Ubuntu
strongswan package

Merge ~paelzer/ubuntu/+source/strongswan:lp-1863749-re-add-ntru-focal into ubuntu/+source/strongswan:ubuntu/focal-devel

  1. Git
  2. lp:~paelzer/ubuntu/+source/strongswan
  3. lp-1863749-re-add-ntru-focal
  4. Merge into ubuntu/focal-devel
Proposed by Christian Ehrhardt 
Status: Merged
Approved by: Christian Ehrhardt 
Approved revision: 5b55f7edc42ce76a8a221ab1b2d18f4954cac4c9
Merge reported by: Christian Ehrhardt 
Merged at revision: 5b55f7edc42ce76a8a221ab1b2d18f4954cac4c9
Proposed branch: ~paelzer/ubuntu/+source/strongswan:lp-1863749-re-add-ntru-focal
Merge into: ubuntu/+source/strongswan:ubuntu/focal-devel
Diff against target: 83 lines (+8/-9)
4 files modified
debian/changelog (+8/-0)
debian/control (+0/-3)
debian/libstrongswan-extra-plugins.install (+0/-5)
debian/rules (+0/-1)
Reviewer Review Type Date Requested Status
Andreas Hasenack Approve
Canonical Server Pending
git-ubuntu developers Pending
Review via email: mp+380464@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

PPA: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3969

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

It seems the import of ubuntu2 failed, therefore the diff here is odd.
Ah it it could not get the history on it, I rebased and force-pushed now the preview here should be better.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Tests are good except i386 which doesn't really exist for the actual upload.
Waiting on review ...

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Taking a look

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Looks good, +1

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Affected by empty dir issue, uploading without tagging.

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading strongswan_5.8.2-1ubuntu3.dsc: done.
  Uploading strongswan_5.8.2-1ubuntu3.debian.tar.xz: done.
  Uploading strongswan_5.8.2-1ubuntu3_source.buildinfo: done.
  Uploading strongswan_5.8.2-1ubuntu3_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index fff25fd..aa4f342 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,11 @@
6+strongswan (5.8.2-1ubuntu3) focal; urgency=medium
7+
8+ * Reverting part of 5.8.2-1ubuntu2 changes to remove BLISS again as
9+ there is a potential local side-channel attack on strongSwan's BLISS
10+ implementation (https://eprint.iacr.org/2017/505). (LP: #1866765)
11+
12+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 10 Mar 2020 07:56:56 +0100
13+
14 strongswan (5.8.2-1ubuntu2) focal; urgency=medium
15
16 * re-add post-quantum computer signature scheme (BLISS) and encryption
17diff --git a/debian/control b/debian/control
18index ca1f4a8..6a88299 100644
19--- a/debian/control
20+++ b/debian/control
21@@ -129,8 +129,6 @@ Description: strongSwan utility and crypto library (extra plugins)
22 Included plugins are:
23 - af-alg [linux] (AF_ALG Linux crypto API interface, provides
24 ciphers/hashers/hmac/xcbc)
25- - bliss (Bimodal Lattice Signature Scheme (BLISS) post-quantum computer
26- signature scheme)
27 - ccm (CCM cipher mode wrapper)
28 - cmac (CMAC cipher mode wrapper)
29 - ctr (CTR cipher mode wrapper)
30@@ -140,7 +138,6 @@ Description: strongSwan utility and crypto library (extra plugins)
31 - gcrypt (Crypto backend based on libgcrypt, provides
32 RSA/DH/ciphers/hashers/rng)
33 - ldap (LDAP fetching plugin based on libldap)
34- - nttfft (Number Theoretic Transform via the FFT algorithm)
35 - ntru (key exchanged based on post-quantum computer NTRU)
36 - padlock (VIA padlock crypto backend, provides AES128/SHA1)
37 - pkcs11 (PKCS#11 smartcard backend)
38diff --git a/debian/libstrongswan-extra-plugins.install b/debian/libstrongswan-extra-plugins.install
39index d14a193..8f71239 100644
40--- a/debian/libstrongswan-extra-plugins.install
41+++ b/debian/libstrongswan-extra-plugins.install
42@@ -1,7 +1,6 @@
43 # Tool for TPM PCR extension
44 usr/bin/tpm_extendpcr
45 # libstrongswan plugins
46-usr/lib/ipsec/plugins/libstrongswan-bliss.so
47 usr/lib/ipsec/plugins/libstrongswan-ccm.so
48 usr/lib/ipsec/plugins/libstrongswan-chapoly.so
49 usr/lib/ipsec/plugins/libstrongswan-cmac.so
50@@ -15,7 +14,6 @@ usr/lib/ipsec/plugins/libstrongswan-pkcs11.so
51 usr/lib/ipsec/plugins/libstrongswan-test-vectors.so
52 usr/lib/ipsec/plugins/libstrongswan-tpm.so
53 # default configuration files
54-usr/share/strongswan/templates/config/plugins/bliss.conf
55 usr/share/strongswan/templates/config/plugins/ccm.conf
56 usr/share/strongswan/templates/config/plugins/cmac.conf
57 usr/share/strongswan/templates/config/plugins/chapoly.conf
58@@ -28,7 +26,6 @@ usr/share/strongswan/templates/config/plugins/ntru.conf
59 usr/share/strongswan/templates/config/plugins/pkcs11.conf
60 usr/share/strongswan/templates/config/plugins/test-vectors.conf
61 usr/share/strongswan/templates/config/plugins/tpm.conf
62-etc/strongswan.d/charon/bliss.conf
63 etc/strongswan.d/charon/ccm.conf
64 etc/strongswan.d/charon/chapoly.conf
65 etc/strongswan.d/charon/cmac.conf
66@@ -44,5 +41,3 @@ etc/strongswan.d/charon/tpm.conf
67 # TPM libs
68 usr/lib/ipsec/libtpmtss.so.*
69 usr/lib/ipsec/libtpmtss.so
70-# Number Theoretic Transform via FFT libs
71-usr/lib/ipsec/libnttfft.so*
72diff --git a/debian/rules b/debian/rules
73index 5336324..7ee20ea 100755
74--- a/debian/rules
75+++ b/debian/rules
76@@ -6,7 +6,6 @@ export DEB_BUILD_MAINT_OPTIONS=hardening=+all
77 CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \
78 --enable-addrblock \
79 --enable-agent \
80- --enable-bliss \
81 --enable-bypass-lan \
82 --enable-ccm \
83 --enable-certexpire \

Subscribers

People subscribed via source and target branches