From f19225222f1cc379172bc80f7612652e5875f216fa6ee2eb50e9c47733349573 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Mon, 20 Nov 2023 13:44:45 +0000
Subject: [PATCH] - Update to release 5.9.12

OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=155
---
 strongswan-5.9.11.tar.bz2     |  3 ---
 strongswan-5.9.11.tar.bz2.sig | 14 --------------
 strongswan-5.9.12.tar.bz2     |  3 +++
 strongswan-5.9.12.tar.bz2.sig | 14 ++++++++++++++
 strongswan.changes            | 24 ++++++++++++++++++++++++
 strongswan.spec               |  2 +-
 6 files changed, 42 insertions(+), 18 deletions(-)
 delete mode 100644 strongswan-5.9.11.tar.bz2
 delete mode 100644 strongswan-5.9.11.tar.bz2.sig
 create mode 100644 strongswan-5.9.12.tar.bz2
 create mode 100644 strongswan-5.9.12.tar.bz2.sig

diff --git a/strongswan-5.9.11.tar.bz2 b/strongswan-5.9.11.tar.bz2
deleted file mode 100644
index 21e9c61..0000000
--- a/strongswan-5.9.11.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ddf53f1f26ad26979d5f55e8da95bd389552f5de3682e35593f9a70b2584ed2d
-size 4786552
diff --git a/strongswan-5.9.11.tar.bz2.sig b/strongswan-5.9.11.tar.bz2.sig
deleted file mode 100644
index 1b8068b..0000000
--- a/strongswan-5.9.11.tar.bz2.sig
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmSGsnAACgkQ30LBcLNN
-unfqXQv/Rfi3bcaIaULwNXnBgW2mWrsUFFUzQN/PB9fdPK/u0JUBWufUV/1/LUc9
-yA1S3ESubQMOYkPmSrQRfXwkrdGTQ3DwApuFL/42Q/TOk8jpTVaPM28Gs6D+77YC
-QjB3JYcR2VxvgsEFZatqFgUaGyety1dB1P364EPnzzb7L0+7HBWT0IVkdpvPT/zX
-5tQ6M4czD2cqv1fi8+Tjaq3mpw0PdyZSIoLuD7kL6AeWcrtzhfhr1vXQKwo0K5wh
-5uuUbxPZIrmxLGk1vkoMuEKZ7XVvs3ulFFK9EvJXWM9USce0Br0irGEdO2sDAxWA
-20jFzsW2wL5mkVLvLfQQrNC1qwsYKq3s3PInZEoUICE4zNC6zWS8tTtaq5Ul8X1J
-AFhcrdy6cVs87LDyvEWiMcSwLpYk1egWwmF9acuMUE6bYSNUnYMkYwS7CjWQUXix
-JMf3b60Ztm+r8RfitpWHp+N1pAGZCNJ3ZXTV0/4d65HB4GA1dWZuubRvUXbV7Ayb
-oYKPlR2G
-=+d5Q
------END PGP SIGNATURE-----
diff --git a/strongswan-5.9.12.tar.bz2 b/strongswan-5.9.12.tar.bz2
new file mode 100644
index 0000000..0fe1126
--- /dev/null
+++ b/strongswan-5.9.12.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5e6018b07cbe9f72c044c129955a13be3e2f799ceb53f53a4459da6a922b95e5
+size 4825696
diff --git a/strongswan-5.9.12.tar.bz2.sig b/strongswan-5.9.12.tar.bz2.sig
new file mode 100644
index 0000000..6ccc6e7
--- /dev/null
+++ b/strongswan-5.9.12.tar.bz2.sig
@@ -0,0 +1,14 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmVbP3kACgkQ30LBcLNN
+uneAygwAomUeLeEAbCSAkr+hVxxV2n8YBhGIoGYC8Ii/vpfD2ZC72gZF13QlUQcR
+CizUT7XtvNBqQTTae0aoUlF6avmgqktHnJeLXVk8XATrkqVwW57EtfbBDEmVz1U9
+r1RNVvQWE15buvlT3yYoTu94dzm1jfNpGhB+v1bom9d+0JM+RGhxyl6nTpXgcNvQ
+39P7rMQ5KbpdModLXZqBSZsKOX41a6oMWXQE+akfrUakhe/0N9FabpUb76U+R3Hz
+Xx2TStOQDV/6QaAtLaaAOvIIjLsc1lHPxcO5Yf2iMbGBEOzldtrA5rPiLWLSwEG8
+chHhweSoD0qAKjRKYfx5umLYzOlsew42fwjFTQye8BXLdYqELdvD6MyCWn51YKO4
+ALhWFWxvBzL9FMQfPyVo+SWoS5IN9pKc4dqCgTMetorn7dZZGRykI8VAfnn5WxwB
+CTzAitDVNI6T3dfqiadBrqDNe0wnatlOg2fJ+N3wU1IqoEtfHZ4yoxm/P88AaTBX
+ImhWse8k
+=6zu/
+-----END PGP SIGNATURE-----
diff --git a/strongswan.changes b/strongswan.changes
index cb3057b..e2ec3c1 100644
--- a/strongswan.changes
+++ b/strongswan.changes
@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Mon Nov 20 13:32:59 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 5.9.12
+  * Fixed a buffer overflow in charon-tkm [CVEV-2023-41913]
+  * Support for ``nameConstraints`` of type ``iPAddress`` are now
+    supported by the "x509", "openssl" and "constraints" plugins
+  * Support for encoding subjectAlternativeName extensions of type
+    uniformResourceIdentifier in X.509 certificates has been added.
+  * Make the NetworkManager plugin (charon-nm) actually use the
+    XFRM interface it creates since 5.9.10. This involves setting
+    interface IDs on SAs and policies, and installing routes via
+    the interface. To avoid routing loops if the remote traffic
+    selectors include the VPN server, IKE and ESP packets are
+    marked to bypass the routing table that contains the routes via
+    XFRM interface.
+  * The kernel-libipsec plugin now always installs routes to remote
+    networks even if no address is found in the local traffic
+    selectors, which allows forwarding traffic from networks the
+    VPN host is not part of.
+  * Fixed issues while reestablishing multiple CHILD_SAs (e.g.
+    after a DPD timeout) that could cause a reqid to get assigned
+    to multiple CHILD_SAs with unrelated traffic selectors.
+
 -------------------------------------------------------------------
 Thu Jun 22 13:24:08 UTC 2023 - Mohd Saquib <mohd.saquib@suse.com>
 
diff --git a/strongswan.spec b/strongswan.spec
index 85cfcef..8894f62 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -17,7 +17,7 @@
 
 
 Name:           strongswan
-Version:        5.9.11
+Version:        5.9.12
 Release:        0
 %define         upstream_version     %{version}
 %define         strongswan_docdir    %{_docdir}/%{name}