SHA256
1
0
forked from pool/strongswan

Accepting request 921885 from home:iznogood:branches:network:vpn

- Update to version 5.9.3:
  * Added AES-ECB, SHA-3 and SHAKE-256 support to the wolfssl
    plugin.
  * Added AES-CCM support to the openssl plugin (#353).
  * The x509 and the openssl plugins now consider the
    authorityKeyIdentifier, if available, before verifying
    signatures, which avoids unnecessary signature verifications
    after a CA key rollover if both CA certificates are loaded.
    The openssl plugin now does the same also for CRLs (the x509
    plugin already did).
  * The pkcs11 plugin better handles optional attributes like
    CKA_TRUSTED, which previously depended on a version check.
  * The NetworkManager backend (charon-nm) now supports using SANs
    as client identities, not only full DNs (#437).
  * charon-tkm now handles IKE encryption.
  * Send a MOBIKE update again if a a change in the NAT mappings is
    detected but the endpoints stay the same (e143a7d).
  * A deadlock in the HA plugin introduced with 5.9.2 has been
    fixed (#456).
  * DSCP values are now also set for NAT keepalives.
  * The ike_derived_keys() hook now receives more keys but in a
    different order (4e29d6f).
  * Converted most of the test case scenarios to the vici
    interface.
- Replace libsoup-devel with pkgconfig(libsoup-2.4) BuildRequires,
  as this is what really checks for. Needed as libsoup-3.0 is
  released.

OBS-URL: https://build.opensuse.org/request/show/921885
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=127
This commit is contained in:
Jan Engelhardt 2021-09-28 09:20:42 +00:00 committed by Git OBS Bridge
parent 2a35cd6ca5
commit 22be53cdf9
6 changed files with 50 additions and 19 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:72b47a385da5d1532b816d9fe04c50d074c29ed42ea3f0878fbd66335917bb66
size 4568404

View File

@ -1,14 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAABAgAGBQJfIVyVAAoJEN9CwXCzTbp3p3cL+gKB4H0U/CxpV/pazru6bkBB
aZYWm+zTNZG+W0Xh7466NlhZU+Z4nDYm8nr4M3tZPJ9Gas4bZnkZmqYROWotyzH8
6R72n50ZIT7aRdL72LBNZqk89RCGJqWMcgs9aJwr319/s75SEV2ez53zEWUsMwLi
j8JMjE9I8swmcyKk1qHLuyGUTk/THKq2iN5v3w9kHkGNSow892XVhjl5MvE6sVZt
ceNc3YBmnWsJc1XbPP94TMtUJQ4PIscJvx1ysfSsLnIhej/VlId4DzbgVNXwWYNp
RwuecQi8UZTjQ1PORIYlCAK3a+t//Fts4oz7XxS5vCE96LlmoiM17Kt9uPFKNv24
q1CzmExoW5BmqKxiILWM7EOMIFELmRdq5j2Ar9qLdreAxYXFqwoc+o+DRa79QyuZ
4Ul09JRBAvcvLk/B2zY7Z6IPvCsyWyfq9uznzeKo1zsv+q/61H/pvZ6uSr6S58No
BsZSeBXrFLkSJDbGrREpP1/ajYCDFfBwz8jx//J/NQ==
=OvzW
-----END PGP SIGNATURE-----

3
strongswan-5.9.3.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9325ab56a0a4e97e379401e1d942ce3e0d8b6372291350ab2caae0755862c6f7
size 4652311

View File

@ -0,0 +1,14 @@
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmDkSF0ACgkQ30LBcLNN
uncrygwAjMYQOjm18Xzu/nnqhGZhgtAjk5yFRsSAwjcbevcC9a8q0aRWyMXA6Yhl
LQOclYEBbyH4r/59GEHrZNvAHJ0iwAxtp20DcqUwzjRzrwL2g6/FZI1LTRkr0W0r
3neaM8xVVZhpCUoVFVI1RZlpocwElgHGliivCnLwhEvEHJE89bzStBgdqbIZx3E1
Piz0Ta6qkN1mglGtnsmFeImY3MosUdoQ0aj8q6dthmzNPxpn6f80RHkdoJm7S783
FMFhwds4wLCp33v7JpAoGMvDJJnMtErj5PMSwrmN//eArWKHGWQPlGJq0OKZcJWO
JI3sUaUsQlQ+3YsV63QIq6Oyav7h7yCmS9jEk9tiTB8QXj7GJrRpBetIYmvdzRMd
wHmvZOC3vGdoEj8AKKNF447X3WMEVs0/DEYr/PHh6h6X9Ed8NyKVhiLm+OE6nk9F
0Fthllsf+z8LLd+q1OPwH69FsI9J8oiW/pVyXB/MmBdu+0r6A1+EJw0cxqmqbLuN
uN1rNh4k
=O9SJ
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,34 @@
-------------------------------------------------------------------
Mon Sep 27 19:01:38 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 5.9.3:
* Added AES-ECB, SHA-3 and SHAKE-256 support to the wolfssl
plugin.
* Added AES-CCM support to the openssl plugin (#353).
* The x509 and the openssl plugins now consider the
authorityKeyIdentifier, if available, before verifying
signatures, which avoids unnecessary signature verifications
after a CA key rollover if both CA certificates are loaded.
The openssl plugin now does the same also for CRLs (the x509
plugin already did).
* The pkcs11 plugin better handles optional attributes like
CKA_TRUSTED, which previously depended on a version check.
* The NetworkManager backend (charon-nm) now supports using SANs
as client identities, not only full DNs (#437).
* charon-tkm now handles IKE encryption.
* Send a MOBIKE update again if a a change in the NAT mappings is
detected but the endpoints stay the same (e143a7d).
* A deadlock in the HA plugin introduced with 5.9.2 has been
fixed (#456).
* DSCP values are now also set for NAT keepalives.
* The ike_derived_keys() hook now receives more keys but in a
different order (4e29d6f).
* Converted most of the test case scenarios to the vici
interface.
- Replace libsoup-devel with pkgconfig(libsoup-2.4) BuildRequires,
as this is what really checks for. Needed as libsoup-3.0 is
released.
-------------------------------------------------------------------
Mon Sep 7 08:38:01 UTC 2020 - Jan Engelhardt <jengelh@inai.de>

View File

@ -17,7 +17,7 @@
Name: strongswan
Version: 5.9.0
Version: 5.9.3
Release: 0
%define upstream_version %{version}
%define strongswan_docdir %{_docdir}/%{name}
@ -88,11 +88,11 @@ BuildRequires: gmp-devel
BuildRequires: gperf
BuildRequires: libcap-devel
BuildRequires: libopenssl-devel
BuildRequires: libsoup-devel
BuildRequires: openldap2-devel
BuildRequires: pam-devel
BuildRequires: pcsc-lite-devel
BuildRequires: pkg-config
BuildRequires: pkgconfig(libsoup-2.4)
%if %{with mysql}
BuildRequires: libmysqlclient-devel
%endif