diff --git a/strongswan-4.1.11.tar.bz2 b/strongswan-4.1.11.tar.bz2 deleted file mode 100644 index a351fb1..0000000 --- a/strongswan-4.1.11.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9d2761b780fd8b11eafce63dc44336ece6941405dae819bd03e62a5f6b2f82fb -size 2234335 diff --git a/strongswan-4.1.11.tar.bz2.sig b/strongswan-4.1.11.tar.bz2.sig deleted file mode 100644 index 07d8a67..0000000 --- a/strongswan-4.1.11.tar.bz2.sig +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.6 (GNU/Linux) - -iQCVAwUAR7TA89YbDnNAmVNZAQJS6wQAil7xDrAGwYgFOaDpv4h6tF53TnQBepLK -FhEnxtPNmk5YAwhu8t3qsHIOERzctKt8vwh0fnNZTKP3GeKWl+7f4zYOlQPKEW+S -ltsE9dfLBjNDPlToTJHKre6i+u9l+scndf8087vinzsgnqK/JXyGKQ58cAts0ytV -JbBe/WhlOiA= -=t33J ------END PGP SIGNATURE----- diff --git a/strongswan-4.2.1-rpmlintrc b/strongswan-4.2.1-rpmlintrc new file mode 100644 index 0000000..03587c4 --- /dev/null +++ b/strongswan-4.2.1-rpmlintrc @@ -0,0 +1,4 @@ +addFilter('strongswan.* shlib-policy-missing-suffix') +addFilter("strongswan.* incoherent-init-script-name ipsec") +addFilter("strongswan.* devel-file-in-non-devel-package .*/usr/lib.*/ipsec/plugins") + diff --git a/strongswan-4.2.1.dif b/strongswan-4.2.1.dif new file mode 100644 index 0000000..b26ac72 --- /dev/null +++ b/strongswan-4.2.1.dif @@ -0,0 +1,22 @@ +--- src/charon/network/socket-raw.c ++++ src/charon/network/socket-raw.c 2008/04/23 09:46:10 +@@ -16,6 +16,9 @@ + * + * $Id: socket-raw.c 3589 2008-03-13 14:14:44Z martin $ + */ ++#ifndef _GNU_SOURCE ++#define _GNU_SOURCE ++#endif + + #include + #include +--- src/charon/plugins/stroke/stroke_cred.c ++++ src/charon/plugins/stroke/stroke_cred.c 2008/04/23 09:05:26 +@@ -19,6 +19,7 @@ + #include "stroke_shared_key.h" + + #include ++#include + + #include + #include diff --git a/strongswan-4.2.1.tar.bz2 b/strongswan-4.2.1.tar.bz2 new file mode 100644 index 0000000..03d30fb --- /dev/null +++ b/strongswan-4.2.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:81203cad6e365ac4c5a8203103d75b44916d8f57167e914805000c78912a508f +size 2346505 diff --git a/strongswan-4.2.1.tar.bz2.sig b/strongswan-4.2.1.tar.bz2.sig new file mode 100644 index 0000000..2cb81ba --- /dev/null +++ b/strongswan-4.2.1.tar.bz2.sig @@ -0,0 +1,9 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.6 (GNU/Linux) + +iQCVAwUASAmpYdYbDnNAmVNZAQLJYQP+Oa8Eqko/tzGdhHVtasGSdGj9S5gkeRqI +69mHMB1zTqabicknP4UuZI50G0V6RgAOA18/zilkeuqRfeD9YmYaTnAX1sDFVDRC +jgYUrSWlrsqaHk+WctShLO8WN88AIXzQZXPTjQ0rAyyhVpH3PKZliLtCQE9hGN1I +p8qt8BTPwVs= +=szkI +-----END PGP SIGNATURE----- diff --git a/strongswan.changes b/strongswan.changes index 02c1f1d..c137913 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,44 @@ +------------------------------------------------------------------- +Wed Apr 23 14:28:41 CEST 2008 - mt@suse.de + +- Updated to 4.2.1 release. A lot of code refactoring in the 4.2 + release provides much more modularity and therefore much more + extensiblity and offers the following new features: + * libstrongswan has been modularized to attach crypto algorithms, + credential implementations (secret and private keys, certificates) + and http/ldap fetchers dynamically through plugins. + * A relational database API that uses pluggable database providers + was added to libstrongswan including plugins for MySQL and SQLite. + * The IKEv2 keying charon daemon has become more extensible. Generic + plugins can provide arbitrary interfaces to credential stores and + connection management interfaces. Also any EAP method can be added. + * The authentication and credential framework in charon has been + heavily refactored to support modular credential providers, proper + CERTREQ/CERT payload exchanges and extensible authorization rules. + * Support for "Hash and URL" encoded certificate payloads has been + implemented in the IKEv2 daemon charon. + * The IKEv2 daemon charon now supports the "uniqueids" option to + close multiple IKE_SAs with the same peer. + * The crypto factory in libstrongswan additionally supports random + number generators. Plugins may provide other sources of randomness. + * Extended the credential framework by a caching option to allow + plugins persistent caching of fetched credentials. + * The new trust chain verification introduced in 4.2.0 has been + parallelized. Threads fetching CRL or OCSP information no longer + block other threads. + * A new IKEv2 configuration attribute framework has been introduced + allowing plugins to provide virtual IP addresses, and in the future, + other configuration attribute services (e.g. DNS/WINS servers). + * The stroke plugin has been extended to provide virtual IP addresses + from a simple pool defined in ipsec.conf. + * Fixed compilation on uClibc and a couple of other minor bugs. + * The IKEv1 pluto daemon now supports the ESP encryption algorithm + CAMELLIA with key lengths of 128, 192, and 256 bits, as well as the + authentication algorithm AES_XCBC_MAC. +- Applied a small patch defining _GNU_SOURCE for struct in6_pktinfo + and adding inclusion of limits.h for PATH_MAX availability. +- Added rpmlintrc file and a libtoolize call to the spec file. + ------------------------------------------------------------------- Tue Feb 19 11:44:03 CET 2008 - mt@suse.de diff --git a/strongswan.spec b/strongswan.spec index 9bc91d2..7e8662b 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -1,5 +1,5 @@ # -# spec file for package strongswan (Version 4.1.11) +# spec file for package strongswan (Version 4.2.1) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -12,9 +12,9 @@ Name: strongswan -%define upstream_version 4.1.11 +%define upstream_version 4.2.1 %define strongswan_docdir %{_docdir}/%{name} -Version: 4.1.11 +Version: 4.2.1 Release: 1 License: GPL v2 or later Group: Productivity/Networking/Security @@ -29,7 +29,9 @@ AutoReqProv: on Source0: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2 Source1: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2.sig Source2: %{name}.init.in +Source3: %{name}-%{version}-rpmlintrc Patch1: %{name}_modprobe_syslog.dif +Patch2: %{name}-%{upstream_version}.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison flex gmp-devel gperf pkg-config %if 0%{?suse_version} >= 1030 @@ -106,6 +108,7 @@ Authors: and others %package doc +License: GPL v2 or later Summary: StrongSwan -- OpenSource IPsec-based VPN Solution Group: Productivity/Networking/Security @@ -124,6 +127,7 @@ Authors: %prep %setup -q -n %{name}-%{upstream_version} %patch1 -p0 +%patch2 -p0 sed -e 's|@libexecdir@|%_libexecdir|g' \ < $RPM_SOURCE_DIR/strongswan.init.in \ > strongswan.init @@ -131,6 +135,7 @@ sed -e 's|@libexecdir@|%_libexecdir|g' \ %build export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -W -Wall" export CFLAGS="$RPM_OPT_FLAGS" +libtoolize --force %{?suse_update_config:%{suse_update_config -f}} autoreconf %configure \ @@ -194,6 +199,7 @@ fi %defattr(-,root,root) %config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.conf %config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.secrets +%config(noreplace) %attr(600,root,root) %{_sysconfdir}/strongswan.conf %dir %{_sysconfdir}/ipsec.d %dir %{_sysconfdir}/ipsec.d/crls %dir %{_sysconfdir}/ipsec.d/reqs @@ -252,6 +258,44 @@ fi %{_mandir}/man8/starter.8* %changelog +* Wed Apr 23 2008 mt@suse.de +- Updated to 4.2.1 release. A lot of code refactoring in the 4.2 + release provides much more modularity and therefore much more + extensiblity and offers the following new features: + * libstrongswan has been modularized to attach crypto algorithms, + credential implementations (secret and private keys, certificates) + and http/ldap fetchers dynamically through plugins. + * A relational database API that uses pluggable database providers + was added to libstrongswan including plugins for MySQL and SQLite. + * The IKEv2 keying charon daemon has become more extensible. Generic + plugins can provide arbitrary interfaces to credential stores and + connection management interfaces. Also any EAP method can be added. + * The authentication and credential framework in charon has been + heavily refactored to support modular credential providers, proper + CERTREQ/CERT payload exchanges and extensible authorization rules. + * Support for "Hash and URL" encoded certificate payloads has been + implemented in the IKEv2 daemon charon. + * The IKEv2 daemon charon now supports the "uniqueids" option to + close multiple IKE_SAs with the same peer. + * The crypto factory in libstrongswan additionally supports random + number generators. Plugins may provide other sources of randomness. + * Extended the credential framework by a caching option to allow + plugins persistent caching of fetched credentials. + * The new trust chain verification introduced in 4.2.0 has been + parallelized. Threads fetching CRL or OCSP information no longer + block other threads. + * A new IKEv2 configuration attribute framework has been introduced + allowing plugins to provide virtual IP addresses, and in the future, + other configuration attribute services (e.g. DNS/WINS servers). + * The stroke plugin has been extended to provide virtual IP addresses + from a simple pool defined in ipsec.conf. + * Fixed compilation on uClibc and a couple of other minor bugs. + * The IKEv1 pluto daemon now supports the ESP encryption algorithm + CAMELLIA with key lengths of 128, 192, and 256 bits, as well as the + authentication algorithm AES_XCBC_MAC. +- Applied a small patch defining _GNU_SOURCE for struct in6_pktinfo + and adding inclusion of limits.h for PATH_MAX availability. +- Added rpmlintrc file and a libtoolize call to the spec file. * Tue Feb 19 2008 mt@suse.de - Updated to 4.1.11 maintenance release, providing following fixes: * IKE rekeying in NAT situations did not inherit the NAT conditions