* Merge with Debian unstable (LP: #2018113). Remaining changes:
- d/control: strongswan-starter hard-depends on strongswan-charon,
therefore bump the dependency from Recommends to Depends. At the same
time avoid a circular dependency by dropping
strongswan-charon->strongswan-starter from Depends to Recommends as the
binaries can work without the services but not vice versa.
- re-add post-quantum encryption algorithm (NTRU) (LP #1863749)
+ d/control: mention plugins in package description
+ d/rules: enable ntru at build time
+ d/libstrongswan-extra-plugins.install: ship config and shared objects
- Re-enable eap-{dynamic,peap} libcharon plugins (LP #1878887)
+ d/control: update libcharon-extra-plugins description.
+ d/libcharon-extra-plugins.install: install .so and conf files.
+ d/rules: add plugins to the configuration arguments.
- Remove conf files of plugins removed from libcharon-extra-plugins
+ The conf file of the following plugins were removed: eap-aka-3gpp2, eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym, eap-simaka-reauth, eap-simaka-sql, xauth-noauth.
+ Created d/libcharon-extra-plugins.maintscript to handle the removals
properly.
- d/t/{control,host-to-host,utils}: new host-to-host test
(LP #1999525)
- d/usr.sbin.swanctl: allow "m" flag for /usr/sbin/swanctl
(LP #1999935)
* Dropped:
- SECURITY UPDATE: Incorrectly Accepted Untrusted Public Key With
Incorrect Refcount
+ debian/patches/CVE-2023-26463.patch: fix authentication bypass and
expired pointer dereference in src/libtls/tls_server.c.
+ CVE-2023-26463
[Fixed upstream in 5.9.10]
-- Andreas Hasenack <email address hidden> Fri, 23 Jun 2023 14:05:18 -0300
This bug was fixed in the package strongswan - 5.9.11-1ubuntu1
---------------
strongswan (5.9.11-1ubuntu1) mantic; urgency=medium
* Merge with Debian unstable (LP: #2018113). Remaining changes: n-charon- >strongswan- starter from Depends to Recommends as the -extra- plugins. install: ship config and shared objects extra-plugins description. extra-plugins. install: install .so and conf files. extra-plugins
eap-sim- file, eap-sim-pcsc, eap-sim, eap-simaka- pseudonym,
eap-simaka- reauth, eap-simaka-sql, xauth-noauth. extra-plugins. maintscript to handle the removals host-to- host,utils} : new host-to-host test patches/ CVE-2023- 26463.patch: fix authentication bypass and tls_server. c.
- d/control: strongswan-starter hard-depends on strongswan-charon,
therefore bump the dependency from Recommends to Depends. At the same
time avoid a circular dependency by dropping
strongswa
binaries can work without the services but not vice versa.
- re-add post-quantum encryption algorithm (NTRU) (LP #1863749)
+ d/control: mention plugins in package description
+ d/rules: enable ntru at build time
+ d/libstrongswan
- Re-enable eap-{dynamic,peap} libcharon plugins (LP #1878887)
+ d/control: update libcharon-
+ d/libcharon-
+ d/rules: add plugins to the configuration arguments.
- Remove conf files of plugins removed from libcharon-
+ The conf file of the following plugins were removed: eap-aka-3gpp2,
+ Created d/libcharon-
properly.
- d/t/{control,
(LP #1999525)
- d/usr.sbin.swanctl: allow "m" flag for /usr/sbin/swanctl
(LP #1999935)
* Dropped:
- SECURITY UPDATE: Incorrectly Accepted Untrusted Public Key With
Incorrect Refcount
+ debian/
expired pointer dereference in src/libtls/
+ CVE-2023-26463
[Fixed upstream in 5.9.10]
-- Andreas Hasenack <email address hidden> Fri, 23 Jun 2023 14:05:18 -0300