Merge strongswan from Debian unstable for kinetic

Bug #1971328 reported by Bryce Harrington
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
strongswan (Ubuntu)
Fix Released
Undecided
Lucas Kanashiro

Bug Description

Upstream: tbd
Debian: 5.9.5-2
Ubuntu: 5.9.5-2ubuntu2

Debian typically updates strongswan every 3 months on average, but it was last updated 22.01 and looks overdue. Check back in on this monthly.

Based on Upstream's release history for strongswan we should have expected a new upstream update around 2022.04. Presumably it could come any time now.

### New Debian Changes ###

strongswan (5.9.5-2) unstable; urgency=medium

  * actually fix lintian overrides

 -- Yves-Alexis Perez <email address hidden> Wed, 26 Jan 2022 16:29:17 +0100

strongswan (5.9.5-1) unstable; urgency=medium

  * New upstream version 5.9.5
    - eap-authenticator: Enforce failure if MSK generation fails
      Fix incorrect handling of Early EAP-Success Messages (CVE-2021-45079)
  * update lintian overrides to match RUNPATH

 -- Yves-Alexis Perez <email address hidden> Wed, 26 Jan 2022 14:38:54 +0100

strongswan (5.9.4-1) unstable; urgency=medium

  [ Paride Legovini ]
  * tpm plugin: compile against the tpm2 software stack (tss2)
    (Closes: #994396, Ubuntu#1940079)

  [ Yves-Alexis Perez ]
  * New upstream version 5.9.4
  * d/patches rebased against new upstream
  * Enable forecast plugin (Closes: #943457)
  * update lintian overrides for new lintian
  * d/control: update standards version to 4.6.0
  * d/s-starter.postrm: use which to check for command existence

 -- Yves-Alexis Perez <email address hidden> Tue, 19 Oct 2021 22:34:40 +0200

strongswan (5.9.1-1) unstable; urgency=medium

  * New upstream version 5.9.1
  * d/patches: rebase against new upstream version
  * d/watch: update to version 4

 -- Yves-Alexis Perez <email address hidden> Wed, 11 Nov 2020 17:54:34 +0100

strongswan (5.9.0-1) unstable; urgency=medium

  * New upstream version 5.9.0

 -- Yves-Alexis Perez <email address hidden> Thu, 17 Sep 2020 10:21:30 +0200

strongswan (5.8.4-1) unstable; urgency=medium

  * New upstream version 5.8.4 (Closes: #956446)
  * d/rules: drop --as-needed from linker flags
  * d/control: update standards version to 4.5.0

 -- Yves-Alexis Perez <email address hidden> Thu, 30 Apr 2020 08:57:26 +0200

strongswan (5.8.2-2) unstable; urgency=medium

  * d/control: replace libip{4,6}tc-dev by libiptc-dev (Closes: #951016)
  * d/copyright updated

 -- Yves-Alexis Perez <email address hidden> Thu, 13 Feb 2020 22:46:40 +0100

strongswan (5.8.2-1) unstable; urgency=medium

  [ Jean-Michel Vourgère ]
  * README.Debian: Fixed typo

  [ Yves-Alexis Perez ]
  * d/control: replace iptables-dev b-dep by libip{4,6}tc-dev (Closes: #946148)
  * d/watch: use uscan special strings
  * New upstream version 5.8.2
  * d/control: update dh compat level to 12
  * strongswan-nm: update path for dbus service file
  * install DRBG plugin to libstrongswan
  * d/control: add ${misc:Pre-Depends} to strongswan-starter

 -- Yves-Alexis Perez <email address hidden> Wed, 01 Jan 2020 14:35:46 +0100

strongswan (5.8.1-1) unstable; urgency=medium

  * d/rules: disable http and stream tests under CI
  * New upstream version 5.8.1

 -- Yves-Alexis Perez <email address hidden> Fri, 18 Oct 2019 16:44:27 +0200

strongswan (5.8.0-2) unstable; urgency=medium

  [ Christian Ehrhardt ]
  * d/control: Mention mgf1 plugin which is in libstrongswan now
  * Complete the disabling of libfast
  * Clean up d/strongswan-starter.postinst: section about runlevel changes
  * Clean up d/strongswan-starter.postinst: opportunistic encryption
  * Enable kernel-libipsec for use of strongswan in containers
  * d/control, d/libcharon-{extras,extauth}-plugins.install: Add
    extauth-plugins package (Recommends)
  * apparmor: d/usr.lib.ipsec.charon: sync notify rule from charon-systemd
  * apparmor: fix apparmor denies reading the own FDs (LP: 1786250)
  * apparmor: d/usr.sbin.charon-systemd: allow CLUSTERIP for ha plugin
    (LP: 1773956)
  * apparmor: d/usr.lib.ipsec.stroke: executables need to be able to read map
    and execute themselves
  * apparmor: d/usr.lib.ipsec.lookip: executables need to be able to read map

### Old Ubuntu Delta ###

strongswan (5.9.5-2ubuntu2) jammy; urgency=medium

  * d/p/lp1964977-fix-ipsec-pki-segfault.patch: Fix 'ipsec pki'
    segmentation fault; don't access OpenSSL objects inside atexit()
    handlers. (LP: #1964977)

 -- Sergio Durigan Junior <email address hidden> Fri, 18 Mar 2022 14:24:34 -0400

strongswan (5.9.5-2ubuntu1) jammy; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/control: strongswan-starter hard-depends on strongswan-charon,
      therefore bump the dependency from Recommends to Depends. At the same
      time avoid a circular dependency by dropping
      strongswan-charon->strongswan-starter from Depends to Recommends as the
      binaries can work without the services but not vice versa.
    - re-add post-quantum encryption algorithm (NTRU) (LP #1863749)
      + d/control: mention plugins in package description
      + d/rules: enable ntru at build time
      + d/libstrongswan-extra-plugins.install: ship config and shared objects
    - Re-enable eap-{dynamic,peap} libcharon plugins (LP: 1878887)
      + d/control: update libcharon-extra-plugins description.
      + d/libcharon-extra-plugins.install: install .so and conf files.
      + d/rules: add plugins to the configuration arguments.
    - Remove conf files of plugins removed from libcharon-extra-plugins
      + The conf file of the following plugins were removed: eap-aka-3gpp2,
        eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym,
        eap-simaka-reauth, eap-simaka-sql, xauth-noauth.
      + Created d/libcharon-extra-plugins.maintscript to handle the removals
        properly.
   * Dropped patches included in new version:
    - debian/patches/CVE-2021-45079.patch
    - debian/patches/load-legacy-provider-in-openssl3.patch

 -- Marc Deslauriers <email address hidden> Thu, 03 Feb 2022 10:49:49 -0500

Bryce Harrington (bryce)
Changed in strongswan (Ubuntu):
milestone: none → ubuntu-22.06
status: New → Incomplete
Changed in strongswan (Ubuntu):
assignee: nobody → Lucas Kanashiro (lucaskanashiro)
Revision history for this message
Bryce Harrington (bryce) wrote :

$ rmad strongswan
 strongswan | 5.9.5-2ubuntu2 | jammy
 strongswan | 5.9.5-2ubuntu2 | kinetic
strongswan | 5.9.6-1 | unstable

strongswan (5.9.6-1) unstable; urgency=medium

  * New upstream version 5.9.6
  * d/p/0006-fix-format-string-issue-in-enum_flags_to_string added
  * d/libstrongswan.install: install kdf plugin in libstrongswan

 -- Yves-Alexis Perez <email address hidden> Sat, 07 May 2022 20:19:18 +0200

Changed in strongswan (Ubuntu):
status: Incomplete → New
Changed in strongswan (Ubuntu):
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package strongswan - 5.9.6-1ubuntu1

---------------
strongswan (5.9.6-1ubuntu1) kinetic; urgency=medium

  * Merge with Debian unstable (LP: #1971328). Remaining changes:
    - d/control: strongswan-starter hard-depends on strongswan-charon,
      therefore bump the dependency from Recommends to Depends. At the same
      time avoid a circular dependency by dropping
      strongswan-charon->strongswan-starter from Depends to Recommends as the
      binaries can work without the services but not vice versa.
    - re-add post-quantum encryption algorithm (NTRU) (LP #1863749)
      + d/control: mention plugins in package description
      + d/rules: enable ntru at build time
      + d/libstrongswan-extra-plugins.install: ship config and shared objects
    - Re-enable eap-{dynamic,peap} libcharon plugins (LP #1878887)
      + d/control: update libcharon-extra-plugins description.
      + d/libcharon-extra-plugins.install: install .so and conf files.
      + d/rules: add plugins to the configuration arguments.
    - Remove conf files of plugins removed from libcharon-extra-plugins
      + The conf file of the following plugins were removed: eap-aka-3gpp2,
        eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym,
        eap-simaka-reauth, eap-simaka-sql, xauth-noauth.
      + Created d/libcharon-extra-plugins.maintscript to handle the removals
        properly.
  * Dropped:
    - d/p/lp1964977-fix-ipsec-pki-segfault.patch: Fix "ipsec pki"
      segmentation fault; don't access OpenSSL objects inside atexit()
      handlers. (LP #1964977)
      [included by upstream in version 5.9.6]

 -- Lucas Kanashiro <email address hidden> Fri, 10 Jun 2022 15:03:17 -0300

Changed in strongswan (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.