Merge strongswan from Debian unstable for lunar
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
strongswan (Ubuntu) |
Fix Released
|
Undecided
|
Andreas Hasenack |
Bug Description
Scheduled-For: ubuntu-22.11
Upstream: tbd
Debian: 5.9.8-1
Ubuntu: 5.9.6-1ubuntu2
### New Debian Changes ###
strongswan (5.9.8-1) unstable; urgency=medium
* New upstream version 5.9.8
- Includes fix for CVE-2022-40617, denial of service due to the
revocation plugin potentially using untrusted OCSP URIs and CRL
distribution points in CRLs. (closes: #1021271)
* Remove strongswan-
* d/p/0006-
upstream
* remove dropped _copyright utility
* d/strongswan-
* d/s-{started,
* d/copyright updated for new upstream release
-- Yves-Alexis Perez <email address hidden> Wed, 05 Oct 2022 15:25:18 +0200
strongswan (5.9.6-1) unstable; urgency=medium
* New upstream version 5.9.6
* d/p/0006-
* d/libstrongswan
-- Yves-Alexis Perez <email address hidden> Sat, 07 May 2022 20:19:18 +0200
strongswan (5.9.5-2) unstable; urgency=medium
* actually fix lintian overrides
-- Yves-Alexis Perez <email address hidden> Wed, 26 Jan 2022 16:29:17 +0100
strongswan (5.9.5-1) unstable; urgency=medium
* New upstream version 5.9.5
- eap-authenticator: Enforce failure if MSK generation fails
Fix incorrect handling of Early EAP-Success Messages (CVE-2021-45079)
* update lintian overrides to match RUNPATH
-- Yves-Alexis Perez <email address hidden> Wed, 26 Jan 2022 14:38:54 +0100
strongswan (5.9.4-1) unstable; urgency=medium
[ Paride Legovini ]
* tpm plugin: compile against the tpm2 software stack (tss2)
(Closes: #994396, Ubuntu#1940079)
[ Yves-Alexis Perez ]
* New upstream version 5.9.4
* d/patches rebased against new upstream
* Enable forecast plugin (Closes: #943457)
* update lintian overrides for new lintian
* d/control: update standards version to 4.6.0
* d/s-starter.postrm: use which to check for command existence
-- Yves-Alexis Perez <email address hidden> Tue, 19 Oct 2021 22:34:40 +0200
strongswan (5.9.1-1) unstable; urgency=medium
* New upstream version 5.9.1
* d/patches: rebase against new upstream version
* d/watch: update to version 4
-- Yves-Alexis Perez <email address hidden> Wed, 11 Nov 2020 17:54:34 +0100
strongswan (5.9.0-1) unstable; urgency=medium
* New upstream version 5.9.0
-- Yves-Alexis Perez <email address hidden> Thu, 17 Sep 2020 10:21:30 +0200
strongswan (5.8.4-1) unstable; urgency=medium
* New upstream version 5.8.4 (Closes: #956446)
* d/rules: drop --as-needed from linker flags
* d/control: update standards version to 4.5.0
-- Yves-Alexis Perez <email address hidden> Thu, 30 Apr 2020 08:57:26 +0200
strongswan (5.8.2-2) unstable; urgency=medium
* d/control: replace libip{4,6}tc-dev by libiptc-dev (Closes: #951016)
* d/copyright updated
-- Yves-Alexis Perez <email address hidden> Thu, 13 Feb 2020 22:46:40 +0100
strongswan (5.8.2-1) unstable; urgency=medium
[ Jean-Michel Vourgère ]
* README.Debian: Fixed typo
[ Yves-Alexis Perez ]
* d/control: replace iptables-dev b-dep by libip{4,6}tc-dev (Closes: #946148)
* d/watch: use uscan special strings
* New upstream version 5.8.2
* d/control: update dh compat level to 12
* strongswan-nm: update path for dbus service file
* install DRBG plugin to libstrongswan
* d/control: add ${misc:Pre-Depends} to strongswan-starter
-- Yves-Alexis Perez <email address hidden> Wed, 01 Jan 2020 14:35:46 +0100
### Old Ubuntu Delta ###
strongswan (5.9.6-1ubuntu2) kinetic; urgency=medium
* SECURITY UPDATE: Using Untrusted URIs for Revocation Checking
- debian/
after basic trust chain validation in
src/
- CVE-2022-40617
-- Marc Deslauriers <email address hidden> Wed, 05 Oct 2022 08:11:03 -0400
strongswan (5.9.6-1ubuntu1) kinetic; urgency=medium
* Merge with Debian unstable (LP: #1971328). Remaining changes:
- d/control: strongswan-starter hard-depends on strongswan-charon,
therefore bump the dependency from Recommends to Depends. At the same
time avoid a circular dependency by dropping
strongswa
binaries can work without the services but not vice versa.
- re-add post-quantum encryption algorithm (NTRU) (LP #1863749)
+ d/control: mention plugins in package description
+ d/rules: enable ntru at build time
+ d/libstrongswan
- Re-enable eap-{dynamic,peap} libcharon plugins (LP #1878887)
+ d/control: update libcharon-
+ d/libcharon-
+ d/rules: add plugins to the configuration arguments.
- Remove conf files of plugins removed from libcharon-
+ The conf file of the following plugins were removed: eap-aka-3gpp2,
+ Created d/libcharon-
properly.
* Dropped:
- d/p/lp1964977-
segmentation fault; don't access OpenSSL objects inside atexit()
handlers. (LP #1964977)
[included by upstream in version 5.9.6]
-- Lucas Kanashiro <email address hidden> Fri, 10 Jun 2022 15:03:17 -0300
Related branches
- git-ubuntu bot: Approve
- Sergio Durigan Junior (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 2579 lines (+2293/-3)9 files modifieddebian/changelog (+1798/-0)
debian/control (+8/-3)
debian/libcharon-extra-plugins.install (+6/-0)
debian/libcharon-extra-plugins.maintscript (+8/-0)
debian/libstrongswan-extra-plugins.install (+3/-0)
debian/rules (+3/-0)
debian/tests/control (+6/-0)
debian/tests/host-to-host (+401/-0)
debian/tests/utils (+60/-0)
Changed in strongswan (Ubuntu): | |
assignee: | nobody → Andreas Hasenack (ahasenack) |
Changed in strongswan (Ubuntu): | |
status: | New → In Progress |
summary: |
- Merge strongswan from Debian unstable for l-series + Merge strongswan from Debian unstable for lunar |
This bug was fixed in the package strongswan - 5.9.8-3ubuntu2
---------------
strongswan (5.9.8-3ubuntu2) lunar; urgency=medium
* d/usr.sbin.swanctl: allow "m" flag for /usr/sbin/swanctl
(LP: #1999935)
-- Andreas Hasenack <email address hidden> Fri, 16 Dec 2022 16:07:51 -0300