Ubuntu
strongswan package

strongswan 5.5.1-4ubuntu2 source package in Ubuntu

Changelog

strongswan (5.5.1-4ubuntu2) artful; urgency=medium

  * SECURITY UPDATE: Fix RSA signature verification
    - debian/patches/CVE-2017-11185.patch: does some
      verifications in order to avoid null-point dereference
      in src/libstrongswan/gmp/gmp_rsa_public_key.c
    - CVE-2017-11185

 -- <email address hidden> (Leonidas S. Barbosa)  Tue, 15 Aug 2017 14:49:49 -0300

Upload details

Uploaded by:
Leonidas S. Barbosa
Sponsored by:
Marc Deslauriers
Uploaded to:
Artful
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
strongswan_5.5.1.orig.tar.bz2 4.4 MiB 720b301991f77bdedd8d551a956f52e2d11686a0ec18e832094f86cf2b842ab7
strongswan_5.5.1-4ubuntu2.debian.tar.xz 133.9 KiB b02752ed1976124f46db65a22279bfaba441813c6dc486e65dd6a46ceff96e5c
strongswan_5.5.1-4ubuntu2.dsc 4.2 KiB bb5d6ec50c6b726003c05c3fa768db5837eadf1a512b1dc3298dea91d8f3708e

View changes file

Binary packages built by this source

charon-cmd: No summary available for charon-cmd in ubuntu artful.

No description available for charon-cmd in ubuntu artful.

charon-cmd-dbgsym: No summary available for charon-cmd-dbgsym in ubuntu artful.

No description available for charon-cmd-dbgsym in ubuntu artful.

charon-systemd: No summary available for charon-systemd in ubuntu artful.

No description available for charon-systemd in ubuntu artful.

charon-systemd-dbgsym: No summary available for charon-systemd-dbgsym in ubuntu artful.

No description available for charon-systemd-dbgsym in ubuntu artful.

libcharon-extra-plugins: strongSwan charon library (extra plugins)

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides extra plugins for the charon library:
  - addrblock (Narrow traffic selectors to RFC 3779 address blocks in X.509
    certificates)
  - dhcp (Forwarding of DHCP requests for virtual IPs to DHCP server)
  - certexpire (Export expiration dates of used certificates)
  - eap-aka (Generic EAP-AKA protocol handler using different backends)
  - eap-gtc (EAP-GTC protocol handler authenticating with XAuth backends)
  - eap-identity (EAP-Identity identity exchange algorithm, to use with other
    EAP protocols)
  - eap-md5 (EAP-MD5 protocol handler using passwords)
  - eap-radius (EAP server proxy plugin forwarding EAP conversations to a
    RADIUS server)
  - eap-tls (EAP-TLS protocol handler, to authenticate with certificates in
    EAP)
  - eap-tnc (EAP-TNC protocol handler, Trusted Network Connect in a TLS tunnel)
  - eap-ttls (EAP-TTLS protocol handler, wraps other EAP methods securely)
  - error-notify (Notification about errors via UNIX socket)
  - farp (fake ARP responses for requests to virtual IP address)
  - ha (High-Availability clustering)
  - kernel-libipsec (Userspace IPsec Backend with TUN devices)
  - led (Let Linux LED subsystem LEDs blink on IKE activity)
  - lookip (Virtual IP lookup facility using a UNIX socket)
  - tnc (Trusted Network Connect)
  - unity (Cisco Unity extensions for IKEv1)
  - xauth-eap (XAuth backend that uses EAP methods to verify passwords)
  - xauth-pam (XAuth backend that uses PAM modules to verify passwords)
  - eap-aka-3gpp2 (EAP-AKA backend implementing standard 3GPP2 algorithm in software)
  - eap-dynamic (EAP proxy plugin that dynamically selects an EAP method requested/supported by the client (since 5.0.1))
  - eap-peap (EAP-PEAP protocol handler, wraps other EAP methods securely)
  - eap-sim (Generic EAP-SIM protocol handler using different backends)
  - eap-sim-file (EAP-SIM backend reading triplets from a file)
  - eap-sim-pcsc (EAP-SIM backend based on a PC/SC smartcard reader)
  - eap-simaka-pseudonym (EAP-SIM/AKA in-memory pseudonym identity database)
  - eap-simaka-reauth (EAP-SIM/AKA in-memory reauthentication identity database)
  - eap-simaka-sql (EAP-SIM/AKA backend reading triplets/quintuplets from a SQL database)
  - xauth-noauth (XAuth backend that does not do any authentication (since 5.0.3))

libcharon-extra-plugins-dbgsym: debug symbols for libcharon-extra-plugins
libcharon-standard-plugins: No summary available for libcharon-standard-plugins in ubuntu artful.

No description available for libcharon-standard-plugins in ubuntu artful.

libcharon-standard-plugins-dbgsym: No summary available for libcharon-standard-plugins-dbgsym in ubuntu artful.

No description available for libcharon-standard-plugins-dbgsym in ubuntu artful.

libstrongswan: No summary available for libstrongswan in ubuntu artful.

No description available for libstrongswan in ubuntu artful.

libstrongswan-dbgsym: No summary available for libstrongswan-dbgsym in ubuntu artful.

No description available for libstrongswan-dbgsym in ubuntu artful.

libstrongswan-extra-plugins: strongSwan utility and crypto library (extra plugins)

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides extra plugins for the strongSwan utility and
 cryptographic library.
 .
 Included plugins are:
  - acert (Support of X.509 attribute certificates (since 5.1.3))
  - af-alg [linux] (AF_ALG Linux crypto API interface, provides
    ciphers/hashers/hmac/xcbc)
  - attr-sql (provide IKE attributes read from a database to peers)
  - bliss (Bimodal Lattice Signature Scheme (BLISS) post-quantum computer
    signature scheme)
  - ccm (CCM cipher mode wrapper)
  - chapoly (ChaCha20/Poly1305 AEAD implementation)
  - cmac (CMAC cipher mode wrapper)
  - ctr (CTR cipher mode wrapper)
  - coupling (Permanent peer certificate coupling)
  - curl (libcurl based HTTP/FTP fetcher)
  - curve25519 (support for Diffie-Hellman group 31 using Curve25519 and
    support for the Ed25519 digital signature algorithm for IKEv2)
  - dnscert (authentication via CERT RRs protected by DNSSEC)
  - gcrypt (Crypto backend based on libgcrypt, provides
    RSA/DH/ciphers/hashers/rng)
  - ipseckey (authentication via IPSECKEY RRs protected by DNSSEC)
  - ldap (LDAP fetching plugin based on libldap)
  - load-tester (perform IKE load tests against self or gateway)
  - mysql (database backend)
  - ntru (key exchanged based on post-quantum computer NTRU)
  - nttfft (Number Theoretic Transform via the FFT algorithm)
  - padlock (VIA padlock crypto backend, provides AES128/SHA1)
  - pkcs11 (PKCS#11 smartcard backend)
  - radattr (inject and process custom RADIUS attributes as IKEv2 client)
  - sql (SQL configuration and creds engine)
  - sqlite (SQLite database backend)
  - soup (libsoup based HTTP fetcher)
  - tpmtss (TPM 1.2 and TPM 2.0 Trusted Platform Modules)
  - rdrand (High quality / high performance random source using the Intel
    rdrand instruction found on Ivy Bridge processors)
  - test-vectors (Set of test vectors for various algorithms)
  - unbound (DNSSEC enabled resolver using libunbound)
  - whitelist (peer verification against a whitelist)

libstrongswan-extra-plugins-dbgsym: No summary available for libstrongswan-extra-plugins-dbgsym in ubuntu artful.

No description available for libstrongswan-extra-plugins-dbgsym in ubuntu artful.

libstrongswan-standard-plugins: strongSwan utility and crypto library (standard plugins)

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides some common plugins for the strongSwan utility and
 cryptograhic library.
 .
 Included plugins are:
  - agent (RSA/ECDSA private key backend connecting to SSH-Agent)
  - gcm (GCM cipher mode wrapper)
  - openssl (Crypto backend based on OpenSSL, provides
    RSA/ECDSA/DH/ECDH/ciphers/hashers/HMAC/X.509/CRL/RNG)

libstrongswan-standard-plugins-dbgsym: debug symbols for libstrongswan-standard-plugins
strongswan: IPsec VPN solution metapackage

 The strongSwan VPN suite uses the native IPsec stack in the standard Linux
 kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This metapackage installs the packages required to maintain IKEv1 and IKEv2
 connections via ipsec.conf or ipsec.secrets.

strongswan-charon: No summary available for strongswan-charon in ubuntu artful.

No description available for strongswan-charon in ubuntu artful.

strongswan-charon-dbgsym: debug symbols for strongswan-charon
strongswan-ike: No summary available for strongswan-ike in ubuntu bionic.

No description available for strongswan-ike in ubuntu bionic.

strongswan-ikev1: No summary available for strongswan-ikev1 in ubuntu artful.

No description available for strongswan-ikev1 in ubuntu artful.

strongswan-ikev2: No summary available for strongswan-ikev2 in ubuntu artful.

No description available for strongswan-ikev2 in ubuntu artful.

strongswan-libcharon: No summary available for strongswan-libcharon in ubuntu artful.

No description available for strongswan-libcharon in ubuntu artful.

strongswan-libcharon-dbgsym: No summary available for strongswan-libcharon-dbgsym in ubuntu artful.

No description available for strongswan-libcharon-dbgsym in ubuntu artful.

strongswan-nm: No summary available for strongswan-nm in ubuntu artful.

No description available for strongswan-nm in ubuntu artful.

strongswan-nm-dbgsym: No summary available for strongswan-nm-dbgsym in ubuntu artful.

No description available for strongswan-nm-dbgsym in ubuntu artful.

strongswan-pki: strongSwan IPsec client, pki command

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package contains the pki tool which allows on to run a simple public key
 infrastructure.

strongswan-pki-dbgsym: debug symbols for strongswan-pki
strongswan-scepclient: No summary available for strongswan-scepclient in ubuntu artful.

No description available for strongswan-scepclient in ubuntu artful.

strongswan-scepclient-dbgsym: No summary available for strongswan-scepclient-dbgsym in ubuntu artful.

No description available for strongswan-scepclient-dbgsym in ubuntu artful.

strongswan-starter: strongSwan daemon starter and configuration file parser

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 The starter and the associated "ipsec" script control the charon daemon from
 the command line. It parses ipsec.conf and loads the configurations to the
 daemon.

strongswan-starter-dbgsym: No summary available for strongswan-starter-dbgsym in ubuntu artful.

No description available for strongswan-starter-dbgsym in ubuntu artful.

strongswan-swanctl: No summary available for strongswan-swanctl in ubuntu artful.

No description available for strongswan-swanctl in ubuntu artful.

strongswan-swanctl-dbgsym: No summary available for strongswan-swanctl-dbgsym in ubuntu artful.

No description available for strongswan-swanctl-dbgsym in ubuntu artful.

strongswan-tnc-base: No summary available for strongswan-tnc-base in ubuntu artful.

No description available for strongswan-tnc-base in ubuntu artful.

strongswan-tnc-base-dbgsym: No summary available for strongswan-tnc-base-dbgsym in ubuntu artful.

No description available for strongswan-tnc-base-dbgsym in ubuntu artful.

strongswan-tnc-client: No summary available for strongswan-tnc-client in ubuntu artful.

No description available for strongswan-tnc-client in ubuntu artful.

strongswan-tnc-client-dbgsym: No summary available for strongswan-tnc-client-dbgsym in ubuntu artful.

No description available for strongswan-tnc-client-dbgsym in ubuntu artful.

strongswan-tnc-ifmap: strongSwan plugin for Trusted Network Connect's (TNC) IF-MAP client

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides Trusted Network Connect's (TNC) IF-MAP 2.0 client.

strongswan-tnc-ifmap-dbgsym: No summary available for strongswan-tnc-ifmap-dbgsym in ubuntu artful.

No description available for strongswan-tnc-ifmap-dbgsym in ubuntu artful.

strongswan-tnc-pdp: No summary available for strongswan-tnc-pdp in ubuntu artful.

No description available for strongswan-tnc-pdp in ubuntu artful.

strongswan-tnc-pdp-dbgsym: No summary available for strongswan-tnc-pdp-dbgsym in ubuntu artful.

No description available for strongswan-tnc-pdp-dbgsym in ubuntu artful.

strongswan-tnc-server: strongSwan Trusted Network Connect's (TNC) - server files

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides the server functionality for strongSwan's Trusted Network
 Connect's (TNC) features.

strongswan-tnc-server-dbgsym: No summary available for strongswan-tnc-server-dbgsym in ubuntu artful.

No description available for strongswan-tnc-server-dbgsym in ubuntu artful.