diff --git a/strongswan-5.0.1.tar.bz2 b/strongswan-5.0.1.tar.bz2 deleted file mode 100644 index 9447157..0000000 --- a/strongswan-5.0.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1a4dff19ef69d15e0b90b1ea80bd183235ac73b4ecd114aab58ed54de0f5c3b4 -size 3146776 diff --git a/strongswan-5.0.1.tar.bz2.sig b/strongswan-5.0.1.tar.bz2.sig deleted file mode 100644 index b3c676b..0000000 --- a/strongswan-5.0.1.tar.bz2.sig +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (GNU/Linux) - -iQGcBAABAgAGBQJQa9S/AAoJEN9CwXCzTbp30d0L/3Uj1RYm8+25k+RLIWvU1q/L -z5+mLjNAZpxoV7t1lUuMAA2STvZFisMtoNkw2EhsdanRsEV+WYpL101EPPMja077 -BT86DVKk/IDtoGLKpQK41mV5h0bWzrUBXodw2ggoG1bOLhdfuV6z7hAn3GI+AgxM -Eus0TUWNT6VRZzYgTAcofmUyKM4Hruh5+82OSJtj8eeCqe333fdV/k6mumxYhoLB -b1Yp8NVuMmjbfp0T/kyMAlRMnOb1DGjun9sBNaPK+t6+wcToLDeijl+D83l67ZIl -Et0fehugK5dbkGtUbZHOJFWiSGyVP3eDVOjxMBp6ejBAwi0GwqNWXsE0GnHJr9TL -Q3TrM8Kt0vJ6mhlWU9KFGoRwpiyR+3pBc8smZkJvIs3kKIL5ItTVPsJcWJKu2iEd -L6+X15ZScalcrMJOGRYjgKh7cchIgVaudJOnPLtXjfyMuq+07Zz1ZhybUIu+i5Zo -q8AVLAoM6MkUXWKkJR51CH08+w32DaDp5p7yRyxCRA== -=100T ------END PGP SIGNATURE----- diff --git a/strongswan-5.0.1-rpmlintrc b/strongswan-5.0.4-rpmlintrc similarity index 100% rename from strongswan-5.0.1-rpmlintrc rename to strongswan-5.0.4-rpmlintrc diff --git a/strongswan-5.0.4.tar.bz2 b/strongswan-5.0.4.tar.bz2 new file mode 100644 index 0000000..f263636 --- /dev/null +++ b/strongswan-5.0.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3ec66d64046f652ab7556b3be8f9be8981fd32ef4a11e3e461a04d658928bfe2 +size 3412930 diff --git a/strongswan-5.0.4.tar.bz2.sig b/strongswan-5.0.4.tar.bz2.sig new file mode 100644 index 0000000..8124d41 --- /dev/null +++ b/strongswan-5.0.4.tar.bz2.sig @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.11 (GNU/Linux) + +iQGcBAABAgAGBQJRflW/AAoJEN9CwXCzTbp3q+oL/jtA73UxuENW3JuA2vgXsHeU +jpWXDfM1GLEIKgy41D2+ajqx7l1amxM4ZOqtQZhFTMXs4EwWDIxpUl8RiARkwJy6 +ueciwMnsmAbC3tmPa85JwnbgrXrMZX5IfUYRx8+3DdeIuh8gxDOu2nvYGqSdIbh2 +8jN4x21wUQ+9mLz04VmuMKAmImoAitv8z89NVg6ZNiBEiYUfFdrkCepS7IGAY1ie +pmmYM4svK7LLuXIlQKMyq7mXccjFD0sjM3SS6cIZlxIcOlXuKMa7xmVlkfktz816 +qz8XVOtD2zRiJuxjB92W9BW5Xr/+p5kXx995GjGitxv8g3CTTlPeg4GUciH6TGSW +46lQ36XHKQX/NccgymWYMkXmZbMbacyglz3ShR0OO/aM1/cVlQ9qiHccZDh7gt9+ +fnfTAZn0RAfbe1zYKNn1h2BoY+LxscjnaX27oWxqI7KbrfrusZiyZic5twSeADcM +khfIOGVyOCjwTThAuGpu6p09NqoYNm6Y/9Aj+R5NiA== +=gI6I +-----END PGP SIGNATURE----- diff --git a/strongswan.changes b/strongswan.changes index 3e47414..1ac203d 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,28 @@ +------------------------------------------------------------------- +Tue Apr 30 12:48:44 UTC 2013 - mt@suse.de + +- Updated to strongSwan 5.0.4 release (bnc#815236, CVE-2013-2944): + - Fixed a security vulnerability in the openssl plugin which was + reported by Kevin Wojtysiak. The vulnerability has been registered + as CVE-2013-2944. Before the fix, if the openssl plugin's ECDSA + signature verification was used, due to a misinterpretation of the + error code returned by the OpenSSL ECDSA_verify() function, an empty + or zeroed signature was accepted as a legitimate one. Refer to our + blog for details. + - The handling of a couple of other non-security relevant OpenSSL + return codes was fixed as well. + - The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses + via its TCG TNC IF-MAP 2.1 interface. + - The charon.initiator_only strongswan.conf option causes charon to + ignore IKE initiation requests. + - The openssl plugin can now use the openssl-fips library. + The version 5.0.3 provides new ipseckey plugin, enabling authentication + based on trustworthy public keys stored as IPSECKEY resource records in + the DNS and protected by DNSSEC and new openssl plugin using the AES-NI + accelerated version of AES-GCM if the hardware supports it. + See http://wiki.strongswan.org/projects/strongswan/wiki/Changelog50 + for a list of all changes since the 5.0.1 release. + ------------------------------------------------------------------- Thu Nov 29 19:13:40 CET 2012 - sbrabec@suse.cz diff --git a/strongswan.spec b/strongswan.spec index 713f4f2..65ea6d9 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -1,7 +1,7 @@ # # spec file for package strongswan # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: strongswan -Version: 5.0.1 +Version: 5.0.4 Release: 0 %define upstream_version %{version} %define strongswan_docdir %{_docdir}/%{name} @@ -28,12 +28,12 @@ Release: 0 %else %bcond_with tests %endif -%if 1 +%if 0%{suse_version} > 1110 %bcond_without mysql %else %bcond_with mysql %endif -%if 0%{suse_version} >= 1110 +%if 0%{suse_version} > 1110 %bcond_without sqlite %bcond_without gcrypt %bcond_without nm @@ -319,6 +319,8 @@ export RPM_OPT_FLAGS CFLAGS %endif %if %{with nm} --enable-nm \ +%else + --disable-nm \ %endif %if %{with tests} --enable-load-tester \ @@ -351,7 +353,7 @@ cat << EOT > ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets # EOT # -rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{charon,hydra,strongswan}.so +rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{charon,hydra,strongswan,pttls}.so rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{radius,simaka,tls,tnccs,imcv}.so find $RPM_BUILD_ROOT%{strongswan_libdir} \ -name "*.a" -o -name "*.la" | xargs -r rm -f @@ -464,6 +466,7 @@ fi %{strongswan_libdir}/libchecksum.so %{strongswan_libdir}/libcharon.so.* %{strongswan_libdir}/libhydra.so.* +%{strongswan_libdir}/libpttls.so.* %{strongswan_libdir}/libradius.so.* %{strongswan_libdir}/libsimaka.so.* %{strongswan_libdir}/libstrongswan.so.* @@ -532,6 +535,7 @@ fi %{strongswan_plugins}/libstrongswan-pgp.so %{strongswan_plugins}/libstrongswan-pkcs1.so %{strongswan_plugins}/libstrongswan-pkcs11.so +%{strongswan_plugins}/libstrongswan-pkcs7.so %{strongswan_plugins}/libstrongswan-pkcs8.so %{strongswan_plugins}/libstrongswan-pubkey.so %{strongswan_plugins}/libstrongswan-radattr.so