Accepting request 1294327 from network:vpn

- Update to release 6.0.2

OBS-URL: https://build.opensuse.org/request/show/1294327
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=102

_scmsync.obsinfo

@@ -0,0 +1,4 @@
+mtime: 1752828417
+commit: 53632c49fad42e0d2ff502512a76d7c6158cbaa97a5984e755be4fcbf2c2d5c7
+url: https://src.opensuse.org/jengelh/strongswan
+revision: master

build.specials.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cc2b211124f3ea69b1ea6ded446741583e779ec9693da521c47e7180de5b5cab
+size 256

init.patch

@@ -1,31 +0,0 @@
-From c58507ff186ae9cf014c0b54082c8bf74aef3219 Mon Sep 17 00:00:00 2001
-From: Jan Engelhardt <jengelh@inai.de>
-Date: Tue, 3 Dec 2024 21:56:33 +0100
-Subject: [PATCH] init: put strongswan-starter.service behind USE_FILE_CONFIG
-References: https://github.com/strongswan/strongswan/pull/2553
-
-stroke is no longer enabled by default, but the systemd unit
-still is copied on `make install`. Fix that.
----
- init/Makefile.am | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/init/Makefile.am b/init/Makefile.am
-index 54c090cea..824ebd695 100644
---- a/init/Makefile.am
-+++ b/init/Makefile.am
-@@ -3,9 +3,11 @@ SUBDIRS =
- 
- if USE_LEGACY_SYSTEMD
- if USE_CHARON
-+if USE_FILE_CONFIG
-   SUBDIRS += systemd-starter
- endif
- endif
-+endif
- 
- if USE_SYSTEMD
- if USE_SWANCTL
--- 
-2.47.1
-

strongswan-6.0.1.tar.bz2.sig

@@ -1,14 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmfPLskACgkQ30LBcLNN
-undnTgv/QKNJydFuLb5lmgU0TcbMJ+KXdUVA+b0phh+846mR4Ys4TGLqk1zmoA0e
-/l216xZeCDGzbGoZtZKJYzY+rwkB25hgjTXHOWcz6wPN4CzEA3szWLi6j+ZGQ40C
-JUUEy4m42iGJRQoSmWdLMrIxzWnPO4SViwZkMSiyRuUGMObRq4+utOIeK9Y8mw9x
-mrrzknvXKO7FUjErgY1a/CiZi2STGq9Ilz17LQ4uaIypTUj7Mfc2UJcAR3PdVaa9
-E6DW8wXYiDG9+RA9lGiEsSamciFaQDsA/MwT3Ys3zpr1o/24O39/CxscnUKFHgCN
-backowMyOykAhSXZf+tuGfPMWkYK5B3TO7vuJPpu9FXCkKJgKGCcoPb1IFDAxnkT
-F/hYsOrCNQrbJGKqNXiP+9RWa993p7B0y72bqbBSes2ciGpolIF1ZxDbHRHOejr/
-R9R/VE8UCiqFFuFmQJv4p9El+Ap6opuCLukmSb/XFsz3x59+elIwkN+k55Z0WTf8
-EPSTgay4
-=b+qt
------END PGP SIGNATURE-----

strongswan-6.0.2.tar.bz2.sig

@@ -0,0 +1,14 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmhzZ7MACgkQ30LBcLNN
+und9wQv+O2IUyvwR8T7+hDt9JIXcGWLdN6/gV42l0mR/KY5Yg18w57SQNbPqoIHq
+OddaLAMmd2yRWtpSCd8eTjBJjuBq5h2LX3w5mdu7x97+Y3tI3QWUCG9zC9Sjiu3D
+o+5KkRpUyXjWZ8068RMBVJ/zFXnybF5cCSqnC+NBDkRMoA6OjytgP+cVdPnO9GTY
+f4rEiuu8DYrdVDGv2elvLihXzhRzfxgPRYHgO3KfwBWdhg0mS/CucVx3piUqoVjt
+RR4XdyKpOU+Yh/ObACGTY3yIGxMKfKlsDbOVeH1xzlL8ZKRsRhB+GAuJ7Vz3wJRP
+ZXcW+00ZXxichUfyUcd8fEiIpgcODIT0u19ZF62fqe1VL0ltGw+Uvdn1L6VEV/ZQ
+VzGl6tByRpQegmw4/ElmYFynYnj7d8hQm9SZguX1d8DHg6Oyz3jRq13JBqKcuQYZ
+ljLWqCH+FBWwdGyU4Oh7vhHdVHKoXU2g/LuUN7G0BfW6r7fVkQKcFvSZK/qf5CtC
+Anpr4za4
+=JGRz
+-----END PGP SIGNATURE-----

strongswan-gcc15-part1.patch

@@ -1,416 +0,0 @@
-From d5d2568ff0e88d364dadf50b67bf17050763cf98 Mon Sep 17 00:00:00 2001
-From: Tobias Brunner <tobias@strongswan.org>
-Date: Fri, 21 Feb 2025 16:45:57 +0100
-Subject: [PATCH] callback-job: Replace return_false() in constructors with
- dedicated function
-
-Besides being clearer, this fixes issues with GCC 15.  The latter uses
-C23 by default, which changes the meaning of function declarations
-without parameters such as
-
-	bool return false();
-
-Instead of "this function takes an unknown number of arguments", this
-now equals (void), that is, "this function takes no arguments".  So we
-run into incompatible pointer type warnings all over when using such
-functions.  They could be cast to (void*) but this seems the cleaner
-solution for this use case.
----
- src/charon-cmd/cmd/cmd_connection.c                   |  2 +-
- .../jni/libandroidbridge/backend/android_dns_proxy.c  |  2 +-
- .../jni/libandroidbridge/backend/android_service.c    |  6 +++---
- src/libcharon/network/receiver.c                      |  2 +-
- src/libcharon/network/sender.c                        |  2 +-
- .../plugins/bypass_lan/bypass_lan_listener.c          |  4 ++--
- .../plugins/eap_radius/eap_radius_accounting.c        |  2 +-
- src/libcharon/plugins/eap_radius/eap_radius_plugin.c  |  2 +-
- src/libcharon/plugins/ha/ha_ctl.c                     |  2 +-
- src/libcharon/plugins/ha/ha_dispatcher.c              |  2 +-
- src/libcharon/plugins/ha/ha_segments.c                |  6 +++---
- .../kernel_libipsec/kernel_libipsec_esp_handler.c     |  2 +-
- .../plugins/kernel_libipsec/kernel_libipsec_router.c  |  2 +-
- src/libcharon/plugins/smp/smp.c                       |  4 ++--
- src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c   |  2 +-
- src/libcharon/plugins/uci/uci_control.c               |  2 +-
- src/libipsec/ipsec_event_relay.c                      |  2 +-
- src/libipsec/ipsec_processor.c                        |  4 ++--
- src/libpttls/pt_tls_dispatcher.c                      |  2 +-
- src/libstrongswan/networking/streams/stream_service.c |  2 +-
- src/libstrongswan/processing/jobs/callback_job.c      | 10 +++++++++-
- src/libstrongswan/processing/jobs/callback_job.h      | 11 ++++++++++-
- src/libstrongswan/processing/scheduler.c              |  3 ++-
- src/libstrongswan/processing/watcher.c                |  4 ++--
- src/libtls/tests/suites/test_socket.c                 |  2 +-
- 25 files changed, 51 insertions(+), 33 deletions(-)
-
-diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c
-index 8e8d8236e52..e220e33a62a 100644
---- a/src/charon-cmd/cmd/cmd_connection.c
-+++ b/src/charon-cmd/cmd/cmd_connection.c
-@@ -585,7 +585,7 @@ cmd_connection_t *cmd_connection_create()
- 	lib->processor->queue_job(lib->processor,
- 		(job_t*)callback_job_create_with_prio(
- 			(callback_job_cb_t)initiate, this, NULL,
--			(callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
-+			callback_job_cancel_thread, JOB_PRIO_CRITICAL));
- 
- 	return &this->public;
- }
-diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c
-index e79d5974409..480d1d622d5 100644
---- a/src/libcharon/network/receiver.c
-+++ b/src/libcharon/network/receiver.c
-@@ -737,7 +737,7 @@ receiver_t *receiver_create()
- 
- 	lib->processor->queue_job(lib->processor,
- 		(job_t*)callback_job_create_with_prio((callback_job_cb_t)receive_packets,
--			this, NULL, (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
-+			this, NULL, callback_job_cancel_thread, JOB_PRIO_CRITICAL));
- 
- 	return &this->public;
- }
-diff --git a/src/libcharon/network/sender.c b/src/libcharon/network/sender.c
-index 4543766d62e..3fcd17f1b63 100644
---- a/src/libcharon/network/sender.c
-+++ b/src/libcharon/network/sender.c
-@@ -216,7 +216,7 @@ sender_t * sender_create()
- 
- 	lib->processor->queue_job(lib->processor,
- 		(job_t*)callback_job_create_with_prio((callback_job_cb_t)send_packets,
--			this, NULL, (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
-+			this, NULL, callback_job_cancel_thread, JOB_PRIO_CRITICAL));
- 
- 	return &this->public;
- }
-diff --git a/src/libcharon/plugins/bypass_lan/bypass_lan_listener.c b/src/libcharon/plugins/bypass_lan/bypass_lan_listener.c
-index db7abd8146b..c9aed3666fc 100644
---- a/src/libcharon/plugins/bypass_lan/bypass_lan_listener.c
-+++ b/src/libcharon/plugins/bypass_lan/bypass_lan_listener.c
-@@ -227,7 +227,7 @@ METHOD(kernel_listener_t, roam, bool,
- {
- 	lib->processor->queue_job(lib->processor,
- 			(job_t*)callback_job_create((callback_job_cb_t)update_bypass, this,
--									NULL, (callback_job_cancel_t)return_false));
-+									NULL, callback_job_cancel_thread));
- 	return TRUE;
- }
- 
-@@ -269,7 +269,7 @@ METHOD(bypass_lan_listener_t, reload_interfaces, void,
- 	this->mutex->unlock(this->mutex);
- 	lib->processor->queue_job(lib->processor,
- 			(job_t*)callback_job_create((callback_job_cb_t)update_bypass, this,
--									NULL, (callback_job_cancel_t)return_false));
-+									NULL, callback_job_cancel_thread));
- }
- 
- METHOD(bypass_lan_listener_t, destroy, void,
-diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
-index f833dc3c0b4..2f29d080764 100644
---- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
-+++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
-@@ -706,7 +706,7 @@ static void schedule_interim(private_eap_radius_accounting_t *this,
- 			(job_t*)callback_job_create_with_prio(
- 				(callback_job_cb_t)send_interim,
- 				data, (void*)destroy_interim_data,
--				(callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL), tv);
-+				callback_job_cancel_thread, JOB_PRIO_CRITICAL), tv);
- 	}
- }
- 
-diff --git a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
-index 5051542615a..55d5e032cea 100644
---- a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
-+++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
-@@ -445,7 +445,7 @@ void eap_radius_handle_timeout(ike_sa_id_t *id)
- 		lib->processor->queue_job(lib->processor,
- 				(job_t*)callback_job_create_with_prio(
- 						(callback_job_cb_t)delete_all_async, NULL, NULL,
--						(callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
-+						callback_job_cancel_thread, JOB_PRIO_CRITICAL));
- 	}
- 	else if (id)
- 	{
-diff --git a/src/libcharon/plugins/ha/ha_ctl.c b/src/libcharon/plugins/ha/ha_ctl.c
-index 8859bae166b..3d2ac7de84d 100644
---- a/src/libcharon/plugins/ha/ha_ctl.c
-+++ b/src/libcharon/plugins/ha/ha_ctl.c
-@@ -199,6 +199,6 @@ ha_ctl_t *ha_ctl_create(ha_segments_t *segments, ha_cache_t *cache)
- 
- 	lib->processor->queue_job(lib->processor,
- 		(job_t*)callback_job_create_with_prio((callback_job_cb_t)dispatch_fifo,
--			this, NULL, (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
-+			this, NULL, callback_job_cancel_thread, JOB_PRIO_CRITICAL));
- 	return &this->public;
- }
-diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c
-index 5de26a65a27..83be91ab159 100644
---- a/src/libcharon/plugins/ha/ha_dispatcher.c
-+++ b/src/libcharon/plugins/ha/ha_dispatcher.c
-@@ -1184,7 +1184,7 @@ ha_dispatcher_t *ha_dispatcher_create(ha_socket_t *socket,
- 	);
- 	lib->processor->queue_job(lib->processor,
- 		(job_t*)callback_job_create_with_prio((callback_job_cb_t)dispatch, this,
--				NULL, (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
-+				NULL, callback_job_cancel_thread, JOB_PRIO_CRITICAL));
- 
- 	return &this->public;
- }
-diff --git a/src/libcharon/plugins/ha/ha_segments.c b/src/libcharon/plugins/ha/ha_segments.c
-index afb76b39ea2..32d9ee40717 100644
---- a/src/libcharon/plugins/ha/ha_segments.c
-+++ b/src/libcharon/plugins/ha/ha_segments.c
-@@ -316,7 +316,7 @@ static void start_watchdog(private_ha_segments_t *this)
- 	this->heartbeat_active = TRUE;
- 	lib->processor->queue_job(lib->processor,
- 		(job_t*)callback_job_create_with_prio((callback_job_cb_t)watchdog, this,
--				NULL, (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
-+				NULL, callback_job_cancel_thread, JOB_PRIO_CRITICAL));
- }
- 
- METHOD(ha_segments_t, handle_status, void,
-@@ -404,7 +404,7 @@ static void start_heartbeat(private_ha_segments_t *this)
- {
- 	lib->processor->queue_job(lib->processor,
- 		(job_t*)callback_job_create_with_prio((callback_job_cb_t)send_status,
--			this, NULL, (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
-+			this, NULL, callback_job_cancel_thread, JOB_PRIO_CRITICAL));
- }
- 
- /**
-@@ -451,7 +451,7 @@ static void start_autobalance(private_ha_segments_t *this)
- 	DBG1(DBG_CFG, "scheduling HA autobalance every %ds", this->autobalance);
- 	lib->scheduler->schedule_job(lib->scheduler,
- 		(job_t*)callback_job_create_with_prio((callback_job_cb_t)autobalance,
--			this, NULL, (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL),
-+			this, NULL, callback_job_cancel_thread, JOB_PRIO_CRITICAL),
- 		this->autobalance);
- }
- 
-diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_esp_handler.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_esp_handler.c
-index 095ad67b4b0..c18e266e4d1 100644
---- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_esp_handler.c
-+++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_esp_handler.c
-@@ -337,7 +337,7 @@ kernel_libipsec_esp_handler_t *kernel_libipsec_esp_handler_create()
- 	}
- 	lib->processor->queue_job(lib->processor,
- 			(job_t*)callback_job_create(send_esp, this, NULL,
--										(callback_job_cancel_t)return_false));
-+										callback_job_cancel_thread));
- 	return &this->public;
- }
- 
-diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c
-index 74746e251de..07adc70be3e 100644
---- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c
-+++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c
-@@ -364,7 +364,7 @@ kernel_libipsec_router_t *kernel_libipsec_router_create()
- 	charon->receiver->add_esp_cb(charon->receiver, receiver_esp_cb, NULL);
- 	lib->processor->queue_job(lib->processor,
- 			(job_t*)callback_job_create((callback_job_cb_t)handle_plain, this,
--									NULL, (callback_job_cancel_t)return_false));
-+										NULL, callback_job_cancel_thread));
- 
- 	router = &this->public;
- 	return &this->public;
-diff --git a/src/libcharon/plugins/smp/smp.c b/src/libcharon/plugins/smp/smp.c
-index 6ca9f13997e..85ff5830bc5 100644
---- a/src/libcharon/plugins/smp/smp.c
-+++ b/src/libcharon/plugins/smp/smp.c
-@@ -710,7 +710,7 @@ static job_requeue_t dispatch(private_smp_t *this)
- 	fdp = malloc_thing(int);
- 	*fdp = fd;
- 	job = callback_job_create((callback_job_cb_t)process, fdp, free,
--							  (callback_job_cancel_t)return_false);
-+							  callback_job_cancel_thread);
- 	lib->processor->queue_job(lib->processor, (job_t*)job);
- 
- 	return JOB_REQUEUE_DIRECT;
-@@ -800,7 +800,7 @@ plugin_t *smp_plugin_create()
- 
- 	lib->processor->queue_job(lib->processor,
- 		(job_t*)callback_job_create_with_prio((callback_job_cb_t)dispatch, this,
--				NULL, (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
-+				NULL, callback_job_cancel_thread, JOB_PRIO_CRITICAL));
- 
- 	return &this->public.plugin;
- }
-diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c
-index 30aeb116dec..da317a894d9 100644
---- a/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c
-+++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c
-@@ -210,7 +210,7 @@ METHOD(tnc_pdp_connections_t, add, void,
- 	/* schedule timeout checking */
- 	lib->scheduler->schedule_job_ms(lib->scheduler,
- 				(job_t*)callback_job_create((callback_job_cb_t)check_timeouts,
--					this, NULL, (callback_job_cancel_t)return_false),
-+					this, NULL, callback_job_cancel_thread),
- 				this->timeout * 1000);
- 
- 	dbg_nas_user(nas_id, user_name, FALSE, "created");
-diff --git a/src/libcharon/plugins/uci/uci_control.c b/src/libcharon/plugins/uci/uci_control.c
-index b033c832c8c..8074005ee57 100644
---- a/src/libcharon/plugins/uci/uci_control.c
-+++ b/src/libcharon/plugins/uci/uci_control.c
-@@ -296,7 +296,7 @@ uci_control_t *uci_control_create()
- 	{
- 		lib->processor->queue_job(lib->processor,
- 			(job_t*)callback_job_create_with_prio((callback_job_cb_t)receive,
--							this, NULL, (callback_job_cancel_t)return_false,
-+							this, NULL, callback_job_cancel_thread,
- 							JOB_PRIO_CRITICAL));
- 	}
- 	return &this->public;
-diff --git a/src/libipsec/ipsec_event_relay.c b/src/libipsec/ipsec_event_relay.c
-index 0f10795d168..802146eef21 100644
---- a/src/libipsec/ipsec_event_relay.c
-+++ b/src/libipsec/ipsec_event_relay.c
-@@ -230,7 +230,7 @@ ipsec_event_relay_t *ipsec_event_relay_create()
- 
- 	lib->processor->queue_job(lib->processor,
- 		(job_t*)callback_job_create((callback_job_cb_t)handle_events, this,
--			NULL, (callback_job_cancel_t)return_false));
-+			NULL, callback_job_cancel_thread));
- 
- 	return &this->public;
- }
-diff --git a/src/libipsec/ipsec_processor.c b/src/libipsec/ipsec_processor.c
-index 2572b088089..8549fefe261 100644
---- a/src/libipsec/ipsec_processor.c
-+++ b/src/libipsec/ipsec_processor.c
-@@ -336,9 +336,9 @@ ipsec_processor_t *ipsec_processor_create()
- 
- 	lib->processor->queue_job(lib->processor,
- 		(job_t*)callback_job_create((callback_job_cb_t)process_inbound, this,
--									NULL, (callback_job_cancel_t)return_false));
-+									NULL, callback_job_cancel_thread));
- 	lib->processor->queue_job(lib->processor,
- 		(job_t*)callback_job_create((callback_job_cb_t)process_outbound, this,
--									NULL, (callback_job_cancel_t)return_false));
-+									NULL, callback_job_cancel_thread));
- 	return &this->public;
- }
-diff --git a/src/libpttls/pt_tls_dispatcher.c b/src/libpttls/pt_tls_dispatcher.c
-index a134bee238f..c7e42b277e1 100644
---- a/src/libpttls/pt_tls_dispatcher.c
-+++ b/src/libpttls/pt_tls_dispatcher.c
-@@ -156,7 +156,7 @@ METHOD(pt_tls_dispatcher_t, dispatch, void,
- 		lib->processor->queue_job(lib->processor,
- 				(job_t*)callback_job_create_with_prio((callback_job_cb_t)handle,
- 										connection, (void*)cleanup,
--										(callback_job_cancel_t)return_false,
-+										callback_job_cancel_thread,
- 										JOB_PRIO_CRITICAL));
- 	}
- }
-diff --git a/src/libstrongswan/networking/streams/stream_service.c b/src/libstrongswan/networking/streams/stream_service.c
-index 5b709a2247d..c85a0664351 100644
---- a/src/libstrongswan/networking/streams/stream_service.c
-+++ b/src/libstrongswan/networking/streams/stream_service.c
-@@ -221,7 +221,7 @@ static bool watch(private_stream_service_t *this, int fd, watcher_event_t event)
- 
- 		lib->processor->queue_job(lib->processor,
- 			(job_t*)callback_job_create_with_prio((void*)accept_async, data,
--				(void*)destroy_async_data, (callback_job_cancel_t)return_false,
-+				(void*)destroy_async_data, callback_job_cancel_thread,
- 				this->prio));
- 	}
- 	else
-diff --git a/src/libstrongswan/processing/jobs/callback_job.c b/src/libstrongswan/processing/jobs/callback_job.c
-index cb2a0aba5b9..3ab40b947c9 100644
---- a/src/libstrongswan/processing/jobs/callback_job.c
-+++ b/src/libstrongswan/processing/jobs/callback_job.c
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (C) 2009-2012 Tobias Brunner
-+ * Copyright (C) 2009-2025 Tobias Brunner
-  * Copyright (C) 2007-2011 Martin Willi
-  *
-  * Copyright (C) secunet Security Networks AG
-@@ -131,3 +131,11 @@ callback_job_t *callback_job_create(callback_job_cb_t cb, void *data,
- 	return callback_job_create_with_prio(cb, data, cleanup, cancel,
- 										 JOB_PRIO_MEDIUM);
- }
-+
-+/*
-+ * Described in header
-+ */
-+bool callback_job_cancel_thread(void *data)
-+{
-+	return FALSE;
-+}
-diff --git a/src/libstrongswan/processing/jobs/callback_job.h b/src/libstrongswan/processing/jobs/callback_job.h
-index 0f1ae212d87..fda86887944 100644
---- a/src/libstrongswan/processing/jobs/callback_job.h
-+++ b/src/libstrongswan/processing/jobs/callback_job.h
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (C) 2012 Tobias Brunner
-+ * Copyright (C) 2012-2025 Tobias Brunner
-  * Copyright (C) 2007-2011 Martin Willi
-  *
-  * Copyright (C) secunet Security Networks AG
-@@ -62,6 +62,15 @@ typedef void (*callback_job_cleanup_t)(void *data);
-  */
- typedef bool (*callback_job_cancel_t)(void *data);
- 
-+/**
-+ * Default implementation of callback_job_cancel_t that simply returns FALSE
-+ * to force cancellation of the thread by the processor.
-+ *
-+ * @param data			ignored argument
-+ * @return				always returns FALSE
-+ */
-+bool callback_job_cancel_thread(void *data);
-+
- /**
-  * Class representing an callback Job.
-  *
-diff --git a/src/libstrongswan/processing/scheduler.c b/src/libstrongswan/processing/scheduler.c
-index c5e5dd83e70..76d98ddff51 100644
---- a/src/libstrongswan/processing/scheduler.c
-+++ b/src/libstrongswan/processing/scheduler.c
-@@ -329,7 +329,8 @@ scheduler_t * scheduler_create()
- 	this->heap = (event_t**)calloc(this->heap_size + 1, sizeof(event_t*));
- 
- 	job = callback_job_create_with_prio((callback_job_cb_t)schedule, this,
--										NULL, return_false, JOB_PRIO_CRITICAL);
-+										NULL, callback_job_cancel_thread,
-+										JOB_PRIO_CRITICAL);
- 	lib->processor->queue_job(lib->processor, (job_t*)job);
- 
- 	return &this->public;
-diff --git a/src/libstrongswan/processing/watcher.c b/src/libstrongswan/processing/watcher.c
-index 1200d670959..a86ec0910d1 100644
---- a/src/libstrongswan/processing/watcher.c
-+++ b/src/libstrongswan/processing/watcher.c
-@@ -291,7 +291,7 @@ static void notify(private_watcher_t *this, entry_t *entry,
- 
- 	this->jobs->insert_last(this->jobs,
- 					callback_job_create_with_prio((void*)notify_async, data,
--						(void*)notify_end, (callback_job_cancel_t)return_false,
-+						(void*)notify_end, callback_job_cancel_thread,
- 						JOB_PRIO_CRITICAL));
- }
- 
-@@ -559,7 +559,7 @@ METHOD(watcher_t, add, void,
- 
- 		lib->processor->queue_job(lib->processor,
- 			(job_t*)callback_job_create_with_prio((void*)watch, this,
--				NULL, (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
-+				NULL, callback_job_cancel_thread, JOB_PRIO_CRITICAL));
- 	}
- 	else
- 	{
-diff --git a/src/libtls/tests/suites/test_socket.c b/src/libtls/tests/suites/test_socket.c
-index 91ee58b975f..c17d0a8873e 100644
---- a/src/libtls/tests/suites/test_socket.c
-+++ b/src/libtls/tests/suites/test_socket.c
-@@ -587,7 +587,7 @@ static void start_echo_server(echo_server_config_t *config)
- 
- 	lib->processor->queue_job(lib->processor, (job_t*)
- 				callback_job_create((void*)serve_echo, config, NULL,
--									(callback_job_cancel_t)return_false));
-+									callback_job_cancel_thread));
- }
- 
- /**

strongswan-gcc15-part2.patch

@@ -1,115 +0,0 @@
-From 11978ddd39e800b5f35f721d726e8a4cb7e4ec0f Mon Sep 17 00:00:00 2001
-From: Tobias Brunner <tobias@strongswan.org>
-Date: Fri, 21 Feb 2025 17:00:44 +0100
-Subject: [PATCH] Cast uses of return_*(), nop() and enumerator_create_empty()
-
-As described in the previous commit, GCC 15 uses C23 by default and that
-changes the meaning of such argument-less function declarations.  So
-whenever we assign such a function to a pointer that expects a function
-with arguments it causes an incompatible pointer type warning.  We
-could define dedicated functions/callbacks whenever necessary, but this
-seems like the simpler approach for now (especially since most uses of
-these functions have already been cast).
----
- src/charon-nm/nm/nm_handler.c                           | 2 +-
- src/libcharon/encoding/payloads/encrypted_payload.c     | 2 +-
- src/libcharon/plugins/android_dns/android_dns_handler.c | 2 +-
- src/libcharon/plugins/ha/ha_attribute.c                 | 2 +-
- src/libcharon/plugins/updown/updown_handler.c           | 2 +-
- src/libstrongswan/utils/identification.c                | 6 +++---
- 6 files changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/src/charon-nm/nm/nm_handler.c b/src/charon-nm/nm/nm_handler.c
-index d7331ad72f6..39d0190ac9e 100644
---- a/src/charon-nm/nm/nm_handler.c
-+++ b/src/charon-nm/nm/nm_handler.c
-@@ -195,7 +195,7 @@ nm_handler_t *nm_handler_create()
- 		.public = {
- 			.handler = {
- 				.handle = _handle,
--				.release = nop,
-+				.release = (void*)nop,
- 				.create_attribute_enumerator = _create_attribute_enumerator,
- 			},
- 			.create_enumerator = _create_enumerator,
-diff --git a/src/libcharon/encoding/payloads/encrypted_payload.c b/src/libcharon/encoding/payloads/encrypted_payload.c
-index 676d00b7a29..4821c6108ed 100644
---- a/src/libcharon/encoding/payloads/encrypted_payload.c
-+++ b/src/libcharon/encoding/payloads/encrypted_payload.c
-@@ -1023,7 +1023,7 @@ encrypted_fragment_payload_t *encrypted_fragment_payload_create()
- 				.get_length = _frag_get_length,
- 				.add_payload = _frag_add_payload,
- 				.remove_payload = (void*)return_null,
--				.generate_payloads = nop,
-+				.generate_payloads = (void*)nop,
- 				.set_transform = _frag_set_transform,
- 				.get_transform = _frag_get_transform,
- 				.encrypt = _frag_encrypt,
-diff --git a/src/libcharon/plugins/android_dns/android_dns_handler.c b/src/libcharon/plugins/android_dns/android_dns_handler.c
-index 78f4f702aec..14d2ff99aa3 100644
---- a/src/libcharon/plugins/android_dns/android_dns_handler.c
-+++ b/src/libcharon/plugins/android_dns/android_dns_handler.c
-@@ -191,7 +191,7 @@ METHOD(enumerator_t, enumerate_dns, bool,
- 	VA_ARGS_VGET(args, type, data);
- 	*type = INTERNAL_IP4_DNS;
- 	*data = chunk_empty;
--	this->venumerate = return_false;
-+	this->venumerate = (void*)return_false;
- 	return TRUE;
- }
- 
-diff --git a/src/libcharon/plugins/ha/ha_attribute.c b/src/libcharon/plugins/ha/ha_attribute.c
-index b865a4b829b..103d1a93784 100644
---- a/src/libcharon/plugins/ha/ha_attribute.c
-+++ b/src/libcharon/plugins/ha/ha_attribute.c
-@@ -381,7 +381,7 @@ ha_attribute_t *ha_attribute_create(ha_kernel_t *kernel, ha_segments_t *segments
- 			.provider = {
- 				.acquire_address = _acquire_address,
- 				.release_address = _release_address,
--				.create_attribute_enumerator = enumerator_create_empty,
-+				.create_attribute_enumerator = (void*)enumerator_create_empty,
- 			},
- 			.reserve = _reserve,
- 			.destroy = _destroy,
-diff --git a/src/libcharon/plugins/updown/updown_handler.c b/src/libcharon/plugins/updown/updown_handler.c
-index 36eb15615a4..3707e1e658c 100644
---- a/src/libcharon/plugins/updown/updown_handler.c
-+++ b/src/libcharon/plugins/updown/updown_handler.c
-@@ -220,7 +220,7 @@ updown_handler_t *updown_handler_create()
- 			.handler = {
- 				.handle = _handle,
- 				.release = _release,
--				.create_attribute_enumerator = enumerator_create_empty,
-+				.create_attribute_enumerator = (void*)enumerator_create_empty,
- 			},
- 			.create_dns_enumerator = _create_dns_enumerator,
- 			.destroy = _destroy,
-diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
-index d31955b3806..58a05052dc1 100644
---- a/src/libstrongswan/utils/identification.c
-+++ b/src/libstrongswan/utils/identification.c
-@@ -1625,7 +1625,7 @@ static private_identification_t *identification_create(id_type_t type)
- 			this->public.hash = _hash_binary;
- 			this->public.equals = _equals_binary;
- 			this->public.matches = _matches_any;
--			this->public.contains_wildcards = return_true;
-+			this->public.contains_wildcards = (void*)return_true;
- 			break;
- 		case ID_FQDN:
- 		case ID_RFC822_ADDR:
-@@ -1660,13 +1660,13 @@ static private_identification_t *identification_create(id_type_t type)
- 			this->public.hash = _hash_binary;
- 			this->public.equals = _equals_binary;
- 			this->public.matches = _matches_range;
--			this->public.contains_wildcards = return_false;
-+			this->public.contains_wildcards = (void*)return_false;
- 			break;
- 		default:
- 			this->public.hash = _hash_binary;
- 			this->public.equals = _equals_binary;
- 			this->public.matches = _matches_binary;
--			this->public.contains_wildcards = return_false;
-+			this->public.contains_wildcards = (void*)return_false;
- 			break;
- 	}
- 	return this;

strongswan-gcc15-part3.patch

@@ -1,23 +0,0 @@
-From a7b5de569082398a14b7e571498e55d005903aaf Mon Sep 17 00:00:00 2001
-From: Tobias Brunner <tobias@strongswan.org>
-Date: Fri, 21 Feb 2025 17:18:35 +0100
-Subject: [PATCH] pki: Fix signature of help() to match that of a callback in
- command_t
-
----
- src/pki/command.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/pki/command.c b/src/pki/command.c
-index accec5fe51b..6e6bf041e18 100644
---- a/src/pki/command.c
-+++ b/src/pki/command.c
-@@ -265,7 +265,7 @@ int command_usage(char *error)
- /**
-  * Show usage information
-  */
--static int help(int c, char *v[])
-+static int help()
- {
- 	return command_usage(NULL);
- }

strongswan.changes

@@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Mon Jul 14 21:10:28 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 6.0.2
+  * Support for per-CPU SAs (RFC 9611) has been added on Linux
+    6.13+. The new per_cpu_sas setting enables the installation of
+    special trap policies (start_action=trap) that instruct the
+    kernel to consider the CPU from which a packet originates.
+  * Basic support for IP-TFS's (RFC 9347) new AGGFRAG mode has been
+    added on Linux 6.14+. It's similar to tunnel mode but allows
+    aggregating small IP packets into single ESP packets and
+    fragmenting large IP packets into multiple ESP packets.
+  * POSIX regular expressions are now supported to match remote
+    identities. They must start with an explicit type prefix,
+    followed by a caret character (^), and end with a dollar sign
+    ($) to indicate an anchored pattern. Regular expressions are
+    always matched case insensitive against the string
+    representation of other identities, however, the type must
+    match as well.
+  * Switching configs based on EAP-Identities is supported. This
+    changes how configured EAP identities are used. Instead of
+    statically setting and using a configured remote.eap_id !=
+    %any, an EAP-Identity exchange is now always initiated (and
+    required). If the received identity doesn't match the
+    configuration, the peer config is switched to one with a
+    matching identity (wildcards and regular expressions are
+    supported for that match).
+  * ML-KEM is now supported via OpenSSL 3.5+ by the openssl plugin.
+- Delete init.patch (merged), strongswan-gcc15-part1.patch
+  strongswan-gcc15-part2.patch, strongswan-gcc15-part3.patch
+
 -------------------------------------------------------------------
 Thu Jun  5 07:41:56 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
 

strongswan.spec

@@ -39,7 +39,7 @@
 %bcond_without  systemd
 
 Name:           strongswan
-Version:        6.0.1
+Version:        6.0.2
 Release:        0
 Summary:        IPsec-based VPN solution
 License:        GPL-2.0-or-later
@@ -55,10 +55,6 @@ Source7:        fips-enforce.conf
 Patch2:         %{name}_ipsec_service.patch
 Patch5:         0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch
 Patch6:         harden_strongswan.service.patch
-Patch7:         init.patch
-Patch11:        strongswan-gcc15-part1.patch
-Patch12:        strongswan-gcc15-part2.patch
-Patch13:        strongswan-gcc15-part3.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  bison
@@ -476,6 +472,7 @@ fi
 %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon-logging.conf
 %config(noreplace) %attr(600,root,root) %{strongswan_configs}/imcv.conf
 %config(noreplace) %attr(600,root,root) %{strongswan_configs}/imv_policy_manager.conf
+%config(noreplace) %attr(600,root,root) %{strongswan_configs}/iptfs.conf
 %config(noreplace) %attr(600,root,root) %{strongswan_configs}/pki.conf
 %config(noreplace) %attr(600,root,root) %{strongswan_configs}/pool.conf
 %config(noreplace) %attr(600,root,root) %{strongswan_configs}/tnc.conf
@@ -776,6 +773,7 @@ fi
 %{strongswan_templates}/config/strongswan.d/charon-nm.conf
 %{strongswan_templates}/config/strongswan.d/imcv.conf
 %{strongswan_templates}/config/strongswan.d/imv_policy_manager.conf
+%{strongswan_templates}/config/strongswan.d/iptfs.conf
 %{strongswan_templates}/config/strongswan.d/pki.conf
 %{strongswan_templates}/config/strongswan.d/pool.conf
 %{strongswan_templates}/config/strongswan.d/tnc.conf