[Bug 1348088] [NEW] Sync strongswan 5.2.0-1 (main) from Debian unstable (main)
LocutusOfBorg
costamagnagianfranco at yahoo.it
Thu Jul 24 08:38:01 UTC 2014
Public bug reported:
Please sync strongswan 5.2.0-1 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: remote authentication bypass
- debian/patches/CVE-2014-2338.patch: reject CREATE_CHILD_SA exchange
on unestablished IKE_SAs in src/libcharon/sa/ikev2/task_manager_v2.c.
- CVE-2014-2338
* SECURITY UPDATE: remote authentication bypass
- debian/patches/CVE-2014-2338.patch: reject CREATE_CHILD_SA exchange
on unestablished IKE_SAs in src/libcharon/sa/ikev2/task_manager_v2.c.
- CVE-2014-2338
* New upstream release.
* New upstream release.
* debian/ipsec.secrets.proto: Removed ipsec.secrets.inc reference.
* debian/usr.lib.ipsec.charon: Allow read access to /run/charon.
* debian/strongswan-tnc-*.install: Fixed files so libraries go into correct
packages.
* debian/usr.lib.ipsec.stroke: Allow access to strongswan.d directories.
* debian/rules: Exclude rdrand.conf in dh_install's --fail-missing.
* debian/control:
- Added Breaks/Replaces for all library files which have been moved
about (LP: #1278176).
- Removed build-dependency on check and added one on dh-apparmor.
* debian/strongswan-starter.postinst: Removed further out-dated code and
entire section on opportunistic encryption - this was never in strongSwan.
* debian/rules: Removed pieces on 'patching ipsec.conf' on build.
* debian/control: Fixed references to plugin-fips-prf.
* debian/control:
- Make strongswan-ike depend on iproute2.
- Added xauth plugin dependency on strongswan-plugin-eap-gtc.
- Created strongswan-libfast package.
* debian/rules:
- CK_TIMEOUT_MULTIPLIER back down to 6.
- Disable unit tests on powerpc.
* strongswan-starter.install: Moved pt-tls-client to tnc-imcvs (to prevent
the former from depending on the latter).
* debian/rules:
- CONFIGUREARGS: Merged Debian and RPM options.
- Brings in TNC functionality.
* debian/control:
- Added build-dependency on libtspi-dev.
- Created strongswan-tnc-imcvs binary package for TNC components.
- Added strongswan-tnc-imcvs to libstrongswan's Suggests.
* debian/libstrongswan.install:
- Included newly built MD4 and SQLite libraries.
- Removed 'tnc' references (moved to TNC package).
* debian/strongswan-tnc-imcvs.install: Created - handle new TNC libraries and
binaries.
* debian/usr.lib.ipsec.charon: Allow access to TNC modules.
* debian/usr.lib.ipsec.charon: Added - AppArmor profile for charon.
* debian/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call.
* debian/control: strongswan-ike - Stop depending on ipsec-tools.
* strongswan-starter.strongswan.upstart - Only start strongSwan when a
network connection is available.
* debian/control: Downgrade build-dep version of dpkg-dev from 1.16.2 to
1.16.1 - to make precise backporting easier.
* strongswan-starter.strongswan.upstart - Created Upstart job for
strongSwan.
* debian/rules: Set dh_installinit to install above file.
* debian/strongswan-starter.postinit:
- Removed section about runlevel changes, it's almost 2014.
- Adapted service restart section for Upstart.
- Remove old symlinks to init.d files is necessary.
* debian/strongswan-starter.dirs: Don't touch /etc/init.d.
* New upstream release.
* Removed: debian/patches/CVE-2013-6075, CVE-2013-6076.patch - upsteamed.
* debian/control: Updated Standards-Version to 3.9.5 and applied
XSBC-Original-Maintainer policy.
* strongswan-starter.install:
- pki tool is now in /usr/bin.
- Install pt-tls-client.
- Install manpages (LP: #1206263).
the CVE is fixed and the "new upstream release" is this one
Changelog entries since current utopic version 5.1.2-0ubuntu2:
strongswan (5.2.0-1) unstable; urgency=medium
* New upstream release.
[ Romain Francoise ]
* Amend build-dep on libgcrypt to 'libgcrypt20-dev | libgcrypt11-dev'.
* Drop hardening-wrapper from build-depends (unused since 5.0.4-1).
[ Yves-Alexis Perez ]
* debian/po:
- pt_BR.po updated, thanks Adriano Rafael Gomes. closes: #752721
* debian/patches:
03_pfkey-Always-include-stdint.h dropped, included upstream.
* debian/strongswan-starter.install:
- replace tools.conf by pki.conf and scepclient.conf.
-- Yves-Alexis Perez <corsac at debian.org> Fri, 11 Jul 2014 21:57:59
+0200
strongswan (5.1.3-4) unstable; urgency=medium
* debian/control:
- add build-dep on pkg-config.
* debian/patches:
- 03_pfkey-Always-include-stdint.h added, cherry-picked from upstream git:
always include of stdint.h. Fix FTBFS on kFreeBSD.
-- Yves-Alexis Perez <corsac at debian.org> Mon, 19 May 2014 15:06:32
+0200
strongswan (5.1.3-3) unstable; urgency=medium
* debian/watch:
- add pgpsigurlmangle to get PGP signature
* debian/upstream/signing-key.asc:
- bootstrap keyring by adding Andreas Steffen key (0xDF42C170B34DBA77)
* debian/control:
- add build-dep on libgcrypt20-dev, fix FTBFS. closes: #747796
-- Yves-Alexis Perez <corsac at debian.org> Tue, 13 May 2014 22:05:16
+0200
strongswan (5.1.3-2) unstable; urgency=low
* Disable the new libtls test suite for now--it appears to be a
little too intensive for slower archs.
-- Romain Francoise <rfrancoise at debian.org> Sat, 19 Apr 2014 17:45:51
+0200
strongswan (5.1.3-1) unstable; urgency=low
* New upstream release.
* debian/control: make strongswan-charon depend on iproute2 | iproute,
thanks to Ryo IGARASHI <rigarash at gmail.com> (closes: #744832).
-- Romain Francoise <rfrancoise at debian.org> Tue, 15 Apr 2014 19:42:27
+0200
strongswan (5.1.2-4) unstable; urgency=high
* debian/patches/04_cve-2014-2338.patch: added to fix CVE-2014-2338
(authentication bypass vulnerability in IKEv2 code).
* debian/control: add myself to Uploaders.
-- Romain Francoise <rfrancoise at debian.org> Tue, 08 Apr 2014 20:14:54
+0200
strongswan (5.1.2-3) unstable; urgency=medium
* debian/patches/
- 02_unit-tests-Fix-filtered-enumerator-tests-on-64-bit-b added, fix
testsuite failing on 64 bit big-endian platforms (s390x).
- 03_unit-tests-Fix-chunk-clear-armel added, fix testsuite failing on
armel.
-- Yves-Alexis Perez <corsac at debian.org> Wed, 02 Apr 2014 21:20:33
+0200
strongswan (5.1.2-2) unstable; urgency=medium
* debian/rules:
- use reduced keylengths in testsuite on various arches, hopefully fixing
FTBFS when the genrsa test runs.
-- Yves-Alexis Perez <corsac at debian.org> Tue, 25 Mar 2014 12:09:49
+0100
strongswan (5.1.2-1) unstable; urgency=medium
* New upstream release.
* debian/control:
- add conflicts against openSwan. closes: #740808
* debian/strongswan-starter,postrm:
- remove /var/lib/strongswan on purge.
* debian/ipsec.secrets.proto:
- stop lying about ipsec showhostkey command. closes: #600382
* debian/patches:
- 01_fix-manpages refreshed for new upstream.
- 02_include-strongswan.conf.d removed, strongswan.d is now supported
upstream.
* debian/rules, debian/*.install:
- install default configuration files for all plugins.
* debian/NEWS:
- fix spurious entry.
- add a NEWS entry to advertise about the new strongswan.d configuration
mechanism.
-- Yves-Alexis Perez <corsac at debian.org> Wed, 12 Mar 2014 11:22:38
+0100
** Affects: strongswan (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to strongswan in Ubuntu.
https://bugs.launchpad.net/bugs/1348088
Title:
Sync strongswan 5.2.0-1 (main) from Debian unstable (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1348088/+subscriptions
More information about the Ubuntu-server-bugs
mailing list