From abbd4908800b800e29e0ae890432c1f39cd34b66833c37be5da2f8492ab84bb1 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 30 Jul 2022 09:43:14 +0000 Subject: [PATCH] Accepting request 991798 from home:p_conrad:branches This resolves one issue in particular that caused failures in Tumbleweed, see https://forums.opensuse.org/showthread.php/569960-Latest-strongswan-ipsec-crashes-on-startup . - Update to release 5.9.7 * The IKEv2 key derivation is now delayed until the keys are actually needed to process or send the next message. * Inbound IKEv2 messages, in particular requests, are now processed differently. * The retransmission logic in the dhcp plugin has been fixed (#1154). * The connmark plugin now considers configured masks in installed firewall rules (#1087). * Child config selection has been fixed as responder in cases where multiple children use transport mode traffic selectors (#1143). * The outbound SA/policy is now also removed after IKEv1 CHILD_SA rekeyings (#1041). * The openssl plugin supports AES and Camellia in CTR mode (112bb46). * The AES-XCBC/CMAC PRFs are demoted in the default proposal (after HMAC-based PRFs) since they were never widely adopted * The kdf plugin is now automatically enabled if any of the aesni, cmac or xcbc plugins are enabled, or if none of the plugins that directly provide HMAC-based KDFs are enabled (botan, openssl or wolfssl). * The CALLBACK macros (and some other issues) have been fixed when compiling with GCC 12 (#1053). OBS-URL: https://build.opensuse.org/request/show/991798 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=136 --- strongswan-5.9.6.tar.bz2 | 3 --- strongswan-5.9.6.tar.bz2.sig | 14 -------------- strongswan-5.9.7.tar.bz2 | 3 +++ strongswan-5.9.7.tar.bz2.sig | 14 ++++++++++++++ strongswan.changes | 15 +++++++++++++++ strongswan.spec | 3 +-- 6 files changed, 33 insertions(+), 19 deletions(-) delete mode 100644 strongswan-5.9.6.tar.bz2 delete mode 100644 strongswan-5.9.6.tar.bz2.sig create mode 100644 strongswan-5.9.7.tar.bz2 create mode 100644 strongswan-5.9.7.tar.bz2.sig diff --git a/strongswan-5.9.6.tar.bz2 b/strongswan-5.9.6.tar.bz2 deleted file mode 100644 index dd69a0f..0000000 --- a/strongswan-5.9.6.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:91d0978ac448912759b85452d8ff0d578aafd4507aaf4f1c1719f9d0c7318ab7 -size 4750894 diff --git a/strongswan-5.9.6.tar.bz2.sig b/strongswan-5.9.6.tar.bz2.sig deleted file mode 100644 index 2da1516..0000000 --- a/strongswan-5.9.6.tar.bz2.sig +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmJrATYACgkQ30LBcLNN -unc45QwAm8gL8D9+YO96mG4eSOGqOYh6f7MHG7mGi22PEq0DnGgT7fKvrDeSVi2/ -cOJlJ27rB3FAztAFm1n7+CAjmUXajxsUnismJx4v7zNF6d999hyvYguhcRh/XeD+ -+UN0VdtNVjkzxzV+2TcNOA0hnIxVRPFO7m02eHvpr+F/Jphb6o/6oKFq9RzIjG9T -sGvv6mucMHG+Bzs8A2PGywxcMggr6+AsIDRHzaM3CE92uI43smBNYgt31i8IsCu5 -R0vPPIRWowUqxxF+ryQU9YB5xVUTsVRZJUq5j1jjAT9yD292T9ZzAJajEERlaXTA -H+SrVVnmI4Gl5tvgHXY980xCcKlASjJ9tfI4VJFpW5u49k2HOTcCbsrbhpXlD8m+ -pntdYP+hSch3EO/pehLEIGj8+26e2B8q122T4oFnN9I+bkYYXPZKgdbDeSTT/Lty -WsOyWyJQdg5vnskT8ACsQJBwFF8t+DjUXC+T5y8qrwZbBuvx/PfGEK3adeLMzflT -MOy+f+DC -=RL/z ------END PGP SIGNATURE----- diff --git a/strongswan-5.9.7.tar.bz2 b/strongswan-5.9.7.tar.bz2 new file mode 100644 index 0000000..bce365d --- /dev/null +++ b/strongswan-5.9.7.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9e64a2ba62efeac81abff1d962522404ebc6ed6c0d352a23ab7c0b2c639e3fcf +size 4741967 diff --git a/strongswan-5.9.7.tar.bz2.sig b/strongswan-5.9.7.tar.bz2.sig new file mode 100644 index 0000000..672f6b3 --- /dev/null +++ b/strongswan-5.9.7.tar.bz2.sig @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- + +iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmLja84ACgkQ30LBcLNN +unet6wv+JbEKKBG/6kOoQnM0FZORuYS2xIXRfbLZLJjpK3Y5LPwyb4+3yZZXoLYq +ojNDKjSwX4cHq1znUiDNeJ9yYSbHWxw/0+fZwQqCkrs0uZSN3HOc/ndjnRnhBoxB +elfSCqe6C+8rNxArFdAOB2nmMg7wiDRhueOKYRSZ5B6X5Nu3RxSOi5up6RR1UDmS +z0s4+6xjq4oAoJ+GPIM+AC4UjCZR2/rSRGGeafHzp35vWTrZlY/NwkqV6XRhlKv3 +Vtix2mUBP3vcud+TqWQJPVs+yqbWtGtWQ7PHYDu82tORCPRQjhQ4tPZmMOS6d67I +51mVNjSndRLyo8Bjdox4hbtLZTCdiFNDRM1MS9qTXvb0a/SUaWB7hE0s5QqeL0gA +2WPcRNcEQHmtXGA9J6q9X5ooQqhT/21m/5ez5XwvYSm/deyFD6Ah06RT/vr2rG6s +9+pbgYU84P8nLnxPtuZ9rsZmDa/7r1E2/P/6PDMqUnN+9CgU/MduJxcoGAHgLexo +gXQz5vQn +=D1Iy +-----END PGP SIGNATURE----- diff --git a/strongswan.changes b/strongswan.changes index 5655365..f0aedfa 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Sat Jul 30 06:48:29 UTC 2022 - Peter Conrad + +- Update to release 5.9.7 + * The IKEv2 key derivation is now delayed until the keys are actually needed to process or send the next message. + * Inbound IKEv2 messages, in particular requests, are now processed differently. + * The retransmission logic in the dhcp plugin has been fixed (#1154). + * The connmark plugin now considers configured masks in installed firewall rules (#1087). + * Child config selection has been fixed as responder in cases where multiple children use transport mode traffic selectors (#1143). + * The outbound SA/policy is now also removed after IKEv1 CHILD_SA rekeyings (#1041). + * The openssl plugin supports AES and Camellia in CTR mode (112bb46). + * The AES-XCBC/CMAC PRFs are demoted in the default proposal (after HMAC-based PRFs) since they were never widely adopted + * The kdf plugin is now automatically enabled if any of the aesni, cmac or xcbc plugins are enabled, or if none of the plugins that directly provide HMAC-based KDFs are enabled (botan, openssl or wolfssl). + * The CALLBACK macros (and some other issues) have been fixed when compiling with GCC 12 (#1053). + ------------------------------------------------------------------- Sat Apr 30 08:21:29 UTC 2022 - Jan Engelhardt diff --git a/strongswan.spec b/strongswan.spec index c6633d5..467b74d 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -17,7 +17,7 @@ Name: strongswan -Version: 5.9.6 +Version: 5.9.7 Release: 0 %define upstream_version %{version} %define strongswan_docdir %{_docdir}/%{name} @@ -566,7 +566,6 @@ fi %{_mandir}/man5/ipsec.secrets.5* %{_mandir}/man5/strongswan.conf.5* %dir %{_libexecdir}/ipsec -%{_libexecdir}/ipsec/_copyright %{_libexecdir}/ipsec/_updown %if %{with test} %{_libexecdir}/ipsec/conftest