[ubuntu/artful-proposed] strongswan 5.5.1-3ubuntu1 (Accepted)
ChristianEhrhardt
christian.ehrhardt at canonical.com
Tue May 9 16:45:18 UTC 2017
strongswan (5.5.1-3ubuntu1) artful; urgency=medium
* Merge from Debian to pick up latest changes. Among others this includes:
- a lot of the Delta we upstreamed to Debian (more discussions are ongoing
but likely have to wait until Debian stretch was released)
- enabling mediation support (LP: #1657413)
* Remaining Changes:
+ Update init/service handling
- d/rules: Change init/systemd program name to strongswan
- d/strongswan-starter.strongswan.service: Add new systemd file instead of
patching upstream
- d/strongswan-starter.links: Removed, use Ubuntu systemd file instead of
linking to upstream
- d/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call.
- d/strongswan-starter.prerm: Stop strongswan service on package
removal (as opposed to using the old init.d script).
+ Clean up d/strongswan-starter.postinst:
- Removed section about runlevel changes
- Adapted service restart section for Upstart (kept to be Trusty
backportable).
- Remove old symlinks to init.d files is necessary.
- Removed further out-dated code
- Removed entire section on opportunistic encryption - this was never in
strongSwan.
+ d/rules: Removed pieces on 'patching ipsec.conf' on build.
+ Mass enablement of extra plugins and features to allow a user to use
strongswan for a variety of use cases without having to rebuild.
- d/control: Add required additional build-deps
- d/rules: Enable features at configure stage
- d/control: Mention addtionally enabled plugins
- d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
- d/libstrongswan.install: Add plugins (so, conf)
+ d/rules: Disable duplicheck as per
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718291#10
+ Remove ha plugin (requires special kernel)
- d/libcharon-extra-plugins.install: Stop installing ha (so, conf)
- d/rules: Do not enable ha plugin
- d/control: Drop listing the ha plugin in the package description
+ Add plugin kernel-libipsec to allow the use of strongswan in containers
via this userspace implementation (please do note that this is still
considered experimental by upstream).
- d/libcharon-extra-plugins.install: Add kernel-libipsec components
- d/control: List kernel-libipsec plugin at extra plugins description
- d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
upstream recommends to not load kernel-libipsec by default.
+ Relocate tnc plugin
- debian/libcharon-extra-plugins.install: Drop tnc from extra plugins
- Add new subpackage for TNC in d/strongswan-tnc-* and d/control
+ d/strongswan-starter.install: Install pool feature, that useful due to
having attr-sql plugin that is enabled now.
+ Relocate plugins test-vectors and ccm from extra-plugins to libstrongswan
- d/libstrongswan-extra-plugins.install: Remove plugins/conffiles
- d/libstrongswan.install: Add plugins/confiles
- d/control: move package descriptions and add required breaks/replaces
+ d/libstrongswan.install: Reorder conf and .so alphabetically
+ d/libstrongswan.install: Add kernel-netlink configuration files
+ d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference.
+ debian/patches/increase-bliss-test-timeout.patch: Under QEMU/KVM
autopkgtest the bliss test takes longer than the default (Upstream in
5.5.2 via issue 2204)
+ Complete the disabling of libfast; This was partially accepted in Debian,
it is no more packaging medcli and medsrv, but still builds and
mentions it.
- d/rules: Add --disable-fast to avoid build time and dependencies
- d/control: Remove medcli, medsrv from package description
+ Add now built (5.5.1 vs 5.3.5) mgf1 plugin to libstrongswan-extra-plugins.
"only" to extra-plugins Mgf1 is not listed as default plugin at
https://wiki.strongswan.org/projects/strongswan/wiki/Pluginlist.
+ Add now built (5.5.1 vs 5.3.5) libraries libtpmtss and nttfft to
libstrongswan-extra-plugins.
+ Add missing mention of md4 plugin in d/control
+ Add rm_conffile for /etc/init.d/ipsec (transition from precies had
missed that)
+ d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
plugins for the most common use cases from extra-plugins into a new
standard-plugins package. This will allow those use cases without pulling
in too much more plugins (a bit like the tnc package). Recommend that
package from strongswan-libcharon.
* Dropped Changes:
+ Add and install apparmor profiles (in Debian)
- d/rules: Install AppArmor profiles
- d/control: Add dh-apparmor build-dep
- d/usr.lib.ipsec.{charon, lookip, stroke}: Add latest AppArmor profiles
for charon, lookip and stroke
- d/libcharon-extra-plugins.install: Install profile for lookip
- d/strongswan-charon.install: Install profile for charon
- d/strongswan-starter.install: Install profile for stroke
- Fix strongswan ipsec status issue with apparmor
- Fix Dep8 tests for the now extra strongswan-pki package for pki
- Fix Dep8 tests for the now extra strongswan-scepclient package
+ d/rules: Sorted and only one enable option per configure line (in
Debian)
+ Add updated logcheck rules (in Debian)
- debian/libstrongswan.strongswan.logcheck.*: Remove outdated files
- debian/strongswan.logcheck: Add updated logcheck rules
+ Add updated DEP8 tests (in Debian)
- d/tests/*: Add DEP8 tests
- d/control: Enable autotestpkg
+ d/rules: do not strip for library integrity checking (After Discussion
with Debian this isn't acceptable there, but at the same time it turned
out the real use-case of this never uses this lib but instead third
party checks of checksums for e.g. FIPS cert; so drop the Delta)
- Use override_dh_strip to to avoid overwriting user build flags.
- Add missing mention of libchecksum integrity test in d/control
+ d/rules: Set TESTS_REDUCED_KEYLENGTHS to one generate smallest key-lengths
in tests to avoid issues in low entropy environments. (Debian has
disabled !x86 tests for the same reason, one solution is enough)
Date: 2017-05-04 13:13:13.097687+00:00
Changed-By: ChristianEhrhardt <christian.ehrhardt at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/strongswan/5.5.1-3ubuntu1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Artful-changes
mailing list