Remove conf files of plugins removed from libcharon-extra-plugins
These plugins were removed in version 5.8.0-2, and after upgrading to a
greater version an user might get confused since the conf files are
there but the plugins are not installed.
eap-dynamic might be quite useful for users because it allows clients to
select an alternative EAP method if the one selected by the server
initially is not supported.
eap-peap is still widely used by users because it is what most of the
clients implements. It is often used in combination with EAP-MSCHAPv2 to
authenticate e.g. WiFi clients (the TLS connection in EAP-PEAP protects
the potentially weak password authentication in EAP-MSCHAPv2). For
instance, using the same protocol for VPN clients allows reusing the
existing AAA infrastructure (AD/RADIUS server).
New changelog entries:
* Reverting part of 5.8.2-1ubuntu2 changes to remove BLISS again as
there is a potential local side-channel attack on strongSwan's BLISS
implementation (https://eprint.iacr.org/2017/505). (LP: #1866765)
New changelog entries:
* re-add post-quantum computer signature scheme (BLISS) and encryption
algorithm (NTRU) as well as the dependent nttfft library (LP: #1863749)
- d/control: mention plugins in package description
- d/rules: enable ntru and bliss at build time
- d/libstrongswan-extra-plugins.install: ship config and shared objects
New changelog entries:
* Merge with Debian unstable (LP: #1861971). Remaining changes:
- d/control: Transition from strongswan-tnc-* being in extra packages
to libcharon-extra-plugins (drop after 20.04)
- d/control: Transition from former Ubuntu only libcharon-standard-plugins
to common libcharon-extauth-plugins (drop after 20.04)
- d/control: strongswan-starter hard-depends on strongswan-charon,
therefore bump the dependency from Recommends to Depends. At the same
time avoid a circular dependency by dropping
strongswan-charon->strongswan-starter from Depends to Recommends as the
binaries can work without the services but not vice versa.
* Added Changes
- d/control: build-depend on libiptc-dev to avoid FTBFS (LP: #1861975)
This is needed due to changes in regard to Debian bug 947176 and 939243
and can later be dropped again.
New changelog entries:
[ Christian Ehrhardt ]
* d/control: Mention mgf1 plugin which is in libstrongswan now
* Complete the disabling of libfast
* Clean up d/strongswan-starter.postinst: section about runlevel changes
* Clean up d/strongswan-starter.postinst: opportunistic encryption
* Enable kernel-libipsec for use of strongswan in containers
* d/control, d/libcharon-{extras,extauth}-plugins.install: Add
extauth-plugins package (Recommends)
* apparmor: d/usr.lib.ipsec.charon: sync notify rule from charon-systemd
* apparmor: fix apparmor denies reading the own FDs (LP: 1786250)
* apparmor: d/usr.sbin.charon-systemd: allow CLUSTERIP for ha plugin
(LP: 1773956)
* apparmor: d/usr.lib.ipsec.stroke: executables need to be able to read map
and execute themselves
* apparmor: d/usr.lib.ipsec.lookip: executables need to be able to read map
and execute themselves
* apparmor: d/usr.sbin.swanctl: add apparmor rule for af-alg plugin
(LP: 1807962)
* d/control: libtpmtss is actually packaged in libstrongswan-extra-plugins
[ Ryan Harper ]
* Remove code related to unused debconf managed config
[ Yves-Alexis Perez ]
* ship xfrmi only on Linux, fix FTBFS on kfreebsd
* d/libcharon-extra-plugins.install: drop plugins disabled in Debian
* d/control: update standards version to 4.4.1
* d/strongswan-starter.templates: drop runlevel_changes
* let dh_installinit handle update-rc.d calls
* d/salsa-ci.yml: add a salsa pipeline config
* d/rules: drop dbgsym migration
* strongswan-starter: update line number in lintian override