[ubuntu/zesty-proposed] strongswan 5.5.1-1ubuntu1 (Accepted)
Christian Ehrhardt
christian.ehrhardt at canonical.com
Fri Dec 16 10:31:17 UTC 2016
strongswan (5.5.1-1ubuntu1) zesty; urgency=medium
* Merge from Debian (complex delta, discussions and broken out changes can be
found in the merge proposal linked from the merge bug LP: #1631198)
* Remaining Changes:
+ d/rules: Enforcing DEB_BUILD_OPTIONS=nostrip for library integrity
checking.
+ d/rules: Set TESTS_REDUCED_KEYLENGTHS to one generate smallest key-lengths
in tests to avoid issues in low entropy environments.
+ Update init/service handling
- d/rules: Change init/systemd program name to strongswan
- d/strongswan-starter.strongswan.service: Add new systemd file instead of
patching upstream
- d/strongswan-starter.links: Removed, use Ubuntu systemd file instead of
linking to upstream
- d/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call.
- d/strongswan-starter.prerm: Stop strongswan service on package
removal (as opposed to using the old init.d script).
+ Clean up d/strongswan-starter.postinst:
- Removed section about runlevel changes
- Adapted service restart section for Upstart (kept to be Trusty
backportable).
- Remove old symlinks to init.d files is necessary.
- Removed further out-dated code
- Removed entire section on opportunistic encryption - this was never in
strongSwan.
+ Add and install apparmor profiles
- d/rules: Install AppArmor profiles
- d/control: Add dh-apparmor build-dep
- d/usr.lib.ipsec.{charon, lookip, stroke}: Add latest AppArmor profiles
for charon, lookip and stroke
- d/libcharon-extra-plugins.install: Install profile for lookip
- d/strongswan-charon.install: Install profile for charon
- d/strongswan-starter.install: Install profile for stroke
+ d/rules: Removed pieces on 'patching ipsec.conf' on build.
+ d/rules: Sorted and only one enable option per configure line
+ Mass enablement of extra plugins and features to allow a user to use
strongswan for a variety of use cases without having to rebuild.
- d/control: Add required additional build-deps
- d/rules: Enable features at configure stage
- d/control: Mention addtionally enabled plugins
- d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
- d/libstrongswan.install: Add plugins (so, conf)
+ d/rules: Disable duplicheck as per
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718291#10
+ Remove ha plugin (requires special kernel)
- d/libcharon-extra-plugins.install: Stop installing ha (so, conf)
- d/rules: Do not enable ha plugin
- d/control: Drop listing the ha plugin in the package description
+ Add plugin kernel-libipsec to allow the use of strongswan in containers
via this userspace implementation (please do note that this is still
considered experimental by upstream).
- d/libcharon-extra-plugins.install: Add kernel-libipsec components
- d/control: List kernel-libipsec plugin at extra plugins description
- d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
upstream recommends to not load kernel-libipsec by default.
+ Relocate tnc plugin
- debian/libcharon-extra-plugins.install: Drop tnc from extra plugins
- Add new subpackage for TNC in d/strongswan-tnc-* and d/control
+ d/strongswan-starter.install: Install pool feature, that useful due to
having attr-sql plugin that is enabled now.
+ Relocate plugins test-vectors and ccm from extra-plugins to libstrongswan
- d/libstrongswan-extra-plugins.install: Remove plugins
- d/libstrongswan.install: Add plugins
+ d/libstrongswan.install: Reorder conf and .so alphabetically
+ d/libstrongswan.install: Add kernel-netlink configuration files
+ d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference.
+ Add updated logcheck rules
- debian/libstrongswan.strongswan.logcheck.*: Remove outdated files
- debian/strongswan.logcheck: Add updated logcheck rules
+ Add updated DEP8 tests
- d/tests/*: Add DEP8 tests
- d/control: Enable autotestpkg
+ debian/patches/increase-bliss-test-timeout.patch: Under QEMU/KVM
autopkgtest the bliss test takes longer than the default
+ Complete the disabling of libfast
- Note: This was partially accepted in Debian, it is no more
packaging medcli and medsrv, but still builds and mentions it
- d/rules: Add --disable-fast to avoid build time and dependencies
- d/control: Remove medcli, medsrv from package description
* Dropped Changes:
+ Adding build-dep to iptables-dev (no change, was only in Changelog)
+ Dropping of build deps libfcgi-dev, clearsilver-dev (in Debian)
+ Adding strongswan-plugin-* virtual packages for dist-upgrade (no
upgrade path left needing them)
+ Most of "disabling libfast" (Debian dropped it from package content)
+ Transition for ipsec service (no upgrade path left)
+ Reverted part of the cleanup to d/strongswan-starter.postinst as using
service should rather use invoke-rc.d (so it is a partial revert of our
delta)
+ Transition handling (breaks/replaces) from per-plugin packages to the
three grouped plugin packages (no upgrade path left)
+ debian/strongswan-starter.dirs: Don't touch /etc/init.d. (while "correct"
it is effectively a no-op still, so not worth the delta)
+ Lower dpkg-dev to 1.16.1 from 1.16.2 to enable backporting to Precise
(no more needed)
+ d/rules: Remove configure option --enable-unit-test (unit tests run by
default)
* Added Changes:
+ Fix strongswan ipsec status issue with apparmor (LP: #1587886)
+ d/control, d/libstrongswan.install, d/libstrongswan-extra-plugins: Fixup
the relocation of the ccm plugin which missed to move the conffiles.
+ Complete move of test-vectors (was missing in d/control)
+ Add now built (5.5.1 vs 5.3.5) mgf1 plugin to libstrongswan-extra-plugins.
"only" to extra-plugins Mgf1 is not listed as default plugin at
https://wiki.strongswan.org/projects/strongswan/wiki/Pluginlist.
+ Add now built (5.5.1 vs 5.3.5) libraries libtpmtss and nttfft to
libstrongswan-extra-plugins.
+ Add missing mention of md4 plugin in d/control
+ Add missing mention of libchecksum integrity test in d/control
+ Add rm_conffile for /etc/init.d/ipsec (transition from precies had
missed that)
+ Use override_dh_strip to to fix library integrity checking instead of
DEB_BUILD_OPTION to avoid overwriting user build flags.
+ d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
plugins for the most common use cases from extra-plugins into a new
standard-plugins package. This will allow those use cases without pulling
in too much more plugins (a bit like the tnc package). Recommend that
package from strongswan-libcharon (LP: #1640826).
+ Fix Dep8 tests for the now extra strongswan-pki package for pki
+ Fix Dep8 tests for the now extra strongswan-scepclient package
Date: Mon, 07 Nov 2016 16:16:41 +0100
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Maintainer: strongSwan Maintainers <pkg-swan-devel at lists.alioth.debian.org>
https://launchpad.net/ubuntu/+source/strongswan/5.5.1-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 07 Nov 2016 16:16:41 +0100
Source: strongswan
Binary: strongswan libstrongswan libstrongswan-standard-plugins libstrongswan-extra-plugins libcharon-standard-plugins libcharon-extra-plugins strongswan-starter strongswan-libcharon strongswan-charon strongswan-ike strongswan-nm strongswan-tnc-ifmap strongswan-tnc-base strongswan-tnc-client strongswan-tnc-server strongswan-tnc-pdp strongswan-ikev1 strongswan-ikev2 charon-cmd strongswan-pki strongswan-scepclient strongswan-swanctl charon-systemd
Architecture: source
Version: 5.5.1-1ubuntu1
Distribution: zesty
Urgency: medium
Maintainer: strongSwan Maintainers <pkg-swan-devel at lists.alioth.debian.org>
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Description:
charon-cmd - standalone IPsec client
charon-systemd - strongSwan IPsec client, systemd support
libcharon-extra-plugins - strongSwan charon library (extra plugins)
libcharon-standard-plugins - strongSwan charon library (standard plugins)
libstrongswan - strongSwan utility and crypto library
libstrongswan-extra-plugins - strongSwan utility and crypto library (extra plugins)
libstrongswan-standard-plugins - strongSwan utility and crypto library (standard plugins)
strongswan - IPsec VPN solution metapackage
strongswan-charon - strongSwan Internet Key Exchange daemon
strongswan-ike - strongSwan Internet Key Exchange daemon (transitional package)
strongswan-ikev1 - strongSwan IKEv1 daemon, transitional package
strongswan-ikev2 - strongSwan IKEv2 daemon, transitional package
strongswan-libcharon - strongSwan charon library
strongswan-nm - strongSwan plugin to interact with NetworkManager
strongswan-pki - strongSwan IPsec client, pki command
strongswan-scepclient - strongSwan IPsec client, SCEP client
strongswan-starter - strongSwan daemon starter and configuration file parser
strongswan-swanctl - strongSwan IPsec client, swanctl command
strongswan-tnc-base - strongSwan Trusted Network Connect's (TNC) - base files
strongswan-tnc-client - strongSwan Trusted Network Connect's (TNC) - client files
strongswan-tnc-ifmap - strongSwan plugin for Trusted Network Connect's (TNC) IF-MAP clie
strongswan-tnc-pdp - strongSwan plugin for Trusted Network Connect's (TNC) PDP
strongswan-tnc-server - strongSwan Trusted Network Connect's (TNC) - server files
Launchpad-Bugs-Fixed: 1587886 1631198 1640826
Changes:
strongswan (5.5.1-1ubuntu1) zesty; urgency=medium
.
* Merge from Debian (complex delta, discussions and broken out changes can be
found in the merge proposal linked from the merge bug LP: #1631198)
* Remaining Changes:
+ d/rules: Enforcing DEB_BUILD_OPTIONS=nostrip for library integrity
checking.
+ d/rules: Set TESTS_REDUCED_KEYLENGTHS to one generate smallest key-lengths
in tests to avoid issues in low entropy environments.
+ Update init/service handling
- d/rules: Change init/systemd program name to strongswan
- d/strongswan-starter.strongswan.service: Add new systemd file instead of
patching upstream
- d/strongswan-starter.links: Removed, use Ubuntu systemd file instead of
linking to upstream
- d/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call.
- d/strongswan-starter.prerm: Stop strongswan service on package
removal (as opposed to using the old init.d script).
+ Clean up d/strongswan-starter.postinst:
- Removed section about runlevel changes
- Adapted service restart section for Upstart (kept to be Trusty
backportable).
- Remove old symlinks to init.d files is necessary.
- Removed further out-dated code
- Removed entire section on opportunistic encryption - this was never in
strongSwan.
+ Add and install apparmor profiles
- d/rules: Install AppArmor profiles
- d/control: Add dh-apparmor build-dep
- d/usr.lib.ipsec.{charon, lookip, stroke}: Add latest AppArmor profiles
for charon, lookip and stroke
- d/libcharon-extra-plugins.install: Install profile for lookip
- d/strongswan-charon.install: Install profile for charon
- d/strongswan-starter.install: Install profile for stroke
+ d/rules: Removed pieces on 'patching ipsec.conf' on build.
+ d/rules: Sorted and only one enable option per configure line
+ Mass enablement of extra plugins and features to allow a user to use
strongswan for a variety of use cases without having to rebuild.
- d/control: Add required additional build-deps
- d/rules: Enable features at configure stage
- d/control: Mention addtionally enabled plugins
- d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
- d/libstrongswan.install: Add plugins (so, conf)
+ d/rules: Disable duplicheck as per
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718291#10
+ Remove ha plugin (requires special kernel)
- d/libcharon-extra-plugins.install: Stop installing ha (so, conf)
- d/rules: Do not enable ha plugin
- d/control: Drop listing the ha plugin in the package description
+ Add plugin kernel-libipsec to allow the use of strongswan in containers
via this userspace implementation (please do note that this is still
considered experimental by upstream).
- d/libcharon-extra-plugins.install: Add kernel-libipsec components
- d/control: List kernel-libipsec plugin at extra plugins description
- d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
upstream recommends to not load kernel-libipsec by default.
+ Relocate tnc plugin
- debian/libcharon-extra-plugins.install: Drop tnc from extra plugins
- Add new subpackage for TNC in d/strongswan-tnc-* and d/control
+ d/strongswan-starter.install: Install pool feature, that useful due to
having attr-sql plugin that is enabled now.
+ Relocate plugins test-vectors and ccm from extra-plugins to libstrongswan
- d/libstrongswan-extra-plugins.install: Remove plugins
- d/libstrongswan.install: Add plugins
+ d/libstrongswan.install: Reorder conf and .so alphabetically
+ d/libstrongswan.install: Add kernel-netlink configuration files
+ d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference.
+ Add updated logcheck rules
- debian/libstrongswan.strongswan.logcheck.*: Remove outdated files
- debian/strongswan.logcheck: Add updated logcheck rules
+ Add updated DEP8 tests
- d/tests/*: Add DEP8 tests
- d/control: Enable autotestpkg
+ debian/patches/increase-bliss-test-timeout.patch: Under QEMU/KVM
autopkgtest the bliss test takes longer than the default
+ Complete the disabling of libfast
- Note: This was partially accepted in Debian, it is no more
packaging medcli and medsrv, but still builds and mentions it
- d/rules: Add --disable-fast to avoid build time and dependencies
- d/control: Remove medcli, medsrv from package description
* Dropped Changes:
+ Adding build-dep to iptables-dev (no change, was only in Changelog)
+ Dropping of build deps libfcgi-dev, clearsilver-dev (in Debian)
+ Adding strongswan-plugin-* virtual packages for dist-upgrade (no
upgrade path left needing them)
+ Most of "disabling libfast" (Debian dropped it from package content)
+ Transition for ipsec service (no upgrade path left)
+ Reverted part of the cleanup to d/strongswan-starter.postinst as using
service should rather use invoke-rc.d (so it is a partial revert of our
delta)
+ Transition handling (breaks/replaces) from per-plugin packages to the
three grouped plugin packages (no upgrade path left)
+ debian/strongswan-starter.dirs: Don't touch /etc/init.d. (while "correct"
it is effectively a no-op still, so not worth the delta)
+ Lower dpkg-dev to 1.16.1 from 1.16.2 to enable backporting to Precise
(no more needed)
+ d/rules: Remove configure option --enable-unit-test (unit tests run by
default)
* Added Changes:
+ Fix strongswan ipsec status issue with apparmor (LP: #1587886)
+ d/control, d/libstrongswan.install, d/libstrongswan-extra-plugins: Fixup
the relocation of the ccm plugin which missed to move the conffiles.
+ Complete move of test-vectors (was missing in d/control)
+ Add now built (5.5.1 vs 5.3.5) mgf1 plugin to libstrongswan-extra-plugins.
"only" to extra-plugins Mgf1 is not listed as default plugin at
https://wiki.strongswan.org/projects/strongswan/wiki/Pluginlist.
+ Add now built (5.5.1 vs 5.3.5) libraries libtpmtss and nttfft to
libstrongswan-extra-plugins.
+ Add missing mention of md4 plugin in d/control
+ Add missing mention of libchecksum integrity test in d/control
+ Add rm_conffile for /etc/init.d/ipsec (transition from precies had
missed that)
+ Use override_dh_strip to to fix library integrity checking instead of
DEB_BUILD_OPTION to avoid overwriting user build flags.
+ d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
plugins for the most common use cases from extra-plugins into a new
standard-plugins package. This will allow those use cases without pulling
in too much more plugins (a bit like the tnc package). Recommend that
package from strongswan-libcharon (LP: #1640826).
+ Fix Dep8 tests for the now extra strongswan-pki package for pki
+ Fix Dep8 tests for the now extra strongswan-scepclient package
Checksums-Sha1:
25d958f56695fecb4fe1b9f384ccebf35b6fb339 4215 strongswan_5.5.1-1ubuntu1.dsc
7d400eb501ac9e41eb889199891457003baa284c 4636854 strongswan_5.5.1.orig.tar.bz2
a7a435570df1d27cf5220447e51cd0a9ff000e34 132212 strongswan_5.5.1-1ubuntu1.debian.tar.xz
Checksums-Sha256:
5d7cc577dac8fa983e9a28475b6f7e2872da95ad883f1d2972650d8e4dd81d7e 4215 strongswan_5.5.1-1ubuntu1.dsc
720b301991f77bdedd8d551a956f52e2d11686a0ec18e832094f86cf2b842ab7 4636854 strongswan_5.5.1.orig.tar.bz2
fdb35c6a000437f9131e878f60fafe8a87f6c23b16e045fa1d4167b9dcf0cd16 132212 strongswan_5.5.1-1ubuntu1.debian.tar.xz
Files:
8494c0537d27609384747ce601424d52 4215 net optional strongswan_5.5.1-1ubuntu1.dsc
4eba9474f7dc6c8c8d7037261358e68d 4636854 net optional strongswan_5.5.1.orig.tar.bz2
6ffcad544b43131a8998f1d4374fe398 132212 net optional strongswan_5.5.1-1ubuntu1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJYU8IoAAoJELo+KTOCgLJCZpEP/1ZTp1TPkNLJNDYjz9Byxfg8
VB4khKpYAwBg1h0zinxJC0qAf1nrOpe09bFiv1Lju3cN6W3HetAfwV1QVKbkPyio
SNJ2qxhjTQtzwyBFDW4rBDlhq0h+9VcKRxML6j8+bLMvvQNgjFWMMHocMqz/aBkK
TPuPI4D49i7IOCxWf0qUExzk4nqukAhb1jIf28H63H7+DhYKT+BpKnW0V4aEdZyK
QJAzbwLI/8n3fUp7VokLdvliFy586hlhj9UHoByJvoJcN3lQYDkf2529r+LiIYfu
kM+4VAPyaQggVbPAFQgTRlTSz4n6I5zabV1RYJldFszTPYuJ+EcXgS70IzTvGF+f
eTGHnJksf2AT2SwkgaG27um0hA668fZ1QtounlDLS8Idi/kh1KtjqDgWqHPkSsZn
4F4pCKjGFBOOJ1Ib/W7fbH3tXspYAqe1mMgd/KklrYy7IGXde1fbaHNYMgUsAVJA
lPZkIAce3bXxXnR+Q3cR0H8YkyxyZ/sAwAU2iOEsdXQv+ZBDCFDgSvJoyIfIcgPs
P4w1l5vqCXsLTXuG9wXOORh9y927Aj4qlwJbvCuLRyhr+uCQ/p0ryrxU54jbY6b6
PpPMuP82KyGVMunPBRbamKi0aa3p0wjqqlYFfiO3fvldUNMeFy6wLTOxdkAyHUmS
4ATO7Ze8nyO/+zTEJSh2
=TlC/
-----END PGP SIGNATURE-----
More information about the Zesty-changes
mailing list