[Pkg-swan-devel] Bug#861037: [PATCH 00/12] New upstream release 5.5.2

Gerald Turner gturner at unzane.com
Sun Apr 23 22:34:31 UTC 2017 

Control: tags -1 + patch

Only the first 5 patches in this series pertains to the upstream 5.5.2
release, the rest are enabling various plugins which have bug their own
reports.

The first patch was simply running 'gbp import-orig --uscan'.

The second patch (Refresh 03_systemd-service.patch) may warrant scrutiny
or possibly upstreaming since https://wiki.strongswan.org/issues/2205
doesn't mention ExecReload.

The third patch (Updated debian/copyright) took quite a bit of effort,
and I only concentrated on the delta between 5.5.1 and 5.5.2, however it
looks like debian/copyright file has been out of sync for quite a while.
I could endeavor to audit the entire source if you like.

The fourth patch (Upstream 5.5.2 introduced libtpmtss.so), I had not
investigated whether there is any --disable flag to stop libtpmtss.so
From building, but neither did I enable any additional plugin (like tpm)
that activated it.

The fifth patch (Upstream 5.5.2 introduced curve25519) may be
contentious since I've come to the understanding that Yves-Alexis Perez
does not accept enabling new plugins arbitrarily (803787#10), however
upstream has chosen this plugin to be enabled by default, therefore I
placed it in the core libstrongswan package, furthermore Curve25519 is
specified in the RFC 8031 IKE standard (unfortunatley strongswan hadn't
implemented the stronger Curve448), and is prevalent in other modern
cryptosystems (TLS1.3, SSH).

Let me know if it would be at all helpful to run a publicly accessible
git repository (pull request rather than patches), I've been using
gitolite3 with private SSH access, but attaching some read-only HTTPS
front-end has been on my TODO list forever.

Gerald Turner (12):
  New upstream version 5.5.2
  Refresh 03_systemd-service.patch against 5.5.2 release
  Updated debian/copyright by manually inspecting the diff between
    upstream 5.5.1 and 5.5.2 releases and additionally fixed a few cases
    where the copyright data had been incorrect since package version
    5.5.1-3 and earlier
  Upstream 5.5.2 introduced libtpmtss.so support library which is built
    by default and required by the new tpm plugin, install with
    libcharon-extra-plugins package, note however that the tpm plugin is
    not being built.
  Upstream 5.5.2 introduced curve25519 which is being built by default,
    install with libstrongswan package.
  Enable dnscert, ipseckey, and unbound plugins (closes #718298)
  Enabled attr-sql, mysql, and sqlite plugins (closes #718302)
  Enabled bliss and ntru plugins and dependent mgf1 plugin (closes
    #803787)
  Enabled chapoly plugin (closed #814927)
  Enabled newhope plugin and dependent sha3 plugin
  Enabled bypass-lan, files, and forecast plugins
  Release strongSwan 5.5.2-0.1

-- 
Gerald Turner <gturner at unzane.com>        Encrypted mail preferred!
OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80  3858 EC94 2276 FDB8 716D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-swan-devel/attachments/20170423/4108aa82/attachment-0001.sig>

More information about the Pkg-swan-devel mailing list