ipsec-tools (1:0.8.2+20140711-10) unstable; urgency=medium * Correct some memory management errors leading to compilation failure due to failed format-truncation gcc checks. (Closes: 853457) -- Noah Meyerhans Thu, 24 Aug 2017 21:51:40 -0700 ipsec-tools (1:0.8.2+20140711-9) unstable; urgency=medium * Import NetBSD's patch to address CVE-2016-10396 (Closes: #867986) * Update to debhelper compat level 10 * Update to policy 4.0 compliance. -- Noah Meyerhans Wed, 26 Jul 2017 22:56:33 -0700 ipsec-tools (1:0.8.2+20140711-8) unstable; urgency=medium * Depend on libfl-dev to follow flex changes (Closes: #846430) -- Christian Hofstaedtler Thu, 01 Dec 2016 09:49:16 +0000 ipsec-tools (1:0.8.2+20140711-7) unstable; urgency=medium * Build against libssl1.0-dev for stretch. (Closes: #828354) Patch from Adrian Bunk , thanks. -- Christian Hofstaedtler Sat, 12 Nov 2016 20:08:35 +0000 ipsec-tools (1:0.8.2+20140711-6) unstable; urgency=medium [ Felipe Sateler ] * Add systemd unit for setkey (Closes: #796619) [ Christian Hofstaedtler ] * Bump Standards-Version to 3.9.8 (no changes needed) -- Christian Hofstaedtler Wed, 15 Jun 2016 07:48:10 +0000 ipsec-tools (1:0.8.2+20140711-5) unstable; urgency=medium * Fix FTBFS with glibc 2.21 due to _BSD_SOURCE being deprecated and the build system treating all warnings as errors. (Closes: #790244) -- Christian Hofstaedtler Sun, 17 Jan 2016 08:57:49 +0000 ipsec-tools (1:0.8.2+20140711-4) unstable; urgency=medium * Fix FTBFS with gcc 5 due to unspecified parameter type in xauth_reply, src/racoon/isakmp_xauth.c (Closes: 777918) -- Noah Meyerhans Fri, 26 Jun 2015 09:38:42 -0700 ipsec-tools (1:0.8.2+20140711-3) unstable; urgency=medium * Fix null pointer dereference leading to a possible crash and denial of service attack. (Closes: 785778) -- Noah Meyerhans Wed, 20 May 2015 10:46:55 -0700 ipsec-tools (1:0.8.2+20140711-2) unstable; urgency=low * Stop using hardening-wrapper * Import patch for checkpoint xauth. (Closes: 650176) * Bump standards version to 3.9.6 (no changes) -- Noah Meyerhans Mon, 13 Oct 2014 22:55:01 -0700 ipsec-tools (1:0.8.2+20140711-1) unstable; urgency=medium * Repackage upstream release 0.8.2 for real. Previous releases were based on an incomplete import and were essentially 0.8.0. * Remove patch debian/patches/gcc-4.8.diff, which has been incorportated upstream. * Remove patch debian/patches/patch-to-support-cast128, which has been incorportated upstream. * Import patch for x509 IPv6 literal address subjectAltName support from Adam Majer (Closes: #738573) -- Noah Meyerhans Fri, 11 Jul 2014 00:52:38 -0700 ipsec-tools (1:0.8.2-4) unstable; urgency=medium * Fix newly introduced FTBFS on kFreeBSD. The previous patch defined __USE_GNU in a fragile way, but as we're really on a glibc platform, we can just define _GNU_SOURCE, similar to what is done on Linux. * Refresh patch "configure-pass-Wl-with-R" -- Christian Hofstaedtler Sun, 29 Jun 2014 15:08:07 +0200 ipsec-tools (1:0.8.2-3) unstable; urgency=medium * Update patch gcc-4.8.diff. As per NetBSD CVS, the memset is unneeded after (racoon_)calloc(). * Support building with automake 1.14. Set required options to restore old automake behavior, and run autoreconf during build. Removed patches to configure, removed explicit rpath setting and chrpath. Dropped superfluous symbols files, as we are not a library package and these were probably added by accident. * Only use UTF8 encoding in ASN.1 strings. This is recommended by RFC2459 (2004), and has been made the default in OpenSSL 1.0.1h. Fixes the FTBFS caused by the OpenSSL change. (Closes: #752946) * Add myself to Uploaders * Set Vcs-Git to a git:// URL -- Christian Hofstaedtler Sat, 28 Jun 2014 18:15:39 +0200 ipsec-tools (1:0.8.2-2) unstable; urgency=low * Fix FTBFS on kfreebsd. -- Noah Meyerhans Thu, 08 May 2014 23:58:14 -0700 ipsec-tools (1:0.8.2-1) unstable; urgency=medium * New upstream release 0.8.2 * Add a systemd unit file for racoon. * Update maintainer and VCS details in debian/control. * Update standards compliance to 3.9.5 (no changes) * Update config.{sub,guess} (Closes: 727294) * Add dependency on lsb-base for /lib/lsb/init-functions (Closes: 695074) * Update Dutch debconf translation (Closes: #692817) * Update Japanese debconf translation (Closes: #715193) -- Noah Meyerhans Sun, 27 Apr 2014 22:40:37 -0700 ipsec-tools (1:0.8.0-14.1) unstable; urgency=low * Non-maintainer upload. * Fix "ftbfs with GCC-4.8": add patch from Ubuntu / Matthias Klose, which dereferences argument to 'sizeof' in 'memset' (Closes: #701299) -- gregor herrmann Sat, 23 Nov 2013 20:39:37 +0100 ipsec-tools (1:0.8.0-14) unstable; urgency=low * Debconf templates and debian/control reviewed by the debian-l10n- english team as part of the Smith review project. Kudos to Christian Perrier for organising this. Closes: #677713 * [Debconf translation updates] * Russian (Yuri Kozlov). Closes: #679732 * Italian (Luca Monducci). Closes: #679743 * Slovak (Ivan Masár). Closes: #679808 * Danish (Joe Hansen). Closes: #680068 * Portuguese (Américo Monteiro). Closes: #680131 * German (Erik Pfannenstein). Closes: #680295 * French (Jean-Christope GARNIER). Closes: #680270 * Czech (Miroslav Kure). Closes: #680471 * Polish (Michał Kułach). Closes: #680526 * Swedish (Martin Bagge / brother). Closes: #680560 * Spanish (Javier Fernández-Sanguino). Last in the gate. Added by Maintainer. Closes: #681400 -- Matthew Grant Sun, 15 Jul 2012 21:13:32 +1200 ipsec-tools (1:0.8.0-13) unstable; urgency=low * Set CFLAGS _FORTIFY_SOURCE=2 cf 0 (Closes: #679481) * Make peer_sertfile dnssec DNSSEC validate on linux (Closes: #679483) -- Matthew Grant Fri, 29 Jun 2012 22:22:51 +1200 ipsec-tools (1:0.8.0-12) unstable; urgency=low * racoon - add adduser dependency (Closes: #677572) * Fix racoon debconf template. -- Matthew Grant Fri, 15 Jun 2012 11:33:48 +1200 ipsec-tools (1:0.8.0-11) unstable; urgency=low * Update racoon-tool to 0.1.5 to fix proposal bug and add privsep support. * Make racoon init return 0 when already started (Closes: #666913) * Remove set -e from racoon init (Closes: #666912) * Update debconf and README.Debian re X509 and racoon-tool. * Update package format to 3.9.3 -- Matthew Grant Wed, 13 Jun 2012 16:39:18 +1200 ipsec-tools (1:0.8.0-10) unstable; urgency=low * Correctly close bugs related to Debian GNU/kfreebsd build failures. Bugs #617859 and #639970 reopened. (Closes: #619687, #643570) -- Matthew Grant Sun, 16 Oct 2011 11:43:09 +1300 ipsec-tools (1:0.8.0-9) unstable; urgency=low * Apply new patchs which enable GNU/kfreebsd build. Thanks to Mats Erik Andersson. (Closes: #617859, #639970) * Put removing of config.log at end of dh_clean to stop file changed problems during git-buildpackage * Fix lots of minor lintian warnings. * LSB-fy init scripts. (Closes: #629828) * Fix spelling error in racoon.conf.5 manpage. * Fix typo in libipsec_strerror.h (Closes: #642926) * Updated racoon-tool.conf.5 manpage, minor regexps. * New racoon-tool, Multi relation SPD code. * debian/control: Add Vcs-* stanzas. -- Matthew Grant Sat, 08 Oct 2011 16:30:22 +1300 ipsec-tools (1:0.8.0-8) unstable; urgency=low * Revert racoon-tool default SPD level to unique for comaptibilty and individual VPN reload speed. -- Matthew Grant Wed, 28 Sep 2011 12:12:12 +1300 ipsec-tools (1:0.8.0-7) unstable; urgency=low * Temporarily fix gcc-4.6 build on most architectures. Need to contact upstream about proper use of autoconf and configure.ac for gcc-4.6 support as autoconf for this package appears to be brittle. -- Matthew Grant Wed, 28 Sep 2011 10:09:20 +1300 ipsec-tools (1:0.8.0-6) unstable; urgency=low * Remove Requires-Stop $remotefs from init script. (Closes: #643006) -- Matthew Grant Tue, 27 Sep 2011 07:51:09 +1300 ipsec-tools (1:0.8.0-5.1) unstable; urgency=low * Minor version to kick over reprepro -- Matthew Grant Mon, 26 Sep 2011 10:58:05 +1300 ipsec-tools (1:0.8.0-5) unstable; urgency=low * Fix required-stop $remotefs with lintian override as otherwise causes dependency boot order loops sith sendsigs. * Add racoon-tool match code for udp port 500 traffic. -- Matthew Grant Mon, 26 Sep 2011 10:52:50 +1300 ipsec-tools (1:0.8.0-4.1) unstable; urgency=low * Update raccon-tool transport mode to ignore dup port 500 <-> 500 traffic. -- Matthew Grant Mon, 26 Sep 2011 10:19:19 +1300 ipsec-tools (1:0.8.0-4) unstable; urgency=low * New Maintainer. Have conferred with Stefan Bauer. * Changed to gcc-4.5 only as 4.6 does not support -R flag that ipsec-tools requires. (Closes: #625184) * Marked automake, autoconf, and autoheader as Build-Conflicts. * Added updated racoon-tool.pl and associated manpages. -- Matthew Grant Sun, 25 Sep 2011 17:41:02 +1300 ipsec-tools (1:0.8.0-3) unstable; urgency=low * Apply patch from Mats Erik Andersson to fix build problems on *BSD This patch also addresses nat-t related issues for this arch -- Stefan Bauer Fri, 25 Mar 2011 12:29:19 +0100 ipsec-tools (1:0.8.0-2) unstable; urgency=low * Skip dependency on libssl-dev and move back to libssl-dev (>= 0.9.6) to provide an update to unstable. This will temporary remove the support for camellia encryption algorithm until libssl-dev 1.x enters unstable * Adjust racoon-init-script (Closes: #619151) * Apply patch to fix build problems on *BSD Thanks to Mats Erik Andersson -- Stefan Bauer Wed, 23 Mar 2011 11:44:33 +0100 ipsec-tools (1:0.8.0-1) experimental; urgency=low * New upstream release o Fix authentication method ambiguity with kerberos and xauth o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman) o Local address code rewrite to speed things up o Improved MIPv6 support (Arnaud Ebalard) o ISAKMP SA (phase1) rekeying o Improved scheduler (faster algorithm, support monotonic clock) o Handle RESPONDER-LIFETIME in quick mode o Handle INITIAL-CONTACT in from main mode too o Rewritten event handling framework for admin port o Ability to initiate IPsec SA through admin port o NAT-T Original Address handling (transport mode NAT-T support) o clean NAT-T - PFkey support o support for multiple anonymous remoteconfs o Remove various obsolete configuration options o A lot of other bug fixes, performance improvements and clean ups * Remove patches as they are now part of upstream release -- Stefan Bauer Mon, 21 Mar 2011 10:52:37 +0100 ipsec-tools (1:0.7.3-18) experimental; urgency=low * Lower the log level for racoon to notify to keep syslog clear * Reupload because build dir was tainted * Skip --enable-xauth on build, as this is covered by --enable-hybrid -- Stefan Bauer Fri, 11 Mar 2011 09:16:43 +0100 ipsec-tools (1:0.7.3-16) experimental; urgency=low * Adjust racoon init-script to handle the start with kFreeBSD kernel as well. Thanks to Mats Erik Andersson (Closes: #613726) * Enable --with-libldap at build time -- Stefan Bauer Mon, 28 Feb 2011 13:21:18 +0100 ipsec-tools (1:0.7.3-15) experimental; urgency=low * Fix build problems on *bsd (Closes: #612676) * Include configuration example to tunnel with OpenBSD (Closes: #612448) Thanks to Mats Erik Andersson -- Stefan Bauer Thu, 10 Feb 2011 11:11:53 +0100 ipsec-tools (1:0.7.3-14) experimental; urgency=low * Fix build problems on *bsd * Include converter for plainrsa to pem file format (Closes: #612021) -- Stefan Bauer Sat, 05 Feb 2011 11:56:25 +0100 ipsec-tools (1:0.7.3-13) experimental; urgency=low * Switch to dpkg-source 3.0 (quilt) format * Fix typo in README-file * Bump Standards to 3.9.1 * Include /usr/share/common-licenses/BSD in packages copyright file as base-files might drop the licenses in future versions * Added support for camellia encryption algorithm * Ship /etc/ipsec-tools.d/ with the package (Closes: #598426) -- Stefan Bauer Wed, 26 Jan 2011 15:26:30 +0100 ipsec-tools (1:0.7.3-12) unstable; urgency=low * Extend racoon init-script to start after setkey (Closes: #599529) This fix is to allow dependency based boot sequence as it is the default in squeeze. Thanks to Sebastian Bernhart for assistance. -- Stefan Bauer Sun, 10 Oct 2010 21:16:49 +0200 ipsec-tools (1:0.7.3-9) unstable; urgency=low * Delay the check of setkey-configuration files to speed up processing Idea taken from Mats Erik Andersson (Closes: #588490) * Include upstream patch to support iPhone OS with L2TP over IPsec and main mode with pre-shared keys as this is the only supported method by the iPhone OS. Patch supplied by John Keith Hohm -- Stefan Bauer Thu, 12 Aug 2010 12:45:24 +0200 ipsec-tools (1:0.7.3-8) unstable; urgency=low * Moved the private libs to /usr/lib/ipsec-tools to follow 10.2 of Debian Policy (Closes: #507072) -- Stefan Bauer Tue, 01 Jun 2010 22:12:18 +0200 ipsec-tools (1:0.7.3-7) unstable; urgency=low * Conflict with virtual package ike-server to avoid conflicts with other ike-implementations (#583334) * Include Danish debconf translation (Closes: #583969) -- Stefan Bauer Tue, 01 Jun 2010 12:05:15 +0200 ipsec-tools (1:0.7.3-6) unstable; urgency=low * Applied patch from Martin Fuzzey to fix failed to bind to address bug when using the phase1-up.sh script. Ubuntu Bug # 332606 -- Stefan Bauer Mon, 12 Apr 2010 16:42:02 +0200 ipsec-tools (1:0.7.3-5) unstable; urgency=low * Extented setkey init-script to be able to load setkey configurations from /etc/ipsec-tools.d/*.conf files (Closes: #519862) Patch supplied by Shane R. Spencer * Mention undocumented feature esp-udp in setkey manpage (Closes: #550697) * Document lack of tcp-md5 support for setkey on linux (Closes: #389286) -- Stefan Bauer Mon, 22 Mar 2010 10:36:28 +0100 ipsec-tools (1:0.7.3-4) unstable; urgency=low * Restart at the end of upgrade process to keep the connection in case of maintenance over ipsec (Closes: #307721) -- Stefan Bauer Wed, 17 Mar 2010 12:14:27 +0100 ipsec-tools (1:0.7.3-3) unstable; urgency=low * Modified the racoon and ipsec-tool maintainer scripts to not flush the kernel SA/SD database on remove of racoon * Keep the kernel SA/SD entries on upgrade as well -- Stefan Bauer Fri, 26 Feb 2010 16:15:32 +0100 ipsec-tools (1:0.7.3-2) unstable; urgency=low * Modify racoon startscript to not restart on reload (Closes: #529001) * Applied patch to support cast128-cbc algorithm - patch supplied by Hiroyuki YAMAMORI (Closes: #242723) * Build with hardening options enabled (Closes: #542731) Patch supplied by Kees Cook * Fix typo in FAQ (Closes: #561980) * Flush SA/SD kernel-database on purge/remove (Closes: #569949) -- Stefan Bauer Tue, 23 Feb 2010 20:39:02 +0100 ipsec-tools (1:0.7.3-1) unstable; urgency=low * New Maintainer (Closes: #565362) * Acknowledge NMU changes * New upstream release * Fixed a NAT-T flag check * Some code cleanups/compilation fixes with recent gcc * Fix a remote crash and a memory leak * Fix memory leak in x509 certificate validation * Fix a potential DoS in oakley_do_decrypt() * Check fgets return value in setkey to make gcc happy * Backport S.P.Zeidler's fix to IPv6 address related stack smashing * Bump Standards to 3.8.4 * Added {misc:Depends} for binary packages * Bump debhelper to 7.0.50~ to keep backports dependency * Fix typo in manpage * Stop racoon on runlevel 0 and 6 too * Get rid of dh_clean -k in favor of dh_prep -- Stefan Bauer Mon, 22 Feb 2010 15:46:03 +0100 ipsec-tools (1:0.7.1-1.6) unstable; urgency=low * Non-maintainer upload. * Avoid strict aliasing checking, fix FTBFS w/ GCC 4.4 and up; patch by peter green. (Closes: #530527) -- Stefano Zacchiroli Fri, 25 Dec 2009 19:21:49 +0100 ipsec-tools (1:0.7.1-1.5) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix multiple memory leaks in NAT traversal and RSA authentication code of racoon leading to DoS because (CVE-2009-1632; Closes: #528933). -- Nico Golde Tue, 19 May 2009 13:26:14 +0200 ipsec-tools (1:0.7.1-1.4) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix possible denial of service via a fragment without any payload (all item lengths = 0) which triggers a null ptr dereference (Closes: #527634). -- Nico Golde Wed, 13 May 2009 13:24:22 +0200 ipsec-tools (1:0.7.1-1.3) unstable; urgency=low * Non-maintainer upload * Racoon should depend on at least the current version of ipsec-tools (Closes: #507071) -- Evan Broder Sat, 13 Dec 2008 15:40:55 -0500 ipsec-tools (1:0.7.1-1.2) unstable; urgency=high * Non-maintainer upload by the Security Team. * Apply upstream patch to remove orphaned phase 1 handles that were initiated remotely if an invalid first exchange was received which may lead to a denial of service attack (CVE-2008-3652; Closes: #501026). -- Nico Golde Tue, 07 Oct 2008 14:22:25 +0200 ipsec-tools (1:0.7.1-1.1) unstable; urgency=low * Non-maintainer upload. * Fix pending l10n issues * Debconf translations: - Russian. Closes: #484325 - Japanese. Closes: #494054 - Italian. Closes: #496117 - Finnish. Closes: #496236 -- Christian Perrier Wed, 27 Aug 2008 08:49:00 +0200 ipsec-tools (1:0.7.1-1) unstable; urgency=low * New upstream release * Apply debconf Swedish translation (closes: #491769) -- Ganesan Rajagopal Sun, 27 Jul 2008 15:51:17 +0530 ipsec-tools (1:0.7-2.1) unstable; urgency=low * Non-maintainer upload to fix pending l10n issues. * Debconf translations: - German. Closes: #479257 - French. Closes: #477771 - Galician. Closes: #480984 - Spanish. Closes: #482343 - Vietnamese. Closes: #482363 - Czech. Closes: #482429 - Basque. Closes: #482847 - Portuguese. Closes: #482892 - Dutch. Closes: #483006 - Brazilian Portuguese. Closes: #483684 * [Lintian] Remove useless debian/preinst script -- Christian Perrier Sat, 10 May 2008 19:36:28 +0200 ipsec-tools (1:0.7-2) unstable; urgency=low * Really apply patch from Ubuntu to racoon.init for bash completion (closes: #453031). * Fix module loading bug with hyphen in kernel version (closes: 376934). -- Ganesan Rajagopal Tue, 22 Apr 2008 14:40:39 +0530 ipsec-tools (1:0.7-1) unstable; urgency=low * New upstream release (closes: #448056). * Thanks Peter Eisentraut and Jérémy Bobbio for NMUs. * Apply patch from Ubuntu to racoon.init to create /var/run/racoon if it doesn't already exist (closes: #453029). * Apply patch from Ubuntu to racoon.init for bash completion (closes: #453031). * Fix bad config location in README.Debian (closes: #412674). * Remove unneeded Build-Depends on libreadline5-dev. * Add Build-Depends on chrpath and remove rpath lintian warnings. * Fix racoon-tool bug which causes racoon to fail to start (closes: #470736). * Update Standards-Version to 3.7.3 (no packaging changes required). -- Ganesan Rajagopal Tue, 22 Apr 2008 14:37:51 +0530 ipsec-tools (1:0.6.7-1.2) unstable; urgency=low * Non-maintainer upload * Remove all configuration files on purge (closes: #298496) * Remove PID file and socket file on daemon stop (closes: #298496) * Corrected restart logic in setkey init script (closes: #460324) * Added LSB-formatted dependency info in init.d scripts (closes: #458488) * Fixed watch file (closes: #449659) -- Peter Eisentraut Tue, 18 Mar 2008 01:24:48 +0100 ipsec-tools (1:0.6.7-1.1) unstable; urgency=low * Non-maintainer upload. * Fix null pointer checks in: (Closes: #362213) * GETNAMEINFO and GETNAMEINFO_NULL in src/racoon/var.h, * certtest() in src/racoon/eaytest.c. * Fix debian-rules-ignores-make-clean-error lintian warning. -- Jérémy Bobbio Sat, 29 Sep 2007 14:37:50 +0200 ipsec-tools (1:0.6.7-1) unstable; urgency=low * New upstream release (closes: #429711) * Thanks Dann Frazier and Christian Perrier for NMUs. * Fixed bug in parsing for DNSSEC. Patch from Marc Dequènes (closes: #321159). * Included Galician translation provided by Jacobo Tarrio for debconf templates (closes: #412867). * Included Dutch translation proivded by cobaco (aka Bart Cornelis) (closes: #413885). * Fix racoon-tool bug setting lifetime when the setting pfs_group=none. Patch by Pallai Roland (closes: #406684). * Re-ran automake/autoconf because of a bug in libtool versions older than 1.5.20 which insists on checking for a C++ compiler though racoon doesn't require it. -- Ganesan Rajagopal Sat, 30 Jun 2007 19:31:39 +0530 ipsec-tools (1:0.6.6-3.2) unstable; urgency=low * Non-maintainer upload * Fix remote DoS condition that makes it possible for remote attackers to crash a tunnel. See CVE-2007-1841 (closes: #423252) * Fix typo in initscript (s/force_reload/force-reload). Patch from Robie Basak (closes: #380103) * setkey does not honor both -FP and -F in a single run, split into separate calls. Patch from Benjamin Sonntag (closes: #403511) -- dann frazier Tue, 19 Jun 2007 11:26:58 -0600 ipsec-tools (1:0.6.6-3.1) unstable; urgency=low * Non-maintainer upload to fix pending l10n issues. * Debconf translations: - Russian. Closes: #373925 - German. Closes: #401468 - Japanese. Closes: #402623 - Spanish. Closes: #403484 * Fix typos in the debconf templates and unfuzzy translations Closes: #397187 -- Christian Perrier Sun, 4 Feb 2007 19:34:49 +0100 ipsec-tools (1:0.6.6-3) unstable; urgency=low * Remove old rc*.d symlinks to fix existing installations. -- Ganesan Rajagopal Wed, 19 Jul 2006 19:59:57 +0530 ipsec-tools (1:0.6.6-2) unstable; urgency=low * Fix typo in enabling PAM. * Include russian translation. * Don't flush keys on reboot/shutdown (closes: #340740). * Start racoon in rcS.d to help VPN configurations (closes: #372665). -- Ganesan Rajagopal Wed, 19 Jul 2006 17:10:15 +0530 ipsec-tools (1:0.6.6-1) unstable; urgency=low * New upstream release. * Added debconf-updatepo in clean target (closes: #372910). * Compiled with PAM support (closes: #299806, #371053). * Fixed typo in racoon.templates and corresponding po files. * Updated Brazilian Portugese, Vietnamese, Swedish, French and Czech translations for debconf templates (closes: #370148, #369409). -- Ganesan Rajagopal Thu, 15 Jun 2006 17:47:58 +0530 ipsec-tools (1:0.6.5-6) unstable; urgency=low * Fix regex in racoon-tool.conf man page (closes: #352157). * Switch to "/sbin/modprobe" instead of "/sbin/insmod" for module loading in racoon-tool (closes: #298286). * Apply patch by Teddy Hogeborn to fix as1dn handling by racoon-tool (closes: #296259). * Apply patch by Kristjan Räts to make sure racoon is configured before it's started (closes: #304573). * Officially deprecate racoon-tool and cleanup debconf template (closes: #338216). * Update Standards-Version to 3.7.2 (no packaging changes required). -- Ganesan Rajagopal Mon, 29 May 2006 15:43:05 +0530 ipsec-tools (1:0.6.5-5) unstable; urgency=low * Fix "dereferencing type-punned...." gcc-4.1 FTBFS bug (closes: #361334). * Include updated French translation (closes: #338642). * Include swedish debconf translation (closes: #330569). * Fix racoon-tool tool braindead shutdown delay (closes: #332814). -- Ganesan Rajagopal Wed, 17 May 2006 17:03:11 +0530 ipsec-tools (1:0.6.5-4) unstable; urgency=low * Fixed FTBFS on another source file on 64-bit platforms. (closes: #359092). * Include samples directory in package. -- Ganesan Rajagopal Thu, 30 Mar 2006 14:30:45 +0530 ipsec-tools (1:0.6.5-3) unstable; urgency=low * Fixed FTBFS on 64-bit platforms (closes: #359092). -- Ganesan Rajagopal Mon, 27 Mar 2006 17:41:45 +0530 ipsec-tools (1:0.6.5-2) unstable; urgency=low * Enable GSSAPI/Kerberos 5 support (closes: #352040). -- Ganesan Rajagopal Sun, 26 Mar 2006 09:48:51 +0530 ipsec-tools (1:0.6.5-1) unstable; urgency=low * New upstream release. * Don't rerun bootstrap because upstream libtool problem is fixed. -- Ganesan Rajagopal Tue, 7 Feb 2006 13:40:27 +0530 ipsec-tools (1:0.6.4-1) unstable; urgency=low * New upstream release. * Apply racoon-tool patch to use modprobe instead of insmod (closes: #320087). * Rerun bootstrap because upstream libtool appears to be broken (configure breaks if g++ is not installed). -- Ganesan Rajagopal Tue, 24 Jan 2006 10:20:11 +0530 ipsec-tools (1:0.6.3-1) unstable; urgency=low * New upstream release with fix for CVE-2005-3732 (closes: #340584). -- Ganesan Rajagopal Mon, 28 Nov 2005 11:58:31 +0530 ipsec-tools (1:0.6.2-2) unstable; urgency=low * Fix build breakage with OpenSSL 0.9.8 (closes: #334669). -- Ganesan Rajagopal Mon, 31 Oct 2005 11:19:53 +0530 ipsec-tools (1:0.6.2-1) unstable; urgency=low * New upstream release. * Update FSF address in copyright. * Remove bashism in postinst. -- Ganesan Rajagopal Tue, 18 Oct 2005 10:30:53 +0530 ipsec-tools (1:0.6.1-1) unstable; urgency=low * New upstream release -- Ganesan Rajagopal Sun, 21 Aug 2005 13:24:15 +0530 ipsec-tools (1:0.6-2) unstable; urgency=low * Add debconf-2.0 as an alternate for debconf dependency. * Updated standards version. * Fixed racoonctl breakage (closes: #320535). -- Ganesan Rajagopal Sat, 13 Aug 2005 09:27:43 +0530 ipsec-tools (1:0.6-1) unstable; urgency=low * New upstream release. * Include Vietnamese translation for debconf template (closes: #312031). * Include Japanese translation for debconf template (closes: #309732). * Registering /etc/init.d/setkey in rcS.d before ifupdown (closes: #303451). -- Ganesan Rajagopal Wed, 29 Jun 2005 10:16:54 +0530 ipsec-tools (1:0.5.2-1) unstable; urgency=high * New upstream release. This release fixes ph2handle unlink bug (closes: #307233). * Urgency high because of fix for security problem with single DES. * Applied patch from Richard Lucassen to pass options to racoon via /etc/default/racoon file. -- Ganesan Rajagopal Wed, 4 May 2005 13:46:45 +0530 ipsec-tools (1:0.5.1-2) unstable; urgency=low * Disabled readline support because it introduces a bug in setkey and confuses a lot of people (closes: #303573). * Added Build-Conflicts for bison++ (closes: #305974). -- Ganesan Rajagopal Mon, 2 May 2005 10:18:04 +0530 ipsec-tools (1:0.5.1-1) unstable; urgency=low * New upstream release (closes: #305310). * Removed --enabled-stats while building (closes: #300718). * Removed --enable-ipv6 while build; this enables IPv6 automatically. (closes: #304000). -- Ganesan Rajagopal Tue, 19 Apr 2005 15:47:29 +0530 ipsec-tools (1:0.5-5) unstable; urgency=high * Fix ISAKMP Header Parsing DoS bug (closes: #299716). * Quote URL in README.Debian to avoid confusion (closes: #297179). -- Ganesan Rajagopal Wed, 16 Mar 2005 09:31:30 +0530 ipsec-tools (1:0.5-4) unstable; urgency=low * Fix typo in ipsec-tools.setkey.init (closes: #296912). -- Ganesan Rajagopal Sat, 26 Feb 2005 11:39:19 +0530 ipsec-tools (1:0.5-3) unstable; urgency=low * Renamed ipsec.conf to ipsec-tools.conf to avoid conflict with openswan (closes: #296079). * Fix bug in quotes handling for peers_certfile (closes: #296105). -- Ganesan Rajagopal Sun, 20 Feb 2005 21:51:41 +0530 ipsec-tools (1:0.5-2) unstable; urgency=low * Fix compile warnings to avoid build failures on 64-bit platforms. -- Ganesan Rajagopal Sat, 19 Feb 2005 10:03:27 +0530 ipsec-tools (1:0.5-1) unstable; urgency=low * New upstream stable release. * Forced to introduce epoch because I misunderstood how comparing version strings works (0.4999 > 0.5). I can't believe I screwed up this one :-(. * Added initscript to run setkey on boot (closes: #276970). * Renamed racoon.init.d to racoon.init as per dh_installinit documentation. * Added note in README.Debian that racoon-tool may lag behind in features. * Included racoon.conf samples directory. * Added note in sample racoon.conf that it will not be used if racoon-tool is used. -- Ganesan Rajagopal Fri, 18 Feb 2005 11:00:23 +0530 ipsec-tools (0.4999pre0.5rc2-3) unstable; urgency=low * Added libssl-dev to build-deps (closes: #295263). * Updated racoon-tool.pl to handle certtype for peers_certfile (closes: #295035). * Escape quote ('"') characters in racoon-tool.pl to prevent messing up syntax highlighting in emacs. -- Ganesan Rajagopal Thu, 17 Feb 2005 14:34:06 +0530 ipsec-tools (0.4999pre0.5rc2-2) unstable; urgency=low * Applied patch to support SPD levels and NAT traversl from Lockenvitz Jan EXT (closes: #277285). * Included debconf template Czech translation by Miroslav Kure (closes: #294779). -- Ganesan Rajagopal Mon, 14 Feb 2005 18:27:14 +0530 ipsec-tools (0.4999pre0.5rc2-1) unstable; urgency=low * New upstream release. * Redone packaging using debhelper. * Upstream supports Linux fwd policy (closes: #292850). * Source address patch applied upstream (closes: #289604). * Enabled NATT support (closes: #238795). * Removed empty racoon.conf (closes: #255124). * Fixed paths in man pages (closes: #276854). -- Ganesan Rajagopal Tue, 1 Feb 2005 13:55:37 +0530 ipsec-tools (0.3.3-7) unstable; urgency=low * Fixed fix memory leak in crypto_openssl.c (closes: #292732). * French translation already included (closes: #245583). * Brazilian portugese translation already included (closes: #262550). * We don't include a debbugs URL anymore (closes: #220089). -- Ganesan Rajagopal Tue, 1 Feb 2005 13:48:22 +0530 ipsec-tools (0.3.3-6) unstable; urgency=low * Taking over as maintainer from Matthew Grant with his approval. -- Ganesan Rajagopal Mon, 31 Jan 2005 20:52:43 +0530 ipsec-tools (0.3.3-5) unstable; urgency=low * Removed unneeded dependency on ed from control file, which I forgot to do. -- Matthew Grant Sat, 18 Dec 2004 16:14:10 +1300 ipsec-tools (0.3.3-4) unstable; urgency=medium * Didn't properly fix Bug #285103. This upload fixes it by adjusting the config scripts. Priority set to medium to make sure that the 3 RC bugs get cleared promptly from testing version. Removed use of ed as this tool is only used in racoon.postint, and is not needed by any package essential to run a firewall. -- Matthew Grant Sat, 18 Dec 2004 11:46:36 +1300 ipsec-tools (0.3.3-3) unstable; urgency=low * Fix use of 'find' in debian/rules. Thanks to Christian Ospelkaus for patch. (closes: #285788) * Fix use of $? after another command execution in if statement at line 2161 of racoon-tool. Thanks to shonorio@alpargatas.com.br for analysis. (closes: #285549) * debian/racoon.init.d: In stop target, pass option --name instead of --exec to start-stop-daemon to make sure old versions of the daemon are properly stopped even if a new version is already on disk. (closes: #285117) (Daniel Kobras ) * debian/racoon.{config,postinst}: Seed debconf settings from configuration file, and take care to preserve manual changes. (closes: #285103) (Daniel Kobras ) * debian/control: Add ed to racoon's dependencies as it is used in the postinst script. (Daniel Kobras ) -- Matthew Grant Thu, 16 Dec 2004 22:29:48 +1300 ipsec-tools (0.3.3-2) unstable; urgency=medium * Fix spelling mistake for 'available' in racoon init script. (closes: #249288) * Fixed URL in README.certificate (closes: #252513) * Fixed gzipping of under sized files (closes: #279739) * Added french debconf translation for racoon (closes: #245251) * Added pt_BR.po Brazilian Portuguese translation for raccon debconf (closes #262550) * Added German de.po for raccon debconf (closes: #263055) * Applied patch from Wilfried Weissmann who forwarded a fix for "initial_contact" spelling error (closes: #280837) * Fixed racoon-tool address type parsing bug. Fix forwarded by Kolja Waschk (closes: #269934) * Fixed racoon-tool port parsing bug with port numbers more than 3 chars. Patch from Jeremy Jackson (closes: #260875) * Fixed parsing of file paths delimited by optional double quotes. (closes: #257350) -- Matthew Grant Fri, 26 Nov 2004 08:34:17 +1300 ipsec-tools (0.3.3-1) unstable; urgency=high * Security upload. Updated to vesion 0.3.3 which fixes a "authentication bug in KAME's racoon" in eay_check_x509cert() (Bugtraq http://seclists.org/lists/bugtraq/2004/Jun/0219.html) (closes: #254663). * Fix for "racooninit" in racoon-tool.conf. Applied patch submitted by Teddy Hogeborn . (closes: #249222) * Stopped patching racoon.conf.5 manpage as the "Japlish" fix is now in the source tree. -- Matthew Grant Thu, 17 Jun 2004 09:05:50 +1200 ipsec-tools (0.3.1-4) unstable; urgency=low * Fixed autoconf more so that it only gets called by maintainer. This is to fix the woody backport support. -- Matthew Grant Thu, 22 Apr 2004 15:55:45 +1200 ipsec-tools (0.3.1-3) unstable; urgency=high * Security upload. Correct urgency so that it will be accepted into testing in 2 days because version in testing suffers from CAN-2004-0403 and CAN-2004-0155. * New upstrem release. Fixes remote DoS in racoon (CAN-2004-0403) (closes: #244182). Repeated for sake of BTS. -- Matthew Grant Thu, 22 Apr 2004 10:42:49 +1200 ipsec-tools (0.3.1-2) unstable; urgency=high * Security upload. Correct urgency so that it will be accepted into testing in 2 days because version in testing suffers from CAN-2004-0403 and CAN-2004-0155. * New upstrem release. Fixes remote DoS in racoon (CAN-2004-0403) (closes: #244182). Repeated for sake of BTS. -- Matthew Grant Thu, 22 Apr 2004 10:00:58 +1200 ipsec-tools (0.3.1-1) unstable; urgency=high (Fixes remote DoS CAN-2004-0403) * New upstrem release. Fixes remote DoS in racoon (CAN-2004-0403) (closes: #244182) * Enable shared libraries for libipsec - had been turned off upstream. * Removed support for GNU readline as there is definitely a licensing conflist, and it breadks the stdin processing of setkey which is needed for racoon-tool. * rpm building Makefile was causing a lot of grief by recursively calling toplevel makefile. Removed from configure.ac * Removed autoconf from build targets as rebuilding Makefile.in makes debian/rules clean target non-idempotent. * Security release, set urgency to high. -- Matthew Grant Thu, 22 Apr 2004 08:42:28 +1200 ipsec-tools (0.2.5-2) unstable; urgency=low * New upstream release. Fixes the the X509 security authentication bug. (CAN-2004-0155) Closes: #242327 * Finally worked out autoconf so that it is dependable. Package needs to use 2 DIFFERENT versions of autoconf so that it works! * Fixed some 'Japlish' in the racoon.conf.5 manpage. Closes: #235456 -- Matthew Grant Wed, 7 Apr 2004 16:05:34 +1200 ipsec-tools (0.2.5-1) unstable; urgency=low * Botched upload due to Ctrl-C-ing dupload... -- Matthew Grant Wed, 7 Apr 2004 13:18:03 +1200 ipsec-tools (0.2.4-3) unstable; urgency=low * Fixed start and stop being in the wrong order in legacy init.d target. Closes: #198755 * Rearranged racoon maintainer scripts starting and stopping of daemon. Dropped testing of kernel in postinst - test in init script is enough. Closes: #233642 * Reorganised the debconf screens as there was too many of them. Closes: #240056. Removal of one of the screens - Closes: #240010 * Installed a README.Debian in the racoon package, describing most things needed to get racoon starting properly. * Replaced racoon.conf with a far simpler one to make sure racoon has a good chance of starting properly. Closes: #209226 * Made sure packaged is autoconfed correctly. This was causing trouble when building with set CC, CPP and CFLAGS in environment. Closes: #229614 * Set racoon and ipsec-tools priorities to optional, shouldn't be extra. Closes: #212985 -- Matthew Grant Sun, 28 Mar 2004 23:19:16 +1200 ipsec-tools (0.2.4-2) unstable; urgency=low * Fix problem with do_patch do_unpatch not having execute bits set on dpkg-source -x causing build failures. Closes: Bug#239668 * Forgot to mention that upgrade to upstream does this: Closes: Bug#216650 * Upstream release also Closes: Bug#233642 Closes: Bug#231006, Bug#224960 * This build also Closes: Bug#230269, lintian checks found it! -- Matthew Grant Thu, 25 Mar 2004 22:32:34 +1200 ipsec-tools (0.2.4-1) unstable; urgency=low * Upload takes over maintainership of ipsec-tools. I have already emailed Wichert Akkerman , and he has said this is good and OK. * Converted templates to po-debconf. * Built support into debian/rules, templates and control files to allow easy building on woody as well as unstable. * Rebuilt autoconf and libtool using latest versions in sid. This should fix ARM compilation problems. * Ported to sid. * Included patches and portablilty in debian/rules to make building on either tons easier. -- Matthew Grant Wed, 24 Mar 2004 08:41:14 +1200 ipsec-tools (0.2.4-0.mag.4) unstable; urgency=low * Set up a quick and dirty patching scheme so that all changes are in debian directory. Make source tree easier to maintain. * Make a test build. -- Matthew Grant Mon, 22 Mar 2004 02:40:53 +0000 ipsec-tools (0.2.4-0.mag.3) unstable; urgency=low * Made it generate a .diff file. -- Matthew Grant Mon, 22 Mar 2004 01:51:20 +0000 ipsec-tools (0.2.4-0.mag.2) unstable; urgency=low * Added manpages for racoon-tool(8) and racoon-tool.conf(5) * Updated copyright file etc. * Fixed a lot of problems lintian detected. -- Matthew Grant Sun, 21 Mar 2004 21:01:07 +0000 ipsec-tools (0.2.4-0.mag.1) unstable; urgency=low * Fix install so that racoon goes into /usr/sbin. * Fix restart operation of racoon init script. * Set up debconf to either select racoon-tool or use direct editing of the configuration. Default to direct configuration mode. * Fix dependency generation for racoon package. * Fix racoon init scripts and posinst script to detect if a suitable kernel is installed. -- Matthew Grant Wed, 17 Mar 2004 00:34:24 +0000 ipsec-tools (0.2.4-0.mag.0) unstable; urgency=low * Updated to new upstream release. -- Matthew Grant Tue, 2 Mar 2004 03:05:17 +0000 ipsec-tools (0.2.2-8) unstable; urgency=low * Give libtool and auto* the deserved kick in the pants and upgrade them to newer versions which do not break on ARM. Closes: Bug#221553 -- Wichert Akkerman Wed, 19 Nov 2003 13:42:19 +0100 ipsec-tools (0.2.2-7) unstable; urgency=low * Tell configure that our kernel includes are in /usr/include. Closes: Bug#221380 * Stop using debian email address in changelog as well -- Wichert Akkerman Tue, 18 Nov 2003 11:13:48 +0100 ipsec-tools (0.2.2-6) unstable; urgency=low * Build using the new linux-kernel-headers package * Split out racoon into its own package -- Wichert Akkerman Fri, 14 Nov 2003 00:09:21 +0100 ipsec-tools (0.2.2-5) unstable; urgency=low * Update kernel headers so DES and 3DES work again with current kernels. -- Wichert Akkerman Mon, 23 Jun 2003 14:01:40 +0200 ipsec-tools (0.2.2-4) unstable; urgency=low * Fix logic error in init script which prevented racoon from being started * Update link to the PKIX certificate documentation * Use invoke-rc.d. Note that whoever decided its --query option should return 104 on an obvious success case should be shot. * Include GSSAPI copyright. Closes: Bug#192281 -- Wichert Akkerman Wed, 14 May 2003 11:21:47 +0200 ipsec-tools (0.2.2-3) unstable; urgency=low * Add libssl-dev Build-Depend. Closes: Bug#186750 * Add a Standards-Version. Closes: Bug#186748 * Update config.{guess,sub} to version from autotools-dev 20030110.1. Closes: Bug#186587 * Don't abort if make distclean fails. Closes: Bug#186751 -- Wichert Akkerman Sat, 29 Mar 2003 18:16:01 +0100 ipsec-tools (0.2.2-2) unstable; urgency=low * Add a real description and copyright * Install all racoon documentation * Install conffiles * Fix permissions, compress manpages * Properly restart and stop racoon on upgrade and removal -- Wichert Akkerman Sat, 22 Mar 2003 18:42:03 +0100 ipsec-tools (0.2.2-1) unstable; urgency=low * First trivial packaging -- Wichert Akkerman Sat, 15 Mar 2003 11:53:05 +0100