Merge ~lucaskanashiro/ubuntu/+source/strongswan:merge-kinetic into ubuntu/+source/strongswan:debian/sid
- Git
- lp:~lucaskanashiro/ubuntu/+source/strongswan
- merge-kinetic
- Merge into debian/sid
Status: | Merged | ||||
---|---|---|---|---|---|
Approved by: | git-ubuntu bot | ||||
Approved revision: | not available | ||||
Merge reported by: | Lucas Kanashiro | ||||
Merged at revision: | fe75c1e006997228f5f841125e7fc020563b77ac | ||||
Proposed branch: | ~lucaskanashiro/ubuntu/+source/strongswan:merge-kinetic | ||||
Merge into: | ubuntu/+source/strongswan:debian/sid | ||||
Diff against target: |
2040 lines (+1781/-3) 6 files modified
debian/changelog (+1753/-0) debian/control (+8/-3) debian/libcharon-extra-plugins.install (+6/-0) debian/libcharon-extra-plugins.maintscript (+8/-0) debian/libstrongswan-extra-plugins.install (+3/-0) debian/rules (+3/-0) |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
git-ubuntu bot | Approve | ||
Sergio Durigan Junior (community) | Approve | ||
Canonical Server | Pending | ||
Review via email: mp+424435@code.launchpad.net |
Commit message
Description of the change
Merge version 5.9.6-1 from Debian. One patch in our delta was dropped because it was applied by upstream, all the rest was kept.
PPA with the proposed package:
https:/
autopkgtest summary:
autopkgtest [15:42:47]: @@@@@@@
admin-strongswa
admin-strongswa
daemon PASS
plugins PASS
Sergio Durigan Junior (sergiodj) wrote : | # |
Sergio Durigan Junior (sergiodj) wrote : | # |
Thanks for the MP, Lucas.
I took the liberty to trigger autopkgtest runs for all supported architectures using your PPA, and everything has passed. The package builds, installs and upgrades OK.
I found the 2 Merge Requests you submitted to Debian a couple of years ago, and noticed that they seem stale. WDYT about pinging them?
I also looked at the list of open bugs for the package and everything seems OK. I left a comment on bug #1330486 because it's really old and looks abandoned.
There's a very small nit in the changelog entry, but otherwise everything LGTM.
+1
Lucas Kanashiro (lucaskanashiro) : | # |
Lucas Kanashiro (lucaskanashiro) wrote : | # |
Thanks for the review Sergio. I did ping some of the old MRs on salsa, let's see if the Debian maintainer will reply to them.
Package uploaded:
Uploading strongswan_
Uploading strongswan_
Uploading strongswan_
Uploading strongswan_
Uploading strongswan_
Uploading strongswan_
git-ubuntu bot (git-ubuntu-bot) wrote : | # |
Approvers: lucaskanashiro, sergiodj
Uploaders: lucaskanashiro, sergiodj
MP auto-approved
Preview Diff
1 | diff --git a/debian/changelog b/debian/changelog |
2 | index 4a7616f..f63aa55 100644 |
3 | --- a/debian/changelog |
4 | +++ b/debian/changelog |
5 | @@ -1,3 +1,33 @@ |
6 | +strongswan (5.9.6-1ubuntu1) kinetic; urgency=medium |
7 | + |
8 | + * Merge with Debian unstable (LP: #1971328). Remaining changes: |
9 | + - d/control: strongswan-starter hard-depends on strongswan-charon, |
10 | + therefore bump the dependency from Recommends to Depends. At the same |
11 | + time avoid a circular dependency by dropping |
12 | + strongswan-charon->strongswan-starter from Depends to Recommends as the |
13 | + binaries can work without the services but not vice versa. |
14 | + - re-add post-quantum encryption algorithm (NTRU) (LP #1863749) |
15 | + + d/control: mention plugins in package description |
16 | + + d/rules: enable ntru at build time |
17 | + + d/libstrongswan-extra-plugins.install: ship config and shared objects |
18 | + - Re-enable eap-{dynamic,peap} libcharon plugins (LP #1878887) |
19 | + + d/control: update libcharon-extra-plugins description. |
20 | + + d/libcharon-extra-plugins.install: install .so and conf files. |
21 | + + d/rules: add plugins to the configuration arguments. |
22 | + - Remove conf files of plugins removed from libcharon-extra-plugins |
23 | + + The conf file of the following plugins were removed: eap-aka-3gpp2, |
24 | + eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym, |
25 | + eap-simaka-reauth, eap-simaka-sql, xauth-noauth. |
26 | + + Created d/libcharon-extra-plugins.maintscript to handle the removals |
27 | + properly. |
28 | + * Dropped: |
29 | + - d/p/lp1964977-fix-ipsec-pki-segfault.patch: Fix "ipsec pki" |
30 | + segmentation fault; don't access OpenSSL objects inside atexit() |
31 | + handlers. (LP #1964977) |
32 | + [included by upstream in version 5.9.6] |
33 | + |
34 | + -- Lucas Kanashiro <kanashiro@ubuntu.com> Fri, 10 Jun 2022 15:03:17 -0300 |
35 | + |
36 | strongswan (5.9.6-1) unstable; urgency=medium |
37 | |
38 | * New upstream version 5.9.6 |
39 | @@ -6,6 +36,42 @@ strongswan (5.9.6-1) unstable; urgency=medium |
40 | |
41 | -- Yves-Alexis Perez <corsac@debian.org> Sat, 07 May 2022 20:19:18 +0200 |
42 | |
43 | +strongswan (5.9.5-2ubuntu2) jammy; urgency=medium |
44 | + |
45 | + * d/p/lp1964977-fix-ipsec-pki-segfault.patch: Fix "ipsec pki" |
46 | + segmentation fault; don't access OpenSSL objects inside atexit() |
47 | + handlers. (LP: #1964977) |
48 | + |
49 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 18 Mar 2022 14:24:34 -0400 |
50 | + |
51 | +strongswan (5.9.5-2ubuntu1) jammy; urgency=medium |
52 | + |
53 | + * Merge with Debian unstable. Remaining changes: |
54 | + - d/control: strongswan-starter hard-depends on strongswan-charon, |
55 | + therefore bump the dependency from Recommends to Depends. At the same |
56 | + time avoid a circular dependency by dropping |
57 | + strongswan-charon->strongswan-starter from Depends to Recommends as the |
58 | + binaries can work without the services but not vice versa. |
59 | + - re-add post-quantum encryption algorithm (NTRU) (LP #1863749) |
60 | + + d/control: mention plugins in package description |
61 | + + d/rules: enable ntru at build time |
62 | + + d/libstrongswan-extra-plugins.install: ship config and shared objects |
63 | + - Re-enable eap-{dynamic,peap} libcharon plugins (LP: 1878887) |
64 | + + d/control: update libcharon-extra-plugins description. |
65 | + + d/libcharon-extra-plugins.install: install .so and conf files. |
66 | + + d/rules: add plugins to the configuration arguments. |
67 | + - Remove conf files of plugins removed from libcharon-extra-plugins |
68 | + + The conf file of the following plugins were removed: eap-aka-3gpp2, |
69 | + eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym, |
70 | + eap-simaka-reauth, eap-simaka-sql, xauth-noauth. |
71 | + + Created d/libcharon-extra-plugins.maintscript to handle the removals |
72 | + properly. |
73 | + * Dropped patches included in new version: |
74 | + - debian/patches/CVE-2021-45079.patch |
75 | + - debian/patches/load-legacy-provider-in-openssl3.patch |
76 | + |
77 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 03 Feb 2022 10:49:49 -0500 |
78 | + |
79 | strongswan (5.9.5-2) unstable; urgency=medium |
80 | |
81 | * actually fix lintian overrides |
82 | @@ -21,6 +87,60 @@ strongswan (5.9.5-1) unstable; urgency=medium |
83 | |
84 | -- Yves-Alexis Perez <corsac@debian.org> Wed, 26 Jan 2022 14:38:54 +0100 |
85 | |
86 | +strongswan (5.9.4-1ubuntu4) jammy; urgency=medium |
87 | + |
88 | + * SECURITY UPDATE: Incorrect Handling of Early EAP-Success Messages |
89 | + - debian/patches/CVE-2021-45079.patch: enforce failure if MSK |
90 | + generation fails in src/libcharon/plugins/eap_gtc/eap_gtc.c, |
91 | + src/libcharon/plugins/eap_md5/eap_md5.c, |
92 | + src/libcharon/plugins/eap_radius/eap_radius.c, |
93 | + src/libcharon/sa/eap/eap_method.h, |
94 | + src/libcharon/sa/ikev2/authenticators/eap_authenticator.c. |
95 | + - CVE-2021-45079 |
96 | + |
97 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 01 Feb 2022 07:23:37 -0500 |
98 | + |
99 | +strongswan (5.9.4-1ubuntu3) jammy; urgency=medium |
100 | + |
101 | + * No-change rebuild against libssl3 |
102 | + |
103 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 09 Dec 2021 00:19:38 +0000 |
104 | + |
105 | +strongswan (5.9.4-1ubuntu2) jammy; urgency=medium |
106 | + |
107 | + * Add d/p/load-legacy-provider-in-openssl3.patch. |
108 | + Upstream cherry-pick to fix FTBFS against OpenSSL 3.0. (LP: #1946213) |
109 | + |
110 | + -- Paride Legovini <paride@ubuntu.com> Wed, 17 Nov 2021 17:04:27 +0100 |
111 | + |
112 | +strongswan (5.9.4-1ubuntu1) jammy; urgency=medium |
113 | + |
114 | + * Merge with Debian unstable. Remaining changes: |
115 | + - d/control: strongswan-starter hard-depends on strongswan-charon, |
116 | + therefore bump the dependency from Recommends to Depends. At the same |
117 | + time avoid a circular dependency by dropping |
118 | + strongswan-charon->strongswan-starter from Depends to Recommends as the |
119 | + binaries can work without the services but not vice versa. |
120 | + - re-add post-quantum encryption algorithm (NTRU) (LP #1863749) |
121 | + + d/control: mention plugins in package description |
122 | + + d/rules: enable ntru at build time |
123 | + + d/libstrongswan-extra-plugins.install: ship config and shared objects |
124 | + - Re-enable eap-{dynamic,peap} libcharon plugins (LP: 1878887) |
125 | + + d/control: update libcharon-extra-plugins description. |
126 | + + d/libcharon-extra-plugins.install: install .so and conf files. |
127 | + + d/rules: add plugins to the configuration arguments. |
128 | + - Remove conf files of plugins removed from libcharon-extra-plugins |
129 | + + The conf file of the following plugins were removed: eap-aka-3gpp2, |
130 | + eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym, |
131 | + eap-simaka-reauth, eap-simaka-sql, xauth-noauth. |
132 | + + Created d/libcharon-extra-plugins.maintscript to handle the removals |
133 | + properly. |
134 | + * Dropped changes: |
135 | + - Compile the tpm plugin against the tpm2 software stack (tss2). |
136 | + Merged in Debian (5.9.4-1). |
137 | + |
138 | + -- Paride Legovini <paride@ubuntu.com> Fri, 12 Nov 2021 12:34:30 +0100 |
139 | + |
140 | strongswan (5.9.4-1) unstable; urgency=medium |
141 | |
142 | [ Paride Legovini ] |
143 | @@ -37,6 +157,62 @@ strongswan (5.9.4-1) unstable; urgency=medium |
144 | |
145 | -- Yves-Alexis Perez <corsac@debian.org> Tue, 19 Oct 2021 22:34:40 +0200 |
146 | |
147 | +strongswan (5.9.1-1ubuntu3.1) impish-security; urgency=medium |
148 | + |
149 | + * SECURITY UPDATE: Integer Overflow in gmp Plugin |
150 | + - debian/patches/CVE-2021-41990.patch: reject RSASSA-PSS params with |
151 | + negative salt length in |
152 | + src/libstrongswan/credentials/keys/signature_params.c, |
153 | + src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c. |
154 | + - CVE-2021-41990 |
155 | + * SECURITY UPDATE: Integer Overflow When Replacing Certificates in Cache |
156 | + - debian/patches/CVE-2021-41991.patch: prevent crash due to integer |
157 | + overflow/sign change in |
158 | + src/libstrongswan/credentials/sets/cert_cache.c. |
159 | + - CVE-2021-41991 |
160 | + |
161 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 18 Oct 2021 13:10:30 -0400 |
162 | + |
163 | +strongswan (5.9.1-1ubuntu3) impish; urgency=medium |
164 | + |
165 | + * Compile the tpm plugin against the tpm2 software stack (tss2) |
166 | + (Debian packaging cherry-pick, LP: #1940079) |
167 | + - d/rules: add the --enable-tss-tss2 configure flag |
168 | + - d/control: add Build-Depends: libtss2-dev |
169 | + |
170 | + -- Paride Legovini <paride@ubuntu.com> Thu, 16 Sep 2021 11:40:38 +0200 |
171 | + |
172 | +strongswan (5.9.1-1ubuntu2) impish; urgency=medium |
173 | + |
174 | + * No-change rebuild due to OpenLDAP soname bump. |
175 | + |
176 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 18:09:22 -0400 |
177 | + |
178 | +strongswan (5.9.1-1ubuntu1) hirsute; urgency=medium |
179 | + |
180 | + * Merge with Debian unstable. Remaining changes: |
181 | + - d/control: strongswan-starter hard-depends on strongswan-charon, |
182 | + therefore bump the dependency from Recommends to Depends. At the same |
183 | + time avoid a circular dependency by dropping |
184 | + strongswan-charon->strongswan-starter from Depends to Recommends as the |
185 | + binaries can work without the services but not vice versa. |
186 | + - re-add post-quantum encryption algorithm (NTRU) (LP: 1863749) |
187 | + + d/control: mention plugins in package description |
188 | + + d/rules: enable ntru at build time |
189 | + + d/libstrongswan-extra-plugins.install: ship config and shared objects |
190 | + - Re-enable eap-{dynamic,peap} libcharon plugins (LP: 1878887) |
191 | + + d/control: update libcharon-extra-plugins description. |
192 | + + d/libcharon-extra-plugins.install: install .so and conf files. |
193 | + + d/rules: add plugins to the configuration arguments. |
194 | + - Remove conf files of plugins removed from libcharon-extra-plugins |
195 | + + The conf file of the following plugins were removed: eap-aka-3gpp2, |
196 | + eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym, |
197 | + eap-simaka-reauth, eap-simaka-sql, xauth-noauth. |
198 | + + Created d/libcharon-extra-plugins.maintscript to handle the removals |
199 | + properly. |
200 | + |
201 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 19 Jan 2021 12:39:11 +0100 |
202 | + |
203 | strongswan (5.9.1-1) unstable; urgency=medium |
204 | |
205 | * New upstream version 5.9.1 |
206 | @@ -51,6 +227,45 @@ strongswan (5.9.0-1) unstable; urgency=medium |
207 | |
208 | -- Yves-Alexis Perez <corsac@debian.org> Thu, 17 Sep 2020 10:21:30 +0200 |
209 | |
210 | +strongswan (5.8.4-1ubuntu2) groovy; urgency=medium |
211 | + |
212 | + * Re-enable eap-{dynamic,peap} libcharon plugins (LP: #1878887) |
213 | + - d/control: update libcharon-extra-plugins description. |
214 | + - d/libcharon-extra-plugins.install: install .so and conf files. |
215 | + - d/rules: add plugins to the configuration arguments. |
216 | + * Remove conf files of plugins removed from libcharon-extra-plugins |
217 | + - The conf file of the following plugins were removed: eap-aka-3gpp2, |
218 | + eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym, |
219 | + eap-simaka-reauth, eap-simaka-sql, xauth-noauth. |
220 | + - Created d/libcharon-extra-plugins.maintscript to handle the removals |
221 | + properly. |
222 | + |
223 | + -- Lucas Kanashiro <kanashiro@ubuntu.com> Thu, 21 May 2020 14:53:05 -0300 |
224 | + |
225 | +strongswan (5.8.4-1ubuntu1) groovy; urgency=medium |
226 | + |
227 | + * Merge with Debian unstable. Remaining changes: |
228 | + - d/control: strongswan-starter hard-depends on strongswan-charon, |
229 | + therefore bump the dependency from Recommends to Depends. At the same |
230 | + time avoid a circular dependency by dropping |
231 | + strongswan-charon->strongswan-starter from Depends to Recommends as the |
232 | + binaries can work without the services but not vice versa. |
233 | + - re-add post-quantum encryption algorithm (NTRU) (LP: 1863749) |
234 | + + d/control: mention plugins in package description |
235 | + + d/rules: enable ntru at build time |
236 | + + d/libstrongswan-extra-plugins.install: ship config and shared objects |
237 | + * Dropped: |
238 | + - d/control: build-depend on libiptc-dev to avoid FTBFS (LP: #1861975) |
239 | + This is needed due to changes in regard to Debian bug 947176 and 939243 |
240 | + and can later be dropped again. |
241 | + [applied by Debian in version 5.8.2-2] |
242 | + - d/control: Transition from former Ubuntu only libcharon-standard-plugins |
243 | + to common libcharon-extauth-plugins (drop after 20.04) |
244 | + - d/control: Transition from strongswan-tnc-* being in extra packages |
245 | + to libcharon-extra-plugins (drop after 20.04) |
246 | + |
247 | + -- Lucas Kanashiro <lucas.kanashiro@canonical.com> Thu, 30 Apr 2020 18:06:55 -0300 |
248 | + |
249 | strongswan (5.8.4-1) unstable; urgency=medium |
250 | |
251 | * New upstream version 5.8.4 (Closes: #956446) |
252 | @@ -66,6 +281,43 @@ strongswan (5.8.2-2) unstable; urgency=medium |
253 | |
254 | -- Yves-Alexis Perez <corsac@debian.org> Thu, 13 Feb 2020 22:46:40 +0100 |
255 | |
256 | +strongswan (5.8.2-1ubuntu3) focal; urgency=medium |
257 | + |
258 | + * Reverting part of 5.8.2-1ubuntu2 changes to remove BLISS again as |
259 | + there is a potential local side-channel attack on strongSwan's BLISS |
260 | + implementation (https://eprint.iacr.org/2017/505). (LP: #1866765) |
261 | + |
262 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 10 Mar 2020 07:56:56 +0100 |
263 | + |
264 | +strongswan (5.8.2-1ubuntu2) focal; urgency=medium |
265 | + |
266 | + * re-add post-quantum computer signature scheme (BLISS) and encryption |
267 | + algorithm (NTRU) as well as the dependent nttfft library (LP: #1863749) |
268 | + - d/control: mention plugins in package description |
269 | + - d/rules: enable ntru and bliss at build time |
270 | + - d/libstrongswan-extra-plugins.install: ship config and shared objects |
271 | + |
272 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 04 Mar 2020 07:54:26 +0100 |
273 | + |
274 | +strongswan (5.8.2-1ubuntu1) focal; urgency=medium |
275 | + |
276 | + * Merge with Debian unstable (LP: #1861971). Remaining changes: |
277 | + - d/control: Transition from strongswan-tnc-* being in extra packages |
278 | + to libcharon-extra-plugins (drop after 20.04) |
279 | + - d/control: Transition from former Ubuntu only libcharon-standard-plugins |
280 | + to common libcharon-extauth-plugins (drop after 20.04) |
281 | + - d/control: strongswan-starter hard-depends on strongswan-charon, |
282 | + therefore bump the dependency from Recommends to Depends. At the same |
283 | + time avoid a circular dependency by dropping |
284 | + strongswan-charon->strongswan-starter from Depends to Recommends as the |
285 | + binaries can work without the services but not vice versa. |
286 | + * Added Changes |
287 | + - d/control: build-depend on libiptc-dev to avoid FTBFS (LP: #1861975) |
288 | + This is needed due to changes in regard to Debian bug 947176 and 939243 |
289 | + and can later be dropped again. |
290 | + |
291 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 05 Feb 2020 08:28:30 +0100 |
292 | + |
293 | strongswan (5.8.2-1) unstable; urgency=medium |
294 | |
295 | [ Jean-Michel Vourgère ] |
296 | @@ -82,6 +334,83 @@ strongswan (5.8.2-1) unstable; urgency=medium |
297 | |
298 | -- Yves-Alexis Perez <corsac@debian.org> Wed, 01 Jan 2020 14:35:46 +0100 |
299 | |
300 | +strongswan (5.8.1-1ubuntu1) focal; urgency=medium |
301 | + |
302 | + * Merge with Debian unstable (LP: #1852579). Remaining changes: |
303 | + - d/control: Transition from strongswan-tnc-* being in extra packages |
304 | + to libcharon-extra-plugins |
305 | + * Added Changes: |
306 | + - d/control: Transition from former Ubuntu only libcharon-standard-plugins |
307 | + to common libcharon-extauth-plugins (drop after 20.04) |
308 | + - d/control: strongswan-starter hard-depends on strongswan-charon, |
309 | + therefore bump the dependency from Recommends to Depends. At the same |
310 | + time avoid a circular dependency by dropping |
311 | + strongswan-charon->strongswan-starter from Depends to Recommends as the |
312 | + binaries can work without the services but not vice versa. |
313 | + * Dropped Changes (now in Debian): |
314 | + - Clean up d/strongswan-starter.postinst: section about runlevel changes |
315 | + - Clean up d/strongswan-starter.postinst: Removed entire section on |
316 | + opportunistic encryption disabling - this was never in strongSwan and |
317 | + won't be see upstream issue #2160. |
318 | + - d/rules: Removed patching ipsec.conf on build (not using the |
319 | + debconf-managed config.) |
320 | + - d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was |
321 | + used for debconf-managed include of private key). |
322 | + - Add plugin kernel-libipsec to allow the use of strongswan in containers |
323 | + via this userspace implementation (please do note that this is still |
324 | + considered experimental by upstream). |
325 | + + d/libcharon-extra-plugins.install: Add kernel-libipsec components |
326 | + + d/control: List kernel-libipsec plugin at extra plugins description |
327 | + + d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As |
328 | + upstream recommends to not load kernel-libipsec by default. |
329 | + - d/control: Mention mgf1 plugin which is in libstrongswan now |
330 | + - Complete the disabling of libfast; This was partially accepted in Debian, |
331 | + it is no more packaging medcli and medsrv, but still builds and |
332 | + mentions it. |
333 | + + d/rules: Add --disable-fast to avoid build time and dependencies |
334 | + + d/control: Remove medcli, medsrv from package description |
335 | + - Add now built (since 5.5.1) libraries libtpmtss and nttfft to |
336 | + libstrongswan-extra-plugins (no deps from default plugins). |
337 | + - d/control, d/libcharon-{extras,standard}-plugins.install: Move charon |
338 | + plugins for the most common use cases from extra-plugins into a new |
339 | + standard-plugins package. This will allow those use cases without pulling |
340 | + in too much more plugins (a bit like the tnc package). Recommend that |
341 | + package from strongswan-libcharon. |
342 | + - d/usr.lib.ipsec.charon: allow reading of own FDs (LP 1786250) |
343 | + - d/usr.sbin.charon-systemd: allow CLUSTERIP for ha plugin (LP 1773956) |
344 | + - executables need to be able to read map and execute themselves otherwise |
345 | + execution in some environments e.g. containers is blocked (LP 1780534) |
346 | + + d/usr.lib.ipsec.stroke: add rmix permission to stroke binary |
347 | + + d/usr.lib.ipsec.lookip: add rmix permission to lookip binary |
348 | + - d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: resync apparmor |
349 | + profiles of both ways to start charon (LP 1807664) |
350 | + - d/usr.sbin.swanctl: add apparmor rule for af-alg plugin (LP 1807962) |
351 | + - We fixed up tpmtss and nttfft in the past, but tpmtss is now packaged in |
352 | + Debian so this part was be dropped. Two changes remain |
353 | + - d/control: fix the mentioning of tpmtss in d/control |
354 | + - apparmor fixes for container and root usage (LP 1826238) |
355 | + + d/usr.sbin.swanctl: allow reading own binary |
356 | + + d/usr.sbin.charon-systemd: allow accessing the binary |
357 | + + d/usr.sbin.swanctl: add attach_disconnected to work inside containers |
358 | + + d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: add CAP_SETPCAP |
359 | + to apparmor to allow dropping caps |
360 | + * Dropped Changes (too uncommon to support by default) |
361 | + - d/libstrongswan.install: Add kernel-netlink configuration files |
362 | + - d/usr.sbin.charon-systemd: allow to contact mysql for sql and |
363 | + attr-sql plugins (LP 1766240) - no more needed as itisn't enabled. |
364 | + - Mass enablement of extra plugins and features to allow a user to use |
365 | + strongswan for a variety of extra use cases without having to rebuild. |
366 | + + d/control: Add required additional build-deps |
367 | + + d/control: Mention addtionally enabled plugins |
368 | + + d/rules: Enable features at configure stage |
369 | + + d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf) |
370 | + + d/libstrongswan.install: Add plugins (so, conf) |
371 | + + d/strongswan-starter.install: Install pool feature, which is useful |
372 | + since we now have attr-sql plugin enabled it. |
373 | + - Enable additional TNC plugins and add them to libcharon-extra-plugins |
374 | + |
375 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 14 Nov 2019 15:00:15 +0100 |
376 | + |
377 | strongswan (5.8.1-1) unstable; urgency=medium |
378 | |
379 | * d/rules: disable http and stream tests under CI |
380 | @@ -151,6 +480,99 @@ strongswan (5.8.0-1) unstable; urgency=medium |
381 | |
382 | -- Yves-Alexis Perez <corsac@debian.org> Mon, 26 Aug 2019 12:58:23 +0200 |
383 | |
384 | +strongswan (5.7.2-1ubuntu3) eoan; urgency=medium |
385 | + |
386 | + * No change rebuild for libmysqlclient21. |
387 | + |
388 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 15 Aug 2019 09:34:34 +0200 |
389 | + |
390 | +strongswan (5.7.2-1ubuntu2) eoan; urgency=medium |
391 | + |
392 | + * Rebuild against new libjson-c4. |
393 | + |
394 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 01 Jul 2019 10:53:07 +0200 |
395 | + |
396 | +strongswan (5.7.2-1ubuntu1) eoan; urgency=medium |
397 | + |
398 | + [ Christian Ehrhardt ] |
399 | + * Merge with Debian unstable. Remaining changes: |
400 | + - Clean up d/strongswan-starter.postinst: section about runlevel changes |
401 | + - Clean up d/strongswan-starter.postinst: Removed entire section on |
402 | + opportunistic encryption disabling - this was never in strongSwan and |
403 | + won't be see upstream issue #2160. |
404 | + - d/rules: Removed patching ipsec.conf on build (not using the |
405 | + debconf-managed config.) |
406 | + - d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was |
407 | + used for debconf-managed include of private key). |
408 | + - Mass enablement of extra plugins and features to allow a user to use |
409 | + strongswan for a variety of extra use cases without having to rebuild. |
410 | + + d/control: Add required additional build-deps |
411 | + + d/control: Mention addtionally enabled plugins |
412 | + + d/rules: Enable features at configure stage |
413 | + + d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf) |
414 | + + d/libstrongswan.install: Add plugins (so, conf) |
415 | + + d/strongswan-starter.install: Install pool feature, which is useful |
416 | + since we now have attr-sql plugin enabled it. |
417 | + - Add plugin kernel-libipsec to allow the use of strongswan in containers |
418 | + via this userspace implementation (please do note that this is still |
419 | + considered experimental by upstream). |
420 | + + d/libcharon-extra-plugins.install: Add kernel-libipsec components |
421 | + + d/control: List kernel-libipsec plugin at extra plugins description |
422 | + + d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As |
423 | + upstream recommends to not load kernel-libipsec by default. |
424 | + - d/libstrongswan.install: Add kernel-netlink configuration files |
425 | + - Complete the disabling of libfast; This was partially accepted in Debian, |
426 | + it is no more packaging medcli and medsrv, but still builds and |
427 | + mentions it. |
428 | + + d/rules: Add --disable-fast to avoid build time and dependencies |
429 | + + d/control: Remove medcli, medsrv from package description |
430 | + - d/control: Mention mgf1 plugin which is in libstrongswan now |
431 | + - Add now built (since 5.5.1) libraries libtpmtss and nttfft to |
432 | + libstrongswan-extra-plugins (no deps from default plugins). |
433 | + - d/control, d/libcharon-{extras,standard}-plugins.install: Move charon |
434 | + plugins for the most common use cases from extra-plugins into a new |
435 | + standard-plugins package. This will allow those use cases without pulling |
436 | + in too much more plugins (a bit like the tnc package). Recommend that |
437 | + package from strongswan-libcharon. |
438 | + - d/usr.sbin.charon-systemd: allow to contact mysql for sql and |
439 | + attr-sql plugins (LP #1766240) |
440 | + - d/usr.lib.ipsec.charon: allow reading of own FDs (LP #1786250) |
441 | + - d/usr.sbin.charon-systemd: allow CLUSTERIP for ha plugin (LP: 1773956) |
442 | + - executables need to be able to read map and execute themselves otherwise |
443 | + execution in some environments e.g. containers is blocked (LP: 1780534) |
444 | + + d/usr.lib.ipsec.stroke: add rmix permission to stroke binary |
445 | + + d/usr.lib.ipsec.lookip: add rmix permission to lookip binary |
446 | + - d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: resync apparmor |
447 | + profiles of both ways to start charon (LP: 1807664) |
448 | + - d/usr.sbin.swanctl: add apparmor rule for af-alg plugin (LP: 1807962) |
449 | + * Dropped changes |
450 | + - d/p/lp1795813-mysql-Don-t-release-the-connection-if-transactions-a.patch: |
451 | + fix SIGSEGV when using mysql plugin (LP: 1795813) |
452 | + [upstream in 5.7.2] |
453 | + - d/libstrongswan.install: Reorder conf and .so alphabetically |
454 | + [was a non functional change, dropped to avoid merge noise] |
455 | + - Relocate tnc plugin |
456 | + [TNC is back at libcharon-extra-plugins as it is in Debian] |
457 | + * Added changes: |
458 | + - We fixed up tpmtss and nttfft in the past, but tpmtss is now packaged in |
459 | + Debian so this part was be dropped. Two changes remain |
460 | + - d/control: fix the mentioning of tpmtss in d/control |
461 | + - add nttfft (can be merged with the mass enablement change later) |
462 | + - Transitional packages to go back from strongswan-tnc-* being in extra |
463 | + packages to be part of libcharon-extra-plugins. |
464 | + [can be dropped after 20.04] |
465 | + |
466 | + [ Simon Deziel ] |
467 | + * Added changes: |
468 | + - apparmor fixes for container and root usage (LP: #1826238) |
469 | + + d/usr.sbin.swanctl: allow reading own binary |
470 | + + d/usr.sbin.charon-systemd: allow accessing the binary |
471 | + + d/usr.sbin.swanctl: add attach_disconnected to work inside containers |
472 | + + d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: add CAP_SETPCAP |
473 | + to apparmor to allow dropping caps |
474 | + |
475 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 26 Apr 2019 11:31:17 +0200 |
476 | + |
477 | strongswan (5.7.2-1) unstable; urgency=medium |
478 | |
479 | * d/control: remove Rene from Uploaders, thanks! |
480 | @@ -169,6 +591,86 @@ strongswan (5.7.2-1) unstable; urgency=medium |
481 | |
482 | -- Yves-Alexis Perez <corsac@debian.org> Wed, 02 Jan 2019 13:02:11 +0100 |
483 | |
484 | +strongswan (5.7.1-1ubuntu2) disco; urgency=medium |
485 | + |
486 | + * d/usr.sbin.charon-systemd: fix rule for CLUSTERIP to match effective |
487 | + path (LP: #1773956) |
488 | + * d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: resync apparmor |
489 | + profiles of both ways to start charon (LP: #1807664) |
490 | + * d/usr.sbin.swanctl: add apparmor rule for af-alg plugin (LP: #1807962) |
491 | + |
492 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 10 Dec 2018 08:30:01 +0100 |
493 | + |
494 | +strongswan (5.7.1-1ubuntu1) disco; urgency=medium |
495 | + |
496 | + * Merge with Debian unstable (LP: #1806401). Remaining changes: |
497 | + - Clean up d/strongswan-starter.postinst: section about runlevel changes |
498 | + - Clean up d/strongswan-starter.postinst: Removed entire section on |
499 | + opportunistic encryption disabling - this was never in strongSwan and |
500 | + won't be see upstream issue #2160. |
501 | + - d/rules: Removed patching ipsec.conf on build (not using the |
502 | + debconf-managed config.) |
503 | + - d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was |
504 | + used for debconf-managed include of private key). |
505 | + - Mass enablement of extra plugins and features to allow a user to use |
506 | + strongswan for a variety of extra use cases without having to rebuild. |
507 | + + d/control: Add required additional build-deps |
508 | + + d/control: Mention addtionally enabled plugins |
509 | + + d/rules: Enable features at configure stage |
510 | + + d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf) |
511 | + + d/libstrongswan.install: Add plugins (so, conf) |
512 | + - d/strongswan-starter.install: Install pool feature, which is useful since |
513 | + we have attr-sql plugin enabled as well using it. |
514 | + - Add plugin kernel-libipsec to allow the use of strongswan in containers |
515 | + via this userspace implementation (please do note that this is still |
516 | + considered experimental by upstream). |
517 | + + d/libcharon-extra-plugins.install: Add kernel-libipsec components |
518 | + + d/control: List kernel-libipsec plugin at extra plugins description |
519 | + + d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As |
520 | + upstream recommends to not load kernel-libipsec by default. |
521 | + - Relocate tnc plugin |
522 | + + debian/libcharon-extra-plugins.install: Drop tnc from extra plugins |
523 | + + Add new subpackage for TNC in d/strongswan-tnc-* and d/control |
524 | + - d/libstrongswan.install: Reorder conf and .so alphabetically |
525 | + - d/libstrongswan.install: Add kernel-netlink configuration files |
526 | + - Complete the disabling of libfast; This was partially accepted in Debian, |
527 | + it is no more packaging medcli and medsrv, but still builds and |
528 | + mentions it. |
529 | + + d/rules: Add --disable-fast to avoid build time and dependencies |
530 | + + d/control: Remove medcli, medsrv from package description |
531 | + - d/control: Mention mgf1 plugin which is in libstrongswan now |
532 | + - Add now built (since 5.5.1) libraries libtpmtss and nttfft to |
533 | + libstrongswan-extra-plugins (no deps from default plugins). |
534 | + - d/control, d/libcharon-{extras,standard}-plugins.install: Move charon |
535 | + plugins for the most common use cases from extra-plugins into a new |
536 | + standard-plugins package. This will allow those use cases without pulling |
537 | + in too much more plugins (a bit like the tnc package). Recommend that |
538 | + package from strongswan-libcharon. |
539 | + - d/usr.sbin.charon-systemd: allow to contact mysql for sql and |
540 | + attr-sql plugins (LP #1766240) |
541 | + - d/usr.lib.ipsec.charon: allow reading of own FDs (LP #1786250) |
542 | + * Added Changes: |
543 | + - d/p/lp1795813-mysql-Don-t-release-the-connection-if-transactions-a.patch: |
544 | + fix SIGSEGV when using mysql plugin (LP: #1795813) |
545 | + - d/usr.sbin.charon-systemd: allow CLUSTERIP for ha plugin (LP: #1773956) |
546 | + - executables need to be able to read map and execute themselves otherwise |
547 | + execution in some environments e.g. containers is blocked (LP: #1780534) |
548 | + + d/usr.lib.ipsec.stroke: add rmix permission to stroke binary |
549 | + + d/usr.lib.ipsec.lookip: add rmix permission to lookip binary |
550 | + - adapt "mass enablement of extra plugins" to match 5.7.x changes |
551 | + + d/rules: use new options for swima instead of swid |
552 | + + d/strongswan-tnc-server.install: add new sec updater tool |
553 | + + d/strongswan-tnc-client.install: add new sw-collector tool |
554 | + * Dropped (in Debian now): |
555 | + - SECURITY UPDATE: Insufficient input validation in gmp plugin |
556 | + (CVE-2018-17540) |
557 | + - SECURITY UPDATE: Insufficient input validation in gmp plugin |
558 | + (CVE-2018-16151 CVE-2018-16152) |
559 | + - d/usr.lib.ipsec.charon, d/usr/sbin/charon-systemd: Add support for |
560 | + usr-merge, thanks to Christian Ehrhardt. LP #1784023 |
561 | + |
562 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 03 Dec 2018 15:18:31 +0100 |
563 | + |
564 | strongswan (5.7.1-1) unstable; urgency=medium |
565 | |
566 | [ Ondřej Nový ] |
567 | @@ -199,6 +701,96 @@ strongswan (5.7.0-1) unstable; urgency=medium |
568 | |
569 | -- Yves-Alexis Perez <corsac@debian.org> Mon, 24 Sep 2018 16:36:28 +0200 |
570 | |
571 | +strongswan (5.6.3-1ubuntu5) disco; urgency=medium |
572 | + |
573 | + * No-change rebuild against libunbound8 |
574 | + |
575 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 11 Nov 2018 09:01:53 +0000 |
576 | + |
577 | +strongswan (5.6.3-1ubuntu4) cosmic; urgency=medium |
578 | + |
579 | + * d/usr.lib.ipsec.charon: allow reading of own FDs (LP: #1786250) |
580 | + Thanks to Matt Callaghan. |
581 | + |
582 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 04 Oct 2018 10:34:01 -0300 |
583 | + |
584 | +strongswan (5.6.3-1ubuntu3) cosmic; urgency=medium |
585 | + |
586 | + * SECURITY UPDATE: Insufficient input validation in gmp plugin |
587 | + - debian/patches/strongswan-4.4.0-5.7.0_gmp-pkcs1-overflow.patch: fix |
588 | + buffer overflow with very small RSA keys in |
589 | + src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c. |
590 | + - CVE-2018-17540 |
591 | + |
592 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 01 Oct 2018 13:23:59 -0400 |
593 | + |
594 | +strongswan (5.6.3-1ubuntu2) cosmic; urgency=medium |
595 | + |
596 | + * SECURITY UPDATE: Insufficient input validation in gmp plugin |
597 | + - debian/patches/strongswan-5.6.1-5.6.3_gmp-pkcs1-verify.patch: don't |
598 | + parse PKCS1 v1.5 RSA signatures to verify them in |
599 | + src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c, |
600 | + src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c. |
601 | + - CVE-2018-16151 |
602 | + - CVE-2018-16152 |
603 | + |
604 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 25 Sep 2018 10:16:15 -0400 |
605 | + |
606 | +strongswan (5.6.3-1ubuntu1) cosmic; urgency=medium |
607 | + |
608 | + * Merge with Debian unstable. Remaining changes: |
609 | + - Clean up d/strongswan-starter.postinst: section about runlevel changes |
610 | + - Clean up d/strongswan-starter.postinst: Removed entire section on |
611 | + opportunistic encryption disabling - this was never in strongSwan and |
612 | + won't be see upstream issue #2160. |
613 | + - d/rules: Removed patching ipsec.conf on build (not using the |
614 | + debconf-managed config.) |
615 | + - d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was |
616 | + used for debconf-managed include of private key). |
617 | + - Mass enablement of extra plugins and features to allow a user to use |
618 | + strongswan for a variety of extra use cases without having to rebuild. |
619 | + + d/control: Add required additional build-deps |
620 | + + d/control: Mention addtionally enabled plugins |
621 | + + d/rules: Enable features at configure stage |
622 | + + d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf) |
623 | + + d/libstrongswan.install: Add plugins (so, conf) |
624 | + - d/strongswan-starter.install: Install pool feature, which is useful since |
625 | + we have attr-sql plugin enabled as well using it. |
626 | + - Add plugin kernel-libipsec to allow the use of strongswan in containers |
627 | + via this userspace implementation (please do note that this is still |
628 | + considered experimental by upstream). |
629 | + + d/libcharon-extra-plugins.install: Add kernel-libipsec components |
630 | + + d/control: List kernel-libipsec plugin at extra plugins description |
631 | + + d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As |
632 | + upstream recommends to not load kernel-libipsec by default. |
633 | + - Relocate tnc plugin |
634 | + + debian/libcharon-extra-plugins.install: Drop tnc from extra plugins |
635 | + + Add new subpackage for TNC in d/strongswan-tnc-* and d/control |
636 | + - d/libstrongswan.install: Reorder conf and .so alphabetically |
637 | + - d/libstrongswan.install: Add kernel-netlink configuration files |
638 | + - Complete the disabling of libfast; This was partially accepted in Debian, |
639 | + it is no more packaging medcli and medsrv, but still builds and |
640 | + mentions it. |
641 | + + d/rules: Add --disable-fast to avoid build time and dependencies |
642 | + + d/control: Remove medcli, medsrv from package description |
643 | + - d/control: Mention mgf1 plugin which is in libstrongswan now |
644 | + - Add now built (since 5.5.1) libraries libtpmtss and nttfft to |
645 | + libstrongswan-extra-plugins (no deps from default plugins). |
646 | + - d/control, d/libcharon-{extras,standard}-plugins.install: Move charon |
647 | + plugins for the most common use cases from extra-plugins into a new |
648 | + standard-plugins package. This will allow those use cases without pulling |
649 | + in too much more plugins (a bit like the tnc package). Recommend that |
650 | + package from strongswan-libcharon. |
651 | + - d/usr.sbin.charon-systemd: allow to contact mysql for sql and |
652 | + attr-sql plugins (LP #1766240) |
653 | + - d/usr.lib.ipsec.charon, d/usr/sbin/charon-systemd: Add support for |
654 | + usr-merge, thanks to Christian Ehrhardt. LP #1784023 |
655 | + * Dropped: |
656 | + - d/usr.sbin.charon-systemd: allow systemd notifications (LP: #1765652) |
657 | + [Fixed in 5.6.3-1] |
658 | + |
659 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 23 Aug 2018 13:05:11 -0300 |
660 | + |
661 | strongswan (5.6.3-1) unstable; urgency=medium |
662 | |
663 | * New upstream version 5.6.2 |
664 | @@ -214,6 +806,78 @@ strongswan (5.6.3-1) unstable; urgency=medium |
665 | |
666 | -- Yves-Alexis Perez <corsac@debian.org> Mon, 04 Jun 2018 10:23:22 +0200 |
667 | |
668 | +strongswan (5.6.2-2ubuntu2) cosmic; urgency=medium |
669 | + |
670 | + * Add support for usr-merge, thanks to Christian Ehrhardt. LP: #1784023 |
671 | + |
672 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 21 Aug 2018 00:42:38 +0100 |
673 | + |
674 | +strongswan (5.6.2-2ubuntu1) cosmic; urgency=medium |
675 | + |
676 | + * Merge with Debian unstable, closes LP: #1773814 and LP: #1772705. |
677 | + Remaining changes: |
678 | + + Clean up d/strongswan-starter.postinst: section about runlevel changes |
679 | + + Clean up d/strongswan-starter.postinst: Removed entire section on |
680 | + opportunistic encryption disabling - this was never in strongSwan and |
681 | + won't be see upstream issue #2160. |
682 | + + d/rules: Removed patching ipsec.conf on build (not using the |
683 | + debconf-managed config.) |
684 | + + d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was |
685 | + used for debconf-managed include of private key). |
686 | + + Mass enablement of extra plugins and features to allow a user to use |
687 | + strongswan for a variety of extra use cases without having to rebuild. |
688 | + - d/control: Add required additional build-deps |
689 | + - d/control: Mention addtionally enabled plugins |
690 | + - d/rules: Enable features at configure stage |
691 | + - d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf) |
692 | + - d/libstrongswan.install: Add plugins (so, conf) |
693 | + + d/strongswan-starter.install: Install pool feature, which is useful since |
694 | + we have attr-sql plugin enabled as well using it. |
695 | + + Add plugin kernel-libipsec to allow the use of strongswan in containers |
696 | + via this userspace implementation (please do note that this is still |
697 | + considered experimental by upstream). |
698 | + - d/libcharon-extra-plugins.install: Add kernel-libipsec components |
699 | + - d/control: List kernel-libipsec plugin at extra plugins description |
700 | + - d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As |
701 | + upstream recommends to not load kernel-libipsec by default. |
702 | + + Relocate tnc plugin |
703 | + - debian/libcharon-extra-plugins.install: Drop tnc from extra plugins |
704 | + - Add new subpackage for TNC in d/strongswan-tnc-* and d/control |
705 | + + d/libstrongswan.install: Reorder conf and .so alphabetically |
706 | + + d/libstrongswan.install: Add kernel-netlink configuration files |
707 | + + Complete the disabling of libfast; This was partially accepted in Debian, |
708 | + it is no more packaging medcli and medsrv, but still builds and |
709 | + mentions it. |
710 | + - d/rules: Add --disable-fast to avoid build time and dependencies |
711 | + - d/control: Remove medcli, medsrv from package description |
712 | + + d/control: Mention mgf1 plugin which is in libstrongswan now |
713 | + + Add now built (since 5.5.1) libraries libtpmtss and nttfft to |
714 | + libstrongswan-extra-plugins (no deps from default plugins). |
715 | + + d/control, d/libcharon-{extras,standard}-plugins.install: Move charon |
716 | + plugins for the most common use cases from extra-plugins into a new |
717 | + standard-plugins package. This will allow those use cases without pulling |
718 | + in too much more plugins (a bit like the tnc package). Recommend that |
719 | + package from strongswan-libcharon. |
720 | + * Dropped Changes (no more needed after 18.04) |
721 | + + Add rm_conffile for /etc/init.d/ipsec (transition from precies had |
722 | + missed that, droppable after 18.04) |
723 | + + d/control: bump breaks/replaces from libstrongswan-extra-plugins to |
724 | + libstrongswan as we dropped relocating ccm and test-vectors. |
725 | + (droppable >18.04). |
726 | + + d/control: add breaks/replace from libstrongswan to |
727 | + libstrongswan-extra-plugins for the move of mgf1 to libstrongswan. |
728 | + (droppable >18.04). |
729 | + + d/control: bump breaks/replaces for the move of the updown plugin |
730 | + (Missed Changelog entry on last merge) |
731 | + + d/control: fix dependencies of strongswan-libcharon due to the move |
732 | + the updown plugin (droppable >18.04). |
733 | + * Added Changes: |
734 | + + d/usr.sbin.charon-systemd: allow to contact mysql for sql and |
735 | + attr-sql plugins (LP: #1766240) |
736 | + + d/usr.sbin.charon-systemd: allow systemd notifications (LP: #1765652) |
737 | + |
738 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 29 May 2018 08:21:42 +0200 |
739 | + |
740 | strongswan (5.6.2-2) unstable; urgency=medium |
741 | |
742 | * charon-nm: Fix building list of DNS/MDNS servers with libnm |
743 | @@ -224,6 +888,74 @@ strongswan (5.6.2-2) unstable; urgency=medium |
744 | |
745 | -- Yves-Alexis Perez <corsac@debian.org> Fri, 13 Apr 2018 13:46:04 +0200 |
746 | |
747 | +strongswan (5.6.2-1ubuntu2) bionic; urgency=medium |
748 | + |
749 | + * d/control: fix dependencies of strongswan-libcharon due to the move |
750 | + the updown plugin. |
751 | + |
752 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 20 Mar 2018 07:37:29 +0100 |
753 | + |
754 | +strongswan (5.6.2-1ubuntu1) bionic; urgency=medium |
755 | + |
756 | + * Merge with Debian unstable (LP: #1753018). Remaining changes: |
757 | + + Clean up d/strongswan-starter.postinst: section about runlevel changes |
758 | + + Clean up d/strongswan-starter.postinst: Removed entire section on |
759 | + opportunistic encryption disabling - this was never in strongSwan and |
760 | + won't be see upstream issue #2160. |
761 | + + Ubuntu is not using the debconf triggered private key generation |
762 | + - d/rules: Removed patching ipsec.conf on build (not using the |
763 | + debconf-managed config.) |
764 | + - d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was |
765 | + used for debconf-managed include of private key). |
766 | + + Mass enablement of extra plugins and features to allow a user to use |
767 | + strongswan for a variety of extra use cases without having to rebuild. |
768 | + - d/control: Add required additional build-deps |
769 | + - d/control: Mention addtionally enabled plugins |
770 | + - d/rules: Enable features at configure stage |
771 | + - d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf) |
772 | + - d/libstrongswan.install: Add plugins (so, conf) |
773 | + + d/strongswan-starter.install: Install pool feature, which is useful since |
774 | + we have attr-sql plugin enabled as well using it. |
775 | + + Add plugin kernel-libipsec to allow the use of strongswan in containers |
776 | + via this userspace implementation (please do note that this is still |
777 | + considered experimental by upstream). |
778 | + - d/libcharon-extra-plugins.install: Add kernel-libipsec components |
779 | + - d/control: List kernel-libipsec plugin at extra plugins description |
780 | + - d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As |
781 | + upstream recommends to not load kernel-libipsec by default. |
782 | + + Relocate tnc plugin |
783 | + - debian/libcharon-extra-plugins.install: Drop tnc from extra plugins |
784 | + - Add new subpackage for TNC in d/strongswan-tnc-* and d/control |
785 | + + d/libstrongswan.install: Reorder conf and .so alphabetically |
786 | + + d/libstrongswan.install: Add kernel-netlink configuration files |
787 | + + Complete the disabling of libfast; This was partially accepted in Debian, |
788 | + it is no more packaging medcli and medsrv, but still builds and |
789 | + mentions it. |
790 | + - d/rules: Add --disable-fast to avoid build time and dependencies |
791 | + - d/control: Remove medcli, medsrv from package description |
792 | + + d/control: Mention mgf1 plugin which is in libstrongswan now |
793 | + + Add now built (since 5.5.1) libraries libtpmtss and nttfft to |
794 | + libstrongswan-extra-plugins (no deps from default plugins). |
795 | + + Add rm_conffile for /etc/init.d/ipsec (transition from precies had |
796 | + missed that, droppable after 18.04) |
797 | + + d/control, d/libcharon-{extras,standard}-plugins.install: Move charon |
798 | + plugins for the most common use cases from extra-plugins into a new |
799 | + standard-plugins package. This will allow those use cases without pulling |
800 | + in too much more plugins (a bit like the tnc package). Recommend that |
801 | + package from strongswan-libcharon. |
802 | + + d/control: bump breaks/replaces from libstrongswan-extra-plugins to |
803 | + libstrongswan as we dropped relocating ccm and test-vectors. |
804 | + (droppable >18.04). |
805 | + + d/control: add breaks/replace from libstrongswan to |
806 | + libstrongswan-extra-plugins for the move of mgf1 to libstrongswan. |
807 | + (droppable >18.04). |
808 | + * Added Changes: |
809 | + + d/control: bump breaks/replaces from strongswan-libcharon to strongswan- |
810 | + starter as we followed Debian to move the updown plugin but need to |
811 | + match Ubuntu versions (Droppable >18.04). |
812 | + |
813 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 16 Mar 2018 11:08:47 +0100 |
814 | + |
815 | strongswan (5.6.2-1) unstable; urgency=medium |
816 | |
817 | * d/NEWS: add information about disabled algorithms (closes: #883072) |
818 | @@ -246,6 +978,129 @@ strongswan (5.6.1-3) unstable; urgency=medium |
819 | |
820 | -- Yves-Alexis Perez <corsac@debian.org> Sun, 17 Dec 2017 16:40:39 +0100 |
821 | |
822 | +strongswan (5.6.1-2ubuntu4) bionic; urgency=medium |
823 | + |
824 | + * SECURITY UPDATE: DoS via crafted RSASSA-PSS signature |
825 | + - debian/patches/CVE-2018-6459.patch: Properly handle MGF1 algorithm |
826 | + identifier without parameters in |
827 | + src/libstrongswan/credentials/keys/signature_params.c. |
828 | + - CVE-2018-6459 |
829 | + |
830 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 07 Mar 2018 14:52:02 +0100 |
831 | + |
832 | +strongswan (5.6.1-2ubuntu3) bionic; urgency=medium |
833 | + |
834 | + * No-change rebuild against libcurl4 |
835 | + |
836 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 28 Feb 2018 08:52:09 +0000 |
837 | + |
838 | +strongswan (5.6.1-2ubuntu2) bionic; urgency=high |
839 | + |
840 | + * No change rebuild against openssl1.1. |
841 | + |
842 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 12 Feb 2018 16:00:24 +0000 |
843 | + |
844 | +strongswan (5.6.1-2ubuntu1) bionic; urgency=medium |
845 | + |
846 | + * Merge with Debian unstable (LP: #1717343). |
847 | + Also fixes and issue with multiple psk's (LP: #1734207). Remaining changes: |
848 | + + Clean up d/strongswan-starter.postinst: section about runlevel changes |
849 | + + Clean up d/strongswan-starter.postinst: Removed entire section on |
850 | + opportunistic encryption disabling - this was never in strongSwan and |
851 | + won't be see upstream issue #2160. |
852 | + + Ubuntu is not using the debconf triggered private key generation |
853 | + - d/rules: Removed patching ipsec.conf on build (not using the |
854 | + debconf-managed config.) |
855 | + - d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was |
856 | + used for debconf-managed include of private key). |
857 | + + Mass enablement of extra plugins and features to allow a user to use |
858 | + strongswan for a variety of extra use cases without having to rebuild. |
859 | + - d/control: Add required additional build-deps |
860 | + - d/control: Mention addtionally enabled plugins |
861 | + - d/rules: Enable features at configure stage |
862 | + - d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf) |
863 | + - d/libstrongswan.install: Add plugins (so, conf) |
864 | + + d/strongswan-starter.install: Install pool feature, which is useful since |
865 | + we have attr-sql plugin enabled as well using it. |
866 | + + Add plugin kernel-libipsec to allow the use of strongswan in containers |
867 | + via this userspace implementation (please do note that this is still |
868 | + considered experimental by upstream). |
869 | + - d/libcharon-extra-plugins.install: Add kernel-libipsec components |
870 | + - d/control: List kernel-libipsec plugin at extra plugins description |
871 | + - d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As |
872 | + upstream recommends to not load kernel-libipsec by default. |
873 | + + Relocate tnc plugin |
874 | + - debian/libcharon-extra-plugins.install: Drop tnc from extra plugins |
875 | + - Add new subpackage for TNC in d/strongswan-tnc-* and d/control |
876 | + + d/libstrongswan.install: Reorder conf and .so alphabetically |
877 | + + d/libstrongswan.install: Add kernel-netlink configuration files |
878 | + + Complete the disabling of libfast; This was partially accepted in Debian, |
879 | + it is no more packaging medcli and medsrv, but still builds and |
880 | + mentions it. |
881 | + - d/rules: Add --disable-fast to avoid build time and dependencies |
882 | + - d/control: Remove medcli, medsrv from package description |
883 | + + d/control: Mention mgf1 plugin which is in libstrongswan now |
884 | + + Add now built (since 5.5.1) libraries libtpmtss and nttfft to |
885 | + libstrongswan-extra-plugins (no deps from default plugins). |
886 | + + Add rm_conffile for /etc/init.d/ipsec (transition from precies had |
887 | + missed that, droppable after 18.04) |
888 | + + d/control, d/libcharon-{extras,standard}-plugins.install: Move charon |
889 | + plugins for the most common use cases from extra-plugins into a new |
890 | + standard-plugins package. This will allow those use cases without pulling |
891 | + in too much more plugins (a bit like the tnc package). Recommend that |
892 | + package from strongswan-libcharon. |
893 | + * Added changes: |
894 | + + d/strongswan-tnc-client.install (relocate tnc) swidtag creation changed |
895 | + in 5.6 |
896 | + + d/strongswan-tnc-server.install (relocate tnc) pacman no more needed |
897 | + + d/control: bump breaks/replaces from libstrongswan-extra-plugins to |
898 | + libstrongswan as we dropped relocating ccm and test-vectors. |
899 | + (droppable >18.04). |
900 | + - d/control: add breaks/replace from libstrongswan to |
901 | + libstrongswan-extra-plugins for the move of mgf1 to libstrongswan. |
902 | + (droppable >18.04). |
903 | + * Dropped changes: |
904 | + + Update init/service handling (debian default matches Ubuntu past now) |
905 | + Dropping this fixes (LP: #1734886) |
906 | + - d/rules: Change init/systemd program name to strongswan |
907 | + - d/strongswan-starter.strongswan.service: Add new systemd file instead of |
908 | + patching upstream |
909 | + - d/strongswan-starter.links: Removed, use Ubuntu systemd file instead of |
910 | + linking to upstream |
911 | + + d/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call |
912 | + (this is a never failing no-op for us, no need for Delta). |
913 | + + d/strongswan-starter.prerm: Stop strongswan service on package removal |
914 | + (ipsec now maps to strongswan service, so this works as-is). |
915 | + + Clean up d/strongswan-starter.postinst: rename service ipsec to |
916 | + strongswan (ipsec now maps to strongswan service, so this works as-is) |
917 | + + Clean up d/strongswan-starter.postinst: daemon enable/disable (the |
918 | + whole section is disabled, so no need for delta) |
919 | + + (is upstream) CVE-2017-11185 patches |
920 | + + (is upstream) FTBFS upstream fix for changed include files |
921 | + + (is upstream) debian/patches/increase-bliss-test-timeout.patch: Under |
922 | + QEMU/KVM autopkgtest the bliss test takes longer than the default |
923 | + + (in Debian) add now built (since 5.5.1) mgf1 plugin to |
924 | + libstrongswan-extra-plugins. |
925 | + + (in Debian) d/strongswan-starter.install: install stroke apparmor profile |
926 | + + (this was enabled as part of the former delta, squash changes to no-up) |
927 | + d/rules: Disable duplicheck. |
928 | + + (not needed) Relocate plugins test-vectors from extra-plugins to |
929 | + libstrongswan |
930 | + - d/libstrongswan-extra-plugins.install: Remove plugins/conffiles |
931 | + - d/libstrongswan.install: Add plugins/confiles |
932 | + - d/control: move package descriptions and add required breaks/replaces |
933 | + + (not needed) Relocate plugins ccm from extra-plugins to libstrongswan |
934 | + - d/libstrongswan-extra-plugins.install: Remove plugins/conffiles |
935 | + - d/libstrongswan.install: Add plugins/confiles |
936 | + - d/control: move package descriptions and add required breaks/replaces |
937 | + + (while using it requires special kernel, it does not hurt to be |
938 | + available in the package) Remove ha plugin |
939 | + - d/libcharon-extra-plugins.install: Stop installing ha (so, conf) |
940 | + - d/rules: Do not enable ha plugin |
941 | + - d/control: Drop listing the ha plugin in the package description |
942 | + |
943 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 29 Nov 2017 15:55:18 +0100 |
944 | + |
945 | strongswan (5.6.1-2) unstable; urgency=medium |
946 | |
947 | * move counters plugin from -starter to -libcharon. closes: #882431 |
948 | @@ -332,6 +1187,213 @@ strongswan (5.5.2-1) experimental; urgency=medium |
949 | |
950 | -- Yves-Alexis Perez <corsac@debian.org> Fri, 19 May 2017 11:32:00 +0200 |
951 | |
952 | +strongswan (5.5.1-4ubuntu3) bionic; urgency=medium |
953 | + |
954 | + * Fix Artful FTBFS due to newer glibc (LP: #1724859) |
955 | + - d/p/utils-Include-stdint.h.patch: upstream fix for changed include |
956 | + files. |
957 | + |
958 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 19 Oct 2017 15:18:52 +0200 |
959 | + |
960 | +strongswan (5.5.1-4ubuntu2) artful; urgency=medium |
961 | + |
962 | + * SECURITY UPDATE: Fix RSA signature verification |
963 | + - debian/patches/CVE-2017-11185.patch: does some |
964 | + verifications in order to avoid null-point dereference |
965 | + in src/libstrongswan/gmp/gmp_rsa_public_key.c |
966 | + - CVE-2017-11185 |
967 | + |
968 | + -- Leonidas S. Barbosa <leo.barbosa@canonical.com> Tue, 15 Aug 2017 14:49:49 -0300 |
969 | + |
970 | +strongswan (5.5.1-4ubuntu1) artful; urgency=medium |
971 | + |
972 | + * Merge from Debian to pick up latest security changes (CVE-2017-9022, |
973 | + CVE-2017-9023). |
974 | + * Remaining Changes: |
975 | + + Update init/service handling |
976 | + - d/rules: Change init/systemd program name to strongswan |
977 | + - d/strongswan-starter.strongswan.service: Add new systemd file instead of |
978 | + patching upstream |
979 | + - d/strongswan-starter.links: Removed, use Ubuntu systemd file instead of |
980 | + linking to upstream |
981 | + - d/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call. |
982 | + - d/strongswan-starter.prerm: Stop strongswan service on package |
983 | + removal (as opposed to using the old init.d script). |
984 | + + Clean up d/strongswan-starter.postinst: |
985 | + - Removed section about runlevel changes |
986 | + - Adapted service restart section for Upstart (kept to be Trusty |
987 | + backportable). |
988 | + - Remove old symlinks to init.d files is necessary. |
989 | + - Removed further out-dated code |
990 | + - Removed entire section on opportunistic encryption - this was never in |
991 | + strongSwan. |
992 | + + d/rules: Removed pieces on 'patching ipsec.conf' on build. |
993 | + + Mass enablement of extra plugins and features to allow a user to use |
994 | + strongswan for a variety of use cases without having to rebuild. |
995 | + - d/control: Add required additional build-deps |
996 | + - d/rules: Enable features at configure stage |
997 | + - d/control: Mention addtionally enabled plugins |
998 | + - d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf) |
999 | + - d/libstrongswan.install: Add plugins (so, conf) |
1000 | + + d/rules: Disable duplicheck as per |
1001 | + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718291#10 |
1002 | + + Remove ha plugin (requires special kernel) |
1003 | + - d/libcharon-extra-plugins.install: Stop installing ha (so, conf) |
1004 | + - d/rules: Do not enable ha plugin |
1005 | + - d/control: Drop listing the ha plugin in the package description |
1006 | + + Add plugin kernel-libipsec to allow the use of strongswan in containers |
1007 | + via this userspace implementation (please do note that this is still |
1008 | + considered experimental by upstream). |
1009 | + - d/libcharon-extra-plugins.install: Add kernel-libipsec components |
1010 | + - d/control: List kernel-libipsec plugin at extra plugins description |
1011 | + - d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As |
1012 | + upstream recommends to not load kernel-libipsec by default. |
1013 | + + Relocate tnc plugin |
1014 | + - debian/libcharon-extra-plugins.install: Drop tnc from extra plugins |
1015 | + - Add new subpackage for TNC in d/strongswan-tnc-* and d/control |
1016 | + + d/strongswan-starter.install: Install pool feature, that useful due to |
1017 | + having attr-sql plugin that is enabled now. |
1018 | + + Relocate plugins test-vectors and ccm from extra-plugins to libstrongswan |
1019 | + - d/libstrongswan-extra-plugins.install: Remove plugins/conffiles |
1020 | + - d/libstrongswan.install: Add plugins/confiles |
1021 | + - d/control: move package descriptions and add required breaks/replaces |
1022 | + + d/libstrongswan.install: Reorder conf and .so alphabetically |
1023 | + + d/libstrongswan.install: Add kernel-netlink configuration files |
1024 | + + d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference. |
1025 | + + debian/patches/increase-bliss-test-timeout.patch: Under QEMU/KVM |
1026 | + autopkgtest the bliss test takes longer than the default (Upstream in |
1027 | + 5.5.2 via issue 2204) |
1028 | + + Complete the disabling of libfast; This was partially accepted in Debian, |
1029 | + it is no more packaging medcli and medsrv, but still builds and |
1030 | + mentions it. |
1031 | + - d/rules: Add --disable-fast to avoid build time and dependencies |
1032 | + - d/control: Remove medcli, medsrv from package description |
1033 | + + Add now built (5.5.1 vs 5.3.5) mgf1 plugin to libstrongswan-extra-plugins. |
1034 | + "only" to extra-plugins Mgf1 is not listed as default plugin at |
1035 | + https://wiki.strongswan.org/projects/strongswan/wiki/Pluginlist. |
1036 | + + Add now built (5.5.1 vs 5.3.5) libraries libtpmtss and nttfft to |
1037 | + libstrongswan-extra-plugins. |
1038 | + + Add missing mention of md4 plugin in d/control |
1039 | + + Add rm_conffile for /etc/init.d/ipsec (transition from precies had |
1040 | + missed that) |
1041 | + + d/control, d/libcharon-{extras,standard}-plugins.install: Move charon |
1042 | + plugins for the most common use cases from extra-plugins into a new |
1043 | + standard-plugins package. This will allow those use cases without pulling |
1044 | + in too much more plugins (a bit like the tnc package). Recommend that |
1045 | + package from strongswan-libcharon. |
1046 | + |
1047 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 31 May 2017 15:57:54 +0200 |
1048 | + |
1049 | +strongswan (5.5.1-3ubuntu1) artful; urgency=medium |
1050 | + |
1051 | + * Merge from Debian to pick up latest changes. Among others this includes: |
1052 | + - a lot of the Delta we upstreamed to Debian (more discussions are ongoing |
1053 | + but likely have to wait until Debian stretch was released) |
1054 | + - enabling mediation support (LP: #1657413) |
1055 | + * Remaining Changes: |
1056 | + + Update init/service handling |
1057 | + - d/rules: Change init/systemd program name to strongswan |
1058 | + - d/strongswan-starter.strongswan.service: Add new systemd file instead of |
1059 | + patching upstream |
1060 | + - d/strongswan-starter.links: Removed, use Ubuntu systemd file instead of |
1061 | + linking to upstream |
1062 | + - d/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call. |
1063 | + - d/strongswan-starter.prerm: Stop strongswan service on package |
1064 | + removal (as opposed to using the old init.d script). |
1065 | + + Clean up d/strongswan-starter.postinst: |
1066 | + - Removed section about runlevel changes |
1067 | + - Adapted service restart section for Upstart (kept to be Trusty |
1068 | + backportable). |
1069 | + - Remove old symlinks to init.d files is necessary. |
1070 | + - Removed further out-dated code |
1071 | + - Removed entire section on opportunistic encryption - this was never in |
1072 | + strongSwan. |
1073 | + + d/rules: Removed pieces on 'patching ipsec.conf' on build. |
1074 | + + Mass enablement of extra plugins and features to allow a user to use |
1075 | + strongswan for a variety of use cases without having to rebuild. |
1076 | + - d/control: Add required additional build-deps |
1077 | + - d/rules: Enable features at configure stage |
1078 | + - d/control: Mention addtionally enabled plugins |
1079 | + - d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf) |
1080 | + - d/libstrongswan.install: Add plugins (so, conf) |
1081 | + + d/rules: Disable duplicheck as per |
1082 | + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718291#10 |
1083 | + + Remove ha plugin (requires special kernel) |
1084 | + - d/libcharon-extra-plugins.install: Stop installing ha (so, conf) |
1085 | + - d/rules: Do not enable ha plugin |
1086 | + - d/control: Drop listing the ha plugin in the package description |
1087 | + + Add plugin kernel-libipsec to allow the use of strongswan in containers |
1088 | + via this userspace implementation (please do note that this is still |
1089 | + considered experimental by upstream). |
1090 | + - d/libcharon-extra-plugins.install: Add kernel-libipsec components |
1091 | + - d/control: List kernel-libipsec plugin at extra plugins description |
1092 | + - d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As |
1093 | + upstream recommends to not load kernel-libipsec by default. |
1094 | + + Relocate tnc plugin |
1095 | + - debian/libcharon-extra-plugins.install: Drop tnc from extra plugins |
1096 | + - Add new subpackage for TNC in d/strongswan-tnc-* and d/control |
1097 | + + d/strongswan-starter.install: Install pool feature, that useful due to |
1098 | + having attr-sql plugin that is enabled now. |
1099 | + + Relocate plugins test-vectors and ccm from extra-plugins to libstrongswan |
1100 | + - d/libstrongswan-extra-plugins.install: Remove plugins/conffiles |
1101 | + - d/libstrongswan.install: Add plugins/confiles |
1102 | + - d/control: move package descriptions and add required breaks/replaces |
1103 | + + d/libstrongswan.install: Reorder conf and .so alphabetically |
1104 | + + d/libstrongswan.install: Add kernel-netlink configuration files |
1105 | + + d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference. |
1106 | + + debian/patches/increase-bliss-test-timeout.patch: Under QEMU/KVM |
1107 | + autopkgtest the bliss test takes longer than the default (Upstream in |
1108 | + 5.5.2 via issue 2204) |
1109 | + + Complete the disabling of libfast; This was partially accepted in Debian, |
1110 | + it is no more packaging medcli and medsrv, but still builds and |
1111 | + mentions it. |
1112 | + - d/rules: Add --disable-fast to avoid build time and dependencies |
1113 | + - d/control: Remove medcli, medsrv from package description |
1114 | + + Add now built (5.5.1 vs 5.3.5) mgf1 plugin to libstrongswan-extra-plugins. |
1115 | + "only" to extra-plugins Mgf1 is not listed as default plugin at |
1116 | + https://wiki.strongswan.org/projects/strongswan/wiki/Pluginlist. |
1117 | + + Add now built (5.5.1 vs 5.3.5) libraries libtpmtss and nttfft to |
1118 | + libstrongswan-extra-plugins. |
1119 | + + Add missing mention of md4 plugin in d/control |
1120 | + + Add rm_conffile for /etc/init.d/ipsec (transition from precies had |
1121 | + missed that) |
1122 | + + d/control, d/libcharon-{extras,standard}-plugins.install: Move charon |
1123 | + plugins for the most common use cases from extra-plugins into a new |
1124 | + standard-plugins package. This will allow those use cases without pulling |
1125 | + in too much more plugins (a bit like the tnc package). Recommend that |
1126 | + package from strongswan-libcharon. |
1127 | + * Dropped Changes: |
1128 | + + Add and install apparmor profiles (in Debian) |
1129 | + - d/rules: Install AppArmor profiles |
1130 | + - d/control: Add dh-apparmor build-dep |
1131 | + - d/usr.lib.ipsec.{charon, lookip, stroke}: Add latest AppArmor profiles |
1132 | + for charon, lookip and stroke |
1133 | + - d/libcharon-extra-plugins.install: Install profile for lookip |
1134 | + - d/strongswan-charon.install: Install profile for charon |
1135 | + - d/strongswan-starter.install: Install profile for stroke |
1136 | + - Fix strongswan ipsec status issue with apparmor |
1137 | + - Fix Dep8 tests for the now extra strongswan-pki package for pki |
1138 | + - Fix Dep8 tests for the now extra strongswan-scepclient package |
1139 | + + d/rules: Sorted and only one enable option per configure line (in |
1140 | + Debian) |
1141 | + + Add updated logcheck rules (in Debian) |
1142 | + - debian/libstrongswan.strongswan.logcheck.*: Remove outdated files |
1143 | + - debian/strongswan.logcheck: Add updated logcheck rules |
1144 | + + Add updated DEP8 tests (in Debian) |
1145 | + - d/tests/*: Add DEP8 tests |
1146 | + - d/control: Enable autotestpkg |
1147 | + + d/rules: do not strip for library integrity checking (After Discussion |
1148 | + with Debian this isn't acceptable there, but at the same time it turned |
1149 | + out the real use-case of this never uses this lib but instead third |
1150 | + party checks of checksums for e.g. FIPS cert; so drop the Delta) |
1151 | + - Use override_dh_strip to to avoid overwriting user build flags. |
1152 | + - Add missing mention of libchecksum integrity test in d/control |
1153 | + + d/rules: Set TESTS_REDUCED_KEYLENGTHS to one generate smallest key-lengths |
1154 | + in tests to avoid issues in low entropy environments. (Debian has |
1155 | + disabled !x86 tests for the same reason, one solution is enough) |
1156 | + |
1157 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 04 May 2017 14:06:23 +0200 |
1158 | + |
1159 | strongswan (5.5.1-3) unstable; urgency=medium |
1160 | |
1161 | [ Christian Ehrhardt ] |
1162 | @@ -365,6 +1427,136 @@ strongswan (5.5.1-2) unstable; urgency=medium |
1163 | |
1164 | -- Yves-Alexis Perez <corsac@debian.org> Wed, 07 Dec 2016 08:34:52 +0100 |
1165 | |
1166 | +strongswan (5.5.1-1ubuntu2) zesty; urgency=medium |
1167 | + |
1168 | + * Update Maintainers which was missed while merging 5.5.1-1. |
1169 | + |
1170 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Dec 2016 16:02:40 +0100 |
1171 | + |
1172 | +strongswan (5.5.1-1ubuntu1) zesty; urgency=medium |
1173 | + |
1174 | + * Merge from Debian (complex delta, discussions and broken out changes can be |
1175 | + found in the merge proposal linked from the merge bug LP: #1631198) |
1176 | + * Remaining Changes: |
1177 | + + d/rules: Enforcing DEB_BUILD_OPTIONS=nostrip for library integrity |
1178 | + checking. |
1179 | + + d/rules: Set TESTS_REDUCED_KEYLENGTHS to one generate smallest key-lengths |
1180 | + in tests to avoid issues in low entropy environments. |
1181 | + + Update init/service handling |
1182 | + - d/rules: Change init/systemd program name to strongswan |
1183 | + - d/strongswan-starter.strongswan.service: Add new systemd file instead of |
1184 | + patching upstream |
1185 | + - d/strongswan-starter.links: Removed, use Ubuntu systemd file instead of |
1186 | + linking to upstream |
1187 | + - d/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call. |
1188 | + - d/strongswan-starter.prerm: Stop strongswan service on package |
1189 | + removal (as opposed to using the old init.d script). |
1190 | + + Clean up d/strongswan-starter.postinst: |
1191 | + - Removed section about runlevel changes |
1192 | + - Adapted service restart section for Upstart (kept to be Trusty |
1193 | + backportable). |
1194 | + - Remove old symlinks to init.d files is necessary. |
1195 | + - Removed further out-dated code |
1196 | + - Removed entire section on opportunistic encryption - this was never in |
1197 | + strongSwan. |
1198 | + + Add and install apparmor profiles |
1199 | + - d/rules: Install AppArmor profiles |
1200 | + - d/control: Add dh-apparmor build-dep |
1201 | + - d/usr.lib.ipsec.{charon, lookip, stroke}: Add latest AppArmor profiles |
1202 | + for charon, lookip and stroke |
1203 | + - d/libcharon-extra-plugins.install: Install profile for lookip |
1204 | + - d/strongswan-charon.install: Install profile for charon |
1205 | + - d/strongswan-starter.install: Install profile for stroke |
1206 | + + d/rules: Removed pieces on 'patching ipsec.conf' on build. |
1207 | + + d/rules: Sorted and only one enable option per configure line |
1208 | + + Mass enablement of extra plugins and features to allow a user to use |
1209 | + strongswan for a variety of use cases without having to rebuild. |
1210 | + - d/control: Add required additional build-deps |
1211 | + - d/rules: Enable features at configure stage |
1212 | + - d/control: Mention addtionally enabled plugins |
1213 | + - d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf) |
1214 | + - d/libstrongswan.install: Add plugins (so, conf) |
1215 | + + d/rules: Disable duplicheck as per |
1216 | + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718291#10 |
1217 | + + Remove ha plugin (requires special kernel) |
1218 | + - d/libcharon-extra-plugins.install: Stop installing ha (so, conf) |
1219 | + - d/rules: Do not enable ha plugin |
1220 | + - d/control: Drop listing the ha plugin in the package description |
1221 | + + Add plugin kernel-libipsec to allow the use of strongswan in containers |
1222 | + via this userspace implementation (please do note that this is still |
1223 | + considered experimental by upstream). |
1224 | + - d/libcharon-extra-plugins.install: Add kernel-libipsec components |
1225 | + - d/control: List kernel-libipsec plugin at extra plugins description |
1226 | + - d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As |
1227 | + upstream recommends to not load kernel-libipsec by default. |
1228 | + + Relocate tnc plugin |
1229 | + - debian/libcharon-extra-plugins.install: Drop tnc from extra plugins |
1230 | + - Add new subpackage for TNC in d/strongswan-tnc-* and d/control |
1231 | + + d/strongswan-starter.install: Install pool feature, that useful due to |
1232 | + having attr-sql plugin that is enabled now. |
1233 | + + Relocate plugins test-vectors and ccm from extra-plugins to libstrongswan |
1234 | + - d/libstrongswan-extra-plugins.install: Remove plugins |
1235 | + - d/libstrongswan.install: Add plugins |
1236 | + + d/libstrongswan.install: Reorder conf and .so alphabetically |
1237 | + + d/libstrongswan.install: Add kernel-netlink configuration files |
1238 | + + d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference. |
1239 | + + Add updated logcheck rules |
1240 | + - debian/libstrongswan.strongswan.logcheck.*: Remove outdated files |
1241 | + - debian/strongswan.logcheck: Add updated logcheck rules |
1242 | + + Add updated DEP8 tests |
1243 | + - d/tests/*: Add DEP8 tests |
1244 | + - d/control: Enable autotestpkg |
1245 | + + debian/patches/increase-bliss-test-timeout.patch: Under QEMU/KVM |
1246 | + autopkgtest the bliss test takes longer than the default |
1247 | + + Complete the disabling of libfast |
1248 | + - Note: This was partially accepted in Debian, it is no more |
1249 | + packaging medcli and medsrv, but still builds and mentions it |
1250 | + - d/rules: Add --disable-fast to avoid build time and dependencies |
1251 | + - d/control: Remove medcli, medsrv from package description |
1252 | + * Dropped Changes: |
1253 | + + Adding build-dep to iptables-dev (no change, was only in Changelog) |
1254 | + + Dropping of build deps libfcgi-dev, clearsilver-dev (in Debian) |
1255 | + + Adding strongswan-plugin-* virtual packages for dist-upgrade (no |
1256 | + upgrade path left needing them) |
1257 | + + Most of "disabling libfast" (Debian dropped it from package content) |
1258 | + + Transition for ipsec service (no upgrade path left) |
1259 | + + Reverted part of the cleanup to d/strongswan-starter.postinst as using |
1260 | + service should rather use invoke-rc.d (so it is a partial revert of our |
1261 | + delta) |
1262 | + + Transition handling (breaks/replaces) from per-plugin packages to the |
1263 | + three grouped plugin packages (no upgrade path left) |
1264 | + + debian/strongswan-starter.dirs: Don't touch /etc/init.d. (while "correct" |
1265 | + it is effectively a no-op still, so not worth the delta) |
1266 | + + Lower dpkg-dev to 1.16.1 from 1.16.2 to enable backporting to Precise |
1267 | + (no more needed) |
1268 | + + d/rules: Remove configure option --enable-unit-test (unit tests run by |
1269 | + default) |
1270 | + * Added Changes: |
1271 | + + Fix strongswan ipsec status issue with apparmor (LP: #1587886) |
1272 | + + d/control, d/libstrongswan.install, d/libstrongswan-extra-plugins: Fixup |
1273 | + the relocation of the ccm plugin which missed to move the conffiles. |
1274 | + + Complete move of test-vectors (was missing in d/control) |
1275 | + + Add now built (5.5.1 vs 5.3.5) mgf1 plugin to libstrongswan-extra-plugins. |
1276 | + "only" to extra-plugins Mgf1 is not listed as default plugin at |
1277 | + https://wiki.strongswan.org/projects/strongswan/wiki/Pluginlist. |
1278 | + + Add now built (5.5.1 vs 5.3.5) libraries libtpmtss and nttfft to |
1279 | + libstrongswan-extra-plugins. |
1280 | + + Add missing mention of md4 plugin in d/control |
1281 | + + Add missing mention of libchecksum integrity test in d/control |
1282 | + + Add rm_conffile for /etc/init.d/ipsec (transition from precies had |
1283 | + missed that) |
1284 | + + Use override_dh_strip to to fix library integrity checking instead of |
1285 | + DEB_BUILD_OPTION to avoid overwriting user build flags. |
1286 | + + d/control, d/libcharon-{extras,standard}-plugins.install: Move charon |
1287 | + plugins for the most common use cases from extra-plugins into a new |
1288 | + standard-plugins package. This will allow those use cases without pulling |
1289 | + in too much more plugins (a bit like the tnc package). Recommend that |
1290 | + package from strongswan-libcharon (LP: #1640826). |
1291 | + + Fix Dep8 tests for the now extra strongswan-pki package for pki |
1292 | + + Fix Dep8 tests for the now extra strongswan-scepclient package |
1293 | + |
1294 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 07 Nov 2016 16:16:41 +0100 |
1295 | + |
1296 | strongswan (5.5.1-1) unstable; urgency=medium |
1297 | |
1298 | * New upstream bugfix release. |
1299 | @@ -481,6 +1673,177 @@ strongswan (5.3.5-2) unstable; urgency=medium |
1300 | |
1301 | -- Yves-Alexis Perez <corsac@debian.org> Mon, 14 Mar 2016 23:53:34 +0100 |
1302 | |
1303 | +strongswan (5.3.5-1ubuntu4) yakkety; urgency=medium |
1304 | + |
1305 | + * Build-depend on libjson-c-dev instead of libjson0-dev. |
1306 | + * Rebuild against libjson-c3. |
1307 | + |
1308 | + -- Graham Inggs <ginggs@ubuntu.com> Fri, 29 Apr 2016 19:04:22 +0200 |
1309 | + |
1310 | +strongswan (5.3.5-1ubuntu3) xenial; urgency=medium |
1311 | + |
1312 | + * Rebuild against libmysqlclient20. |
1313 | + |
1314 | + -- Robie Basak <robie.basak@ubuntu.com> Tue, 05 Apr 2016 13:02:48 +0000 |
1315 | + |
1316 | +strongswan (5.3.5-1ubuntu2) xenial; urgency=medium |
1317 | + |
1318 | + * debian/tests/plugins: rdrand may or may not be loaded, depending on the |
1319 | + cpu features. |
1320 | + |
1321 | + -- Iain Lane <iain@orangesquash.org.uk> Mon, 22 Feb 2016 17:13:01 +0000 |
1322 | + |
1323 | +strongswan (5.3.5-1ubuntu1) xenial; urgency=medium |
1324 | + |
1325 | + * debian/{rules,control,libstrongswan-extra-plugins.install} |
1326 | + Enable bliss plugin |
1327 | + * debian/{rules,control,libstrongswan-extra-plugins.install} |
1328 | + Enable chapoly plugin |
1329 | + * debian/patches/dont-load-kernel-libipsec-plugin-by-default.patch |
1330 | + Upstream suggests to not load this plugin by default as it has |
1331 | + some limitations. |
1332 | + https://wiki.strongswan.org/projects/strongswan/wiki/Kernel-libipsec |
1333 | + * debian/patches/increase-bliss-test-timeout.patch |
1334 | + Under QEMU/KVM for autopkgtest bliss test takes a bit longer then default |
1335 | + * Update Apparmor profiles |
1336 | + - usr.lib.ipsec.charon |
1337 | + - add capability audit_write for xauth-pam (LP: #1470277) |
1338 | + - add capability dac_override (needed by agent plugin) |
1339 | + - allow priv dropping (LP: #1333655) |
1340 | + - allow caching CRLs (LP: #1505222) |
1341 | + - allow rw access to /dev/net/tun for kernel-libipsec (LP: #1309594) |
1342 | + - usr.lib.ipsec.stroke |
1343 | + - allow priv dropping (LP: #1333655) |
1344 | + - add local include |
1345 | + - usr.lib.ipsec.lookip |
1346 | + - add local include |
1347 | + * Merge from Debian, which includes fixes for all previous CVEs |
1348 | + Fixes (LP: #1330504, #1451091, #1448870, #1470277) |
1349 | + Remaining changes: |
1350 | + * debian/control |
1351 | + - Lower dpkg-dev to 1.16.1 from 1.16.2 to enable backporting to Precise |
1352 | + - Update Maintainer for Ubuntu |
1353 | + - Add build-deps |
1354 | + - dh-apparmor |
1355 | + - iptables-dev |
1356 | + - libjson0-dev |
1357 | + - libldns-dev |
1358 | + - libmysqlclient-dev |
1359 | + - libpcsclite-dev |
1360 | + - libsoup2.4-dev |
1361 | + - libtspi-dev |
1362 | + - libunbound-dev |
1363 | + - Drop build-deps |
1364 | + - libfcgi-dev |
1365 | + - clearsilver-dev |
1366 | + - Create virtual packages for all strongswan-plugin-* for dist-upgrade |
1367 | + - Set XS-Testsuite: autopkgtest |
1368 | + * debian/rules: |
1369 | + - Enforcing DEB_BUILD_OPTIONS=nostrip for library integrity checking. |
1370 | + - Set TESTS_REDUCED_KEYLENGTHS to one generate smallest key-lengths in |
1371 | + tests. |
1372 | + - Change init/systemd program name to strongswan |
1373 | + - Install AppArmor profiles |
1374 | + - Removed pieces on 'patching ipsec.conf' on build. |
1375 | + - Enablement of features per Ubuntu current config suggested from |
1376 | + upstream recommendation |
1377 | + - Unpack and sort enabled features to one-per-line |
1378 | + - Disable duplicheck as per |
1379 | + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718291#10 |
1380 | + - Disable libfast (--disable-fast): |
1381 | + Requires dropping medsrv, medcli plugins which depend on libfast |
1382 | + - Add configure options |
1383 | + --with-tss=trousers |
1384 | + - Remove configure options: |
1385 | + --enable-ha (requires special kernel) |
1386 | + --enable-unit-test (unit tests run by default) |
1387 | + - Drop logcheck install |
1388 | + * debian/tests/* |
1389 | + - Add DEP8 test for strongswan service and plugins |
1390 | + * debian/strongswan-starter.strongswan.service |
1391 | + - Add new systemd file instead of patching upstream |
1392 | + * debian/strongswan-starter.links |
1393 | + - removed, use Ubuntu systemd file instead of linking to upstream |
1394 | + * debian/usr.lib.ipsec.{charon, lookip, stroke} |
1395 | + - added AppArmor profiles for charon, lookip and stroke |
1396 | + * debian/libcharon-extra-plugins.install |
1397 | + - Add plugins |
1398 | + - kernel-libipsec.{so, lib, conf, apparmor} |
1399 | + - Remove plugins |
1400 | + - libstrongswan-ha.so |
1401 | + - Relocate plugins |
1402 | + - libstrongswan-tnc-tnccs.so (strongswan-tnc-base.install) |
1403 | + * debian/libstrongswan-extra-plugins.install |
1404 | + - Add plugins (so, lib, conf) |
1405 | + - acert |
1406 | + - attr-sql |
1407 | + - coupling |
1408 | + - dnscert |
1409 | + - fips-prf |
1410 | + - gmp |
1411 | + - ipseckey |
1412 | + - load-tester |
1413 | + - mysql |
1414 | + - ntru |
1415 | + - radattr |
1416 | + - soup |
1417 | + - sqlite |
1418 | + - sql |
1419 | + - systime-fix |
1420 | + - unbound |
1421 | + - whitelist |
1422 | + - Relocate plugins (so, lib, conf) |
1423 | + - ccm (libstrongswan.install) |
1424 | + - test-vectors (libstrongswan.install) |
1425 | + * debian/libstrongswan.install |
1426 | + - Sort sections |
1427 | + - Add plugins (so, lib, conf) |
1428 | + - libchecksum |
1429 | + - ccm |
1430 | + - eap-identity |
1431 | + - md4 |
1432 | + - test-vectors |
1433 | + * debian/strongswan-charon.install |
1434 | + - Add AppArmor profile for charon |
1435 | + * debian/strongswan-starter.install |
1436 | + - Add tools, manpages, conf |
1437 | + - openac |
1438 | + - pool |
1439 | + - _updown_espmark |
1440 | + - Add AppArmor profile for stroke |
1441 | + * debian/strongswan-tnc-base.install |
1442 | + - Add new subpackage for TNC |
1443 | + - remove non-existent (dropped in 5.2.1) libpts library files |
1444 | + * debian/strongswan-tnc-client.install |
1445 | + - Add new subpackage for TNC |
1446 | + * debian/strongswan-tnc-ifmap.install |
1447 | + - Add new subpackage for TNC |
1448 | + * debian/strongswan-tnc-pdp.install |
1449 | + - Add new subpackage for TNC |
1450 | + * debian/strongswan-tnc-server.install |
1451 | + - Add new subpackage for TNC |
1452 | + * debian/strongswan-starter.postinit: |
1453 | + - Removed section about runlevel changes, it's almost 2014. |
1454 | + - Adapted service restart section for Upstart. |
1455 | + - Remove old symlinks to init.d files is necessary. |
1456 | + * debian/strongswan-starter.dirs: Don't touch /etc/init.d. |
1457 | + * debian/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call. |
1458 | + * debian/strongswan-starter.prerm: Stop strongswan service on package |
1459 | + removal (as opposed to using the old init.d script). |
1460 | + * debian/libstrongswan.strongswan.logcheck combined into debian/strongswan.logcheck |
1461 | + - logcheck patterns updated to be helpful |
1462 | + * debian/strongswan-starter.postinst: Removed further out-dated code and |
1463 | + entire section on opportunistic encryption - this was never in strongSwan. |
1464 | + * debian/ipsec.secrets.proto: Removed ipsec.secrets.inc reference. |
1465 | + Drop changes: |
1466 | + * debian/control |
1467 | + - Per-plugin package breakup: Reducing packaging delta from Debian |
1468 | + - Don't build dhcp, farp subpackages: Reduce packging delta from Debian |
1469 | + * debian/watch: Already exists in Debian merge |
1470 | + * debian/upstream/signing-key.asc: Upstream has newer version. |
1471 | + |
1472 | + -- Ryan Harper <ryan.harper@canonical.com> Fri, 12 Feb 2016 11:24:53 -0600 |
1473 | + |
1474 | strongswan (5.3.5-1) unstable; urgency=medium |
1475 | |
1476 | * New upstream bugfix release. |
1477 | @@ -753,6 +2116,210 @@ strongswan (5.1.2-1) unstable; urgency=medium |
1478 | |
1479 | -- Yves-Alexis Perez <corsac@debian.org> Wed, 12 Mar 2014 11:22:38 +0100 |
1480 | |
1481 | +strongswan (5.1.2-0ubuntu8) xenial; urgency=medium |
1482 | + |
1483 | + * Import FTBFS for s390x from Debian 5.1.2-3 upload. (LP: #1521240) |
1484 | + |
1485 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 30 Nov 2015 15:46:06 +0000 |
1486 | + |
1487 | +strongswan (5.1.2-0ubuntu7) xenial; urgency=medium |
1488 | + |
1489 | + * SECURITY UPDATE: authentication bypass in eap-mschapv2 plugin |
1490 | + - debian/patches/CVE-2015-8023.patch: only succeed authentication if |
1491 | + MSK was established in |
1492 | + src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c. |
1493 | + - CVE-2015-8023 |
1494 | + * debian/patches/disable_ntru_test.patch: disable test causing FTBFS |
1495 | + until regression is properly investigated. |
1496 | + |
1497 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 19 Nov 2015 14:00:17 -0500 |
1498 | + |
1499 | +strongswan (5.1.2-0ubuntu6) wily; urgency=medium |
1500 | + |
1501 | + * SECURITY UPDATE: user credential disclosure to rogue servers |
1502 | + - debian/patches/CVE-2015-4171.patch: enforce remote authentication |
1503 | + config before proceeding with own authentication in |
1504 | + src/libcharon/sa/ikev2/tasks/ike_auth.c. |
1505 | + - CVE-2015-4171 |
1506 | + * debian/rules: don't FTBFS from unused service file |
1507 | + |
1508 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 08 Jun 2015 12:50:38 -0400 |
1509 | + |
1510 | +strongswan (5.1.2-0ubuntu5) vivid; urgency=medium |
1511 | + |
1512 | + * Add a systemd unit corresponding to strongswan-starter.strongswan.upstart. |
1513 | + |
1514 | + -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 16 Jan 2015 08:27:54 +0100 |
1515 | + |
1516 | +strongswan (5.1.2-0ubuntu4) vivid; urgency=medium |
1517 | + |
1518 | + * SECURITY UPDATE: denial of service via DH group 1025 |
1519 | + - debian/patches/CVE-2014-9221.patch: define MODP_CUSTOM outside of |
1520 | + IKE DH range in src/libstrongswan/crypto/diffie_hellman.c, |
1521 | + src/libstrongswan/crypto/diffie_hellman.h. |
1522 | + - CVE-2014-9221 |
1523 | + |
1524 | + -- Tyler Hicks <tyhicks@canonical.com> Mon, 05 Jan 2015 08:25:29 -0500 |
1525 | + |
1526 | +strongswan (5.1.2-0ubuntu3) utopic; urgency=low |
1527 | + |
1528 | + * Added "libgcrypt20-dev | libgcrypt11-dev" to build dependencies to fix |
1529 | + build. |
1530 | + |
1531 | + -- Jonathan Davies <jonathan.davies@canonical.com> Wed, 15 Oct 2014 16:49:18 +0000 |
1532 | + |
1533 | +strongswan (5.1.2-0ubuntu2) trusty; urgency=medium |
1534 | + |
1535 | + * SECURITY UPDATE: remote authentication bypass |
1536 | + - debian/patches/CVE-2014-2338.patch: reject CREATE_CHILD_SA exchange |
1537 | + on unestablished IKE_SAs in src/libcharon/sa/ikev2/task_manager_v2.c. |
1538 | + - CVE-2014-2338 |
1539 | + |
1540 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Apr 2014 11:24:34 -0400 |
1541 | + |
1542 | +strongswan (5.1.2-0ubuntu1) trusty; urgency=low |
1543 | + |
1544 | + * New upstream release. |
1545 | + |
1546 | + -- Jonathan Davies <jonathan.davies@canonical.com> Sat, 01 Mar 2014 08:53:17 +0000 |
1547 | + |
1548 | +strongswan (5.1.2~rc2-0ubuntu2) trusty; urgency=low |
1549 | + |
1550 | + * debian/ipsec.secrets.proto: Removed ipsec.secrets.inc reference. |
1551 | + * debian/usr.lib.ipsec.charon: Allow read access to /run/charon. |
1552 | + |
1553 | + -- Jonathan Davies <jonathan.davies@canonical.com> Wed, 19 Feb 2014 13:07:16 +0000 |
1554 | + |
1555 | +strongswan (5.1.2~rc2-0ubuntu1) trusty; urgency=low |
1556 | + |
1557 | + * New upstream release candidate. |
1558 | + |
1559 | + -- Jonathan Davies <jonathan.davies@canonical.com> Wed, 19 Feb 2014 12:59:21 +0000 |
1560 | + |
1561 | +strongswan (5.1.2~rc1-0ubuntu4) trusty; urgency=medium |
1562 | + |
1563 | + * debian/strongswan-tnc-*.install: Fixed files so libraries go into correct |
1564 | + packages. |
1565 | + * debian/usr.lib.ipsec.stroke: Allow access to strongswan.d directories. |
1566 | + |
1567 | + -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 17 Feb 2014 18:12:38 +0000 |
1568 | + |
1569 | +strongswan (5.1.2~rc1-0ubuntu3) trusty; urgency=low |
1570 | + |
1571 | + * debian/rules: Exclude rdrand.conf in dh_install's --fail-missing. |
1572 | + |
1573 | + -- Jonathan Davies <jonathan.davies@canonical.com> Sat, 15 Feb 2014 15:46:46 +0000 |
1574 | + |
1575 | +strongswan (5.1.2~rc1-0ubuntu2) trusty; urgency=low |
1576 | + |
1577 | + * debian/libstrongswan.install: Moved rdrand plugin configuration to rules |
1578 | + as it's only useful on amd64. |
1579 | + * debian/watch: Added opts=pgpsigurlmangle option. |
1580 | + * debian/upstream/signing-key.asc: Added key: 0xB34DBA77. |
1581 | + |
1582 | + -- Jonathan Davies <jonathan.davies@canonical.com> Sat, 15 Feb 2014 15:32:10 +0000 |
1583 | + |
1584 | +strongswan (5.1.2~rc1-0ubuntu1) trusty; urgency=medium |
1585 | + |
1586 | + * New upstream release candidate. |
1587 | + * debian/*.install - include new configuration files for plugins in |
1588 | + appropiate packages. |
1589 | + |
1590 | + -- Jonathan Davies <jonathan.davies@canonical.com> Sat, 15 Feb 2014 15:03:14 +0000 |
1591 | + |
1592 | +strongswan (5.1.2~dr3+git20130120-0ubuntu3) trusty; urgency=low |
1593 | + |
1594 | + * debian/control: |
1595 | + - Added Breaks/Replaces for all library files which have been moved |
1596 | + about (LP: #1278176). |
1597 | + - Removed build-dependency on check and added one on dh-apparmor. |
1598 | + * debian/strongswan-starter.postinst: Removed further out-dated code and |
1599 | + entire section on opportunistic encryption - this was never in strongSwan. |
1600 | + * debian/rules: Removed pieces on 'patching ipsec.conf' on build. |
1601 | + |
1602 | + -- Jonathan Davies <jonathan.davies@canonical.com> Sun, 09 Feb 2014 23:53:23 +0000 |
1603 | + |
1604 | +strongswan (5.1.2~dr3+git20130120-0ubuntu2) trusty; urgency=low |
1605 | + |
1606 | + * debian/control: Fixed references to plugin-fips-prf. |
1607 | + |
1608 | + -- Jonathan Davies <jonathan.davies@canonical.com> Wed, 22 Jan 2014 11:22:14 +0000 |
1609 | + |
1610 | +strongswan (5.1.2~dr3+git20130120-0ubuntu1) trusty; urgency=low |
1611 | + |
1612 | + * Upstream Git snapshot for build fixes with regards to entropy. |
1613 | + * debian/rules: |
1614 | + - Enforcing DEB_BUILD_OPTIONS=nostrip for library integrity checking. |
1615 | + - Set TESTS_REDUCED_KEYLENGTHS to one generate smallest key-lengths in |
1616 | + tests. |
1617 | + |
1618 | + -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 20 Jan 2014 19:00:59 +0000 |
1619 | + |
1620 | +strongswan (5.1.2~dr3-0ubuntu1) trusty; urgency=low |
1621 | + |
1622 | + * New upstream developer release. |
1623 | + * Made changes to packaging per upstream suggestions. |
1624 | + - Dropped medcli and medsrv packages - not recommended by upstream at this |
1625 | + time. |
1626 | + - Dropped ha plugin - needs special kernel. |
1627 | + - Improved all package descriptions in general. |
1628 | + - Drop build-dep on clearsilver-dev and libfcgi-dev - no longer needed. |
1629 | + - Removed debian/*logcheck* files - not relevant to strongSwan. |
1630 | + - Split dhcp and farp packages into sub-packages. |
1631 | + - Build kernel-libipsec, ntru, systime-fix, and xauth-noauth plugins. |
1632 | + - Changes to TNC-related packages. |
1633 | + * Created AppArmor profiles for lookip and stroke. |
1634 | + |
1635 | + -- Jonathan Davies <jonathan.davies@canonical.com> Wed, 15 Jan 2014 22:52:53 +0000 |
1636 | + |
1637 | +strongswan (5.1.2~dr2+git20130106-0ubuntu2) trusty; urgency=low |
1638 | + |
1639 | + * libstrongswan.install: Removed lingering unit-tester.so reference. |
1640 | + |
1641 | + -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 06 Jan 2014 20:29:59 +0000 |
1642 | + |
1643 | +strongswan (5.1.2~dr2+git20130106-0ubuntu1) trusty; urgency=low |
1644 | + |
1645 | + * Git snapshot of commit 94e10f15e51ead788d9947e966878ebfdc95b7ce. |
1646 | + Incorporates upstream fixes for: |
1647 | + - Integrity testing. |
1648 | + - Unit test failures on little endian systems. |
1649 | + * Dropped debian/patches/02_test_asn1_fix_32bit_time_test.patch - fixed |
1650 | + upstream. |
1651 | + * debian/rules: |
1652 | + - Stop using CK_TIMEOUT_MULTIPLIER. |
1653 | + - Stop enabling the test suite only on non-powerpc arches (it runs |
1654 | + anyway). |
1655 | + |
1656 | + -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 06 Jan 2014 20:17:20 +0000 |
1657 | + |
1658 | +strongswan (5.1.2~dr2-0ubuntu3) trusty; urgency=low |
1659 | + |
1660 | + * debian/control: Reinstate missing comma in dependencies. |
1661 | + |
1662 | + -- Jonathan Davies <jonathan.davies@canonical.com> Fri, 03 Jan 2014 05:39:13 +0000 |
1663 | + |
1664 | +strongswan (5.1.2~dr2-0ubuntu2) trusty; urgency=low |
1665 | + |
1666 | + * Added debian/patches/02_test_asn1_fix_32bit_time_test.patch - fixes issue |
1667 | + where test for >2038 tests on 32-bit platforms is broken. |
1668 | + - Reported upstream: https://wiki.strongswan.org/issues/477 |
1669 | + * debian/control: Added strongswan-plugin-ntru to strongswan-ike Suggests. |
1670 | + |
1671 | + -- Jonathan Davies <jonathan.davies@canonical.com> Fri, 03 Jan 2014 05:02:32 +0000 |
1672 | + |
1673 | +strongswan (5.1.2~dr2-0ubuntu1) trusty; urgency=low |
1674 | + |
1675 | + * New upstream developer release. |
1676 | + * debian/rules: Configure with: --enable-af-alg, --enable-ntru, --enable-soup, |
1677 | + and --enable-unity. |
1678 | + * debian/control: |
1679 | + - New plugin packages created for the above |
1680 | + - Split fips-prf into its own package. |
1681 | + - Added build-dependency on libsoup2.4-dev. |
1682 | + |
1683 | + -- Jonathan Davies <jonathan.davies@canonical.com> Thu, 02 Jan 2014 17:37:33 +0000 |
1684 | + |
1685 | strongswan (5.1.1-3) unstable; urgency=low |
1686 | |
1687 | * Upload to unstable. |
1688 | @@ -844,6 +2411,192 @@ strongswan (5.1.1-1) unstable; urgency=low |
1689 | |
1690 | -- Yves-Alexis Perez <corsac@debian.org> Fri, 24 Jan 2014 21:22:32 +0100 |
1691 | |
1692 | +strongswan (5.1.1-0ubuntu17) trusty; urgency=low |
1693 | + |
1694 | + * debian/control: |
1695 | + - Make strongswan-ike depend on iproute2. |
1696 | + - Added xauth plugin dependency on strongswan-plugin-eap-gtc. |
1697 | + - Created strongswan-libfast package. |
1698 | + |
1699 | + -- Jonathan Davies <jonathan.davies@canonical.com> Wed, 01 Jan 2014 17:04:45 +0000 |
1700 | + |
1701 | +strongswan (5.1.1-0ubuntu16) trusty; urgency=low |
1702 | + |
1703 | + * debian/control: |
1704 | + - Further splitting of plugins into subpackages (such as all EAP plugins |
1705 | + to their own packages). |
1706 | + - Added libpcsclite-dev to build-dependencies. |
1707 | + * debian/rules: |
1708 | + - Sort configure options in alphabetical order. |
1709 | + - Added configure option of --enable-eap-aka-3gpp2, --enable-eap-dynamic, |
1710 | + --enable-eap-sim-file, --enable-eap-sim-pcsc, |
1711 | + --enable-eap-simaka-pseudonym, --enable-eap-simaka-reauth and |
1712 | + --enable-eap-simaka-sql. |
1713 | + - Don't exclude medsrv from install. |
1714 | + * Moved eap-identity.so to libstrongswan package as it's used by all the |
1715 | + other EAP plugins. |
1716 | + |
1717 | + -- Jonathan Davies <jonathan.davies@canonical.com> Tue, 31 Dec 2013 21:25:50 +0000 |
1718 | + |
1719 | +strongswan (5.1.1-0ubuntu15) trusty; urgency=low |
1720 | + |
1721 | + * debian/control: |
1722 | + - Split plugins from libstrongswan package into modular subpackages. |
1723 | + - Added libmysqlclient-dev to build-dependencies. |
1724 | + - strongswan-ike: Set to depend on either strongswan-plugins-openssl or |
1725 | + strongswan-plugins-gcrypt. |
1726 | + - strongswan-ike: All other plugins added to Suggests. |
1727 | + - Created two new TNC packages: strongswan-tnc-ifmap and |
1728 | + strongswan-tnc-pdp and added to tnc-imcvs Suggests. |
1729 | + * debian/rules: Added to CONFIGUREARGS: --enable-certexpire, |
1730 | + --enable-error-notify, --enable-mysql, --enable-load-tester, |
1731 | + --enable-radattr, --enable-tnc-pdp, and --enable-whitelist. |
1732 | + * debian/strongswan-ike.install: Moved eap-identity.so to -tnc-imcvs package. |
1733 | + |
1734 | + -- Jonathan Davies <jonathan.davies@canonical.com> Tue, 31 Dec 2013 16:15:32 +0000 |
1735 | + |
1736 | +strongswan (5.1.1-0ubuntu14) trusty; urgency=low |
1737 | + |
1738 | + * debian/rules: |
1739 | + - CK_TIMEOUT_MULTIPLIER back down to 6. |
1740 | + - Disable unit tests on powerpc. |
1741 | + |
1742 | + -- Jonathan Davies <jonathan.davies@canonical.com> Tue, 31 Dec 2013 07:39:48 +0000 |
1743 | + |
1744 | +strongswan (5.1.1-0ubuntu13) trusty; urgency=low |
1745 | + |
1746 | + * debian/rules: CK_TIMEOUT_MULTIPLIER to 10 as just powerppc is being stubborn. |
1747 | + |
1748 | + -- Jonathan Davies <jonathan.davies@canonical.com> Tue, 31 Dec 2013 07:23:42 +0000 |
1749 | + |
1750 | +strongswan (5.1.1-0ubuntu12) trusty; urgency=low |
1751 | + |
1752 | + * debian/rules: Bring CK_TIMEOUT_MULTIPLIER up to 6 to fix powerppc and |
1753 | + armhf. |
1754 | + |
1755 | + -- Jonathan Davies <jonathan.davies@canonical.com> Tue, 31 Dec 2013 07:03:40 +0000 |
1756 | + |
1757 | +strongswan (5.1.1-0ubuntu11) trusty; urgency=low |
1758 | + |
1759 | + * 02_increase-test_rsa_generate-timeout.patch: Removed - only fixed build on |
1760 | + one extra arch. |
1761 | + * debian/rules: Set CK_TIMEOUT_MULTIPLIER to 4. |
1762 | + |
1763 | + -- Jonathan Davies <jonathan.davies@canonical.com> Tue, 31 Dec 2013 06:51:47 +0000 |
1764 | + |
1765 | +strongswan (5.1.1-0ubuntu10) trusty; urgency=low |
1766 | + |
1767 | + * debian/patches: Added patch 02_increase-test_rsa_generate-timeout.patch - |
1768 | + - Increases RSA key generate test timeout to 30 seconds so that it doesn't |
1769 | + fail on armhf, arm64, and powerppc. |
1770 | + * Contrary to what the last changelog entry says, we are still running |
1771 | + strongswan as root (with AppArmor protection). |
1772 | + |
1773 | + -- Jonathan Davies <jonathan.davies@canonical.com> Tue, 31 Dec 2013 06:06:47 +0000 |
1774 | + |
1775 | +strongswan (5.1.1-0ubuntu9) trusty; urgency=low |
1776 | + |
1777 | + * debian/rules: Added to configure options: |
1778 | + - --enable-tnc-ifmap: enable TNC IF-MAP module. |
1779 | + - --enable-duplicheck: enable duplicheck plugin. |
1780 | + - --enable-imv-swid, --enable-imc-swid: Added. |
1781 | + - Run strongswan as it's own user. |
1782 | + * debian/strongswan-starter.install: Install duplicheck. |
1783 | + * debian/strongswan-tnc-imcvs.install: Install swidtags. |
1784 | + |
1785 | + -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 30 Dec 2013 19:33:27 +0000 |
1786 | + |
1787 | +strongswan (5.1.1-0ubuntu8) trusty; urgency=low |
1788 | + |
1789 | + * debian/rules: Added to configure options: |
1790 | + - --enable-unit-tests: check unit testing on build. |
1791 | + - --enable-unbound: for validating DNS lookups. |
1792 | + - --enable-dnscert: for DNSCERT peer authentication. |
1793 | + - --enable-ipseckey: for IPSEC key authentication. |
1794 | + - --enable-lookip: for LookIP functionality. |
1795 | + - --enable-coupling: certificate coupling functionality. |
1796 | + * debian/control: Added check, libldns-dev, libunbound-dev to |
1797 | + build-dependencies. |
1798 | + * debian/libstrongswan.install: Install new plugin .so's. |
1799 | + * debian/strongswan-starter.install: Added lookip. |
1800 | + |
1801 | + -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 30 Dec 2013 17:52:07 +0000 |
1802 | + |
1803 | +strongswan (5.1.1-0ubuntu7) trusty; urgency=low |
1804 | + |
1805 | + * strongswan-starter.install: Moved pt-tls-client to tnc-imcvs (to prevent |
1806 | + the former from depending on the latter). |
1807 | + |
1808 | + -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 30 Dec 2013 17:30:19 +0000 |
1809 | + |
1810 | +strongswan (5.1.1-0ubuntu6) trusty; urgency=low |
1811 | + |
1812 | + * debian/strongswan-starter.prerm: Stop strongswan service on package |
1813 | + removal (as opposed to using the old init.d script). |
1814 | + |
1815 | + -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 30 Dec 2013 17:22:10 +0000 |
1816 | + |
1817 | +strongswan (5.1.1-0ubuntu5) trusty; urgency=low |
1818 | + |
1819 | + * debian/rules: |
1820 | + - CONFIGUREARGS: Merged Debian and RPM options. |
1821 | + - Brings in TNC functionality. |
1822 | + * debian/control: |
1823 | + - Added build-dependency on libtspi-dev. |
1824 | + - Created strongswan-tnc-imcvs binary package for TNC components. |
1825 | + - Added strongswan-tnc-imcvs to libstrongswan's Suggests. |
1826 | + * debian/libstrongswan.install: |
1827 | + - Included newly built MD4 and SQLite libraries. |
1828 | + - Removed 'tnc' references (moved to TNC package). |
1829 | + * debian/strongswan-tnc-imcvs.install: Created - handle new TNC libraries and |
1830 | + binaries. |
1831 | + * debian/usr.lib.ipsec.charon: Allow access to TNC modules. |
1832 | + |
1833 | + -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 30 Dec 2013 14:05:43 +0000 |
1834 | + |
1835 | +strongswan (5.1.1-0ubuntu4) trusty; urgency=low |
1836 | + |
1837 | + * debian/usr.lib.ipsec.charon: Added - AppArmor profile for charon. |
1838 | + * debian/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call. |
1839 | + * debian/control: strongswan-ike - Stop depending on ipsec-tools. |
1840 | + |
1841 | + -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 30 Dec 2013 05:35:17 +0000 |
1842 | + |
1843 | +strongswan (5.1.1-0ubuntu3) trusty; urgency=low |
1844 | + |
1845 | + * strongswan-starter.strongswan.upstart - Only start strongSwan when a |
1846 | + network connection is available. |
1847 | + * debian/control: Downgrade build-dep version of dpkg-dev from 1.16.2 to |
1848 | + 1.16.1 - to make precise backporting easier. |
1849 | + |
1850 | + -- Jonathan Davies <jonathan.davies@canonical.com> Thu, 12 Dec 2013 10:43:15 +0000 |
1851 | + |
1852 | +strongswan (5.1.1-0ubuntu2) trusty; urgency=low |
1853 | + |
1854 | + * strongswan-starter.strongswan.upstart - Created Upstart job for |
1855 | + strongSwan. |
1856 | + * debian/rules: Set dh_installinit to install above file. |
1857 | + * debian/strongswan-starter.postinit: |
1858 | + - Removed section about runlevel changes, it's almost 2014. |
1859 | + - Adapted service restart section for Upstart. |
1860 | + - Remove old symlinks to init.d files is necessary. |
1861 | + * debian/strongswan-starter.dirs: Don't touch /etc/init.d. |
1862 | + |
1863 | + -- Jonathan Davies <jonathan.davies@canonical.com> Wed, 11 Dec 2013 23:10:28 +0000 |
1864 | + |
1865 | +strongswan (5.1.1-0ubuntu1) trusty; urgency=low |
1866 | + |
1867 | + * New upstream release. |
1868 | + * Removed: debian/patches/CVE-2013-6075, CVE-2013-6076.patch - upsteamed. |
1869 | + * debian/control: Updated Standards-Version to 3.9.5 and applied |
1870 | + XSBC-Original-Maintainer policy. |
1871 | + * strongswan-starter.install: |
1872 | + - pki tool is now in /usr/bin. |
1873 | + - Install pt-tls-client. |
1874 | + - Install manpages (LP: #1206263). |
1875 | + |
1876 | + -- Jonathan Davies <jpds@ubuntu.com> Sun, 01 Dec 2013 17:43:59 +0000 |
1877 | + |
1878 | strongswan (5.1.0-3) unstable; urgency=high |
1879 | |
1880 | * urgency=high for the security fixes. |
1881 | diff --git a/debian/control b/debian/control |
1882 | index 9ed97b7..06faee6 100644 |
1883 | --- a/debian/control |
1884 | +++ b/debian/control |
1885 | @@ -1,7 +1,8 @@ |
1886 | Source: strongswan |
1887 | Section: net |
1888 | Priority: optional |
1889 | -Maintainer: strongSwan Maintainers <pkg-swan-devel@lists.alioth.debian.org> |
1890 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
1891 | +XSBC-Original-Maintainer: strongSwan Maintainers <pkg-swan-devel@lists.alioth.debian.org> |
1892 | Uploaders: Yves-Alexis Perez <corsac@debian.org> |
1893 | Standards-Version: 4.6.0 |
1894 | Vcs-Browser: https://salsa.debian.org/debian/strongswan |
1895 | @@ -136,6 +137,7 @@ Description: strongSwan utility and crypto library (extra plugins) |
1896 | - gcrypt (Crypto backend based on libgcrypt, provides |
1897 | RSA/DH/ciphers/hashers/rng) |
1898 | - ldap (LDAP fetching plugin based on libldap) |
1899 | + - ntru (key exchanged based on post-quantum computer NTRU) |
1900 | - padlock (VIA padlock crypto backend, provides AES128/SHA1) |
1901 | - pkcs11 (PKCS#11 smartcard backend) |
1902 | - rdrand (High quality / high performance random source using the Intel |
1903 | @@ -203,6 +205,9 @@ Description: strongSwan charon library (extra plugins) |
1904 | - unity (Cisco Unity extensions for IKEv1) |
1905 | - xauth-eap (XAuth backend that uses EAP methods to verify passwords) |
1906 | - xauth-pam (XAuth backend that uses PAM modules to verify passwords) |
1907 | + - eap-dynamic (EAP proxy plugin that dynamically selects an EAP method |
1908 | + requested/supported by the client (since 5.0.1)) |
1909 | + - eap-peap (EAP-PEAP protocol handler, wraps other EAP methods securely) |
1910 | |
1911 | Package: strongswan-starter |
1912 | Architecture: any |
1913 | @@ -210,9 +215,9 @@ Pre-Depends: ${misc:Pre-Depends} |
1914 | Depends: adduser, |
1915 | libstrongswan (= ${binary:Version}), |
1916 | lsb-base (>= 3.0-6), |
1917 | + strongswan-charon, |
1918 | ${misc:Depends}, |
1919 | ${shlibs:Depends} |
1920 | -Recommends: strongswan-charon |
1921 | Conflicts: openswan |
1922 | Description: strongSwan daemon starter and configuration file parser |
1923 | The strongSwan VPN suite uses the native IPsec stack in the standard |
1924 | @@ -251,9 +256,9 @@ Architecture: any |
1925 | Pre-Depends: debconf | debconf-2.0 |
1926 | Depends: iproute2 [linux-any] | iproute [linux-any], |
1927 | libstrongswan (= ${binary:Version}), |
1928 | - strongswan-starter, |
1929 | ${misc:Depends}, |
1930 | ${shlibs:Depends} |
1931 | +Recommends: strongswan-starter, |
1932 | Provides: ike-server |
1933 | Description: strongSwan Internet Key Exchange daemon |
1934 | The strongSwan VPN suite uses the native IPsec stack in the standard |
1935 | diff --git a/debian/libcharon-extra-plugins.install b/debian/libcharon-extra-plugins.install |
1936 | index 94fbabd..91ca716 100644 |
1937 | --- a/debian/libcharon-extra-plugins.install |
1938 | +++ b/debian/libcharon-extra-plugins.install |
1939 | @@ -2,9 +2,11 @@ |
1940 | usr/lib/ipsec/plugins/libstrongswan-addrblock.so |
1941 | usr/lib/ipsec/plugins/libstrongswan-certexpire.so |
1942 | usr/lib/ipsec/plugins/libstrongswan-eap-aka.so |
1943 | +usr/lib/ipsec/plugins/libstrongswan-eap-dynamic.so |
1944 | usr/lib/ipsec/plugins/libstrongswan-eap-gtc.so |
1945 | usr/lib/ipsec/plugins/libstrongswan-eap-identity.so |
1946 | usr/lib/ipsec/plugins/libstrongswan-eap-md5.so |
1947 | +usr/lib/ipsec/plugins/libstrongswan-eap-peap.so |
1948 | usr/lib/ipsec/plugins/libstrongswan-eap-radius.so |
1949 | usr/lib/ipsec/plugins/libstrongswan-eap-tls.so |
1950 | usr/lib/ipsec/plugins/libstrongswan-eap-tnc.so |
1951 | @@ -25,9 +27,11 @@ usr/lib/ipsec/plugins/libstrongswan-xauth-pam.so |
1952 | usr/share/strongswan/templates/config/plugins/addrblock.conf |
1953 | usr/share/strongswan/templates/config/plugins/certexpire.conf |
1954 | usr/share/strongswan/templates/config/plugins/eap-aka.conf |
1955 | +usr/share/strongswan/templates/config/plugins/eap-dynamic.conf |
1956 | usr/share/strongswan/templates/config/plugins/eap-gtc.conf |
1957 | usr/share/strongswan/templates/config/plugins/eap-identity.conf |
1958 | usr/share/strongswan/templates/config/plugins/eap-md5.conf |
1959 | +usr/share/strongswan/templates/config/plugins/eap-peap.conf |
1960 | usr/share/strongswan/templates/config/plugins/eap-radius.conf |
1961 | usr/share/strongswan/templates/config/plugins/eap-tls.conf |
1962 | usr/share/strongswan/templates/config/plugins/eap-tnc.conf |
1963 | @@ -49,9 +53,11 @@ etc/strongswan.d/tnc.conf |
1964 | etc/strongswan.d/charon/addrblock.conf |
1965 | etc/strongswan.d/charon/certexpire.conf |
1966 | etc/strongswan.d/charon/eap-aka.conf |
1967 | +etc/strongswan.d/charon/eap-dynamic.conf |
1968 | etc/strongswan.d/charon/eap-gtc.conf |
1969 | etc/strongswan.d/charon/eap-identity.conf |
1970 | etc/strongswan.d/charon/eap-md5.conf |
1971 | +etc/strongswan.d/charon/eap-peap.conf |
1972 | etc/strongswan.d/charon/eap-radius.conf |
1973 | etc/strongswan.d/charon/eap-tls.conf |
1974 | etc/strongswan.d/charon/eap-tnc.conf |
1975 | diff --git a/debian/libcharon-extra-plugins.maintscript b/debian/libcharon-extra-plugins.maintscript |
1976 | new file mode 100644 |
1977 | index 0000000..f6e7a3a |
1978 | --- /dev/null |
1979 | +++ b/debian/libcharon-extra-plugins.maintscript |
1980 | @@ -0,0 +1,8 @@ |
1981 | +rm_conffile /etc/strongswan.d/charon/eap-aka-3gpp2.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins |
1982 | +rm_conffile /etc/strongswan.d/charon/eap-sim-file.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins |
1983 | +rm_conffile /etc/strongswan.d/charon/eap-sim-pcsc.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins |
1984 | +rm_conffile /etc/strongswan.d/charon/eap-sim.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins |
1985 | +rm_conffile /etc/strongswan.d/charon/eap-simaka-pseudonym.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins |
1986 | +rm_conffile /etc/strongswan.d/charon/eap-simaka-reauth.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins |
1987 | +rm_conffile /etc/strongswan.d/charon/eap-simaka-sql.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins |
1988 | +rm_conffile /etc/strongswan.d/charon/xauth-noauth.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins |
1989 | diff --git a/debian/libstrongswan-extra-plugins.install b/debian/libstrongswan-extra-plugins.install |
1990 | index 2846e21..8f71239 100644 |
1991 | --- a/debian/libstrongswan-extra-plugins.install |
1992 | +++ b/debian/libstrongswan-extra-plugins.install |
1993 | @@ -9,6 +9,7 @@ usr/lib/ipsec/plugins/libstrongswan-curl.so |
1994 | usr/lib/ipsec/plugins/libstrongswan-curve25519.so |
1995 | usr/lib/ipsec/plugins/libstrongswan-gcrypt.so |
1996 | usr/lib/ipsec/plugins/libstrongswan-ldap.so |
1997 | +usr/lib/ipsec/plugins/libstrongswan-ntru.so |
1998 | usr/lib/ipsec/plugins/libstrongswan-pkcs11.so |
1999 | usr/lib/ipsec/plugins/libstrongswan-test-vectors.so |
2000 | usr/lib/ipsec/plugins/libstrongswan-tpm.so |
2001 | @@ -21,6 +22,7 @@ usr/share/strongswan/templates/config/plugins/curl.conf |
2002 | usr/share/strongswan/templates/config/plugins/curve25519.conf |
2003 | usr/share/strongswan/templates/config/plugins/gcrypt.conf |
2004 | usr/share/strongswan/templates/config/plugins/ldap.conf |
2005 | +usr/share/strongswan/templates/config/plugins/ntru.conf |
2006 | usr/share/strongswan/templates/config/plugins/pkcs11.conf |
2007 | usr/share/strongswan/templates/config/plugins/test-vectors.conf |
2008 | usr/share/strongswan/templates/config/plugins/tpm.conf |
2009 | @@ -32,6 +34,7 @@ etc/strongswan.d/charon/curl.conf |
2010 | etc/strongswan.d/charon/curve25519.conf |
2011 | etc/strongswan.d/charon/gcrypt.conf |
2012 | etc/strongswan.d/charon/ldap.conf |
2013 | +etc/strongswan.d/charon/ntru.conf |
2014 | etc/strongswan.d/charon/pkcs11.conf |
2015 | etc/strongswan.d/charon/test-vectors.conf |
2016 | etc/strongswan.d/charon/tpm.conf |
2017 | diff --git a/debian/rules b/debian/rules |
2018 | index 2fed1f1..8ca4bd7 100755 |
2019 | --- a/debian/rules |
2020 | +++ b/debian/rules |
2021 | @@ -15,9 +15,11 @@ CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \ |
2022 | --enable-curl \ |
2023 | --enable-eap-aka \ |
2024 | --enable-eap-gtc \ |
2025 | + --enable-eap-dynamic \ |
2026 | --enable-eap-identity \ |
2027 | --enable-eap-md5 \ |
2028 | --enable-eap-mschapv2 \ |
2029 | + --enable-eap-peap \ |
2030 | --enable-eap-radius \ |
2031 | --enable-eap-tls \ |
2032 | --enable-eap-tnc \ |
2033 | @@ -32,6 +34,7 @@ CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \ |
2034 | --enable-led \ |
2035 | --enable-lookip \ |
2036 | --enable-mediation \ |
2037 | + --enable-ntru \ |
2038 | --enable-openssl \ |
2039 | --enable-pkcs11 \ |
2040 | --enable-test-vectors \ |
I'll review this one.