Merge strongswan from Debian unstable for noble
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
strongswan (Ubuntu) |
Fix Released
|
Undecided
|
Andreas Hasenack |
Bug Description
Scheduled-For: Backlog
Upstream: tbd
Debian: 5.9.11-1
Ubuntu: 5.9.11-1ubuntu1
There is nothing yet to merge for strongswan currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle.
If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired.
### New Debian Changes ###
strongswan (5.9.11-1) unstable; urgency=medium
* New upstream version 5.9.10
* d/patches: 0005-libtls-
dropped, included upstream
* New upstream version 5.9.11
* d/patches: rebase against new upstream
-- Yves-Alexis Perez <email address hidden> Sun, 18 Jun 2023 11:53:15 +0200
strongswan (5.9.8-4) unstable; urgency=medium
* d/patches: libtls-
Fix authentication bypass and use-after-free in libtls (CVE-2023-26463)
* d/control: replace lsb-base dependency by sysvinit-utils
* d/control: update standards version to 4.6.2
-- Yves-Alexis Perez <email address hidden> Sun, 26 Feb 2023 09:40:09 +0100
strongswan (5.9.8-3) unstable; urgency=medium
* d/tests: also drop _copyright test since the util is gone as well
-- Yves-Alexis Perez <email address hidden> Thu, 03 Nov 2022 18:17:42 +0100
strongswan (5.9.8-2) unstable; urgency=medium
* d/tests: remove scepclient tests since it's gone (Closes: #1023224)
-- Yves-Alexis Perez <email address hidden> Thu, 03 Nov 2022 13:05:27 +0100
strongswan (5.9.8-1) unstable; urgency=medium
* New upstream version 5.9.8
- Includes fix for CVE-2022-40617, denial of service due to the
revocation plugin potentially using untrusted OCSP URIs and CRL
distribution points in CRLs. (closes: #1021271)
* Remove strongswan-
* d/p/0006-
upstream
* remove dropped _copyright utility
* d/strongswan-
* d/s-{started,
* d/copyright updated for new upstream release
-- Yves-Alexis Perez <email address hidden> Wed, 05 Oct 2022 15:25:18 +0200
strongswan (5.9.6-1) unstable; urgency=medium
* New upstream version 5.9.6
* d/p/0006-
* d/libstrongswan
-- Yves-Alexis Perez <email address hidden> Sat, 07 May 2022 20:19:18 +0200
strongswan (5.9.5-2) unstable; urgency=medium
* actually fix lintian overrides
-- Yves-Alexis Perez <email address hidden> Wed, 26 Jan 2022 16:29:17 +0100
strongswan (5.9.5-1) unstable; urgency=medium
* New upstream version 5.9.5
- eap-authenticator: Enforce failure if MSK generation fails
Fix incorrect handling of Early EAP-Success Messages (CVE-2021-45079)
* update lintian overrides to match RUNPATH
-- Yves-Alexis Perez <email address hidden> Wed, 26 Jan 2022 14:38:54 +0100
strongswan (5.9.4-1) unstable; urgency=medium
[ Paride Legovini ]
* tpm plugin: compile against the tpm2 software stack (tss2)
(Closes: #994396, Ubuntu#1940079)
[ Yves-Alexis Perez ]
* New upstream version 5.9.4
* d/patches rebased against new upstream
* Enable forecast plugin (Closes: #943457)
* update lintian overrides for new lintian
* d/control: update standards version to 4.6.0
* d/s-starter.postrm: use which to check for command existence
-- Yves-Alexis Perez <email address hidden> Tue, 19 Oct 2021 22:34:40 +0200
strongswan (5.9.1-1) unstable; urgency=medium
* New upstream version 5.9.1
* d/patches: rebase against new upstream version
* d/watch: update to version 4
-- Yves-Alexis Perez <email address hidden> Wed, 11 Nov 2020 17:54:34 +0100
strongswan (5.9.0-1) unstable; urgency=medium
* New upstream version 5.9.0
-- Yves-Alexis Perez <email address hidden> Thu, 17 Sep 2020 10:21:30 +0200
### Old Ubuntu Delta ###
strongswan (5.9.11-1ubuntu1) mantic; urgency=medium
* Merge with Debian unstable (LP: #2018113). Remaining changes:
- d/control: strongswan-starter hard-depends on strongswan-charon,
therefore bump the dependency from Recommends to Depends. At the same
time avoid a circular dependency by dropping
strongswa
binaries can work without the services but not vice versa.
- re-add post-quantum encryption algorithm (NTRU) (LP #1863749)
+ d/control: mention plugins in package description
+ d/rules: enable ntru at build time
+ d/libstrongswan
- Re-enable eap-{dynamic,peap} libcharon plugins (LP #1878887)
+ d/control: update libcharon-
+ d/libcharon-
+ d/rules: add plugins to the configuration arguments.
- Remove conf files of plugins removed from libcharon-
+ The conf file of the following plugins were removed: eap-aka-3gpp2,
+ Created d/libcharon-
properly.
- d/t/{control,
(LP #1999525)
- d/usr.sbin.swanctl: allow 'm' flag for /usr/sbin/swanctl
(LP #1999935)
* Dropped:
- SECURITY UPDATE: Incorrectly Accepted Untrusted Public Key With
Incorrect Refcount
+ debian/
expired pointer dereference in src/libtls/
+ CVE-2023-26463
[Fixed upstream in 5.9.10]
-- Andreas Hasenack <email address hidden> Fri, 23 Jun 2023 14:05:18 -0300
Related branches
- git-ubuntu bot: Approve
- Bryce Harrington (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 2714 lines (+2402/-4)10 files modifieddebian/changelog (+1905/-0)
debian/control (+8/-3)
debian/libcharon-extra-plugins.install (+6/-0)
debian/libcharon-extra-plugins.maintscript (+8/-0)
debian/libstrongswan-extra-plugins.install (+3/-0)
debian/rules (+3/-0)
debian/tests/control (+6/-0)
debian/tests/host-to-host (+401/-0)
debian/tests/utils (+61/-0)
debian/usr.sbin.swanctl (+1/-1)
CVE References
Changed in strongswan (Ubuntu): | |
status: | New → Incomplete |
Changed in strongswan (Ubuntu): | |
assignee: | nobody → Andreas Hasenack (ahasenack) |
Changed in strongswan (Ubuntu): | |
status: | Confirmed → In Progress |
Debian unstable has 5.9.12-1 now.