[ubuntu/eoan-proposed] strongswan 5.7.2-1ubuntu1 (Accepted)
Christian Ehrhardt
christian.ehrhardt at canonical.com
Fri May 3 12:52:14 UTC 2019
strongswan (5.7.2-1ubuntu1) eoan; urgency=medium
[ Christian Ehrhardt ]
* Merge with Debian unstable. Remaining changes:
- Clean up d/strongswan-starter.postinst: section about runlevel changes
- Clean up d/strongswan-starter.postinst: Removed entire section on
opportunistic encryption disabling - this was never in strongSwan and
won't be see upstream issue #2160.
- d/rules: Removed patching ipsec.conf on build (not using the
debconf-managed config.)
- d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was
used for debconf-managed include of private key).
- Mass enablement of extra plugins and features to allow a user to use
strongswan for a variety of extra use cases without having to rebuild.
+ d/control: Add required additional build-deps
+ d/control: Mention addtionally enabled plugins
+ d/rules: Enable features at configure stage
+ d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
+ d/libstrongswan.install: Add plugins (so, conf)
+ d/strongswan-starter.install: Install pool feature, which is useful
since we now have attr-sql plugin enabled it.
- Add plugin kernel-libipsec to allow the use of strongswan in containers
via this userspace implementation (please do note that this is still
considered experimental by upstream).
+ d/libcharon-extra-plugins.install: Add kernel-libipsec components
+ d/control: List kernel-libipsec plugin at extra plugins description
+ d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
upstream recommends to not load kernel-libipsec by default.
- d/libstrongswan.install: Add kernel-netlink configuration files
- Complete the disabling of libfast; This was partially accepted in Debian,
it is no more packaging medcli and medsrv, but still builds and
mentions it.
+ d/rules: Add --disable-fast to avoid build time and dependencies
+ d/control: Remove medcli, medsrv from package description
- d/control: Mention mgf1 plugin which is in libstrongswan now
- Add now built (since 5.5.1) libraries libtpmtss and nttfft to
libstrongswan-extra-plugins (no deps from default plugins).
- d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
plugins for the most common use cases from extra-plugins into a new
standard-plugins package. This will allow those use cases without pulling
in too much more plugins (a bit like the tnc package). Recommend that
package from strongswan-libcharon.
- d/usr.sbin.charon-systemd: allow to contact mysql for sql and
attr-sql plugins (LP #1766240)
- d/usr.lib.ipsec.charon: allow reading of own FDs (LP #1786250)
- d/usr.sbin.charon-systemd: allow CLUSTERIP for ha plugin (LP: 1773956)
- executables need to be able to read map and execute themselves otherwise
execution in some environments e.g. containers is blocked (LP: 1780534)
+ d/usr.lib.ipsec.stroke: add rmix permission to stroke binary
+ d/usr.lib.ipsec.lookip: add rmix permission to lookip binary
- d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: resync apparmor
profiles of both ways to start charon (LP: 1807664)
- d/usr.sbin.swanctl: add apparmor rule for af-alg plugin (LP: 1807962)
* Dropped changes
- d/p/lp1795813-mysql-Don-t-release-the-connection-if-transactions-a.patch:
fix SIGSEGV when using mysql plugin (LP: 1795813)
[upstream in 5.7.2]
- d/libstrongswan.install: Reorder conf and .so alphabetically
[was a non functional change, dropped to avoid merge noise]
- Relocate tnc plugin
[TNC is back at libcharon-extra-plugins as it is in Debian]
* Added changes:
- We fixed up tpmtss and nttfft in the past, but tpmtss is now packaged in
Debian so this part was be dropped. Two changes remain
- d/control: fix the mentioning of tpmtss in d/control
- add nttfft (can be merged with the mass enablement change later)
- Transitional packages to go back from strongswan-tnc-* being in extra
packages to be part of libcharon-extra-plugins.
[can be dropped after 20.04]
[ Simon Deziel ]
* Added changes:
- apparmor fixes for container and root usage (LP: #1826238)
+ d/usr.sbin.swanctl: allow reading own binary
+ d/usr.sbin.charon-systemd: allow accessing the binary
+ d/usr.sbin.swanctl: add attach_disconnected to work inside containers
+ d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: add CAP_SETPCAP
to apparmor to allow dropping caps
strongswan (5.7.2-1) unstable; urgency=medium
* d/control: remove Rene from Uploaders, thanks!
* d/copyright: fix typos
* d/watch: use HTTPS protocol
* d/control: update standards version to 4.2.1
* drop unused debconf template
* use a clean export for upstream signing key
* d/copyright update
* New upstream version 5.7.2
* d/copyright updated
* d/control: update standards version to 4.3.0
* d/libstrongswan.dirs: drop lintian overrides dir
* d/u/signing-key.asc: strip signatures from upstream signing key
* d/patches: import patches in gbp pq
Date: Fri, 26 Apr 2019 11:31:17 +0200
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/strongswan/5.7.2-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 26 Apr 2019 11:31:17 +0200
Source: strongswan
Binary: strongswan libstrongswan libstrongswan-standard-plugins libstrongswan-extra-plugins libcharon-standard-plugins strongswan-tnc-ifmap strongswan-tnc-base strongswan-tnc-client strongswan-tnc-server strongswan-tnc-pdp libcharon-extra-plugins strongswan-starter strongswan-libcharon strongswan-charon strongswan-nm charon-cmd strongswan-pki strongswan-scepclient strongswan-swanctl charon-systemd
Architecture: source
Version: 5.7.2-1ubuntu1
Distribution: eoan
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Description:
charon-cmd - standalone IPsec client
charon-systemd - strongSwan IPsec client, systemd support
libcharon-extra-plugins - strongSwan charon library (extra plugins)
libcharon-standard-plugins - strongSwan charon library (standard plugins)
libstrongswan - strongSwan utility and crypto library
libstrongswan-extra-plugins - strongSwan utility and crypto library (extra plugins)
libstrongswan-standard-plugins - strongSwan utility and crypto library (standard plugins)
strongswan - IPsec VPN solution metapackage
strongswan-charon - strongSwan Internet Key Exchange daemon
strongswan-libcharon - strongSwan charon library
strongswan-nm - strongSwan plugin to interact with NetworkManager
strongswan-pki - strongSwan IPsec client, pki command
strongswan-scepclient - strongSwan IPsec client, SCEP client
strongswan-starter - strongSwan daemon starter and configuration file parser
strongswan-swanctl - strongSwan IPsec client, swanctl command
strongswan-tnc-base - transitional package
strongswan-tnc-client - transitional package
strongswan-tnc-ifmap - transitional package
strongswan-tnc-pdp - transitional package
strongswan-tnc-server - transitional package
Launchpad-Bugs-Fixed: 1826238
Changes:
strongswan (5.7.2-1ubuntu1) eoan; urgency=medium
.
[ Christian Ehrhardt ]
* Merge with Debian unstable. Remaining changes:
- Clean up d/strongswan-starter.postinst: section about runlevel changes
- Clean up d/strongswan-starter.postinst: Removed entire section on
opportunistic encryption disabling - this was never in strongSwan and
won't be see upstream issue #2160.
- d/rules: Removed patching ipsec.conf on build (not using the
debconf-managed config.)
- d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was
used for debconf-managed include of private key).
- Mass enablement of extra plugins and features to allow a user to use
strongswan for a variety of extra use cases without having to rebuild.
+ d/control: Add required additional build-deps
+ d/control: Mention addtionally enabled plugins
+ d/rules: Enable features at configure stage
+ d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
+ d/libstrongswan.install: Add plugins (so, conf)
+ d/strongswan-starter.install: Install pool feature, which is useful
since we now have attr-sql plugin enabled it.
- Add plugin kernel-libipsec to allow the use of strongswan in containers
via this userspace implementation (please do note that this is still
considered experimental by upstream).
+ d/libcharon-extra-plugins.install: Add kernel-libipsec components
+ d/control: List kernel-libipsec plugin at extra plugins description
+ d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
upstream recommends to not load kernel-libipsec by default.
- d/libstrongswan.install: Add kernel-netlink configuration files
- Complete the disabling of libfast; This was partially accepted in Debian,
it is no more packaging medcli and medsrv, but still builds and
mentions it.
+ d/rules: Add --disable-fast to avoid build time and dependencies
+ d/control: Remove medcli, medsrv from package description
- d/control: Mention mgf1 plugin which is in libstrongswan now
- Add now built (since 5.5.1) libraries libtpmtss and nttfft to
libstrongswan-extra-plugins (no deps from default plugins).
- d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
plugins for the most common use cases from extra-plugins into a new
standard-plugins package. This will allow those use cases without pulling
in too much more plugins (a bit like the tnc package). Recommend that
package from strongswan-libcharon.
- d/usr.sbin.charon-systemd: allow to contact mysql for sql and
attr-sql plugins (LP #1766240)
- d/usr.lib.ipsec.charon: allow reading of own FDs (LP #1786250)
- d/usr.sbin.charon-systemd: allow CLUSTERIP for ha plugin (LP: 1773956)
- executables need to be able to read map and execute themselves otherwise
execution in some environments e.g. containers is blocked (LP: 1780534)
+ d/usr.lib.ipsec.stroke: add rmix permission to stroke binary
+ d/usr.lib.ipsec.lookip: add rmix permission to lookip binary
- d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: resync apparmor
profiles of both ways to start charon (LP: 1807664)
- d/usr.sbin.swanctl: add apparmor rule for af-alg plugin (LP: 1807962)
* Dropped changes
- d/p/lp1795813-mysql-Don-t-release-the-connection-if-transactions-a.patch:
fix SIGSEGV when using mysql plugin (LP: 1795813)
[upstream in 5.7.2]
- d/libstrongswan.install: Reorder conf and .so alphabetically
[was a non functional change, dropped to avoid merge noise]
- Relocate tnc plugin
[TNC is back at libcharon-extra-plugins as it is in Debian]
* Added changes:
- We fixed up tpmtss and nttfft in the past, but tpmtss is now packaged in
Debian so this part was be dropped. Two changes remain
- d/control: fix the mentioning of tpmtss in d/control
- add nttfft (can be merged with the mass enablement change later)
- Transitional packages to go back from strongswan-tnc-* being in extra
packages to be part of libcharon-extra-plugins.
[can be dropped after 20.04]
.
[ Simon Deziel ]
* Added changes:
- apparmor fixes for container and root usage (LP: #1826238)
+ d/usr.sbin.swanctl: allow reading own binary
+ d/usr.sbin.charon-systemd: allow accessing the binary
+ d/usr.sbin.swanctl: add attach_disconnected to work inside containers
+ d/usr.lib.ipsec.charon, d/usr.sbin.charon-systemd: add CAP_SETPCAP
to apparmor to allow dropping caps
.
strongswan (5.7.2-1) unstable; urgency=medium
.
* d/control: remove Rene from Uploaders, thanks!
* d/copyright: fix typos
* d/watch: use HTTPS protocol
* d/control: update standards version to 4.2.1
* drop unused debconf template
* use a clean export for upstream signing key
* d/copyright update
* New upstream version 5.7.2
* d/copyright updated
* d/control: update standards version to 4.3.0
* d/libstrongswan.dirs: drop lintian overrides dir
* d/u/signing-key.asc: strip signatures from upstream signing key
* d/patches: import patches in gbp pq
Checksums-Sha1:
5ab7d65fcb31dcbefe83191a5f5ca477fafee0af 3908 strongswan_5.7.2-1ubuntu1.dsc
307d4d7c7d5cf6e904b85ec735cb8eefc33bb9c2 4997818 strongswan_5.7.2.orig.tar.bz2
d3417eeab276ea0bd3240f2f5a4c6c225c6f943a 126352 strongswan_5.7.2-1ubuntu1.debian.tar.xz
41383cbe6861dfa4a844dbb924f180801de6aa92 9125 strongswan_5.7.2-1ubuntu1_source.buildinfo
Checksums-Sha256:
fceb9e2ee6a64f49a7d19cb36867415984c4d12a3ef2d28fe27bae0fb9217dbb 3908 strongswan_5.7.2-1ubuntu1.dsc
308e3ba76e2ce2da070e48fcebbe1fa923a27cc71e43bf63917e6f2a889ecc70 4997818 strongswan_5.7.2.orig.tar.bz2
9bff20a4669b9322e1b6018ac313a76d5cc9f9cc8bc65c8de6c2abf0cbe59259 126352 strongswan_5.7.2-1ubuntu1.debian.tar.xz
c1d62ae9bdd319f3da6197a4e89e506580d145c0e9bc44abc104b11b1e881ada 9125 strongswan_5.7.2-1ubuntu1_source.buildinfo
Files:
b794a90459ba0d17bc7f5789990eb98d 3908 net optional strongswan_5.7.2-1ubuntu1.dsc
618de96dc2a506f82a162a5abf9263d4 4997818 net optional strongswan_5.7.2.orig.tar.bz2
9a9d3d92a7ff6dc0de8a3e43dd7de3da 126352 net optional strongswan_5.7.2-1ubuntu1.debian.tar.xz
078ae899d84fcf6f5acda3584f36b4b2 9125 net optional strongswan_5.7.2-1ubuntu1_source.buildinfo
Original-Maintainer: strongSwan Maintainers <pkg-swan-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEktYY9mjyL47YC+71uj4pM4KAskIFAlzMONwACgkQuj4pM4KA
skKR8BAAhSzknYASBYAnMbiSy6d7+rAX2ICqc5h6YyaEy+mMN43pzagbPrqijqhc
gAJ1Jp0qnKkXadrGjIhSFubNtkM8/8/yMN2W5Af3tqx481W5ZneR35sFhF0BSgR9
jzMB7OezqvHpGSbXGyUjiReh95kdHx5Zx5gJP7mUCtfy9v2GNP7zfbet2DAJKTde
oJ+6mPhF8thAmULsJteU2vYcTB6GbPKAz8fDe45ZHzRP//ctABqmxa5Jm+IPi5hN
iB1XBwWHcQN1bZAZFkc+1HsqkHaWCshnjr8Ab3RdmYiycEBcjyRDAFr+bdq0fwQ4
6Ckse56sSOKP0i95Xkm5XSAmq+eL3w6pcim+ZXSyotqT28EZW5QrTa3DOrrFIo7o
9w7aEUcs9PHtgr3SaS5aprseJ0zFx4wJRdTGAFr/v39nC5EyhTQfkZAyv5+5/JBD
3yuuOij0KOOhCAQEPRJTJbRsXhhPzy/MJxakshRNCyuCXmxaLsZz80aPTGpFH2F1
BQFAYS+ImdFl9AWXvOgP82OPEntXpF4Qx8XfWTkFQrZq/DkUAaxCoF86qg9JHCfv
iTwfhunmIWAmbjnIuTu7W/SwGdr9/qdxv4XLG7Yc4oYs6aB0Ib54Xj9+A8UcubnB
SNIbUVDD4ImNnDXnIHlJTqVZS8wJl/CQYD/8AVWJcHZPiJR8KxM=
=vLUo
-----END PGP SIGNATURE-----
More information about the Eoan-changes
mailing list