From 3ce027ac91a2fe85a50f0210d84033d26ac693b4bf4cf4e6c0bec56434d4300c Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 3 Jan 2023 13:25:43 +0000 Subject: [PATCH] - Update to release 5.9.9 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=140 --- strongswan-5.9.8.tar.bz2 | 3 --- strongswan-5.9.8.tar.bz2.sig | 14 -------------- strongswan-5.9.9.tar.bz2 | 3 +++ strongswan-5.9.9.tar.bz2.sig | 14 ++++++++++++++ strongswan.changes | 13 +++++++++++++ strongswan.spec | 14 +++++++------- 6 files changed, 37 insertions(+), 24 deletions(-) delete mode 100644 strongswan-5.9.8.tar.bz2 delete mode 100644 strongswan-5.9.8.tar.bz2.sig create mode 100644 strongswan-5.9.9.tar.bz2 create mode 100644 strongswan-5.9.9.tar.bz2.sig diff --git a/strongswan-5.9.8.tar.bz2 b/strongswan-5.9.8.tar.bz2 deleted file mode 100644 index 5395543..0000000 --- a/strongswan-5.9.8.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d3303a43c0bd7b75a12b64855e8edcb53696f06190364f26d1533bde1f2e453c -size 4747096 diff --git a/strongswan-5.9.8.tar.bz2.sig b/strongswan-5.9.8.tar.bz2.sig deleted file mode 100644 index e4e14e1..0000000 --- a/strongswan-5.9.8.tar.bz2.sig +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmM67/cACgkQ30LBcLNN -undvMgwAoxjGn0i3o0JqNTBqSBgrHEAMNBLf9ps0UlPa/nmeO77jW/9NU1JCJl+K -1FLzaYt3m+rZld583fjtf4kTGzl3J0q8PNdiL4W4WdCsd1c6Gmmm7uokEDGbb4+e -fUlOeVDUrFcx/MZ88tHkdvDQK5TSSodqXpUbRGTOGujvfsXoqJPoMg1sPGEMXpPx -afGH6y97DQN5or8h8jI0YFwOruxiZWMNOrJK0KtygAyBiECAbxs8z8afQoMhK7aE -sGdCOc44FBK+6Kph1hX1Y6le8aazJRFrdmzUiEwcsrJ0+NG3Y3XfWRpVTBq+Q1LP -sUywQyqO3iG4lotH3yolhvZZLuJqjKYvn6A1nSa1kZMp7TDeK3gNmFwXRK2nT8rJ -VEDPsyghx46CSF+6gpfs2+mX8EVuqOTphw0ZtjqyfV7/wi4Zmj5+p2TO6cWen40c -5mkENnKQRcPXLszdesc4eksWsijIZGojcQelcYJGAZnLvyfLlo/eijrxnf950jsK -UORUFHmQ -=vOnt ------END PGP SIGNATURE----- diff --git a/strongswan-5.9.9.tar.bz2 b/strongswan-5.9.9.tar.bz2 new file mode 100644 index 0000000..bfb1ffd --- /dev/null +++ b/strongswan-5.9.9.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5e16580998834658c17cebfb31dd637e728669cf2fdd325460234a4643b8d81d +size 4764675 diff --git a/strongswan-5.9.9.tar.bz2.sig b/strongswan-5.9.9.tar.bz2.sig new file mode 100644 index 0000000..5dd6594 --- /dev/null +++ b/strongswan-5.9.9.tar.bz2.sig @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- + +iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmOxaKcACgkQ30LBcLNN +uneBbgv8DTvNTm48iRhC2MisT87T5oHtMtq3iCFuhXxP2X1t53e8E4eLFx837hCO +AdTbR6CeQRyEjW+scTmTv1mmY0WGKb6npfwyCxb9qteIu3Sf21MNSqZ1Va7WMh7d +0fm7ezF6dgxkRcmVFF+4jwwsMTx6u54I9QSsdcJ1b1u4FWThOLtCrBA7qMnxGaGN +9whbBJB8DIZhXYF9BDRftLZ1rXoERAmXxXxt/a+vhikv0Sw/NlZTJaHsf4l/8w+p +yWkdXm5WUo95Ilv+cboVHcqx8StTU+xSbyrZxQul3B8zG5fc7yyA3H8dR8K1fBbi +CiBOPnQHL1m8iDSbmV7Nm6xalKwZXffLaLwnBcqfSX0JC7ZRnDfjOT/mTdPhpkoH +JzEEDFl3iEAJGbvb5Bvyn4Q98gZOzWWsxtxWpHUzoPjVd/HFx4w95Wcod/+4JhVE +wfHIOzALmFk7LWzCpiN4heW103ilGCJ3/n2OVn4j+3maZ01tK8hNIxWNTKYYhpbI +eBmb+TNc +=gp/t +-----END PGP SIGNATURE----- diff --git a/strongswan.changes b/strongswan.changes index e917a85..86fd774 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Jan 3 13:22:12 UTC 2023 - Jan Engelhardt + +- Update to release 5.9.9 + * Fixed an issue that could cause OCSP requests to contain an + incorrect serial number if the openssl plugin parsed the + certificate. + * The resolve plugin does not invoke resolvconf(8) with + individual interface names for each name server anymore. + * The kernel-netlink plugin now logs extended ACK error and + warning messages provided by the Linux kernel if e.g. the + installation of an SA or policy fails. + ------------------------------------------------------------------- Mon Oct 3 20:36:03 UTC 2022 - Jan Engelhardt diff --git a/strongswan.spec b/strongswan.spec index caf5037..eba5327 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -1,7 +1,7 @@ # # spec file for package strongswan # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: strongswan -Version: 5.9.8 +Version: 5.9.9 Release: 0 %define upstream_version %{version} %define strongswan_docdir %{_docdir}/%{name} @@ -80,7 +80,7 @@ Patch2: %{name}_ipsec_service.patch Patch3: %{name}_fipscheck.patch %endif Patch5: 0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch -Patch6: harden_strongswan.service.patch +Patch6: harden_strongswan.service.patch BuildRequires: bison BuildRequires: curl-devel BuildRequires: flex @@ -197,14 +197,15 @@ Provides: VPN Provides: ipsec Provides: strongswan = %{version} Obsoletes: strongswan < %{version} -Conflicts: freeswan openswan +Conflicts: freeswan +Conflicts: openswan %description ipsec StrongSwan is an IPsec-based VPN solution for Linux. This package provides the /etc/init.d/ipsec service script and allows to maintain both IKEv1 and IKEv2 using the /etc/ipsec.conf and the -/etc/ipsec.sectes files. +/etc/ipsec.secrets files. %package mysql Summary: MySQL plugin for strongSwan @@ -447,7 +448,7 @@ echo 'd %{_rundir}/%{name} 0770 root root' > %{buildroot}%{_tmpfilesdir}/%{name} # install -c -m750 _fipscheck %{buildroot}/%{_libexecdir}/ipsec/ install -c -m644 %{_sourcedir}/fips-enforce.conf \ - %{buildroot}/%{strongswan_configs}/charon/zzz_fips-enforce.conf + %{buildroot}/%{strongswan_configs}/charon/zzz_fips-enforce.conf # disable bypass-lan plugin by default sed -i 's/\(load[ ]*=[ ]*\)yes/\1no/g' %{buildroot}/%{strongswan_configs}/charon/bypass-lan.conf # create fips hmac hashes _after_ install post run @@ -948,7 +949,6 @@ fi %{strongswan_templates}/database/imv/data.sql %{strongswan_templates}/database/imv/tables.sql - %if %{with nm} %files nm