From 9dc0c277ab1f98d610e931fe89c1bcd18c158ca223a85376706ca23f78aff775 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Mon, 14 Mar 2011 11:31:45 +0000 Subject: [PATCH 1/2] - Updated to strongSwan 4.5.1 release, changes overview since 4.5.0: * Implements RFC 5793 Posture Broker Protocol (BP) * Re-implemented TNCCS 1.1 protocol * Allows to store IKE and ESP proposals in an SQL database * Allows to store CRL and OCSP cert points in an SQL database * New 'include' statement in strongswan.conf allows recursions * Modifications of strongswan.conf parser, cause syntax attr plugin syntax changes. * ipsec listalgs now appends the plugin registering an algo * Adds support for Traffic Flow Confidentiality with Linux 2.6.38 * New af-alg plugin allows to use new primitives in 2.6.38 crypto api and removes the need for additional userland implementations. * IKEv2 daemon supports the INITIAL_CONTACT notify * conftest conformance testing framework * new constraints plugin provides advanced X.509 constraint checking * left/rightauth ipsec.conf keywords accept minimum strengths * basic support for delta CRLs See the NEWS file or http://download.strongswan.org/CHANGES4.txt for a detailed description of the changes. OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=25 --- strongswan-4.5.0-rpmlintrc | 5 ---- strongswan-4.5.0.tar.bz2 | 3 --- strongswan-4.5.0.tar.bz2.sig | 14 ----------- ....0-rpmlintrc => strongswan-4.5.1-rpmlintrc | 0 strongswan-4.5.1.tar.bz2 | 3 +++ strongswan-4.5.1.tar.bz2.sig | 14 +++++++++++ strongswan.changes | 23 +++++++++++++++++++ strongswan.spec | 22 ++++++++++-------- 8 files changed, 53 insertions(+), 31 deletions(-) delete mode 100644 strongswan-4.5.0-rpmlintrc delete mode 100644 strongswan-4.5.0.tar.bz2 delete mode 100644 strongswan-4.5.0.tar.bz2.sig rename strongswan-4.4.0-rpmlintrc => strongswan-4.5.1-rpmlintrc (100%) create mode 100644 strongswan-4.5.1.tar.bz2 create mode 100644 strongswan-4.5.1.tar.bz2.sig diff --git a/strongswan-4.5.0-rpmlintrc b/strongswan-4.5.0-rpmlintrc deleted file mode 100644 index 1a4d703..0000000 --- a/strongswan-4.5.0-rpmlintrc +++ /dev/null @@ -1,5 +0,0 @@ -### Known warnings: -# - traditional name -addFilter("strongswan.* incoherent-init-script-name ipsec") -# - readme only, triggers full ipsec + ikev1&ikev2 install -addFilter("strongswan.* no-binary") diff --git a/strongswan-4.5.0.tar.bz2 b/strongswan-4.5.0.tar.bz2 deleted file mode 100644 index 11ae48f..0000000 --- a/strongswan-4.5.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:108b0fbbf119011b24eb6ccabc3d9f8888f4036382dd3aad011dec04100ad559 -size 3154064 diff --git a/strongswan-4.5.0.tar.bz2.sig b/strongswan-4.5.0.tar.bz2.sig deleted file mode 100644 index 0d16c14..0000000 --- a/strongswan-4.5.0.tar.bz2.sig +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.10 (GNU/Linux) - -iQGcBAABAgAGBQJMykZ7AAoJEN9CwXCzTbp36BYL/A9q4F2n7EHvVW7HTmG6ogMw -are1n1ZYRdqUmrdk2woCqJPfkzihHMa1nc7u6hgucRDi7wJfJBXoAT0Rvd9AN8qw -bKuaajKRvXFA14qtORvkX4z+Se+/nqL3+ZlvlnPS6rgpdBD+kZY+sFNdSAhJxShJ -zbJ4U+jnO74pyzp8I9hp1HccPKJjt/ljlCB7izPqJ1bQAbrNTQr90JHPNz9BSQkq -BIF5T+nsRWE1p2tWzz6IAjvbC3ghc2lmVy5FGKjItMXWxsyCYuira4MlbGp2ObKE -1aa9QbNYxJ0aD0vsX+r8usXvpdq5QLQotp1bLG2m2XYWdzC4yBwRHj2pS8JHIENP -y9o4za9finsG1Ahb661+2Pw7xO/R2blLDDQyhxH5e6AO7p4Pz050yiicCxVKEwG0 -mJM6c5TbAerBCH2ovgwNeGV3hsOt9ng7e63SMIBkYtN41uQV8hqUjZbtYcvpsER2 -bB/Jdp14aR1F9jMgEmt/I6tNHizJWvB5FFGLqH2cTQ== -=o5iz ------END PGP SIGNATURE----- diff --git a/strongswan-4.4.0-rpmlintrc b/strongswan-4.5.1-rpmlintrc similarity index 100% rename from strongswan-4.4.0-rpmlintrc rename to strongswan-4.5.1-rpmlintrc diff --git a/strongswan-4.5.1.tar.bz2 b/strongswan-4.5.1.tar.bz2 new file mode 100644 index 0000000..d2458f6 --- /dev/null +++ b/strongswan-4.5.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:252d7369d94aa2d79e6fad078853b07ca897ea811ab1e1a2b008bcec0d1e758a +size 3254264 diff --git a/strongswan-4.5.1.tar.bz2.sig b/strongswan-4.5.1.tar.bz2.sig new file mode 100644 index 0000000..d2e7cb7 --- /dev/null +++ b/strongswan-4.5.1.tar.bz2.sig @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.10 (GNU/Linux) + +iQGcBAABAgAGBQJNVFbWAAoJEN9CwXCzTbp3NRoL/jeGdXy0VcT+MRhLP9aKWC3w +b8xAKl8mX0LqzkFL4o1nmiy+hAZXogVZiBqcmgCzyhD1QicpZEGMiKRpcXDxGkkS +1UrSj6zPWSN4lTJus7AoEDo0FdQ/mpPqXDU/4GLSQn7rZcAML6O6cp9h0yuQqM+4 +SewztJ7VzT1OIhNEx5GjJSJkOGJGt/NhbaFNvUSpjw2OOEwFXVDara5z2hv7DVyX +hDWRsVry2JR/dg4z9hY5WsRUgYjVry/cBQ32B2XStGUX/sy9LSUmhWsJRjfdAppt +I+04n2cKpKHHy8CoNOlmdq5bllMQ1BbnZCFtpScPg7Mf5Qzxg3qKAb7MzczdGQPQ +iHGirW1lA9En4DRCbauqVIaVNYslWpp8qliWGqTDEDzZcFs9aujNXyVteY5tXvEJ +XG5sODlfRwyEZOi0bywgyHgnCeCl2DMBA3xKs5m5lInH98CWFXG1PrJoJq7XDe4D +i00IESUJmdE9x5L0uA21vYUiLbmZs/ZOBXQdcx69Vg== +=Q4kv +-----END PGP SIGNATURE----- diff --git a/strongswan.changes b/strongswan.changes index 99d60a5..54a6e46 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,26 @@ +------------------------------------------------------------------- +Mon Mar 14 10:59:32 UTC 2011 - mt@suse.de + +- Updated to strongSwan 4.5.1 release, changes overview since 4.5.0: + * Implements RFC 5793 Posture Broker Protocol (BP) + * Re-implemented TNCCS 1.1 protocol + * Allows to store IKE and ESP proposals in an SQL database + * Allows to store CRL and OCSP cert points in an SQL database + * New 'include' statement in strongswan.conf allows recursions + * Modifications of strongswan.conf parser, cause syntax attr plugin + syntax changes. + * ipsec listalgs now appends the plugin registering an algo + * Adds support for Traffic Flow Confidentiality with Linux 2.6.38 + * New af-alg plugin allows to use new primitives in 2.6.38 crypto api + and removes the need for additional userland implementations. + * IKEv2 daemon supports the INITIAL_CONTACT notify + * conftest conformance testing framework + * new constraints plugin provides advanced X.509 constraint checking + * left/rightauth ipsec.conf keywords accept minimum strengths + * basic support for delta CRLs + See the NEWS file or http://download.strongswan.org/CHANGES4.txt + for a detailed description of the changes. + ------------------------------------------------------------------- Mon Nov 22 09:05:30 UTC 2010 - mt@suse.de diff --git a/strongswan.spec b/strongswan.spec index d1f6c6c..1a7863f 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -1,5 +1,5 @@ # -# spec file for package strongswan (Version 4.5.0) +# spec file for package strongswan (Version 4.5.1) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -19,7 +19,7 @@ Name: strongswan -%define upstream_version 4.5.0 +%define upstream_version 4.5.1 %define strongswan_docdir %{_docdir}/%{name} %define strongswan_plugins %{_libexecdir}/ipsec/plugins %define with_mysql 1 @@ -27,8 +27,8 @@ Name: strongswan %define with_gcrypt 0%{suse_version} >= 1110 %define with_nm 0%{suse_version} >= 1110 %define with_tests 0 -Version: 4.5.0 -Release: 1 +Version: 4.5.1 +Release: 0 License: GPLv2+ Group: Productivity/Networking/Security Summary: OpenSource IPsec-based VPN Solution @@ -178,6 +178,7 @@ to maintain both, IKEv1 and IKEv2 daemons, using /etc/ipsec.conf and /etc/ipsec.sectes files. %if %with_mysql + %package mysql License: GPLv2+ Summary: OpenSource IPsec-based VPN Solution @@ -192,6 +193,7 @@ This package provides the strongswan mysql plugin. %endif %if %with_sqlite + %package sqlite License: GPLv2+ Summary: OpenSource IPsec-based VPN Solution @@ -206,6 +208,7 @@ This package provides the strongswan sqlite plugin. %endif %if %with_nm + %package nm License: GPLv2+ Summary: OpenSource IPsec-based VPN Solution @@ -224,6 +227,7 @@ NetworkManager-strongswan graphical user interface. %endif %if %with_tests + %package tests License: GPLv2+ Summary: OpenSource IPsec-based VPN Solution @@ -415,14 +419,11 @@ fi %{_mandir}/man3/anyaddr.3* %{_mandir}/man3/atoaddr.3* %{_mandir}/man3/atoasr.3* -%{_mandir}/man3/atosa.3* %{_mandir}/man3/atoul.3* %{_mandir}/man3/goodmask.3* %{_mandir}/man3/initaddr.3* %{_mandir}/man3/initsubnet.3* -%{_mandir}/man3/keyblobtoid.3* %{_mandir}/man3/portof.3* -%{_mandir}/man3/prng.3* %{_mandir}/man3/rangetosubnet.3* %{_mandir}/man3/sameaddr.3* %{_mandir}/man3/subnetof.3* @@ -430,13 +431,11 @@ fi %{_mandir}/man3/ttodata.3* %{_mandir}/man3/ttosa.3* %{_mandir}/man3/ttoul.3* -%{_mandir}/man8/_copyright.8* %{_mandir}/man8/_updown.8* %{_mandir}/man8/_updown_espmark.8* %{_mandir}/man8/openac.8* %{_mandir}/man8/pluto.8* %{_mandir}/man8/scepclient.8* -%{_mandir}/man8/starter.8* %files libs0 %defattr(-,root,root) @@ -457,6 +456,7 @@ fi %{strongswan_plugins}/libstrongswan-attr.so %{strongswan_plugins}/libstrongswan-attr-sql.so %{strongswan_plugins}/libstrongswan-blowfish.so +%{strongswan_plugins}/libstrongswan-constraints.so %{strongswan_plugins}/libstrongswan-curl.so %{strongswan_plugins}/libstrongswan-des.so %{strongswan_plugins}/libstrongswan-dhcp.so @@ -503,6 +503,7 @@ fi %dir %ghost %{_localstatedir}/run/strongswan %if %with_nm + %files nm %defattr(-,root,root) %dir %{_libexecdir}/ipsec @@ -511,6 +512,7 @@ fi %endif %if %with_mysql + %files mysql %defattr(-,root,root) %dir %{strongswan_plugins} @@ -518,6 +520,7 @@ fi %endif %if %with_sqlite + %files sqlite %defattr(-,root,root) %dir %{strongswan_plugins} @@ -525,6 +528,7 @@ fi %endif %if %with_tests + %files tests %defattr(-,root,root) %dir %{strongswan_plugins} From eeeeb9f61e00e9b6315cb753e6f2676c590c52f4cba0f529503a4a95a75ba527 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Mon, 30 May 2011 17:23:31 +0000 Subject: [PATCH 2/2] Accepting request 72126 from home:j-engel:branches:network:vpn Update StrongSWAN to 4.5.2 OBS-URL: https://build.opensuse.org/request/show/72126 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=26 --- _service | 3 ++ ...vice:download_url:strongswan-4.5.2.tar.bz2 | 3 ++ ...:download_url:strongswan-4.5.2.tar.bz2.sig | 14 ++++++++ strongswan-4.5.1.tar.bz2 | 3 -- strongswan-4.5.1.tar.bz2.sig | 14 -------- ....1-rpmlintrc => strongswan-4.5.2-rpmlintrc | 0 strongswan.changes | 35 +++++++++++++++++++ strongswan.spec | 6 ++-- 8 files changed, 58 insertions(+), 20 deletions(-) create mode 100644 _service create mode 100644 _service:download_url:strongswan-4.5.2.tar.bz2 create mode 100644 _service:download_url:strongswan-4.5.2.tar.bz2.sig delete mode 100644 strongswan-4.5.1.tar.bz2 delete mode 100644 strongswan-4.5.1.tar.bz2.sig rename strongswan-4.5.1-rpmlintrc => strongswan-4.5.2-rpmlintrc (100%) diff --git a/_service b/_service new file mode 100644 index 0000000..33e352a --- /dev/null +++ b/_service @@ -0,0 +1,3 @@ + + /strongswan-4.5.2.tar.bz2.sigdownload.strongswan.org +/strongswan-4.5.2.tar.bz2download.strongswan.org \ No newline at end of file diff --git a/_service:download_url:strongswan-4.5.2.tar.bz2 b/_service:download_url:strongswan-4.5.2.tar.bz2 new file mode 100644 index 0000000..8da6943 --- /dev/null +++ b/_service:download_url:strongswan-4.5.2.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f13b5db946393dacc8590db7397b3ddd56eb37619f93a482a9c6cf9d556e105a +size 3271219 diff --git a/_service:download_url:strongswan-4.5.2.tar.bz2.sig b/_service:download_url:strongswan-4.5.2.tar.bz2.sig new file mode 100644 index 0000000..6089e7f --- /dev/null +++ b/_service:download_url:strongswan-4.5.2.tar.bz2.sig @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.11 (GNU/Linux) + +iQGcBAABAgAGBQJNzvEVAAoJEN9CwXCzTbp3iKMMAJ2jhS0kbzGn/E3osePgMJHH +lVbhKag6rnIQfNS9lelBrdJLI/3xV6b88geqvcCgcK2X545X4PUcQtZm08N75qLH +Vjku1qKcKjrPa65glD0nkRYg4MS9dN+obYiPl+S6HhrDO05pvddhSx2a7YA97F8W +7CAbZdULLIIgVlC2plv+W3y1tLQNQEP4rS7FrzMVuTeZCw3W0XawQMvIOwckLEfE +AHMGXrFjevvipOr9pOD5uzi9kJFQGsw2kl7+W2o9mZUlkFGlgVFemH/T5WUaz/BJ +ha1HLdsgIOOJQlLV+bj7bFTbNkkVEdY4hr4c+9JHWr6vRhe/7zrRCP5PIidnqpQ2 +e5O/26qzz1IyRRA4v/KO5b35BTp5dJjPeeOknLz+vBptMiU7uXpUtT0NmsojSw0f +SOli9Kl9RSLL+7E6y8k6qU8uWxfTIRsVWsmBZQkdByY4Ua1UtMv67YdRlaxgwe/M +xpu2k+aSGZVcUBrvOf3GFT9I6pL+orac4+gYBGIJJw== +=LG31 +-----END PGP SIGNATURE----- diff --git a/strongswan-4.5.1.tar.bz2 b/strongswan-4.5.1.tar.bz2 deleted file mode 100644 index d2458f6..0000000 --- a/strongswan-4.5.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:252d7369d94aa2d79e6fad078853b07ca897ea811ab1e1a2b008bcec0d1e758a -size 3254264 diff --git a/strongswan-4.5.1.tar.bz2.sig b/strongswan-4.5.1.tar.bz2.sig deleted file mode 100644 index d2e7cb7..0000000 --- a/strongswan-4.5.1.tar.bz2.sig +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.10 (GNU/Linux) - -iQGcBAABAgAGBQJNVFbWAAoJEN9CwXCzTbp3NRoL/jeGdXy0VcT+MRhLP9aKWC3w -b8xAKl8mX0LqzkFL4o1nmiy+hAZXogVZiBqcmgCzyhD1QicpZEGMiKRpcXDxGkkS -1UrSj6zPWSN4lTJus7AoEDo0FdQ/mpPqXDU/4GLSQn7rZcAML6O6cp9h0yuQqM+4 -SewztJ7VzT1OIhNEx5GjJSJkOGJGt/NhbaFNvUSpjw2OOEwFXVDara5z2hv7DVyX -hDWRsVry2JR/dg4z9hY5WsRUgYjVry/cBQ32B2XStGUX/sy9LSUmhWsJRjfdAppt -I+04n2cKpKHHy8CoNOlmdq5bllMQ1BbnZCFtpScPg7Mf5Qzxg3qKAb7MzczdGQPQ -iHGirW1lA9En4DRCbauqVIaVNYslWpp8qliWGqTDEDzZcFs9aujNXyVteY5tXvEJ -XG5sODlfRwyEZOi0bywgyHgnCeCl2DMBA3xKs5m5lInH98CWFXG1PrJoJq7XDe4D -i00IESUJmdE9x5L0uA21vYUiLbmZs/ZOBXQdcx69Vg== -=Q4kv ------END PGP SIGNATURE----- diff --git a/strongswan-4.5.1-rpmlintrc b/strongswan-4.5.2-rpmlintrc similarity index 100% rename from strongswan-4.5.1-rpmlintrc rename to strongswan-4.5.2-rpmlintrc diff --git a/strongswan.changes b/strongswan.changes index 54a6e46..cd0cec6 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,38 @@ +------------------------------------------------------------------- +Sun May 29 16:37:00 UTC 2011 - jcnengel@googlemail.com + +- Updated to strongSwan 4.5.2 release, changes overview since 4.5.1: + * The whitelist plugin for the IKEv2 daemon maintains an in-memory identity + whitelist. Any connection attempt of peers not whitelisted will get rejected. + The 'ipsec whitelist' utility provides a simple command line frontend for + whitelist administration. + * The duplicheck plugin provides a specialized form of duplicate checking, + doing a liveness check on the old SA and optionally notify a third party + application about detected duplicates. + * The coupling plugin permanently couples two or more devices by limiting + authentication to previously used certificates. + * In the case that the peer config and child config don't have the same name + (usually in SQL database defined connections), ipsec up|route + starts|routes all associated child configs and ipsec up|route + only starts|routes the specific child config. + * fixed the encoding and parsing of X.509 certificate policy statements (CPS). + * Duncan Salerno contributed the eap-sim-pcsc plugin implementing a + pcsc-lite based SIM card backend. + * The eap-peap plugin implements the EAP PEAP protocol. Interoperates + successfully with a FreeRADIUS server and Windows 7 Agile VPN clients. + * The IKEv2 daemon charon rereads strongswan.conf on SIGHUP and instructs + all plugins to reload. Currently only the eap-radius and the attr plugins + support configuration reloading. + * Added userland support to the IKEv2 daemon for Extended Sequence Numbers + support coming with Linux 2.6.39. To enable ESN on a connection, add + the 'esn' keyword to the proposal. The default proposal uses 32-bit sequence + numbers only ('noesn'), and the same value is used if no ESN mode is + specified. To negotiate ESN support with the peer, include both, e.g. + esp=aes128-sha1-esn-noesn. + * In addition to ESN, Linux 2.6.39 gained support for replay windows larger + than 32 packets. The new global strongswan.conf option 'charon.replay_window' + configures the size of the replay window, in packets. + ------------------------------------------------------------------- Mon Mar 14 10:59:32 UTC 2011 - mt@suse.de diff --git a/strongswan.spec b/strongswan.spec index 1a7863f..c2cbfdb 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -1,5 +1,5 @@ # -# spec file for package strongswan (Version 4.5.1) +# spec file for package strongswan (Version 4.5.2) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -19,7 +19,7 @@ Name: strongswan -%define upstream_version 4.5.1 +%define upstream_version 4.5.2 %define strongswan_docdir %{_docdir}/%{name} %define strongswan_plugins %{_libexecdir}/ipsec/plugins %define with_mysql 1 @@ -27,7 +27,7 @@ Name: strongswan %define with_gcrypt 0%{suse_version} >= 1110 %define with_nm 0%{suse_version} >= 1110 %define with_tests 0 -Version: 4.5.1 +Version: 4.5.2 Release: 0 License: GPLv2+ Group: Productivity/Networking/Security