openssl-blacklist (0.3.3+0.4-0ubuntu0.8.04.3) hardy-security; urgency=low

  * remove extra copy of RSA-4096 blacklist in the source package 

 -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 17 Jun 2008 15:38:33 -0400

openssl-blacklist (0.3.3+0.4-0ubuntu0.8.04.2) hardy-security; urgency=low

  * add RSA-4096 blacklist for le64
  * install RSA-4096 blacklist
  * don't send STDERR to STDOUT as this may interfere with obtaining the
    modulus with long bits

 -- Jamie Strandboge <jamie@ubuntu.com>  Mon, 16 Jun 2008 13:52:27 -0400

openssl-blacklist (0.3.3+0.4-0ubuntu0.8.04.1) hardy-security; urgency=low

  * allow checking of certificate requests
  * only check moduli with an exponent of 65537 (the default on Debian/Ubuntu)
  * update gen_certs.sh for when ~/.rnd does not exist when openssl is run
    which can happen with openssl 0.9.8g and higher
  * update gen_certs.sh to use '0' (in case of PID randomization)
  * added more examples
  * only prompt once for password (Closes: #483500)
  * properly cache database reads when bits are same
  * added '-m' and '-b' arguments. This is helpful for applications calling
    openssl-vulnkey when the modulus and bits are known, such as openvpn.
  * man page updates
  * added test.sh
  * added blacklists for when ~/.rnd does not exist when openssl is run
    (LP: #232104)
  * added 512 bit and partial 4096 blacklists (need le64) (LP: #231014)
  * reorganized source databases, and ship the new gen_certs.sh format
  * debian/rules: updated to use new blacklist format and organization
  * create openssl-blacklist-extra package (but don't ship 4096 yet)
  * Modify Maintainer value to match the DebianMaintainerField
    specification.

 -- Jamie Strandboge <jamie@ubuntu.com>  Wed, 11 Jun 2008 16:36:27 -0400

openssl-blacklist (0.3.2) unstable; urgency=low

  * debian/{rules,dirs,openssl-blacklist.install}: move openssl-vulnkey to
    /usr/bin (Closes: #482435).
  * examples/gen_certs.sh:
    - test for fixed libssl versions (Closes: #483310).
    - correctly skip pre-existing PEM files, thanks to Michel Meyers
      (Closes: #483542).
    - skip invalid pid 32768.
  * openssl-vulnkey: allow reading from stding, based on patch from
    Daniel Kahn Gillmor (Closes: #482427).
  * debian/control: swap maintainer so Ubuntu syncs do not get confused.

 -- Kees Cook <kees@outflux.net>  Thu, 29 May 2008 15:19:16 -0700

openssl-blacklist (0.3.1) unstable; urgency=low

  * openssl-vulnkey: fix typo in manpage.
  * debian/control: add Vcs details, adjust uploaders line.
  * debian/rules: switch to using dh_installexamples.

 -- Kees Cook <kees@outflux.net>  Wed, 28 May 2008 13:25:46 -0700

openssl-blacklist (0.3) unstable; urgency=low

  * Initial Debian release (keeping changelog for clarity), Closes: #482047.

 -- Kees Cook <kees@outflux.net>  Wed, 21 May 2008 03:58:17 -0700

openssl-blacklist (0.2) intrepid; urgency=low

  * update openssl-vulnkey to also check x509 certificates, with corresponding
    manpage update
  * support 512, 4096 and 8192 databases
  * don't exit if can't open the database (this way databases can optionally be
    added
  * publish complete RSA-1024 and RSA-2048 blacklist for all available
    architectures on Ubuntu
  * fix manpage typos
  * debian/control: use net/optional
  * use python-central and follow DebianPython/NewPolicy
  * added get_certs.sh and getpid.c

 -- Jamie Strandboge <jamie@ubuntu.com>  Fri, 16 May 2008 08:32:13 -0400

openssl-blacklist (0.1-0ubuntu0.8.04.2) hardy-security; urgency=low

  * openssl-vulnkey: 
    - Don't exit if the key cannot be parsed.
    - Don't fail if stderr is not available. (LP: #230193)

 -- Mathias Gug <mathiaz@ubuntu.com>  Wed, 14 May 2008 14:24:07 +0200

openssl-blacklist (0.1-0ubuntu0.8.04.1) hardy-security; urgency=low

  * no change rebuild for -security 

 -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 13 May 2008 04:02:50 -0400

openssl-blacklist (0.1) unstable; urgency=low

  * Initial release.

 -- Jamie Strandboge <jamie@ubuntu.com>  Fri, 12 May 2008 15:44:32 -0400

