OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=2

strongswan-4.1.11.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9d2761b780fd8b11eafce63dc44336ece6941405dae819bd03e62a5f6b2f82fb
+size 2234335

strongswan-4.1.11.tar.bz2.sig

@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (GNU/Linux)
+
+iQCVAwUAR7TA89YbDnNAmVNZAQJS6wQAil7xDrAGwYgFOaDpv4h6tF53TnQBepLK
+FhEnxtPNmk5YAwhu8t3qsHIOERzctKt8vwh0fnNZTKP3GeKWl+7f4zYOlQPKEW+S
+ltsE9dfLBjNDPlToTJHKre6i+u9l+scndf8087vinzsgnqK/JXyGKQ58cAts0ytV
+JbBe/WhlOiA=
+=t33J
+-----END PGP SIGNATURE-----

strongswan-4.1.9.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:37ea5119dc54cb150d444302f82f84854a15d35e45a817e3a29be86b7d750587
-size 2176339

strongswan-4.1.9.tar.bz2.sig

@@ -1,9 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.6 (GNU/Linux)
-
-iQCVAwUAR1Wm+dYbDnNAmVNZAQIvkAQAolk4x+wmuJEIBHQ+24S2v2fOJoZKud6L
-Fl8cqH2GPe4yYZkuaJ+djgK+GslBfY8qyqXKC49SUkwWtA/yMKkItwDNv2RwhXdQ
-jzjAI1Ad8nCck3XFkIYg9gxL/p2caooRqu6PUr0qfTpVl1lKMW0tHVssavUnCWJv
-NcjWTSUihl0=
-=GC6L
------END PGP SIGNATURE-----

strongswan.changes

@@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Tue Feb 19 11:44:03 CET 2008 - mt@suse.de
+
+- Updated to 4.1.11 maintenance release, providing following fixes:
+  * IKE rekeying in NAT situations did not inherit the NAT conditions
+  to the rekeyed IKE_SA so that the UDP encapsulation was lost with
+  the next CHILD_SA rekeying.
+  * Wrong type definition of the next_payload variable in id_payload.c
+  caused an INVALID_SYNTAX error on PowerPC platforms. 
+  * Implemented IKEv2 EAP-SIM server and client test modules that use
+  triplets stored in a file. For details on the configuration see
+  the scenario 'ikev2/rw-eap-sim-rsa'.
+- The 4.1.10 final version, declared upstream as "Fully tested support
+  of IPv6 IPsec tunnel connections", fixes ordering error in oscp cache,
+  IPv6 defaults of the nexthop parameter, adds support for new EAP
+  modules [disabled in this build] and obsoletes our strongswan_path
+  and strongswan_ipsec_script_msg patches.
+- Removed a sed call from init script.
+
 -------------------------------------------------------------------
 Sat Dec  8 13:03:42 CET 2007 - mt@suse.de
 

strongswan.init.in

@@ -208,7 +208,7 @@ rc_reset
 
 case "$1" in
     start)
-	$IPSEC_CMD start 2>&1 | sed -e "s/ -- .*//g"
+	$IPSEC_CMD start 2>&1
 	rc_status -v1
 	;;
     stop)

strongswan.spec

@@ -1,7 +1,7 @@
 #
-# spec file for package strongswan (Version 4.1.9)
+# spec file for package strongswan (Version 4.1.11)
 #
-# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
 # package are under the same license as the package itself.
 #
@@ -10,11 +10,12 @@
 
 # norootforbuild
 
+
 Name:           strongswan
-%define         upstream_version 4.1.9
+%define         upstream_version 4.1.11
 %define         strongswan_docdir %{_docdir}/%{name}
-Version:        4.1.9
+Version:        4.1.11
-Release:        6
+Release:        1
 License:        GPL v2 or later
 Group:          Productivity/Networking/Security
 Summary:        StrongSwan -- OpenSource IPsec-based VPN Solution
@@ -28,9 +29,7 @@ AutoReqProv:    on
 Source0:        http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2
 Source1:        http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2.sig
 Source2:        %{name}.init.in
-Patch1:         %{name}_path.dif
+Patch1:         %{name}_modprobe_syslog.dif
-Patch2:         %{name}_ipsec_script_msg.dif
-Patch3:         %{name}_modprobe_syslog.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  bison flex gmp-devel gperf pkg-config
 %if 0%{?suse_version} >= 1030
@@ -49,9 +48,11 @@ StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
 * runs both on Linux 2.4 (KLIPS IPsec) and Linux 2.6 (NETKEY IPsec)
    kernels
 
-* supports both the IKEv1 and IKEv2 (RFC 4306) key exchange
+* implements both the IKEv1 and IKEv2 (RFC 4306) key exchange
    protocols
 
+* NEW: Fully tested support of IPv6 IPsec tunnel connections
+
 * Dynamical IP address and interface update with IKEv2 MOBIKE (RFC
    4555)
 
@@ -123,8 +124,6 @@ Authors:
 %prep
 %setup -q -n %{name}-%{upstream_version}
 %patch1 -p0
-%patch2 -p0
-%patch3 -p0
 sed -e 's|@libexecdir@|%_libexecdir|g'    \
      < $RPM_SOURCE_DIR/strongswan.init.in \
      > strongswan.init
@@ -251,8 +250,25 @@ fi
 %{_mandir}/man8/pluto.8*
 %{_mandir}/man8/scepclient.8*
 %{_mandir}/man8/starter.8*
+
 %changelog
-* Sat Dec 08 2007 - mt@suse.de
+* Tue Feb 19 2008 mt@suse.de
+- Updated to 4.1.11 maintenance release, providing following fixes:
+  * IKE rekeying in NAT situations did not inherit the NAT conditions
+  to the rekeyed IKE_SA so that the UDP encapsulation was lost with
+  the next CHILD_SA rekeying.
+  * Wrong type definition of the next_payload variable in id_payload.c
+  caused an INVALID_SYNTAX error on PowerPC platforms.
+  * Implemented IKEv2 EAP-SIM server and client test modules that use
+  triplets stored in a file. For details on the configuration see
+  the scenario 'ikev2/rw-eap-sim-rsa'.
+- The 4.1.10 final version, declared upstream as "Fully tested support
+  of IPv6 IPsec tunnel connections", fixes ordering error in oscp cache,
+  IPv6 defaults of the nexthop parameter, adds support for new EAP
+  modules [disabled in this build] and obsoletes our strongswan_path
+  and strongswan_ipsec_script_msg patches.
+- Removed a sed call from init script.
+* Sat Dec 08 2007 mt@suse.de
 - Updated to 4.1.9 final, including all our patches.
 - Changed init script to use ipsec cmd using LSB codes now.
 - Added strongswan_path.dif setting a PATH in scripts (updown).
@@ -260,9 +276,9 @@ fi
   ipsec script messages.
 - Added strongswan_modprobe_syslog.dif redirecting modprobe
   output to syslog.
-* Mon Nov 26 2007 - mt@suse.de
+* Mon Nov 26 2007 mt@suse.de
 - Renamed charon plugins to avoid rpm conflicts with existing
   libraries (libstroke). Patch: strongswan-libconflicts.dif
 - Added init script. Template file: strongswan.init.in
-* Thu Nov 22 2007 - mt@suse.de
+* Thu Nov 22 2007 mt@suse.de
 - Initial, unfinished package

strongswan_ipsec_script_msg.dif

@@ -1,20 +0,0 @@
---- src/ipsec/ipsec.in
-+++ src/ipsec/ipsec.in	2007/12/06 09:21:17
-@@ -166,7 +166,7 @@ reload)
- 		echo "Reloading strongSwan IPsec configuration..." >&2
- 		kill -s USR1 `cat $IPSEC_STARTER_PID` 2>/dev/null && rc=0
- 	else
--		echo "ipsec starter is not running" >&2
-+		echo "Reloading strongSwan IPsec: starter is not running" >&2
- 	fi
- 	exit "$rc"
- 	;;
-@@ -285,7 +285,7 @@ stop)
- 			fi
- 		fi
- 	else
--	    	echo "ipsec starter is not running" >&2
-+	    	echo "Stopping strongSwan IPsec: starter is not running" >&2
- 	fi
- 	exit 0
- 	;;

strongswan_path.dif

@@ -1,24 +0,0 @@
---- src/ipsec/ipsec.in
-+++ src/ipsec/ipsec.in	2007/12/05 08:15:29
-@@ -16,6 +16,9 @@
- #
- # RCSID $Id: ipsec.in 3370 2007-11-29 18:27:04Z andreas $
- 
-+PATH="/sbin:/bin:/usr/sbin:/usr/bin"
-+export PATH
-+
- # name and version of the ipsec implementation
- IPSEC_NAME="@IPSEC_NAME@"
- IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`"
---- src/_updown/_updown.in
-+++ src/_updown/_updown.in	2007/12/05 08:15:29
-@@ -118,6 +118,9 @@
- #              restricted on the peer side.
- #
- 
-+PATH="/sbin:/bin:/usr/sbin:/usr/bin"
-+export PATH
-+
- # uncomment to log VPN connections
- VPN_LOGGING=1
- #