[ubuntu/resolute-proposed] strongswan 6.0.4-1ubuntu1 (Accepted)
Lukas Märdian
slyon at ubuntu.com
Tue Jan 20 11:04:18 UTC 2026
strongswan (6.0.4-1ubuntu1) resolute; urgency=medium
* Merge with Debian unstable (LP: #2125990). Remaining changes:
- d/control: strongswan-starter hard-depends on strongswan-charon,
therefore bump the dependency from Recommends to Depends. At the same
time avoid a circular dependency by dropping
strongswan-charon->strongswan-starter from Depends to Recommends as the
binaries can work without the services but not vice versa.
- Re-enable eap-{dynamic,peap} libcharon plugins (LP #1878887)
+ d/control: update libcharon-extra-plugins description.
+ d/libcharon-extra-plugins.install: install .so and conf files.
+ d/rules: add plugins to the configuration arguments.
- d/t/{control,host-to-host,utils}: new host-to-host test (LP #1999525)
- d/usr.sbin.swanctl: allow "m" flag for /usr/sbin/swanctl (LP #1999935)
* Dropped changes:
- Cherry-pick upstream commits to fix FTBFS with GCC-15 C23.
[applied in 6.0.2]
+ debian/patches/gcc15-compat/*
- d/t/host-to-host: disable DNSSEC via negative trust anchor for lxd domain
(LP #2119652)
[not needed anymore, as DNSSEC allow-downgrade was dropped by default]
- SECURITY UPDATE: Buffer Overflow When Handling EAP-MSCHAPv2 Failure.
Requests
[applied in 6.0.3]
+ debian/patches/CVE-2025-62291.patch: fix length check for Failure
Request packets on the client in
src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c.
strongswan (6.0.4-1) unstable; urgency=medium
* New upstream version 6.0.4 (Closes: #1122971)
- Fix CVE-2025-9615 in the network manager plugin (potential usage of
other users credentials).
strongswan (6.0.3-1) unstable; urgency=medium
* New upstream version 6.0.3
- Fix for buffer overflow in EAP-MSCHAPv2 (CVE-2025-62291)
strongswan (6.0.2-1) unstable; urgency=medium
* New upstream version 6.0.2
- Fix support with OpenSSL 3.5.1+ (Closes: #1109942)
* install iptfs configuration in libstrongswan
* d/copyright updated with decopy
Date: Tue, 20 Jan 2026 09:58:16 +0100
Changed-By: Lukas Märdian <slyon at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/strongswan/6.0.4-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 20 Jan 2026 09:58:16 +0100
Source: strongswan
Built-For-Profiles: noudeb
Architecture: source
Version: 6.0.4-1ubuntu1
Distribution: resolute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Lukas Märdian <slyon at ubuntu.com>
Closes: 1109942 1122971
Launchpad-Bugs-Fixed: 2125990
Changes:
strongswan (6.0.4-1ubuntu1) resolute; urgency=medium
.
* Merge with Debian unstable (LP: #2125990). Remaining changes:
- d/control: strongswan-starter hard-depends on strongswan-charon,
therefore bump the dependency from Recommends to Depends. At the same
time avoid a circular dependency by dropping
strongswan-charon->strongswan-starter from Depends to Recommends as the
binaries can work without the services but not vice versa.
- Re-enable eap-{dynamic,peap} libcharon plugins (LP #1878887)
+ d/control: update libcharon-extra-plugins description.
+ d/libcharon-extra-plugins.install: install .so and conf files.
+ d/rules: add plugins to the configuration arguments.
- d/t/{control,host-to-host,utils}: new host-to-host test (LP #1999525)
- d/usr.sbin.swanctl: allow "m" flag for /usr/sbin/swanctl (LP #1999935)
* Dropped changes:
- Cherry-pick upstream commits to fix FTBFS with GCC-15 C23.
[applied in 6.0.2]
+ debian/patches/gcc15-compat/*
- d/t/host-to-host: disable DNSSEC via negative trust anchor for lxd domain
(LP #2119652)
[not needed anymore, as DNSSEC allow-downgrade was dropped by default]
- SECURITY UPDATE: Buffer Overflow When Handling EAP-MSCHAPv2 Failure.
Requests
[applied in 6.0.3]
+ debian/patches/CVE-2025-62291.patch: fix length check for Failure
Request packets on the client in
src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c.
.
strongswan (6.0.4-1) unstable; urgency=medium
.
* New upstream version 6.0.4 (Closes: #1122971)
- Fix CVE-2025-9615 in the network manager plugin (potential usage of
other users credentials).
.
strongswan (6.0.3-1) unstable; urgency=medium
.
* New upstream version 6.0.3
- Fix for buffer overflow in EAP-MSCHAPv2 (CVE-2025-62291)
.
strongswan (6.0.2-1) unstable; urgency=medium
.
* New upstream version 6.0.2
- Fix support with OpenSSL 3.5.1+ (Closes: #1109942)
* install iptfs configuration in libstrongswan
* d/copyright updated with decopy
Checksums-Sha1:
a028a592b5cec52f25df56f2b492edcc468105f2 3465 strongswan_6.0.4-1ubuntu1.dsc
26db9e098fd0ec608c70810d65bf62ba927ff3a6 4915290 strongswan_6.0.4.orig.tar.bz2
13761dd7a5c2be2a75f13ad6f217d27ce191ec8d 143656 strongswan_6.0.4-1ubuntu1.debian.tar.xz
b222b05015aacade38586526e515bf42bc0337f9 8893 strongswan_6.0.4-1ubuntu1_source.buildinfo
Checksums-Sha256:
c3c3fec262e05eac8a405d4f25751a5eb31c1623573705f87b746ac50a02655c 3465 strongswan_6.0.4-1ubuntu1.dsc
79576bb61b9a406cea9eb73d0c565cc6254a6b6d2e7198f44758d2d7c61a7aec 4915290 strongswan_6.0.4.orig.tar.bz2
e619f2fc9eda2b868533958feb818d6b786b9f878a81acc210a51a934344bae2 143656 strongswan_6.0.4-1ubuntu1.debian.tar.xz
bf0b33f704cafdece509aef8644a8225d754a80cbc951e7b0b3bd57f295a5094 8893 strongswan_6.0.4-1ubuntu1_source.buildinfo
Files:
1a7991749cb081b7c872efcc6b1f7d9c 3465 net optional strongswan_6.0.4-1ubuntu1.dsc
f6b78a99e95179b6a65df218d75da7ca 4915290 net optional strongswan_6.0.4.orig.tar.bz2
bb335a35a2dbecd386b7125e3300c946 143656 net optional strongswan_6.0.4-1ubuntu1.debian.tar.xz
6449c749a21a265ae1864aced4c26ba6 8893 net optional strongswan_6.0.4-1ubuntu1_source.buildinfo
Original-Maintainer: strongSwan Maintainers <pkg-swan-devel at lists.alioth.debian.org>
Vcs-Git: https://git.launchpad.net/~slyon/ubuntu/+source/strongswan
Vcs-Git-Commit: 328a08f3926ae82768b04d8059789ec9561596f9
Vcs-Git-Ref: refs/heads/merge-lp2125990-resolute
More information about the Resolute-changes
mailing list