This commit is contained in:
parent
3a50c4dfde
commit
ece66d5641
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:9d2761b780fd8b11eafce63dc44336ece6941405dae819bd03e62a5f6b2f82fb
|
||||
size 2234335
|
@ -1,9 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1.4.6 (GNU/Linux)
|
||||
|
||||
iQCVAwUAR7TA89YbDnNAmVNZAQJS6wQAil7xDrAGwYgFOaDpv4h6tF53TnQBepLK
|
||||
FhEnxtPNmk5YAwhu8t3qsHIOERzctKt8vwh0fnNZTKP3GeKWl+7f4zYOlQPKEW+S
|
||||
ltsE9dfLBjNDPlToTJHKre6i+u9l+scndf8087vinzsgnqK/JXyGKQ58cAts0ytV
|
||||
JbBe/WhlOiA=
|
||||
=t33J
|
||||
-----END PGP SIGNATURE-----
|
4
strongswan-4.2.1-rpmlintrc
Normal file
4
strongswan-4.2.1-rpmlintrc
Normal file
@ -0,0 +1,4 @@
|
||||
addFilter('strongswan.* shlib-policy-missing-suffix')
|
||||
addFilter("strongswan.* incoherent-init-script-name ipsec")
|
||||
addFilter("strongswan.* devel-file-in-non-devel-package .*/usr/lib.*/ipsec/plugins")
|
||||
|
22
strongswan-4.2.1.dif
Normal file
22
strongswan-4.2.1.dif
Normal file
@ -0,0 +1,22 @@
|
||||
--- src/charon/network/socket-raw.c
|
||||
+++ src/charon/network/socket-raw.c 2008/04/23 09:46:10
|
||||
@@ -16,6 +16,9 @@
|
||||
*
|
||||
* $Id: socket-raw.c 3589 2008-03-13 14:14:44Z martin $
|
||||
*/
|
||||
+#ifndef _GNU_SOURCE
|
||||
+#define _GNU_SOURCE
|
||||
+#endif
|
||||
|
||||
#include <pthread.h>
|
||||
#include <sys/types.h>
|
||||
--- src/charon/plugins/stroke/stroke_cred.c
|
||||
+++ src/charon/plugins/stroke/stroke_cred.c 2008/04/23 09:05:26
|
||||
@@ -19,6 +19,7 @@
|
||||
#include "stroke_shared_key.h"
|
||||
|
||||
#include <sys/stat.h>
|
||||
+#include <limits.h>
|
||||
|
||||
#include <credentials/certificates/x509.h>
|
||||
#include <credentials/certificates/crl.h>
|
3
strongswan-4.2.1.tar.bz2
Normal file
3
strongswan-4.2.1.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:81203cad6e365ac4c5a8203103d75b44916d8f57167e914805000c78912a508f
|
||||
size 2346505
|
9
strongswan-4.2.1.tar.bz2.sig
Normal file
9
strongswan-4.2.1.tar.bz2.sig
Normal file
@ -0,0 +1,9 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1.4.6 (GNU/Linux)
|
||||
|
||||
iQCVAwUASAmpYdYbDnNAmVNZAQLJYQP+Oa8Eqko/tzGdhHVtasGSdGj9S5gkeRqI
|
||||
69mHMB1zTqabicknP4UuZI50G0V6RgAOA18/zilkeuqRfeD9YmYaTnAX1sDFVDRC
|
||||
jgYUrSWlrsqaHk+WctShLO8WN88AIXzQZXPTjQ0rAyyhVpH3PKZliLtCQE9hGN1I
|
||||
p8qt8BTPwVs=
|
||||
=szkI
|
||||
-----END PGP SIGNATURE-----
|
@ -1,3 +1,44 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 23 14:28:41 CEST 2008 - mt@suse.de
|
||||
|
||||
- Updated to 4.2.1 release. A lot of code refactoring in the 4.2
|
||||
release provides much more modularity and therefore much more
|
||||
extensiblity and offers the following new features:
|
||||
* libstrongswan has been modularized to attach crypto algorithms,
|
||||
credential implementations (secret and private keys, certificates)
|
||||
and http/ldap fetchers dynamically through plugins.
|
||||
* A relational database API that uses pluggable database providers
|
||||
was added to libstrongswan including plugins for MySQL and SQLite.
|
||||
* The IKEv2 keying charon daemon has become more extensible. Generic
|
||||
plugins can provide arbitrary interfaces to credential stores and
|
||||
connection management interfaces. Also any EAP method can be added.
|
||||
* The authentication and credential framework in charon has been
|
||||
heavily refactored to support modular credential providers, proper
|
||||
CERTREQ/CERT payload exchanges and extensible authorization rules.
|
||||
* Support for "Hash and URL" encoded certificate payloads has been
|
||||
implemented in the IKEv2 daemon charon.
|
||||
* The IKEv2 daemon charon now supports the "uniqueids" option to
|
||||
close multiple IKE_SAs with the same peer.
|
||||
* The crypto factory in libstrongswan additionally supports random
|
||||
number generators. Plugins may provide other sources of randomness.
|
||||
* Extended the credential framework by a caching option to allow
|
||||
plugins persistent caching of fetched credentials.
|
||||
* The new trust chain verification introduced in 4.2.0 has been
|
||||
parallelized. Threads fetching CRL or OCSP information no longer
|
||||
block other threads.
|
||||
* A new IKEv2 configuration attribute framework has been introduced
|
||||
allowing plugins to provide virtual IP addresses, and in the future,
|
||||
other configuration attribute services (e.g. DNS/WINS servers).
|
||||
* The stroke plugin has been extended to provide virtual IP addresses
|
||||
from a simple pool defined in ipsec.conf.
|
||||
* Fixed compilation on uClibc and a couple of other minor bugs.
|
||||
* The IKEv1 pluto daemon now supports the ESP encryption algorithm
|
||||
CAMELLIA with key lengths of 128, 192, and 256 bits, as well as the
|
||||
authentication algorithm AES_XCBC_MAC.
|
||||
- Applied a small patch defining _GNU_SOURCE for struct in6_pktinfo
|
||||
and adding inclusion of limits.h for PATH_MAX availability.
|
||||
- Added rpmlintrc file and a libtoolize call to the spec file.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 19 11:44:03 CET 2008 - mt@suse.de
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
#
|
||||
# spec file for package strongswan (Version 4.1.11)
|
||||
# spec file for package strongswan (Version 4.2.1)
|
||||
#
|
||||
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# This file and all modifications and additions to the pristine
|
||||
@ -12,9 +12,9 @@
|
||||
|
||||
|
||||
Name: strongswan
|
||||
%define upstream_version 4.1.11
|
||||
%define upstream_version 4.2.1
|
||||
%define strongswan_docdir %{_docdir}/%{name}
|
||||
Version: 4.1.11
|
||||
Version: 4.2.1
|
||||
Release: 1
|
||||
License: GPL v2 or later
|
||||
Group: Productivity/Networking/Security
|
||||
@ -29,7 +29,9 @@ AutoReqProv: on
|
||||
Source0: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2
|
||||
Source1: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2.sig
|
||||
Source2: %{name}.init.in
|
||||
Source3: %{name}-%{version}-rpmlintrc
|
||||
Patch1: %{name}_modprobe_syslog.dif
|
||||
Patch2: %{name}-%{upstream_version}.dif
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildRequires: bison flex gmp-devel gperf pkg-config
|
||||
%if 0%{?suse_version} >= 1030
|
||||
@ -106,6 +108,7 @@ Authors:
|
||||
and others
|
||||
|
||||
%package doc
|
||||
License: GPL v2 or later
|
||||
Summary: StrongSwan -- OpenSource IPsec-based VPN Solution
|
||||
Group: Productivity/Networking/Security
|
||||
|
||||
@ -124,6 +127,7 @@ Authors:
|
||||
%prep
|
||||
%setup -q -n %{name}-%{upstream_version}
|
||||
%patch1 -p0
|
||||
%patch2 -p0
|
||||
sed -e 's|@libexecdir@|%_libexecdir|g' \
|
||||
< $RPM_SOURCE_DIR/strongswan.init.in \
|
||||
> strongswan.init
|
||||
@ -131,6 +135,7 @@ sed -e 's|@libexecdir@|%_libexecdir|g' \
|
||||
%build
|
||||
export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -W -Wall"
|
||||
export CFLAGS="$RPM_OPT_FLAGS"
|
||||
libtoolize --force
|
||||
%{?suse_update_config:%{suse_update_config -f}}
|
||||
autoreconf
|
||||
%configure \
|
||||
@ -194,6 +199,7 @@ fi
|
||||
%defattr(-,root,root)
|
||||
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.conf
|
||||
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.secrets
|
||||
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/strongswan.conf
|
||||
%dir %{_sysconfdir}/ipsec.d
|
||||
%dir %{_sysconfdir}/ipsec.d/crls
|
||||
%dir %{_sysconfdir}/ipsec.d/reqs
|
||||
@ -252,6 +258,44 @@ fi
|
||||
%{_mandir}/man8/starter.8*
|
||||
|
||||
%changelog
|
||||
* Wed Apr 23 2008 mt@suse.de
|
||||
- Updated to 4.2.1 release. A lot of code refactoring in the 4.2
|
||||
release provides much more modularity and therefore much more
|
||||
extensiblity and offers the following new features:
|
||||
* libstrongswan has been modularized to attach crypto algorithms,
|
||||
credential implementations (secret and private keys, certificates)
|
||||
and http/ldap fetchers dynamically through plugins.
|
||||
* A relational database API that uses pluggable database providers
|
||||
was added to libstrongswan including plugins for MySQL and SQLite.
|
||||
* The IKEv2 keying charon daemon has become more extensible. Generic
|
||||
plugins can provide arbitrary interfaces to credential stores and
|
||||
connection management interfaces. Also any EAP method can be added.
|
||||
* The authentication and credential framework in charon has been
|
||||
heavily refactored to support modular credential providers, proper
|
||||
CERTREQ/CERT payload exchanges and extensible authorization rules.
|
||||
* Support for "Hash and URL" encoded certificate payloads has been
|
||||
implemented in the IKEv2 daemon charon.
|
||||
* The IKEv2 daemon charon now supports the "uniqueids" option to
|
||||
close multiple IKE_SAs with the same peer.
|
||||
* The crypto factory in libstrongswan additionally supports random
|
||||
number generators. Plugins may provide other sources of randomness.
|
||||
* Extended the credential framework by a caching option to allow
|
||||
plugins persistent caching of fetched credentials.
|
||||
* The new trust chain verification introduced in 4.2.0 has been
|
||||
parallelized. Threads fetching CRL or OCSP information no longer
|
||||
block other threads.
|
||||
* A new IKEv2 configuration attribute framework has been introduced
|
||||
allowing plugins to provide virtual IP addresses, and in the future,
|
||||
other configuration attribute services (e.g. DNS/WINS servers).
|
||||
* The stroke plugin has been extended to provide virtual IP addresses
|
||||
from a simple pool defined in ipsec.conf.
|
||||
* Fixed compilation on uClibc and a couple of other minor bugs.
|
||||
* The IKEv1 pluto daemon now supports the ESP encryption algorithm
|
||||
CAMELLIA with key lengths of 128, 192, and 256 bits, as well as the
|
||||
authentication algorithm AES_XCBC_MAC.
|
||||
- Applied a small patch defining _GNU_SOURCE for struct in6_pktinfo
|
||||
and adding inclusion of limits.h for PATH_MAX availability.
|
||||
- Added rpmlintrc file and a libtoolize call to the spec file.
|
||||
* Tue Feb 19 2008 mt@suse.de
|
||||
- Updated to 4.1.11 maintenance release, providing following fixes:
|
||||
* IKE rekeying in NAT situations did not inherit the NAT conditions
|
||||
|
Loading…
Reference in New Issue
Block a user