Accepting request 800175 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/800175 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=74
This commit is contained in:
commit
b280c57b1d
@ -1,12 +0,0 @@
|
||||
diff -Naur strongswan-5.8.2.orig/src/swanctl/swanctl.h strongswan-5.8.2/src/swanctl/swanctl.h
|
||||
--- strongswan-5.8.2.orig/src/swanctl/swanctl.h 2018-12-14 16:48:24.000000000 +0100
|
||||
+++ strongswan-5.8.2/src/swanctl/swanctl.h 2020-03-26 07:54:21.876224209 +0100
|
||||
@@ -30,7 +30,7 @@
|
||||
/**
|
||||
* Base directory for credentials and config
|
||||
*/
|
||||
-char *swanctl_dir;
|
||||
+extern char *swanctl_dir;
|
||||
|
||||
/**
|
||||
* Configuration file for connections, etc.
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:86900ddbe7337c923dadf2c8339ae8ed2b9158e3691745884d08ae534677430e
|
||||
size 4533402
|
@ -1,14 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1
|
||||
|
||||
iQGcBAABAgAGBQJd+MscAAoJEN9CwXCzTbp3f6ML/0y5DGj7CytdIWcT7ODbZ5Dt
|
||||
S8MS2BHxUJ4cgzB8InCK4wNQFpyzRhR2goPly1B8RVNSVSfdyvqfSC/A++esZe3m
|
||||
wwjsjzjWYVaNnkj1lrl/8azOiDkD/uA/NaaUcASp6hoJIJQALYW5HfPjL/S/hC+v
|
||||
iVio5Fy9c/9HGJEeeZxqRMp/gTNjvh05hbP9ukLADk6klphwaNFg5o0YNgf1NJFE
|
||||
CBo/rGJNVfvEUUlJMLiBlFCBaPMOIjoIXODpjootRioDpnF6IonfcoIGiR6TuRQC
|
||||
zR3u3Zhgpe4tJfkKCpCCSPGwMCcwreMAUwzRf/U/HDUSPZX+c4sBOIl8eedwVA77
|
||||
DjNlktwmPta8x4YOh6NB3ghAwwztEkPvvaAIcwH0gh1DkjIicFr2VkoXIS5jqaVN
|
||||
bK2YvTQ7StZa35VaEYnlu5JzIchPlqhXND6sWLWJolnwrNWskZyojVYioyIv3KJJ
|
||||
tXphbN0HHCfLPs5vX8/X97IAa06tsnEOZEZg5Sk3Jw==
|
||||
=VHUc
|
||||
-----END PGP SIGNATURE-----
|
3
strongswan-5.8.4.tar.bz2
Normal file
3
strongswan-5.8.4.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:2d9a57e33813b62d58cba07531c4d5a35c6b823dfe9b8ff7c623b6571f02553c
|
||||
size 4546240
|
14
strongswan-5.8.4.tar.bz2.sig
Normal file
14
strongswan-5.8.4.tar.bz2.sig
Normal file
@ -0,0 +1,14 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1
|
||||
|
||||
iQGcBAABAgAGBQJegIHmAAoJEN9CwXCzTbp3onEL/iwMScWYL6KgjQCJp2acqFZf
|
||||
R+aVc18W/Pb4z6Qc8YghcVPlXG1L9cyfHTCHV3jNPXAX3qB+EMSG+DVfY7INdOfg
|
||||
3It6rVLwMLMYiPmmsMUoZpOfM4Fpw5rM6fjWPI3KogUpjF814TN1JJNIXC0e5jA0
|
||||
AxzLczzhhNbG+YnSdSDd/XhjG816QDYAv1WdoFvgP65QSVBKmQPzZz+ons6Ivjl5
|
||||
Il3Tly5IJnOeDfe/K0bsnNBXomjIWnQDtlwG4wfAFJV6YwTtJEvwMErQg9W9iVHY
|
||||
tndOdn/C8CfPXVnaBAbnkX3Vk9MWhLP+pFMF56Xojga8gPkqTD15zLubVlx8Gzal
|
||||
dW3s7qi0bmca10JwzOpuDePhzziemcqpsexdlhOuffaz+GZ2wHfupeixVXuFoV+F
|
||||
b3/htxfibnU8IqQl0YCdYh4vwKYwr6cz07TphmQBhrsLy8SjVr/EngPreDVDCgJ4
|
||||
tip0FJvV6yU7RTyNHqJOvKfwz9AEbo1ZRsfEEi6Qxw==
|
||||
=Xj8F
|
||||
-----END PGP SIGNATURE-----
|
@ -1,3 +1,65 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri May 1 09:39:42 UTC 2020 - Bjørn Lie <bjorn.lie@gmail.com>
|
||||
|
||||
- Update to version 5.8.4:
|
||||
* In IKEv1 Quick Mode make sure that a proposal exists before
|
||||
determining lifetimes (fixes a crash due to a null-pointer
|
||||
dereference in 5.8.3).
|
||||
* OpenSSL currently doesn't support squeezing bytes out of a
|
||||
SHAKE128/256 XOF (support was added with 5.8.3) multiple times.
|
||||
Unfortunately, EVP_DigestFinalXOF() completely resets the
|
||||
context and later calls not simply fail, they cause a
|
||||
null-pointer dereference in libcrypto. c5c1898d73 fixes the
|
||||
crash at the cost of repeating initializing the whole state and
|
||||
allocating too much data for subsequent calls (hopefully, once
|
||||
the OpenSSL issue 7894 is resolved we can implement this more
|
||||
efficiently).
|
||||
* On 32-bit platforms, reading arbitrary 32-bit integers from
|
||||
config files (e.g. for charon.spi_min/max) has been fixed.
|
||||
* charon-nm now allows using fixed source ports.
|
||||
- Changes from version 5.8.3:
|
||||
* Updates for the NM plugin (and backend, which has to be updated
|
||||
to be compatible):
|
||||
+ EAP-TLS authentication (#2097)
|
||||
+ Certificate source (file, agent, smartcard) is selectable
|
||||
independently
|
||||
+ Add support to configure local and remote identities (#2581)
|
||||
+ Support configuring a custom server port (#625)
|
||||
+ Show hint regarding password storage policy
|
||||
+ Replaced the term "gateway" with "server"
|
||||
+ Fixes build issues due to use of deprecated GLib
|
||||
macros/functions
|
||||
+ Updated Glade file to GTK 3.2
|
||||
* The NM backend now supports reauthentication and redirection.
|
||||
* Previously used reqids are now reallocated, which works around
|
||||
an issue on FreeBSD where the kernel doesn't allow the daemon
|
||||
to use reqids > 16383 (#2315).
|
||||
* On Linux, throw type routes are installed in table 220 for
|
||||
passthrough policies. The kernel will then fall back on routes
|
||||
in routing tables with lower priorities for matching traffic.
|
||||
This way, they require less information (e.g. no interface or
|
||||
source IP) and can be installed earlier and are not affected by
|
||||
updates.
|
||||
* For IKEv1, the lifetimes of the actually selected transform are
|
||||
returned to the initiator, which is an issue if the peer uses
|
||||
different lifetimes for different transforms (#3329). We now
|
||||
also return the correct transform and proposal IDs (proposal ID
|
||||
was always 0, transform ID 1). IKE_SAs are now not
|
||||
re-established anymore (e.g. after several retransmits) if a
|
||||
deletion has been queued (#3335).
|
||||
* Added support for Ed448 keys and certificates via openssl
|
||||
plugin and pki tool.
|
||||
* Added support for SHA-3 and SHAKE128/256 in the openssl plugin.
|
||||
* The use of algorithm IDs from the private use range can now be
|
||||
enabled globally, to use them even if no strongSwan vendor ID
|
||||
was exchanged (05e373aeb0).
|
||||
* Fixed a compiler issue that may have caused invalid keyUsage
|
||||
extensions in certificates (#3249).
|
||||
* A lot of spelling fixes.
|
||||
* Fixed several reported issues.
|
||||
- Drop 0006-Resolve-multiple-definition-of-swanctl_dir.patch: Fixed
|
||||
upstream.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 31 16:42:23 UTC 2020 - Madhu Mohan Nelemane <mmnelemane@suse.com>
|
||||
|
||||
|
@ -17,7 +17,7 @@
|
||||
|
||||
|
||||
Name: strongswan
|
||||
Version: 5.8.2
|
||||
Version: 5.8.4
|
||||
Release: 0
|
||||
%define upstream_version %{version}
|
||||
%define strongswan_docdir %{_docdir}/%{name}
|
||||
@ -80,7 +80,6 @@ Patch2: %{name}_ipsec_service.patch
|
||||
Patch3: %{name}_fipscheck.patch
|
||||
%endif
|
||||
Patch5: 0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch
|
||||
Patch6: 0006-Resolve-multiple-definition-of-swanctl_dir.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildRequires: bison
|
||||
BuildRequires: curl-devel
|
||||
@ -257,7 +256,6 @@ and the load testing plugin for IKEv2 daemon.
|
||||
%patch3 -p1
|
||||
%endif
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
sed -e 's|@libexecdir@|%_libexecdir|g' \
|
||||
< %{_sourcedir}/strongswan.init.in \
|
||||
> strongswan.init
|
||||
|
Loading…
Reference in New Issue
Block a user