Merge ~paelzer/ubuntu/+source/strongswan:merge-5.9.1-1-hirsute into ubuntu/+source/strongswan:debian/sid
- Git
- lp:~paelzer/ubuntu/+source/strongswan
- merge-5.9.1-1-hirsute
- Merge into debian/sid
Status: | Merged | ||||||||
---|---|---|---|---|---|---|---|---|---|
Approved by: | Christian Ehrhardt | ||||||||
Approved revision: | cd2542f037bdb51e6198968c3c2035ce72fccc4c | ||||||||
Merge reported by: | Bryce Harrington | ||||||||
Merged at revision: | cd2542f037bdb51e6198968c3c2035ce72fccc4c | ||||||||
Proposed branch: | ~paelzer/ubuntu/+source/strongswan:merge-5.9.1-1-hirsute | ||||||||
Merge into: | ubuntu/+source/strongswan:debian/sid | ||||||||
Diff against target: |
1868 lines (+1630/-3) 6 files modified
debian/changelog (+1602/-0) debian/control (+8/-3) debian/libcharon-extra-plugins.install (+6/-0) debian/libcharon-extra-plugins.maintscript (+8/-0) debian/libstrongswan-extra-plugins.install (+3/-0) debian/rules (+3/-0) |
||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Lucas Kanashiro (community) | Approve | ||
Canonical Server packageset reviewers | Pending | ||
Canonical Server | Pending | ||
Review via email: mp+396490@code.launchpad.net |
Commit message
Description of the change
Christian Ehrhardt (paelzer) wrote : | # |
Lucas Kanashiro (lucaskanashiro) wrote : | # |
* Changelog:
- [√] old content and logical tag match as expected
- [√] changelog entry correct version and targeted codename
- [√] changelog entries correct
- [√] update-maintainer has been run
* Actual changes:
- [√] no upstream changes to consider
- [√] no further upstream version to consider
- [√] debian changes look safe
* Old Delta:
- [-] dropped changes are ok to be dropped
- [√] nothing else to drop
- [√] changes forwarded upstream/debian (if appropriate)
* New Delta:
- [√] no new patches added
- [-] patches match what was proposed upstream
- [-] patches correctly included in debian/
- [-] patches have correct DEP3 metadata
* Build/Test:
- [√] build is ok
- [√] verified PPA package installs/uninstalls
- [√] autopkgtest against the PPA package passes
- [√] sanity checks test fine
LGTM, +1.
Christian Ehrhardt (paelzer) wrote : | # |
Thanks Lucas, I was also running some tests connecting two VMs and they worked fine as well.
Running test: './test-
test_00_configure (__main_
Configure strongswan, interfaces, and routing ... ok
test_01_
Remote gateway is pingable ... ok
test_02_
Remote tunnelled network is pingable ... ok
test_99_shutdown (__main_
Shutting down ... ok
-------
Ran 4 tests in 5.130s
OK
+ echo 'OUTPUT - TEST2'
OUTPUT - TEST2
+ cat /tmp/tmp.hvfU6RdvCX
Running test: './test-
test_00_configure (__main_
Configure strongswan, interfaces, and routing ... ok
test_01_
Remote gateway is pingable ... ok
test_02_
Remote tunnelled network is pingable ... ok
test_99_shutdown (__main_
Shutting down ... ok
+ echo 'OUTPUT - TEST1'
OUTPUT - TEST1
+ cat /tmp/tmp.avmK9rnhCt
Running test: './test-
test_00_configure (__main_
Configure strongswan, interfaces, and routing ... ok
test_01_
Remote gateway is pingable ... ok
test_02_
Remote tunnelled network is pingable ... ok
test_99_shutdown (__main_
Shutting down ... ok
-------
Ran 4 tests in 5.144s
OK
+ echo 'OUTPUT - TEST2'
OUTPUT - TEST2
+ cat /tmp/tmp.33IqbW4Fsi
Running test: './test-
test_00_configure (__main_
Configure strongswan, interfaces, and routing ... ok
test_01_
Remote gateway is pingable ... ok
test_02_
Remote tunnelled network is pingable ... ok
test_99_shutdown (__main_
Shutting down ... ok
-------
Ran 4 tests in 6.149s
Uploading...
Christian Ehrhardt (paelzer) wrote : | # |
To ssh://git.
* [new tag] upload/
Uploading to ubuntu (via ftp to upload.ubuntu.com):
Uploading strongswan_
Uploading strongswan_
Uploading strongswan_
Uploading strongswan_
Uploading strongswan_
Successfully uploaded packages.
Bryce Harrington (bryce) wrote : | # |
strongswan | 5.9.1-1ubuntu1 | hirsute | source
This has migrated
Preview Diff
1 | diff --git a/debian/changelog b/debian/changelog |
2 | index ab290ba..cc0057d 100644 |
3 | --- a/debian/changelog |
4 | +++ b/debian/changelog |
5 | @@ -1,3 +1,28 @@ |
6 | +strongswan (5.9.1-1ubuntu1) hirsute; urgency=medium |
7 | + |
8 | + * Merge with Debian unstable. Remaining changes: |
9 | + - d/control: strongswan-starter hard-depends on strongswan-charon, |
10 | + therefore bump the dependency from Recommends to Depends. At the same |
11 | + time avoid a circular dependency by dropping |
12 | + strongswan-charon->strongswan-starter from Depends to Recommends as the |
13 | + binaries can work without the services but not vice versa. |
14 | + - re-add post-quantum encryption algorithm (NTRU) (LP: 1863749) |
15 | + + d/control: mention plugins in package description |
16 | + + d/rules: enable ntru at build time |
17 | + + d/libstrongswan-extra-plugins.install: ship config and shared objects |
18 | + - Re-enable eap-{dynamic,peap} libcharon plugins (LP: 1878887) |
19 | + + d/control: update libcharon-extra-plugins description. |
20 | + + d/libcharon-extra-plugins.install: install .so and conf files. |
21 | + + d/rules: add plugins to the configuration arguments. |
22 | + - Remove conf files of plugins removed from libcharon-extra-plugins |
23 | + + The conf file of the following plugins were removed: eap-aka-3gpp2, |
24 | + eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym, |
25 | + eap-simaka-reauth, eap-simaka-sql, xauth-noauth. |
26 | + + Created d/libcharon-extra-plugins.maintscript to handle the removals |
27 | + properly. |
28 | + |
29 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 19 Jan 2021 12:39:11 +0100 |
30 | + |
31 | strongswan (5.9.1-1) unstable; urgency=medium |
32 | |
33 | * New upstream version 5.9.1 |
34 | @@ -12,6 +37,45 @@ strongswan (5.9.0-1) unstable; urgency=medium |
35 | |
36 | -- Yves-Alexis Perez <corsac@debian.org> Thu, 17 Sep 2020 10:21:30 +0200 |
37 | |
38 | +strongswan (5.8.4-1ubuntu2) groovy; urgency=medium |
39 | + |
40 | + * Re-enable eap-{dynamic,peap} libcharon plugins (LP: #1878887) |
41 | + - d/control: update libcharon-extra-plugins description. |
42 | + - d/libcharon-extra-plugins.install: install .so and conf files. |
43 | + - d/rules: add plugins to the configuration arguments. |
44 | + * Remove conf files of plugins removed from libcharon-extra-plugins |
45 | + - The conf file of the following plugins were removed: eap-aka-3gpp2, |
46 | + eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym, |
47 | + eap-simaka-reauth, eap-simaka-sql, xauth-noauth. |
48 | + - Created d/libcharon-extra-plugins.maintscript to handle the removals |
49 | + properly. |
50 | + |
51 | + -- Lucas Kanashiro <kanashiro@ubuntu.com> Thu, 21 May 2020 14:53:05 -0300 |
52 | + |
53 | +strongswan (5.8.4-1ubuntu1) groovy; urgency=medium |
54 | + |
55 | + * Merge with Debian unstable. Remaining changes: |
56 | + - d/control: strongswan-starter hard-depends on strongswan-charon, |
57 | + therefore bump the dependency from Recommends to Depends. At the same |
58 | + time avoid a circular dependency by dropping |
59 | + strongswan-charon->strongswan-starter from Depends to Recommends as the |
60 | + binaries can work without the services but not vice versa. |
61 | + - re-add post-quantum encryption algorithm (NTRU) (LP: 1863749) |
62 | + + d/control: mention plugins in package description |
63 | + + d/rules: enable ntru at build time |
64 | + + d/libstrongswan-extra-plugins.install: ship config and shared objects |
65 | + * Dropped: |
66 | + - d/control: build-depend on libiptc-dev to avoid FTBFS (LP: #1861975) |
67 | + This is needed due to changes in regard to Debian bug 947176 and 939243 |
68 | + and can later be dropped again. |
69 | + [applied by Debian in version 5.8.2-2] |
70 | + - d/control: Transition from former Ubuntu only libcharon-standard-plugins |
71 | + to common libcharon-extauth-plugins (drop after 20.04) |
72 | + - d/control: Transition from strongswan-tnc-* being in extra packages |
73 | + to libcharon-extra-plugins (drop after 20.04) |
74 | + |
75 | + -- Lucas Kanashiro <lucas.kanashiro@canonical.com> Thu, 30 Apr 2020 18:06:55 -0300 |
76 | + |
77 | strongswan (5.8.4-1) unstable; urgency=medium |
78 | |
79 | * New upstream version 5.8.4 (Closes: #956446) |
80 | @@ -27,6 +91,43 @@ strongswan (5.8.2-2) unstable; urgency=medium |
81 | |
82 | -- Yves-Alexis Perez <corsac@debian.org> Thu, 13 Feb 2020 22:46:40 +0100 |
83 | |
84 | +strongswan (5.8.2-1ubuntu3) focal; urgency=medium |
85 | + |
86 | + * Reverting part of 5.8.2-1ubuntu2 changes to remove BLISS again as |
87 | + there is a potential local side-channel attack on strongSwan's BLISS |
88 | + implementation (https://eprint.iacr.org/2017/505). (LP: #1866765) |
89 | + |
90 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 10 Mar 2020 07:56:56 +0100 |
91 | + |
92 | +strongswan (5.8.2-1ubuntu2) focal; urgency=medium |
93 | + |
94 | + * re-add post-quantum computer signature scheme (BLISS) and encryption |
95 | + algorithm (NTRU) as well as the dependent nttfft library (LP: #1863749) |
96 | + - d/control: mention plugins in package description |
97 | + - d/rules: enable ntru and bliss at build time |
98 | + - d/libstrongswan-extra-plugins.install: ship config and shared objects |
99 | + |
100 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 04 Mar 2020 07:54:26 +0100 |
101 | + |
102 | +strongswan (5.8.2-1ubuntu1) focal; urgency=medium |
103 | + |
104 | + * Merge with Debian unstable (LP: #1861971). Remaining changes: |
105 | + - d/control: Transition from strongswan-tnc-* being in extra packages |
106 | + to libcharon-extra-plugins (drop after 20.04) |
107 | + - d/control: Transition from former Ubuntu only libcharon-standard-plugins |
108 | + to common libcharon-extauth-plugins (drop after 20.04) |
109 | + - d/control: strongswan-starter hard-depends on strongswan-charon, |
110 | + therefore bump the dependency from Recommends to Depends. At the same |
111 | + time avoid a circular dependency by dropping |
112 | + strongswan-charon->strongswan-starter from Depends to Recommends as the |
113 | + binaries can work without the services but not vice versa. |
114 | + * Added Changes |
115 | + - d/control: build-depend on libiptc-dev to avoid FTBFS (LP: #1861975) |
116 | + This is needed due to changes in regard to Debian bug 947176 and 939243 |
117 | + and can later be dropped again. |
118 | + |
119 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 05 Feb 2020 08:28:30 +0100 |
120 | + |
121 | strongswan (5.8.2-1) unstable; urgency=medium |
122 | |
123 | [ Jean-Michel Vourgère ] |
124 | @@ -43,6 +144,83 @@ strongswan (5.8.2-1) unstable; urgency=medium |
125 | |
126 | -- Yves-Alexis Perez <corsac@debian.org> Wed, 01 Jan 2020 14:35:46 +0100 |
127 | |
128 | +strongswan (5.8.1-1ubuntu1) focal; urgency=medium |
129 | + |
130 | + * Merge with Debian unstable (LP: #1852579). Remaining changes: |
131 | + - d/control: Transition from strongswan-tnc-* being in extra packages |
132 | + to libcharon-extra-plugins |
133 | + * Added Changes: |
134 | + - d/control: Transition from former Ubuntu only libcharon-standard-plugins |
135 | + to common libcharon-extauth-plugins (drop after 20.04) |
136 | + - d/control: strongswan-starter hard-depends on strongswan-charon, |
137 | + therefore bump the dependency from Recommends to Depends. At the same |
138 | + time avoid a circular dependency by dropping |
139 | + strongswan-charon->strongswan-starter from Depends to Recommends as the |
140 | + binaries can work without the services but not vice versa. |
141 | + * Dropped Changes (now in Debian): |
142 | + - Clean up d/strongswan-starter.postinst: section about runlevel changes |
143 | + - Clean up d/strongswan-starter.postinst: Removed entire section on |
144 | + opportunistic encryption disabling - this was never in strongSwan and |
145 | + won't be see upstream issue #2160. |
146 | + - d/rules: Removed patching ipsec.conf on build (not using the |
147 | + debconf-managed config.) |
148 | + - d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was |
149 | + used for debconf-managed include of private key). |
150 | + - Add plugin kernel-libipsec to allow the use of strongswan in containers |
151 | + via this userspace implementation (please do note that this is still |
152 | + considered experimental by upstream). |
153 | + + d/libcharon-extra-plugins.install: Add kernel-libipsec components |
154 | + + d/control: List kernel-libipsec plugin at extra plugins description |
155 | + + d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As |
156 | + upstream recommends to not load kernel-libipsec by default. |
157 | + - d/control: Mention mgf1 plugin which is in libstrongswan now |
158 | + - Complete the disabling of libfast; This was partially accepted in Debian, |
159 | + it is no more packaging medcli and medsrv, but still builds and |
160 | + mentions it. |
161 | + + d/rules: Add --disable-fast to avoid build time and dependencies |
162 | + + d/control: Remove medcli, medsrv from package description |
163 | + - Add now built (since 5.5.1) libraries libtpmtss and nttfft to |
164 | + libstrongswan-extra-plugins (no deps from default plugins). |
165 | + - d/control, d/libcharon-{extras,standard}-plugins.install: Move charon |
166 | + plugins for the most common use cases from extra-plugins into a new |
167 | + standard-plugins package. This will allow those use cases without pulling |
168 | + in too much more plugins (a bit like the tnc package). Recommend that |
169 | + package from strongswan-libcharon. |
170 | + - d/usr.lib.ipsec.charon: allow reading of own FDs (LP 1786250) |
171 | + - d/usr.sbin.charon-systemd: allow CLUSTERIP for ha plugin (LP 1773956) |
172 | + - executables need to be able to read map and execute themselves otherwise |
173 | + execution in some environments e.g. containers is blocked (LP 1780534) |
174 | + + d/usr.lib.ipsec.stroke: add rmix permission to stroke binary |
175 | + + d/usr.lib.ipsec.lookip: add rmix permission to lookip binary |
176 | + - d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: resync apparmor |
177 | + profiles of both ways to start charon (LP 1807664) |
178 | + - d/usr.sbin.swanctl: add apparmor rule for af-alg plugin (LP 1807962) |
179 | + - We fixed up tpmtss and nttfft in the past, but tpmtss is now packaged in |
180 | + Debian so this part was be dropped. Two changes remain |
181 | + - d/control: fix the mentioning of tpmtss in d/control |
182 | + - apparmor fixes for container and root usage (LP 1826238) |
183 | + + d/usr.sbin.swanctl: allow reading own binary |
184 | + + d/usr.sbin.charon-systemd: allow accessing the binary |
185 | + + d/usr.sbin.swanctl: add attach_disconnected to work inside containers |
186 | + + d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: add CAP_SETPCAP |
187 | + to apparmor to allow dropping caps |
188 | + * Dropped Changes (too uncommon to support by default) |
189 | + - d/libstrongswan.install: Add kernel-netlink configuration files |
190 | + - d/usr.sbin.charon-systemd: allow to contact mysql for sql and |
191 | + attr-sql plugins (LP 1766240) - no more needed as itisn't enabled. |
192 | + - Mass enablement of extra plugins and features to allow a user to use |
193 | + strongswan for a variety of extra use cases without having to rebuild. |
194 | + + d/control: Add required additional build-deps |
195 | + + d/control: Mention addtionally enabled plugins |
196 | + + d/rules: Enable features at configure stage |
197 | + + d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf) |
198 | + + d/libstrongswan.install: Add plugins (so, conf) |
199 | + + d/strongswan-starter.install: Install pool feature, which is useful |
200 | + since we now have attr-sql plugin enabled it. |
201 | + - Enable additional TNC plugins and add them to libcharon-extra-plugins |
202 | + |
203 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 14 Nov 2019 15:00:15 +0100 |
204 | + |
205 | strongswan (5.8.1-1) unstable; urgency=medium |
206 | |
207 | * d/rules: disable http and stream tests under CI |
208 | @@ -112,6 +290,99 @@ strongswan (5.8.0-1) unstable; urgency=medium |
209 | |
210 | -- Yves-Alexis Perez <corsac@debian.org> Mon, 26 Aug 2019 12:58:23 +0200 |
211 | |
212 | +strongswan (5.7.2-1ubuntu3) eoan; urgency=medium |
213 | + |
214 | + * No change rebuild for libmysqlclient21. |
215 | + |
216 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 15 Aug 2019 09:34:34 +0200 |
217 | + |
218 | +strongswan (5.7.2-1ubuntu2) eoan; urgency=medium |
219 | + |
220 | + * Rebuild against new libjson-c4. |
221 | + |
222 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 01 Jul 2019 10:53:07 +0200 |
223 | + |
224 | +strongswan (5.7.2-1ubuntu1) eoan; urgency=medium |
225 | + |
226 | + [ Christian Ehrhardt ] |
227 | + * Merge with Debian unstable. Remaining changes: |
228 | + - Clean up d/strongswan-starter.postinst: section about runlevel changes |
229 | + - Clean up d/strongswan-starter.postinst: Removed entire section on |
230 | + opportunistic encryption disabling - this was never in strongSwan and |
231 | + won't be see upstream issue #2160. |
232 | + - d/rules: Removed patching ipsec.conf on build (not using the |
233 | + debconf-managed config.) |
234 | + - d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was |
235 | + used for debconf-managed include of private key). |
236 | + - Mass enablement of extra plugins and features to allow a user to use |
237 | + strongswan for a variety of extra use cases without having to rebuild. |
238 | + + d/control: Add required additional build-deps |
239 | + + d/control: Mention addtionally enabled plugins |
240 | + + d/rules: Enable features at configure stage |
241 | + + d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf) |
242 | + + d/libstrongswan.install: Add plugins (so, conf) |
243 | + + d/strongswan-starter.install: Install pool feature, which is useful |
244 | + since we now have attr-sql plugin enabled it. |
245 | + - Add plugin kernel-libipsec to allow the use of strongswan in containers |
246 | + via this userspace implementation (please do note that this is still |
247 | + considered experimental by upstream). |
248 | + + d/libcharon-extra-plugins.install: Add kernel-libipsec components |
249 | + + d/control: List kernel-libipsec plugin at extra plugins description |
250 | + + d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As |
251 | + upstream recommends to not load kernel-libipsec by default. |
252 | + - d/libstrongswan.install: Add kernel-netlink configuration files |
253 | + - Complete the disabling of libfast; This was partially accepted in Debian, |
254 | + it is no more packaging medcli and medsrv, but still builds and |
255 | + mentions it. |
256 | + + d/rules: Add --disable-fast to avoid build time and dependencies |
257 | + + d/control: Remove medcli, medsrv from package description |
258 | + - d/control: Mention mgf1 plugin which is in libstrongswan now |
259 | + - Add now built (since 5.5.1) libraries libtpmtss and nttfft to |
260 | + libstrongswan-extra-plugins (no deps from default plugins). |
261 | + - d/control, d/libcharon-{extras,standard}-plugins.install: Move charon |
262 | + plugins for the most common use cases from extra-plugins into a new |
263 | + standard-plugins package. This will allow those use cases without pulling |
264 | + in too much more plugins (a bit like the tnc package). Recommend that |
265 | + package from strongswan-libcharon. |
266 | + - d/usr.sbin.charon-systemd: allow to contact mysql for sql and |
267 | + attr-sql plugins (LP #1766240) |
268 | + - d/usr.lib.ipsec.charon: allow reading of own FDs (LP #1786250) |
269 | + - d/usr.sbin.charon-systemd: allow CLUSTERIP for ha plugin (LP: 1773956) |
270 | + - executables need to be able to read map and execute themselves otherwise |
271 | + execution in some environments e.g. containers is blocked (LP: 1780534) |
272 | + + d/usr.lib.ipsec.stroke: add rmix permission to stroke binary |
273 | + + d/usr.lib.ipsec.lookip: add rmix permission to lookip binary |
274 | + - d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: resync apparmor |
275 | + profiles of both ways to start charon (LP: 1807664) |
276 | + - d/usr.sbin.swanctl: add apparmor rule for af-alg plugin (LP: 1807962) |
277 | + * Dropped changes |
278 | + - d/p/lp1795813-mysql-Don-t-release-the-connection-if-transactions-a.patch: |
279 | + fix SIGSEGV when using mysql plugin (LP: 1795813) |
280 | + [upstream in 5.7.2] |
281 | + - d/libstrongswan.install: Reorder conf and .so alphabetically |
282 | + [was a non functional change, dropped to avoid merge noise] |
283 | + - Relocate tnc plugin |
284 | + [TNC is back at libcharon-extra-plugins as it is in Debian] |
285 | + * Added changes: |
286 | + - We fixed up tpmtss and nttfft in the past, but tpmtss is now packaged in |
287 | + Debian so this part was be dropped. Two changes remain |
288 | + - d/control: fix the mentioning of tpmtss in d/control |
289 | + - add nttfft (can be merged with the mass enablement change later) |
290 | + - Transitional packages to go back from strongswan-tnc-* being in extra |
291 | + packages to be part of libcharon-extra-plugins. |
292 | + [can be dropped after 20.04] |
293 | + |
294 | + [ Simon Deziel ] |
295 | + * Added changes: |
296 | + - apparmor fixes for container and root usage (LP: #1826238) |
297 | + + d/usr.sbin.swanctl: allow reading own binary |
298 | + + d/usr.sbin.charon-systemd: allow accessing the binary |
299 | + + d/usr.sbin.swanctl: add attach_disconnected to work inside containers |
300 | + + d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: add CAP_SETPCAP |
301 | + to apparmor to allow dropping caps |
302 | + |
303 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 26 Apr 2019 11:31:17 +0200 |
304 | + |
305 | strongswan (5.7.2-1) unstable; urgency=medium |
306 | |
307 | * d/control: remove Rene from Uploaders, thanks! |
308 | @@ -130,6 +401,86 @@ strongswan (5.7.2-1) unstable; urgency=medium |
309 | |
310 | -- Yves-Alexis Perez <corsac@debian.org> Wed, 02 Jan 2019 13:02:11 +0100 |
311 | |
312 | +strongswan (5.7.1-1ubuntu2) disco; urgency=medium |
313 | + |
314 | + * d/usr.sbin.charon-systemd: fix rule for CLUSTERIP to match effective |
315 | + path (LP: #1773956) |
316 | + * d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: resync apparmor |
317 | + profiles of both ways to start charon (LP: #1807664) |
318 | + * d/usr.sbin.swanctl: add apparmor rule for af-alg plugin (LP: #1807962) |
319 | + |
320 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 10 Dec 2018 08:30:01 +0100 |
321 | + |
322 | +strongswan (5.7.1-1ubuntu1) disco; urgency=medium |
323 | + |
324 | + * Merge with Debian unstable (LP: #1806401). Remaining changes: |
325 | + - Clean up d/strongswan-starter.postinst: section about runlevel changes |
326 | + - Clean up d/strongswan-starter.postinst: Removed entire section on |
327 | + opportunistic encryption disabling - this was never in strongSwan and |
328 | + won't be see upstream issue #2160. |
329 | + - d/rules: Removed patching ipsec.conf on build (not using the |
330 | + debconf-managed config.) |
331 | + - d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was |
332 | + used for debconf-managed include of private key). |
333 | + - Mass enablement of extra plugins and features to allow a user to use |
334 | + strongswan for a variety of extra use cases without having to rebuild. |
335 | + + d/control: Add required additional build-deps |
336 | + + d/control: Mention addtionally enabled plugins |
337 | + + d/rules: Enable features at configure stage |
338 | + + d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf) |
339 | + + d/libstrongswan.install: Add plugins (so, conf) |
340 | + - d/strongswan-starter.install: Install pool feature, which is useful since |
341 | + we have attr-sql plugin enabled as well using it. |
342 | + - Add plugin kernel-libipsec to allow the use of strongswan in containers |
343 | + via this userspace implementation (please do note that this is still |
344 | + considered experimental by upstream). |
345 | + + d/libcharon-extra-plugins.install: Add kernel-libipsec components |
346 | + + d/control: List kernel-libipsec plugin at extra plugins description |
347 | + + d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As |
348 | + upstream recommends to not load kernel-libipsec by default. |
349 | + - Relocate tnc plugin |
350 | + + debian/libcharon-extra-plugins.install: Drop tnc from extra plugins |
351 | + + Add new subpackage for TNC in d/strongswan-tnc-* and d/control |
352 | + - d/libstrongswan.install: Reorder conf and .so alphabetically |
353 | + - d/libstrongswan.install: Add kernel-netlink configuration files |
354 | + - Complete the disabling of libfast; This was partially accepted in Debian, |
355 | + it is no more packaging medcli and medsrv, but still builds and |
356 | + mentions it. |
357 | + + d/rules: Add --disable-fast to avoid build time and dependencies |
358 | + + d/control: Remove medcli, medsrv from package description |
359 | + - d/control: Mention mgf1 plugin which is in libstrongswan now |
360 | + - Add now built (since 5.5.1) libraries libtpmtss and nttfft to |
361 | + libstrongswan-extra-plugins (no deps from default plugins). |
362 | + - d/control, d/libcharon-{extras,standard}-plugins.install: Move charon |
363 | + plugins for the most common use cases from extra-plugins into a new |
364 | + standard-plugins package. This will allow those use cases without pulling |
365 | + in too much more plugins (a bit like the tnc package). Recommend that |
366 | + package from strongswan-libcharon. |
367 | + - d/usr.sbin.charon-systemd: allow to contact mysql for sql and |
368 | + attr-sql plugins (LP #1766240) |
369 | + - d/usr.lib.ipsec.charon: allow reading of own FDs (LP #1786250) |
370 | + * Added Changes: |
371 | + - d/p/lp1795813-mysql-Don-t-release-the-connection-if-transactions-a.patch: |
372 | + fix SIGSEGV when using mysql plugin (LP: #1795813) |
373 | + - d/usr.sbin.charon-systemd: allow CLUSTERIP for ha plugin (LP: #1773956) |
374 | + - executables need to be able to read map and execute themselves otherwise |
375 | + execution in some environments e.g. containers is blocked (LP: #1780534) |
376 | + + d/usr.lib.ipsec.stroke: add rmix permission to stroke binary |
377 | + + d/usr.lib.ipsec.lookip: add rmix permission to lookip binary |
378 | + - adapt "mass enablement of extra plugins" to match 5.7.x changes |
379 | + + d/rules: use new options for swima instead of swid |
380 | + + d/strongswan-tnc-server.install: add new sec updater tool |
381 | + + d/strongswan-tnc-client.install: add new sw-collector tool |
382 | + * Dropped (in Debian now): |
383 | + - SECURITY UPDATE: Insufficient input validation in gmp plugin |
384 | + (CVE-2018-17540) |
385 | + - SECURITY UPDATE: Insufficient input validation in gmp plugin |
386 | + (CVE-2018-16151 CVE-2018-16152) |
387 | + - d/usr.lib.ipsec.charon, d/usr/sbin/charon-systemd: Add support for |
388 | + usr-merge, thanks to Christian Ehrhardt. LP #1784023 |
389 | + |
390 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 03 Dec 2018 15:18:31 +0100 |
391 | + |
392 | strongswan (5.7.1-1) unstable; urgency=medium |
393 | |
394 | [ Ondřej Nový ] |
395 | @@ -160,6 +511,96 @@ strongswan (5.7.0-1) unstable; urgency=medium |
396 | |
397 | -- Yves-Alexis Perez <corsac@debian.org> Mon, 24 Sep 2018 16:36:28 +0200 |
398 | |
399 | +strongswan (5.6.3-1ubuntu5) disco; urgency=medium |
400 | + |
401 | + * No-change rebuild against libunbound8 |
402 | + |
403 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 11 Nov 2018 09:01:53 +0000 |
404 | + |
405 | +strongswan (5.6.3-1ubuntu4) cosmic; urgency=medium |
406 | + |
407 | + * d/usr.lib.ipsec.charon: allow reading of own FDs (LP: #1786250) |
408 | + Thanks to Matt Callaghan. |
409 | + |
410 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 04 Oct 2018 10:34:01 -0300 |
411 | + |
412 | +strongswan (5.6.3-1ubuntu3) cosmic; urgency=medium |
413 | + |
414 | + * SECURITY UPDATE: Insufficient input validation in gmp plugin |
415 | + - debian/patches/strongswan-4.4.0-5.7.0_gmp-pkcs1-overflow.patch: fix |
416 | + buffer overflow with very small RSA keys in |
417 | + src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c. |
418 | + - CVE-2018-17540 |
419 | + |
420 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 01 Oct 2018 13:23:59 -0400 |
421 | + |
422 | +strongswan (5.6.3-1ubuntu2) cosmic; urgency=medium |
423 | + |
424 | + * SECURITY UPDATE: Insufficient input validation in gmp plugin |
425 | + - debian/patches/strongswan-5.6.1-5.6.3_gmp-pkcs1-verify.patch: don't |
426 | + parse PKCS1 v1.5 RSA signatures to verify them in |
427 | + src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c, |
428 | + src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c. |
429 | + - CVE-2018-16151 |
430 | + - CVE-2018-16152 |
431 | + |
432 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 25 Sep 2018 10:16:15 -0400 |
433 | + |
434 | +strongswan (5.6.3-1ubuntu1) cosmic; urgency=medium |
435 | + |
436 | + * Merge with Debian unstable. Remaining changes: |
437 | + - Clean up d/strongswan-starter.postinst: section about runlevel changes |
438 | + - Clean up d/strongswan-starter.postinst: Removed entire section on |
439 | + opportunistic encryption disabling - this was never in strongSwan and |
440 | + won't be see upstream issue #2160. |
441 | + - d/rules: Removed patching ipsec.conf on build (not using the |
442 | + debconf-managed config.) |
443 | + - d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was |
444 | + used for debconf-managed include of private key). |
445 | + - Mass enablement of extra plugins and features to allow a user to use |
446 | + strongswan for a variety of extra use cases without having to rebuild. |
447 | + + d/control: Add required additional build-deps |
448 | + + d/control: Mention addtionally enabled plugins |
449 | + + d/rules: Enable features at configure stage |
450 | + + d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf) |
451 | + + d/libstrongswan.install: Add plugins (so, conf) |
452 | + - d/strongswan-starter.install: Install pool feature, which is useful since |
453 | + we have attr-sql plugin enabled as well using it. |
454 | + - Add plugin kernel-libipsec to allow the use of strongswan in containers |
455 | + via this userspace implementation (please do note that this is still |
456 | + considered experimental by upstream). |
457 | + + d/libcharon-extra-plugins.install: Add kernel-libipsec components |
458 | + + d/control: List kernel-libipsec plugin at extra plugins description |
459 | + + d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As |
460 | + upstream recommends to not load kernel-libipsec by default. |
461 | + - Relocate tnc plugin |
462 | + + debian/libcharon-extra-plugins.install: Drop tnc from extra plugins |
463 | + + Add new subpackage for TNC in d/strongswan-tnc-* and d/control |
464 | + - d/libstrongswan.install: Reorder conf and .so alphabetically |
465 | + - d/libstrongswan.install: Add kernel-netlink configuration files |
466 | + - Complete the disabling of libfast; This was partially accepted in Debian, |
467 | + it is no more packaging medcli and medsrv, but still builds and |
468 | + mentions it. |
469 | + + d/rules: Add --disable-fast to avoid build time and dependencies |
470 | + + d/control: Remove medcli, medsrv from package description |
471 | + - d/control: Mention mgf1 plugin which is in libstrongswan now |
472 | + - Add now built (since 5.5.1) libraries libtpmtss and nttfft to |
473 | + libstrongswan-extra-plugins (no deps from default plugins). |
474 | + - d/control, d/libcharon-{extras,standard}-plugins.install: Move charon |
475 | + plugins for the most common use cases from extra-plugins into a new |
476 | + standard-plugins package. This will allow those use cases without pulling |
477 | + in too much more plugins (a bit like the tnc package). Recommend that |
478 | + package from strongswan-libcharon. |
479 | + - d/usr.sbin.charon-systemd: allow to contact mysql for sql and |
480 | + attr-sql plugins (LP #1766240) |
481 | + - d/usr.lib.ipsec.charon, d/usr/sbin/charon-systemd: Add support for |
482 | + usr-merge, thanks to Christian Ehrhardt. LP #1784023 |
483 | + * Dropped: |
484 | + - d/usr.sbin.charon-systemd: allow systemd notifications (LP: #1765652) |
485 | + [Fixed in 5.6.3-1] |
486 | + |
487 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 23 Aug 2018 13:05:11 -0300 |
488 | + |
489 | strongswan (5.6.3-1) unstable; urgency=medium |
490 | |
491 | * New upstream version 5.6.2 |
492 | @@ -175,6 +616,78 @@ strongswan (5.6.3-1) unstable; urgency=medium |
493 | |
494 | -- Yves-Alexis Perez <corsac@debian.org> Mon, 04 Jun 2018 10:23:22 +0200 |
495 | |
496 | +strongswan (5.6.2-2ubuntu2) cosmic; urgency=medium |
497 | + |
498 | + * Add support for usr-merge, thanks to Christian Ehrhardt. LP: #1784023 |
499 | + |
500 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 21 Aug 2018 00:42:38 +0100 |
501 | + |
502 | +strongswan (5.6.2-2ubuntu1) cosmic; urgency=medium |
503 | + |
504 | + * Merge with Debian unstable, closes LP: #1773814 and LP: #1772705. |
505 | + Remaining changes: |
506 | + + Clean up d/strongswan-starter.postinst: section about runlevel changes |
507 | + + Clean up d/strongswan-starter.postinst: Removed entire section on |
508 | + opportunistic encryption disabling - this was never in strongSwan and |
509 | + won't be see upstream issue #2160. |
510 | + + d/rules: Removed patching ipsec.conf on build (not using the |
511 | + debconf-managed config.) |
512 | + + d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was |
513 | + used for debconf-managed include of private key). |
514 | + + Mass enablement of extra plugins and features to allow a user to use |
515 | + strongswan for a variety of extra use cases without having to rebuild. |
516 | + - d/control: Add required additional build-deps |
517 | + - d/control: Mention addtionally enabled plugins |
518 | + - d/rules: Enable features at configure stage |
519 | + - d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf) |
520 | + - d/libstrongswan.install: Add plugins (so, conf) |
521 | + + d/strongswan-starter.install: Install pool feature, which is useful since |
522 | + we have attr-sql plugin enabled as well using it. |
523 | + + Add plugin kernel-libipsec to allow the use of strongswan in containers |
524 | + via this userspace implementation (please do note that this is still |
525 | + considered experimental by upstream). |
526 | + - d/libcharon-extra-plugins.install: Add kernel-libipsec components |
527 | + - d/control: List kernel-libipsec plugin at extra plugins description |
528 | + - d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As |
529 | + upstream recommends to not load kernel-libipsec by default. |
530 | + + Relocate tnc plugin |
531 | + - debian/libcharon-extra-plugins.install: Drop tnc from extra plugins |
532 | + - Add new subpackage for TNC in d/strongswan-tnc-* and d/control |
533 | + + d/libstrongswan.install: Reorder conf and .so alphabetically |
534 | + + d/libstrongswan.install: Add kernel-netlink configuration files |
535 | + + Complete the disabling of libfast; This was partially accepted in Debian, |
536 | + it is no more packaging medcli and medsrv, but still builds and |
537 | + mentions it. |
538 | + - d/rules: Add --disable-fast to avoid build time and dependencies |
539 | + - d/control: Remove medcli, medsrv from package description |
540 | + + d/control: Mention mgf1 plugin which is in libstrongswan now |
541 | + + Add now built (since 5.5.1) libraries libtpmtss and nttfft to |
542 | + libstrongswan-extra-plugins (no deps from default plugins). |
543 | + + d/control, d/libcharon-{extras,standard}-plugins.install: Move charon |
544 | + plugins for the most common use cases from extra-plugins into a new |
545 | + standard-plugins package. This will allow those use cases without pulling |
546 | + in too much more plugins (a bit like the tnc package). Recommend that |
547 | + package from strongswan-libcharon. |
548 | + * Dropped Changes (no more needed after 18.04) |
549 | + + Add rm_conffile for /etc/init.d/ipsec (transition from precies had |
550 | + missed that, droppable after 18.04) |
551 | + + d/control: bump breaks/replaces from libstrongswan-extra-plugins to |
552 | + libstrongswan as we dropped relocating ccm and test-vectors. |
553 | + (droppable >18.04). |
554 | + + d/control: add breaks/replace from libstrongswan to |
555 | + libstrongswan-extra-plugins for the move of mgf1 to libstrongswan. |
556 | + (droppable >18.04). |
557 | + + d/control: bump breaks/replaces for the move of the updown plugin |
558 | + (Missed Changelog entry on last merge) |
559 | + + d/control: fix dependencies of strongswan-libcharon due to the move |
560 | + the updown plugin (droppable >18.04). |
561 | + * Added Changes: |
562 | + + d/usr.sbin.charon-systemd: allow to contact mysql for sql and |
563 | + attr-sql plugins (LP: #1766240) |
564 | + + d/usr.sbin.charon-systemd: allow systemd notifications (LP: #1765652) |
565 | + |
566 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 29 May 2018 08:21:42 +0200 |
567 | + |
568 | strongswan (5.6.2-2) unstable; urgency=medium |
569 | |
570 | * charon-nm: Fix building list of DNS/MDNS servers with libnm |
571 | @@ -185,6 +698,74 @@ strongswan (5.6.2-2) unstable; urgency=medium |
572 | |
573 | -- Yves-Alexis Perez <corsac@debian.org> Fri, 13 Apr 2018 13:46:04 +0200 |
574 | |
575 | +strongswan (5.6.2-1ubuntu2) bionic; urgency=medium |
576 | + |
577 | + * d/control: fix dependencies of strongswan-libcharon due to the move |
578 | + the updown plugin. |
579 | + |
580 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 20 Mar 2018 07:37:29 +0100 |
581 | + |
582 | +strongswan (5.6.2-1ubuntu1) bionic; urgency=medium |
583 | + |
584 | + * Merge with Debian unstable (LP: #1753018). Remaining changes: |
585 | + + Clean up d/strongswan-starter.postinst: section about runlevel changes |
586 | + + Clean up d/strongswan-starter.postinst: Removed entire section on |
587 | + opportunistic encryption disabling - this was never in strongSwan and |
588 | + won't be see upstream issue #2160. |
589 | + + Ubuntu is not using the debconf triggered private key generation |
590 | + - d/rules: Removed patching ipsec.conf on build (not using the |
591 | + debconf-managed config.) |
592 | + - d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was |
593 | + used for debconf-managed include of private key). |
594 | + + Mass enablement of extra plugins and features to allow a user to use |
595 | + strongswan for a variety of extra use cases without having to rebuild. |
596 | + - d/control: Add required additional build-deps |
597 | + - d/control: Mention addtionally enabled plugins |
598 | + - d/rules: Enable features at configure stage |
599 | + - d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf) |
600 | + - d/libstrongswan.install: Add plugins (so, conf) |
601 | + + d/strongswan-starter.install: Install pool feature, which is useful since |
602 | + we have attr-sql plugin enabled as well using it. |
603 | + + Add plugin kernel-libipsec to allow the use of strongswan in containers |
604 | + via this userspace implementation (please do note that this is still |
605 | + considered experimental by upstream). |
606 | + - d/libcharon-extra-plugins.install: Add kernel-libipsec components |
607 | + - d/control: List kernel-libipsec plugin at extra plugins description |
608 | + - d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As |
609 | + upstream recommends to not load kernel-libipsec by default. |
610 | + + Relocate tnc plugin |
611 | + - debian/libcharon-extra-plugins.install: Drop tnc from extra plugins |
612 | + - Add new subpackage for TNC in d/strongswan-tnc-* and d/control |
613 | + + d/libstrongswan.install: Reorder conf and .so alphabetically |
614 | + + d/libstrongswan.install: Add kernel-netlink configuration files |
615 | + + Complete the disabling of libfast; This was partially accepted in Debian, |
616 | + it is no more packaging medcli and medsrv, but still builds and |
617 | + mentions it. |
618 | + - d/rules: Add --disable-fast to avoid build time and dependencies |
619 | + - d/control: Remove medcli, medsrv from package description |
620 | + + d/control: Mention mgf1 plugin which is in libstrongswan now |
621 | + + Add now built (since 5.5.1) libraries libtpmtss and nttfft to |
622 | + libstrongswan-extra-plugins (no deps from default plugins). |
623 | + + Add rm_conffile for /etc/init.d/ipsec (transition from precies had |
624 | + missed that, droppable after 18.04) |
625 | + + d/control, d/libcharon-{extras,standard}-plugins.install: Move charon |
626 | + plugins for the most common use cases from extra-plugins into a new |
627 | + standard-plugins package. This will allow those use cases without pulling |
628 | + in too much more plugins (a bit like the tnc package). Recommend that |
629 | + package from strongswan-libcharon. |
630 | + + d/control: bump breaks/replaces from libstrongswan-extra-plugins to |
631 | + libstrongswan as we dropped relocating ccm and test-vectors. |
632 | + (droppable >18.04). |
633 | + + d/control: add breaks/replace from libstrongswan to |
634 | + libstrongswan-extra-plugins for the move of mgf1 to libstrongswan. |
635 | + (droppable >18.04). |
636 | + * Added Changes: |
637 | + + d/control: bump breaks/replaces from strongswan-libcharon to strongswan- |
638 | + starter as we followed Debian to move the updown plugin but need to |
639 | + match Ubuntu versions (Droppable >18.04). |
640 | + |
641 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 16 Mar 2018 11:08:47 +0100 |
642 | + |
643 | strongswan (5.6.2-1) unstable; urgency=medium |
644 | |
645 | * d/NEWS: add information about disabled algorithms (closes: #883072) |
646 | @@ -207,6 +788,129 @@ strongswan (5.6.1-3) unstable; urgency=medium |
647 | |
648 | -- Yves-Alexis Perez <corsac@debian.org> Sun, 17 Dec 2017 16:40:39 +0100 |
649 | |
650 | +strongswan (5.6.1-2ubuntu4) bionic; urgency=medium |
651 | + |
652 | + * SECURITY UPDATE: DoS via crafted RSASSA-PSS signature |
653 | + - debian/patches/CVE-2018-6459.patch: Properly handle MGF1 algorithm |
654 | + identifier without parameters in |
655 | + src/libstrongswan/credentials/keys/signature_params.c. |
656 | + - CVE-2018-6459 |
657 | + |
658 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 07 Mar 2018 14:52:02 +0100 |
659 | + |
660 | +strongswan (5.6.1-2ubuntu3) bionic; urgency=medium |
661 | + |
662 | + * No-change rebuild against libcurl4 |
663 | + |
664 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 28 Feb 2018 08:52:09 +0000 |
665 | + |
666 | +strongswan (5.6.1-2ubuntu2) bionic; urgency=high |
667 | + |
668 | + * No change rebuild against openssl1.1. |
669 | + |
670 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 12 Feb 2018 16:00:24 +0000 |
671 | + |
672 | +strongswan (5.6.1-2ubuntu1) bionic; urgency=medium |
673 | + |
674 | + * Merge with Debian unstable (LP: #1717343). |
675 | + Also fixes and issue with multiple psk's (LP: #1734207). Remaining changes: |
676 | + + Clean up d/strongswan-starter.postinst: section about runlevel changes |
677 | + + Clean up d/strongswan-starter.postinst: Removed entire section on |
678 | + opportunistic encryption disabling - this was never in strongSwan and |
679 | + won't be see upstream issue #2160. |
680 | + + Ubuntu is not using the debconf triggered private key generation |
681 | + - d/rules: Removed patching ipsec.conf on build (not using the |
682 | + debconf-managed config.) |
683 | + - d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was |
684 | + used for debconf-managed include of private key). |
685 | + + Mass enablement of extra plugins and features to allow a user to use |
686 | + strongswan for a variety of extra use cases without having to rebuild. |
687 | + - d/control: Add required additional build-deps |
688 | + - d/control: Mention addtionally enabled plugins |
689 | + - d/rules: Enable features at configure stage |
690 | + - d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf) |
691 | + - d/libstrongswan.install: Add plugins (so, conf) |
692 | + + d/strongswan-starter.install: Install pool feature, which is useful since |
693 | + we have attr-sql plugin enabled as well using it. |
694 | + + Add plugin kernel-libipsec to allow the use of strongswan in containers |
695 | + via this userspace implementation (please do note that this is still |
696 | + considered experimental by upstream). |
697 | + - d/libcharon-extra-plugins.install: Add kernel-libipsec components |
698 | + - d/control: List kernel-libipsec plugin at extra plugins description |
699 | + - d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As |
700 | + upstream recommends to not load kernel-libipsec by default. |
701 | + + Relocate tnc plugin |
702 | + - debian/libcharon-extra-plugins.install: Drop tnc from extra plugins |
703 | + - Add new subpackage for TNC in d/strongswan-tnc-* and d/control |
704 | + + d/libstrongswan.install: Reorder conf and .so alphabetically |
705 | + + d/libstrongswan.install: Add kernel-netlink configuration files |
706 | + + Complete the disabling of libfast; This was partially accepted in Debian, |
707 | + it is no more packaging medcli and medsrv, but still builds and |
708 | + mentions it. |
709 | + - d/rules: Add --disable-fast to avoid build time and dependencies |
710 | + - d/control: Remove medcli, medsrv from package description |
711 | + + d/control: Mention mgf1 plugin which is in libstrongswan now |
712 | + + Add now built (since 5.5.1) libraries libtpmtss and nttfft to |
713 | + libstrongswan-extra-plugins (no deps from default plugins). |
714 | + + Add rm_conffile for /etc/init.d/ipsec (transition from precies had |
715 | + missed that, droppable after 18.04) |
716 | + + d/control, d/libcharon-{extras,standard}-plugins.install: Move charon |
717 | + plugins for the most common use cases from extra-plugins into a new |
718 | + standard-plugins package. This will allow those use cases without pulling |
719 | + in too much more plugins (a bit like the tnc package). Recommend that |
720 | + package from strongswan-libcharon. |
721 | + * Added changes: |
722 | + + d/strongswan-tnc-client.install (relocate tnc) swidtag creation changed |
723 | + in 5.6 |
724 | + + d/strongswan-tnc-server.install (relocate tnc) pacman no more needed |
725 | + + d/control: bump breaks/replaces from libstrongswan-extra-plugins to |
726 | + libstrongswan as we dropped relocating ccm and test-vectors. |
727 | + (droppable >18.04). |
728 | + - d/control: add breaks/replace from libstrongswan to |
729 | + libstrongswan-extra-plugins for the move of mgf1 to libstrongswan. |
730 | + (droppable >18.04). |
731 | + * Dropped changes: |
732 | + + Update init/service handling (debian default matches Ubuntu past now) |
733 | + Dropping this fixes (LP: #1734886) |
734 | + - d/rules: Change init/systemd program name to strongswan |
735 | + - d/strongswan-starter.strongswan.service: Add new systemd file instead of |
736 | + patching upstream |
737 | + - d/strongswan-starter.links: Removed, use Ubuntu systemd file instead of |
738 | + linking to upstream |
739 | + + d/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call |
740 | + (this is a never failing no-op for us, no need for Delta). |
741 | + + d/strongswan-starter.prerm: Stop strongswan service on package removal |
742 | + (ipsec now maps to strongswan service, so this works as-is). |
743 | + + Clean up d/strongswan-starter.postinst: rename service ipsec to |
744 | + strongswan (ipsec now maps to strongswan service, so this works as-is) |
745 | + + Clean up d/strongswan-starter.postinst: daemon enable/disable (the |
746 | + whole section is disabled, so no need for delta) |
747 | + + (is upstream) CVE-2017-11185 patches |
748 | + + (is upstream) FTBFS upstream fix for changed include files |
749 | + + (is upstream) debian/patches/increase-bliss-test-timeout.patch: Under |
750 | + QEMU/KVM autopkgtest the bliss test takes longer than the default |
751 | + + (in Debian) add now built (since 5.5.1) mgf1 plugin to |
752 | + libstrongswan-extra-plugins. |
753 | + + (in Debian) d/strongswan-starter.install: install stroke apparmor profile |
754 | + + (this was enabled as part of the former delta, squash changes to no-up) |
755 | + d/rules: Disable duplicheck. |
756 | + + (not needed) Relocate plugins test-vectors from extra-plugins to |
757 | + libstrongswan |
758 | + - d/libstrongswan-extra-plugins.install: Remove plugins/conffiles |
759 | + - d/libstrongswan.install: Add plugins/confiles |
760 | + - d/control: move package descriptions and add required breaks/replaces |
761 | + + (not needed) Relocate plugins ccm from extra-plugins to libstrongswan |
762 | + - d/libstrongswan-extra-plugins.install: Remove plugins/conffiles |
763 | + - d/libstrongswan.install: Add plugins/confiles |
764 | + - d/control: move package descriptions and add required breaks/replaces |
765 | + + (while using it requires special kernel, it does not hurt to be |
766 | + available in the package) Remove ha plugin |
767 | + - d/libcharon-extra-plugins.install: Stop installing ha (so, conf) |
768 | + - d/rules: Do not enable ha plugin |
769 | + - d/control: Drop listing the ha plugin in the package description |
770 | + |
771 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 29 Nov 2017 15:55:18 +0100 |
772 | + |
773 | strongswan (5.6.1-2) unstable; urgency=medium |
774 | |
775 | * move counters plugin from -starter to -libcharon. closes: #882431 |
776 | @@ -293,6 +997,213 @@ strongswan (5.5.2-1) experimental; urgency=medium |
777 | |
778 | -- Yves-Alexis Perez <corsac@debian.org> Fri, 19 May 2017 11:32:00 +0200 |
779 | |
780 | +strongswan (5.5.1-4ubuntu3) bionic; urgency=medium |
781 | + |
782 | + * Fix Artful FTBFS due to newer glibc (LP: #1724859) |
783 | + - d/p/utils-Include-stdint.h.patch: upstream fix for changed include |
784 | + files. |
785 | + |
786 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 19 Oct 2017 15:18:52 +0200 |
787 | + |
788 | +strongswan (5.5.1-4ubuntu2) artful; urgency=medium |
789 | + |
790 | + * SECURITY UPDATE: Fix RSA signature verification |
791 | + - debian/patches/CVE-2017-11185.patch: does some |
792 | + verifications in order to avoid null-point dereference |
793 | + in src/libstrongswan/gmp/gmp_rsa_public_key.c |
794 | + - CVE-2017-11185 |
795 | + |
796 | + -- Leonidas S. Barbosa <leo.barbosa@canonical.com> Tue, 15 Aug 2017 14:49:49 -0300 |
797 | + |
798 | +strongswan (5.5.1-4ubuntu1) artful; urgency=medium |
799 | + |
800 | + * Merge from Debian to pick up latest security changes (CVE-2017-9022, |
801 | + CVE-2017-9023). |
802 | + * Remaining Changes: |
803 | + + Update init/service handling |
804 | + - d/rules: Change init/systemd program name to strongswan |
805 | + - d/strongswan-starter.strongswan.service: Add new systemd file instead of |
806 | + patching upstream |
807 | + - d/strongswan-starter.links: Removed, use Ubuntu systemd file instead of |
808 | + linking to upstream |
809 | + - d/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call. |
810 | + - d/strongswan-starter.prerm: Stop strongswan service on package |
811 | + removal (as opposed to using the old init.d script). |
812 | + + Clean up d/strongswan-starter.postinst: |
813 | + - Removed section about runlevel changes |
814 | + - Adapted service restart section for Upstart (kept to be Trusty |
815 | + backportable). |
816 | + - Remove old symlinks to init.d files is necessary. |
817 | + - Removed further out-dated code |
818 | + - Removed entire section on opportunistic encryption - this was never in |
819 | + strongSwan. |
820 | + + d/rules: Removed pieces on 'patching ipsec.conf' on build. |
821 | + + Mass enablement of extra plugins and features to allow a user to use |
822 | + strongswan for a variety of use cases without having to rebuild. |
823 | + - d/control: Add required additional build-deps |
824 | + - d/rules: Enable features at configure stage |
825 | + - d/control: Mention addtionally enabled plugins |
826 | + - d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf) |
827 | + - d/libstrongswan.install: Add plugins (so, conf) |
828 | + + d/rules: Disable duplicheck as per |
829 | + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718291#10 |
830 | + + Remove ha plugin (requires special kernel) |
831 | + - d/libcharon-extra-plugins.install: Stop installing ha (so, conf) |
832 | + - d/rules: Do not enable ha plugin |
833 | + - d/control: Drop listing the ha plugin in the package description |
834 | + + Add plugin kernel-libipsec to allow the use of strongswan in containers |
835 | + via this userspace implementation (please do note that this is still |
836 | + considered experimental by upstream). |
837 | + - d/libcharon-extra-plugins.install: Add kernel-libipsec components |
838 | + - d/control: List kernel-libipsec plugin at extra plugins description |
839 | + - d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As |
840 | + upstream recommends to not load kernel-libipsec by default. |
841 | + + Relocate tnc plugin |
842 | + - debian/libcharon-extra-plugins.install: Drop tnc from extra plugins |
843 | + - Add new subpackage for TNC in d/strongswan-tnc-* and d/control |
844 | + + d/strongswan-starter.install: Install pool feature, that useful due to |
845 | + having attr-sql plugin that is enabled now. |
846 | + + Relocate plugins test-vectors and ccm from extra-plugins to libstrongswan |
847 | + - d/libstrongswan-extra-plugins.install: Remove plugins/conffiles |
848 | + - d/libstrongswan.install: Add plugins/confiles |
849 | + - d/control: move package descriptions and add required breaks/replaces |
850 | + + d/libstrongswan.install: Reorder conf and .so alphabetically |
851 | + + d/libstrongswan.install: Add kernel-netlink configuration files |
852 | + + d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference. |
853 | + + debian/patches/increase-bliss-test-timeout.patch: Under QEMU/KVM |
854 | + autopkgtest the bliss test takes longer than the default (Upstream in |
855 | + 5.5.2 via issue 2204) |
856 | + + Complete the disabling of libfast; This was partially accepted in Debian, |
857 | + it is no more packaging medcli and medsrv, but still builds and |
858 | + mentions it. |
859 | + - d/rules: Add --disable-fast to avoid build time and dependencies |
860 | + - d/control: Remove medcli, medsrv from package description |
861 | + + Add now built (5.5.1 vs 5.3.5) mgf1 plugin to libstrongswan-extra-plugins. |
862 | + "only" to extra-plugins Mgf1 is not listed as default plugin at |
863 | + https://wiki.strongswan.org/projects/strongswan/wiki/Pluginlist. |
864 | + + Add now built (5.5.1 vs 5.3.5) libraries libtpmtss and nttfft to |
865 | + libstrongswan-extra-plugins. |
866 | + + Add missing mention of md4 plugin in d/control |
867 | + + Add rm_conffile for /etc/init.d/ipsec (transition from precies had |
868 | + missed that) |
869 | + + d/control, d/libcharon-{extras,standard}-plugins.install: Move charon |
870 | + plugins for the most common use cases from extra-plugins into a new |
871 | + standard-plugins package. This will allow those use cases without pulling |
872 | + in too much more plugins (a bit like the tnc package). Recommend that |
873 | + package from strongswan-libcharon. |
874 | + |
875 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 31 May 2017 15:57:54 +0200 |
876 | + |
877 | +strongswan (5.5.1-3ubuntu1) artful; urgency=medium |
878 | + |
879 | + * Merge from Debian to pick up latest changes. Among others this includes: |
880 | + - a lot of the Delta we upstreamed to Debian (more discussions are ongoing |
881 | + but likely have to wait until Debian stretch was released) |
882 | + - enabling mediation support (LP: #1657413) |
883 | + * Remaining Changes: |
884 | + + Update init/service handling |
885 | + - d/rules: Change init/systemd program name to strongswan |
886 | + - d/strongswan-starter.strongswan.service: Add new systemd file instead of |
887 | + patching upstream |
888 | + - d/strongswan-starter.links: Removed, use Ubuntu systemd file instead of |
889 | + linking to upstream |
890 | + - d/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call. |
891 | + - d/strongswan-starter.prerm: Stop strongswan service on package |
892 | + removal (as opposed to using the old init.d script). |
893 | + + Clean up d/strongswan-starter.postinst: |
894 | + - Removed section about runlevel changes |
895 | + - Adapted service restart section for Upstart (kept to be Trusty |
896 | + backportable). |
897 | + - Remove old symlinks to init.d files is necessary. |
898 | + - Removed further out-dated code |
899 | + - Removed entire section on opportunistic encryption - this was never in |
900 | + strongSwan. |
901 | + + d/rules: Removed pieces on 'patching ipsec.conf' on build. |
902 | + + Mass enablement of extra plugins and features to allow a user to use |
903 | + strongswan for a variety of use cases without having to rebuild. |
904 | + - d/control: Add required additional build-deps |
905 | + - d/rules: Enable features at configure stage |
906 | + - d/control: Mention addtionally enabled plugins |
907 | + - d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf) |
908 | + - d/libstrongswan.install: Add plugins (so, conf) |
909 | + + d/rules: Disable duplicheck as per |
910 | + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718291#10 |
911 | + + Remove ha plugin (requires special kernel) |
912 | + - d/libcharon-extra-plugins.install: Stop installing ha (so, conf) |
913 | + - d/rules: Do not enable ha plugin |
914 | + - d/control: Drop listing the ha plugin in the package description |
915 | + + Add plugin kernel-libipsec to allow the use of strongswan in containers |
916 | + via this userspace implementation (please do note that this is still |
917 | + considered experimental by upstream). |
918 | + - d/libcharon-extra-plugins.install: Add kernel-libipsec components |
919 | + - d/control: List kernel-libipsec plugin at extra plugins description |
920 | + - d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As |
921 | + upstream recommends to not load kernel-libipsec by default. |
922 | + + Relocate tnc plugin |
923 | + - debian/libcharon-extra-plugins.install: Drop tnc from extra plugins |
924 | + - Add new subpackage for TNC in d/strongswan-tnc-* and d/control |
925 | + + d/strongswan-starter.install: Install pool feature, that useful due to |
926 | + having attr-sql plugin that is enabled now. |
927 | + + Relocate plugins test-vectors and ccm from extra-plugins to libstrongswan |
928 | + - d/libstrongswan-extra-plugins.install: Remove plugins/conffiles |
929 | + - d/libstrongswan.install: Add plugins/confiles |
930 | + - d/control: move package descriptions and add required breaks/replaces |
931 | + + d/libstrongswan.install: Reorder conf and .so alphabetically |
932 | + + d/libstrongswan.install: Add kernel-netlink configuration files |
933 | + + d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference. |
934 | + + debian/patches/increase-bliss-test-timeout.patch: Under QEMU/KVM |
935 | + autopkgtest the bliss test takes longer than the default (Upstream in |
936 | + 5.5.2 via issue 2204) |
937 | + + Complete the disabling of libfast; This was partially accepted in Debian, |
938 | + it is no more packaging medcli and medsrv, but still builds and |
939 | + mentions it. |
940 | + - d/rules: Add --disable-fast to avoid build time and dependencies |
941 | + - d/control: Remove medcli, medsrv from package description |
942 | + + Add now built (5.5.1 vs 5.3.5) mgf1 plugin to libstrongswan-extra-plugins. |
943 | + "only" to extra-plugins Mgf1 is not listed as default plugin at |
944 | + https://wiki.strongswan.org/projects/strongswan/wiki/Pluginlist. |
945 | + + Add now built (5.5.1 vs 5.3.5) libraries libtpmtss and nttfft to |
946 | + libstrongswan-extra-plugins. |
947 | + + Add missing mention of md4 plugin in d/control |
948 | + + Add rm_conffile for /etc/init.d/ipsec (transition from precies had |
949 | + missed that) |
950 | + + d/control, d/libcharon-{extras,standard}-plugins.install: Move charon |
951 | + plugins for the most common use cases from extra-plugins into a new |
952 | + standard-plugins package. This will allow those use cases without pulling |
953 | + in too much more plugins (a bit like the tnc package). Recommend that |
954 | + package from strongswan-libcharon. |
955 | + * Dropped Changes: |
956 | + + Add and install apparmor profiles (in Debian) |
957 | + - d/rules: Install AppArmor profiles |
958 | + - d/control: Add dh-apparmor build-dep |
959 | + - d/usr.lib.ipsec.{charon, lookip, stroke}: Add latest AppArmor profiles |
960 | + for charon, lookip and stroke |
961 | + - d/libcharon-extra-plugins.install: Install profile for lookip |
962 | + - d/strongswan-charon.install: Install profile for charon |
963 | + - d/strongswan-starter.install: Install profile for stroke |
964 | + - Fix strongswan ipsec status issue with apparmor |
965 | + - Fix Dep8 tests for the now extra strongswan-pki package for pki |
966 | + - Fix Dep8 tests for the now extra strongswan-scepclient package |
967 | + + d/rules: Sorted and only one enable option per configure line (in |
968 | + Debian) |
969 | + + Add updated logcheck rules (in Debian) |
970 | + - debian/libstrongswan.strongswan.logcheck.*: Remove outdated files |
971 | + - debian/strongswan.logcheck: Add updated logcheck rules |
972 | + + Add updated DEP8 tests (in Debian) |
973 | + - d/tests/*: Add DEP8 tests |
974 | + - d/control: Enable autotestpkg |
975 | + + d/rules: do not strip for library integrity checking (After Discussion |
976 | + with Debian this isn't acceptable there, but at the same time it turned |
977 | + out the real use-case of this never uses this lib but instead third |
978 | + party checks of checksums for e.g. FIPS cert; so drop the Delta) |
979 | + - Use override_dh_strip to to avoid overwriting user build flags. |
980 | + - Add missing mention of libchecksum integrity test in d/control |
981 | + + d/rules: Set TESTS_REDUCED_KEYLENGTHS to one generate smallest key-lengths |
982 | + in tests to avoid issues in low entropy environments. (Debian has |
983 | + disabled !x86 tests for the same reason, one solution is enough) |
984 | + |
985 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 04 May 2017 14:06:23 +0200 |
986 | + |
987 | strongswan (5.5.1-3) unstable; urgency=medium |
988 | |
989 | [ Christian Ehrhardt ] |
990 | @@ -326,6 +1237,136 @@ strongswan (5.5.1-2) unstable; urgency=medium |
991 | |
992 | -- Yves-Alexis Perez <corsac@debian.org> Wed, 07 Dec 2016 08:34:52 +0100 |
993 | |
994 | +strongswan (5.5.1-1ubuntu2) zesty; urgency=medium |
995 | + |
996 | + * Update Maintainers which was missed while merging 5.5.1-1. |
997 | + |
998 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Dec 2016 16:02:40 +0100 |
999 | + |
1000 | +strongswan (5.5.1-1ubuntu1) zesty; urgency=medium |
1001 | + |
1002 | + * Merge from Debian (complex delta, discussions and broken out changes can be |
1003 | + found in the merge proposal linked from the merge bug LP: #1631198) |
1004 | + * Remaining Changes: |
1005 | + + d/rules: Enforcing DEB_BUILD_OPTIONS=nostrip for library integrity |
1006 | + checking. |
1007 | + + d/rules: Set TESTS_REDUCED_KEYLENGTHS to one generate smallest key-lengths |
1008 | + in tests to avoid issues in low entropy environments. |
1009 | + + Update init/service handling |
1010 | + - d/rules: Change init/systemd program name to strongswan |
1011 | + - d/strongswan-starter.strongswan.service: Add new systemd file instead of |
1012 | + patching upstream |
1013 | + - d/strongswan-starter.links: Removed, use Ubuntu systemd file instead of |
1014 | + linking to upstream |
1015 | + - d/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call. |
1016 | + - d/strongswan-starter.prerm: Stop strongswan service on package |
1017 | + removal (as opposed to using the old init.d script). |
1018 | + + Clean up d/strongswan-starter.postinst: |
1019 | + - Removed section about runlevel changes |
1020 | + - Adapted service restart section for Upstart (kept to be Trusty |
1021 | + backportable). |
1022 | + - Remove old symlinks to init.d files is necessary. |
1023 | + - Removed further out-dated code |
1024 | + - Removed entire section on opportunistic encryption - this was never in |
1025 | + strongSwan. |
1026 | + + Add and install apparmor profiles |
1027 | + - d/rules: Install AppArmor profiles |
1028 | + - d/control: Add dh-apparmor build-dep |
1029 | + - d/usr.lib.ipsec.{charon, lookip, stroke}: Add latest AppArmor profiles |
1030 | + for charon, lookip and stroke |
1031 | + - d/libcharon-extra-plugins.install: Install profile for lookip |
1032 | + - d/strongswan-charon.install: Install profile for charon |
1033 | + - d/strongswan-starter.install: Install profile for stroke |
1034 | + + d/rules: Removed pieces on 'patching ipsec.conf' on build. |
1035 | + + d/rules: Sorted and only one enable option per configure line |
1036 | + + Mass enablement of extra plugins and features to allow a user to use |
1037 | + strongswan for a variety of use cases without having to rebuild. |
1038 | + - d/control: Add required additional build-deps |
1039 | + - d/rules: Enable features at configure stage |
1040 | + - d/control: Mention addtionally enabled plugins |
1041 | + - d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf) |
1042 | + - d/libstrongswan.install: Add plugins (so, conf) |
1043 | + + d/rules: Disable duplicheck as per |
1044 | + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718291#10 |
1045 | + + Remove ha plugin (requires special kernel) |
1046 | + - d/libcharon-extra-plugins.install: Stop installing ha (so, conf) |
1047 | + - d/rules: Do not enable ha plugin |
1048 | + - d/control: Drop listing the ha plugin in the package description |
1049 | + + Add plugin kernel-libipsec to allow the use of strongswan in containers |
1050 | + via this userspace implementation (please do note that this is still |
1051 | + considered experimental by upstream). |
1052 | + - d/libcharon-extra-plugins.install: Add kernel-libipsec components |
1053 | + - d/control: List kernel-libipsec plugin at extra plugins description |
1054 | + - d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As |
1055 | + upstream recommends to not load kernel-libipsec by default. |
1056 | + + Relocate tnc plugin |
1057 | + - debian/libcharon-extra-plugins.install: Drop tnc from extra plugins |
1058 | + - Add new subpackage for TNC in d/strongswan-tnc-* and d/control |
1059 | + + d/strongswan-starter.install: Install pool feature, that useful due to |
1060 | + having attr-sql plugin that is enabled now. |
1061 | + + Relocate plugins test-vectors and ccm from extra-plugins to libstrongswan |
1062 | + - d/libstrongswan-extra-plugins.install: Remove plugins |
1063 | + - d/libstrongswan.install: Add plugins |
1064 | + + d/libstrongswan.install: Reorder conf and .so alphabetically |
1065 | + + d/libstrongswan.install: Add kernel-netlink configuration files |
1066 | + + d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference. |
1067 | + + Add updated logcheck rules |
1068 | + - debian/libstrongswan.strongswan.logcheck.*: Remove outdated files |
1069 | + - debian/strongswan.logcheck: Add updated logcheck rules |
1070 | + + Add updated DEP8 tests |
1071 | + - d/tests/*: Add DEP8 tests |
1072 | + - d/control: Enable autotestpkg |
1073 | + + debian/patches/increase-bliss-test-timeout.patch: Under QEMU/KVM |
1074 | + autopkgtest the bliss test takes longer than the default |
1075 | + + Complete the disabling of libfast |
1076 | + - Note: This was partially accepted in Debian, it is no more |
1077 | + packaging medcli and medsrv, but still builds and mentions it |
1078 | + - d/rules: Add --disable-fast to avoid build time and dependencies |
1079 | + - d/control: Remove medcli, medsrv from package description |
1080 | + * Dropped Changes: |
1081 | + + Adding build-dep to iptables-dev (no change, was only in Changelog) |
1082 | + + Dropping of build deps libfcgi-dev, clearsilver-dev (in Debian) |
1083 | + + Adding strongswan-plugin-* virtual packages for dist-upgrade (no |
1084 | + upgrade path left needing them) |
1085 | + + Most of "disabling libfast" (Debian dropped it from package content) |
1086 | + + Transition for ipsec service (no upgrade path left) |
1087 | + + Reverted part of the cleanup to d/strongswan-starter.postinst as using |
1088 | + service should rather use invoke-rc.d (so it is a partial revert of our |
1089 | + delta) |
1090 | + + Transition handling (breaks/replaces) from per-plugin packages to the |
1091 | + three grouped plugin packages (no upgrade path left) |
1092 | + + debian/strongswan-starter.dirs: Don't touch /etc/init.d. (while "correct" |
1093 | + it is effectively a no-op still, so not worth the delta) |
1094 | + + Lower dpkg-dev to 1.16.1 from 1.16.2 to enable backporting to Precise |
1095 | + (no more needed) |
1096 | + + d/rules: Remove configure option --enable-unit-test (unit tests run by |
1097 | + default) |
1098 | + * Added Changes: |
1099 | + + Fix strongswan ipsec status issue with apparmor (LP: #1587886) |
1100 | + + d/control, d/libstrongswan.install, d/libstrongswan-extra-plugins: Fixup |
1101 | + the relocation of the ccm plugin which missed to move the conffiles. |
1102 | + + Complete move of test-vectors (was missing in d/control) |
1103 | + + Add now built (5.5.1 vs 5.3.5) mgf1 plugin to libstrongswan-extra-plugins. |
1104 | + "only" to extra-plugins Mgf1 is not listed as default plugin at |
1105 | + https://wiki.strongswan.org/projects/strongswan/wiki/Pluginlist. |
1106 | + + Add now built (5.5.1 vs 5.3.5) libraries libtpmtss and nttfft to |
1107 | + libstrongswan-extra-plugins. |
1108 | + + Add missing mention of md4 plugin in d/control |
1109 | + + Add missing mention of libchecksum integrity test in d/control |
1110 | + + Add rm_conffile for /etc/init.d/ipsec (transition from precies had |
1111 | + missed that) |
1112 | + + Use override_dh_strip to to fix library integrity checking instead of |
1113 | + DEB_BUILD_OPTION to avoid overwriting user build flags. |
1114 | + + d/control, d/libcharon-{extras,standard}-plugins.install: Move charon |
1115 | + plugins for the most common use cases from extra-plugins into a new |
1116 | + standard-plugins package. This will allow those use cases without pulling |
1117 | + in too much more plugins (a bit like the tnc package). Recommend that |
1118 | + package from strongswan-libcharon (LP: #1640826). |
1119 | + + Fix Dep8 tests for the now extra strongswan-pki package for pki |
1120 | + + Fix Dep8 tests for the now extra strongswan-scepclient package |
1121 | + |
1122 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 07 Nov 2016 16:16:41 +0100 |
1123 | + |
1124 | strongswan (5.5.1-1) unstable; urgency=medium |
1125 | |
1126 | * New upstream bugfix release. |
1127 | @@ -442,6 +1483,177 @@ strongswan (5.3.5-2) unstable; urgency=medium |
1128 | |
1129 | -- Yves-Alexis Perez <corsac@debian.org> Mon, 14 Mar 2016 23:53:34 +0100 |
1130 | |
1131 | +strongswan (5.3.5-1ubuntu4) yakkety; urgency=medium |
1132 | + |
1133 | + * Build-depend on libjson-c-dev instead of libjson0-dev. |
1134 | + * Rebuild against libjson-c3. |
1135 | + |
1136 | + -- Graham Inggs <ginggs@ubuntu.com> Fri, 29 Apr 2016 19:04:22 +0200 |
1137 | + |
1138 | +strongswan (5.3.5-1ubuntu3) xenial; urgency=medium |
1139 | + |
1140 | + * Rebuild against libmysqlclient20. |
1141 | + |
1142 | + -- Robie Basak <robie.basak@ubuntu.com> Tue, 05 Apr 2016 13:02:48 +0000 |
1143 | + |
1144 | +strongswan (5.3.5-1ubuntu2) xenial; urgency=medium |
1145 | + |
1146 | + * debian/tests/plugins: rdrand may or may not be loaded, depending on the |
1147 | + cpu features. |
1148 | + |
1149 | + -- Iain Lane <iain@orangesquash.org.uk> Mon, 22 Feb 2016 17:13:01 +0000 |
1150 | + |
1151 | +strongswan (5.3.5-1ubuntu1) xenial; urgency=medium |
1152 | + |
1153 | + * debian/{rules,control,libstrongswan-extra-plugins.install} |
1154 | + Enable bliss plugin |
1155 | + * debian/{rules,control,libstrongswan-extra-plugins.install} |
1156 | + Enable chapoly plugin |
1157 | + * debian/patches/dont-load-kernel-libipsec-plugin-by-default.patch |
1158 | + Upstream suggests to not load this plugin by default as it has |
1159 | + some limitations. |
1160 | + https://wiki.strongswan.org/projects/strongswan/wiki/Kernel-libipsec |
1161 | + * debian/patches/increase-bliss-test-timeout.patch |
1162 | + Under QEMU/KVM for autopkgtest bliss test takes a bit longer then default |
1163 | + * Update Apparmor profiles |
1164 | + - usr.lib.ipsec.charon |
1165 | + - add capability audit_write for xauth-pam (LP: #1470277) |
1166 | + - add capability dac_override (needed by agent plugin) |
1167 | + - allow priv dropping (LP: #1333655) |
1168 | + - allow caching CRLs (LP: #1505222) |
1169 | + - allow rw access to /dev/net/tun for kernel-libipsec (LP: #1309594) |
1170 | + - usr.lib.ipsec.stroke |
1171 | + - allow priv dropping (LP: #1333655) |
1172 | + - add local include |
1173 | + - usr.lib.ipsec.lookip |
1174 | + - add local include |
1175 | + * Merge from Debian, which includes fixes for all previous CVEs |
1176 | + Fixes (LP: #1330504, #1451091, #1448870, #1470277) |
1177 | + Remaining changes: |
1178 | + * debian/control |
1179 | + - Lower dpkg-dev to 1.16.1 from 1.16.2 to enable backporting to Precise |
1180 | + - Update Maintainer for Ubuntu |
1181 | + - Add build-deps |
1182 | + - dh-apparmor |
1183 | + - iptables-dev |
1184 | + - libjson0-dev |
1185 | + - libldns-dev |
1186 | + - libmysqlclient-dev |
1187 | + - libpcsclite-dev |
1188 | + - libsoup2.4-dev |
1189 | + - libtspi-dev |
1190 | + - libunbound-dev |
1191 | + - Drop build-deps |
1192 | + - libfcgi-dev |
1193 | + - clearsilver-dev |
1194 | + - Create virtual packages for all strongswan-plugin-* for dist-upgrade |
1195 | + - Set XS-Testsuite: autopkgtest |
1196 | + * debian/rules: |
1197 | + - Enforcing DEB_BUILD_OPTIONS=nostrip for library integrity checking. |
1198 | + - Set TESTS_REDUCED_KEYLENGTHS to one generate smallest key-lengths in |
1199 | + tests. |
1200 | + - Change init/systemd program name to strongswan |
1201 | + - Install AppArmor profiles |
1202 | + - Removed pieces on 'patching ipsec.conf' on build. |
1203 | + - Enablement of features per Ubuntu current config suggested from |
1204 | + upstream recommendation |
1205 | + - Unpack and sort enabled features to one-per-line |
1206 | + - Disable duplicheck as per |
1207 | + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718291#10 |
1208 | + - Disable libfast (--disable-fast): |
1209 | + Requires dropping medsrv, medcli plugins which depend on libfast |
1210 | + - Add configure options |
1211 | + --with-tss=trousers |
1212 | + - Remove configure options: |
1213 | + --enable-ha (requires special kernel) |
1214 | + --enable-unit-test (unit tests run by default) |
1215 | + - Drop logcheck install |
1216 | + * debian/tests/* |
1217 | + - Add DEP8 test for strongswan service and plugins |
1218 | + * debian/strongswan-starter.strongswan.service |
1219 | + - Add new systemd file instead of patching upstream |
1220 | + * debian/strongswan-starter.links |
1221 | + - removed, use Ubuntu systemd file instead of linking to upstream |
1222 | + * debian/usr.lib.ipsec.{charon, lookip, stroke} |
1223 | + - added AppArmor profiles for charon, lookip and stroke |
1224 | + * debian/libcharon-extra-plugins.install |
1225 | + - Add plugins |
1226 | + - kernel-libipsec.{so, lib, conf, apparmor} |
1227 | + - Remove plugins |
1228 | + - libstrongswan-ha.so |
1229 | + - Relocate plugins |
1230 | + - libstrongswan-tnc-tnccs.so (strongswan-tnc-base.install) |
1231 | + * debian/libstrongswan-extra-plugins.install |
1232 | + - Add plugins (so, lib, conf) |
1233 | + - acert |
1234 | + - attr-sql |
1235 | + - coupling |
1236 | + - dnscert |
1237 | + - fips-prf |
1238 | + - gmp |
1239 | + - ipseckey |
1240 | + - load-tester |
1241 | + - mysql |
1242 | + - ntru |
1243 | + - radattr |
1244 | + - soup |
1245 | + - sqlite |
1246 | + - sql |
1247 | + - systime-fix |
1248 | + - unbound |
1249 | + - whitelist |
1250 | + - Relocate plugins (so, lib, conf) |
1251 | + - ccm (libstrongswan.install) |
1252 | + - test-vectors (libstrongswan.install) |
1253 | + * debian/libstrongswan.install |
1254 | + - Sort sections |
1255 | + - Add plugins (so, lib, conf) |
1256 | + - libchecksum |
1257 | + - ccm |
1258 | + - eap-identity |
1259 | + - md4 |
1260 | + - test-vectors |
1261 | + * debian/strongswan-charon.install |
1262 | + - Add AppArmor profile for charon |
1263 | + * debian/strongswan-starter.install |
1264 | + - Add tools, manpages, conf |
1265 | + - openac |
1266 | + - pool |
1267 | + - _updown_espmark |
1268 | + - Add AppArmor profile for stroke |
1269 | + * debian/strongswan-tnc-base.install |
1270 | + - Add new subpackage for TNC |
1271 | + - remove non-existent (dropped in 5.2.1) libpts library files |
1272 | + * debian/strongswan-tnc-client.install |
1273 | + - Add new subpackage for TNC |
1274 | + * debian/strongswan-tnc-ifmap.install |
1275 | + - Add new subpackage for TNC |
1276 | + * debian/strongswan-tnc-pdp.install |
1277 | + - Add new subpackage for TNC |
1278 | + * debian/strongswan-tnc-server.install |
1279 | + - Add new subpackage for TNC |
1280 | + * debian/strongswan-starter.postinit: |
1281 | + - Removed section about runlevel changes, it's almost 2014. |
1282 | + - Adapted service restart section for Upstart. |
1283 | + - Remove old symlinks to init.d files is necessary. |
1284 | + * debian/strongswan-starter.dirs: Don't touch /etc/init.d. |
1285 | + * debian/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call. |
1286 | + * debian/strongswan-starter.prerm: Stop strongswan service on package |
1287 | + removal (as opposed to using the old init.d script). |
1288 | + * debian/libstrongswan.strongswan.logcheck combined into debian/strongswan.logcheck |
1289 | + - logcheck patterns updated to be helpful |
1290 | + * debian/strongswan-starter.postinst: Removed further out-dated code and |
1291 | + entire section on opportunistic encryption - this was never in strongSwan. |
1292 | + * debian/ipsec.secrets.proto: Removed ipsec.secrets.inc reference. |
1293 | + Drop changes: |
1294 | + * debian/control |
1295 | + - Per-plugin package breakup: Reducing packaging delta from Debian |
1296 | + - Don't build dhcp, farp subpackages: Reduce packging delta from Debian |
1297 | + * debian/watch: Already exists in Debian merge |
1298 | + * debian/upstream/signing-key.asc: Upstream has newer version. |
1299 | + |
1300 | + -- Ryan Harper <ryan.harper@canonical.com> Fri, 12 Feb 2016 11:24:53 -0600 |
1301 | + |
1302 | strongswan (5.3.5-1) unstable; urgency=medium |
1303 | |
1304 | * New upstream bugfix release. |
1305 | @@ -714,6 +1926,210 @@ strongswan (5.1.2-1) unstable; urgency=medium |
1306 | |
1307 | -- Yves-Alexis Perez <corsac@debian.org> Wed, 12 Mar 2014 11:22:38 +0100 |
1308 | |
1309 | +strongswan (5.1.2-0ubuntu8) xenial; urgency=medium |
1310 | + |
1311 | + * Import FTBFS for s390x from Debian 5.1.2-3 upload. (LP: #1521240) |
1312 | + |
1313 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 30 Nov 2015 15:46:06 +0000 |
1314 | + |
1315 | +strongswan (5.1.2-0ubuntu7) xenial; urgency=medium |
1316 | + |
1317 | + * SECURITY UPDATE: authentication bypass in eap-mschapv2 plugin |
1318 | + - debian/patches/CVE-2015-8023.patch: only succeed authentication if |
1319 | + MSK was established in |
1320 | + src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c. |
1321 | + - CVE-2015-8023 |
1322 | + * debian/patches/disable_ntru_test.patch: disable test causing FTBFS |
1323 | + until regression is properly investigated. |
1324 | + |
1325 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 19 Nov 2015 14:00:17 -0500 |
1326 | + |
1327 | +strongswan (5.1.2-0ubuntu6) wily; urgency=medium |
1328 | + |
1329 | + * SECURITY UPDATE: user credential disclosure to rogue servers |
1330 | + - debian/patches/CVE-2015-4171.patch: enforce remote authentication |
1331 | + config before proceeding with own authentication in |
1332 | + src/libcharon/sa/ikev2/tasks/ike_auth.c. |
1333 | + - CVE-2015-4171 |
1334 | + * debian/rules: don't FTBFS from unused service file |
1335 | + |
1336 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 08 Jun 2015 12:50:38 -0400 |
1337 | + |
1338 | +strongswan (5.1.2-0ubuntu5) vivid; urgency=medium |
1339 | + |
1340 | + * Add a systemd unit corresponding to strongswan-starter.strongswan.upstart. |
1341 | + |
1342 | + -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 16 Jan 2015 08:27:54 +0100 |
1343 | + |
1344 | +strongswan (5.1.2-0ubuntu4) vivid; urgency=medium |
1345 | + |
1346 | + * SECURITY UPDATE: denial of service via DH group 1025 |
1347 | + - debian/patches/CVE-2014-9221.patch: define MODP_CUSTOM outside of |
1348 | + IKE DH range in src/libstrongswan/crypto/diffie_hellman.c, |
1349 | + src/libstrongswan/crypto/diffie_hellman.h. |
1350 | + - CVE-2014-9221 |
1351 | + |
1352 | + -- Tyler Hicks <tyhicks@canonical.com> Mon, 05 Jan 2015 08:25:29 -0500 |
1353 | + |
1354 | +strongswan (5.1.2-0ubuntu3) utopic; urgency=low |
1355 | + |
1356 | + * Added "libgcrypt20-dev | libgcrypt11-dev" to build dependencies to fix |
1357 | + build. |
1358 | + |
1359 | + -- Jonathan Davies <jonathan.davies@canonical.com> Wed, 15 Oct 2014 16:49:18 +0000 |
1360 | + |
1361 | +strongswan (5.1.2-0ubuntu2) trusty; urgency=medium |
1362 | + |
1363 | + * SECURITY UPDATE: remote authentication bypass |
1364 | + - debian/patches/CVE-2014-2338.patch: reject CREATE_CHILD_SA exchange |
1365 | + on unestablished IKE_SAs in src/libcharon/sa/ikev2/task_manager_v2.c. |
1366 | + - CVE-2014-2338 |
1367 | + |
1368 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Apr 2014 11:24:34 -0400 |
1369 | + |
1370 | +strongswan (5.1.2-0ubuntu1) trusty; urgency=low |
1371 | + |
1372 | + * New upstream release. |
1373 | + |
1374 | + -- Jonathan Davies <jonathan.davies@canonical.com> Sat, 01 Mar 2014 08:53:17 +0000 |
1375 | + |
1376 | +strongswan (5.1.2~rc2-0ubuntu2) trusty; urgency=low |
1377 | + |
1378 | + * debian/ipsec.secrets.proto: Removed ipsec.secrets.inc reference. |
1379 | + * debian/usr.lib.ipsec.charon: Allow read access to /run/charon. |
1380 | + |
1381 | + -- Jonathan Davies <jonathan.davies@canonical.com> Wed, 19 Feb 2014 13:07:16 +0000 |
1382 | + |
1383 | +strongswan (5.1.2~rc2-0ubuntu1) trusty; urgency=low |
1384 | + |
1385 | + * New upstream release candidate. |
1386 | + |
1387 | + -- Jonathan Davies <jonathan.davies@canonical.com> Wed, 19 Feb 2014 12:59:21 +0000 |
1388 | + |
1389 | +strongswan (5.1.2~rc1-0ubuntu4) trusty; urgency=medium |
1390 | + |
1391 | + * debian/strongswan-tnc-*.install: Fixed files so libraries go into correct |
1392 | + packages. |
1393 | + * debian/usr.lib.ipsec.stroke: Allow access to strongswan.d directories. |
1394 | + |
1395 | + -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 17 Feb 2014 18:12:38 +0000 |
1396 | + |
1397 | +strongswan (5.1.2~rc1-0ubuntu3) trusty; urgency=low |
1398 | + |
1399 | + * debian/rules: Exclude rdrand.conf in dh_install's --fail-missing. |
1400 | + |
1401 | + -- Jonathan Davies <jonathan.davies@canonical.com> Sat, 15 Feb 2014 15:46:46 +0000 |
1402 | + |
1403 | +strongswan (5.1.2~rc1-0ubuntu2) trusty; urgency=low |
1404 | + |
1405 | + * debian/libstrongswan.install: Moved rdrand plugin configuration to rules |
1406 | + as it's only useful on amd64. |
1407 | + * debian/watch: Added opts=pgpsigurlmangle option. |
1408 | + * debian/upstream/signing-key.asc: Added key: 0xB34DBA77. |
1409 | + |
1410 | + -- Jonathan Davies <jonathan.davies@canonical.com> Sat, 15 Feb 2014 15:32:10 +0000 |
1411 | + |
1412 | +strongswan (5.1.2~rc1-0ubuntu1) trusty; urgency=medium |
1413 | + |
1414 | + * New upstream release candidate. |
1415 | + * debian/*.install - include new configuration files for plugins in |
1416 | + appropiate packages. |
1417 | + |
1418 | + -- Jonathan Davies <jonathan.davies@canonical.com> Sat, 15 Feb 2014 15:03:14 +0000 |
1419 | + |
1420 | +strongswan (5.1.2~dr3+git20130120-0ubuntu3) trusty; urgency=low |
1421 | + |
1422 | + * debian/control: |
1423 | + - Added Breaks/Replaces for all library files which have been moved |
1424 | + about (LP: #1278176). |
1425 | + - Removed build-dependency on check and added one on dh-apparmor. |
1426 | + * debian/strongswan-starter.postinst: Removed further out-dated code and |
1427 | + entire section on opportunistic encryption - this was never in strongSwan. |
1428 | + * debian/rules: Removed pieces on 'patching ipsec.conf' on build. |
1429 | + |
1430 | + -- Jonathan Davies <jonathan.davies@canonical.com> Sun, 09 Feb 2014 23:53:23 +0000 |
1431 | + |
1432 | +strongswan (5.1.2~dr3+git20130120-0ubuntu2) trusty; urgency=low |
1433 | + |
1434 | + * debian/control: Fixed references to plugin-fips-prf. |
1435 | + |
1436 | + -- Jonathan Davies <jonathan.davies@canonical.com> Wed, 22 Jan 2014 11:22:14 +0000 |
1437 | + |
1438 | +strongswan (5.1.2~dr3+git20130120-0ubuntu1) trusty; urgency=low |
1439 | + |
1440 | + * Upstream Git snapshot for build fixes with regards to entropy. |
1441 | + * debian/rules: |
1442 | + - Enforcing DEB_BUILD_OPTIONS=nostrip for library integrity checking. |
1443 | + - Set TESTS_REDUCED_KEYLENGTHS to one generate smallest key-lengths in |
1444 | + tests. |
1445 | + |
1446 | + -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 20 Jan 2014 19:00:59 +0000 |
1447 | + |
1448 | +strongswan (5.1.2~dr3-0ubuntu1) trusty; urgency=low |
1449 | + |
1450 | + * New upstream developer release. |
1451 | + * Made changes to packaging per upstream suggestions. |
1452 | + - Dropped medcli and medsrv packages - not recommended by upstream at this |
1453 | + time. |
1454 | + - Dropped ha plugin - needs special kernel. |
1455 | + - Improved all package descriptions in general. |
1456 | + - Drop build-dep on clearsilver-dev and libfcgi-dev - no longer needed. |
1457 | + - Removed debian/*logcheck* files - not relevant to strongSwan. |
1458 | + - Split dhcp and farp packages into sub-packages. |
1459 | + - Build kernel-libipsec, ntru, systime-fix, and xauth-noauth plugins. |
1460 | + - Changes to TNC-related packages. |
1461 | + * Created AppArmor profiles for lookip and stroke. |
1462 | + |
1463 | + -- Jonathan Davies <jonathan.davies@canonical.com> Wed, 15 Jan 2014 22:52:53 +0000 |
1464 | + |
1465 | +strongswan (5.1.2~dr2+git20130106-0ubuntu2) trusty; urgency=low |
1466 | + |
1467 | + * libstrongswan.install: Removed lingering unit-tester.so reference. |
1468 | + |
1469 | + -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 06 Jan 2014 20:29:59 +0000 |
1470 | + |
1471 | +strongswan (5.1.2~dr2+git20130106-0ubuntu1) trusty; urgency=low |
1472 | + |
1473 | + * Git snapshot of commit 94e10f15e51ead788d9947e966878ebfdc95b7ce. |
1474 | + Incorporates upstream fixes for: |
1475 | + - Integrity testing. |
1476 | + - Unit test failures on little endian systems. |
1477 | + * Dropped debian/patches/02_test_asn1_fix_32bit_time_test.patch - fixed |
1478 | + upstream. |
1479 | + * debian/rules: |
1480 | + - Stop using CK_TIMEOUT_MULTIPLIER. |
1481 | + - Stop enabling the test suite only on non-powerpc arches (it runs |
1482 | + anyway). |
1483 | + |
1484 | + -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 06 Jan 2014 20:17:20 +0000 |
1485 | + |
1486 | +strongswan (5.1.2~dr2-0ubuntu3) trusty; urgency=low |
1487 | + |
1488 | + * debian/control: Reinstate missing comma in dependencies. |
1489 | + |
1490 | + -- Jonathan Davies <jonathan.davies@canonical.com> Fri, 03 Jan 2014 05:39:13 +0000 |
1491 | + |
1492 | +strongswan (5.1.2~dr2-0ubuntu2) trusty; urgency=low |
1493 | + |
1494 | + * Added debian/patches/02_test_asn1_fix_32bit_time_test.patch - fixes issue |
1495 | + where test for >2038 tests on 32-bit platforms is broken. |
1496 | + - Reported upstream: https://wiki.strongswan.org/issues/477 |
1497 | + * debian/control: Added strongswan-plugin-ntru to strongswan-ike Suggests. |
1498 | + |
1499 | + -- Jonathan Davies <jonathan.davies@canonical.com> Fri, 03 Jan 2014 05:02:32 +0000 |
1500 | + |
1501 | +strongswan (5.1.2~dr2-0ubuntu1) trusty; urgency=low |
1502 | + |
1503 | + * New upstream developer release. |
1504 | + * debian/rules: Configure with: --enable-af-alg, --enable-ntru, --enable-soup, |
1505 | + and --enable-unity. |
1506 | + * debian/control: |
1507 | + - New plugin packages created for the above |
1508 | + - Split fips-prf into its own package. |
1509 | + - Added build-dependency on libsoup2.4-dev. |
1510 | + |
1511 | + -- Jonathan Davies <jonathan.davies@canonical.com> Thu, 02 Jan 2014 17:37:33 +0000 |
1512 | + |
1513 | strongswan (5.1.1-3) unstable; urgency=low |
1514 | |
1515 | * Upload to unstable. |
1516 | @@ -805,6 +2221,192 @@ strongswan (5.1.1-1) unstable; urgency=low |
1517 | |
1518 | -- Yves-Alexis Perez <corsac@debian.org> Fri, 24 Jan 2014 21:22:32 +0100 |
1519 | |
1520 | +strongswan (5.1.1-0ubuntu17) trusty; urgency=low |
1521 | + |
1522 | + * debian/control: |
1523 | + - Make strongswan-ike depend on iproute2. |
1524 | + - Added xauth plugin dependency on strongswan-plugin-eap-gtc. |
1525 | + - Created strongswan-libfast package. |
1526 | + |
1527 | + -- Jonathan Davies <jonathan.davies@canonical.com> Wed, 01 Jan 2014 17:04:45 +0000 |
1528 | + |
1529 | +strongswan (5.1.1-0ubuntu16) trusty; urgency=low |
1530 | + |
1531 | + * debian/control: |
1532 | + - Further splitting of plugins into subpackages (such as all EAP plugins |
1533 | + to their own packages). |
1534 | + - Added libpcsclite-dev to build-dependencies. |
1535 | + * debian/rules: |
1536 | + - Sort configure options in alphabetical order. |
1537 | + - Added configure option of --enable-eap-aka-3gpp2, --enable-eap-dynamic, |
1538 | + --enable-eap-sim-file, --enable-eap-sim-pcsc, |
1539 | + --enable-eap-simaka-pseudonym, --enable-eap-simaka-reauth and |
1540 | + --enable-eap-simaka-sql. |
1541 | + - Don't exclude medsrv from install. |
1542 | + * Moved eap-identity.so to libstrongswan package as it's used by all the |
1543 | + other EAP plugins. |
1544 | + |
1545 | + -- Jonathan Davies <jonathan.davies@canonical.com> Tue, 31 Dec 2013 21:25:50 +0000 |
1546 | + |
1547 | +strongswan (5.1.1-0ubuntu15) trusty; urgency=low |
1548 | + |
1549 | + * debian/control: |
1550 | + - Split plugins from libstrongswan package into modular subpackages. |
1551 | + - Added libmysqlclient-dev to build-dependencies. |
1552 | + - strongswan-ike: Set to depend on either strongswan-plugins-openssl or |
1553 | + strongswan-plugins-gcrypt. |
1554 | + - strongswan-ike: All other plugins added to Suggests. |
1555 | + - Created two new TNC packages: strongswan-tnc-ifmap and |
1556 | + strongswan-tnc-pdp and added to tnc-imcvs Suggests. |
1557 | + * debian/rules: Added to CONFIGUREARGS: --enable-certexpire, |
1558 | + --enable-error-notify, --enable-mysql, --enable-load-tester, |
1559 | + --enable-radattr, --enable-tnc-pdp, and --enable-whitelist. |
1560 | + * debian/strongswan-ike.install: Moved eap-identity.so to -tnc-imcvs package. |
1561 | + |
1562 | + -- Jonathan Davies <jonathan.davies@canonical.com> Tue, 31 Dec 2013 16:15:32 +0000 |
1563 | + |
1564 | +strongswan (5.1.1-0ubuntu14) trusty; urgency=low |
1565 | + |
1566 | + * debian/rules: |
1567 | + - CK_TIMEOUT_MULTIPLIER back down to 6. |
1568 | + - Disable unit tests on powerpc. |
1569 | + |
1570 | + -- Jonathan Davies <jonathan.davies@canonical.com> Tue, 31 Dec 2013 07:39:48 +0000 |
1571 | + |
1572 | +strongswan (5.1.1-0ubuntu13) trusty; urgency=low |
1573 | + |
1574 | + * debian/rules: CK_TIMEOUT_MULTIPLIER to 10 as just powerppc is being stubborn. |
1575 | + |
1576 | + -- Jonathan Davies <jonathan.davies@canonical.com> Tue, 31 Dec 2013 07:23:42 +0000 |
1577 | + |
1578 | +strongswan (5.1.1-0ubuntu12) trusty; urgency=low |
1579 | + |
1580 | + * debian/rules: Bring CK_TIMEOUT_MULTIPLIER up to 6 to fix powerppc and |
1581 | + armhf. |
1582 | + |
1583 | + -- Jonathan Davies <jonathan.davies@canonical.com> Tue, 31 Dec 2013 07:03:40 +0000 |
1584 | + |
1585 | +strongswan (5.1.1-0ubuntu11) trusty; urgency=low |
1586 | + |
1587 | + * 02_increase-test_rsa_generate-timeout.patch: Removed - only fixed build on |
1588 | + one extra arch. |
1589 | + * debian/rules: Set CK_TIMEOUT_MULTIPLIER to 4. |
1590 | + |
1591 | + -- Jonathan Davies <jonathan.davies@canonical.com> Tue, 31 Dec 2013 06:51:47 +0000 |
1592 | + |
1593 | +strongswan (5.1.1-0ubuntu10) trusty; urgency=low |
1594 | + |
1595 | + * debian/patches: Added patch 02_increase-test_rsa_generate-timeout.patch - |
1596 | + - Increases RSA key generate test timeout to 30 seconds so that it doesn't |
1597 | + fail on armhf, arm64, and powerppc. |
1598 | + * Contrary to what the last changelog entry says, we are still running |
1599 | + strongswan as root (with AppArmor protection). |
1600 | + |
1601 | + -- Jonathan Davies <jonathan.davies@canonical.com> Tue, 31 Dec 2013 06:06:47 +0000 |
1602 | + |
1603 | +strongswan (5.1.1-0ubuntu9) trusty; urgency=low |
1604 | + |
1605 | + * debian/rules: Added to configure options: |
1606 | + - --enable-tnc-ifmap: enable TNC IF-MAP module. |
1607 | + - --enable-duplicheck: enable duplicheck plugin. |
1608 | + - --enable-imv-swid, --enable-imc-swid: Added. |
1609 | + - Run strongswan as it's own user. |
1610 | + * debian/strongswan-starter.install: Install duplicheck. |
1611 | + * debian/strongswan-tnc-imcvs.install: Install swidtags. |
1612 | + |
1613 | + -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 30 Dec 2013 19:33:27 +0000 |
1614 | + |
1615 | +strongswan (5.1.1-0ubuntu8) trusty; urgency=low |
1616 | + |
1617 | + * debian/rules: Added to configure options: |
1618 | + - --enable-unit-tests: check unit testing on build. |
1619 | + - --enable-unbound: for validating DNS lookups. |
1620 | + - --enable-dnscert: for DNSCERT peer authentication. |
1621 | + - --enable-ipseckey: for IPSEC key authentication. |
1622 | + - --enable-lookip: for LookIP functionality. |
1623 | + - --enable-coupling: certificate coupling functionality. |
1624 | + * debian/control: Added check, libldns-dev, libunbound-dev to |
1625 | + build-dependencies. |
1626 | + * debian/libstrongswan.install: Install new plugin .so's. |
1627 | + * debian/strongswan-starter.install: Added lookip. |
1628 | + |
1629 | + -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 30 Dec 2013 17:52:07 +0000 |
1630 | + |
1631 | +strongswan (5.1.1-0ubuntu7) trusty; urgency=low |
1632 | + |
1633 | + * strongswan-starter.install: Moved pt-tls-client to tnc-imcvs (to prevent |
1634 | + the former from depending on the latter). |
1635 | + |
1636 | + -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 30 Dec 2013 17:30:19 +0000 |
1637 | + |
1638 | +strongswan (5.1.1-0ubuntu6) trusty; urgency=low |
1639 | + |
1640 | + * debian/strongswan-starter.prerm: Stop strongswan service on package |
1641 | + removal (as opposed to using the old init.d script). |
1642 | + |
1643 | + -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 30 Dec 2013 17:22:10 +0000 |
1644 | + |
1645 | +strongswan (5.1.1-0ubuntu5) trusty; urgency=low |
1646 | + |
1647 | + * debian/rules: |
1648 | + - CONFIGUREARGS: Merged Debian and RPM options. |
1649 | + - Brings in TNC functionality. |
1650 | + * debian/control: |
1651 | + - Added build-dependency on libtspi-dev. |
1652 | + - Created strongswan-tnc-imcvs binary package for TNC components. |
1653 | + - Added strongswan-tnc-imcvs to libstrongswan's Suggests. |
1654 | + * debian/libstrongswan.install: |
1655 | + - Included newly built MD4 and SQLite libraries. |
1656 | + - Removed 'tnc' references (moved to TNC package). |
1657 | + * debian/strongswan-tnc-imcvs.install: Created - handle new TNC libraries and |
1658 | + binaries. |
1659 | + * debian/usr.lib.ipsec.charon: Allow access to TNC modules. |
1660 | + |
1661 | + -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 30 Dec 2013 14:05:43 +0000 |
1662 | + |
1663 | +strongswan (5.1.1-0ubuntu4) trusty; urgency=low |
1664 | + |
1665 | + * debian/usr.lib.ipsec.charon: Added - AppArmor profile for charon. |
1666 | + * debian/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call. |
1667 | + * debian/control: strongswan-ike - Stop depending on ipsec-tools. |
1668 | + |
1669 | + -- Jonathan Davies <jonathan.davies@canonical.com> Mon, 30 Dec 2013 05:35:17 +0000 |
1670 | + |
1671 | +strongswan (5.1.1-0ubuntu3) trusty; urgency=low |
1672 | + |
1673 | + * strongswan-starter.strongswan.upstart - Only start strongSwan when a |
1674 | + network connection is available. |
1675 | + * debian/control: Downgrade build-dep version of dpkg-dev from 1.16.2 to |
1676 | + 1.16.1 - to make precise backporting easier. |
1677 | + |
1678 | + -- Jonathan Davies <jonathan.davies@canonical.com> Thu, 12 Dec 2013 10:43:15 +0000 |
1679 | + |
1680 | +strongswan (5.1.1-0ubuntu2) trusty; urgency=low |
1681 | + |
1682 | + * strongswan-starter.strongswan.upstart - Created Upstart job for |
1683 | + strongSwan. |
1684 | + * debian/rules: Set dh_installinit to install above file. |
1685 | + * debian/strongswan-starter.postinit: |
1686 | + - Removed section about runlevel changes, it's almost 2014. |
1687 | + - Adapted service restart section for Upstart. |
1688 | + - Remove old symlinks to init.d files is necessary. |
1689 | + * debian/strongswan-starter.dirs: Don't touch /etc/init.d. |
1690 | + |
1691 | + -- Jonathan Davies <jonathan.davies@canonical.com> Wed, 11 Dec 2013 23:10:28 +0000 |
1692 | + |
1693 | +strongswan (5.1.1-0ubuntu1) trusty; urgency=low |
1694 | + |
1695 | + * New upstream release. |
1696 | + * Removed: debian/patches/CVE-2013-6075, CVE-2013-6076.patch - upsteamed. |
1697 | + * debian/control: Updated Standards-Version to 3.9.5 and applied |
1698 | + XSBC-Original-Maintainer policy. |
1699 | + * strongswan-starter.install: |
1700 | + - pki tool is now in /usr/bin. |
1701 | + - Install pt-tls-client. |
1702 | + - Install manpages (LP: #1206263). |
1703 | + |
1704 | + -- Jonathan Davies <jpds@ubuntu.com> Sun, 01 Dec 2013 17:43:59 +0000 |
1705 | + |
1706 | strongswan (5.1.0-3) unstable; urgency=high |
1707 | |
1708 | * urgency=high for the security fixes. |
1709 | diff --git a/debian/control b/debian/control |
1710 | index 9c0d909..fbd59a0 100644 |
1711 | --- a/debian/control |
1712 | +++ b/debian/control |
1713 | @@ -1,7 +1,8 @@ |
1714 | Source: strongswan |
1715 | Section: net |
1716 | Priority: optional |
1717 | -Maintainer: strongSwan Maintainers <pkg-swan-devel@lists.alioth.debian.org> |
1718 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
1719 | +XSBC-Original-Maintainer: strongSwan Maintainers <pkg-swan-devel@lists.alioth.debian.org> |
1720 | Uploaders: Yves-Alexis Perez <corsac@debian.org> |
1721 | Standards-Version: 4.5.0 |
1722 | Vcs-Browser: https://salsa.debian.org/debian/strongswan |
1723 | @@ -135,6 +136,7 @@ Description: strongSwan utility and crypto library (extra plugins) |
1724 | - gcrypt (Crypto backend based on libgcrypt, provides |
1725 | RSA/DH/ciphers/hashers/rng) |
1726 | - ldap (LDAP fetching plugin based on libldap) |
1727 | + - ntru (key exchanged based on post-quantum computer NTRU) |
1728 | - padlock (VIA padlock crypto backend, provides AES128/SHA1) |
1729 | - pkcs11 (PKCS#11 smartcard backend) |
1730 | - rdrand (High quality / high performance random source using the Intel |
1731 | @@ -202,6 +204,9 @@ Description: strongSwan charon library (extra plugins) |
1732 | - unity (Cisco Unity extensions for IKEv1) |
1733 | - xauth-eap (XAuth backend that uses EAP methods to verify passwords) |
1734 | - xauth-pam (XAuth backend that uses PAM modules to verify passwords) |
1735 | + - eap-dynamic (EAP proxy plugin that dynamically selects an EAP method |
1736 | + requested/supported by the client (since 5.0.1)) |
1737 | + - eap-peap (EAP-PEAP protocol handler, wraps other EAP methods securely) |
1738 | |
1739 | Package: strongswan-starter |
1740 | Architecture: any |
1741 | @@ -209,9 +214,9 @@ Pre-Depends: ${misc:Pre-Depends} |
1742 | Depends: adduser, |
1743 | libstrongswan (= ${binary:Version}), |
1744 | lsb-base (>= 3.0-6), |
1745 | + strongswan-charon, |
1746 | ${misc:Depends}, |
1747 | ${shlibs:Depends} |
1748 | -Recommends: strongswan-charon |
1749 | Conflicts: openswan |
1750 | Description: strongSwan daemon starter and configuration file parser |
1751 | The strongSwan VPN suite uses the native IPsec stack in the standard |
1752 | @@ -250,9 +255,9 @@ Architecture: any |
1753 | Pre-Depends: debconf | debconf-2.0 |
1754 | Depends: iproute2 [linux-any] | iproute [linux-any], |
1755 | libstrongswan (= ${binary:Version}), |
1756 | - strongswan-starter, |
1757 | ${misc:Depends}, |
1758 | ${shlibs:Depends} |
1759 | +Recommends: strongswan-starter, |
1760 | Provides: ike-server |
1761 | Description: strongSwan Internet Key Exchange daemon |
1762 | The strongSwan VPN suite uses the native IPsec stack in the standard |
1763 | diff --git a/debian/libcharon-extra-plugins.install b/debian/libcharon-extra-plugins.install |
1764 | index 7765f20..cc0bf6f 100644 |
1765 | --- a/debian/libcharon-extra-plugins.install |
1766 | +++ b/debian/libcharon-extra-plugins.install |
1767 | @@ -2,9 +2,11 @@ |
1768 | usr/lib/ipsec/plugins/libstrongswan-addrblock.so |
1769 | usr/lib/ipsec/plugins/libstrongswan-certexpire.so |
1770 | usr/lib/ipsec/plugins/libstrongswan-eap-aka.so |
1771 | +usr/lib/ipsec/plugins/libstrongswan-eap-dynamic.so |
1772 | usr/lib/ipsec/plugins/libstrongswan-eap-gtc.so |
1773 | usr/lib/ipsec/plugins/libstrongswan-eap-identity.so |
1774 | usr/lib/ipsec/plugins/libstrongswan-eap-md5.so |
1775 | +usr/lib/ipsec/plugins/libstrongswan-eap-peap.so |
1776 | usr/lib/ipsec/plugins/libstrongswan-eap-radius.so |
1777 | usr/lib/ipsec/plugins/libstrongswan-eap-tls.so |
1778 | usr/lib/ipsec/plugins/libstrongswan-eap-tnc.so |
1779 | @@ -24,9 +26,11 @@ usr/lib/ipsec/plugins/libstrongswan-xauth-pam.so |
1780 | usr/share/strongswan/templates/config/plugins/addrblock.conf |
1781 | usr/share/strongswan/templates/config/plugins/certexpire.conf |
1782 | usr/share/strongswan/templates/config/plugins/eap-aka.conf |
1783 | +usr/share/strongswan/templates/config/plugins/eap-dynamic.conf |
1784 | usr/share/strongswan/templates/config/plugins/eap-gtc.conf |
1785 | usr/share/strongswan/templates/config/plugins/eap-identity.conf |
1786 | usr/share/strongswan/templates/config/plugins/eap-md5.conf |
1787 | +usr/share/strongswan/templates/config/plugins/eap-peap.conf |
1788 | usr/share/strongswan/templates/config/plugins/eap-radius.conf |
1789 | usr/share/strongswan/templates/config/plugins/eap-tls.conf |
1790 | usr/share/strongswan/templates/config/plugins/eap-tnc.conf |
1791 | @@ -47,9 +51,11 @@ etc/strongswan.d/tnc.conf |
1792 | etc/strongswan.d/charon/addrblock.conf |
1793 | etc/strongswan.d/charon/certexpire.conf |
1794 | etc/strongswan.d/charon/eap-aka.conf |
1795 | +etc/strongswan.d/charon/eap-dynamic.conf |
1796 | etc/strongswan.d/charon/eap-gtc.conf |
1797 | etc/strongswan.d/charon/eap-identity.conf |
1798 | etc/strongswan.d/charon/eap-md5.conf |
1799 | +etc/strongswan.d/charon/eap-peap.conf |
1800 | etc/strongswan.d/charon/eap-radius.conf |
1801 | etc/strongswan.d/charon/eap-tls.conf |
1802 | etc/strongswan.d/charon/eap-tnc.conf |
1803 | diff --git a/debian/libcharon-extra-plugins.maintscript b/debian/libcharon-extra-plugins.maintscript |
1804 | new file mode 100644 |
1805 | index 0000000..f6e7a3a |
1806 | --- /dev/null |
1807 | +++ b/debian/libcharon-extra-plugins.maintscript |
1808 | @@ -0,0 +1,8 @@ |
1809 | +rm_conffile /etc/strongswan.d/charon/eap-aka-3gpp2.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins |
1810 | +rm_conffile /etc/strongswan.d/charon/eap-sim-file.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins |
1811 | +rm_conffile /etc/strongswan.d/charon/eap-sim-pcsc.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins |
1812 | +rm_conffile /etc/strongswan.d/charon/eap-sim.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins |
1813 | +rm_conffile /etc/strongswan.d/charon/eap-simaka-pseudonym.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins |
1814 | +rm_conffile /etc/strongswan.d/charon/eap-simaka-reauth.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins |
1815 | +rm_conffile /etc/strongswan.d/charon/eap-simaka-sql.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins |
1816 | +rm_conffile /etc/strongswan.d/charon/xauth-noauth.conf 5.8.4-1ubuntu2~ libcharon-extra-plugins |
1817 | diff --git a/debian/libstrongswan-extra-plugins.install b/debian/libstrongswan-extra-plugins.install |
1818 | index 2846e21..8f71239 100644 |
1819 | --- a/debian/libstrongswan-extra-plugins.install |
1820 | +++ b/debian/libstrongswan-extra-plugins.install |
1821 | @@ -9,6 +9,7 @@ usr/lib/ipsec/plugins/libstrongswan-curl.so |
1822 | usr/lib/ipsec/plugins/libstrongswan-curve25519.so |
1823 | usr/lib/ipsec/plugins/libstrongswan-gcrypt.so |
1824 | usr/lib/ipsec/plugins/libstrongswan-ldap.so |
1825 | +usr/lib/ipsec/plugins/libstrongswan-ntru.so |
1826 | usr/lib/ipsec/plugins/libstrongswan-pkcs11.so |
1827 | usr/lib/ipsec/plugins/libstrongswan-test-vectors.so |
1828 | usr/lib/ipsec/plugins/libstrongswan-tpm.so |
1829 | @@ -21,6 +22,7 @@ usr/share/strongswan/templates/config/plugins/curl.conf |
1830 | usr/share/strongswan/templates/config/plugins/curve25519.conf |
1831 | usr/share/strongswan/templates/config/plugins/gcrypt.conf |
1832 | usr/share/strongswan/templates/config/plugins/ldap.conf |
1833 | +usr/share/strongswan/templates/config/plugins/ntru.conf |
1834 | usr/share/strongswan/templates/config/plugins/pkcs11.conf |
1835 | usr/share/strongswan/templates/config/plugins/test-vectors.conf |
1836 | usr/share/strongswan/templates/config/plugins/tpm.conf |
1837 | @@ -32,6 +34,7 @@ etc/strongswan.d/charon/curl.conf |
1838 | etc/strongswan.d/charon/curve25519.conf |
1839 | etc/strongswan.d/charon/gcrypt.conf |
1840 | etc/strongswan.d/charon/ldap.conf |
1841 | +etc/strongswan.d/charon/ntru.conf |
1842 | etc/strongswan.d/charon/pkcs11.conf |
1843 | etc/strongswan.d/charon/test-vectors.conf |
1844 | etc/strongswan.d/charon/tpm.conf |
1845 | diff --git a/debian/rules b/debian/rules |
1846 | index eacfe14..25cbede 100755 |
1847 | --- a/debian/rules |
1848 | +++ b/debian/rules |
1849 | @@ -15,9 +15,11 @@ CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \ |
1850 | --enable-curl \ |
1851 | --enable-eap-aka \ |
1852 | --enable-eap-gtc \ |
1853 | + --enable-eap-dynamic \ |
1854 | --enable-eap-identity \ |
1855 | --enable-eap-md5 \ |
1856 | --enable-eap-mschapv2 \ |
1857 | + --enable-eap-peap \ |
1858 | --enable-eap-radius \ |
1859 | --enable-eap-tls \ |
1860 | --enable-eap-tnc \ |
1861 | @@ -31,6 +33,7 @@ CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \ |
1862 | --enable-led \ |
1863 | --enable-lookip \ |
1864 | --enable-mediation \ |
1865 | + --enable-ntru \ |
1866 | --enable-openssl \ |
1867 | --enable-pkcs11 \ |
1868 | --enable-test-vectors \ |
To ssh://git. launchpad. net/~paelzer/ ubuntu/ +source/ strongswan logical/ 5.8.4-1ubuntu2 -> lp9999998/ logical/ 5.8.4-1ubuntu2 new/debian -> lp9999998/ new/debian old/debian -> lp9999998/ old/debian old/ubuntu -> lp9999998/ old/ubuntu reconstruct/ 5.8.4-1ubuntu2 -> lp9999998/ reconstruct/ 5.8.4-1ubuntu2 split/5. 8.4-1ubuntu2 -> lp9999998/ split/5. 8.4-1ubuntu2
* [new tag] lp9999998/
* [new tag] lp9999998/
* [new tag] lp9999998/
* [new tag] lp9999998/
* [new tag] lp9999998/
* [new tag] lp9999998/
PPA: https:/ /launchpad. net/~ci- train-ppa- service/ +archive/ ubuntu/ 4400/+packages