Accepting request 991798 from home:p_conrad:branches

This resolves one issue in particular that caused failures in Tumbleweed, see https://forums.opensuse.org/showthread.php/569960-Latest-strongswan-ipsec-crashes-on-startup . - Update to release 5.9.7 * The IKEv2 key derivation is now delayed until the keys are actually needed to process or send the next message. * Inbound IKEv2 messages, in particular requests, are now processed differently. * The retransmission logic in the dhcp plugin has been fixed (#1154). * The connmark plugin now considers configured masks in installed firewall rules (#1087). * Child config selection has been fixed as responder in cases where multiple children use transport mode traffic selectors (#1143). * The outbound SA/policy is now also removed after IKEv1 CHILD_SA rekeyings (#1041). * The openssl plugin supports AES and Camellia in CTR mode (112bb46). * The AES-XCBC/CMAC PRFs are demoted in the default proposal (after HMAC-based PRFs) since they were never widely adopted * The kdf plugin is now automatically enabled if any of the aesni, cmac or xcbc plugins are enabled, or if none of the plugins that directly provide HMAC-based KDFs are enabled (botan, openssl or wolfssl). * The CALLBACK macros (and some other issues) have been fixed when compiling with GCC 12 (#1053). OBS-URL: https://build.opensuse.org/request/show/991798 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=136
2022-07-30 09:43:14 +00:00 · 2022-07-30 09:43:14 +00:00 · abbd490880
commit abbd490880
parent 0bed40c9cb
6 changed files with 33 additions and 19 deletions
--- a/strongswan-5.9.6.tar.bz2
+++ b/strongswan-5.9.6.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:91d0978ac448912759b85452d8ff0d578aafd4507aaf4f1c1719f9d0c7318ab7
 size 4750894
--- a/strongswan-5.9.6.tar.bz2.sig
+++ b/strongswan-5.9.6.tar.bz2.sig
@ -1,14 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmJrATYACgkQ30LBcLNN
 unc45QwAm8gL8D9+YO96mG4eSOGqOYh6f7MHG7mGi22PEq0DnGgT7fKvrDeSVi2/
 cOJlJ27rB3FAztAFm1n7+CAjmUXajxsUnismJx4v7zNF6d999hyvYguhcRh/XeD+
 +UN0VdtNVjkzxzV+2TcNOA0hnIxVRPFO7m02eHvpr+F/Jphb6o/6oKFq9RzIjG9T
 sGvv6mucMHG+Bzs8A2PGywxcMggr6+AsIDRHzaM3CE92uI43smBNYgt31i8IsCu5
 R0vPPIRWowUqxxF+ryQU9YB5xVUTsVRZJUq5j1jjAT9yD292T9ZzAJajEERlaXTA
 H+SrVVnmI4Gl5tvgHXY980xCcKlASjJ9tfI4VJFpW5u49k2HOTcCbsrbhpXlD8m+
 pntdYP+hSch3EO/pehLEIGj8+26e2B8q122T4oFnN9I+bkYYXPZKgdbDeSTT/Lty
 WsOyWyJQdg5vnskT8ACsQJBwFF8t+DjUXC+T5y8qrwZbBuvx/PfGEK3adeLMzflT
 MOy+f+DC
 =RL/z
 -----END PGP SIGNATURE-----
--- a/strongswan-5.9.7.tar.bz2
+++ b/strongswan-5.9.7.tar.bz2
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:9e64a2ba62efeac81abff1d962522404ebc6ed6c0d352a23ab7c0b2c639e3fcf
 size 4741967
--- a/strongswan-5.9.7.tar.bz2.sig
+++ b/strongswan-5.9.7.tar.bz2.sig
@ -0,0 +1,14 @@
 -----BEGIN PGP SIGNATURE-----
 iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmLja84ACgkQ30LBcLNN
 unet6wv+JbEKKBG/6kOoQnM0FZORuYS2xIXRfbLZLJjpK3Y5LPwyb4+3yZZXoLYq
 ojNDKjSwX4cHq1znUiDNeJ9yYSbHWxw/0+fZwQqCkrs0uZSN3HOc/ndjnRnhBoxB
 elfSCqe6C+8rNxArFdAOB2nmMg7wiDRhueOKYRSZ5B6X5Nu3RxSOi5up6RR1UDmS
 z0s4+6xjq4oAoJ+GPIM+AC4UjCZR2/rSRGGeafHzp35vWTrZlY/NwkqV6XRhlKv3
 Vtix2mUBP3vcud+TqWQJPVs+yqbWtGtWQ7PHYDu82tORCPRQjhQ4tPZmMOS6d67I
 51mVNjSndRLyo8Bjdox4hbtLZTCdiFNDRM1MS9qTXvb0a/SUaWB7hE0s5QqeL0gA
 2WPcRNcEQHmtXGA9J6q9X5ooQqhT/21m/5ez5XwvYSm/deyFD6Ah06RT/vr2rG6s
 9+pbgYU84P8nLnxPtuZ9rsZmDa/7r1E2/P/6PDMqUnN+9CgU/MduJxcoGAHgLexo
 gXQz5vQn
 =D1Iy
 -----END PGP SIGNATURE-----
--- a/strongswan.changes
+++ b/strongswan.changes
@ -1,3 +1,18 @@
 -------------------------------------------------------------------
 Sat Jul 30 06:48:29 UTC 2022 - Peter Conrad <conrad@quisquis.de>
 - Update to release 5.9.7
  * The IKEv2 key derivation is now delayed until the keys are actually needed to process or send the next message.
  * Inbound IKEv2 messages, in particular requests, are now processed differently.
  * The retransmission logic in the dhcp plugin has been fixed (#1154).
  * The connmark plugin now considers configured masks in installed firewall rules (#1087).
  * Child config selection has been fixed as responder in cases where multiple children use transport mode traffic selectors (#1143).
  * The outbound SA/policy is now also removed after IKEv1 CHILD_SA rekeyings (#1041).
  * The openssl plugin supports AES and Camellia in CTR mode (112bb46).
  * The AES-XCBC/CMAC PRFs are demoted in the default proposal (after HMAC-based PRFs) since they were never widely adopted
  * The kdf plugin is now automatically enabled if any of the aesni, cmac or xcbc plugins are enabled, or if none of the plugins that directly provide HMAC-based KDFs are enabled (botan, openssl or wolfssl).
  * The CALLBACK macros (and some other issues) have been fixed when compiling with GCC 12 (#1053).
 -------------------------------------------------------------------
 Sat Apr 30 08:21:29 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
--- a/strongswan.spec
+++ b/strongswan.spec
@ -17,7 +17,7 @@
 Name:           strongswan
-Version:        5.9.6
+Version:        5.9.7
 Release:        0
 %define         upstream_version     %{version}
 %define         strongswan_docdir    %{_docdir}/%{name}
@ -566,7 +566,6 @@ fi
 %{_mandir}/man5/ipsec.secrets.5*
 %{_mandir}/man5/strongswan.conf.5*
 %dir %{_libexecdir}/ipsec
 %{_libexecdir}/ipsec/_copyright
 %{_libexecdir}/ipsec/_updown
 %if %{with test}
 %{_libexecdir}/ipsec/conftest