SHA256
1
0
forked from pool/strongswan

Accepting request 761676 from home:iznogood:branches:network:vpn

- Update to version 5.8.2:
  * Fix CVE-2018-17540, CVE-2018-16151 and CVE-2018-16152.
  * boo#1109845 and boo#1107874.
- Please check included NEWS file for info on what other changes
  that have been done in versions 5.8.2, 5.8.1 5.8.0, 5.7.2, 5.7.1
  and 5.7.0.
- Rebase strongswan_ipsec_service.patch.
- Disable patches that need rebase or dropping:
  * strongswan_modprobe_syslog.patch
  * 0006-fix-compilation-error-by-adding-stdint.h.patch
- Add conditional pkgconfig(libsystemd) BuildRequires: New
  dependency.

OBS-URL: https://build.opensuse.org/request/show/761676
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=114
This commit is contained in:
Jan Engelhardt 2020-01-26 08:50:51 +00:00 committed by Git OBS Bridge
parent 876d8e4544
commit 509c30e68d
7 changed files with 60 additions and 26 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c3c7dc8201f40625bba92ffd32eb602a8909210d8b3fac4d214c737ce079bf24
size 4961579

View File

@ -1,14 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAABAgAGBQJbC/V/AAoJEN9CwXCzTbp3xwsL/RivLwRDRkIDC93Le2B/d7dT
/BHN/4PDmy+dEzysNVPXDG8TLm1VWgaIXvh0pVzPq4ohJSOP0tPFoeyJpHtPT9Xt
x/VLnVlw2lNm70MZxXh1w9U6oEt8Sce9jtRJuEu54RhHBPcypNhNY1OsE1v8yeKf
1MYENntcs/ATn7OkgtCALIB9WAZEFnXMQmpG+9hUzsr6zBfTY33t2QbsVeoiZAnV
yTIRZQgilEAx9ZahjF1Vri1plUti8ZL/W9y0OnWt+/oOnXAx91NH2KgZ4qkAqtbg
1H3nacKNHk6XP0Ca+wB4WIBmwDfquUEDTNbBPDaQy2yl33hzj9w2jovbSPF3YPnl
TzY07K77OMK9r7YtxIa+diXs3GTh6vEe9E8mgRrQ96TXDCXCVvlQcTfEDmJ3z1ZC
gk5blg7os5gAVKkdtEPChJP1VPJk2qhY8eZOCfdgIucv06YQKkj2aAcac+Umthne
yS/qWZm8/LI6UII9Nf541o2KrlDd4ypoYOt0oibaoA==
=NiPQ
-----END PGP SIGNATURE-----

3
strongswan-5.8.2.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:86900ddbe7337c923dadf2c8339ae8ed2b9158e3691745884d08ae534677430e
size 4533402

View File

@ -0,0 +1,14 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAABAgAGBQJd+MscAAoJEN9CwXCzTbp3f6ML/0y5DGj7CytdIWcT7ODbZ5Dt
S8MS2BHxUJ4cgzB8InCK4wNQFpyzRhR2goPly1B8RVNSVSfdyvqfSC/A++esZe3m
wwjsjzjWYVaNnkj1lrl/8azOiDkD/uA/NaaUcASp6hoJIJQALYW5HfPjL/S/hC+v
iVio5Fy9c/9HGJEeeZxqRMp/gTNjvh05hbP9ukLADk6klphwaNFg5o0YNgf1NJFE
CBo/rGJNVfvEUUlJMLiBlFCBaPMOIjoIXODpjootRioDpnF6IonfcoIGiR6TuRQC
zR3u3Zhgpe4tJfkKCpCCSPGwMCcwreMAUwzRf/U/HDUSPZX+c4sBOIl8eedwVA77
DjNlktwmPta8x4YOh6NB3ghAwwztEkPvvaAIcwH0gh1DkjIicFr2VkoXIS5jqaVN
bK2YvTQ7StZa35VaEYnlu5JzIchPlqhXND6sWLWJolnwrNWskZyojVYioyIv3KJJ
tXphbN0HHCfLPs5vX8/X97IAa06tsnEOZEZg5Sk3Jw==
=VHUc
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,19 @@
-------------------------------------------------------------------
Mon Jan 6 22:06:58 UTC 2020 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 5.8.2:
* Fix CVE-2018-17540, CVE-2018-16151 and CVE-2018-16152.
* boo#1109845 and boo#1107874.
- Please check included NEWS file for info on what other changes
that have been done in versions 5.8.2, 5.8.1 5.8.0, 5.7.2, 5.7.1
and 5.7.0.
- Rebase strongswan_ipsec_service.patch.
- Disable patches that need rebase or dropping:
* strongswan_modprobe_syslog.patch
* 0006-fix-compilation-error-by-adding-stdint.h.patch
- Add conditional pkgconfig(libsystemd) BuildRequires: New
dependency.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jun 6 22:14:57 UTC 2018 - bjorn.lie@gmail.com Wed Jun 6 22:14:57 UTC 2018 - bjorn.lie@gmail.com

View File

@ -1,7 +1,7 @@
# #
# spec file for package strongswan # spec file for package strongswan
# #
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2020 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -12,12 +12,12 @@
# license that conforms to the Open Source Definition (Version 1.9) # license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative. # published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/ # Please submit bugfixes or comments via https://bugs.opensuse.org/
# #
Name: strongswan Name: strongswan
Version: 5.6.3 Version: 5.8.2
Release: 0 Release: 0
%define upstream_version %{version} %define upstream_version %{version}
%define strongswan_docdir %{_docdir}/%{name} %define strongswan_docdir %{_docdir}/%{name}
@ -64,7 +64,7 @@ Release: 0
Summary: IPsec-based VPN solution Summary: IPsec-based VPN solution
License: GPL-2.0-or-later License: GPL-2.0-or-later
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Url: http://www.strongswan.org/ URL: http://www.strongswan.org/
Requires: strongswan-ipsec = %{version} Requires: strongswan-ipsec = %{version}
Source0: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2 Source0: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2
Source1: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2.sig Source1: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2.sig
@ -76,6 +76,7 @@ Source5: %{name}.keyring
Source6: fipscheck.sh.in Source6: fipscheck.sh.in
Source7: fips-enforce.conf Source7: fips-enforce.conf
%endif %endif
# Needs rebase
Patch1: %{name}_modprobe_syslog.patch Patch1: %{name}_modprobe_syslog.patch
Patch2: %{name}_ipsec_service.patch Patch2: %{name}_ipsec_service.patch
%if %{with fipscheck} %if %{with fipscheck}
@ -84,6 +85,7 @@ Patch3: %{name}_fipscheck.patch
Patch4: %{name}_fipsfilter.patch Patch4: %{name}_fipsfilter.patch
%endif %endif
Patch5: 0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch Patch5: 0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch
# Needs rebase
Patch6: 0006-fix-compilation-error-by-adding-stdint.h.patch Patch6: 0006-fix-compilation-error-by-adding-stdint.h.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: bison BuildRequires: bison
@ -112,6 +114,7 @@ BuildRequires: pkgconfig(libnm)
%endif %endif
%if %{with systemd} %if %{with systemd}
%{?systemd_requires} %{?systemd_requires}
BuildRequires: pkgconfig(libsystemd)
%endif %endif
BuildRequires: iptables BuildRequires: iptables
%if %{with systemd} %if %{with systemd}
@ -254,7 +257,8 @@ and the load testing plugin for IKEv2 daemon.
%prep %prep
%setup -q -n %{name}-%{upstream_version} %setup -q -n %{name}-%{upstream_version}
%patch1 -p1 # Needs rebase, file it patches no longer exists.
#patch1 -p1
%patch2 -p1 %patch2 -p1
%if %{with fipscheck} %if %{with fipscheck}
%patch3 -p1 %patch3 -p1
@ -262,7 +266,8 @@ and the load testing plugin for IKEv2 daemon.
#patch4 -p1 #patch4 -p1
%endif %endif
%patch5 -p1 %patch5 -p1
%patch6 -p1 # Needs rebase.
#patch6 -p1
sed -e 's|@libexecdir@|%_libexecdir|g' \ sed -e 's|@libexecdir@|%_libexecdir|g' \
< %{_sourcedir}/strongswan.init.in \ < %{_sourcedir}/strongswan.init.in \
> strongswan.init > strongswan.init
@ -288,6 +293,7 @@ autoreconf --force --install
--with-resolv-conf=%{_rundir}/%{name}/resolv.conf \ --with-resolv-conf=%{_rundir}/%{name}/resolv.conf \
--with-piddir=%{_rundir}/%{name} \ --with-piddir=%{_rundir}/%{name} \
%if %{with systemd} %if %{with systemd}
--enable-systemd \
--with-systemdsystemunitdir=%{_unitdir} \ --with-systemdsystemunitdir=%{_unitdir} \
%endif %endif
--enable-pkcs11 \ --enable-pkcs11 \
@ -551,9 +557,11 @@ fi
%dir %{_sysconfdir}/ipsec.d/ocspcerts %dir %{_sysconfdir}/ipsec.d/ocspcerts
%dir %attr(700,root,root) %{_sysconfdir}/ipsec.d/private %dir %attr(700,root,root) %{_sysconfdir}/ipsec.d/private
%if %{with systemd} %if %{with systemd}
%{_unitdir}/strongswan-starter.service
%{_unitdir}/strongswan.service %{_unitdir}/strongswan.service
%{_sysconfdir}/dbus-1/system.d/nm-strongswan-service.conf %{_datadir}/dbus-1/system.d/nm-strongswan-service.conf
%{_sbindir}/rcstrongswan %{_sbindir}/rcstrongswan
%{_sbindir}/charon-systemd
%else %else
%config %{_sysconfdir}/init.d/ipsec %config %{_sysconfdir}/init.d/ipsec
%{_sbindir}/rcipsec %{_sbindir}/rcipsec
@ -574,6 +582,7 @@ fi
%if %{with test} %if %{with test}
%{_libexecdir}/ipsec/conftest %{_libexecdir}/ipsec/conftest
%endif %endif
%{_libexecdir}/ipsec/xfrmi
%{_libexecdir}/ipsec/duplicheck %{_libexecdir}/ipsec/duplicheck
%{_libexecdir}/ipsec/pool %{_libexecdir}/ipsec/pool
%{_libexecdir}/ipsec/scepclient %{_libexecdir}/ipsec/scepclient
@ -583,6 +592,7 @@ fi
%{_libexecdir}/ipsec/_imv_policy %{_libexecdir}/ipsec/_imv_policy
%{_libexecdir}/ipsec/imv_policy_manager %{_libexecdir}/ipsec/imv_policy_manager
%dir %{strongswan_plugins} %dir %{strongswan_plugins}
%{strongswan_plugins}/libstrongswan-drbg.so
%{strongswan_plugins}/libstrongswan-stroke.so %{strongswan_plugins}/libstrongswan-stroke.so
%{strongswan_plugins}/libstrongswan-updown.so %{strongswan_plugins}/libstrongswan-updown.so
@ -609,6 +619,9 @@ fi
%dir %{strongswan_configs} %dir %{strongswan_configs}
%dir %{strongswan_configs}/charon %dir %{strongswan_configs}/charon
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon.conf
%if %{with systemd}
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon-systemd.conf
%endif
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon-logging.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon-logging.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/imcv.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/imcv.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/pki.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/pki.conf
@ -621,6 +634,7 @@ fi
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/aes.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/aes.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/counters.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/counters.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/curve25519.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/curve25519.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/drbg.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/vici.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/vici.conf
%if %{with afalg} %if %{with afalg}
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/af-alg.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/af-alg.conf
@ -856,6 +870,7 @@ fi
%{strongswan_templates}/config/plugins/des.conf %{strongswan_templates}/config/plugins/des.conf
%{strongswan_templates}/config/plugins/dhcp.conf %{strongswan_templates}/config/plugins/dhcp.conf
%{strongswan_templates}/config/plugins/dnskey.conf %{strongswan_templates}/config/plugins/dnskey.conf
%{strongswan_templates}/config/plugins/drbg.conf
%{strongswan_templates}/config/plugins/duplicheck.conf %{strongswan_templates}/config/plugins/duplicheck.conf
%{strongswan_templates}/config/plugins/eap-aka-3gpp2.conf %{strongswan_templates}/config/plugins/eap-aka-3gpp2.conf
%{strongswan_templates}/config/plugins/eap-aka.conf %{strongswan_templates}/config/plugins/eap-aka.conf
@ -931,6 +946,9 @@ fi
%{strongswan_templates}/config/plugins/xcbc.conf %{strongswan_templates}/config/plugins/xcbc.conf
%{strongswan_templates}/config/plugins/curve25519.conf %{strongswan_templates}/config/plugins/curve25519.conf
%{strongswan_templates}/config/plugins/vici.conf %{strongswan_templates}/config/plugins/vici.conf
%if %{with systemd}
%{strongswan_templates}/config/strongswan.d/charon-systemd.conf
%endif
%{strongswan_templates}/config/strongswan.d/charon-logging.conf %{strongswan_templates}/config/strongswan.d/charon-logging.conf
%{strongswan_templates}/config/strongswan.d/charon.conf %{strongswan_templates}/config/strongswan.d/charon.conf
%{strongswan_templates}/config/strongswan.d/imcv.conf %{strongswan_templates}/config/strongswan.d/imcv.conf

View File

@ -1,7 +1,7 @@
Index: strongswan-5.6.2/init/systemd/strongswan.service.in Index: strongswan-5.6.2/init/systemd/strongswan.service.in
=================================================================== ===================================================================
--- strongswan-5.6.2.orig/init/systemd/strongswan.service.in 2017-02-07 08:04:04.000000000 +0100 --- strongswan-5.6.2.orig/init/systemd-starter/strongswan-starter.service.in 2017-02-07 08:04:04.000000000 +0100
+++ strongswan-5.6.2/init/systemd/strongswan.service.in 2018-04-17 16:53:57.546334751 +0200 +++ strongswan-5.6.2/init/systemd-starter/strongswan-starter.service.in 2018-04-17 16:53:57.546334751 +0200
@@ -9,3 +9,4 @@ Restart=on-abnormal @@ -9,3 +9,4 @@ Restart=on-abnormal
[Install] [Install]