OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=3

strongswan-4.1.11.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9d2761b780fd8b11eafce63dc44336ece6941405dae819bd03e62a5f6b2f82fb
-size 2234335

strongswan-4.1.11.tar.bz2.sig

@@ -1,9 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.6 (GNU/Linux)
-
-iQCVAwUAR7TA89YbDnNAmVNZAQJS6wQAil7xDrAGwYgFOaDpv4h6tF53TnQBepLK
-FhEnxtPNmk5YAwhu8t3qsHIOERzctKt8vwh0fnNZTKP3GeKWl+7f4zYOlQPKEW+S
-ltsE9dfLBjNDPlToTJHKre6i+u9l+scndf8087vinzsgnqK/JXyGKQ58cAts0ytV
-JbBe/WhlOiA=
-=t33J
------END PGP SIGNATURE-----

strongswan-4.2.1-rpmlintrc

@@ -0,0 +1,4 @@
+addFilter('strongswan.* shlib-policy-missing-suffix')
+addFilter("strongswan.* incoherent-init-script-name ipsec")
+addFilter("strongswan.* devel-file-in-non-devel-package .*/usr/lib.*/ipsec/plugins")
+

strongswan-4.2.1.dif

@@ -0,0 +1,22 @@
+--- src/charon/network/socket-raw.c
++++ src/charon/network/socket-raw.c	2008/04/23 09:46:10
+@@ -16,6 +16,9 @@
+  *
+  * $Id: socket-raw.c 3589 2008-03-13 14:14:44Z martin $
+  */
++#ifndef _GNU_SOURCE
++#define _GNU_SOURCE
++#endif
+ 
+ #include <pthread.h>
+ #include <sys/types.h>
+--- src/charon/plugins/stroke/stroke_cred.c
++++ src/charon/plugins/stroke/stroke_cred.c	2008/04/23 09:05:26
+@@ -19,6 +19,7 @@
+ #include "stroke_shared_key.h"
+ 
+ #include <sys/stat.h>
++#include <limits.h>
+ 
+ #include <credentials/certificates/x509.h>
+ #include <credentials/certificates/crl.h>

strongswan-4.2.1.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:81203cad6e365ac4c5a8203103d75b44916d8f57167e914805000c78912a508f
+size 2346505

strongswan-4.2.1.tar.bz2.sig

@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (GNU/Linux)
+
+iQCVAwUASAmpYdYbDnNAmVNZAQLJYQP+Oa8Eqko/tzGdhHVtasGSdGj9S5gkeRqI
+69mHMB1zTqabicknP4UuZI50G0V6RgAOA18/zilkeuqRfeD9YmYaTnAX1sDFVDRC
+jgYUrSWlrsqaHk+WctShLO8WN88AIXzQZXPTjQ0rAyyhVpH3PKZliLtCQE9hGN1I
+p8qt8BTPwVs=
+=szkI
+-----END PGP SIGNATURE-----

strongswan.changes

@@ -1,3 +1,44 @@
+-------------------------------------------------------------------
+Wed Apr 23 14:28:41 CEST 2008 - mt@suse.de
+
+- Updated to 4.2.1 release. A lot of code refactoring in the 4.2
+  release provides much more modularity and therefore much more
+  extensiblity and offers the following new features:
+  * libstrongswan has been modularized to attach crypto algorithms,
+  credential implementations (secret and private keys, certificates)
+  and http/ldap fetchers dynamically through plugins.
+  * A relational database API that uses pluggable database providers
+  was added to libstrongswan including plugins for MySQL and SQLite.
+  * The IKEv2 keying charon daemon has become more extensible. Generic
+  plugins can provide arbitrary interfaces to credential stores and
+  connection management interfaces. Also any EAP method can be added.
+  * The authentication and credential framework in charon has been
+  heavily refactored to support modular credential providers, proper
+  CERTREQ/CERT payload exchanges and extensible authorization rules.
+  * Support for "Hash and URL" encoded certificate payloads has been
+  implemented in the IKEv2 daemon charon.
+  * The IKEv2 daemon charon now supports the "uniqueids" option to
+  close multiple IKE_SAs with the same peer.
+  * The crypto factory in libstrongswan additionally supports random
+  number generators. Plugins may provide other sources of randomness.
+  * Extended the credential framework by a caching option to allow
+  plugins persistent caching of fetched credentials.
+  * The new trust chain verification introduced in 4.2.0 has been
+  parallelized. Threads fetching CRL or OCSP information no longer
+  block other threads.
+  * A new IKEv2 configuration attribute framework has been introduced
+  allowing plugins to provide virtual IP addresses, and in the future,
+  other configuration attribute services (e.g. DNS/WINS servers).
+  * The stroke plugin has been extended to provide virtual IP addresses
+  from a simple pool defined in ipsec.conf.
+  * Fixed compilation on uClibc and a couple of other minor bugs.
+  * The IKEv1 pluto daemon now supports the ESP encryption algorithm
+  CAMELLIA with key lengths of 128, 192, and 256 bits, as well as the
+  authentication algorithm AES_XCBC_MAC.
+- Applied a small patch defining _GNU_SOURCE for struct in6_pktinfo
+  and adding inclusion of limits.h for PATH_MAX availability.
+- Added rpmlintrc file and a libtoolize call to the spec file.
+
 -------------------------------------------------------------------
 Tue Feb 19 11:44:03 CET 2008 - mt@suse.de
 

strongswan.spec

@@ -1,5 +1,5 @@
 #
-# spec file for package strongswan (Version 4.1.11)
+# spec file for package strongswan (Version 4.2.1)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@@ -12,9 +12,9 @@
 
 
 Name:           strongswan
-%define         upstream_version 4.1.11
+%define         upstream_version 4.2.1
 %define         strongswan_docdir %{_docdir}/%{name}
-Version:        4.1.11
+Version:        4.2.1
 Release:        1
 License:        GPL v2 or later
 Group:          Productivity/Networking/Security
@@ -29,7 +29,9 @@ AutoReqProv:    on
 Source0:        http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2
 Source1:        http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2.sig
 Source2:        %{name}.init.in
+Source3:        %{name}-%{version}-rpmlintrc
 Patch1:         %{name}_modprobe_syslog.dif
+Patch2:         %{name}-%{upstream_version}.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  bison flex gmp-devel gperf pkg-config
 %if 0%{?suse_version} >= 1030
@@ -106,6 +108,7 @@ Authors:
     and others
 
 %package doc
+License:        GPL v2 or later
 Summary:        StrongSwan -- OpenSource IPsec-based VPN Solution
 Group:          Productivity/Networking/Security
 
@@ -124,6 +127,7 @@ Authors:
 %prep
 %setup -q -n %{name}-%{upstream_version}
 %patch1 -p0
+%patch2 -p0
 sed -e 's|@libexecdir@|%_libexecdir|g'    \
      < $RPM_SOURCE_DIR/strongswan.init.in \
      > strongswan.init
@@ -131,6 +135,7 @@ sed -e 's|@libexecdir@|%_libexecdir|g'    \
 %build
 export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -W -Wall"
 export CFLAGS="$RPM_OPT_FLAGS"
+libtoolize --force
 %{?suse_update_config:%{suse_update_config -f}}
 autoreconf
 %configure \
@@ -194,6 +199,7 @@ fi
 %defattr(-,root,root)
 %config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.conf
 %config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.secrets
+%config(noreplace) %attr(600,root,root) %{_sysconfdir}/strongswan.conf
 %dir %{_sysconfdir}/ipsec.d
 %dir %{_sysconfdir}/ipsec.d/crls
 %dir %{_sysconfdir}/ipsec.d/reqs
@@ -252,6 +258,44 @@ fi
 %{_mandir}/man8/starter.8*
 
 %changelog
+* Wed Apr 23 2008 mt@suse.de
+- Updated to 4.2.1 release. A lot of code refactoring in the 4.2
+  release provides much more modularity and therefore much more
+  extensiblity and offers the following new features:
+  * libstrongswan has been modularized to attach crypto algorithms,
+  credential implementations (secret and private keys, certificates)
+  and http/ldap fetchers dynamically through plugins.
+  * A relational database API that uses pluggable database providers
+  was added to libstrongswan including plugins for MySQL and SQLite.
+  * The IKEv2 keying charon daemon has become more extensible. Generic
+  plugins can provide arbitrary interfaces to credential stores and
+  connection management interfaces. Also any EAP method can be added.
+  * The authentication and credential framework in charon has been
+  heavily refactored to support modular credential providers, proper
+  CERTREQ/CERT payload exchanges and extensible authorization rules.
+  * Support for "Hash and URL" encoded certificate payloads has been
+  implemented in the IKEv2 daemon charon.
+  * The IKEv2 daemon charon now supports the "uniqueids" option to
+  close multiple IKE_SAs with the same peer.
+  * The crypto factory in libstrongswan additionally supports random
+  number generators. Plugins may provide other sources of randomness.
+  * Extended the credential framework by a caching option to allow
+  plugins persistent caching of fetched credentials.
+  * The new trust chain verification introduced in 4.2.0 has been
+  parallelized. Threads fetching CRL or OCSP information no longer
+  block other threads.
+  * A new IKEv2 configuration attribute framework has been introduced
+  allowing plugins to provide virtual IP addresses, and in the future,
+  other configuration attribute services (e.g. DNS/WINS servers).
+  * The stroke plugin has been extended to provide virtual IP addresses
+  from a simple pool defined in ipsec.conf.
+  * Fixed compilation on uClibc and a couple of other minor bugs.
+  * The IKEv1 pluto daemon now supports the ESP encryption algorithm
+  CAMELLIA with key lengths of 128, 192, and 256 bits, as well as the
+  authentication algorithm AES_XCBC_MAC.
+- Applied a small patch defining _GNU_SOURCE for struct in6_pktinfo
+  and adding inclusion of limits.h for PATH_MAX availability.
+- Added rpmlintrc file and a libtoolize call to the spec file.
 * Tue Feb 19 2008 mt@suse.de
 - Updated to 4.1.11 maintenance release, providing following fixes:
   * IKE rekeying in NAT situations did not inherit the NAT conditions