diff --git a/strongswan-5.9.10.tar.bz2 b/strongswan-5.9.10.tar.bz2 deleted file mode 100644 index b7517fe..0000000 --- a/strongswan-5.9.10.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3b72789e243c9fa6f0a01ccaf4f83766eba96a5e5b1e071d36e997572cf34654 -size 4765407 diff --git a/strongswan-5.9.10.tar.bz2.sig b/strongswan-5.9.10.tar.bz2.sig deleted file mode 100644 index 3f018ac..0000000 --- a/strongswan-5.9.10.tar.bz2.sig +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmQAZmIACgkQ30LBcLNN -uncmawv8DgoR/EdXdzvqzToiDYREwU5CfIYAPCYmUfw7tdwTZsiN9rdt13lI8+ei -8IqYIrtGvKVtiV3qwNaxxD/spQ+b/jbOk+ifzCQzylD5gv9fFyyKjiYIiLmK3qhr -7sc+tN90HY443qN4JV1rwHP4jN57pmNZ2qg2CbzU/zpePUHj5MlM3kgGd5bO5Q6L -MWmstO/RcjIIsZusqscrOGsaZrkULTeLyrOTLoJcM06b0F4vzeDwhLJjVoqYFVt5 -dPXLXygUfVUr+aAvCfNA03zokt6Ok9aSOBZZ8+nMPLU6wmWjjIdOf0/H9JG3/v6F -SGHVxlB4Z7sCkDzvmB/vmYquGw+gx+0Fx28eEV4E7TnrJrdlqC5n8wrPO9iFQ36y -QEua+S/q7qHSUBr01DW35e70oiJmbOqSH+poPVz2Qwk3ZVgcqIxCUpz6aWPjAicL -7VMYBssX6R5cCD3nIuHSe1+Iyx/AuFP7nuPHQrkIAKsDMVZR8GClNz+M8ZM7Cbar -a6YUUR/D -=FN1F ------END PGP SIGNATURE----- diff --git a/strongswan-5.9.11.tar.bz2 b/strongswan-5.9.11.tar.bz2 new file mode 100644 index 0000000..21e9c61 --- /dev/null +++ b/strongswan-5.9.11.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ddf53f1f26ad26979d5f55e8da95bd389552f5de3682e35593f9a70b2584ed2d +size 4786552 diff --git a/strongswan-5.9.11.tar.bz2.sig b/strongswan-5.9.11.tar.bz2.sig new file mode 100644 index 0000000..1b8068b --- /dev/null +++ b/strongswan-5.9.11.tar.bz2.sig @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- + +iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmSGsnAACgkQ30LBcLNN +unfqXQv/Rfi3bcaIaULwNXnBgW2mWrsUFFUzQN/PB9fdPK/u0JUBWufUV/1/LUc9 +yA1S3ESubQMOYkPmSrQRfXwkrdGTQ3DwApuFL/42Q/TOk8jpTVaPM28Gs6D+77YC +QjB3JYcR2VxvgsEFZatqFgUaGyety1dB1P364EPnzzb7L0+7HBWT0IVkdpvPT/zX +5tQ6M4czD2cqv1fi8+Tjaq3mpw0PdyZSIoLuD7kL6AeWcrtzhfhr1vXQKwo0K5wh +5uuUbxPZIrmxLGk1vkoMuEKZ7XVvs3ulFFK9EvJXWM9USce0Br0irGEdO2sDAxWA +20jFzsW2wL5mkVLvLfQQrNC1qwsYKq3s3PInZEoUICE4zNC6zWS8tTtaq5Ul8X1J +AFhcrdy6cVs87LDyvEWiMcSwLpYk1egWwmF9acuMUE6bYSNUnYMkYwS7CjWQUXix +JMf3b60Ztm+r8RfitpWHp+N1pAGZCNJ3ZXTV0/4d65HB4GA1dWZuubRvUXbV7Ayb +oYKPlR2G +=+d5Q +-----END PGP SIGNATURE----- diff --git a/strongswan.changes b/strongswan.changes index 9fb22db..4b21ed9 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,50 @@ +------------------------------------------------------------------- +Mon Jun 12 15:22:09 UTC 2023 - Mohd Saquib + +- Update to release 5.9.11 + * A long-standing deadlock in the vici plugin has been fixed that + could get triggered when multiple connections were + initiated/terminated concurrently and control-log events were + raised by the watcher_t component (#566). + * In compliance with RFC 5280, CRLs now have to be signed by a + certificate that either encodes the cRLSign keyUsage bit + (even if it is a CA certificate), or is a CA certificate without + a keyUsage extension. strongSwan encodes a keyUsage extension + with cRLSign bit set in all CA certificates since 13 years. And + before that it didn't encode the extension, so these certificates + would also be accepted as CRL issuer in case they are still valid + (7dc82de). + * Support for optional CA labels in EST server URIs + (e.g. https://www.example.org/.well-known/est/arbitraryLabel1/) + was added to the pki --est and pki --estca commands (#1614). + * The pkcs7 and openssl plugins now support CMS-style signatures in + PKCS#7 containers, which allows verifying RSA-PSS and ECDSA + signatures (#1615). + * Fixed a regression in the server implementation of EAP-TLS when + using TLS 1.2 or earlier that was introduced with 5.9.10 + (#1613, 3d0d3f5). + * The EAP-TLS client does now enforce that the TLS handshake is + complete when using TLS 1.2 or earlier. It was possible to + shortcut it by sending an early EAP-Success message. Note that + this isn't a security issue as the server is authenticated at + that point (db87087). + * On Linux, the kernel-libipsec plugin can now optionally handle + ESP packets without UDP encapsulation (uses RAW sockets, disabled + by default, e3cb756). The plugin and libipsec also gained support + trap policies (23d20bb). + * The dhcp plugin uses an alternative method to determine the source + address when sending unicast DHCP requests, which is not affected + by interface filtering that might be employed for the IKE sockets + (#1573). + * The selection of certificates and trust chains as initiator has + been improved if the local trust chain is incomplete (i.e. the + root CA certificate for the local certificate is not loaded) + while a certificate request for a known but unrelated CA is + received, which caused any local intermediate CA certificates not + to get sent (efdcbd1). + * ECDSA and EdDSA public keys are supported by the ipseckey plugin + when parsing RFC 4025 IPSECKEY resource records (7be55ad). + ------------------------------------------------------------------- Wed Apr 5 01:34:28 UTC 2023 - Mohd Saquib diff --git a/strongswan.spec b/strongswan.spec index 300bec1..70e505f 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -17,7 +17,7 @@ Name: strongswan -Version: 5.9.10 +Version: 5.9.11 Release: 0 %define upstream_version %{version} %define strongswan_docdir %{_docdir}/%{name}