Ubuntu
strongswan package

Merge ~lucaskanashiro/ubuntu/+source/strongswan:merge-kinetic into ubuntu/+source/strongswan:debian/sid

  1. Git
  2. lp:~lucaskanashiro/ubuntu/+source/strongswan
  3. merge-kinetic
  4. Merge into debian/sid
Proposed by Lucas Kanashiro
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merge reported by: Lucas Kanashiro
Merged at revision: fe75c1e006997228f5f841125e7fc020563b77ac
Proposed branch: ~lucaskanashiro/ubuntu/+source/strongswan:merge-kinetic
Merge into: ubuntu/+source/strongswan:debian/sid
Diff against target: 2040 lines (+1781/-3)
6 files modified
debian/changelog (+1753/-0)
debian/control (+8/-3)
debian/libcharon-extra-plugins.install (+6/-0)
debian/libcharon-extra-plugins.maintscript (+8/-0)
debian/libstrongswan-extra-plugins.install (+3/-0)
debian/rules (+3/-0)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Sergio Durigan Junior (community) Approve
Canonical Server Pending
Review via email: mp+424435@code.launchpad.net

Description of the change

Merge version 5.9.6-1 from Debian. One patch in our delta was dropped because it was applied by upstream, all the rest was kept.

PPA with the proposed package:

https://launchpad.net/~lucaskanashiro/+archive/ubuntu/testing/+packages

autopkgtest summary:

autopkgtest [15:42:47]: @@@@@@@@@@@@@@@@@@@@ summary
admin-strongswan-charon PASS
admin-strongswan-starter PASS
daemon PASS
plugins PASS

To post a comment you must log in.
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

I'll review this one.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks for the MP, Lucas.

I took the liberty to trigger autopkgtest runs for all supported architectures using your PPA, and everything has passed. The package builds, installs and upgrades OK.

I found the 2 Merge Requests you submitted to Debian a couple of years ago, and noticed that they seem stale. WDYT about pinging them?

I also looked at the list of open bugs for the package and everything seems OK. I left a comment on bug #1330486 because it's really old and looks abandoned.

There's a very small nit in the changelog entry, but otherwise everything LGTM.

+1

review: Approve
Revision history for this message
Lucas Kanashiro (lucaskanashiro) :
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Thanks for the review Sergio. I did ping some of the old MRs on salsa, let's see if the Debian maintainer will reply to them.

Package uploaded:

Uploading strongswan_5.9.6-1ubuntu1.dsc
Uploading strongswan_5.9.6.orig.tar.bz2
Uploading strongswan_5.9.6.orig.tar.bz2.asc
Uploading strongswan_5.9.6-1ubuntu1.debian.tar.xz
Uploading strongswan_5.9.6-1ubuntu1_source.buildinfo
Uploading strongswan_5.9.6-1ubuntu1_source.changes

Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: lucaskanashiro, sergiodj
Uploaders: lucaskanashiro, sergiodj
MP auto-approved

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 4a7616f..f63aa55 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,33 @@
1strongswan (5.9.6-1ubuntu1) kinetic; urgency=medium
2
3 * Merge with Debian unstable (LP: #1971328). Remaining changes:
4 - d/control: strongswan-starter hard-depends on strongswan-charon,
5 therefore bump the dependency from Recommends to Depends. At the same
6 time avoid a circular dependency by dropping
7 strongswan-charon->strongswan-starter from Depends to Recommends as the
8 binaries can work without the services but not vice versa.
9 - re-add post-quantum encryption algorithm (NTRU) (LP #1863749)
10 + d/control: mention plugins in package description
11 + d/rules: enable ntru at build time
12 + d/libstrongswan-extra-plugins.install: ship config and shared objects
13 - Re-enable eap-{dynamic,peap} libcharon plugins (LP #1878887)
14 + d/control: update libcharon-extra-plugins description.
15 + d/libcharon-extra-plugins.install: install .so and conf files.
16 + d/rules: add plugins to the configuration arguments.
17 - Remove conf files of plugins removed from libcharon-extra-plugins
18 + The conf file of the following plugins were removed: eap-aka-3gpp2,
19 eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym,
20 eap-simaka-reauth, eap-simaka-sql, xauth-noauth.
21 + Created d/libcharon-extra-plugins.maintscript to handle the removals
22 properly.
23 * Dropped:
24 - d/p/lp1964977-fix-ipsec-pki-segfault.patch: Fix "ipsec pki"
25 segmentation fault; don't access OpenSSL objects inside atexit()
26 handlers. (LP #1964977)
27 [included by upstream in version 5.9.6]
28
29 -- Lucas Kanashiro <kanashiro@ubuntu.com> Fri, 10 Jun 2022 15:03:17 -0300
30
1strongswan (5.9.6-1) unstable; urgency=medium31strongswan (5.9.6-1) unstable; urgency=medium
232
3 * New upstream version 5.9.633 * New upstream version 5.9.6
@@ -6,6 +36,42 @@ strongswan (5.9.6-1) unstable; urgency=medium
636
7 -- Yves-Alexis Perez <corsac@debian.org> Sat, 07 May 2022 20:19:18 +020037 -- Yves-Alexis Perez <corsac@debian.org> Sat, 07 May 2022 20:19:18 +0200
838
39strongswan (5.9.5-2ubuntu2) jammy; urgency=medium
40
41 * d/p/lp1964977-fix-ipsec-pki-segfault.patch: Fix "ipsec pki"
42 segmentation fault; don't access OpenSSL objects inside atexit()
43 handlers. (LP: #1964977)
44
45 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 18 Mar 2022 14:24:34 -0400
46
47strongswan (5.9.5-2ubuntu1) jammy; urgency=medium
48
49 * Merge with Debian unstable. Remaining changes:
50 - d/control: strongswan-starter hard-depends on strongswan-charon,
51 therefore bump the dependency from Recommends to Depends. At the same
52 time avoid a circular dependency by dropping
53 strongswan-charon->strongswan-starter from Depends to Recommends as the
54 binaries can work without the services but not vice versa.
55 - re-add post-quantum encryption algorithm (NTRU) (LP #1863749)
56 + d/control: mention plugins in package description
57 + d/rules: enable ntru at build time
58 + d/libstrongswan-extra-plugins.install: ship config and shared objects
59 - Re-enable eap-{dynamic,peap} libcharon plugins (LP: 1878887)
60 + d/control: update libcharon-extra-plugins description.
61 + d/libcharon-extra-plugins.install: install .so and conf files.
62 + d/rules: add plugins to the configuration arguments.
63 - Remove conf files of plugins removed from libcharon-extra-plugins
64 + The conf file of the following plugins were removed: eap-aka-3gpp2,
65 eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym,
66 eap-simaka-reauth, eap-simaka-sql, xauth-noauth.
67 + Created d/libcharon-extra-plugins.maintscript to handle the removals
68 properly.
69 * Dropped patches included in new version:
70 - debian/patches/CVE-2021-45079.patch
71 - debian/patches/load-legacy-provider-in-openssl3.patch
72
73 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 03 Feb 2022 10:49:49 -0500
74
9strongswan (5.9.5-2) unstable; urgency=medium75strongswan (5.9.5-2) unstable; urgency=medium
1076
11 * actually fix lintian overrides77 * actually fix lintian overrides
@@ -21,6 +87,60 @@ strongswan (5.9.5-1) unstable; urgency=medium
2187
22 -- Yves-Alexis Perez <corsac@debian.org> Wed, 26 Jan 2022 14:38:54 +010088 -- Yves-Alexis Perez <corsac@debian.org> Wed, 26 Jan 2022 14:38:54 +0100
2389
90strongswan (5.9.4-1ubuntu4) jammy; urgency=medium
91
92 * SECURITY UPDATE: Incorrect Handling of Early EAP-Success Messages
93 - debian/patches/CVE-2021-45079.patch: enforce failure if MSK
94 generation fails in src/libcharon/plugins/eap_gtc/eap_gtc.c,
95 src/libcharon/plugins/eap_md5/eap_md5.c,
96 src/libcharon/plugins/eap_radius/eap_radius.c,
97 src/libcharon/sa/eap/eap_method.h,
98 src/libcharon/sa/ikev2/authenticators/eap_authenticator.c.
99 - CVE-2021-45079
100
101 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 01 Feb 2022 07:23:37 -0500
102
103strongswan (5.9.4-1ubuntu3) jammy; urgency=medium
104
105 * No-change rebuild against libssl3
106
107 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 09 Dec 2021 00:19:38 +0000
108
109strongswan (5.9.4-1ubuntu2) jammy; urgency=medium
110
111 * Add d/p/load-legacy-provider-in-openssl3.patch.
112 Upstream cherry-pick to fix FTBFS against OpenSSL 3.0. (LP: #1946213)
113
114 -- Paride Legovini <paride@ubuntu.com> Wed, 17 Nov 2021 17:04:27 +0100
115
116strongswan (5.9.4-1ubuntu1) jammy; urgency=medium
117
118 * Merge with Debian unstable. Remaining changes:
119 - d/control: strongswan-starter hard-depends on strongswan-charon,
120 therefore bump the dependency from Recommends to Depends. At the same
121 time avoid a circular dependency by dropping
122 strongswan-charon->strongswan-starter from Depends to Recommends as the
123 binaries can work without the services but not vice versa.
124 - re-add post-quantum encryption algorithm (NTRU) (LP #1863749)
125 + d/control: mention plugins in package description
126 + d/rules: enable ntru at build time
127 + d/libstrongswan-extra-plugins.install: ship config and shared objects
128 - Re-enable eap-{dynamic,peap} libcharon plugins (LP: 1878887)
129 + d/control: update libcharon-extra-plugins description.
130 + d/libcharon-extra-plugins.install: install .so and conf files.
131 + d/rules: add plugins to the configuration arguments.
132 - Remove conf files of plugins removed from libcharon-extra-plugins
133 + The conf file of the following plugins were removed: eap-aka-3gpp2,
134 eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym,
135 eap-simaka-reauth, eap-simaka-sql, xauth-noauth.
136 + Created d/libcharon-extra-plugins.maintscript to handle the removals
137 properly.
138 * Dropped changes:
139 - Compile the tpm plugin against the tpm2 software stack (tss2).
140 Merged in Debian (5.9.4-1).
141
142 -- Paride Legovini <paride@ubuntu.com> Fri, 12 Nov 2021 12:34:30 +0100
143
24strongswan (5.9.4-1) unstable; urgency=medium144strongswan (5.9.4-1) unstable; urgency=medium
25145
26 [ Paride Legovini ]146 [ Paride Legovini ]
@@ -37,6 +157,62 @@ strongswan (5.9.4-1) unstable; urgency=medium
37157
38 -- Yves-Alexis Perez <corsac@debian.org> Tue, 19 Oct 2021 22:34:40 +0200158 -- Yves-Alexis Perez <corsac@debian.org> Tue, 19 Oct 2021 22:34:40 +0200
39159
160strongswan (5.9.1-1ubuntu3.1) impish-security; urgency=medium
161
162 * SECURITY UPDATE: Integer Overflow in gmp Plugin
163 - debian/patches/CVE-2021-41990.patch: reject RSASSA-PSS params with
164 negative salt length in
165 src/libstrongswan/credentials/keys/signature_params.c,
166 src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c.
167 - CVE-2021-41990
168 * SECURITY UPDATE: Integer Overflow When Replacing Certificates in Cache
169 - debian/patches/CVE-2021-41991.patch: prevent crash due to integer
170 overflow/sign change in
171 src/libstrongswan/credentials/sets/cert_cache.c.
172 - CVE-2021-41991
173
174 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 18 Oct 2021 13:10:30 -0400
175
176strongswan (5.9.1-1ubuntu3) impish; urgency=medium
177
178 * Compile the tpm plugin against the tpm2 software stack (tss2)
179 (Debian packaging cherry-pick, LP: #1940079)
180 - d/rules: add the --enable-tss-tss2 configure flag
181 - d/control: add Build-Depends: libtss2-dev
182
183 -- Paride Legovini <paride@ubuntu.com> Thu, 16 Sep 2021 11:40:38 +0200
184
185strongswan (5.9.1-1ubuntu2) impish; urgency=medium
186
187 * No-change rebuild due to OpenLDAP soname bump.
188
189 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 18:09:22 -0400
190
191strongswan (5.9.1-1ubuntu1) hirsute; urgency=medium
192
193 * Merge with Debian unstable. Remaining changes:
194 - d/control: strongswan-starter hard-depends on strongswan-charon,
195 therefore bump the dependency from Recommends to Depends. At the same
196 time avoid a circular dependency by dropping
197 strongswan-charon->strongswan-starter from Depends to Recommends as the
198 binaries can work without the services but not vice versa.
199 - re-add post-quantum encryption algorithm (NTRU) (LP: 1863749)
200 + d/control: mention plugins in package description
201 + d/rules: enable ntru at build time
202 + d/libstrongswan-extra-plugins.install: ship config and shared objects
203 - Re-enable eap-{dynamic,peap} libcharon plugins (LP: 1878887)
204 + d/control: update libcharon-extra-plugins description.
205 + d/libcharon-extra-plugins.install: install .so and conf files.
206 + d/rules: add plugins to the configuration arguments.
207 - Remove conf files of plugins removed from libcharon-extra-plugins
208 + The conf file of the following plugins were removed: eap-aka-3gpp2,
209 eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym,
210 eap-simaka-reauth, eap-simaka-sql, xauth-noauth.
211 + Created d/libcharon-extra-plugins.maintscript to handle the removals
212 properly.
213
214 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 19 Jan 2021 12:39:11 +0100
215
40strongswan (5.9.1-1) unstable; urgency=medium216strongswan (5.9.1-1) unstable; urgency=medium
41217
42 * New upstream version 5.9.1218 * New upstream version 5.9.1
@@ -51,6 +227,45 @@ strongswan (5.9.0-1) unstable; urgency=medium
51227
52 -- Yves-Alexis Perez <corsac@debian.org> Thu, 17 Sep 2020 10:21:30 +0200228 -- Yves-Alexis Perez <corsac@debian.org> Thu, 17 Sep 2020 10:21:30 +0200
53229
230strongswan (5.8.4-1ubuntu2) groovy; urgency=medium
231
232 * Re-enable eap-{dynamic,peap} libcharon plugins (LP: #1878887)
233 - d/control: update libcharon-extra-plugins description.
234 - d/libcharon-extra-plugins.install: install .so and conf files.
235 - d/rules: add plugins to the configuration arguments.
236 * Remove conf files of plugins removed from libcharon-extra-plugins
237 - The conf file of the following plugins were removed: eap-aka-3gpp2,
238 eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym,
239 eap-simaka-reauth, eap-simaka-sql, xauth-noauth.
240 - Created d/libcharon-extra-plugins.maintscript to handle the removals
241 properly.
242
243 -- Lucas Kanashiro <kanashiro@ubuntu.com> Thu, 21 May 2020 14:53:05 -0300
244
245strongswan (5.8.4-1ubuntu1) groovy; urgency=medium
246
247 * Merge with Debian unstable. Remaining changes:
248 - d/control: strongswan-starter hard-depends on strongswan-charon,
249 therefore bump the dependency from Recommends to Depends. At the same
250 time avoid a circular dependency by dropping
251 strongswan-charon->strongswan-starter from Depends to Recommends as the
252 binaries can work without the services but not vice versa.
253 - re-add post-quantum encryption algorithm (NTRU) (LP: 1863749)
254 + d/control: mention plugins in package description
255 + d/rules: enable ntru at build time
256 + d/libstrongswan-extra-plugins.install: ship config and shared objects
257 * Dropped:
258 - d/control: build-depend on libiptc-dev to avoid FTBFS (LP: #1861975)
259 This is needed due to changes in regard to Debian bug 947176 and 939243
260 and can later be dropped again.
261 [applied by Debian in version 5.8.2-2]
262 - d/control: Transition from former Ubuntu only libcharon-standard-plugins
263 to common libcharon-extauth-plugins (drop after 20.04)
264 - d/control: Transition from strongswan-tnc-* being in extra packages
265 to libcharon-extra-plugins (drop after 20.04)
266
267 -- Lucas Kanashiro <lucas.kanashiro@canonical.com> Thu, 30 Apr 2020 18:06:55 -0300
268
54strongswan (5.8.4-1) unstable; urgency=medium269strongswan (5.8.4-1) unstable; urgency=medium
55270
56 * New upstream version 5.8.4 (Closes: #956446)271 * New upstream version 5.8.4 (Closes: #956446)
@@ -66,6 +281,43 @@ strongswan (5.8.2-2) unstable; urgency=medium
66281
67 -- Yves-Alexis Perez <corsac@debian.org> Thu, 13 Feb 2020 22:46:40 +0100282 -- Yves-Alexis Perez <corsac@debian.org> Thu, 13 Feb 2020 22:46:40 +0100
68283
284strongswan (5.8.2-1ubuntu3) focal; urgency=medium
285
286 * Reverting part of 5.8.2-1ubuntu2 changes to remove BLISS again as
287 there is a potential local side-channel attack on strongSwan's BLISS
288 implementation (https://eprint.iacr.org/2017/505). (LP: #1866765)
289
290 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 10 Mar 2020 07:56:56 +0100
291
292strongswan (5.8.2-1ubuntu2) focal; urgency=medium
293
294 * re-add post-quantum computer signature scheme (BLISS) and encryption
295 algorithm (NTRU) as well as the dependent nttfft library (LP: #1863749)
296 - d/control: mention plugins in package description
297 - d/rules: enable ntru and bliss at build time
298 - d/libstrongswan-extra-plugins.install: ship config and shared objects
299
300 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 04 Mar 2020 07:54:26 +0100
301
302strongswan (5.8.2-1ubuntu1) focal; urgency=medium
303
304 * Merge with Debian unstable (LP: #1861971). Remaining changes:
305 - d/control: Transition from strongswan-tnc-* being in extra packages
306 to libcharon-extra-plugins (drop after 20.04)
307 - d/control: Transition from former Ubuntu only libcharon-standard-plugins
308 to common libcharon-extauth-plugins (drop after 20.04)
309 - d/control: strongswan-starter hard-depends on strongswan-charon,
310 therefore bump the dependency from Recommends to Depends. At the same
311 time avoid a circular dependency by dropping
312 strongswan-charon->strongswan-starter from Depends to Recommends as the
313 binaries can work without the services but not vice versa.
314 * Added Changes
315 - d/control: build-depend on libiptc-dev to avoid FTBFS (LP: #1861975)
316 This is needed due to changes in regard to Debian bug 947176 and 939243
317 and can later be dropped again.
318
319 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 05 Feb 2020 08:28:30 +0100
320
69strongswan (5.8.2-1) unstable; urgency=medium321strongswan (5.8.2-1) unstable; urgency=medium
70322
71 [ Jean-Michel Vourgère ]323 [ Jean-Michel Vourgère ]
@@ -82,6 +334,83 @@ strongswan (5.8.2-1) unstable; urgency=medium
82334
83 -- Yves-Alexis Perez <corsac@debian.org> Wed, 01 Jan 2020 14:35:46 +0100335 -- Yves-Alexis Perez <corsac@debian.org> Wed, 01 Jan 2020 14:35:46 +0100
84336
337strongswan (5.8.1-1ubuntu1) focal; urgency=medium
338
339 * Merge with Debian unstable (LP: #1852579). Remaining changes:
340 - d/control: Transition from strongswan-tnc-* being in extra packages
341 to libcharon-extra-plugins
342 * Added Changes:
343 - d/control: Transition from former Ubuntu only libcharon-standard-plugins
344 to common libcharon-extauth-plugins (drop after 20.04)
345 - d/control: strongswan-starter hard-depends on strongswan-charon,
346 therefore bump the dependency from Recommends to Depends. At the same
347 time avoid a circular dependency by dropping
348 strongswan-charon->strongswan-starter from Depends to Recommends as the
349 binaries can work without the services but not vice versa.
350 * Dropped Changes (now in Debian):
351 - Clean up d/strongswan-starter.postinst: section about runlevel changes
352 - Clean up d/strongswan-starter.postinst: Removed entire section on
353 opportunistic encryption disabling - this was never in strongSwan and
354 won't be see upstream issue #2160.
355 - d/rules: Removed patching ipsec.conf on build (not using the
356 debconf-managed config.)
357 - d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was
358 used for debconf-managed include of private key).
359 - Add plugin kernel-libipsec to allow the use of strongswan in containers
360 via this userspace implementation (please do note that this is still
361 considered experimental by upstream).
362 + d/libcharon-extra-plugins.install: Add kernel-libipsec components
363 + d/control: List kernel-libipsec plugin at extra plugins description
364 + d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
365 upstream recommends to not load kernel-libipsec by default.
366 - d/control: Mention mgf1 plugin which is in libstrongswan now
367 - Complete the disabling of libfast; This was partially accepted in Debian,
368 it is no more packaging medcli and medsrv, but still builds and
369 mentions it.
370 + d/rules: Add --disable-fast to avoid build time and dependencies
371 + d/control: Remove medcli, medsrv from package description
372 - Add now built (since 5.5.1) libraries libtpmtss and nttfft to
373 libstrongswan-extra-plugins (no deps from default plugins).
374 - d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
375 plugins for the most common use cases from extra-plugins into a new
376 standard-plugins package. This will allow those use cases without pulling
377 in too much more plugins (a bit like the tnc package). Recommend that
378 package from strongswan-libcharon.
379 - d/usr.lib.ipsec.charon: allow reading of own FDs (LP 1786250)
380 - d/usr.sbin.charon-systemd: allow CLUSTERIP for ha plugin (LP 1773956)
381 - executables need to be able to read map and execute themselves otherwise
382 execution in some environments e.g. containers is blocked (LP 1780534)
383 + d/usr.lib.ipsec.stroke: add rmix permission to stroke binary
384 + d/usr.lib.ipsec.lookip: add rmix permission to lookip binary
385 - d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: resync apparmor
386 profiles of both ways to start charon (LP 1807664)
387 - d/usr.sbin.swanctl: add apparmor rule for af-alg plugin (LP 1807962)
388 - We fixed up tpmtss and nttfft in the past, but tpmtss is now packaged in
389 Debian so this part was be dropped. Two changes remain
390 - d/control: fix the mentioning of tpmtss in d/control
391 - apparmor fixes for container and root usage (LP 1826238)
392 + d/usr.sbin.swanctl: allow reading own binary
393 + d/usr.sbin.charon-systemd: allow accessing the binary
394 + d/usr.sbin.swanctl: add attach_disconnected to work inside containers
395 + d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: add CAP_SETPCAP
396 to apparmor to allow dropping caps
397 * Dropped Changes (too uncommon to support by default)
398 - d/libstrongswan.install: Add kernel-netlink configuration files
399 - d/usr.sbin.charon-systemd: allow to contact mysql for sql and
400 attr-sql plugins (LP 1766240) - no more needed as itisn't enabled.
401 - Mass enablement of extra plugins and features to allow a user to use
402 strongswan for a variety of extra use cases without having to rebuild.
403 + d/control: Add required additional build-deps
404 + d/control: Mention addtionally enabled plugins
405 + d/rules: Enable features at configure stage
406 + d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
407 + d/libstrongswan.install: Add plugins (so, conf)
408 + d/strongswan-starter.install: Install pool feature, which is useful
409 since we now have attr-sql plugin enabled it.
410 - Enable additional TNC plugins and add them to libcharon-extra-plugins
411
412 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 14 Nov 2019 15:00:15 +0100
413
85strongswan (5.8.1-1) unstable; urgency=medium414strongswan (5.8.1-1) unstable; urgency=medium
86415
87 * d/rules: disable http and stream tests under CI416 * d/rules: disable http and stream tests under CI
@@ -151,6 +480,99 @@ strongswan (5.8.0-1) unstable; urgency=medium
151480
152 -- Yves-Alexis Perez <corsac@debian.org> Mon, 26 Aug 2019 12:58:23 +0200481 -- Yves-Alexis Perez <corsac@debian.org> Mon, 26 Aug 2019 12:58:23 +0200
153482
483strongswan (5.7.2-1ubuntu3) eoan; urgency=medium
484
485 * No change rebuild for libmysqlclient21.
486
487 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 15 Aug 2019 09:34:34 +0200
488
489strongswan (5.7.2-1ubuntu2) eoan; urgency=medium
490
491 * Rebuild against new libjson-c4.
492
493 -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 01 Jul 2019 10:53:07 +0200
494
495strongswan (5.7.2-1ubuntu1) eoan; urgency=medium
496
497 [ Christian Ehrhardt ]
498 * Merge with Debian unstable. Remaining changes:
499 - Clean up d/strongswan-starter.postinst: section about runlevel changes
500 - Clean up d/strongswan-starter.postinst: Removed entire section on
501 opportunistic encryption disabling - this was never in strongSwan and
502 won't be see upstream issue #2160.
503 - d/rules: Removed patching ipsec.conf on build (not using the
504 debconf-managed config.)
505 - d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was
506 used for debconf-managed include of private key).
507 - Mass enablement of extra plugins and features to allow a user to use
508 strongswan for a variety of extra use cases without having to rebuild.
509 + d/control: Add required additional build-deps
510 + d/control: Mention addtionally enabled plugins
511 + d/rules: Enable features at configure stage
512 + d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
513 + d/libstrongswan.install: Add plugins (so, conf)
514 + d/strongswan-starter.install: Install pool feature, which is useful
515 since we now have attr-sql plugin enabled it.
516 - Add plugin kernel-libipsec to allow the use of strongswan in containers
517 via this userspace implementation (please do note that this is still
518 considered experimental by upstream).
519 + d/libcharon-extra-plugins.install: Add kernel-libipsec components
520 + d/control: List kernel-libipsec plugin at extra plugins description
521 + d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
522 upstream recommends to not load kernel-libipsec by default.
523 - d/libstrongswan.install: Add kernel-netlink configuration files
524 - Complete the disabling of libfast; This was partially accepted in Debian,
525 it is no more packaging medcli and medsrv, but still builds and
526 mentions it.
527 + d/rules: Add --disable-fast to avoid build time and dependencies
528 + d/control: Remove medcli, medsrv from package description
529 - d/control: Mention mgf1 plugin which is in libstrongswan now
530 - Add now built (since 5.5.1) libraries libtpmtss and nttfft to
531 libstrongswan-extra-plugins (no deps from default plugins).
532 - d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
533 plugins for the most common use cases from extra-plugins into a new
534 standard-plugins package. This will allow those use cases without pulling
535 in too much more plugins (a bit like the tnc package). Recommend that
536 package from strongswan-libcharon.
537 - d/usr.sbin.charon-systemd: allow to contact mysql for sql and
538 attr-sql plugins (LP #1766240)
539 - d/usr.lib.ipsec.charon: allow reading of own FDs (LP #1786250)
540 - d/usr.sbin.charon-systemd: allow CLUSTERIP for ha plugin (LP: 1773956)
541 - executables need to be able to read map and execute themselves otherwise
542 execution in some environments e.g. containers is blocked (LP: 1780534)
543 + d/usr.lib.ipsec.stroke: add rmix permission to stroke binary
544 + d/usr.lib.ipsec.lookip: add rmix permission to lookip binary
545 - d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: resync apparmor
546 profiles of both ways to start charon (LP: 1807664)
547 - d/usr.sbin.swanctl: add apparmor rule for af-alg plugin (LP: 1807962)
548 * Dropped changes
549 - d/p/lp1795813-mysql-Don-t-release-the-connection-if-transactions-a.patch:
550 fix SIGSEGV when using mysql plugin (LP: 1795813)
551 [upstream in 5.7.2]
552 - d/libstrongswan.install: Reorder conf and .so alphabetically
553 [was a non functional change, dropped to avoid merge noise]
554 - Relocate tnc plugin
555 [TNC is back at libcharon-extra-plugins as it is in Debian]
556 * Added changes:
557 - We fixed up tpmtss and nttfft in the past, but tpmtss is now packaged in
558 Debian so this part was be dropped. Two changes remain
559 - d/control: fix the mentioning of tpmtss in d/control
560 - add nttfft (can be merged with the mass enablement change later)
561 - Transitional packages to go back from strongswan-tnc-* being in extra
562 packages to be part of libcharon-extra-plugins.
563 [can be dropped after 20.04]
564
565 [ Simon Deziel ]
566 * Added changes:
567 - apparmor fixes for container and root usage (LP: #1826238)
568 + d/usr.sbin.swanctl: allow reading own binary
569 + d/usr.sbin.charon-systemd: allow accessing the binary
570 + d/usr.sbin.swanctl: add attach_disconnected to work inside containers
571 + d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: add CAP_SETPCAP
572 to apparmor to allow dropping caps
573
574 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 26 Apr 2019 11:31:17 +0200
575
154strongswan (5.7.2-1) unstable; urgency=medium576strongswan (5.7.2-1) unstable; urgency=medium
155577
156 * d/control: remove Rene from Uploaders, thanks!578 * d/control: remove Rene from Uploaders, thanks!
@@ -169,6 +591,86 @@ strongswan (5.7.2-1) unstable; urgency=medium
169591
170 -- Yves-Alexis Perez <corsac@debian.org> Wed, 02 Jan 2019 13:02:11 +0100592 -- Yves-Alexis Perez <corsac@debian.org> Wed, 02 Jan 2019 13:02:11 +0100
171593
594strongswan (5.7.1-1ubuntu2) disco; urgency=medium
595
596 * d/usr.sbin.charon-systemd: fix rule for CLUSTERIP to match effective
597 path (LP: #1773956)
598 * d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: resync apparmor
599 profiles of both ways to start charon (LP: #1807664)
600 * d/usr.sbin.swanctl: add apparmor rule for af-alg plugin (LP: #1807962)
601
602 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 10 Dec 2018 08:30:01 +0100
603
604strongswan (5.7.1-1ubuntu1) disco; urgency=medium
605
606 * Merge with Debian unstable (LP: #1806401). Remaining changes:
607 - Clean up d/strongswan-starter.postinst: section about runlevel changes
608 - Clean up d/strongswan-starter.postinst: Removed entire section on
609 opportunistic encryption disabling - this was never in strongSwan and
610 won't be see upstream issue #2160.
611 - d/rules: Removed patching ipsec.conf on build (not using the
612 debconf-managed config.)
613 - d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was
614 used for debconf-managed include of private key).
615 - Mass enablement of extra plugins and features to allow a user to use
616 strongswan for a variety of extra use cases without having to rebuild.
617 + d/control: Add required additional build-deps
618 + d/control: Mention addtionally enabled plugins
619 + d/rules: Enable features at configure stage
620 + d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
621 + d/libstrongswan.install: Add plugins (so, conf)
622 - d/strongswan-starter.install: Install pool feature, which is useful since
623 we have attr-sql plugin enabled as well using it.
624 - Add plugin kernel-libipsec to allow the use of strongswan in containers
625 via this userspace implementation (please do note that this is still
626 considered experimental by upstream).
627 + d/libcharon-extra-plugins.install: Add kernel-libipsec components
628 + d/control: List kernel-libipsec plugin at extra plugins description
629 + d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
630 upstream recommends to not load kernel-libipsec by default.
631 - Relocate tnc plugin
632 + debian/libcharon-extra-plugins.install: Drop tnc from extra plugins
633 + Add new subpackage for TNC in d/strongswan-tnc-* and d/control
634 - d/libstrongswan.install: Reorder conf and .so alphabetically
635 - d/libstrongswan.install: Add kernel-netlink configuration files
636 - Complete the disabling of libfast; This was partially accepted in Debian,
637 it is no more packaging medcli and medsrv, but still builds and
638 mentions it.
639 + d/rules: Add --disable-fast to avoid build time and dependencies
640 + d/control: Remove medcli, medsrv from package description
641 - d/control: Mention mgf1 plugin which is in libstrongswan now
642 - Add now built (since 5.5.1) libraries libtpmtss and nttfft to
643 libstrongswan-extra-plugins (no deps from default plugins).
644 - d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
645 plugins for the most common use cases from extra-plugins into a new
646 standard-plugins package. This will allow those use cases without pulling
647 in too much more plugins (a bit like the tnc package). Recommend that
648 package from strongswan-libcharon.
649 - d/usr.sbin.charon-systemd: allow to contact mysql for sql and
650 attr-sql plugins (LP #1766240)
651 - d/usr.lib.ipsec.charon: allow reading of own FDs (LP #1786250)
652 * Added Changes:
653 - d/p/lp1795813-mysql-Don-t-release-the-connection-if-transactions-a.patch:
654 fix SIGSEGV when using mysql plugin (LP: #1795813)
655 - d/usr.sbin.charon-systemd: allow CLUSTERIP for ha plugin (LP: #1773956)
656 - executables need to be able to read map and execute themselves otherwise
657 execution in some environments e.g. containers is blocked (LP: #1780534)
658 + d/usr.lib.ipsec.stroke: add rmix permission to stroke binary
659 + d/usr.lib.ipsec.lookip: add rmix permission to lookip binary
660 - adapt "mass enablement of extra plugins" to match 5.7.x changes
661 + d/rules: use new options for swima instead of swid
662 + d/strongswan-tnc-server.install: add new sec updater tool
663 + d/strongswan-tnc-client.install: add new sw-collector tool
664 * Dropped (in Debian now):
665 - SECURITY UPDATE: Insufficient input validation in gmp plugin
666 (CVE-2018-17540)
667 - SECURITY UPDATE: Insufficient input validation in gmp plugin
668 (CVE-2018-16151 CVE-2018-16152)
669 - d/usr.lib.ipsec.charon, d/usr/sbin/charon-systemd: Add support for
670 usr-merge, thanks to Christian Ehrhardt. LP #1784023
671
672 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 03 Dec 2018 15:18:31 +0100
673
172strongswan (5.7.1-1) unstable; urgency=medium674strongswan (5.7.1-1) unstable; urgency=medium
173675
174 [ Ondřej Nový ]676 [ Ondřej Nový ]
@@ -199,6 +701,96 @@ strongswan (5.7.0-1) unstable; urgency=medium
199701
200 -- Yves-Alexis Perez <corsac@debian.org> Mon, 24 Sep 2018 16:36:28 +0200702 -- Yves-Alexis Perez <corsac@debian.org> Mon, 24 Sep 2018 16:36:28 +0200
201703
704strongswan (5.6.3-1ubuntu5) disco; urgency=medium
705
706 * No-change rebuild against libunbound8
707
708 -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 11 Nov 2018 09:01:53 +0000
709
710strongswan (5.6.3-1ubuntu4) cosmic; urgency=medium
711
712 * d/usr.lib.ipsec.charon: allow reading of own FDs (LP: #1786250)
713 Thanks to Matt Callaghan.
714
715 -- Andreas Hasenack <andreas@canonical.com> Thu, 04 Oct 2018 10:34:01 -0300
716
717strongswan (5.6.3-1ubuntu3) cosmic; urgency=medium
718
719 * SECURITY UPDATE: Insufficient input validation in gmp plugin
720 - debian/patches/strongswan-4.4.0-5.7.0_gmp-pkcs1-overflow.patch: fix
721 buffer overflow with very small RSA keys in
722 src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c.
723 - CVE-2018-17540
724
725 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 01 Oct 2018 13:23:59 -0400
726
727strongswan (5.6.3-1ubuntu2) cosmic; urgency=medium
728
729 * SECURITY UPDATE: Insufficient input validation in gmp plugin
730 - debian/patches/strongswan-5.6.1-5.6.3_gmp-pkcs1-verify.patch: don't
731 parse PKCS1 v1.5 RSA signatures to verify them in
732 src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c,
733 src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c.
734 - CVE-2018-16151
735 - CVE-2018-16152
736
737 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 25 Sep 2018 10:16:15 -0400
738
739strongswan (5.6.3-1ubuntu1) cosmic; urgency=medium
740
741 * Merge with Debian unstable. Remaining changes:
742 - Clean up d/strongswan-starter.postinst: section about runlevel changes
743 - Clean up d/strongswan-starter.postinst: Removed entire section on
744 opportunistic encryption disabling - this was never in strongSwan and
745 won't be see upstream issue #2160.
746 - d/rules: Removed patching ipsec.conf on build (not using the
747 debconf-managed config.)
748 - d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was
749 used for debconf-managed include of private key).
750 - Mass enablement of extra plugins and features to allow a user to use
751 strongswan for a variety of extra use cases without having to rebuild.
752 + d/control: Add required additional build-deps
753 + d/control: Mention addtionally enabled plugins
754 + d/rules: Enable features at configure stage
755 + d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
756 + d/libstrongswan.install: Add plugins (so, conf)
757 - d/strongswan-starter.install: Install pool feature, which is useful since
758 we have attr-sql plugin enabled as well using it.
759 - Add plugin kernel-libipsec to allow the use of strongswan in containers
760 via this userspace implementation (please do note that this is still
761 considered experimental by upstream).
762 + d/libcharon-extra-plugins.install: Add kernel-libipsec components
763 + d/control: List kernel-libipsec plugin at extra plugins description
764 + d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
765 upstream recommends to not load kernel-libipsec by default.
766 - Relocate tnc plugin
767 + debian/libcharon-extra-plugins.install: Drop tnc from extra plugins
768 + Add new subpackage for TNC in d/strongswan-tnc-* and d/control
769 - d/libstrongswan.install: Reorder conf and .so alphabetically
770 - d/libstrongswan.install: Add kernel-netlink configuration files
771 - Complete the disabling of libfast; This was partially accepted in Debian,
772 it is no more packaging medcli and medsrv, but still builds and
773 mentions it.
774 + d/rules: Add --disable-fast to avoid build time and dependencies
775 + d/control: Remove medcli, medsrv from package description
776 - d/control: Mention mgf1 plugin which is in libstrongswan now
777 - Add now built (since 5.5.1) libraries libtpmtss and nttfft to
778 libstrongswan-extra-plugins (no deps from default plugins).
779 - d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
780 plugins for the most common use cases from extra-plugins into a new
781 standard-plugins package. This will allow those use cases without pulling
782 in too much more plugins (a bit like the tnc package). Recommend that
783 package from strongswan-libcharon.
784 - d/usr.sbin.charon-systemd: allow to contact mysql for sql and
785 attr-sql plugins (LP #1766240)
786 - d/usr.lib.ipsec.charon, d/usr/sbin/charon-systemd: Add support for
787 usr-merge, thanks to Christian Ehrhardt. LP #1784023
788 * Dropped:
789 - d/usr.sbin.charon-systemd: allow systemd notifications (LP: #1765652)
790 [Fixed in 5.6.3-1]
791
792 -- Andreas Hasenack <andreas@canonical.com> Thu, 23 Aug 2018 13:05:11 -0300
793
202strongswan (5.6.3-1) unstable; urgency=medium794strongswan (5.6.3-1) unstable; urgency=medium
203795
204 * New upstream version 5.6.2796 * New upstream version 5.6.2
@@ -214,6 +806,78 @@ strongswan (5.6.3-1) unstable; urgency=medium
214806
215 -- Yves-Alexis Perez <corsac@debian.org> Mon, 04 Jun 2018 10:23:22 +0200807 -- Yves-Alexis Perez <corsac@debian.org> Mon, 04 Jun 2018 10:23:22 +0200
216808
809strongswan (5.6.2-2ubuntu2) cosmic; urgency=medium
810
811 * Add support for usr-merge, thanks to Christian Ehrhardt. LP: #1784023
812
813 -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 21 Aug 2018 00:42:38 +0100
814
815strongswan (5.6.2-2ubuntu1) cosmic; urgency=medium
816
817 * Merge with Debian unstable, closes LP: #1773814 and LP: #1772705.
818 Remaining changes:
819 + Clean up d/strongswan-starter.postinst: section about runlevel changes
820 + Clean up d/strongswan-starter.postinst: Removed entire section on
821 opportunistic encryption disabling - this was never in strongSwan and
822 won't be see upstream issue #2160.
823 + d/rules: Removed patching ipsec.conf on build (not using the
824 debconf-managed config.)
825 + d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was
826 used for debconf-managed include of private key).
827 + Mass enablement of extra plugins and features to allow a user to use
828 strongswan for a variety of extra use cases without having to rebuild.
829 - d/control: Add required additional build-deps
830 - d/control: Mention addtionally enabled plugins
831 - d/rules: Enable features at configure stage
832 - d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
833 - d/libstrongswan.install: Add plugins (so, conf)
834 + d/strongswan-starter.install: Install pool feature, which is useful since
835 we have attr-sql plugin enabled as well using it.
836 + Add plugin kernel-libipsec to allow the use of strongswan in containers
837 via this userspace implementation (please do note that this is still
838 considered experimental by upstream).
839 - d/libcharon-extra-plugins.install: Add kernel-libipsec components
840 - d/control: List kernel-libipsec plugin at extra plugins description
841 - d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
842 upstream recommends to not load kernel-libipsec by default.
843 + Relocate tnc plugin
844 - debian/libcharon-extra-plugins.install: Drop tnc from extra plugins
845 - Add new subpackage for TNC in d/strongswan-tnc-* and d/control
846 + d/libstrongswan.install: Reorder conf and .so alphabetically
847 + d/libstrongswan.install: Add kernel-netlink configuration files
848 + Complete the disabling of libfast; This was partially accepted in Debian,
849 it is no more packaging medcli and medsrv, but still builds and
850 mentions it.
851 - d/rules: Add --disable-fast to avoid build time and dependencies
852 - d/control: Remove medcli, medsrv from package description
853 + d/control: Mention mgf1 plugin which is in libstrongswan now
854 + Add now built (since 5.5.1) libraries libtpmtss and nttfft to
855 libstrongswan-extra-plugins (no deps from default plugins).
856 + d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
857 plugins for the most common use cases from extra-plugins into a new
858 standard-plugins package. This will allow those use cases without pulling
859 in too much more plugins (a bit like the tnc package). Recommend that
860 package from strongswan-libcharon.
861 * Dropped Changes (no more needed after 18.04)
862 + Add rm_conffile for /etc/init.d/ipsec (transition from precies had
863 missed that, droppable after 18.04)
864 + d/control: bump breaks/replaces from libstrongswan-extra-plugins to
865 libstrongswan as we dropped relocating ccm and test-vectors.
866 (droppable >18.04).
867 + d/control: add breaks/replace from libstrongswan to
868 libstrongswan-extra-plugins for the move of mgf1 to libstrongswan.
869 (droppable >18.04).
870 + d/control: bump breaks/replaces for the move of the updown plugin
871 (Missed Changelog entry on last merge)
872 + d/control: fix dependencies of strongswan-libcharon due to the move
873 the updown plugin (droppable >18.04).
874 * Added Changes:
875 + d/usr.sbin.charon-systemd: allow to contact mysql for sql and
876 attr-sql plugins (LP: #1766240)
877 + d/usr.sbin.charon-systemd: allow systemd notifications (LP: #1765652)
878
879 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 29 May 2018 08:21:42 +0200
880
217strongswan (5.6.2-2) unstable; urgency=medium881strongswan (5.6.2-2) unstable; urgency=medium
218882
219 * charon-nm: Fix building list of DNS/MDNS servers with libnm883 * charon-nm: Fix building list of DNS/MDNS servers with libnm
@@ -224,6 +888,74 @@ strongswan (5.6.2-2) unstable; urgency=medium
224888
225 -- Yves-Alexis Perez <corsac@debian.org> Fri, 13 Apr 2018 13:46:04 +0200889 -- Yves-Alexis Perez <corsac@debian.org> Fri, 13 Apr 2018 13:46:04 +0200
226890
891strongswan (5.6.2-1ubuntu2) bionic; urgency=medium
892
893 * d/control: fix dependencies of strongswan-libcharon due to the move
894 the updown plugin.
895
896 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 20 Mar 2018 07:37:29 +0100
897
898strongswan (5.6.2-1ubuntu1) bionic; urgency=medium
899
900 * Merge with Debian unstable (LP: #1753018). Remaining changes:
901 + Clean up d/strongswan-starter.postinst: section about runlevel changes
902 + Clean up d/strongswan-starter.postinst: Removed entire section on
903 opportunistic encryption disabling - this was never in strongSwan and
904 won't be see upstream issue #2160.
905 + Ubuntu is not using the debconf triggered private key generation
906 - d/rules: Removed patching ipsec.conf on build (not using the
907 debconf-managed config.)
908 - d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was
909 used for debconf-managed include of private key).
910 + Mass enablement of extra plugins and features to allow a user to use
911 strongswan for a variety of extra use cases without having to rebuild.
912 - d/control: Add required additional build-deps
913 - d/control: Mention addtionally enabled plugins
914 - d/rules: Enable features at configure stage
915 - d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
916 - d/libstrongswan.install: Add plugins (so, conf)
917 + d/strongswan-starter.install: Install pool feature, which is useful since
918 we have attr-sql plugin enabled as well using it.
919 + Add plugin kernel-libipsec to allow the use of strongswan in containers
920 via this userspace implementation (please do note that this is still
921 considered experimental by upstream).
922 - d/libcharon-extra-plugins.install: Add kernel-libipsec components
923 - d/control: List kernel-libipsec plugin at extra plugins description
924 - d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
925 upstream recommends to not load kernel-libipsec by default.
926 + Relocate tnc plugin
927 - debian/libcharon-extra-plugins.install: Drop tnc from extra plugins
928 - Add new subpackage for TNC in d/strongswan-tnc-* and d/control
929 + d/libstrongswan.install: Reorder conf and .so alphabetically
930 + d/libstrongswan.install: Add kernel-netlink configuration files
931 + Complete the disabling of libfast; This was partially accepted in Debian,
932 it is no more packaging medcli and medsrv, but still builds and
933 mentions it.
934 - d/rules: Add --disable-fast to avoid build time and dependencies
935 - d/control: Remove medcli, medsrv from package description
936 + d/control: Mention mgf1 plugin which is in libstrongswan now
937 + Add now built (since 5.5.1) libraries libtpmtss and nttfft to
938 libstrongswan-extra-plugins (no deps from default plugins).
939 + Add rm_conffile for /etc/init.d/ipsec (transition from precies had
940 missed that, droppable after 18.04)
941 + d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
942 plugins for the most common use cases from extra-plugins into a new
943 standard-plugins package. This will allow those use cases without pulling
944 in too much more plugins (a bit like the tnc package). Recommend that
945 package from strongswan-libcharon.
946 + d/control: bump breaks/replaces from libstrongswan-extra-plugins to
947 libstrongswan as we dropped relocating ccm and test-vectors.
948 (droppable >18.04).
949 + d/control: add breaks/replace from libstrongswan to
950 libstrongswan-extra-plugins for the move of mgf1 to libstrongswan.
951 (droppable >18.04).
952 * Added Changes:
953 + d/control: bump breaks/replaces from strongswan-libcharon to strongswan-
954 starter as we followed Debian to move the updown plugin but need to
955 match Ubuntu versions (Droppable >18.04).
956
957 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 16 Mar 2018 11:08:47 +0100
958
227strongswan (5.6.2-1) unstable; urgency=medium959strongswan (5.6.2-1) unstable; urgency=medium
228960
229 * d/NEWS: add information about disabled algorithms (closes: #883072)961 * d/NEWS: add information about disabled algorithms (closes: #883072)
@@ -246,6 +978,129 @@ strongswan (5.6.1-3) unstable; urgency=medium
246978
247 -- Yves-Alexis Perez <corsac@debian.org> Sun, 17 Dec 2017 16:40:39 +0100979 -- Yves-Alexis Perez <corsac@debian.org> Sun, 17 Dec 2017 16:40:39 +0100
248980
981strongswan (5.6.1-2ubuntu4) bionic; urgency=medium
982
983 * SECURITY UPDATE: DoS via crafted RSASSA-PSS signature
984 - debian/patches/CVE-2018-6459.patch: Properly handle MGF1 algorithm
985 identifier without parameters in
986 src/libstrongswan/credentials/keys/signature_params.c.
987 - CVE-2018-6459
988
989 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 07 Mar 2018 14:52:02 +0100
990
991strongswan (5.6.1-2ubuntu3) bionic; urgency=medium
992
993 * No-change rebuild against libcurl4
994
995 -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 28 Feb 2018 08:52:09 +0000
996
997strongswan (5.6.1-2ubuntu2) bionic; urgency=high
998
999 * No change rebuild against openssl1.1.
1000
1001 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 12 Feb 2018 16:00:24 +0000
1002
1003strongswan (5.6.1-2ubuntu1) bionic; urgency=medium
1004
1005 * Merge with Debian unstable (LP: #1717343).
1006 Also fixes and issue with multiple psk's (LP: #1734207). Remaining changes:
1007 + Clean up d/strongswan-starter.postinst: section about runlevel changes
1008 + Clean up d/strongswan-starter.postinst: Removed entire section on
1009 opportunistic encryption disabling - this was never in strongSwan and
1010 won't be see upstream issue #2160.
1011 + Ubuntu is not using the debconf triggered private key generation
1012 - d/rules: Removed patching ipsec.conf on build (not using the
1013 debconf-managed config.)
1014 - d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was
1015 used for debconf-managed include of private key).
1016 + Mass enablement of extra plugins and features to allow a user to use
1017 strongswan for a variety of extra use cases without having to rebuild.
1018 - d/control: Add required additional build-deps
1019 - d/control: Mention addtionally enabled plugins
1020 - d/rules: Enable features at configure stage
1021 - d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
1022 - d/libstrongswan.install: Add plugins (so, conf)
1023 + d/strongswan-starter.install: Install pool feature, which is useful since
1024 we have attr-sql plugin enabled as well using it.
1025 + Add plugin kernel-libipsec to allow the use of strongswan in containers
1026 via this userspace implementation (please do note that this is still
1027 considered experimental by upstream).
1028 - d/libcharon-extra-plugins.install: Add kernel-libipsec components
1029 - d/control: List kernel-libipsec plugin at extra plugins description
1030 - d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
1031 upstream recommends to not load kernel-libipsec by default.
1032 + Relocate tnc plugin
1033 - debian/libcharon-extra-plugins.install: Drop tnc from extra plugins
1034 - Add new subpackage for TNC in d/strongswan-tnc-* and d/control
1035 + d/libstrongswan.install: Reorder conf and .so alphabetically
1036 + d/libstrongswan.install: Add kernel-netlink configuration files
1037 + Complete the disabling of libfast; This was partially accepted in Debian,
1038 it is no more packaging medcli and medsrv, but still builds and
1039 mentions it.
1040 - d/rules: Add --disable-fast to avoid build time and dependencies
1041 - d/control: Remove medcli, medsrv from package description
1042 + d/control: Mention mgf1 plugin which is in libstrongswan now
1043 + Add now built (since 5.5.1) libraries libtpmtss and nttfft to
1044 libstrongswan-extra-plugins (no deps from default plugins).
1045 + Add rm_conffile for /etc/init.d/ipsec (transition from precies had
1046 missed that, droppable after 18.04)
1047 + d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
1048 plugins for the most common use cases from extra-plugins into a new
1049 standard-plugins package. This will allow those use cases without pulling
1050 in too much more plugins (a bit like the tnc package). Recommend that
1051 package from strongswan-libcharon.
1052 * Added changes:
1053 + d/strongswan-tnc-client.install (relocate tnc) swidtag creation changed
1054 in 5.6
1055 + d/strongswan-tnc-server.install (relocate tnc) pacman no more needed
1056 + d/control: bump breaks/replaces from libstrongswan-extra-plugins to
1057 libstrongswan as we dropped relocating ccm and test-vectors.
1058 (droppable >18.04).
1059 - d/control: add breaks/replace from libstrongswan to
1060 libstrongswan-extra-plugins for the move of mgf1 to libstrongswan.
1061 (droppable >18.04).
1062 * Dropped changes:
1063 + Update init/service handling (debian default matches Ubuntu past now)
1064 Dropping this fixes (LP: #1734886)
1065 - d/rules: Change init/systemd program name to strongswan
1066 - d/strongswan-starter.strongswan.service: Add new systemd file instead of
1067 patching upstream
1068 - d/strongswan-starter.links: Removed, use Ubuntu systemd file instead of
1069 linking to upstream
1070 + d/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call
1071 (this is a never failing no-op for us, no need for Delta).
1072 + d/strongswan-starter.prerm: Stop strongswan service on package removal
1073 (ipsec now maps to strongswan service, so this works as-is).
1074 + Clean up d/strongswan-starter.postinst: rename service ipsec to
1075 strongswan (ipsec now maps to strongswan service, so this works as-is)
1076 + Clean up d/strongswan-starter.postinst: daemon enable/disable (the
1077 whole section is disabled, so no need for delta)
1078 + (is upstream) CVE-2017-11185 patches
1079 + (is upstream) FTBFS upstream fix for changed include files
1080 + (is upstream) debian/patches/increase-bliss-test-timeout.patch: Under
1081 QEMU/KVM autopkgtest the bliss test takes longer than the default
1082 + (in Debian) add now built (since 5.5.1) mgf1 plugin to
1083 libstrongswan-extra-plugins.
1084 + (in Debian) d/strongswan-starter.install: install stroke apparmor profile
1085 + (this was enabled as part of the former delta, squash changes to no-up)
1086 d/rules: Disable duplicheck.
1087 + (not needed) Relocate plugins test-vectors from extra-plugins to
1088 libstrongswan
1089 - d/libstrongswan-extra-plugins.install: Remove plugins/conffiles
1090 - d/libstrongswan.install: Add plugins/confiles
1091 - d/control: move package descriptions and add required breaks/replaces
1092 + (not needed) Relocate plugins ccm from extra-plugins to libstrongswan
1093 - d/libstrongswan-extra-plugins.install: Remove plugins/conffiles
1094 - d/libstrongswan.install: Add plugins/confiles
1095 - d/control: move package descriptions and add required breaks/replaces
1096 + (while using it requires special kernel, it does not hurt to be
1097 available in the package) Remove ha plugin
1098 - d/libcharon-extra-plugins.install: Stop installing ha (so, conf)
1099 - d/rules: Do not enable ha plugin
1100 - d/control: Drop listing the ha plugin in the package description
1101
1102 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 29 Nov 2017 15:55:18 +0100
1103
249strongswan (5.6.1-2) unstable; urgency=medium1104strongswan (5.6.1-2) unstable; urgency=medium
2501105
251 * move counters plugin from -starter to -libcharon. closes: #8824311106 * move counters plugin from -starter to -libcharon. closes: #882431
@@ -332,6 +1187,213 @@ strongswan (5.5.2-1) experimental; urgency=medium
3321187
333 -- Yves-Alexis Perez <corsac@debian.org> Fri, 19 May 2017 11:32:00 +02001188 -- Yves-Alexis Perez <corsac@debian.org> Fri, 19 May 2017 11:32:00 +0200
3341189
1190strongswan (5.5.1-4ubuntu3) bionic; urgency=medium
1191
1192 * Fix Artful FTBFS due to newer glibc (LP: #1724859)
1193 - d/p/utils-Include-stdint.h.patch: upstream fix for changed include
1194 files.
1195
1196 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 19 Oct 2017 15:18:52 +0200
1197
1198strongswan (5.5.1-4ubuntu2) artful; urgency=medium
1199
1200 * SECURITY UPDATE: Fix RSA signature verification
1201 - debian/patches/CVE-2017-11185.patch: does some
1202 verifications in order to avoid null-point dereference
1203 in src/libstrongswan/gmp/gmp_rsa_public_key.c
1204 - CVE-2017-11185
1205
1206 -- Leonidas S. Barbosa <leo.barbosa@canonical.com> Tue, 15 Aug 2017 14:49:49 -0300
1207
1208strongswan (5.5.1-4ubuntu1) artful; urgency=medium
1209
1210 * Merge from Debian to pick up latest security changes (CVE-2017-9022,
1211 CVE-2017-9023).
1212 * Remaining Changes:
1213 + Update init/service handling
1214 - d/rules: Change init/systemd program name to strongswan
1215 - d/strongswan-starter.strongswan.service: Add new systemd file instead of
1216 patching upstream
1217 - d/strongswan-starter.links: Removed, use Ubuntu systemd file instead of
1218 linking to upstream
1219 - d/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call.
1220 - d/strongswan-starter.prerm: Stop strongswan service on package
1221 removal (as opposed to using the old init.d script).
1222 + Clean up d/strongswan-starter.postinst:
1223 - Removed section about runlevel changes
1224 - Adapted service restart section for Upstart (kept to be Trusty
1225 backportable).
1226 - Remove old symlinks to init.d files is necessary.
1227 - Removed further out-dated code
1228 - Removed entire section on opportunistic encryption - this was never in
1229 strongSwan.
1230 + d/rules: Removed pieces on 'patching ipsec.conf' on build.
1231 + Mass enablement of extra plugins and features to allow a user to use
1232 strongswan for a variety of use cases without having to rebuild.
1233 - d/control: Add required additional build-deps
1234 - d/rules: Enable features at configure stage
1235 - d/control: Mention addtionally enabled plugins
1236 - d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
1237 - d/libstrongswan.install: Add plugins (so, conf)
1238 + d/rules: Disable duplicheck as per
1239 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718291#10
1240 + Remove ha plugin (requires special kernel)
1241 - d/libcharon-extra-plugins.install: Stop installing ha (so, conf)
1242 - d/rules: Do not enable ha plugin
1243 - d/control: Drop listing the ha plugin in the package description
1244 + Add plugin kernel-libipsec to allow the use of strongswan in containers
1245 via this userspace implementation (please do note that this is still
1246 considered experimental by upstream).
1247 - d/libcharon-extra-plugins.install: Add kernel-libipsec components
1248 - d/control: List kernel-libipsec plugin at extra plugins description
1249 - d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
1250 upstream recommends to not load kernel-libipsec by default.
1251 + Relocate tnc plugin
1252 - debian/libcharon-extra-plugins.install: Drop tnc from extra plugins
1253 - Add new subpackage for TNC in d/strongswan-tnc-* and d/control
1254 + d/strongswan-starter.install: Install pool feature, that useful due to
1255 having attr-sql plugin that is enabled now.
1256 + Relocate plugins test-vectors and ccm from extra-plugins to libstrongswan
1257 - d/libstrongswan-extra-plugins.install: Remove plugins/conffiles
1258 - d/libstrongswan.install: Add plugins/confiles
1259 - d/control: move package descriptions and add required breaks/replaces
1260 + d/libstrongswan.install: Reorder conf and .so alphabetically
1261 + d/libstrongswan.install: Add kernel-netlink configuration files
1262 + d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference.
1263 + debian/patches/increase-bliss-test-timeout.patch: Under QEMU/KVM
1264 autopkgtest the bliss test takes longer than the default (Upstream in
1265 5.5.2 via issue 2204)
1266 + Complete the disabling of libfast; This was partially accepted in Debian,
1267 it is no more packaging medcli and medsrv, but still builds and
1268 mentions it.
1269 - d/rules: Add --disable-fast to avoid build time and dependencies
1270 - d/control: Remove medcli, medsrv from package description
1271 + Add now built (5.5.1 vs 5.3.5) mgf1 plugin to libstrongswan-extra-plugins.
1272 "only" to extra-plugins Mgf1 is not listed as default plugin at
1273 https://wiki.strongswan.org/projects/strongswan/wiki/Pluginlist.
1274 + Add now built (5.5.1 vs 5.3.5) libraries libtpmtss and nttfft to
1275 libstrongswan-extra-plugins.
1276 + Add missing mention of md4 plugin in d/control
1277 + Add rm_conffile for /etc/init.d/ipsec (transition from precies had
1278 missed that)
1279 + d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
1280 plugins for the most common use cases from extra-plugins into a new
1281 standard-plugins package. This will allow those use cases without pulling
1282 in too much more plugins (a bit like the tnc package). Recommend that
1283 package from strongswan-libcharon.
1284
1285 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 31 May 2017 15:57:54 +0200
1286
1287strongswan (5.5.1-3ubuntu1) artful; urgency=medium
1288
1289 * Merge from Debian to pick up latest changes. Among others this includes:
1290 - a lot of the Delta we upstreamed to Debian (more discussions are ongoing
1291 but likely have to wait until Debian stretch was released)
1292 - enabling mediation support (LP: #1657413)
1293 * Remaining Changes:
1294 + Update init/service handling
1295 - d/rules: Change init/systemd program name to strongswan
1296 - d/strongswan-starter.strongswan.service: Add new systemd file instead of
1297 patching upstream
1298 - d/strongswan-starter.links: Removed, use Ubuntu systemd file instead of
1299 linking to upstream
1300 - d/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call.
1301 - d/strongswan-starter.prerm: Stop strongswan service on package
1302 removal (as opposed to using the old init.d script).
1303 + Clean up d/strongswan-starter.postinst:
1304 - Removed section about runlevel changes
1305 - Adapted service restart section for Upstart (kept to be Trusty
1306 backportable).
1307 - Remove old symlinks to init.d files is necessary.
1308 - Removed further out-dated code
1309 - Removed entire section on opportunistic encryption - this was never in
1310 strongSwan.
1311 + d/rules: Removed pieces on 'patching ipsec.conf' on build.
1312 + Mass enablement of extra plugins and features to allow a user to use
1313 strongswan for a variety of use cases without having to rebuild.
1314 - d/control: Add required additional build-deps
1315 - d/rules: Enable features at configure stage
1316 - d/control: Mention addtionally enabled plugins
1317 - d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
1318 - d/libstrongswan.install: Add plugins (so, conf)
1319 + d/rules: Disable duplicheck as per
1320 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718291#10
1321 + Remove ha plugin (requires special kernel)
1322 - d/libcharon-extra-plugins.install: Stop installing ha (so, conf)
1323 - d/rules: Do not enable ha plugin
1324 - d/control: Drop listing the ha plugin in the package description
1325 + Add plugin kernel-libipsec to allow the use of strongswan in containers
1326 via this userspace implementation (please do note that this is still
1327 considered experimental by upstream).
1328 - d/libcharon-extra-plugins.install: Add kernel-libipsec components
1329 - d/control: List kernel-libipsec plugin at extra plugins description
1330 - d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
1331 upstream recommends to not load kernel-libipsec by default.
1332 + Relocate tnc plugin
1333 - debian/libcharon-extra-plugins.install: Drop tnc from extra plugins
1334 - Add new subpackage for TNC in d/strongswan-tnc-* and d/control
1335 + d/strongswan-starter.install: Install pool feature, that useful due to
1336 having attr-sql plugin that is enabled now.
1337 + Relocate plugins test-vectors and ccm from extra-plugins to libstrongswan
1338 - d/libstrongswan-extra-plugins.install: Remove plugins/conffiles
1339 - d/libstrongswan.install: Add plugins/confiles
1340 - d/control: move package descriptions and add required breaks/replaces
1341 + d/libstrongswan.install: Reorder conf and .so alphabetically
1342 + d/libstrongswan.install: Add kernel-netlink configuration files
1343 + d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference.
1344 + debian/patches/increase-bliss-test-timeout.patch: Under QEMU/KVM
1345 autopkgtest the bliss test takes longer than the default (Upstream in
1346 5.5.2 via issue 2204)
1347 + Complete the disabling of libfast; This was partially accepted in Debian,
1348 it is no more packaging medcli and medsrv, but still builds and
1349 mentions it.
1350 - d/rules: Add --disable-fast to avoid build time and dependencies
1351 - d/control: Remove medcli, medsrv from package description
1352 + Add now built (5.5.1 vs 5.3.5) mgf1 plugin to libstrongswan-extra-plugins.
1353 "only" to extra-plugins Mgf1 is not listed as default plugin at
1354 https://wiki.strongswan.org/projects/strongswan/wiki/Pluginlist.
1355 + Add now built (5.5.1 vs 5.3.5) libraries libtpmtss and nttfft to
1356 libstrongswan-extra-plugins.
1357 + Add missing mention of md4 plugin in d/control
1358 + Add rm_conffile for /etc/init.d/ipsec (transition from precies had
1359 missed that)
1360 + d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
1361 plugins for the most common use cases from extra-plugins into a new
1362 standard-plugins package. This will allow those use cases without pulling
1363 in too much more plugins (a bit like the tnc package). Recommend that
1364 package from strongswan-libcharon.
1365 * Dropped Changes:
1366 + Add and install apparmor profiles (in Debian)
1367 - d/rules: Install AppArmor profiles
1368 - d/control: Add dh-apparmor build-dep
1369 - d/usr.lib.ipsec.{charon, lookip, stroke}: Add latest AppArmor profiles
1370 for charon, lookip and stroke
1371 - d/libcharon-extra-plugins.install: Install profile for lookip
1372 - d/strongswan-charon.install: Install profile for charon
1373 - d/strongswan-starter.install: Install profile for stroke
1374 - Fix strongswan ipsec status issue with apparmor
1375 - Fix Dep8 tests for the now extra strongswan-pki package for pki
1376 - Fix Dep8 tests for the now extra strongswan-scepclient package
1377 + d/rules: Sorted and only one enable option per configure line (in
1378 Debian)
1379 + Add updated logcheck rules (in Debian)
1380 - debian/libstrongswan.strongswan.logcheck.*: Remove outdated files
1381 - debian/strongswan.logcheck: Add updated logcheck rules
1382 + Add updated DEP8 tests (in Debian)
1383 - d/tests/*: Add DEP8 tests
1384 - d/control: Enable autotestpkg
1385 + d/rules: do not strip for library integrity checking (After Discussion
1386 with Debian this isn't acceptable there, but at the same time it turned
1387 out the real use-case of this never uses this lib but instead third
1388 party checks of checksums for e.g. FIPS cert; so drop the Delta)
1389 - Use override_dh_strip to to avoid overwriting user build flags.
1390 - Add missing mention of libchecksum integrity test in d/control
1391 + d/rules: Set TESTS_REDUCED_KEYLENGTHS to one generate smallest key-lengths
1392 in tests to avoid issues in low entropy environments. (Debian has
1393 disabled !x86 tests for the same reason, one solution is enough)
1394
1395 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 04 May 2017 14:06:23 +0200
1396
335strongswan (5.5.1-3) unstable; urgency=medium1397strongswan (5.5.1-3) unstable; urgency=medium
3361398
337 [ Christian Ehrhardt ]1399 [ Christian Ehrhardt ]
@@ -365,6 +1427,136 @@ strongswan (5.5.1-2) unstable; urgency=medium
3651427
366 -- Yves-Alexis Perez <corsac@debian.org> Wed, 07 Dec 2016 08:34:52 +01001428 -- Yves-Alexis Perez <corsac@debian.org> Wed, 07 Dec 2016 08:34:52 +0100
3671429
1430strongswan (5.5.1-1ubuntu2) zesty; urgency=medium
1431
1432 * Update Maintainers which was missed while merging 5.5.1-1.
1433
1434 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Dec 2016 16:02:40 +0100
1435
1436strongswan (5.5.1-1ubuntu1) zesty; urgency=medium
1437
1438 * Merge from Debian (complex delta, discussions and broken out changes can be
1439 found in the merge proposal linked from the merge bug LP: #1631198)
1440 * Remaining Changes:
1441 + d/rules: Enforcing DEB_BUILD_OPTIONS=nostrip for library integrity
1442 checking.
1443 + d/rules: Set TESTS_REDUCED_KEYLENGTHS to one generate smallest key-lengths
1444 in tests to avoid issues in low entropy environments.
1445 + Update init/service handling
1446 - d/rules: Change init/systemd program name to strongswan
1447 - d/strongswan-starter.strongswan.service: Add new systemd file instead of
1448 patching upstream
1449 - d/strongswan-starter.links: Removed, use Ubuntu systemd file instead of
1450 linking to upstream
1451 - d/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call.
1452 - d/strongswan-starter.prerm: Stop strongswan service on package
1453 removal (as opposed to using the old init.d script).
1454 + Clean up d/strongswan-starter.postinst:
1455 - Removed section about runlevel changes
1456 - Adapted service restart section for Upstart (kept to be Trusty
1457 backportable).
1458 - Remove old symlinks to init.d files is necessary.
1459 - Removed further out-dated code
1460 - Removed entire section on opportunistic encryption - this was never in
1461 strongSwan.
1462 + Add and install apparmor profiles
1463 - d/rules: Install AppArmor profiles
1464 - d/control: Add dh-apparmor build-dep
1465 - d/usr.lib.ipsec.{charon, lookip, stroke}: Add latest AppArmor profiles
1466 for charon, lookip and stroke
1467 - d/libcharon-extra-plugins.install: Install profile for lookip
1468 - d/strongswan-charon.install: Install profile for charon
1469 - d/strongswan-starter.install: Install profile for stroke
1470 + d/rules: Removed pieces on 'patching ipsec.conf' on build.
1471 + d/rules: Sorted and only one enable option per configure line
1472 + Mass enablement of extra plugins and features to allow a user to use
1473 strongswan for a variety of use cases without having to rebuild.
1474 - d/control: Add required additional build-deps
1475 - d/rules: Enable features at configure stage
1476 - d/control: Mention addtionally enabled plugins
1477 - d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
1478 - d/libstrongswan.install: Add plugins (so, conf)
1479 + d/rules: Disable duplicheck as per
1480 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718291#10
1481 + Remove ha plugin (requires special kernel)
1482 - d/libcharon-extra-plugins.install: Stop installing ha (so, conf)
1483 - d/rules: Do not enable ha plugin
1484 - d/control: Drop listing the ha plugin in the package description
1485 + Add plugin kernel-libipsec to allow the use of strongswan in containers
1486 via this userspace implementation (please do note that this is still
1487 considered experimental by upstream).
1488 - d/libcharon-extra-plugins.install: Add kernel-libipsec components
1489 - d/control: List kernel-libipsec plugin at extra plugins description
1490 - d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
1491 upstream recommends to not load kernel-libipsec by default.
1492 + Relocate tnc plugin
1493 - debian/libcharon-extra-plugins.install: Drop tnc from extra plugins
1494 - Add new subpackage for TNC in d/strongswan-tnc-* and d/control
1495 + d/strongswan-starter.install: Install pool feature, that useful due to
1496 having attr-sql plugin that is enabled now.
1497 + Relocate plugins test-vectors and ccm from extra-plugins to libstrongswan
1498 - d/libstrongswan-extra-plugins.install: Remove plugins
1499 - d/libstrongswan.install: Add plugins
1500 + d/libstrongswan.install: Reorder conf and .so alphabetically
1501 + d/libstrongswan.install: Add kernel-netlink configuration files
1502 + d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference.
1503 + Add updated logcheck rules
1504 - debian/libstrongswan.strongswan.logcheck.*: Remove outdated files
1505 - debian/strongswan.logcheck: Add updated logcheck rules
1506 + Add updated DEP8 tests
1507 - d/tests/*: Add DEP8 tests
1508 - d/control: Enable autotestpkg
1509 + debian/patches/increase-bliss-test-timeout.patch: Under QEMU/KVM
1510 autopkgtest the bliss test takes longer than the default
1511 + Complete the disabling of libfast
1512 - Note: This was partially accepted in Debian, it is no more
1513 packaging medcli and medsrv, but still builds and mentions it
1514 - d/rules: Add --disable-fast to avoid build time and dependencies
1515 - d/control: Remove medcli, medsrv from package description
1516 * Dropped Changes:
1517 + Adding build-dep to iptables-dev (no change, was only in Changelog)
1518 + Dropping of build deps libfcgi-dev, clearsilver-dev (in Debian)
1519 + Adding strongswan-plugin-* virtual packages for dist-upgrade (no
1520 upgrade path left needing them)
1521 + Most of "disabling libfast" (Debian dropped it from package content)
1522 + Transition for ipsec service (no upgrade path left)
1523 + Reverted part of the cleanup to d/strongswan-starter.postinst as using
1524 service should rather use invoke-rc.d (so it is a partial revert of our
1525 delta)
1526 + Transition handling (breaks/replaces) from per-plugin packages to the
1527 three grouped plugin packages (no upgrade path left)
1528 + debian/strongswan-starter.dirs: Don't touch /etc/init.d. (while "correct"
1529 it is effectively a no-op still, so not worth the delta)
1530 + Lower dpkg-dev to 1.16.1 from 1.16.2 to enable backporting to Precise
1531 (no more needed)
1532 + d/rules: Remove configure option --enable-unit-test (unit tests run by
1533 default)
1534 * Added Changes:
1535 + Fix strongswan ipsec status issue with apparmor (LP: #1587886)
1536 + d/control, d/libstrongswan.install, d/libstrongswan-extra-plugins: Fixup
1537 the relocation of the ccm plugin which missed to move the conffiles.
1538 + Complete move of test-vectors (was missing in d/control)
1539 + Add now built (5.5.1 vs 5.3.5) mgf1 plugin to libstrongswan-extra-plugins.
1540 "only" to extra-plugins Mgf1 is not listed as default plugin at
1541 https://wiki.strongswan.org/projects/strongswan/wiki/Pluginlist.
1542 + Add now built (5.5.1 vs 5.3.5) libraries libtpmtss and nttfft to
1543 libstrongswan-extra-plugins.
1544 + Add missing mention of md4 plugin in d/control
1545 + Add missing mention of libchecksum integrity test in d/control
1546 + Add rm_conffile for /etc/init.d/ipsec (transition from precies had
1547 missed that)
1548 + Use override_dh_strip to to fix library integrity checking instead of
1549 DEB_BUILD_OPTION to avoid overwriting user build flags.
1550 + d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
1551 plugins for the most common use cases from extra-plugins into a new
1552 standard-plugins package. This will allow those use cases without pulling
1553 in too much more plugins (a bit like the tnc package). Recommend that
1554 package from strongswan-libcharon (LP: #1640826).
1555 + Fix Dep8 tests for the now extra strongswan-pki package for pki
1556 + Fix Dep8 tests for the now extra strongswan-scepclient package
1557
1558 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 07 Nov 2016 16:16:41 +0100
1559
368strongswan (5.5.1-1) unstable; urgency=medium1560strongswan (5.5.1-1) unstable; urgency=medium
3691561
370 * New upstream bugfix release.1562 * New upstream bugfix release.
@@ -481,6 +1673,177 @@ strongswan (5.3.5-2) unstable; urgency=medium
4811673
482 -- Yves-Alexis Perez <corsac@debian.org> Mon, 14 Mar 2016 23:53:34 +01001674 -- Yves-Alexis Perez <corsac@debian.org> Mon, 14 Mar 2016 23:53:34 +0100
4831675
1676strongswan (5.3.5-1ubuntu4) yakkety; urgency=medium
1677
1678 * Build-depend on libjson-c-dev instead of libjson0-dev.
1679 * Rebuild against libjson-c3.
1680
1681 -- Graham Inggs <ginggs@ubuntu.com> Fri, 29 Apr 2016 19:04:22 +0200
1682
1683strongswan (5.3.5-1ubuntu3) xenial; urgency=medium
1684
1685 * Rebuild against libmysqlclient20.
1686
1687 -- Robie Basak <robie.basak@ubuntu.com> Tue, 05 Apr 2016 13:02:48 +0000
1688
1689strongswan (5.3.5-1ubuntu2) xenial; urgency=medium
1690
1691 * debian/tests/plugins: rdrand may or may not be loaded, depending on the
1692 cpu features.
1693
1694 -- Iain Lane <iain@orangesquash.org.uk> Mon, 22 Feb 2016 17:13:01 +0000
1695
1696strongswan (5.3.5-1ubuntu1) xenial; urgency=medium
1697
1698 * debian/{rules,control,libstrongswan-extra-plugins.install}
1699 Enable bliss plugin
1700 * debian/{rules,control,libstrongswan-extra-plugins.install}
1701 Enable chapoly plugin
1702 * debian/patches/dont-load-kernel-libipsec-plugin-by-default.patch
1703 Upstream suggests to not load this plugin by default as it has
1704 some limitations.
1705 https://wiki.strongswan.org/projects/strongswan/wiki/Kernel-libipsec
1706 * debian/patches/increase-bliss-test-timeout.patch
1707 Under QEMU/KVM for autopkgtest bliss test takes a bit longer then default
1708 * Update Apparmor profiles
1709 - usr.lib.ipsec.charon
1710 - add capability audit_write for xauth-pam (LP: #1470277)
1711 - add capability dac_override (needed by agent plugin)
1712 - allow priv dropping (LP: #1333655)
1713 - allow caching CRLs (LP: #1505222)
1714 - allow rw access to /dev/net/tun for kernel-libipsec (LP: #1309594)
1715 - usr.lib.ipsec.stroke
1716 - allow priv dropping (LP: #1333655)
1717 - add local include
1718 - usr.lib.ipsec.lookip
1719 - add local include
1720 * Merge from Debian, which includes fixes for all previous CVEs
1721 Fixes (LP: #1330504, #1451091, #1448870, #1470277)
1722 Remaining changes:
1723 * debian/control
1724 - Lower dpkg-dev to 1.16.1 from 1.16.2 to enable backporting to Precise
1725 - Update Maintainer for Ubuntu
1726 - Add build-deps
1727 - dh-apparmor
1728 - iptables-dev
1729 - libjson0-dev
1730 - libldns-dev
1731 - libmysqlclient-dev
1732 - libpcsclite-dev
1733 - libsoup2.4-dev
1734 - libtspi-dev
1735 - libunbound-dev
1736 - Drop build-deps
1737 - libfcgi-dev
1738 - clearsilver-dev
1739 - Create virtual packages for all strongswan-plugin-* for dist-upgrade
1740 - Set XS-Testsuite: autopkgtest
1741 * debian/rules:
1742 - Enforcing DEB_BUILD_OPTIONS=nostrip for library integrity checking.
1743 - Set TESTS_REDUCED_KEYLENGTHS to one generate smallest key-lengths in
1744 tests.
1745 - Change init/systemd program name to strongswan
1746 - Install AppArmor profiles
1747 - Removed pieces on 'patching ipsec.conf' on build.
1748 - Enablement of features per Ubuntu current config suggested from
1749 upstream recommendation
1750 - Unpack and sort enabled features to one-per-line
1751 - Disable duplicheck as per
1752 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718291#10
1753 - Disable libfast (--disable-fast):
1754 Requires dropping medsrv, medcli plugins which depend on libfast
1755 - Add configure options
1756 --with-tss=trousers
1757 - Remove configure options:
1758 --enable-ha (requires special kernel)
1759 --enable-unit-test (unit tests run by default)
1760 - Drop logcheck install
1761 * debian/tests/*
1762 - Add DEP8 test for strongswan service and plugins
1763 * debian/strongswan-starter.strongswan.service
1764 - Add new systemd file instead of patching upstream
1765 * debian/strongswan-starter.links
1766 - removed, use Ubuntu systemd file instead of linking to upstream
1767 * debian/usr.lib.ipsec.{charon, lookip, stroke}
1768 - added AppArmor profiles for charon, lookip and stroke
1769 * debian/libcharon-extra-plugins.install
1770 - Add plugins
1771 - kernel-libipsec.{so, lib, conf, apparmor}
1772 - Remove plugins
1773 - libstrongswan-ha.so
1774 - Relocate plugins
1775 - libstrongswan-tnc-tnccs.so (strongswan-tnc-base.install)
1776 * debian/libstrongswan-extra-plugins.install
1777 - Add plugins (so, lib, conf)
1778 - acert
1779 - attr-sql
1780 - coupling
1781 - dnscert
1782 - fips-prf
1783 - gmp
1784 - ipseckey
1785 - load-tester
1786 - mysql
1787 - ntru
1788 - radattr
1789 - soup
1790 - sqlite
1791 - sql
1792 - systime-fix
1793 - unbound
1794 - whitelist
1795 - Relocate plugins (so, lib, conf)
1796 - ccm (libstrongswan.install)
1797 - test-vectors (libstrongswan.install)
1798 * debian/libstrongswan.install
1799 - Sort sections
1800 - Add plugins (so, lib, conf)
1801 - libchecksum
1802 - ccm
1803 - eap-identity
1804 - md4
1805 - test-vectors
1806 * debian/strongswan-charon.install
1807 - Add AppArmor profile for charon
1808 * debian/strongswan-starter.install
1809 - Add tools, manpages, conf
1810 - openac
1811 - pool
1812 - _updown_espmark
1813 - Add AppArmor profile for stroke
1814 * debian/strongswan-tnc-base.install
1815 - Add new subpackage for TNC
1816 - remove non-existent (dropped in 5.2.1) libpts library files
1817 * debian/strongswan-tnc-client.install
1818 - Add new subpackage for TNC
1819 * debian/strongswan-tnc-ifmap.install
1820 - Add new subpackage for TNC
1821 * debian/strongswan-tnc-pdp.install
1822 - Add new subpackage for TNC
1823 * debian/strongswan-tnc-server.install
1824 - Add new subpackage for TNC
1825 * debian/strongswan-starter.postinit:
1826 - Removed section about runlevel changes, it's almost 2014.
1827 - Adapted service restart section for Upstart.
1828 - Remove old symlinks to init.d files is necessary.
1829 * debian/strongswan-starter.dirs: Don't touch /etc/init.d.
1830 * debian/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call.
1831 * debian/strongswan-starter.prerm: Stop strongswan service on package
1832 removal (as opposed to using the old init.d script).
1833 * debian/libstrongswan.strongswan.logcheck combined into debian/strongswan.logcheck
1834 - logcheck patterns updated to be helpful
1835 * debian/strongswan-starter.postinst: Removed further out-dated code and
1836 entire section on opportunistic encryption - this was never in strongSwan.
1837 * debian/ipsec.secrets.proto: Removed ipsec.secrets.inc reference.
1838 Drop changes:
1839 * debian/control
1840 - Per-plugin package breakup: Reducing packaging delta from Debian
1841 - Don't build dhcp, farp subpackages: Reduce packging delta from Debian
1842 * debian/watch: Already exists in Debian merge
1843 * debian/upstream/signing-key.asc: Upstream has newer version.
1844
1845 -- Ryan Harper <ryan.harper@canonical.com> Fri, 12 Feb 2016 11:24:53 -0600
1846
484strongswan (5.3.5-1) unstable; urgency=medium1847strongswan (5.3.5-1) unstable; urgency=medium
4851848
486 * New upstream bugfix release.1849 * New upstream bugfix release.
@@ -753,6 +2116,210 @@ strongswan (5.1.2-1) unstable; urgency=medium
7532116
754 -- Yves-Alexis Perez <corsac@debian.org> Wed, 12 Mar 2014 11:22:38 +01002117 -- Yves-Alexis Perez <corsac@debian.org> Wed, 12 Mar 2014 11:22:38 +0100
7552118
2119strongswan (5.1.2-0ubuntu8) xenial; urgency=medium
2120
2121 * Import FTBFS for s390x from Debian 5.1.2-3 upload. (LP: #1521240)
2122
2123 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 30 Nov 2015 15:46:06 +0000
2124
2125strongswan (5.1.2-0ubuntu7) xenial; urgency=medium
2126
2127 * SECURITY UPDATE: authentication bypass in eap-mschapv2 plugin
2128 - debian/patches/CVE-2015-8023.patch: only succeed authentication if
2129 MSK was established in
2130 src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c.
2131 - CVE-2015-8023
2132 * debian/patches/disable_ntru_test.patch: disable test causing FTBFS
2133 until regression is properly investigated.
2134
2135 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 19 Nov 2015 14:00:17 -0500
2136
2137strongswan (5.1.2-0ubuntu6) wily; urgency=medium
2138
2139 * SECURITY UPDATE: user credential disclosure to rogue servers
2140 - debian/patches/CVE-2015-4171.patch: enforce remote authentication
2141 config before proceeding with own authentication in
2142 src/libcharon/sa/ikev2/tasks/ike_auth.c.
2143 - CVE-2015-4171
2144 * debian/rules: don't FTBFS from unused service file
2145
2146 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 08 Jun 2015 12:50:38 -0400
2147
2148strongswan (5.1.2-0ubuntu5) vivid; urgency=medium
2149
2150 * Add a systemd unit corresponding to strongswan-starter.strongswan.upstart.
2151
2152 -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 16 Jan 2015 08:27:54 +0100
2153
2154strongswan (5.1.2-0ubuntu4) vivid; urgency=medium
2155
2156 * SECURITY UPDATE: denial of service via DH group 1025
2157 - debian/patches/CVE-2014-9221.patch: define MODP_CUSTOM outside of
2158 IKE DH range in src/libstrongswan/crypto/diffie_hellman.c,
2159 src/libstrongswan/crypto/diffie_hellman.h.
2160 - CVE-2014-9221
2161
2162 -- Tyler Hicks <tyhicks@canonical.com> Mon, 05 Jan 2015 08:25:29 -0500
2163
2164strongswan (5.1.2-0ubuntu3) utopic; urgency=low
2165
2166 * Added "libgcrypt20-dev | libgcrypt11-dev" to build dependencies to fix
2167 build.
2168
2169 -- Jonathan Davies <jonathan.davies@canonical.com> Wed, 15 Oct 2014 16:49:18 +0000
2170
2171strongswan (5.1.2-0ubuntu2) trusty; urgency=medium
2172
2173 * SECURITY UPDATE: remote authentication bypass
2174 - debian/patches/CVE-2014-2338.patch: reject CREATE_CHILD_SA exchange
2175 on unestablished IKE_SAs in src/libcharon/sa/ikev2/task_manager_v2.c.
2176 - CVE-2014-2338
2177
2178 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Apr 2014 11:24:34 -0400
2179
2180strongswan (5.1.2-0ubuntu1) trusty; urgency=low
2181
2182 * New upstream release.
2183
2184 -- Jonathan Davies <jonathan.davies@canonical.com> Sat, 01 Mar 2014 08:53:17 +0000
2185
2186strongswan (5.1.2~rc2-0ubuntu2) trusty; urgency=low
2187
2188 * debian/ipsec.secrets.proto: Removed ipsec.secrets.inc reference.
2189 * debian/usr.lib.ipsec.charon: Allow read access to /run/charon.
2190
2191 -- Jonathan Davies <jonathan.davies@canonical.com> Wed, 19 Feb 2014 13:07:16 +0000
2192
2193strongswan (5.1.2~rc2-0ubuntu1) trusty; urgency=low
2194
2195 * New upstream release candidate.
2196
2197 -- Jonathan Davies <jonathan.davies@canonical.com> Wed, 19 Feb 2014 12:59:21 +0000
2198
2199strongswan (5.1.2~rc1-0ubuntu4) trusty; urgency=medium
2200
2201 * debian/strongswan-tnc-*.install: Fixed files so libraries go into correct
2202 packages.
2203 * debian/usr.lib.ipsec.stroke: Allow access to strongswan.d directories.
2204
2205 -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 17 Feb 2014 18:12:38 +0000
2206
2207strongswan (5.1.2~rc1-0ubuntu3) trusty; urgency=low
2208
2209 * debian/rules: Exclude rdrand.conf in dh_install's --fail-missing.
2210
2211 -- Jonathan Davies <jonathan.davies@canonical.com> Sat, 15 Feb 2014 15:46:46 +0000
2212
2213strongswan (5.1.2~rc1-0ubuntu2) trusty; urgency=low
2214
2215 * debian/libstrongswan.install: Moved rdrand plugin configuration to rules
2216 as it's only useful on amd64.
2217 * debian/watch: Added opts=pgpsigurlmangle option.
2218 * debian/upstream/signing-key.asc: Added key: 0xB34DBA77.
2219
2220 -- Jonathan Davies <jonathan.davies@canonical.com> Sat, 15 Feb 2014 15:32:10 +0000
2221
2222strongswan (5.1.2~rc1-0ubuntu1) trusty; urgency=medium
2223
2224 * New upstream release candidate.
2225 * debian/*.install - include new configuration files for plugins in
2226 appropiate packages.
2227
2228 -- Jonathan Davies <jonathan.davies@canonical.com> Sat, 15 Feb 2014 15:03:14 +0000
2229
2230strongswan (5.1.2~dr3+git20130120-0ubuntu3) trusty; urgency=low
2231
2232 * debian/control:
2233 - Added Breaks/Replaces for all library files which have been moved
2234 about (LP: #1278176).
2235 - Removed build-dependency on check and added one on dh-apparmor.
2236 * debian/strongswan-starter.postinst: Removed further out-dated code and
2237 entire section on opportunistic encryption - this was never in strongSwan.
2238 * debian/rules: Removed pieces on 'patching ipsec.conf' on build.
2239
2240 -- Jonathan Davies <jonathan.davies@canonical.com> Sun, 09 Feb 2014 23:53:23 +0000
2241
2242strongswan (5.1.2~dr3+git20130120-0ubuntu2) trusty; urgency=low
2243
2244 * debian/control: Fixed references to plugin-fips-prf.
2245
2246 -- Jonathan Davies <jonathan.davies@canonical.com> Wed, 22 Jan 2014 11:22:14 +0000
2247
2248strongswan (5.1.2~dr3+git20130120-0ubuntu1) trusty; urgency=low
2249
2250 * Upstream Git snapshot for build fixes with regards to entropy.
2251 * debian/rules:
2252 - Enforcing DEB_BUILD_OPTIONS=nostrip for library integrity checking.
2253 - Set TESTS_REDUCED_KEYLENGTHS to one generate smallest key-lengths in
2254 tests.
2255
2256 -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 20 Jan 2014 19:00:59 +0000
2257
2258strongswan (5.1.2~dr3-0ubuntu1) trusty; urgency=low
2259
2260 * New upstream developer release.
2261 * Made changes to packaging per upstream suggestions.
2262 - Dropped medcli and medsrv packages - not recommended by upstream at this
2263 time.
2264 - Dropped ha plugin - needs special kernel.
2265 - Improved all package descriptions in general.
2266 - Drop build-dep on clearsilver-dev and libfcgi-dev - no longer needed.
2267 - Removed debian/*logcheck* files - not relevant to strongSwan.
2268 - Split dhcp and farp packages into sub-packages.
2269 - Build kernel-libipsec, ntru, systime-fix, and xauth-noauth plugins.
2270 - Changes to TNC-related packages.
2271 * Created AppArmor profiles for lookip and stroke.
2272
2273 -- Jonathan Davies <jonathan.davies@canonical.com> Wed, 15 Jan 2014 22:52:53 +0000
2274
2275strongswan (5.1.2~dr2+git20130106-0ubuntu2) trusty; urgency=low
2276
2277 * libstrongswan.install: Removed lingering unit-tester.so reference.
2278
2279 -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 06 Jan 2014 20:29:59 +0000
2280
2281strongswan (5.1.2~dr2+git20130106-0ubuntu1) trusty; urgency=low
2282
2283 * Git snapshot of commit 94e10f15e51ead788d9947e966878ebfdc95b7ce.
2284 Incorporates upstream fixes for:
2285 - Integrity testing.
2286 - Unit test failures on little endian systems.
2287 * Dropped debian/patches/02_test_asn1_fix_32bit_time_test.patch - fixed
2288 upstream.
2289 * debian/rules:
2290 - Stop using CK_TIMEOUT_MULTIPLIER.
2291 - Stop enabling the test suite only on non-powerpc arches (it runs
2292 anyway).
2293
2294 -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 06 Jan 2014 20:17:20 +0000
2295
2296strongswan (5.1.2~dr2-0ubuntu3) trusty; urgency=low
2297
2298 * debian/control: Reinstate missing comma in dependencies.
2299
2300 -- Jonathan Davies <jonathan.davies@canonical.com> Fri, 03 Jan 2014 05:39:13 +0000
2301
2302strongswan (5.1.2~dr2-0ubuntu2) trusty; urgency=low
2303
2304 * Added debian/patches/02_test_asn1_fix_32bit_time_test.patch - fixes issue
2305 where test for >2038 tests on 32-bit platforms is broken.
2306 - Reported upstream: https://wiki.strongswan.org/issues/477
2307 * debian/control: Added strongswan-plugin-ntru to strongswan-ike Suggests.
2308
2309 -- Jonathan Davies <jonathan.davies@canonical.com> Fri, 03 Jan 2014 05:02:32 +0000
2310
2311strongswan (5.1.2~dr2-0ubuntu1) trusty; urgency=low
2312
2313 * New upstream developer release.
2314 * debian/rules: Configure with: --enable-af-alg, --enable-ntru, --enable-soup,
2315 and --enable-unity.
2316 * debian/control:
2317 - New plugin packages created for the above
2318 - Split fips-prf into its own package.
2319 - Added build-dependency on libsoup2.4-dev.
2320
2321 -- Jonathan Davies <jonathan.davies@canonical.com> Thu, 02 Jan 2014 17:37:33 +0000
2322
756strongswan (5.1.1-3) unstable; urgency=low2323strongswan (5.1.1-3) unstable; urgency=low
7572324
758 * Upload to unstable.2325 * Upload to unstable.
@@ -844,6 +2411,192 @@ strongswan (5.1.1-1) unstable; urgency=low
8442411
845 -- Yves-Alexis Perez <corsac@debian.org> Fri, 24 Jan 2014 21:22:32 +01002412 -- Yves-Alexis Perez <corsac@debian.org> Fri, 24 Jan 2014 21:22:32 +0100
8462413
2414strongswan (5.1.1-0ubuntu17) trusty; urgency=low
2415
2416 * debian/control:
2417 - Make strongswan-ike depend on iproute2.
2418 - Added xauth plugin dependency on strongswan-plugin-eap-gtc.
2419 - Created strongswan-libfast package.
2420
2421 -- Jonathan Davies <jonathan.davies@canonical.com> Wed, 01 Jan 2014 17:04:45 +0000
2422
2423strongswan (5.1.1-0ubuntu16) trusty; urgency=low
2424
2425 * debian/control:
2426 - Further splitting of plugins into subpackages (such as all EAP plugins
2427 to their own packages).
2428 - Added libpcsclite-dev to build-dependencies.
2429 * debian/rules:
2430 - Sort configure options in alphabetical order.
2431 - Added configure option of --enable-eap-aka-3gpp2, --enable-eap-dynamic,
2432 --enable-eap-sim-file, --enable-eap-sim-pcsc,
2433 --enable-eap-simaka-pseudonym, --enable-eap-simaka-reauth and
2434 --enable-eap-simaka-sql.
2435 - Don't exclude medsrv from install.
2436 * Moved eap-identity.so to libstrongswan package as it's used by all the
2437 other EAP plugins.
2438
2439 -- Jonathan Davies <jonathan.davies@canonical.com> Tue, 31 Dec 2013 21:25:50 +0000
2440
2441strongswan (5.1.1-0ubuntu15) trusty; urgency=low
2442
2443 * debian/control:
2444 - Split plugins from libstrongswan package into modular subpackages.
2445 - Added libmysqlclient-dev to build-dependencies.
2446 - strongswan-ike: Set to depend on either strongswan-plugins-openssl or
2447 strongswan-plugins-gcrypt.
2448 - strongswan-ike: All other plugins added to Suggests.
2449 - Created two new TNC packages: strongswan-tnc-ifmap and
2450 strongswan-tnc-pdp and added to tnc-imcvs Suggests.
2451 * debian/rules: Added to CONFIGUREARGS: --enable-certexpire,
2452 --enable-error-notify, --enable-mysql, --enable-load-tester,
2453 --enable-radattr, --enable-tnc-pdp, and --enable-whitelist.
2454 * debian/strongswan-ike.install: Moved eap-identity.so to -tnc-imcvs package.
2455
2456 -- Jonathan Davies <jonathan.davies@canonical.com> Tue, 31 Dec 2013 16:15:32 +0000
2457
2458strongswan (5.1.1-0ubuntu14) trusty; urgency=low
2459
2460 * debian/rules:
2461 - CK_TIMEOUT_MULTIPLIER back down to 6.
2462 - Disable unit tests on powerpc.
2463
2464 -- Jonathan Davies <jonathan.davies@canonical.com> Tue, 31 Dec 2013 07:39:48 +0000
2465
2466strongswan (5.1.1-0ubuntu13) trusty; urgency=low
2467
2468 * debian/rules: CK_TIMEOUT_MULTIPLIER to 10 as just powerppc is being stubborn.
2469
2470 -- Jonathan Davies <jonathan.davies@canonical.com> Tue, 31 Dec 2013 07:23:42 +0000
2471
2472strongswan (5.1.1-0ubuntu12) trusty; urgency=low
2473
2474 * debian/rules: Bring CK_TIMEOUT_MULTIPLIER up to 6 to fix powerppc and
2475 armhf.
2476
2477 -- Jonathan Davies <jonathan.davies@canonical.com> Tue, 31 Dec 2013 07:03:40 +0000
2478
2479strongswan (5.1.1-0ubuntu11) trusty; urgency=low
2480
2481 * 02_increase-test_rsa_generate-timeout.patch: Removed - only fixed build on
2482 one extra arch.
2483 * debian/rules: Set CK_TIMEOUT_MULTIPLIER to 4.
2484
2485 -- Jonathan Davies <jonathan.davies@canonical.com> Tue, 31 Dec 2013 06:51:47 +0000
2486
2487strongswan (5.1.1-0ubuntu10) trusty; urgency=low
2488
2489 * debian/patches: Added patch 02_increase-test_rsa_generate-timeout.patch -
2490 - Increases RSA key generate test timeout to 30 seconds so that it doesn't
2491 fail on armhf, arm64, and powerppc.
2492 * Contrary to what the last changelog entry says, we are still running
2493 strongswan as root (with AppArmor protection).
2494
2495 -- Jonathan Davies <jonathan.davies@canonical.com> Tue, 31 Dec 2013 06:06:47 +0000
2496
2497strongswan (5.1.1-0ubuntu9) trusty; urgency=low
2498
2499 * debian/rules: Added to configure options:
2500 - --enable-tnc-ifmap: enable TNC IF-MAP module.
2501 - --enable-duplicheck: enable duplicheck plugin.
2502 - --enable-imv-swid, --enable-imc-swid: Added.
2503 - Run strongswan as it's own user.
2504 * debian/strongswan-starter.install: Install duplicheck.
2505 * debian/strongswan-tnc-imcvs.install: Install swidtags.
2506
2507 -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 30 Dec 2013 19:33:27 +0000
2508
2509strongswan (5.1.1-0ubuntu8) trusty; urgency=low
2510
2511 * debian/rules: Added to configure options:
2512 - --enable-unit-tests: check unit testing on build.
2513 - --enable-unbound: for validating DNS lookups.
2514 - --enable-dnscert: for DNSCERT peer authentication.
2515 - --enable-ipseckey: for IPSEC key authentication.
2516 - --enable-lookip: for LookIP functionality.
2517 - --enable-coupling: certificate coupling functionality.
2518 * debian/control: Added check, libldns-dev, libunbound-dev to
2519 build-dependencies.
2520 * debian/libstrongswan.install: Install new plugin .so's.
2521 * debian/strongswan-starter.install: Added lookip.
2522
2523 -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 30 Dec 2013 17:52:07 +0000
2524
2525strongswan (5.1.1-0ubuntu7) trusty; urgency=low
2526
2527 * strongswan-starter.install: Moved pt-tls-client to tnc-imcvs (to prevent
2528 the former from depending on the latter).
2529
2530 -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 30 Dec 2013 17:30:19 +0000
2531
2532strongswan (5.1.1-0ubuntu6) trusty; urgency=low
2533
2534 * debian/strongswan-starter.prerm: Stop strongswan service on package
2535 removal (as opposed to using the old init.d script).
2536
2537 -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 30 Dec 2013 17:22:10 +0000
2538
2539strongswan (5.1.1-0ubuntu5) trusty; urgency=low
2540
2541 * debian/rules:
2542 - CONFIGUREARGS: Merged Debian and RPM options.
2543 - Brings in TNC functionality.
2544 * debian/control:
2545 - Added build-dependency on libtspi-dev.
2546 - Created strongswan-tnc-imcvs binary package for TNC components.
2547 - Added strongswan-tnc-imcvs to libstrongswan's Suggests.
2548 * debian/libstrongswan.install:
2549 - Included newly built MD4 and SQLite libraries.
2550 - Removed 'tnc' references (moved to TNC package).
2551 * debian/strongswan-tnc-imcvs.install: Created - handle new TNC libraries and
2552 binaries.
2553 * debian/usr.lib.ipsec.charon: Allow access to TNC modules.
2554
2555 -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 30 Dec 2013 14:05:43 +0000
2556
2557strongswan (5.1.1-0ubuntu4) trusty; urgency=low
2558
2559 * debian/usr.lib.ipsec.charon: Added - AppArmor profile for charon.
2560 * debian/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call.
2561 * debian/control: strongswan-ike - Stop depending on ipsec-tools.
2562
2563 -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 30 Dec 2013 05:35:17 +0000
2564
2565strongswan (5.1.1-0ubuntu3) trusty; urgency=low
2566
2567 * strongswan-starter.strongswan.upstart - Only start strongSwan when a
2568 network connection is available.
2569 * debian/control: Downgrade build-dep version of dpkg-dev from 1.16.2 to
2570 1.16.1 - to make precise backporting easier.
2571
2572 -- Jonathan Davies <jonathan.davies@canonical.com> Thu, 12 Dec 2013 10:43:15 +0000
2573
2574strongswan (5.1.1-0ubuntu2) trusty; urgency=low
2575
2576 * strongswan-starter.strongswan.upstart - Created Upstart job for
2577 strongSwan.
2578 * debian/rules: Set dh_installinit to install above file.
2579 * debian/strongswan-starter.postinit:
2580 - Removed section about runlevel changes, it's almost 2014.
2581 - Adapted service restart section for Upstart.
2582 - Remove old symlinks to init.d files is necessary.
2583 * debian/strongswan-starter.dirs: Don't touch /etc/init.d.
2584
2585 -- Jonathan Davies <jonathan.davies@canonical.com> Wed, 11 Dec 2013 23:10:28 +0000
2586
2587strongswan (5.1.1-0ubuntu1) trusty; urgency=low
2588
2589 * New upstream release.
2590 * Removed: debian/patches/CVE-2013-6075, CVE-2013-6076.patch - upsteamed.
2591 * debian/control: Updated Standards-Version to 3.9.5 and applied
2592 XSBC-Original-Maintainer policy.
2593 * strongswan-starter.install:
2594 - pki tool is now in /usr/bin.
2595 - Install pt-tls-client.
2596 - Install manpages (LP: #1206263).
2597
2598 -- Jonathan Davies <jpds@ubuntu.com> Sun, 01 Dec 2013 17:43:59 +0000
2599
847strongswan (5.1.0-3) unstable; urgency=high2600strongswan (5.1.0-3) unstable; urgency=high
8482601
849 * urgency=high for the security fixes.2602 * urgency=high for the security fixes.
diff --git a/debian/control b/debian/control
index 9ed97b7..06faee6 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,8 @@
1Source: strongswan1Source: strongswan
2Section: net2Section: net
3Priority: optional3Priority: optional
4Maintainer: strongSwan Maintainers <pkg-swan-devel@lists.alioth.debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: strongSwan Maintainers <pkg-swan-devel@lists.alioth.debian.org>
5Uploaders: Yves-Alexis Perez <corsac@debian.org>6Uploaders: Yves-Alexis Perez <corsac@debian.org>
6Standards-Version: 4.6.07Standards-Version: 4.6.0
7Vcs-Browser: https://salsa.debian.org/debian/strongswan8Vcs-Browser: https://salsa.debian.org/debian/strongswan
@@ -136,6 +137,7 @@ Description: strongSwan utility and crypto library (extra plugins)
136 - gcrypt (Crypto backend based on libgcrypt, provides137 - gcrypt (Crypto backend based on libgcrypt, provides
137 RSA/DH/ciphers/hashers/rng)138 RSA/DH/ciphers/hashers/rng)
138 - ldap (LDAP fetching plugin based on libldap)139 - ldap (LDAP fetching plugin based on libldap)
140 - ntru (key exchanged based on post-quantum computer NTRU)
139 - padlock (VIA padlock crypto backend, provides AES128/SHA1)141 - padlock (VIA padlock crypto backend, provides AES128/SHA1)
140 - pkcs11 (PKCS#11 smartcard backend)142 - pkcs11 (PKCS#11 smartcard backend)
141 - rdrand (High quality / high performance random source using the Intel143 - rdrand (High quality / high performance random source using the Intel
@@ -203,6 +205,9 @@ Description: strongSwan charon library (extra plugins)
203 - unity (Cisco Unity extensions for IKEv1)205 - unity (Cisco Unity extensions for IKEv1)
204 - xauth-eap (XAuth backend that uses EAP methods to verify passwords)206 - xauth-eap (XAuth backend that uses EAP methods to verify passwords)
205 - xauth-pam (XAuth backend that uses PAM modules to verify passwords)207 - xauth-pam (XAuth backend that uses PAM modules to verify passwords)
208 - eap-dynamic (EAP proxy plugin that dynamically selects an EAP method
209 requested/supported by the client (since 5.0.1))
210 - eap-peap (EAP-PEAP protocol handler, wraps other EAP methods securely)
206211
207Package: strongswan-starter212Package: strongswan-starter
208Architecture: any213Architecture: any
@@ -210,9 +215,9 @@ Pre-Depends: ${misc:Pre-Depends}
210Depends: adduser,215Depends: adduser,
211 libstrongswan (= ${binary:Version}),216 libstrongswan (= ${binary:Version}),
212 lsb-base (>= 3.0-6),217 lsb-base (>= 3.0-6),
218 strongswan-charon,
213 ${misc:Depends},219 ${misc:Depends},
214 ${shlibs:Depends}220 ${shlibs:Depends}
215Recommends: strongswan-charon
216Conflicts: openswan221Conflicts: openswan
217Description: strongSwan daemon starter and configuration file parser222Description: strongSwan daemon starter and configuration file parser
218 The strongSwan VPN suite uses the native IPsec stack in the standard223 The strongSwan VPN suite uses the native IPsec stack in the standard
@@ -251,9 +256,9 @@ Architecture: any
251Pre-Depends: debconf | debconf-2.0256Pre-Depends: debconf | debconf-2.0
252Depends: iproute2 [linux-any] | iproute [linux-any],257Depends: iproute2 [linux-any] | iproute [linux-any],
253 libstrongswan (= ${binary:Version}),258 libstrongswan (= ${binary:Version}),
254 strongswan-starter,
255 ${misc:Depends},259 ${misc:Depends},
256 ${shlibs:Depends}260 ${shlibs:Depends}
261Recommends: strongswan-starter,
257Provides: ike-server262Provides: ike-server
258Description: strongSwan Internet Key Exchange daemon263Description: strongSwan Internet Key Exchange daemon
259 The strongSwan VPN suite uses the native IPsec stack in the standard264 The strongSwan VPN suite uses the native IPsec stack in the standard
diff --git a/debian/libcharon-extra-plugins.install b/debian/libcharon-extra-plugins.install
index 94fbabd..91ca716 100644
--- a/debian/libcharon-extra-plugins.install
+++ b/debian/libcharon-extra-plugins.install
@@ -2,9 +2,11 @@
2usr/lib/ipsec/plugins/libstrongswan-addrblock.so2usr/lib/ipsec/plugins/libstrongswan-addrblock.so
3usr/lib/ipsec/plugins/libstrongswan-certexpire.so3usr/lib/ipsec/plugins/libstrongswan-certexpire.so
4usr/lib/ipsec/plugins/libstrongswan-eap-aka.so4usr/lib/ipsec/plugins/libstrongswan-eap-aka.so
5usr/lib/ipsec/plugins/libstrongswan-eap-dynamic.so
5usr/lib/ipsec/plugins/libstrongswan-eap-gtc.so6usr/lib/ipsec/plugins/libstrongswan-eap-gtc.so
6usr/lib/ipsec/plugins/libstrongswan-eap-identity.so7usr/lib/ipsec/plugins/libstrongswan-eap-identity.so
7usr/lib/ipsec/plugins/libstrongswan-eap-md5.so8usr/lib/ipsec/plugins/libstrongswan-eap-md5.so
9usr/lib/ipsec/plugins/libstrongswan-eap-peap.so
8usr/lib/ipsec/plugins/libstrongswan-eap-radius.so10usr/lib/ipsec/plugins/libstrongswan-eap-radius.so
9usr/lib/ipsec/plugins/libstrongswan-eap-tls.so11usr/lib/ipsec/plugins/libstrongswan-eap-tls.so
10usr/lib/ipsec/plugins/libstrongswan-eap-tnc.so12usr/lib/ipsec/plugins/libstrongswan-eap-tnc.so
@@ -25,9 +27,11 @@ usr/lib/ipsec/plugins/libstrongswan-xauth-pam.so
25usr/share/strongswan/templates/config/plugins/addrblock.conf27usr/share/strongswan/templates/config/plugins/addrblock.conf
26usr/share/strongswan/templates/config/plugins/certexpire.conf28usr/share/strongswan/templates/config/plugins/certexpire.conf
27usr/share/strongswan/templates/config/plugins/eap-aka.conf29usr/share/strongswan/templates/config/plugins/eap-aka.conf
30usr/share/strongswan/templates/config/plugins/eap-dynamic.conf
28usr/share/strongswan/templates/config/plugins/eap-gtc.conf31usr/share/strongswan/templates/config/plugins/eap-gtc.conf
29usr/share/strongswan/templates/config/plugins/eap-identity.conf32usr/share/strongswan/templates/config/plugins/eap-identity.conf
30usr/share/strongswan/templates/config/plugins/eap-md5.conf33usr/share/strongswan/templates/config/plugins/eap-md5.conf
34usr/share/strongswan/templates/config/plugins/eap-peap.conf
31usr/share/strongswan/templates/config/plugins/eap-radius.conf35usr/share/strongswan/templates/config/plugins/eap-radius.conf
32usr/share/strongswan/templates/config/plugins/eap-tls.conf36usr/share/strongswan/templates/config/plugins/eap-tls.conf
33usr/share/strongswan/templates/config/plugins/eap-tnc.conf37usr/share/strongswan/templates/config/plugins/eap-tnc.conf
@@ -49,9 +53,11 @@ etc/strongswan.d/tnc.conf
49etc/strongswan.d/charon/addrblock.conf53etc/strongswan.d/charon/addrblock.conf
50etc/strongswan.d/charon/certexpire.conf54etc/strongswan.d/charon/certexpire.conf
51etc/strongswan.d/charon/eap-aka.conf55etc/strongswan.d/charon/eap-aka.conf
56etc/strongswan.d/charon/eap-dynamic.conf
52etc/strongswan.d/charon/eap-gtc.conf57etc/strongswan.d/charon/eap-gtc.conf
53etc/strongswan.d/charon/eap-identity.conf58etc/strongswan.d/charon/eap-identity.conf
54etc/strongswan.d/charon/eap-md5.conf59etc/strongswan.d/charon/eap-md5.conf
60etc/strongswan.d/charon/eap-peap.conf
55etc/strongswan.d/charon/eap-radius.conf61etc/strongswan.d/charon/eap-radius.conf
56etc/strongswan.d/charon/eap-tls.conf62etc/strongswan.d/charon/eap-tls.conf
57etc/strongswan.d/charon/eap-tnc.conf63etc/strongswan.d/charon/eap-tnc.conf
diff --git a/debian/libcharon-extra-plugins.maintscript b/debian/libcharon-extra-plugins.maintscript
58new file mode 10064464new file mode 100644
index 0000000..f6e7a3a
--- /dev/null
+++ b/debian/libcharon-extra-plugins.maintscript
@@ -0,0 +1,8 @@
1rm_conffile /etc/strongswan.d/charon/eap-aka-3gpp2.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins
2rm_conffile /etc/strongswan.d/charon/eap-sim-file.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins
3rm_conffile /etc/strongswan.d/charon/eap-sim-pcsc.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins
4rm_conffile /etc/strongswan.d/charon/eap-sim.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins
5rm_conffile /etc/strongswan.d/charon/eap-simaka-pseudonym.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins
6rm_conffile /etc/strongswan.d/charon/eap-simaka-reauth.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins
7rm_conffile /etc/strongswan.d/charon/eap-simaka-sql.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins
8rm_conffile /etc/strongswan.d/charon/xauth-noauth.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins
diff --git a/debian/libstrongswan-extra-plugins.install b/debian/libstrongswan-extra-plugins.install
index 2846e21..8f71239 100644
--- a/debian/libstrongswan-extra-plugins.install
+++ b/debian/libstrongswan-extra-plugins.install
@@ -9,6 +9,7 @@ usr/lib/ipsec/plugins/libstrongswan-curl.so
9usr/lib/ipsec/plugins/libstrongswan-curve25519.so9usr/lib/ipsec/plugins/libstrongswan-curve25519.so
10usr/lib/ipsec/plugins/libstrongswan-gcrypt.so10usr/lib/ipsec/plugins/libstrongswan-gcrypt.so
11usr/lib/ipsec/plugins/libstrongswan-ldap.so11usr/lib/ipsec/plugins/libstrongswan-ldap.so
12usr/lib/ipsec/plugins/libstrongswan-ntru.so
12usr/lib/ipsec/plugins/libstrongswan-pkcs11.so13usr/lib/ipsec/plugins/libstrongswan-pkcs11.so
13usr/lib/ipsec/plugins/libstrongswan-test-vectors.so14usr/lib/ipsec/plugins/libstrongswan-test-vectors.so
14usr/lib/ipsec/plugins/libstrongswan-tpm.so15usr/lib/ipsec/plugins/libstrongswan-tpm.so
@@ -21,6 +22,7 @@ usr/share/strongswan/templates/config/plugins/curl.conf
21usr/share/strongswan/templates/config/plugins/curve25519.conf22usr/share/strongswan/templates/config/plugins/curve25519.conf
22usr/share/strongswan/templates/config/plugins/gcrypt.conf23usr/share/strongswan/templates/config/plugins/gcrypt.conf
23usr/share/strongswan/templates/config/plugins/ldap.conf24usr/share/strongswan/templates/config/plugins/ldap.conf
25usr/share/strongswan/templates/config/plugins/ntru.conf
24usr/share/strongswan/templates/config/plugins/pkcs11.conf26usr/share/strongswan/templates/config/plugins/pkcs11.conf
25usr/share/strongswan/templates/config/plugins/test-vectors.conf27usr/share/strongswan/templates/config/plugins/test-vectors.conf
26usr/share/strongswan/templates/config/plugins/tpm.conf28usr/share/strongswan/templates/config/plugins/tpm.conf
@@ -32,6 +34,7 @@ etc/strongswan.d/charon/curl.conf
32etc/strongswan.d/charon/curve25519.conf34etc/strongswan.d/charon/curve25519.conf
33etc/strongswan.d/charon/gcrypt.conf35etc/strongswan.d/charon/gcrypt.conf
34etc/strongswan.d/charon/ldap.conf36etc/strongswan.d/charon/ldap.conf
37etc/strongswan.d/charon/ntru.conf
35etc/strongswan.d/charon/pkcs11.conf38etc/strongswan.d/charon/pkcs11.conf
36etc/strongswan.d/charon/test-vectors.conf39etc/strongswan.d/charon/test-vectors.conf
37etc/strongswan.d/charon/tpm.conf40etc/strongswan.d/charon/tpm.conf
diff --git a/debian/rules b/debian/rules
index 2fed1f1..8ca4bd7 100755
--- a/debian/rules
+++ b/debian/rules
@@ -15,9 +15,11 @@ CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \
15 --enable-curl \15 --enable-curl \
16 --enable-eap-aka \16 --enable-eap-aka \
17 --enable-eap-gtc \17 --enable-eap-gtc \
18 --enable-eap-dynamic \
18 --enable-eap-identity \19 --enable-eap-identity \
19 --enable-eap-md5 \20 --enable-eap-md5 \
20 --enable-eap-mschapv2 \21 --enable-eap-mschapv2 \
22 --enable-eap-peap \
21 --enable-eap-radius \23 --enable-eap-radius \
22 --enable-eap-tls \24 --enable-eap-tls \
23 --enable-eap-tnc \25 --enable-eap-tnc \
@@ -32,6 +34,7 @@ CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \
32 --enable-led \34 --enable-led \
33 --enable-lookip \35 --enable-lookip \
34 --enable-mediation \36 --enable-mediation \
37 --enable-ntru \
35 --enable-openssl \38 --enable-openssl \
36 --enable-pkcs11 \39 --enable-pkcs11 \
37 --enable-test-vectors \40 --enable-test-vectors \

Subscribers

People subscribed via source and target branches