diff --git a/strongswan-5.9.12.tar.bz2 b/strongswan-5.9.12.tar.bz2 deleted file mode 100644 index 0fe1126..0000000 --- a/strongswan-5.9.12.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5e6018b07cbe9f72c044c129955a13be3e2f799ceb53f53a4459da6a922b95e5 -size 4825696 diff --git a/strongswan-5.9.12.tar.bz2.sig b/strongswan-5.9.12.tar.bz2.sig deleted file mode 100644 index 6ccc6e7..0000000 --- a/strongswan-5.9.12.tar.bz2.sig +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmVbP3kACgkQ30LBcLNN -uneAygwAomUeLeEAbCSAkr+hVxxV2n8YBhGIoGYC8Ii/vpfD2ZC72gZF13QlUQcR -CizUT7XtvNBqQTTae0aoUlF6avmgqktHnJeLXVk8XATrkqVwW57EtfbBDEmVz1U9 -r1RNVvQWE15buvlT3yYoTu94dzm1jfNpGhB+v1bom9d+0JM+RGhxyl6nTpXgcNvQ -39P7rMQ5KbpdModLXZqBSZsKOX41a6oMWXQE+akfrUakhe/0N9FabpUb76U+R3Hz -Xx2TStOQDV/6QaAtLaaAOvIIjLsc1lHPxcO5Yf2iMbGBEOzldtrA5rPiLWLSwEG8 -chHhweSoD0qAKjRKYfx5umLYzOlsew42fwjFTQye8BXLdYqELdvD6MyCWn51YKO4 -ALhWFWxvBzL9FMQfPyVo+SWoS5IN9pKc4dqCgTMetorn7dZZGRykI8VAfnn5WxwB -CTzAitDVNI6T3dfqiadBrqDNe0wnatlOg2fJ+N3wU1IqoEtfHZ4yoxm/P88AaTBX -ImhWse8k -=6zu/ ------END PGP SIGNATURE----- diff --git a/strongswan-5.9.14.tar.bz2 b/strongswan-5.9.14.tar.bz2 new file mode 100644 index 0000000..ca34227 --- /dev/null +++ b/strongswan-5.9.14.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:728027ddda4cb34c67c4cec97d3ddb8c274edfbabdaeecf7e74693b54fc33678 +size 4869709 diff --git a/strongswan-5.9.14.tar.bz2.sig b/strongswan-5.9.14.tar.bz2.sig new file mode 100644 index 0000000..d8f021c --- /dev/null +++ b/strongswan-5.9.14.tar.bz2.sig @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- + +iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmX5cHAACgkQ30LBcLNN +une5oAwAiNFc9r4zuuJ9+Qd3q4AYTiCa7g4j6OhneQwY7Y6fzYOROfKKDzPoDhwJ +juU5vj+5d9yKVLEEueACCY2hM9cmAZL3mWMy5s86FmrNQcPRJ24cU19ZkyoxKGZ9 +8lvEtPzb5r5aTrdJnSu3rydGK7nSVysxA5ZyamviUndx1lWUkGYlz3lKMl8xm2qa +QNCnBQiUcwm9mADl4txlxkCvSDPb1Ez7Y40K5lVTpKa/awaM9e9JuKXSgOJmBUBY +C/E8pCzC8lENEoq5EZI/eV7VNwlc1ussqp2iSj0Nhy45cmXvCHpCIslkhPuReQzW +nNDFbuMGiDzCvD2RNdi+l1z+74oLPFeC7663K2/VYMMobqwYVhdC4hg/PMOzDa1x +L18Y7Pffna4gNa/jarx1U7fMFLW4c0q5DVvM8qoLtnc7Q9zFw4A+EU6i3sFa5EF+ +aVNbmHTIBXnf0YVoHmuOgjRH9kjjshnl/kSszOeW+wkoZzhuJkTzz/gllc9YWQNG +y+PFcIVK +=dVex +-----END PGP SIGNATURE----- diff --git a/strongswan.changes b/strongswan.changes index e2ec3c1..caed6ae 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,37 @@ +------------------------------------------------------------------- +Thu Jun 20 12:10:36 UTC 2024 - Dominique Leuenberger + +- Update description of ipsec package: no longer mention + /etc/init.d, which is not there for a long time anymore. +- Drop legacy rc* -> sbin/service symlink. This was compatibilty + boilerplate to transparently move between SySV and systemd + [jsc#PED-264]. + +------------------------------------------------------------------- +Tue Mar 19 13:58:13 UTC 2024 - Jan Engelhardt + +- Update to release 5.9.14 + * Support for the IKEv2 OCSP extensions (RFC 4806) has been + added, which allows peers to request and send OCSP responses + directly in IKEv2. + * Validation of X.509 name constraints in the constraints plugin + has been refactored to align with RFC 5280. + * Fail SA installation on Linux if replay protection is disabled + while ESN is enabled, which the kernel currently doesn't + support. + +------------------------------------------------------------------- +Mon Feb 26 13:31:08 UTC 2024 - Dominique Leuenberger + +- Use %patch -P N instead of deprecated %patchN. + +------------------------------------------------------------------- +Fri Dec 1 10:31:13 UTC 2023 - Jan Engelhardt + +- Update to release 5.9.13 + * OCSP error responses are now dropped immediately instead of + trying to verify a non-existent signature. + ------------------------------------------------------------------- Mon Nov 20 13:32:59 UTC 2023 - Jan Engelhardt diff --git a/strongswan.spec b/strongswan.spec index 8894f62..9b747d7 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -1,7 +1,7 @@ # # spec file for package strongswan # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: strongswan -Version: 5.9.12 +Version: 5.9.14 Release: 0 %define upstream_version %{version} %define strongswan_docdir %{_docdir}/%{name} @@ -169,7 +169,7 @@ Conflicts: openswan %description ipsec StrongSwan is an IPsec-based VPN solution for Linux. -This package provides the /etc/init.d/ipsec service script and allows +This package provides the systemd service definition and allows to maintain both IKEv1 and IKEv2 using the /etc/ipsec.conf and the /etc/ipsec.secrets files. @@ -218,12 +218,12 @@ and the load testing plugin for IKEv2 daemon. %prep %setup -q -n %{name}-%{upstream_version} -%patch2 -p1 -%patch5 -p1 +%patch -P 2 -p1 +%patch -P 5 -p1 sed -e 's|@libexecdir@|%_libexecdir|g' \ < %{_sourcedir}/strongswan.init.in \ > strongswan.init -%patch6 -p1 +%patch -P 6 -p1 %build CFLAGS="%{optflags} -W -Wall -Wno-pointer-sign -Wno-strict-aliasing -Wno-unused-parameter" @@ -327,9 +327,6 @@ autoreconf --force --install %install install -d -m755 %{buildroot}/%{_sbindir}/ install -d -m755 %{buildroot}/%{_sysconfdir}/ipsec.d/ -ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcstrongswan -ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcstrongswan-starter -ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcipsec # # Ensure, plugin -> library dependencies can be resolved # (e.g. libtls) to avoid plugin segment checksum errors. @@ -471,10 +468,7 @@ fi %dir %attr(700,root,root) %{_sysconfdir}/ipsec.d/private %{_unitdir}/strongswan-starter.service %{_unitdir}/strongswan.service -%{_sbindir}/rcstrongswan -%{_sbindir}/rcstrongswan-starter %{_sbindir}/charon-systemd -%{_sbindir}/rcipsec %{_bindir}/pki %{_bindir}/pt-tls-client %{_bindir}/tpm_extendpcr