Accepting request 921885 from home:iznogood:branches:network:vpn

- Update to version 5.9.3:
  * Added AES-ECB, SHA-3 and SHAKE-256 support to the wolfssl
    plugin.
  * Added AES-CCM support to the openssl plugin (#353).
  * The x509 and the openssl plugins now consider the
    authorityKeyIdentifier, if available, before verifying
    signatures, which avoids unnecessary signature verifications
    after a CA key rollover if both CA certificates are loaded.
    The openssl plugin now does the same also for CRLs (the x509
    plugin already did).
  * The pkcs11 plugin better handles optional attributes like
    CKA_TRUSTED, which previously depended on a version check.
  * The NetworkManager backend (charon-nm) now supports using SANs
    as client identities, not only full DNs (#437).
  * charon-tkm now handles IKE encryption.
  * Send a MOBIKE update again if a a change in the NAT mappings is
    detected but the endpoints stay the same (e143a7d).
  * A deadlock in the HA plugin introduced with 5.9.2 has been
    fixed (#456).
  * DSCP values are now also set for NAT keepalives.
  * The ike_derived_keys() hook now receives more keys but in a
    different order (4e29d6f).
  * Converted most of the test case scenarios to the vici
    interface.
- Replace libsoup-devel with pkgconfig(libsoup-2.4) BuildRequires,
  as this is what really checks for. Needed as libsoup-3.0 is
  released.

OBS-URL: https://build.opensuse.org/request/show/921885
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=127

strongswan-5.9.0.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:72b47a385da5d1532b816d9fe04c50d074c29ed42ea3f0878fbd66335917bb66
-size 4568404

strongswan-5.9.0.tar.bz2.sig

@@ -1,14 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQGcBAABAgAGBQJfIVyVAAoJEN9CwXCzTbp3p3cL+gKB4H0U/CxpV/pazru6bkBB
-aZYWm+zTNZG+W0Xh7466NlhZU+Z4nDYm8nr4M3tZPJ9Gas4bZnkZmqYROWotyzH8
-6R72n50ZIT7aRdL72LBNZqk89RCGJqWMcgs9aJwr319/s75SEV2ez53zEWUsMwLi
-j8JMjE9I8swmcyKk1qHLuyGUTk/THKq2iN5v3w9kHkGNSow892XVhjl5MvE6sVZt
-ceNc3YBmnWsJc1XbPP94TMtUJQ4PIscJvx1ysfSsLnIhej/VlId4DzbgVNXwWYNp
-RwuecQi8UZTjQ1PORIYlCAK3a+t//Fts4oz7XxS5vCE96LlmoiM17Kt9uPFKNv24
-q1CzmExoW5BmqKxiILWM7EOMIFELmRdq5j2Ar9qLdreAxYXFqwoc+o+DRa79QyuZ
-4Ul09JRBAvcvLk/B2zY7Z6IPvCsyWyfq9uznzeKo1zsv+q/61H/pvZ6uSr6S58No
-BsZSeBXrFLkSJDbGrREpP1/ajYCDFfBwz8jx//J/NQ==
-=OvzW
------END PGP SIGNATURE-----

strongswan-5.9.3.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9325ab56a0a4e97e379401e1d942ce3e0d8b6372291350ab2caae0755862c6f7
+size 4652311

strongswan-5.9.3.tar.bz2.sig

@@ -0,0 +1,14 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmDkSF0ACgkQ30LBcLNN
+uncrygwAjMYQOjm18Xzu/nnqhGZhgtAjk5yFRsSAwjcbevcC9a8q0aRWyMXA6Yhl
+LQOclYEBbyH4r/59GEHrZNvAHJ0iwAxtp20DcqUwzjRzrwL2g6/FZI1LTRkr0W0r
+3neaM8xVVZhpCUoVFVI1RZlpocwElgHGliivCnLwhEvEHJE89bzStBgdqbIZx3E1
+Piz0Ta6qkN1mglGtnsmFeImY3MosUdoQ0aj8q6dthmzNPxpn6f80RHkdoJm7S783
+FMFhwds4wLCp33v7JpAoGMvDJJnMtErj5PMSwrmN//eArWKHGWQPlGJq0OKZcJWO
+JI3sUaUsQlQ+3YsV63QIq6Oyav7h7yCmS9jEk9tiTB8QXj7GJrRpBetIYmvdzRMd
+wHmvZOC3vGdoEj8AKKNF447X3WMEVs0/DEYr/PHh6h6X9Ed8NyKVhiLm+OE6nk9F
+0Fthllsf+z8LLd+q1OPwH69FsI9J8oiW/pVyXB/MmBdu+0r6A1+EJw0cxqmqbLuN
+uN1rNh4k
+=O9SJ
+-----END PGP SIGNATURE-----

strongswan.changes

@@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Mon Sep 27 19:01:38 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 5.9.3:
+  * Added AES-ECB, SHA-3 and SHAKE-256 support to the wolfssl
+    plugin.
+  * Added AES-CCM support to the openssl plugin (#353).
+  * The x509 and the openssl plugins now consider the
+    authorityKeyIdentifier, if available, before verifying
+    signatures, which avoids unnecessary signature verifications
+    after a CA key rollover if both CA certificates are loaded.
+    The openssl plugin now does the same also for CRLs (the x509
+    plugin already did).
+  * The pkcs11 plugin better handles optional attributes like
+    CKA_TRUSTED, which previously depended on a version check.
+  * The NetworkManager backend (charon-nm) now supports using SANs
+    as client identities, not only full DNs (#437).
+  * charon-tkm now handles IKE encryption.
+  * Send a MOBIKE update again if a a change in the NAT mappings is
+    detected but the endpoints stay the same (e143a7d).
+  * A deadlock in the HA plugin introduced with 5.9.2 has been
+    fixed (#456).
+  * DSCP values are now also set for NAT keepalives.
+  * The ike_derived_keys() hook now receives more keys but in a
+    different order (4e29d6f).
+  * Converted most of the test case scenarios to the vici
+    interface.
+- Replace libsoup-devel with pkgconfig(libsoup-2.4) BuildRequires,
+  as this is what really checks for. Needed as libsoup-3.0 is
+  released.
+
 -------------------------------------------------------------------
 Mon Sep  7 08:38:01 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
 

strongswan.spec

@@ -17,7 +17,7 @@
 
 
 Name:           strongswan
-Version:        5.9.0
+Version:        5.9.3
 Release:        0
 %define         upstream_version     %{version}
 %define         strongswan_docdir    %{_docdir}/%{name}
@@ -88,11 +88,11 @@ BuildRequires:  gmp-devel
 BuildRequires:  gperf
 BuildRequires:  libcap-devel
 BuildRequires:  libopenssl-devel
-BuildRequires:  libsoup-devel
 BuildRequires:  openldap2-devel
 BuildRequires:  pam-devel
 BuildRequires:  pcsc-lite-devel
 BuildRequires:  pkg-config
+BuildRequires:  pkgconfig(libsoup-2.4)
 %if %{with mysql}
 BuildRequires:  libmysqlclient-devel
 %endif