openswan (1:2.6.38-1) unstable; urgency=low

  [Harald Jenny]
  * New upstream release.
  * Removed format security patch by Moritz Muehlenhoff (applied upstream).
  * Added patch from upstream git to fix mast updown script.
  * Bumped Standards for all packages to 3.9.3 (no changes needed).
  * Added patch from upstream git to fix Android interoperability.
  * Added patch from upstream git to fix Cisco interoperability.
  * Added patch from upstream git to allow timestamps in stderr log.
  * Added patch from upstream git to fix some coding issues.
  * Added patch from upstream git to fix possible IKEv2 crash.
  * Added patch from upstream git to fix IPSec transport mode.
  * Added patch from upstream git to use ip route in startklips.

 -- Harald Jenny <harald@a-little-linux-box.at>  Fri, 29 Jun 2012 21:23:28 +0200

openswan (1:2.6.37-3) unstable; urgency=low

  * Actually need to pass CPPFLAGS to CFLAGS for the openswan Makefiles
    to use the hardening options. Thanks to Simon Ruderich for pointing
    this out. 
    Really Closes: #655139
  * Remove Build-Deps on man2html and htmldoc, they have not been used
    for a while now by the openswan Makefiles.

 -- Rene Mayrhofer <rmayr@debian.org>  Sun, 27 May 2012 10:03:00 +0200

openswan (1:2.6.37-2) unstable; urgency=low

  [Harald Jenny]
  * Finally migrated all patches to quilt, cleaned up debian rules file a
    little bit, removed build depedency on dpatch and corresponding lintian
    override.
  * Integrated patches for hardening build flags and missing format strings
    (thanks to Moritz Muehlenhoff for his patches), added required versioned
    build depedency on dpkg-dev and enabled all hardening options.
    Closes: #655139: Please enabled hardened build flags

 -- Harald Jenny <harald@a-little-linux-box.at>  Mon, 14 May 2012 22:22:55 +0200

openswan (1:2.6.37-1.1) unstable; urgency=low

  * Non-maintainer upload.
  * Fix pending l10n issues. Debconf translations:
    - Turkish (Atila KOÇ).  Closes: #660192
    - Danish (Joe Hansen).  Closes: #660263
    - Italian (Beatrice Torracca).  Closes: #660758
    - Polish (Michał Kułach).  Closes: #669711

 -- Christian Perrier <bubulle@debian.org>  Sat, 28 Apr 2012 07:17:18 +0200

openswan (1:2.6.37-1) unstable; urgency=HIGH

  [Harald Jenny]
  * New upstream release.
    Fixed pluto crypto helper handler vulnerability (CVE-2011-4073).
    Closes: #650674: [CVE-2011-4073] Openswan crypto helper crasher

 -- Harald Jenny <harald@a-little-linux-box.at>  Mon,  5 Dec 2011 09:05:27 +0100

openswan (1:2.6.36-1) UNRELEASED; urgency=medium

  [Harald Jenny]
  * New upstream release.
  * Adjusted one of the manpage patches for line break problems.
  * Removed pluto Makefile patch by Jari Aalto (fixed upstream).
  * Incorporated translation updates.
    Closes: #625277: openswan: [INTL:ja] Update po-debconf template translation
                     (ja.po)
    Closes: #633831: openswan: [INTL:nl] Dutch translation of debconf templates
  * Removed obsolete build depedency on libopensc2-dev (code already removed by
    upstream).
    Closes: #632449: openswan: obsolete build-dependency: libopensc2-dev

 -- Harald Jenny <harald@a-little-linux-box.at>  Sun, 16 Oct 2011 22:10:30 +0200

openswan (1:2.6.35-1) UNRELEASED; urgency=medium

  [Harald Jenny]
  * New upstream release.
    Closes: #639299: openswan: IP compression doesn't work
  * Adjusted one of the manpage patches for line break problems.
  * Removed some old documentation handling code from debian/rules.
  * Modified openswan-doc to cope with changes in upstream documentation
    directory structure and file list.
  * Bumped Standards for all packages to 3.9.2 (no changes needed).
  * Added build-arch and build-indep targets to please lintian.

 -- Harald Jenny <harald@a-little-linux-box.at>  Sun, 21 Aug 2011 22:07:29 +0200

openswan (1:2.6.34-1) UNRELEASED; urgency=medium

  [Harald Jenny]
  * New upstream release.
    Closes: #520671: openswan: Unable to specify a specific MTU on a vpn tunnel
    Closes: #626790: openswan-modules-dkms: Kernel modules doesn't compile
    LP: #733382: package openswan-modules-dkms 1:2.6.28 dfsg-5 failed to build

 -- Harald Jenny <harald@a-little-linux-box.at>  Wed,  8 Jun 2011 22:58:41 +0200

openswan (1:2.6.33-1) UNRELEASED; urgency=low

  [Harald Jenny]
  * New upstream release.
    Closes: #595809: openswan: Manpage error ipsec_rsasigkey(8)
    Closes: #623985: 2.6.33 version Bump Request
  * Dropped +dfsg from Debian version as upstream has removed some old unfree
    documentation allowing unmodified usage of their tarball.
  * Removed previously introduced exit code patch.

 -- Harald Jenny <harald@a-little-linux-box.at>  Tue,  1 Mar 2011 17:50:11 +0100

openswan (1:2.6.32+dfsg-1~experimental+1) UNRELEASED; urgency=low

  [Harald Jenny]
  * New upstream release.
  * Removed patch for bad NAME section and multibyte character issues by
    Jari Aalto (fixed upstream).
  * Removed patch to correct manpage section mismatch (included upstream).
  * Re-enabled, renamed and rewrote init script patch by Jari Aalto to set
    correct start runlevels for openswan.
  * Added patch from upstream git to use proper exit code in init script
    when running under Debian.

 -- Harald Jenny <harald@a-little-linux-box.at>  Wed, 22 Dec 2010 21:04:10 +0100

openswan (1:2.6.31+dfsg-1~experimental+1) UNRELEASED; urgency=low

  [Harald Jenny]
  * New upstream release.
    Closes: #612977: Warning: ignored obsolete keyword (null)
  * Removed previously cherry-picked regression fix.
  * Removed patch to fix duplicate init script installation (upstream
    implemented a different solution).
  * Removed some manpage fixes for spelling errors and utf characters by
    Jari Aalto (included upstream).
  * Renamed and modified manpage patch for bad NAME section and multibyte
    character issues by Jari Aalto.
  * Re-enabled, renamed and modified manpage fixes for line break problems
    by Jari Aalto.
  * Removed lintian override for debug package linking to openswan docs.
  * Added patch to correct manpage section mismatch.
  * Re-added cleaning of debconf DB to postrm (thanks to Simon Deziel for
    pointing me to his fix).

 -- Harald Jenny <harald@a-little-linux-box.at>  Tue,  2 Nov 2010 17:34:09 +0100

openswan (1:2.6.29+dfsg-1~experimental+1) UNRELEASED; urgency=low

  [Harald Jenny]
  * New upstream release.
    Fixes XAUTH Cisco handling code (CVE-2010-3302, CVE-2010-3308).
  * Removed 2.6.35 git patches as they are included in new upstream version.
  * Added patch to fix duplicate init script installation (reincarnation of
    #532348: openswan: installs dupliate init script /etc/init.d/setup).
  * Modified lintian override for long but unsplittable manpage line again.
  * Integrated upstream patch fixing regression introduced by security fixes.
  * Created patch to allow line break in manpage and removed corresponding
    lintian override.
  * Added ${misc:Depends} to doc package and removed override.
  * Changed Vcs-Fields as Debian project switched from svn to git.

 -- Harald Jenny <harald@a-little-linux-box.at>  Tue, 28 Sep 2010 10:56:41 +0200

openswan (1:2.6.28+dfsg-2~experimental+1) UNRELEASED; urgency=low

  [Harald Jenny]
  * Modified lintian override for long but unsplittable manpage line.
  * Do not include 2.6.34 SAref patches from upstream anymore as this version
    already disappeared from experimental.
  * Instead added 2.6.35 git patches for SAref feature and KLIPS
    compatibility.
    LP: #623367: package openswan-modules-dkms (not installed) failed to
                 install/upgrade: openswan kernel module failed to build
  * Bumped Standards for binary module package to 3.9.1 (no changes needed).
  * Added lintian override for docs in debug package.

 -- Harald Jenny <harald@a-little-linux-box.at>  Sun, 26 Sep 2010 22:48:12 +0200

openswan (1:2.6.28+dfsg-1) unstable; urgency=medium

  [Harald Jenny]
  * New upstream release.
    Closes: #566092: openswan: /usr/lib/ipsec/addconn does not like
                     defaultroutenexthop set to %direct
  * Removed 2.6.34 git patches as they are now included in upstream package.
  * Set urgency to medium due to important NETKEY fixes.

 -- Harald Jenny <harald@a-little-linux-box.at>  Sat, 31 Jul 2010 20:01:01 +0200

openswan (1:2.6.27+dfsg-1) UNRELEASED; urgency=low

  [Harald Jenny]
  * New upstream release.
    Closes: #357709: openswan: "ipsec showhostkey" doesn't understand X.509
                     certs
  * Disabled most patches for now and modified the rest due to manpage
    corrections from upstream.
  * Modified lintian override for long but unsplittable manpage line.
  * For security reasons change permission on /var/lib/openswan and
    /var/lib/openswan/ipsec.secrets.inc.
  * Removed old unused code from installation scripts.
  * Removed old unused changelog.
  * Limit the architectures where openswan's userspace and kernel binaries
    are available to linux-any.
  * Bumped Standards to 3.9.0 (no changes needed).
  * Include SAref patches in openswan-modules-source (2.6.32 from tar.gz,
    2.6.34 from git).
  * Made the dependency of the debug package on openswan versioned.
  * Fixed rules file of binary openswan-modules package to use dh_prep.
  * Incorporated translation updates.
    Closes: #590109: openswan [INTL:de] updated German debconf translation
  * Bumped Standards to 3.9.1 (no changes needed).
  * Added Replaces line for ike-server.

 -- Harald Jenny <harald@a-little-linux-box.at>  Thu, 29 Jul 2010 19:00:48 +0200

openswan (1:2.6.26+dfsg-2) UNRELEASED; urgency=low

  [Harald Jenny]
  * Modified patch to fix some more minor manpage lintian errors.
  * Added lintian override for long but unsplittable manpage line.
  * Incorporated translation update.
    Closes: #585598: openswan: [INTL:fr] French debconf translation update

 -- Harald Jenny <harald@a-little-linux-box.at>  Mon, 14 Jun 2010 01:33:53 +0200

openswan (1:2.6.26+dfsg-1) unstable; urgency=low

  [Harald Jenny]
  * New upstream release.
  * Removed some obsoleted patches.
  * Modified some patches for new upstream version.
  * Added preinstall script to remove old duplicate init script.
    Closes: #532348: openswan: installs dupliate init script /etc/init.d/setup
  * Added patch to fix segfault of showhostkey with encrypted key (thanks
    to Kevin Locke for his patch).
    Closes: #575757: openswan: showhostkey segfault with 3DES-encrypted host
                     key
  * Changes debian/rules to only omit permission fixing where it's really
    necessary.
    Closes: #389680: openswan: wrong permissions of /etc/ipsec.d/examples
  * Removed orphaned conflict with freeswan (not shipped anymore).

  [Rene Mayrhofer]
  * Openswan package now provides ike-server and conflicts with it.
    Closes: #537762: openswan: pluto fails to start without manual
                     "modprobe ip_gre"
    Closes: #583334: racoon and openswan: error when trying to install
                     together

 -- Harald Jenny <harald@a-little-linux-box.at>  Mon, 31 May 2010 23:11:12 +0200

openswan (1:2.6.25+dfsg-1) unstable; urgency=low

  [Harald Jenny]
  * Removed some obsoleted patches.
  * Modified some patches for new upstream version.
  * Adapted copyright file to include all used licenses.
  * Added two upstream patches to fix userspace code for KLIPS (thanks to
    David McCullough for his patch).
  * Added some lintian overrides for wrong copyright messages.
  * Removed support for 2.4 kernel versions in openswan-modules packages.
    Closes: #276521: openswan-modules-source: ipsec_aes.o & ipsec_cryptoapi.o
                     not kernel modules
  * Rewrote parts of README.Debian.
    Closes: #585549: openswan-modules-source: Build instructions outdated and
                     not working anymore
  * Incorporated translation updates.
    Closes: #527586: [INTL:es] Spanish debconf template translation for
                     openswan
    Closes: #537430: [l10n] Czech translation for openswan
    Closes: #570022: [INTL:sv] Swedish strings for openswan debconf
    Closes: #579303: [INTL:sv] Swedish strings for openswan debconf
    Closes: #570788: [I18N, DE] Updated german debconf translation for
                     openswan
    Closes: #580452: openswan [INTL:de] updated German debconf translation
    Closes: #575140: openswan: [INTL:fr] French debconf templates translation
                     update
    Closes: #579199: openswan: [INTL:vi] Vietnamese debconf templates
                     translation update
    Closes: #579381: openswan: [INTL:vi] Vietnamese debconf templates
                     translation update
    Closes: #581501: openswan: [INTL:vi] Vietnamese debconf templates
                     translation update
    Closes: #580437: openswan: [INTL:pt] Updated Portuguese translation for
                     debconf messages
    Closes: #581253: openswan: [INTL:pt] Updated Portuguese translation for
                     debconf messages
    Closes: #581561: openswan: [INTL:ru] Russian debconf templates
                     translation update

  [Rene Mayrhofer]
  * New upstream release.
  * Polished README.Debian, NEWS.Debian, and other documentation files.

 -- Harald Jenny <harald@a-little-linux-box.at>  Sun,  2 May 2010 18:15:33 +0200

openswan (1:2.6.24+dfsg-2) UNRELEASED; urgency=low

  [Harald Jenny]
  * Fixed init script to correctly provide ipsec satisfying lintian.
    Closes: #539121: NMU patch used for version 1:2.6.22+dfsg-1.1
    Closes: #537335: Fix LSB header in programs/setup/setup.in to fix init.d
		     script
  * Switch to dpkg-source 3.0 (quilt) format
  * Cleaned up duplicate html-pages and move documentation to openswan-doc
    package satisfying lintian.
  * Removed plain rsa key creation from openswan package as nowadays X.509
    certificates are commonly used.
    Closes: #446556: openswan installation takes a very long time without any
                     warning
    Closes: #523339: openswan: Openswan security update creates a second host
                     key in /etc/ipsec.secrets
  * Enhanced X.509 certificate import by making it possible to integrate a
    RootCA file.
  * Modified X.509 menus to reflect changes in create/import procedures.

 -- Harald Jenny <harald@a-little-linux-box.at>  Wed, 17 Mar 2010 03:11:00 +0100

openswan (1:2.6.24+dfsg-1) UNRELEASED; urgency=medium

  [Harald Jenny]
  * New upstream release.
    LP: #731680: xl2tpd ko
  * Removed bash-patch for scripts as problem is fixed upstream.
  * Removed dependency on xmlto as this processing is now done upstream.
  * Added fix from Ubuntu to compile with gcc-4.4 (thanks to Fabrice
    Coutadeur for his patch).
    Closes: #505600: [PATCH] FTBFS with GCC 4.4: dereferencing type-punned
		     pointer will...
  * Modified package descriptions.
  * Remove two directories after build process to satisfy lintian.
  * Modified template wording.
  * Added three upstream git patches to fix some bugs in KLIPS.
  * Added patch for manpage to fix lintian error.
  * Removed orphaned opportunistic encryption question from package.
  * Fix some duplicated and mangled manpages.
  * Fixed some little lintian issues.
  * Fixed some little issues in module-building-process.
  * Recommend module-assistant and linux-headers for module-source package.
  * Fixed package dependencies.
  * Dropped NAT-T patches as they are no longer need for kernels >= 2.6.23.
  * Dropped old compatibility code for translations.
  * Dropped possibility to select between different Start/Stop-Levels as the
    current system startup already handles such situations.
  * Changed building of plain RSA key to store it in a separate file under
    /var/lib/openswan and then include it in /etc/ipsec.secrets (idea taken
    from strongswan package).
    Closes: #561473: prompting due to modified conffiles which where not
		     modified by the user
  * Fix postinstall script when using existing X.509 certificates (thanks to
    Kevin Locke for his patch).
    Closes: #572849: openswan: postinst fails with existing certificates
  * Dropped ancient code for fixing wrong legacy RSA keys.
  * Added a debug package for openswan.
    Closes: #477677: Missing dbg version of the package
  * Added a dkms package for openswan-modules to simplify KLIPS deployment
    for normal users (ideas and code taken from batman-adv-dkms and
    sl-modem-source)

  [Jari Aalto]
  * debian/control
    - (Build-Depends): Remove coreutils (E: lintian).
      Add version 7.1 to debhelper (W: lintian).
    - (Standards-Version): Update to 3.8.4.
    - (Vcs-*): Add version control headers.
    - (openswan::Depends): Add ${misc:Depends} (W: lintian).
    - (openswan-dbg::Depends): Add ${misc:Depends} (W: lintian).
    - (openswan-dbg::Description): Extend description string to (W: lintian).
    - (openswan-modules-source::Depends): Add ${misc:Depends} (W: lintian).
    - (openswan-modules-dkms::Depends): Add ${misc:Depends} (W: lintian).
  * debian/patches
    - (number 10): Add LSB dependency $remote_fs (E: lintian).
    - (number 29): Fix bashism n programs/_startklips/_startklips.in
      (important; Closes: #530155). Note: in the bug report is
      also reported bashism in programs/_realsetup.bsd/_realsetup.in, but
      that is false positive. The code in line 268 is correct. The place is
      just too complex for checkbashisms(1) to check correctly. File
      programs/_realsetup.bsd/_realsetup.in comes clean from "dash -nx".
    - (number 30): programs/rsasigkey/rsasigkey.8:
      Fix Invalid or incomplete multibyte or wide characters invalid
      combination of <U+0080><U+0099>. (minor; Closes: #464620).
    - (number 31): programs/_updown/_updown.8:
      Fix Invalid or incomplete multibyte or wide characters. See above,
    - (number 33): Add missing lib to fix Gcc 4.4 build
      programs/pluto/fetch.c:393: error: undefined reference to 'ber_free'.
      (minor; Closes: #555950).
    - (number 35): Fix all Perl *.pl patch to /usr/bin/perl (W: lintian).
    - (number 40) programs/_confread/ipsec.conf.5. Fix spelling (W: lintian).
      Fix groff error in line 1006: warning [p 12, 8.7i]: can't break line.
    - (number 42) programs/lwdnsq/lwdnsq.8:: Fix spelling (I: lintian).
    - (number 43) programs/pluto/ipsec.secrets.5: Fix spelling (I: lintian).
    - (number 44) programs/_updown/_updown.8: Fix spelling (I: lintian).
    - (number 45) programs/barf/barf.8: Fix spelling (I: lintian).
    - (number 46) programs/pluto/pluto.8: Fix spelling (W: lintian).
      Fix groff error in line 47: groff error in line 47 (can't break line).
    - (number 47) programs/eroute/eroute.8: Fix lines 17-21 groff
      warning [p 1, 1.5i]: can't break line (W: lintian).
    - (number 48) programs/auto/auto.8:
      Fix groff line 36 warning [p 1, 4.3i]: can't break line
      (W: lintian)
    - (number 50) The big-bang patch to change 51 files to fix incorrect
      TH and NAME entries and incorrect wide character codes \'s.
      (W: lintian manpage-has-bad-whatis-entry). (minor; Closes: #493755).
    - (number 60) lib/libopenswan/x509dn.c: Fix spelling (W: lintian).
    - (number 61) programs/pluto/ocsp.c: Fix spelling (W: lintian).
    - (number 62) linux/net/ipsec/pfkey_v2_build.c: Fix spelling (W: lintian).
    - (number 63) programs/pluto/ikev2_x509.c: Fix spelling (W: lintian).
    - (number 64) programs/eroute/eroute.c: Fix spelling (W: lintian).
    - (number 65) programs/pluto/demux.c: Fix spelling (W: lintian).
    - (number 70) packaging/utils/kernelpatching.sh:
      Add missing shebang line (W: lintian).
  * debian/README.source
    - New file (W: lintian).
  * debian/rules
    - Remove EOL whitespaces.
    - (clean): fix debian-rules-ignores-make-clean-error (W: lintian).
    - (install-openswan): change dh_clean -k to dp_prep (W: lintian).
      Remove empty directory usr/bin (I: lintian).
    - (install-openswan-modules-dkms): chmod 755 all *.sh and *pl
      (W: lintian). Remove empty debian dir (W: lintian). Set permissions
      of setup and sshenv to 644 (W: lintian executable-not-elf-or-script).
    - (install-openswan-modules-source): chmod 644 sshenv setup (W: lintian).
  * debian/openswan.postinst
    - (Warn): new function.
    - (Error): new function.
    - (configure): Add if-checks for non-existing cert files that may
      cause problems. Add --verbose to cp(1). Send errors to stderr.
      (post-installation script returns error; normal; Closes: #309692).

  [Rene Mayrhofer]
  * Fixed copyright issue to satisfy lintian.
  * Polish descriptions and texts in control and debconf templates.
  * Added Harald Jenny as Uploader.

 -- Harald Jenny <harald@a-little-linux-box.at>  Thu, 11 Mar 2010 12:02:33 +0100

openswan (1:2.6.23+dfsg-1) unstable; urgency=low

  * New upstream release.
    Closes: #551565: openswan: new version 2.6.23 is available -
		     resolves problem with SA refcount
    Closes: #539121: NMU patch used for version 1:2.6.22+dfsg-1.1
    Closes: #532348: openswan: installs dupliate init script
		     /etc/init.d/setup
    Closes: #542657: prompting due to modified conffiles which where
                     not modified by the user

 -- Rene Mayrhofer <rmayr@debian.org>  Mon, 19 Oct 2009 12:12:46 +0200

openswan (1:2.6.22+dfsg-1.1) unstable; urgency=low

  * Non-maintainer upload.
  * Fix LSB header in programs/setup/setup.in to fix init.d script
    (Closes: #537335).

 -- Petter Reinholdtsen <pere@debian.org>  Wed, 29 Jul 2009 09:58:51 +0200

openswan (1:2.6.22+dfsg-1) unstable; urgency=HIGH

  Urgency high because of security release.
  * New upstream release. Closes a security bug in the ASN.1 parser (no
    CVE number at this time).
    Closes: #528747: [FTBFS] cannot build with kernel 2.6.29-2-686
  * The linux-patch-openswan package is no longer built, as this new
    upstream release no longer requires a kernel patch for proper NAT-T
    support with KLIPS (thanks to Harald Jenny).
    Closes: #535876: linux-patch-openswan: bashism in /bin/sh script

 -- Rene Mayrhofer <rmayr@debian.org>  Tue, 23 Jun 2009 09:34:17 +0200

openswan (1:2.6.21+dfsg-2) unstable; urgency=low

  * The new upstream release should also compile with newer Debian
    kernels.
    Closes: #522112: openswan-modules-source: Fails to build with kernel
		     2.6.26
  * Removed ununsed scripts in linux-patch-openswan that have security
    issues.
    Closes: #496376: The possibility of attack with the help of symlinks
		     in some Debian packages

 -- Rene Mayrhofer <rmayr@debian.org>  Tue, 21 Apr 2009 10:02:14 +0200

openswan (1:2.6.21+dfsg-1) unstable; urgency=low

  * New upstream release
    Closes: #521949: CVE-2009-0790: DoS

 -- Rene Mayrhofer <rmayr@debian.org>  Thu, 09 Apr 2009 17:05:39 +0200

openswan (1:2.6.20+dfsg-6) unstable; urgency=low

  * Fix DoS issue via malicious Dead Peer Detection packet. Thanks to the
    security team for providing the patch.
    Closes: #521949: CVE-2009-0790: DoS
    Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone
    to a denial of service attack via a malicious packet.

 -- Rene Mayrhofer <rmayr@debian.org>  Tue, 31 Mar 2009 09:56:06 +0000

openswan (1:2.6.20+dfsg-5) unstable; urgency=low

  * Mea culpa (again). Fix the fix.
    Closes: #520082: openswan: reincarnation
  * Correct the build dependency for openswan-modules-source. Thanks
    to Harald Jenny for the patch.

 -- Rene Mayrhofer <rmayr@debian.org>  Fri, 27 Mar 2009 07:39:12 +0100

openswan (1:2.6.20+dfsg-4) unstable; urgency=low

  * Backticks got messed up when applying last patch to init script to
    check for user id instead of / being writable.
    Closes: #520082: openswan: init script bug: "permission denied (must
		     be superuser)"

 -- Rene Mayrhofer <rmayr@debian.org>  Sun, 22 Mar 2009 10:21:38 +0100

openswan (1:2.6.20+dfsg-3) unstable; urgency=low

  * Actually, mark ipsec.conf and ipsec.secrets as conffiles but avoid
    editing them. Sorry for the blunder, reverting the last patch.
  * The last upload was also messed up in terms of source package
    (the orig.tar.gz was missing, so it was erroneously created as
    native source).

 -- Rene Mayrhofer <rmayr@debian.org>  Thu, 12 Mar 2009 19:08:51 +0100

openswan (1:2.6.20+dfsg-2) unstable; urgency=low

  * Fix a few problems caused by changes in upstream packaging, e.g. to
    no longer require no_oe.conf hackery as there is now a config file
    option. Removed debconf question for now (commented out, actually).
    Closes: #515098: overwrites local configuration
  * No longer advertise the debian-openswan@gibraltar.at mailing list as
    support address, as I have deleted it. My personal email address
    should be used again.
  * I agree that md[25].[ch] are sufficiently compatible with distribution
    in this Debian package according to http://www.ietf.org/ietf/IPR/RSA-MD-all.
    IANAL, but as far as I judge the situation, there is no license issue.
    Closes: #405363: openswan: contains non-free files
  * Updated Swedish debconf translation
    Closes: #518498: [INTL:sv] Swedish strings for openswan debconf
  * Add libcurl4-openssl-dev to the list of Build-Dep alternatives and
    remove lynx, which is no longer required for building.
  * Explicitly remove directories /etc/ipsec.d and /var/run/pluto on purge.
    Closes: #455112: openswan -- Doesn't purge all files after piuparts
		     Install+Upgrade+Purge test
  * Don't check if / is writable in init script. This doesn't make sense
    for readonly filesystems.
    Closes: #499837: Will not start when / is mounted read only
  * No longer mark ipsec.conf and ipsec.secrets as conffiles, as they
    are modified by postinst. Although I don't particularly like this
    method of patching DEBIAN/conffiles, I don't have a better solution
    right now. Thus take patch from Mathieu Parent.
    Closes: #515095:  programmatically modifies a conffile
  Integrated cleanup patch, also thanks to Mathieu Parent:
  * Add 'rm -rf OBJ.*' in clean target.
    Closes: #517703: openswan_1:2.6.20+dfsg-1(mipsel/unstable): FTBFS with
		     -rsudo
  * clean generated doc/manpage.d/*.html and doc/index.html

 -- Rene Mayrhofer <rmayr@debian.org>  Thu, 12 Mar 2009 15:29:40 +0100

openswan (1:2.6.20+dfsg-1) unstable; urgency=low

  * New upstream release. This no longer ships the fswcert tool, so skip
    building and installing it in the Debian package as well.
    Closes: #315559: openswan: sometimes does not use ipsec.o module but
                     uses af_key.o module
    Closes: #405601: /etc/init.d/ipsec stop doesn't work correctly
    Closes: #487566: ipsec livetest fails due to missing file
    Closes: #524184: openswan: %any does not work in ipsec.secrets
    Closes: #564054: Pluto fails with error status 134 (signal 6)
    LP: #246713: openswan-modules-source pkg does not compile with m-a

 -- Rene Mayrhofer <rmayr@debian.org>  Sat, 28 Feb 2009 19:39:16 +0000

openswan (1:2.4.12+dfsg-1) unstable; urgency=low

  * New upstream release that should compile with newer kernels again.
    Closes: #439977: openswan-modules-source: Is not compatible with
		     kernel >=2.6.22
    Closes: #359183: openswan: Unable to use "ike=" and "leftxauthclient=yes"
		     simultaneously
    LP: #228274: openswan creates "rundir" and "subsysdir"
    Dropping patch from openswan BTS included in 1:2.4.9+dfsg-3, which
    has been added upstream.
  * Pull in NMU patch.
    Closes: #463361: openswan: ldap_init implicitly converted to pointer
  * Added Finnish debconf translation.
    Closes: #472504: [INTL:fi] Finnish translation of the debconf templates
  * Updated Japanese debconf translation.
    Closes: #463320: openswan: [INTL:ja] Update po-debconf template
		     translation (ja.po)
  * Updated French debconf translation.
    Closes: #461841: openswan: [INTL:fr] French debconf templates
		     translation update
  * Added Galician debconf translation.
    Closes: #474627: [INTL:gl] Galician debconf template translation for
		     openswan
  * Added Russian debconf translation.
    Closes: #475047: openswan: [INTL:ru] Russian debconf templates translation
  * Sigh, another service to users by removing documentation. Removed
    anything the looks like an RFC or an RFC draft again. Obviously, this
    seems the most critical bug for this package, so I actually considered
    increasing urgency - after all, we are fixing an RC bug here...
    Closes: #451110: Source package contains non-free IETF RFC/I-D's
  * According to http://bugs.xelerance.com/view.php?id=849, 2.4.10 should
    fix this assertion failure (although the upstream bug report has not
    been closed). Please reopen if the problem still persists (and if not,
    please also tell upstream so that they can close their own bug report).
    Closes: #443525: openswan: pluto dies with ASSERTION FAILED at
		     kernel.c:2237: c->kind == CK_PERMANENT || c->kind ==
		     CK_INSTANCE

 -- Rene Mayrhofer <rmayr@debian.org>  Sun, 30 Mar 2008 10:24:54 +0200

openswan (1:2.4.9+dfsg-3.1) unstable; urgency=low

  * Non-maintainer upload.
  * Define LDAP_DEPRECATED to continue use of deprecated LDAP functions.
    Closes: #463361: ldap_init implicitly converted to pointer

 -- dann frazier <dannf@debian.org>  Mon, 10 Mar 2008 09:46:09 -0600

openswan (1:2.4.9+dfsg-3) unstable; urgency=low

  * Include upstream patch to make %defaultroute work with PPP uplinks
    in certain cases.
    Closes: #449512: openswan: defaultroute with PPP does not work
    LP: #227294: defaultroute with PPP does not work

 -- Rene Mayrhofer <rmayr@debian.org>  Sun, 20 Jan 2008 13:36:50 +0100

openswan (1:2.4.9+dfsg-2) unstable; urgency=low

  * Remove spaces before question marks in debconf template. Mea culpa,
    I read the patch wrong when looking at it. debconf-updatepo seems to have
    done the right thing in updating .po files with the "new" question
    strings, so I don't think translators need to change anything.

 -- Rene Mayrhofer <rmayr@debian.org>  Sat, 27 Oct 2007 11:18:14 +0200

openswan (1:2.4.9+dfsg-1) unstable; urgency=low

  * New upstream release.
  * Add German debconf translation, but do not apply the patch to the English
    template. I do not agree that a space should be placed before a question
    mark, but feel free to correct me with references to some grammar material.
    Closes: #406029: openswan: [INTL:de] German po-debconf template translation
  * Add Spanish debconf translation.
    Closes: #443613: [INTL:es] Spanish po-debconf template translation
  * Drop the fileutils dependency, and thus no longer care about backports to
    woody.
    Closes: #368723: openswan: Cleanup of dependencies (fileutils)

 -- Rene Mayrhofer <rmayr@debian.org>  Fri, 26 Oct 2007 16:37:31 +0200

openswan (1:2.4.8-dfsg-1) unstable; urgency=low

  * New upstream release.
    Closes: #335074: openswan: ipsec.conf manpage doesn't include
		    {left|right}sourceip
    Closes: #357718: ipsec.conf(5): automatic and manual keying options are
		     not disjoint
    Closes: #357708: openswan: ipsec.secrets(5) does not document X.509 format
  * Include Portugese debconf translation.
    Closes: #426927: openswan: [INTL:pt] Portuguese translation for debconf
		     messages
  * Also remove .gitignore files in addition to the other cruft when building
    the binary package.
    Closes: #413914: shipping gitignore file
		     /usr/share/doc/openswan/doc/.gitignore

 -- Rene Mayrhofer <rmayr@debian.org>  Wed, 04 Jul 2007 20:59:35 +0100

openswan (1:2.4.6+dfsg.2-1) unstable; urgency=low

  * Acknowledge our-priority-are-the-users-thus-remove-docs NMU (nothing
    personal, but documentation usually tends to be useful).
    Closes: #390656
  * Recommend linux-source instead of kernel-source.
    Closes: #394664: Recommends unavailable kernel-source
  * Update Japanese debconf translation.
    Closes: #393176: openswan: [INTL:ja] Updated Japanese po-debconf
		     template translation (ja.po)
  * Build-depend on po-debconf.
  * Stop invoking /etc/init.d/ipsec directly in prerm. Use invoke-rc.d.

 -- Rene Mayrhofer <rmayr@debian.org>  Mon,  6 Nov 2006 19:07:36 +0000

openswan (1:2.4.6+dfsg.2-0.1) unstable; urgency=low

  * NMU
  * Remove additional non-free draft RFCs from upstream tarball.
    Closes: #390656

 -- Joey Hess <joeyh@debian.org>  Sun, 15 Oct 2006 17:52:57 -0400

openswan (1:2.4.6+dfsg-1) unstable; urgency=low

  * New upstream release.
  * Acknowledge the last 2 NMUs:
    Closes: #370752: diff for 1:2.4.5+dfsg-0.1 NMU
    Closes: #363375: kernel-patch-openswan: Patched linux-source-2.6.16 fails to compile
    Closes: #365196: [NONFREE-DOC] Package contains IETF RFC/I-D
    Thanks to Steinar for his NMUs!
  * Add a call to debconf-updatepo to the clean target of debian/rules, as suggested in
    the bug report.
    Closes: #372917: openswan: debconf-updatepo has not been launched
  * Update the Dutch debconf translation.
    Closes: #378415: [INTL:nl] Updated dutch po-debconf translation
  * Removed the 01-ipcomp_hippi.dpatch again, this has been incorporated upstrean.

 -- Rene Mayrhofer <rene@mayrhofer.eu.org>  Wed, 23 Aug 2006 22:06:52 +0100

openswan (1:2.4.5-4) unstable; urgency=low

  * Removed the dependency on MAKEDEV, it does not seem to be used any
    more. Thanks to Marco d'Itri for pointing it out.

 -- Rene Mayrhofer <rmayr@debian.org>  Sat,  3 Jun 2006 21:11:44 +0100

openswan (1:2.4.5+dfsg-0.2) unstable; urgency=low

  * Non-maintainer upload.
  * debian/patches/01-ipcomp_hippi.dpatch: Fix net/ipsec/ipcomp.c so it no
    longer attempts to copy the "private" field of a struct_skbuff when
    CONFIG_HIPPI is enabled; it was removed after 2.6.13, and this broke
    compilation with 2.6.16, linux-patch-openswan and CONFIG_HIPPI.
    (Closes: #363375)

 -- Steinar H. Gunderson <sesse@debian.org>  Fri,  9 Jun 2006 19:52:22 +0200

openswan (1:2.4.5+dfsg-0.1) unstable; urgency=low

  * Non-maintainer upload.
  * Remove doc/rfc394[78].txt and doc/draft-*.txt from upstream tarball
    to get rid of non-DFSG free documentation. (Closes: #365196)

 -- Steinar H. Gunderson <sesse@debian.org>  Tue,  6 Jun 2006 18:42:09 +0200

openswan (1:2.4.5-3) unstable; urgency=low

  * Renamed kernel-patch-openswan to linux-patch-openswan.
  * Removed the remarks in the package descriptions that linux-patch-openswan
    and openswan-modules-source will only work with 2.4 series kernels. This
    is no longer true.
  * Use updated French translation. Thanks to Christian Perrier and sorry for
    not giving time to update the translations before the last upload. I felt
    that the FTBFS should be corrected quickly.
    Closes: #364399: openswan: [INTL:fr] French debconf templates translation

 -- Rene Mayrhofer <rmayr@debian.org>  Sun, 23 Apr 2006 21:47:53 +0100

openswan (1:2.4.5-2) unstable; urgency=low

  * The NMU patch doesn't seem to have applied to debian/control,
    because the dependency was still on libopensc1-dev. Fixed that now
    by adding libopensc2-dev.
    Closes: #363073: openswan_1:2.4.5-1: FTBFS: Build depends on
		     libopensc1-dev
  * Added the patch to fix alignment issues on Sparc, as upstream acknowledged
    it and applied it to their development tree.
    Closes: #341630: openswan: Pluto crypto helper gets SIGBUS on SPARC due
		     to request memory alignment issue

 -- Rene Mayrhofer <rmayr@debian.org>  Mon, 17 Apr 2006 14:53:37 +0100

openswan (1:2.4.5-1) unstable; urgency=low

  * New upstream release. This release adds support for patching newer kernel
    versions. Verified that the patched kernel tree compiles with Debian
    kernel sources 2.6.15-8 and 2.6.16-6.
    Closes: #361800: kernel-patch-openswan: Fails to patch Debian 2.6.15
		     kernel
    It also adds the patches for an IPSec/L2TP server behind a NAT.
    Closes: #307529: More patches for openswan server behind NAT
    Closes: #353792: openswan nat-t failure
    And additionally there are (according to upstream changelogs) fixes for
    running on SMP systems. If the following bug still persists (can not test
    myself), then please reopen.
    Closes: #343603: kernel-patch-openswan: Starting IPSEC makes system freeze
    The patch to fix the snmpd crash is also in this upstream version (just
    checked linux/net/ipsec/ipsec_tunnel.c). It was probably in older versions
    as well, so this might have been closed earlier. It's not mentioned in
    upstream changelog, so I don't know exactly when it has been fixed.
    Closes: #318298: kernel-patch-openswan: Kernel Oops - Null Dereference
		     when using snmpd
    The ipsec.conf manual page has been updated to document connaddrfamily.
    Closes: #296611: openswan: "man -S 5 ipsec.conf" fails to mention the
		     parameter "connaddrfamily"
  * Acknowledge fixes in last NMU - thanks to Christian.
    Closes: #352050: openswan: FTBFS: Package libopensc1-dev has no
		     installation candidate
    Closes: #356716: openswan: Incomplete clean when building
    Closes: #316693: openswan_1/2.2.0-10
    Closes: #339390: openswan: [INTL:sv] Swedish debconf templates translation
  * Enable building of XAUTH support.
  * Import override files from /etc/default instead of /etc/sysconfig. This
    uses dpatch, so now Build-Depend on it.
    Closes: #354965: openswan: /usr/lib/ipsec/_updown uses /etc/sysconfig/,
		     please change to /etc/default/
  * Only ask if an existing certificate/private key pair should be used when
    the user chose not to create a new key pair. Also mention, when asking to
    create a new key pair, that an existing one can be used alternatively.
    Closes: #298250: confusing debconf question about certificate creation
  * Move the USE_LDAP, USE_LIBCURL, and HAVE_THREADS options from the
    "make install" to the "make programs" call where it belongs.
    Closes: #292838: openswan: Dynamic CRL fetching not supported
  * Remove /usr/share/doc/openswan/index.html, because it is a duplicate of
    /usr/share/doc/openswan/doc/index.html, and only the latter one has links
    to existing files.
    Closes: #311613: openswan: html documentation links to the wrong place
    Closes: #357719: broken links in file:///usr/share/doc/openswan/index.html
    Closes: #357698: broken links in file:///usr/share/doc/openswan/index.html
  * Add #ifdef to linux/net/ipsec/ipsec_init.c to branch between Debian and
    vanilla 2.4 kernels. For Debian kernels with the XFRM (26sec) backport,
    a second option is necessary for inet_(add|del)_protocol. This should
    allow KLIPS to compile on both Debian and vanilla 2.4 kernels. Verified
    that it compiles with Debian 2.4.27-12 and vanilla 2.4.32.
    Closes: #340294: openswan-modules-source: fails to build with 2.4.27 on
		     sarge
    Closes: #342844: kernel-patch-openswan: FTBS with kernel-source-2.4.27
		     2.4.27-11
  * Document in README.Debian that KLIPS for 2.4 kernels will not compile with
    newer GCC versions and give a hint on how to use older versions with
    make-kpkg.
  * Kernel 2.6.8 is not properly supported and is horribly outdated by now.
    If you really need to use 2.6.8, then please use the native 26sec IPSec
    stack. For KLIPS support, use at least 2.6.12, or better 2.6.15.
    Closes: #318136: kernel-patch-openswan: Problem applying
		     kernel-openswan-patch to kernel-source-2.6.8
  * Compress the modules source tree with bzip2 instead of gzip and thus
    reduce the size of the openswan-modules-source package.

 -- Rene Mayrhofer <rmayr@debian.org>  Sat, 15 Apr 2006 21:36:36 +0100

openswan (1:2.4.4-3.1) unstable; urgency=high

  * Non-maintainer upload with maintainer's agreement
  * Fix FTBFS by replacing the build dependency on libopensc1-dev to
    libopensc2-dev. Closes: #352050
  * Really clean when building
    Closes: #356716
  * Correct typos and English errors in templates
    Unfuzzy translations
    Closes: #316693
  * Swedish debconf templates translation added
    Closes: #339390

 -- Christian Perrier <bubulle@debian.org>  Thu, 16 Mar 2006 06:10:05 +0100

openswan (1:2.4.4-3) unstable; urgency=low

  * Corrected PATCHNAME in the kernel-patch-openswan unpatch script.
    Closes: #344852: kernel-patch-openswan: PATCHNAME=openswan in apply script
		     but =freeswan in unpatch

 -- Rene Mayrhofer <rmayr@debian.org>  Tue, 27 Dec 2005 10:38:33 +0000

openswan (1:2.4.4-2) unstable; urgency=low

  * Build-depend on libkrb5-dev.
    Closes: #344612: openswan: pluto has shared library dependency on
		     libkrb5support.so

 -- Rene Mayrhofer <rmayr@debian.org>  Mon, 26 Dec 2005 11:22:17 +0000

openswan (1:2.4.4-1) unstable; urgency=high

  Reasoning for urgency high: DoS security issues.
  * New upstream version. This is supposed to fix the other part of the DoS
    problem.

 -- Rene Mayrhofer <rmayr@debian.org>  Fri, 18 Nov 2005 19:23:49 +0000

openswan (1:2.4.3-1) unstable; urgency=high

  Reasoning for urgency high: DoS security issues.
  * New upstream version.
    Closes: Bug#339082: kernel-patch-openswan: ISAKMP implementation
	    problems / DoS

 -- Rene Mayrhofer <rmayr@debian.org>  Tue, 15 Nov 2005 15:49:44 +0000

openswan (1:2.4.0-3) unstable; urgency=low

  * Doh. Forgot to merge the new debconf depends from my openswan 2.2.0
    package branch. Now again change the debconf depends to debconf |
    debconf-2.0.
    Closes: #332055: openswan depends on debconf without | debconf-2.0
		     alternate; blocks cdebconf transition
  * Also build-depend on the new libssl (>= 0.9.8-1) now to help the
    transition. If you recompile this package for woody/sarge, you can safely
    ignore this versioned build-dependency. No new API is needed this is just
    for the ABI transition.

 -- Rene Mayrhofer <rmayr@debian.org>  Mon, 10 Oct 2005 11:22:12 +0100

openswan (1:2.4.0-2) unstable; urgency=low

  * Module building has changed a bit for the new openswan upstream
    releases (need additional files). Adapt the openswan-modules-source
    package to that and also fix pfkey_v2.c to compile with kernel 2.4
    (patches sent to upstream for future inclusion).
    Closes: #291274: Fails to build with 2.4.29: missing Makefile
    Closes: #273443: openswan-modules-source: doesn't build with 2.6.8 -
		     different from #273144 (?)
  * Fix the postinst script (must have been a bash update that broke it).
    Closes: #330864: openswan: postinst fails with "`make-x509-cert': not a
		     valid identifier"

 -- Rene Mayrhofer <rmayr@debian.org>  Fri, 30 Sep 2005 18:11:28 +0100

openswan (1:2.4.0-1) unstable; urgency=low

  * New upstream release. This finally allows the Debian packages to be
    updated since the regression from 2.2.X to 2.3.X has been fixed (pluto
    crash with roadwarriors). Please be aware that pluto daemons from 2.2 or
    2.3 openswan release will still crash, so please update all your
    installations as soon as possible.
    Closes: #292132: openswan: OpenSwan 2.2.0 crashes when a road-warrior
		     comes in using 2.3.0
    This release also supports KLIPS with 2.6 kernels now.
    Closes: #301801: kernel-patch-openswan: Fails to build with Debian
		     2.6.10 source
	    #273443: openswan-modules-source: doesn't build with 2.6.8 -
		     different from #273144 (?)
	    #318136: kernel-patch-openswan: Problem applying
		     kernel-openswan-patch to kernel-source-2.6.8
  * Fixed gcc 4 compile for fswcert (patch will be forwarded to upstream).
  * Added Vietnamese debconf translation.
    Closes: #316692: INTL:vi
  * Introduced the epoch in this branch to allow automatic updates from the
    previously downgraded 2.2 release.
  * Edited the debian/copyright file to mention the shared GPL path and
    removed old licenses (only refer to CREDITS now).

 -- Rene Mayrhofer <rmayr@debian.org>  Mon, 19 Sep 2005 13:40:30 +0100

openswan (2.3.1-1) unstable; urgency=high

  Urgency HIGH because openswan is an important package for testing (at least
  in my opinion...).
  * New upstream version. This update should fix the various crashes
    that openswan 2.3.0 pluto was causing on other openswan boxes
    (occured in the wild with 2.2.0 and 2.3.0, but might also happen
    with others) in some cases.
    Closes: #292132: openswan: OpenSwan 2.2.0 crashes when a road-warrior
	    comes in using 2.3.0
  * Adapt to the new way of building modules (which changed between upstream
    version 2.2.0 and 2.3.0). openswan-modules-source should now build with
    2.4 and with 2.6 kernels (using make-kpkg).
    Closes: #291274: Fails to build with 2.4.29: missing Makefile
    Closes: #276521: openswan-modules-source: ipsec_aes.o & ipsec_cryptoapi.o
	    not kernel modules
  * Also enable building of 2.6 kernel modules in openswan-modules-source.
    Closes: #273443: openswan-modules-source: doesn't build with 2.6.8 -
	    different from #273144 (?)
  * kernel-patch-openswan also needed some changes due to the new tree
    layout (specifically the new Makefile.top). Now kernel-patch-openswan
    has been enabled to work with kernel 2.6, so you can now get ipsecX
    interfaces with kernel 2.6 (tested with vanilla 2.6.10)!
    Closes: #301801 kernel-patch-openswan: Fails to build with Debian 2.6.10
	    source
  * There was no reply by the original bug submitter, so this really seemed
    to be a toolchain problem. I can't reproduce this bug.
    Closes: #283387: openswan: Fails to build on testing (Sarge)
  * The build-dependency has already been updated from libcurl2-dev to
    libcurl3-dev in package 2.3.0-1. Now updated it to
    libcurl3-dev | libcurl2-dev so that backporting to woody is easier.
    Closes: #298468 openswan fails to build on sarge due to missing
	    libcurl2-dev dependancy
  * The same goes for libopensc*-dev.
  * Fixed typos in the logcheck ignore files.
    Closes: #298693: openswan: logcheck files - typo
  * Updated debconf translations.
    Closes: #290847: openswan: [INTL:fr] French debconf templates translation
    Closes: #292077: [INTL:pt_BR] Please apply the attached patch in order to
	    update openswan's pt_BR debconf translation
    Closes: #294202: [l10n] Czech po-debconf template translation (cs.po)
  * Removed the source code for the fswcert utility from the debian/ dir in
    the source package - it is now included in the upstream source under
    programs/.
  * Removed the conflicts with ike-server (still providing it though).
    Closes: #297186: openswan: Remove conflict on ike-server
  * Don't conflict with freeswan generally, but only with versions < 2.04-12.
    (This is in preparation of the freeswan transition package that I am
    working on.)
  * Explicitly remove the execute permissions from /etc/ipsec.d/policies/*.
    Closes: #298245: wrong permissions in /etc
  * No longer need gawk for openswan scripts to work. This allows to finally
    removed the awk-to-gawk hack in debian/rules and means that openswan no
    longer depends on gawk.
  * Enable the building of pluto code for dynamic URL fetching (which needs
    libldap2-dev and libcurl3-dev) and the XAUTH PAM support. Therefore, we
    now build-depend on libpam0g-dev.
    Closes: #292838: openswan: Dynamic CRL fetching not supported

 -- Rene Mayrhofer <rmayr@debian.org>  Sat,  9 Apr 2005 17:56:16 +0200

openswan (2.3.0-2) unstable; urgency=HIGH

  Urgency HIGH due to security issue and problems with build-deps in sarge.
  * Fix the security issue. Please see
    http://www.idefense.com/application/poi/display?id=190&type=vulnerabilities&flashstatus=false
    or CAN-2005-0162 at
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0162
    for more details. Thanks to Martin Schulze for informing me about this
    issue.
    Closes: #292458: Openswan XAUTH/PAM Buffer Overflow Vulnerability
  * Added a Build-Dependency to lynx.
    Closes: #291143: openswan: FTBFS: Missing build dependency.

 -- Rene Mayrhofer <rmayr@debian.org>  Thu, 27 Jan 2005 16:10:11 +0100

openswan (2.3.0-1) unstable; urgency=low

  * New upstream release.
    Important change: aes-sha1 is now the default proposal (but 3des-md5 is
    still supported if the other side requests it). Please look at
    /usr/share/doc/openswan/docs/RELEASE-NOTES for details.
  * Includes KLIPS support for kernel 2.6 for the first time, but I have not
    yet modified openswan-modules-source to cope with that. If somebody wants
    to lend me a hand to address #273443, it would be more than welcome.
  * This release includes a fix for the reported snmpd crash
    (in ipsec_tunnel.c). Many thanks to Nate Carlson for pointing this out.
    Closes: #261892: openswan: System crashes when snmpd runs at the same time
  * Update Build-Depends from libopensc0-dev to libopensc1-dev.
    Closes: #289600: openswan: can't fulfill the build dependencies
  * Update Build-Depends from libcurl2-dev to libcurl3-dev.
  * Include Japanese debconf translation and fix a typo in the master.
    Closes: #288996: openswan: Japanese po-debconf template translation
	    (ja.po) and typo in template.pot
  * Auto-apply the NAT Traversal patch with kernel-patch-openswan again. This
    was changed by openswan (the freeswan version included the NAT-T patch
    automatically). Thus, the patch is now applied before inserting the KLIPS
    part.
  * Include a ready-to-use NAT-T diff in the openswan-modules-source package
    so that anybody who uses this package still has the option of using NAT
    Traversal (though this means patching the kernel anyway, and kind of
    makes the out-of-tree compilation senseless). However, Debian 2.4 series
    kernels should already have NAT-T applied.
  * Document the above two changes in the package descriptions and
    README.Debian.

 -- Rene Mayrhofer <rmayr@debian.org>  Thu, 13 Jan 2005 09:30:45 +0100

openswan (2.2.0-5) unstable; urgency=low

  * Added more explanations to README.Debian on how to build the kernel
    modules with either openswan-modules-source or kernel-patch-openswan.

 -- Rene Mayrhofer <rmayr@debian.org>  Sat, 16 Oct 2004 13:11:48 +0200

openswan (2.2.0-4) unstable; urgency=medium

  Urgency medium to get this version into sarge - it fixes a bug that turned
  up on some machines and prevented openswan from starting.
  * no_oe.conf will work when there are spaces at the end, many thanks to
    Hans Fugal for figuring that out!
    Closes: #270012: openswan: Fails to start after Installation
	    (/etc/ipsec.d/examples/no_oe.conf problem?)
    I am now sending this towards upstream so that it should hopefully get
    fixed for the next release - it's a bit awkward for a config file.
  * Fixed a minor aesthetical issue in openswan.postinst: when a plain RSA key
    is already present in ipsec.secrets and a new one is being created, a
    needless line was printed. Silenced by adding -q to egrep.

 -- Rene Mayrhofer <rmayr@debian.org>  Sun,  3 Oct 2004 20:57:22 +0200

openswan (2.2.0-3) unstable; urgency=low

  * Also added flex to Build-Depends, the new starter (replacement for
    the init scripts, but not yet active) needs it to build.
    Closes: #272935: openswan_2.2.0-1(ia64/unstable): FTBFS: missing
		     build-depends
    Closes: #273241: openswan: FTBFS: Missing Build-Depends on 'flex'
  * Adapted the rules file of openswan-modules-source to cope with the new
    upstream source code - need to generate a C file from a template before
    the ipsec module can be built.
    Closes: #273144: openswan-modules-source: linux/net/ipsec/version.c
		     neither created nor compiled
  * Enabled the building of modular extensions (AES and cryptoapi) by default
    for openswan-modules-source. Also enabled the AES cipher in addition to
    3DES (this is directly in the ipsec.o kernel module, the modular
    extensions version is an alternative to this).

 -- Rene Mayrhofer <rmayr@debian.org>  Fri, 24 Sep 2004 12:38:47 +0200

openswan (2.2.0-2) unstable; urgency=low

  * Added bison to Build-Depends.

 -- Rene Mayrhofer <rmayr@debian.org>  Thu, 23 Sep 2004 15:18:51 +0200

openswan (2.2.0-1) unstable; urgency=medium

  * New upstream version:
    - Introduces AES support, which is the reason for urgency medium. AES
      should definitly go into sarge.
    - Adds RFC 3706 DPD (dead peer detection) support, see
      /usr/share/doc/openswan/docs/README.DPD for details.
    This adds the last missing piece (AES) to replace the freeswan package
    completely. As of now, freeswan is officially unsupported and will soon
    be removed from Debian. Please upgrade to openswan, which should not cause
    any issues. Configuration files and certificates are completely compatible.
    Closes: #270012: openswan: Fails to start after Installation
		     (/etc/ipsec.d/examples/no_oe.conf problem?)
	    I can no longer reproduce this problem on a fresh install of
	    2.2.0-1.
    Closes: #260120: openswan: Patch fixing #256391 breaks the autogenerated
		     certificate
	    The new X.509 patch included in this upstream release (no longer
	    patched by the Debian package) should fix this too.
    Closes: #246828: /etc/ipsec.conf refers to invalid URLs
	    The default ipsec.conf file distributed by upstream no longer
	    refers to an URL.
  * Fixed a thinko in the postinst script that prevented the correct insertion
    of plain RSA keys into /etc/ipsec.secrets (i.e. not using X.509
    certificates). Fixed now.
    Closes: #268742: openswan: Plain RSA key not successfully written to
		     ipsec.secrets
  * Adapt to the new way of openswan handling the disabling of opportunistic
    encryption. In the default ipsec.conf distributed with upstream openswan,
    OE is now disabled (which changes the previous default). Adapted the
    postinst script so that it can now enable and disable OE support based on
    the debconf option.
    Closes: #268743: openswan: fails to respect debconf OE setting
  * Updated the French and Brazilian Portugese debconf translations.
    Closes: #256457: openswan: [INTL:fr] French debconf templates translation
    Closes: #264246: openswan: [INTL:pt_BR] Please use the attached Brazilian
		     Portuguese debconf template translation
  * Patched debian/fswcert/fswcert.c to compile cleanly with gcc-3.4. Thanks
    to Andreas Jochens for the patch!
    Closes: #262663: openswan: FTBFS with gcc-3.4: label at end of compound
		     statement
  * Documented how to build the KLIPS kernel part with either the
    kernel-patch-openswan or the openswan-modules-source packages.
    Closes: #246819: Needs documentation on how to build the kernel modules
  * Bump Standards-Version to 3.6.1.0, no changes necessary.

 -- Rene Mayrhofer <rmayr@debian.org>  Tue, 21 Sep 2004 18:13:52 +0200

openswan (2.1.5-1) unstable; urgency=medium

  * New upstream release, which fixes another potential security issue.

 -- Rene Mayrhofer <rene@mayrhofer.eu.org>  Sun,  5 Sep 2004 18:00:40 +0200

openswan (2.1.3-1) unstable; urgency=HIGH

  Urgency high because of a possibly security issue.
  * New upstream version. This includes the CRL fix form 2.1.1-5 and the
    proper activation of NAT traversal in Makefile.inc.
    Closes: #253457: Openswan: new upstream available that includes xauth
    Closes: #253458: Openswan: new upstream available that includes xauth
    Closes: #253461: Openswan: new upstream available
    Closes: #253782: openswan: Should automatically load kernel module
		     xfrm_user
    But I have currently not explicitly enabled xaut support in Makefile.inc,
    quoting from there: "off by default, since XAUTH is tricky, and you can
    get into security trouble". If it needs to be enabled to work, please tell
    me and I will need to take a far closer look on it (and the involved
    problems).
    This new upstream version also fixes a possible security issue in the
    X.509 certificate authentication.
  * The last upload didn't seem to have hit the archives, strange...
    However, the bugs are still fixed, closing them now.
    Closes: #245450: openswan should not depend on
	    kernel-image-2.4 || kernel-image-2.6
    Closes: #246847: openswan: shouldn't conflict with ike-server
    Closes: #246373: openswan: [INTL:fr] French debconf templates translation

 -- Rene Mayrhofer <rene@mayrhofer.eu.org>  Thu, 17 June 2004 12:22:45 +0200

openswan (2.1.1-5) unstable; urgency=low

  * Applied a patch from openswan CVS to fix CRL related crashes.
  * Drop the dependency on kernels it works with - the package description
    already says that it will need kernel support to work. This allows people
    to easily use self-compiled kernels with the right support (e.g. 2.6.5).
    Closes: #245450: openswan should not depend on
	    kernel-image-2.4 || kernel-image-2.6
  * While I'm at it, also replace the various Suggests: *freeswan* with
    openswan. Oops.
  * openswan conflicts with ike-server because only one ike-server can be
    active at any given time (it will listen on UDP port 500). This policy
    has been agreed to by all Debian IPSec package maintainers and implemented
    in all ike-server providing packages.
    Closes: #246847: openswan: shouldn't conflict with ike-server
  * Took the debconf translations from the freeswan package and "ported" them
    via debconf-updatepo. Thanks to Christian Perrier for mentioning that it
    was this easy.
    The templates should now be correct (all instances of FreeS/wan replaced
    by Openswan).
    Closes: #246373: openswan: [INTL:fr] French debconf templates translation

 -- Rene Mayrhofer <rene@mayrhofer.eu.org>  Tue, 18 May 2004 19:46:24 +0200

openswan (2.1.1-4) unstable; urgency=low

  * Fixed the kernel-patch-openswan apply script.
  * Warning: Due to an upstream bug, pluto from this version will dump core
    on certain CRLs. If you are hit by this bug, please report it directly to
    upstream, they are still tracking the issue down.


 -- Rene Mayrhofer <rene@mayrhofer.eu.org>  Thu, 15 Apr 2004 09:50:32 +0200

openswan (2.1.1-3) unstable; urgency=low

  * Also build the openswan-modules-source and kernel-patch-openswan
    packages now.
  * Fixed _startklips in combination with the native IPSec stack - many thanks
    to Nate Carlson for the patch.

 -- Rene Mayrhofer <rene@mayrhofer.eu.org>  Wed, 31 Mar 2004 19:33:49 +0200

openswan (2.1.1-2) unstable; urgency=low

  * Took the package as official maintainer.
  * Updated all relevant packaging stuff to the level of freeswan 2.04-9,
    including auto-generation of X.509 certificates and insertion in
    ipsec.secrets. This also corrects the libexec path in some scripts.

 -- Rene Mayrhofer <rene@mayrhofer.eu.org>  Wed, 31 Mar 2004 11:23:46 +0200

openswan (2.1.1-1) unstable; urgency=low

  * Initial version - packaging based on Rene Mayrhofer's
    FreeS/WAN packaging

 -- Alexander List <alexlist@sbox.tu-graz.ac.at>  Sun, 21 Mar 2004 21:47:53 +0100

Local variables:
mode: debian-changelog
End:
