[Bug 1348088] [NEW] Sync strongswan 5.2.0-1 (main) from Debian unstable (main)

LocutusOfBorg costamagnagianfranco at yahoo.it
Thu Jul 24 08:38:01 UTC 2014


Public bug reported:

Please sync strongswan 5.2.0-1 (main) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:
  * SECURITY UPDATE: remote authentication bypass
    - debian/patches/CVE-2014-2338.patch: reject CREATE_CHILD_SA exchange
      on unestablished IKE_SAs in src/libcharon/sa/ikev2/task_manager_v2.c.
    - CVE-2014-2338
  * SECURITY UPDATE: remote authentication bypass
    - debian/patches/CVE-2014-2338.patch: reject CREATE_CHILD_SA exchange
      on unestablished IKE_SAs in src/libcharon/sa/ikev2/task_manager_v2.c.
    - CVE-2014-2338
  * New upstream release.
  * New upstream release.
  * debian/ipsec.secrets.proto: Removed ipsec.secrets.inc reference.
  * debian/usr.lib.ipsec.charon: Allow read access to /run/charon.
  * debian/strongswan-tnc-*.install: Fixed files so libraries go into correct
    packages.
  * debian/usr.lib.ipsec.stroke: Allow access to strongswan.d directories.
  * debian/rules: Exclude rdrand.conf in dh_install's --fail-missing.
  * debian/control:
    - Added Breaks/Replaces for all library files which have been moved
      about (LP: #1278176).
    - Removed build-dependency on check and added one on dh-apparmor.
  * debian/strongswan-starter.postinst: Removed further out-dated code and
    entire section on opportunistic encryption - this was never in strongSwan.
  * debian/rules: Removed pieces on 'patching ipsec.conf' on build.
  * debian/control: Fixed references to plugin-fips-prf.
  * debian/control:
    - Make strongswan-ike depend on iproute2.
    - Added xauth plugin dependency on strongswan-plugin-eap-gtc.
    - Created strongswan-libfast package.
  * debian/rules:
    - CK_TIMEOUT_MULTIPLIER back down to 6.
    - Disable unit tests on powerpc.
  * strongswan-starter.install: Moved pt-tls-client to tnc-imcvs (to prevent
    the former from depending on the latter).
  * debian/rules:
    - CONFIGUREARGS: Merged Debian and RPM options.
    - Brings in TNC functionality.
  * debian/control:
    - Added build-dependency on libtspi-dev.
    - Created strongswan-tnc-imcvs binary package for TNC components.
    - Added strongswan-tnc-imcvs to libstrongswan's Suggests.
  * debian/libstrongswan.install:
    - Included newly built MD4 and SQLite libraries.
    - Removed 'tnc' references (moved to TNC package).
  * debian/strongswan-tnc-imcvs.install: Created - handle new TNC libraries and
    binaries.
  * debian/usr.lib.ipsec.charon: Allow access to TNC modules.
  * debian/usr.lib.ipsec.charon: Added - AppArmor profile for charon.
  * debian/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call.
  * debian/control: strongswan-ike - Stop depending on ipsec-tools.
  * strongswan-starter.strongswan.upstart - Only start strongSwan when a
    network connection is available.
  * debian/control: Downgrade build-dep version of dpkg-dev from 1.16.2 to
    1.16.1 - to make precise backporting easier.
  * strongswan-starter.strongswan.upstart - Created Upstart job for
    strongSwan.
  * debian/rules: Set dh_installinit to install above file.
  * debian/strongswan-starter.postinit:
    - Removed section about runlevel changes, it's almost 2014.
    - Adapted service restart section for Upstart.
    - Remove old symlinks to init.d files is necessary.
  * debian/strongswan-starter.dirs: Don't touch /etc/init.d.
  * New upstream release.
  * Removed: debian/patches/CVE-2013-6075, CVE-2013-6076.patch - upsteamed.
  * debian/control: Updated Standards-Version to 3.9.5 and applied
    XSBC-Original-Maintainer policy.
  * strongswan-starter.install:
    - pki tool is now in /usr/bin.
    - Install pt-tls-client.
    - Install manpages (LP: #1206263).

the CVE is fixed and the "new upstream release" is this one

Changelog entries since current utopic version 5.1.2-0ubuntu2:

strongswan (5.2.0-1) unstable; urgency=medium

  * New upstream release.
  [ Romain Francoise ]
  * Amend build-dep on libgcrypt to 'libgcrypt20-dev | libgcrypt11-dev'.
  * Drop hardening-wrapper from build-depends (unused since 5.0.4-1).

  [ Yves-Alexis Perez ]
  * debian/po:
    - pt_BR.po updated, thanks Adriano Rafael Gomes.            closes: #752721
  * debian/patches:
    03_pfkey-Always-include-stdint.h dropped, included upstream.
  * debian/strongswan-starter.install:
    - replace tools.conf by pki.conf and scepclient.conf.

 -- Yves-Alexis Perez <corsac at debian.org>  Fri, 11 Jul 2014 21:57:59
+0200

strongswan (5.1.3-4) unstable; urgency=medium

  * debian/control:
    - add build-dep on pkg-config.
  * debian/patches:
    - 03_pfkey-Always-include-stdint.h added, cherry-picked from upstream git:
      always include of stdint.h. Fix FTBFS on kFreeBSD.

 -- Yves-Alexis Perez <corsac at debian.org>  Mon, 19 May 2014 15:06:32
+0200

strongswan (5.1.3-3) unstable; urgency=medium

  * debian/watch:
    - add pgpsigurlmangle to get PGP signature
  * debian/upstream/signing-key.asc:
    - bootstrap keyring by adding Andreas Steffen key (0xDF42C170B34DBA77)
  * debian/control:
    - add build-dep on libgcrypt20-dev, fix FTBFS.              closes: #747796

 -- Yves-Alexis Perez <corsac at debian.org>  Tue, 13 May 2014 22:05:16
+0200

strongswan (5.1.3-2) unstable; urgency=low

  * Disable the new libtls test suite for now--it appears to be a
    little too intensive for slower archs.

 -- Romain Francoise <rfrancoise at debian.org>  Sat, 19 Apr 2014 17:45:51
+0200

strongswan (5.1.3-1) unstable; urgency=low

  * New upstream release.
  * debian/control: make strongswan-charon depend on iproute2 | iproute,
    thanks to Ryo IGARASHI <rigarash at gmail.com> (closes: #744832).

 -- Romain Francoise <rfrancoise at debian.org>  Tue, 15 Apr 2014 19:42:27
+0200

strongswan (5.1.2-4) unstable; urgency=high

  * debian/patches/04_cve-2014-2338.patch: added to fix CVE-2014-2338
    (authentication bypass vulnerability in IKEv2 code).
  * debian/control: add myself to Uploaders.

 -- Romain Francoise <rfrancoise at debian.org>  Tue, 08 Apr 2014 20:14:54
+0200

strongswan (5.1.2-3) unstable; urgency=medium

  * debian/patches/
    - 02_unit-tests-Fix-filtered-enumerator-tests-on-64-bit-b  added, fix
    testsuite failing on 64 bit big-endian platforms (s390x).
    - 03_unit-tests-Fix-chunk-clear-armel added, fix testsuite failing on
    armel.

 -- Yves-Alexis Perez <corsac at debian.org>  Wed, 02 Apr 2014 21:20:33
+0200

strongswan (5.1.2-2) unstable; urgency=medium

  * debian/rules:
    - use reduced keylengths in testsuite on various arches, hopefully fixing
      FTBFS when the genrsa test runs.

 -- Yves-Alexis Perez <corsac at debian.org>  Tue, 25 Mar 2014 12:09:49
+0100

strongswan (5.1.2-1) unstable; urgency=medium

  * New upstream release.
  * debian/control:
    - add conflicts against openSwan.                           closes: #740808
  * debian/strongswan-starter,postrm:
    - remove /var/lib/strongswan on purge.
  * debian/ipsec.secrets.proto:
    - stop lying about ipsec showhostkey command.               closes: #600382
  * debian/patches:
    - 01_fix-manpages refreshed for new upstream.
    - 02_include-strongswan.conf.d removed, strongswan.d is now supported
      upstream.
  * debian/rules, debian/*.install:
    - install default configuration files for all plugins.
  * debian/NEWS:
    - fix spurious entry.
    - add a NEWS entry to advertise about the new strongswan.d configuration
      mechanism. 

 -- Yves-Alexis Perez <corsac at debian.org>  Wed, 12 Mar 2014 11:22:38
+0100

** Affects: strongswan (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to strongswan in Ubuntu.
https://bugs.launchpad.net/bugs/1348088

Title:
  Sync strongswan 5.2.0-1 (main) from Debian unstable (main)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1348088/+subscriptions



More information about the Ubuntu-server-bugs mailing list