Ubuntu Pastebin

Paste from robie at Tue, 6 Dec 2016 08:07:07 +0000

Download as text 
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
new delta 6fad8712ad0e07d7876bf521cf863f6614a73ec4 - candidate to drop?

Check drop of adding strongswan-plugin-* virtual packages

9b3a90368229add8313f8624beee02f5840dbf0e - get an ack from the security team please? https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1244157/comments/7 does say the same, but seems to refer to tests. Is it definitely OK to land this in production use?

Should we be adding plugins without checking with the security team?

6e95f98: worth breaking away from wrap-and-sort?

/^(diff|commit)


1. Mechnical checks: done
2. Account for every change in the previous logical commit.
   a. Is transferred exactly, transferred modified, or dropped.
   b. Is noted correctly in changelog (twice if modified).
   c. The changelog note still accurately reflects the changes.
3. Account for any new commits.
   a. Check that the changelog matches the commits.
   b. All commits in the new delta should now be accounted for.
4. Check new delta:
   a. Anything dropped was appropriately dropped.
   b. All previous delta still kept is still correct and appropriate to keep.
   c. Anything new or changed is appropriate to add or change.


2 done

  * Merge from Debian (LP: #1631198)
  * Remaining Changes:
    + [98fa569->517b981] d/rules: enforcing DEB_BUILD_OPTIONS=nostrip for library integrity
      checking.
    + [6776fdc->5a4903e] d/rules: Set TESTS_REDUCED_KEYLENGTHS to one generate smallest key-lengths
      in tests.
    + [8340de6->27653d8] update init/service handling
      - d/rules: change init/systemd program name to strongswan
      - d/strongswan-starter.strongswan.service add new systemd file instead of
        patching upstream
      - d/strongswan-starter.links: removed, use Ubuntu systemd file instead of
        linking to upstream
    + update init/service handling XXX changelog entry dupe
      - [837c730->af1d1ac] d/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call.
      - [f7af584->f712782] d/strongswan-starter.prerm: Stop strongswan service on package
        removal (as opposed to using the old init.d script).
    + [730bab5->48d44b6] clean up d/strongswan-starter.postinst:
      - Removed section about runlevel changes
      - Adapted service restart section for Upstart (kept to be Trusty
        backportable). XXX should be using invoke-rc.d, not service wrapper
      - Remove old symlinks to init.d files is necessary. XXX not sure we should be doing this
      - Removed further out-dated code
      - Removed entire section on opportunistic encryption - this was never in
        strongSwan.
    + [f6010a4->86ce01e] add and install apparmor profiles
      - d/rules: install AppArmor profiles
      - d/control: add dh-apparmor build-dep
      - d/usr.lib.ipsec.{charon, lookip, stroke}: add latest AppArmor profiles
        for charon, lookip and stroke
      - d/libcharon-extra-plugins.install: install profile for lookip XXX added
      - d/strongswan-charon.install: install profile for charon XXX added
      - d/strongswan-starter.install: install profile for stroke XXX added
    + [dfa1ae4->2eb529a] d/rules: Removed pieces on 'patching ipsec.conf' on build.
    + [e029113->6fad871] d/rules: sorted and only one enable option per configure line
    + [7e32d37,70e16e2-,966a025,d1f0c42,835926e,5a24d60,f2dfe34->01ca20a-] mass enablement of extra features to match former Ubuntu config.
      - XXX also enables --with-tss=trousers, duplicheck (disabled again below), eap-{peap,sim,simaka-{pseudonum,reauth,sql},sim-file,sim-pcsc},imc-{attestation,os,scanner,swid,test},imv-{attestation,os,scanner,swid,test},integrity-test,kernel-libipsec,tnccs-11,tnccs-20,tnccs-dynamic,tnc-{ifmap,imc,imv,pdp},xauth-{generic,noauth}
      - enables acert, attr-sql, bliss, chapoly, coupling, dnscert, fips-prf,
        gmp, ipseckey, libchecksum, load-tester, md4, mysql, ntru, radattr,
        soup, sqlite, sql, systime-fix, unbound, whitelist
      - d/control add required additional build-deps to libjson-c-dev,
        libldns-dev, libmysqlclient-dev, libpcsclite-dev, libtspi-dev,
        libsoup2.4-dev and libunbound-dev XXX and libtpsi-dev
      - d/rules enable features at configure stage
      - d/control mention addtionally enabled plugins
      - d/libbstrongswan-extra-plugins.install add plugins (so, lib, conf)
      - XXX d/libstrongswan.install add plugins (so, conf)
    + [3a6dbf8->2671933] d/rules: disable duplicheck as per
      https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718291#10
    + [20d03cd->dccd5cf] Remove ha plugin (requires special kernel)
      - d/libcharon-extra-plugins.install remove libstrongswan-ha.so
        XXX also .install removes ha.conf twice
      - d/{rules, control} remove ha plugin
    + [598f5bb->705d05a] Add plugin kernel-libipsec
      - d/libcharon-extra-plugins.install add kernel-libipsec.{so, lib, conf} XXX doesn't match exactly
      - d/control list kernel-libipsec plugin at extra plugins description
      - d/p/dont-load-kernel-libipsec-plugin-by-default.patch as
        upstream recommends to not load kernel-libipsec by default.
    + [0fa1327->276aa27] d/rules: Remove configure option --enable-unit-test (unit tests run by
      default)
    + [ec90f42->4e1bbd9] Relocate tnc plugin
     - debian/libcharon-extra-plugins.install drop tnc from extra plugins
     - Add new subpackage for TNC in d/strongswan-tnc-base.install,
       d/strongswan-tnc-client.install, d/strongswan-tnc-ifmap.install,
       d/strongswan-tnc-pdp.install, d/strongswan-tnc-server.install
       XXX also d/control strongswan-tnc-{ifmap,base,client,server,pdp}
    + [87cd770->6e95f98] d/strongswan-starter.install: add pool feature
    + [6501295->e3cdb20|f7c48ee->1a6adaa-] Relocate plugins test-vectors and ccm from extra-plugins to libstrongswan
      - XXX does this need conffile handling?
      - XXX 1a6adaa also includes ccm conf change noted in Added Changes section
      - d/libstrongswan-extra-plugins.install remove plugins
      - d/libstrongswan.install add plugins
    + [0b5c3e7->12afbd6] Reorder conf and .so alphabetically XXX but in some strange locale?
      - d/libstrongswan-extra-plugins.install XXX no changes to this file
      - d/libstrongswan.install
    + [cc4cb5e->ad761f5] d/libstrongswan.install add kernel-netlink configuration files
    + [79fb9cf->83ae693] d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference.
    + [f623cf6->d56dc87] add updated logcheck rules
      - debian/libstrongswan.strongswan.logcheck.* remove outdated logcheck files
      - debian/{rules,strongswan.logcheck}: add updated logcheck rules
      - XXX debian/rules no longer touched
    + [f332cad->74d9f86] Add updated DEP8 tests
      - d/tests/* add DEP8 tests
      - d/control enable autotestpkg
    + [11cc0f1->39dcf84] debian/patches/increase-bliss-test-timeout.patch
      Under QEMU/KVM autopkgtest the bliss test takes longer than the default
    + [e2e7d73->89e554d] disabling libfast
      - XXX can we explain the plugins that got disabled?
      - XXX plugins needed to be disabled aren't in this commit any more
      - XXX plugins and .conf files aren't being dropped from .install any more
      - XXX --enable-mediation was being dropped. What happened to this?
      - XXX No longer dropping libfast.so* from .install?
      - d/rules: drop it from build
      - d/control: don't mention on lib package description
      - Note: partially accepted in Debian (dropped from packaged content)
  * Dropped Changes:
    + adding build-dep to iptables-dev (in Debian) XXX wasn't previously in delta (just moved in syntax in 70e16e2)
    + [70e16e2-] XXX dropping of build deps libfcgi-dev, clearsilver-dev
    + [fee6cce] adding strongswan-plugin-* virtual packages for dist-upgrade (no
      upgrade path left needing them)
    + disabling libfast (Debian dropped it from package content)
    + [262f05b] Lower dpkg-dev to 1.16.1 from 1.16.2 to enable backporting to Precise XXX
    + [ff4fd91] debian/strongswan-starter.dirs: Don't touch /etc/init.d. XXX
  * Added Changes:
    + [9b3a903] fix strongswan ipsec status issue with apparmor (LP: #1587886)
    + [1a6adaa-] the relocation of the ccm plugin now includes a fix of the xenial version
      which missed to move the configuration files
    + [b18db0d] complete move of test-vectors (was missing in d/control)
    + [8f2e81f-] Add now built (5.5.1 vs 5.3.5) mgf1 plugin to libstrongswan-extra-plugins.
      "only" to extra-plugins Mgf1 is not listed as default plugin at
      https://wiki.strongswan.org/projects/strongswan/wiki/Pluginlist.
    + [8f2e81f-] Add now built (5.5.1 vs 5.3.5) libraries libtpmtss and nttfft to
      libstrongswan-extra-plugins.
    + [0ac0504] add missing mention of md4 plugin in d/control
    + [f00c287] add missing mention of libchecksum integrity test in d/control
    + XXX [01ca20a-] new descriptions in d/control for: attr-sql, coupling,dnscert,ipseckey,load-tester,mysql,ntru,radattr,sql,sqlite,soup,unbound,whitelist and under libcharon-extra-plugins: dhcp,farp,eap-*,xauth-noauth
Download as text