This bug was fixed in the package strongswan - 5.8.1-1ubuntu1
---------------
strongswan (5.8.1-1ubuntu1) focal; urgency=medium
* Merge with Debian unstable (LP: #1852579). Remaining changes:
- d/control: Transition from strongswan-tnc-* being in extra packages
to libcharon-extra-plugins
* Added Changes:
- d/control: Transition from former Ubuntu only libcharon-standard-plugins
to common libcharon-extauth-plugins (drop after 20.04)
- d/control: strongswan-starter hard-depends on strongswan-charon,
therefore bump the dependency from Recommends to Depends. At the same
time avoid a circular dependency by dropping
strongswan-charon->strongswan-starter from Depends to Recommends as the
binaries can work without the services but not vice versa.
* Dropped Changes (now in Debian):
- Clean up d/strongswan-starter.postinst: section about runlevel changes
- Clean up d/strongswan-starter.postinst: Removed entire section on
opportunistic encryption disabling - this was never in strongSwan and
won't be see upstream issue #2160.
- d/rules: Removed patching ipsec.conf on build (not using the
debconf-managed config.)
- d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was
used for debconf-managed include of private key).
- Add plugin kernel-libipsec to allow the use of strongswan in containers
via this userspace implementation (please do note that this is still
considered experimental by upstream).
+ d/libcharon-extra-plugins.install: Add kernel-libipsec components
+ d/control: List kernel-libipsec plugin at extra plugins description
+ d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
upstream recommends to not load kernel-libipsec by default.
- d/control: Mention mgf1 plugin which is in libstrongswan now
- Complete the disabling of libfast; This was partially accepted in Debian,
it is no more packaging medcli and medsrv, but still builds and
mentions it.
+ d/rules: Add --disable-fast to avoid build time and dependencies
+ d/control: Remove medcli, medsrv from package description
- Add now built (since 5.5.1) libraries libtpmtss and nttfft to
libstrongswan-extra-plugins (no deps from default plugins).
- d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
plugins for the most common use cases from extra-plugins into a new
standard-plugins package. This will allow those use cases without pulling
in too much more plugins (a bit like the tnc package). Recommend that
package from strongswan-libcharon.
- d/usr.lib.ipsec.charon: allow reading of own FDs (LP 1786250)
- d/usr.sbin.charon-systemd: allow CLUSTERIP for ha plugin (LP 1773956)
- executables need to be able to read map and execute themselves otherwise
execution in some environments e.g. containers is blocked (LP 1780534)
+ d/usr.lib.ipsec.stroke: add rmix permission to stroke binary
+ d/usr.lib.ipsec.lookip: add rmix permission to lookip binary
- d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: resync apparmor
profiles of both ways to start charon (LP 1807664)
- d/usr.sbin.swanctl: add apparmor rule for af-alg plugin (LP 1807962)
- We fixed up tpmtss and nttfft in the past, but tpmtss is now packaged in
Debian so this part was be dropped. Two changes remain
- d/control: fix the mentioning of tpmtss in d/control
- apparmor fixes for container and root usage (LP 1826238)
+ d/usr.sbin.swanctl: allow reading own binary
+ d/usr.sbin.charon-systemd: allow accessing the binary
+ d/usr.sbin.swanctl: add attach_disconnected to work inside containers
+ d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: add CAP_SETPCAP
to apparmor to allow dropping caps
* Dropped Changes (too uncommon to support by default)
- d/libstrongswan.install: Add kernel-netlink configuration files
- d/usr.sbin.charon-systemd: allow to contact mysql for sql and
attr-sql plugins (LP 1766240) - no more needed as itisn't enabled.
- Mass enablement of extra plugins and features to allow a user to use
strongswan for a variety of extra use cases without having to rebuild.
+ d/control: Add required additional build-deps
+ d/control: Mention addtionally enabled plugins
+ d/rules: Enable features at configure stage
+ d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
+ d/libstrongswan.install: Add plugins (so, conf)
+ d/strongswan-starter.install: Install pool feature, which is useful
since we now have attr-sql plugin enabled it.
- Enable additional TNC plugins and add them to libcharon-extra-plugins
strongswan (5.8.1-1) unstable; urgency=medium
* d/rules: disable http and stream tests under CI
* New upstream version 5.8.1
strongswan (5.8.0-2) unstable; urgency=medium
[ Christian Ehrhardt ]
* d/control: Mention mgf1 plugin which is in libstrongswan now
* Complete the disabling of libfast
* Clean up d/strongswan-starter.postinst: section about runlevel changes
* Clean up d/strongswan-starter.postinst: opportunistic encryption
* Enable kernel-libipsec for use of strongswan in containers
* d/control, d/libcharon-{extras,extauth}-plugins.install: Add
extauth-plugins package (Recommends)
* apparmor: d/usr.lib.ipsec.charon: sync notify rule from charon-systemd
* apparmor: fix apparmor denies reading the own FDs (LP: 1786250)
* apparmor: d/usr.sbin.charon-systemd: allow CLUSTERIP for ha plugin
(LP: 1773956)
* apparmor: d/usr.lib.ipsec.stroke: executables need to be able to read map
and execute themselves
* apparmor: d/usr.lib.ipsec.lookip: executables need to be able to read map
and execute themselves
* apparmor: d/usr.sbin.swanctl: add apparmor rule for af-alg plugin
(LP: 1807962)
* d/control: libtpmtss is actually packaged in libstrongswan-extra-plugins
[ Ryan Harper ]
* Remove code related to unused debconf managed config
[ Yves-Alexis Perez ]
* ship xfrmi only on Linux, fix FTBFS on kfreebsd
* d/libcharon-extra-plugins.install: drop plugins disabled in Debian
* d/control: update standards version to 4.4.1
* d/strongswan-starter.templates: drop runlevel_changes
* let dh_installinit handle update-rc.d calls
* d/salsa-ci.yml: add a salsa pipeline config
* d/rules: drop dbgsym migration
* strongswan-starter: update line number in lintian override
strongswan (5.8.0-1) unstable; urgency=medium
[ Christian Ehrhardt ]
* Fix fails in debian CI (Closes: #926479)
[ Simon Deziel ]
* d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: add CAP_SETPCAP to
apparmor to allow dropping caps
* d/usr.sbin.swanctl: add attach_disconnected to work inside containers
* d/usr.sbin.charon-systemd: allow accessing the binary
* d/usr.sbin.swanctl: allow reading own binary
[ Yves-Alexis Perez ]
* New upstream version 5.8.0
* d/control: update standards version to 4.4.0
* use debhelper-compat b-d for dh compat level
* d/control: bump dh compat level to 11
* d/rules: drop systemd addon, useless in compat 11
* strongswan-libcharon: install xfrmi binary
* d/patches refreshed for new upstream release
* handle renaming of systemd service files
* d/control: remove obsolete breaks/replaces
-- Christian Ehrhardt <[email protected]> Thu, 14 Nov
2019 15:00:15 +0100
** Changed in: strongswan (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1852579
Title:
Merge 5.8 for Ubuntu 20.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1852579/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
