[ubuntu/cosmic-proposed] strongswan 5.6.3-1ubuntu1 (Accepted)
Andreas Hasenack
andreas at canonical.com
Thu Aug 23 16:22:17 UTC 2018
strongswan (5.6.3-1ubuntu1) cosmic; urgency=medium
* Merge with Debian unstable. Remaining changes:
- Clean up d/strongswan-starter.postinst: section about runlevel changes
- Clean up d/strongswan-starter.postinst: Removed entire section on
opportunistic encryption disabling - this was never in strongSwan and
won't be see upstream issue #2160.
- d/rules: Removed patching ipsec.conf on build (not using the
debconf-managed config.)
- d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was
used for debconf-managed include of private key).
- Mass enablement of extra plugins and features to allow a user to use
strongswan for a variety of extra use cases without having to rebuild.
+ d/control: Add required additional build-deps
+ d/control: Mention addtionally enabled plugins
+ d/rules: Enable features at configure stage
+ d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
+ d/libstrongswan.install: Add plugins (so, conf)
- d/strongswan-starter.install: Install pool feature, which is useful since
we have attr-sql plugin enabled as well using it.
- Add plugin kernel-libipsec to allow the use of strongswan in containers
via this userspace implementation (please do note that this is still
considered experimental by upstream).
+ d/libcharon-extra-plugins.install: Add kernel-libipsec components
+ d/control: List kernel-libipsec plugin at extra plugins description
+ d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
upstream recommends to not load kernel-libipsec by default.
- Relocate tnc plugin
+ debian/libcharon-extra-plugins.install: Drop tnc from extra plugins
+ Add new subpackage for TNC in d/strongswan-tnc-* and d/control
- d/libstrongswan.install: Reorder conf and .so alphabetically
- d/libstrongswan.install: Add kernel-netlink configuration files
- Complete the disabling of libfast; This was partially accepted in Debian,
it is no more packaging medcli and medsrv, but still builds and
mentions it.
+ d/rules: Add --disable-fast to avoid build time and dependencies
+ d/control: Remove medcli, medsrv from package description
- d/control: Mention mgf1 plugin which is in libstrongswan now
- Add now built (since 5.5.1) libraries libtpmtss and nttfft to
libstrongswan-extra-plugins (no deps from default plugins).
- d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
plugins for the most common use cases from extra-plugins into a new
standard-plugins package. This will allow those use cases without pulling
in too much more plugins (a bit like the tnc package). Recommend that
package from strongswan-libcharon.
- d/usr.sbin.charon-systemd: allow to contact mysql for sql and
attr-sql plugins (LP #1766240)
- d/usr.lib.ipsec.charon, d/usr/sbin/charon-systemd: Add support for
usr-merge, thanks to Christian Ehrhardt. LP #1784023
* Dropped:
- d/usr.sbin.charon-systemd: allow systemd notifications (LP: #1765652)
[Fixed in 5.6.3-1]
strongswan (5.6.3-1) unstable; urgency=medium
* New upstream version 5.6.2
* update charon-systemd AppArmor profile (closes: #896813)
* New upstream version 5.6.3
- fix a DoS vulnerability in the IKEv2 key derivation if the openssl
plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF
(CVE-2018-10811)
- fix a vulnerability in the stroke plugin, which did not check the
received length before reading a message from the control socket
(CVE-2018-5388)
* d/p/05_charon-nm-Fix-building-list-of-DNS-MDNS-servers-with removed
Date: Thu, 23 Aug 2018 13:05:11 -0300
Changed-By: Andreas Hasenack <andreas at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/strongswan/5.6.3-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 23 Aug 2018 13:05:11 -0300
Source: strongswan
Binary: strongswan libstrongswan libstrongswan-standard-plugins libstrongswan-extra-plugins libcharon-standard-plugins libcharon-extra-plugins strongswan-starter strongswan-libcharon strongswan-charon strongswan-nm strongswan-tnc-ifmap strongswan-tnc-base strongswan-tnc-client strongswan-tnc-server strongswan-tnc-pdp charon-cmd strongswan-pki strongswan-scepclient strongswan-swanctl charon-systemd
Architecture: source
Version: 5.6.3-1ubuntu1
Distribution: cosmic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Hasenack <andreas at canonical.com>
Description:
charon-cmd - standalone IPsec client
charon-systemd - strongSwan IPsec client, systemd support
libcharon-extra-plugins - strongSwan charon library (extra plugins)
libcharon-standard-plugins - strongSwan charon library (standard plugins)
libstrongswan - strongSwan utility and crypto library
libstrongswan-extra-plugins - strongSwan utility and crypto library (extra plugins)
libstrongswan-standard-plugins - strongSwan utility and crypto library (standard plugins)
strongswan - IPsec VPN solution metapackage
strongswan-charon - strongSwan Internet Key Exchange daemon
strongswan-libcharon - strongSwan charon library
strongswan-nm - strongSwan plugin to interact with NetworkManager
strongswan-pki - strongSwan IPsec client, pki command
strongswan-scepclient - strongSwan IPsec client, SCEP client
strongswan-starter - strongSwan daemon starter and configuration file parser
strongswan-swanctl - strongSwan IPsec client, swanctl command
strongswan-tnc-base - strongSwan Trusted Network Connect's (TNC) - base files
strongswan-tnc-client - strongSwan Trusted Network Connect's (TNC) - client files
strongswan-tnc-ifmap - strongSwan plugin for Trusted Network Connect's (TNC) IF-MAP clie
strongswan-tnc-pdp - strongSwan plugin for Trusted Network Connect's (TNC) PDP
strongswan-tnc-server - strongSwan Trusted Network Connect's (TNC) - server files
Closes: 896813
Launchpad-Bugs-Fixed: 1765652
Changes:
strongswan (5.6.3-1ubuntu1) cosmic; urgency=medium
.
* Merge with Debian unstable. Remaining changes:
- Clean up d/strongswan-starter.postinst: section about runlevel changes
- Clean up d/strongswan-starter.postinst: Removed entire section on
opportunistic encryption disabling - this was never in strongSwan and
won't be see upstream issue #2160.
- d/rules: Removed patching ipsec.conf on build (not using the
debconf-managed config.)
- d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was
used for debconf-managed include of private key).
- Mass enablement of extra plugins and features to allow a user to use
strongswan for a variety of extra use cases without having to rebuild.
+ d/control: Add required additional build-deps
+ d/control: Mention addtionally enabled plugins
+ d/rules: Enable features at configure stage
+ d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
+ d/libstrongswan.install: Add plugins (so, conf)
- d/strongswan-starter.install: Install pool feature, which is useful since
we have attr-sql plugin enabled as well using it.
- Add plugin kernel-libipsec to allow the use of strongswan in containers
via this userspace implementation (please do note that this is still
considered experimental by upstream).
+ d/libcharon-extra-plugins.install: Add kernel-libipsec components
+ d/control: List kernel-libipsec plugin at extra plugins description
+ d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
upstream recommends to not load kernel-libipsec by default.
- Relocate tnc plugin
+ debian/libcharon-extra-plugins.install: Drop tnc from extra plugins
+ Add new subpackage for TNC in d/strongswan-tnc-* and d/control
- d/libstrongswan.install: Reorder conf and .so alphabetically
- d/libstrongswan.install: Add kernel-netlink configuration files
- Complete the disabling of libfast; This was partially accepted in Debian,
it is no more packaging medcli and medsrv, but still builds and
mentions it.
+ d/rules: Add --disable-fast to avoid build time and dependencies
+ d/control: Remove medcli, medsrv from package description
- d/control: Mention mgf1 plugin which is in libstrongswan now
- Add now built (since 5.5.1) libraries libtpmtss and nttfft to
libstrongswan-extra-plugins (no deps from default plugins).
- d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
plugins for the most common use cases from extra-plugins into a new
standard-plugins package. This will allow those use cases without pulling
in too much more plugins (a bit like the tnc package). Recommend that
package from strongswan-libcharon.
- d/usr.sbin.charon-systemd: allow to contact mysql for sql and
attr-sql plugins (LP #1766240)
- d/usr.lib.ipsec.charon, d/usr/sbin/charon-systemd: Add support for
usr-merge, thanks to Christian Ehrhardt. LP #1784023
* Dropped:
- d/usr.sbin.charon-systemd: allow systemd notifications (LP: #1765652)
[Fixed in 5.6.3-1]
.
strongswan (5.6.3-1) unstable; urgency=medium
.
* New upstream version 5.6.2
* update charon-systemd AppArmor profile (closes: #896813)
* New upstream version 5.6.3
- fix a DoS vulnerability in the IKEv2 key derivation if the openssl
plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF
(CVE-2018-10811)
- fix a vulnerability in the stroke plugin, which did not check the
received length before reading a message from the control socket
(CVE-2018-5388)
* d/p/05_charon-nm-Fix-building-list-of-DNS-MDNS-servers-with removed
Checksums-Sha1:
94cceccc4fa66a09cd823afa463de44780c40c3e 3923 strongswan_5.6.3-1ubuntu1.dsc
749e8b5ad0c9480c2303bc6caf4c9c6452ce00ed 4961579 strongswan_5.6.3.orig.tar.bz2
72a6d500c1bf7d41237ada99782a5be9020dcae8 136372 strongswan_5.6.3-1ubuntu1.debian.tar.xz
6b120a76f860e6edcca2b068f90350c3fb2da4b3 10036 strongswan_5.6.3-1ubuntu1_source.buildinfo
Checksums-Sha256:
8060b8ba729957e73c3761a6c33112f55a2f616f07bd4e603ed72f0dc37d2f56 3923 strongswan_5.6.3-1ubuntu1.dsc
c3c7dc8201f40625bba92ffd32eb602a8909210d8b3fac4d214c737ce079bf24 4961579 strongswan_5.6.3.orig.tar.bz2
e9c6d8fe5ef4057a3349d64cc7901501e01f6f0bd9d78195698ec0dd4443e34f 136372 strongswan_5.6.3-1ubuntu1.debian.tar.xz
bba40e0d8dfdefcd55c64d59fd9b267672144d53fb185129d6b7fc4b2add0f77 10036 strongswan_5.6.3-1ubuntu1_source.buildinfo
Files:
f4f53caf91e0e2dc5ecac142ddd4442c 3923 net optional strongswan_5.6.3-1ubuntu1.dsc
a6a28eeb22aa58080a7581771a5b63f9 4961579 net optional strongswan_5.6.3.orig.tar.bz2
db198c9d00963c270e4716d7a1b4b638 136372 net optional strongswan_5.6.3-1ubuntu1.debian.tar.xz
c1aa4c2fe3016a2e13d7a25be39591e2 10036 net optional strongswan_5.6.3-1ubuntu1_source.buildinfo
Original-Maintainer: strongSwan Maintainers <pkg-swan-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEiGZB1jWM2kalbBxyrJg+tb9ry6kFAlt+3wQACgkQrJg+tb9r
y6n8ARAAh4+K6f/3JKuFl1BPqHMqXQlU8GoMuUA3BydrhorBj87EZETeQNvPp3Zl
YZ3pUu+anBoxRD3Vge4Pb5fRcWlBvaKNg+rKdxTBHk0yqsG5DGpRL8FJxKWgdOMW
v9VJofZIh8XZVWrZ1a94FQI+XhO50QvzLDpmCBralT37pOdNMPMppP/lqT6G/s/Z
tLF0n9PJ9+hvn+2JuopWiqX+EwC8Z/dZhTk9XkAazpL3swB38HmLJPewFsODm455
MvFHjHi539myKsvWGiT13RTtfVtO24E1Ek3VOeM1iUDpFrHQHeflkpSiUWCCwPVn
jkOUzomv/dMfyvEe3g6YO8OBABj2TnxxCf30f1HaQnWCIqcDFQRBK0pZLIMecN+l
GPKBfdFOCq0k0ntU6ZRF15FmaLjwca8gYarWR+xeemSFP+kKMoA9zi0g4oIBVm5z
9IfubyW9R/1+8rS8iShrYLL+FlCtb2RZOHX9otRywvlw3jy3dlYogpTIUFvy6EuR
+jazcI++metQ2pqXbtraAvZwX7NbgvuWUWaMyBnxEwJH6NyEUNnCjWgqUycooGKZ
IkU/zCUmK+I5Dh6pRPajee6dnCD+3io7i5KHfdk7LhdV1DGbu58zPXVM0xJyI4oA
DLcOvki5DxfgrTayrRds5owxF5TVmm+E+pZEDNbX7DD06EjMu2U=
=h/cy
-----END PGP SIGNATURE-----
More information about the Cosmic-changes
mailing list