forked from pool/strongswan
Accepting request 800175 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/800175 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=74
This commit is contained in:
commit
b280c57b1d
@ -1,12 +0,0 @@
|
|||||||
diff -Naur strongswan-5.8.2.orig/src/swanctl/swanctl.h strongswan-5.8.2/src/swanctl/swanctl.h
|
|
||||||
--- strongswan-5.8.2.orig/src/swanctl/swanctl.h 2018-12-14 16:48:24.000000000 +0100
|
|
||||||
+++ strongswan-5.8.2/src/swanctl/swanctl.h 2020-03-26 07:54:21.876224209 +0100
|
|
||||||
@@ -30,7 +30,7 @@
|
|
||||||
/**
|
|
||||||
* Base directory for credentials and config
|
|
||||||
*/
|
|
||||||
-char *swanctl_dir;
|
|
||||||
+extern char *swanctl_dir;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Configuration file for connections, etc.
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:86900ddbe7337c923dadf2c8339ae8ed2b9158e3691745884d08ae534677430e
|
|
||||||
size 4533402
|
|
@ -1,14 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
Version: GnuPG v1
|
|
||||||
|
|
||||||
iQGcBAABAgAGBQJd+MscAAoJEN9CwXCzTbp3f6ML/0y5DGj7CytdIWcT7ODbZ5Dt
|
|
||||||
S8MS2BHxUJ4cgzB8InCK4wNQFpyzRhR2goPly1B8RVNSVSfdyvqfSC/A++esZe3m
|
|
||||||
wwjsjzjWYVaNnkj1lrl/8azOiDkD/uA/NaaUcASp6hoJIJQALYW5HfPjL/S/hC+v
|
|
||||||
iVio5Fy9c/9HGJEeeZxqRMp/gTNjvh05hbP9ukLADk6klphwaNFg5o0YNgf1NJFE
|
|
||||||
CBo/rGJNVfvEUUlJMLiBlFCBaPMOIjoIXODpjootRioDpnF6IonfcoIGiR6TuRQC
|
|
||||||
zR3u3Zhgpe4tJfkKCpCCSPGwMCcwreMAUwzRf/U/HDUSPZX+c4sBOIl8eedwVA77
|
|
||||||
DjNlktwmPta8x4YOh6NB3ghAwwztEkPvvaAIcwH0gh1DkjIicFr2VkoXIS5jqaVN
|
|
||||||
bK2YvTQ7StZa35VaEYnlu5JzIchPlqhXND6sWLWJolnwrNWskZyojVYioyIv3KJJ
|
|
||||||
tXphbN0HHCfLPs5vX8/X97IAa06tsnEOZEZg5Sk3Jw==
|
|
||||||
=VHUc
|
|
||||||
-----END PGP SIGNATURE-----
|
|
3
strongswan-5.8.4.tar.bz2
Normal file
3
strongswan-5.8.4.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:2d9a57e33813b62d58cba07531c4d5a35c6b823dfe9b8ff7c623b6571f02553c
|
||||||
|
size 4546240
|
14
strongswan-5.8.4.tar.bz2.sig
Normal file
14
strongswan-5.8.4.tar.bz2.sig
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
Version: GnuPG v1
|
||||||
|
|
||||||
|
iQGcBAABAgAGBQJegIHmAAoJEN9CwXCzTbp3onEL/iwMScWYL6KgjQCJp2acqFZf
|
||||||
|
R+aVc18W/Pb4z6Qc8YghcVPlXG1L9cyfHTCHV3jNPXAX3qB+EMSG+DVfY7INdOfg
|
||||||
|
3It6rVLwMLMYiPmmsMUoZpOfM4Fpw5rM6fjWPI3KogUpjF814TN1JJNIXC0e5jA0
|
||||||
|
AxzLczzhhNbG+YnSdSDd/XhjG816QDYAv1WdoFvgP65QSVBKmQPzZz+ons6Ivjl5
|
||||||
|
Il3Tly5IJnOeDfe/K0bsnNBXomjIWnQDtlwG4wfAFJV6YwTtJEvwMErQg9W9iVHY
|
||||||
|
tndOdn/C8CfPXVnaBAbnkX3Vk9MWhLP+pFMF56Xojga8gPkqTD15zLubVlx8Gzal
|
||||||
|
dW3s7qi0bmca10JwzOpuDePhzziemcqpsexdlhOuffaz+GZ2wHfupeixVXuFoV+F
|
||||||
|
b3/htxfibnU8IqQl0YCdYh4vwKYwr6cz07TphmQBhrsLy8SjVr/EngPreDVDCgJ4
|
||||||
|
tip0FJvV6yU7RTyNHqJOvKfwz9AEbo1ZRsfEEi6Qxw==
|
||||||
|
=Xj8F
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,3 +1,65 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri May 1 09:39:42 UTC 2020 - Bjørn Lie <bjorn.lie@gmail.com>
|
||||||
|
|
||||||
|
- Update to version 5.8.4:
|
||||||
|
* In IKEv1 Quick Mode make sure that a proposal exists before
|
||||||
|
determining lifetimes (fixes a crash due to a null-pointer
|
||||||
|
dereference in 5.8.3).
|
||||||
|
* OpenSSL currently doesn't support squeezing bytes out of a
|
||||||
|
SHAKE128/256 XOF (support was added with 5.8.3) multiple times.
|
||||||
|
Unfortunately, EVP_DigestFinalXOF() completely resets the
|
||||||
|
context and later calls not simply fail, they cause a
|
||||||
|
null-pointer dereference in libcrypto. c5c1898d73 fixes the
|
||||||
|
crash at the cost of repeating initializing the whole state and
|
||||||
|
allocating too much data for subsequent calls (hopefully, once
|
||||||
|
the OpenSSL issue 7894 is resolved we can implement this more
|
||||||
|
efficiently).
|
||||||
|
* On 32-bit platforms, reading arbitrary 32-bit integers from
|
||||||
|
config files (e.g. for charon.spi_min/max) has been fixed.
|
||||||
|
* charon-nm now allows using fixed source ports.
|
||||||
|
- Changes from version 5.8.3:
|
||||||
|
* Updates for the NM plugin (and backend, which has to be updated
|
||||||
|
to be compatible):
|
||||||
|
+ EAP-TLS authentication (#2097)
|
||||||
|
+ Certificate source (file, agent, smartcard) is selectable
|
||||||
|
independently
|
||||||
|
+ Add support to configure local and remote identities (#2581)
|
||||||
|
+ Support configuring a custom server port (#625)
|
||||||
|
+ Show hint regarding password storage policy
|
||||||
|
+ Replaced the term "gateway" with "server"
|
||||||
|
+ Fixes build issues due to use of deprecated GLib
|
||||||
|
macros/functions
|
||||||
|
+ Updated Glade file to GTK 3.2
|
||||||
|
* The NM backend now supports reauthentication and redirection.
|
||||||
|
* Previously used reqids are now reallocated, which works around
|
||||||
|
an issue on FreeBSD where the kernel doesn't allow the daemon
|
||||||
|
to use reqids > 16383 (#2315).
|
||||||
|
* On Linux, throw type routes are installed in table 220 for
|
||||||
|
passthrough policies. The kernel will then fall back on routes
|
||||||
|
in routing tables with lower priorities for matching traffic.
|
||||||
|
This way, they require less information (e.g. no interface or
|
||||||
|
source IP) and can be installed earlier and are not affected by
|
||||||
|
updates.
|
||||||
|
* For IKEv1, the lifetimes of the actually selected transform are
|
||||||
|
returned to the initiator, which is an issue if the peer uses
|
||||||
|
different lifetimes for different transforms (#3329). We now
|
||||||
|
also return the correct transform and proposal IDs (proposal ID
|
||||||
|
was always 0, transform ID 1). IKE_SAs are now not
|
||||||
|
re-established anymore (e.g. after several retransmits) if a
|
||||||
|
deletion has been queued (#3335).
|
||||||
|
* Added support for Ed448 keys and certificates via openssl
|
||||||
|
plugin and pki tool.
|
||||||
|
* Added support for SHA-3 and SHAKE128/256 in the openssl plugin.
|
||||||
|
* The use of algorithm IDs from the private use range can now be
|
||||||
|
enabled globally, to use them even if no strongSwan vendor ID
|
||||||
|
was exchanged (05e373aeb0).
|
||||||
|
* Fixed a compiler issue that may have caused invalid keyUsage
|
||||||
|
extensions in certificates (#3249).
|
||||||
|
* A lot of spelling fixes.
|
||||||
|
* Fixed several reported issues.
|
||||||
|
- Drop 0006-Resolve-multiple-definition-of-swanctl_dir.patch: Fixed
|
||||||
|
upstream.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Mar 31 16:42:23 UTC 2020 - Madhu Mohan Nelemane <mmnelemane@suse.com>
|
Tue Mar 31 16:42:23 UTC 2020 - Madhu Mohan Nelemane <mmnelemane@suse.com>
|
||||||
|
|
||||||
|
@ -17,7 +17,7 @@
|
|||||||
|
|
||||||
|
|
||||||
Name: strongswan
|
Name: strongswan
|
||||||
Version: 5.8.2
|
Version: 5.8.4
|
||||||
Release: 0
|
Release: 0
|
||||||
%define upstream_version %{version}
|
%define upstream_version %{version}
|
||||||
%define strongswan_docdir %{_docdir}/%{name}
|
%define strongswan_docdir %{_docdir}/%{name}
|
||||||
@ -80,7 +80,6 @@ Patch2: %{name}_ipsec_service.patch
|
|||||||
Patch3: %{name}_fipscheck.patch
|
Patch3: %{name}_fipscheck.patch
|
||||||
%endif
|
%endif
|
||||||
Patch5: 0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch
|
Patch5: 0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch
|
||||||
Patch6: 0006-Resolve-multiple-definition-of-swanctl_dir.patch
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
BuildRequires: bison
|
BuildRequires: bison
|
||||||
BuildRequires: curl-devel
|
BuildRequires: curl-devel
|
||||||
@ -257,7 +256,6 @@ and the load testing plugin for IKEv2 daemon.
|
|||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
%endif
|
%endif
|
||||||
%patch5 -p1
|
%patch5 -p1
|
||||||
%patch6 -p1
|
|
||||||
sed -e 's|@libexecdir@|%_libexecdir|g' \
|
sed -e 's|@libexecdir@|%_libexecdir|g' \
|
||||||
< %{_sourcedir}/strongswan.init.in \
|
< %{_sourcedir}/strongswan.init.in \
|
||||||
> strongswan.init
|
> strongswan.init
|
||||||
|
Loading…
Reference in New Issue
Block a user