diff options
Diffstat (limited to 'debian/changelog')
-rw-r--r-- | debian/changelog | 498 |
1 files changed, 498 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 000000000..8b7e14fda --- /dev/null +++ b/debian/changelog @@ -0,0 +1,498 @@ +openswan (1:2.4.5-3) unstable; urgency=low + + * Renamed kernel-patch-openswan to linux-patch-openswan. + * Removed the remarks in the package descriptions that linux-patch-openswan + and openswan-modules-source will only work with 2.4 series kernels. This + is no longer true. + * Use updated French translation. Thanks to Christian Perrier and sorry for + not giving time to update the translations before the last upload. I felt + that the FTBFS should be corrected quickly. + Closes: #364399: openswan: [INTL:fr] French debconf templates translation + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 23 Apr 2006 21:47:53 +0100 + +openswan (1:2.4.5-2) unstable; urgency=low + + * The NMU patch doesn't seem to have applied to debian/control, + because the dependency was still on libopensc1-dev. Fixed that now + by adding libopensc2-dev. + Closes: #363073: openswan_1:2.4.5-1: FTBFS: Build depends on + libopensc1-dev + * Added the patch to fix alignment issues on Sparc, as upstream acknowledged + it and applied it to their development tree. + Closes: #341630: openswan: Pluto crypto helper gets SIGBUS on SPARC due + to request memory alignment issue + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 17 Apr 2006 14:53:37 +0100 + +openswan (1:2.4.5-1) unstable; urgency=low + + * New upstream release. This release adds support for patching newer kernel + versions. Verified that the patched kernel tree compiles with Debian + kernel sources 2.6.15-8 and 2.6.16-6. + Closes: #361800: kernel-patch-openswan: Fails to patch Debian 2.6.15 + kernel + It also adds the patches for an IPSec/L2TP server behind a NAT. + Closes: #307529: More patches for openswan server behind NAT + Closes: #353792: openswan nat-t failure + And additionally there are (according to upstream changelogs) fixes for + running on SMP systems. If the following bug still persists (can not test + myself), then please reopen. + Closes: #343603: kernel-patch-openswan: Starting IPSEC makes system freeze + The patch to fix the snmpd crash is also in this upstream version (just + checked linux/net/ipsec/ipsec_tunnel.c). It was probably in older versions + as well, so this might have been closed earlier. It's not mentioned in + upstream changelog, so I don't know exactly when it has been fixed. + Closes: #318298: kernel-patch-openswan: Kernel Oops - Null Dereference + when using snmpd + The ipsec.conf manual page has been updated to document connaddrfamily. + Closes: #296611: openswan: "man -S 5 ipsec.conf" fails to mention the + parameter "connaddrfamily" + * Acknowledge fixes in last NMU - thanks to Christian. + Closes: #352050: openswan: FTBFS: Package libopensc1-dev has no + installation candidate + Closes: #356716: openswan: Incomplete clean when building + Closes: #316693: openswan_1/2.2.0-10 + Closes: #339390: openswan: [INTL:sv] Swedish debconf templates translation + * Enable building of XAUTH support. + * Import override files from /etc/default instead of /etc/sysconfig. This + uses dpatch, so now Build-Depend on it. + Closes: #354965: openswan: /usr/lib/ipsec/_updown uses /etc/sysconfig/, + please change to /etc/default/ + * Only ask if an existing certificate/private key pair should be used when + the user chose not to create a new key pair. Also mention, when asking to + create a new key pair, that an existing one can be used alternatively. + Closes: #298250: confusing debconf question about certificate creation + * Move the USE_LDAP, USE_LIBCURL, and HAVE_THREADS options from the + "make install" to the "make programs" call where it belongs. + Closes: #292838: openswan: Dynamic CRL fetching not supported + * Remove /usr/share/doc/openswan/index.html, because it is a duplicate of + /usr/share/doc/openswan/doc/index.html, and only the latter one has links + to existing files. + Closes: #311613: openswan: html documentation links to the wrong place + Closes: #357719: broken links in file:///usr/share/doc/openswan/index.html + Closes: #357698: broken links in file:///usr/share/doc/openswan/index.html + * Add #ifdef to linux/net/ipsec/ipsec_init.c to branch between Debian and + vanilla 2.4 kernels. For Debian kernels with the XFRM (26sec) backport, + a second option is necessary for inet_(add|del)_protocol. This should + allow KLIPS to compile on both Debian and vanilla 2.4 kernels. Verified + that it compiles with Debian 2.4.27-12 and vanilla 2.4.32. + Closes: #340294: openswan-modules-source: fails to build with 2.4.27 on + sarge + Closes: #342844: kernel-patch-openswan: FTBS with kernel-source-2.4.27 + 2.4.27-11 + * Document in README.Debian that KLIPS for 2.4 kernels will not compile with + newer GCC versions and give a hint on how to use older versions with + make-kpkg. + * Kernel 2.6.8 is not properly supported and is horribly outdated by now. + If you really need to use 2.6.8, then please use the native 26sec IPSec + stack. For KLIPS support, use at least 2.6.12, or better 2.6.15. + Closes: #318136: kernel-patch-openswan: Problem applying + kernel-openswan-patch to kernel-source-2.6.8 + * Compress the modules source tree with bzip2 instead of gzip and thus + reduce the size of the openswan-modules-source package. + + -- Rene Mayrhofer <rmayr@debian.org> Sat, 15 Apr 2006 21:36:36 +0100 + +openswan (1:2.4.4-3.1) unstable; urgency=high + + * Non-maintainer upload with maintainer's agreement + * Fix FTBFS by replacing the build dependency on libopensc1-dev to + libopensc2-dev. Closes: #352050 + * Really clean when building + Closes: #356716 + * Correct typos and English errors in templates + Unfuzzy translations + Closes: #316693 + * Swedish debconf templates translation added + Closes: #339390 + + -- Christian Perrier <bubulle@debian.org> Thu, 16 Mar 2006 06:10:05 +0100 + +openswan (1:2.4.4-3) unstable; urgency=low + + * Corrected PATCHNAME in the kernel-patch-openswan unpatch script. + Closes: #344852: kernel-patch-openswan: PATCHNAME=openswan in apply script + but =freeswan in unpatch + + -- Rene Mayrhofer <rmayr@debian.org> Tue, 27 Dec 2005 10:38:33 +0000 + +openswan (1:2.4.4-2) unstable; urgency=low + + * Build-depend on libkrb5-dev. + Closes: #344612: openswan: pluto has shared library dependency on + libkrb5support.so + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 26 Dec 2005 11:22:17 +0000 + +openswan (1:2.4.4-1) unstable; urgency=high + + Reasoning for urgency high: DoS security issues. + * New upstream version. This is supposed to fix the other part of the DoS + problem. + + -- Rene Mayrhofer <rmayr@debian.org> Fri, 18 Nov 2005 19:23:49 +0000 + +openswan (1:2.4.3-1) unstable; urgency=high + + Reasoning for urgency high: DoS security issues. + * New upstream version. + Closes: Bug#339082: kernel-patch-openswan: ISAKMP implementation + problems / DoS + + -- Rene Mayrhofer <rmayr@debian.org> Tue, 15 Nov 2005 15:49:44 +0000 + +openswan (1:2.4.0-3) unstable; urgency=low + + * Doh. Forgot to merge the new debconf depends from my openswan 2.2.0 + package branch. Now again change the debconf depends to debconf | + debconf-2.0. + Closes: #332055: openswan depends on debconf without | debconf-2.0 + alternate; blocks cdebconf transition + * Also build-depend on the new libssl (>= 0.9.8-1) now to help the + transition. If you recompile this package for woody/sarge, you can safely + ignore this versioned build-dependency. No new API is needed this is just + for the ABI transition. + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 10 Oct 2005 11:22:12 +0100 + +openswan (1:2.4.0-2) unstable; urgency=low + + * Module building has changed a bit for the new openswan upstream + releases (need additional files). Adapt the openswan-modules-source + package to that and also fix pfkey_v2.c to compile with kernel 2.4 + (patches sent to upstream for future inclusion). + Closes: #291274: Fails to build with 2.4.29: missing Makefile + Closes: #273443: openswan-modules-source: doesn't build with 2.6.8 - + different from #273144 (?) + * Fix the postinst script (must have been a bash update that broke it). + Closes: #330864: openswan: postinst fails with "`make-x509-cert': not a + valid identifier" + + -- Rene Mayrhofer <rmayr@debian.org> Fri, 30 Sep 2005 18:11:28 +0100 + +openswan (1:2.4.0-1) unstable; urgency=low + + * New upstream release. This finally allows the Debian packages to be + updated since the regression from 2.2.X to 2.3.X has been fixed (pluto + crash with roadwarriors). Please be aware that pluto daemons from 2.2 or + 2.3 openswan release will still crash, so please update all your + installations as soon as possible. + Closes: #292132: openswan: OpenSwan 2.2.0 crashes when a road-warrior + comes in using 2.3.0 + This release also supports KLIPS with 2.6 kernels now. + Closes: #301801: kernel-patch-openswan: Fails to build with Debian + 2.6.10 source + #273443: openswan-modules-source: doesn't build with 2.6.8 - + different from #273144 (?) + #318136: kernel-patch-openswan: Problem applying + kernel-openswan-patch to kernel-source-2.6.8 + * Fixed gcc 4 compile for fswcert (patch will be forwarded to upstream). + * Added Vietnamese debconf translation. + Closes: #316692: INTL:vi + * Introduced the epoch in this branch to allow automatic updates from the + previously downgraded 2.2 release. + * Edited the debian/copyright file to mention the shared GPL path and + removed old licenses (only refer to CREDITS now). + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 19 Sep 2005 13:40:30 +0100 + +openswan (2.3.1-1) unstable; urgency=high + + Urgency HIGH because openswan is an important package for testing (at least + in my opinion...). + * New upstream version. This update should fix the various crashes + that openswan 2.3.0 pluto was causing on other openswan boxes + (occured in the wild with 2.2.0 and 2.3.0, but might also happen + with others) in some cases. + Closes: #292132: openswan: OpenSwan 2.2.0 crashes when a road-warrior + comes in using 2.3.0 + * Adapt to the new way of building modules (which changed between upstream + version 2.2.0 and 2.3.0). openswan-modules-source should now build with + 2.4 and with 2.6 kernels (using make-kpkg). + Closes: #291274: Fails to build with 2.4.29: missing Makefile + Closes: #276521: openswan-modules-source: ipsec_aes.o & ipsec_cryptoapi.o + not kernel modules + * Also enable building of 2.6 kernel modules in openswan-modules-source. + Closes: #273443: openswan-modules-source: doesn't build with 2.6.8 - + different from #273144 (?) + * kernel-patch-openswan also needed some changes due to the new tree + layout (specifically the new Makefile.top). Now kernel-patch-openswan + has been enabled to work with kernel 2.6, so you can now get ipsecX + interfaces with kernel 2.6 (tested with vanilla 2.6.10)! + Closes: #301801 kernel-patch-openswan: Fails to build with Debian 2.6.10 + source + * There was no reply by the original bug submitter, so this really seemed + to be a toolchain problem. I can't reproduce this bug. + Closes: #283387: openswan: Fails to build on testing (Sarge) + * The build-dependency has already been updated from libcurl2-dev to + libcurl3-dev in package 2.3.0-1. Now updated it to + libcurl3-dev | libcurl2-dev so that backporting to woody is easier. + Closes: #298468 openswan fails to build on sarge due to missing + libcurl2-dev dependancy + * The same goes for libopensc*-dev. + * Fixed typos in the logcheck ignore files. + Closes: #298693: openswan: logcheck files - typo + * Updated debconf translations. + Closes: #290847: openswan: [INTL:fr] French debconf templates translation + Closes: #292077: [INTL:pt_BR] Please apply the attached patch in order to + update openswan's pt_BR debconf translation + Closes: #294202: [l10n] Czech po-debconf template translation (cs.po) + * Removed the source code for the fswcert utility from the debian/ dir in + the source package - it is now included in the upstream source under + programs/. + * Removed the conflicts with ike-server (still providing it though). + Closes: #297186: openswan: Remove conflict on ike-server + * Don't conflict with freeswan generally, but only with versions < 2.04-12. + (This is in preparation of the freeswan transition package that I am + working on.) + * Explicitly remove the execute permissions from /etc/ipsec.d/policies/*. + Closes: #298245: wrong permissions in /etc + * No longer need gawk for openswan scripts to work. This allows to finally + removed the awk-to-gawk hack in debian/rules and means that openswan no + longer depends on gawk. + * Enable the building of pluto code for dynamic URL fetching (which needs + libldap2-dev and libcurl3-dev) and the XAUTH PAM support. Therefore, we + now build-depend on libpam0g-dev. + Closes: #292838: openswan: Dynamic CRL fetching not supported + + -- Rene Mayrhofer <rmayr@debian.org> Sat, 9 Apr 2005 17:56:16 +0200 + +openswan (2.3.0-2) unstable; urgency=HIGH + + Urgency HIGH due to security issue and problems with build-deps in sarge. + * Fix the security issue. Please see + http://www.idefense.com/application/poi/display?id=190& + type=vulnerabilities&flashstatus=false + or CAN-2005-0162 at + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0162 + for more details. Thanks to Martin Schulze for informing me about this + issue. + Closes: #292458: Openswan XAUTH/PAM Buffer Overflow Vulnerability + * Added a Build-Dependency to lynx. + Closes: #291143: openswan: FTBFS: Missing build dependency. + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 27 Jan 2005 16:10:11 +0100 + +openswan (2.3.0-1) unstable; urgency=low + + * New upstream release. + Important change: aes-sha1 is now the default proposal (but 3des-md5 is + still supported if the other side requests it). Please look at + /usr/share/doc/openswan/docs/RELEASE-NOTES for details. + * Includes KLIPS support for kernel 2.6 for the first time, but I have not + yet modified openswan-modules-source to cope with that. If somebody wants + to lend me a hand to address #273443, it would be more than welcome. + * This release includes a fix for the reported snmpd crash + (in ipsec_tunnel.c). Many thanks to Nate Carlson for pointing this out. + Closes: #261892: openswan: System crashes when snmpd runs at the same time + * Update Build-Depends from libopensc0-dev to libopensc1-dev. + Closes: #289600: openswan: can't fulfill the build dependencies + * Update Build-Depends from libcurl2-dev to libcurl3-dev. + * Include Japanese debconf translation and fix a typo in the master. + Closes: #288996: openswan: Japanese po-debconf template translation + (ja.po) and typo in template.pot + * Auto-apply the NAT Traversal patch with kernel-patch-openswan again. This + was changed by openswan (the freeswan version included the NAT-T patch + automatically). Thus, the patch is now applied before inserting the KLIPS + part. + * Include a ready-to-use NAT-T diff in the openswan-modules-source package + so that anybody who uses this package still has the option of using NAT + Traversal (though this means patching the kernel anyway, and kind of + makes the out-of-tree compilation senseless). However, Debian 2.4 series + kernels should already have NAT-T applied. + * Document the above two changes in the package descriptions and + README.Debian. + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 13 Jan 2005 09:30:45 +0100 + +openswan (2.2.0-5) unstable; urgency=low + + * Added more explanations to README.Debian on how to build the kernel + modules with either openswan-modules-source or kernel-patch-openswan. + + -- Rene Mayrhofer <rmayr@debian.org> Sat, 16 Oct 2004 13:11:48 +0200 + +openswan (2.2.0-4) unstable; urgency=medium + + Urgency medium to get this version into sarge - it fixes a bug that turned + up on some machines and prevented openswan from starting. + * no_oe.conf will work when there are spaces at the end, many thanks to + Hans Fugal for figuring that out! + Closes: #270012: openswan: Fails to start after Installation + (/etc/ipsec.d/examples/no_oe.conf problem?) + I am now sending this towards upstream so that it should hopefully get + fixed for the next release - it's a bit awkward for a config file. + * Fixed a minor aesthetical issue in openswan.postinst: when a plain RSA key + is already present in ipsec.secrets and a new one is being created, a + needless line was printed. Silenced by adding -q to egrep. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 3 Oct 2004 20:57:22 +0200 + +openswan (2.2.0-3) unstable; urgency=low + + * Also added flex to Build-Depends, the new starter (replacement for + the init scripts, but not yet active) needs it to build. + Closes: #272935: openswan_2.2.0-1(ia64/unstable): FTBFS: missing + build-depends + Closes: #273241: openswan: FTBFS: Missing Build-Depends on 'flex' + * Adapted the rules file of openswan-modules-source to cope with the new + upstream source code - need to generate a C file from a template before + the ipsec module can be built. + Closes: #273144: openswan-modules-source: linux/net/ipsec/version.c + neither created nor compiled + * Enabled the building of modular extensions (AES and cryptoapi) by default + for openswan-modules-source. Also enabled the AES cipher in addition to + 3DES (this is directly in the ipsec.o kernel module, the modular + extensions version is an alternative to this). + + -- Rene Mayrhofer <rmayr@debian.org> Fri, 24 Sep 2004 12:38:47 +0200 + +openswan (2.2.0-2) unstable; urgency=low + + * Added bison to Build-Depends. + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 23 Sep 2004 15:18:51 +0200 + +openswan (2.2.0-1) unstable; urgency=medium + + * New upstream version: + - Introduces AES support, which is the reason for urgency medium. AES + should definitly go into sarge. + - Adds RFC 3706 DPD (dead peer detection) support, see + /usr/share/doc/openswan/docs/README.DPD for details. + This adds the last missing piece (AES) to replace the freeswan package + completely. As of now, freeswan is officially unsupported and will soon + be removed from Debian. Please upgrade to openswan, which should not cause + any issues. Configuration files and certificates are completely compatible. + Closes: #270012: openswan: Fails to start after Installation + (/etc/ipsec.d/examples/no_oe.conf problem?) + I can no longer reproduce this problem on a fresh install of + 2.2.0-1. + Closes: #260120: openswan: Patch fixing #256391 breaks the autogenerated + certificate + The new X.509 patch included in this upstream release (no longer + patched by the Debian package) should fix this too. + Closes: #246828: /etc/ipsec.conf refers to invalid URLs + The default ipsec.conf file distributed by upstream no longer + refers to an URL. + * Fixed a thinko in the postinst script that prevented the correct insertion + of plain RSA keys into /etc/ipsec.secrets (i.e. not using X.509 + certificates). Fixed now. + Closes: #268742: openswan: Plain RSA key not successfully written to + ipsec.secrets + * Adapt to the new way of openswan handling the disabling of opportunistic + encryption. In the default ipsec.conf distributed with upstream openswan, + OE is now disabled (which changes the previous default). Adapted the + postinst script so that it can now enable and disable OE support based on + the debconf option. + Closes: #268743: openswan: fails to respect debconf OE setting + * Updated the French and Brazilian Portugese debconf translations. + Closes: #256457: openswan: [INTL:fr] French debconf templates translation + Closes: #264246: openswan: [INTL:pt_BR] Please use the attached Brazilian + Portuguese debconf template translation + * Patched debian/fswcert/fswcert.c to compile cleanly with gcc-3.4. Thanks + to Andreas Jochens for the patch! + Closes: #262663: openswan: FTBFS with gcc-3.4: label at end of compound + statement + * Documented how to build the KLIPS kernel part with either the + kernel-patch-openswan or the openswan-modules-source packages. + Closes: #246819: Needs documentation on how to build the kernel modules + * Bump Standards-Version to 3.6.1.0, no changes necessary. + + -- Rene Mayrhofer <rmayr@debian.org> Tue, 21 Sep 2004 18:13:52 +0200 + +openswan (2.1.5-1) unstable; urgency=medium + + * New upstream release, which fixes another potential security issue. + + -- Rene Mayrhofer <rene@mayrhofer.eu.org> Sun, 5 Sep 2004 18:00:40 +0200 + +openswan (2.1.3-1) unstable; urgency=HIGH + + Urgency high because of a possibly security issue. + * New upstream version. This includes the CRL fix form 2.1.1-5 and the + proper activation of NAT traversal in Makefile.inc. + Closes: #253457: Openswan: new upstream available that includes xauth + Closes: #253458: Openswan: new upstream available that includes xauth + Closes: #253461: Openswan: new upstream available + Closes: #253782: openswan: Should automatically load kernel module + xfrm_user + But I have currently not explicitly enabled xaut support in Makefile.inc, + quoting from there: "off by default, since XAUTH is tricky, and you can + get into security trouble". If it needs to be enabled to work, please tell + me and I will need to take a far closer look on it (and the involved + problems). + This new upstream version also fixes a possible security issue in the + X.509 certificate authentication. + * The last upload didn't seem to have hit the archives, strange... + However, the bugs are still fixed, closing them now. + Closes: #245450: openswan should not depend on + kernel-image-2.4 || kernel-image-2.6 + Closes: #246847: openswan: shouldn't conflict with ike-server + Closes: #246373: openswan: [INTL:fr] French debconf templates translation + + -- Rene Mayrhofer <rene@mayrhofer.eu.org> Thu, 17 June 2004 12:22:45 +0200 + +openswan (2.1.1-5) unstable; urgency=low + + * Applied a patch from openswan CVS to fix CRL related crashes. + * Drop the dependency on kernels it works with - the package description + already says that it will need kernel support to work. This allows people + to easily use self-compiled kernels with the right support (e.g. 2.6.5). + Closes: #245450: openswan should not depend on + kernel-image-2.4 || kernel-image-2.6 + * While I'm at it, also replace the various Suggests: *freeswan* with + openswan. Oops. + * openswan conflicts with ike-server because only one ike-server can be + active at any given time (it will listen on UDP port 500). This policy + has been agreed to by all Debian IPSec package maintainers and implemented + in all ike-server providing packages. + Closes: #246847: openswan: shouldn't conflict with ike-server + * Took the debconf translations from the freeswan package and "ported" them + via debconf-updatepo. Thanks to Christian Perrier for mentioning that it + was this easy. + The templates should now be correct (all instances of FreeS/wan replaced + by Openswan). + Closes: #246373: openswan: [INTL:fr] French debconf templates translation + + -- Rene Mayrhofer <rene@mayrhofer.eu.org> Tue, 18 May 2004 19:46:24 +0200 + +openswan (2.1.1-4) unstable; urgency=low + + * Fixed the kernel-patch-openswan apply script. + * Warning: Due to an upstream bug, pluto from this version will dump core + on certain CRLs. If you are hit by this bug, please report it directly to + upstream, they are still tracking the issue down. + + + -- Rene Mayrhofer <rene@mayrhofer.eu.org> Thu, 15 Apr 2004 09:50:32 +0200 + +openswan (2.1.1-3) unstable; urgency=low + + * Also build the openswan-modules-source and kernel-patch-openswan + packages now. + * Fixed _startklips in combination with the native IPSec stack - many thanks + to Nate Carlson for the patch. + + -- Rene Mayrhofer <rene@mayrhofer.eu.org> Wed, 31 Mar 2004 19:33:49 +0200 + +openswan (2.1.1-2) unstable; urgency=low + + * Took the package as official maintainer. + * Updated all relevant packaging stuff to the level of freeswan 2.04-9, + including auto-generation of X.509 certificates and insertion in + ipsec.secrets. This also corrects the libexec path in some scripts. + + -- Rene Mayrhofer <rene@mayrhofer.eu.org> Wed, 31 Mar 2004 11:23:46 +0200 + +openswan (2.1.1-1) unstable; urgency=low + + * Initial version - packaging based on Rene Mayrhofer's + FreeS/WAN packaging + + -- Alexander List <alexlist@sbox.tu-graz.ac.at> Sun, 21 Mar 2004 21:47:53 +0100 + +Local variables: +mode: debian-changelog +End: |