Ubuntu
strongswan package

Merge strongswan from Debian unstable for oracular

Bug #2064470 reported by Bryce Harrington
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
strongswan (Ubuntu)
Incomplete
Undecided
Andreas Hasenack
Ubuntu ubuntu-24.10-beta

Bug Description

Scheduled-For: Backlog
Upstream: tbd
Debian: 5.9.13-2
Ubuntu: 5.9.13-2ubuntu4

There is nothing yet to merge for strongswan currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle.

If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired.

If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38

### New Debian Changes ###

strongswan (5.9.13-2) unstable; urgency=medium

  * d/control: drop build-dep on systemd (Closes: #1060509)

 -- Yves-Alexis Perez <email address hidden> Sun, 21 Jan 2024 14:12:25 +0100

strongswan (5.9.13-1) unstable; urgency=medium

  * New upstream version 5.9.13

 -- Yves-Alexis Perez <email address hidden> Thu, 11 Jan 2024 17:09:17 +0100

strongswan (5.9.12-1) unstable; urgency=medium

  * New upstream version 5.9.12
    - includes fix for CVE-2023-41913 in charon-tkm
      Buffer Overflow When Handling DH Public Values
  * d/strongswan-pki.install: install pki --ocsp manpage

 -- Yves-Alexis Perez <email address hidden> Mon, 20 Nov 2023 22:19:21 +0100

strongswan (5.9.11-2) unstable; urgency=medium

  [ Helmut Grohne ]
  * Fix FTBFS when systemd.pc changes systemdsystemunitdir (Closes: #1052718)

 -- Yves-Alexis Perez <email address hidden> Mon, 13 Nov 2023 20:22:47 +0100

strongswan (5.9.11-1) unstable; urgency=medium

  * New upstream version 5.9.10
  * d/patches: 0005-libtls-Fix-authentication-bypass-and-expired-pointer
    dropped, included upstream
  * New upstream version 5.9.11
  * d/patches: rebase against new upstream

 -- Yves-Alexis Perez <email address hidden> Sun, 18 Jun 2023 11:53:15 +0200

strongswan (5.9.8-4) unstable; urgency=medium

  * d/patches: libtls-Fix-authentication-bypass-and-expired-pointer added.
    Fix authentication bypass and use-after-free in libtls (CVE-2023-26463)
  * d/control: replace lsb-base dependency by sysvinit-utils
  * d/control: update standards version to 4.6.2

 -- Yves-Alexis Perez <email address hidden> Sun, 26 Feb 2023 09:40:09 +0100

strongswan (5.9.8-3) unstable; urgency=medium

  * d/tests: also drop _copyright test since the util is gone as well

 -- Yves-Alexis Perez <email address hidden> Thu, 03 Nov 2022 18:17:42 +0100

strongswan (5.9.8-2) unstable; urgency=medium

  * d/tests: remove scepclient tests since it's gone (Closes: #1023224)

 -- Yves-Alexis Perez <email address hidden> Thu, 03 Nov 2022 13:05:27 +0100

strongswan (5.9.8-1) unstable; urgency=medium

  * New upstream version 5.9.8
    - Includes fix for CVE-2022-40617, denial of service due to the
    revocation plugin potentially using untrusted OCSP URIs and CRL
    distribution points in CRLs. (closes: #1021271)
  * Remove strongswan-scepclient package, replaced by a pki(1) command
  * d/p/0006-fix-format-string-issue-in-enum_flags_to_string dropped, included
    upstream
  * remove dropped _copyright utility
  * d/strongswan-pki.install: install est/estca manpages (RFC 7070)
  * d/s-{started,swanctl}.lintian-overrides updated for new lintian
  * d/copyright updated for new upstream release

 -- Yves-Alexis Perez <email address hidden> Wed, 05 Oct 2022 15:25:18 +0200

strongswan (5.9.6-1) unstable; urgency=medium

  * New upstream version 5.9.6
  * d/p/0006-fix-format-string-issue-in-enum_flags_to_string added
  * d/libstrongswan.install: install kdf plugin in libstrongswan

 -- Yves-Alexis Perez <email address hidden> Sat, 07 May 2022 20:19:18 +0200

strongswan (5.9.5-2) unstable; urgency=medium

  * actually fix lintian overrides

 -- Yves-Alexis Perez <email address hidden> Wed, 26 Jan 2022 16:29:17 +0100

strongswan (5.9.5-1) unstable; urgency=medium

  * New upstream version 5.9.5
    - eap-authenticator: Enforce failure if MSK generation fails
      Fix incorrect handling of Early EAP-Success Messages (CVE-2021-45079)
  * update lintian overrides to match RUNPATH

 -- Yves-Alexis Perez <email address hidden> Wed, 26 Jan 2022 14:38:54 +0100

strongswan (5.9.4-1) unstable; urgency=medium

### Old Ubuntu Delta ###

strongswan (5.9.13-2ubuntu4) noble; urgency=medium

  * No-change rebuild for CVE-2024-3094

 -- William Grant <email address hidden> Mon, 01 Apr 2024 15:55:30 +1100

strongswan (5.9.13-2ubuntu3) noble; urgency=medium

  * No-change rebuild against libcurl4t64

 -- Steve Langasek <email address hidden> Sat, 16 Mar 2024 07:03:41 +0000

strongswan (5.9.13-2ubuntu2) noble; urgency=medium

  * No-change rebuild against libssl3t64

 -- Steve Langasek <email address hidden> Mon, 04 Mar 2024 21:28:04 +0000

strongswan (5.9.13-2ubuntu1) noble; urgency=medium

  * Merge with Debian unstable (LP: #2050099). Remaining changes:
    - d/control: strongswan-starter hard-depends on strongswan-charon,
      therefore bump the dependency from Recommends to Depends. At the same
      time avoid a circular dependency by dropping
      strongswan-charon->strongswan-starter from Depends to Recommends as the
      binaries can work without the services but not vice versa.
    - re-add post-quantum encryption algorithm (NTRU) (LP #1863749)
      + d/control: mention plugins in package description
      + d/rules: enable ntru at build time
      + d/libstrongswan-extra-plugins.install: ship config and shared objects
    - Re-enable eap-{dynamic,peap} libcharon plugins (LP #1878887)
      + d/control: update libcharon-extra-plugins description.
      + d/libcharon-extra-plugins.install: install .so and conf files.
      + d/rules: add plugins to the configuration arguments.
    - Remove conf files of plugins removed from libcharon-extra-plugins
      + The conf file of the following plugins were removed: eap-aka-3gpp2,
        eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym,
        eap-simaka-reauth, eap-simaka-sql, xauth-noauth.
      + Created d/libcharon-extra-plugins.maintscript to handle the removals
        properly.
    - d/t/{control,host-to-host,utils}: new host-to-host test
      (LP #1999525)
    - d/usr.sbin.swanctl: allow 'm' flag for /usr/sbin/swanctl
      (LP #1999935)

 -- Andreas Hasenack <email address hidden> Mon, 22 Jan 2024 11:48:33 -0300

Bryce Harrington (bryce)
Changed in strongswan (Ubuntu):
status: New → Incomplete
Andreas Hasenack (ahasenack)
Changed in strongswan (Ubuntu):
assignee: nobody → Andreas Hasenack (ahasenack)
Bryce Harrington (bryce)
Changed in strongswan (Ubuntu):
milestone: none → ubuntu-24.10-beta
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.