[ubuntu/artful-proposed] strongswan 5.5.1-4ubuntu1 (Accepted)

ChristianEhrhardt christian.ehrhardt at canonical.com
Thu Jun 1 05:45:13 UTC 2017 

strongswan (5.5.1-4ubuntu1) artful; urgency=medium

  * Merge from Debian to pick up latest security changes (CVE-2017-9022,
    CVE-2017-9023).
  * Remaining Changes:
    + Update init/service handling
      - d/rules: Change init/systemd program name to strongswan
      - d/strongswan-starter.strongswan.service: Add new systemd file instead of
        patching upstream
      - d/strongswan-starter.links: Removed, use Ubuntu systemd file instead of
        linking to upstream
      - d/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call.
      - d/strongswan-starter.prerm: Stop strongswan service on package
        removal (as opposed to using the old init.d script).
    + Clean up d/strongswan-starter.postinst:
      - Removed section about runlevel changes
      - Adapted service restart section for Upstart (kept to be Trusty
        backportable).
      - Remove old symlinks to init.d files is necessary.
      - Removed further out-dated code
      - Removed entire section on opportunistic encryption - this was never in
        strongSwan.
    + d/rules: Removed pieces on 'patching ipsec.conf' on build.
    + Mass enablement of extra plugins and features to allow a user to use
      strongswan for a variety of use cases without having to rebuild.
      - d/control: Add required additional build-deps
      - d/rules: Enable features at configure stage
      - d/control: Mention addtionally enabled plugins
      - d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
      - d/libstrongswan.install: Add plugins (so, conf)
    + d/rules: Disable duplicheck as per
      https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718291#10
    + Remove ha plugin (requires special kernel)
      - d/libcharon-extra-plugins.install: Stop installing ha (so, conf)
      - d/rules: Do not enable ha plugin
      - d/control: Drop listing the ha plugin in the package description
    + Add plugin kernel-libipsec to allow the use of strongswan in containers
      via this userspace implementation (please do note that this is still
      considered experimental by upstream).
      - d/libcharon-extra-plugins.install: Add kernel-libipsec components
      - d/control: List kernel-libipsec plugin at extra plugins description
      - d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
        upstream recommends to not load kernel-libipsec by default.
    + Relocate tnc plugin
     - debian/libcharon-extra-plugins.install: Drop tnc from extra plugins
     - Add new subpackage for TNC in d/strongswan-tnc-* and d/control
    + d/strongswan-starter.install: Install pool feature, that useful due to
      having attr-sql plugin that is enabled now.
    + Relocate plugins test-vectors and ccm from extra-plugins to libstrongswan
      - d/libstrongswan-extra-plugins.install: Remove plugins/conffiles
      - d/libstrongswan.install: Add plugins/confiles
      - d/control: move package descriptions and add required breaks/replaces
    + d/libstrongswan.install: Reorder conf and .so alphabetically
    + d/libstrongswan.install: Add kernel-netlink configuration files
    + d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference.
    + debian/patches/increase-bliss-test-timeout.patch: Under QEMU/KVM
      autopkgtest the bliss test takes longer than the default (Upstream in
      5.5.2 via issue 2204)
    + Complete the disabling of libfast; This was partially accepted in Debian,
        it is no more packaging medcli and medsrv, but still builds and
        mentions it.
      - d/rules: Add --disable-fast to avoid build time and dependencies
      - d/control: Remove medcli, medsrv from package description
    + Add now built (5.5.1 vs 5.3.5) mgf1 plugin to libstrongswan-extra-plugins.
      "only" to extra-plugins Mgf1 is not listed as default plugin at
      https://wiki.strongswan.org/projects/strongswan/wiki/Pluginlist.
    + Add now built (5.5.1 vs 5.3.5) libraries libtpmtss and nttfft to
      libstrongswan-extra-plugins.
    + Add missing mention of md4 plugin in d/control
    + Add rm_conffile for /etc/init.d/ipsec (transition from precies had
      missed that)
    + d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
      plugins for the most common use cases from extra-plugins into a new
      standard-plugins package. This will allow those use cases without pulling
      in too much more plugins (a bit like the tnc package). Recommend that
      package from strongswan-libcharon.

Date: 2017-05-31 14:13:13.883525+00:00
Changed-By: ChristianEhrhardt <christian.ehrhardt at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/strongswan/5.5.1-4ubuntu1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Artful-changes mailing list