Am Freitag 15 April 2011, um 19:33:05 schrieb Adam D. Barratt: > On Wed, 2011-04-06 at 21:46 +0200, René Mayrhofer wrote: > > I have now integrated the cherry-picked upstream patch into my > > strongswan-sqeeze branch at the alioth git repository > > (ssh://alioth.debian.org/git/pkg-swan/strongswan.git). As mentioned in > > the bug report, it applies cleanly and is an isolated fix for a bug in > > version 4.4.1 that impacts some clients. > > It looks like we managed to miss this when it was originally sent; > apologies for that. However, a lack of response should only be treated > as that, not as an implicit ack for an upload. I will remember that for future uploads. > Why have the configure options in debian/rules been modified, with no > mention of this in the changelog? So far as I can see, --enable-pkcs11, > --enable-eap-tls, --enable-eap-ttls and --enable-led have been added. > The addition of "--enable-nat-transport" /is/ mentioned in the > changelog, but was not mentioned in your mail to -release. Sorry about that, I only mentioned the last change that actually triggered the desire to get it into proposed-updates for squeeze. The other changes were made in my squeeze branch of strongswan that I use in production for the Gibraltar firewall. Enabling the additional modules was required in some cases but should not lead to any regressions, as these modules need to be enabled explicitly in the config file to be used. With default config, that means no changes to the previous version in squeeze. > There are also several other changes related to the removal and > re-enabling under certain circumstances of the Network Manager support. > The associated comments indicate that this change was intended to ease > backports, so I'm not sure why this is being included in a stable > update; again, these changes are not mentioned in the changelog. > > Furthermore, the n-m changes are actually buggy: > > + CONFIGUREARS += --enable-nm > > That should presumably be CONFIGUREAR*G*S. Thanks for spotting that, I have fixed it in my git branch. The change was indeed made for the same in-production packages we use, as the older version of Gibraltar firewall is based on Lenny and we backport important packages such as strongswan. The current version has been tested by us on many fireewalls and by the original bug reporter without any regressions being found. Would you prefer that I upload a new package with the fix to debian/rules network-manager handling with a new version or just again with the same one? best regards, Rene
Attachment:
signature.asc
Description: This is a digitally signed message part.