From cf29eb7ccf5c7d672f12367bbffd18f0677ee6d192b15e14db13e6c6c45af7ca Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Thu, 10 May 2012 10:02:51 +0000 Subject: [PATCH] - Updated to strongSwan 4.6.3 release: - The tnc-pdp plugin implements a RADIUS server interface allowing a strongSwan TNC server to act as a Policy Decision Point. - The eap-radius authentication backend enforces Session-Timeout attributes using RFC4478 repeated authentication and acts upon RADIUS Dynamic Authorization extensions, RFC 5176. Currently supported are disconnect requests and CoA messages containing a Session-Timeout. - The eap-radius plugin can forward arbitrary RADIUS attributes from and to clients using custom IKEv2 notify payloads. The new radattr plugin reads attributes to include from files and prints received attributes to the console. - Added support for untruncated MD5 and SHA1 HMACs in ESP as used in RFC 4595. - The cmac plugin implements the AES-CMAC-96 and AES-CMAC-PRF-128 algorithms as defined in RFC 4494 and RFC 4615, respectively. - The resolve plugin automatically installs nameservers via resolvconf(8), if it is installed, instead of modifying /etc/resolv.conf directly. - The IKEv2 charon daemon supports now raw RSA public keys in RFC 3110 DNSKEY and PKCS#1 file format. - The farp plugin sends ARP responses for any tunneled address, not only virtual IPs. - Charon resolves hosts again during additional keying tries. - Fixed switching back to original address pair during MOBIKE. - When resending IKE_SA_INIT with a COOKIE charon reuses the previous DH value, as specified in RFC 5996. This has an effect on the lifecycle of diffie_hellman_t, see source:src/libcharon/sa/keymat.h#39 for details. - COOKIEs are now kept enabled a bit longer to avoid certain race OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=44 --- strongswan-4.6.2-glib.patch | 14 ------- strongswan-4.6.2.tar.bz2 | 3 -- strongswan-4.6.2.tar.bz2.sig | 14 ------- ...tch => strongswan-4.6.3-fmt-warnings.patch | 0 ....2-rpmlintrc => strongswan-4.6.3-rpmlintrc | 0 strongswan-4.6.3.tar.bz2 | 3 ++ strongswan-4.6.3.tar.bz2.sig | 14 +++++++ strongswan.changes | 40 +++++++++++++++++++ strongswan.spec | 38 ++++++++++++------ 9 files changed, 82 insertions(+), 44 deletions(-) delete mode 100644 strongswan-4.6.2-glib.patch delete mode 100644 strongswan-4.6.2.tar.bz2 delete mode 100644 strongswan-4.6.2.tar.bz2.sig rename strongswan-4.6.2-fmt-warnings.patch => strongswan-4.6.3-fmt-warnings.patch (100%) rename strongswan-4.6.2-rpmlintrc => strongswan-4.6.3-rpmlintrc (100%) create mode 100644 strongswan-4.6.3.tar.bz2 create mode 100644 strongswan-4.6.3.tar.bz2.sig diff --git a/strongswan-4.6.2-glib.patch b/strongswan-4.6.2-glib.patch deleted file mode 100644 index ad0629b..0000000 --- a/strongswan-4.6.2-glib.patch +++ /dev/null @@ -1,14 +0,0 @@ -Index: strongswan-4.5.3/src/libcharon/plugins/nm/nm_service.h -=================================================================== ---- strongswan-4.5.3.orig/src/libcharon/plugins/nm/nm_service.h -+++ strongswan-4.5.3/src/libcharon/plugins/nm/nm_service.h -@@ -21,8 +21,7 @@ - #ifndef NM_SERVICE_H_ - #define NM_SERVICE_H_ - --#include --#include -+#include - #include - - #include "nm_creds.h" diff --git a/strongswan-4.6.2.tar.bz2 b/strongswan-4.6.2.tar.bz2 deleted file mode 100644 index 6f75fa7..0000000 --- a/strongswan-4.6.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a5ecb3fc60a94ded9197532c7ebf42e8e321223311e4a4834ea15219aa1625e4 -size 3499818 diff --git a/strongswan-4.6.2.tar.bz2.sig b/strongswan-4.6.2.tar.bz2.sig deleted file mode 100644 index b8cfc84..0000000 --- a/strongswan-4.6.2.tar.bz2.sig +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (GNU/Linux) - -iQGcBAABAgAGBQJPQmCUAAoJEN9CwXCzTbp3bR0MAKDSSAnebTDOnDV9chiEcFhU -DarFqphtzQftugh6I+inoGlKWxtWCaGxc3+KLFNvu8KqFn9YbjhM0UEVuzudAgHU -32BcSfA/yp/LEMppICRXFLMpwqPMKMgK/KBYkMGWOtDU1HjOd3CNVr5qWoK1KltK -4u4wLTVcCbfLfK2LsMDcpx0zeijyYQ3kDTz4xgoY77N8qa9fE4jW7NbCIydy8kTn -P+ZHH+MD3Ai2YN27ZqR6zVv7ocmrpWDNEeVXqQprQ1JK3ITaPxOF8h2uX/SRIU01 -cp64BXWU5vDm9Z+7QqgcFvIBKUJgutt0qngXylo04DwPrnKH6tqVMTASUju2aYB1 -SWT6B0G4EjVIh3bHbKexBLcPBfpBJEGzNAn5NPY4eYGaKVEn3ryYSTReBCB3jeAk -f+TUqDs6viT7BmrT6sUkYERiHogq36Y9sRUCvwTRITf4xCDb/EjIahRnOCffSzsA -bsoXIuUws8tO4AL8nkaFaA6lzKOM0ks2BXCYjGh+eQ== -=CsWA ------END PGP SIGNATURE----- diff --git a/strongswan-4.6.2-fmt-warnings.patch b/strongswan-4.6.3-fmt-warnings.patch similarity index 100% rename from strongswan-4.6.2-fmt-warnings.patch rename to strongswan-4.6.3-fmt-warnings.patch diff --git a/strongswan-4.6.2-rpmlintrc b/strongswan-4.6.3-rpmlintrc similarity index 100% rename from strongswan-4.6.2-rpmlintrc rename to strongswan-4.6.3-rpmlintrc diff --git a/strongswan-4.6.3.tar.bz2 b/strongswan-4.6.3.tar.bz2 new file mode 100644 index 0000000..c81ff64 --- /dev/null +++ b/strongswan-4.6.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a2443f9b22b64932cf7600723aee4f2fce51ba56e0216ae5f31dbb3470903d24 +size 3555738 diff --git a/strongswan-4.6.3.tar.bz2.sig b/strongswan-4.6.3.tar.bz2.sig new file mode 100644 index 0000000..3a5b241 --- /dev/null +++ b/strongswan-4.6.3.tar.bz2.sig @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.11 (GNU/Linux) + +iQGcBAABAgAGBQJPntqnAAoJEN9CwXCzTbp3UlcL/RX4foD5Y7qkvihoTU78a0E7 +4T3ytLY/WIzx1xELxZhkqHeS0gN/j0bthPW+4TvEG0XH4g1JF2MqT0e4D0vFdOmT +BwUIhEC1LQHyM4CaJQpSGzIMs8YcR8HYQiHNRLjzNQcj30tpBhnchcWCikiC/MZO +YaFtZozbGnqcj6DVGjX8ymBxfpwT/+WGJ4ZIwGJwvLXc1XEtIo1zMcyX76LKHk/x +6E12pDL5/4s68XJ9/2Uk6M9lQUQOnQT4SGJvTjZ4YACc08yQbR/2mU/puCWw9pBX +qQIKn7abmgj1/wwbqwYf0pSuUrlSwWLsVJVqpPYgHEydd8IoeSgZke8JacIR9ztW +aiAtqFNRKo/rj/BuCxyt90sMBi1IPznRSB1IBYKSwp9EvuKtAlIoCmH4bHq/6w0O +4ad0rTaXhwqTjGtpQR/UsXcdtaq0pB4uauOz6bsGFUflMPXDrE6yABiuGPowCJiK +SVR9gtBHHYvzo5sRJLcemXswO93tI48/IpZRnHAmyw== +=vGXG +-----END PGP SIGNATURE----- diff --git a/strongswan.changes b/strongswan.changes index cffd5fb..8ab2dff 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,43 @@ +------------------------------------------------------------------- +Thu May 10 09:15:38 UTC 2012 - mt@suse.com + +- Updated to strongSwan 4.6.3 release: + - The tnc-pdp plugin implements a RADIUS server interface allowing + a strongSwan TNC server to act as a Policy Decision Point. + - The eap-radius authentication backend enforces Session-Timeout + attributes using RFC4478 repeated authentication and acts upon + RADIUS Dynamic Authorization extensions, RFC 5176. Currently + supported are disconnect requests and CoA messages containing + a Session-Timeout. + - The eap-radius plugin can forward arbitrary RADIUS attributes + from and to clients using custom IKEv2 notify payloads. The new + radattr plugin reads attributes to include from files and prints + received attributes to the console. + - Added support for untruncated MD5 and SHA1 HMACs in ESP as used + in RFC 4595. + - The cmac plugin implements the AES-CMAC-96 and AES-CMAC-PRF-128 + algorithms as defined in RFC 4494 and RFC 4615, respectively. + - The resolve plugin automatically installs nameservers via + resolvconf(8), if it is installed, instead of modifying + /etc/resolv.conf directly. + - The IKEv2 charon daemon supports now raw RSA public keys in RFC + 3110 DNSKEY and PKCS#1 file format. + - The farp plugin sends ARP responses for any tunneled address, + not only virtual IPs. + - Charon resolves hosts again during additional keying tries. + - Fixed switching back to original address pair during MOBIKE. + - When resending IKE_SA_INIT with a COOKIE charon reuses the previous + DH value, as specified in RFC 5996. + This has an effect on the lifecycle of diffie_hellman_t, see + source:src/libcharon/sa/keymat.h#39 for details. + - COOKIEs are now kept enabled a bit longer to avoid certain race + conditions the commit message to 1b7debcc has some details. + - The new stroke user-creds command allows to set username/password + for a connection. + - strongswan.conf option added to set identifier for syslog(3) logging. + - Added a workaround for null-terminated XAuth secrets (as sent by + Android 4). + ------------------------------------------------------------------- Sat Mar 3 00:10:34 UTC 2012 - tabraham@novell.com diff --git a/strongswan.spec b/strongswan.spec index cdc09dd..e0c87a8 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -16,9 +16,8 @@ # - Name: strongswan -Version: 4.6.2 +Version: 4.6.3 Release: 0 %define upstream_version %{version} %define strongswan_docdir %{_docdir}/%{name} @@ -43,7 +42,6 @@ Source3: %{name}-%{version}-rpmlintrc Source4: README.SUSE Patch1: %{name}_modprobe_syslog.patch Patch2: %{name}-%{version}-fmt-warnings.patch -Patch3: %{name}-%{version}-glib.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison BuildRequires: curl-devel @@ -110,6 +108,7 @@ Authors: %package doc BuildArch: noarch Summary: OpenSource IPsec-based VPN Solution +Group: Productivity/Networking/Security %description doc StrongSwan is an OpenSource IPsec-based VPN Solution for Linux @@ -125,6 +124,7 @@ Authors: %package libs0 Summary: OpenSource IPsec-based VPN Solution +Group: Productivity/Networking/Security Conflicts: strongswan < %{version} %description libs0 @@ -134,11 +134,13 @@ This package provides the strongswan library and plugins. %package ikev1 Summary: OpenSource IPsec-based VPN Solution +Group: Productivity/Networking/Security Requires: iproute2 -Requires: strongswan-libs0 = %{version} Requires: strongswan-ipsec = %{version} -Provides: strongswan-daemon = %{version} ikev1 +Requires: strongswan-libs0 = %{version} +Provides: ikev1 Provides: pluto +Provides: strongswan-daemon = %{version} Conflicts: freeswan openswan strongswan < %{version} %description ikev1 @@ -148,10 +150,12 @@ This package provides the pluto IKEv1 daemon. %package ikev2 Summary: OpenSource IPsec-based VPN Solution +Group: Productivity/Networking/Security Requires: iproute2 -Requires: strongswan-libs0 = %{version} Requires: strongswan-daemon-starter = %{version} -Provides: strongswan-daemon = %{version} ikev2 +Requires: strongswan-libs0 = %{version} +Provides: ikev2 +Provides: strongswan-daemon = %{version} Conflicts: openswan strongswan < %{version} %description ikev2 @@ -161,11 +165,14 @@ This package provides the charon IKEv2 daemon. %package ipsec Summary: OpenSource IPsec-based VPN Solution +Group: Productivity/Networking/Security PreReq: grep %insserv_prereq %fillup_prereq -Requires: strongswan-libs0 = %{version} Requires: strongswan-daemon = %{version} +Requires: strongswan-libs0 = %{version} +Provides: VPN +Provides: ipsec +Provides: strongswan = %{version} Provides: strongswan-daemon-starter = %{version} -Provides: strongswan = %{version} ipsec VPN Obsoletes: strongswan < %{version} Conflicts: freeswan openswan @@ -180,6 +187,7 @@ to maintain both, IKEv1 and IKEv2 daemons, using /etc/ipsec.conf and %package mysql Summary: OpenSource IPsec-based VPN Solution +Group: Productivity/Networking/Security Requires: strongswan-libs0 = %{version} %description mysql @@ -193,6 +201,7 @@ This package provides the strongswan mysql plugin. %package sqlite Summary: OpenSource IPsec-based VPN Solution +Group: Productivity/Networking/Security Requires: strongswan-libs0 = %{version} %description sqlite @@ -206,8 +215,9 @@ This package provides the strongswan sqlite plugin. %package nm Summary: OpenSource IPsec-based VPN Solution -Requires: strongswan-libs0 = %{version} +Group: Productivity/Networking/Security Requires: strongswan-ikev2 = %{version} +Requires: strongswan-libs0 = %{version} Provides: strongswan-daemon-starter = %{version} %description nm @@ -224,6 +234,7 @@ NetworkManager-strongswan graphical user interface. %package tests Summary: OpenSource IPsec-based VPN Solution +Group: Productivity/Networking/Security Requires: strongswan-libs0 = %{version} %description tests @@ -238,7 +249,6 @@ and the load testing plugin for IKEv2 daemon. %setup -q -n %{name}-%{upstream_version} %patch1 -p0 %patch2 -p0 -%patch3 -p1 sed -e 's|@libexecdir@|%_libexecdir|g' \ < $RPM_SOURCE_DIR/strongswan.init.in \ > strongswan.init @@ -318,7 +328,7 @@ cat << EOT > ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets # EOT # -rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{charon,hydra,strongswan,simaka}.so +rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{charon,hydra,radius,strongswan,simaka}.so find $RPM_BUILD_ROOT%{strongswan_libdir} \ -name "*.a" -o -name "*.la" | xargs -r rm -f # @@ -441,6 +451,8 @@ fi %{strongswan_libdir}/libhydra.so.0.0.0 %{strongswan_libdir}/libcharon.so.0 %{strongswan_libdir}/libcharon.so.0.0.0 +%{strongswan_libdir}/libradius.so.0 +%{strongswan_libdir}/libradius.so.0.0.0 %{strongswan_libdir}/libsimaka.so.0 %{strongswan_libdir}/libsimaka.so.0.0.0 %{strongswan_libdir}/libstrongswan.so.0 @@ -452,6 +464,7 @@ fi %{strongswan_plugins}/libstrongswan-attr.so %{strongswan_plugins}/libstrongswan-attr-sql.so %{strongswan_plugins}/libstrongswan-blowfish.so +%{strongswan_plugins}/libstrongswan-cmac.so %{strongswan_plugins}/libstrongswan-constraints.so %{strongswan_plugins}/libstrongswan-curl.so %{strongswan_plugins}/libstrongswan-des.so @@ -478,7 +491,6 @@ fi %{strongswan_plugins}/libstrongswan-ha.so %{strongswan_plugins}/libstrongswan-hmac.so %{strongswan_plugins}/libstrongswan-kernel-netlink.so -%{strongswan_plugins}/libstrongswan-kernel-netlink.so %{strongswan_plugins}/libstrongswan-ldap.so %{strongswan_plugins}/libstrongswan-md4.so %{strongswan_plugins}/libstrongswan-md5.so