[ubuntu/noble-proposed] strongswan 5.9.12-1ubuntu1 (Accepted)

Andreas Hasenack andreas at canonical.com
Thu Jan 4 13:30:14 UTC 2024 

strongswan (5.9.12-1ubuntu1) noble; urgency=medium

  * Merge with Debian unstable (LP: #2040430). Remaining changes:
    - d/control: strongswan-starter hard-depends on strongswan-charon,
      therefore bump the dependency from Recommends to Depends. At the same
      time avoid a circular dependency by dropping
      strongswan-charon->strongswan-starter from Depends to Recommends as the
      binaries can work without the services but not vice versa.
    - re-add post-quantum encryption algorithm (NTRU) (LP #1863749)
      + d/control: mention plugins in package description
      + d/rules: enable ntru at build time
      + d/libstrongswan-extra-plugins.install: ship config and shared objects
    - Re-enable eap-{dynamic,peap} libcharon plugins (LP #1878887)
      + d/control: update libcharon-extra-plugins description.
      + d/libcharon-extra-plugins.install: install .so and conf files.
      + d/rules: add plugins to the configuration arguments.
    - Remove conf files of plugins removed from libcharon-extra-plugins
      + The conf file of the following plugins were removed: eap-aka-3gpp2,
        eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym,
        eap-simaka-reauth, eap-simaka-sql, xauth-noauth.
      + Created d/libcharon-extra-plugins.maintscript to handle the removals
        properly.
    - d/t/{control,host-to-host,utils}: new host-to-host test
      (LP #1999525)
    - d/usr.sbin.swanctl: allow "m" flag for /usr/sbin/swanctl
      (LP #1999935)
  * Dropped:
    - SECURITY UPDATE: Buffer Overflow When Handling DH Public Values
      + debian/patches/CVE-2023-41913.patch: Validate DH public key to fix
        potential buffer overflow in
        src/charon-tkm/src/tkm/tkm_diffie_hellman.c.
      + CVE-2023-41913
      [Fixed upstream in 5.9.12]

Date: Thu, 04 Jan 2024 10:25:23 -0300
Changed-By: Andreas Hasenack <andreas at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/strongswan/5.9.12-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Thu, 04 Jan 2024 10:25:23 -0300
Source: strongswan
Built-For-Profiles: noudeb
Architecture: source
Version: 5.9.12-1ubuntu1
Distribution: noble
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Hasenack <andreas at canonical.com>
Launchpad-Bugs-Fixed: 2040430
Changes:
 strongswan (5.9.12-1ubuntu1) noble; urgency=medium
 .
   * Merge with Debian unstable (LP: #2040430). Remaining changes:
     - d/control: strongswan-starter hard-depends on strongswan-charon,
       therefore bump the dependency from Recommends to Depends. At the same
       time avoid a circular dependency by dropping
       strongswan-charon->strongswan-starter from Depends to Recommends as the
       binaries can work without the services but not vice versa.
     - re-add post-quantum encryption algorithm (NTRU) (LP #1863749)
       + d/control: mention plugins in package description
       + d/rules: enable ntru at build time
       + d/libstrongswan-extra-plugins.install: ship config and shared objects
     - Re-enable eap-{dynamic,peap} libcharon plugins (LP #1878887)
       + d/control: update libcharon-extra-plugins description.
       + d/libcharon-extra-plugins.install: install .so and conf files.
       + d/rules: add plugins to the configuration arguments.
     - Remove conf files of plugins removed from libcharon-extra-plugins
       + The conf file of the following plugins were removed: eap-aka-3gpp2,
         eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym,
         eap-simaka-reauth, eap-simaka-sql, xauth-noauth.
       + Created d/libcharon-extra-plugins.maintscript to handle the removals
         properly.
     - d/t/{control,host-to-host,utils}: new host-to-host test
       (LP #1999525)
     - d/usr.sbin.swanctl: allow "m" flag for /usr/sbin/swanctl
       (LP #1999935)
   * Dropped:
     - SECURITY UPDATE: Buffer Overflow When Handling DH Public Values
       + debian/patches/CVE-2023-41913.patch: Validate DH public key to fix
         potential buffer overflow in
         src/charon-tkm/src/tkm/tkm_diffie_hellman.c.
       + CVE-2023-41913
       [Fixed upstream in 5.9.12]
Checksums-Sha1:
 d35048bb84dc5c2fd201217577c3ed91883b389e 3496 strongswan_5.9.12-1ubuntu1.dsc
 3528aa3d679371d06652047dc65a84db343faa56 4825696 strongswan_5.9.12.orig.tar.bz2
 bbf38c2a18e01fd045e73419aa6016a3519e94cb 132648 strongswan_5.9.12-1ubuntu1.debian.tar.xz
 dbd4117af2bac0b5b0a0196dba468dbfc2b2a949 7290 strongswan_5.9.12-1ubuntu1_source.buildinfo
Checksums-Sha256:
 572b685cededee1d955a8a724ae1210142a56298c6fa66f25f2bc3f30f2f9ad7 3496 strongswan_5.9.12-1ubuntu1.dsc
 5e6018b07cbe9f72c044c129955a13be3e2f799ceb53f53a4459da6a922b95e5 4825696 strongswan_5.9.12.orig.tar.bz2
 888eb0a7e7867a4d803e9d52f63bdd47ecd1cb021de1bbbf8f5854e3c7258ef0 132648 strongswan_5.9.12-1ubuntu1.debian.tar.xz
 4409514b69a8a53a8aa57da6d1251b56b7f7ebed8c7047cff2701636352c7094 7290 strongswan_5.9.12-1ubuntu1_source.buildinfo
Files:
 44e0515f6696a40320e4d8c797659988 3496 net optional strongswan_5.9.12-1ubuntu1.dsc
 1fe6e87678a2a901222ef9f2e226aad7 4825696 net optional strongswan_5.9.12.orig.tar.bz2
 6fd14ca3129fb898ffbe0f7508733146 132648 net optional strongswan_5.9.12-1ubuntu1.debian.tar.xz
 4919e8c90d01d9f23f9649be160c2b47 7290 net optional strongswan_5.9.12-1ubuntu1_source.buildinfo
Original-Maintainer: strongSwan Maintainers <pkg-swan-devel at lists.alioth.debian.org>
Vcs-Git: https://git.launchpad.net/~ahasenack/ubuntu/+source/strongswan
Vcs-Git-Commit: 07b4dc4e4447a9eb76b535120c9befbc4363f83b
Vcs-Git-Ref: refs/heads/noble-strongswan-merge-1

More information about the noble-changes mailing list