forked from pool/strongswan
Accepting request 761676 from home:iznogood:branches:network:vpn
- Update to version 5.8.2: * Fix CVE-2018-17540, CVE-2018-16151 and CVE-2018-16152. * boo#1109845 and boo#1107874. - Please check included NEWS file for info on what other changes that have been done in versions 5.8.2, 5.8.1 5.8.0, 5.7.2, 5.7.1 and 5.7.0. - Rebase strongswan_ipsec_service.patch. - Disable patches that need rebase or dropping: * strongswan_modprobe_syslog.patch * 0006-fix-compilation-error-by-adding-stdint.h.patch - Add conditional pkgconfig(libsystemd) BuildRequires: New dependency. OBS-URL: https://build.opensuse.org/request/show/761676 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=114
This commit is contained in:
parent
876d8e4544
commit
509c30e68d
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:c3c7dc8201f40625bba92ffd32eb602a8909210d8b3fac4d214c737ce079bf24
|
|
||||||
size 4961579
|
|
@ -1,14 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
Version: GnuPG v1
|
|
||||||
|
|
||||||
iQGcBAABAgAGBQJbC/V/AAoJEN9CwXCzTbp3xwsL/RivLwRDRkIDC93Le2B/d7dT
|
|
||||||
/BHN/4PDmy+dEzysNVPXDG8TLm1VWgaIXvh0pVzPq4ohJSOP0tPFoeyJpHtPT9Xt
|
|
||||||
x/VLnVlw2lNm70MZxXh1w9U6oEt8Sce9jtRJuEu54RhHBPcypNhNY1OsE1v8yeKf
|
|
||||||
1MYENntcs/ATn7OkgtCALIB9WAZEFnXMQmpG+9hUzsr6zBfTY33t2QbsVeoiZAnV
|
|
||||||
yTIRZQgilEAx9ZahjF1Vri1plUti8ZL/W9y0OnWt+/oOnXAx91NH2KgZ4qkAqtbg
|
|
||||||
1H3nacKNHk6XP0Ca+wB4WIBmwDfquUEDTNbBPDaQy2yl33hzj9w2jovbSPF3YPnl
|
|
||||||
TzY07K77OMK9r7YtxIa+diXs3GTh6vEe9E8mgRrQ96TXDCXCVvlQcTfEDmJ3z1ZC
|
|
||||||
gk5blg7os5gAVKkdtEPChJP1VPJk2qhY8eZOCfdgIucv06YQKkj2aAcac+Umthne
|
|
||||||
yS/qWZm8/LI6UII9Nf541o2KrlDd4ypoYOt0oibaoA==
|
|
||||||
=NiPQ
|
|
||||||
-----END PGP SIGNATURE-----
|
|
3
strongswan-5.8.2.tar.bz2
Normal file
3
strongswan-5.8.2.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:86900ddbe7337c923dadf2c8339ae8ed2b9158e3691745884d08ae534677430e
|
||||||
|
size 4533402
|
14
strongswan-5.8.2.tar.bz2.sig
Normal file
14
strongswan-5.8.2.tar.bz2.sig
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
Version: GnuPG v1
|
||||||
|
|
||||||
|
iQGcBAABAgAGBQJd+MscAAoJEN9CwXCzTbp3f6ML/0y5DGj7CytdIWcT7ODbZ5Dt
|
||||||
|
S8MS2BHxUJ4cgzB8InCK4wNQFpyzRhR2goPly1B8RVNSVSfdyvqfSC/A++esZe3m
|
||||||
|
wwjsjzjWYVaNnkj1lrl/8azOiDkD/uA/NaaUcASp6hoJIJQALYW5HfPjL/S/hC+v
|
||||||
|
iVio5Fy9c/9HGJEeeZxqRMp/gTNjvh05hbP9ukLADk6klphwaNFg5o0YNgf1NJFE
|
||||||
|
CBo/rGJNVfvEUUlJMLiBlFCBaPMOIjoIXODpjootRioDpnF6IonfcoIGiR6TuRQC
|
||||||
|
zR3u3Zhgpe4tJfkKCpCCSPGwMCcwreMAUwzRf/U/HDUSPZX+c4sBOIl8eedwVA77
|
||||||
|
DjNlktwmPta8x4YOh6NB3ghAwwztEkPvvaAIcwH0gh1DkjIicFr2VkoXIS5jqaVN
|
||||||
|
bK2YvTQ7StZa35VaEYnlu5JzIchPlqhXND6sWLWJolnwrNWskZyojVYioyIv3KJJ
|
||||||
|
tXphbN0HHCfLPs5vX8/X97IAa06tsnEOZEZg5Sk3Jw==
|
||||||
|
=VHUc
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,3 +1,19 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jan 6 22:06:58 UTC 2020 - Bjørn Lie <bjorn.lie@gmail.com>
|
||||||
|
|
||||||
|
- Update to version 5.8.2:
|
||||||
|
* Fix CVE-2018-17540, CVE-2018-16151 and CVE-2018-16152.
|
||||||
|
* boo#1109845 and boo#1107874.
|
||||||
|
- Please check included NEWS file for info on what other changes
|
||||||
|
that have been done in versions 5.8.2, 5.8.1 5.8.0, 5.7.2, 5.7.1
|
||||||
|
and 5.7.0.
|
||||||
|
- Rebase strongswan_ipsec_service.patch.
|
||||||
|
- Disable patches that need rebase or dropping:
|
||||||
|
* strongswan_modprobe_syslog.patch
|
||||||
|
* 0006-fix-compilation-error-by-adding-stdint.h.patch
|
||||||
|
- Add conditional pkgconfig(libsystemd) BuildRequires: New
|
||||||
|
dependency.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jun 6 22:14:57 UTC 2018 - bjorn.lie@gmail.com
|
Wed Jun 6 22:14:57 UTC 2018 - bjorn.lie@gmail.com
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package strongswan
|
# spec file for package strongswan
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
# Copyright (c) 2020 SUSE LLC
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -12,12 +12,12 @@
|
|||||||
# license that conforms to the Open Source Definition (Version 1.9)
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
# published by the Open Source Initiative.
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
Name: strongswan
|
Name: strongswan
|
||||||
Version: 5.6.3
|
Version: 5.8.2
|
||||||
Release: 0
|
Release: 0
|
||||||
%define upstream_version %{version}
|
%define upstream_version %{version}
|
||||||
%define strongswan_docdir %{_docdir}/%{name}
|
%define strongswan_docdir %{_docdir}/%{name}
|
||||||
@ -64,7 +64,7 @@ Release: 0
|
|||||||
Summary: IPsec-based VPN solution
|
Summary: IPsec-based VPN solution
|
||||||
License: GPL-2.0-or-later
|
License: GPL-2.0-or-later
|
||||||
Group: Productivity/Networking/Security
|
Group: Productivity/Networking/Security
|
||||||
Url: http://www.strongswan.org/
|
URL: http://www.strongswan.org/
|
||||||
Requires: strongswan-ipsec = %{version}
|
Requires: strongswan-ipsec = %{version}
|
||||||
Source0: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2
|
Source0: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2
|
||||||
Source1: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2.sig
|
Source1: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2.sig
|
||||||
@ -76,6 +76,7 @@ Source5: %{name}.keyring
|
|||||||
Source6: fipscheck.sh.in
|
Source6: fipscheck.sh.in
|
||||||
Source7: fips-enforce.conf
|
Source7: fips-enforce.conf
|
||||||
%endif
|
%endif
|
||||||
|
# Needs rebase
|
||||||
Patch1: %{name}_modprobe_syslog.patch
|
Patch1: %{name}_modprobe_syslog.patch
|
||||||
Patch2: %{name}_ipsec_service.patch
|
Patch2: %{name}_ipsec_service.patch
|
||||||
%if %{with fipscheck}
|
%if %{with fipscheck}
|
||||||
@ -84,6 +85,7 @@ Patch3: %{name}_fipscheck.patch
|
|||||||
Patch4: %{name}_fipsfilter.patch
|
Patch4: %{name}_fipsfilter.patch
|
||||||
%endif
|
%endif
|
||||||
Patch5: 0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch
|
Patch5: 0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch
|
||||||
|
# Needs rebase
|
||||||
Patch6: 0006-fix-compilation-error-by-adding-stdint.h.patch
|
Patch6: 0006-fix-compilation-error-by-adding-stdint.h.patch
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
BuildRequires: bison
|
BuildRequires: bison
|
||||||
@ -112,6 +114,7 @@ BuildRequires: pkgconfig(libnm)
|
|||||||
%endif
|
%endif
|
||||||
%if %{with systemd}
|
%if %{with systemd}
|
||||||
%{?systemd_requires}
|
%{?systemd_requires}
|
||||||
|
BuildRequires: pkgconfig(libsystemd)
|
||||||
%endif
|
%endif
|
||||||
BuildRequires: iptables
|
BuildRequires: iptables
|
||||||
%if %{with systemd}
|
%if %{with systemd}
|
||||||
@ -254,7 +257,8 @@ and the load testing plugin for IKEv2 daemon.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n %{name}-%{upstream_version}
|
%setup -q -n %{name}-%{upstream_version}
|
||||||
%patch1 -p1
|
# Needs rebase, file it patches no longer exists.
|
||||||
|
#patch1 -p1
|
||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%if %{with fipscheck}
|
%if %{with fipscheck}
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
@ -262,7 +266,8 @@ and the load testing plugin for IKEv2 daemon.
|
|||||||
#patch4 -p1
|
#patch4 -p1
|
||||||
%endif
|
%endif
|
||||||
%patch5 -p1
|
%patch5 -p1
|
||||||
%patch6 -p1
|
# Needs rebase.
|
||||||
|
#patch6 -p1
|
||||||
sed -e 's|@libexecdir@|%_libexecdir|g' \
|
sed -e 's|@libexecdir@|%_libexecdir|g' \
|
||||||
< %{_sourcedir}/strongswan.init.in \
|
< %{_sourcedir}/strongswan.init.in \
|
||||||
> strongswan.init
|
> strongswan.init
|
||||||
@ -288,6 +293,7 @@ autoreconf --force --install
|
|||||||
--with-resolv-conf=%{_rundir}/%{name}/resolv.conf \
|
--with-resolv-conf=%{_rundir}/%{name}/resolv.conf \
|
||||||
--with-piddir=%{_rundir}/%{name} \
|
--with-piddir=%{_rundir}/%{name} \
|
||||||
%if %{with systemd}
|
%if %{with systemd}
|
||||||
|
--enable-systemd \
|
||||||
--with-systemdsystemunitdir=%{_unitdir} \
|
--with-systemdsystemunitdir=%{_unitdir} \
|
||||||
%endif
|
%endif
|
||||||
--enable-pkcs11 \
|
--enable-pkcs11 \
|
||||||
@ -551,9 +557,11 @@ fi
|
|||||||
%dir %{_sysconfdir}/ipsec.d/ocspcerts
|
%dir %{_sysconfdir}/ipsec.d/ocspcerts
|
||||||
%dir %attr(700,root,root) %{_sysconfdir}/ipsec.d/private
|
%dir %attr(700,root,root) %{_sysconfdir}/ipsec.d/private
|
||||||
%if %{with systemd}
|
%if %{with systemd}
|
||||||
|
%{_unitdir}/strongswan-starter.service
|
||||||
%{_unitdir}/strongswan.service
|
%{_unitdir}/strongswan.service
|
||||||
%{_sysconfdir}/dbus-1/system.d/nm-strongswan-service.conf
|
%{_datadir}/dbus-1/system.d/nm-strongswan-service.conf
|
||||||
%{_sbindir}/rcstrongswan
|
%{_sbindir}/rcstrongswan
|
||||||
|
%{_sbindir}/charon-systemd
|
||||||
%else
|
%else
|
||||||
%config %{_sysconfdir}/init.d/ipsec
|
%config %{_sysconfdir}/init.d/ipsec
|
||||||
%{_sbindir}/rcipsec
|
%{_sbindir}/rcipsec
|
||||||
@ -574,6 +582,7 @@ fi
|
|||||||
%if %{with test}
|
%if %{with test}
|
||||||
%{_libexecdir}/ipsec/conftest
|
%{_libexecdir}/ipsec/conftest
|
||||||
%endif
|
%endif
|
||||||
|
%{_libexecdir}/ipsec/xfrmi
|
||||||
%{_libexecdir}/ipsec/duplicheck
|
%{_libexecdir}/ipsec/duplicheck
|
||||||
%{_libexecdir}/ipsec/pool
|
%{_libexecdir}/ipsec/pool
|
||||||
%{_libexecdir}/ipsec/scepclient
|
%{_libexecdir}/ipsec/scepclient
|
||||||
@ -583,6 +592,7 @@ fi
|
|||||||
%{_libexecdir}/ipsec/_imv_policy
|
%{_libexecdir}/ipsec/_imv_policy
|
||||||
%{_libexecdir}/ipsec/imv_policy_manager
|
%{_libexecdir}/ipsec/imv_policy_manager
|
||||||
%dir %{strongswan_plugins}
|
%dir %{strongswan_plugins}
|
||||||
|
%{strongswan_plugins}/libstrongswan-drbg.so
|
||||||
%{strongswan_plugins}/libstrongswan-stroke.so
|
%{strongswan_plugins}/libstrongswan-stroke.so
|
||||||
%{strongswan_plugins}/libstrongswan-updown.so
|
%{strongswan_plugins}/libstrongswan-updown.so
|
||||||
|
|
||||||
@ -609,6 +619,9 @@ fi
|
|||||||
%dir %{strongswan_configs}
|
%dir %{strongswan_configs}
|
||||||
%dir %{strongswan_configs}/charon
|
%dir %{strongswan_configs}/charon
|
||||||
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon.conf
|
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon.conf
|
||||||
|
%if %{with systemd}
|
||||||
|
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon-systemd.conf
|
||||||
|
%endif
|
||||||
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon-logging.conf
|
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon-logging.conf
|
||||||
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/imcv.conf
|
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/imcv.conf
|
||||||
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/pki.conf
|
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/pki.conf
|
||||||
@ -621,6 +634,7 @@ fi
|
|||||||
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/aes.conf
|
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/aes.conf
|
||||||
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/counters.conf
|
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/counters.conf
|
||||||
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/curve25519.conf
|
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/curve25519.conf
|
||||||
|
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/drbg.conf
|
||||||
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/vici.conf
|
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/vici.conf
|
||||||
%if %{with afalg}
|
%if %{with afalg}
|
||||||
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/af-alg.conf
|
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/af-alg.conf
|
||||||
@ -856,6 +870,7 @@ fi
|
|||||||
%{strongswan_templates}/config/plugins/des.conf
|
%{strongswan_templates}/config/plugins/des.conf
|
||||||
%{strongswan_templates}/config/plugins/dhcp.conf
|
%{strongswan_templates}/config/plugins/dhcp.conf
|
||||||
%{strongswan_templates}/config/plugins/dnskey.conf
|
%{strongswan_templates}/config/plugins/dnskey.conf
|
||||||
|
%{strongswan_templates}/config/plugins/drbg.conf
|
||||||
%{strongswan_templates}/config/plugins/duplicheck.conf
|
%{strongswan_templates}/config/plugins/duplicheck.conf
|
||||||
%{strongswan_templates}/config/plugins/eap-aka-3gpp2.conf
|
%{strongswan_templates}/config/plugins/eap-aka-3gpp2.conf
|
||||||
%{strongswan_templates}/config/plugins/eap-aka.conf
|
%{strongswan_templates}/config/plugins/eap-aka.conf
|
||||||
@ -931,6 +946,9 @@ fi
|
|||||||
%{strongswan_templates}/config/plugins/xcbc.conf
|
%{strongswan_templates}/config/plugins/xcbc.conf
|
||||||
%{strongswan_templates}/config/plugins/curve25519.conf
|
%{strongswan_templates}/config/plugins/curve25519.conf
|
||||||
%{strongswan_templates}/config/plugins/vici.conf
|
%{strongswan_templates}/config/plugins/vici.conf
|
||||||
|
%if %{with systemd}
|
||||||
|
%{strongswan_templates}/config/strongswan.d/charon-systemd.conf
|
||||||
|
%endif
|
||||||
%{strongswan_templates}/config/strongswan.d/charon-logging.conf
|
%{strongswan_templates}/config/strongswan.d/charon-logging.conf
|
||||||
%{strongswan_templates}/config/strongswan.d/charon.conf
|
%{strongswan_templates}/config/strongswan.d/charon.conf
|
||||||
%{strongswan_templates}/config/strongswan.d/imcv.conf
|
%{strongswan_templates}/config/strongswan.d/imcv.conf
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
Index: strongswan-5.6.2/init/systemd/strongswan.service.in
|
Index: strongswan-5.6.2/init/systemd/strongswan.service.in
|
||||||
===================================================================
|
===================================================================
|
||||||
--- strongswan-5.6.2.orig/init/systemd/strongswan.service.in 2017-02-07 08:04:04.000000000 +0100
|
--- strongswan-5.6.2.orig/init/systemd-starter/strongswan-starter.service.in 2017-02-07 08:04:04.000000000 +0100
|
||||||
+++ strongswan-5.6.2/init/systemd/strongswan.service.in 2018-04-17 16:53:57.546334751 +0200
|
+++ strongswan-5.6.2/init/systemd-starter/strongswan-starter.service.in 2018-04-17 16:53:57.546334751 +0200
|
||||||
@@ -9,3 +9,4 @@ Restart=on-abnormal
|
@@ -9,3 +9,4 @@ Restart=on-abnormal
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
|
Loading…
Reference in New Issue
Block a user