SHA256
1
0
forked from pool/strongswan
OBS User unknown 2008-04-25 14:46:58 +00:00 committed by Git OBS Bridge
parent 3a50c4dfde
commit ece66d5641
8 changed files with 126 additions and 15 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9d2761b780fd8b11eafce63dc44336ece6941405dae819bd03e62a5f6b2f82fb
size 2234335

View File

@ -1,9 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQCVAwUAR7TA89YbDnNAmVNZAQJS6wQAil7xDrAGwYgFOaDpv4h6tF53TnQBepLK
FhEnxtPNmk5YAwhu8t3qsHIOERzctKt8vwh0fnNZTKP3GeKWl+7f4zYOlQPKEW+S
ltsE9dfLBjNDPlToTJHKre6i+u9l+scndf8087vinzsgnqK/JXyGKQ58cAts0ytV
JbBe/WhlOiA=
=t33J
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,4 @@
addFilter('strongswan.* shlib-policy-missing-suffix')
addFilter("strongswan.* incoherent-init-script-name ipsec")
addFilter("strongswan.* devel-file-in-non-devel-package .*/usr/lib.*/ipsec/plugins")

22
strongswan-4.2.1.dif Normal file
View File

@ -0,0 +1,22 @@
--- src/charon/network/socket-raw.c
+++ src/charon/network/socket-raw.c 2008/04/23 09:46:10
@@ -16,6 +16,9 @@
*
* $Id: socket-raw.c 3589 2008-03-13 14:14:44Z martin $
*/
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
#include <pthread.h>
#include <sys/types.h>
--- src/charon/plugins/stroke/stroke_cred.c
+++ src/charon/plugins/stroke/stroke_cred.c 2008/04/23 09:05:26
@@ -19,6 +19,7 @@
#include "stroke_shared_key.h"
#include <sys/stat.h>
+#include <limits.h>
#include <credentials/certificates/x509.h>
#include <credentials/certificates/crl.h>

3
strongswan-4.2.1.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:81203cad6e365ac4c5a8203103d75b44916d8f57167e914805000c78912a508f
size 2346505

View File

@ -0,0 +1,9 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQCVAwUASAmpYdYbDnNAmVNZAQLJYQP+Oa8Eqko/tzGdhHVtasGSdGj9S5gkeRqI
69mHMB1zTqabicknP4UuZI50G0V6RgAOA18/zilkeuqRfeD9YmYaTnAX1sDFVDRC
jgYUrSWlrsqaHk+WctShLO8WN88AIXzQZXPTjQ0rAyyhVpH3PKZliLtCQE9hGN1I
p8qt8BTPwVs=
=szkI
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,44 @@
-------------------------------------------------------------------
Wed Apr 23 14:28:41 CEST 2008 - mt@suse.de
- Updated to 4.2.1 release. A lot of code refactoring in the 4.2
release provides much more modularity and therefore much more
extensiblity and offers the following new features:
* libstrongswan has been modularized to attach crypto algorithms,
credential implementations (secret and private keys, certificates)
and http/ldap fetchers dynamically through plugins.
* A relational database API that uses pluggable database providers
was added to libstrongswan including plugins for MySQL and SQLite.
* The IKEv2 keying charon daemon has become more extensible. Generic
plugins can provide arbitrary interfaces to credential stores and
connection management interfaces. Also any EAP method can be added.
* The authentication and credential framework in charon has been
heavily refactored to support modular credential providers, proper
CERTREQ/CERT payload exchanges and extensible authorization rules.
* Support for "Hash and URL" encoded certificate payloads has been
implemented in the IKEv2 daemon charon.
* The IKEv2 daemon charon now supports the "uniqueids" option to
close multiple IKE_SAs with the same peer.
* The crypto factory in libstrongswan additionally supports random
number generators. Plugins may provide other sources of randomness.
* Extended the credential framework by a caching option to allow
plugins persistent caching of fetched credentials.
* The new trust chain verification introduced in 4.2.0 has been
parallelized. Threads fetching CRL or OCSP information no longer
block other threads.
* A new IKEv2 configuration attribute framework has been introduced
allowing plugins to provide virtual IP addresses, and in the future,
other configuration attribute services (e.g. DNS/WINS servers).
* The stroke plugin has been extended to provide virtual IP addresses
from a simple pool defined in ipsec.conf.
* Fixed compilation on uClibc and a couple of other minor bugs.
* The IKEv1 pluto daemon now supports the ESP encryption algorithm
CAMELLIA with key lengths of 128, 192, and 256 bits, as well as the
authentication algorithm AES_XCBC_MAC.
- Applied a small patch defining _GNU_SOURCE for struct in6_pktinfo
and adding inclusion of limits.h for PATH_MAX availability.
- Added rpmlintrc file and a libtoolize call to the spec file.
-------------------------------------------------------------------
Tue Feb 19 11:44:03 CET 2008 - mt@suse.de

View File

@ -1,5 +1,5 @@
#
# spec file for package strongswan (Version 4.1.11)
# spec file for package strongswan (Version 4.2.1)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@ -12,9 +12,9 @@
Name: strongswan
%define upstream_version 4.1.11
%define upstream_version 4.2.1
%define strongswan_docdir %{_docdir}/%{name}
Version: 4.1.11
Version: 4.2.1
Release: 1
License: GPL v2 or later
Group: Productivity/Networking/Security
@ -29,7 +29,9 @@ AutoReqProv: on
Source0: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2
Source1: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2.sig
Source2: %{name}.init.in
Source3: %{name}-%{version}-rpmlintrc
Patch1: %{name}_modprobe_syslog.dif
Patch2: %{name}-%{upstream_version}.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: bison flex gmp-devel gperf pkg-config
%if 0%{?suse_version} >= 1030
@ -106,6 +108,7 @@ Authors:
and others
%package doc
License: GPL v2 or later
Summary: StrongSwan -- OpenSource IPsec-based VPN Solution
Group: Productivity/Networking/Security
@ -124,6 +127,7 @@ Authors:
%prep
%setup -q -n %{name}-%{upstream_version}
%patch1 -p0
%patch2 -p0
sed -e 's|@libexecdir@|%_libexecdir|g' \
< $RPM_SOURCE_DIR/strongswan.init.in \
> strongswan.init
@ -131,6 +135,7 @@ sed -e 's|@libexecdir@|%_libexecdir|g' \
%build
export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -W -Wall"
export CFLAGS="$RPM_OPT_FLAGS"
libtoolize --force
%{?suse_update_config:%{suse_update_config -f}}
autoreconf
%configure \
@ -194,6 +199,7 @@ fi
%defattr(-,root,root)
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.conf
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.secrets
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/strongswan.conf
%dir %{_sysconfdir}/ipsec.d
%dir %{_sysconfdir}/ipsec.d/crls
%dir %{_sysconfdir}/ipsec.d/reqs
@ -252,6 +258,44 @@ fi
%{_mandir}/man8/starter.8*
%changelog
* Wed Apr 23 2008 mt@suse.de
- Updated to 4.2.1 release. A lot of code refactoring in the 4.2
release provides much more modularity and therefore much more
extensiblity and offers the following new features:
* libstrongswan has been modularized to attach crypto algorithms,
credential implementations (secret and private keys, certificates)
and http/ldap fetchers dynamically through plugins.
* A relational database API that uses pluggable database providers
was added to libstrongswan including plugins for MySQL and SQLite.
* The IKEv2 keying charon daemon has become more extensible. Generic
plugins can provide arbitrary interfaces to credential stores and
connection management interfaces. Also any EAP method can be added.
* The authentication and credential framework in charon has been
heavily refactored to support modular credential providers, proper
CERTREQ/CERT payload exchanges and extensible authorization rules.
* Support for "Hash and URL" encoded certificate payloads has been
implemented in the IKEv2 daemon charon.
* The IKEv2 daemon charon now supports the "uniqueids" option to
close multiple IKE_SAs with the same peer.
* The crypto factory in libstrongswan additionally supports random
number generators. Plugins may provide other sources of randomness.
* Extended the credential framework by a caching option to allow
plugins persistent caching of fetched credentials.
* The new trust chain verification introduced in 4.2.0 has been
parallelized. Threads fetching CRL or OCSP information no longer
block other threads.
* A new IKEv2 configuration attribute framework has been introduced
allowing plugins to provide virtual IP addresses, and in the future,
other configuration attribute services (e.g. DNS/WINS servers).
* The stroke plugin has been extended to provide virtual IP addresses
from a simple pool defined in ipsec.conf.
* Fixed compilation on uClibc and a couple of other minor bugs.
* The IKEv1 pluto daemon now supports the ESP encryption algorithm
CAMELLIA with key lengths of 128, 192, and 256 bits, as well as the
authentication algorithm AES_XCBC_MAC.
- Applied a small patch defining _GNU_SOURCE for struct in6_pktinfo
and adding inclusion of limits.h for PATH_MAX availability.
- Added rpmlintrc file and a libtoolize call to the spec file.
* Tue Feb 19 2008 mt@suse.de
- Updated to 4.1.11 maintenance release, providing following fixes:
* IKE rekeying in NAT situations did not inherit the NAT conditions