Merge strongswan from Debian Unstable for r-series

Scheduled-For: ubuntu-25.11
Ubuntu: 6.0.1-6ubuntu4
Debian Unstable: 6.0.2-1

A new release of strongswan is available for merging from Debian Unstable.

If it turns out this needs a sync rather than a merge, please change the tagging from ['needs-merge', 'upgrade-software-version'] to ['needs-sync', 'upgrade-software-version'], and (optionally) update the title as desired.

If this merge pulls in a new upstream version, also consider adding an entry to the r-series Release Notes: https://discourse.ubuntu.com/c/project/release/38

### New Debian Changes ###

strongswan (6.0.2-1) unstable; urgency=medium

  * New upstream version 6.0.2
    - Fix support with OpenSSL 3.5.1+ (Closes: #1109942)
  * install iptfs configuration in libstrongswan
  * d/copyright updated with decopy

 -- Yves-Alexis Perez <email address hidden> Fri, 22 Aug 2025 10:45:05 +0200

### Old Ubuntu Delta ###

strongswan (6.0.1-6ubuntu4) questing; urgency=medium

  * d/t/host-to-host: configure negative trust anchor for lxd domain
    Do this instead of disabling DNSSEC per-interface (LP: #2119652)

 -- Nick Rosbrook <email address hidden> Thu, 21 Aug 2025 12:46:41 -0400

strongswan (6.0.1-6ubuntu3) questing; urgency=medium

  * d/t/host-to-host: disable DNSSEC in container during test (LP: #2119652)

 -- Nick Rosbrook <email address hidden> Tue, 19 Aug 2025 10:26:51 -0400

strongswan (6.0.1-6ubuntu2) questing; urgency=medium

  * Cherry-pick upstream commits to fix FTBFS with GCC-15 C23.
    - debian/patches/gcc15-compat/*

 -- Lukas Märdian <email address hidden> Thu, 31 Jul 2025 09:47:21 +0200

strongswan (6.0.1-6ubuntu1) questing; urgency=medium

  * Merge with Debian unstable (LP: #2110449). Remaining changes:
    - d/control: strongswan-starter hard-depends on strongswan-charon,
      therefore bump the dependency from Recommends to Depends. At the same
      time avoid a circular dependency by dropping
      strongswan-charon->strongswan-starter from Depends to Recommends as the
      binaries can work without the services but not vice versa.
    - Re-enable eap-{dynamic,peap} libcharon plugins (LP #1878887)
      + d/control: update libcharon-extra-plugins description.
      + d/libcharon-extra-plugins.install: install .so and conf files.
      + d/rules: add plugins to the configuration arguments.
    - d/t/{control,host-to-host,utils}: new host-to-host test
      (LP #1999525)
    - d/usr.sbin.swanctl: allow "m" flag for /usr/sbin/swanctl
      (LP #1999935)
  * Drop changes:
    - re-add post-quantum encryption algorithm (NTRU) (LP #1863749)
      [ deprecated & dropped upstream as of 6.0.0 ]
    - Remove conf files of plugins removed from libcharon-extra-plugins
      [ Not relevant anymore after > 1 LTS cyle ]

 -- Lukas Märdian <email address hidden> Thu, 24 Jul 2025 15:43:37 +0200