radsecproxy (1.7.2-1) unstable; urgency=medium * New upstream release. * Bump Build-Depends to OpenSSL 1.1.0 (libssl-dev), as the new upstream version is now compatible with it. (Closes: #859675) * Remove --enable-fticks from configure, as it's now default and non-optional. * Update the shipped /etc/radsecproxy.conf with new (commented out) upstream directives. * Use a dedicated "radsecproxy" user to run the daemon instead of root. (Closes: #872888) * Remove dependency on docbook2x since this version ships the pregenerated manpages by default. These are now the preferred source of modification upstream, and the XMLs were removed entirely in a subsequent commit. Also adjust our path-correction patch to patch the manpages directly. * Update debian/upstream/signing-key.asc with the new upstream's key. * Update debian/control, debian/copyright and debian/watch with the project's new homepage on GitHub. * Update debian/copyright with an additional copyright author (SWITCH) and to reflect the license change, i.e. to remove GPLv2+ and update to a generic 3-clause BSD. * Add Vcs-* to point to the package's git at salsa.debian.org. * Bump debhelper compat to 11. * Bump Standards-Version to 4.3.0. -- Faidon Liambotis Tue, 08 Jan 2019 03:16:13 +0200 radsecproxy (1.6.9-1) unstable; urgency=medium * New upstream release. * Bump debhelper compatibility level to 10. - Drop dh-systemd build-dependency and the equivalent --with argument. - Drop dh-autoreconf build-dependency and the equivalent --with argument. - Drop autotools-dev build-dependency. * Drop versioned dependency on lsb-base, as it's satisfied by even very old Debian releases. * Add ProtectSystem, PrivateDevices, PrivateTmp, ProtectHome options to the systemd unit for increased security. * Bump Standards-Version to 4.0.0. -- Faidon Liambotis Fri, 04 Aug 2017 22:12:40 +0300 radsecproxy (1.6.8-1) unstable; urgency=medium * New upstream release. * Build against OpenSSL 1.0, as 1.6 series isn't compatible with OpenSSL 1.1. (Closes: #828527) * Bump Standards-Version to 3.9.8, no changes needed. * Depend on lsb-base for /lib/lsb/init-functions. * Add hardening build flags (hardening=+all). -- Faidon Liambotis Fri, 16 Dec 2016 15:59:31 +0200 radsecproxy (1.6.7-1) unstable; urgency=medium * New upstream release. * Point Homepage and debian/watch to the new website. * Bump Standards-Version to 3.9.7, no changes needed. -- Faidon Liambotis Wed, 23 Mar 2016 02:02:13 +0200 radsecproxy (1.6.5-1) unstable; urgency=medium * New upstream release. * Bump Standards-Version to 3.9.6. * Verify upstream's GPG signatures; add debian/upstream/signing-key.asc and modify debian/watch accordingly. * Minor adjustment to the long description. (Closes: #542454) * Add --retry to --stop to fix spurious restart issue. Thanks to Michael Vogt for the fix. (Closes: #711313) * Add build dependency on dh-autoreconf and autoreconf during build time, as it helps when adding new architectures to the archive. (Closes: #727952, #744500) * Add systemd unit file, along with the corresponding dh-systemd integration. * Switch pid file from /var/run to /run on both init script & systemd unit. * Rewrite debian/copyright to the machine-parseable format. -- Faidon Liambotis Wed, 22 Oct 2014 23:50:56 +0300 radsecproxy (1.6.2-1) unstable; urgency=high * Urgency set to high for a security release. * New upstream release, fixing two security issues: - When verifying clients, don't consider config blocks with CA settings ('tls') which differ from the one used for verifying the certificate chain (RADSECPROXY-43, CVE-2012-4523). Reported by Ralf Paffrath. - Fix the issue with verification of clients when using multiple 'tls' config blocks for DTLS too (RADSECPROXY-43, CVE-2012-4566). Reported by Raphael Geissert. * Drop most of debian/patches/fix_manpages, merged upstream. -- Faidon Liambotis Tue, 06 Nov 2012 12:56:27 +0200 radsecproxy (1.6-1) unstable; urgency=low * New upstream release. * Enable F-Ticks, a new upstream feature. - Add build dependency on nettle-dev. * Ship upstream's manpages. - Add build dependency on docbook2x. - Add debian/patches/fix_manpages to adapt the manpage to our filepaths. * Ship the radsecproxy-hash binary, used to calculate hashed CSI values. * Use unapply-patches & abort-on-upstream-changes local-options. * Bump debhelper compat to 9, mainly to enable hardening flags. * Bump Standards-Version to 3.9.3, no changes needed. * Add NORDUnet A/S copyright notice to debian/copyright. -- Faidon Liambotis Mon, 28 May 2012 15:56:52 +0300 radsecproxy (1.5-1) unstable; urgency=low * New upstream release. -- Faidon Liambotis Wed, 16 Nov 2011 20:49:19 +0200 radsecproxy (1.4.3-1) unstable; urgency=low * New upstream release. * Change upstream author to Linus Nordberg in debian/copyright. * Switch to 3.0 (quilt) source package format. * Bump debhelper compatibility level to 8. * Update Standards-Version to 3.9.2, no changes needed. -- Faidon Liambotis Fri, 22 Jul 2011 20:04:47 +0300 radsecproxy (1.4-1) unstable; urgency=low * New upstream release. * Add $remote_fs and $syslog to init script's Required-Start and $named to Should-Start. * Ship naptr-eduroam.sh script along with the README in examples. -- Faidon Liambotis Sat, 12 Jun 2010 18:30:04 +0300 radsecproxy (1.3.1-1) unstable; urgency=low * New upstream release. * Bump Standards-Version to 3.8.2, no changed needed. * Build-Depend on debhelper >= 7.0.50 because of the use of overrides in dh. -- Faidon Liambotis Wed, 05 Aug 2009 12:49:20 +0300 radsecproxy (1.3-1) unstable; urgency=low * Initial release. (Closes: #532481) -- Faidon Liambotis Tue, 16 Jun 2009 05:13:48 +0300