From 576d175479cf6d62043a06c4c5b257fb3f01943af55a22415d9273e133ff46e9 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.com>
Date: Thu, 8 Sep 2011 15:17:43 +0000
Subject: [PATCH] - Updated to strongSwan 4.5.2 release, changes overview since
 4.5.2:   * Our private libraries (e.g. libstrongswan) are not installed
 directly in     prefix/lib anymore. Instead a subdirectory is used
 (prefix/lib/ipsec/ by     default). The plugins directory is also moved from
 libexec/ipsec/ to that     directory.   * The dynamic IMC/IMV libraries were
 moved from the plugins directory to     a new imcvs directory in the
 prefix/lib/ipsec/ subdirectory.   * Job priorities were introduced to prevent
 thread starvation caused by too     many threads handling blocking operations
 (such as CRL fetching).   * Two new strongswan.conf options allow to
 fine-tune performance on IKEv2     gateways by dropping IKE_SA_INIT requests
 on high load.   * IKEv2 charon daemon supports PASS and DROP shunt policies  
   preventing traffic to go through IPsec connections. Installation of the    
 shunt policies either via the XFRM netfilter or PFKEYv2 IPsec kernel    
 interfaces.   * The history of policies installed in the kernel is now
 tracked so that e.g.     trap policies are correctly updated when
 reauthenticated SAs are terminated.   * IMC/IMV Scanner pair implementing the
 RFC 5792 PA-TNC (IF-M) protocol.     Using "netstat -l" the IMC scans open
 listening ports on the TNC client     and sends a port list to the IMV which
 based on a port policy decides if     the client is admitted to the network. 
  * IMC/IMV Test pair implementing the RFC 5792 PA-TNC (IF-M) protocol.   *
 The IKEv2 close action does not use the same value as the ipsec.conf
 dpdaction     setting, but the value defined by its own closeaction keyword.
 The action     is triggered if the remote peer closes a CHILD_SA
 unexpectedly.

OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=28
---
 _service                                      |  4 +--
 ...vice:download_url:strongswan-4.5.2.tar.bz2 |  3 --
 ...:download_url:strongswan-4.5.2.tar.bz2.sig | 14 ---------
 ...vice:download_url:strongswan-4.5.3.tar.bz2 |  3 ++
 ...:download_url:strongswan-4.5.3.tar.bz2.sig | 14 +++++++++
 ....2-rpmlintrc => strongswan-4.5.3-rpmlintrc |  0
 strongswan.changes                            | 29 +++++++++++++++++++
 strongswan.spec                               |  6 ++--
 8 files changed, 51 insertions(+), 22 deletions(-)
 delete mode 100644 _service:download_url:strongswan-4.5.2.tar.bz2
 delete mode 100644 _service:download_url:strongswan-4.5.2.tar.bz2.sig
 create mode 100644 _service:download_url:strongswan-4.5.3.tar.bz2
 create mode 100644 _service:download_url:strongswan-4.5.3.tar.bz2.sig
 rename strongswan-4.5.2-rpmlintrc => strongswan-4.5.3-rpmlintrc (100%)

diff --git a/_service b/_service
index 33e352a..ce88279 100644
--- a/_service
+++ b/_service
@@ -1,3 +1,3 @@
 <services>
-  <service name="download_url"><param name="path">/strongswan-4.5.2.tar.bz2.sig</param><param name="host">download.strongswan.org</param></service>
-<service name="download_url"><param name="path">/strongswan-4.5.2.tar.bz2</param><param name="host">download.strongswan.org</param></service></services>
\ No newline at end of file
+  <service name="download_url"><param name="path">/strongswan-4.5.3.tar.bz2.sig</param><param name="host">download.strongswan.org</param></service>
+<service name="download_url"><param name="path">/strongswan-4.5.3.tar.bz2</param><param name="host">download.strongswan.org</param></service></services>
diff --git a/_service:download_url:strongswan-4.5.2.tar.bz2 b/_service:download_url:strongswan-4.5.2.tar.bz2
deleted file mode 100644
index 8da6943..0000000
--- a/_service:download_url:strongswan-4.5.2.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f13b5db946393dacc8590db7397b3ddd56eb37619f93a482a9c6cf9d556e105a
-size 3271219
diff --git a/_service:download_url:strongswan-4.5.2.tar.bz2.sig b/_service:download_url:strongswan-4.5.2.tar.bz2.sig
deleted file mode 100644
index 6089e7f..0000000
--- a/_service:download_url:strongswan-4.5.2.tar.bz2.sig
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.11 (GNU/Linux)
-
-iQGcBAABAgAGBQJNzvEVAAoJEN9CwXCzTbp3iKMMAJ2jhS0kbzGn/E3osePgMJHH
-lVbhKag6rnIQfNS9lelBrdJLI/3xV6b88geqvcCgcK2X545X4PUcQtZm08N75qLH
-Vjku1qKcKjrPa65glD0nkRYg4MS9dN+obYiPl+S6HhrDO05pvddhSx2a7YA97F8W
-7CAbZdULLIIgVlC2plv+W3y1tLQNQEP4rS7FrzMVuTeZCw3W0XawQMvIOwckLEfE
-AHMGXrFjevvipOr9pOD5uzi9kJFQGsw2kl7+W2o9mZUlkFGlgVFemH/T5WUaz/BJ
-ha1HLdsgIOOJQlLV+bj7bFTbNkkVEdY4hr4c+9JHWr6vRhe/7zrRCP5PIidnqpQ2
-e5O/26qzz1IyRRA4v/KO5b35BTp5dJjPeeOknLz+vBptMiU7uXpUtT0NmsojSw0f
-SOli9Kl9RSLL+7E6y8k6qU8uWxfTIRsVWsmBZQkdByY4Ua1UtMv67YdRlaxgwe/M
-xpu2k+aSGZVcUBrvOf3GFT9I6pL+orac4+gYBGIJJw==
-=LG31
------END PGP SIGNATURE-----
diff --git a/_service:download_url:strongswan-4.5.3.tar.bz2 b/_service:download_url:strongswan-4.5.3.tar.bz2
new file mode 100644
index 0000000..190cb12
--- /dev/null
+++ b/_service:download_url:strongswan-4.5.3.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a59fa0d9820fb06a3c848f4537b9256d2067265ad10e1b007b79f3b16279f1ff
+size 3299522
diff --git a/_service:download_url:strongswan-4.5.3.tar.bz2.sig b/_service:download_url:strongswan-4.5.3.tar.bz2.sig
new file mode 100644
index 0000000..1087a44
--- /dev/null
+++ b/_service:download_url:strongswan-4.5.3.tar.bz2.sig
@@ -0,0 +1,14 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iQGcBAABAgAGBQJOOFNGAAoJEN9CwXCzTbp37JUL/jmWmoYQ4qcSQtCfyLbW761a
+8HvTeoAB+gE8srcOCdnSy/i+ebVp4My3VwwivQwCHWHcbC29RjZsytRxsItqN3UR
+4LCEMQ9PA6oIHl7EPumc24RfcWd4TBrlxyk/TeOYOyT0GAjvPF+w0T73pEBMQHGF
+qHQXziblGfB9pxxyVJpvPq7yW+wS7nIj+8B7evitC5TimW5D3rGN1eav+da16ynl
+RJuGtRlxKTy/dnC+WzbJtyxGITcnl2lPao3SilazKDx55OEMboxSTfX3x0QZ2Y2z
+jIV3UzmTh7ZTqOpGrxhMr8lPiuB9w9PWCzfno0WB99suzo7IQtjyfYRifa0A/b3S
+Wtp4OLdBwgStnlQdXhk2INhBSMVH3FRGZOwzr7Eb2SLK2v0BDYn3/rPSZMd2bivO
+zRQeYE9LfuUpJT2BTB69YsAg3pvU55g2mU7GD8cojkxcT60HHKl4ykzwR0dTJjyK
+CwV6JYoWDGkZqwrRfwJrf9o6Xlk4KdyyQGRRm/8hqg==
+=7D0s
+-----END PGP SIGNATURE-----
diff --git a/strongswan-4.5.2-rpmlintrc b/strongswan-4.5.3-rpmlintrc
similarity index 100%
rename from strongswan-4.5.2-rpmlintrc
rename to strongswan-4.5.3-rpmlintrc
diff --git a/strongswan.changes b/strongswan.changes
index cd0cec6..c30245d 100644
--- a/strongswan.changes
+++ b/strongswan.changes
@@ -1,3 +1,32 @@
+-------------------------------------------------------------------
+Thu Sep  8 12:42:51 UTC 2011 - mt@suse.com
+
+- Updated to strongSwan 4.5.2 release, changes overview since 4.5.2:
+  * Our private libraries (e.g. libstrongswan) are not installed directly in
+    prefix/lib anymore. Instead a subdirectory is used (prefix/lib/ipsec/ by
+    default). The plugins directory is also moved from libexec/ipsec/ to that
+    directory.
+  * The dynamic IMC/IMV libraries were moved from the plugins directory to
+    a new imcvs directory in the prefix/lib/ipsec/ subdirectory.
+  * Job priorities were introduced to prevent thread starvation caused by too
+    many threads handling blocking operations (such as CRL fetching).
+  * Two new strongswan.conf options allow to fine-tune performance on IKEv2
+    gateways by dropping IKE_SA_INIT requests on high load.
+  * IKEv2 charon daemon supports PASS and DROP shunt policies
+    preventing traffic to go through IPsec connections. Installation of the
+    shunt policies either via the XFRM netfilter or PFKEYv2 IPsec kernel
+    interfaces.
+  * The history of policies installed in the kernel is now tracked so that e.g.
+    trap policies are correctly updated when reauthenticated SAs are terminated.
+  * IMC/IMV Scanner pair implementing the RFC 5792 PA-TNC (IF-M) protocol.
+    Using "netstat -l" the IMC scans open listening ports on the TNC client
+    and sends a port list to the IMV which based on a port policy decides if
+    the client is admitted to the network.
+  * IMC/IMV Test pair implementing the RFC 5792 PA-TNC (IF-M) protocol.
+  * The IKEv2 close action does not use the same value as the ipsec.conf dpdaction
+    setting, but the value defined by its own closeaction keyword. The action
+    is triggered if the remote peer closes a CHILD_SA unexpectedly.
+
 -------------------------------------------------------------------
 Sun May 29 16:37:00 UTC 2011 - jcnengel@googlemail.com
 
diff --git a/strongswan.spec b/strongswan.spec
index ac6987c..29039eb 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -19,7 +19,9 @@
 
 
 Name:           strongswan
-%define         upstream_version 4.5.2
+Version:        4.5.3
+Release:        0
+%define         upstream_version   %{version}
 %define         strongswan_docdir  %{_docdir}/%{name}
 %define         strongswan_plugins %{_libexecdir}/ipsec/plugins
 %define		with_mysql	1
@@ -27,8 +29,6 @@ Name:           strongswan
 %define		with_gcrypt	0%{suse_version} >= 1110
 %define		with_nm		0%{suse_version} >= 1110
 %define		with_tests	0
-Version:        4.5.2
-Release:        1
 License:        GPLv2+
 Group:          Productivity/Networking/Security
 Summary:        OpenSource IPsec-based VPN Solution