Change log for strongswan package in Debian

175 of 97 results
Published in sid-release on 2017-11-21
strongswan (5.6.1-1) unstable; urgency=medium

  * debian/control:
    - remove strongswan-ike{,v1,v2} packages.                   closes: #878979
  * New upstream version 5.6.1
    - fix FTBFS with glibc 2.26+.                               closes: #880561
  * debian/rules: explicitly enable tpm plugin
  * debian/strongswan-starter.install: install counters plugin
  * debian/libstrongswan.install: install MGF1 plugin
  * debian/libstrongswan-extra-plugins.install: install tpm plugin
  * debian/control:
    - update standards version to 4.1.1
    - replace dh-systemd build-dep by updated build-dep on debhelper

 -- Yves-Alexis Perez <email address hidden>  Tue, 21 Nov 2017 13:16:32 +0100
Published in stretch-release on 2017-10-07
strongswan (5.5.1-4+deb9u1) stretch-security; urgency=medium

  * debian/patches:
    - CVE-2017-11185 added, fix insufficient input validation in gmp plugin
    which could lead to denial of service (CVE-2017-11185)
    - convert CVE-2017-9022_insufficient_input_validation_gmp_plugin and
    CVE-2017-9023_incorrect_handling_of_choice_types_in_asn1_parser to the
    UNIX file format. 

 -- Yves-Alexis Perez <email address hidden>  Thu, 03 Aug 2017 23:14:29 +0200
Published in buster-release on 2017-09-09
Superseded in sid-release on 2017-11-21
strongswan (5.6.0-2) unstable; urgency=medium

  * debian/rules:
    - only use dh_missing --fail-missing when doing an architecture dependent
    packages.                                                   closes: #874152

 -- Yves-Alexis Perez <email address hidden>  Sun, 03 Sep 2017 19:24:55 +0200
Superseded in sid-release on 2017-09-03
strongswan (5.6.0-1) unstable; urgency=medium

  * New upstream release.
    - fix insufficient input validation in gmp plugin, which can cause a
    denial of service vulnerability (CVE-2017-11185)            closes: #872155
  * debian/rules:
    - remove .la files before install
    - don't call dh_install with --fail-missing
    - override dh_missing with --fail-missing to catch uninstalled files
    - apply patch from Gerald Turner to restrict permissions on swanctl folder
      containing private material.
    - replace DEB_BUILD_* by DEB_HOST_* when needed, fix FTCBFS, for example
      when building for ppc64el on x86. Thanks Helmut Grohne.   closes: #866669
  * debian/strongswan-swanctl.install:
    - install the whole /etc/swanctl folder, including (empty) subfolders.
                                                                closes: #866324
  * debian/charon-systemd.install:
    - install charon-systemd.conf files, thanks Gerald Turner.  closes: #866325
  * Add AppArmor profiles for swanctl and charon-system, thanks Gerald Turner.
                                                                closes: #866327
  * debian/libcharon-extra-plugins.install:
    - install pt-tls-client in /u/b and also install its manpage.
  * debian/strongswan-swanctl.lintian-overrides:
    - add lintian overrides for private keys directories using 700
    permissions.

 -- Yves-Alexis Perez <email address hidden>  Sun, 03 Sep 2017 14:38:09 +0200
Published in jessie-release on 2017-07-22
strongswan (5.2.1-6+deb8u4) jessie-security; urgency=medium

  * debian/rules:
    - revert disabling of vectors test
  * debian/patches:
    - 0001-openssl-Don-t-pre-initialize-OpenSSL-HMAC-with-an-em added,
    backported from upstream, fix HMAC initialization with recent OpenSSL.

 -- Yves-Alexis Perez <email address hidden>  Tue, 30 May 2017 10:07:29 +0200
Superseded in buster-release on 2017-09-09
Superseded in sid-release on 2017-09-04
strongswan (5.5.3-2) unstable; urgency=medium

  * debian/control:
    - fix typo in libstrongswan-extra-plugins long description.
  * move curve25519 plugin from libcharon-extra-plugins to
    libstrongswan-extra-plugins 

 -- Yves-Alexis Perez <email address hidden>  Wed, 28 Jun 2017 13:07:19 +0200
Superseded in sid-release on 2017-06-29
strongswan (5.5.3-1) unstable; urgency=medium

  * New upstream release.
  * debian/control:
    - update standards version to 4.0.0

 -- Yves-Alexis Perez <email address hidden>  Fri, 23 Jun 2017 14:07:42 +0200
Superseded in stretch-release on 2017-10-07
Superseded in sid-release on 2017-06-24
strongswan (5.5.1-4) unstable; urgency=high

  * Urgency=high for the security fix.
  * debian/patches:
    - CVE-2017-9022_insufficient_input_validation_gmp_plugin added, fix
    insufficient input validation in gmp plugin which could lead to denial of
    service (CVE-2017-9022).
    - CVE-2017-9023_incorrect_handling_of_choice_types_in_asn1_parser added,
    fix incorrect handling of CHOICE types in ASN.1 parser and x509 plugin
    whch could lead to an infinite loop and a denial of service
    (CVE-2017-9023).

 -- Yves-Alexis Perez <email address hidden>  Mon, 29 May 2017 21:52:41 +0200
Deleted in experimental-release (Reason: None provided.)
strongswan (5.5.2-1) experimental; urgency=medium

  * New upstream release.
  * debian/patches/03_systemd-service refreshed.
  * debian/libcharon-extra-plugins.install:
    - include curve25519 plugin.
  * debian/libstrongswan-extra-plugins.install:
    - install libtpmtss library.

 -- Yves-Alexis Perez <email address hidden>  Fri, 19 May 2017 11:32:00 +0200
Superseded in stretch-release on 2017-06-01
Superseded in sid-release on 2017-05-30
strongswan (5.5.1-3) unstable; urgency=medium

  [ Christian Ehrhardt ]
  * d/rules: Reorganize to ease maintenance
    - one enable option per line
    - sort enable options
  * Add and install strongswan apparmor profiles
    - d/rules install AppArmor profiles
    - d/control add dh-apparmor as build-dep
    - d/usr.lib.ipsec.{charon, lookip, stroke} add latest AppArmor profiles
      for charon, lookip and stroke
  * Add basic DEP8 tests
    - d/tests/* add DEP8 tests
    - d/control enable autotestpkg
  * Add updated logcheck rules to match recent strongswan output
    - debian/libstrongswan.strongswan.logcheck.* Remove outdated logcheck files
    - debian/{rules,strongswan.logcheck}: Add updated logcheck rules
    - this does no more provide different logcheck levels, but marks all
      common output to be acceptable

  [ Yves-Alexis Perez ]
  * debian/rules:
    - re-enable mediation (but not medcli/medsrv)               closes: #851507

 -- Yves-Alexis Perez <email address hidden>  Mon, 16 Jan 2017 12:58:26 +0100
Superseded in stretch-release on 2017-01-27
Superseded in sid-release on 2017-01-16
strongswan (5.5.1-2) unstable; urgency=medium

  * debian/control:
    - make the systemd build-dep linux-only.

 -- Yves-Alexis Perez <email address hidden>  Wed, 07 Dec 2016 08:34:52 +0100
Superseded in stretch-release on 2016-12-18
Superseded in sid-release on 2016-12-07
strongswan (5.5.1-1) unstable; urgency=medium

  * New upstream bugfix release.
  * debian/patches:
    - 05_network-manager-strongswan-1.4 dropped, included upstream.
  * debian/strongswan-starter.install:
    - install the new,empty /etc/ipsec.secrets
  * debian/strongswan-nm.install:
    - install /etc/dbus-1/system.d/nm-strongswan-service.conf
  * debian/control:
    - add a Replaces on n-m-strongswan because it used to ship the Dbus service.
    - add dependency on lsb-base to strongswan-starter because the init script
      uses /lib/lsb/init-functions 

 -- Yves-Alexis Perez <email address hidden>  Sat, 22 Oct 2016 21:33:46 +0200
Superseded in stretch-release on 2016-10-29
Superseded in sid-release on 2016-10-24
strongswan (5.5.0-3) unstable; urgency=medium

  * debian/control:
    - add build-dep on tzdata, fix FTBFS when absent.           closes: #839459

 -- Yves-Alexis Perez <email address hidden>  Sun, 02 Oct 2016 15:22:54 +0200
Superseded in stretch-release on 2016-10-08
Superseded in sid-release on 2016-10-02
strongswan (5.5.0-2) unstable; urgency=medium

  * debian/rules:
    - add patch from Raphaël Geissert to use /etc/ssl/certs instead of
      /usr/share/ca-certificates for strongswan-nm.             closes: #835095
    - update argument name for dh_strip dbgsym migration
  * debian/control:
    - update debhelper dependency to a version which supports dbgsym
      migration.
  * debian/patches:
    - 05_network-manager-strongswan-1.4 added, backport two upstream patches
      to support network-manager-strongswan 1.4 in charon-nm.   closes: #838194

 -- Yves-Alexis Perez <email address hidden>  Sun, 18 Sep 2016 13:47:41 +0200
Superseded in stretch-release on 2016-09-24
Superseded in sid-release on 2016-09-21
strongswan (5.5.0-1) unstable; urgency=medium

  * New upstream release.
  * debian/control:
    - add build-dep on systemd.                                 closes: #828945
  * debian/patches:
    - 05_port-openssl-1.1.0 dropped, included upstream.

 -- Yves-Alexis Perez <email address hidden>  Sat, 16 Jul 2016 15:32:04 +0200
Superseded in stretch-release on 2016-07-22
Superseded in sid-release on 2016-12-07
strongswan (5.4.0-3) unstable; urgency=medium

  * debian/patches:
    - 05_port-openssl-1.1.0 added, port to OpenSSL 1.1.0.       closes: #828561
  * debian/control:
    - update standards version to 3.9.8.
  * debian/NEWS: fix spelling error.

 -- Yves-Alexis Perez <email address hidden>  Thu, 07 Jul 2016 10:23:59 +0200
Superseded in stretch-release on 2016-07-13
Superseded in sid-release on 2016-07-08
strongswan (5.4.0-2) unstable; urgency=medium

  * debian/rules:
    - stop building web interface for now since clearsilver is not building
      right now.
    - enable connmark only on Linux
    - install connmark plugins files only on Linux
  * debian/control:
    - drop build-dep on clearsilver-dev and libfcgi-dev
    - make iptables-dev build-dep Linux-only.
  * debian/libcharon-extra-plugins:
    - stop shipping medsrv and medcli plugin.
  * debian/libstrongswan-standard-plugins.install:
    - stop installing connmark plugins files inconditionnaly.

 -- Yves-Alexis Perez <email address hidden>  Sun, 29 May 2016 21:02:06 +0200
Superseded in stretch-release on 2016-07-22
Superseded in stretch-release on 2016-06-04
Superseded in sid-release on 2016-07-16
strongswan (5.4.0-1) unstable; urgency=medium

  * New upstream release.
  * debian/patches
    - 0001-configure-Support-systemd-209 dropped, included upstream.
    - 0001-charon-systemd-Inherit-all-settings-from-the-charon- dropped as
      well, a different version was included upstream.
  * debian/libstrongswan.install:
    - drop libhydra lines, it's been removed.
  * debian/copyright: remove hydra lines as well.

 -- Yves-Alexis Perez <email address hidden>  Mon, 04 Apr 2016 11:35:16 +0200
Published in wheezy-release on 2016-04-02
strongswan (4.5.2-1.5+deb7u8) wheezy-security; urgency=medium

  * debian/patches:
    - CVE-2015-8023_eap_mschapv2_state added, fix authentication bypass when
    using EAP MSCHAPv2.

 -- Yves-Alexis Perez <email address hidden>  Mon, 16 Nov 2015 12:26:13 +0100
Superseded in stretch-release on 2016-04-10
Superseded in sid-release on 2016-04-04
strongswan (5.3.5-2) unstable; urgency=medium

  * debian/rules:
    - migrate debug package to ddeb.
    - enable systemd and swanctl.                               closes: #813788
    - enable aesni plugin on i386 and amd64.
  * debian/control:
    - drop strongswan-dbg package.
    - add strongswan-swanctl and charon-systemd packages.
    - replace sytemd build-dep by libsystemd-dev.
    - create new strongswan-pki and strongswan-scepclient packages
    - drop old Conflicts/Breaks/Replaces against versions older than stable.
    - update standards version to 3.9.7.
  * debian/strongswan-swanctl.install:
    - install vici plugin and swanctl files
  * debian/charon-systemd.install:
    - install charon-systemd binary and strongswan-swanctl service file.
  * debian/strongswan-pki.install:
    - install pki files
  * debian/strongswan-scepclient.install:
    - install scepclient files
  * move strongswan.conf manpage to libstrongswan package
  * debian/patches
    - 0001-charon-systemd-Inherit-all-settings-from-the-charon added, inherit
      charon configuration settings for charon-systemd.

 -- Yves-Alexis Perez <email address hidden>  Mon, 14 Mar 2016 23:53:34 +0100
Superseded in jessie-release on 2017-07-22
strongswan (5.2.1-6+deb8u2) jessie-security; urgency=medium

  * debian/patches:
    - CVE-2015-8023_eap_mschapv2_state added, fix authentication bypass when
    using EAP MSCHAPv2.

 -- Yves-Alexis Perez <email address hidden>  Mon, 16 Nov 2015 12:13:54 +0100
Superseded in stretch-release on 2016-03-23
Superseded in sid-release on 2016-03-22
strongswan (5.3.5-1) unstable; urgency=medium

  * New upstream bugfix release.

 -- Yves-Alexis Perez <email address hidden>  Thu, 26 Nov 2015 15:27:01 +0100
Superseded in stretch-release on 2015-12-04
Superseded in sid-release on 2015-11-29
strongswan (5.3.4-1) unstable; urgency=medium

  * New upstream release.
  * debian/patches:
    - 03_systemd-service refreshed for new upstream release.
    - 0001-socket-default-Refactor-setting-source-address-when-,
    0001-socket-dynamic-Refactor-setting-source-address-when- and
    CVE-2015-8023_eap_mschapv2_state dropped, included upstream. 

 -- Yves-Alexis Perez <email address hidden>  Thu, 19 Nov 2015 22:17:43 +0100
Superseded in stretch-release on 2015-11-25
Superseded in sid-release on 2015-11-20
strongswan (5.3.3-3) unstable; urgency=high

  * Set urgency=high for security fix.
  * debian/patches:
    - CVE-2015-8023_eap_mschapv2_state added, fix authentication bypass when
    using EAP MSCHAPv2.

 -- Yves-Alexis Perez <email address hidden>  Mon, 16 Nov 2015 12:35:28 +0100
Superseded in stretch-release on 2015-11-19
Superseded in sid-release on 2015-11-16
strongswan (5.3.3-2) unstable; urgency=medium

  * debian/rules:
    - make the dh_install override arch-dependent only since it only acts on
    arch:any packages, fix FTBFS on arch:all.

 -- Yves-Alexis Perez <email address hidden>  Wed, 04 Nov 2015 13:52:02 +0100
Superseded in sid-release on 2015-11-05
strongswan (5.3.3-1) unstable; urgency=medium

  * debian/rules:
    - enable the connmark plugin.
  * debian/control:
    - add build-dep on iptables-dev.
  * debian/libstrongswan-standard-plugins:
    - add connmark plugin to the standard-plugins package.
  * New upstream release.                                       closes: #803772
  * debian/strongswan-starter.install:
    - install new pki --dn manpage to ipsec-starter package. 
  * debian/patches:
    - 0001-socket-default-Refactor-setting-source-address-when- and
    0001-socket-dynamic-Refactor-setting-source-address-when- added (taken
    from c761db and 9e8b4a in the 1171-socket-default-scope branch), fix
    source address selection with IPv6 (upstream #1171)

 -- Yves-Alexis Perez <email address hidden>  Tue, 03 Nov 2015 21:56:23 +0100
Superseded in wheezy-release on 2016-04-02
strongswan (4.5.2-1.5+deb7u7) wheezy-security; urgency=high

  * debian/patches:
    - CVE-2015-4171_enforce_remote_auth added, fix potential leak of
    authentication credential to rogue server when using PSK or EAP. This is
    CVE-2015-4171.

 -- Yves-Alexis Perez <email address hidden>  Sun, 07 Jun 2015 21:03:49 +0200
Superseded in jessie-release on 2016-01-23
strongswan (5.2.1-6+deb8u1) jessie-security; urgency=high

  * debian/patches:
    - CVE-2015-4171_enforce_remote_auth added, fix potential leak of
    authentication credential to rogue server when using PSK or EAP. This is
    CVE-2015-4171.

 -- Yves-Alexis Perez <email address hidden>  Thu, 04 Jun 2015 19:24:59 +0200
Superseded in stretch-release on 2015-11-10
Superseded in sid-release on 2016-05-30
strongswan (5.3.2-1) unstable; urgency=medium

  * New upstream release.
  * debian/patches:
    - 05_ivgen-allow-reusing-same-message-id-twice dropped, included upstream.
    - CVE-2015-4171_enforce_remote_auth dropped as well.

 -- Yves-Alexis Perez <email address hidden>  Thu, 11 Jun 2015 21:36:33 +0200
Superseded in stretch-release on 2015-06-21
Superseded in sid-release on 2015-06-12
strongswan (5.3.1-1) unstable; urgency=high

  * New upstream release.
  * debian/patches:
    - strongswan-5.2.2-5.3.0_unknown_payload dropped, included upstream.
    - 05_ivgen-allow-reusing-same-message-id-twice added, allow reusing the
    same message ID twice in sequential IV gen. strongSwan issue #980.
    - CVE-2015-4171_enforce_remote_auth added, fix potential leak of
    authentication credential to rogue server when using PSK or EAP. This is
    CVE-2015-4171.

 -- Yves-Alexis Perez <email address hidden>  Thu, 04 Jun 2015 19:18:07 +0200
Superseded in stretch-release on 2015-06-11
Superseded in sid-release on 2015-06-13
strongswan (5.3.0-2) unstable; urgency=medium

  * debian/patches:
    - strongswan-5.2.2-5.3.0_unknown_payload added, fixes a DoS and potential
      remote code execution vulnerability (CVE-2015-3991).
  * debian/strongswan-starter.lintian-overrides: add override for
    command-with-path-in-maintainer-script since it's there to check for file
    existence.
  * Upload to unstable.

 -- Yves-Alexis Perez <email address hidden>  Sat, 23 May 2015 15:06:11 +0200
Deleted in experimental-release (Reason: None provided.)
strongswan (5.3.0-1) experimental; urgency=medium


  * New upstream release.
  * debian/patches:
    - 01_fix-manpages refreshed for new upstream release.
    - 02_chunk-endianness dropped, included upstream. 
    - CVE-2014-9221_modp_custom dropped, included upstream. 
  * debian/strongswan-starter.install
    - don't install the _updown and _updown_espmark manpages anymore, they're
    gone.
    - also remove the _updown_espmark script, gone too.
  * debian/copyright updated.

 -- Yves-Alexis Perez <email address hidden>  Wed, 15 Apr 2015 20:59:54 +0200
Superseded in stretch-release on 2015-06-07
Superseded in jessie-release on 2015-09-05
Superseded in sid-release on 2015-06-02
strongswan (5.2.1-6) unstable; urgency=medium


  * Ship /lib/systemd/system/ipsec.service as a symlink to
    strongswan.service in strongswan-starter instead of using Alias= in
    the service file. This makes the ipsec name available to invoke-rc.d
    before the service gets actually enabled, which avoids some confusion
    (closes: #781209).

 -- Romain Francoise <email address hidden>  Sat, 04 Apr 2015 17:55:38 +0200
Superseded in jessie-release on 2015-04-10
Superseded in sid-release on 2015-04-04
strongswan (5.2.1-5) unstable; urgency=high


  * debian/patches:
    - debian/patches/CVE-2014-9221_modp_custom added, fix unauthenticated
    denial of service in IKEv2 when using custom MODP value.

 -- Yves-Alexis Perez <email address hidden>  Mon, 05 Jan 2015 13:11:51 +0100
Superseded in jessie-release on 2015-01-08
Superseded in sid-release on 2015-01-06
strongswan (5.2.1-4) unstable; urgency=medium


  * Give up on trying to run the test suite on !amd64, it now times out on
    both i386 and s390x, our chosen "fast" archs.

 -- Romain Francoise <email address hidden>  Fri, 24 Oct 2014 21:08:17 +0200
Superseded in sid-release on 2014-10-28
strongswan (5.2.1-3) unstable; urgency=medium


  * Disable libtls tests again, they are still too intensive for the buildd
    network...

 -- Romain Francoise <email address hidden>  Thu, 23 Oct 2014 18:09:27 +0200
Superseded in sid-release on 2014-10-25
strongswan (5.2.1-2) unstable; urgency=medium


  * Cherry-pick commits 701d6ed and 1c70c6e from upstream to fix checksum
    computation and FTBFS on big-endian hosts.
  * Run the test suite only on amd64, i386, and s390x. It requires lots of
    entropy and CPU time, which are typically hard to come by on slower
    archs.
  * Re-enable normal keylengths in test suite.
  * Re-enable libtls tests.
  * Update Dutch translation, thanks to Frans Spiesschaert (closes: #763798).
  * Bump Standards-Version to 3.9.6.

 -- Romain Francoise <email address hidden>  Wed, 22 Oct 2014 21:21:37 +0200
Superseded in sid-release on 2014-10-23
strongswan (5.2.1-1) unstable; urgency=medium


  * New upstream release.
  * Stop shipping /etc/strongswan.conf.d in libstrongswan.

 -- Romain Francoise <email address hidden>  Tue, 21 Oct 2014 19:38:25 +0200
Superseded in jessie-release on 2014-11-04
Superseded in sid-release on 2014-10-25
strongswan (5.2.0-2) unstable; urgency=medium


  * Add systemd integration:
    + Install upstream systemd service file in strongswan-starter.
    + Alias strongswan.service to ipsec.service to match the sysv init script.
    + Drop After=syslog.target (as syslog is socket-activated nowadays), but
      add After=network.target to ensure that charon gets the chance to send
      deletes on exit.
    + Add ExecReload for reload action, since the starter script has one.
    + On linux-any, add build-dep on systemd to ensure that the pkg-config
      metadata file can be found.
    + Add build-dep on dh-systemd, and use systemd dh addon.
  * Remove debian/patches/03_include-stdint.patch.

 -- Romain Francoise <email address hidden>  Wed, 30 Jul 2014 21:37:53 +0200
Published in squeeze-release on 2014-07-19
strongswan (4.4.1-5.6) squeeze-security; urgency=high


  * Non-maintainer upload by the Security Team.
  * debian/patches:
    - CVE-2014-2891 added, fix potential null pointer dereference when parsing
      ASN.1 data, leading to denial of service (CVE-2014-2891).

 -- Yves-Alexis Perez <email address hidden>  Sat, 03 May 2014 14:48:15 +0200
Superseded in wheezy-release on 2015-09-05
strongswan (4.5.2-1.5+deb7u4) wheezy-security; urgency=high


  * Non-maintainer upload by the Security Team.
  * debian/patches:
    - CVE-2014-2891 added, fix potential null pointer dereference when parsing
      ASN.1 data, leading to denial of service (CVE-2014-2891).

 -- Yves-Alexis Perez <email address hidden>  Sat, 03 May 2014 15:01:45 +0200
Superseded in jessie-release on 2014-08-05
Superseded in sid-release on 2014-08-01
strongswan (5.2.0-1) unstable; urgency=medium


  * New upstream release.
  [ Romain Francoise ]
  * Amend build-dep on libgcrypt to 'libgcrypt20-dev | libgcrypt11-dev'.
  * Drop hardening-wrapper from build-depends (unused since 5.0.4-1).

  [ Yves-Alexis Perez ]
  * debian/po:
    - pt_BR.po updated, thanks Adriano Rafael Gomes.            closes: #752721
  * debian/patches:
    03_pfkey-Always-include-stdint.h dropped, included upstream.
  * debian/strongswan-starter.install:
    - replace tools.conf by pki.conf and scepclient.conf.

 -- Yves-Alexis Perez <email address hidden>  Fri, 11 Jul 2014 21:57:59 +0200
Superseded in jessie-release on 2014-07-18
Superseded in sid-release on 2014-07-12
strongswan (5.1.3-4) unstable; urgency=medium


  * debian/control:
    - add build-dep on pkg-config.
  * debian/patches:
    - 03_pfkey-Always-include-stdint.h added, cherry-picked from upstream git:
      always include of stdint.h. Fix FTBFS on kFreeBSD.

 -- Yves-Alexis Perez <email address hidden>  Mon, 19 May 2014 15:06:32 +0200
Superseded in sid-release on 2014-05-21
strongswan (5.1.3-3) unstable; urgency=medium


  * debian/watch:
    - add pgpsigurlmangle to get PGP signature
  * debian/upstream/signing-key.asc:
    - bootstrap keyring by adding Andreas Steffen key (0xDF42C170B34DBA77)
  * debian/control:
    - add build-dep on libgcrypt20-dev, fix FTBFS.              closes: #747796

 -- Yves-Alexis Perez <email address hidden>  Tue, 13 May 2014 22:05:16 +0200
Superseded in wheezy-release on 2014-07-12
strongswan (4.5.2-1.5+deb7u3) wheezy-security; urgency=high


  * Non-maintainer upload by the Security Team.
  * debian/patches:
    - CVE-2014-2338-4.x added, fix authentication bypass (CVE-2014-2338).

 -- Yves-Alexis Perez <email address hidden>  Thu, 03 Apr 2014 21:55:09 +0200
Superseded in jessie-release on 2014-05-25
Superseded in sid-release on 2014-07-12
strongswan (5.1.3-2) unstable; urgency=low


  * Disable the new libtls test suite for now--it appears to be a
    little too intensive for slower archs.

 -- Romain Francoise <email address hidden>  Sat, 19 Apr 2014 17:45:51 +0200
Superseded in sid-release on 2014-04-19
strongswan (5.1.3-1) unstable; urgency=low


  * New upstream release.
  * debian/control: make strongswan-charon depend on iproute2 | iproute,
    thanks to Ryo IGARASHI <email address hidden> (closes: #744832).

 -- Romain Francoise <email address hidden>  Tue, 15 Apr 2014 19:42:27 +0200
Superseded in jessie-release on 2014-04-30
Superseded in sid-release on 2014-04-21
strongswan (5.1.2-4) unstable; urgency=high


  * debian/patches/04_cve-2014-2338.patch: added to fix CVE-2014-2338
    (authentication bypass vulnerability in IKEv2 code).
  * debian/control: add myself to Uploaders.

 -- Romain Francoise <email address hidden>  Tue, 08 Apr 2014 20:14:54 +0200
Superseded in jessie-release on 2014-04-17
Superseded in sid-release on 2014-04-19
strongswan (5.1.2-3) unstable; urgency=medium


  * debian/patches/
    - 02_unit-tests-Fix-filtered-enumerator-tests-on-64-bit-b  added, fix
    testsuite failing on 64 bit big-endian platforms (s390x).
    - 03_unit-tests-Fix-chunk-clear-armel added, fix testsuite failing on
    armel.

 -- Yves-Alexis Perez <email address hidden>  Wed, 02 Apr 2014 21:20:33 +0200
Superseded in sid-release on 2014-04-03
strongswan (5.1.2-2) unstable; urgency=medium


  * debian/rules:
    - use reduced keylengths in testsuite on various arches, hopefully fixing
      FTBFS when the genrsa test runs.

 -- Yves-Alexis Perez <email address hidden>  Tue, 25 Mar 2014 12:09:49 +0100
Superseded in sid-release on 2014-03-25
strongswan (5.1.2-1) unstable; urgency=medium


  * New upstream release.
  * debian/control:
    - add conflicts against openSwan.                           closes: #740808
  * debian/strongswan-starter,postrm:
    - remove /var/lib/strongswan on purge.
  * debian/ipsec.secrets.proto:
    - stop lying about ipsec showhostkey command.               closes: #600382
  * debian/patches:
    - 01_fix-manpages refreshed for new upstream.
    - 02_include-strongswan.conf.d removed, strongswan.d is now supported
      upstream.
  * debian/rules, debian/*.install:
    - install default configuration files for all plugins.
  * debian/NEWS:
    - fix spurious entry.
    - add a NEWS entry to advertise about the new strongswan.d configuration
      mechanism. 

 -- Yves-Alexis Perez <email address hidden>  Wed, 12 Mar 2014 11:22:38 +0100
Superseded in jessie-release on 2014-04-08
Superseded in sid-release on 2014-04-03
strongswan (5.1.1-3) unstable; urgency=low


  * Upload to unstable.

 -- Yves-Alexis Perez <email address hidden>  Tue, 04 Mar 2014 21:57:25 +0100
Deleted in experimental-release (Reason: None provided.)
strongswan (5.1.1-2+splitplugins) experimental; urgency=medium


  * debian/control:
    - drop dependency on host, inherited from openSwan.         closes: #736661
    - split charon-cmd to a standalone package.
    - add new plugins packages: libstrongswan-standard-plugins,
    libstrongswan-extra-plugins and libcharon-extra-plugins.
    - split strongswan-ike package to strongswan-libcharon (libcharon and
    default libcharon plugins) and strongswan-charon (charon daemon), keep
    strongswan-ike as transitional package for now.
  * debian/po:
    - sv.po updated, thanks Martin Bagge.                       closes: #725667
  * debian/charon-cmd.lintian-overrides: override lintian error about
    charon-cmd rpath.

 -- Yves-Alexis Perez <email address hidden>  Mon, 24 Feb 2014 10:42:49 +0100
Superseded in jessie-release on 2014-03-10
Superseded in sid-release on 2014-03-07
strongswan (5.1.1-2) unstable; urgency=medium


  * debian/control:
    - drop dependency on host, inherited from openSwan.         closes: #736661
  * debian/po:
    - sv.po updated, thanks Martin Bagge.                       closes: #725667

 -- Yves-Alexis Perez <email address hidden>  Mon, 24 Feb 2014 10:32:12 +0100
Superseded in squeeze-release on 2014-07-19
strongswan (4.4.1-5.4) squeeze-security; urgency=high


  * Non-maintainer upload by the Security Team.
  * debian/patches:
    - CVE-2013-6075 added, fix remote denial of service and authorization
      bypass.

 -- Yves-Alexis Perez <email address hidden>  Tue, 29 Oct 2013 18:23:26 +0100
Superseded in jessie-release on 2014-03-02
Superseded in sid-release on 2014-02-26
strongswan (5.1.1-1) unstable; urgency=low


  [ Yves-Alexis Perez ]
  * New upstream bugfix release
  * debian/rules:
    - enable and install af-alg plugin on Linux.                closes: #718292
    - enable certexpire plugin.                                 closes: #718293
    - enable lookip plugin.                                     closes: #718299
    - enable error-notify plugin.                               closes: #718304
    - enable unity plugin.                                      closes: #718289
  * debian/strongswan-ike.install:
    - install certexpire and unity plugins.
    - install lookip binary and plugin.
    - install error-notify binary and plugin.
  * debian/strongswan-starter.install:
    - pki tool is now in /usr/bin.
    - add pt-tls-client for TCG Trusted Network Connect.
  * debian/control:
    - update long description, thanks to Justin B Rye.          closes: #725085
    - make the pkg-swan-devel list the maintainer, and add René to uploaders.
    - update standards version to 3.9.5.
  * debian/po:
    - eu.po updated, thanks Iñaki Larrañaga Murgoitio.          closes: #726636
    - ja.po updated.                                            closes: #726059
    - cs.po updated, thanks Miroslav Kure.                      closes: #728104
    - ru.po updated, thanks Yuri Kozlov.                        closes: #725709
    - da.po updated.                                            closes: #725620
    - nb.po updated, thanks Bjørn Steensrud.                    closes: #725497
    - fr.po updated, thanks Christian Perrier.                  closes: #725469
    - tr.po updated, thanks Atila KOÇ.                          closes: #728874
    - it.po updated, thanks Beatrice Torracca.                  closes: #729122
    - de.po updated, thanks Helge Kreutzmann.                   closes: #729170
    - pt.po updated, thanks Américo Monteiro.                   closes: #729823
    - es.po updated, thanks Matias A. Bellone.                  closes: #733731
  * debian/patches:
    - CVE-2013-6075 and CVE-2013-6076 dropped, included upstream.
    - 01_fix-manpages updated, move pki --issue manpage to section 1.
  * debian/strongswan-starter.ipsec.init:
    - use daemon exe in start-stop-daemon test.                 closes: #730661

  [ Romain Francoise ]
  * debian/rules:
    - disable built-in integrity tests; they've been broken for years,
      don't provide security (by design) and we have better tools at the
      package level anyway.                                     closes: #598138
    - disable sql and attr-sql plugins, as per discussion in #718302 they
      are useless without the database driver plugins.
  * debian/libstrongswan.install:
    - libchecksum.so is no longer built, remove.
    - sql plugin is no longer built, remove.
  * debian/strongswan-starter.install:
    - 'ipsec pool' is no longer built, remove.

  [ Raphael Geissert ]
  * Allow the configuration of strongswan.conf to be stored in snippets
    in /etc/strongswan.conf.d/

 -- Yves-Alexis Perez <email address hidden>  Fri, 24 Jan 2014 21:22:32 +0100
Superseded in wheezy-release on 2014-04-26
strongswan (4.5.2-1.5+deb7u2) wheezy-security; urgency=high


  * Non-maintainer upload by the Security Team.
  * debian/patches
    - CVE-2013-6075 added, fix remote denial of service and authorization
      bypass.

 -- Yves-Alexis Perez <email address hidden>  Tue, 29 Oct 2013 19:24:14 +0100
Superseded in jessie-release on 2014-02-04
Superseded in sid-release on 2014-01-27
strongswan (5.1.0-3) unstable; urgency=high


  * urgency=high for the security fixes.
  * debian/patches
    - CVE-2013-6075 added, fix remote denial of service and authorization
      bypass.
    - CVE-2013-6076 added, fix remote denial of service in IKEv1 code.

 -- Yves-Alexis Perez <email address hidden>  Tue, 29 Oct 2013 21:07:04 +0100

Available diffs

Superseded in squeeze-release on 2014-02-15
strongswan (4.4.1-5.3) squeeze-security; urgency=high


  * Non-maintainer upload by the Security Team.
  * debian/patches:
   - 0001-Check-return-value-of-ECDSA_Verify-correctly added. Fix ECDSA
     signature verification when using openssl plugin (CVE-2013-2944).

 -- Yves-Alexis Perez <email address hidden>  Mon, 29 Apr 2013 11:25:24 +0200
Superseded in jessie-release on 2013-11-04
Superseded in sid-release on 2013-11-01
strongswan (5.1.0-2) unstable; urgency=medium


  * urgency=medium since we already spent 16 days in unstable and the fix is
    trivial
  * debian/control:
    - strongswan-ike: only depends on iproute on linux arches.

 -- Yves-Alexis Perez <email address hidden>  Thu, 17 Oct 2013 21:40:35 +0200

Available diffs

Superseded in sid-release on 2013-10-19
strongswan (5.1.0-1) unstable; urgency=low


  * New upstream release.
  * debian/libstrongswan.install:
    - install new rc2, pkcs12 and sshkey plugins.
  * debian/control:
    - update standards version to 3.9.4.
    - add build-dep on dh-autoreconf.
  * debian/rules:
    - use autoreconf addon to refresh autotools helper files and gain support
      for ARM64.
    - enable charon-cmd command line tool.
  * debian/source/options: ignore files regenerated by autoreconf addon.
  * debian/strongswan-ike.install:
    - install charon-cmd command and manpage.
  * debian/NEWS:
    - warn users about charon replacing pluto as IKEv1 daemon and provide some
      migration pointers.

 -- Yves-Alexis Perez <email address hidden>  Mon, 30 Sep 2013 20:59:04 +0200
Superseded in jessie-release on 2013-10-23
Superseded in sid-release on 2013-10-01
strongswan (4.6.4-9) unstable; urgency=low


  * debian/control:
    - protect strongswan-ikev1 dependencies using linux-any since it's only
      available there.
    - switch strongswan package to arch:any because of that change. 
    - update standards version to 3.9.4. 
    - add build-dep on autotools-dev
  * debian/rules:
    - use autotools-dev addon to update config.{guess,sub}. 

 -- Yves-Alexis Perez <email address hidden>  Wed, 26 Jun 2013 21:57:53 +0200

Available diffs

Deleted in experimental-release (Reason: None provided.)
strongswan (5.0.4-3) experimental; urgency=low


  * debian/rules, debian/libstrongswan.install:
    - only install rdrand plugin on i386 and amd64.

 -- Yves-Alexis Perez <email address hidden>  Sat, 18 May 2013 09:26:22 +0200
Superseded in sid-release on 2013-06-27
strongswan (4.6.4-8) unstable; urgency=low


  * debian/control:
    - strongswan-ikev{1,2}: only depends on iproute on Linux arches.
                                                                closes: #708686

 -- Yves-Alexis Perez <email address hidden>  Fri, 17 May 2013 23:04:15 +0200
Superseded in experimental-release on 2013-05-18
strongswan (5.0.4-2) experimental; urgency=low


  * debian/rules:
    - only enable RdRand on i386 and amd64.

 -- Yves-Alexis Perez <email address hidden>  Mon, 06 May 2013 13:14:03 +0200
Superseded in experimental-release on 2013-05-18
strongswan (5.0.4-1) experimental; urgency=low


  * New upstream release.
    - Fix for ECDSA signature verification vulnerability (CVE-2013-2944).
  * debian/patches:
    - 01_fix-manpages refreshed.
    - 02_add-LICENSE dropped, included upstream.
    - 03_Pass-lo-as-faked-tundev-to-NM-as-it-now-needs-a-vali removed,
      included upstream.
    - 04-Fixed-IPv6-source-address-lookup dropped, included upstream. 
  * debian/rules:
    - --enable-smartcard, --with-default-pkcs11 and --enable-nat-transport not
      valid anymore for ./configure, remove them.
    - add --enable-xauth-eap and --enable-xauth-pam.
    - remove pluto handling since it's gone
    - don't special-case XAuth on kFreeBSD anymore.
    - add --enable-attr-sql and --enable-rdrand.
    - build using all hardening flags.
    - use -Wl,--as-needed -Wl,-O1 for LDFLAGS.
  * debian/control:
    - drop strongswan-ikev1 package
    - rename strongswan-ikev2 package to strongswan-ike for now and makes it
      replace strongswan-ikev1 and strongswan-ikev2.
    - rephrase long description to remove references to pluto.
    - provide transition -ikev{1,2} packages for upgrades.
  * debian/strongswan-ikev1.install removed.
  * debian/strongswan-ikev2.* renamed to strongswan-ike.
  * debian/strongswan-nm.install:
    - NetworkManager plugin is now a separate executable.
  * debian/libstrongswan.install:
    - install new pkcs7, xauth-eap, xauth-generic, xauth-pam and nonce plugins.
    - install libpttls files (experimental implementation of PT-TLS, RFC 6876)
    - install rdrand plugin.
  * debian/strongswan.docs: CREDITS file is gone.
  * debian/ipsec.secrets.proto: remove reference to pluto.
  * debian/strongswan-starter.* remove references to pluto.
  * debian/po: update potfiles for new phrasing.

 -- Yves-Alexis Perez <email address hidden>  Sun, 05 May 2013 11:06:20 +0200
Superseded in jessie-release on 2013-06-29
Superseded in wheezy-release on 2013-12-14
strongswan (4.5.2-1.5+deb7u1) wheezy-security; urgency=high


  * Non-maintainer upload by the Security Team.
  * debian/patches:
   - 0001-Check-return-value-of-ECDSA_Verify-correctly added. Fix ECDSA
     signature verification when using openssl plugin (CVE-2013-2944).

 -- Yves-Alexis Perez <email address hidden>  Mon, 29 Apr 2013 15:59:20 +0200
Superseded in sid-release on 2013-05-18
strongswan (4.6.4-7) unstable; urgency=high


  * debian/patches:
    - 0001-Check-return-value-of-ECDSA_Verify-correctly added. Fix ECDSA
      signature verification when using openssl plugin (CVE-2013-2944).

 -- Yves-Alexis Perez <email address hidden>  Tue, 30 Apr 2013 09:47:27 +0200
Superseded in sid-release on 2013-05-01
strongswan (4.6.4-6) unstable; urgency=low


  * debian/rules:
    - revert dropping privileges, it breaks too many setups for now and it's
      not possible to disable it.           reopens #529854 and closes: #680722
  * debian/control:
    - add Breaks/Replaces strongswan-ikev2 on libstrongswan because of moved
      plugins.                                                  closes: #681312

 -- Yves-Alexis Perez <email address hidden>  Sat, 01 Dec 2012 14:24:49 +0100
Superseded in squeeze-release on 2013-10-19
strongswan (4.4.1-5.2) stable-security; urgency=high


  * Non-maintainer upload by the Security Team.
  * debian/patches:
    - 0001-Fix-boolean-return-value-if-an-empty-RSA-signature-i added,
      backported from upstream. Fix CVE-2012-2388 (when using gmp plugin,
      zero length RSA signatures are considered valid).

 -- Yves-Alexis Perez <email address hidden>  Thu, 24 May 2012 17:12:54 +0200
Superseded in sid-release on 2012-12-01
strongswan (4.6.4-5) unstable; urgency=low


  [ Yves-Alexis Perez ]
  * debian/control:
    - and finally make libcap-dev linux-any too...
    - make -ikev1 linux-any since pluto can't be build on FreeBSD.
  * debian/rules:
    - stop installing logcheck rules manually.                  closes: #679745
    - handle non kFreeBSD more carefully                        closes: #640928
      + don't enable NM and Linux capabilities drop;
      + disable pluto (and xauth plugin);
      + don't enable farp and dhcp, enable kernel-pf{key,route} plugins
  * Handle logcheck files from dh_installlogcheck and thus name them correctly
    so they are not installed in the wrong package.             closes: #679745
  * debian/po
    - add turkish translation, thanks Atila KOÇ.                closes: #659879
  * debian/patches:
    - 04-Fixed-IPv6-source-address-lookup added, backported from upstream. 
      Fix IPv6 tunnels, broken because of bad handling of source routing.

  [ Laurent Bigonville ]
  * Do not use multi-arch paths, this makes no sense as only one instance of
    the daemon can be run and all libraries are private.
  * d/p/03_Pass-lo-as-faked-tundev-to-NM-as-it-now-needs-a-vali.patch: NM now
    requires a tundev, pass the loopback interface to make it happy
    (thanks to Martin Willi)
  * debian/control: Fix Vcs-Browser URL

 -- Yves-Alexis Perez <email address hidden>  Sat, 07 Jul 2012 14:21:03 +0200
Superseded in sid-release on 2012-07-09
strongswan (4.6.4-4) unstable; urgency=low


  * debian/control:
    - libnm-glib-vpn-dev also is linux-any, fix build-deps.

 -- Yves-Alexis Perez <email address hidden>  Sat, 30 Jun 2012 18:54:00 +0200
Superseded in sid-release on 2012-07-01
strongswan (4.6.4-3) unstable; urgency=low


  * debian/strongswan-starter.postrm
    - remove strongswan user on purge.
  * debian/rules:
    - enable gcrypt plugin.                                     closes: #600326
  * debian/libstrongswan.install:
    - ship gcrypt plugin.

 -- Yves-Alexis Perez <email address hidden>  Sat, 30 Jun 2012 17:08:08 +0200
Deleted in experimental-release (Reason: None provided.)
strongswan (4.6.4-1) experimental; urgency=low


  * New upstream release.                                       closes: #664190
    - stop including individual glib headers.                   closes: #665612
  * debian/patches:
    - drop all patches, they're all included upstream now.
  * debian/*.install:
    - drop destination path
    - libs are in ipsec folder now
    - add libradius, libtls, libtnccs and libsimaka to libstrongswan.
    - add tnc-tnccs, pkcs8 and cmac plugins to libstrongswan.
    - use multiarch paths
    - move ldap, curl, kernel-netlink and attr* plugins to libstrongswan,
      since they are used by pluto too.                         closes: #611846
  * debian/control:
    - add myself to uploaders, in hope that some others will join.
    - update standards version to 3.9.3.
    - add depend on adduser to strongswan-starter for use in maintainer
      scripts.
    - update debhelper build-dep to 9 and add dpkg-dev 1.16.2 build-dep for
      hardening support.
    - make strongswan-nm linux-any and adjust network-manager-dev build-dep to
      only happen on linux arches.                              closes: #640928
  * debian/compat bumped to 9.
  * debian/rules:
    - enable hardening flags with PIE and bindnow.
    - use multiarch paths.
    - inconditionnally enable network-manager. 
    - switch to dh.
    - ignore plugins in dh_makeshlibs.
    - don't generate maintainer scripts snippets for init scripts, it's
      already handled (atlhough we might want to change that later)
    - stop bypassing dh_installdocs.
    - disable DES and Blowfish plugin as they are under a 4 clauses BSD-like
      license.
  * debian/libstrongswan.lintian-overrides,
    debian/libstrongswan-ikev2.lintian-overrides:
    - override warning for hardening flags, we do use them.
  * debian/patches:
    - 01_fix-manpages added, fix space in NAME section.
    - 02_add-LICENSE added, add the license file from upstream not yet present
      in tarball.
  * debian/copyright completely rewritten.

 -- Yves-Alexis Perez <email address hidden>  Fri, 29 Jun 2012 21:24:37 +0200
Superseded in wheezy-release on 2013-05-01
Superseded in sid-release on 2012-07-02
strongswan (4.5.2-1.5) unstable; urgency=low


  * Non-maintainer upload.
  * Fix "package must not include /var/lock/subsys":
    don't ship /var/lock/subsys but create it in the init script.
    (Closes: #667764)

 -- gregor herrmann <email address hidden>  Fri, 15 Jun 2012 16:21:27 +0200
175 of 97 results