2011
ipsec-tools (1:0.8.0-9) unstable; urgency=low
* Apply new patchs which enable GNU/kfreebsd build.
Thanks to Mats Erik Andersson. (Closes: #617859, #639970)
* Put removing of config.log at end of dh_clean to stop file changed
problems during git-buildpackage
* Fix lots of minor lintian warnings.
* LSB-fy init scripts. (Closes: #629828)
* Fix spelling error in racoon.conf.5 manpage.
* Fix typo in libipsec_strerror.h (Closes: #642926)
* Updated racoon-tool.conf.5 manpage, minor regexps.
* New racoon-tool, Multi relation SPD code.
* debian/control: Add Vcs-* stanzas.
-- Matthew Grant <matthewgrant5@gmail.com> Sat, 08 Oct 2011 16:30:22 +1300
ipsec-tools (1:0.8.0-8) unstable; urgency=low
* Revert racoon-tool default SPD level to unique for comaptibilty and
individual VPN reload speed.
-- Matthew Grant <matthewgrant5@gmail.com> Wed, 28 Sep 2011 12:12:12 +1300
ipsec-tools (1:0.8.0-7) unstable; urgency=low
* Temporarily fix gcc-4.6 build on most architectures. Need to contact
upstream about proper use of autoconf and configure.ac for gcc-4.6 support
as autoconf for this package appears to be brittle.
-- Matthew Grant <matthewgrant5@gmail.com> Wed, 28 Sep 2011 10:09:20 +1300
ipsec-tools (1:0.8.0-6) unstable; urgency=low
* Remove Requires-Stop $remotefs from init script. (Closes: #643006)
-- Matthew Grant <matthewgrant5@gmail.com> Tue, 27 Sep 2011 07:51:09 +1300
ipsec-tools (1:0.8.0-5.1) unstable; urgency=low
* Minor version to kick over reprepro
-- Matthew Grant <matthewgrant5@gmail.com> Mon, 26 Sep 2011 10:58:05 +1300
ipsec-tools (1:0.8.0-5) unstable; urgency=low
* Fix required-stop $remotefs with lintian override as otherwise causes
dependency boot order loops sith sendsigs.
* Add racoon-tool match code for udp port 500 traffic.
-- Matthew Grant <matthewgrant5@gmail.com> Mon, 26 Sep 2011 10:52:50 +1300
ipsec-tools (1:0.8.0-4.1) unstable; urgency=low
* Update raccon-tool transport mode to ignore dup port 500 <-> 500 traffic.
-- Matthew Grant <matthewgrant5@gmail.com> Mon, 26 Sep 2011 10:19:19 +1300
ipsec-tools (1:0.8.0-4) unstable; urgency=low
* New Maintainer. Have conferred with Stefan Bauer.
* Changed to gcc-4.5 only as 4.6 does not support -R flag that ipsec-tools
requires. (Closes: #625184)
* Marked automake, autoconf, and autoheader as Build-Conflicts.
* Added updated racoon-tool.pl and associated manpages.
-- Matthew Grant <matthewgrant5@gmail.com> Sun, 25 Sep 2011 17:41:02 +1300
ipsec-tools (1:0.8.0-3) unstable; urgency=low
* Apply patch from Mats Erik Andersson to fix build problems on *BSD
This patch also addresses nat-t related issues for this arch
-- Stefan Bauer <stefan.bauer@cubewerk.de> Fri, 25 Mar 2011 12:29:19 +0100
ipsec-tools (1:0.8.0-2) unstable; urgency=low
* Skip dependency on libssl-dev and move back to libssl-dev (>= 0.9.6) to
provide an update to unstable. This will temporary remove the support for
camellia encryption algorithm until libssl-dev 1.x enters unstable
* Adjust racoon-init-script (Closes: #619151)
* Apply patch to fix build problems on *BSD
Thanks to Mats Erik Andersson
-- Stefan Bauer <stefan.bauer@cubewerk.de> Wed, 23 Mar 2011 11:44:33 +0100
ipsec-tools (1:0.8.0-1) experimental; urgency=low
* New upstream release
o Fix authentication method ambiguity with kerberos and xauth
o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman)
o Local address code rewrite to speed things up
o Improved MIPv6 support (Arnaud Ebalard)
o ISAKMP SA (phase1) rekeying
o Improved scheduler (faster algorithm, support monotonic clock)
o Handle RESPONDER-LIFETIME in quick mode
o Handle INITIAL-CONTACT in from main mode too
o Rewritten event handling framework for admin port
o Ability to initiate IPsec SA through admin port
o NAT-T Original Address handling (transport mode NAT-T support)
o clean NAT-T - PFkey support
o support for multiple anonymous remoteconfs
o Remove various obsolete configuration options
o A lot of other bug fixes, performance improvements and clean ups
* Remove patches as they are now part of upstream release
-- Stefan Bauer <stefan.bauer@cubewerk.de> Mon, 21 Mar 2011 10:52:37 +0100
ipsec-tools (1:0.7.3-18) experimental; urgency=low
* Lower the log level for racoon to notify to keep syslog clear * Reupload because build dir was tainted * Skip --enable-xauth on build, as this is covered by --enable-hybrid
-- Stefan Bauer <stefan.bauer@cubewerk.de> Fri, 11 Mar 2011 09:16:43 +0100
ipsec-tools (1:0.7.3-16) experimental; urgency=low
* Adjust racoon init-script to handle the start with kFreeBSD kernel
as well. Thanks to Mats Erik Andersson (Closes: #613726)
* Enable --with-libldap at build time
-- Stefan Bauer <stefan.bauer@cubewerk.de> Mon, 28 Feb 2011 13:21:18 +0100
ipsec-tools (1:0.7.3-15) experimental; urgency=low
* Fix build problems on *bsd (Closes: #612676) * Include configuration example to tunnel with OpenBSD (Closes: #612448) Thanks to Mats Erik Andersson
-- Stefan Bauer <stefan.bauer@cubewerk.de> Thu, 10 Feb 2011 11:11:53 +0100
ipsec-tools (1:0.7.3-14) experimental; urgency=low
* Fix build problems on *bsd * Include converter for plainrsa to pem file format (Closes: #612021)
-- Stefan Bauer <stefan.bauer@cubewerk.de> Sat, 05 Feb 2011 11:56:25 +0100
ipsec-tools (1:0.7.3-13) experimental; urgency=low
* Switch to dpkg-source 3.0 (quilt) format * Fix typo in README-file * Bump Standards to 3.9.1 * Include /usr/share/common-licenses/BSD in packages copyright file as base-files might drop the licenses in future versions * Added support for camellia encryption algorithm * Ship /etc/ipsec-tools.d/ with the package (Closes: #598426)
-- Stefan Bauer <stefan.bauer@cubewerk.de> Wed, 26 Jan 2011 15:26:30 +0100
2010
ipsec-tools (1:0.7.3-12) unstable; urgency=low
* Extend racoon init-script to start after setkey (Closes: #599529) This fix is to allow dependency based boot sequence as it is the default in squeeze. Thanks to Sebastian Bernhart for assistance.
-- Stefan Bauer <stefan.bauer@cubewerk.de> Sun, 10 Oct 2010 21:16:49 +0200
ipsec-tools (1:0.7.3-9) unstable; urgency=low
* Delay the check of setkey-configuration files to speed up processing
Idea taken from Mats Erik Andersson (Closes: #588490)
* Include upstream patch to support iPhone OS with L2TP over IPsec
and main mode with pre-shared keys as this is the only supported method
by the iPhone OS. Patch supplied by John Keith Hohm
-- Stefan Bauer <stefan.bauer@cubewerk.de> Thu, 12 Aug 2010 12:45:24 +0200
ipsec-tools (1:0.7.3-8) unstable; urgency=low
* Moved the private libs to /usr/lib/ipsec-tools to follow 10.2 of
Debian Policy (Closes: #507072)
-- Stefan Bauer <stefan.bauer@cubewerk.de> Tue, 01 Jun 2010 22:12:18 +0200
ipsec-tools (1:0.7.3-7) unstable; urgency=low
* Conflict with virtual package ike-server to avoid conflicts with other
ike-implementations (#583334)
* Include Danish debconf translation (Closes: #583969)
-- Stefan Bauer <stefan.bauer@cubewerk.de> Tue, 01 Jun 2010 12:05:15 +0200
ipsec-tools (1:0.7.3-6) unstable; urgency=low
* Applied patch from Martin Fuzzey to fix failed to bind to address bug
when using the phase1-up.sh script. Ubuntu Bug # 332606
-- Stefan Bauer <stefan.bauer@cubewerk.de> Mon, 12 Apr 2010 16:42:02 +0200
ipsec-tools (1:0.7.3-5) unstable; urgency=low
* Extented setkey init-script to be able to load setkey configurations
from /etc/ipsec-tools.d/*.conf files (Closes: #519862)
Patch supplied by Shane R. Spencer <shane@bogomip.com>
* Mention undocumented feature esp-udp in setkey manpage (Closes: #550697)
* Document lack of tcp-md5 support for setkey on linux (Closes: #389286)
-- Stefan Bauer <stefan.bauer@cubewerk.de> Mon, 22 Mar 2010 10:36:28 +0100
ipsec-tools (1:0.7.3-4) unstable; urgency=low
* Restart at the end of upgrade process to keep the connection in case
of maintenance over ipsec (Closes: #307721)
-- Stefan Bauer <stefan.bauer@cubewerk.de> Wed, 17 Mar 2010 12:14:27 +0100
ipsec-tools (1:0.7.3-3) unstable; urgency=low
* Modified the racoon and ipsec-tool maintainer scripts to not flush the
kernel SA/SD database on remove of racoon
* Keep the kernel SA/SD entries on upgrade as well
-- Stefan Bauer <stefan.bauer@cubewerk.de> Fri, 26 Feb 2010 16:15:32 +0100
ipsec-tools (1:0.7.3-2) unstable; urgency=low
* Modify racoon startscript to not restart on reload (Closes: #529001) * Applied patch to support cast128-cbc algorithm - patch supplied by Hiroyuki YAMAMORI <h-yamamo@db3.so-net.ne.jp> (Closes: #242723) * Build with hardening options enabled (Closes: #542731) Patch supplied by Kees Cook <kees@debian.org> * Fix typo in FAQ (Closes: #561980) * Flush SA/SD kernel-database on purge/remove (Closes: #569949)
-- Stefan Bauer <stefan.bauer@cubewerk.de> Tue, 23 Feb 2010 20:39:02 +0100
ipsec-tools (1:0.7.3-1) unstable; urgency=low
* New Maintainer (Closes: #565362) * Acknowledge NMU changes * New upstream release * Fixed a NAT-T flag check * Some code cleanups/compilation fixes with recent gcc * Fix a remote crash and a memory leak * Fix memory leak in x509 certificate validation * Fix a potential DoS in oakley_do_decrypt() * Check fgets return value in setkey to make gcc happy * Backport S.P.Zeidler's fix to IPv6 address related stack smashing * Bump Standards to 3.8.4 * Added {misc:Depends} for binary packages * Bump debhelper to 7.0.50~ to keep backports dependency * Fix typo in manpage * Stop racoon on runlevel 0 and 6 too * Get rid of dh_clean -k in favor of dh_prep
-- Stefan Bauer <stefan.bauer@cubewerk.de> Mon, 22 Feb 2010 15:46:03 +0100
2009
ipsec-tools (1:0.7.1-1.6) unstable; urgency=low
* Non-maintainer upload.
* Avoid strict aliasing checking, fix FTBFS w/ GCC 4.4 and up; patch by
peter green. (Closes: #530527)
-- Stefano Zacchiroli <zack@debian.org> Fri, 25 Dec 2009 19:21:49 +0100
ipsec-tools (1:0.7.1-1.5) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix multiple memory leaks in NAT traversal and RSA authentication
code of racoon leading to DoS because (CVE-2009-1632; Closes: #528933).
-- Nico Golde <nion@debian.org> Tue, 19 May 2009 13:26:14 +0200
ipsec-tools (1:0.7.1-1.4) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix possible denial of service via a fragment without
any payload (all item lengths = 0) which triggers a
null ptr dereference (Closes: #527634).
-- Nico Golde <nion@debian.org> Wed, 13 May 2009 13:24:22 +0200
2008
ipsec-tools (1:0.7.1-1.3) unstable; urgency=low
* Non-maintainer upload
* Racoon should depend on at least the current version of ipsec-tools
(Closes: #507071)
-- Evan Broder <broder@mit.edu> Sat, 13 Dec 2008 15:40:55 -0500
ipsec-tools (1:0.7.1-1.2) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Apply upstream patch to remove orphaned phase 1 handles that were
initiated remotely if an invalid first exchange was received
which may lead to a denial of service attack
(CVE-2008-3652; Closes: #501026).
-- Nico Golde <nion@debian.org> Tue, 07 Oct 2008 14:22:25 +0200
ipsec-tools (1:0.7.1-1.1) unstable; urgency=low
* Non-maintainer upload.
* Fix pending l10n issues
* Debconf translations:
- Russian. Closes: #484325
- Japanese. Closes: #494054
- Italian. Closes: #496117
- Finnish. Closes: #496236
-- Christian Perrier <bubulle@debian.org> Wed, 27 Aug 2008 08:49:00 +0200
ipsec-tools (1:0.7.1-1) unstable; urgency=low
* New upstream release * Apply debconf Swedish translation (closes: #491769)
-- Ganesan Rajagopal <rganesan@debian.org> Sun, 27 Jul 2008 15:51:17 +0530
ipsec-tools (1:0.7-2.1) unstable; urgency=low
* Non-maintainer upload to fix pending l10n issues.
* Debconf translations:
- German. Closes: #479257
- French. Closes: #477771
- Galician. Closes: #480984
- Spanish. Closes: #482343
- Vietnamese. Closes: #482363
- Czech. Closes: #482429
- Basque. Closes: #482847
- Portuguese. Closes: #482892
- Dutch. Closes: #483006
- Brazilian Portuguese. Closes: #483684
* [Lintian] Remove useless debian/preinst script
-- Christian Perrier <bubulle@debian.org> Sat, 10 May 2008 19:36:28 +0200
ipsec-tools (1:0.7-2) unstable; urgency=low
* Really apply patch from Ubuntu to racoon.init for bash completion
(closes: #453031).
* Fix module loading bug with hyphen in kernel version (closes: 376934).
-- Ganesan Rajagopal <rganesan@debian.org> Tue, 22 Apr 2008 14:40:39 +0530
ipsec-tools (1:0.7-1) unstable; urgency=low
* New upstream release (closes: #448056). * Thanks Peter Eisentraut and Jérémy Bobbio for NMUs. * Apply patch from Ubuntu to racoon.init to create /var/run/racoon if it doesn't already exist (closes: #453029). * Apply patch from Ubuntu to racoon.init for bash completion (closes: #453031). * Fix bad config location in README.Debian (closes: #412674). * Remove unneeded Build-Depends on libreadline5-dev. * Add Build-Depends on chrpath and remove rpath lintian warnings. * Fix racoon-tool bug which causes racoon to fail to start (closes: #470736). * Update Standards-Version to 3.7.3 (no packaging changes required).
-- Ganesan Rajagopal <rganesan@debian.org> Tue, 22 Apr 2008 14:37:51 +0530
ipsec-tools (1:0.6.7-1.2) unstable; urgency=low
* Non-maintainer upload * Remove all configuration files on purge (closes: #298496) * Remove PID file and socket file on daemon stop (closes: #298496) * Corrected restart logic in setkey init script (closes: #460324) * Added LSB-formatted dependency info in init.d scripts (closes: #458488) * Fixed watch file (closes: #449659)
-- Peter Eisentraut <petere@debian.org> Tue, 18 Mar 2008 01:24:48 +0100
2007
ipsec-tools (1:0.6.7-1.1) unstable; urgency=low
* Non-maintainer upload. * Fix null pointer checks in: (Closes: #362213) * GETNAMEINFO and GETNAMEINFO_NULL in src/racoon/var.h, * certtest() in src/racoon/eaytest.c. * Fix debian-rules-ignores-make-clean-error lintian warning.
-- Jérémy Bobbio <lunar@debian.org> Sat, 29 Sep 2007 14:37:50 +0200
ipsec-tools (1:0.6.7-1) unstable; urgency=low
* New upstream release (closes: #429711) * Thanks Dann Frazier <dannf@debian.org> and Christian Perrier <bubulle@debian.org> for NMUs. * Fixed bug in parsing for DNSSEC. Patch from Marc Dequènes <Duck@DuckCorp.org> (closes: #321159). * Included Galician translation provided by Jacobo Tarrio <jtarrio@trasno.net> for debconf templates (closes: #412867). * Included Dutch translation proivded by cobaco (aka Bart Cornelis) <cobaco@skolelinux.no> (closes: #413885). * Fix racoon-tool bug setting lifetime when the setting pfs_group=none. Patch by Pallai Roland <dap@mail.index.hu> (closes: #406684). * Re-ran automake/autoconf because of a bug in libtool versions older than 1.5.20 which insists on checking for a C++ compiler though racoon doesn't require it.
-- Ganesan Rajagopal <rganesan@debian.org> Sat, 30 Jun 2007 19:31:39 +0530
ipsec-tools (1:0.6.6-3.2) unstable; urgency=low
* Non-maintainer upload
* Fix remote DoS condition that makes it possible for remote attackers to
crash a tunnel. See CVE-2007-1841 (closes: #423252)
* Fix typo in initscript (s/force_reload/force-reload). Patch from
Robie Basak (closes: #380103)
* setkey does not honor both -FP and -F in a single run, split into
separate calls. Patch from Benjamin Sonntag (closes: #403511)
-- dann frazier <dannf@debian.org> Tue, 19 Jun 2007 11:26:58 -0600
ipsec-tools (1:0.6.6-3.1) unstable; urgency=low
* Non-maintainer upload to fix pending l10n issues.
* Debconf translations:
- Russian. Closes: #373925
- German. Closes: #401468
- Japanese. Closes: #402623
- Spanish. Closes: #403484
* Fix typos in the debconf templates and unfuzzy translations
Closes: #397187
-- Christian Perrier <bubulle@debian.org> Sun, 4 Feb 2007 19:34:49 +0100
2006
ipsec-tools (1:0.6.6-3) unstable; urgency=low
* Remove old rc*.d symlinks to fix existing installations.
-- Ganesan Rajagopal <rganesan@debian.org> Wed, 19 Jul 2006 19:59:57 +0530
ipsec-tools (1:0.6.6-2) unstable; urgency=low
* Fix typo in enabling PAM. * Include russian translation. * Don't flush keys on reboot/shutdown (closes: #340740). * Start racoon in rcS.d to help VPN configurations (closes: #372665).
-- Ganesan Rajagopal <rganesan@debian.org> Wed, 19 Jul 2006 17:10:15 +0530
ipsec-tools (1:0.6.6-1) unstable; urgency=low
* New upstream release. * Added debconf-updatepo in clean target (closes: #372910). * Compiled with PAM support (closes: #299806, #371053). * Fixed typo in racoon.templates and corresponding po files. * Updated Brazilian Portugese, Vietnamese, Swedish, French and Czech translations for debconf templates (closes: #370148, #369409).
-- Ganesan Rajagopal <rganesan@debian.org> Thu, 15 Jun 2006 17:47:58 +0530
ipsec-tools (1:0.6.5-6) unstable; urgency=low
* Fix regex in racoon-tool.conf man page (closes: #352157). * Switch to "/sbin/modprobe" instead of "/sbin/insmod" for module loading in racoon-tool (closes: #298286). * Apply patch by Teddy Hogeborn <teddy@fukt.bth.se> to fix as1dn handling by racoon-tool (closes: #296259). * Apply patch by Kristjan Räts <kristjan.rats@liewenthal.ee> to make sure racoon is configured before it's started (closes: #304573). * Officially deprecate racoon-tool and cleanup debconf template (closes: #338216). * Update Standards-Version to 3.7.2 (no packaging changes required).
-- Ganesan Rajagopal <rganesan@debian.org> Mon, 29 May 2006 15:43:05 +0530
ipsec-tools (1:0.6.5-5) unstable; urgency=low
* Fix "dereferencing type-punned...." gcc-4.1 FTBFS bug (closes: #361334). * Include updated French translation (closes: #338642). * Include swedish debconf translation (closes: #330569). * Fix racoon-tool tool braindead shutdown delay (closes: #332814).
-- Ganesan Rajagopal <rganesan@debian.org> Wed, 17 May 2006 17:03:11 +0530
ipsec-tools (1:0.6.5-4) unstable; urgency=low
* Fixed FTBFS on another source file on 64-bit platforms. (closes: #359092). * Include samples directory in package.
-- Ganesan Rajagopal <rganesan@debian.org> Thu, 30 Mar 2006 14:30:45 +0530
ipsec-tools (1:0.6.5-3) unstable; urgency=low
* Fixed FTBFS on 64-bit platforms (closes: #359092).
-- Ganesan Rajagopal <rganesan@debian.org> Mon, 27 Mar 2006 17:41:45 +0530
ipsec-tools (1:0.6.5-2) unstable; urgency=low
* Enable GSSAPI/Kerberos 5 support (closes: #352040).
-- Ganesan Rajagopal <rganesan@debian.org> Sun, 26 Mar 2006 09:48:51 +0530
ipsec-tools (1:0.6.5-1) unstable; urgency=low
* New upstream release. * Don't rerun bootstrap because upstream libtool problem is fixed.
-- Ganesan Rajagopal <rganesan@debian.org> Tue, 7 Feb 2006 13:40:27 +0530
ipsec-tools (1:0.6.4-1) unstable; urgency=low
* New upstream release.
* Apply racoon-tool patch to use modprobe instead of insmod
(closes: #320087).
* Rerun bootstrap because upstream libtool appears to be broken (configure
breaks if g++ is not installed).
-- Ganesan Rajagopal <rganesan@debian.org> Tue, 24 Jan 2006 10:20:11 +0530
2005
ipsec-tools (1:0.6.3-1) unstable; urgency=low
* New upstream release with fix for CVE-2005-3732 (closes: #340584).
-- Ganesan Rajagopal <rganesan@debian.org> Mon, 28 Nov 2005 11:58:31 +0530
ipsec-tools (1:0.6.2-2) unstable; urgency=low
* Fix build breakage with OpenSSL 0.9.8 (closes: #334669).
-- Ganesan Rajagopal <rganesan@debian.org> Mon, 31 Oct 2005 11:19:53 +0530
ipsec-tools (1:0.6.2-1) unstable; urgency=low
* New upstream release. * Update FSF address in copyright. * Remove bashism in postinst.
-- Ganesan Rajagopal <rganesan@debian.org> Tue, 18 Oct 2005 10:30:53 +0530
ipsec-tools (1:0.6.1-1) unstable; urgency=low
* New upstream release
-- Ganesan Rajagopal <rganesan@debian.org> Sun, 21 Aug 2005 13:24:15 +0530
ipsec-tools (1:0.6-2) unstable; urgency=low
* Add debconf-2.0 as an alternate for debconf dependency. * Updated standards version. * Fixed racoonctl breakage (closes: #320535).
-- Ganesan Rajagopal <rganesan@debian.org> Sat, 13 Aug 2005 09:27:43 +0530
ipsec-tools (1:0.6-1) unstable; urgency=low
* New upstream release. * Include Vietnamese translation for debconf template (closes: #312031). * Include Japanese translation for debconf template (closes: #309732). * Registering /etc/init.d/setkey in rcS.d before ifupdown (closes: #303451).
-- Ganesan Rajagopal <rganesan@debian.org> Wed, 29 Jun 2005 10:16:54 +0530
ipsec-tools (1:0.5.2-1) unstable; urgency=high
* New upstream release. This release fixes ph2handle unlink bug
(closes: #307233).
* Urgency high because of fix for security problem with single DES.
* Applied patch from Richard Lucassen to pass options to racoon via
/etc/default/racoon file.
-- Ganesan Rajagopal <rganesan@debian.org> Wed, 4 May 2005 13:46:45 +0530
ipsec-tools (1:0.5.1-2) unstable; urgency=low
* Disabled readline support because it introduces a bug in setkey and
confuses a lot of people (closes: #303573).
* Added Build-Conflicts for bison++ (closes: #305974).
-- Ganesan Rajagopal <rganesan@debian.org> Mon, 2 May 2005 10:18:04 +0530
ipsec-tools (1:0.5.1-1) unstable; urgency=low
* New upstream release (closes: #305310). * Removed --enabled-stats while building (closes: #300718). * Removed --enable-ipv6 while build; this enables IPv6 automatically. (closes: #304000).
-- Ganesan Rajagopal <rganesan@debian.org> Tue, 19 Apr 2005 15:47:29 +0530
ipsec-tools (1:0.5-5) unstable; urgency=high
* Fix ISAKMP Header Parsing DoS bug (closes: #299716). * Quote URL in README.Debian to avoid confusion (closes: #297179).
-- Ganesan Rajagopal <rganesan@debian.org> Wed, 16 Mar 2005 09:31:30 +0530
ipsec-tools (1:0.5-4) unstable; urgency=low
* Fix typo in ipsec-tools.setkey.init (closes: #296912).
-- Ganesan Rajagopal <rganesan@debian.org> Sat, 26 Feb 2005 11:39:19 +0530
ipsec-tools (1:0.5-3) unstable; urgency=low
* Renamed ipsec.conf to ipsec-tools.conf to avoid conflict with openswan
(closes: #296079).
* Fix bug in quotes handling for peers_certfile (closes: #296105).
-- Ganesan Rajagopal <rganesan@debian.org> Sun, 20 Feb 2005 21:51:41 +0530
ipsec-tools (1:0.5-2) unstable; urgency=low
* Fix compile warnings to avoid build failures on 64-bit platforms.
-- Ganesan Rajagopal <rganesan@debian.org> Sat, 19 Feb 2005 10:03:27 +0530
ipsec-tools (1:0.5-1) unstable; urgency=low
* New upstream stable release.
* Forced to introduce epoch because I misunderstood how comparing
version strings works (0.4999 > 0.5). I can't believe I screwed up
this one :-(.
* Added initscript to run setkey on boot (closes: #276970).
* Renamed racoon.init.d to racoon.init as per dh_installinit documentation.
* Added note in README.Debian that racoon-tool may lag behind in features.
* Included racoon.conf samples directory.
* Added note in sample racoon.conf that it will not be used if racoon-tool
is used.
-- Ganesan Rajagopal <rganesan@debian.org> Fri, 18 Feb 2005 11:00:23 +0530
ipsec-tools (0.4999pre0.5rc2-3) unstable; urgency=low
* Added libssl-dev to build-deps (closes: #295263). * Updated racoon-tool.pl to handle certtype for peers_certfile (closes: #295035). * Escape quote ('"') characters in racoon-tool.pl to prevent messing up syntax highlighting in emacs.
-- Ganesan Rajagopal <rganesan@debian.org> Thu, 17 Feb 2005 14:34:06 +0530
ipsec-tools (0.4999pre0.5rc2-2) unstable; urgency=low
* Applied patch to support SPD levels and NAT traversl from
Lockenvitz Jan EXT <Jan.Lockenvitz.extern@icn.siemens.de>
(closes: #277285).
* Included debconf template Czech translation by
Miroslav Kure <kurem@upcase.inf.upol.cz> (closes: #294779).
-- Ganesan Rajagopal <rganesan@debian.org> Mon, 14 Feb 2005 18:27:14 +0530
ipsec-tools (0.4999pre0.5rc2-1) unstable; urgency=low
* New upstream release. * Redone packaging using debhelper. * Upstream supports Linux fwd policy (closes: #292850). * Source address patch applied upstream (closes: #289604). * Enabled NATT support (closes: #238795). * Removed empty racoon.conf (closes: #255124). * Fixed paths in man pages (closes: #276854).
-- Ganesan Rajagopal <rganesan@debian.org> Tue, 1 Feb 2005 13:55:37 +0530
ipsec-tools (0.3.3-7) unstable; urgency=low
* Fixed fix memory leak in crypto_openssl.c (closes: #292732). * French translation already included (closes: #245583). * Brazilian portugese translation already included (closes: #262550). * We don't include a debbugs URL anymore (closes: #220089).
-- Ganesan Rajagopal <rganesan@debian.org> Tue, 1 Feb 2005 13:48:22 +0530
ipsec-tools (0.3.3-6) unstable; urgency=low
* Taking over as maintainer from Matthew Grant with his approval.
-- Ganesan Rajagopal <rganesan@debian.org> Mon, 31 Jan 2005 20:52:43 +0530
2004
ipsec-tools (0.3.3-5) unstable; urgency=low
* Removed unneeded dependency on ed from control file, which I forgot to do.
-- Matthew Grant <grantma@anathoth.gen.nz> Sat, 18 Dec 2004 16:14:10 +1300
ipsec-tools (0.3.3-4) unstable; urgency=medium
* Didn't properly fix Bug #285103. This upload fixes it by adjusting the
config scripts. Priority set to medium to make sure that the 3 RC bugs get
cleared promptly from testing version. Removed use of ed as this tool
is only used in racoon.postint, and is not needed by any package essential
to run a firewall.
-- Matthew Grant <grantma@anathoth.gen.nz> Sat, 18 Dec 2004 11:46:36 +1300
ipsec-tools (0.3.3-3) unstable; urgency=low
* Fix use of 'find' in debian/rules. Thanks to Christian Ospelkaus
<christian@core-coutainville.org> for patch. (closes: #285788)
* Fix use of $? after another command execution in if statement at line 2161
of racoon-tool. Thanks to shonorio@alpargatas.com.br
<shonorio@alpargatas.com.br> for analysis. (closes: #285549)
* debian/racoon.init.d: In stop target, pass option --name instead of
--exec to start-stop-daemon to make sure old versions of the daemon
are properly stopped even if a new version is already on disk.
(closes: #285117) (Daniel Kobras <kobras@debian.org>)
* debian/racoon.{config,postinst}: Seed debconf settings from
configuration file, and take care to preserve manual changes.
(closes: #285103) (Daniel Kobras <kobras@debian.org>)
* debian/control: Add ed to racoon's dependencies as it is used in the
postinst script. (Daniel Kobras <kobras@debian.org>)
-- Matthew Grant <grantma@anathoth.gen.nz> Thu, 16 Dec 2004 22:29:48 +1300
ipsec-tools (0.3.3-2) unstable; urgency=medium
* Fix spelling mistake for 'available' in racoon init script. (closes: #249288) * Fixed URL in README.certificate (closes: #252513) * Fixed gzipping of under sized files (closes: #279739) * Added french debconf translation for racoon (closes: #245251) * Added pt_BR.po Brazilian Portuguese translation for raccon debconf (closes #262550) * Added German de.po for raccon debconf (closes: #263055) * Applied patch from Wilfried Weissmann <Wilfried.Weissmann@gmx.at> who forwarded a fix for "initial_contact" spelling error (closes: #280837) * Fixed racoon-tool address type parsing bug. Fix forwarded by Kolja Waschk <debianbug@ixo.de> (closes: #269934) * Fixed racoon-tool port parsing bug with port numbers more than 3 chars. Patch from Jeremy Jackson <jerj@coplanar.net> (closes: #260875) * Fixed parsing of file paths delimited by optional double quotes. (closes: #257350)
-- Matthew Grant <grantma@anathoth.gen.nz> Fri, 26 Nov 2004 08:34:17 +1300
ipsec-tools (0.3.3-1) unstable; urgency=high
* Security upload. Updated to vesion 0.3.3 which fixes a "authentication
bug in KAME's racoon" in eay_check_x509cert() (Bugtraq
http://seclists.org/lists/bugtraq/2004/Jun/0219.html) (closes: #254663).
* Fix for "racooninit" in racoon-tool.conf. Applied patch submitted by
Teddy Hogeborn <teddy@fukt.bth.se>. (closes: #249222)
* Stopped patching racoon.conf.5 manpage as the "Japlish" fix is now in the
source tree.
-- Matthew Grant <grantma@anathoth.gen.nz> Thu, 17 Jun 2004 09:05:50 +1200
ipsec-tools (0.3.1-4) unstable; urgency=low
* Fixed autoconf more so that it only gets called by maintainer. This is to
fix the woody backport support.
-- Matthew Grant <grantma@anathoth.gen.nz> Thu, 22 Apr 2004 15:55:45 +1200
ipsec-tools (0.3.1-3) unstable; urgency=high
* Security upload. Correct urgency so that it will be accepted into
testing in 2 days because version in testing suffers from CAN-2004-0403
and CAN-2004-0155.
* New upstrem release. Fixes remote DoS in racoon (CAN-2004-0403)
(closes: #244182). Repeated for sake of BTS.
-- Matthew Grant <grantma@anathoth.gen.nz> Thu, 22 Apr 2004 10:42:49 +1200
ipsec-tools (0.3.1-2) unstable; urgency=high
* Security upload. Correct urgency so that it will be accepted into
testing in 2 days because version in testing suffers from CAN-2004-0403
and CAN-2004-0155.
* New upstrem release. Fixes remote DoS in racoon (CAN-2004-0403)
(closes: #244182). Repeated for sake of BTS.
-- Matthew Grant <grantma@anathoth.gen.nz> Thu, 22 Apr 2004 10:00:58 +1200
ipsec-tools (0.3.1-1) unstable; urgency=high (Fixes remote DoS CAN-2004-0403)
* New upstrem release. Fixes remote DoS in racoon (CAN-2004-0403) (closes: #244182) * Enable shared libraries for libipsec - had been turned off upstream. * Removed support for GNU readline as there is definitely a licensing conflist, and it breadks the stdin processing of setkey which is needed for racoon-tool. * rpm building Makefile was causing a lot of grief by recursively calling toplevel makefile. Removed from configure.ac * Removed autoconf from build targets as rebuilding Makefile.in makes debian/rules clean target non-idempotent. * Security release, set urgency to high.
-- Matthew Grant <grantma@anathoth.gen.nz> Thu, 22 Apr 2004 08:42:28 +1200
ipsec-tools (0.2.5-2) unstable; urgency=low
* New upstream release. Fixes the the X509 security authentication bug.
(CAN-2004-0155) Closes: #242327
* Finally worked out autoconf so that it is dependable. Package needs to
use 2 DIFFERENT versions of autoconf so that it works!
* Fixed some 'Japlish' in the racoon.conf.5 manpage. Closes: #235456
-- Matthew Grant <grantma@anathoth.gen.nz> Wed, 7 Apr 2004 16:05:34 +1200
ipsec-tools (0.2.5-1) unstable; urgency=low
* Botched upload due to Ctrl-C-ing dupload...
-- Matthew Grant <grantma@anathoth.gen.nz> Wed, 7 Apr 2004 13:18:03 +1200
ipsec-tools (0.2.4-3) unstable; urgency=low
* Fixed start and stop being in the wrong order in legacy init.d target.
Closes: #198755
* Rearranged racoon maintainer scripts starting and stopping of daemon.
Dropped testing of kernel in postinst - test in init script is enough.
Closes: #233642
* Reorganised the debconf screens as there was too many of them.
Closes: #240056. Removal of one of the screens - Closes: #240010
* Installed a README.Debian in the racoon package, describing most
things needed to get racoon starting properly.
* Replaced racoon.conf with a far simpler one to make sure racoon
has a good chance of starting properly. Closes: #209226
* Made sure packaged is autoconfed correctly. This was causing
trouble when building with set CC, CPP and CFLAGS in environment.
Closes: #229614
* Set racoon and ipsec-tools priorities to optional, shouldn't be extra.
Closes: #212985
-- Matthew Grant <grantma@anathoth.gen.nz> Sun, 28 Mar 2004 23:19:16 +1200
ipsec-tools (0.2.4-2) unstable; urgency=low
* Fix problem with do_patch do_unpatch not having execute bits set on
dpkg-source -x causing build failures. Closes: Bug#239668
* Forgot to mention that upgrade to upstream does this: Closes: Bug#216650
* Upstream release also Closes: Bug#233642 Closes: Bug#231006, Bug#224960
* This build also Closes: Bug#230269, lintian checks found it!
-- Matthew Grant <grantma@anathoth.gen.nz> Thu, 25 Mar 2004 22:32:34 +1200
ipsec-tools (0.2.4-1) unstable; urgency=low
* Upload takes over maintainership of ipsec-tools. I have already emailed
Wichert Akkerman <wichert@wiggy.net>, and he has said this is good and OK.
* Converted templates to po-debconf.
* Built support into debian/rules, templates and control files to allow
easy building on woody as well as unstable.
* Rebuilt autoconf and libtool using latest versions in sid. This should
fix ARM compilation problems.
* Ported to sid.
* Included patches and portablilty in debian/rules to make building
on either tons easier.
-- Matthew Grant <grantma@anathoth.gen.nz> Wed, 24 Mar 2004 08:41:14 +1200
ipsec-tools (0.2.4-0.mag.4) unstable; urgency=low
* Set up a quick and dirty patching scheme so that all changes are in
debian directory. Make source tree easier to maintain.
* Make a test build.
-- Matthew Grant <grantma@anathoth.gen.nz> Mon, 22 Mar 2004 02:40:53 +0000
ipsec-tools (0.2.4-0.mag.3) unstable; urgency=low
* Made it generate a .diff file.
-- Matthew Grant <grantma@anathoth.gen.nz> Mon, 22 Mar 2004 01:51:20 +0000
ipsec-tools (0.2.4-0.mag.2) unstable; urgency=low
* Added manpages for racoon-tool(8) and racoon-tool.conf(5) * Updated copyright file etc. * Fixed a lot of problems lintian detected.
-- Matthew Grant <grantma@anathoth.gen.nz> Sun, 21 Mar 2004 21:01:07 +0000
ipsec-tools (0.2.4-0.mag.1) unstable; urgency=low
* Fix install so that racoon goes into /usr/sbin.
* Fix restart operation of racoon init script.
* Set up debconf to either select racoon-tool or use direct editing
of the configuration. Default to direct configuration mode.
* Fix dependency generation for racoon package.
* Fix racoon init scripts and posinst script to detect if a suitable
kernel is installed.
-- Matthew Grant <grantma@anathoth.gen.nz> Wed, 17 Mar 2004 00:34:24 +0000
ipsec-tools (0.2.4-0.mag.0) unstable; urgency=low
* Updated to new upstream release.
-- Matthew Grant <grantma@anathoth.gen.nz> Tue, 2 Mar 2004 03:05:17 +0000
2003
ipsec-tools (0.2.2-8) unstable; urgency=low
* Give libtool and auto* the deserved kick in the pants and upgrade them
to newer versions which do not break on ARM. Closes: Bug#221553
-- Wichert Akkerman <wichert@wiggy.net> Wed, 19 Nov 2003 13:42:19 +0100
ipsec-tools (0.2.2-7) unstable; urgency=low
* Tell configure that our kernel includes are in /usr/include.
Closes: Bug#221380
* Stop using debian email address in changelog as well
-- Wichert Akkerman <wichert@wiggy.net> Tue, 18 Nov 2003 11:13:48 +0100
ipsec-tools (0.2.2-6) unstable; urgency=low
* Build using the new linux-kernel-headers package * Split out racoon into its own package
-- Wichert Akkerman <wakkerma@debian.org> Fri, 14 Nov 2003 00:09:21 +0100
ipsec-tools (0.2.2-5) unstable; urgency=low
* Update kernel headers so DES and 3DES work again with current kernels.
-- Wichert Akkerman <wakkerma@debian.org> Mon, 23 Jun 2003 14:01:40 +0200
ipsec-tools (0.2.2-4) unstable; urgency=low
* Fix logic error in init script which prevented racoon from being
started
* Update link to the PKIX certificate documentation
* Use invoke-rc.d. Note that whoever decided its --query option should
return 104 on an obvious success case should be shot.
* Include GSSAPI copyright. Closes: Bug#192281
-- Wichert Akkerman <wakkerma@debian.org> Wed, 14 May 2003 11:21:47 +0200
ipsec-tools (0.2.2-3) unstable; urgency=low
* Add libssl-dev Build-Depend. Closes: Bug#186750 * Add a Standards-Version. Closes: Bug#186748 * Update config.{guess,sub} to version from autotools-dev 20030110.1. Closes: Bug#186587 * Don't abort if make distclean fails. Closes: Bug#186751
-- Wichert Akkerman <wakkerma@debian.org> Sat, 29 Mar 2003 18:16:01 +0100
ipsec-tools (0.2.2-2) unstable; urgency=low
* Add a real description and copyright * Install all racoon documentation * Install conffiles * Fix permissions, compress manpages * Properly restart and stop racoon on upgrade and removal
-- Wichert Akkerman <wakkerma@debian.org> Sat, 22 Mar 2003 18:42:03 +0100
ipsec-tools (0.2.2-1) unstable; urgency=low
* First trivial packaging
-- Wichert Akkerman <wakkerma@debian.org> Sat, 15 Mar 2003 11:53:05 +0100