Control: tags -1 + patch Only the first 5 patches in this series pertains to the upstream 5.5.2 release, the rest are enabling various plugins which have bug their own reports.
The first patch was simply running 'gbp import-orig --uscan'. The second patch (Refresh 03_systemd-service.patch) may warrant scrutiny or possibly upstreaming since https://wiki.strongswan.org/issues/2205 doesn't mention ExecReload. The third patch (Updated debian/copyright) took quite a bit of effort, and I only concentrated on the delta between 5.5.1 and 5.5.2, however it looks like debian/copyright file has been out of sync for quite a while. I could endeavor to audit the entire source if you like. The fourth patch (Upstream 5.5.2 introduced libtpmtss.so), I had not investigated whether there is any --disable flag to stop libtpmtss.so From building, but neither did I enable any additional plugin (like tpm) that activated it. The fifth patch (Upstream 5.5.2 introduced curve25519) may be contentious since I've come to the understanding that Yves-Alexis Perez does not accept enabling new plugins arbitrarily (803787#10), however upstream has chosen this plugin to be enabled by default, therefore I placed it in the core libstrongswan package, furthermore Curve25519 is specified in the RFC 8031 IKE standard (unfortunatley strongswan hadn't implemented the stronger Curve448), and is prevalent in other modern cryptosystems (TLS1.3, SSH). Let me know if it would be at all helpful to run a publicly accessible git repository (pull request rather than patches), I've been using gitolite3 with private SSH access, but attaching some read-only HTTPS front-end has been on my TODO list forever. Gerald Turner (12): New upstream version 5.5.2 Refresh 03_systemd-service.patch against 5.5.2 release Updated debian/copyright by manually inspecting the diff between upstream 5.5.1 and 5.5.2 releases and additionally fixed a few cases where the copyright data had been incorrect since package version 5.5.1-3 and earlier Upstream 5.5.2 introduced libtpmtss.so support library which is built by default and required by the new tpm plugin, install with libcharon-extra-plugins package, note however that the tpm plugin is not being built. Upstream 5.5.2 introduced curve25519 which is being built by default, install with libstrongswan package. Enable dnscert, ipseckey, and unbound plugins (closes #718298) Enabled attr-sql, mysql, and sqlite plugins (closes #718302) Enabled bliss and ntru plugins and dependent mgf1 plugin (closes #803787) Enabled chapoly plugin (closed #814927) Enabled newhope plugin and dependent sha3 plugin Enabled bypass-lan, files, and forecast plugins Release strongSwan 5.5.2-0.1 -- Gerald Turner <gtur...@unzane.com> Encrypted mail preferred! OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80 3858 EC94 2276 FDB8 716D
signature.asc
Description: PGP signature