Accepting request 960587 from network:vpn

OBS-URL: https://build.opensuse.org/request/show/960587 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=82
2022-03-11 20:41:06 +00:00 · 2022-03-11 20:41:06 +00:00 · 7ab7c7ff71
commit 7ab7c7ff71
parent de536ef929 00a00a6acf
4 changed files with 15384 additions and 3 deletions
--- a/harden_strongswan.service.patch
+++ b/harden_strongswan.service.patch
@ -1,7 +1,7 @@
-Index: strongswan-5.9.3/init/systemd/strongswan.service.in
+Index: strongswan-5.9.5/init/systemd/strongswan.service.in
 ===================================================================
--- strongswan-5.9.3.orig/init/systemd/strongswan.service.in
-+++ strongswan-5.9.3/init/systemd/strongswan.service.in
+--- strongswan-5.9.5.orig/init/systemd/strongswan.service.in
+++ strongswan-5.9.5/init/systemd/strongswan.service.in
@@ -3,6 +3,17 @@ Description=strongSwan IPsec IKEv1/IKEv2
 After=network-online.target
 
--- a/prf-plus-modularization.patch
+++ b/prf-plus-modularization.patch
--- a/strongswan.changes
+++ b/strongswan.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Mar  3 14:49:26 UTC 2022 - Marcus Meissner <meissner@suse.com>
+
+- Added prf-plus-modularization.patch that outsources the IKE 
+  key derivation to openssl. (will be merged to 5.9.6)
+- package the kdf config, template and plugin
+
 -------------------------------------------------------------------
 Wed Jan 26 12:25:35 UTC 2022 - Jan Engelhardt <jengelh@inai.de>

--- a/strongswan.spec
+++ b/strongswan.spec
@ -81,6 +81,7 @@ Patch3:         %{name}_fipscheck.patch
 %endif
 Patch5:         0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch
 Patch6:		harden_strongswan.service.patch
+Patch7:		prf-plus-modularization.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  bison
 BuildRequires:  curl-devel
@ -269,6 +270,7 @@ sed -e 's|@IPSEC_DIR@|%{_libexecdir}/ipsec|g' \
     > _fipscheck
 %endif
 %patch6 -p1
+%patch7 -p1

 %build
 CFLAGS="%{optflags} -W -Wall -Wno-pointer-sign -Wno-strict-aliasing -Wno-unused-parameter"
@ -676,6 +678,7 @@ fi
 %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/gmp.conf
 %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/ha.conf
 %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/hmac.conf
+%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/kdf.conf
 %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/kernel-netlink.conf
 %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/ldap.conf
 %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/led.conf
@ -792,6 +795,7 @@ fi
 %{strongswan_plugins}/libstrongswan-gmp.so
 %{strongswan_plugins}/libstrongswan-ha.so
 %{strongswan_plugins}/libstrongswan-hmac.so
+%{strongswan_plugins}/libstrongswan-kdf.so
 %{strongswan_plugins}/libstrongswan-kernel-netlink.so
 %{strongswan_plugins}/libstrongswan-ldap.so
 %{strongswan_plugins}/libstrongswan-led.so
@ -896,6 +900,7 @@ fi
 %{strongswan_templates}/config/plugins/gmp.conf
 %{strongswan_templates}/config/plugins/ha.conf
 %{strongswan_templates}/config/plugins/hmac.conf
+%{strongswan_templates}/config/plugins/kdf.conf
 %{strongswan_templates}/config/plugins/kernel-netlink.conf
 %{strongswan_templates}/config/plugins/ldap.conf
 %{strongswan_templates}/config/plugins/led.conf
@ -957,6 +962,7 @@ fi
 %{strongswan_templates}/database/imv/data.sql
 %{strongswan_templates}/database/imv/tables.sql

+
 %if %{with nm}

 %files nm