Accepting request 74669 from network:vpn

update to current version

OBS-URL: https://build.opensuse.org/request/show/74669
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=31

_service

@@ -0,0 +1,3 @@
+<services>
+  <service name="download_url"><param name="path">/strongswan-4.5.2.tar.bz2.sig</param><param name="host">download.strongswan.org</param></service>
+<service name="download_url"><param name="path">/strongswan-4.5.2.tar.bz2</param><param name="host">download.strongswan.org</param></service></services>

_service:download_url:strongswan-4.5.2.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f13b5db946393dacc8590db7397b3ddd56eb37619f93a482a9c6cf9d556e105a
+size 3271219

_service:download_url:strongswan-4.5.2.tar.bz2.sig

@@ -0,0 +1,14 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iQGcBAABAgAGBQJNzvEVAAoJEN9CwXCzTbp3iKMMAJ2jhS0kbzGn/E3osePgMJHH
+lVbhKag6rnIQfNS9lelBrdJLI/3xV6b88geqvcCgcK2X545X4PUcQtZm08N75qLH
+Vjku1qKcKjrPa65glD0nkRYg4MS9dN+obYiPl+S6HhrDO05pvddhSx2a7YA97F8W
+7CAbZdULLIIgVlC2plv+W3y1tLQNQEP4rS7FrzMVuTeZCw3W0XawQMvIOwckLEfE
+AHMGXrFjevvipOr9pOD5uzi9kJFQGsw2kl7+W2o9mZUlkFGlgVFemH/T5WUaz/BJ
+ha1HLdsgIOOJQlLV+bj7bFTbNkkVEdY4hr4c+9JHWr6vRhe/7zrRCP5PIidnqpQ2
+e5O/26qzz1IyRRA4v/KO5b35BTp5dJjPeeOknLz+vBptMiU7uXpUtT0NmsojSw0f
+SOli9Kl9RSLL+7E6y8k6qU8uWxfTIRsVWsmBZQkdByY4Ua1UtMv67YdRlaxgwe/M
+xpu2k+aSGZVcUBrvOf3GFT9I6pL+orac4+gYBGIJJw==
+=LG31
+-----END PGP SIGNATURE-----

strongswan-4.5.0-rpmlintrc

@@ -1,5 +0,0 @@
-### Known warnings:
-# - traditional name
-addFilter("strongswan.* incoherent-init-script-name ipsec")
-# - readme only, triggers full ipsec + ikev1&ikev2 install
-addFilter("strongswan.* no-binary")

strongswan-4.5.0.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:108b0fbbf119011b24eb6ccabc3d9f8888f4036382dd3aad011dec04100ad559
-size 3154064

strongswan-4.5.0.tar.bz2.sig

@@ -1,14 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.10 (GNU/Linux)
-
-iQGcBAABAgAGBQJMykZ7AAoJEN9CwXCzTbp36BYL/A9q4F2n7EHvVW7HTmG6ogMw
-are1n1ZYRdqUmrdk2woCqJPfkzihHMa1nc7u6hgucRDi7wJfJBXoAT0Rvd9AN8qw
-bKuaajKRvXFA14qtORvkX4z+Se+/nqL3+ZlvlnPS6rgpdBD+kZY+sFNdSAhJxShJ
-zbJ4U+jnO74pyzp8I9hp1HccPKJjt/ljlCB7izPqJ1bQAbrNTQr90JHPNz9BSQkq
-BIF5T+nsRWE1p2tWzz6IAjvbC3ghc2lmVy5FGKjItMXWxsyCYuira4MlbGp2ObKE
-1aa9QbNYxJ0aD0vsX+r8usXvpdq5QLQotp1bLG2m2XYWdzC4yBwRHj2pS8JHIENP
-y9o4za9finsG1Ahb661+2Pw7xO/R2blLDDQyhxH5e6AO7p4Pz050yiicCxVKEwG0
-mJM6c5TbAerBCH2ovgwNeGV3hsOt9ng7e63SMIBkYtN41uQV8hqUjZbtYcvpsER2
-bB/Jdp14aR1F9jMgEmt/I6tNHizJWvB5FFGLqH2cTQ==
-=o5iz
------END PGP SIGNATURE-----

strongswan.changes

@@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Sun May 29 16:37:00 UTC 2011 - jcnengel@googlemail.com
+
+- Updated to strongSwan 4.5.2 release, changes overview since 4.5.1:
+  * The whitelist plugin for the IKEv2 daemon maintains an in-memory identity
+    whitelist. Any connection attempt of peers not whitelisted will get rejected.
+    The 'ipsec whitelist' utility provides a simple command line frontend for
+    whitelist administration.
+  * The duplicheck plugin provides a specialized form of duplicate checking,
+    doing a liveness check on the old SA and optionally notify a third party
+    application about detected duplicates.
+  * The coupling plugin permanently couples two or more devices by limiting
+    authentication to previously used certificates.
+  * In the case that the peer config and child config don't have the same name
+    (usually in SQL database defined connections), ipsec up|route <peer config>
+    starts|routes all associated child configs and ipsec up|route <child config>
+    only starts|routes the specific child config.
+  * fixed the encoding and parsing of X.509 certificate policy statements (CPS).
+  * Duncan Salerno contributed the eap-sim-pcsc plugin implementing a
+    pcsc-lite based SIM card backend.
+  * The eap-peap plugin implements the EAP PEAP protocol. Interoperates
+    successfully with a FreeRADIUS server and Windows 7 Agile VPN clients.
+  * The IKEv2 daemon charon rereads strongswan.conf on SIGHUP and instructs
+    all plugins to reload. Currently only the eap-radius and the attr plugins
+    support configuration reloading.
+  * Added userland support to the IKEv2 daemon for Extended Sequence Numbers
+    support coming with Linux 2.6.39. To enable ESN on a connection, add
+    the 'esn' keyword to the proposal. The default proposal uses 32-bit sequence
+    numbers only ('noesn'), and the same value is used if no ESN mode is
+    specified. To negotiate ESN support with the peer, include both, e.g.
+    esp=aes128-sha1-esn-noesn.
+  * In addition to ESN, Linux 2.6.39 gained support for replay windows larger
+    than 32 packets. The new global strongswan.conf option 'charon.replay_window'
+    configures the size of the replay window, in packets.
+
+-------------------------------------------------------------------
+Mon Mar 14 10:59:32 UTC 2011 - mt@suse.de
+
+- Updated to strongSwan 4.5.1 release, changes overview since 4.5.0:
+  * Implements RFC 5793 Posture Broker Protocol (BP)
+  * Re-implemented TNCCS 1.1 protocol
+  * Allows to store IKE and ESP proposals in an SQL database
+  * Allows to store CRL and OCSP cert points in an SQL database
+  * New 'include' statement in strongswan.conf allows recursions
+  * Modifications of strongswan.conf parser, cause syntax attr plugin
+    syntax changes.
+  * ipsec listalgs now appends the plugin registering an algo
+  * Adds support for Traffic Flow Confidentiality with Linux 2.6.38
+  * New af-alg plugin allows to use new primitives in 2.6.38 crypto api
+    and removes the need for additional userland implementations.
+  * IKEv2 daemon supports the INITIAL_CONTACT notify
+  * conftest conformance testing framework
+  * new constraints plugin provides advanced X.509 constraint checking
+  * left/rightauth ipsec.conf keywords accept minimum strengths
+  * basic support for delta CRLs
+  See the NEWS file or http://download.strongswan.org/CHANGES4.txt
+  for a detailed description of the changes.
+
 -------------------------------------------------------------------
 Mon Nov 22 09:05:30 UTC 2010 - mt@suse.de
 

strongswan.spec

@@ -1,5 +1,5 @@
 #
-# spec file for package strongswan (Version 4.5.0)
+# spec file for package strongswan (Version 4.5.2)
 #
 # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -19,7 +19,7 @@
 
 
 Name:           strongswan
-%define         upstream_version 4.5.0
+%define         upstream_version 4.5.2
 %define         strongswan_docdir  %{_docdir}/%{name}
 %define         strongswan_plugins %{_libexecdir}/ipsec/plugins
 %define		with_mysql	1
@@ -27,8 +27,8 @@ Name:           strongswan
 %define		with_gcrypt	0%{suse_version} >= 1110
 %define		with_nm		0%{suse_version} >= 1110
 %define		with_tests	0
-Version:        4.5.0
-Release:        2
+Version:        4.5.2
+Release:        0
 License:        GPLv2+
 Group:          Productivity/Networking/Security
 Summary:        OpenSource IPsec-based VPN Solution
@@ -419,14 +419,11 @@ fi
 %{_mandir}/man3/anyaddr.3*
 %{_mandir}/man3/atoaddr.3*
 %{_mandir}/man3/atoasr.3*
-%{_mandir}/man3/atosa.3*
 %{_mandir}/man3/atoul.3*
 %{_mandir}/man3/goodmask.3*
 %{_mandir}/man3/initaddr.3*
 %{_mandir}/man3/initsubnet.3*
-%{_mandir}/man3/keyblobtoid.3*
 %{_mandir}/man3/portof.3*
-%{_mandir}/man3/prng.3*
 %{_mandir}/man3/rangetosubnet.3*
 %{_mandir}/man3/sameaddr.3*
 %{_mandir}/man3/subnetof.3*
@@ -434,13 +431,11 @@ fi
 %{_mandir}/man3/ttodata.3*
 %{_mandir}/man3/ttosa.3*
 %{_mandir}/man3/ttoul.3*
-%{_mandir}/man8/_copyright.8*
 %{_mandir}/man8/_updown.8*
 %{_mandir}/man8/_updown_espmark.8*
 %{_mandir}/man8/openac.8*
 %{_mandir}/man8/pluto.8*
 %{_mandir}/man8/scepclient.8*
-%{_mandir}/man8/starter.8*
 
 %files libs0
 %defattr(-,root,root)
@@ -461,6 +456,7 @@ fi
 %{strongswan_plugins}/libstrongswan-attr.so
 %{strongswan_plugins}/libstrongswan-attr-sql.so
 %{strongswan_plugins}/libstrongswan-blowfish.so
+%{strongswan_plugins}/libstrongswan-constraints.so
 %{strongswan_plugins}/libstrongswan-curl.so
 %{strongswan_plugins}/libstrongswan-des.so
 %{strongswan_plugins}/libstrongswan-dhcp.so