From b632de741ce077c8837c8af53b5c1f8f540d6ab641a8d4332afac81a16a79a1d Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 3 Oct 2022 23:19:08 +0000 Subject: [PATCH] - Update to release 5.9.8 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=138 --- strongswan-5.9.7.tar.bz2 | 3 --- strongswan-5.9.7.tar.bz2.sig | 14 -------------- strongswan-5.9.8.tar.bz2 | 3 +++ strongswan-5.9.8.tar.bz2.sig | 14 ++++++++++++++ strongswan.changes | 22 ++++++++++++++++++++++ strongswan.spec | 7 +------ 6 files changed, 40 insertions(+), 23 deletions(-) delete mode 100644 strongswan-5.9.7.tar.bz2 delete mode 100644 strongswan-5.9.7.tar.bz2.sig create mode 100644 strongswan-5.9.8.tar.bz2 create mode 100644 strongswan-5.9.8.tar.bz2.sig diff --git a/strongswan-5.9.7.tar.bz2 b/strongswan-5.9.7.tar.bz2 deleted file mode 100644 index bce365d..0000000 --- a/strongswan-5.9.7.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9e64a2ba62efeac81abff1d962522404ebc6ed6c0d352a23ab7c0b2c639e3fcf -size 4741967 diff --git a/strongswan-5.9.7.tar.bz2.sig b/strongswan-5.9.7.tar.bz2.sig deleted file mode 100644 index 672f6b3..0000000 --- a/strongswan-5.9.7.tar.bz2.sig +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmLja84ACgkQ30LBcLNN -unet6wv+JbEKKBG/6kOoQnM0FZORuYS2xIXRfbLZLJjpK3Y5LPwyb4+3yZZXoLYq -ojNDKjSwX4cHq1znUiDNeJ9yYSbHWxw/0+fZwQqCkrs0uZSN3HOc/ndjnRnhBoxB -elfSCqe6C+8rNxArFdAOB2nmMg7wiDRhueOKYRSZ5B6X5Nu3RxSOi5up6RR1UDmS -z0s4+6xjq4oAoJ+GPIM+AC4UjCZR2/rSRGGeafHzp35vWTrZlY/NwkqV6XRhlKv3 -Vtix2mUBP3vcud+TqWQJPVs+yqbWtGtWQ7PHYDu82tORCPRQjhQ4tPZmMOS6d67I -51mVNjSndRLyo8Bjdox4hbtLZTCdiFNDRM1MS9qTXvb0a/SUaWB7hE0s5QqeL0gA -2WPcRNcEQHmtXGA9J6q9X5ooQqhT/21m/5ez5XwvYSm/deyFD6Ah06RT/vr2rG6s -9+pbgYU84P8nLnxPtuZ9rsZmDa/7r1E2/P/6PDMqUnN+9CgU/MduJxcoGAHgLexo -gXQz5vQn -=D1Iy ------END PGP SIGNATURE----- diff --git a/strongswan-5.9.8.tar.bz2 b/strongswan-5.9.8.tar.bz2 new file mode 100644 index 0000000..5395543 --- /dev/null +++ b/strongswan-5.9.8.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d3303a43c0bd7b75a12b64855e8edcb53696f06190364f26d1533bde1f2e453c +size 4747096 diff --git a/strongswan-5.9.8.tar.bz2.sig b/strongswan-5.9.8.tar.bz2.sig new file mode 100644 index 0000000..e4e14e1 --- /dev/null +++ b/strongswan-5.9.8.tar.bz2.sig @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- + +iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmM67/cACgkQ30LBcLNN +undvMgwAoxjGn0i3o0JqNTBqSBgrHEAMNBLf9ps0UlPa/nmeO77jW/9NU1JCJl+K +1FLzaYt3m+rZld583fjtf4kTGzl3J0q8PNdiL4W4WdCsd1c6Gmmm7uokEDGbb4+e +fUlOeVDUrFcx/MZ88tHkdvDQK5TSSodqXpUbRGTOGujvfsXoqJPoMg1sPGEMXpPx +afGH6y97DQN5or8h8jI0YFwOruxiZWMNOrJK0KtygAyBiECAbxs8z8afQoMhK7aE +sGdCOc44FBK+6Kph1hX1Y6le8aazJRFrdmzUiEwcsrJ0+NG3Y3XfWRpVTBq+Q1LP +sUywQyqO3iG4lotH3yolhvZZLuJqjKYvn6A1nSa1kZMp7TDeK3gNmFwXRK2nT8rJ +VEDPsyghx46CSF+6gpfs2+mX8EVuqOTphw0ZtjqyfV7/wi4Zmj5+p2TO6cWen40c +5mkENnKQRcPXLszdesc4eksWsijIZGojcQelcYJGAZnLvyfLlo/eijrxnf950jsK +UORUFHmQ +=vOnt +-----END PGP SIGNATURE----- diff --git a/strongswan.changes b/strongswan.changes index 48585e6..e917a85 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Mon Oct 3 20:36:03 UTC 2022 - Jan Engelhardt + +- Update to release 5.9.8 + * Fixed a vulnerability related to online certificate + revocation checking that was caused because the revocation + plugin used potentially untrusted OCSP URIs and CRL + distribution points in certificates. + * The `pki --scep/--scepca` commands implement the HTTP-based + "Simple Certificate Enrollment Protocol" (RFC 8894 SCEP) + replacing the old and long deprecated scepclient that has + been removed. + * The `pki --est|estca` commands implement the HTTPS-based + "Enrollment over Secure Transport" (RFC 7070 EST) protocol. + * The TLS client implementation now sends an empty certificate + payload if a certificate request is received but no + certificate is available. + * The socket plugins don't set the SO_REUSEADDR option anymore + on the IKE UDP sockets, so an error is triggered if e.g. two + daemons (e.g. charon and charon-systemd) are running + concurrently using the same ports. + ------------------------------------------------------------------- Sat Jul 30 06:48:29 UTC 2022 - Peter Conrad diff --git a/strongswan.spec b/strongswan.spec index 467b74d..caf5037 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -17,7 +17,7 @@ Name: strongswan -Version: 5.9.7 +Version: 5.9.8 Release: 0 %define upstream_version %{version} %define strongswan_docdir %{_docdir}/%{name} @@ -460,7 +460,6 @@ sed -i 's/\(load[ ]*=[ ]*\)yes/\1no/g' %{buildroot}/%{strongswan_configs}/charon %{buildroot}/%{_libexecdir}/ipsec/stroke \ %{buildroot}/%{_libexecdir}/ipsec/starter \ %{buildroot}/%{_libexecdir}/ipsec/pool \ - %{buildroot}/%{_libexecdir}/ipsec/scepclient \ %{buildroot}/%{_libexecdir}/ipsec/imv_policy_manager \ %{buildroot}/%{_libexecdir}/ipsec/_fipscheck \ %{buildroot}/%{_bindir}/pt-tls-client \ @@ -573,7 +572,6 @@ fi %{_libexecdir}/ipsec/xfrmi %{_libexecdir}/ipsec/duplicheck %{_libexecdir}/ipsec/pool -%{_libexecdir}/ipsec/scepclient %{_libexecdir}/ipsec/starter %{_libexecdir}/ipsec/stroke %{_libexecdir}/ipsec/charon @@ -593,7 +591,6 @@ fi %{strongswan_docdir}/LICENSE %{strongswan_docdir}/AUTHORS %{strongswan_docdir}/ChangeLog -%{_mandir}/man8/scepclient.8* %{_mandir}/man5/swanctl.conf.5.* %{_mandir}/man8/swanctl.8.* @@ -612,7 +609,6 @@ fi %config(noreplace) %attr(600,root,root) %{strongswan_configs}/imcv.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/pki.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/pool.conf -%config(noreplace) %attr(600,root,root) %{strongswan_configs}/scepclient.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/starter.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/tnc.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/swanctl.conf @@ -946,7 +942,6 @@ fi %{strongswan_templates}/config/strongswan.d/imcv.conf %{strongswan_templates}/config/strongswan.d/pki.conf %{strongswan_templates}/config/strongswan.d/pool.conf -%{strongswan_templates}/config/strongswan.d/scepclient.conf %{strongswan_templates}/config/strongswan.d/starter.conf %{strongswan_templates}/config/strongswan.d/tnc.conf %{strongswan_templates}/config/strongswan.d/swanctl.conf