diff options
Diffstat (limited to 'debian/changelog')
| -rw-r--r-- | debian/changelog | 496 |
1 files changed, 4 insertions, 492 deletions
diff --git a/debian/changelog b/debian/changelog index 8b7e14fda..6e4484588 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,497 +1,9 @@ -openswan (1:2.4.5-3) unstable; urgency=low +strongswan (2.7.0-1) unstable; urgency=low - * Renamed kernel-patch-openswan to linux-patch-openswan. - * Removed the remarks in the package descriptions that linux-patch-openswan - and openswan-modules-source will only work with 2.4 series kernels. This - is no longer true. - * Use updated French translation. Thanks to Christian Perrier and sorry for - not giving time to update the translations before the last upload. I felt - that the FTBFS should be corrected quickly. - Closes: #364399: openswan: [INTL:fr] French debconf templates translation + * Initial Debian packaging of strongswan. This is directly based on my + Debian package of openswan 2.4.5-3. - -- Rene Mayrhofer <rmayr@debian.org> Sun, 23 Apr 2006 21:47:53 +0100 - -openswan (1:2.4.5-2) unstable; urgency=low - - * The NMU patch doesn't seem to have applied to debian/control, - because the dependency was still on libopensc1-dev. Fixed that now - by adding libopensc2-dev. - Closes: #363073: openswan_1:2.4.5-1: FTBFS: Build depends on - libopensc1-dev - * Added the patch to fix alignment issues on Sparc, as upstream acknowledged - it and applied it to their development tree. - Closes: #341630: openswan: Pluto crypto helper gets SIGBUS on SPARC due - to request memory alignment issue - - -- Rene Mayrhofer <rmayr@debian.org> Mon, 17 Apr 2006 14:53:37 +0100 - -openswan (1:2.4.5-1) unstable; urgency=low - - * New upstream release. This release adds support for patching newer kernel - versions. Verified that the patched kernel tree compiles with Debian - kernel sources 2.6.15-8 and 2.6.16-6. - Closes: #361800: kernel-patch-openswan: Fails to patch Debian 2.6.15 - kernel - It also adds the patches for an IPSec/L2TP server behind a NAT. - Closes: #307529: More patches for openswan server behind NAT - Closes: #353792: openswan nat-t failure - And additionally there are (according to upstream changelogs) fixes for - running on SMP systems. If the following bug still persists (can not test - myself), then please reopen. - Closes: #343603: kernel-patch-openswan: Starting IPSEC makes system freeze - The patch to fix the snmpd crash is also in this upstream version (just - checked linux/net/ipsec/ipsec_tunnel.c). It was probably in older versions - as well, so this might have been closed earlier. It's not mentioned in - upstream changelog, so I don't know exactly when it has been fixed. - Closes: #318298: kernel-patch-openswan: Kernel Oops - Null Dereference - when using snmpd - The ipsec.conf manual page has been updated to document connaddrfamily. - Closes: #296611: openswan: "man -S 5 ipsec.conf" fails to mention the - parameter "connaddrfamily" - * Acknowledge fixes in last NMU - thanks to Christian. - Closes: #352050: openswan: FTBFS: Package libopensc1-dev has no - installation candidate - Closes: #356716: openswan: Incomplete clean when building - Closes: #316693: openswan_1/2.2.0-10 - Closes: #339390: openswan: [INTL:sv] Swedish debconf templates translation - * Enable building of XAUTH support. - * Import override files from /etc/default instead of /etc/sysconfig. This - uses dpatch, so now Build-Depend on it. - Closes: #354965: openswan: /usr/lib/ipsec/_updown uses /etc/sysconfig/, - please change to /etc/default/ - * Only ask if an existing certificate/private key pair should be used when - the user chose not to create a new key pair. Also mention, when asking to - create a new key pair, that an existing one can be used alternatively. - Closes: #298250: confusing debconf question about certificate creation - * Move the USE_LDAP, USE_LIBCURL, and HAVE_THREADS options from the - "make install" to the "make programs" call where it belongs. - Closes: #292838: openswan: Dynamic CRL fetching not supported - * Remove /usr/share/doc/openswan/index.html, because it is a duplicate of - /usr/share/doc/openswan/doc/index.html, and only the latter one has links - to existing files. - Closes: #311613: openswan: html documentation links to the wrong place - Closes: #357719: broken links in file:///usr/share/doc/openswan/index.html - Closes: #357698: broken links in file:///usr/share/doc/openswan/index.html - * Add #ifdef to linux/net/ipsec/ipsec_init.c to branch between Debian and - vanilla 2.4 kernels. For Debian kernels with the XFRM (26sec) backport, - a second option is necessary for inet_(add|del)_protocol. This should - allow KLIPS to compile on both Debian and vanilla 2.4 kernels. Verified - that it compiles with Debian 2.4.27-12 and vanilla 2.4.32. - Closes: #340294: openswan-modules-source: fails to build with 2.4.27 on - sarge - Closes: #342844: kernel-patch-openswan: FTBS with kernel-source-2.4.27 - 2.4.27-11 - * Document in README.Debian that KLIPS for 2.4 kernels will not compile with - newer GCC versions and give a hint on how to use older versions with - make-kpkg. - * Kernel 2.6.8 is not properly supported and is horribly outdated by now. - If you really need to use 2.6.8, then please use the native 26sec IPSec - stack. For KLIPS support, use at least 2.6.12, or better 2.6.15. - Closes: #318136: kernel-patch-openswan: Problem applying - kernel-openswan-patch to kernel-source-2.6.8 - * Compress the modules source tree with bzip2 instead of gzip and thus - reduce the size of the openswan-modules-source package. - - -- Rene Mayrhofer <rmayr@debian.org> Sat, 15 Apr 2006 21:36:36 +0100 - -openswan (1:2.4.4-3.1) unstable; urgency=high - - * Non-maintainer upload with maintainer's agreement - * Fix FTBFS by replacing the build dependency on libopensc1-dev to - libopensc2-dev. Closes: #352050 - * Really clean when building - Closes: #356716 - * Correct typos and English errors in templates - Unfuzzy translations - Closes: #316693 - * Swedish debconf templates translation added - Closes: #339390 - - -- Christian Perrier <bubulle@debian.org> Thu, 16 Mar 2006 06:10:05 +0100 - -openswan (1:2.4.4-3) unstable; urgency=low - - * Corrected PATCHNAME in the kernel-patch-openswan unpatch script. - Closes: #344852: kernel-patch-openswan: PATCHNAME=openswan in apply script - but =freeswan in unpatch - - -- Rene Mayrhofer <rmayr@debian.org> Tue, 27 Dec 2005 10:38:33 +0000 - -openswan (1:2.4.4-2) unstable; urgency=low - - * Build-depend on libkrb5-dev. - Closes: #344612: openswan: pluto has shared library dependency on - libkrb5support.so - - -- Rene Mayrhofer <rmayr@debian.org> Mon, 26 Dec 2005 11:22:17 +0000 - -openswan (1:2.4.4-1) unstable; urgency=high - - Reasoning for urgency high: DoS security issues. - * New upstream version. This is supposed to fix the other part of the DoS - problem. - - -- Rene Mayrhofer <rmayr@debian.org> Fri, 18 Nov 2005 19:23:49 +0000 - -openswan (1:2.4.3-1) unstable; urgency=high - - Reasoning for urgency high: DoS security issues. - * New upstream version. - Closes: Bug#339082: kernel-patch-openswan: ISAKMP implementation - problems / DoS - - -- Rene Mayrhofer <rmayr@debian.org> Tue, 15 Nov 2005 15:49:44 +0000 - -openswan (1:2.4.0-3) unstable; urgency=low - - * Doh. Forgot to merge the new debconf depends from my openswan 2.2.0 - package branch. Now again change the debconf depends to debconf | - debconf-2.0. - Closes: #332055: openswan depends on debconf without | debconf-2.0 - alternate; blocks cdebconf transition - * Also build-depend on the new libssl (>= 0.9.8-1) now to help the - transition. If you recompile this package for woody/sarge, you can safely - ignore this versioned build-dependency. No new API is needed this is just - for the ABI transition. - - -- Rene Mayrhofer <rmayr@debian.org> Mon, 10 Oct 2005 11:22:12 +0100 - -openswan (1:2.4.0-2) unstable; urgency=low - - * Module building has changed a bit for the new openswan upstream - releases (need additional files). Adapt the openswan-modules-source - package to that and also fix pfkey_v2.c to compile with kernel 2.4 - (patches sent to upstream for future inclusion). - Closes: #291274: Fails to build with 2.4.29: missing Makefile - Closes: #273443: openswan-modules-source: doesn't build with 2.6.8 - - different from #273144 (?) - * Fix the postinst script (must have been a bash update that broke it). - Closes: #330864: openswan: postinst fails with "`make-x509-cert': not a - valid identifier" - - -- Rene Mayrhofer <rmayr@debian.org> Fri, 30 Sep 2005 18:11:28 +0100 - -openswan (1:2.4.0-1) unstable; urgency=low - - * New upstream release. This finally allows the Debian packages to be - updated since the regression from 2.2.X to 2.3.X has been fixed (pluto - crash with roadwarriors). Please be aware that pluto daemons from 2.2 or - 2.3 openswan release will still crash, so please update all your - installations as soon as possible. - Closes: #292132: openswan: OpenSwan 2.2.0 crashes when a road-warrior - comes in using 2.3.0 - This release also supports KLIPS with 2.6 kernels now. - Closes: #301801: kernel-patch-openswan: Fails to build with Debian - 2.6.10 source - #273443: openswan-modules-source: doesn't build with 2.6.8 - - different from #273144 (?) - #318136: kernel-patch-openswan: Problem applying - kernel-openswan-patch to kernel-source-2.6.8 - * Fixed gcc 4 compile for fswcert (patch will be forwarded to upstream). - * Added Vietnamese debconf translation. - Closes: #316692: INTL:vi - * Introduced the epoch in this branch to allow automatic updates from the - previously downgraded 2.2 release. - * Edited the debian/copyright file to mention the shared GPL path and - removed old licenses (only refer to CREDITS now). - - -- Rene Mayrhofer <rmayr@debian.org> Mon, 19 Sep 2005 13:40:30 +0100 - -openswan (2.3.1-1) unstable; urgency=high - - Urgency HIGH because openswan is an important package for testing (at least - in my opinion...). - * New upstream version. This update should fix the various crashes - that openswan 2.3.0 pluto was causing on other openswan boxes - (occured in the wild with 2.2.0 and 2.3.0, but might also happen - with others) in some cases. - Closes: #292132: openswan: OpenSwan 2.2.0 crashes when a road-warrior - comes in using 2.3.0 - * Adapt to the new way of building modules (which changed between upstream - version 2.2.0 and 2.3.0). openswan-modules-source should now build with - 2.4 and with 2.6 kernels (using make-kpkg). - Closes: #291274: Fails to build with 2.4.29: missing Makefile - Closes: #276521: openswan-modules-source: ipsec_aes.o & ipsec_cryptoapi.o - not kernel modules - * Also enable building of 2.6 kernel modules in openswan-modules-source. - Closes: #273443: openswan-modules-source: doesn't build with 2.6.8 - - different from #273144 (?) - * kernel-patch-openswan also needed some changes due to the new tree - layout (specifically the new Makefile.top). Now kernel-patch-openswan - has been enabled to work with kernel 2.6, so you can now get ipsecX - interfaces with kernel 2.6 (tested with vanilla 2.6.10)! - Closes: #301801 kernel-patch-openswan: Fails to build with Debian 2.6.10 - source - * There was no reply by the original bug submitter, so this really seemed - to be a toolchain problem. I can't reproduce this bug. - Closes: #283387: openswan: Fails to build on testing (Sarge) - * The build-dependency has already been updated from libcurl2-dev to - libcurl3-dev in package 2.3.0-1. Now updated it to - libcurl3-dev | libcurl2-dev so that backporting to woody is easier. - Closes: #298468 openswan fails to build on sarge due to missing - libcurl2-dev dependancy - * The same goes for libopensc*-dev. - * Fixed typos in the logcheck ignore files. - Closes: #298693: openswan: logcheck files - typo - * Updated debconf translations. - Closes: #290847: openswan: [INTL:fr] French debconf templates translation - Closes: #292077: [INTL:pt_BR] Please apply the attached patch in order to - update openswan's pt_BR debconf translation - Closes: #294202: [l10n] Czech po-debconf template translation (cs.po) - * Removed the source code for the fswcert utility from the debian/ dir in - the source package - it is now included in the upstream source under - programs/. - * Removed the conflicts with ike-server (still providing it though). - Closes: #297186: openswan: Remove conflict on ike-server - * Don't conflict with freeswan generally, but only with versions < 2.04-12. - (This is in preparation of the freeswan transition package that I am - working on.) - * Explicitly remove the execute permissions from /etc/ipsec.d/policies/*. - Closes: #298245: wrong permissions in /etc - * No longer need gawk for openswan scripts to work. This allows to finally - removed the awk-to-gawk hack in debian/rules and means that openswan no - longer depends on gawk. - * Enable the building of pluto code for dynamic URL fetching (which needs - libldap2-dev and libcurl3-dev) and the XAUTH PAM support. Therefore, we - now build-depend on libpam0g-dev. - Closes: #292838: openswan: Dynamic CRL fetching not supported - - -- Rene Mayrhofer <rmayr@debian.org> Sat, 9 Apr 2005 17:56:16 +0200 - -openswan (2.3.0-2) unstable; urgency=HIGH - - Urgency HIGH due to security issue and problems with build-deps in sarge. - * Fix the security issue. Please see - http://www.idefense.com/application/poi/display?id=190& - type=vulnerabilities&flashstatus=false - or CAN-2005-0162 at - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0162 - for more details. Thanks to Martin Schulze for informing me about this - issue. - Closes: #292458: Openswan XAUTH/PAM Buffer Overflow Vulnerability - * Added a Build-Dependency to lynx. - Closes: #291143: openswan: FTBFS: Missing build dependency. - - -- Rene Mayrhofer <rmayr@debian.org> Thu, 27 Jan 2005 16:10:11 +0100 - -openswan (2.3.0-1) unstable; urgency=low - - * New upstream release. - Important change: aes-sha1 is now the default proposal (but 3des-md5 is - still supported if the other side requests it). Please look at - /usr/share/doc/openswan/docs/RELEASE-NOTES for details. - * Includes KLIPS support for kernel 2.6 for the first time, but I have not - yet modified openswan-modules-source to cope with that. If somebody wants - to lend me a hand to address #273443, it would be more than welcome. - * This release includes a fix for the reported snmpd crash - (in ipsec_tunnel.c). Many thanks to Nate Carlson for pointing this out. - Closes: #261892: openswan: System crashes when snmpd runs at the same time - * Update Build-Depends from libopensc0-dev to libopensc1-dev. - Closes: #289600: openswan: can't fulfill the build dependencies - * Update Build-Depends from libcurl2-dev to libcurl3-dev. - * Include Japanese debconf translation and fix a typo in the master. - Closes: #288996: openswan: Japanese po-debconf template translation - (ja.po) and typo in template.pot - * Auto-apply the NAT Traversal patch with kernel-patch-openswan again. This - was changed by openswan (the freeswan version included the NAT-T patch - automatically). Thus, the patch is now applied before inserting the KLIPS - part. - * Include a ready-to-use NAT-T diff in the openswan-modules-source package - so that anybody who uses this package still has the option of using NAT - Traversal (though this means patching the kernel anyway, and kind of - makes the out-of-tree compilation senseless). However, Debian 2.4 series - kernels should already have NAT-T applied. - * Document the above two changes in the package descriptions and - README.Debian. - - -- Rene Mayrhofer <rmayr@debian.org> Thu, 13 Jan 2005 09:30:45 +0100 - -openswan (2.2.0-5) unstable; urgency=low - - * Added more explanations to README.Debian on how to build the kernel - modules with either openswan-modules-source or kernel-patch-openswan. - - -- Rene Mayrhofer <rmayr@debian.org> Sat, 16 Oct 2004 13:11:48 +0200 - -openswan (2.2.0-4) unstable; urgency=medium - - Urgency medium to get this version into sarge - it fixes a bug that turned - up on some machines and prevented openswan from starting. - * no_oe.conf will work when there are spaces at the end, many thanks to - Hans Fugal for figuring that out! - Closes: #270012: openswan: Fails to start after Installation - (/etc/ipsec.d/examples/no_oe.conf problem?) - I am now sending this towards upstream so that it should hopefully get - fixed for the next release - it's a bit awkward for a config file. - * Fixed a minor aesthetical issue in openswan.postinst: when a plain RSA key - is already present in ipsec.secrets and a new one is being created, a - needless line was printed. Silenced by adding -q to egrep. - - -- Rene Mayrhofer <rmayr@debian.org> Sun, 3 Oct 2004 20:57:22 +0200 - -openswan (2.2.0-3) unstable; urgency=low - - * Also added flex to Build-Depends, the new starter (replacement for - the init scripts, but not yet active) needs it to build. - Closes: #272935: openswan_2.2.0-1(ia64/unstable): FTBFS: missing - build-depends - Closes: #273241: openswan: FTBFS: Missing Build-Depends on 'flex' - * Adapted the rules file of openswan-modules-source to cope with the new - upstream source code - need to generate a C file from a template before - the ipsec module can be built. - Closes: #273144: openswan-modules-source: linux/net/ipsec/version.c - neither created nor compiled - * Enabled the building of modular extensions (AES and cryptoapi) by default - for openswan-modules-source. Also enabled the AES cipher in addition to - 3DES (this is directly in the ipsec.o kernel module, the modular - extensions version is an alternative to this). - - -- Rene Mayrhofer <rmayr@debian.org> Fri, 24 Sep 2004 12:38:47 +0200 - -openswan (2.2.0-2) unstable; urgency=low - - * Added bison to Build-Depends. - - -- Rene Mayrhofer <rmayr@debian.org> Thu, 23 Sep 2004 15:18:51 +0200 - -openswan (2.2.0-1) unstable; urgency=medium - - * New upstream version: - - Introduces AES support, which is the reason for urgency medium. AES - should definitly go into sarge. - - Adds RFC 3706 DPD (dead peer detection) support, see - /usr/share/doc/openswan/docs/README.DPD for details. - This adds the last missing piece (AES) to replace the freeswan package - completely. As of now, freeswan is officially unsupported and will soon - be removed from Debian. Please upgrade to openswan, which should not cause - any issues. Configuration files and certificates are completely compatible. - Closes: #270012: openswan: Fails to start after Installation - (/etc/ipsec.d/examples/no_oe.conf problem?) - I can no longer reproduce this problem on a fresh install of - 2.2.0-1. - Closes: #260120: openswan: Patch fixing #256391 breaks the autogenerated - certificate - The new X.509 patch included in this upstream release (no longer - patched by the Debian package) should fix this too. - Closes: #246828: /etc/ipsec.conf refers to invalid URLs - The default ipsec.conf file distributed by upstream no longer - refers to an URL. - * Fixed a thinko in the postinst script that prevented the correct insertion - of plain RSA keys into /etc/ipsec.secrets (i.e. not using X.509 - certificates). Fixed now. - Closes: #268742: openswan: Plain RSA key not successfully written to - ipsec.secrets - * Adapt to the new way of openswan handling the disabling of opportunistic - encryption. In the default ipsec.conf distributed with upstream openswan, - OE is now disabled (which changes the previous default). Adapted the - postinst script so that it can now enable and disable OE support based on - the debconf option. - Closes: #268743: openswan: fails to respect debconf OE setting - * Updated the French and Brazilian Portugese debconf translations. - Closes: #256457: openswan: [INTL:fr] French debconf templates translation - Closes: #264246: openswan: [INTL:pt_BR] Please use the attached Brazilian - Portuguese debconf template translation - * Patched debian/fswcert/fswcert.c to compile cleanly with gcc-3.4. Thanks - to Andreas Jochens for the patch! - Closes: #262663: openswan: FTBFS with gcc-3.4: label at end of compound - statement - * Documented how to build the KLIPS kernel part with either the - kernel-patch-openswan or the openswan-modules-source packages. - Closes: #246819: Needs documentation on how to build the kernel modules - * Bump Standards-Version to 3.6.1.0, no changes necessary. - - -- Rene Mayrhofer <rmayr@debian.org> Tue, 21 Sep 2004 18:13:52 +0200 - -openswan (2.1.5-1) unstable; urgency=medium - - * New upstream release, which fixes another potential security issue. - - -- Rene Mayrhofer <rene@mayrhofer.eu.org> Sun, 5 Sep 2004 18:00:40 +0200 - -openswan (2.1.3-1) unstable; urgency=HIGH - - Urgency high because of a possibly security issue. - * New upstream version. This includes the CRL fix form 2.1.1-5 and the - proper activation of NAT traversal in Makefile.inc. - Closes: #253457: Openswan: new upstream available that includes xauth - Closes: #253458: Openswan: new upstream available that includes xauth - Closes: #253461: Openswan: new upstream available - Closes: #253782: openswan: Should automatically load kernel module - xfrm_user - But I have currently not explicitly enabled xaut support in Makefile.inc, - quoting from there: "off by default, since XAUTH is tricky, and you can - get into security trouble". If it needs to be enabled to work, please tell - me and I will need to take a far closer look on it (and the involved - problems). - This new upstream version also fixes a possible security issue in the - X.509 certificate authentication. - * The last upload didn't seem to have hit the archives, strange... - However, the bugs are still fixed, closing them now. - Closes: #245450: openswan should not depend on - kernel-image-2.4 || kernel-image-2.6 - Closes: #246847: openswan: shouldn't conflict with ike-server - Closes: #246373: openswan: [INTL:fr] French debconf templates translation - - -- Rene Mayrhofer <rene@mayrhofer.eu.org> Thu, 17 June 2004 12:22:45 +0200 - -openswan (2.1.1-5) unstable; urgency=low - - * Applied a patch from openswan CVS to fix CRL related crashes. - * Drop the dependency on kernels it works with - the package description - already says that it will need kernel support to work. This allows people - to easily use self-compiled kernels with the right support (e.g. 2.6.5). - Closes: #245450: openswan should not depend on - kernel-image-2.4 || kernel-image-2.6 - * While I'm at it, also replace the various Suggests: *freeswan* with - openswan. Oops. - * openswan conflicts with ike-server because only one ike-server can be - active at any given time (it will listen on UDP port 500). This policy - has been agreed to by all Debian IPSec package maintainers and implemented - in all ike-server providing packages. - Closes: #246847: openswan: shouldn't conflict with ike-server - * Took the debconf translations from the freeswan package and "ported" them - via debconf-updatepo. Thanks to Christian Perrier for mentioning that it - was this easy. - The templates should now be correct (all instances of FreeS/wan replaced - by Openswan). - Closes: #246373: openswan: [INTL:fr] French debconf templates translation - - -- Rene Mayrhofer <rene@mayrhofer.eu.org> Tue, 18 May 2004 19:46:24 +0200 - -openswan (2.1.1-4) unstable; urgency=low - - * Fixed the kernel-patch-openswan apply script. - * Warning: Due to an upstream bug, pluto from this version will dump core - on certain CRLs. If you are hit by this bug, please report it directly to - upstream, they are still tracking the issue down. - - - -- Rene Mayrhofer <rene@mayrhofer.eu.org> Thu, 15 Apr 2004 09:50:32 +0200 - -openswan (2.1.1-3) unstable; urgency=low - - * Also build the openswan-modules-source and kernel-patch-openswan - packages now. - * Fixed _startklips in combination with the native IPSec stack - many thanks - to Nate Carlson for the patch. - - -- Rene Mayrhofer <rene@mayrhofer.eu.org> Wed, 31 Mar 2004 19:33:49 +0200 - -openswan (2.1.1-2) unstable; urgency=low - - * Took the package as official maintainer. - * Updated all relevant packaging stuff to the level of freeswan 2.04-9, - including auto-generation of X.509 certificates and insertion in - ipsec.secrets. This also corrects the libexec path in some scripts. - - -- Rene Mayrhofer <rene@mayrhofer.eu.org> Wed, 31 Mar 2004 11:23:46 +0200 - -openswan (2.1.1-1) unstable; urgency=low - - * Initial version - packaging based on Rene Mayrhofer's - FreeS/WAN packaging - - -- Alexander List <alexlist@sbox.tu-graz.ac.at> Sun, 21 Mar 2004 21:47:53 +0100 + -- Rene Mayrhofer <rmayr@debian.org> Mon, 22 May 2006 07:37:00 +0100 Local variables: mode: debian-changelog |