debdiff to fix the issue ** Patch added: "lp1755693.diff" https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1755693/+attachment/5078920/+files/lp1755693.diff
** Tags added: sts ** Description changed: strongswan-starter and openswan both share the file /usr/sbin/ipsec however there is no Conflicts relationship openswan was deprecated in utopic, so trusty installations may wish to migrate to strongswan ahead of a xenial upgrade. In that case, the package upgrade can fail. This was previously fixed upstream in Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740808 For apt operation ordering reasons I don't understand, the issue only appears when something else on the system (such as neutron-vpn-agent) depends on (strongswan | openswan). Just installing strongswan and replacing it with openswan or vica-versa doesn't cause the issue to trigger. - To reproduce the issue on a trusty machine: - add-apt-repository cloud-archive:mitaka # the trusty version of neutron-vpn-agent does not have the dependency on openswan | strongswan + The Conflicts already exists in xenial through bionic, just not in + trusty. So the upload would only be required in trusty. + + [Impact] + + * Users are unable to replace openswan with strongswan on trusty systems, where the next major Ubuntu release (xenial) dropped support for openswan completely but strongswan exists on both + * Only users on trusty are affected, once upgraded to xenial this change is already in place + + [Test Case] + + On a trusty machine (e.g. lxd) + + add-apt-repository cloud-archive:mitaka # the trusty version of neutron-vpn-agent does not have the dependency on openswan causing the bug to trigger apt update apt install neutron-vpn-agent openswan # you can answer no to X509 generation apt install strongswan - The Conflicts already exists in xenial through bionic, just not in - trusty. So the upload would only be required in trusty. + [Regression Potential] + + * I don't believe the conflicts introduces a new issue in terms of a + conflict that didn't previously exist, since the packages contain a + conflicting file and strongswan-starter depends on strongswan-ike which + already has a Conflicts in place. So in terms of the dependency tree + they already conflicted, but did not prevent this temporary file + conflict. + + * Other regression potential would be package rebuild related -- this + package has had security uploads as recently as August 2017 so that risk + appears reduced + + [Other Info] + + * Same change is already in place from xenial onwards, so no SRU uploads other than trusty are required -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1755693 Title: strongswan-starter should conflict with openswan due to shared file /usr/sbin/ipsec To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1755693/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
