Dear release team,
please unblock the new 2.6.28+dfsg-4 openswan upload, it includes two fixes for
Windows/MacOS compatibility as well as patch which enhances the upgrade process
and makes the package more lintian clean. If there arise any problems please cc
me when mailing as I'm not subscribed to this list. Attached is a
> debdiff openswan_2.6.28+dfsg-3.dsc openswan_2.6.28+dfsg-4.dsc
which should point out all changes.
Thanks for your help
Harald Jenny
diff -Nru openswan-2.6.28+dfsg/debian/changelog
openswan-2.6.28+dfsg/debian/changelog
--- openswan-2.6.28+dfsg/debian/changelog 2010-09-28 11:24:17.000000000
+0200
+++ openswan-2.6.28+dfsg/debian/changelog 2010-11-26 10:01:06.000000000
+0100
@@ -1,3 +1,20 @@
+openswan (1:2.6.28+dfsg-4) unstable; urgency=medium
+
+ [Harald Jenny]
+ * Picked up patch from 2.6.29 to fix issue with L2TP and transport mode
+ IPSec.
+ * Created patch to allow line break in manpage and removed corresponding
+ lintian override.
+ * Added ${misc:Depends} to doc package and removed override.
+ * Set urgency to medium due to backported NETKEY patch.
+ * Added two other CVE numbers to previous changelog entry.
+ * Picked up patch from 2.6.30 to fix issue with Windows XP L2TP connect.
+ * Added a patch to enhance the init script's error checking when doing
+ start/restart/reload (forwarded upstream for inclusion).
+ * Removed lintian override for debug package linking to openswan docs.
+
+ -- Harald Jenny <har...@a-little-linux-box.at> Thu, 25 Nov 2010 18:27:08
+0100
+
openswan (1:2.6.28+dfsg-3) unstable; urgency=HIGH
[Harald Jenny]
@@ -13,7 +30,7 @@
* Changed Vcs-Fields as Debian project switched from svn to git.
* Bump Standards for binary module package to 3.9.1 (no changes needed).
* Added upstream security patch fixing XAUTH Cisco handling code
- (CVE-2010-3302, CVE-2010-3308).
+ (CVE-2010-3302, CVE-2010-3308, CVE-2010-3752, CVE-2010-3753).
* Set urgency to HIGH due to included security fix.
* Added lintian override for docs in debug package.
diff -Nru openswan-2.6.28+dfsg/debian/control
openswan-2.6.28+dfsg/debian/control
--- openswan-2.6.28+dfsg/debian/control 2010-09-28 11:24:17.000000000 +0200
+++ openswan-2.6.28+dfsg/debian/control 2010-11-26 10:01:06.000000000 +0100
@@ -46,6 +46,7 @@
Package: openswan-doc
Architecture: all
Section: doc
+Depends: ${misc:Depends}
Description: Internet Key Exchange daemon - documentation
Openswan is an IPsec based VPN solution for the Linux kernel. It can use the
native IPsec stack as well as the KLIPS kernel module. Both IKEv1 and IKEv2
diff -Nru openswan-2.6.28+dfsg/debian/openswan-dbg.lintian-overrides
openswan-2.6.28+dfsg/debian/openswan-dbg.lintian-overrides
--- openswan-2.6.28+dfsg/debian/openswan-dbg.lintian-overrides 2010-09-28
11:24:17.000000000 +0200
+++ openswan-2.6.28+dfsg/debian/openswan-dbg.lintian-overrides 1970-01-01
01:00:00.000000000 +0100
@@ -1,2 +0,0 @@
-# we take care of the correct link
-openswan-dbg:
cannot-check-whether-usr-share-doc-symlink-points-to-foreign-package
diff -Nru openswan-2.6.28+dfsg/debian/openswan.lintian-overrides
openswan-2.6.28+dfsg/debian/openswan.lintian-overrides
--- openswan-2.6.28+dfsg/debian/openswan.lintian-overrides 2010-09-28
11:24:17.000000000 +0200
+++ openswan-2.6.28+dfsg/debian/openswan.lintian-overrides 2010-11-26
10:01:06.000000000 +0100
@@ -4,5 +4,3 @@
openswan: non-standard-dir-perm var/lib/openswan/ 0700 != 0755
# we have a right link in it too
openswan: copyright-refers-to-symlink-license usr/share/common-licenses/GPL
-# the config param in this line shouldn't be splitted
-openswan: manpage-has-errors-from-man usr/share/man/man5/ipsec.conf.5.gz 1018:
warning [p 13, 0.7i]: can't break line
diff -Nru openswan-2.6.28+dfsg/debian/patches/00list
openswan-2.6.28+dfsg/debian/patches/00list
--- openswan-2.6.28+dfsg/debian/patches/00list 2010-09-28 11:24:17.000000000
+0200
+++ openswan-2.6.28+dfsg/debian/patches/00list 2010-11-26 10:01:06.000000000
+0100
@@ -1,5 +1,9 @@
01-2.6.26-2.6.28-CVE-2010-330x.dpatch
02-CVE-2010-330x-patch-regression-fix.dpatch
+05-NETKEY-transport-mode+l2tp-fix.dpatch
+06-Windows_XP-NAT_OA-l2tp-fix.dpatch
+08-initd-configcheck.dpatch
33-programs--pluto--makefile.options--libs.dpatch
43-programs--pluto--ipsec.secrets.5-fixes.dpatch
+49-programs--_confread--ipsec.conf.5-linebreak.dpatch
50-manpages-bad-whatis--multibyte-chars.dpatch
diff -Nru
openswan-2.6.28+dfsg/debian/patches/05-NETKEY-transport-mode+l2tp-fix.dpatch
openswan-2.6.28+dfsg/debian/patches/05-NETKEY-transport-mode+l2tp-fix.dpatch
---
openswan-2.6.28+dfsg/debian/patches/05-NETKEY-transport-mode+l2tp-fix.dpatch
1970-01-01 01:00:00.000000000 +0100
+++
openswan-2.6.28+dfsg/debian/patches/05-NETKEY-transport-mode+l2tp-fix.dpatch
2010-11-26 10:01:06.000000000 +0100
@@ -0,0 +1,150 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## /tmp/NETKEY-transport-mode+l2tp-fix.patch.dpatch by Paul Wouters
<p...@xelerance.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fdebd
+## DP: Author: Paul Wouters <p...@xelerance.com>
+## DP:
+## DP:
+## DP: Fixes issue where IPSec transport mode+L2TP wrongly
+## DP: triggered opportunistic encryption code.
+
+...@dpatch@
+
+diff --git a/programs/pluto/initiate.c b/programs/pluto/initiate.c
+index f323576..5db0116 100644
+--- a/programs/pluto/initiate.c
++++ b/programs/pluto/initiate.c
+@@ -302,7 +302,7 @@ restart_connections_by_peer(struct connection *c)
+ }
+
+ /* (Possibly) Opportunistic Initiation:
+- * Knowing clients (single IP addresses), try to build an tunnel.
++ * Knowing clients (single IP addresses), try to build a tunnel.
+ * This may involve discovering a gateway and instantiating an
+ * Opportunistic connection. Called when a packet is caught by
+ * a %trap, or when whack --oppohere --oppothere is used.
+@@ -401,10 +401,10 @@ cannot_oppo(struct connection *c
+ struct state *st;
+
+ passert(c->kind == CK_TEMPLATE);
+- passert(c->policy_next->kind == CK_PERMANENT);
++ passert(nc->kind == CK_PERMANENT);
+
+ DBG(DBG_OPPO, DBG_log("OE failed for %s to %s, but %s overrides shunt"
+- , ocb, pcb, c->policy_next->name));
++ , ocb, pcb, nc->name));
+
+ /*
+ * okay, here we need add to the "next" policy, which is ought
+@@ -469,25 +469,23 @@ cannot_oppo(struct connection *c
+ return;
+ }
+
+-#ifdef KLIPS
++#ifdef KLIPS /* This should really be 'if opportunistic is supported' -
netlink has acquires too */
+ if (b->held)
+ {
+ int failure_shunt = b->failure_shunt;
+
+ /* Replace HOLD with b->failure_shunt.
+- * If no b->failure_shunt specified, use SPI_PASS -- THIS MAY CHANGE.
++ * If no failure_shunt specified, use SPI_PASS -- THIS MAY CHANGE.
+ */
+- if (b->failure_shunt == 0)
++ if (failure_shunt == 0)
+ {
+- DBG(DBG_OPPO, DBG_log("no explicit failure shunt for %s to %s;
installing %%pass"
++ DBG(DBG_OPPO, DBG_log("no explicit failure shunt for %s to %s;
removing spurious hold shunt"
+ , ocb, pcb));
+- failure_shunt = SPI_PASS;
+ }
+-
+ (void) replace_bare_shunt(&b->our_client, &b->peer_client
+ , b->policy_prio
+ , failure_shunt
+- , failure_shunt == SPI_PASS
++ , failure_shunt != 0
+ , b->transport_proto
+ , ughmsg);
+ }
+@@ -753,10 +751,10 @@ initiate_ondemand_body(struct find_oppo_bundle *b
+ cannot_oppo(NULL, b, "impossible IP address");
+ work = 0;
+ }
+- else if ((c = find_connection_for_clients(&sr
++ else if (!(c = find_connection_for_clients(&sr
+ , &b->our_client
+ , &b->peer_client
+- , b->transport_proto)) == NULL)
++ , b->transport_proto)))
+ {
+ /* No connection explicitly handles the clients and there
+ * are no Opportunistic connections -- whine and give up.
+diff --git a/programs/pluto/kernel.c b/programs/pluto/kernel.c
+index 8ee503c..d76adfe 100644
+--- a/programs/pluto/kernel.c
++++ b/programs/pluto/kernel.c
+@@ -118,7 +118,7 @@ DBG_bare_shunt_log(const char *op, const struct bare_shunt
*bs)
+ subnettot(&(bs)->his, 0, hist, sizeof(hist));
+ satot(&(bs)->said, 0, sat, sizeof(sat));
+ fmt_policy_prio(bs->policy_prio, prio);
+- DBG_log("%s bare shunt %p %s:%d -%d-> %s:%d => %s %s %s"
++ DBG_log("%s bare shunt %p %s:%d --%d--> %s:%d => %s %s %s"
+ , op, (const void *)(bs), ourst, ourport,
(bs)->transport_proto, hist, hisport
+ , sat, prio, (bs)->why);
+ });
+@@ -133,7 +133,7 @@ record_and_initiate_opportunistic(const ip_subnet *ours
+ {
+ passert(samesubnettype(ours, his));
+
+- /* Add to bare shunt list.
++ /* Add the kernel shunt to the pluto bare shunt list.
+ * We need to do this because the shunt was installed by KLIPS
+ * which can't do this itself.
+ */
+@@ -967,7 +967,7 @@ clear_narrow_holds(
+ (void) replace_bare_shunt(&p->ours.addr, &p->his.addr
+ , BOTTOM_PRIO
+ , SPI_PASS /* not used */
+- , FALSE, 0
++ , FALSE, transport_proto
+ , "removing clashing narrow holds");
+
+ /* restart from beginning as we just removed and entry */
+@@ -1033,7 +1033,7 @@ replace_bare_shunt(const ip_address *src, const
ip_address *dst
+
+ bs->ours = this_broad_client;
+ bs->his = that_broad_client;
+- bs->transport_proto = 0;
++ bs->transport_proto = transport_proto;
+ bs->said.proto = SA_INT;
+ bs->why = clone_str(why, "bare shunt story");
+ bs->policy_prio = policy_prio;
+@@ -1083,9 +1083,12 @@ replace_bare_shunt(const ip_address *src, const
ip_address *dst
+ struct bare_shunt **bs_pp = bare_shunt_ptr(&this_client
+ , &that_client, 0);
+
++ passert(bs_pp != NULL);
+ if (repl)
+ {
+- /* change over to new bare eroute */
++ /* change over to new bare eroute
++ * ours, his, transport_proto are the same.
++ */
+ struct bare_shunt *bs = *bs_pp;
+
+ pfree(bs->why);
+diff --git a/programs/pluto/kernel_netlink.c b/programs/pluto/kernel_netlink.c
+index 4a4456d..b44d705 100644
+--- a/programs/pluto/kernel_netlink.c
++++ b/programs/pluto/kernel_netlink.c
+@@ -457,7 +457,7 @@ netlink_raw_eroute(const ip_address *this_host
+ , const ip_subnet *that_client
+ , ipsec_spi_t spi
+ , unsigned int proto
+- , unsigned int transport_proto UNUSED
++ , unsigned int transport_proto
+ , enum eroute_type esatype
+ , const struct pfkey_proto_info *proto_info
+ , time_t use_lifetime UNUSED
diff -Nru
openswan-2.6.28+dfsg/debian/patches/06-Windows_XP-NAT_OA-l2tp-fix.dpatch
openswan-2.6.28+dfsg/debian/patches/06-Windows_XP-NAT_OA-l2tp-fix.dpatch
--- openswan-2.6.28+dfsg/debian/patches/06-Windows_XP-NAT_OA-l2tp-fix.dpatch
1970-01-01 01:00:00.000000000 +0100
+++ openswan-2.6.28+dfsg/debian/patches/06-Windows_XP-NAT_OA-l2tp-fix.dpatch
2010-11-26 10:01:06.000000000 +0100
@@ -0,0 +1,35 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## /tmp/Windows_XP-NAT_OA-l2tp-fix.patch.dpatch by Wolfgang Nothdurft
<wolfg...@linogate.de>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: cebnd
+## DP: Author: Wolfgang Nothdurft <wolfg...@linogate.de>
+## DP:
+## DP:
+## DP: Fixes an issue where, when both Windows 7 and XP are used,
+## DP: XP can't establish the L2TP over IPSec connection.
+
+...@dpatch@
+
+diff --git a/programs/pluto/ikev1_quick.c b/programs/pluto/ikev1_quick.c
+index 86bcb3f..d3c26de 100644
+--- a/programs/pluto/ikev1_quick.c
++++ b/programs/pluto/ikev1_quick.c
+@@ -1224,11 +1224,12 @@ quick_inI1_outR1(struct msg_digest *md)
+ hv = p1st->hidden_variables;
+ nat_traversal_natoa_lookup(md, &hv);
+
+- addrtosubnet(&hv.st_nat_oa,&b.his.net);
+- subnettot(&b.his.net, 0, subnet_buf, sizeof(subnet_buf));
+-
+- loglog(RC_LOG_SERIOUS, "IDci was FQDN: %s, using NAT_OA=%s as IDci"
+- , idfqdn, subnet_buf);
++ if (!isanyaddr(&hv.st_nat_oa)){
++ addrtosubnet(&hv.st_nat_oa,&b.his.net);
++ subnettot(&b.his.net, 0, subnet_buf, sizeof(subnet_buf));
++ loglog(RC_LOG_SERIOUS, "IDci was FQDN: %s, using NAT_OA=%s %d
as IDci"
++ , idfqdn, subnet_buf,isanyaddr(&hv.st_nat_oa));
++ }
+ }
+ #endif
+ }
diff -Nru openswan-2.6.28+dfsg/debian/patches/08-initd-configcheck.dpatch
openswan-2.6.28+dfsg/debian/patches/08-initd-configcheck.dpatch
--- openswan-2.6.28+dfsg/debian/patches/08-initd-configcheck.dpatch
1970-01-01 01:00:00.000000000 +0100
+++ openswan-2.6.28+dfsg/debian/patches/08-initd-configcheck.dpatch
2010-11-26 10:01:06.000000000 +0100
@@ -0,0 +1,83 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## /tmp/initd-configcheck.patch.dpatch by Harald Jenny
<har...@a-little-linux-box.at>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: jdefg
+## DP: Author: Harald Jenny <har...@a-little-linux-box.at>
+## DP:
+## DP:
+## DP: check ipsec config before doing start/restart/reload
+
+...@dpatch@
+
+diff --git a/programs/setup/setup.in b/programs/setup/setup.in
+index bf233fb..ce7064d 100755
+--- a/programs/setup/setup.in
++++ b/programs/setup/setup.in
+@@ -68,6 +68,9 @@ then
+ export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
+ fi
+
++# Does not make any sense at all to continue without the main binary
++test -x $IPSEC_SBINDIR/ipsec || exit 5
++
+ # misc setup
+ umask 022
+
+@@ -75,21 +78,27 @@ mkdir -p /var/run/pluto
+
+ RETVAL=0
+
++verify_config() {
++ test -f $IPSEC_CONFS/ipsec.conf || exit 6
++
++ config_error=`ipsec addconn --configsetup 2>&1 >/dev/null`
++ RETVAL=$?
++ if [ $RETVAL != 0 ]
++ then
++ echo "openswan failed to exec the requested action - the following
error occured:"
++ echo $config_error
++ exit $RETVAL
++ fi
++}
++
+ start() {
++ verify_config
+-
+- test -x $IPSEC_SBINDIR/ipsec || exit 5
+- test -f /etc/ipsec.conf || exit 6
+
+ # Pick up IPsec configuration (until we have done this, successfully, we
+ # do not know where errors should go, hence the explicit "daemon.error"s.)
+ # Note the "--export", which exports the variables created.
+ variables=`ipsec addconn /etc/ipsec.conf --varprefix IPSEC --configsetup`
+ eval $variables
+- if [ $? != 0 ]
+- then
+- echo "Failed to parse config setup portion of ipsec.conf"
+- exit $?
+- fi
+
+ IPSEC_confreadsection=${IPSEC_confreadsection:-setup}
+ export IPSEC_confreadsection
+@@ -117,18 +126,18 @@ stop() {
+ }
+
+ restart() {
++ verify_config
+ stop
+ start
+ }
+
+ condrestart() {
+- test -x $IPSEC_SBINDIR/ipsec || exit 5
++ verify_config
+ ipsec _realsetup status || exit 0
+ restart
+ }
+
+ status() {
+- test -x $IPSEC_SBINDIR/ipsec || exit 5
+ ipsec _realsetup status
+ RETVAL=$?
+ return $RETVAL
diff -Nru openswan-2.6.28+dfsg/debian/patches/10-initd-header.dpatch
openswan-2.6.28+dfsg/debian/patches/10-initd-header.dpatch
--- openswan-2.6.28+dfsg/debian/patches/10-initd-header.dpatch 1970-01-01
01:00:00.000000000 +0100
+++ openswan-2.6.28+dfsg/debian/patches/10-initd-header.dpatch 2010-11-26
10:01:06.000000000 +0100
@@ -0,0 +1,31 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## /tmp/initd-header.patch.dpatch by Jari Aalto <jari.aa...@cante.net>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fdebd
+## DP: Author: Jari Aalto <jari.aa...@cante.net>
+## DP:
+## DP:
+## DP: programs/setup/setup.in: Add remote_fs
+
+...@dpatch@
+
+diff --git a/programs/setup/setup.in b/programs/setup/setup.in
+index 44d99b1..21b1bdd 100755
+--- a/programs/setup/setup.in
++++ b/programs/setup/setup.in
+@@ -4,10 +4,10 @@
+ # IPsec startup and shutdown script
+ #
+ ### BEGIN INIT INFO
+-# Provides: openswan
+-# Required-Start: $network $syslog $named
+-# Required-Stop: $syslog
+-# Default-Start:
++# Provides: ipsec
++# Required-Start: $network $remote_fs $syslog $named
++# Required-Stop: $syslog $remote_fs
++# Default-Start: 2 3 4 5
+ # Default-Stop: 0 1 6
+ # Short-Description: Start Openswan IPsec at boot time
+ # Description: Enable automatic key management for IPsec (KLIPS and
NETKEY)
diff -Nru openswan-2.6.28+dfsg/debian/patches/10-initd.dpatch
openswan-2.6.28+dfsg/debian/patches/10-initd.dpatch
--- openswan-2.6.28+dfsg/debian/patches/10-initd.dpatch 2010-09-28
11:24:17.000000000 +0200
+++ openswan-2.6.28+dfsg/debian/patches/10-initd.dpatch 1970-01-01
01:00:00.000000000 +0100
@@ -1,31 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## /tmp/initd.patch.dpatch by Jari Aalto <jari.aa...@cante.net>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: fdebd
-## DP: Author: Jari Aalto <jari.aa...@cante.net>
-## DP:
-## DP:
-## DP: programs/setup/setup.in: Add remote_fs
-
-...@dpatch@
-
-diff --git a/programs/setup/setup.in b/programs/setup/setup.in
-index 44d99b1..21b1bdd 100755
---- a/programs/setup/setup.in
-+++ b/programs/setup/setup.in
-@@ -4,10 +4,10 @@
- # IPsec startup and shutdown script
- #
- ### BEGIN INIT INFO
--# Provides: openswan
--# Required-Start: $network $syslog $named
--# Required-Stop: $syslog
--# Default-Start:
-+# Provides: ipsec
-+# Required-Start: $network $remote_fs $syslog $named
-+# Required-Stop: $syslog $remote_fs
-+# Default-Start: 2 3 4 5
- # Default-Stop: 0 1 6
- # Short-Description: Start Openswan IPsec at boot time
- # Description: Enable automatic key management for IPsec (KLIPS and
NETKEY)
diff -Nru
openswan-2.6.28+dfsg/debian/patches/49-programs--_confread--ipsec.conf.5-linebreak.dpatch
openswan-2.6.28+dfsg/debian/patches/49-programs--_confread--ipsec.conf.5-linebreak.dpatch
---
openswan-2.6.28+dfsg/debian/patches/49-programs--_confread--ipsec.conf.5-linebreak.dpatch
1970-01-01 01:00:00.000000000 +0100
+++
openswan-2.6.28+dfsg/debian/patches/49-programs--_confread--ipsec.conf.5-linebreak.dpatch
2010-11-26 10:01:06.000000000 +0100
@@ -0,0 +1,25 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## /tmp/programs--_confread--ipsec.conf.5-linebreak.patch.dpatch by Harald
Jenny <har...@a-little-linux-box.at>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fdebd
+## DP: Author: Harald Jenny <har...@a-little-linux-box.at>
+## DP:
+## DP:
+## DP: fix manpage to allow line break
+
+...@dpatch@
+
+diff --git a/programs/_confread/ipsec.conf.5 b/programs/_confread/ipsec.conf.5
+index 0a6f41b..fd22a78 100644
+--- a/programs/_confread/ipsec.conf.5
++++ b/programs/_confread/ipsec.conf.5
+@@ -1015,7 +1015,7 @@ contains the networks that are allowed as subnet= for
the remote client\&. In ot
+ and IPv6 is denoted as
+ \fI%v6:aaaa::bbbb:cccc:dddd:eeee/mm\fR\&. One can exclude subnets by using the
+ \fB!\fR\&. For example, if the VPN server is giving access to
192\&.168\&.1\&.0/24, this option should be set to:
+-\fIvirtual_private=%v4:10\&.0\&.0\&.0/8,%v4:192\&.168\&.0\&.0/16,%v4:172\&.16\&.0\&.0/12,%v4:!192\&.168\&.1\&.0/24\fR\&.
This parameter is only needed on the server side and not on the client side
that resides behind the NAT router, as the client will just use its IP address
for the inner IP setting\&. This parameter may eventually become
per\-connection\&.
++\fIvirtual_private=\:%v4:10\&.0\&.0\&.0/8,\:%v4:192\&.168\&.0\&.0/16,\:%v4:172\&.16\&.0\&.0/12,\:%v4:!192\&.168\&.1\&.0/24\fR\&.
This parameter is only needed on the server side and not on the client side
that resides behind the NAT router, as the client will just use its IP address
for the inner IP setting\&. This parameter may eventually become
per\-connection\&.
+ .RE
+ .PP
+ \fBoe\fR
diff -Nru openswan-2.6.28+dfsg/debian/source.lintian-overrides
openswan-2.6.28+dfsg/debian/source.lintian-overrides
--- openswan-2.6.28+dfsg/debian/source.lintian-overrides 2010-09-28
11:24:17.000000000 +0200
+++ openswan-2.6.28+dfsg/debian/source.lintian-overrides 2010-11-26
10:01:06.000000000 +0100
@@ -1,4 +1,2 @@
-# openswan-doc is just doc but gets made in build
-openswan source: debhelper-but-no-misc-depends openswan-doc
# temporary override until manpage fixes are in openswan upstream and number
of patches drop
openswan source: more-than-one-patch-system
