT_STRING; + i2d_ASN1_BOOLEAN; + i2d_ASN1_HEADER; + i2d_ASN1_IA5STRING; + i2d_ASN1_INTEGER; + i2d_ASN1_OBJECT; + i2d_ASN1_OCTET_STRING; + i2d_ASN1_PRINTABLE; + i2d_ASN1_SET; + i2d_ASN1_TYPE; + i2d_ASN1_UTCTIME; + i2d_ASN1_bytes; + i2d_DHparams; + i2d_DSAPrivateKey; + i2d_DSAPrivateKey_bio; + i2d_DSAPrivateKey_fp; + i2d_DSAPublicKey; + i2d_DSAparams; + i2d_NETSCAPE_SPKAC; + i2d_NETSCAPE_SPKI; + i2d_Netscape_RSA; + i2d_PKCS7; + i2d_PKCS7_DIGEST; + i2d_PKCS7_ENCRYPT; + i2d_PKCS7_ENC_CONTENT; + i2d_PKCS7_ENVELOPE; + i2d_PKCS7_ISSUER_AND_SERIAL; + i2d_PKCS7_RECIP_INFO; + i2d_PKCS7_SIGNED; + i2d_PKCS7_SIGNER_INFO; + i2d_PKCS7_SIGN_ENVELOPE; + i2d_PKCS7_bio; + i2d_PKCS7_fp; + i2d_PrivateKey; + i2d_PublicKey; + i2d_RSAPrivateKey; + i2d_RSAPrivateKey_bio; + i2d_RSAPrivateKey_fp; + i2d_RSAPublicKey; + i2d_X509; + i2d_X509_ALGOR; + i2d_X509_ATTRIBUTE; + i2d_X509_CINF; + i2d_X509_CRL; + i2d_X509_CRL_INFO; + i2d_X509_CRL_bio; + i2d_X509_CRL_fp; + i2d_X509_EXTENSION; + i2d_X509_NAME; + i2d_X509_NAME_ENTRY; + i2d_X509_PKEY; + i2d_X509_PUBKEY; + i2d_X509_REQ; + i2d_X509_REQ_INFO; + i2d_X509_REQ_bio; + i2d_X509_REQ_fp; + i2d_X509_REVOKED; + i2d_X509_SIG; + i2d_X509_VAL; + i2d_X509_bio; + i2d_X509_fp; + idea_cbc_encrypt; + idea_cfb64_encrypt; + idea_ecb_encrypt; + idea_encrypt; + idea_ofb64_encrypt; + idea_options; + idea_set_decrypt_key; + idea_set_encrypt_key; + lh_delete; + lh_doall; + lh_doall_arg; + lh_free; + lh_insert; + lh_new; + lh_node_stats; + lh_node_stats_bio; + lh_node_usage_stats; + lh_node_usage_stats_bio; + lh_retrieve; + lh_stats; + lh_stats_bio; + lh_strhash; + sk_delete; + sk_delete_ptr; + sk_dup; + sk_find; + sk_free; + sk_insert; + sk_new; + sk_pop; + sk_pop_free; + sk_push; + sk_set_cmp_func; + sk_shift; + sk_unshift; + sk_zero; + BIO_f_nbio_test; + ASN1_TYPE_get; + ASN1_TYPE_set; + PKCS7_content_free; + ERR_load_PKCS7_strings; + X509_find_by_issuer_and_serial; + X509_find_by_subject; + PKCS7_ctrl; + PKCS7_set_type; + PKCS7_set_content; + PKCS7_SIGNER_INFO_set; + PKCS7_add_signer; + PKCS7_add_certificate; + PKCS7_add_crl; + PKCS7_content_new; + PKCS7_dataSign; + PKCS7_dataVerify; + PKCS7_dataInit; + PKCS7_add_signature; + PKCS7_cert_from_signer_info; + PKCS7_get_signer_info; + EVP_delete_alias; + EVP_mdc2; + PEM_read_bio_RSAPublicKey; + PEM_write_bio_RSAPublicKey; + d2i_RSAPublicKey_bio; + i2d_RSAPublicKey_bio; + PEM_read_RSAPublicKey; + PEM_write_RSAPublicKey; + d2i_RSAPublicKey_fp; + i2d_RSAPublicKey_fp; + BIO_copy_next_retry; + RSA_flags; + X509_STORE_add_crl; + X509_load_crl_file; + EVP_rc2_40_cbc; + EVP_rc4_40; + EVP_CIPHER_CTX_init; + HMAC; + HMAC_Init; + HMAC_Update; + HMAC_Final; + ERR_get_next_error_library; + EVP_PKEY_cmp_parameters; + HMAC_cleanup; + BIO_ptr_ctrl; + BIO_new_file_internal; + BIO_new_fp_internal; + BIO_s_file_internal; + BN_BLINDING_convert; + BN_BLINDING_invert; + BN_BLINDING_update; + RSA_blinding_on; + RSA_blinding_off; + i2t_ASN1_OBJECT; + BN_BLINDING_new; + BN_BLINDING_free; + EVP_cast5_cbc; + EVP_cast5_cfb64; + EVP_cast5_ecb; + EVP_cast5_ofb; + BF_decrypt; + CAST_set_key; + CAST_encrypt; + CAST_decrypt; + CAST_ecb_encrypt; + CAST_cbc_encrypt; + CAST_cfb64_encrypt; + CAST_ofb64_encrypt; + RC2_decrypt; + OBJ_create_objects; + BN_exp; + BN_mul_word; + BN_sub_word; + BN_dec2bn; + BN_bn2dec; + BIO_ghbn_ctrl; + CRYPTO_free_ex_data; + CRYPTO_get_ex_data; + CRYPTO_set_ex_data; + ERR_load_CRYPTO_strings; + ERR_load_CRYPTOlib_strings; + EVP_PKEY_bits; + MD5_Transform; + SHA1_Transform; + SHA_Transform; + X509_STORE_CTX_get_chain; + X509_STORE_CTX_get_current_cert; + X509_STORE_CTX_get_error; + X509_STORE_CTX_get_error_depth; + X509_STORE_CTX_get_ex_data; + X509_STORE_CTX_set_cert; + X509_STORE_CTX_set_chain; + X509_STORE_CTX_set_error; + X509_STORE_CTX_set_ex_data; + CRYPTO_dup_ex_data; + CRYPTO_get_new_lockid; + CRYPTO_new_ex_data; + RSA_set_ex_data; + RSA_get_ex_data; + RSA_get_ex_new_index; + RSA_padding_add_PKCS1_type_1; + RSA_padding_add_PKCS1_type_2; + RSA_padding_add_SSLv23; + RSA_padding_add_none; + RSA_padding_check_PKCS1_type_1; + RSA_padding_check_PKCS1_type_2; + RSA_padding_check_SSLv23; + RSA_padding_check_none; + bn_add_words; + d2i_Netscape_RSA_2; + CRYPTO_get_ex_new_index; + RIPEMD160_Init; + RIPEMD160_Update; + RIPEMD160_Final; + RIPEMD160; + RIPEMD160_Transform; + RC5_32_set_key; + RC5_32_ecb_encrypt; + RC5_32_encrypt; + RC5_32_decrypt; + RC5_32_cbc_encrypt; + RC5_32_cfb64_encrypt; + RC5_32_ofb64_encrypt; + BN_bn2mpi; + BN_mpi2bn; + ASN1_BIT_STRING_get_bit; + ASN1_BIT_STRING_set_bit; + BIO_get_ex_data; + BIO_get_ex_new_index; + BIO_set_ex_data; + X509v3_get_key_usage; + X509v3_set_key_usage; + a2i_X509v3_key_usage; + i2a_X509v3_key_usage; + EVP_PKEY_decrypt; + EVP_PKEY_encrypt; + PKCS7_RECIP_INFO_set; + PKCS7_add_recipient; + PKCS7_add_recipient_info; + PKCS7_set_cipher; + ASN1_TYPE_get_int_octetstring; + ASN1_TYPE_get_octetstring; + ASN1_TYPE_set_int_octetstring; + ASN1_TYPE_set_octetstring; + ASN1_UTCTIME_set_string; + ERR_add_error_data; + ERR_set_error_data; + EVP_CIPHER_asn1_to_param; + EVP_CIPHER_param_to_asn1; + EVP_CIPHER_get_asn1_iv; + EVP_CIPHER_set_asn1_iv; + EVP_rc5_32_12_16_cbc; + EVP_rc5_32_12_16_cfb64; + EVP_rc5_32_12_16_ecb; + EVP_rc5_32_12_16_ofb; + asn1_add_error; + d2i_ASN1_BMPSTRING; + i2d_ASN1_BMPSTRING; + BIO_f_ber; + BN_init; + COMP_CTX_new; + COMP_CTX_free; + COMP_CTX_compress_block; + COMP_CTX_expand_block; + X509_STORE_CTX_get_ex_new_index; + OBJ_NAME_add; + BIO_socket_nbio; + EVP_rc2_64_cbc; + OBJ_NAME_cleanup; + OBJ_NAME_get; + OBJ_NAME_init; + OBJ_NAME_new_index; + OBJ_NAME_remove; + BN_MONT_CTX_copy; + BIO_new_socks4a_connect; + BIO_s_socks4a_connect; + PROXY_set_connect_mode; + RAND_SSLeay; + RAND_set_rand_method; + RSA_memory_lock; + bn_sub_words; + bn_mul_normal; + bn_mul_comba8; + bn_mul_comba4; + bn_sqr_normal; + bn_sqr_comba8; + bn_sqr_comba4; + bn_cmp_words; + bn_mul_recursive; + bn_mul_part_recursive; + bn_sqr_recursive; + bn_mul_low_normal; + BN_RECP_CTX_init; + BN_RECP_CTX_new; + BN_RECP_CTX_free; + BN_RECP_CTX_set; + BN_mod_mul_reciprocal; + BN_mod_exp_recp; + BN_div_recp; + BN_CTX_init; + BN_MONT_CTX_init; + RAND_get_rand_method; + PKCS7_add_attribute; + PKCS7_add_signed_attribute; + PKCS7_digest_from_attributes; + PKCS7_get_attribute; + PKCS7_get_issuer_and_serial; + PKCS7_get_signed_attribute; + COMP_compress_block; + COMP_expand_block; + COMP_rle; + COMP_zlib; + ms_time_diff; + ms_time_new; + ms_time_free; + ms_time_cmp; + ms_time_get; + PKCS7_set_attributes; + PKCS7_set_signed_attributes; + X509_ATTRIBUTE_create; + X509_ATTRIBUTE_dup; + ASN1_GENERALIZEDTIME_check; + ASN1_GENERALIZEDTIME_print; + ASN1_GENERALIZEDTIME_set; + ASN1_GENERALIZEDTIME_set_string; + ASN1_TIME_print; + BASIC_CONSTRAINTS_free; + BASIC_CONSTRAINTS_new; + ERR_load_X509V3_strings; + NETSCAPE_CERT_SEQUENCE_free; + NETSCAPE_CERT_SEQUENCE_new; + OBJ_txt2obj; + PEM_read_NETSCAPE_CERT_SEQUENCE; + PEM_read_NS_CERT_SEQ; + PEM_read_bio_NETSCAPE_CERT_SEQUENCE; + PEM_read_bio_NS_CERT_SEQ; + PEM_write_NETSCAPE_CERT_SEQUENCE; + PEM_write_NS_CERT_SEQ; + PEM_write_bio_NETSCAPE_CERT_SEQUENCE; + PEM_write_bio_NS_CERT_SEQ; + X509V3_EXT_add; + X509V3_EXT_add_alias; + X509V3_EXT_add_conf; + X509V3_EXT_cleanup; + X509V3_EXT_conf; + X509V3_EXT_conf_nid; + X509V3_EXT_get; + X509V3_EXT_get_nid; + X509V3_EXT_print; + X509V3_EXT_print_fp; + X509V3_add_standard_extensions; + X509V3_add_value; + X509V3_add_value_bool; + X509V3_add_value_int; + X509V3_conf_free; + X509V3_get_value_bool; + X509V3_get_value_int; + X509V3_parse_list; + d2i_ASN1_GENERALIZEDTIME; + d2i_ASN1_TIME; + d2i_BASIC_CONSTRAINTS; + d2i_NETSCAPE_CERT_SEQUENCE; + d2i_ext_ku; + ext_ku_free; + ext_ku_new; + i2d_ASN1_GENERALIZEDTIME; + i2d_ASN1_TIME; + i2d_BASIC_CONSTRAINTS; + i2d_NETSCAPE_CERT_SEQUENCE; + i2d_ext_ku; + EVP_MD_CTX_copy; + i2d_ASN1_ENUMERATED; + d2i_ASN1_ENUMERATED; + ASN1_ENUMERATED_set; + ASN1_ENUMERATED_get; + BN_to_ASN1_ENUMERATED; + ASN1_ENUMERATED_to_BN; + i2a_ASN1_ENUMERATED; + a2i_ASN1_ENUMERATED; + i2d_GENERAL_NAME; + d2i_GENERAL_NAME; + GENERAL_NAME_new; + GENERAL_NAME_free; + GENERAL_NAMES_new; + GENERAL_NAMES_free; + d2i_GENERAL_NAMES; + i2d_GENERAL_NAMES; + i2v_GENERAL_NAMES; + i2s_ASN1_OCTET_STRING; + s2i_ASN1_OCTET_STRING; + X509V3_EXT_check_conf; + hex_to_string; + string_to_hex; + DES_ede3_cbcm_encrypt; + RSA_padding_add_PKCS1_OAEP; + RSA_padding_check_PKCS1_OAEP; + X509_CRL_print_fp; + X509_CRL_print; + i2v_GENERAL_NAME; + v2i_GENERAL_NAME; + i2d_PKEY_USAGE_PERIOD; + d2i_PKEY_USAGE_PERIOD; + PKEY_USAGE_PERIOD_new; + PKEY_USAGE_PERIOD_free; + v2i_GENERAL_NAMES; + i2s_ASN1_INTEGER; + X509V3_EXT_d2i; + name_cmp; + str_dup; + i2s_ASN1_ENUMERATED; + i2s_ASN1_ENUMERATED_TABLE; + BIO_s_log; + BIO_f_reliable; + PKCS7_dataFinal; + PKCS7_dataDecode; + X509V3_EXT_CRL_add_conf; + BN_set_params; + BN_get_params; + BIO_get_ex_num; + BIO_set_ex_free_func; + EVP_ripemd160; + ASN1_TIME_set; + i2d_AUTHORITY_KEYID; + d2i_AUTHORITY_KEYID; + AUTHORITY_KEYID_new; + AUTHORITY_KEYID_free; + ASN1_seq_unpack; + ASN1_seq_pack; + ASN1_unpack_string; + ASN1_pack_string; + PKCS12_pack_safebag; + PKCS12_MAKE_KEYBAG; + PKCS8_encrypt; + PKCS12_MAKE_SHKEYBAG; + PKCS12_pack_p7data; + PKCS12_pack_p7encdata; + PKCS12_add_localkeyid; + PKCS12_add_friendlyname_asc; + PKCS12_add_friendlyname_uni; + PKCS12_get_friendlyname; + PKCS12_pbe_crypt; + PKCS12_decrypt_d2i; + PKCS12_i2d_encrypt; + PKCS12_init; + PKCS12_key_gen_asc; + PKCS12_key_gen_uni; + PKCS12_gen_mac; + PKCS12_verify_mac; + PKCS12_set_mac; + PKCS12_setup_mac; + OPENSSL_asc2uni; + OPENSSL_uni2asc; + i2d_PKCS12_BAGS; + PKCS12_BAGS_new; + d2i_PKCS12_BAGS; + PKCS12_BAGS_free; + i2d_PKCS12; + d2i_PKCS12; + PKCS12_new; + PKCS12_free; + i2d_PKCS12_MAC_DATA; + PKCS12_MAC_DATA_new; + d2i_PKCS12_MAC_DATA; + PKCS12_MAC_DATA_free; + i2d_PKCS12_SAFEBAG; + PKCS12_SAFEBAG_new; + d2i_PKCS12_SAFEBAG; + PKCS12_SAFEBAG_free; + ERR_load_PKCS12_strings; + PKCS12_PBE_add; + PKCS8_add_keyusage; + PKCS12_get_attr_gen; + PKCS12_parse; + PKCS12_create; + i2d_PKCS12_bio; + i2d_PKCS12_fp; + d2i_PKCS12_bio; + d2i_PKCS12_fp; + i2d_PBEPARAM; + PBEPARAM_new; + d2i_PBEPARAM; + PBEPARAM_free; + i2d_PKCS8_PRIV_KEY_INFO; + PKCS8_PRIV_KEY_INFO_new; + d2i_PKCS8_PRIV_KEY_INFO; + PKCS8_PRIV_KEY_INFO_free; + EVP_PKCS82PKEY; + EVP_PKEY2PKCS8; + PKCS8_set_broken; + EVP_PBE_ALGOR_CipherInit; + EVP_PBE_alg_add; + PKCS5_pbe_set; + EVP_PBE_cleanup; + i2d_SXNET; + d2i_SXNET; + SXNET_new; + SXNET_free; + i2d_SXNETID; + d2i_SXNETID; + SXNETID_new; + SXNETID_free; + DSA_SIG_new; + DSA_SIG_free; + DSA_do_sign; + DSA_do_verify; + d2i_DSA_SIG; + i2d_DSA_SIG; + i2d_ASN1_VISIBLESTRING; + d2i_ASN1_VISIBLESTRING; + i2d_ASN1_UTF8STRING; + d2i_ASN1_UTF8STRING; + i2d_DIRECTORYSTRING; + d2i_DIRECTORYSTRING; + i2d_DISPLAYTEXT; + d2i_DISPLAYTEXT; + d2i_ASN1_SET_OF_X509; + i2d_ASN1_SET_OF_X509; + i2d_PBKDF2PARAM; + PBKDF2PARAM_new; + d2i_PBKDF2PARAM; + PBKDF2PARAM_free; + i2d_PBE2PARAM; + PBE2PARAM_new; + d2i_PBE2PARAM; + PBE2PARAM_free; + d2i_ASN1_SET_OF_GENERAL_NAME; + i2d_ASN1_SET_OF_GENERAL_NAME; + d2i_ASN1_SET_OF_SXNETID; + i2d_ASN1_SET_OF_SXNETID; + d2i_ASN1_SET_OF_POLICYQUALINFO; + i2d_ASN1_SET_OF_POLICYQUALINFO; + d2i_ASN1_SET_OF_POLICYINFO; + i2d_ASN1_SET_OF_POLICYINFO; + SXNET_add_id_asc; + SXNET_add_id_ulong; + SXNET_add_id_INTEGER; + SXNET_get_id_asc; + SXNET_get_id_ulong; + SXNET_get_id_INTEGER; + X509V3_set_conf_lhash; + i2d_CERTIFICATEPOLICIES; + CERTIFICATEPOLICIES_new; + CERTIFICATEPOLICIES_free; + d2i_CERTIFICATEPOLICIES; + i2d_POLICYINFO; + POLICYINFO_new; + d2i_POLICYINFO; + POLICYINFO_free; + i2d_POLICYQUALINFO; + POLICYQUALINFO_new; + d2i_POLICYQUALINFO; + POLICYQUALINFO_free; + i2d_USERNOTICE; + USERNOTICE_new; + d2i_USERNOTICE; + USERNOTICE_free; + i2d_NOTICEREF; + NOTICEREF_new; + d2i_NOTICEREF; + NOTICEREF_free; + X509V3_get_string; + X509V3_get_section; + X509V3_string_free; + X509V3_section_free; + X509V3_set_ctx; + s2i_ASN1_INTEGER; + CRYPTO_set_locked_mem_functions; + CRYPTO_get_locked_mem_functions; + CRYPTO_malloc_locked; + CRYPTO_free_locked; + BN_mod_exp2_mont; + ERR_get_error_line_data; + ERR_peek_error_line_data; + PKCS12_PBE_keyivgen; + X509_ALGOR_dup; + d2i_ASN1_SET_OF_DIST_POINT; + i2d_ASN1_SET_OF_DIST_POINT; + i2d_CRL_DIST_POINTS; + CRL_DIST_POINTS_new; + CRL_DIST_POINTS_free; + d2i_CRL_DIST_POINTS; + i2d_DIST_POINT; + DIST_POINT_new; + d2i_DIST_POINT; + DIST_POINT_free; + i2d_DIST_POINT_NAME; + DIST_POINT_NAME_new; + DIST_POINT_NAME_free; + d2i_DIST_POINT_NAME; + X509V3_add_value_uchar; + d2i_ASN1_SET_OF_X509_ATTRIBUTE; + i2d_ASN1_SET_OF_ASN1_TYPE; + d2i_ASN1_SET_OF_X509_EXTENSION; + d2i_ASN1_SET_OF_X509_NAME_ENTRY; + d2i_ASN1_SET_OF_ASN1_TYPE; + i2d_ASN1_SET_OF_X509_ATTRIBUTE; + i2d_ASN1_SET_OF_X509_EXTENSION; + i2d_ASN1_SET_OF_X509_NAME_ENTRY; + X509V3_EXT_i2d; + X509V3_EXT_val_prn; + X509V3_EXT_add_list; + EVP_CIPHER_type; + EVP_PBE_CipherInit; + X509V3_add_value_bool_nf; + d2i_ASN1_UINTEGER; + sk_value; + sk_num; + sk_set; + i2d_ASN1_SET_OF_X509_REVOKED; + sk_sort; + d2i_ASN1_SET_OF_X509_REVOKED; + i2d_ASN1_SET_OF_X509_ALGOR; + i2d_ASN1_SET_OF_X509_CRL; + d2i_ASN1_SET_OF_X509_ALGOR; + d2i_ASN1_SET_OF_X509_CRL; + i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO; + i2d_ASN1_SET_OF_PKCS7_RECIP_INFO; + d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO; + d2i_ASN1_SET_OF_PKCS7_RECIP_INFO; + PKCS5_PBE_add; + PEM_write_bio_PKCS8; + i2d_PKCS8_fp; + PEM_read_bio_PKCS8_PRIV_KEY_INFO; + PEM_read_bio_P8_PRIV_KEY_INFO; + d2i_PKCS8_bio; + d2i_PKCS8_PRIV_KEY_INFO_fp; + PEM_write_bio_PKCS8_PRIV_KEY_INFO; + PEM_write_bio_P8_PRIV_KEY_INFO; + PEM_read_PKCS8; + d2i_PKCS8_PRIV_KEY_INFO_bio; + d2i_PKCS8_fp; + PEM_write_PKCS8; + PEM_read_PKCS8_PRIV_KEY_INFO; + PEM_read_P8_PRIV_KEY_INFO; + PEM_read_bio_PKCS8; + PEM_write_PKCS8_PRIV_KEY_INFO; + PEM_write_P8_PRIV_KEY_INFO; + PKCS5_PBE_keyivgen; + i2d_PKCS8_bio; + i2d_PKCS8_PRIV_KEY_INFO_fp; + i2d_PKCS8_PRIV_KEY_INFO_bio; + BIO_s_bio; + PKCS5_pbe2_set; + PKCS5_PBKDF2_HMAC_SHA1; + PKCS5_v2_PBE_keyivgen; + PEM_write_bio_PKCS8PrivateKey; + PEM_write_PKCS8PrivateKey; + BIO_ctrl_get_read_request; + BIO_ctrl_pending; + BIO_ctrl_wpending; + BIO_new_bio_pair; + BIO_ctrl_get_write_guarantee; + CRYPTO_num_locks; + CONF_load_bio; + CONF_load_fp; + i2d_ASN1_SET_OF_ASN1_OBJECT; + d2i_ASN1_SET_OF_ASN1_OBJECT; + PKCS7_signatureVerify; + RSA_set_method; + RSA_get_method; + RSA_get_default_method; + RSA_check_key; + OBJ_obj2txt; + DSA_dup_DH; + X509_REQ_get_extensions; + X509_REQ_set_extension_nids; + BIO_nwrite; + X509_REQ_extension_nid; + BIO_nread; + X509_REQ_get_extension_nids; + BIO_nwrite0; + X509_REQ_add_extensions_nid; + BIO_nread0; + X509_REQ_add_extensions; + BIO_new_mem_buf; + DH_set_ex_data; + DH_set_method; + DSA_OpenSSL; + DH_get_ex_data; + DH_get_ex_new_index; + DSA_new_method; + DH_new_method; + DH_OpenSSL; + DSA_get_ex_new_index; + DH_get_default_method; + DSA_set_ex_data; + DH_set_default_method; + DSA_get_ex_data; + X509V3_EXT_REQ_add_conf; + NETSCAPE_SPKI_print; + NETSCAPE_SPKI_set_pubkey; + NETSCAPE_SPKI_b64_encode; + NETSCAPE_SPKI_get_pubkey; + NETSCAPE_SPKI_b64_decode; + UTF8_putc; + UTF8_getc; + RSA_null_method; + ASN1_tag2str; + BIO_ctrl_reset_read_request; + DISPLAYTEXT_new; + ASN1_GENERALIZEDTIME_free; + X509_REVOKED_get_ext_d2i; + X509_set_ex_data; + X509_reject_set_bit_asc; + X509_NAME_add_entry_by_txt; + X509_NAME_add_entry_by_NID; + X509_PURPOSE_get0; + PEM_read_X509_AUX; + d2i_AUTHORITY_INFO_ACCESS; + PEM_write_PUBKEY; + ACCESS_DESCRIPTION_new; + X509_CERT_AUX_free; + d2i_ACCESS_DESCRIPTION; + X509_trust_clear; + X509_TRUST_add; + ASN1_VISIBLESTRING_new; + X509_alias_set1; + ASN1_PRINTABLESTRING_free; + EVP_PKEY_get1_DSA; + ASN1_BMPSTRING_new; + ASN1_mbstring_copy; + ASN1_UTF8STRING_new; + DSA_get_default_method; + i2d_ASN1_SET_OF_ACCESS_DESCRIPTION; + ASN1_T61STRING_free; + DSA_set_method; + X509_get_ex_data; + ASN1_STRING_type; + X509_PURPOSE_get_by_sname; + ASN1_TIME_free; + ASN1_OCTET_STRING_cmp; + ASN1_BIT_STRING_new; + X509_get_ext_d2i; + PEM_read_bio_X509_AUX; + ASN1_STRING_set_default_mask_asc; + ASN1_STRING_set_def_mask_asc; + PEM_write_bio_RSA_PUBKEY; + ASN1_INTEGER_cmp; + d2i_RSA_PUBKEY_fp; + X509_trust_set_bit_asc; + PEM_write_bio_DSA_PUBKEY; + X509_STORE_CTX_free; + EVP_PKEY_set1_DSA; + i2d_DSA_PUBKEY_fp; + X509_load_cert_crl_file; + ASN1_TIME_new; + i2d_RSA_PUBKEY; + X509_STORE_CTX_purpose_inherit; + PEM_read_RSA_PUBKEY; + d2i_X509_AUX; + i2d_DSA_PUBKEY; + X509_CERT_AUX_print; + PEM_read_DSA_PUBKEY; + i2d_RSA_PUBKEY_bio; + ASN1_BIT_STRING_num_asc; + i2d_PUBKEY; + ASN1_UTCTIME_free; + DSA_set_default_method; + X509_PURPOSE_get_by_id; + ACCESS_DESCRIPTION_free; + PEM_read_bio_PUBKEY; + ASN1_STRING_set_by_NID; + X509_PURPOSE_get_id; + DISPLAYTEXT_free; + OTHERNAME_new; + X509_CERT_AUX_new; + X509_TRUST_cleanup; + X509_NAME_add_entry_by_OBJ; + X509_CRL_get_ext_d2i; + X509_PURPOSE_get0_name; + PEM_read_PUBKEY; + i2d_DSA_PUBKEY_bio; + i2d_OTHERNAME; + ASN1_OCTET_STRING_free; + ASN1_BIT_STRING_set_asc; + X509_get_ex_new_index; + ASN1_STRING_TABLE_cleanup; + X509_TRUST_get_by_id; + X509_PURPOSE_get_trust; + ASN1_STRING_length; + d2i_ASN1_SET_OF_ACCESS_DESCRIPTION; + ASN1_PRINTABLESTRING_new; + X509V3_get_d2i; + ASN1_ENUMERATED_free; + i2d_X509_CERT_AUX; + X509_STORE_CTX_set_trust; + ASN1_STRING_set_default_mask; + X509_STORE_CTX_new; + EVP_PKEY_get1_RSA; + DIRECTORYSTRING_free; + PEM_write_X509_AUX; + ASN1_OCTET_STRING_set; + d2i_DSA_PUBKEY_fp; + d2i_RSA_PUBKEY; + X509_TRUST_get0_name; + X509_TRUST_get0; + AUTHORITY_INFO_ACCESS_free; + ASN1_IA5STRING_new; + d2i_DSA_PUBKEY; + X509_check_purpose; + ASN1_ENUMERATED_new; + d2i_RSA_PUBKEY_bio; + d2i_PUBKEY; + X509_TRUST_get_trust; + X509_TRUST_get_flags; + ASN1_BMPSTRING_free; + ASN1_T61STRING_new; + ASN1_UTCTIME_new; + i2d_AUTHORITY_INFO_ACCESS; + EVP_PKEY_set1_RSA; + X509_STORE_CTX_set_purpose; + ASN1_IA5STRING_free; + PEM_write_bio_X509_AUX; + X509_PURPOSE_get_count; + CRYPTO_add_info; + X509_NAME_ENTRY_create_by_txt; + ASN1_STRING_get_default_mask; + X509_alias_get0; + ASN1_STRING_data; + i2d_ACCESS_DESCRIPTION; + X509_trust_set_bit; + ASN1_BIT_STRING_free; + PEM_read_bio_RSA_PUBKEY; + X509_add1_reject_object; + X509_check_trust; + PEM_read_bio_DSA_PUBKEY; + X509_PURPOSE_add; + ASN1_STRING_TABLE_get; + ASN1_UTF8STRING_free; + d2i_DSA_PUBKEY_bio; + PEM_write_RSA_PUBKEY; + d2i_OTHERNAME; + X509_reject_set_bit; + PEM_write_DSA_PUBKEY; + X509_PURPOSE_get0_sname; + EVP_PKEY_set1_DH; + ASN1_OCTET_STRING_dup; + ASN1_BIT_STRING_set; + X509_TRUST_get_count; + ASN1_INTEGER_free; + OTHERNAME_free; + i2d_RSA_PUBKEY_fp; + ASN1_INTEGER_dup; + d2i_X509_CERT_AUX; + PEM_write_bio_PUBKEY; + ASN1_VISIBLESTRING_free; + X509_PURPOSE_cleanup; + ASN1_mbstring_ncopy; + ASN1_GENERALIZEDTIME_new; + EVP_PKEY_get1_DH; + ASN1_OCTET_STRING_new; + ASN1_INTEGER_new; + i2d_X509_AUX; + ASN1_BIT_STRING_name_print; + X509_cmp; + ASN1_STRING_length_set; + DIRECTORYSTRING_new; + X509_add1_trust_object; + PKCS12_newpass; + SMIME_write_PKCS7; + SMIME_read_PKCS7; + DES_set_key_checked; + PKCS7_verify; + PKCS7_encrypt; + DES_set_key_unchecked; + SMIME_crlf_copy; + i2d_ASN1_PRINTABLESTRING; + PKCS7_get0_signers; + PKCS7_decrypt; + SMIME_text; + PKCS7_simple_smimecap; + PKCS7_get_smimecap; + PKCS7_sign; + PKCS7_add_attrib_smimecap; + CRYPTO_dbg_set_options; + CRYPTO_remove_all_info; + CRYPTO_get_mem_debug_functions; + CRYPTO_is_mem_check_on; + CRYPTO_set_mem_debug_functions; + CRYPTO_pop_info; + CRYPTO_push_info_; + CRYPTO_set_mem_debug_options; + PEM_write_PKCS8PrivateKey_nid; + PEM_write_bio_PKCS8PrivateKey_nid; + PEM_write_bio_PKCS8PrivKey_nid; + d2i_PKCS8PrivateKey_bio; + ASN1_NULL_free; + d2i_ASN1_NULL; + ASN1_NULL_new; + i2d_PKCS8PrivateKey_bio; + i2d_PKCS8PrivateKey_fp; + i2d_ASN1_NULL; + i2d_PKCS8PrivateKey_nid_fp; + d2i_PKCS8PrivateKey_fp; + i2d_PKCS8PrivateKey_nid_bio; + i2d_PKCS8PrivateKeyInfo_fp; + i2d_PKCS8PrivateKeyInfo_bio; + PEM_cb; + i2d_PrivateKey_fp; + d2i_PrivateKey_bio; + d2i_PrivateKey_fp; + i2d_PrivateKey_bio; + X509_reject_clear; + X509_TRUST_set_default; + d2i_AutoPrivateKey; + X509_ATTRIBUTE_get0_type; + X509_ATTRIBUTE_set1_data; + X509at_get_attr; + X509at_get_attr_count; + X509_ATTRIBUTE_create_by_NID; + X509_ATTRIBUTE_set1_object; + X509_ATTRIBUTE_count; + X509_ATTRIBUTE_create_by_OBJ; + X509_ATTRIBUTE_get0_object; + X509at_get_attr_by_NID; + X509at_add1_attr; + X509_ATTRIBUTE_get0_data; + X509at_delete_attr; + X509at_get_attr_by_OBJ; + RAND_add; + BIO_number_written; + BIO_number_read; + X509_STORE_CTX_get1_chain; + ERR_load_RAND_strings; + RAND_pseudo_bytes; + X509_REQ_get_attr_by_NID; + X509_REQ_get_attr; + X509_REQ_add1_attr_by_NID; + X509_REQ_get_attr_by_OBJ; + X509at_add1_attr_by_NID; + X509_REQ_add1_attr_by_OBJ; + X509_REQ_get_attr_count; + X509_REQ_add1_attr; + X509_REQ_delete_attr; + X509at_add1_attr_by_OBJ; + X509_REQ_add1_attr_by_txt; + X509_ATTRIBUTE_create_by_txt; + X509at_add1_attr_by_txt; + BN_pseudo_rand; + BN_is_prime_fasttest; + BN_CTX_end; + BN_CTX_start; + BN_CTX_get; + EVP_PKEY2PKCS8_broken; + ASN1_STRING_TABLE_add; + CRYPTO_dbg_get_options; + AUTHORITY_INFO_ACCESS_new; + CRYPTO_get_mem_debug_options; + DES_crypt; + PEM_write_bio_X509_REQ_NEW; + PEM_write_X509_REQ_NEW; + BIO_callback_ctrl; + RAND_egd; + RAND_status; + bn_dump1; + DES_check_key_parity; + lh_num_items; + RAND_event; + DSO_new; + DSO_new_method; + DSO_free; + DSO_flags; + DSO_up; + DSO_set_default_method; + DSO_get_default_method; + DSO_get_method; + DSO_set_method; + DSO_load; + DSO_bind_var; + DSO_METHOD_null; + DSO_METHOD_openssl; + DSO_METHOD_dlfcn; + DSO_METHOD_win32; + ERR_load_DSO_strings; + DSO_METHOD_dl; + NCONF_load; + NCONF_load_fp; + NCONF_new; + NCONF_get_string; + NCONF_free; + NCONF_get_number; + CONF_dump_fp; + NCONF_load_bio; + NCONF_dump_fp; + NCONF_get_section; + NCONF_dump_bio; + CONF_dump_bio; + NCONF_free_data; + CONF_set_default_method; + ERR_error_string_n; + BIO_snprintf; + DSO_ctrl; + i2d_ASN1_SET_OF_ASN1_INTEGER; + i2d_ASN1_SET_OF_PKCS12_SAFEBAG; + i2d_ASN1_SET_OF_PKCS7; + BIO_vfree; + d2i_ASN1_SET_OF_ASN1_INTEGER; + d2i_ASN1_SET_OF_PKCS12_SAFEBAG; + ASN1_UTCTIME_get; + X509_REQ_digest; + X509_CRL_digest; + d2i_ASN1_SET_OF_PKCS7; + EVP_CIPHER_CTX_set_key_length; + EVP_CIPHER_CTX_ctrl; + BN_mod_exp_mont_word; + RAND_egd_bytes; + X509_REQ_get1_email; + X509_get1_email; + X509_email_free; + i2d_RSA_NET; + d2i_RSA_NET_2; + d2i_RSA_NET; + DSO_bind_func; + CRYPTO_get_new_dynlockid; + sk_new_null; + CRYPTO_set_dynlock_destroy_callback; + CRYPTO_set_dynlock_destroy_cb; + CRYPTO_destroy_dynlockid; + CRYPTO_set_dynlock_size; + CRYPTO_set_dynlock_create_callback; + CRYPTO_set_dynlock_create_cb; + CRYPTO_set_dynlock_lock_callback; + CRYPTO_set_dynlock_lock_cb; + CRYPTO_get_dynlock_lock_callback; + CRYPTO_get_dynlock_lock_cb; + CRYPTO_get_dynlock_destroy_callback; + CRYPTO_get_dynlock_destroy_cb; + CRYPTO_get_dynlock_value; + CRYPTO_get_dynlock_create_callback; + CRYPTO_get_dynlock_create_cb; + c2i_ASN1_BIT_STRING; + i2c_ASN1_BIT_STRING; + RAND_poll; + c2i_ASN1_INTEGER; + i2c_ASN1_INTEGER; + BIO_dump_indent; + ASN1_parse_dump; + c2i_ASN1_OBJECT; + X509_NAME_print_ex_fp; + ASN1_STRING_print_ex_fp; + X509_NAME_print_ex; + ASN1_STRING_print_ex; + MD4; + MD4_Transform; + MD4_Final; + MD4_Update; + MD4_Init; + EVP_md4; + i2d_PUBKEY_bio; + i2d_PUBKEY_fp; + d2i_PUBKEY_bio; + ASN1_STRING_to_UTF8; + BIO_vprintf; + BIO_vsnprintf; + d2i_PUBKEY_fp; + X509_cmp_time; + X509_STORE_CTX_set_time; + X509_STORE_CTX_get1_issuer; + X509_OBJECT_retrieve_match; + X509_OBJECT_idx_by_subject; + X509_STORE_CTX_set_flags; + X509_STORE_CTX_trusted_stack; + X509_time_adj; + X509_check_issued; + ASN1_UTCTIME_cmp_time_t; + DES_set_weak_key_flag; + DES_check_key; + DES_rw_mode; + RSA_PKCS1_RSAref; + X509_keyid_set1; + BIO_next; + DSO_METHOD_vms; + BIO_f_linebuffer; + BN_bntest_rand; + OPENSSL_issetugid; + BN_rand_range; + ERR_load_ENGINE_strings; + ENGINE_set_DSA; + ENGINE_get_finish_function; + ENGINE_get_default_RSA; + ENGINE_get_BN_mod_exp; + DSA_get_default_openssl_method; + ENGINE_set_DH; + ENGINE_set_def_BN_mod_exp_crt; + ENGINE_set_default_BN_mod_exp_crt; + ENGINE_init; + DH_get_default_openssl_method; + RSA_set_default_openssl_method; + ENGINE_finish; + ENGINE_load_public_key; + ENGINE_get_DH; + ENGINE_ctrl; + ENGINE_get_init_function; + ENGINE_set_init_function; + ENGINE_set_default_DSA; + ENGINE_get_name; + ENGINE_get_last; + ENGINE_get_prev; + ENGINE_get_default_DH; + ENGINE_get_RSA; + ENGINE_set_default; + ENGINE_get_RAND; + ENGINE_get_first; + ENGINE_by_id; + ENGINE_set_finish_function; + ENGINE_get_def_BN_mod_exp_crt; + ENGINE_get_default_BN_mod_exp_crt; + RSA_get_default_openssl_method; + ENGINE_set_RSA; + ENGINE_load_private_key; + ENGINE_set_default_RAND; + ENGINE_set_BN_mod_exp; + ENGINE_remove; + ENGINE_free; + ENGINE_get_BN_mod_exp_crt; + ENGINE_get_next; + ENGINE_set_name; + ENGINE_get_default_DSA; + ENGINE_set_default_BN_mod_exp; + ENGINE_set_default_RSA; + ENGINE_get_default_RAND; + ENGINE_get_default_BN_mod_exp; + ENGINE_set_RAND; + ENGINE_set_id; + ENGINE_set_BN_mod_exp_crt; + ENGINE_set_default_DH; + ENGINE_new; + ENGINE_get_id; + DSA_set_default_openssl_method; + ENGINE_add; + DH_set_default_openssl_method; + ENGINE_get_DSA; + ENGINE_get_ctrl_function; + ENGINE_set_ctrl_function; + BN_pseudo_rand_range; + X509_STORE_CTX_set_verify_cb; + ERR_load_COMP_strings; + PKCS12_item_decrypt_d2i; + ASN1_UTF8STRING_it; + ASN1_UTF8STRING_it; + ENGINE_unregister_ciphers; + ENGINE_get_ciphers; + d2i_OCSP_BASICRESP; + KRB5_CHECKSUM_it; + KRB5_CHECKSUM_it; + EC_POINT_add; + ASN1_item_ex_i2d; + OCSP_CERTID_it; + OCSP_CERTID_it; + d2i_OCSP_RESPBYTES; + X509V3_add1_i2d; + PKCS7_ENVELOPE_it; + PKCS7_ENVELOPE_it; + UI_add_input_boolean; + ENGINE_unregister_RSA; + X509V3_EXT_nconf; + ASN1_GENERALSTRING_free; + d2i_OCSP_CERTSTATUS; + X509_REVOKED_set_serialNumber; + X509_print_ex; + OCSP_ONEREQ_get1_ext_d2i; + ENGINE_register_all_RAND; + ENGINE_load_dynamic; + PBKDF2PARAM_it; + PBKDF2PARAM_it; + EXTENDED_KEY_USAGE_new; + EC_GROUP_clear_free; + OCSP_sendreq_bio; + ASN1_item_digest; + OCSP_BASICRESP_delete_ext; + OCSP_SIGNATURE_it; + OCSP_SIGNATURE_it; + X509_CRL_it; + X509_CRL_it; + OCSP_BASICRESP_add_ext; + KRB5_ENCKEY_it; + KRB5_ENCKEY_it; + UI_method_set_closer; + X509_STORE_set_purpose; + i2d_ASN1_GENERALSTRING; + OCSP_response_status; + i2d_OCSP_SERVICELOC; + ENGINE_get_digest_engine; + EC_GROUP_set_curve_GFp; + OCSP_REQUEST_get_ext_by_OBJ; + _ossl_old_des_random_key; + ASN1_T61STRING_it; + ASN1_T61STRING_it; + EC_GROUP_method_of; + i2d_KRB5_APREQ; + _ossl_old_des_encrypt; + ASN1_PRINTABLE_new; + HMAC_Init_ex; + d2i_KRB5_AUTHENT; + OCSP_archive_cutoff_new; + EC_POINT_set_Jprojective_coordinates_GFp; + EC_POINT_set_Jproj_coords_GFp; + _ossl_old_des_is_weak_key; + OCSP_BASICRESP_get_ext_by_OBJ; + EC_POINT_oct2point; + OCSP_SINGLERESP_get_ext_count; + UI_ctrl; + _shadow_DES_rw_mode; + _shadow_DES_rw_mode; + asn1_do_adb; + ASN1_template_i2d; + ENGINE_register_DH; + UI_construct_prompt; + X509_STORE_set_trust; + UI_dup_input_string; + d2i_KRB5_APREQ; + EVP_MD_CTX_copy_ex; + OCSP_request_is_signed; + i2d_OCSP_REQINFO; + KRB5_ENCKEY_free; + OCSP_resp_get0; + GENERAL_NAME_it; + GENERAL_NAME_it; + ASN1_GENERALIZEDTIME_it; + ASN1_GENERALIZEDTIME_it; + X509_STORE_set_flags; + EC_POINT_set_compressed_coordinates_GFp; + EC_POINT_set_compr_coords_GFp; + OCSP_response_status_str; + d2i_OCSP_REVOKEDINFO; + OCSP_basic_add1_cert; + ERR_get_implementation; + EVP_CipherFinal_ex; + OCSP_CERTSTATUS_new; + CRYPTO_cleanup_all_ex_data; + OCSP_resp_find; + BN_nnmod; + X509_CRL_sort; + X509_REVOKED_set_revocationDate; + ENGINE_register_RAND; + OCSP_SERVICELOC_new; + EC_POINT_set_affine_coordinates_GFp; + EC_POINT_set_affine_coords_GFp; + _ossl_old_des_options; + SXNET_it; + SXNET_it; + UI_dup_input_boolean; + PKCS12_add_CSPName_asc; + EC_POINT_is_at_infinity; + ENGINE_load_cryptodev; + DSO_convert_filename; + POLICYQUALINFO_it; + POLICYQUALINFO_it; + ENGINE_register_ciphers; + BN_mod_lshift_quick; + DSO_set_filename; + ASN1_item_free; + KRB5_TKTBODY_free; + AUTHORITY_KEYID_it; + AUTHORITY_KEYID_it; + KRB5_APREQBODY_new; + X509V3_EXT_REQ_add_nconf; + ENGINE_ctrl_cmd_string; + i2d_OCSP_RESPDATA; + EVP_MD_CTX_init; + EXTENDED_KEY_USAGE_free; + PKCS7_ATTR_SIGN_it; + PKCS7_ATTR_SIGN_it; + UI_add_error_string; + KRB5_CHECKSUM_free; + OCSP_REQUEST_get_ext; + ENGINE_load_ubsec; + ENGINE_register_all_digests; + PKEY_USAGE_PERIOD_it; + PKEY_USAGE_PERIOD_it; + PKCS12_unpack_authsafes; + ASN1_item_unpack; + NETSCAPE_SPKAC_it; + NETSCAPE_SPKAC_it; + X509_REVOKED_it; + X509_REVOKED_it; + ASN1_STRING_encode; + EVP_aes_128_ecb; + KRB5_AUTHENT_free; + OCSP_BASICRESP_get_ext_by_critical; + OCSP_BASICRESP_get_ext_by_crit; + OCSP_cert_status_str; + d2i_OCSP_REQUEST; + UI_dup_info_string; + _ossl_old_des_xwhite_in2out; + PKCS12_it; + PKCS12_it; + OCSP_SINGLERESP_get_ext_by_critical; + OCSP_SINGLERESP_get_ext_by_crit; + OCSP_CERTSTATUS_free; + _ossl_old_des_crypt; + ASN1_item_i2d; + EVP_DecryptFinal_ex; + ENGINE_load_openssl; + ENGINE_get_cmd_defns; + ENGINE_set_load_privkey_function; + ENGINE_set_load_privkey_fn; + EVP_EncryptFinal_ex; + ENGINE_set_default_digests; + X509_get0_pubkey_bitstr; + asn1_ex_i2c; + ENGINE_register_RSA; + ENGINE_unregister_DSA; + _ossl_old_des_key_sched; + X509_EXTENSION_it; + X509_EXTENSION_it; + i2d_KRB5_AUTHENT; + SXNETID_it; + SXNETID_it; + d2i_OCSP_SINGLERESP; + EDIPARTYNAME_new; + PKCS12_certbag2x509; + _ossl_old_des_ofb64_encrypt; + d2i_EXTENDED_KEY_USAGE; + ERR_print_errors_cb; + ENGINE_set_ciphers; + d2i_KRB5_APREQBODY; + UI_method_get_flusher; + X509_PUBKEY_it; + X509_PUBKEY_it; + _ossl_old_des_enc_read; + PKCS7_ENCRYPT_it; + PKCS7_ENCRYPT_it; + i2d_OCSP_RESPONSE; + EC_GROUP_get_cofactor; + PKCS12_unpack_p7data; + d2i_KRB5_AUTHDATA; + OCSP_copy_nonce; + KRB5_AUTHDATA_new; + OCSP_RESPDATA_new; + EC_GFp_mont_method; + OCSP_REVOKEDINFO_free; + UI_get_ex_data; + KRB5_APREQBODY_free; + EC_GROUP_get0_generator; + UI_get_default_method; + X509V3_set_nconf; + PKCS12_item_i2d_encrypt; + X509_add1_ext_i2d; + PKCS7_SIGNER_INFO_it; + PKCS7_SIGNER_INFO_it; + KRB5_PRINCNAME_new; + PKCS12_SAFEBAG_it; + PKCS12_SAFEBAG_it; + EC_GROUP_get_order; + d2i_OCSP_RESPID; + OCSP_request_verify; + NCONF_get_number_e; + _ossl_old_des_decrypt3; + X509_signature_print; + OCSP_SINGLERESP_free; + ENGINE_load_builtin_engines; + i2d_OCSP_ONEREQ; + OCSP_REQUEST_add_ext; + OCSP_RESPBYTES_new; + EVP_MD_CTX_create; + OCSP_resp_find_status; + X509_ALGOR_it; + X509_ALGOR_it; + ASN1_TIME_it; + ASN1_TIME_it; + OCSP_request_set1_name; + OCSP_ONEREQ_get_ext_count; + UI_get0_result; + PKCS12_AUTHSAFES_it; + PKCS12_AUTHSAFES_it; + EVP_aes_256_ecb; + PKCS12_pack_authsafes; + ASN1_IA5STRING_it; + ASN1_IA5STRING_it; + UI_get_input_flags; + EC_GROUP_set_generator; + _ossl_old_des_string_to_2keys; + OCSP_CERTID_free; + X509_CERT_AUX_it; + X509_CERT_AUX_it; + CERTIFICATEPOLICIES_it; + CERTIFICATEPOLICIES_it; + _ossl_old_des_ede3_cbc_encrypt; + RAND_set_rand_engine; + DSO_get_loaded_filename; + X509_ATTRIBUTE_it; + X509_ATTRIBUTE_it; + OCSP_ONEREQ_get_ext_by_NID; + PKCS12_decrypt_skey; + KRB5_AUTHENT_it; + KRB5_AUTHENT_it; + UI_dup_error_string; + RSAPublicKey_it; + RSAPublicKey_it; + i2d_OCSP_REQUEST; + PKCS12_x509crl2certbag; + OCSP_SERVICELOC_it; + OCSP_SERVICELOC_it; + ASN1_item_sign; + X509_CRL_set_issuer_name; + OBJ_NAME_do_all_sorted; + i2d_OCSP_BASICRESP; + i2d_OCSP_RESPBYTES; + PKCS12_unpack_p7encdata; + HMAC_CTX_init; + ENGINE_get_digest; + OCSP_RESPONSE_print; + KRB5_TKTBODY_it; + KRB5_TKTBODY_it; + ACCESS_DESCRIPTION_it; + ACCESS_DESCRIPTION_it; + PKCS7_ISSUER_AND_SERIAL_it; + PKCS7_ISSUER_AND_SERIAL_it; + PBE2PARAM_it; + PBE2PARAM_it; + PKCS12_certbag2x509crl; + PKCS7_SIGNED_it; + PKCS7_SIGNED_it; + ENGINE_get_cipher; + i2d_OCSP_CRLID; + OCSP_SINGLERESP_new; + ENGINE_cmd_is_executable; + RSA_up_ref; + ASN1_GENERALSTRING_it; + ASN1_GENERALSTRING_it; + ENGINE_register_DSA; + X509V3_EXT_add_nconf_sk; + ENGINE_set_load_pubkey_function; + PKCS8_decrypt; + PEM_bytes_read_bio; + DIRECTORYSTRING_it; + DIRECTORYSTRING_it; + d2i_OCSP_CRLID; + EC_POINT_is_on_curve; + CRYPTO_set_locked_mem_ex_functions; + CRYPTO_set_locked_mem_ex_funcs; + d2i_KRB5_CHECKSUM; + ASN1_item_dup; + X509_it; + X509_it; + BN_mod_add; + KRB5_AUTHDATA_free; + _ossl_old_des_cbc_cksum; + ASN1_item_verify; + CRYPTO_set_mem_ex_functions; + EC_POINT_get_Jprojective_coordinates_GFp; + EC_POINT_get_Jproj_coords_GFp; + ZLONG_it; + ZLONG_it; + CRYPTO_get_locked_mem_ex_functions; + CRYPTO_get_locked_mem_ex_funcs; + ASN1_TIME_check; + UI_get0_user_data; + HMAC_CTX_cleanup; + DSA_up_ref; + _ossl_old_des_ede3_cfb64_encrypt; + _ossl_odes_ede3_cfb64_encrypt; + ASN1_BMPSTRING_it; + ASN1_BMPSTRING_it; + ASN1_tag2bit; + UI_method_set_flusher; + X509_ocspid_print; + KRB5_ENCDATA_it; + KRB5_ENCDATA_it; + ENGINE_get_load_pubkey_function; + UI_add_user_data; + OCSP_REQUEST_delete_ext; + UI_get_method; + OCSP_ONEREQ_free; + ASN1_PRINTABLESTRING_it; + ASN1_PRINTABLESTRING_it; + X509_CRL_set_nextUpdate; + OCSP_REQUEST_it; + OCSP_REQUEST_it; + OCSP_BASICRESP_it; + OCSP_BASICRESP_it; + AES_ecb_encrypt; + BN_mod_sqr; + NETSCAPE_CERT_SEQUENCE_it; + NETSCAPE_CERT_SEQUENCE_it; + GENERAL_NAMES_it; + GENERAL_NAMES_it; + AUTHORITY_INFO_ACCESS_it; + AUTHORITY_INFO_ACCESS_it; + ASN1_FBOOLEAN_it; + ASN1_FBOOLEAN_it; + UI_set_ex_data; + _ossl_old_des_string_to_key; + ENGINE_register_all_RSA; + d2i_KRB5_PRINCNAME; + OCSP_RESPBYTES_it; + OCSP_RESPBYTES_it; + X509_CINF_it; + X509_CINF_it; + ENGINE_unregister_digests; + d2i_EDIPARTYNAME; + d2i_OCSP_SERVICELOC; + ENGINE_get_digests; + _ossl_old_des_set_odd_parity; + OCSP_RESPDATA_free; + d2i_KRB5_TICKET; + OTHERNAME_it; + OTHERNAME_it; + EVP_MD_CTX_cleanup; + d2i_ASN1_GENERALSTRING; + X509_CRL_set_version; + BN_mod_sub; + OCSP_SINGLERESP_get_ext_by_NID; + ENGINE_get_ex_new_index; + OCSP_REQUEST_free; + OCSP_REQUEST_add1_ext_i2d; + X509_VAL_it; + X509_VAL_it; + EC_POINTs_make_affine; + EC_POINT_mul; + X509V3_EXT_add_nconf; + X509_TRUST_set; + X509_CRL_add1_ext_i2d; + _ossl_old_des_fcrypt; + DISPLAYTEXT_it; + DISPLAYTEXT_it; + X509_CRL_set_lastUpdate; + OCSP_BASICRESP_free; + OCSP_BASICRESP_add1_ext_i2d; + d2i_KRB5_AUTHENTBODY; + CRYPTO_set_ex_data_implementation; + CRYPTO_set_ex_data_impl; + KRB5_ENCDATA_new; + DSO_up_ref; + OCSP_crl_reason_str; + UI_get0_result_string; + ASN1_GENERALSTRING_new; + X509_SIG_it; + X509_SIG_it; + ERR_set_implementation; + ERR_load_EC_strings; + UI_get0_action_string; + OCSP_ONEREQ_get_ext; + EC_POINT_method_of; + i2d_KRB5_APREQBODY; + _ossl_old_des_ecb3_encrypt; + CRYPTO_get_mem_ex_functions; + ENGINE_get_ex_data; + UI_destroy_method; + ASN1_item_i2d_bio; + OCSP_ONEREQ_get_ext_by_OBJ; + ASN1_primitive_new; + ASN1_PRINTABLE_it; + ASN1_PRINTABLE_it; + EVP_aes_192_ecb; + OCSP_SIGNATURE_new; + LONG_it; + LONG_it; + ASN1_VISIBLESTRING_it; + ASN1_VISIBLESTRING_it; + OCSP_SINGLERESP_add1_ext_i2d; + d2i_OCSP_CERTID; + ASN1_item_d2i_fp; + CRL_DIST_POINTS_it; + CRL_DIST_POINTS_it; + GENERAL_NAME_print; + OCSP_SINGLERESP_delete_ext; + PKCS12_SAFEBAGS_it; + PKCS12_SAFEBAGS_it; + d2i_OCSP_SIGNATURE; + OCSP_request_add1_nonce; + ENGINE_set_cmd_defns; + OCSP_SERVICELOC_free; + EC_GROUP_free; + ASN1_BIT_STRING_it; + ASN1_BIT_STRING_it; + X509_REQ_it; + X509_REQ_it; + _ossl_old_des_cbc_encrypt; + ERR_unload_strings; + PKCS7_SIGN_ENVELOPE_it; + PKCS7_SIGN_ENVELOPE_it; + EDIPARTYNAME_free; + OCSP_REQINFO_free; + EC_GROUP_new_curve_GFp; + OCSP_REQUEST_get1_ext_d2i; + PKCS12_item_pack_safebag; + asn1_ex_c2i; + ENGINE_register_digests; + i2d_OCSP_REVOKEDINFO; + asn1_enc_restore; + UI_free; + UI_new_method; + EVP_EncryptInit_ex; + X509_pubkey_digest; + EC_POINT_invert; + OCSP_basic_sign; + i2d_OCSP_RESPID; + OCSP_check_nonce; + ENGINE_ctrl_cmd; + d2i_KRB5_ENCKEY; + OCSP_parse_url; + OCSP_SINGLERESP_get_ext; + OCSP_CRLID_free; + OCSP_BASICRESP_get1_ext_d2i; + RSAPrivateKey_it; + RSAPrivateKey_it; + ENGINE_register_all_DH; + i2d_EDIPARTYNAME; + EC_POINT_get_affine_coordinates_GFp; + EC_POINT_get_affine_coords_GFp; + OCSP_CRLID_new; + ENGINE_get_flags; + OCSP_ONEREQ_it; + OCSP_ONEREQ_it; + UI_process; + ASN1_INTEGER_it; + ASN1_INTEGER_it; + EVP_CipherInit_ex; + UI_get_string_type; + ENGINE_unregister_DH; + ENGINE_register_all_DSA; + OCSP_ONEREQ_get_ext_by_critical; + bn_dup_expand; + OCSP_cert_id_new; + BASIC_CONSTRAINTS_it; + BASIC_CONSTRAINTS_it; + BN_mod_add_quick; + EC_POINT_new; + EVP_MD_CTX_destroy; + OCSP_RESPBYTES_free; + EVP_aes_128_cbc; + OCSP_SINGLERESP_get1_ext_d2i; + EC_POINT_free; + DH_up_ref; + X509_NAME_ENTRY_it; + X509_NAME_ENTRY_it; + UI_get_ex_new_index; + BN_mod_sub_quick; + OCSP_ONEREQ_add_ext; + OCSP_request_sign; + EVP_DigestFinal_ex; + ENGINE_set_digests; + OCSP_id_issuer_cmp; + OBJ_NAME_do_all; + EC_POINTs_mul; + ENGINE_register_complete; + X509V3_EXT_nconf_nid; + ASN1_SEQUENCE_it; + ASN1_SEQUENCE_it; + UI_set_default_method; + RAND_query_egd_bytes; + UI_method_get_writer; + UI_OpenSSL; + PEM_def_callback; + ENGINE_cleanup; + DIST_POINT_it; + DIST_POINT_it; + OCSP_SINGLERESP_it; + OCSP_SINGLERESP_it; + d2i_KRB5_TKTBODY; + EC_POINT_cmp; + OCSP_REVOKEDINFO_new; + i2d_OCSP_CERTSTATUS; + OCSP_basic_add1_nonce; + ASN1_item_ex_d2i; + BN_mod_lshift1_quick; + UI_set_method; + OCSP_id_get0_info; + BN_mod_sqrt; + EC_GROUP_copy; + KRB5_ENCDATA_free; + _ossl_old_des_cfb_encrypt; + OCSP_SINGLERESP_get_ext_by_OBJ; + OCSP_cert_to_id; + OCSP_RESPID_new; + OCSP_RESPDATA_it; + OCSP_RESPDATA_it; + d2i_OCSP_RESPDATA; + ENGINE_register_all_complete; + OCSP_check_validity; + PKCS12_BAGS_it; + PKCS12_BAGS_it; + OCSP_url_svcloc_new; + ASN1_template_free; + OCSP_SINGLERESP_add_ext; + KRB5_AUTHENTBODY_it; + KRB5_AUTHENTBODY_it; + X509_supported_extension; + i2d_KRB5_AUTHDATA; + UI_method_get_opener; + ENGINE_set_ex_data; + OCSP_REQUEST_print; + CBIGNUM_it; + CBIGNUM_it; + KRB5_TICKET_new; + KRB5_APREQ_new; + EC_GROUP_get_curve_GFp; + KRB5_ENCKEY_new; + ASN1_template_d2i; + _ossl_old_des_quad_cksum; + OCSP_single_get0_status; + BN_swap; + POLICYINFO_it; + POLICYINFO_it; + ENGINE_set_destroy_function; + asn1_enc_free; + OCSP_RESPID_it; + OCSP_RESPID_it; + EC_GROUP_new; + EVP_aes_256_cbc; + i2d_KRB5_PRINCNAME; + _ossl_old_des_encrypt2; + _ossl_old_des_encrypt3; + PKCS8_PRIV_KEY_INFO_it; + PKCS8_PRIV_KEY_INFO_it; + OCSP_REQINFO_it; + OCSP_REQINFO_it; + PBEPARAM_it; + PBEPARAM_it; + KRB5_AUTHENTBODY_new; + X509_CRL_add0_revoked; + EDIPARTYNAME_it; + EDIPARTYNAME_it; + NETSCAPE_SPKI_it; + NETSCAPE_SPKI_it; + UI_get0_test_string; + ENGINE_get_cipher_engine; + ENGINE_register_all_ciphers; + EC_POINT_copy; + BN_kronecker; + _ossl_old_des_ede3_ofb64_encrypt; + _ossl_odes_ede3_ofb64_encrypt; + UI_method_get_reader; + OCSP_BASICRESP_get_ext_count; + ASN1_ENUMERATED_it; + ASN1_ENUMERATED_it; + UI_set_result; + i2d_KRB5_TICKET; + X509_print_ex_fp; + EVP_CIPHER_CTX_set_padding; + d2i_OCSP_RESPONSE; + ASN1_UTCTIME_it; + ASN1_UTCTIME_it; + _ossl_old_des_enc_write; + OCSP_RESPONSE_new; + AES_set_encrypt_key; + OCSP_resp_count; + KRB5_CHECKSUM_new; + ENGINE_load_cswift; + OCSP_onereq_get0_id; + ENGINE_set_default_ciphers; + NOTICEREF_it; + NOTICEREF_it; + X509V3_EXT_CRL_add_nconf; + OCSP_REVOKEDINFO_it; + OCSP_REVOKEDINFO_it; + AES_encrypt; + OCSP_REQUEST_new; + ASN1_ANY_it; + ASN1_ANY_it; + CRYPTO_ex_data_new_class; + _ossl_old_des_ncbc_encrypt; + i2d_KRB5_TKTBODY; + EC_POINT_clear_free; + AES_decrypt; + asn1_enc_init; + UI_get_result_maxsize; + OCSP_CERTID_new; + ENGINE_unregister_RAND; + UI_method_get_closer; + d2i_KRB5_ENCDATA; + OCSP_request_onereq_count; + OCSP_basic_verify; + KRB5_AUTHENTBODY_free; + ASN1_item_d2i; + ASN1_primitive_free; + i2d_EXTENDED_KEY_USAGE; + i2d_OCSP_SIGNATURE; + asn1_enc_save; + ENGINE_load_nuron; + _ossl_old_des_pcbc_encrypt; + PKCS12_MAC_DATA_it; + PKCS12_MAC_DATA_it; + OCSP_accept_responses_new; + asn1_do_lock; + PKCS7_ATTR_VERIFY_it; + PKCS7_ATTR_VERIFY_it; + KRB5_APREQBODY_it; + KRB5_APREQBODY_it; + i2d_OCSP_SINGLERESP; + ASN1_item_ex_new; + UI_add_verify_string; + _ossl_old_des_set_key; + KRB5_PRINCNAME_it; + KRB5_PRINCNAME_it; + EVP_DecryptInit_ex; + i2d_OCSP_CERTID; + ASN1_item_d2i_bio; + EC_POINT_dbl; + asn1_get_choice_selector; + i2d_KRB5_CHECKSUM; + ENGINE_set_table_flags; + AES_options; + ENGINE_load_chil; + OCSP_id_cmp; + OCSP_BASICRESP_new; + OCSP_REQUEST_get_ext_by_NID; + KRB5_APREQ_it; + KRB5_APREQ_it; + ENGINE_get_destroy_function; + CONF_set_nconf; + ASN1_PRINTABLE_free; + OCSP_BASICRESP_get_ext_by_NID; + DIST_POINT_NAME_it; + DIST_POINT_NAME_it; + X509V3_extensions_print; + _ossl_old_des_cfb64_encrypt; + X509_REVOKED_add1_ext_i2d; + _ossl_old_des_ofb_encrypt; + KRB5_TKTBODY_new; + ASN1_OCTET_STRING_it; + ASN1_OCTET_STRING_it; + ERR_load_UI_strings; + i2d_KRB5_ENCKEY; + ASN1_template_new; + OCSP_SIGNATURE_free; + ASN1_item_i2d_fp; + KRB5_PRINCNAME_free; + PKCS7_RECIP_INFO_it; + PKCS7_RECIP_INFO_it; + EXTENDED_KEY_USAGE_it; + EXTENDED_KEY_USAGE_it; + EC_GFp_simple_method; + EC_GROUP_precompute_mult; + OCSP_request_onereq_get0; + UI_method_set_writer; + KRB5_AUTHENT_new; + X509_CRL_INFO_it; + X509_CRL_INFO_it; + DSO_set_name_converter; + AES_set_decrypt_key; + PKCS7_DIGEST_it; + PKCS7_DIGEST_it; + PKCS12_x5092certbag; + EVP_DigestInit_ex; + i2a_ACCESS_DESCRIPTION; + OCSP_RESPONSE_it; + OCSP_RESPONSE_it; + PKCS7_ENC_CONTENT_it; + PKCS7_ENC_CONTENT_it; + OCSP_request_add0_id; + EC_POINT_make_affine; + DSO_get_filename; + OCSP_CERTSTATUS_it; + OCSP_CERTSTATUS_it; + OCSP_request_add1_cert; + UI_get0_output_string; + UI_dup_verify_string; + BN_mod_lshift; + KRB5_AUTHDATA_it; + KRB5_AUTHDATA_it; + asn1_set_choice_selector; + OCSP_basic_add1_status; + OCSP_RESPID_free; + asn1_get_field_ptr; + UI_add_input_string; + OCSP_CRLID_it; + OCSP_CRLID_it; + i2d_KRB5_AUTHENTBODY; + OCSP_REQUEST_get_ext_count; + ENGINE_load_atalla; + X509_NAME_it; + X509_NAME_it; + USERNOTICE_it; + USERNOTICE_it; + OCSP_REQINFO_new; + OCSP_BASICRESP_get_ext; + CRYPTO_get_ex_data_implementation; + CRYPTO_get_ex_data_impl; + ASN1_item_pack; + i2d_KRB5_ENCDATA; + X509_PURPOSE_set; + X509_REQ_INFO_it; + X509_REQ_INFO_it; + UI_method_set_opener; + ASN1_item_ex_free; + ASN1_BOOLEAN_it; + ASN1_BOOLEAN_it; + ENGINE_get_table_flags; + UI_create_method; + OCSP_ONEREQ_add1_ext_i2d; + _shadow_DES_check_key; + _shadow_DES_check_key; + d2i_OCSP_REQINFO; + UI_add_info_string; + UI_get_result_minsize; + ASN1_NULL_it; + ASN1_NULL_it; + BN_mod_lshift1; + d2i_OCSP_ONEREQ; + OCSP_ONEREQ_new; + KRB5_TICKET_it; + KRB5_TICKET_it; + EVP_aes_192_cbc; + KRB5_TICKET_free; + UI_new; + OCSP_response_create; + _ossl_old_des_xcbc_encrypt; + PKCS7_it; + PKCS7_it; + OCSP_REQUEST_get_ext_by_critical; + OCSP_REQUEST_get_ext_by_crit; + ENGINE_set_flags; + _ossl_old_des_ecb_encrypt; + OCSP_response_get1_basic; + EVP_Digest; + OCSP_ONEREQ_delete_ext; + ASN1_TBOOLEAN_it; + ASN1_TBOOLEAN_it; + ASN1_item_new; + ASN1_TIME_to_generalizedtime; + BIGNUM_it; + BIGNUM_it; + AES_cbc_encrypt; + ENGINE_get_load_privkey_function; + ENGINE_get_load_privkey_fn; + OCSP_RESPONSE_free; + UI_method_set_reader; + i2d_ASN1_T61STRING; + EC_POINT_set_to_infinity; + ERR_load_OCSP_strings; + EC_POINT_point2oct; + KRB5_APREQ_free; + ASN1_OBJECT_it; + ASN1_OBJECT_it; + OCSP_crlID_new; + OCSP_crlID2_new; + CONF_modules_load_file; + CONF_imodule_set_usr_data; + ENGINE_set_default_string; + CONF_module_get_usr_data; + ASN1_add_oid_module; + CONF_modules_finish; + OPENSSL_config; + CONF_modules_unload; + CONF_imodule_get_value; + CONF_module_set_usr_data; + CONF_parse_list; + CONF_module_add; + CONF_get1_default_config_file; + CONF_imodule_get_flags; + CONF_imodule_get_module; + CONF_modules_load; + CONF_imodule_get_name; + ERR_peek_top_error; + CONF_imodule_get_usr_data; + CONF_imodule_set_flags; + ENGINE_add_conf_module; + ERR_peek_last_error_line; + ERR_peek_last_error_line_data; + ERR_peek_last_error; + DES_read_2passwords; + DES_read_password; + UI_UTIL_read_pw; + UI_UTIL_read_pw_string; + ENGINE_load_aep; + ENGINE_load_sureware; + OPENSSL_add_all_algorithms_noconf; + OPENSSL_add_all_algo_noconf; + OPENSSL_add_all_algorithms_conf; + OPENSSL_add_all_algo_conf; + OPENSSL_load_builtin_modules; + AES_ofb128_encrypt; + AES_ctr128_encrypt; + AES_cfb128_encrypt; + ENGINE_load_4758cca; + _ossl_096_des_random_seed; + EVP_aes_256_ofb; + EVP_aes_192_ofb; + EVP_aes_128_cfb128; + EVP_aes_256_cfb128; + EVP_aes_128_ofb; + EVP_aes_192_cfb128; + CONF_modules_free; + NCONF_default; + OPENSSL_no_config; + NCONF_WIN32; + ASN1_UNIVERSALSTRING_new; + EVP_des_ede_ecb; + i2d_ASN1_UNIVERSALSTRING; + ASN1_UNIVERSALSTRING_free; + ASN1_UNIVERSALSTRING_it; + ASN1_UNIVERSALSTRING_it; + d2i_ASN1_UNIVERSALSTRING; + EVP_des_ede3_ecb; + X509_REQ_print_ex; + ENGINE_up_ref; + BUF_MEM_grow_clean; + CRYPTO_realloc_clean; + BUF_strlcat; + BIO_indent; + BUF_strlcpy; + OpenSSLDie; + OPENSSL_cleanse; + ENGINE_setup_bsd_cryptodev; + ERR_release_err_state_table; + EVP_aes_128_cfb8; + FIPS_corrupt_rsa; + FIPS_selftest_des; + EVP_aes_128_cfb1; + EVP_aes_192_cfb8; + FIPS_mode_set; + FIPS_selftest_dsa; + EVP_aes_256_cfb8; + FIPS_allow_md5; + DES_ede3_cfb_encrypt; + EVP_des_ede3_cfb8; + FIPS_rand_seeded; + AES_cfbr_encrypt_block; + AES_cfb8_encrypt; + FIPS_rand_seed; + FIPS_corrupt_des; + EVP_aes_192_cfb1; + FIPS_selftest_aes; + FIPS_set_prng_key; + EVP_des_cfb8; + FIPS_corrupt_dsa; + FIPS_test_mode; + FIPS_rand_method; + EVP_aes_256_cfb1; + ERR_load_FIPS_strings; + FIPS_corrupt_aes; + FIPS_selftest_sha1; + FIPS_selftest_rsa; + FIPS_corrupt_sha1; + EVP_des_cfb1; + FIPS_dsa_check; + AES_cfb1_encrypt; + EVP_des_ede3_cfb1; + FIPS_rand_check; + FIPS_md5_allowed; + FIPS_mode; + FIPS_selftest_failed; + sk_is_sorted; + X509_check_ca; + HMAC_CTX_set_flags; + d2i_PROXY_CERT_INFO_EXTENSION; + PROXY_POLICY_it; + PROXY_POLICY_it; + i2d_PROXY_POLICY; + i2d_PROXY_CERT_INFO_EXTENSION; + d2i_PROXY_POLICY; + PROXY_CERT_INFO_EXTENSION_new; + PROXY_CERT_INFO_EXTENSION_free; + PROXY_CERT_INFO_EXTENSION_it; + PROXY_CERT_INFO_EXTENSION_it; + PROXY_POLICY_free; + PROXY_POLICY_new; + BN_MONT_CTX_set_locked; + FIPS_selftest_rng; + EVP_sha384; + EVP_sha512; + EVP_sha224; + EVP_sha256; + FIPS_selftest_hmac; + FIPS_corrupt_rng; + BN_mod_exp_mont_consttime; + RSA_X931_hash_id; + RSA_padding_check_X931; + RSA_verify_PKCS1_PSS; + RSA_padding_add_X931; + RSA_padding_add_PKCS1_PSS; + PKCS1_MGF1; + BN_X931_generate_Xpq; + RSA_X931_generate_key; + BN_X931_derive_prime; + BN_X931_generate_prime; + RSA_X931_derive; + BIO_new_dgram; + BN_get0_nist_prime_384; + ERR_set_mark; + X509_STORE_CTX_set0_crls; + ENGINE_set_STORE; + ENGINE_register_ECDSA; + STORE_meth_set_list_start_fn; + STORE_method_set_list_start_function; + BN_BLINDING_invert_ex; + NAME_CONSTRAINTS_free; + STORE_ATTR_INFO_set_number; + BN_BLINDING_get_thread_id; + X509_STORE_CTX_set0_param; + POLICY_MAPPING_it; + POLICY_MAPPING_it; + STORE_parse_attrs_start; + POLICY_CONSTRAINTS_free; + EVP_PKEY_add1_attr_by_NID; + BN_nist_mod_192; + EC_GROUP_get_trinomial_basis; + STORE_set_method; + GENERAL_SUBTREE_free; + NAME_CONSTRAINTS_it; + NAME_CONSTRAINTS_it; + ECDH_get_default_method; + PKCS12_add_safe; + EC_KEY_new_by_curve_name; + STORE_meth_get_update_store_fn; + STORE_method_get_update_store_function; + ENGINE_register_ECDH; + SHA512_Update; + i2d_ECPrivateKey; + BN_get0_nist_prime_192; + STORE_modify_certificate; + EC_POINT_set_affine_coordinates_GF2m; + EC_POINT_set_affine_coords_GF2m; + BN_GF2m_mod_exp_arr; + STORE_ATTR_INFO_modify_number; + X509_keyid_get0; + ENGINE_load_gmp; + pitem_new; + BN_GF2m_mod_mul_arr; + STORE_list_public_key_endp; + o2i_ECPublicKey; + EC_KEY_copy; + BIO_dump_fp; + X509_policy_node_get0_parent; + EC_GROUP_check_discriminant; + i2o_ECPublicKey; + EC_KEY_precompute_mult; + a2i_IPADDRESS; + STORE_meth_set_initialise_fn; + STORE_method_set_initialise_function; + X509_STORE_CTX_set_depth; + X509_VERIFY_PARAM_inherit; + EC_POINT_point2bn; + STORE_ATTR_INFO_set_dn; + X509_policy_tree_get0_policies; + EC_GROUP_new_curve_GF2m; + STORE_destroy_method; + ENGINE_unregister_STORE; + EVP_PKEY_get1_EC_KEY; + STORE_ATTR_INFO_get0_number; + ENGINE_get_default_ECDH; + EC_KEY_get_conv_form; + ASN1_OCTET_STRING_NDEF_it; + ASN1_OCTET_STRING_NDEF_it; + STORE_delete_public_key; + STORE_get_public_key; + STORE_modify_arbitrary; + ENGINE_get_static_state; + pqueue_iterator; + ECDSA_SIG_new; + OPENSSL_DIR_end; + BN_GF2m_mod_sqr; + EC_POINT_bn2point; + X509_VERIFY_PARAM_set_depth; + EC_KEY_set_asn1_flag; + STORE_get_method; + EC_KEY_get_key_method_data; + ECDSA_sign_ex; + STORE_parse_attrs_end; + EC_GROUP_get_point_conversion_form; + EC_GROUP_get_point_conv_form; + STORE_method_set_store_function; + STORE_ATTR_INFO_in; + PEM_read_bio_ECPKParameters; + EC_GROUP_get_pentanomial_basis; + EVP_PKEY_add1_attr_by_txt; + BN_BLINDING_set_flags; + X509_VERIFY_PARAM_set1_policies; + X509_VERIFY_PARAM_set1_name; + X509_VERIFY_PARAM_set_purpose; + STORE_get_number; + ECDSA_sign_setup; + BN_GF2m_mod_solve_quad_arr; + EC_KEY_up_ref; + POLICY_MAPPING_free; + BN_GF2m_mod_div; + X509_VERIFY_PARAM_set_flags; + EC_KEY_free; + STORE_meth_set_list_next_fn; + STORE_method_set_list_next_function; + PEM_write_bio_ECPrivateKey; + d2i_EC_PUBKEY; + STORE_meth_get_generate_fn; + STORE_method_get_generate_function; + STORE_meth_set_list_end_fn; + STORE_method_set_list_end_function; + pqueue_print; + EC_GROUP_have_precompute_mult; + EC_KEY_print_fp; + BN_GF2m_mod_arr; + PEM_write_bio_X509_CERT_PAIR; + EVP_PKEY_cmp; + X509_policy_level_node_count; + STORE_new_engine; + STORE_list_public_key_start; + X509_VERIFY_PARAM_new; + ECDH_get_ex_data; + EVP_PKEY_get_attr; + ECDSA_do_sign; + ENGINE_unregister_ECDH; + ECDH_OpenSSL; + EC_KEY_set_conv_form; + EC_POINT_dup; + GENERAL_SUBTREE_new; + STORE_list_crl_endp; + EC_get_builtin_curves; + X509_policy_node_get0_qualifiers; + X509_pcy_node_get0_qualifiers; + STORE_list_crl_end; + EVP_PKEY_set1_EC_KEY; + BN_GF2m_mod_sqrt_arr; + i2d_ECPrivateKey_bio; + ECPKParameters_print_fp; + pqueue_find; + ECDSA_SIG_free; + PEM_write_bio_ECPKParameters; + STORE_method_set_ctrl_function; + STORE_list_public_key_end; + EC_KEY_set_private_key; + pqueue_peek; + STORE_get_arbitrary; + STORE_store_crl; + X509_policy_node_get0_policy; + PKCS12_add_safes; + BN_BLINDING_convert_ex; + X509_policy_tree_free; + OPENSSL_ia32cap_loc; + BN_GF2m_poly2arr; + STORE_ctrl; + STORE_ATTR_INFO_compare; + BN_get0_nist_prime_224; + i2d_ECParameters; + i2d_ECPKParameters; + BN_GENCB_call; + d2i_ECPKParameters; + STORE_meth_set_generate_fn; + STORE_method_set_generate_function; + ENGINE_set_ECDH; + NAME_CONSTRAINTS_new; + SHA256_Init; + EC_KEY_get0_public_key; + PEM_write_bio_EC_PUBKEY; + STORE_ATTR_INFO_set_cstr; + STORE_list_crl_next; + STORE_ATTR_INFO_in_range; + ECParameters_print; + STORE_meth_set_delete_fn; + STORE_method_set_delete_function; + STORE_list_certificate_next; + ASN1_generate_nconf; + BUF_memdup; + BN_GF2m_mod_mul; + STORE_meth_get_list_next_fn; + STORE_method_get_list_next_function; + STORE_ATTR_INFO_get0_dn; + STORE_list_private_key_next; + EC_GROUP_set_seed; + X509_VERIFY_PARAM_set_trust; + STORE_ATTR_INFO_free; + STORE_get_private_key; + EVP_PKEY_get_attr_count; + STORE_ATTR_INFO_new; + EC_GROUP_get_curve_GF2m; + STORE_meth_set_revoke_fn; + STORE_method_set_revoke_function; + STORE_store_number; + BN_is_prime_ex; + STORE_revoke_public_key; + X509_STORE_CTX_get0_param; + STORE_delete_arbitrary; + PEM_read_X509_CERT_PAIR; + X509_STORE_set_depth; + ECDSA_get_ex_data; + SHA224; + BIO_dump_indent_fp; + EC_KEY_set_group; + BUF_strndup; + STORE_list_certificate_start; + BN_GF2m_mod; + X509_REQ_check_private_key; + EC_GROUP_get_seed_len; + ERR_load_STORE_strings; + PEM_read_bio_EC_PUBKEY; + STORE_list_private_key_end; + i2d_EC_PUBKEY; + ECDSA_get_default_method; + ASN1_put_eoc; + X509_STORE_CTX_get_explicit_policy; + X509_STORE_CTX_get_expl_policy; + X509_VERIFY_PARAM_table_cleanup; + STORE_modify_private_key; + X509_VERIFY_PARAM_free; + EC_METHOD_get_field_type; + EC_GFp_nist_method; + STORE_meth_set_modify_fn; + STORE_method_set_modify_function; + STORE_parse_attrs_next; + ENGINE_load_padlock; + EC_GROUP_set_curve_name; + X509_CERT_PAIR_it; + X509_CERT_PAIR_it; + STORE_meth_get_revoke_fn; + STORE_method_get_revoke_function; + STORE_method_set_get_function; + STORE_modify_number; + STORE_method_get_store_function; + STORE_store_private_key; + BN_GF2m_mod_sqr_arr; + RSA_setup_blinding; + BIO_s_datagram; + STORE_Memory; + sk_find_ex; + EC_GROUP_set_curve_GF2m; + ENGINE_set_default_ECDSA; + POLICY_CONSTRAINTS_new; + BN_GF2m_mod_sqrt; + ECDH_set_default_method; + EC_KEY_generate_key; + SHA384_Update; + BN_GF2m_arr2poly; + STORE_method_get_get_function; + STORE_meth_set_cleanup_fn; + STORE_method_set_cleanup_function; + EC_GROUP_check; + d2i_ECPrivateKey_bio; + EC_KEY_insert_key_method_data; + STORE_meth_get_lock_store_fn; + STORE_method_get_lock_store_function; + X509_VERIFY_PARAM_get_depth; + SHA224_Final; + STORE_meth_set_update_store_fn; + STORE_method_set_update_store_function; + SHA224_Update; + d2i_ECPrivateKey; + ASN1_item_ndef_i2d; + STORE_delete_private_key; + ERR_pop_to_mark; + ENGINE_register_all_STORE; + X509_policy_level_get0_node; + i2d_PKCS7_NDEF; + EC_GROUP_get_degree; + ASN1_generate_v3; + STORE_ATTR_INFO_modify_cstr; + X509_policy_tree_level_count; + BN_GF2m_add; + EC_KEY_get0_group; + STORE_generate_crl; + STORE_store_public_key; + X509_CERT_PAIR_free; + STORE_revoke_private_key; + BN_nist_mod_224; + SHA512_Final; + STORE_ATTR_INFO_modify_dn; + STORE_meth_get_initialise_fn; + STORE_method_get_initialise_function; + STORE_delete_number; + i2d_EC_PUBKEY_bio; + BIO_dgram_non_fatal_error; + EC_GROUP_get_asn1_flag; + STORE_ATTR_INFO_in_ex; + STORE_list_crl_start; + ECDH_get_ex_new_index; + STORE_meth_get_modify_fn; + STORE_method_get_modify_function; + v2i_ASN1_BIT_STRING; + STORE_store_certificate; + OBJ_bsearch_ex; + X509_STORE_CTX_set_default; + STORE_ATTR_INFO_set_sha1str; + BN_GF2m_mod_inv; + BN_GF2m_mod_exp; + STORE_modify_public_key; + STORE_meth_get_list_start_fn; + STORE_method_get_list_start_function; + EC_GROUP_get0_seed; + STORE_store_arbitrary; + STORE_meth_set_unlock_store_fn; + STORE_method_set_unlock_store_function; + BN_GF2m_mod_div_arr; + ENGINE_set_ECDSA; + STORE_create_method; + ECPKParameters_print; + EC_KEY_get0_private_key; + PEM_write_EC_PUBKEY; + X509_VERIFY_PARAM_set1; + ECDH_set_method; + v2i_GENERAL_NAME_ex; + ECDH_set_ex_data; + STORE_generate_key; + BN_nist_mod_521; + X509_policy_tree_get0_level; + EC_GROUP_set_point_conversion_form; + EC_GROUP_set_point_conv_form; + PEM_read_EC_PUBKEY; + i2d_ECDSA_SIG; + ECDSA_OpenSSL; + STORE_delete_crl; + EC_KEY_get_enc_flags; + ASN1_const_check_infinite_end; + EVP_PKEY_delete_attr; + ECDSA_set_default_method; + EC_POINT_set_compressed_coordinates_GF2m; + EC_POINT_set_compr_coords_GF2m; + EC_GROUP_cmp; + STORE_revoke_certificate; + BN_get0_nist_prime_256; + STORE_meth_get_delete_fn; + STORE_method_get_delete_function; + SHA224_Init; + PEM_read_ECPrivateKey; + SHA512_Init; + STORE_parse_attrs_endp; + BN_set_negative; + ERR_load_ECDSA_strings; + EC_GROUP_get_basis_type; + STORE_list_public_key_next; + i2v_ASN1_BIT_STRING; + STORE_OBJECT_free; + BN_nist_mod_384; + i2d_X509_CERT_PAIR; + PEM_write_ECPKParameters; + ECDH_compute_key; + STORE_ATTR_INFO_get0_sha1str; + ENGINE_register_all_ECDH; + pqueue_pop; + STORE_ATTR_INFO_get0_cstr; + POLICY_CONSTRAINTS_it; + POLICY_CONSTRAINTS_it; + STORE_get_ex_new_index; + EVP_PKEY_get_attr_by_OBJ; + X509_VERIFY_PARAM_add0_policy; + BN_GF2m_mod_solve_quad; + SHA256; + i2d_ECPrivateKey_fp; + X509_policy_tree_get0_user_policies; + X509_pcy_tree_get0_usr_policies; + OPENSSL_DIR_read; + ENGINE_register_all_ECDSA; + X509_VERIFY_PARAM_lookup; + EC_POINT_get_affine_coordinates_GF2m; + EC_POINT_get_affine_coords_GF2m; + EC_GROUP_dup; + ENGINE_get_default_ECDSA; + EC_KEY_new; + SHA256_Transform; + EC_KEY_set_enc_flags; + ECDSA_verify; + EC_POINT_point2hex; + ENGINE_get_STORE; + SHA512; + STORE_get_certificate; + ECDSA_do_sign_ex; + ECDSA_do_verify; + d2i_ECPrivateKey_fp; + STORE_delete_certificate; + SHA512_Transform; + X509_STORE_set1_param; + STORE_method_get_ctrl_function; + STORE_free; + PEM_write_ECPrivateKey; + STORE_meth_get_unlock_store_fn; + STORE_method_get_unlock_store_function; + STORE_get_ex_data; + EC_KEY_set_public_key; + PEM_read_ECPKParameters; + X509_CERT_PAIR_new; + ENGINE_register_STORE; + RSA_generate_key_ex; + DSA_generate_parameters_ex; + ECParameters_print_fp; + X509V3_NAME_from_section; + EVP_PKEY_add1_attr; + STORE_modify_crl; + STORE_list_private_key_start; + POLICY_MAPPINGS_it; + POLICY_MAPPINGS_it; + GENERAL_SUBTREE_it; + GENERAL_SUBTREE_it; + EC_GROUP_get_curve_name; + PEM_write_X509_CERT_PAIR; + BIO_dump_indent_cb; + d2i_X509_CERT_PAIR; + STORE_list_private_key_endp; + asn1_const_Finish; + i2d_EC_PUBKEY_fp; + BN_nist_mod_256; + X509_VERIFY_PARAM_add0_table; + pqueue_free; + BN_BLINDING_create_param; + ECDSA_size; + d2i_EC_PUBKEY_bio; + BN_get0_nist_prime_521; + STORE_ATTR_INFO_modify_sha1str; + BN_generate_prime_ex; + EC_GROUP_new_by_curve_name; + SHA256_Final; + DH_generate_parameters_ex; + PEM_read_bio_ECPrivateKey; + STORE_meth_get_cleanup_fn; + STORE_method_get_cleanup_function; + ENGINE_get_ECDH; + d2i_ECDSA_SIG; + BN_is_prime_fasttest_ex; + ECDSA_sign; + X509_policy_check; + EVP_PKEY_get_attr_by_NID; + STORE_set_ex_data; + ENGINE_get_ECDSA; + EVP_ecdsa; + BN_BLINDING_get_flags; + PKCS12_add_cert; + STORE_OBJECT_new; + ERR_load_ECDH_strings; + EC_KEY_dup; + EVP_CIPHER_CTX_rand_key; + ECDSA_set_method; + a2i_IPADDRESS_NC; + d2i_ECParameters; + STORE_list_certificate_end; + STORE_get_crl; + X509_POLICY_NODE_print; + SHA384_Init; + EC_GF2m_simple_method; + ECDSA_set_ex_data; + SHA384_Final; + PKCS7_set_digest; + EC_KEY_print; + STORE_meth_set_lock_store_fn; + STORE_method_set_lock_store_function; + ECDSA_get_ex_new_index; + SHA384; + POLICY_MAPPING_new; + STORE_list_certificate_endp; + X509_STORE_CTX_get0_policy_tree; + EC_GROUP_set_asn1_flag; + EC_KEY_check_key; + d2i_EC_PUBKEY_fp; + PKCS7_set0_type_other; + PEM_read_bio_X509_CERT_PAIR; + pqueue_next; + STORE_meth_get_list_end_fn; + STORE_method_get_list_end_function; + EVP_PKEY_add1_attr_by_OBJ; + X509_VERIFY_PARAM_set_time; + pqueue_new; + ENGINE_set_default_ECDH; + STORE_new_method; + PKCS12_add_key; + DSO_merge; + EC_POINT_hex2point; + BIO_dump_cb; + SHA256_Update; + pqueue_insert; + pitem_free; + BN_GF2m_mod_inv_arr; + ENGINE_unregister_ECDSA; + BN_BLINDING_set_thread_id; + get_rfc3526_prime_8192; + X509_VERIFY_PARAM_clear_flags; + get_rfc2409_prime_1024; + DH_check_pub_key; + get_rfc3526_prime_2048; + get_rfc3526_prime_6144; + get_rfc3526_prime_1536; + get_rfc3526_prime_3072; + get_rfc3526_prime_4096; + get_rfc2409_prime_768; + X509_VERIFY_PARAM_get_flags; + EVP_CIPHER_CTX_new; + EVP_CIPHER_CTX_free; + Camellia_cbc_encrypt; + Camellia_cfb128_encrypt; + Camellia_cfb1_encrypt; + Camellia_cfb8_encrypt; + Camellia_ctr128_encrypt; + Camellia_cfbr_encrypt_block; + Camellia_decrypt; + Camellia_ecb_encrypt; + Camellia_encrypt; + Camellia_ofb128_encrypt; + Camellia_set_key; + EVP_camellia_128_cbc; + EVP_camellia_128_cfb128; + EVP_camellia_128_cfb1; + EVP_camellia_128_cfb8; + EVP_camellia_128_ecb; + EVP_camellia_128_ofb; + EVP_camellia_192_cbc; + EVP_camellia_192_cfb128; + EVP_camellia_192_cfb1; + EVP_camellia_192_cfb8; + EVP_camellia_192_ecb; + EVP_camellia_192_ofb; + EVP_camellia_256_cbc; + EVP_camellia_256_cfb128; + EVP_camellia_256_cfb1; + EVP_camellia_256_cfb8; + EVP_camellia_256_ecb; + EVP_camellia_256_ofb; + a2i_ipadd; + ASIdentifiers_free; + i2d_ASIdOrRange; + EVP_CIPHER_block_size; + v3_asid_is_canonical; + IPAddressChoice_free; + EVP_CIPHER_CTX_set_app_data; + BIO_set_callback_arg; + v3_addr_add_prefix; + IPAddressOrRange_it; + IPAddressOrRange_it; + BIO_set_flags; + ASIdentifiers_it; + ASIdentifiers_it; + v3_addr_get_range; + BIO_method_type; + v3_addr_inherits; + IPAddressChoice_it; + IPAddressChoice_it; + AES_ige_encrypt; + v3_addr_add_range; + EVP_CIPHER_CTX_nid; + d2i_ASRange; + v3_addr_add_inherit; + v3_asid_add_id_or_range; + v3_addr_validate_resource_set; + EVP_CIPHER_iv_length; + EVP_MD_type; + v3_asid_canonize; + IPAddressRange_free; + v3_asid_add_inherit; + EVP_CIPHER_CTX_key_length; + IPAddressRange_new; + ASIdOrRange_new; + EVP_MD_size; + EVP_MD_CTX_test_flags; + BIO_clear_flags; + i2d_ASRange; + IPAddressRange_it; + IPAddressRange_it; + IPAddressChoice_new; + ASIdentifierChoice_new; + ASRange_free; + EVP_MD_pkey_type; + EVP_MD_CTX_clear_flags; + IPAddressFamily_free; + i2d_IPAddressFamily; + IPAddressOrRange_new; + EVP_CIPHER_flags; + v3_asid_validate_resource_set; + d2i_IPAddressRange; + AES_bi_ige_encrypt; + BIO_get_callback; + IPAddressOrRange_free; + v3_addr_subset; + d2i_IPAddressFamily; + v3_asid_subset; + BIO_test_flags; + i2d_ASIdentifierChoice; + ASRange_it; + ASRange_it; + d2i_ASIdentifiers; + ASRange_new; + d2i_IPAddressChoice; + v3_addr_get_afi; + EVP_CIPHER_key_length; + EVP_Cipher; + i2d_IPAddressOrRange; + ASIdOrRange_it; + ASIdOrRange_it; + EVP_CIPHER_nid; + i2d_IPAddressChoice; + EVP_CIPHER_CTX_block_size; + ASIdentifiers_new; + v3_addr_validate_path; + IPAddressFamily_new; + EVP_MD_CTX_set_flags; + v3_addr_is_canonical; + i2d_IPAddressRange; + IPAddressFamily_it; + IPAddressFamily_it; + v3_asid_inherits; + EVP_CIPHER_CTX_cipher; + EVP_CIPHER_CTX_get_app_data; + EVP_MD_block_size; + EVP_CIPHER_CTX_flags; + v3_asid_validate_path; + d2i_IPAddressOrRange; + v3_addr_canonize; + ASIdentifierChoice_it; + ASIdentifierChoice_it; + EVP_MD_CTX_md; + d2i_ASIdentifierChoice; + BIO_method_name; + EVP_CIPHER_CTX_iv_length; + ASIdOrRange_free; + ASIdentifierChoice_free; + BIO_get_callback_arg; + BIO_set_callback; + d2i_ASIdOrRange; + i2d_ASIdentifiers; + SEED_decrypt; + SEED_encrypt; + SEED_cbc_encrypt; + EVP_seed_ofb; + SEED_cfb128_encrypt; + SEED_ofb128_encrypt; + EVP_seed_cbc; + SEED_ecb_encrypt; + EVP_seed_ecb; + SEED_set_key; + EVP_seed_cfb128; + X509_EXTENSIONS_it; + X509_EXTENSIONS_it; + X509_get1_ocsp; + OCSP_REQ_CTX_free; + i2d_X509_EXTENSIONS; + OCSP_sendreq_nbio; + OCSP_sendreq_new; + d2i_X509_EXTENSIONS; + X509_ALGORS_it; + X509_ALGORS_it; + X509_ALGOR_get0; + X509_ALGOR_set0; + AES_unwrap_key; + AES_wrap_key; + X509at_get0_data_by_OBJ; + ASN1_TYPE_set1; + ASN1_STRING_set0; + i2d_X509_ALGORS; + BIO_f_zlib; + COMP_zlib_cleanup; + d2i_X509_ALGORS; + CMS_ReceiptRequest_free; + PEM_write_CMS; + CMS_add0_CertificateChoices; + CMS_unsigned_add1_attr_by_OBJ; + ERR_load_CMS_strings; + CMS_sign_receipt; + i2d_CMS_ContentInfo; + CMS_signed_delete_attr; + d2i_CMS_bio; + CMS_unsigned_get_attr_by_NID; + CMS_verify; + SMIME_read_CMS; + CMS_decrypt_set1_key; + CMS_SignerInfo_get0_algs; + CMS_add1_cert; + CMS_set_detached; + CMS_encrypt; + CMS_EnvelopedData_create; + CMS_uncompress; + CMS_add0_crl; + CMS_SignerInfo_verify_content; + CMS_unsigned_get0_data_by_OBJ; + PEM_write_bio_CMS; + CMS_unsigned_get_attr; + CMS_RecipientInfo_ktri_cert_cmp; + CMS_RecipientInfo_ktri_get0_algs; + CMS_RecipInfo_ktri_get0_algs; + CMS_ContentInfo_free; + CMS_final; + CMS_add_simple_smimecap; + CMS_SignerInfo_verify; + CMS_data; + CMS_ContentInfo_it; + CMS_ContentInfo_it; + d2i_CMS_ReceiptRequest; + CMS_compress; + CMS_digest_create; + CMS_SignerInfo_cert_cmp; + CMS_SignerInfo_sign; + CMS_data_create; + i2d_CMS_bio; + CMS_EncryptedData_set1_key; + CMS_decrypt; + int_smime_write_ASN1; + CMS_unsigned_delete_attr; + CMS_unsigned_get_attr_count; + CMS_add_smimecap; + PEM_read_CMS; + CMS_signed_get_attr_by_OBJ; + d2i_CMS_ContentInfo; + CMS_add_standard_smimecap; + CMS_ContentInfo_new; + CMS_RecipientInfo_type; + CMS_get0_type; + CMS_is_detached; + CMS_sign; + CMS_signed_add1_attr; + CMS_unsigned_get_attr_by_OBJ; + SMIME_write_CMS; + CMS_EncryptedData_decrypt; + CMS_get0_RecipientInfos; + CMS_add0_RevocationInfoChoice; + CMS_decrypt_set1_pkey; + CMS_SignerInfo_set1_signer_cert; + CMS_get0_signers; + CMS_ReceiptRequest_get0_values; + CMS_signed_get0_data_by_OBJ; + CMS_get0_SignerInfos; + CMS_add0_cert; + CMS_EncryptedData_encrypt; + CMS_digest_verify; + CMS_set1_signers_certs; + CMS_signed_get_attr; + CMS_RecipientInfo_set0_key; + CMS_SignedData_init; + CMS_RecipientInfo_kekri_get0_id; + CMS_verify_receipt; + CMS_ReceiptRequest_it; + CMS_ReceiptRequest_it; + PEM_read_bio_CMS; + CMS_get1_crls; + CMS_add0_recipient_key; + SMIME_read_ASN1; + CMS_ReceiptRequest_new; + CMS_get0_content; + CMS_get1_ReceiptRequest; + CMS_signed_add1_attr_by_OBJ; + CMS_RecipientInfo_kekri_id_cmp; + CMS_add1_ReceiptRequest; + CMS_SignerInfo_get0_signer_id; + CMS_unsigned_add1_attr_by_NID; + CMS_unsigned_add1_attr; + CMS_signed_get_attr_by_NID; + CMS_get1_certs; + CMS_signed_add1_attr_by_NID; + CMS_unsigned_add1_attr_by_txt; + CMS_dataFinal; + CMS_RecipientInfo_ktri_get0_signer_id; + CMS_RecipInfo_ktri_get0_sigr_id; + i2d_CMS_ReceiptRequest; + CMS_add1_recipient_cert; + CMS_dataInit; + CMS_signed_add1_attr_by_txt; + CMS_RecipientInfo_decrypt; + CMS_signed_get_attr_count; + CMS_get0_eContentType; + CMS_set1_eContentType; + CMS_ReceiptRequest_create0; + CMS_add1_signer; + CMS_RecipientInfo_set0_pkey; + ENGINE_set_load_ssl_client_cert_function; + ENGINE_set_ld_ssl_clnt_cert_fn; + ENGINE_get_ssl_client_cert_function; + ENGINE_get_ssl_client_cert_fn; + ENGINE_load_ssl_client_cert; + ENGINE_load_capi; + OPENSSL_isservice; + FIPS_dsa_sig_decode; + EVP_CIPHER_CTX_clear_flags; + FIPS_rand_status; + FIPS_rand_set_key; + CRYPTO_set_mem_info_functions; + RSA_X931_generate_key_ex; + int_ERR_set_state_func; + int_EVP_MD_set_engine_callbacks; + int_CRYPTO_set_do_dynlock_callback; + FIPS_rng_stick; + EVP_CIPHER_CTX_set_flags; + BN_X931_generate_prime_ex; + FIPS_selftest_check; + FIPS_rand_set_dt; + CRYPTO_dbg_pop_info; + FIPS_dsa_free; + RSA_X931_derive_ex; + FIPS_rsa_new; + FIPS_rand_bytes; + fips_cipher_test; + EVP_CIPHER_CTX_test_flags; + CRYPTO_malloc_debug_init; + CRYPTO_dbg_push_info; + FIPS_corrupt_rsa_keygen; + FIPS_dh_new; + FIPS_corrupt_dsa_keygen; + FIPS_dh_free; + fips_pkey_signature_test; + EVP_add_alg_module; + int_RAND_init_engine_callbacks; + int_EVP_CIPHER_set_engine_callbacks; + int_EVP_MD_init_engine_callbacks; + FIPS_rand_test_mode; + FIPS_rand_reset; + FIPS_dsa_new; + int_RAND_set_callbacks; + BN_X931_derive_prime_ex; + int_ERR_lib_init; + int_EVP_CIPHER_init_engine_callbacks; + FIPS_rsa_free; + FIPS_dsa_sig_encode; + CRYPTO_dbg_remove_all_info; + OPENSSL_init; + CRYPTO_strdup; + JPAKE_STEP3A_process; + JPAKE_STEP1_release; + JPAKE_get_shared_key; + JPAKE_STEP3B_init; + JPAKE_STEP1_generate; + JPAKE_STEP1_init; + JPAKE_STEP3B_process; + JPAKE_STEP2_generate; + JPAKE_CTX_new; + JPAKE_CTX_free; + JPAKE_STEP3B_release; + JPAKE_STEP3A_release; + JPAKE_STEP2_process; + JPAKE_STEP3B_generate; + JPAKE_STEP1_process; + JPAKE_STEP3A_generate; + JPAKE_STEP2_release; + JPAKE_STEP3A_init; + ERR_load_JPAKE_strings; + JPAKE_STEP2_init; + pqueue_size; + i2d_TS_ACCURACY; + i2d_TS_MSG_IMPRINT_fp; + i2d_TS_MSG_IMPRINT; + EVP_PKEY_print_public; + EVP_PKEY_CTX_new; + i2d_TS_TST_INFO; + EVP_PKEY_asn1_find; + DSO_METHOD_beos; + TS_CONF_load_cert; + TS_REQ_get_ext; + EVP_PKEY_sign_init; + ASN1_item_print; + TS_TST_INFO_set_nonce; + TS_RESP_dup; + ENGINE_register_pkey_meths; + EVP_PKEY_asn1_add0; + PKCS7_add0_attrib_signing_time; + i2d_TS_TST_INFO_fp; + BIO_asn1_get_prefix; + TS_TST_INFO_set_time; + EVP_PKEY_meth_set_decrypt; + EVP_PKEY_set_type_str; + EVP_PKEY_CTX_get_keygen_info; + TS_REQ_set_policy_id; + d2i_TS_RESP_fp; + ENGINE_get_pkey_asn1_meth_engine; + ENGINE_get_pkey_asn1_meth_eng; + WHIRLPOOL_Init; + TS_RESP_set_status_info; + EVP_PKEY_keygen; + EVP_DigestSignInit; + TS_ACCURACY_set_millis; + TS_REQ_dup; + GENERAL_NAME_dup; + ASN1_SEQUENCE_ANY_it; + ASN1_SEQUENCE_ANY_it; + WHIRLPOOL; + X509_STORE_get1_crls; + ENGINE_get_pkey_asn1_meth; + EVP_PKEY_asn1_new; + BIO_new_NDEF; + ENGINE_get_pkey_meth; + TS_MSG_IMPRINT_set_algo; + i2d_TS_TST_INFO_bio; + TS_TST_INFO_set_ordering; + TS_TST_INFO_get_ext_by_OBJ; + CRYPTO_THREADID_set_pointer; + TS_CONF_get_tsa_section; + SMIME_write_ASN1; + TS_RESP_CTX_set_signer_key; + EVP_PKEY_encrypt_old; + EVP_PKEY_encrypt_init; + CRYPTO_THREADID_cpy; + ASN1_PCTX_get_cert_flags; + i2d_ESS_SIGNING_CERT; + TS_CONF_load_key; + i2d_ASN1_SEQUENCE_ANY; + d2i_TS_MSG_IMPRINT_bio; + EVP_PKEY_asn1_set_public; + b2i_PublicKey_bio; + BIO_asn1_set_prefix; + EVP_PKEY_new_mac_key; + BIO_new_CMS; + CRYPTO_THREADID_cmp; + TS_REQ_ext_free; + EVP_PKEY_asn1_set_free; + EVP_PKEY_get0_asn1; + d2i_NETSCAPE_X509; + EVP_PKEY_verify_recover_init; + EVP_PKEY_CTX_set_data; + EVP_PKEY_keygen_init; + TS_RESP_CTX_set_status_info; + TS_MSG_IMPRINT_get_algo; + TS_REQ_print_bio; + EVP_PKEY_CTX_ctrl_str; + EVP_PKEY_get_default_digest_nid; + PEM_write_bio_PKCS7_stream; + TS_MSG_IMPRINT_print_bio; + BN_asc2bn; + TS_REQ_get_policy_id; + ENGINE_set_default_pkey_asn1_meths; + ENGINE_set_def_pkey_asn1_meths; + d2i_TS_ACCURACY; + DSO_global_lookup; + TS_CONF_set_tsa_name; + i2d_ASN1_SET_ANY; + ENGINE_load_gost; + WHIRLPOOL_BitUpdate; + ASN1_PCTX_get_flags; + TS_TST_INFO_get_ext_by_NID; + TS_RESP_new; + ESS_CERT_ID_dup; + TS_STATUS_INFO_dup; + TS_REQ_delete_ext; + EVP_DigestVerifyFinal; + EVP_PKEY_print_params; + i2d_CMS_bio_stream; + TS_REQ_get_msg_imprint; + OBJ_find_sigid_by_algs; + TS_TST_INFO_get_serial; + TS_REQ_get_nonce; + X509_PUBKEY_set0_param; + EVP_PKEY_CTX_set0_keygen_info; + DIST_POINT_set_dpname; + i2d_ISSUING_DIST_POINT; + ASN1_SET_ANY_it; + ASN1_SET_ANY_it; + EVP_PKEY_CTX_get_data; + TS_STATUS_INFO_print_bio; + EVP_PKEY_derive_init; + d2i_TS_TST_INFO; + EVP_PKEY_asn1_add_alias; + d2i_TS_RESP_bio; + OTHERNAME_cmp; + GENERAL_NAME_set0_value; + PKCS7_RECIP_INFO_get0_alg; + TS_RESP_CTX_new; + TS_RESP_set_tst_info; + PKCS7_final; + EVP_PKEY_base_id; + TS_RESP_CTX_set_signer_cert; + TS_REQ_set_msg_imprint; + EVP_PKEY_CTX_ctrl; + TS_CONF_set_digests; + d2i_TS_MSG_IMPRINT; + EVP_PKEY_meth_set_ctrl; + TS_REQ_get_ext_by_NID; + PKCS5_pbe_set0_algor; + BN_BLINDING_thread_id; + TS_ACCURACY_new; + X509_CRL_METHOD_free; + ASN1_PCTX_get_nm_flags; + EVP_PKEY_meth_set_sign; + CRYPTO_THREADID_current; + EVP_PKEY_decrypt_init; + NETSCAPE_X509_free; + i2b_PVK_bio; + EVP_PKEY_print_private; + GENERAL_NAME_get0_value; + b2i_PVK_bio; + ASN1_UTCTIME_adj; + TS_TST_INFO_new; + EVP_MD_do_all_sorted; + TS_CONF_set_default_engine; + TS_ACCURACY_set_seconds; + TS_TST_INFO_get_time; + PKCS8_pkey_get0; + EVP_PKEY_asn1_get0; + OBJ_add_sigid; + PKCS7_SIGNER_INFO_sign; + EVP_PKEY_paramgen_init; + EVP_PKEY_sign; + OBJ_sigid_free; + EVP_PKEY_meth_set_init; + d2i_ESS_ISSUER_SERIAL; + ISSUING_DIST_POINT_new; + ASN1_TIME_adj; + TS_OBJ_print_bio; + EVP_PKEY_meth_set_verify_recover; + EVP_PKEY_meth_set_vrfy_recover; + TS_RESP_get_status_info; + CMS_stream; + EVP_PKEY_CTX_set_cb; + PKCS7_to_TS_TST_INFO; + ASN1_PCTX_get_oid_flags; + TS_TST_INFO_add_ext; + EVP_PKEY_meth_set_derive; + i2d_TS_RESP_fp; + i2d_TS_MSG_IMPRINT_bio; + TS_RESP_CTX_set_accuracy; + TS_REQ_set_nonce; + ESS_CERT_ID_new; + ENGINE_pkey_asn1_find_str; + TS_REQ_get_ext_count; + BUF_reverse; + TS_TST_INFO_print_bio; + d2i_ISSUING_DIST_POINT; + ENGINE_get_pkey_meths; + i2b_PrivateKey_bio; + i2d_TS_RESP; + b2i_PublicKey; + TS_VERIFY_CTX_cleanup; + TS_STATUS_INFO_free; + TS_RESP_verify_token; + OBJ_bsearch_ex_; + ASN1_bn_print; + EVP_PKEY_asn1_get_count; + ENGINE_register_pkey_asn1_meths; + ASN1_PCTX_set_nm_flags; + EVP_DigestVerifyInit; + ENGINE_set_default_pkey_meths; + TS_TST_INFO_get_policy_id; + TS_REQ_get_cert_req; + X509_CRL_set_meth_data; + PKCS8_pkey_set0; + ASN1_STRING_copy; + d2i_TS_TST_INFO_fp; + X509_CRL_match; + EVP_PKEY_asn1_set_private; + TS_TST_INFO_get_ext_d2i; + TS_RESP_CTX_add_policy; + d2i_TS_RESP; + TS_CONF_load_certs; + TS_TST_INFO_get_msg_imprint; + ERR_load_TS_strings; + TS_TST_INFO_get_version; + EVP_PKEY_CTX_dup; + EVP_PKEY_meth_set_verify; + i2b_PublicKey_bio; + TS_CONF_set_certs; + EVP_PKEY_asn1_get0_info; + TS_VERIFY_CTX_free; + TS_REQ_get_ext_by_critical; + TS_RESP_CTX_set_serial_cb; + X509_CRL_get_meth_data; + TS_RESP_CTX_set_time_cb; + TS_MSG_IMPRINT_get_msg; + TS_TST_INFO_ext_free; + TS_REQ_get_version; + TS_REQ_add_ext; + EVP_PKEY_CTX_set_app_data; + OBJ_bsearch_; + EVP_PKEY_meth_set_verifyctx; + i2d_PKCS7_bio_stream; + CRYPTO_THREADID_set_numeric; + PKCS7_sign_add_signer; + d2i_TS_TST_INFO_bio; + TS_TST_INFO_get_ordering; + TS_RESP_print_bio; + TS_TST_INFO_get_exts; + HMAC_CTX_copy; + PKCS5_pbe2_set_iv; + ENGINE_get_pkey_asn1_meths; + b2i_PrivateKey; + EVP_PKEY_CTX_get_app_data; + TS_REQ_set_cert_req; + CRYPTO_THREADID_set_callback; + TS_CONF_set_serial; + TS_TST_INFO_free; + d2i_TS_REQ_fp; + TS_RESP_verify_response; + i2d_ESS_ISSUER_SERIAL; + TS_ACCURACY_get_seconds; + EVP_CIPHER_do_all; + b2i_PrivateKey_bio; + OCSP_CERTID_dup; + X509_PUBKEY_get0_param; + TS_MSG_IMPRINT_dup; + PKCS7_print_ctx; + i2d_TS_REQ_bio; + EVP_whirlpool; + EVP_PKEY_asn1_set_param; + EVP_PKEY_meth_set_encrypt; + ASN1_PCTX_set_flags; + i2d_ESS_CERT_ID; + TS_VERIFY_CTX_new; + TS_RESP_CTX_set_extension_cb; + ENGINE_register_all_pkey_meths; + TS_RESP_CTX_set_status_info_cond; + TS_RESP_CTX_set_stat_info_cond; + EVP_PKEY_verify; + WHIRLPOOL_Final; + X509_CRL_METHOD_new; + EVP_DigestSignFinal; + TS_RESP_CTX_set_def_policy; + NETSCAPE_X509_it; + NETSCAPE_X509_it; + TS_RESP_create_response; + PKCS7_SIGNER_INFO_get0_algs; + TS_TST_INFO_get_nonce; + EVP_PKEY_decrypt_old; + TS_TST_INFO_set_policy_id; + TS_CONF_set_ess_cert_id_chain; + EVP_PKEY_CTX_get0_pkey; + d2i_TS_REQ; + EVP_PKEY_asn1_find_str; + BIO_f_asn1; + ESS_SIGNING_CERT_new; + EVP_PBE_find; + X509_CRL_get0_by_cert; + EVP_PKEY_derive; + i2d_TS_REQ; + TS_TST_INFO_delete_ext; + ESS_ISSUER_SERIAL_free; + ASN1_PCTX_set_str_flags; + ENGINE_get_pkey_asn1_meth_str; + TS_CONF_set_signer_key; + TS_ACCURACY_get_millis; + TS_RESP_get_token; + TS_ACCURACY_dup; + ENGINE_register_all_pkey_asn1_meths; + ENGINE_reg_all_pkey_asn1_meths; + X509_CRL_set_default_method; + CRYPTO_THREADID_hash; + CMS_ContentInfo_print_ctx; + TS_RESP_free; + ISSUING_DIST_POINT_free; + ESS_ISSUER_SERIAL_new; + CMS_add1_crl; + PKCS7_add1_attrib_digest; + TS_RESP_CTX_add_md; + TS_TST_INFO_dup; + ENGINE_set_pkey_asn1_meths; + PEM_write_bio_Parameters; + TS_TST_INFO_get_accuracy; + X509_CRL_get0_by_serial; + TS_TST_INFO_set_version; + TS_RESP_CTX_get_tst_info; + TS_RESP_verify_signature; + CRYPTO_THREADID_get_callback; + TS_TST_INFO_get_tsa; + TS_STATUS_INFO_new; + EVP_PKEY_CTX_get_cb; + TS_REQ_get_ext_d2i; + GENERAL_NAME_set0_othername; + TS_TST_INFO_get_ext_count; + TS_RESP_CTX_get_request; + i2d_NETSCAPE_X509; + ENGINE_get_pkey_meth_engine; + EVP_PKEY_meth_set_signctx; + EVP_PKEY_asn1_copy; + ASN1_TYPE_cmp; + EVP_CIPHER_do_all_sorted; + EVP_PKEY_CTX_free; + ISSUING_DIST_POINT_it; + ISSUING_DIST_POINT_it; + d2i_TS_MSG_IMPRINT_fp; + X509_STORE_get1_certs; + EVP_PKEY_CTX_get_operation; + d2i_ESS_SIGNING_CERT; + TS_CONF_set_ordering; + EVP_PBE_alg_add_type; + TS_REQ_set_version; + EVP_PKEY_get0; + BIO_asn1_set_suffix; + i2d_TS_STATUS_INFO; + EVP_MD_do_all; + TS_TST_INFO_set_accuracy; + PKCS7_add_attrib_content_type; + ERR_remove_thread_state; + EVP_PKEY_meth_add0; + TS_TST_INFO_set_tsa; + EVP_PKEY_meth_new; + WHIRLPOOL_Update; + TS_CONF_set_accuracy; + ASN1_PCTX_set_oid_flags; + ESS_SIGNING_CERT_dup; + d2i_TS_REQ_bio; + X509_time_adj_ex; + TS_RESP_CTX_add_flags; + d2i_TS_STATUS_INFO; + TS_MSG_IMPRINT_set_msg; + BIO_asn1_get_suffix; + TS_REQ_free; + EVP_PKEY_meth_free; + TS_REQ_get_exts; + TS_RESP_CTX_set_clock_precision_digits; + TS_RESP_CTX_set_clk_prec_digits; + TS_RESP_CTX_add_failure_info; + i2d_TS_RESP_bio; + EVP_PKEY_CTX_get0_peerkey; + PEM_write_bio_CMS_stream; + TS_REQ_new; + TS_MSG_IMPRINT_new; + EVP_PKEY_meth_find; + EVP_PKEY_id; + TS_TST_INFO_set_serial; + a2i_GENERAL_NAME; + TS_CONF_set_crypto_device; + EVP_PKEY_verify_init; + TS_CONF_set_policies; + ASN1_PCTX_new; + ESS_CERT_ID_free; + ENGINE_unregister_pkey_meths; + TS_MSG_IMPRINT_free; + TS_VERIFY_CTX_init; + PKCS7_stream; + TS_RESP_CTX_set_certs; + TS_CONF_set_def_policy; + ASN1_GENERALIZEDTIME_adj; + NETSCAPE_X509_new; + TS_ACCURACY_free; + TS_RESP_get_tst_info; + EVP_PKEY_derive_set_peer; + PEM_read_bio_Parameters; + TS_CONF_set_clock_precision_digits; + TS_CONF_set_clk_prec_digits; + ESS_ISSUER_SERIAL_dup; + TS_ACCURACY_get_micros; + ASN1_PCTX_get_str_flags; + NAME_CONSTRAINTS_check; + ASN1_BIT_STRING_check; + X509_check_akid; + ENGINE_unregister_pkey_asn1_meths; + ENGINE_unreg_pkey_asn1_meths; + ASN1_PCTX_free; + PEM_write_bio_ASN1_stream; + i2d_ASN1_bio_stream; + TS_X509_ALGOR_print_bio; + EVP_PKEY_meth_set_cleanup; + EVP_PKEY_asn1_free; + ESS_SIGNING_CERT_free; + TS_TST_INFO_set_msg_imprint; + GENERAL_NAME_cmp; + d2i_ASN1_SET_ANY; + ENGINE_set_pkey_meths; + i2d_TS_REQ_fp; + d2i_ASN1_SEQUENCE_ANY; + GENERAL_NAME_get0_otherName; + d2i_ESS_CERT_ID; + OBJ_find_sigid_algs; + EVP_PKEY_meth_set_keygen; + PKCS5_PBKDF2_HMAC; + EVP_PKEY_paramgen; + EVP_PKEY_meth_set_paramgen; + BIO_new_PKCS7; + EVP_PKEY_verify_recover; + TS_ext_print_bio; + TS_ASN1_INTEGER_print_bio; + check_defer; + DSO_pathbyaddr; + EVP_PKEY_set_type; + TS_ACCURACY_set_micros; + TS_REQ_to_TS_VERIFY_CTX; + EVP_PKEY_meth_set_copy; + ASN1_PCTX_set_cert_flags; + TS_TST_INFO_get_ext; + EVP_PKEY_asn1_set_ctrl; + TS_TST_INFO_get_ext_by_critical; + EVP_PKEY_CTX_new_id; + TS_REQ_get_ext_by_OBJ; + TS_CONF_set_signer_cert; + X509_NAME_hash_old; + ASN1_TIME_set_string; + EVP_MD_flags; + TS_RESP_CTX_free; + DSAparams_dup; + DHparams_dup; + OCSP_REQ_CTX_add1_header; + OCSP_REQ_CTX_set1_req; + X509_STORE_set_verify_cb; + X509_STORE_CTX_get0_current_crl; + X509_STORE_CTX_get0_parent_ctx; + X509_STORE_CTX_get0_current_issuer; + X509_STORE_CTX_get0_cur_issuer; + X509_issuer_name_hash_old; + X509_subject_name_hash_old; + EVP_CIPHER_CTX_copy; + UI_method_get_prompt_constructor; + UI_method_get_prompt_constructr; + UI_method_set_prompt_constructor; + UI_method_set_prompt_constructr; + EVP_read_pw_string_min; + CRYPTO_cts128_encrypt; + CRYPTO_cts128_decrypt_block; + CRYPTO_cfb128_1_encrypt; + CRYPTO_cbc128_encrypt; + CRYPTO_ctr128_encrypt; + CRYPTO_ofb128_encrypt; + CRYPTO_cts128_decrypt; + CRYPTO_cts128_encrypt_block; + CRYPTO_cbc128_decrypt; + CRYPTO_cfb128_encrypt; + CRYPTO_cfb128_8_encrypt; + + local: + *; +}; + + +OPENSSL_1.0.1 { + global: + SSL_renegotiate_abbreviated; + TLSv1_1_method; + TLSv1_1_client_method; + TLSv1_1_server_method; + SSL_CTX_set_srp_client_pwd_callback; + SSL_CTX_set_srp_client_pwd_cb; + SSL_get_srp_g; + SSL_CTX_set_srp_username_callback; + SSL_CTX_set_srp_un_cb; + SSL_get_srp_userinfo; + SSL_set_srp_server_param; + SSL_set_srp_server_param_pw; + SSL_get_srp_N; + SSL_get_srp_username; + SSL_CTX_set_srp_password; + SSL_CTX_set_srp_strength; + SSL_CTX_set_srp_verify_param_callback; + SSL_CTX_set_srp_vfy_param_cb; + SSL_CTX_set_srp_cb_arg; + SSL_CTX_set_srp_username; + SSL_CTX_SRP_CTX_init; + SSL_SRP_CTX_init; + SRP_Calc_A_param; + SRP_generate_server_master_secret; + SRP_gen_server_master_secret; + SSL_CTX_SRP_CTX_free; + SRP_generate_client_master_secret; + SRP_gen_client_master_secret; + SSL_srp_server_param_with_username; + SSL_srp_server_param_with_un; + SSL_SRP_CTX_free; + SSL_set_debug; + SSL_SESSION_get0_peer; + TLSv1_2_client_method; + SSL_SESSION_set1_id_context; + TLSv1_2_server_method; + SSL_cache_hit; + SSL_get0_kssl_ctx; + SSL_set0_kssl_ctx; + SSL_set_state; + SSL_CIPHER_get_id; + TLSv1_2_method; + kssl_ctx_get0_client_princ; + SSL_export_keying_material; + SSL_set_tlsext_use_srtp; + SSL_CTX_set_next_protos_advertised_cb; + SSL_CTX_set_next_protos_adv_cb; + SSL_get0_next_proto_negotiated; + SSL_get_selected_srtp_profile; + SSL_CTX_set_tlsext_use_srtp; + SSL_select_next_proto; + SSL_get_srtp_profiles; + SSL_CTX_set_next_proto_select_cb; + SSL_CTX_set_next_proto_sel_cb; + SSL_SESSION_get_compress_id; + + SRP_VBASE_get_by_user; + SRP_Calc_server_key; + SRP_create_verifier; + SRP_create_verifier_BN; + SRP_Calc_u; + SRP_VBASE_free; + SRP_Calc_client_key; + SRP_get_default_gN; + SRP_Calc_x; + SRP_Calc_B; + SRP_VBASE_new; + SRP_check_known_gN_param; + SRP_Calc_A; + SRP_Verify_A_mod_N; + SRP_VBASE_init; + SRP_Verify_B_mod_N; + EC_KEY_set_public_key_affine_coordinates; + EC_KEY_set_pub_key_aff_coords; + EVP_aes_192_ctr; + EVP_PKEY_meth_get0_info; + EVP_PKEY_meth_copy; + ERR_add_error_vdata; + EVP_aes_128_ctr; + EVP_aes_256_ctr; + EC_GFp_nistp224_method; + EC_KEY_get_flags; + RSA_padding_add_PKCS1_PSS_mgf1; + EVP_aes_128_xts; + EVP_aes_256_xts; + EVP_aes_128_gcm; + EC_KEY_clear_flags; + EC_KEY_set_flags; + EVP_aes_256_ccm; + RSA_verify_PKCS1_PSS_mgf1; + EVP_aes_128_ccm; + EVP_aes_192_gcm; + X509_ALGOR_set_md; + RAND_init_fips; + EVP_aes_256_gcm; + EVP_aes_192_ccm; + CMAC_CTX_copy; + CMAC_CTX_free; + CMAC_CTX_get0_cipher_ctx; + CMAC_CTX_cleanup; + CMAC_Init; + CMAC_Update; + CMAC_resume; + CMAC_CTX_new; + CMAC_Final; + CRYPTO_ctr128_encrypt_ctr32; + CRYPTO_gcm128_release; + CRYPTO_ccm128_decrypt_ccm64; + CRYPTO_ccm128_encrypt; + CRYPTO_gcm128_encrypt; + CRYPTO_xts128_encrypt; + EVP_rc4_hmac_md5; + CRYPTO_nistcts128_decrypt_block; + CRYPTO_gcm128_setiv; + CRYPTO_nistcts128_encrypt; + EVP_aes_128_cbc_hmac_sha1; + CRYPTO_gcm128_tag; + CRYPTO_ccm128_encrypt_ccm64; + ENGINE_load_rdrand; + CRYPTO_ccm128_setiv; + CRYPTO_nistcts128_encrypt_block; + CRYPTO_gcm128_aad; + CRYPTO_ccm128_init; + CRYPTO_nistcts128_decrypt; + CRYPTO_gcm128_new; + CRYPTO_ccm128_tag; + CRYPTO_ccm128_decrypt; + CRYPTO_ccm128_aad; + CRYPTO_gcm128_init; + CRYPTO_gcm128_decrypt; + ENGINE_load_rsax; + CRYPTO_gcm128_decrypt_ctr32; + CRYPTO_gcm128_encrypt_ctr32; + CRYPTO_gcm128_finish; + EVP_aes_256_cbc_hmac_sha1; + PKCS5_pbkdf2_set; + CMS_add0_recipient_password; + CMS_decrypt_set1_password; + CMS_RecipientInfo_set0_password; + RAND_set_fips_drbg_type; + X509_REQ_sign_ctx; + RSA_PSS_PARAMS_new; + X509_CRL_sign_ctx; + X509_signature_dump; + d2i_RSA_PSS_PARAMS; + RSA_PSS_PARAMS_it; + RSA_PSS_PARAMS_it; + RSA_PSS_PARAMS_free; + X509_sign_ctx; + i2d_RSA_PSS_PARAMS; + ASN1_item_sign_ctx; + EC_GFp_nistp521_method; + EC_GFp_nistp256_method; + OPENSSL_stderr; + OPENSSL_cpuid_setup; + OPENSSL_showfatal; + BIO_new_dgram_sctp; + BIO_dgram_sctp_msg_waiting; + BIO_dgram_sctp_wait_for_dry; + BIO_s_datagram_sctp; + BIO_dgram_is_sctp; + BIO_dgram_sctp_notification_cb; +} OPENSSL_1.0.0; + +OPENSSL_1.0.1d { + global: + CRYPTO_memcmp; +} OPENSSL_1.0.1; + Index: openssl-1.0.1d/engines/openssl.ld =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.1d/engines/openssl.ld 2013-02-06 19:41:43.000000000 +0100 @@ -0,0 +1,10 @@ +OPENSSL_1.0.0 { + global: + bind_engine; + v_check; + OPENSSL_init; + OPENSSL_finish; + local: + *; +}; + Index: openssl-1.0.1d/engines/ccgost/openssl.ld =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.1d/engines/ccgost/openssl.ld 2013-02-06 19:41:43.000000000 +0100 @@ -0,0 +1,10 @@ +OPENSSL_1.0.0 { + global: + bind_engine; + v_check; + OPENSSL_init; + OPENSSL_finish; + local: + *; +}; + debian/patches/rehash_pod.patch0000664000000000000000000000570711575362145013776 0ustar Index: openssl-0.9.8k/doc/apps/c_rehash.pod =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-0.9.8k/doc/apps/c_rehash.pod 2009-07-19 11:36:27.000000000 +0200 @@ -0,0 +1,55 @@ + +=pod + +=head1 NAME + +c_rehash - Create symbolic links to files named by the hash values + +=head1 SYNOPSIS + +B +[directory] ... + +=head1 DESCRIPTION + +c_rehash scans directories and takes a hash value of each .pem and .crt file in the directory. It then creates symbolic links for each of the files named by the hash value. This is useful as many programs require directories to be set up like this in order to find the certificates they require. + +If any directories are named on the command line then these directories are processed in turn. If not then and the environment variable SSL_CERT_DIR is defined then that is consulted. This variable should be a colon (:) separated list of directories, all of which will be processed. If neither of these conditions are true then /usr/lib/ssl/certs is processed. + +For each directory that is to be processed he user must have write permissions on the directory, if they do not then nothing will be printed for that directory. + +Note that this program deletes all the symbolic links that look like ones that it creates before processing a directory. Beware that if you run the program on a directory that contains symbolic links for other purposes that are named in the same format as those created by this program they will be lost. + +The hashes for certificate files are of the form . where n is an integer. If the hash value already exists then n will be incremented, unless the file is a duplicate. Duplicates are detected using the fingerprint of the certificate. A warning will be printed if a duplicate is detected. The hashes for CRL files are of the form .r and have the same behavior. + +The program will also warn if there are files with extension .pem which are not certificate or CRL files. + +The program uses the openssl program to compute the hashes and fingerprints. It expects the executable to be named openssl and be on the PATH, or in the /usr/lib/ssl/bin directory. If the OPENSSL environment variable is defined then this is used instead as the executable that provides the hashes and fingerprints. When called as $OPENSSL x509 -hash -fingerprint -noout -in $file it must output the hash of $file on the first line followed by the fingerprint on the second line, optionally prefixed with some text and an equals sign (=). + +=head1 OPTIONS + +None + +=head1 ENVIRONMENT + +=over 4 + +=item B + +The name (and path) of an executable to use to generate hashes and fingerprints (see above). + +=item B + +Colon separated list of directories to operate on. Ignored if directories are listed on the command line. + +=back + +=head1 SEE ALSO + +L, L + +=head1 BUGS + +No known bugs + +=cut debian/patches/pic.patch0000664000000000000000000001300512005224543012407 0ustar Index: openssl-1.0.1c/crypto/des/asm/desboth.pl =================================================================== --- openssl-1.0.1c.orig/crypto/des/asm/desboth.pl 2001-10-24 23:20:56.000000000 +0200 +++ openssl-1.0.1c/crypto/des/asm/desboth.pl 2012-07-29 14:15:26.000000000 +0200 @@ -16,6 +16,11 @@ &push("edi"); + &call (&label("pic_point0")); + &set_label("pic_point0"); + &blindpop("ebp"); + &add ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); + &comment(""); &comment("Load the data words"); &mov($L,&DWP(0,"ebx","",0)); @@ -47,15 +52,21 @@ &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); &mov(&swtmp(1), "eax"); &mov(&swtmp(0), "ebx"); - &call("DES_encrypt2"); + &exch("ebx", "ebp"); + &call("DES_encrypt2\@PLT"); + &exch("ebx", "ebp"); &mov(&swtmp(2), (DWC(($enc)?"0":"1"))); &mov(&swtmp(1), "edi"); &mov(&swtmp(0), "ebx"); - &call("DES_encrypt2"); + &exch("ebx", "ebp"); + &call("DES_encrypt2\@PLT"); + &exch("ebx", "ebp"); &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); &mov(&swtmp(1), "esi"); &mov(&swtmp(0), "ebx"); - &call("DES_encrypt2"); + &exch("ebx", "ebp"); + &call("DES_encrypt2\@PLT"); + &exch("ebx", "ebp"); &stack_pop(3); &mov($L,&DWP(0,"ebx","",0)); Index: openssl-1.0.1c/crypto/perlasm/cbc.pl =================================================================== --- openssl-1.0.1c.orig/crypto/perlasm/cbc.pl 2011-07-13 08:22:46.000000000 +0200 +++ openssl-1.0.1c/crypto/perlasm/cbc.pl 2012-07-29 14:15:26.000000000 +0200 @@ -122,7 +122,11 @@ &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - &call($enc_func); + &call (&label("pic_point0")); + &set_label("pic_point0"); + &blindpop("ebx"); + &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); + &call("$enc_func\@PLT"); &mov("eax", &DWP($data_off,"esp","",0)); &mov("ebx", &DWP($data_off+4,"esp","",0)); @@ -185,7 +189,11 @@ &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - &call($enc_func); + &call (&label("pic_point1")); + &set_label("pic_point1"); + &blindpop("ebx"); + &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]"); + &call("$enc_func\@PLT"); &mov("eax", &DWP($data_off,"esp","",0)); &mov("ebx", &DWP($data_off+4,"esp","",0)); @@ -218,7 +226,11 @@ &mov(&DWP($data_off,"esp","",0), "eax"); # put back &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - &call($dec_func); + &call (&label("pic_point2")); + &set_label("pic_point2"); + &blindpop("ebx"); + &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]"); + &call("$dec_func\@PLT"); &mov("eax", &DWP($data_off,"esp","",0)); # get return &mov("ebx", &DWP($data_off+4,"esp","",0)); # @@ -261,7 +273,11 @@ &mov(&DWP($data_off,"esp","",0), "eax"); # put back &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - &call($dec_func); + &call (&label("pic_point3")); + &set_label("pic_point3"); + &blindpop("ebx"); + &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]"); + &call("$dec_func\@PLT"); &mov("eax", &DWP($data_off,"esp","",0)); # get return &mov("ebx", &DWP($data_off+4,"esp","",0)); # Index: openssl-1.0.1c/crypto/perlasm/x86gas.pl =================================================================== --- openssl-1.0.1c.orig/crypto/perlasm/x86gas.pl 2011-12-09 20:16:35.000000000 +0100 +++ openssl-1.0.1c/crypto/perlasm/x86gas.pl 2012-07-29 14:15:26.000000000 +0200 @@ -161,6 +161,7 @@ if ($::macosx) { push (@out,"$tmp,2\n"); } elsif ($::elf) { push (@out,"$tmp,4\n"); } else { push (@out,"$tmp\n"); } + if ($::elf) { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); } } push(@out,$initseg) if ($initseg); } @@ -218,8 +219,23 @@ elsif ($::elf) { $initseg.=<<___; .section .init +___ + if ($::pic) + { $initseg.=<<___; + pushl %ebx + call .pic_point0 +.pic_point0: + popl %ebx + addl \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx + call $f\@PLT + popl %ebx +___ + } + else + { $initseg.=<<___; call $f ___ + } } elsif ($::coff) { $initseg.=<<___; # applies to both Cygwin and Mingw Index: openssl-1.0.1c/crypto/x86cpuid.pl =================================================================== --- openssl-1.0.1c.orig/crypto/x86cpuid.pl 2012-02-28 15:20:34.000000000 +0100 +++ openssl-1.0.1c/crypto/x86cpuid.pl 2012-07-29 14:15:26.000000000 +0200 @@ -8,6 +8,8 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } +push(@out, ".hidden OPENSSL_ia32cap_P\n"); + &function_begin("OPENSSL_ia32_cpuid"); &xor ("edx","edx"); &pushf (); @@ -139,9 +141,7 @@ &set_label("nocpuid"); &function_end("OPENSSL_ia32_cpuid"); -&external_label("OPENSSL_ia32cap_P"); - -&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); +&function_begin_B("OPENSSL_rdtsc"); &xor ("eax","eax"); &xor ("edx","edx"); &picmeup("ecx","OPENSSL_ia32cap_P"); @@ -155,7 +155,7 @@ # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host], # but it's safe to call it on any [supported] 32-bit platform... # Just check for [non-]zero return value... -&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); +&function_begin_B("OPENSSL_instrument_halt"); &picmeup("ecx","OPENSSL_ia32cap_P"); &bt (&DWP(0,"ecx"),4); &jnc (&label("nohalt")); # no TSC @@ -222,7 +222,7 @@ &ret (); &function_end_B("OPENSSL_far_spin"); -&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); +&function_begin_B("OPENSSL_wipe_cpu"); &xor ("eax","eax"); &xor ("edx","edx"); &picmeup("ecx","OPENSSL_ia32cap_P"); debian/patches/man-section.patch0000664000000000000000000000224411501207564014060 0ustar Index: openssl-1.0.0c/Makefile.org =================================================================== --- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:37.000000000 +0100 +++ openssl-1.0.0c/Makefile.org 2010-12-12 16:13:28.000000000 +0100 @@ -134,7 +134,8 @@ MANDIR=/usr/share/man MAN1=1 MAN3=3 -MANSUFFIX= +MANSUFFIX=ssl +MANSECTION=SSL HTMLSUFFIX=html HTMLDIR=$(OPENSSLDIR)/html SHELL=/bin/sh @@ -606,7 +607,7 @@ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ - --section=$$sec --center=OpenSSL \ + --section=$${sec}$(MANSECTION) --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ @@ -623,7 +624,7 @@ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ - --section=$$sec --center=OpenSSL \ + --section=$${sec}$(MANSECTION) --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ debian/patches/libssl-misspell.patch0000664000000000000000000000122411575357342014771 0ustar --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -302,7 +302,7 @@ {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"}, {ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),"unknown signature algorithm"}, {ERR_REASON(ASN1_R_UNKNOWN_TAG) ,"unknown tag"}, -{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unkown format"}, +{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unknown format"}, {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"}, {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"}, debian/patches/req_bits.patch0000664000000000000000000000224212255633066013460 0ustar From: Kurt Roeckx Date: Sun, 22 Dec 2013 19:10:21 +0100 Subject: Use defaults bits in req when not given Bug: http://rt.openssl.org/Ticket/Display.html?id=2592&user=guest&pass=guest Index: openssl-1.0.1e/apps/req.c =================================================================== --- openssl-1.0.1e.orig/apps/req.c 2013-12-22 19:47:42.355657810 +0100 +++ openssl-1.0.1e/apps/req.c 2013-12-22 19:57:12.287547599 +0100 @@ -644,6 +644,11 @@ if (inrand) app_RAND_load_files(inrand); + if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey)) + { + newkey=DEFAULT_KEY_LENGTH; + } + if (keyalg) { genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey, @@ -652,12 +657,6 @@ goto end; } - if (newkey <= 0) - { - if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey)) - newkey=DEFAULT_KEY_LENGTH; - } - if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) { BIO_printf(bio_err,"private key length is too short,\n"); @@ -1649,6 +1648,8 @@ keylen = atol(p + 1); *pkeylen = keylen; } + else + keylen = *pkeylen; } else if (p) paramfile = p + 1; debian/patches/defaults.patch0000664000000000000000000001011012255574770013456 0ustar From: Kurt Roeckx Subject: Change default bit size and digest Date: Fri, 01 Nov 2013 20:47:14 +0100 Index: openssl-1.0.1e/apps/openssl.cnf =================================================================== --- openssl-1.0.1e.orig/apps/openssl.cnf 2013-12-22 15:36:37.179274819 +0100 +++ openssl-1.0.1e/apps/openssl.cnf 2013-12-22 15:36:37.175274904 +0100 @@ -103,7 +103,7 @@ #################################################################### [ req ] -default_bits = 1024 +default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes Index: openssl-1.0.1e/crypto/dsa/dsa_ameth.c =================================================================== --- openssl-1.0.1e.orig/crypto/dsa/dsa_ameth.c 2013-12-22 15:36:37.179274819 +0100 +++ openssl-1.0.1e/crypto/dsa/dsa_ameth.c 2013-12-22 15:36:37.175274904 +0100 @@ -628,7 +628,7 @@ #endif case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - *(int *)arg2 = NID_sha1; + *(int *)arg2 = NID_sha256; return 2; default: Index: openssl-1.0.1e/crypto/ec/ec_ameth.c =================================================================== --- openssl-1.0.1e.orig/crypto/ec/ec_ameth.c 2013-12-22 15:36:37.179274819 +0100 +++ openssl-1.0.1e/crypto/ec/ec_ameth.c 2013-12-22 15:36:37.175274904 +0100 @@ -615,7 +615,7 @@ #endif case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - *(int *)arg2 = NID_sha1; + *(int *)arg2 = NID_sha256; return 2; default: Index: openssl-1.0.1e/crypto/hmac/hm_ameth.c =================================================================== --- openssl-1.0.1e.orig/crypto/hmac/hm_ameth.c 2013-12-22 15:36:37.179274819 +0100 +++ openssl-1.0.1e/crypto/hmac/hm_ameth.c 2013-12-22 15:36:37.175274904 +0100 @@ -89,7 +89,7 @@ switch (op) { case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - *(int *)arg2 = NID_sha1; + *(int *)arg2 = NID_sha256; return 1; default: Index: openssl-1.0.1e/crypto/rsa/rsa_ameth.c =================================================================== --- openssl-1.0.1e.orig/crypto/rsa/rsa_ameth.c 2013-12-22 15:36:37.179274819 +0100 +++ openssl-1.0.1e/crypto/rsa/rsa_ameth.c 2013-12-22 15:36:37.175274904 +0100 @@ -435,7 +435,7 @@ #endif case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - *(int *)arg2 = NID_sha1; + *(int *)arg2 = NID_sha256; return 1; default: Index: openssl-1.0.1e/apps/gendh.c =================================================================== --- openssl-1.0.1e.orig/apps/gendh.c 2013-12-22 15:36:37.179274819 +0100 +++ openssl-1.0.1e/apps/gendh.c 2013-12-22 15:36:37.175274904 +0100 @@ -78,7 +78,7 @@ #include #include -#define DEFBITS 512 +#define DEFBITS 2048 #undef PROG #define PROG gendh_main Index: openssl-1.0.1e/apps/genrsa.c =================================================================== --- openssl-1.0.1e.orig/apps/genrsa.c 2013-12-22 15:36:37.179274819 +0100 +++ openssl-1.0.1e/apps/genrsa.c 2013-12-22 15:36:37.175274904 +0100 @@ -78,7 +78,7 @@ #include #include -#define DEFBITS 1024 +#define DEFBITS 2048 #undef PROG #define PROG genrsa_main Index: openssl-1.0.1e/apps/dhparam.c =================================================================== --- openssl-1.0.1e.orig/apps/dhparam.c 2013-12-22 15:37:05.438669443 +0100 +++ openssl-1.0.1e/apps/dhparam.c 2013-12-22 15:38:18.417105946 +0100 @@ -130,7 +130,7 @@ #undef PROG #define PROG dhparam_main -#define DEFBITS 512 +#define DEFBITS 2048 /* -inform arg - input format - default PEM (DER or PEM) * -outform arg - output format - default PEM @@ -253,7 +253,7 @@ BIO_printf(bio_err," -C Output C code\n"); BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n"); BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n"); - BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n"); + BIO_printf(bio_err," numbits number of bits in to generate (default 2048)\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); #endif debian/patches/padlock_conf.patch0000664000000000000000000000130611763506600014266 0ustar --- openssl/apps/openssl.cnf.orig 2012-06-06 00:45:56.000000000 +0200 +++ openssl/apps/openssl.cnf 2012-06-06 00:46:46.000000000 +0200 @@ -19,6 +19,8 @@ # (Alternatively, use a configuration file that has only # X.509v3 extensions in its main [= default] section.) +openssl_conf = openssl_def + [ new_oids ] # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. @@ -348,3 +350,16 @@ # (optional, default: no) ess_cert_id_chain = no # Must the ESS cert id chain be included? # (optional, default: no) + +[openssl_def] +engines = engine_section + +[engine_section] +padlock = padlock_section + +[padlock_section] +soft_load=1 +init=1 +default_algorithms = ALL +dynamic_path=padlock + debian/patches/series0000664000000000000000000000136112320577175012046 0ustar ca.patch config-hurd.patch debian-targets.patch engines-path.patch man-dir.patch man-section.patch no-rpath.patch no-symbolic.patch pic.patch valgrind.patch rehash-crt.patch rehash_pod.patch shared-lib-ext.patch stddef.patch version-script.patch gnu_source.patch c_rehash-compat.patch libdoc-manpgs-pod-spell.patch libssl-misspell.patch openssl-pod-misspell.patch pod_req_misspell2.patch pod_pksc12.misspell.patch pod_s_server.misspell.patch pod_x509setflags.misspell.patch pod_ec.misspell.patch pkcs12-doc.patch dgst_hmac.patch block_diginotar.patch block_digicert_malaysia.patch #padlock_conf.patch defaults.patch openssl_fix_for_x32.patch fix-pod-errors.patch req_bits.patch perlpath-quilt.patch ppc64-support CVE-2014-0076.patch CVE-2014-0160.patch debian/patches/fix-pod-errors.patch0000664000000000000000000002763312255611130014527 0ustar Description: Fix pod errors The version of pod from perl 5.18 is fussier than previous versions changing thigs that were previously warnings into errors. This patch fixes the errors and makes the package build but I have not checked the correctness of the output. Author: Peter Michael Green Bug-Debian: http://bugs.debian.org/723954 Bug: http://rt.openssl.org/Ticket/Display.html?id=3146&user=guest&pass=guest Index: openssl-1.0.1e/doc/apps/smime.pod =================================================================== --- openssl-1.0.1e.orig/doc/apps/smime.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/apps/smime.pod 2013-12-22 17:21:52.909435656 +0100 @@ -308,28 +308,28 @@ =over 4 -=item 0 +=item C<0> the operation was completely successfully. -=item 1 +=item C<1> an error occurred parsing the command options. -=item 2 +=item C<2> one of the input files could not be read. -=item 3 +=item C<3> an error occurred creating the PKCS#7 file or when reading the MIME message. -=item 4 +=item C<4> an error occurred decrypting or verifying the message. -=item 5 +=item C<5> the message was verified correctly but an error occurred writing out the signers certificates. Index: openssl-1.0.1e/doc/apps/cms.pod =================================================================== --- openssl-1.0.1e.orig/doc/apps/cms.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/apps/cms.pod 2013-12-22 17:21:52.909435656 +0100 @@ -450,28 +450,28 @@ =over 4 -=item 0 +=item C<0> the operation was completely successfully. -=item 1 +=item C<1> an error occurred parsing the command options. -=item 2 +=item C<2> one of the input files could not be read. -=item 3 +=item C<3> an error occurred creating the CMS file or when reading the MIME message. -=item 4 +=item C<4> an error occurred decrypting or verifying the message. -=item 5 +=item C<5> the message was verified correctly but an error occurred writing out the signers certificates. Index: openssl-1.0.1e/doc/ssl/SSL_clear.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_clear.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_clear.pod 2013-12-22 17:21:52.909435656 +0100 @@ -56,12 +56,12 @@ =over 4 -=item 0 +=item C<0> The SSL_clear() operation could not be performed. Check the error stack to find out the reason. -=item 1 +=item C<1> The SSL_clear() operation was successful. Index: openssl-1.0.1e/doc/ssl/SSL_session_reused.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_session_reused.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod 2013-12-22 17:21:52.909435656 +0100 @@ -27,11 +27,11 @@ =over 4 -=item 0 +=item C<0> A new session was negotiated. -=item 1 +=item C<1> A session was reused. Index: openssl-1.0.1e/doc/ssl/SSL_set_session.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_set_session.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod 2013-12-22 17:21:52.909435656 +0100 @@ -37,11 +37,11 @@ =over 4 -=item 0 +=item C<0> The operation failed; check the error stack to find out the reason. -=item 1 +=item C<1> The operation succeeded. Index: openssl-1.0.1e/doc/ssl/SSL_connect.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_connect.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_connect.pod 2013-12-22 17:22:42.956402467 +0100 @@ -41,13 +41,13 @@ =over 4 -=item 0 +=item C<0> The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the return value B to find out the reason. -=item 1 +=item C<1> The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established. Index: openssl-1.0.1e/doc/ssl/SSL_shutdown.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_shutdown.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod 2013-12-22 17:23:49.347031915 +0100 @@ -92,14 +92,14 @@ =over 4 -=item 0 +=item C<0> The shutdown is not yet finished. Call SSL_shutdown() for a second time, if a bidirectional shutdown shall be performed. The output of L may be misleading, as an erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. -=item 1 +=item C<1> The shutdown was successfully completed. The "close notify" alert was sent and the peer's "close notify" alert was received. Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-12-22 17:24:41.985942861 +0100 @@ -66,13 +66,13 @@ =over 4 -=item 0 +=item C<0> A failure while manipulating the STACK_OF(X509_NAME) object occurred or the X509_NAME could not be extracted from B. Check the error stack to find out the reason. -=item 1 +=item C<1> The operation succeeded. Index: openssl-1.0.1e/doc/ssl/SSL_accept.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_accept.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_accept.pod 2013-12-22 17:24:17.466450402 +0100 @@ -44,13 +44,13 @@ =over 4 -=item 0 +=item C<0> The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the return value B to find out the reason. -=item 1 +=item C<1> The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established. Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-12-22 17:21:52.909435656 +0100 @@ -64,13 +64,13 @@ =over 4 -=item 0 +=item C<0> The length B of the session id context B exceeded the maximum allowed length of B. The error is logged to the error stack. -=item 1 +=item C<1> The operation succeeded. Index: openssl-1.0.1e/doc/ssl/SSL_write.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_write.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_write.pod 2013-12-22 17:21:52.909435656 +0100 @@ -79,7 +79,7 @@ The write operation was successful, the return value is the number of bytes actually written to the TLS/SSL connection. -=item 0 +=item C<0> The write operation was not successful. Probably the underlying connection was closed. Call SSL_get_error() with the return value B to find out, Index: openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-12-22 17:21:52.909435656 +0100 @@ -100,13 +100,13 @@ =over 4 -=item 0 +=item C<0> The operation failed because B and B are NULL or the processing at one of the locations specified failed. Check the error stack to find out the reason. -=item 1 +=item C<1> The operation succeeded. Index: openssl-1.0.1e/doc/ssl/SSL_set_fd.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_set_fd.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod 2013-12-22 17:21:52.909435656 +0100 @@ -35,11 +35,11 @@ =over 4 -=item 0 +=item C<0> The operation failed. Check the error stack to find out why. -=item 1 +=item C<1> The operation succeeded. Index: openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-12-22 17:21:52.909435656 +0100 @@ -96,7 +96,7 @@ connection will fail with decryption_error before it will be finished completely. -=item 0 +=item C<0> PSK identity was not found. An "unknown_psk_identity" alert message will be sent and the connection setup fails. Index: openssl-1.0.1e/doc/ssl/SSL_read.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_read.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_read.pod 2013-12-22 17:21:52.909435656 +0100 @@ -86,7 +86,7 @@ The read operation was successful; the return value is the number of bytes actually read from the TLS/SSL connection. -=item 0 +=item C<0> The read operation was not successful. The reason may either be a clean shutdown due to a "close notify" alert sent by the peer (in which case Index: openssl-1.0.1e/doc/ssl/SSL_set_shutdown.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_set_shutdown.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_set_shutdown.pod 2013-12-22 17:21:52.909435656 +0100 @@ -24,7 +24,7 @@ =over 4 -=item 0 +=item C<0> No shutdown setting, yet. Index: openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_add_session.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod 2013-12-22 17:21:52.909435656 +0100 @@ -52,13 +52,13 @@ =over 4 -=item 0 +=item C<0> The operation failed. In case of the add operation, it was tried to add the same (identical) session twice. In case of the remove operation, the session was not found in the cache. -=item 1 +=item C<1> The operation succeeded. Index: openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_do_handshake.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod 2013-12-22 17:23:09.503854843 +0100 @@ -45,13 +45,13 @@ =over 4 -=item 0 +=item C<0> The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the return value B to find out the reason. -=item 1 +=item C<1> The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established. Index: openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod 2013-12-22 17:21:52.909435656 +0100 @@ -53,11 +53,11 @@ =over 4 -=item 0 +=item C<0> The operation succeeded. -=item 1 +=item C<1> The operation failed. Check the error queue to find out the reason. Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-12-22 17:21:52.909435656 +0100 @@ -42,11 +42,11 @@ =over 4 -=item 0 +=item C<0> The new choice failed, check the error stack to find out the reason. -=item 1 +=item C<1> The operation succeeded. debian/patches/perlpath-quilt.patch0000664000000000000000000000063212263334623014620 0ustar diff -Nur openssl-0.9.8o/util/perlpath.pl openssl-0.9.8o.new/util/perlpath.pl --- openssl-0.9.8o/util/perlpath.pl 2010-06-14 10:17:46.000000000 -0400 +++ openssl-0.9.8o.new/util/perlpath.pl 2010-06-14 10:18:04.000000000 -0400 @@ -11,6 +11,10 @@ sub wanted { + if (/^\.pc/) { + $prune = 1; + return; + } return unless /\.pl$/ || /^[Cc]onfigur/; open(IN,"<$_") || die "unable to open $dir/$_:$!\n"; debian/patches/pkcs12-doc.patch0000664000000000000000000000253111575365564013530 0ustar This is another documentation issue ... apps/pkcs12.c accepts -password as an argument. The document author almost certainly meant to write "-password, -passin". However, that is not correct, either. Actually the code treats -password as equivalent to -passin, EXCEPT when -export is also specified, in which case -password as equivalent to -passout. The patch below makes this explicit. Index: openssl-1.0.0d/doc/apps/pkcs12.pod =================================================================== --- openssl-1.0.0d.orig/doc/apps/pkcs12.pod 2011-06-13 10:46:06.000000000 +0000 +++ openssl-1.0.0d/doc/apps/pkcs12.pod 2011-06-13 10:47:36.000000000 +0000 @@ -67,7 +67,7 @@ The filename to write certificates and private keys to, standard output by default. They are all written in PEM format. -=item B<-pass arg>, B<-passin arg> +=item B<-passin arg> the PKCS#12 file (i.e. input file) password source. For more information about the format of B see the B section in @@ -79,6 +79,11 @@ information about the format of B see the B section in L. +=item B<-password arg> + +With -export, -password is equivalent to -passout. +Otherwise, -password is equivalent to -passin. + =item B<-noout> this option inhibits output of the keys and certificates to the output file debian/patches/rehash-crt.patch0000664000000000000000000000235511501173436013706 0ustar Index: openssl-1.0.0c/tools/c_rehash.in =================================================================== --- openssl-1.0.0c.orig/tools/c_rehash.in 2010-04-15 01:07:28.000000000 +0200 +++ openssl-1.0.0c/tools/c_rehash.in 2010-12-12 17:10:51.000000000 +0100 @@ -75,12 +75,15 @@ } } closedir DIR; - FILE: foreach $fname (grep {/\.pem$/} @flist) { + FILE: foreach $fname (grep {/\.pem$|\.crt$/} @flist) { # Check to see if certificates and/or CRLs present. my ($cert, $crl) = check_file($fname); if(!$cert && !$crl) { - print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; - next; + ($cert, $crl) = check_file("$openssl x509 -in \"$fname\" -inform der -outform pem | "); + if(!$cert && !$crl) { + print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; + next; + } } link_hash_cert($fname) if($cert); link_hash_crl($fname) if($crl); @@ -153,6 +156,9 @@ my $fname = $_[0]; $fname =~ s/'/'\\''/g; my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`; + if(!$hash || !fprint) { + ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname' -inform der`; + } chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; debian/patches/stddef.patch0000664000000000000000000000061011501173436013107 0ustar Index: openssl-0.9.8k/crypto/sha/sha.h =================================================================== --- openssl-0.9.8k.orig/crypto/sha/sha.h 2008-09-16 12:47:28.000000000 +0200 +++ openssl-0.9.8k/crypto/sha/sha.h 2009-07-19 11:36:28.000000000 +0200 @@ -59,6 +59,7 @@ #ifndef HEADER_SHA_H #define HEADER_SHA_H +#include #include #include debian/patches/pod_x509setflags.misspell.patch0000664000000000000000000000073611575361117016604 0ustar --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -113,7 +113,7 @@ to examine the valid policy tree and perform additional checks or simply log it for debugging purposes. -By default some addtional features such as indirect CRLs and CRLs signed by +By default some additional features such as indirect CRLs and CRLs signed by different keys are disabled. If B is set they are enabled. debian/patches/no-symbolic.patch0000664000000000000000000000116211501173436014074 0ustar Index: openssl-1.0.0c/Makefile.shared =================================================================== --- openssl-1.0.0c.orig/Makefile.shared 2010-12-12 16:13:36.000000000 +0100 +++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:44.000000000 +0100 @@ -151,7 +151,7 @@ SHLIB_SUFFIX=; \ ALLSYMSFLAGS='-Wl,--whole-archive'; \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" DO_GNU_APP=LDFLAGS="$(CFLAGS)" debian/patches/dgst_hmac.patch0000664000000000000000000000361311575366731013612 0ustar From: Thorsten Glaser Date: Fri, 22 May 2009 16:28:05 +0000 (UTC) Subject: Document openssl dgst -hmac option I've committed the thing below in MirBSD; since the apps code changes very little between OpenSSL versions, it will probably apply to the Debian package as well. I'm open for better wor- ding though, especially considering the FIPS option, which I found as undocumented too. Index: openssl-1.0.0d/doc/apps/dgst.pod =================================================================== --- openssl-1.0.0d.orig/doc/apps/dgst.pod 2009-04-10 16:42:27.000000000 +0000 +++ openssl-1.0.0d/doc/apps/dgst.pod 2011-06-13 11:00:04.000000000 +0000 @@ -12,6 +12,8 @@ [B<-d>] [B<-hex>] [B<-binary>] +[B<-hmac arg>] +[B<-non-fips-allow>] [B<-out filename>] [B<-sign filename>] [B<-keyform arg>] @@ -54,6 +56,14 @@ output the digest or signature in binary form. +=item B<-hmac arg> + +set the HMAC key to "arg". + +=item B<-non-fips-allow> + +allow use of non FIPS digest. + =item B<-out filename> filename to output to, or standard output by default. Index: openssl-1.0.0d/apps/dgst.c =================================================================== --- openssl-1.0.0d.orig/apps/dgst.c 2010-02-12 17:07:24.000000000 +0000 +++ openssl-1.0.0d/apps/dgst.c 2011-06-13 11:00:04.000000000 +0000 @@ -268,6 +268,8 @@ BIO_printf(bio_err,"-d to output debug info\n"); BIO_printf(bio_err,"-hex output as hex dump\n"); BIO_printf(bio_err,"-binary output in binary form\n"); + BIO_printf(bio_err,"-hmac arg set the HMAC key to arg\n"); + BIO_printf(bio_err,"-non-fips-allow allow use of non FIPS digest\n"); BIO_printf(bio_err,"-sign file sign digest using private key in file\n"); BIO_printf(bio_err,"-verify file verify a signature using public key in file\n"); BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n"); debian/patches/pod_s_server.misspell.patch0000664000000000000000000000047511575361126016176 0ustar --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -111,7 +111,7 @@ =item B<-dcertform format>, B<-dkeyform format>, B<-dpass arg> -addtional certificate and private key format and passphrase respectively. +additional certificate and private key format and passphrase respectively. =item B<-nocert> debian/patches/pod_pksc12.misspell.patch0000664000000000000000000000054311575361136015446 0ustar --- a/doc/apps/pkcs12.pod +++ b/doc/apps/pkcs12.pod @@ -75,7 +75,7 @@ =item B<-passout arg> -pass phrase source to encrypt any outputed private keys with. For more +pass phrase source to encrypt any outputted private keys with. For more information about the format of B see the B section in L. debian/patches/man-dir.patch0000664000000000000000000000055511501173436013175 0ustar Index: openssl-1.0.0c/Makefile.org =================================================================== --- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:27.000000000 +0100 +++ openssl-1.0.0c/Makefile.org 2010-12-12 16:11:37.000000000 +0100 @@ -131,7 +131,7 @@ MAKEFILE= Makefile -MANDIR=$(OPENSSLDIR)/man +MANDIR=/usr/share/man MAN1=1 MAN3=3 MANSUFFIX= debian/patches/ca.patch0000664000000000000000000000151511501173436012226 0ustar Index: openssl-0.9.8m/apps/CA.pl.in =================================================================== --- openssl-0.9.8m.orig/apps/CA.pl.in 2006-04-28 00:28:51.000000000 +0000 +++ openssl-0.9.8m/apps/CA.pl.in 2010-02-27 00:36:51.000000000 +0000 @@ -65,6 +65,7 @@ foreach (@ARGV) { if ( /^(-\?|-h|-help)$/ ) { print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; + print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; exit 0; } elsif (/^-newcert$/) { # create a certificate @@ -165,6 +166,7 @@ } else { print STDERR "Unknown arg $_\n"; print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; + print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; exit 1; } } debian/patches/pod_req_misspell2.patch0000664000000000000000000000060711575362341015275 0ustar diff --git a/doc/apps/req.pod b/doc/apps/req.pod --- a/doc/apps/req.pod +++ b/doc/apps/req.pod @@ -303,7 +303,7 @@ =item B<-newhdr> -Adds the word B to the PEM file header and footer lines on the outputed +Adds the word B to the PEM file header and footer lines on the outputted request. Some software (Netscape certificate server) and some CAs need this. =item B<-batch> debian/patches/pod_ec.misspell.patch0000664000000000000000000000103011575361110014712 0ustar --- a/doc/apps/ec.pod +++ b/doc/apps/ec.pod @@ -41,7 +41,7 @@ This specifies the input format. The B option with a private key uses an ASN.1 DER encoded SEC1 private key. When used with a public key it -uses the SubjectPublicKeyInfo structur as specified in RFC 3280. +uses the SubjectPublicKeyInfo structure as specified in RFC 3280. The B form is the default format: it consists of the B format base64 encoded with additional header and footer lines. In the case of a private key PKCS#8 format is also accepted. debian/patches/openssl_fix_for_x32.patch0000664000000000000000000000201712146434004015531 0ustar Index: openssl-1.0.1c/crypto/bn/asm/x86_64-gcc.c =================================================================== --- openssl-1.0.1c.orig/crypto/bn/asm/x86_64-gcc.c 2010-02-28 05:38:16.000000000 -0800 +++ openssl-1.0.1c/crypto/bn/asm/x86_64-gcc.c 2013-01-17 20:16:12.000000000 -0800 @@ -55,7 +55,7 @@ * machine. */ -#ifdef _WIN64 +#if defined _WIN64 || !defined __LP64__ #define BN_ULONG unsigned long long #else #define BN_ULONG unsigned long @@ -192,9 +192,9 @@ asm ( " subq %2,%2 \n" ".p2align 4 \n" - "1: movq (%4,%2,8),%0 \n" - " adcq (%5,%2,8),%0 \n" - " movq %0,(%3,%2,8) \n" + "1: movq (%q4,%2,8),%0 \n" + " adcq (%q5,%2,8),%0 \n" + " movq %0,(%q3,%2,8) \n" " leaq 1(%2),%2 \n" " loop 1b \n" " sbbq %0,%0 \n" @@ -215,9 +215,9 @@ asm ( " subq %2,%2 \n" ".p2align 4 \n" - "1: movq (%4,%2,8),%0 \n" - " sbbq (%5,%2,8),%0 \n" - " movq %0,(%3,%2,8) \n" + "1: movq (%q4,%2,8),%0 \n" + " sbbq (%q5,%2,8),%0 \n" + " movq %0,(%q3,%2,8) \n" " leaq 1(%2),%2 \n" " loop 1b \n" " sbbq %0,%0 \n" debian/patches/config-hurd.patch0000664000000000000000000000063511501173436014052 0ustar Index: openssl-1.0.0c/config =================================================================== --- openssl-1.0.0c.orig/config 2010-12-12 16:09:43.000000000 +0100 +++ openssl-1.0.0c/config 2010-12-12 16:09:48.000000000 +0100 @@ -170,8 +170,8 @@ echo "${MACHINE}-whatever-linux1"; exit 0 ;; - GNU*) - echo "hurd-x86"; exit 0; + GNU:*|GNU/*:*) + echo "${MACHINE}-gnuish"; exit 0; ;; LynxOS:*) debian/patches/no-rpath.patch0000664000000000000000000000123511501173436013372 0ustar Index: openssl-1.0.0c/Makefile.shared =================================================================== --- openssl-1.0.0c.orig/Makefile.shared 2010-08-21 13:36:49.000000000 +0200 +++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:36.000000000 +0100 @@ -153,7 +153,7 @@ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" -DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" +DO_GNU_APP=LDFLAGS="$(CFLAGS)" #This is rather special. It's a special target with which one can link #applications without bothering with any features that have anything to debian/patches/CVE-2014-0160.patch0000664000000000000000000000567212320577634013250 0ustar Description: fix memory disclosure in TLS heartbeat extension Origin: upstream, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3 Index: openssl-1.0.1f/ssl/d1_both.c =================================================================== --- openssl-1.0.1f.orig/ssl/d1_both.c 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/ssl/d1_both.c 2014-04-07 15:37:38.548342862 -0400 @@ -1459,26 +1459,36 @@ unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ - /* Read type and payload length first */ - hbtype = *p++; - n2s(p, payload); - pl = p; - if (s->msg_callback) s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, &s->s3->rrec.data[0], s->s3->rrec.length, s, s->msg_callback_arg); + /* Read type and payload length first */ + if (1 + 2 + 16 > s->s3->rrec.length) + return 0; /* silently discard */ + hbtype = *p++; + n2s(p, payload); + if (1 + 2 + payload + 16 > s->s3->rrec.length) + return 0; /* silently discard per RFC 6520 sec. 4 */ + pl = p; + if (hbtype == TLS1_HB_REQUEST) { unsigned char *buffer, *bp; + unsigned int write_length = 1 /* heartbeat type */ + + 2 /* heartbeat length */ + + payload + padding; int r; + if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) + return 0; + /* Allocate memory for the response, size is 1 byte * message type, plus 2 bytes payload length, plus * payload, plus padding */ - buffer = OPENSSL_malloc(1 + 2 + payload + padding); + buffer = OPENSSL_malloc(write_length); bp = buffer; /* Enter response type, length and copy payload */ @@ -1489,11 +1499,11 @@ /* Random padding */ RAND_pseudo_bytes(bp, padding); - r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); + r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, - buffer, 3 + payload + padding, + buffer, write_length, s, s->msg_callback_arg); OPENSSL_free(buffer); Index: openssl-1.0.1f/ssl/t1_lib.c =================================================================== --- openssl-1.0.1f.orig/ssl/t1_lib.c 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/ssl/t1_lib.c 2014-04-07 15:37:38.548342862 -0400 @@ -2558,16 +2558,20 @@ unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ - /* Read type and payload length first */ - hbtype = *p++; - n2s(p, payload); - pl = p; - if (s->msg_callback) s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, &s->s3->rrec.data[0], s->s3->rrec.length, s, s->msg_callback_arg); + /* Read type and payload length first */ + if (1 + 2 + 16 > s->s3->rrec.length) + return 0; /* silently discard */ + hbtype = *p++; + n2s(p, payload); + if (1 + 2 + payload + 16 > s->s3->rrec.length) + return 0; /* silently discard per RFC 6520 sec. 4 */ + pl = p; + if (hbtype == TLS1_HB_REQUEST) { unsigned char *buffer, *bp; debian/patches/ppc64-support0000664000000000000000000003230312263334623013215 0ustar --- a/Configure +++ b/Configure @@ -373,6 +373,7 @@ "debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-ppc64el","gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -403,6 +404,7 @@ #### "linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-ppc64le", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --- a/crypto/aes/asm/aes-ppc.pl +++ b/crypto/aes/asm/aes-ppc.pl @@ -45,6 +45,12 @@ $PUSH ="stw"; } else { die "nonsense $flavour"; } +$LITTLE_ENDIAN=0; +if ($flavour =~ /le$/) { + die "little-endian is 64-bit only: $flavour" if ($SIZE_T == 4); + $LITTLE_ENDIAN=1; +} + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or ( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or @@ -365,16 +371,60 @@ bne Lenc_unaligned Lenc_unaligned_ok: +___ +$code.=<<___ if (!$LITTLE_ENDIAN); lwz $s0,0($inp) lwz $s1,4($inp) lwz $s2,8($inp) lwz $s3,12($inp) +___ +$code.=<<___ if ($LITTLE_ENDIAN); + lwz $t0,0($inp) + lwz $t1,4($inp) + lwz $t2,8($inp) + lwz $t3,12($inp) + rotlwi $s0,$t0,8 + rotlwi $s1,$t1,8 + rotlwi $s2,$t2,8 + rotlwi $s3,$t3,8 + rlwimi $s0,$t0,24,0,7 + rlwimi $s1,$t1,24,0,7 + rlwimi $s2,$t2,24,0,7 + rlwimi $s3,$t3,24,0,7 + rlwimi $s0,$t0,24,16,23 + rlwimi $s1,$t1,24,16,23 + rlwimi $s2,$t2,24,16,23 + rlwimi $s3,$t3,24,16,23 +___ +$code.=<<___; bl LAES_Te bl Lppc_AES_encrypt_compact +___ +$code.=<<___ if ($LITTLE_ENDIAN); + rotlwi $t0,$s0,8 + rotlwi $t1,$s1,8 + rotlwi $t2,$s2,8 + rotlwi $t3,$s3,8 + rlwimi $t0,$s0,24,0,7 + rlwimi $t1,$s1,24,0,7 + rlwimi $t2,$s2,24,0,7 + rlwimi $t3,$s3,24,0,7 + rlwimi $t0,$s0,24,16,23 + rlwimi $t1,$s1,24,16,23 + rlwimi $t2,$s2,24,16,23 + rlwimi $t3,$s3,24,16,23 + stw $t0,0($out) + stw $t1,4($out) + stw $t2,8($out) + stw $t3,12($out) +___ +$code.=<<___ if (!$LITTLE_ENDIAN); stw $s0,0($out) stw $s1,4($out) stw $s2,8($out) stw $s3,12($out) +___ +$code.=<<___; b Lenc_done Lenc_unaligned: @@ -799,16 +849,60 @@ bne Ldec_unaligned Ldec_unaligned_ok: +___ +$code.=<<___ if (!$LITTLE_ENDIAN); lwz $s0,0($inp) lwz $s1,4($inp) lwz $s2,8($inp) lwz $s3,12($inp) +___ +$code.=<<___ if ($LITTLE_ENDIAN); + lwz $t0,0($inp) + lwz $t1,4($inp) + lwz $t2,8($inp) + lwz $t3,12($inp) + rotlwi $s0,$t0,8 + rotlwi $s1,$t1,8 + rotlwi $s2,$t2,8 + rotlwi $s3,$t3,8 + rlwimi $s0,$t0,24,0,7 + rlwimi $s1,$t1,24,0,7 + rlwimi $s2,$t2,24,0,7 + rlwimi $s3,$t3,24,0,7 + rlwimi $s0,$t0,24,16,23 + rlwimi $s1,$t1,24,16,23 + rlwimi $s2,$t2,24,16,23 + rlwimi $s3,$t3,24,16,23 +___ +$code.=<<___; bl LAES_Td bl Lppc_AES_decrypt_compact +___ +$code.=<<___ if ($LITTLE_ENDIAN); + rotlwi $t0,$s0,8 + rotlwi $t1,$s1,8 + rotlwi $t2,$s2,8 + rotlwi $t3,$s3,8 + rlwimi $t0,$s0,24,0,7 + rlwimi $t1,$s1,24,0,7 + rlwimi $t2,$s2,24,0,7 + rlwimi $t3,$s3,24,0,7 + rlwimi $t0,$s0,24,16,23 + rlwimi $t1,$s1,24,16,23 + rlwimi $t2,$s2,24,16,23 + rlwimi $t3,$s3,24,16,23 + stw $t0,0($out) + stw $t1,4($out) + stw $t2,8($out) + stw $t3,12($out) +___ +$code.=<<___ if (!$LITTLE_ENDIAN); stw $s0,0($out) stw $s1,4($out) stw $s2,8($out) stw $s3,12($out) +___ +$code.=<<___; b Ldec_done Ldec_unaligned: --- a/crypto/perlasm/ppc-xlate.pl +++ b/crypto/perlasm/ppc-xlate.pl @@ -27,7 +27,8 @@ /osx/ && do { $name = "_$name"; last; }; - /linux.*32/ && do { $ret .= ".globl $name\n"; + /linux.*32/ || + /linux.*64le/ && do { $ret .= ".globl $name\n"; $ret .= ".type $name,\@function"; last; }; @@ -62,7 +63,7 @@ ".machine $arch"; }; my $size = sub { - if ($flavour =~ /linux.*32/) + if ($flavour =~ /linux.*32/ || $flavour =~ /linux.*64le/) { shift; ".size " . join(",",@_); } @@ -77,6 +78,25 @@ else { ""; } }; +my $quad = sub { + shift; + my @ret; + my ($hi,$lo); + for (@_) { + if (/^0x([0-9a-f]*?)([0-9a-f]{1,8})$/io) + { $hi=$1?"0x$1":"0"; $lo="0x$2"; } + elsif (/^([0-9]+)$/o) + { $hi=$1>>32; $lo=$1&0xffffffff; } # error-prone with 32-bit perl + else + { $hi=undef; $lo=$_; } + + if (defined($hi)) + { push(@ret,$flavour=~/le$/o?".long\t$lo,$hi":".long\t$hi,$lo"); } + else + { push(@ret,".quad $lo"); } + } + join("\n",@ret); +}; ################################################################ # simplified mnemonics not handled by at least one assembler --- a/crypto/sha/asm/sha1-ppc.pl +++ b/crypto/sha/asm/sha1-ppc.pl @@ -38,6 +38,14 @@ $PUSH ="stw"; } else { die "nonsense $flavour"; } +# Define endianess based on flavour +# i.e.: linux64le +$LITTLE_ENDIAN=0; +if ($flavour =~ /le$/) { + die "little-endian is 64-bit only: $flavour" if ($SIZE_T == 4); + $LITTLE_ENDIAN=1; +} + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or ( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or @@ -68,14 +76,28 @@ @X=("r16","r17","r18","r19","r20","r21","r22","r23", "r24","r25","r26","r27","r28","r29","r30","r31"); +sub loadbe { +my ($dst, $src, $temp_reg) = @_; +$code.=<<___ if (!$LITTLE_ENDIAN); + lwz $dst,$src +___ +$code.=<<___ if ($LITTLE_ENDIAN); + lwz $temp_reg,$src + rotlwi $dst,$temp_reg,8 + rlwimi $dst,$temp_reg,24,0,7 + rlwimi $dst,$temp_reg,24,16,23 +___ +} + sub BODY_00_19 { my ($i,$a,$b,$c,$d,$e,$f)=@_; my $j=$i+1; -$code.=<<___ if ($i==0); - lwz @X[$i],`$i*4`($inp) -___ + + # Since the last value of $f is discarded, we can use + # it as a temp reg to swap byte-order when needed. + loadbe("@X[$i]","`$i*4`($inp)",$f) if ($i==0); + loadbe("@X[$j]","`$j*4`($inp)",$f) if ($i<15); $code.=<<___ if ($i<15); - lwz @X[$j],`$j*4`($inp) add $f,$K,$e rotlwi $e,$a,5 add $f,$f,@X[$i] --- a/crypto/sha/asm/sha512-ppc.pl +++ b/crypto/sha/asm/sha512-ppc.pl @@ -56,6 +56,12 @@ $PUSH="stw"; } else { die "nonsense $flavour"; } +$LITTLE_ENDIAN=0; +if ($flavour =~ /le$/) { + die "little-endian is 64-bit only: $flavour" if ($SIZE_T==4); + $LITTLE_ENDIAN=1; +} + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or ( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or @@ -314,16 +320,33 @@ Lsha2_block_private: ___ for($i=0;$i<16;$i++) { -$code.=<<___ if ($SZ==4); +$code.=<<___ if ($SZ==4 && !$LITTLE_ENDIAN); lwz @X[$i],`$i*$SZ`($inp) ___ +$code.=<<___ if ($SZ==4 && $LITTLE_ENDIAN); + lwz $a0,`$i*$SZ`($inp) + rotlwi @X[$i],$a0,8 + rlwimi @X[$i],$a0,24,0,7 + rlwimi @X[$i],$a0,24,16,23 +___ # 64-bit loads are split to 2x32-bit ones, as CPU can't handle # unaligned 64-bit loads, only 32-bit ones... -$code.=<<___ if ($SZ==8); +$code.=<<___ if ($SZ==8 && !$LITTLE_ENDIAN); lwz $t0,`$i*$SZ`($inp) lwz @X[$i],`$i*$SZ+4`($inp) insrdi @X[$i],$t0,32,0 ___ +$code.=<<___ if ($SZ==8 && $LITTLE_ENDIAN); + lwz $a0,`$i*$SZ`($inp) + lwz $a1,`$i*$SZ+4`($inp) + rotlwi $t0,$a0,8 + rotlwi @X[$i],$a1,8 + rlwimi $t0,$a0,24,0,7 + rlwimi @X[$i],$a1,24,0,7 + rlwimi $t0,$a0,24,16,23 + rlwimi @X[$i],$a1,24,16,23 + insrdi @X[$i],$t0,32,0 +___ &ROUND_00_15($i,@V); unshift(@V,pop(@V)); } @@ -395,46 +418,46 @@ .space `64-9*4` ___ $code.=<<___ if ($SZ==8); - .long 0x428a2f98,0xd728ae22,0x71374491,0x23ef65cd - .long 0xb5c0fbcf,0xec4d3b2f,0xe9b5dba5,0x8189dbbc - .long 0x3956c25b,0xf348b538,0x59f111f1,0xb605d019 - .long 0x923f82a4,0xaf194f9b,0xab1c5ed5,0xda6d8118 - .long 0xd807aa98,0xa3030242,0x12835b01,0x45706fbe - .long 0x243185be,0x4ee4b28c,0x550c7dc3,0xd5ffb4e2 - .long 0x72be5d74,0xf27b896f,0x80deb1fe,0x3b1696b1 - .long 0x9bdc06a7,0x25c71235,0xc19bf174,0xcf692694 - .long 0xe49b69c1,0x9ef14ad2,0xefbe4786,0x384f25e3 - .long 0x0fc19dc6,0x8b8cd5b5,0x240ca1cc,0x77ac9c65 - .long 0x2de92c6f,0x592b0275,0x4a7484aa,0x6ea6e483 - .long 0x5cb0a9dc,0xbd41fbd4,0x76f988da,0x831153b5 - .long 0x983e5152,0xee66dfab,0xa831c66d,0x2db43210 - .long 0xb00327c8,0x98fb213f,0xbf597fc7,0xbeef0ee4 - .long 0xc6e00bf3,0x3da88fc2,0xd5a79147,0x930aa725 - .long 0x06ca6351,0xe003826f,0x14292967,0x0a0e6e70 - .long 0x27b70a85,0x46d22ffc,0x2e1b2138,0x5c26c926 - .long 0x4d2c6dfc,0x5ac42aed,0x53380d13,0x9d95b3df - .long 0x650a7354,0x8baf63de,0x766a0abb,0x3c77b2a8 - .long 0x81c2c92e,0x47edaee6,0x92722c85,0x1482353b - .long 0xa2bfe8a1,0x4cf10364,0xa81a664b,0xbc423001 - .long 0xc24b8b70,0xd0f89791,0xc76c51a3,0x0654be30 - .long 0xd192e819,0xd6ef5218,0xd6990624,0x5565a910 - .long 0xf40e3585,0x5771202a,0x106aa070,0x32bbd1b8 - .long 0x19a4c116,0xb8d2d0c8,0x1e376c08,0x5141ab53 - .long 0x2748774c,0xdf8eeb99,0x34b0bcb5,0xe19b48a8 - .long 0x391c0cb3,0xc5c95a63,0x4ed8aa4a,0xe3418acb - .long 0x5b9cca4f,0x7763e373,0x682e6ff3,0xd6b2b8a3 - .long 0x748f82ee,0x5defb2fc,0x78a5636f,0x43172f60 - .long 0x84c87814,0xa1f0ab72,0x8cc70208,0x1a6439ec - .long 0x90befffa,0x23631e28,0xa4506ceb,0xde82bde9 - .long 0xbef9a3f7,0xb2c67915,0xc67178f2,0xe372532b - .long 0xca273ece,0xea26619c,0xd186b8c7,0x21c0c207 - .long 0xeada7dd6,0xcde0eb1e,0xf57d4f7f,0xee6ed178 - .long 0x06f067aa,0x72176fba,0x0a637dc5,0xa2c898a6 - .long 0x113f9804,0xbef90dae,0x1b710b35,0x131c471b - .long 0x28db77f5,0x23047d84,0x32caab7b,0x40c72493 - .long 0x3c9ebe0a,0x15c9bebc,0x431d67c4,0x9c100d4c - .long 0x4cc5d4be,0xcb3e42b6,0x597f299c,0xfc657e2a - .long 0x5fcb6fab,0x3ad6faec,0x6c44198c,0x4a475817 + .quad 0x428a2f98d728ae22,0x7137449123ef65cd + .quad 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc + .quad 0x3956c25bf348b538,0x59f111f1b605d019 + .quad 0x923f82a4af194f9b,0xab1c5ed5da6d8118 + .quad 0xd807aa98a3030242,0x12835b0145706fbe + .quad 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 + .quad 0x72be5d74f27b896f,0x80deb1fe3b1696b1 + .quad 0x9bdc06a725c71235,0xc19bf174cf692694 + .quad 0xe49b69c19ef14ad2,0xefbe4786384f25e3 + .quad 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 + .quad 0x2de92c6f592b0275,0x4a7484aa6ea6e483 + .quad 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 + .quad 0x983e5152ee66dfab,0xa831c66d2db43210 + .quad 0xb00327c898fb213f,0xbf597fc7beef0ee4 + .quad 0xc6e00bf33da88fc2,0xd5a79147930aa725 + .quad 0x06ca6351e003826f,0x142929670a0e6e70 + .quad 0x27b70a8546d22ffc,0x2e1b21385c26c926 + .quad 0x4d2c6dfc5ac42aed,0x53380d139d95b3df + .quad 0x650a73548baf63de,0x766a0abb3c77b2a8 + .quad 0x81c2c92e47edaee6,0x92722c851482353b + .quad 0xa2bfe8a14cf10364,0xa81a664bbc423001 + .quad 0xc24b8b70d0f89791,0xc76c51a30654be30 + .quad 0xd192e819d6ef5218,0xd69906245565a910 + .quad 0xf40e35855771202a,0x106aa07032bbd1b8 + .quad 0x19a4c116b8d2d0c8,0x1e376c085141ab53 + .quad 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 + .quad 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb + .quad 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 + .quad 0x748f82ee5defb2fc,0x78a5636f43172f60 + .quad 0x84c87814a1f0ab72,0x8cc702081a6439ec + .quad 0x90befffa23631e28,0xa4506cebde82bde9 + .quad 0xbef9a3f7b2c67915,0xc67178f2e372532b + .quad 0xca273eceea26619c,0xd186b8c721c0c207 + .quad 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 + .quad 0x06f067aa72176fba,0x0a637dc5a2c898a6 + .quad 0x113f9804bef90dae,0x1b710b35131c471b + .quad 0x28db77f523047d84,0x32caab7b40c72493 + .quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c + .quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a + .quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817 ___ $code.=<<___ if ($SZ==4); .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 debian/libssl-doc.docs0000664000000000000000000000000611501477301012070 0ustar demos debian/libssl-dev.dirs0000664000000000000000000000004111501503354012107 0ustar usr/lib usr/share/doc/libssl-dev debian/libssl1.0.0-udeb.dirs0000664000000000000000000000000412263334623012633 0ustar lib debian/copyright0000664000000000000000000001462310323246103011123 0ustar This package was debianized by Christoph Martin martin@uni-mainz.de on Fri, 22 Nov 1996 21:29:51 +0100. Copyright (c) 1998-2004 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson The upstream sources were obtained from http://www.openssl.org/ LICENSE ISSUES ============== The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org. OpenSSL License --------------- /* ==================================================================== * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ Original SSLeay License ----------------------- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ debian/watch0000664000000000000000000000015512257407544010234 0ustar version=3 opts=pgpsigurlmangle=s/$/.asc/ ftp://ftp.openssl.org/source/openssl-(\d+\.\d+\.\d+[a-z]?)\.tar\.gz debian/libssl1.0.0.templates0000664000000000000000000000227711501472103012757 0ustar Template: libssl1.0.0/restart-services Type: string _Description: Services to restart to make them use the new libraries: This release of OpenSSL fixes some security issues. Services will not use these fixes until they are restarted. Please note that restarting the SSH server (sshd) should not affect any existing connections. . Please check the list of detected services that need to be restarted and correct it, if needed. The services names must be identical to the initialization script names in /etc/init.d and separated by spaces. No services will be restarted if the list is empty. . Any service that later fails unexpectedly after this upgrade should be restarted. It is recommended to reboot this host to avoid any SSL-related trouble. Template: libssl1.0.0/restart-failed Type: error #flag:translate!:3 #flag:comment:2 # This paragraph is followed by a (non translatable) paragraph containing # a list of services that could not be restarted _Description: Failure restarting some services for OpenSSL upgrade The following services could not be restarted for the OpenSSL library upgrade: . ${services} . You will need to start these manually by running '/etc/init.d/ start'. debian/libssl-doc.files0000664000000000000000000000002311501160600012230 0ustar usr/share/man/man3 debian/openssl.postinst0000664000000000000000000000020310323246103012445 0ustar #!/bin/sh -e if [ ! -e /usr/lib/ssl ] then echo Linking /usr/lib/ssl to /etc/ssl ln -sf /etc/ssl /usr/lib/ssl fi #DEBHELPER# debian/libssl1.0.0.postinst0000664000000000000000000001321112263334623012644 0ustar #!/bin/sh . /usr/share/debconf/confmodule set -e package_name() { echo $(basename $0 .postinst) } # element() is a helper function for file-rc: element() { local element list IFS element="$1" [ "$2" = "in" ] && shift list="$2" [ "$list" = "-" ] && return 1 [ "$list" = "*" ] && return 0 IFS="," set -- $list case $element in "$1"|"$2"|"$3"|"$4"|"$5"|"$6"|"$7"|"$8"|"$9") return 0 esac return 1 } # filerc (runlevel, service) returns /etc/init.d/service, if service is # running in $runlevel: filerc() { local runlevel basename runlevel=$1 basename=$2 while read LINE do case $LINE in \#*|"") continue esac set -- $LINE SORT_NO="$1"; STOP="$2"; START="$3"; CMD="$4" [ "$CMD" = "/etc/init.d/$basename" ] || continue if element "$runlevel" in "$START" || element "S" in "$START" then echo "/etc/init.d/$basename" return 0 fi done < /etc/runlevel.conf echo "" } if [ "$1" = "configure" ] then if [ ! -z "$2" ]; then # This triggers services restarting, so limit this to major upgrades # only. Security updates should not restart services automatically. if dpkg --compare-versions "$2" lt 0.9.8g-9 && dpkg --compare-versions "$2" gt 0.9.8c-4etch3; then db_version 2.0 echo -n "Checking for services that may need to be restarted..." check="sendmail openssh-server" check="$check apache2-common ssh-nonfree exim4" check="$check apache-ssl libapache-mod-ssl openvpn spamassassin" check="$check courier-imap-ssl courier-mta-ssl courier-pop-ssl" check="$check postfix cyrus21-imapd cyrus21-pop3d" check="$check postgresql-7.4 postgresql-8.0 postgresql-8.1" check="$check postgresql-8.2" check="$check racoon dovecot-common bind9" check="$check ntp openntpd clamcour nagios-nrpe-server" check="$check clamav-freshclam clamav-daemon" check="$check fetchmail ftpd-ssl slapd" check="$check proftpd proftpd-ldap proftpd-mysql proftpd-pgsql" check="$check partimage-server conserver-server tor" check="$check stunnel4" # Only get the ones that are installed, and configured check=$(dpkg -s $check 2> /dev/null | egrep '^Package:|^Status:' | awk '{if ($1 ~ /^Package:/) { package=$2 } else if ($0 ~ /^Status: .* installed$/) { print package }}') # apache2 ships its init script in apache2-common, but the # script is apache2 check=$(echo $check | sed 's/apache2-common/apache2/g') # For mod-ssl apache has to be restarted check=$(echo $check | sed 's/libapache-mod-ssl/apache/g') # The name of proftpd-{ldap,mysql,pgsql} init script is # same as "proftpd". check=$(echo $check | sed 's/proftpd-.*/proftpd/g') # dovecot-common ships its init script, but the # script name is dovecot for dovecot-{imapd,pop3d}. check=$(echo $check | sed 's/dovecot-common/dovecot/g') # openssh-server's init script it called ssh check=$(echo $check | sed 's/openssh-server/ssh/g') echo "done." echo "Checking init scripts..." for service in $check; do if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then idl=$(ls /etc/init.d/${service} 2> /dev/null | head -n 1) if [ -n "$idl" ] && [ -x $idl ]; then services="$service $services" else echo "WARNING: init script for $service not found." fi else if [ -f /usr/share/file-rc/rc ] || [ -f /usr/lib/file-rc/rc ] && [ -f /etc/runlevel.conf ]; then idl=$(filerc $rl $service) else idl=$(ls /etc/rc${rl}.d/S??${service} 2> /dev/null | head -n 1) fi if [ -n "$idl" ] && [ -x $idl ]; then services="$service $services" fi fi done if [ -n "$services" ]; then db_reset libssl1.0.0/restart-services db_set libssl1.0.0/restart-services "$services" if [ "$RELEASE_UPGRADE_MODE" = desktop ]; then db_input medium libssl1.0.0/restart-services || true else db_input critical libssl1.0.0/restart-services || true fi db_go || true db_get libssl1.0.0/restart-services if [ "x$RET" != "x" ] then services=$RET answer=yes else answer=no fi echo if [ "$answer" = yes ] && [ "$services" != "" ]; then echo "Restarting services possibly affected by the upgrade:" failed="" rl=$(runlevel | sed 's/.*\ //') for service in $services; do if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then idl="invoke-rc.d ${service}" elif [ -f /usr/share/file-rc/rc ] || [ -f /usr/lib/file-rc/rc ] && [ -f /etc/runlevel.conf ]; then idl=$(filerc $rl $service) else idl=$(ls /etc/rc${rl}.d/S??${service} 2> /dev/null | head -n 1) fi if ! $idl restart; then failed="$service $failed" fi done echo if [ -n "$failed" ]; then db_subst libssl1.0.0/restart-failed services "$failed" db_input critical libssl1.0.0/restart-failed || true db_go || true else echo "Services restarted successfully." fi echo fi else echo "Nothing to restart." fi # Shut down the frontend, to make sure none of the # restarted services keep a connection open to it db_stop fi # end upgrading and $2 lt 0.9.8c-2 # Here we issue the reboot notification for upgrades and # security updates. We do want services to be restarted when we # update for a security issue, but planned by the sysadmin, not # automatically. # Only issue the reboot notification for servers; we proxy this by # testing that the X server is not running (LP: #244250) if ! pidof /usr/bin/X > /dev/null && [ -x /usr/share/update-notifier/notify-reboot-required ]; then /usr/share/update-notifier/notify-reboot-required fi fi # Upgrading fi #DEBHELPER# debian/README.optimization0000664000000000000000000000255110323246103012572 0ustar openssl ships optimized libraries for some cpus. The loading of these libraries depends on the ability of the dynamic linker to automaticly search additional directories depending on the cpu. If you want to find out which are these directories for your computer, run the following command: LD_LIBRARY_PATH=/usr/lib strace true 2>&1 | fgrep "open(\"/usr/lib" On a Pentium III this gives: open("/usr/lib/i686/mmx/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/i686/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/mmx/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory) Following is a list of cpus, library paths and possible optimizations: 486 /usr/lib/i486 -march=i486 -mcpu=i486 +asm Pentium /usr/lib/i586 -march=i586 -mcpu=i586 +asm Pentium MMX /usr/lib/i586 -march=i586 -mcpu=i586 +asm Pentium II /usr/lib/i686 -march=i686 -mcpu=i686 +asm Pentium III /usr/lib/i686 -march=i686 -mcpu=i686 +asm AMD-K6 /usr/lib/i586 -march=i586 -mcpu=i586 +asm AMD-K7 /usr/lib/i686 -march=i686 -mcpu=i686 +asm Sparc v8 /usr/lib/v8 -mcpu=v8 +asm Sparc v9 /usr/lib/v9 -mcpu=v9 -Wa,-Av8plus +asm Alpha EV4 /usr/lib/ev4 -mcpu=ev4 Alpha EV5 /usr/lib/ev5 -mcpu=ev5 +asm means that the handcrafted 586 assembler routines can be used. debian/openssl.dirs0000664000000000000000000000005611501502627011536 0ustar usr/bin usr/lib etc/ssl/certs etc/ssl/private debian/upstream-signing-key.pgp0000664000000000000000000000237412257406620013774 0ustar  6s|4'2/{u͔ tW`NyQ}#M~ID#1PWX:`7 c 3]{CZA XD.J~1oܫo(dשkp%3FAq߂ Ɋg SE#TG-y@F;J#~)yRN6ee%aK;z,Nȭf 1CuiI қ{Y1Dr Stephen Henson CPқ{YIcbjX k8ᔄ js겳x/hkz{yhmB!^4(B~&`5ԫEpہbENe/N=$9}V8Hx̝[ގeZR`:VټIdPt0x.僓qLVߋz_At<&w!|?IXACs*=%! ܝۑ:gOחpL3Dr S N Henson 6s|қ{YA!\I>Я|e5u ӛ8׆lt0E-{\E <_Z,V@s~>25$a.SOOҔ@ eyafɦU HQ*܎D.jVg;Ǻt^{DZ׀S#KCeB'xQLuq.hP$dd ?eyQWd7iV-<0V\JLz-m Y'h8tUi^ɕI >ts:Dr Stephen Henson CPқ{YkV^ Fcr_+yj. SHELL=/bin/bash package=openssl # For generating the manpages export VERSION=$(shell dpkg-parsechangelog | grep '^Version:' | sed -e 's/^.*://' -e 's/-.*//') # The binary architeture DEB_HOST_ARCH = $(shell dpkg-architecture -qDEB_HOST_ARCH) DEB_HOST_ARCH_OS = $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) DEB_HOST_MULTIARCH=$(shell dpkg-architecture -qDEB_HOST_MULTIARCH) DEB_HOST_ARCH_CPU=$(shell dpkg-architecture -qDEB_HOST_ARCH_CPU) DEB_HOST_GNU_TYPE=$(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) DEB_BUILD_GNU_TYPE=$(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) ifneq ($(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE)) CROSS=CC=$(DEB_HOST_GNU_TYPE)-gcc MAKE_TEST=: else CROSS=CC=$(CC) MAKE_TEST=make test endif ifeq ($(DEB_HOST_ARCH),amd64) ARCH_CONFARGS := enable-ec_nistp_64_gcc_128 endif CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 no-zlib enable-tlsext no-ssl2 $(ARCH_CONFARGS) OPT_alpha = ev4 ev5 ARCHOPTS = OPT_$(DEB_HOST_ARCH) OPTS = $($(ARCHOPTS)) WANTED_LIBC_VERSION = 2.3.1-10 ifeq ($(DEB_HOST_ARCH_CPU), amd64) CONFARGS += enable-ec_nistp_64_gcc_128 endif ifneq (,$(findstring nocheck,$(DEB_BUILD_OPTIONS))) MAKE_TEST = : endif build: build-arch build-indep build-arch: build-stamp build-indep: build-stamp build-stamp: dh_testdir # perl util/ssldir.pl /usr/lib/ssl # chmod +x debian/libtool ./Configure no-shared $(CONFARGS) debian-$(DEB_HOST_ARCH) $(if $(filter enable-ec_nistp_64_gcc_128, $(CONFARGS)), make $(CROSS) -f Makefile depend) make $(CROSS) -f Makefile all $(MAKE_TEST) mv libcrypto.a libcrypto.static mv libssl.a libssl.static make -f Makefile clean test -z "$(OPTS)" || for opt in $(OPTS); \ do \ set -xe; \ ./Configure shared $(CONFARGS) debian-$(DEB_HOST_ARCH)-$$opt; \ make $(CROSS) -f Makefile all; \ $(MAKE_TEST); \ mkdir -p $$opt; \ mv libcrypto.so* libssl.so* $$opt/; \ make -f Makefile clean; \ done ./Configure shared $(CONFARGS) debian-$(DEB_HOST_ARCH) #make $(CROSS) -f Makefile depend ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/ # make $(CROSS) -f Makefile linux-shared make $(CROSS) -f Makefile all $(MAKE_TEST) # strip apps/openssl # make -f Makefile clean # ./Configure --prefix=/usr --openssldir=/usr/lib/ssl no-idea no-mdc2 no-rc5 debian-$(DEB_HOST_ARCH) # make $(CROSS) -f Makefile all touch build-stamp clean: dh_testdir dh_testroot -rm -f build-stamp -./Configure $(CONFARGS) debian-$(DEB_HOST_ARCH) -sed -i -e 's/rm -f/rm -rf/' Makefile [ ! -f Makefile ] || make -f Makefile clean clean-shared #-make -f Makefile dclean # perl util/ssldir.pl /usr/local/ssl -rm -f test/.rnd test/testkey.pem test/testreq.pem test/certCA.srl -rm -f util/mk1mf.bak Makefile.bak `find . -name Makefile.save` -rm -f crypto/pem/ctx_size -rm -f `find . -name "*~"` -rm -f `find . -name "*.orig" -o -name "*.rej"` -rm -f certs/*.0 certs/*.1 # -rm -rf debian/tmp debian/files* core `find debian/* -type d` -rm -rf core $(OPTS) -rm doc/*.pod -rm -f libcrypto.* libssl.* -cd test && rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bntest ectest ecdsatest ecdhtest ideatest md2test md4test md5test hmactest rc2test rc4test rc5test destest shatest sha1test sha256t sha512t mdc2test rmdtest randtest dhtest enginetest bftest casttest ssltest exptest dsatest rsa_test evp_test *.ss *.srl log dummytest newkey.pem igetest jpaketest srptest wp_test asn1test -rm Makefile apps/CA.pl tools/c_rehash crypto/opensslconf.h crypto/x86_64cpuid.S rm -f test/asn1test test/wp_test test/srptest test/jpaketest rm -f certs/demo/*.0 rm -rf crypto/aes/aes-armv4.S crypto/bn/armv4-gf2m.S crypto/modes/ghash-armv4.S crypto/sha/*.S dh_clean install: build dh_testdir dh_testroot dh_clean dh_installdirs make -f Makefile $(CROSS) install INSTALL_PREFIX=`pwd`/debian/tmp binary-indep: build install dh_testdir dh_testroot dh_installdirs -i dh_installman -plibssl-doc dh_installdocs -i dh_movefiles -i dh_installchangelogs -i CHANGES dh_compress -i dh_fixperms -i dh_gencontrol -i dh_installdeb -i dh_md5sums -i dh_builddeb -i binary-arch: build install dh_testdir dh_testroot dh_installdirs -a # pic static libraries, nobody should need them # mv debian/tmp/usr/lib/libcrypto.a debian/tmp/usr/lib/libcrypto_pic.a # mv debian/tmp/usr/lib/libssl.a debian/tmp/usr/lib/libssl_pic.a cp -pf libcrypto.static debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.a cp -pf libssl.static debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libssl.a # move runtime libraries to /lib install -d debian/tmp/lib/$(DEB_HOST_MULTIARCH) mv debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/lib*.so.* debian/tmp/lib/$(DEB_HOST_MULTIARCH) ln -sf /lib/$(DEB_HOST_MULTIARCH)/$$(readlink debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.so) debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.so ln -sf /lib/$(DEB_HOST_MULTIARCH)/$$(readlink debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libssl.so) debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libssl.so mkdir -p debian/tmp/etc/ssl mv debian/tmp/usr/lib/ssl/{certs,openssl.cnf,private} debian/tmp/etc/ssl/ ln -s /etc/ssl/{certs,openssl.cnf,private} debian/tmp/usr/lib/ssl/ cp -pf debian/tmp/lib/$(DEB_HOST_MULTIARCH)/libcrypto.so.* debian/libcrypto1.0.0-udeb/lib/ cp -pf debian/tmp/lib/$(DEB_HOST_MULTIARCH)/libssl.so.* debian/libssl1.0.0-udeb/lib/ for opt in $(OPTS); do set -xe; mkdir -p debian/tmp/lib/$(DEB_HOST_MULTIARCH)/$$opt; cp -auv $$opt/lib*.so* debian/tmp/lib/$(DEB_HOST_MULTIARCH)/$$opt/; done mkdir -p debian/tmp/usr/include/$(DEB_HOST_MULTIARCH)/openssl mv debian/tmp/usr/include/openssl/opensslconf.h debian/tmp/usr/include/$(DEB_HOST_MULTIARCH)/openssl/ install debian/copyright debian/libssl1.0.0/usr/share/doc/libssl1.0.0/ install debian/changelog debian/libssl1.0.0/usr/share/doc/libssl1.0.0/changelog.Debian install debian/copyright debian/libssl-dev/usr/share/doc/libssl-dev/ install debian/changelog debian/libssl-dev/usr/share/doc/libssl-dev/changelog.Debian dh_installdocs -a CHANGES.SSLeay README NEWS debian/README.optimization dh_installexamples -a dh_installchangelogs -a CHANGES dh_installman -popenssl dh_installdebconf -a dh_movefiles -a dh_compress -a # symlink doc files for p in openssl libssl-dev; do \ for f in changelog.Debian.gz changelog.gz copyright; do \ ln -sf ../libssl1.0.0/$$f debian/$$p/usr/share/doc/$$p/$$f; \ done; \ done chmod 700 debian/openssl/etc/ssl/private dh_fixperms -a -X etc/ssl/private dh_strip -plibssl1.0.0 --dbg-package=libssl1.0.0-dbg dh_strip -a -Nlibssl1.0.0 dh_perl -a -d dpkg-gensymbols -Pdebian/libssl1.0.0/ -plibssl1.0.0 -c4 dh_makeshlibs -a -V "libssl1.0.0 (>= 1.0.1d)" --add-udeb="libcrypto1.0.0-udeb" -Xengines sed -i '/^udeb: libssl/s/libcrypto1.0.0-udeb/libssl1.0.0-udeb/' debian/libssl1.0.0/DEBIAN/shlibs dh_shlibdeps -a -L libssl1.0.0 -l debian/libssl1.0.0/lib/$(DEB_HOST_MULTIARCH) dh_gencontrol -a dh_installdeb -a dh_md5sums -a dh_builddeb -a echo -en "\a" # Below here is fairly generic really binary: binary-indep binary-arch .PHONY: binary binary-arch binary-indep clean install