Change log for openswan package in Ubuntu
| 1 → 38 of 38 results | First • Previous • Next • Last |
| Deleted in utopic-release (Reason: (From Debian) RoQA; unmaintained, RC-buggy; Debian bug #7...) |
| Published in trusty-release |
| Obsolete in saucy-release |
| Obsolete in raring-release |
| Deleted in raring-proposed (Reason: moved to release) |
openswan (1:2.6.38-1) unstable; urgency=low [Harald Jenny] * New upstream release. * Removed format security patch by Moritz Muehlenhoff (applied upstream). * Added patch from upstream git to fix mast updown script. * Bumped Standards for all packages to 3.9.3 (no changes needed). * Added patch from upstream git to fix Android interoperability. * Added patch from upstream git to fix Cisco interoperability. * Added patch from upstream git to allow timestamps in stderr log. * Added patch from upstream git to fix some coding issues. * Added patch from upstream git to fix possible IKEv2 crash. * Added patch from upstream git to fix IPSec transport mode. * Added patch from upstream git to use ip route in startklips. -- Harald Jenny <email address hidden> Fri, 29 Jun 2012 21:23:28 +0200
Available diffs
- diff from 1:2.6.37-3 to 1:2.6.38-1 (170.4 KiB)
openswan (1:2.6.37-3) unstable; urgency=low
* Actually need to pass CPPFLAGS to CFLAGS for the openswan Makefiles
to use the hardening options. Thanks to Simon Ruderich for pointing
this out.
Really Closes: #655139
* Remove Build-Deps on man2html and htmldoc, they have not been used
for a while now by the openswan Makefiles.
-- Rene Mayrhofer <email address hidden> Sun, 27 May 2012 10:03:00 +0200
Available diffs
- diff from 1:2.6.37-2 to 1:2.6.37-3 (916 bytes)
| Superseded in quantal-release |
openswan (1:2.6.37-2) unstable; urgency=low
[Harald Jenny]
* Finally migrated all patches to quilt, cleaned up debian rules file a
little bit, removed build depedency on dpatch and corresponding lintian
override.
* Integrated patches for hardening build flags and missing format strings
(thanks to Moritz Muehlenhoff for his patches), added required versioned
build depedency on dpkg-dev and enabled all hardening options.
Closes: #655139: Please enabled hardened build flags
-- Harald Jenny <email address hidden> Mon, 14 May 2012 22:22:55 +0200
Available diffs
- diff from 1:2.6.37-1.1 to 1:2.6.37-2 (6.8 KiB)
| Superseded in quantal-release |
openswan (1:2.6.37-1.1) unstable; urgency=low
* Non-maintainer upload.
* Fix pending l10n issues. Debconf translations:
- Turkish (Atila KOÇ). Closes: #660192
- Danish (Joe Hansen). Closes: #660263
- Italian (Beatrice Torracca). Closes: #660758
- Polish (Michał Kułach). Closes: #669711
-- Christian Perrier <email address hidden> Sat, 28 Apr 2012 07:17:18 +0200
Available diffs
- diff from 1:2.6.37-1 to 1:2.6.37-1.1 (14.0 KiB)
openswan (1:2.6.28+dfsg-5squeeze1build0.11.04.1) natty-security; urgency=low * fake sync from Debian
Available diffs
openswan (1:2.4.9+dfsg-1ubuntu0.1) hardy-security; urgency=low
* SECURITY UPDATE: symlink attack through predictable filenames in /tmp
- debian/patches/02-fix-unsecure-tmp-file.dpatch: change
programs/livetest/livetest.in to use mktemp for temporary file creation.
Patch taken from Debian openswan 1:2.4.12+dfsg-1.3 package.
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374
* SECURITY UPDATE: denial of service attack via malicious Dead Peer Detection
packet
- debian/patches/03-CVE-2009-0790.dpatch: adjust programs/pluto/demux.c to
check for a possbile NULL value. Patch taken from Debian openswan
1:2.4.12+dfsg-1.3+lenny1 package.
- CVE-2009-0790
* SECURITY UPDATE: denial of service attack via specially crafted X.509
certificate
- debian/patches/04-CVE-2009-2185.dpatch: create include/oswtime.h and
modify programs/pluto/asn1.c as well as lib/libopenswan/optionsfrom.c to
do proper checks on certificate objects length. Patch taken from Debian
openswan 1:2.4.12+dfsg-1.3+lenny2 package.
- CVE-2009-2185
* SECURITY UPDATE: denial of service attack via deliberately interrupted
IPSec connection attempt
- debian/patches/05-2.4.9-CVE-2011-4073.dpatch: change
programs/pluto/ikev1_continuations.h and programs/pluto/ikev1_quick.c to
check for vanished ISAKMP SA in Quick Mode negotiation. Patch taken from
Debian openswan 1:2.4.12+dfsg-1.3+lenny3 package and slightly modified.
- CVE-2011-4073
(LP: #917754)
-- Harald Jenny <email address hidden> Tue, 17 Jan 2012 16:53:31 +0100
Available diffs
openswan (1:2.6.37-1) unstable; urgency=HIGH
[Harald Jenny]
* New upstream release.
Fixes pluto crypto helper handler vulnerability (CVE-2011-4073).
Closes: #650674: [CVE-2011-4073] Openswan crypto helper crasher
-- Harald Jenny <email address hidden> Mon, 5 Dec 2011 09:05:27 +0100
Available diffs
openswan (1:2.6.28+dfsg-5ubuntu2) oneiric; urgency=low
* Remove unused variables that caused GCC errors with
-Werror=unused-but-set-variable.
-- Colin Watson <email address hidden> Wed, 17 Aug 2011 13:13:40 +0100
Available diffs
| Superseded in oneiric-release |
openswan (1:2.6.28+dfsg-5ubuntu1) oneiric; urgency=low
* Drop libopensc2-dev from Build-Depends; that library is now private to
opensc, and no longer appears to be used by openswan in any case.
-- Colin Watson <email address hidden> Wed, 17 Aug 2011 01:05:30 +0100
Available diffs
openswan (1:2.6.28+dfsg-5) unstable; urgency=medium
[Harald Jenny]
* Fix exit value of previously added init script error checking patch so
it complies with Debian policy.
* Set urgency to medium due to reject of freeze exception for previously
uploaded package version.
-- Ubuntu Archive Auto-Sync <email address hidden> Sat, 25 Dec 2010 10:35:35 +0000
Available diffs
- diff from 1:2.6.28+dfsg-4 to 1:2.6.28+dfsg-5 (603 bytes)
| Superseded in natty-release |
openswan (1:2.6.28+dfsg-4) unstable; urgency=medium
[Harald Jenny]
* Picked up patch from 2.6.29 to fix issue with L2TP and transport mode
IPSec.
* Created patch to allow line break in manpage and removed corresponding
lintian override.
* Added ${misc:Depends} to doc package and removed override.
* Set urgency to medium due to backported NETKEY patch.
* Added two other CVE numbers to previous changelog entry.
* Picked up patch from 2.6.30 to fix issue with Windows XP L2TP connect.
* Added a patch to enhance the init script's error checking when doing
start/restart/reload (forwarded upstream for inclusion).
* Removed lintian override for debug package linking to openswan docs.
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 29 Nov 2010 11:25:48 +0000
Available diffs
| Superseded in natty-release |
openswan (1:2.6.28+dfsg-3) unstable; urgency=HIGH
[Harald Jenny]
* Integrated upstream patch fixing regression introduced by the previous
security patch.
Available diffs
openswan (1:2.6.28+dfsg-1) unstable; urgency=medium * New upstream release * Removed 2.6.34 git patches as they are now included in upstream package. * Set urgency to medium due to important NETKEY fixes.
Available diffs
- diff from 1:2.6.26+dfsg-1 to 1:2.6.28+dfsg-1 (228.1 KiB)
| Superseded in maverick-release |
openswan (1:2.6.26+dfsg-1) unstable; urgency=low
[Harald Jenny]
* New upstream release.
* Removed some obsoleted patches.
* Modified some patches for new upstream version.
* Added preinstall script to remove old duplicate init script.
Closes: #532348: openswan: installs dupliate init script /etc/init.d/setup
* Added patch to fix segfault of showhostkey with encrypted key (Thanks
to Kevin Locke for his patch).
Closes: #575757: openswan: showhostkey segfault with 3DES-encrypted host
key
* Changes debian/rules to only omit permission fixing where it's really
necessary.
Closes: #389680: openswan: wrong permissions of /etc/ipsec.d/examples
* Removed orphaned conflict with freeswan (not shipped anymore).
[Rene Mayrhofer]
* Openswan package now provides ike-server and conflicts with it.
Closes: #583334: racoon and openswan: error when trying to install
together
-- Ubuntu Archive Auto-Sync <email address hidden> Sat, 05 Jun 2010 11:29:11 +0100
Available diffs
- diff from 1:2.6.25+dfsg-1 to 1:2.6.26+dfsg-1 (77.0 KiB)
| Superseded in maverick-release |
openswan (1:2.6.25+dfsg-1) unstable; urgency=low
[Harald Jenny]
* Removed some obsoleted patches.
* Modified some patches for new upstream version.
* Adapted copyright file to include all used licenses.
* Added two upstream patches to fix userspace code for KLIPS (Thanks to
David McCullough for his patch).
* Added some lintian overrides for wrong copyright messages.
* Removed support for 2.4 kernel versions in openswan-modules packages.
* Rewroted parts of README.Debian.
* Incorporate translation updates.
Closes: #527586: [INTL:es] Spanish debconf template translation for
openswan
#537430: [l10n] Czech translation for openswan
#570022: [INTL:sv] Swedish strings for openswan debconf
#579303: [INTL:sv] Swedish strings for openswan debconf
#570788: [I18N, DE] Updated german debconf translation for
openswan
#580452: openswan [INTL:de] updated German debconf translation
#575140: openswan: [INTL:fr] French debconf templates translation
update
#579199: openswan: [INTL:vi] Vietnamese debconf templates
translation update
#579381: openswan: [INTL:vi] Vietnamese debconf templates
translation update
#581501: openswan: [INTL:vi] Vietnamese debconf templates
translation update
#580437: openswan: [INTL:pt] Updated Portuguese translation for
debconf messages
#581253: openswan: [INTL:pt] Updated Portuguese translation for
debconf messages
#581561: openswan: [INTL:ru] Russian debconf templates
translation update
[Rene Mayrhofer]
* New upstream release.
* Polished README.Debian, NEWS.Debian, and other documentation files.
Available diffs
openswan (1:2.4.12+dfsg-1.3+lenny2build0.8.10.1) intrepid-security; urgency=low * fake sync from Debian -- Jamie Strandboge <email address hidden> Tue, 06 Oct 2009 13:51:45 -0500
Available diffs
openswan (1:2.4.12+dfsg-1.3+lenny2build0.9.04.1) jaunty-security; urgency=low * fake sync from Debian -- Jamie Strandboge <email address hidden> Tue, 06 Oct 2009 10:01:39 -0500
Available diffs
openswan (1:2.6.22+dfsg-1.1ubuntu1) karmic; urgency=low * Build with -fno-strict-aliasing against gcc 4.4 fix ftbfs LP: #436540
Available diffs
| Superseded in karmic-release |
openswan (1:2.6.22+dfsg-1) unstable; urgency=HIGH
Urgency high because of security release.
* New upstream release. Closes a security bug in the ASN.1 parser (no
CVE number at this time).
Closes: #528747: [FTBFS] cannot build with kernel 2.6.29-2-686
* The linux-patch-openswan package is no longer built, as this new
upstream release no longer requires a kernel patch for proper NAT-T
support with KLIPS (thanks to Harald Jenny).
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 25 Jun 2009 07:44:16 +0100
Available diffs
| Superseded in karmic-release |
openswan (1:2.6.21+dfsg-2) unstable; urgency=low
* The new upstream release should also compile with newer Debian
kernels.
Closes: #522112: openswan-modules-source: Fails to build with kernel
2.6.26
* Removed ununsed scripts in linux-patch-openswan that have security
issues.
Closes: #496376: The possibility of attack with the help of symlinks
in some Debian packages
Available diffs
openswan (1:2.4.12+dfsg-1.3) unstable; urgency=high
* Non-maintainer upload.
* Fix insucure /tmp file creation. Patch by Frank Lichtenheld
(untested from his own words but better this than nothing)
Closes: #496374
* Fix pending l10n bugs. Debconf translations:
* Czech. Closes: #489437
Available diffs
| Superseded in intrepid-release |
openswan (1:2.4.12+dfsg-1) unstable; urgency=low
* New upstream release that should compile with newer kernels again.
Closes: #439977: openswan-modules-source: Is not compatible with
kernel >=2.6.22
Dropping patch from openswan BTS included in 1:2.4.9+dfsg-3, which
has been added upstream.
* Pull in NMU patch.
Closes: #463361: openswan: ldap_init implicitly converted to pointer
* Added Finnish debconf translation.
Closes: #472504: [INTL:fi] Finnish translation of the debconf templates
* Updated Japanese debconf translation.
Closes: #463320: openswan: [INTL:ja] Update po-debconf template
translation (ja.po)
* Updated French debconf translation.
Closes: #461841: openswan: [INTL:fr] French debconf templates
translation update
* Added Galician debconf translation.
Closes: #474627: [INTL:gl] Galician debconf template translation for
openswan
* Added Russian debconf translation.
Closes: #475047: openswan: [INTL:ru] Russian debconf templates translation
* Sigh, another service to users by removing documentation. Removed
anything the looks like an RFC or an RFC draft again. Obviously, this
seems the most critical bug for this package, so I actually considered
increasing urgency - after all, we are fixing an RC bug here...
Closes: #451110: Source package contains non-free IETF RFC/I-D's
* According to http://bugs.xelerance.com/view.php?id=849, 2.4.10 should
fix this assertion failure (although the upstream bug report has not
been closed). Please reopen if the problem still persists (and if not,
please also tell upstream so that they can close their own bug report).
Closes: #443525: openswan: pluto dies with ASSERTION FAILED at
kernel.c:2237: c->kind == CK_PERMANENT || c->kind ==
CK_INSTANCE
openswan (1:2.4.9+dfsg-1build1) hardy; urgency=low * Rebuild for the libldap-2.3-0 -> libldap-2.4-2 transistion. -- Steve Kowalik <email address hidden> Thu, 24 Jan 2008 23:52:43 +1100
| Superseded in hardy-release |
openswan (1:2.4.9+dfsg-1) unstable; urgency=low
* New upstream release.
* Add German debconf translation, but do not apply the patch to the English
template. I do not agree that a space should be placed before a question
mark, but feel free to correct me with references to some grammar material.
Closes: #406029: openswan: [INTL:de] German po-debconf template translation
* Add Spanish debconf translation.
Closes: #443613: [INTL:es] Spanish po-debconf template translation
* Drop the fileutils dependency, and thus no longer care about backports to
woody.
Closes: #368723: openswan: Cleanup of dependencies (fileutils)
-- Ubuntu Archive Auto-Sync <email address hidden> Sat, 27 Oct 2007 22:23:29 +0100
| Superseded in hardy-release |
openswan (1:2.4.8-dfsg-1) unstable; urgency=low
* New upstream release.
Closes: #335074: openswan: ipsec.conf manpage doesn't include
{left|right}sourceip
Closes: #357718: ipsec.conf(5): automatic and manual keying options are
not disjoint
Closes: #357708: openswan: ipsec.secrets(5) does not document X.509 format
* Include Portugese debconf translation.
Closes: #426927: openswan: [INTL:pt] Portuguese translation for debconf
messages
* Also remove .gitignore files in addition to the other cruft when building
the binary package.
Closes: #413914: shipping gitignore file
/usr/share/doc/openswan/doc/.gitignore
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 23 Oct 2007 18:11:43 +0100
openswan (1:2.4.6+dfsg.2-1.1build2) gutsy; urgency=low * Rebuild for the libcurl transition mess. -- Steve Kowalik <email address hidden> Thu, 5 Jul 2007 00:14:41 +1000
| Superseded in gutsy-release |
openswan (1:2.4.6+dfsg.2-1.1build1) gutsy; urgency=low * Rebuild for libcurl3 -> libcurl4-openssl. -- Michael Bienia <email address hidden> Sun, 01 Jul 2007 01:44:40 +0200
openswan (1:2.4.6+dfsg.2-1.1) unstable; urgency=low
* Non-maintainer upload to fix pending l10n issues.
* Debconf translations:
- German. Closes: #406029
- Czech. Closes: #408648
- Galician. Closes: #413023
-- Sebastien Bacher <email address hidden> Sun, 04 Mar 2007 22:56:53 +0000
| Superseded in feisty-release |
openswan (1:2.4.6+dfsg.2-1) unstable; urgency=low
* Acknowledge our-priority-are-the-users-thus-remove-docs NMU (nothing
personal, but documentation usually tends to be useful).
Closes: #390656
* Recommend linux-source instead of kernel-source.
Closes: #394664: Recommends unavailable kernel-source
* Update Japanese debconf translation.
Closes: #393176: openswan: [INTL:ja] Updated Japanese po-debconf
template translation (ja.po)
* Build-depend on po-debconf.
* Stop invoking /etc/init.d/ipsec directly in prerm. Use invoke-rc.d.
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 13 Nov 2006 16:37:46 +0000
| Superseded in feisty-release |
openswan (1:2.4.6+dfsg.2-0.1) unstable; urgency=low
* NMU
* Remove additional non-free draft RFCs from upstream tarball.
Closes: #390656
openswan (1:2.4.5+dfsg-0.2) unstable; urgency=low
* Non-maintainer upload.
* debian/patches/01-ipcomp_hippi.dpatch: Fix net/ipsec/ipcomp.c so it no
longer attempts to copy the "private" field of a struct_skbuff when
CONFIG_HIPPI is enabled; it was removed after 2.6.13, and this broke
compilation with 2.6.16, linux-patch-openswan and CONFIG_HIPPI.
(Closes: #363375)
openswan (1:2.4.4-3ubuntu1) dapper; urgency=low
* pluto_crypt.c Patch for unaligned.
- Thanks to Dave Miller
* Update build-dep to libopensc2-dev
-- Barry deFreese <email address hidden> Tue, 23 May 2006 05:30:51 -0400
openswan (1:2.4.4-3) unstable; urgency=low
* Corrected PATCHNAME in the kernel-patch-openswan unpatch script.
Closes: #344852: kernel-patch-openswan: PATCHNAME=openswan in apply script
but =freeswan in unpatch
-- Rene Mayrhofer <email address hidden> Tue, 27 Dec 2005 10:38:33 +0000
openswan (1:2.4.4-1) unstable; urgency=high
Reasoning for urgency high: DoS security issues.
* New upstream version. This is supposed to fix the other part of the DoS
problem.
-- Rene Mayrhofer <email address hidden> Fri, 18 Nov 2005 19:23:49 +0000
openswan (1:2.4.0-2) unstable; urgency=low
* Module building has changed a bit for the new openswan upstream
releases (need additional files). Adapt the openswan-modules-source
package to that and also fix pfkey_v2.c to compile with kernel 2.4
(patches sent to upstream for future inclusion).
Closes: #291274: Fails to build with 2.4.29: missing Makefile
Closes: #273443: openswan-modules-source: doesn't build with 2.6.8 -
different from #273144 (?)
* Fix the postinst script (must have been a bash update that broke it).
Closes: #330864: openswan: postinst fails with "`make-x509-cert': not a
valid identifier"
-- Rene Mayrhofer <email address hidden> Fri, 30 Sep 2005 18:11:28 +0100
openswan (2.3.0-2) unstable; urgency=HIGH
Urgency HIGH due to security issue and problems with build-deps in sarge.
* Fix the security issue. Please see
http://www.idefense.com/application/poi/display?id=190&
type=vulnerabilities&flashstatus=false
for more details. Thanks to Martin Schulze for informing me about
this issue.
Closes: #292458: Openswan XAUTH/PAM Buffer Overflow Vulnerability
* Added a Build-Dependency to lynx.
Closes: #291143: openswan: FTBFS: Missing build dependency.
-- Rene Mayrhofer <email address hidden> Thu, 27 Jan 2005 16:10:11 +0100
openswan (2.1.3-1) unstable; urgency=HIGH
Urgency high because of a possibly security issue.
* New upstream version. This includes the CRL fix form 2.1.1-5 and the
proper activation of NAT traversal in Makefile.inc.
Closes: #253457: Openswan: new upstream available that includes xauth
Closes: #253458: Openswan: new upstream available that includes xauth
Closes: #253461: Openswan: new upstream available
Closes: #253782: openswan: Should automatically load kernel module
xfrm_user
But I have currently not explicitly enabled xaut support in Makefile.inc,
quoting from there: "off by default, since XAUTH is tricky, and you can
get into security trouble". If it needs to be enabled to work, please tell
me and I will need to take a far closer look on it (and the involved
problems).
This new upstream version also fixes a possible security issue in the
X.509 certificate authentication.
* The last upload didn't seem to have hit the archives, strange...
However, the bugs are still fixed, closing them now.
Closes: #245450: openswan should not depend on
kernel-image-2.4 || kernel-image-2.6
Closes: #246847: openswan: shouldn't conflict with ike-server
Closes: #246373: openswan: [INTL:fr] French debconf templates translation
-- Rene Mayrhofer <email address hidden> Thu, 17 June 2004 12:22:45 +0200
| 1 → 38 of 38 results | First • Previous • Next • Last |
