Sync from SUSE:SLFO:Main strongswan revision c0d058b849bd280578e4791bd5b8e819

2024-11-15 14:01:27 +01:00 · 2024-11-15 14:01:27 +01:00 · 2c2b523370
commit 2c2b523370
parent 9169873f52
6 changed files with 57 additions and 29 deletions
--- a/strongswan-5.9.12.tar.bz2
+++ b/strongswan-5.9.12.tar.bz2
--- a/strongswan-5.9.12.tar.bz2.sig
+++ b/strongswan-5.9.12.tar.bz2.sig
@ -1,14 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmVbP3kACgkQ30LBcLNN
-uneAygwAomUeLeEAbCSAkr+hVxxV2n8YBhGIoGYC8Ii/vpfD2ZC72gZF13QlUQcR
-CizUT7XtvNBqQTTae0aoUlF6avmgqktHnJeLXVk8XATrkqVwW57EtfbBDEmVz1U9
-r1RNVvQWE15buvlT3yYoTu94dzm1jfNpGhB+v1bom9d+0JM+RGhxyl6nTpXgcNvQ
-39P7rMQ5KbpdModLXZqBSZsKOX41a6oMWXQE+akfrUakhe/0N9FabpUb76U+R3Hz
-Xx2TStOQDV/6QaAtLaaAOvIIjLsc1lHPxcO5Yf2iMbGBEOzldtrA5rPiLWLSwEG8
-chHhweSoD0qAKjRKYfx5umLYzOlsew42fwjFTQye8BXLdYqELdvD6MyCWn51YKO4
-ALhWFWxvBzL9FMQfPyVo+SWoS5IN9pKc4dqCgTMetorn7dZZGRykI8VAfnn5WxwB
-CTzAitDVNI6T3dfqiadBrqDNe0wnatlOg2fJ+N3wU1IqoEtfHZ4yoxm/P88AaTBX
-ImhWse8k
-=6zu/
-----END PGP SIGNATURE-----
--- a/strongswan-5.9.14.tar.bz2
+++ b/strongswan-5.9.14.tar.bz2
--- a/strongswan-5.9.14.tar.bz2.sig
+++ b/strongswan-5.9.14.tar.bz2.sig
@ -0,0 +1,14 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmX5cHAACgkQ30LBcLNN
+une5oAwAiNFc9r4zuuJ9+Qd3q4AYTiCa7g4j6OhneQwY7Y6fzYOROfKKDzPoDhwJ
+juU5vj+5d9yKVLEEueACCY2hM9cmAZL3mWMy5s86FmrNQcPRJ24cU19ZkyoxKGZ9
+8lvEtPzb5r5aTrdJnSu3rydGK7nSVysxA5ZyamviUndx1lWUkGYlz3lKMl8xm2qa
+QNCnBQiUcwm9mADl4txlxkCvSDPb1Ez7Y40K5lVTpKa/awaM9e9JuKXSgOJmBUBY
+C/E8pCzC8lENEoq5EZI/eV7VNwlc1ussqp2iSj0Nhy45cmXvCHpCIslkhPuReQzW
+nNDFbuMGiDzCvD2RNdi+l1z+74oLPFeC7663K2/VYMMobqwYVhdC4hg/PMOzDa1x
+L18Y7Pffna4gNa/jarx1U7fMFLW4c0q5DVvM8qoLtnc7Q9zFw4A+EU6i3sFa5EF+
+aVNbmHTIBXnf0YVoHmuOgjRH9kjjshnl/kSszOeW+wkoZzhuJkTzz/gllc9YWQNG
+y+PFcIVK
+=dVex
+-----END PGP SIGNATURE-----
--- a/strongswan.changes
+++ b/strongswan.changes
@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Thu Jun 20 12:10:36 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Update description of ipsec package: no longer mention
+  /etc/init.d, which is not there for a long time anymore.
+- Drop legacy rc* -> sbin/service symlink. This was compatibilty
+  boilerplate to transparently move between SySV and systemd
+  [jsc#PED-264].
+
+-------------------------------------------------------------------
+Tue Mar 19 13:58:13 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 5.9.14
+  * Support for the IKEv2 OCSP extensions (RFC 4806) has been
+    added, which allows peers to request and send OCSP responses
+    directly in IKEv2.
+  * Validation of X.509 name constraints in the constraints plugin
+    has been refactored to align with RFC 5280.
+  * Fail SA installation on Linux if replay protection is disabled
+    while ESN is enabled, which the kernel currently doesn't
+    support.
+
+-------------------------------------------------------------------
+Mon Feb 26 13:31:08 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Use %patch -P N instead of deprecated %patchN.
+
+-------------------------------------------------------------------
+Fri Dec  1 10:31:13 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 5.9.13
+  * OCSP error responses are now dropped immediately instead of
+    trying to verify a non-existent signature.
+
 -------------------------------------------------------------------
 Mon Nov 20 13:32:59 UTC 2023 - Jan Engelhardt <jengelh@inai.de>

--- a/strongswan.spec
+++ b/strongswan.spec
@ -1,7 +1,7 @@
 #
 # spec file for package strongswan
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@


 Name:           strongswan
-Version:        5.9.12
+Version:        5.9.14
 Release:        0
 %define         upstream_version     %{version}
 %define         strongswan_docdir    %{_docdir}/%{name}
@ -169,7 +169,7 @@ Conflicts:      openswan
 %description ipsec
 StrongSwan is an IPsec-based VPN solution for Linux.

-This package provides the /etc/init.d/ipsec service script and allows
+This package provides the systemd service definition and allows
 to maintain both IKEv1 and IKEv2 using the /etc/ipsec.conf and the
 /etc/ipsec.secrets files.

@ -218,12 +218,12 @@ and the load testing plugin for IKEv2 daemon.

 %prep
 %setup -q -n %{name}-%{upstream_version}
-%patch2 -p1
-%patch5 -p1
+%patch -P 2 -p1
+%patch -P 5 -p1
 sed -e 's|@libexecdir@|%_libexecdir|g'    \
     < %{_sourcedir}/strongswan.init.in \
     > strongswan.init
-%patch6 -p1
+%patch -P 6 -p1

 %build
 CFLAGS="%{optflags} -W -Wall -Wno-pointer-sign -Wno-strict-aliasing -Wno-unused-parameter"
@ -327,9 +327,6 @@ autoreconf --force --install
 %install
 install -d -m755              %{buildroot}/%{_sbindir}/
 install -d -m755              %{buildroot}/%{_sysconfdir}/ipsec.d/
-ln -sf %{_sbindir}/service    %{buildroot}/%{_sbindir}/rcstrongswan
-ln -sf %{_sbindir}/service    %{buildroot}/%{_sbindir}/rcstrongswan-starter
-ln -sf %{_sbindir}/service    %{buildroot}/%{_sbindir}/rcipsec
 #
 # Ensure, plugin -> library dependencies can be resolved
 # (e.g. libtls) to avoid plugin segment checksum errors.
@ -471,10 +468,7 @@ fi
 %dir %attr(700,root,root) %{_sysconfdir}/ipsec.d/private
 %{_unitdir}/strongswan-starter.service
 %{_unitdir}/strongswan.service
-%{_sbindir}/rcstrongswan
-%{_sbindir}/rcstrongswan-starter
 %{_sbindir}/charon-systemd
-%{_sbindir}/rcipsec
 %{_bindir}/pki
 %{_bindir}/pt-tls-client
 %{_bindir}/tpm_extendpcr