openconnect (8.02-1+deb10u1) buster-security; urgency=high * Non-maintainer upload by the Security Team. * Close HTTPS connection on failure returns from process_http_response() * Fix buffer overflow with chunked HTTP handling (CVE-2019-16239) (Closes: #940871) -- Salvatore Bonaccorso Sun, 19 Jan 2020 00:05:50 +0100 openconnect (8.02-1) unstable; urgency=medium [ Mike Miller ] * New upstream version 8.02 * d/p/fix-ftbfs-ipv6-tclass-undeclared.patch: Drop patch, applied upstream * d/u/signing-key.asc: Use export-minimal to compact upstream release signing key * d/watch: Bump format version to 4 * Add autopkgtest to run the upstream test suite [ Daniel Lenski ] * Update package descriptions to reflect multi-protocol support -- Mike Miller Fri, 25 Jan 2019 23:11:38 -0800 openconnect (8.01-1) unstable; urgency=medium * New upstream version 8.01 (Closes: #918529) * Drop patches applied upstream or no longer needed - d/p/add-logout-juniper.patch, applied upstream - d/p/fix-tests-shell-syntax.patch, applied upstream - d/p/softhsm2-module-workaround.patch, no longer needed * d/libopenconnect5.{shlibs,symbols}: Update for new release * d/libopenconnect5.symbols: Add Build-Depends-Package field * d/openconnect.install: Include usr/libexec/openconnect shell scripts * d/copyright: Refresh copyright information for new upstream release * Add Build-Depends on libgcrypt20-dev, libtasn1-6-dev, and libtss2-dev * Update Build-Depends on ocserv (>= 0.12.1-2) to fix failing unit tests (Closes: #917715) * Add Build-Depends on locales-all for new test * Add Build-Depends on debhelper-compat, delete d/compat * Bump debhelper compatibility level to 12 * d/rules: - Build with --disable-dsa-tests to skip DSA keys in unit tests - Drop unsupported dh --list-missing option - Include /usr/share/dpkg/pkg-info.mk for package version - Drop cruft trying to save and restore generated source files - Drop obsolete configure options --disable-static and --with-system-cafile * d/clean: Delete autogenerated version.c on clean * d/s/options: Ignore changes to tokens as a side effect of running tests * Bump Standards-Version to 4.3.0, no changes needed -- Mike Miller Thu, 10 Jan 2019 11:54:02 -0800 openconnect (7.08-3) unstable; urgency=medium * d/p/add-logout-juniper.patch: New patch, add logout to Juniper VPN. Thanks to Daniel Lenski (LP: #1655279) -- Mike Miller Sun, 25 Feb 2018 15:00:56 -0800 openconnect (7.08-2) unstable; urgency=medium * d/p/fix-ftbfs-ipv6-tclass-undeclared.patch: New patch, fix FTBFS on GNU/Hurd * d/control, d/rules: Migrate to automatic dbgsym packages * Bump debhelper compatibility level to 11 * d/copyright: Bump copyright to 2018 for debian/* * d/control: - Mention Pulse Connect and Juniper in Description (Closes: #881338) - Update Vcs-* fields for migration to salsa.d.o - Bump Standards-Version to 4.1.3, no changes needed -- Mike Miller Fri, 23 Feb 2018 15:28:37 -0800 openconnect (7.08-1) unstable; urgency=medium * New upstream version 7.08 - Fix MTU detection (Closes: #847135) * d/libopenconnect5.{shlibs,symbols}: Update for new release * d/p/juniper-content-length.patch: Drop, applied upstream * d/p/fix-tests-shell-syntax.patch: Fix test suite shell bashisms * d/p/softhsm2-module-workaround.patch: Hard-code Debian location of libsofthsm2.so * d/control: - Add Build-Depends: libsocket-wrapper, libuid-wrapper, ocserv, openssl, and softhsm2 for test suite - Add Build-Depends: libpcsclite-dev to enable Yubikey support (LP: #1649227) - Add Build-Depends: dpkg-dev (>= 1.17.14) for build profiles support - Drop obsolete Build-Depends: liboath-dev - Reorder fields according to "cme fix dpkg-control" * Bump debhelper compatibility level to 10 * Drop explicit dependency on dh-autoreconf and disabling silent rules, now enabled by default -- Mike Miller Sat, 24 Dec 2016 10:50:15 -0800 openconnect (7.07-2) unstable; urgency=medium * d/rules: Build with --as-needed to remove indirect lib dependencies * d/control: Add Depends: liblz4-dev for libopenconnect-dev (Closes: 846706) * d/control: Use canonical repository URL for Vcs-Browser * d/copyright: Refresh copyright information * d/copyright: Update Format using "cme fix dpkg-copyright" -- Mike Miller Thu, 08 Dec 2016 15:05:19 -0800 openconnect (7.07-1) unstable; urgency=medium * New upstream release. - Fix spelling of "sí" in Spanish translation. (Closes: #792073) - Fix handling of KMP message with --juniper. (Closes: #833466) * Add Build-Depends on libkrb5-dev, enables GSSAPI support. (Closes: #830905) * d/p/juniper-content-length.patch: Add Content-Length header to mimic official pulse client. (Closes: #845184) * Update libopenconnect5 shlibs and symbols files. * debian/rules: Update list of distributed files to back up and restore. * Use https URI for Vcs-* control fields. * Bump Standards-Version to 3.9.8. No changes needed. -- Mike Miller Fri, 25 Nov 2016 12:22:01 -0800 openconnect (7.06-2) unstable; urgency=medium * Upload to unstable. -- Mike Miller Mon, 25 May 2015 17:32:01 -0400 openconnect (7.06-1) experimental; urgency=medium * New upstream release. (Closes: #776235) * Bump libopenconnect soname (3 -> 5) and update symbols file. * Add Build-Depends on liblz4-dev for LZ4 compression. * debian/rules: - Update list of distributed files to back up and restore. - Ensure version.c gets the right upstream or Debian version string. - Allow build rules to work on a git snapshot tree. * debian/copyright: Refresh for new upstream release. * Bump Standards-Version to 3.9.6. No changes needed. -- Mike Miller Sun, 05 Apr 2015 23:12:29 -0400 openconnect (6.00-2) unstable; urgency=medium * 01_fix-double-free.patch: Fix double free when PKCS#11 token does not include CA certs. (Closes: #781240) Thanks to Laurent Bigonville. -- Mike Miller Thu, 26 Mar 2015 08:34:14 -0400 openconnect (6.00-1) unstable; urgency=medium * New upstream release, upload to unstable. - Fix regression breaking PKCS#11 token support. (Closes: #744214, LP: #1308054) * doc-remove-footer.patch: Remove, applied upstream. * Update libopenconnect3 shlibs and symbols files. -- Mike Miller Tue, 08 Jul 2014 22:33:31 -0400 openconnect (5.99-2) experimental; urgency=medium * Build against GnuTLS 3.x, drop OpenSSL. (Closes: #742755) - Add Build-Depends on libgnutls28-dev rather than libgnutls-dev. - Drop Build-Depends on libssl-dev. - Remove OpenSSL-specific private function from libopenconnect3.symbols. - fix-gnutls-2.x-build.patch: Drop patch no longer needed when building against GnuTLS 3.x. * Add Depends on liboath-dev for libopenconnect-dev. * Add Build-Depends on libstoken-dev for RSA software token support. * Build openconnect-dbg and libopenconnect3-dbg debug symbol packages. * debian/rules: Back up and restore upstream files touched by dh-autoreconf. * debian/upstream/signing-key.asc: Store upstream PGP signing key in ASCII-armored format. * Run wrap-and-sort on debian/control and debian/*.install. -- Mike Miller Thu, 03 Apr 2014 09:14:07 -0400 openconnect (5.99-1) experimental; urgency=medium * New upstream release. * Bump libopenconnect soname (2 -> 3) and update symbols file. * doc-remove-footer.patch: Refresh patch from upstream git commit. * fix-gnutls-2.x-build.patch: Cherry-pick from upstream git to fix building against GnuTLS 2.x. * debian/copyright: Refresh for new upstream release. -- Mike Miller Thu, 06 Mar 2014 22:50:40 -0500 openconnect (5.03-1) unstable; urgency=medium * New upstream release. -- Mike Miller Tue, 11 Feb 2014 22:43:03 -0500 openconnect (5.02-1) unstable; urgency=medium * New upstream release. - Temporarily disable XML POST if an authgroup dropdown exists. (LP: #1229195) * doc-remove-footer.patch: Remove footer from HTML doc template, it links to images from www.w3.org. * debian/control: Use lowercase for package synopsis. * debian/copyright: Fix some omissions in the copyright listing. * debian/rules: No need to explicitly set CFLAGS/CPPFLAGS/LDFLAGS. * debian/watch: Add support for verification of PGP signature on upstream release. * Use my @debian.org address. * Bump Standards-Version to 3.9.5. No changes needed. -- Mike Miller Sun, 12 Jan 2014 15:30:14 -0500 openconnect (5.01-1) unstable; urgency=low * New upstream release. - Fix abuse of realloc() causing memory leaks. (Closes: #700805) - Fix compatibility with certain connection forms. (Closes: #708207) - Improve error handling when server closes connection. (Closes: #708928) * Update shlibs and symbols files for libopenconnect2. * debian/rules: Do not check for broken DTLS in OpenSSL, it has been patched in the Debian openssl package. * Add Build-Depends on liboath-dev. * Add missing explicit dependency on zlib1g-dev - Add Build-Depends on zlib1g-dev. - Add Depends on zlib1g-dev to libopenconnect-dev. -- Mike Miller Sun, 02 Jun 2013 11:18:58 -0400 openconnect (4.99-2) unstable; urgency=low * Upload to unstable. -- Mike Miller Tue, 07 May 2013 19:46:22 -0400 openconnect (4.99-1) experimental; urgency=low * New upstream release (5.00 beta release). * Update symbols file for libopenconnect2. * Bump Standards-Version to 3.9.4. No changes needed. * Remove obsolete DM-Upload-Allowed control field. * Canonicalize Vcs-* control fields. -- Mike Miller Fri, 15 Feb 2013 09:14:15 -0500 openconnect (4.07-1) experimental; urgency=low * New upstream release. -- Mike Miller Sat, 01 Sep 2012 10:07:59 -0400 openconnect (4.06-1) experimental; urgency=low * New upstream release. * debian/patches/01-Check-for-system-CA-certificate-file-for-GnuTLS.patch: Remove, applied upstream. -- Mike Miller Mon, 23 Jul 2012 23:30:35 -0400 openconnect (4.05-1) experimental; urgency=low * New upstream release. * Use dh-autoreconf to regenerate the build system. * debian/patches/01-Check-for-system-CA-certificate-file-for-GnuTLS.patch: Cherry-pick from upstream to allow configuring the default CA certificate path. * Configure with the path to the ca-certificates bundle. * Add Recommends: ca-certificates to libopenconnect2 to use its provided certificates by default. * Build-depend on groff for building HTML docs. -- Mike Miller Sat, 21 Jul 2012 15:29:27 -0400 openconnect (4.04-1~exp1) experimental; urgency=low * New upstream release. (Closes: #677939) * Remove 01_man-vpnc-script-path.patch, applied upstream. * Bump libopenconnect soname (1 -> 2) and update symbols file. * Build against GnuTLS. - Build-depend on libgnutls-dev (>= 2.12.16). - Build-depend on libp11-kit-dev. - Still build-depend on libssl-dev for openconnect executable only. * Enable verbose build (V=1) for more useful build logs. * Bump debhelper compatibility to version 9. * Set Multi-Arch: same and update library install paths for multiarch. -- Mike Miller Tue, 10 Jul 2012 23:21:17 -0400 openconnect (3.20-4) unstable; urgency=low * debian/patches/03_fix-abuse-of-realloc.patch: Backport patch from upstream to fix possible memory leaks on realloc. (Closes: #700805) -- Mike Miller Thu, 28 Feb 2013 23:42:31 -0500 openconnect (3.20-3) unstable; urgency=low * debian/patches/02_CVE-2012-6128.patch: Backport patch from upstream to fix buffer overflow (CVE-2012-6128). (Closes: #700794) -- Mike Miller Sun, 17 Feb 2013 11:56:35 -0500 openconnect (3.20-2) unstable; urgency=low * Depend on vpnc-scripts for routing and DNS configuration. (Closes: #566193) * Add 01_man-vpnc-script-path.patch to fix man page to match the default vpnc-script path in Debian. * Add DM-Upload-Allowed flag. -- Mike Miller Wed, 06 Jun 2012 08:45:27 -0400 openconnect (3.20-1) unstable; urgency=low * New upstream release. * Update debian/copyright for 2012. * Update libopenconnect1.symbols for versioned shared library ABI. -- Mike Miller Thu, 17 May 2012 22:06:31 -0400 openconnect (3.18-1) unstable; urgency=low * New upstream release -- Mike Miller Wed, 02 May 2012 21:02:47 -0400 openconnect (3.17-1) unstable; urgency=low * New upstream release - Simplify install path for HTML docs - Add required configuration path to vpnc script * Use dpkg-buildflags for compiler options, support hardened build * Add Vcs-* fields for the git repository -- Mike Miller Sat, 21 Apr 2012 08:48:41 -0400 openconnect (3.16-1) unstable; urgency=low * New upstream release - Fix FTBFS on kfreebsd and hurd (Closes: #667996) * Build and install HTML docs, copy the upstream changelog * Fix Homepage address * Remove debian/TODO, contents all done -- Mike Miller Mon, 09 Apr 2012 21:27:54 -0400 openconnect (3.15-2) unstable; urgency=low * Fix minimum version for shared library symbol -- Mike Miller Sat, 31 Mar 2012 09:38:14 -0400 openconnect (3.15-1) unstable; urgency=low * New maintainer * New upstream release (Closes: #619967, #637362) - Package new shared library, remove static library - Remove fix-link.patch, already in 3.15 * Update description from upstream homepage (Closes: #521831) * Update debian/copyright to machine-readable format 1.0 * Clean up package dependencies - Add deps on libssl-dev and libxml2-dev for -dev package - Add libproxy to build-deps and library deps * Bump Standards-Version to 3.9.3 -- Mike Miller Wed, 28 Mar 2012 22:49:19 -0400 openconnect (3.02-2) unstable; urgency=low * Upload to unstable. -- Ross Burton Wed, 11 May 2011 11:55:34 +0100 openconnect (3.02-1) experimental; urgency=low * New upstream release * Add patch from upstream to fix linking on Debian -- Ross Burton Wed, 11 May 2011 11:55:34 +0100 openconnect (2.25-0.1+squeeze2) stable-security; urgency=high * debian/patches/02_CVE-2012-6128.patch: Backport patch from upstream to fix buffer overflow (CVE-2012-6128). -- Mike Miller Wed, 13 Feb 2013 19:55:03 -0500 openconnect (2.25-0.1+squeeze1) stable-security; urgency=high * Apply patch from upstream to fix buffer overflow (CVE-2012-3291) -- Mike Miller Thu, 14 Jun 2012 02:56:51 -0400 openconnect (2.25-0.1) unstable; urgency=low * Non-maintainer upload. * New upstream release (Closes: #566188) - always verify SSL server certificates (Closes: #590873) -- Dominic Hargreaves Sat, 28 Aug 2010 11:21:16 +0100 openconnect (2.22-1.1) unstable; urgency=low * Non-maintainer upload. * Fix kFreeBSD detection (Closes: #577004) using patch from Petr Salinger -- Christoph Egger Sat, 17 Jul 2010 16:06:33 -0400 openconnect (2.22-1) unstable; urgency=low * New upstream release -- Rob Bradford Thu, 25 Mar 2010 16:11:35 +0000 openconnect (2.01-1) unstable; urgency=low * New upstream release. -- Ross Burton Wed, 24 Jun 2009 19:17:44 +0100 openconnect (2.00-1) unstable; urgency=low * New upstream release. * Add fixes from upstream up to rev d45d92 -- Ross Burton Tue, 16 Jun 2009 15:32:46 +0100 openconnect (1.40-1) unstable; urgency=low * New upstream release. -- Ross Burton Wed, 27 May 2009 15:50:36 +0100 openconnect (1.00-1) unstable; urgency=low * New upstream release - Remove leak.patch * Reword the description -- Ross Burton Wed, 18 Mar 2009 10:45:13 +0000 openconnect (0.99-2) unstable; urgency=low * Add patch from upstream to fix chronic memory leak. -- Ross Burton Fri, 06 Feb 2009 15:50:54 +0000 openconnect (0.99-1) unstable; urgency=low * New upstream release. * Update copyright information * Add watch file * Add Homepage field -- Ross Burton Thu, 15 Jan 2009 13:26:25 +0000 openconnect (0.98-3) unstable; urgency=low * Bump Standards * Add misc:Depends * Remove vpnc wrapper and depends -- Ross Burton Wed, 14 Jan 2009 12:21:50 +0000 openconnect (0.98-2) unstable; urgency=low * Disable the GTK+ UI, so that Network Manager support works. -- Ross Burton Wed, 14 Jan 2009 11:22:20 +0000 openconnect (0.98-1) unstable; urgency=low * New upstream release. * Add more netmasks (thanks Shane Bryan) -- Ross Burton Sat, 15 Nov 2008 11:55:18 +0000 openconnect (0.96-1) unstable; urgency=low * New upstream release. * Enable the GTK+ passcode dialog -- Ross Burton Tue, 28 Oct 2008 09:29:21 +0000 openconnect (0.95.1-2) unstable; urgency=low * Install the NM helper into the correct location. -- Ross Burton Fri, 24 Oct 2008 16:15:20 +0100 openconnect (0.95.1-1) unstable; urgency=low * Initial packaging. -- Ross Burton Thu, 23 Oct 2008 12:01:37 +0100