SHA256
1
0
forked from pool/strongswan

Accepting request 991798 from home:p_conrad:branches

This resolves one issue in particular that caused failures in Tumbleweed, see https://forums.opensuse.org/showthread.php/569960-Latest-strongswan-ipsec-crashes-on-startup .

- Update to release 5.9.7
  * The IKEv2 key derivation is now delayed until the keys are actually needed to process or send the next message.
  * Inbound IKEv2 messages, in particular requests, are now processed differently.
  * The retransmission logic in the dhcp plugin has been fixed (#1154).
  * The connmark plugin now considers configured masks in installed firewall rules (#1087).
  * Child config selection has been fixed as responder in cases where multiple children use transport mode traffic selectors (#1143).
  * The outbound SA/policy is now also removed after IKEv1 CHILD_SA rekeyings (#1041).
  * The openssl plugin supports AES and Camellia in CTR mode (112bb46).
  * The AES-XCBC/CMAC PRFs are demoted in the default proposal (after HMAC-based PRFs) since they were never widely adopted
  * The kdf plugin is now automatically enabled if any of the aesni, cmac or xcbc plugins are enabled, or if none of the plugins that directly provide HMAC-based KDFs are enabled (botan, openssl or wolfssl).
  * The CALLBACK macros (and some other issues) have been fixed when compiling with GCC 12 (#1053).

OBS-URL: https://build.opensuse.org/request/show/991798
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=136
This commit is contained in:
Jan Engelhardt 2022-07-30 09:43:14 +00:00 committed by Git OBS Bridge
parent 0bed40c9cb
commit abbd490880
6 changed files with 33 additions and 19 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:91d0978ac448912759b85452d8ff0d578aafd4507aaf4f1c1719f9d0c7318ab7
size 4750894

View File

@ -1,14 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmJrATYACgkQ30LBcLNN
unc45QwAm8gL8D9+YO96mG4eSOGqOYh6f7MHG7mGi22PEq0DnGgT7fKvrDeSVi2/
cOJlJ27rB3FAztAFm1n7+CAjmUXajxsUnismJx4v7zNF6d999hyvYguhcRh/XeD+
+UN0VdtNVjkzxzV+2TcNOA0hnIxVRPFO7m02eHvpr+F/Jphb6o/6oKFq9RzIjG9T
sGvv6mucMHG+Bzs8A2PGywxcMggr6+AsIDRHzaM3CE92uI43smBNYgt31i8IsCu5
R0vPPIRWowUqxxF+ryQU9YB5xVUTsVRZJUq5j1jjAT9yD292T9ZzAJajEERlaXTA
H+SrVVnmI4Gl5tvgHXY980xCcKlASjJ9tfI4VJFpW5u49k2HOTcCbsrbhpXlD8m+
pntdYP+hSch3EO/pehLEIGj8+26e2B8q122T4oFnN9I+bkYYXPZKgdbDeSTT/Lty
WsOyWyJQdg5vnskT8ACsQJBwFF8t+DjUXC+T5y8qrwZbBuvx/PfGEK3adeLMzflT
MOy+f+DC
=RL/z
-----END PGP SIGNATURE-----

3
strongswan-5.9.7.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9e64a2ba62efeac81abff1d962522404ebc6ed6c0d352a23ab7c0b2c639e3fcf
size 4741967

View File

@ -0,0 +1,14 @@
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmLja84ACgkQ30LBcLNN
unet6wv+JbEKKBG/6kOoQnM0FZORuYS2xIXRfbLZLJjpK3Y5LPwyb4+3yZZXoLYq
ojNDKjSwX4cHq1znUiDNeJ9yYSbHWxw/0+fZwQqCkrs0uZSN3HOc/ndjnRnhBoxB
elfSCqe6C+8rNxArFdAOB2nmMg7wiDRhueOKYRSZ5B6X5Nu3RxSOi5up6RR1UDmS
z0s4+6xjq4oAoJ+GPIM+AC4UjCZR2/rSRGGeafHzp35vWTrZlY/NwkqV6XRhlKv3
Vtix2mUBP3vcud+TqWQJPVs+yqbWtGtWQ7PHYDu82tORCPRQjhQ4tPZmMOS6d67I
51mVNjSndRLyo8Bjdox4hbtLZTCdiFNDRM1MS9qTXvb0a/SUaWB7hE0s5QqeL0gA
2WPcRNcEQHmtXGA9J6q9X5ooQqhT/21m/5ez5XwvYSm/deyFD6Ah06RT/vr2rG6s
9+pbgYU84P8nLnxPtuZ9rsZmDa/7r1E2/P/6PDMqUnN+9CgU/MduJxcoGAHgLexo
gXQz5vQn
=D1Iy
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,18 @@
-------------------------------------------------------------------
Sat Jul 30 06:48:29 UTC 2022 - Peter Conrad <conrad@quisquis.de>
- Update to release 5.9.7
* The IKEv2 key derivation is now delayed until the keys are actually needed to process or send the next message.
* Inbound IKEv2 messages, in particular requests, are now processed differently.
* The retransmission logic in the dhcp plugin has been fixed (#1154).
* The connmark plugin now considers configured masks in installed firewall rules (#1087).
* Child config selection has been fixed as responder in cases where multiple children use transport mode traffic selectors (#1143).
* The outbound SA/policy is now also removed after IKEv1 CHILD_SA rekeyings (#1041).
* The openssl plugin supports AES and Camellia in CTR mode (112bb46).
* The AES-XCBC/CMAC PRFs are demoted in the default proposal (after HMAC-based PRFs) since they were never widely adopted
* The kdf plugin is now automatically enabled if any of the aesni, cmac or xcbc plugins are enabled, or if none of the plugins that directly provide HMAC-based KDFs are enabled (botan, openssl or wolfssl).
* The CALLBACK macros (and some other issues) have been fixed when compiling with GCC 12 (#1053).
-------------------------------------------------------------------
Sat Apr 30 08:21:29 UTC 2022 - Jan Engelhardt <jengelh@inai.de>

View File

@ -17,7 +17,7 @@
Name: strongswan
Version: 5.9.6
Version: 5.9.7
Release: 0
%define upstream_version %{version}
%define strongswan_docdir %{_docdir}/%{name}
@ -566,7 +566,6 @@ fi
%{_mandir}/man5/ipsec.secrets.5*
%{_mandir}/man5/strongswan.conf.5*
%dir %{_libexecdir}/ipsec
%{_libexecdir}/ipsec/_copyright
%{_libexecdir}/ipsec/_updown
%if %{with test}
%{_libexecdir}/ipsec/conftest