diff --git a/_service b/_service
index 33e352a..ce88279 100644
--- a/_service
+++ b/_service
@@ -1,3 +1,3 @@
- /strongswan-4.5.2.tar.bz2.sigdownload.strongswan.org
-/strongswan-4.5.2.tar.bz2download.strongswan.org
\ No newline at end of file
+ /strongswan-4.5.3.tar.bz2.sigdownload.strongswan.org
+/strongswan-4.5.3.tar.bz2download.strongswan.org
diff --git a/_service:download_url:strongswan-4.5.2.tar.bz2 b/_service:download_url:strongswan-4.5.2.tar.bz2
deleted file mode 100644
index 8da6943..0000000
--- a/_service:download_url:strongswan-4.5.2.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f13b5db946393dacc8590db7397b3ddd56eb37619f93a482a9c6cf9d556e105a
-size 3271219
diff --git a/_service:download_url:strongswan-4.5.2.tar.bz2.sig b/_service:download_url:strongswan-4.5.2.tar.bz2.sig
deleted file mode 100644
index 6089e7f..0000000
--- a/_service:download_url:strongswan-4.5.2.tar.bz2.sig
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.11 (GNU/Linux)
-
-iQGcBAABAgAGBQJNzvEVAAoJEN9CwXCzTbp3iKMMAJ2jhS0kbzGn/E3osePgMJHH
-lVbhKag6rnIQfNS9lelBrdJLI/3xV6b88geqvcCgcK2X545X4PUcQtZm08N75qLH
-Vjku1qKcKjrPa65glD0nkRYg4MS9dN+obYiPl+S6HhrDO05pvddhSx2a7YA97F8W
-7CAbZdULLIIgVlC2plv+W3y1tLQNQEP4rS7FrzMVuTeZCw3W0XawQMvIOwckLEfE
-AHMGXrFjevvipOr9pOD5uzi9kJFQGsw2kl7+W2o9mZUlkFGlgVFemH/T5WUaz/BJ
-ha1HLdsgIOOJQlLV+bj7bFTbNkkVEdY4hr4c+9JHWr6vRhe/7zrRCP5PIidnqpQ2
-e5O/26qzz1IyRRA4v/KO5b35BTp5dJjPeeOknLz+vBptMiU7uXpUtT0NmsojSw0f
-SOli9Kl9RSLL+7E6y8k6qU8uWxfTIRsVWsmBZQkdByY4Ua1UtMv67YdRlaxgwe/M
-xpu2k+aSGZVcUBrvOf3GFT9I6pL+orac4+gYBGIJJw==
-=LG31
------END PGP SIGNATURE-----
diff --git a/strongswan-4.5.3-fmt-warnings.patch b/strongswan-4.5.3-fmt-warnings.patch
new file mode 100644
index 0000000..5d87e83
--- /dev/null
+++ b/strongswan-4.5.3-fmt-warnings.patch
@@ -0,0 +1,31 @@
+--- src/checksum/checksum_builder.c
++++ src/checksum/checksum_builder.c 2011/09/08 15:45:10
+@@ -64,9 +64,9 @@ static void build_checksum(char *path, c
+ fprintf(stderr, "dlopen failed: %s\n", dlerror());
+ }
+ }
+- printf("\t{\"%-20s%7u, 0x%08x, %6u, 0x%08x},\n",
++ printf("\t{\"%-20s%7zu, 0x%08x, %6zu, 0x%08x},\n",
+ name, fsize, fsum, ssize, ssum);
+- fprintf(stderr, "\"%-20s%7u / 0x%08x %6u / 0x%08x\n",
++ fprintf(stderr, "\"%-20s%7zu / 0x%08x %6zu / 0x%08x\n",
+ name, fsize, fsum, ssize, ssum);
+ }
+
+@@ -106,14 +106,14 @@ static void build_binary_checksum(char *
+ pos = strrchr(binary, '.');
+ if (pos && streq(pos, ".so"))
+ {
+- snprintf(name, sizeof(name), "%.*s\",", pos - binary, binary);
++ snprintf(name, sizeof(name), "%.*s\",", (int)(pos - binary), binary);
+ if (streq(name, "libstrongswan\","))
+ {
+ snprintf(sname, sizeof(sname), "%s", "library_init");
+ }
+ else
+ {
+- snprintf(sname, sizeof(sname), "%.*s_init", pos - binary, binary);
++ snprintf(sname, sizeof(sname), "%.*s_init", (int)(pos - binary), binary);
+ }
+ build_checksum(path, name, sname);
+ }
diff --git a/strongswan-4.5.2-rpmlintrc b/strongswan-4.5.3-rpmlintrc
similarity index 100%
rename from strongswan-4.5.2-rpmlintrc
rename to strongswan-4.5.3-rpmlintrc
diff --git a/strongswan.changes b/strongswan.changes
index cd0cec6..5a87988 100644
--- a/strongswan.changes
+++ b/strongswan.changes
@@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Thu Sep 8 16:06:46 UTC 2011 - mt@suse.com
+
+- Updated to strongSwan 4.5.2 release, changes overview since 4.5.2:
+ * Our private libraries (e.g. libstrongswan) are not installed directly in
+ prefix/lib anymore. Instead a subdirectory is used (prefix/lib/ipsec/ by
+ default). The plugins directory is also moved from libexec/ipsec/ to that
+ directory.
+ * The dynamic IMC/IMV libraries were moved from the plugins directory to
+ a new imcvs directory in the prefix/lib/ipsec/ subdirectory.
+ * Job priorities were introduced to prevent thread starvation caused by too
+ many threads handling blocking operations (such as CRL fetching).
+ * Two new strongswan.conf options allow to fine-tune performance on IKEv2
+ gateways by dropping IKE_SA_INIT requests on high load.
+ * IKEv2 charon daemon supports PASS and DROP shunt policies
+ preventing traffic to go through IPsec connections. Installation of the
+ shunt policies either via the XFRM netfilter or PFKEYv2 IPsec kernel
+ interfaces.
+ * The history of policies installed in the kernel is now tracked so that e.g.
+ trap policies are correctly updated when reauthenticated SAs are terminated.
+ * IMC/IMV Scanner pair implementing the RFC 5792 PA-TNC (IF-M) protocol.
+ Using "netstat -l" the IMC scans open listening ports on the TNC client
+ and sends a port list to the IMV which based on a port policy decides if
+ the client is admitted to the network.
+ * IMC/IMV Test pair implementing the RFC 5792 PA-TNC (IF-M) protocol.
+ * The IKEv2 close action does not use the same value as the ipsec.conf dpdaction
+ setting, but the value defined by its own closeaction keyword. The action
+ is triggered if the remote peer closes a CHILD_SA unexpectedly.
+- Fixed some fmt warnings in libchecksum, adopted paths in the spec file
+
-------------------------------------------------------------------
Sun May 29 16:37:00 UTC 2011 - jcnengel@googlemail.com
diff --git a/strongswan.spec b/strongswan.spec
index ac6987c..b637443 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -19,16 +19,17 @@
Name: strongswan
-%define upstream_version 4.5.2
+Version: 4.5.3
+Release: 0
+%define upstream_version %{version}
%define strongswan_docdir %{_docdir}/%{name}
-%define strongswan_plugins %{_libexecdir}/ipsec/plugins
+%define strongswan_libdir %{_libdir}/ipsec
+%define strongswan_plugins %{strongswan_libdir}/plugins
%define with_mysql 1
%define with_sqlite 0%{suse_version} >= 1110
%define with_gcrypt 0%{suse_version} >= 1110
%define with_nm 0%{suse_version} >= 1110
%define with_tests 0
-Version: 4.5.2
-Release: 1
License: GPLv2+
Group: Productivity/Networking/Security
Summary: OpenSource IPsec-based VPN Solution
@@ -43,6 +44,7 @@ Source2: %{name}.init.in
Source3: %{name}-%{version}-rpmlintrc
Source4: README.SUSE
Patch1: %{name}_modprobe_syslog.patch
+Patch2: %{name}-%{version}-fmt-warnings.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: bison flex gmp-devel gperf pkg-config
BuildRequires: libcap-devel
@@ -61,6 +63,7 @@ BuildRequires: libgcrypt-devel
%if %with_nm
BuildRequires: NetworkManager-devel
%endif
+BuildRequires: iptables libnl >= 1.1
%description
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
@@ -245,6 +248,7 @@ and the load testing plugin for IKEv2 daemon.
%prep
%setup -q -n %{name}-%{upstream_version}
%patch1 -p0
+%patch2 -p0
sed -e 's|@libexecdir@|%_libexecdir|g' \
< $RPM_SOURCE_DIR/strongswan.init.in \
> strongswan.init
@@ -325,8 +329,8 @@ cat << EOT > ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets
#
EOT
#
-rm -f $RPM_BUILD_ROOT%{_libdir}/lib*.{so,a,la}
-find $RPM_BUILD_ROOT%{_libexecdir}/ipsec \
+rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{charon,hydra,strongswan}.so
+find $RPM_BUILD_ROOT%{strongswan_libdir} \
-name "*.a" -o -name "*.la" | xargs -r rm -f
#
install -m755 -d ${RPM_BUILD_ROOT}%{strongswan_docdir}/
@@ -440,15 +444,16 @@ fi
%files libs0
%defattr(-,root,root)
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/strongswan.conf
-%{_libdir}/libhydra.so.0
-%{_libdir}/libhydra.so.0.0.0
-%{_libdir}/libcharon.so.0
-%{_libdir}/libcharon.so.0.0.0
-%{_libdir}/libstrongswan.so.0
-%{_libdir}/libstrongswan.so.0.0.0
%dir %{_libexecdir}/ipsec
%dir %{_libexecdir}/ipsec/pool
-%{_libexecdir}/ipsec/libchecksum.so
+%dir %{strongswan_libdir}
+%{strongswan_libdir}/libchecksum.so
+%{strongswan_libdir}/libhydra.so.0
+%{strongswan_libdir}/libhydra.so.0.0.0
+%{strongswan_libdir}/libcharon.so.0
+%{strongswan_libdir}/libcharon.so.0.0.0
+%{strongswan_libdir}/libstrongswan.so.0
+%{strongswan_libdir}/libstrongswan.so.0.0.0
%dir %{strongswan_plugins}
%{strongswan_plugins}/libstrongswan-addrblock.so
%{strongswan_plugins}/libstrongswan-aes.so