This bug was fixed in the package strongswan - 5.6.1-2ubuntu1
---------------
strongswan (5.6.1-2ubuntu1) bionic; urgency=medium
* Merge with Debian unstable (LP: #1717343).
Also fixes and issue with multiple psk's (LP: #1734207). Remaining changes:
+ Clean up d/strongswan-starter.postinst: section about runlevel changes
+ Clean up d/strongswan-starter.postinst: Removed entire section on
opportunistic encryption disabling - this was never in strongSwan and
won't be see upstream issue #2160.
+ Ubuntu is not using the debconf triggered private key generation
- d/rules: Removed patching ipsec.conf on build (not using the
debconf-managed config.)
- d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was
used for debconf-managed include of private key).
+ Mass enablement of extra plugins and features to allow a user to use
strongswan for a variety of extra use cases without having to rebuild.
- d/control: Add required additional build-deps
- d/control: Mention addtionally enabled plugins
- d/rules: Enable features at configure stage
- d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
- d/libstrongswan.install: Add plugins (so, conf)
+ d/strongswan-starter.install: Install pool feature, which is useful since
we have attr-sql plugin enabled as well using it.
+ Add plugin kernel-libipsec to allow the use of strongswan in containers
via this userspace implementation (please do note that this is still
considered experimental by upstream).
- d/libcharon-extra-plugins.install: Add kernel-libipsec components
- d/control: List kernel-libipsec plugin at extra plugins description
- d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
upstream recommends to not load kernel-libipsec by default.
+ Relocate tnc plugin
- debian/libcharon-extra-plugins.install: Drop tnc from extra plugins
- Add new subpackage for TNC in d/strongswan-tnc-* and d/control
+ d/libstrongswan.install: Reorder conf and .so alphabetically
+ d/libstrongswan.install: Add kernel-netlink configuration files
+ Complete the disabling of libfast; This was partially accepted in Debian,
it is no more packaging medcli and medsrv, but still builds and
mentions it.
- d/rules: Add --disable-fast to avoid build time and dependencies
- d/control: Remove medcli, medsrv from package description
+ d/control: Mention mgf1 plugin which is in libstrongswan now
+ Add now built (since 5.5.1) libraries libtpmtss and nttfft to
libstrongswan-extra-plugins (no deps from default plugins).
+ Add rm_conffile for /etc/init.d/ipsec (transition from precies had
missed that, droppable after 18.04)
+ d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
plugins for the most common use cases from extra-plugins into a new
standard-plugins package. This will allow those use cases without pulling
in too much more plugins (a bit like the tnc package). Recommend that
package from strongswan-libcharon.
* Added changes:
+ d/strongswan-tnc-client.install (relocate tnc) swidtag creation changed
in 5.6
+ d/strongswan-tnc-server.install (relocate tnc) pacman no more needed
+ d/control: bump breaks/replaces from libstrongswan-extra-plugins to
libstrongswan as we dropped relocating ccm and test-vectors.
(droppable >18.04).
- d/control: add breaks/replace from libstrongswan to
libstrongswan-extra-plugins for the move of mgf1 to libstrongswan.
(droppable >18.04).
* Dropped changes:
+ Update init/service handling (debian default matches Ubuntu past now)
Dropping this fixes (LP: #1734886)
- d/rules: Change init/systemd program name to strongswan
- d/strongswan-starter.strongswan.service: Add new systemd file instead of
patching upstream
- d/strongswan-starter.links: Removed, use Ubuntu systemd file instead of
linking to upstream
+ d/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call
(this is a never failing no-op for us, no need for Delta).
+ d/strongswan-starter.prerm: Stop strongswan service on package removal
(ipsec now maps to strongswan service, so this works as-is).
+ Clean up d/strongswan-starter.postinst: rename service ipsec to
strongswan (ipsec now maps to strongswan service, so this works as-is)
+ Clean up d/strongswan-starter.postinst: daemon enable/disable (the
whole section is disabled, so no need for delta)
+ (is upstream) CVE-2017-11185 patches
+ (is upstream) FTBFS upstream fix for changed include files
+ (is upstream) debian/patches/increase-bliss-test-timeout.patch: Under
QEMU/KVM autopkgtest the bliss test takes longer than the default
+ (in Debian) add now built (since 5.5.1) mgf1 plugin to
libstrongswan-extra-plugins.
+ (in Debian) d/strongswan-starter.install: install stroke apparmor profile
+ (this was enabled as part of the former delta, squash changes to no-up)
d/rules: Disable duplicheck.
+ (not needed) Relocate plugins test-vectors from extra-plugins to
libstrongswan
- d/libstrongswan-extra-plugins.install: Remove plugins/conffiles
- d/libstrongswan.install: Add plugins/confiles
- d/control: move package descriptions and add required breaks/replaces
+ (not needed) Relocate plugins ccm from extra-plugins to libstrongswan
- d/libstrongswan-extra-plugins.install: Remove plugins/conffiles
- d/libstrongswan.install: Add plugins/confiles
- d/control: move package descriptions and add required breaks/replaces
+ (while using it requires special kernel, it does not hurt to be
available in the package) Remove ha plugin
- d/libcharon-extra-plugins.install: Stop installing ha (so, conf)
- d/rules: Do not enable ha plugin
- d/control: Drop listing the ha plugin in the package description
strongswan (5.6.1-2) unstable; urgency=medium
* move counters plugin from -starter to -libcharon. closes: #882431
strongswan (5.6.1-1) unstable; urgency=medium
* debian/control:
- remove strongswan-ike{,v1,v2} packages. closes: #878979
* New upstream version 5.6.1
- fix FTBFS with glibc 2.26+. closes: #880561
* debian/rules: explicitly enable tpm plugin
* debian/strongswan-starter.install: install counters plugin
* debian/libstrongswan.install: install MGF1 plugin
* debian/libstrongswan-extra-plugins.install: install tpm plugin
* debian/control:
- update standards version to 4.1.1
- replace dh-systemd build-dep by updated build-dep on debhelper
strongswan (5.6.0-2) unstable; urgency=medium
* debian/rules:
- only use dh_missing --fail-missing when doing an architecture dependent
packages. closes: #874152
strongswan (5.6.0-1) unstable; urgency=medium
* New upstream release.
- fix insufficient input validation in gmp plugin, which can cause a
denial of service vulnerability (CVE-2017-11185) closes: #872155
* debian/rules:
- remove .la files before install
- don't call dh_install with --fail-missing
- override dh_missing with --fail-missing to catch uninstalled files
- apply patch from Gerald Turner to restrict permissions on swanctl folder
containing private material.
- replace DEB_BUILD_* by DEB_HOST_* when needed, fix FTCBFS, for example
when building for ppc64el on x86. Thanks Helmut Grohne. closes: #866669
* debian/strongswan-swanctl.install:
- install the whole /etc/swanctl folder, including (empty) subfolders.
closes: #866324
* debian/charon-systemd.install:
- install charon-systemd.conf files, thanks Gerald Turner. closes: #866325
* Add AppArmor profiles for swanctl and charon-system, thanks Gerald Turner.
closes: #866327
* debian/libcharon-extra-plugins.install:
- install pt-tls-client in /u/b and also install its manpage.
* debian/strongswan-swanctl.lintian-overrides:
- add lintian overrides for private keys directories using 700
permissions.
strongswan (5.5.3-2) unstable; urgency=medium
* debian/control:
- fix typo in libstrongswan-extra-plugins long description.
* move curve25519 plugin from libcharon-extra-plugins to
libstrongswan-extra-plugins
strongswan (5.5.3-1) unstable; urgency=medium
* New upstream release.
* debian/control:
- update standards version to 4.0.0
strongswan (5.5.2-1) experimental; urgency=medium
* New upstream release.
* debian/patches/03_systemd-service refreshed.
* debian/libcharon-extra-plugins.install:
- include curve25519 plugin.
* debian/libstrongswan-extra-plugins.install:
- install libtpmtss library.
-- Christian Ehrhardt <[email protected]> Wed, 29 Nov
2017 15:55:18 +0100
** Changed in: strongswan (Ubuntu)
Status: Triaged => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-11185
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1734886
Title:
strongswan service file should be upstream one
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1734886/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
