[ubuntu/mantic-proposed] strongswan 5.9.11-1ubuntu1 (Accepted)

Andreas Hasenack andreas at canonical.com
Mon Jun 26 22:12:14 UTC 2023 

strongswan (5.9.11-1ubuntu1) mantic; urgency=medium

  * Merge with Debian unstable (LP: #2018113). Remaining changes:
    - d/control: strongswan-starter hard-depends on strongswan-charon,
      therefore bump the dependency from Recommends to Depends. At the same
      time avoid a circular dependency by dropping
      strongswan-charon->strongswan-starter from Depends to Recommends as the
      binaries can work without the services but not vice versa.
    - re-add post-quantum encryption algorithm (NTRU) (LP #1863749)
      + d/control: mention plugins in package description
      + d/rules: enable ntru at build time
      + d/libstrongswan-extra-plugins.install: ship config and shared objects
    - Re-enable eap-{dynamic,peap} libcharon plugins (LP #1878887)
      + d/control: update libcharon-extra-plugins description.
      + d/libcharon-extra-plugins.install: install .so and conf files.
      + d/rules: add plugins to the configuration arguments.
    - Remove conf files of plugins removed from libcharon-extra-plugins
      + The conf file of the following plugins were removed: eap-aka-3gpp2,
        eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym,
        eap-simaka-reauth, eap-simaka-sql, xauth-noauth.
      + Created d/libcharon-extra-plugins.maintscript to handle the removals
        properly.
    - d/t/{control,host-to-host,utils}: new host-to-host test
      (LP #1999525)
    - d/usr.sbin.swanctl: allow "m" flag for /usr/sbin/swanctl
      (LP #1999935)
  * Dropped:
    - SECURITY UPDATE: Incorrectly Accepted Untrusted Public Key With
      Incorrect Refcount
      + debian/patches/CVE-2023-26463.patch: fix authentication bypass and
        expired pointer dereference in src/libtls/tls_server.c.
      + CVE-2023-26463
      [Fixed upstream in 5.9.10]

Date: Fri, 23 Jun 2023 14:05:18 -0300
Changed-By: Andreas Hasenack <andreas at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/strongswan/5.9.11-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Fri, 23 Jun 2023 14:05:18 -0300
Source: strongswan
Built-For-Profiles: noudeb
Architecture: source
Version: 5.9.11-1ubuntu1
Distribution: mantic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Hasenack <andreas at canonical.com>
Launchpad-Bugs-Fixed: 2018113
Changes:
 strongswan (5.9.11-1ubuntu1) mantic; urgency=medium
 .
   * Merge with Debian unstable (LP: #2018113). Remaining changes:
     - d/control: strongswan-starter hard-depends on strongswan-charon,
       therefore bump the dependency from Recommends to Depends. At the same
       time avoid a circular dependency by dropping
       strongswan-charon->strongswan-starter from Depends to Recommends as the
       binaries can work without the services but not vice versa.
     - re-add post-quantum encryption algorithm (NTRU) (LP #1863749)
       + d/control: mention plugins in package description
       + d/rules: enable ntru at build time
       + d/libstrongswan-extra-plugins.install: ship config and shared objects
     - Re-enable eap-{dynamic,peap} libcharon plugins (LP #1878887)
       + d/control: update libcharon-extra-plugins description.
       + d/libcharon-extra-plugins.install: install .so and conf files.
       + d/rules: add plugins to the configuration arguments.
     - Remove conf files of plugins removed from libcharon-extra-plugins
       + The conf file of the following plugins were removed: eap-aka-3gpp2,
         eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym,
         eap-simaka-reauth, eap-simaka-sql, xauth-noauth.
       + Created d/libcharon-extra-plugins.maintscript to handle the removals
         properly.
     - d/t/{control,host-to-host,utils}: new host-to-host test
       (LP #1999525)
     - d/usr.sbin.swanctl: allow "m" flag for /usr/sbin/swanctl
       (LP #1999935)
   * Dropped:
     - SECURITY UPDATE: Incorrectly Accepted Untrusted Public Key With
       Incorrect Refcount
       + debian/patches/CVE-2023-26463.patch: fix authentication bypass and
         expired pointer dereference in src/libtls/tls_server.c.
       + CVE-2023-26463
       [Fixed upstream in 5.9.10]
Checksums-Sha1:
 02369811a2d9dc1444fcdfb7cef25e41713142eb 3471 strongswan_5.9.11-1ubuntu1.dsc
 f3cd093a1ba95cb152cc6fb9b210f77ef368b565 4786552 strongswan_5.9.11.orig.tar.bz2
 05e1059ae67f4c31bba81b2149d10f440223bab6 132332 strongswan_5.9.11-1ubuntu1.debian.tar.xz
 b176751d01ba45ae14f9bb73c3e375c8aa8b4b10 7059 strongswan_5.9.11-1ubuntu1_source.buildinfo
Checksums-Sha256:
 b37c801b570047eb1a7a97ddfb1db47069afcb8ad41800d94aeb5a376a474507 3471 strongswan_5.9.11-1ubuntu1.dsc
 ddf53f1f26ad26979d5f55e8da95bd389552f5de3682e35593f9a70b2584ed2d 4786552 strongswan_5.9.11.orig.tar.bz2
 775392c65e10b900d695c839360b4a9156dccf9352b1d412f97d32ae1f03d9e5 132332 strongswan_5.9.11-1ubuntu1.debian.tar.xz
 f40017179bc453a4998130b92bf53e36d4ca94bdc6756139386aa3d8f0120b1f 7059 strongswan_5.9.11-1ubuntu1_source.buildinfo
Files:
 3430da64ac62212148e682b033055bef 3471 net optional strongswan_5.9.11-1ubuntu1.dsc
 673e194cd256af77b46928179f2c81ad 4786552 net optional strongswan_5.9.11.orig.tar.bz2
 e6b1411df974dcb25307c677b9c4b1e0 132332 net optional strongswan_5.9.11-1ubuntu1.debian.tar.xz
 621c0ec682fed18882f22ffd267c785e 7059 net optional strongswan_5.9.11-1ubuntu1_source.buildinfo
Original-Maintainer: strongSwan Maintainers <pkg-swan-devel at lists.alioth.debian.org>
Vcs-Git: https://git.launchpad.net/~ahasenack/ubuntu/+source/strongswan
Vcs-Git-Commit: 3030e09ab5743ab2a7a7cea41266a8512a8a783d
Vcs-Git-Ref: refs/heads/mantic-strongswan-merge

More information about the mantic-changes mailing list