strongswan (5.9.11-1ubuntu1) mantic; urgency=medium
* Merge with Debian unstable (LP: #2018113). Remaining changes:
- d/control: strongswan-starter hard-depends on strongswan-charon,
therefore bump the dependency from Recommends to Depends. At the same
time avoid a circular dependency by dropping
strongswan-charon->strongswan-starter from Depends to Recommends as the
binaries can work without the services but not vice versa.
- re-add post-quantum encryption algorithm (NTRU) (LP #1863749)
+ d/control: mention plugins in package description
+ d/rules: enable ntru at build time
+ d/libstrongswan-extra-plugins.install: ship config and shared objects
- Re-enable eap-{dynamic,peap} libcharon plugins (LP #1878887)
+ d/control: update libcharon-extra-plugins description.
+ d/libcharon-extra-plugins.install: install .so and conf files.
+ d/rules: add plugins to the configuration arguments.
- Remove conf files of plugins removed from libcharon-extra-plugins
+ The conf file of the following plugins were removed: eap-aka-3gpp2,
eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym,
eap-simaka-reauth, eap-simaka-sql, xauth-noauth.
+ Created d/libcharon-extra-plugins.maintscript to handle the removals
properly.
- d/t/{control,host-to-host,utils}: new host-to-host test
(LP #1999525)
- d/usr.sbin.swanctl: allow "m" flag for /usr/sbin/swanctl
(LP #1999935)
* Dropped:
- SECURITY UPDATE: Incorrectly Accepted Untrusted Public Key With
Incorrect Refcount
+ debian/patches/CVE-2023-26463.patch: fix authentication bypass and
expired pointer dereference in src/libtls/tls_server.c.
+ CVE-2023-26463
[Fixed upstream in 5.9.10]
-- Andreas Hasenack <email address hidden> Fri, 23 Jun 2023 14:05:18 -0300