--- openswan-2.4.4.orig/debian/changelog
+++ openswan-2.4.4/debian/changelog
@@ -1,3 +1,73 @@
+openswan (1:2.4.4-3ubuntu1) dapper; urgency=low
+
+  * pluto_crypt.c Patch for unaligned.
+    - Thanks to Dave Miller
+  * Update build-dep to libopensc2-dev
+
+ -- Barry deFreese <bddebian@comcast.net>  Tue, 23 May 2006 05:30:51 -0400
+
+openswan (1:2.4.4-3) unstable; urgency=low
+
+  * Corrected PATCHNAME in the kernel-patch-openswan unpatch script.
+    Closes: #344852: kernel-patch-openswan: PATCHNAME=openswan in apply script 
+                     but =freeswan in unpatch
+
+ -- Rene Mayrhofer <rmayr@debian.org>  Tue, 27 Dec 2005 10:38:33 +0000
+
+openswan (1:2.4.4-2) unstable; urgency=low
+
+  * Build-depend on libkrb5-dev.
+    Closes: #344612: openswan: pluto has shared library dependency on 
+                     libkrb5support.so
+
+ -- Rene Mayrhofer <rmayr@debian.org>  Mon, 26 Dec 2005 11:22:17 +0000
+
+openswan (1:2.4.4-1) unstable; urgency=high
+
+  Reasoning for urgency high: DoS security issues.
+  * New upstream version. This is supposed to fix the other part of the DoS
+    problem.
+
+ -- Rene Mayrhofer <rmayr@debian.org>  Fri, 18 Nov 2005 19:23:49 +0000
+
+openswan (1:2.4.3-1) unstable; urgency=high
+
+  Reasoning for urgency high: DoS security issues.
+  * New upstream version.
+    Closes: Bug#339082: kernel-patch-openswan: ISAKMP implementation 
+            problems / DoS
+
+ -- Rene Mayrhofer <rmayr@debian.org>  Tue, 15 Nov 2005 15:49:44 +0000
+
+openswan (1:2.4.0-3) unstable; urgency=low
+
+  * Doh. Forgot to merge the new debconf depends from my openswan 2.2.0
+    package branch. Now again change the debconf depends to debconf |
+    debconf-2.0.
+    Closes: #332055: openswan depends on debconf without | debconf-2.0 
+                     alternate; blocks cdebconf transition
+  * Also build-depend on the new libssl (>= 0.9.8-1) now to help the 
+    transition. If you recompile this package for woody/sarge, you can safely
+    ignore this versioned build-dependency. No new API is needed this is just
+    for the ABI transition.
+
+ -- Rene Mayrhofer <rmayr@debian.org>  Mon, 10 Oct 2005 11:22:12 +0100
+
+openswan (1:2.4.0-2) unstable; urgency=low
+
+  * Module building has changed a bit for the new openswan upstream
+    releases (need additional files). Adapt the openswan-modules-source
+    package to that and also fix pfkey_v2.c to compile with kernel 2.4
+    (patches sent to upstream for future inclusion).
+    Closes: #291274: Fails to build with 2.4.29: missing Makefile
+    Closes: #273443: openswan-modules-source: doesn't build with 2.6.8 - 
+                     different from #273144 (?)
+  * Fix the postinst script (must have been a bash update that broke it).
+    Closes: #330864: openswan: postinst fails with "`make-x509-cert': not a 
+                     valid identifier" 
+
+ -- Rene Mayrhofer <rmayr@debian.org>  Fri, 30 Sep 2005 18:11:28 +0100
+
 openswan (1:2.4.0-1) unstable; urgency=low
 
   * New upstream release. This finally allows the Debian packages to be 
--- openswan-2.4.4.orig/debian/control
+++ openswan-2.4.4/debian/control
@@ -3,11 +3,11 @@
 Priority: optional
 Maintainer: Rene Mayrhofer <rmayr@debian.org>
 Standards-Version: 3.6.1.0
-Build-Depends: debhelper (>= 4.1.16), libgmp3-dev, libssl-dev, htmldoc, man2html, libcurl3-dev | libcurl2-dev, libopensc1-dev | libopensc0-dev, libldap2-dev, libpam0g-dev, bison, flex, lynx
+Build-Depends: debhelper (>= 4.1.16), libgmp3-dev, libssl-dev (>= 0.9.8-1), htmldoc, man2html, libcurl3-dev | libcurl2-dev, libopensc2-dev, libldap2-dev, libpam0g-dev, libkrb5-dev, bison, flex, lynx
 
 Package: openswan
 Architecture: any
-Pre-Depends: debconf
+Pre-Depends: debconf | debconf-2.0
 Depends: ${shlibs:Depends}, bsdmainutils, makedev | devfsd, debianutils (>=1.7), ipsec-tools, openssl, host, iproute
 Suggests: openswan-modules-source | kernel-patch-openswan, curl
 Provides: ike-server
--- openswan-2.4.4.orig/debian/kernel-patch-openswan.unpatch
+++ openswan-2.4.4/debian/kernel-patch-openswan.unpatch
@@ -5,7 +5,7 @@
 set -e
 
 ARCHITECTURE=all
-PATCHNAME=freeswan
+PATCHNAME=openswan
 PATCHDIR=/usr/src/kernel-patches/$ARCHITECTURE/openswan
 #PATCHDIR=`dirname $`/../$PATCHNAME
 
--- openswan-2.4.4.orig/debian/openswan-modules-source.rules
+++ openswan-2.4.4/debian/openswan-modules-source.rules
@@ -64,7 +64,7 @@
 build-stamp:
 	dh_testdir
 
-	$(MAKE) module OPENSWANSRCDIR=$(CURDIR) KERNELSRC=${KSRC}
+	$(MAKE) module KERNELSRC=${KSRC} OPENSWANSRCDIR=$(CURDIR)
 
 	touch build-stamp
 
@@ -73,7 +73,7 @@
 	dh_testroot
 	rm -f build-stamp configure-stamp
 
-	$(MAKE) modclean OPENSWANSRCDIR=$(CURDIR) KERNELSRC=${KSRC}
+	$(MAKE) modclean KERNELSRC=${KSRC} OPENSWANSRCDIR=$(CURDIR)
 
 	dh_clean
 
--- openswan-2.4.4.orig/debian/openswan.postinst
+++ openswan-2.4.4/debian/openswan.postinst
@@ -72,7 +72,7 @@
     fi
 }
 
-make-x509-cert() {
+make_x509_cert() {
     if [ $# -ne 12 ]; then
         echo "Error in creating X.509 certificate"
         exit 1
@@ -182,7 +182,7 @@
 				db_get openswan/x509_email_address
 				email=$RET
 				if [ -z "$email" ]; then email="."; fi
-				make-x509-cert $keylength 1500 "$newkeyfile" "$newcertfile" "$selfsigned" "$countrycode" "$statename" "$localityname" "$orgname" "$orgunit" "$commonname" "$email"
+				make_x509_cert $keylength 1500 "$newkeyfile" "$newcertfile" "$selfsigned" "$countrycode" "$statename" "$localityname" "$orgname" "$orgunit" "$commonname" "$email"
 				chmod 0600 "$newkeyfile"
 				umask 077
 				insert_private_key_filename "$newkeyfile"
--- openswan-2.4.4.orig/debian/rules
+++ openswan-2.4.4/debian/rules
@@ -171,7 +171,7 @@
 	cp -r Makefile Makefile.top Makefile.inc Makefile.ver linux/ \
 		"$(BUILDDIR)/modules/openswan"
 	cp -r lib/libcrypto "$(BUILDDIR)/modules/openswan/lib/"
-	cp -r packaging/makefiles packaging/linus \
+	cp -r packaging/makefiles packaging/linus packaging/defaults/ \
 		"$(BUILDDIR)/modules/openswan/packaging/"
 	find "$(BUILDDIR)/modules/openswan/lib/" -name "*.o" | xargs --no-run-if-empty rm
 	install --mode=644 debian/openswan-modules-source.kernel-config "$(BUILDDIR)/modules/openswan/config-all.h"
--- openswan-2.4.4.orig/linux/net/ipsec/pfkey_v2.c
+++ openswan-2.4.4/linux/net/ipsec/pfkey_v2.c
@@ -820,7 +820,9 @@
 		return 0; /* -EINVAL; */
 	}
 
+#ifdef NET_26
 	write_lock_bh(&pfkey_sock_lock);
+#endif
 
 	KLIPS_PRINT(debug_pfkey,
 		    "klips_debug:pfkey_release: "
@@ -851,7 +853,9 @@
 		    "klips_debug:pfkey_release: "
 		    "succeeded.\n");
 
+#ifdef NET_26
 	write_unlock_bh(&pfkey_sock_lock);
+#endif
 
 	return 0;
 }
--- openswan-2.4.4.orig/programs/fswcert/fswcert.c
+++ openswan-2.4.4/programs/fswcert/fswcert.c
@@ -252,7 +252,7 @@
 			X509_free(x509);
 			break;
 
-		/* default: */
+		/*default:*/
 			/* other bag entry */
 	}
 	return error;
--- openswan-2.4.4.orig/programs/pluto/pluto_crypt.c
+++ openswan-2.4.4/programs/pluto/pluto_crypt.c
@@ -146,7 +146,10 @@
 
 void pluto_crypto_helper(int fd, int helpernum)
 {
-    char reqbuf[PCR_REQ_SIZE];
+    union {
+	char reqbuf[PCR_REQ_SIZE];
+	struct pluto_crypto_req reqreal;
+    } req;
     struct pluto_crypto_req *r;
 
     signal(SIGHUP, catchhup);
@@ -159,18 +162,18 @@
     DBG(DBG_CONTROL, DBG_log("helper %d waiting on fd: %d"
 			      , helpernum, fd));
 
-    memset(reqbuf, 0, sizeof(reqbuf));
-    while(read(fd, reqbuf, sizeof(r->pcr_len)) == sizeof(r->pcr_len)) {
+    memset(req.reqbuf, 0, sizeof(req.reqbuf));
+    while(read(fd, &req.reqbuf[0], sizeof(r->pcr_len)) == sizeof(r->pcr_len)) {
 	int restlen;
 	int actlen;
 
-	r = (struct pluto_crypto_req *)reqbuf;
+	r = &req.reqreal;
 	restlen = r->pcr_len-sizeof(r->pcr_len);
 	
 	passert(restlen < (signed)PCR_REQ_SIZE);
 
 	/* okay, got a basic size, read the rest of it */
-	if((actlen= read(fd, reqbuf+sizeof(r->pcr_len), restlen)) != restlen) {
+	if((actlen= read(fd, req.reqbuf+sizeof(r->pcr_len), restlen)) != restlen) {
 	    /* faulty read. die, parent will restart us */
 	    
 	    loglog(RC_LOG_SERIOUS, "cryptographic helper(%d) read(%d)=%d failed: %s\n",
@@ -186,7 +189,7 @@
 	    loglog(RC_LOG_SERIOUS, "failed to write answer: %d", actlen);
 	    exit(2);
 	}
-	memset(reqbuf, 0, sizeof(reqbuf));
+	memset(req.reqbuf, 0, sizeof(req.reqbuf));
     }
 
     /* probably normal EOF */
@@ -470,7 +473,10 @@
  */
 void handle_helper_comm(struct pluto_crypto_worker *w)
 {
-    char reqbuf[PCR_REQ_SIZE];
+    union {
+	char reqbuf[PCR_REQ_SIZE];
+	struct pluto_crypto_req reqreal;
+    } req;
     struct pluto_crypto_req *r;
     int restlen;
     int actlen;
@@ -484,7 +490,7 @@
 			   ,w->pcw_work));
 
     /* read from the pipe */
-    actlen = read(w->pcw_pipe, reqbuf, sizeof(r->pcr_len));
+    actlen = read(w->pcw_pipe, &req.reqbuf[0], sizeof(r->pcr_len));
 
     if(actlen != sizeof(r->pcr_len)) {
 	if(actlen != 0) {
@@ -501,13 +507,13 @@
 	return;
     }
 
-    r = (struct pluto_crypto_req *)reqbuf;
+    r = &req.reqreal;
 
-    if(r->pcr_len > sizeof(reqbuf)) {
+    if(r->pcr_len > sizeof(req.reqbuf)) {
 	loglog(RC_LOG_SERIOUS, "helper(%d) pid=%d screwed up length: %lu > %lu, killing it"
 	       , w->pcw_helpernum
 	       , w->pcw_pid, (unsigned long)r->pcr_len
-               , (unsigned long)sizeof(reqbuf));
+               , (unsigned long)sizeof(req.reqbuf));
 	kill(w->pcw_pid, SIGTERM);
 	w->pcw_dead = TRUE;
 	return;
@@ -517,7 +523,7 @@
 	
     /* okay, got a basic size, read the rest of it */
     if((actlen= read(w->pcw_pipe
-		     , reqbuf+sizeof(r->pcr_len)
+		     , req.reqbuf+sizeof(r->pcr_len)
 		     , restlen)) != restlen) {
 	/* faulty read. die, parent will restart us */