Comment 2 for bug 1734207

This bug was fixed in the package strongswan - 5.6.1-2ubuntu1

---------------
strongswan (5.6.1-2ubuntu1) bionic; urgency=medium

  * Merge with Debian unstable (LP: #1717343).
    Also fixes and issue with multiple psk's (LP: #1734207). Remaining changes:
    + Clean up d/strongswan-starter.postinst: section about runlevel changes
    + Clean up d/strongswan-starter.postinst: Removed entire section on
      opportunistic encryption disabling - this was never in strongSwan and
      won't be see upstream issue #2160.
    + Ubuntu is not using the debconf triggered private key generation
      - d/rules: Removed patching ipsec.conf on build (not using the
        debconf-managed config.)
      - d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was
        used for debconf-managed include of private key).
    + Mass enablement of extra plugins and features to allow a user to use
      strongswan for a variety of extra use cases without having to rebuild.
      - d/control: Add required additional build-deps
      - d/control: Mention addtionally enabled plugins
      - d/rules: Enable features at configure stage
      - d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
      - d/libstrongswan.install: Add plugins (so, conf)
    + d/strongswan-starter.install: Install pool feature, which is useful since
      we have attr-sql plugin enabled as well using it.
    + Add plugin kernel-libipsec to allow the use of strongswan in containers
      via this userspace implementation (please do note that this is still
      considered experimental by upstream).
      - d/libcharon-extra-plugins.install: Add kernel-libipsec components
      - d/control: List kernel-libipsec plugin at extra plugins description
      - d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
        upstream recommends to not load kernel-libipsec by default.
    + Relocate tnc plugin
     - debian/libcharon-extra-plugins.install: Drop tnc from extra plugins
     - Add new subpackage for TNC in d/strongswan-tnc-* and d/control
    + d/libstrongswan.install: Reorder conf and .so alphabetically
    + d/libstrongswan.install: Add kernel-netlink configuration files
    + Complete the disabling of libfast; This was partially accepted in Debian,
        it is no more packaging medcli and medsrv, but still builds and
        mentions it.
      - d/rules: Add --disable-fast to avoid build time and dependencies
      - d/control: Remove medcli, medsrv from package description
    + d/control: Mention mgf1 plugin which is in libstrongswan now
    + Add now built (since 5.5.1) libraries libtpmtss and nttfft to
      libstrongswan-extra-plugins (no deps from default plugins).
    + Add rm_conffile for /etc/init.d/ipsec (transition from precies had
      missed that, droppable after 18.04)
    + d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
      plugins for the most common use cases from extra-plugins into a new
      standard-plugins package. This will allow those use cases without pulling
      in too much more plugins (a bit like the tnc package). Recommend that
      package from strongswan-libcharon.
  * Added changes:
    + d/strongswan-tnc-client.install (relocate tnc) swidtag creation changed
      in 5.6
    + d/strongswan-tnc-server.install (relocate tnc) pacman no more needed
    + d/control: bump breaks/replaces from libstrongswan-extra-plugins to
      libstrongswan as we dropped relocating ccm and test-vectors.
      (droppable >18.04).
    - d/control: add breaks/replace from libstrongswan to
      libstrongswan-extra-plugins for the move of mgf1 to libstrongswan.
      (droppable >18.04).
  * Dropped changes:
    + Update init/service handling (debian default matches Ubuntu past now)
      Dropping this fixes (LP: #1734886)
      - d/rules: Change init/systemd program name to strongswan
      - d/strongswan-starter.strongswan.service: Add new systemd file instead of
        patching upstream
      - d/strongswan-starter.links: Removed, use Ubuntu systemd file instead of
        linking to upstream
    + d/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call
      (this is a never failing no-op for us, no need for Delta).
    + d/strongswan-starter.prerm: Stop strongswan service on package removal
      (ipsec now maps to strongswan service, so this works as-is).
    + Clean up d/strongswan-starter.postinst: rename service ipsec to
      strongswan (ipsec now maps to strongswan service, so this works as-is)
    + Clean up d/strongswan-starter.postinst: daemon enable/disable (the
      whole section is disabled, so no need for delta)
    + (is upstream) CVE-2017-11185 patches
    + (is upstream) FTBFS upstream fix for changed include files
    + (is upstream) debian/patches/increase-bliss-test-timeout.patch: Under
       QEMU/KVM autopkgtest the bliss test takes longer than the default
    + (in Debian) add now built (since 5.5.1) mgf1 plugin to
      libstrongswan-extra-plugins.
    + (in Debian) d/strongswan-starter.install: install stroke apparmor profile
    + (this was enabled as part of the former delta, squash changes to no-up)
      d/rules: Disable duplicheck.
    + (not needed) Relocate plugins test-vectors from extra-plugins to
      libstrongswan
      - d/libstrongswan-extra-plugins.install: Remove plugins/conffiles
      - d/libstrongswan.install: Add plugins/confiles
      - d/control: move package descriptions and add required breaks/replaces
    + (not needed) Relocate plugins ccm from extra-plugins to libstrongswan
      - d/libstrongswan-extra-plugins.install: Remove plugins/conffiles
      - d/libstrongswan.install: Add plugins/confiles
      - d/control: move package descriptions and add required breaks/replaces
    + (while using it requires special kernel, it does not hurt to be
      available in the package) Remove ha plugin
      - d/libcharon-extra-plugins.install: Stop installing ha (so, conf)
      - d/rules: Do not enable ha plugin
      - d/control: Drop listing the ha plugin in the package description

strongswan (5.6.1-2) unstable; urgency=medium

  * move counters plugin from -starter to -libcharon. closes: #882431

strongswan (5.6.1-1) unstable; urgency=medium

  * debian/control:
    - remove strongswan-ike{,v1,v2} packages. closes: #878979
  * New upstream version 5.6.1
    - fix FTBFS with glibc 2.26+. closes: #880561
  * debian/rules: explicitly enable tpm plugin
  * debian/strongswan-starter.install: install counters plugin
  * debian/libstrongswan.install: install MGF1 plugin
  * debian/libstrongswan-extra-plugins.install: install tpm plugin
  * debian/control:
    - update standards version to 4.1.1
    - replace dh-systemd build-dep by updated build-dep on debhelper

strongswan (5.6.0-2) unstable; urgency=medium

  * debian/rules:
    - only use dh_missing --fail-missing when doing an architecture dependent
    packages. closes: #874152

strongswan (5.6.0-1) unstable; urgency=medium

  * New upstream release.
    - fix insufficient input validation in gmp plugin, which can cause a
    denial of service vulnerability (CVE-2017-11185) closes: #872155
  * debian/rules:
    - remove .la files before install
    - don't call dh_install with --fail-missing
    - override dh_missing with --fail-missing to catch uninstalled files
    - apply patch from Gerald Turner to restrict permissions on swanctl folder
      containing private material.
    - replace DEB_BUILD_* by DEB_HOST_* when needed, fix FTCBFS, for example
      when building for ppc64el on x86. Thanks Helmut Grohne. closes: #866669
  * debian/strongswan-swanctl.install:
    - install the whole /etc/swanctl folder, including (empty) subfolders.
                                                                closes: #866324
  * debian/charon-systemd.install:
    - install charon-systemd.conf files, thanks Gerald Turner. closes: #866325
  * Add AppArmor profiles for swanctl and charon-system, thanks Gerald Turner.
                                                                closes: #866327
  * debian/libcharon-extra-plugins.install:
    - install pt-tls-client in /u/b and also install its manpage.
  * debian/strongswan-swanctl.lintian-overrides:
    - add lintian overrides for private keys directories using 700
    permissions.

strongswan (5.5.3-2) unstable; urgency=medium

  * debian/control:
    - fix typo in libstrongswan-extra-plugins long description.
  * move curve25519 plugin from libcharon-extra-plugins to
    libstrongswan-extra-plugins

strongswan (5.5.3-1) unstable; urgency=medium

  * New upstream release.
  * debian/control:
    - update standards version to 4.0.0

strongswan (5.5.2-1) experimental; urgency=medium

  * New upstream release.
  * debian/patches/03_systemd-service refreshed.
  * debian/libcharon-extra-plugins.install:
    - include curve25519 plugin.
  * debian/libstrongswan-extra-plugins.install:
    - install libtpmtss library.

 -- Christian Ehrhardt <email address hidden> Wed, 29 Nov 2017 15:55:18 +0100