strongswan 5.7.2-1ubuntu1 source package in Ubuntu

Changelog

strongswan (5.7.2-1ubuntu1) eoan; urgency=medium

  [ Christian Ehrhardt ]
  * Merge with Debian unstable. Remaining changes:
    - Clean up d/strongswan-starter.postinst: section about runlevel changes
    - Clean up d/strongswan-starter.postinst: Removed entire section on
      opportunistic encryption disabling - this was never in strongSwan and
      won't be see upstream issue #2160.
    - d/rules: Removed patching ipsec.conf on build (not using the
      debconf-managed config.)
    - d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was
      used for debconf-managed include of private key).
    - Mass enablement of extra plugins and features to allow a user to use
      strongswan for a variety of extra use cases without having to rebuild.
      + d/control: Add required additional build-deps
      + d/control: Mention addtionally enabled plugins
      + d/rules: Enable features at configure stage
      + d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
      + d/libstrongswan.install: Add plugins (so, conf)
      + d/strongswan-starter.install: Install pool feature, which is useful
        since we now have attr-sql plugin enabled it.
    - Add plugin kernel-libipsec to allow the use of strongswan in containers
      via this userspace implementation (please do note that this is still
      considered experimental by upstream).
      + d/libcharon-extra-plugins.install: Add kernel-libipsec components
      + d/control: List kernel-libipsec plugin at extra plugins description
      + d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
        upstream recommends to not load kernel-libipsec by default.
    - d/libstrongswan.install: Add kernel-netlink configuration files
    - Complete the disabling of libfast; This was partially accepted in Debian,
      it is no more packaging medcli and medsrv, but still builds and
      mentions it.
      + d/rules: Add --disable-fast to avoid build time and dependencies
      + d/control: Remove medcli, medsrv from package description
    - d/control: Mention mgf1 plugin which is in libstrongswan now
    - Add now built (since 5.5.1) libraries libtpmtss and nttfft to
      libstrongswan-extra-plugins (no deps from default plugins).
    - d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
      plugins for the most common use cases from extra-plugins into a new
      standard-plugins package. This will allow those use cases without pulling
      in too much more plugins (a bit like the tnc package). Recommend that
      package from strongswan-libcharon.
    - d/usr.sbin.charon-systemd: allow to contact mysql for sql and
      attr-sql plugins (LP #1766240)
    - d/usr.lib.ipsec.charon: allow reading of own FDs (LP #1786250)
    - d/usr.sbin.charon-systemd: allow CLUSTERIP for ha plugin (LP: 1773956)
    - executables need to be able to read map and execute themselves otherwise
      execution in some environments e.g. containers is blocked (LP: 1780534)
      + d/usr.lib.ipsec.stroke: add rmix permission to stroke binary
      + d/usr.lib.ipsec.lookip: add rmix permission to lookip binary
    - d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: resync apparmor
      profiles of both ways to start charon (LP: 1807664)
    - d/usr.sbin.swanctl: add apparmor rule for af-alg plugin (LP: 1807962)
  * Dropped changes
    - d/p/lp1795813-mysql-Don-t-release-the-connection-if-transactions-a.patch:
      fix SIGSEGV when using mysql plugin (LP: 1795813)
      [upstream in 5.7.2]
    - d/libstrongswan.install: Reorder conf and .so alphabetically
      [was a non functional change, dropped to avoid merge noise]
    - Relocate tnc plugin
      [TNC is back at libcharon-extra-plugins as it is in Debian]
  * Added changes:
    - We fixed up tpmtss and nttfft in the past, but tpmtss is now packaged in
      Debian so this part was be dropped. Two changes remain
      - d/control: fix the mentioning of tpmtss in d/control
      - add nttfft (can be merged with the mass enablement change later)
    - Transitional packages to go back from strongswan-tnc-* being in extra
      packages to be part of libcharon-extra-plugins.
      [can be dropped after 20.04]

  [ Simon Deziel ]
  * Added changes:
    - apparmor fixes for container and root usage (LP: #1826238)
      + d/usr.sbin.swanctl: allow reading own binary
      + d/usr.sbin.charon-systemd: allow accessing the binary
      + d/usr.sbin.swanctl: add attach_disconnected to work inside containers
      + d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: add CAP_SETPCAP
        to apparmor to allow dropping caps

strongswan (5.7.2-1) unstable; urgency=medium

  * d/control: remove Rene from Uploaders, thanks!
  * d/copyright: fix typos
  * d/watch: use HTTPS protocol
  * d/control: update standards version to 4.2.1
  * drop unused debconf template
  * use a clean export for upstream signing key
  * d/copyright update
  * New upstream version 5.7.2
  * d/copyright updated
  * d/control: update standards version to 4.3.0
  * d/libstrongswan.dirs: drop lintian overrides dir
  * d/u/signing-key.asc: strip signatures from upstream signing key
  * d/patches: import patches in gbp pq

 -- Christian Ehrhardt <email address hidden>  Fri, 26 Apr 2019 11:31:17 +0200