-
strongswan (5.9.13-2ubuntu4) noble; urgency=medium
* No-change rebuild for CVE-2024-3094
-- William Grant <email address hidden> Mon, 01 Apr 2024 15:55:30 +1100
-
strongswan (5.9.13-2ubuntu3) noble; urgency=medium
* No-change rebuild against libcurl4t64
-- Steve Langasek <email address hidden> Sat, 16 Mar 2024 07:03:41 +0000
-
strongswan (5.9.13-2ubuntu2) noble; urgency=medium
* No-change rebuild against libssl3t64
-- Steve Langasek <email address hidden> Mon, 04 Mar 2024 21:28:04 +0000
-
strongswan (5.9.13-2ubuntu1) noble; urgency=medium
* Merge with Debian unstable (LP: #2050099). Remaining changes:
- d/control: strongswan-starter hard-depends on strongswan-charon,
therefore bump the dependency from Recommends to Depends. At the same
time avoid a circular dependency by dropping
strongswan-charon->strongswan-starter from Depends to Recommends as the
binaries can work without the services but not vice versa.
- re-add post-quantum encryption algorithm (NTRU) (LP #1863749)
+ d/control: mention plugins in package description
+ d/rules: enable ntru at build time
+ d/libstrongswan-extra-plugins.install: ship config and shared objects
- Re-enable eap-{dynamic,peap} libcharon plugins (LP #1878887)
+ d/control: update libcharon-extra-plugins description.
+ d/libcharon-extra-plugins.install: install .so and conf files.
+ d/rules: add plugins to the configuration arguments.
- Remove conf files of plugins removed from libcharon-extra-plugins
+ The conf file of the following plugins were removed: eap-aka-3gpp2,
eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym,
eap-simaka-reauth, eap-simaka-sql, xauth-noauth.
+ Created d/libcharon-extra-plugins.maintscript to handle the removals
properly.
- d/t/{control,host-to-host,utils}: new host-to-host test
(LP #1999525)
- d/usr.sbin.swanctl: allow "m" flag for /usr/sbin/swanctl
(LP #1999935)
-- Andreas Hasenack <email address hidden> Mon, 22 Jan 2024 11:48:33 -0300
-
strongswan (5.9.12-1ubuntu1) noble; urgency=medium
* Merge with Debian unstable (LP: #2040430). Remaining changes:
- d/control: strongswan-starter hard-depends on strongswan-charon,
therefore bump the dependency from Recommends to Depends. At the same
time avoid a circular dependency by dropping
strongswan-charon->strongswan-starter from Depends to Recommends as the
binaries can work without the services but not vice versa.
- re-add post-quantum encryption algorithm (NTRU) (LP #1863749)
+ d/control: mention plugins in package description
+ d/rules: enable ntru at build time
+ d/libstrongswan-extra-plugins.install: ship config and shared objects
- Re-enable eap-{dynamic,peap} libcharon plugins (LP #1878887)
+ d/control: update libcharon-extra-plugins description.
+ d/libcharon-extra-plugins.install: install .so and conf files.
+ d/rules: add plugins to the configuration arguments.
- Remove conf files of plugins removed from libcharon-extra-plugins
+ The conf file of the following plugins were removed: eap-aka-3gpp2,
eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym,
eap-simaka-reauth, eap-simaka-sql, xauth-noauth.
+ Created d/libcharon-extra-plugins.maintscript to handle the removals
properly.
- d/t/{control,host-to-host,utils}: new host-to-host test
(LP #1999525)
- d/usr.sbin.swanctl: allow "m" flag for /usr/sbin/swanctl
(LP #1999935)
* Dropped:
- SECURITY UPDATE: Buffer Overflow When Handling DH Public Values
+ debian/patches/CVE-2023-41913.patch: Validate DH public key to fix
potential buffer overflow in
src/charon-tkm/src/tkm/tkm_diffie_hellman.c.
+ CVE-2023-41913
[Fixed upstream in 5.9.12]
-- Andreas Hasenack <email address hidden> Thu, 04 Jan 2024 10:25:23 -0300
-
strongswan (5.9.11-1ubuntu2) noble; urgency=medium
* SECURITY UPDATE: Buffer Overflow When Handling DH Public Values
- debian/patches/CVE-2023-41913.patch: Validate DH public key to fix
potential buffer overflow in
src/charon-tkm/src/tkm/tkm_diffie_hellman.c.
- CVE-2023-41913
-- Marc Deslauriers <email address hidden> Tue, 07 Nov 2023 11:43:00 +0200
-
strongswan (5.9.11-1ubuntu1) mantic; urgency=medium
* Merge with Debian unstable (LP: #2018113). Remaining changes:
- d/control: strongswan-starter hard-depends on strongswan-charon,
therefore bump the dependency from Recommends to Depends. At the same
time avoid a circular dependency by dropping
strongswan-charon->strongswan-starter from Depends to Recommends as the
binaries can work without the services but not vice versa.
- re-add post-quantum encryption algorithm (NTRU) (LP #1863749)
+ d/control: mention plugins in package description
+ d/rules: enable ntru at build time
+ d/libstrongswan-extra-plugins.install: ship config and shared objects
- Re-enable eap-{dynamic,peap} libcharon plugins (LP #1878887)
+ d/control: update libcharon-extra-plugins description.
+ d/libcharon-extra-plugins.install: install .so and conf files.
+ d/rules: add plugins to the configuration arguments.
- Remove conf files of plugins removed from libcharon-extra-plugins
+ The conf file of the following plugins were removed: eap-aka-3gpp2,
eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym,
eap-simaka-reauth, eap-simaka-sql, xauth-noauth.
+ Created d/libcharon-extra-plugins.maintscript to handle the removals
properly.
- d/t/{control,host-to-host,utils}: new host-to-host test
(LP #1999525)
- d/usr.sbin.swanctl: allow "m" flag for /usr/sbin/swanctl
(LP #1999935)
* Dropped:
- SECURITY UPDATE: Incorrectly Accepted Untrusted Public Key With
Incorrect Refcount
+ debian/patches/CVE-2023-26463.patch: fix authentication bypass and
expired pointer dereference in src/libtls/tls_server.c.
+ CVE-2023-26463
[Fixed upstream in 5.9.10]
-- Andreas Hasenack <email address hidden> Fri, 23 Jun 2023 14:05:18 -0300