Accepting request 975521 from network:vpn

Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/975521
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=84

strongswan-5.9.5.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:983e4ef4a4c6c9d69f5fe6707c7fe0b2b9a9291943bbf4e008faab6bf91c0bdd
-size 4722123

strongswan-5.9.5.tar.bz2.sig

@@ -1,14 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmHuiPcACgkQ30LBcLNN
-unc6EAv+ON1HCA3pkhP63Nj7xQr0KilMcZ+VsMVcb0gNHzQSN/Ab2+Kw3cEawnoA
-r9Zd3MDMl+uNWfstYLpaQazamLa+iBIYnzjZk63UYJnabaJdWKY1ATmSE1zfEHLr
-wBMtH9FYCAipygY4yFW7zCMcPvn9/pOW1JPCKlWHK6fZadVi09QhOF02Bi9kfSFT
-d1y/rlv3Mz9jeYf1Q4BgoeN72TQLYxq8+LTXjuY1y0x4mguRpS6KMbvOZiob1I56
-yDx/OiurKqa9+agjdimvwL8sBeIGdpJYFDjfMAxeW4NNgwyyjAcWzwR7WLCO+41c
-GdSNi3QLEWdg1whqXXxzPu7lMx1k1C7bkmfBVTTvX4CS+Nz2QokOm95eSK02dJcI
-Q8eIpkc8NbOHY9T6hnPrSxXcYBCswsV1IqkipF0PfDFTO/oq7MipH3nkhJAJgvPR
-zT2IUGPTB9gnlNCU3dmve2v8of4P4GDP/RYIxI+4alBkfAg0rH08pPZiEo/7nO91
-uylNol4Q
-=asUK
------END PGP SIGNATURE-----

strongswan-5.9.6.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:91d0978ac448912759b85452d8ff0d578aafd4507aaf4f1c1719f9d0c7318ab7
+size 4750894

strongswan-5.9.6.tar.bz2.sig

@@ -0,0 +1,14 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmJrATYACgkQ30LBcLNN
+unc45QwAm8gL8D9+YO96mG4eSOGqOYh6f7MHG7mGi22PEq0DnGgT7fKvrDeSVi2/
+cOJlJ27rB3FAztAFm1n7+CAjmUXajxsUnismJx4v7zNF6d999hyvYguhcRh/XeD+
++UN0VdtNVjkzxzV+2TcNOA0hnIxVRPFO7m02eHvpr+F/Jphb6o/6oKFq9RzIjG9T
+sGvv6mucMHG+Bzs8A2PGywxcMggr6+AsIDRHzaM3CE92uI43smBNYgt31i8IsCu5
+R0vPPIRWowUqxxF+ryQU9YB5xVUTsVRZJUq5j1jjAT9yD292T9ZzAJajEERlaXTA
+H+SrVVnmI4Gl5tvgHXY980xCcKlASjJ9tfI4VJFpW5u49k2HOTcCbsrbhpXlD8m+
+pntdYP+hSch3EO/pehLEIGj8+26e2B8q122T4oFnN9I+bkYYXPZKgdbDeSTT/Lty
+WsOyWyJQdg5vnskT8ACsQJBwFF8t+DjUXC+T5y8qrwZbBuvx/PfGEK3adeLMzflT
+MOy+f+DC
+=RL/z
+-----END PGP SIGNATURE-----

strongswan.changes

@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Sat Apr 30 08:21:29 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 5.9.6
+  * Support for labeled IPsec with IKEv2
+    (draft-ietf-ipsecme-labeled-ipsec) has been added. Two modes
+    are currently supported.
+  * The secrets used for generating COOKIE payloads are now
+    switched based on a time limit (2 minutes) and not the
+    previous usage limit (10'000 generated cookies).
+  * Actively initiating duplicate CHILD_SAs within the same
+    IKE_SA is now largely prevented.
+  * If the source address is unknown when initiating an IKEv2 SA,
+    a NAT situation is now forced for IPv4 (for IPv6, NAT-T is
+    disabled) to avoid causing asymmetric enabling of
+    UDP-encapsulation.
+  * The main two steps of the IKEv2 key derivation (PRF/prf+)
+    have been modularized. In particular, prf+ is now provided by
+    a plugin.
+- Drop prf-plus-modularization.patch
+
 -------------------------------------------------------------------
 Wed Mar 16 12:57:46 UTC 2022 - Marcus Meissner <meissner@suse.com>
 

strongswan.spec

@@ -17,7 +17,7 @@
 
 
 Name:           strongswan
-Version:        5.9.5
+Version:        5.9.6
 Release:        0
 %define         upstream_version     %{version}
 %define         strongswan_docdir    %{_docdir}/%{name}
@@ -81,8 +81,6 @@ Patch3:         %{name}_fipscheck.patch
 %endif
 Patch5:         0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch
 Patch6:		harden_strongswan.service.patch
-Patch7:		prf-plus-modularization.patch
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  bison
 BuildRequires:  curl-devel
 BuildRequires:  flex
@@ -270,7 +268,6 @@ sed -e 's|@IPSEC_DIR@|%{_libexecdir}/ipsec|g' \
      > _fipscheck
 %endif
 %patch6 -p1
-%patch7 -p1
 
 %build
 CFLAGS="%{optflags} -W -Wall -Wno-pointer-sign -Wno-strict-aliasing -Wno-unused-parameter"
@@ -371,7 +368,7 @@ autoreconf --force --install
 	--enable-curl \
 	--enable-bypass-lan \
 	--disable-static
-make %{?_smp_mflags}
+%make_build
 
 %install
 install -d -m755              %{buildroot}/%{_sbindir}/
@@ -513,14 +510,12 @@ fi
 %endif
 
 %files
-%defattr(-,root,root)
 %dir %{strongswan_docdir}
 %{strongswan_docdir}/README.SUSE
 
 %if %{with fipscheck}
 
 %files hmac
-%defattr(-,root,root)
 %dir %{strongswan_configs}
 %dir %{strongswan_configs}/charon
 %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/zzz_fips-enforce.conf
@@ -537,7 +532,6 @@ fi
 %endif
 
 %files ipsec
-%defattr(-,root,root)
 %config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.conf
 %config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.secrets
 %config(noreplace) %attr(600,root,root) %{_sysconfdir}/swanctl/swanctl.conf
@@ -592,7 +586,6 @@ fi
 %{strongswan_plugins}/libstrongswan-updown.so
 
 %files doc
-%defattr(-,root,root)
 %dir %{strongswan_docdir}
 %{strongswan_docdir}/TODO
 %{strongswan_docdir}/NEWS
@@ -606,7 +599,6 @@ fi
 %{_mandir}/man8/swanctl.8.*
 
 %files libs0
-%defattr(-,root,root)
 %if %{with systemd}
 %{_tmpfilesdir}/%{name}.conf
 %endif
@@ -966,7 +958,6 @@ fi
 %if %{with nm}
 
 %files nm
-%defattr(-,root,root)
 %dir %{_libexecdir}/ipsec
 %dir %{strongswan_plugins}
 %{_libexecdir}/ipsec/charon-nm
@@ -976,7 +967,6 @@ fi
 %if %{with mysql}
 
 %files mysql
-%defattr(-,root,root)
 %dir %{strongswan_libdir}
 %dir %{strongswan_plugins}
 %{strongswan_plugins}/libstrongswan-mysql.so
@@ -997,7 +987,6 @@ fi
 %if %{with sqlite}
 
 %files sqlite
-%defattr(-,root,root)
 %dir %{strongswan_libdir}
 %dir %{strongswan_plugins}
 %{strongswan_plugins}/libstrongswan-sqlite.so
@@ -1017,7 +1006,6 @@ fi
 %if %{with tests}
 
 %files tests
-%defattr(-,root,root)
 %dir %{strongswan_configs}
 %dir %{strongswan_configs}/charon
 %{strongswan_configs}/charon/load-tester.conf