Merge strongswan from Debian unstable for lunar

Scheduled-For: ubuntu-22.11
Upstream: tbd
Debian: 5.9.8-1
Ubuntu: 5.9.6-1ubuntu2

### New Debian Changes ###

strongswan (5.9.8-1) unstable; urgency=medium

  * New upstream version 5.9.8
    - Includes fix for CVE-2022-40617, denial of service due to the
    revocation plugin potentially using untrusted OCSP URIs and CRL
    distribution points in CRLs. (closes: #1021271)
  * Remove strongswan-scepclient package, replaced by a pki(1) command
  * d/p/0006-fix-format-string-issue-in-enum_flags_to_string dropped, included
    upstream
  * remove dropped _copyright utility
  * d/strongswan-pki.install: install est/estca manpages (RFC 7070)
  * d/s-{started,swanctl}.lintian-overrides updated for new lintian
  * d/copyright updated for new upstream release

 -- Yves-Alexis Perez <email address hidden> Wed, 05 Oct 2022 15:25:18 +0200

strongswan (5.9.6-1) unstable; urgency=medium

  * New upstream version 5.9.6
  * d/p/0006-fix-format-string-issue-in-enum_flags_to_string added
  * d/libstrongswan.install: install kdf plugin in libstrongswan

 -- Yves-Alexis Perez <email address hidden> Sat, 07 May 2022 20:19:18 +0200

strongswan (5.9.5-2) unstable; urgency=medium

  * actually fix lintian overrides

 -- Yves-Alexis Perez <email address hidden> Wed, 26 Jan 2022 16:29:17 +0100

strongswan (5.9.5-1) unstable; urgency=medium

  * New upstream version 5.9.5
    - eap-authenticator: Enforce failure if MSK generation fails
      Fix incorrect handling of Early EAP-Success Messages (CVE-2021-45079)
  * update lintian overrides to match RUNPATH

 -- Yves-Alexis Perez <email address hidden> Wed, 26 Jan 2022 14:38:54 +0100

strongswan (5.9.4-1) unstable; urgency=medium

  [ Paride Legovini ]
  * tpm plugin: compile against the tpm2 software stack (tss2)
    (Closes: #994396, Ubuntu#1940079)

  [ Yves-Alexis Perez ]
  * New upstream version 5.9.4
  * d/patches rebased against new upstream
  * Enable forecast plugin (Closes: #943457)
  * update lintian overrides for new lintian
  * d/control: update standards version to 4.6.0
  * d/s-starter.postrm: use which to check for command existence

 -- Yves-Alexis Perez <email address hidden> Tue, 19 Oct 2021 22:34:40 +0200

strongswan (5.9.1-1) unstable; urgency=medium

  * New upstream version 5.9.1
  * d/patches: rebase against new upstream version
  * d/watch: update to version 4

 -- Yves-Alexis Perez <email address hidden> Wed, 11 Nov 2020 17:54:34 +0100

strongswan (5.9.0-1) unstable; urgency=medium

  * New upstream version 5.9.0

 -- Yves-Alexis Perez <email address hidden> Thu, 17 Sep 2020 10:21:30 +0200

strongswan (5.8.4-1) unstable; urgency=medium

  * New upstream version 5.8.4 (Closes: #956446)
  * d/rules: drop --as-needed from linker flags
  * d/control: update standards version to 4.5.0

 -- Yves-Alexis Perez <email address hidden> Thu, 30 Apr 2020 08:57:26 +0200

strongswan (5.8.2-2) unstable; urgency=medium

  * d/control: replace libip{4,6}tc-dev by libiptc-dev (Closes: #951016)
  * d/copyright updated

 -- Yves-Alexis Perez <email address hidden> Thu, 13 Feb 2020 22:46:40 +0100

strongswan (5.8.2-1) unstable; urgency=medium

  [ Jean-Michel Vourgère ]
  * README.Debian: Fixed typo

  [ Yves-Alexis Perez ]
  * d/control: replace iptables-dev b-dep by libip{4,6}tc-dev (Closes: #946148)
  * d/watch: use uscan special strings
  * New upstream version 5.8.2
  * d/control: update dh compat level to 12
  * strongswan-nm: update path for dbus service file
  * install DRBG plugin to libstrongswan
  * d/control: add ${misc:Pre-Depends} to strongswan-starter

 -- Yves-Alexis Perez <email address hidden> Wed, 01 Jan 2020 14:35:46 +0100

### Old Ubuntu Delta ###

strongswan (5.9.6-1ubuntu2) kinetic; urgency=medium

  * SECURITY UPDATE: Using Untrusted URIs for Revocation Checking
    - debian/patches/CVE-2022-40617.patch: do online revocation checks only
      after basic trust chain validation in
      src/libstrongswan/credentials/credential_manager.c.
    - CVE-2022-40617

 -- Marc Deslauriers <email address hidden> Wed, 05 Oct 2022 08:11:03 -0400

strongswan (5.9.6-1ubuntu1) kinetic; urgency=medium

  * Merge with Debian unstable (LP: #1971328). Remaining changes:
    - d/control: strongswan-starter hard-depends on strongswan-charon,
      therefore bump the dependency from Recommends to Depends. At the same
      time avoid a circular dependency by dropping
      strongswan-charon->strongswan-starter from Depends to Recommends as the
      binaries can work without the services but not vice versa.
    - re-add post-quantum encryption algorithm (NTRU) (LP #1863749)
      + d/control: mention plugins in package description
      + d/rules: enable ntru at build time
      + d/libstrongswan-extra-plugins.install: ship config and shared objects
    - Re-enable eap-{dynamic,peap} libcharon plugins (LP #1878887)
      + d/control: update libcharon-extra-plugins description.
      + d/libcharon-extra-plugins.install: install .so and conf files.
      + d/rules: add plugins to the configuration arguments.
    - Remove conf files of plugins removed from libcharon-extra-plugins
      + The conf file of the following plugins were removed: eap-aka-3gpp2,
        eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym,
        eap-simaka-reauth, eap-simaka-sql, xauth-noauth.
      + Created d/libcharon-extra-plugins.maintscript to handle the removals
        properly.
  * Dropped:
    - d/p/lp1964977-fix-ipsec-pki-segfault.patch: Fix 'ipsec pki'
      segmentation fault; don't access OpenSSL objects inside atexit()
      handlers. (LP #1964977)
      [included by upstream in version 5.9.6]

 -- Lucas Kanashiro <email address hidden> Fri, 10 Jun 2022 15:03:17 -0300