SHA256
1
0
forked from pool/strongswan

76 Commits

Author SHA256 Message Date
802d0e048c Accepting request 1230634 from network:vpn
- /usr/sbin/ipsec is deprecated since 5.2.0 and will be removed
  in the future.
- Update to release 6.0.0

OBS-URL: https://build.opensuse.org/request/show/1230634
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=98
2024-12-13 21:32:58 +00:00
OBS User unknown
c46ce1c107 [info=46bea0264513c39e6ae4994587410457fe0ffb8fe1ccbd431d7a7fd338768f89]
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=170
2024-12-12 11:34:16 +00:00
OBS User unknown
c84335ac47 [info=b5f8ae4845d00301e89e2a40f6c81bebfa4e2b7b8a99130d3c88883de90aca08]
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=169
2024-12-04 01:21:18 +00:00
OBS User unknown
aa0b45e732 [info=abdc3edde3ca7173e4de70715f39c695bb0e08687724782c783ece5161de4ad1]
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=168
2024-12-04 01:17:28 +00:00
3bf0600596 Accepting request 1226518 from network:vpn
- rename -hmac subpackage to -fips because it isn't providing
  the hmac files, it provides the configuration drop in to
  enforce fips mode.

OBS-URL: https://build.opensuse.org/request/show/1226518
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=97
2024-11-27 21:05:20 +00:00
OBS User unknown
ef46e72ebe [info=da8f2965e2b2460d9eb4f7b25c3be52f7b60a42ab5b9bab48c984206a964d52e]
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=167
2024-11-26 12:59:57 +00:00
8c0cb384be [info=47ab1ca7708f6b09cc99afa33d7ec92c5e02aff2338545eedb72b0511ac25478]
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=166
2024-11-26 12:58:42 +00:00
cf0313df27 - rename -hmac subpackage to -fips because it isn't providing
the hmac files, it provides the configuration drop in to
  enforce fips mode.

- Removes deprecated SysV support
- Added prf-plus-modularization.patch that outsources the IKE
- move file %{_datadir}/dbus-1/system.d/nm-strongswan-service.conf
  to strongswan-nm subpackage, as it is needed for the
  NetworkManager plugin that uses strongswan-nm, not
- Removed unused requires and macro calls(bsc#1083261)
    improved oracle are not compatible with the earlier
    (wasn't the case since 5.0.0) and packets that have the flag
    also checked against IKEv2 signature schemes. If such
    constraints are used for certificate chain validation in
    transport mode connections coming over the same NAT device for
    Windows 7 IKEv2 clients, which announces its services over the
  * For the vici plugin a Python Egg has been added to allow
    Python applications to control or monitor the IKE daemon using
  * EAP server methods now can fulfill public key constraints,
- Fix build in factory
- Fix systemd unit dir
  from glibc
    IDr payload anymore.
  * Consistent logging of IKE and CHILD SAs at the audit (AUD) level.
  caused an INVALID_SYNTAX error on PowerPC platforms.
- Initial, unfinished package

OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=165
2024-11-26 12:56:29 +00:00
3e9069345b Accepting request 1181997 from network:vpn
- Update description of ipsec package: no longer mention
  /etc/init.d, which is not there for a long time anymore.
- Drop legacy rc* -> sbin/service symlink. This was compatibilty
  boilerplate to transparently move between SySV and systemd
  [jsc#PED-264]. (forwarded request 1181914 from dimstar)

OBS-URL: https://build.opensuse.org/request/show/1181997
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=96
2024-06-21 14:02:56 +00:00
6f280319a6 Accepting request 1160698 from network:vpn
- Update to release 5.9.14

OBS-URL: https://build.opensuse.org/request/show/1160698
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=95
2024-03-26 18:24:36 +00:00
254c06c48b Accepting request 1151765 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/1151765
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=94
2024-02-27 21:45:09 +00:00
5f45b7ef11 Accepting request 1132112 from network:vpn
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1132112
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=93
2023-12-09 21:49:13 +00:00
caa40408d4 Accepting request 1129146 from network:vpn
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1129146
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=92
2023-11-27 21:42:05 +00:00
e08e5b1209 Accepting request 1094810 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/1094810
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=91
2023-06-24 18:13:38 +00:00
9c6e69afad Accepting request 1092643 from network:vpn
- Remove pre-SLE15 build logic
- Update to release 5.9.11

OBS-URL: https://build.opensuse.org/request/show/1092643
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=90
2023-06-14 14:28:35 +00:00
657b2da015 Accepting request 1077378 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/1077378
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=89
2023-04-07 16:16:14 +00:00
89db574bcf Accepting request 1068724 from network:vpn
- Update to release 5.9.10

OBS-URL: https://build.opensuse.org/request/show/1068724
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=88
2023-03-03 21:24:35 +00:00
0da0fea063 Accepting request 1046554 from network:vpn
- Update to release 5.9.9

OBS-URL: https://build.opensuse.org/request/show/1046554
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=87
2023-01-04 17:10:26 +00:00
02464c0051 Accepting request 1009635 from network:vpn
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1009635
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=86
2022-10-12 16:22:45 +00:00
4e2b66f537 Accepting request 991802 from network:vpn
- Update to release 5.9.7

OBS-URL: https://build.opensuse.org/request/show/991802
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=85
2022-08-02 20:08:35 +00:00
f3e86a936a Accepting request 975521 from network:vpn
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/975521
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=84
2022-05-08 19:52:07 +00:00
2455babbdb Accepting request 963708 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/963708
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=83
2022-03-23 19:15:41 +00:00
7ab7c7ff71 Accepting request 960587 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/960587
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=82
2022-03-11 20:41:06 +00:00
de536ef929 Accepting request 950403 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/950403
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=81
2022-02-03 23:45:45 +00:00
3e374b588f Accepting request 949260 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/949260
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=80
2022-01-26 20:26:51 +00:00
ff45f5ef5d Accepting request 934253 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/934253
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=79
2021-12-01 19:46:40 +00:00
86d1597046 Accepting request 933164 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/933164
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=78
2021-11-26 23:50:27 +00:00
722030227c Accepting request 921963 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/921963
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=77
2021-09-29 18:18:12 +00:00
0a0c8efb6c Accepting request 834251 from network:vpn
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/834251
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=76
2020-09-23 16:36:53 +00:00
2e1fd31c95 Accepting request 831324 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/831324
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=75
2020-09-05 21:57:31 +00:00
b280c57b1d Accepting request 800175 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/800175
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=74
2020-05-07 13:05:48 +00:00
e87376d36d Accepting request 790269 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/790269
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=73
2020-04-02 15:42:30 +00:00
e110a9611f Accepting request 775000 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/775000
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=72
2020-02-22 17:59:49 +00:00
12fdfc6265 Accepting request 769616 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/769616
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=71
2020-02-06 12:18:28 +00:00
f840ebb27d Accepting request 767305 from network:vpn
- Update to version 5.8.2:
  * Fix CVE-2018-17540, CVE-2018-16151 and CVE-2018-16152.
  * boo#1109845 and boo#1107874.

OBS-URL: https://build.opensuse.org/request/show/767305
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=70
2020-01-29 12:10:50 +00:00
a348ee0611 Accepting request 624096 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/624096
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=69
2018-07-21 08:25:06 +00:00
d48e33c256 Accepting request 613646 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/613646
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=68
2018-06-08 21:13:27 +00:00
ea65466835 Accepting request 590079 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/590079
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=67
2018-03-24 15:15:16 +00:00
adcc79ae6b Accepting request 573411 from network:vpn
- Update summaries and descriptions. Trim filler words and
  author list.
- Drop %if..%endif guards that are idempotent and do not affect
  the build result.
- Replace old $RPM_ shell variables. (forwarded request 534431 from jengelh)

OBS-URL: https://build.opensuse.org/request/show/573411
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=66
2018-02-07 17:41:10 +00:00
a848a3d65d Accepting request 521289 from network:vpn
1

OBS-URL: https://build.opensuse.org/request/show/521289
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=65
2017-09-07 20:15:13 +00:00
ce390f0920 Accepting request 514549 from network:vpn
1

OBS-URL: https://build.opensuse.org/request/show/514549
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=64
2017-08-24 16:45:53 +00:00
253288c928 Accepting request 442527 from network:vpn
1

OBS-URL: https://build.opensuse.org/request/show/442527
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=63
2016-11-29 11:50:28 +00:00
f3a0b7cca7 Accepting request 344762 from network:vpn
- Applied upstream fix for a authentication bypass vulnerability
  in the eap-mschapv2 plugin (CVE-2015-8023,bsc#953817).
  [+ 0007-strongswan-4.4.0-5.3.3_eap_mschapv2_state.patch]

OBS-URL: https://build.opensuse.org/request/show/344762
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=62
2015-11-17 13:23:11 +00:00
ba2bed6a95 Accepting request 311158 from network:vpn
- Applied upstream fix for a rogue servers vulnerability, that may
  enable rogue servers able to authenticate itself with certificate
  issued by any CA the client trusts, to gain user credentials from
  a client in certain IKEv2 setups (bsc#933591,CVE-2015-4171).
  [+ 0006-strongswan-5.1.0-5.3.1_enforce_remote_auth.patch]
- Fix to apply unknown_payload patch if fips is disabled (<= 13.1)
  and renamed it to use number prefix corresponding with patch nr.
  [- strongswan-5.2.2-5.3.0_unknown_payload.patch,
   + 0005-strongswan-5.2.2-5.3.0_unknown_payload.patch]

OBS-URL: https://build.opensuse.org/request/show/311158
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=61
2015-06-09 06:49:35 +00:00
a596ccdfc9 Accepting request 309675 from network:vpn
- Applied upstream fix for a DoS and potential remote code execution
  vulnerability through payload type (bsc#931272,CVE-2015-3991)
  [+ strongswan-5.2.2-5.3.0_unknown_payload.patch]

OBS-URL: https://build.opensuse.org/request/show/309675
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=60
2015-06-02 08:12:05 +00:00
d688e99dd5 Accepting request 287701 from network:vpn
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/287701
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=59
2015-02-27 09:59:38 +00:00
1902611f9f Accepting request 262968 from network:vpn
- Updated strongswan-hmac package description (bsc#856322).

- Disabled explicit gpg validation; osc source_validator does it.
- Guarded fipscheck and hmac package in the spec file for >13.1.

- Added generation of fips hmac hash files using fipshmac utility
  and a _fipscheck script to verify binaries/libraries/plugings
  shipped in the strongswan-hmac package.
  With enabled fips in the kernel, the ipsec script will call it
  before any action or in a enforced/manual "ipsec _fipscheck" call.
  Added config file to load openssl and kernel af-alg plugins, but
  not all the other modules which provide further/alternative algs.
  Applied a filter disallowing non-approved algorithms in fips mode.
  (fate#316931,bnc#856322).
  [+ strongswan_fipscheck.patch, strongswan_fipsfilter.patch]
- Fixed file list in the optional (disabled) strongswan-test package.
- Fixed build of the strongswan built-in integrity checksum library
  and enabled building it only on architectures tested to work.
- Fix to use bug number 897048 instead 856322 in last changes entry.
- Applied an upstream patch reverting to store algorithms in the
  registration order again as ordering them by identifier caused
  weaker algorithms to be proposed first by default (bsc#897512).
  [+0001-restore-registration-algorithm-order.bug897512.patch]

- Re-enabled gcrypt plugin and reverted to not enforce fips again
  as this breaks gcrypt and openssl plugins when the fips pattern
  option is not installed (fate#316931,bnc#856322).
  [- strongswan-fips-disablegcrypt.patch]
- Added empty strongswan-hmac package supposed to provide fips hmac
  files and enforce fips compliant operation later (bnc#856322).

OBS-URL: https://build.opensuse.org/request/show/262968
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=58
2014-11-26 09:33:53 +00:00
Stephan Kulow
8b662f08a7 Accepting request 241746 from network:vpn
- disable gcrypt plugin by default, so it will only use openssl
  fate#316931 [+strongswan-fips-disablegcrypt.patch]
- enable fips mode 2

OBS-URL: https://build.opensuse.org/request/show/241746
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=56
2014-07-21 19:40:28 +00:00
Stephan Kulow
971dcd097b Accepting request 238850 from network:vpn
1

OBS-URL: https://build.opensuse.org/request/show/238850
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=55
2014-06-30 19:45:22 +00:00
Tomáš Chvátal
088068a3b3 Accepting request 230123 from network:vpn
- Updated to strongSwan 5.1.3 providing the following changes:
  - Fixed an authentication bypass vulnerability triggered by rekeying
    an unestablished IKEv2 SA while it gets actively initiated. This
    allowed an attacker to trick a peer's IKE_SA state to established,
    without the need to provide any valid authentication credentials.
    (CVE-2014-2338, bnc#870572).
  - The acert plugin evaluates X.509 Attribute Certificates. Group
    membership information encoded as strings can be used to fulfill
    authorization checks defined with the rightgroups option.
    Attribute Certificates can be loaded locally or get exchanged in
    IKEv2 certificate payloads.
  - The pki command gained support to generate X.509 Attribute
    Certificates using the --acert subcommand, while the --print
    command supports the ac type. The openac utility has been removed
    in favor of the new pki functionality.
  - The libtls TLS 1.2 implementation as used by EAP-(T)TLS and other
    protocols has been extended by AEAD mode support, currently limited
    to AES-GCM.
  - Fixed an issue where CRL/OCSP trustchain validation broke enforcing
    CA constraints
  - Limited OCSP signing to specific certificates to improve performance
  - authKeyIdentifier is not added to self-signed certificates anymore
  - Fixed the comparison of IKE configs if only the cipher suites were
    different

- Updated to strongSwan 5.1.2 providing the following changes:
  - A new default configuration file layout is introduced. The new
    default strongswan.conf file mainly includes config snippets from
    the strongswan.d and strongswan.d/charon directories (the latter
    containing snippets for all plugins). The snippets, with commented
    defaults, are automatically generated and installed, if they don't
    exist yet. Also installed in $prefix/share/strongswan/templates so
    existing files can be compared to the current defaults.

OBS-URL: https://build.opensuse.org/request/show/230123
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=54
2014-04-17 12:09:47 +00:00
Tomáš Chvátal
d911ed5612 Accepting request 205541 from network:vpn
- Updated to strongSwan 5.1.1 minor release addressing two security
  fixes (bnc#847506,CVE-2013-6075, bnc#847509,CVE-2013-6076):
  - Fixed a denial-of-service vulnerability and potential authorization
    bypass triggered by a crafted ID_DER_ASN1_DN ID payload. The cause
    is an insufficient length check when comparing such identities. The
    vulnerability has been registered as CVE-2013-6075.
  - Fixed a denial-of-service vulnerability triggered by a crafted IKEv1
    fragmentation payload. The cause is a NULL pointer dereference. The
    vulnerability has been registered as CVE-2013-6076.
  - The lean stand-alone pt-tls-client can set up a RFC 6876 PT-TLS
    session with a strongSwan policy enforcement point which uses the
    tnc-pdp charon plugin.
  - The new TCG TNC SWID IMC/IMV pair supports targeted SWID requests
    for either full SWID Tag or concise SWID Tag ID inventories.
  - The XAuth backend in eap-radius now supports multiple XAuth
    exchanges for different credential types and display messages.
    All user input gets concatenated and verified with a single
    User-Password RADIUS attribute on the AAA. With an AAA supporting
    it, one for example can implement Password+Token authentication with
    proper dialogs on iOS and OS X clients.  - charon supports IKEv1 Mode
    Config exchange in push mode. The ipsec.conf modeconfig=push option
    enables it for both client and server, the same way as pluto used it.
  - Using the "ah" ipsec.conf keyword on both IKEv1 and IKEv2
    connections, charon can negotiate and install Security Associations
    integrity-protected by the Authentication Header protocol. Supported
    are plain AH(+IPComp) SAs only, but not the deprecated RFC2401 style
    ESP+AH bundles.
  [...]
- Adjusted file lists: this version installs the pki utility and manuals
  in common /usr directories and additional ipsec/pt-tls-client helper.

OBS-URL: https://build.opensuse.org/request/show/205541
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=53
2013-11-01 16:44:20 +00:00
Stephan Kulow
fadf7e8199 Accepting request 185964 from network:vpn
- Updated to strongSwan 5.1.0 release (bnc#833278, CVE-2013-5018)

OBS-URL: https://build.opensuse.org/request/show/185964
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=51
2013-08-05 18:55:10 +00:00
Stephan Kulow
bc8951c481 Accepting request 173989 from network:vpn
- Updated to strongSwan 5.0.4 release (bnc#815236, CVE-2013-2944):
  - Fixed a security vulnerability in the openssl plugin which was
    reported by Kevin Wojtysiak.  The vulnerability has been registered
    as CVE-2013-2944. Before the fix, if the openssl plugin's ECDSA
    signature verification was used, due to a misinterpretation of the
    error code returned by the OpenSSL ECDSA_verify() function, an empty
    or zeroed signature was accepted as a legitimate one. Refer to our
    blog for details.
  - The handling of a couple of other non-security relevant OpenSSL
    return codes was fixed as well.
  - The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses
    via its TCG TNC IF-MAP 2.1 interface.
  - The charon.initiator_only strongswan.conf option causes charon to
    ignore IKE initiation requests.
  - The openssl plugin can now use the openssl-fips library.
  The version 5.0.3 provides new ipseckey plugin, enabling authentication
  based on trustworthy public keys stored as IPSECKEY resource records in
  the DNS and protected by DNSSEC and new openssl plugin using the AES-NI
  accelerated version of AES-GCM if the hardware supports it.
  See http://wiki.strongswan.org/projects/strongswan/wiki/Changelog50
  for a list of all changes since the 5.0.1 release.

OBS-URL: https://build.opensuse.org/request/show/173989
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=50
2013-05-02 10:01:35 +00:00
Stephan Kulow
9d5f906e6f Accepting request 144037 from network:vpn
Verify GPG signature: Perform build-time offline GPG verification.
Please verify that included keyring matches your needs.
For manipulation with the offline keyring, please use gpg-offline tool from openSUSE:Factory, devel-tools-building or Base:System.
See the man page and/or /usr/share/doc/packages/gpg-offline/PACKAGING.HOWTO.

If you need to build your package for older products and don't want to mess spec file with ifs, please follow PACKAGING.HOWTO:
you can link or aggregate gpg-offline from
devel:tools:building or use following trick with "osc meta prjconf":

--- Cut here ----
%if 0%{?suse_version} &lt;= 1220
Substitute: gpg-offline
%endif

Macros:
%gpg_verify(dnf) \
%if 0%{?suse_version} &gt; 1220\
echo "WARNING: Using %%gpg_verify macro from prjconf, not from gpg-offline package."\
gpg-offline --directory="%{-d:%{-d*}}%{!-d:%{_sourcedir}}" --package="%{-n:%{-n*}}%{!-n:%{name}}""%{-f: %{-f*}}" --verify %{**}\
%else\
echo "WARNING: Dummy prjconf macro. gpg-offline is not available, skipping %{**} GPG signature verification!"\
%endif\
%nil
----------------- (forwarded request 143934 from sbrabec)

OBS-URL: https://build.opensuse.org/request/show/144037
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=48
2012-12-14 10:18:07 +00:00
Ismail Dönmez
c700515e8f Accepting request 141625 from network:vpn
- Fix systemd unit dir (forwarded request 141529 from elvigia)

OBS-URL: https://build.opensuse.org/request/show/141625
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=47
2012-11-18 19:27:10 +00:00
Ismail Dönmez
4b7aea4880 Accepting request 139871 from network:vpn
- Updated to strongSwan 5.0.1 release. Changes digest:
  - Introduced the sending of the standard IETF Assessment Result
    PA-TNC attribute by all strongSwan Integrity Measurement Verifiers.
  - Extended PTS Attestation IMC/IMV pair to provide full evidence of
    the Linux IMA measurement process. All pertinent file information
    of a Linux OS can be collected and stored in an SQL database.
  - The PA-TNC and PB-TNC protocols can now process huge data payloads.
  - The xauth-pam backend can authenticate IKEv1 XAuth and Hybrid
    authenticated clients against any PAM service.
  - The new unity plugin brings support for some parts of the IKEv1
    Cisco Unity Extensions.
  - The kernel-netlink plugin supports the new strongswan.conf option
    charon.install_virtual_ip_on.
  - Job handling in controller_t was fixed, which occasionally caused
    crashes on ipsec up/down.
  - Fixed transmission EAP-MSCHAPv2 user name if it contains a domain
    part.
  Changes digest from strongSwan 5.0.0 version:
  * The charon IKE daemon gained experimental support for the IKEv1
    protocol. Pluto has been removed from the 5.x series.
  * The NetworkManager charon plugin of previous releases is now
    provided by a separate executable (charon-nm) and it should work
    again with NM 0.9.
  * scepclient was updated and it now works fine with Windows Server
    2008 R2.
- Adopted spec file, enabled several plugins, e.g.: ccm, certexpire,
  coupling, ctr, duplicheck, eap-dynamic, eap-peap, eap-tls, eap-tnc,
  eap-ttls, gcm, nonce, radattr, tnc, tnccs, unity, xauth-eap and pam.
- Changed to install strongswan.service with alias to ipsec.service
  instead of the /etc/init.d/ipsec init script on openSUSE > 12.2.

OBS-URL: https://build.opensuse.org/request/show/139871
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=46
2012-11-08 20:54:04 +00:00
Stephan Kulow
b5cb816081 Accepting request 133236 from network:vpn
charon keying daemon start failure with openssl (bnc#779038)

OBS-URL: https://build.opensuse.org/request/show/133236
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=45
2012-09-11 07:20:14 +00:00
Stephan Kulow
4e96746b5a Accepting request 123120 from network:vpn
update to 4.6.4 / bnc#761325, CVE-2012-2388

OBS-URL: https://build.opensuse.org/request/show/123120
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=43
2012-06-01 05:24:16 +00:00
Stephan Kulow
e257efc664 Accepting request 120579 from network:vpn
update to strongswan-4.6.3

OBS-URL: https://build.opensuse.org/request/show/120579
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=42
2012-05-10 12:34:18 +00:00
Stephan Kulow
b116493b71 Accepting request 109123 from network:vpn
update to 4.6.2 (fwd of rq 107821)

OBS-URL: https://build.opensuse.org/request/show/109123
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=41
2012-03-16 12:26:15 +00:00
Stephan Kulow
09b27a0e41 Accepting request 105223 from network:vpn
update to 4.6.1, fixed glib.h build error

OBS-URL: https://build.opensuse.org/request/show/105223
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=40
2012-02-16 14:01:43 +00:00
Stephan Kulow
093e0e2909 Accepting request 97889 from network:vpn
- remove call to suse_update_config (very old work around) (forwarded request 97737 from coolo)

OBS-URL: https://build.opensuse.org/request/show/97889
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=39
2011-12-25 16:41:51 +00:00
Stephan Kulow
55e2264cda replace license with spdx.org variant
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=38
2011-12-06 18:06:11 +00:00
Sascha Peilicke
a091d377ed Autobuild autoformatter for 81895
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=36
2011-09-13 10:32:34 +00:00
Sascha Peilicke
c6ddc9b375 Accepting request 81895 from network:vpn
- remove _service file, too fragile

- Fixed version in last changelog entry

- Updated to strongSwan 4.5.3 release, changes overview since 4.5.2:

OBS-URL: https://build.opensuse.org/request/show/81895
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=35
2011-09-13 10:32:26 +00:00
Sascha Peilicke
8ea9e026ed Autobuild autoformatter for 81608
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=34
2011-09-09 10:27:07 +00:00
Sascha Peilicke
eac1b9e99a Accepting request 81608 from network:vpn
update to 4.5.3

OBS-URL: https://build.opensuse.org/request/show/81608
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=33
2011-09-09 10:26:54 +00:00
Sascha Peilicke
638d97ce57 Autobuild autoformatter for 74669
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=32
2011-06-28 09:25:23 +00:00
Sascha Peilicke
c9fcbafb1b Accepting request 74669 from network:vpn
update to current version

OBS-URL: https://build.opensuse.org/request/show/74669
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=31
2011-06-28 09:25:10 +00:00
Ruediger Oertel
7768750d0e Autobuild autoformatter for 53641
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=29
2010-11-22 11:59:45 +00:00
Ruediger Oertel
d8b764533d Accepting request 53641 from network:vpn
Accepted submit request 53641 from user mtomaschewski

OBS-URL: https://build.opensuse.org/request/show/53641
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=28
2010-11-22 11:59:34 +00:00
OBS User autobuild
421d2fceda Autobuild autoformatter for 53144
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=27
2010-11-18 15:56:31 +00:00
Ruediger Oertel
57e81b384b Accepting request 53144 from network:vpn
Accepted submit request 53144 from user mtomaschewski

OBS-URL: https://build.opensuse.org/request/show/53144
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=26
2010-11-18 15:56:26 +00:00
OBS User autobuild
a20c4c2cac Accepting request 45248 from network:vpn
Copy from network:vpn/strongswan based on submit request 45248 from user mtomaschewski

OBS-URL: https://build.opensuse.org/request/show/45248
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=25
2010-08-13 00:40:58 +00:00
OBS User autobuild
8ec0a8d6be Accepting request 42417 from network:vpn
Copy from network:vpn/strongswan based on submit request 42417 from user mtomaschewski

OBS-URL: https://build.opensuse.org/request/show/42417
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=22
2010-07-02 14:47:18 +00:00
OBS User autobuild
89ab8cfa03 Accepting request 40896 from network:vpn
Copy from network:vpn/strongswan based on submit request 40896 from user mtomaschewski

OBS-URL: https://build.opensuse.org/request/show/40896
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=21
2010-05-31 16:22:37 +00:00
10 changed files with 230 additions and 194 deletions

4
_scmsync.obsinfo Normal file
View File

@@ -0,0 +1,4 @@
mtime: 1734001585
commit: 46bea0264513c39e6ae4994587410457fe0ffb8fe1ccbd431d7a7fd338768f89
url: https://src.opensuse.org/jengelh/strongswan
revision: master

3
build.specials.obscpio Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:62325c078f84c3007f3e88be6d0258f3d5640ece9cb801076c8399991d05869a
size 256

View File

@@ -1,9 +1,13 @@
Index: strongswan-5.9.5/init/systemd/strongswan.service.in ---
init/systemd/strongswan.service.in | 11 +++++++++++
1 file changed, 11 insertions(+)
Index: strongswan-6.0.0/init/systemd/strongswan.service.in
=================================================================== ===================================================================
--- strongswan-5.9.5.orig/init/systemd/strongswan.service.in --- strongswan-6.0.0.orig/init/systemd/strongswan.service.in
+++ strongswan-5.9.5/init/systemd/strongswan.service.in +++ strongswan-6.0.0/init/systemd/strongswan.service.in
@@ -3,6 +3,17 @@ Description=strongSwan IPsec IKEv1/IKEv2 @@ -4,6 +4,17 @@ After=network-online.target
After=network-online.target Wants=network-online.target
[Service] [Service]
+# added automatically, for details please see +# added automatically, for details please see

31
init.patch Normal file
View File

@@ -0,0 +1,31 @@
From c58507ff186ae9cf014c0b54082c8bf74aef3219 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Tue, 3 Dec 2024 21:56:33 +0100
Subject: [PATCH] init: put strongswan-starter.service behind USE_FILE_CONFIG
References: https://github.com/strongswan/strongswan/pull/2553
stroke is no longer enabled by default, but the systemd unit
still is copied on `make install`. Fix that.
---
init/Makefile.am | 2 ++
1 file changed, 2 insertions(+)
diff --git a/init/Makefile.am b/init/Makefile.am
index 54c090cea..824ebd695 100644
--- a/init/Makefile.am
+++ b/init/Makefile.am
@@ -3,9 +3,11 @@ SUBDIRS =
if USE_LEGACY_SYSTEMD
if USE_CHARON
+if USE_FILE_CONFIG
SUBDIRS += systemd-starter
endif
endif
+endif
if USE_SYSTEMD
if USE_SWANCTL
--
2.47.1

BIN
strongswan-5.9.14.tar.bz2 (Stored with Git LFS)

Binary file not shown.

View File

@@ -1,14 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmX5cHAACgkQ30LBcLNN
une5oAwAiNFc9r4zuuJ9+Qd3q4AYTiCa7g4j6OhneQwY7Y6fzYOROfKKDzPoDhwJ
juU5vj+5d9yKVLEEueACCY2hM9cmAZL3mWMy5s86FmrNQcPRJ24cU19ZkyoxKGZ9
8lvEtPzb5r5aTrdJnSu3rydGK7nSVysxA5ZyamviUndx1lWUkGYlz3lKMl8xm2qa
QNCnBQiUcwm9mADl4txlxkCvSDPb1Ez7Y40K5lVTpKa/awaM9e9JuKXSgOJmBUBY
C/E8pCzC8lENEoq5EZI/eV7VNwlc1ussqp2iSj0Nhy45cmXvCHpCIslkhPuReQzW
nNDFbuMGiDzCvD2RNdi+l1z+74oLPFeC7663K2/VYMMobqwYVhdC4hg/PMOzDa1x
L18Y7Pffna4gNa/jarx1U7fMFLW4c0q5DVvM8qoLtnc7Q9zFw4A+EU6i3sFa5EF+
aVNbmHTIBXnf0YVoHmuOgjRH9kjjshnl/kSszOeW+wkoZzhuJkTzz/gllc9YWQNG
y+PFcIVK
=dVex
-----END PGP SIGNATURE-----

BIN
strongswan-6.0.0.tar.bz2 (Stored with Git LFS) Normal file

Binary file not shown.

View File

@@ -0,0 +1,14 @@
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmdO+hMACgkQ30LBcLNN
undilgwAgiT5p2PyMhwSp4qo1EUX8+PWwJ9Plqz7TNCCdFJe3uYre3hM2K5hFey0
azrPrqZ2HWtBycH0gI4BFzUSVO8E4SZOBQnPH/g3bsFg9VU71ML30LdZYx+Lg7wK
7AaMxYhl7xIvfb4D8+ZpYV6bSDH0o2tRN5h5gPk4IECOTTRhsLWL89IL8xOXgNPj
ao0meIUNfvg6cl1uLFff/c7H7cAGSFsKPSWtMWLfK0PglW4LVJJvr5PhGsduVPsE
JwY2VAMVi1BI1Y7I1WxS7T1qEAXLKAuNHKJHgIvd3xvSM1Q197qFrGyuujDQV5Yn
Olp583ccs2LJbfmDQiPD/AHeDpikMMtBZ3Hk7Od3CqRVpeIDyBC0/oEwiascw6Q4
5SDclgEdL9jHU7Uo1Z9v+Ltn0lihGAkAsAMgJMFyfCFiB03yCXFQu34PK65ZoIk7
GN3XeUqu7sdmK7Tg4RbsrZ1P7J9TiFllMiu7noYVluhW4My68A76yHIbk66i8DwF
pzxPfTqH
=8zOA
-----END PGP SIGNATURE-----

View File

@@ -1,3 +1,35 @@
-------------------------------------------------------------------
Tue Dec 3 15:59:06 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- /usr/sbin/ipsec is deprecated since 5.2.0 and will be removed
in the future.
- Update to release 6.0.0
* Support for multiple IKEv2 key exchanges (RFC 9370)
* Support for the Module-Lattice-Based Key-Encapsulation
Mechanism (ML-KEM, FIPS 203)
* AF_VSOCK socket support
* The file logger can optionally log messages as JSON objects
* Handling of CHILD_SA rekey collisions has been improved
* The kernel-netlink plugin explicitly configures the direction
of IPsec SAs when running on 6.10+ kernels
* The NetworkManager plugin (charon-nm) now uses a different
routing table than the regular IKE daemon to avoid conflicts
if both are running
* The following crypto plugins are no longer built:
aes, curve25519, des, fips-prf, gmp, hmac, md5, pkcs12, rc2,
sha1, sha2. (Their replacement is the "openssl" plugin.)
* The following deprecated plugins have been removed: bliss
(signature scheme), newhope (key exchange method), ntru (key
exchange method).
- Add init.patch
-------------------------------------------------------------------
Tue Nov 26 12:02:16 UTC 2024 - Dirk Müller <dmueller@suse.com>
- rename -hmac subpackage to -fips because it isn't providing
the hmac files, it provides the configuration drop in to
enforce fips mode.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jun 20 12:10:36 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org> Thu Jun 20 12:10:36 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>

View File

@@ -16,21 +16,14 @@
# #
Name: strongswan
Version: 5.9.14
Release: 0
%define upstream_version %{version}
%define strongswan_docdir %{_docdir}/%{name} %define strongswan_docdir %{_docdir}/%{name}
%define strongswan_libdir %{_libdir}/ipsec %define strongswan_libdir %{_libdir}/ipsec
%define strongswan_configs %{_sysconfdir}/strongswan.d %define strongswan_configs %{_sysconfdir}/strongswan.d
%define strongswan_datadir %{_datadir}/strongswan %define strongswan_datadir %{_datadir}/strongswan
%define strongswan_plugins %{strongswan_libdir}/plugins %define strongswan_plugins %{strongswan_libdir}/plugins
%define strongswan_templates %{strongswan_datadir}/templates %define strongswan_templates %{strongswan_datadir}/templates
%if 0 %bcond_without stroke
%bcond_without tests
%else
%bcond_with tests %bcond_with tests
%endif
%bcond_without fipscheck %bcond_without fipscheck
%ifarch %{ix86} ppc64le %ifarch %{ix86} ppc64le
%bcond_without integrity %bcond_without integrity
@@ -44,70 +37,73 @@ Release: 0
%bcond_without gcrypt %bcond_without gcrypt
%bcond_without nm %bcond_without nm
%bcond_without systemd %bcond_without systemd
Name: strongswan
Version: 6.0.0
Release: 0
Summary: IPsec-based VPN solution Summary: IPsec-based VPN solution
License: GPL-2.0-or-later License: GPL-2.0-or-later
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
URL: https://www.strongswan.org/ URL: https://www.strongswan.org/
Source0: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2 Source0: http://download.strongswan.org/strongswan-%version.tar.bz2
Source1: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2.sig Source1: http://download.strongswan.org/strongswan-%version.tar.bz2.sig
Source2: %{name}.init.in Source2: %{name}.init.in
Source3: %{name}-rpmlintrc Source3: %{name}-rpmlintrc
Source4: README.SUSE Source4: README.SUSE
Source5: %{name}.keyring Source5: %{name}.keyring
%if %{with fipscheck}
Source7: fips-enforce.conf Source7: fips-enforce.conf
%endif
Patch2: %{name}_ipsec_service.patch Patch2: %{name}_ipsec_service.patch
Patch5: 0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch Patch5: 0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch
Patch6: harden_strongswan.service.patch Patch6: harden_strongswan.service.patch
Patch7: init.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: bison BuildRequires: bison
BuildRequires: curl-devel BuildRequires: curl-devel
BuildRequires: flex BuildRequires: flex
BuildRequires: gmp-devel BuildRequires: gmp-devel
BuildRequires: gperf BuildRequires: gperf
BuildRequires: iptables
BuildRequires: libcap-devel BuildRequires: libcap-devel
BuildRequires: libopenssl-devel BuildRequires: libopenssl-devel
BuildRequires: libtool
BuildRequires: openldap2-devel BuildRequires: openldap2-devel
BuildRequires: pam-devel BuildRequires: pam-devel
BuildRequires: pcsc-lite-devel BuildRequires: pcsc-lite-devel
BuildRequires: pkg-config BuildRequires: pkg-config
BuildRequires: pkgconfig(libsoup-2.4) BuildRequires: pkgconfig(libsoup-2.4)
BuildRequires: pkgconfig(libsystemd)
%if %{with mysql} %if %{with mysql}
BuildRequires: libmysqlclient-devel BuildRequires: libmysqlclient-devel
%endif %endif
%if %{with sqlite} %if %{with sqlite}
BuildRequires: sqlite3-devel BuildRequires: pkgconfig(sqlite3)
%endif %endif
%if %{with gcrypt} %if %{with gcrypt}
BuildRequires: libgcrypt-devel BuildRequires: pkgconfig(libgcrypt)
%endif %endif
%if %{with nm} %if %{with nm}
BuildRequires: pkgconfig(libnm) BuildRequires: pkgconfig(libnm)
%endif %endif
Obsoletes: strongswan-libs0 < %version-%release
Provides: strongswan-libs0 = %version-%release
%{?systemd_requires} %{?systemd_requires}
BuildRequires: iptables
BuildRequires: pkgconfig(libsystemd)
%{!?_rundir: %global _rundir /run} %{!?_rundir: %global _rundir /run}
%{!?_tmpfilesdir: %global _tmpfilesdir /usr/lib/tmpfiles.d} %{!?_tmpfilesdir: %global _tmpfilesdir /usr/lib/tmpfiles.d}
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
Requires: strongswan-ipsec = %{version}
%description %description
StrongSwan is an IPsec-based VPN solution for Linux. StrongSwan is an IPsec-based VPN solution for Linux.
* Implements both the IKEv1 and IKEv2 (RFC 4306) key exchange protocols * IKEv1 and IKEv2 (RFC 4306, 9370) key exchange protocol support
* Fully tested support of IPv6 IPsec tunnel and transport connections * Support of IPv6 IPsec tunnel and transport connections
* Dynamic IP address and interface update with IKEv2 MOBIKE (RFC 4555) * Dynamic IP address and interface update with IKEv2 MOBIKE (RFC 4555)
* Automatic insertion and deletion of IPsec-policy-based firewall rules * Automatic insertion and deletion of IPsec-policy-based firewall rules
* Strong 128/192/256 bit AES or Camellia encryption, 3DES support * 128/192/256-bit AES encryption
* NAT Traversal via UDP encapsulation and port floating (RFC 3947) * NAT Traversal via UDP encapsulation and port floating (RFC 3947)
* Dead Peer Detection (DPD, RFC 3706) takes care of dangling tunnels * Dead Peer Detection (DPD, RFC 3706) to detect dangling tunnels
* Static virtual IP addresses and IKEv1 ModeConfig pull and push modes
* XAUTH server and client functionality on top of IKEv1 Main Mode authentication * XAUTH server and client functionality on top of IKEv1 Main Mode authentication
* Virtual IP address pool managed by IKE daemon or SQL database * Virtual IP address pool managed by IKE daemon or SQL database
* Secure IKEv2 EAP user authentication (EAP-SIM, EAP-AKA, EAP-MSCHAPv2, etc.) * IKEv2 EAP user authentication (EAP-SIM, EAP-AKA, EAP-MSCHAPv2, etc.)
* Optional relaying of EAP messages to AAA server via EAP-RADIUS plugin * Optional relaying of EAP messages to AAA server via EAP-RADIUS plugin
* Support of IKEv2 Multiple Authentication Exchanges (RFC 4739) * Support of IKEv2 Multiple Authentication Exchanges (RFC 4739)
* Authentication based on X.509 certificates or preshared keys * Authentication based on X.509 certificates or preshared keys
@@ -115,12 +111,11 @@ StrongSwan is an IPsec-based VPN solution for Linux.
* Retrieval and local caching of Certificate Revocation Lists via HTTP or LDAP * Retrieval and local caching of Certificate Revocation Lists via HTTP or LDAP
* Full support of the Online Certificate Status Protocol (OCSP, RCF 2560). * Full support of the Online Certificate Status Protocol (OCSP, RCF 2560).
* CA management (OCSP and CRL URIs, default LDAP server) * CA management (OCSP and CRL URIs, default LDAP server)
* Powerful IPsec policies based on wildcards or intermediate CAs * IPsec policies based on wildcards or intermediate CAs
* Group policies based on X.509 attribute certificates (RFC 3281) * Group policies based on X.509 attribute certificates (RFC 3281)
* Storage of RSA private keys and certificates on a smartcard (PKCS #11 interface) * Storage of RSA private keys and certificates on a smartcard (PKCS#11 interface)
* Modular plugins for crypto algorithms and relational database interfaces * Modular plugins for crypto algorithms and relational database interfaces
* Support of elliptic curve DH groups and ECDSA certificates (Suite B, RFC 4869) * Support of elliptic curve DH groups and ECDSA certificates (Suite B, RFC 4869)
* Optional built-in integrity and crypto tests for plugins and libraries
* Linux desktop integration via the strongSwan NetworkManager applet * Linux desktop integration via the strongSwan NetworkManager applet
This package triggers the installation of both, IKEv1 and IKEv2 daemons. This package triggers the installation of both, IKEv1 and IKEv2 daemons.
@@ -135,48 +130,39 @@ StrongSwan is an IPsec-based VPN solution for Linux.
This package provides the StrongSwan documentation. This package provides the StrongSwan documentation.
%package libs0 %package fips
Summary: strongSwan core libraries and basic plugins
Group: Productivity/Networking/Security
Conflicts: strongswan < %{version}
%description libs0
StrongSwan is an IPsec-based VPN solution for Linux.
This package provides the strongswan library and plugins.
%package hmac
Summary: Config file to disable non FIPS-140-2 algos in strongSwan Summary: Config file to disable non FIPS-140-2 algos in strongSwan
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Requires: strongswan-ipsec = %{version} Requires: strongswan = %version
Requires: strongswan-libs0 = %{version} Provides: strongswan-hmac = %{version}-%{release}
Obsoletes: strongswan-hmac < %{version}-%{release}
%description hmac %description fips
The package provides a config file disabling alternative algorithm The package provides a config file disabling alternative algorithm
implementation when FIPS-140-2 compliant operation mode is enabled. implementation when FIPS-140-2 compliant operation mode is enabled.
%package ipsec %package ipsec
Summary: IPsec-based VPN solution Summary: Old-style "ipsec" interface (stroke/starter) for strongSwan
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Requires: strongswan-libs0 = %{version} Requires: strongswan = %version
Provides: VPN Provides: VPN
Provides: ipsec Provides: ipsec
Provides: strongswan = %{version}
Obsoletes: strongswan < %{version}
Conflicts: freeswan Conflicts: freeswan
Conflicts: openswan Conflicts: openswan
%description ipsec %description ipsec
StrongSwan is an IPsec-based VPN solution for Linux. StrongSwan is an IPsec-based VPN solution for Linux.
This package provides the systemd service definition and allows This package provides an ipsec(8) command-line interface and
to maintain both IKEv1 and IKEv2 using the /etc/ipsec.conf and the configuration mechanism (/etc/ipsec.conf, ipsec.secrets).
/etc/ipsec.secrets files.
Old-style ipsec(8) management of strongSwan is deprecated since
version 5.2.0.
%package mysql %package mysql
Summary: MySQL plugin for strongSwan Summary: MySQL plugin for strongSwan
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Requires: strongswan-libs0 = %{version} Requires: strongswan = %version
%description mysql %description mysql
StrongSwan is an IPsec-based VPN solution for Linux. StrongSwan is an IPsec-based VPN solution for Linux.
@@ -186,20 +172,20 @@ This package provides the strongswan mysql plugin.
%package sqlite %package sqlite
Summary: SQLite plugin for strongSwan Summary: SQLite plugin for strongSwan
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Requires: strongswan-libs0 = %{version} Requires: strongswan = %version
%description sqlite %description sqlite
StrongSwan is an OpenSource IPsec-based VPN solution for Linux. StrongSwan is an IPsec-based VPN solution for Linux.
This package provides the strongswan sqlite plugin. This package provides the strongswan sqlite plugin.
%package nm %package nm
Summary: NetworkManager plugin for strongSwan Summary: NetworkManager plugin for strongSwan
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Requires: strongswan-libs0 = %{version} Requires: strongswan = %version
%description nm %description nm
StrongSwan is an OpenSource IPsec-based VPN solution for Linux. StrongSwan is an IPsec-based VPN solution for Linux.
This package provides the NetworkManager plugin to control the This package provides the NetworkManager plugin to control the
charon IKEv2 daemon through D-Bus, designed to work using the charon IKEv2 daemon through D-Bus, designed to work using the
@@ -208,28 +194,24 @@ NetworkManager-strongswan graphical user interface.
%package tests %package tests
Summary: Testing plugins for strongSwan Summary: Testing plugins for strongSwan
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Requires: strongswan-libs0 = %{version} Requires: strongswan = %version
%description tests %description tests
StrongSwan is an OpenSource IPsec-based VPN solution for Linux. StrongSwan is an IPsec-based VPN solution for Linux.
This package provides the strongswan crypto test vectors plugin This package provides the strongswan crypto test vectors plugin
and the load testing plugin for IKEv2 daemon. and the load testing plugin for IKEv2 daemon.
%prep %prep
%setup -q -n %{name}-%{upstream_version} %autosetup -p1
%patch -P 2 -p1
%patch -P 5 -p1
sed -e 's|@libexecdir@|%_libexecdir|g' \ sed -e 's|@libexecdir@|%_libexecdir|g' \
< %{_sourcedir}/strongswan.init.in \ < %{_sourcedir}/strongswan.init.in \
> strongswan.init > strongswan.init
%patch -P 6 -p1
%build %build
CFLAGS="%{optflags} -W -Wall -Wno-pointer-sign -Wno-strict-aliasing -Wno-unused-parameter"
export CFLAGS
autoreconf --force --install autoreconf --force --install
%configure \ %configure \
CFLAGS="%optflags -W -Wall -Wno-pointer-sign -Wno-strict-aliasing -Wno-unused-parameter" \
%if %{with integrity} %if %{with integrity}
--enable-integrity-test \ --enable-integrity-test \
%endif %endif
@@ -312,6 +294,9 @@ autoreconf --force --install
%else %else
--disable-nm \ --disable-nm \
%endif %endif
%if %{with stroke}
--enable-stroke \
%endif
%if %{with tests} %if %{with tests}
--enable-conftest \ --enable-conftest \
--enable-load-tester \ --enable-load-tester \
@@ -358,7 +343,7 @@ LD_LIBRARY_PATH="%{buildroot}-$$/%{strongswan_libdir}" \
} }
%endif %endif
# #
rm -f %{buildroot}/%{_sysconfdir}/ipsec.secrets %if %{with stroke}
cat << EOT > %{buildroot}/%{_sysconfdir}/ipsec.secrets cat << EOT > %{buildroot}/%{_sysconfdir}/ipsec.secrets
# #
# ipsec.secrets # ipsec.secrets
@@ -368,6 +353,7 @@ cat << EOT > %{buildroot}/%{_sysconfdir}/ipsec.secrets
# #
EOT EOT
# #
%endif
%if ! %{with mysql} %if ! %{with mysql}
rm -f %{buildroot}/%{strongswan_templates}/database/sql/mysql.sql rm -f %{buildroot}/%{strongswan_templates}/database/sql/mysql.sql
%endif %endif
@@ -377,7 +363,6 @@ rm -f %{buildroot}/%{strongswan_templates}/database/sql/sqlite.sql
rm -f %{buildroot}/%{strongswan_libdir}/lib{charon,hydra,strongswan,pttls}.so rm -f %{buildroot}/%{strongswan_libdir}/lib{charon,hydra,strongswan,pttls}.so
rm -f %{buildroot}/%{strongswan_libdir}/lib{radius,simaka,tls,tnccs,imcv}.so rm -f %{buildroot}/%{strongswan_libdir}/lib{radius,simaka,tls,tnccs,imcv}.so
find %{buildroot}/%{strongswan_libdir} -type f -name "*.la" -delete find %{buildroot}/%{strongswan_libdir} -type f -name "*.la" -delete
#
install -d -m755 %{buildroot}/%{strongswan_docdir}/ install -d -m755 %{buildroot}/%{strongswan_docdir}/
install -c -m644 TODO NEWS README COPYING LICENSE \ install -c -m644 TODO NEWS README COPYING LICENSE \
AUTHORS ChangeLog \ AUTHORS ChangeLog \
@@ -393,36 +378,37 @@ install -c -m644 %{_sourcedir}/fips-enforce.conf \
sed -i 's/\(load[ ]*=[ ]*\)yes/\1no/g' %{buildroot}/%{strongswan_configs}/charon/bypass-lan.conf sed -i 's/\(load[ ]*=[ ]*\)yes/\1no/g' %{buildroot}/%{strongswan_configs}/charon/bypass-lan.conf
%endif %endif
%post libs0 %post
/sbin/ldconfig /sbin/ldconfig
%{?tmpfiles_create:%tmpfiles_create %{_tmpfilesdir}/%{name}.conf} %{?tmpfiles_create:%tmpfiles_create %{_tmpfilesdir}/%{name}.conf}
%{!?tmpfiles_create:test -d %{_rundir}/%{name} || mkdir -p %{_rundir}/%{name}} %{!?tmpfiles_create:test -d %{_rundir}/%{name} || mkdir -p %{_rundir}/%{name}}
%postun libs0 -p /sbin/ldconfig %postun -p /sbin/ldconfig
%pre ipsec %pre ipsec
%service_add_pre %{name}-starter.service %service_add_pre %{name}-starter.service
%post ipsec %post ipsec
%service_add_post %{name}-starter.service
# Following code does the migration from strongwan.service (ver < 5.8.0) to # Following code does the migration from strongwan.service (ver < 5.8.0) to
# strongswan-starter.service (ver >= 5.8.0) during update. The systemd service # strongswan-starter.service (ver >= 5.8.0) during update. The systemd service
# units have been renamed. The modern unit, which was called strongswan-swanctl, # units have been renamed. The modern unit, which was called strongswan-swanctl,
# is now called strongswan (the previous name is configured as alias in the unit, # is now called strongswan (the previous name is configured as alias in the unit,
# for which a symlink is created when the unit is enabled). The legacy unit is now # for which a symlink is created when the unit is enabled). The legacy unit is now
# called strongswan-starter. # called strongswan-starter.
_ipsec_active=`/usr/bin/systemctl is-active %{name}-starter.service 2>/dev/null` || : _ipsec_active=$(/usr/bin/systemctl is-active %{name}-starter.service 2>/dev/null) || :
_swanctl_active=`/usr/bin/systemctl is-active %{name}.service 2>/dev/null` || : _swanctl_active=$(/usr/bin/systemctl is-active %{name}.service 2>/dev/null) || :
_ipsec_enable=`/usr/bin/systemctl is-enabled %{name}-starter.service 2>/dev/null` || : _ipsec_enable=$(/usr/bin/systemctl is-enabled %{name}-starter.service 2>/dev/null) || :
_swanctl_enable=`/usr/bin/systemctl is-enabled %{name}.service 2>/dev/null` || : _swanctl_enable=$(/usr/bin/systemctl is-enabled %{name}.service 2>/dev/null) || :
if [[ "$_swanctl_enable" == "enabled" || "$_swanctl_active" == "active" ]]; then if [ "$_swanctl_enable" = "enabled" ] || [ "$_swanctl_active" = "active" ]; then
/usr/bin/systemctl disable --now %{name}.service || : /usr/bin/systemctl disable --now %{name}.service || :
/usr/bin/systemctl mask %{name}.service || : /usr/bin/systemctl mask %{name}.service || :
fi fi
if [[ "$_swanctl_enable" == "enabled" || "$_ipsec_enable" == "enabled" ]]; then if [ "$_swanctl_enable" = "enabled" ] || [ "$_ipsec_enable" = "enabled" ]; then
/usr/bin/systemctl daemon-reload /usr/bin/systemctl daemon-reload
/usr/bin/systemctl enable %{name}-starter.service || : /usr/bin/systemctl enable %{name}-starter.service || :
fi fi
if [[ "$_swanctl_active" == "active" || "$_ipsec_active" == "active" ]]; then if [ "$_swanctl_active" = "active" ] || [ "$_ipsec_active" = "active" ]; then
/usr/bin/systemctl start %{name}-starter.service || : /usr/bin/systemctl start %{name}-starter.service || :
fi fi
@@ -440,45 +426,26 @@ fi
%postun ipsec %postun ipsec
%service_del_postun %{name}-starter.service %service_del_postun %{name}-starter.service
%files
%dir %{strongswan_docdir}
%{strongswan_docdir}/README.SUSE
%if %{with fipscheck} %if %{with fipscheck}
%files fips
%files hmac
%dir %{strongswan_configs} %dir %{strongswan_configs}
%dir %{strongswan_configs}/charon %dir %{strongswan_configs}/charon
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/zzz_fips-enforce.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/zzz_fips-enforce.conf
%endif %endif
%files ipsec %files
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.conf %dir %{strongswan_docdir}
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.secrets %{strongswan_docdir}/README.SUSE
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/swanctl/swanctl.conf %config(noreplace) %attr(600,root,root) %{_sysconfdir}/swanctl/swanctl.conf
%dir %{_sysconfdir}/swanctl %dir %{_sysconfdir}/swanctl
%dir %{_sysconfdir}/ipsec.d
%dir %{_sysconfdir}/ipsec.d/crls
%dir %{_sysconfdir}/ipsec.d/reqs
%dir %{_sysconfdir}/ipsec.d/certs
%dir %{_sysconfdir}/ipsec.d/acerts
%dir %{_sysconfdir}/ipsec.d/aacerts
%dir %{_sysconfdir}/ipsec.d/cacerts
%dir %{_sysconfdir}/ipsec.d/ocspcerts
%dir %attr(700,root,root) %{_sysconfdir}/ipsec.d/private
%{_unitdir}/strongswan-starter.service
%{_unitdir}/strongswan.service %{_unitdir}/strongswan.service
%{_sbindir}/charon-systemd %{_sbindir}/charon-systemd
%{_bindir}/pki %{_bindir}/pki
%{_bindir}/pt-tls-client %{_bindir}/pt-tls-client
%{_bindir}/tpm_extendpcr %{_bindir}/tpm_extendpcr
%{_sbindir}/ipsec
%{_sbindir}/swanctl %{_sbindir}/swanctl
%{_mandir}/man1/pki*.1* %{_mandir}/man1/pki*.1*
%{_mandir}/man1/pt-tls-client.1* %{_mandir}/man1/pt-tls-client.1*
%{_mandir}/man8/ipsec.8*
%{_mandir}/man5/ipsec.conf.5*
%{_mandir}/man5/ipsec.secrets.5*
%{_mandir}/man5/strongswan.conf.5* %{_mandir}/man5/strongswan.conf.5*
%dir %{_libexecdir}/ipsec %dir %{_libexecdir}/ipsec
%{_libexecdir}/ipsec/_updown %{_libexecdir}/ipsec/_updown
@@ -488,29 +455,14 @@ fi
%{_libexecdir}/ipsec/xfrmi %{_libexecdir}/ipsec/xfrmi
%{_libexecdir}/ipsec/duplicheck %{_libexecdir}/ipsec/duplicheck
%{_libexecdir}/ipsec/pool %{_libexecdir}/ipsec/pool
%{_libexecdir}/ipsec/starter
%{_libexecdir}/ipsec/stroke
%{_libexecdir}/ipsec/charon %{_libexecdir}/ipsec/charon
%{_libexecdir}/ipsec/_imv_policy %{_libexecdir}/ipsec/_imv_policy
%{_libexecdir}/ipsec/imv_policy_manager %{_libexecdir}/ipsec/imv_policy_manager
%dir %{strongswan_plugins} %dir %{strongswan_plugins}
%{strongswan_plugins}/libstrongswan-drbg.so %{strongswan_plugins}/libstrongswan-drbg.so
%{strongswan_plugins}/libstrongswan-stroke.so
%{strongswan_plugins}/libstrongswan-updown.so %{strongswan_plugins}/libstrongswan-updown.so
%_mandir/man5/swanctl.conf.5.*
%files doc %_mandir/man8/swanctl.8.*
%dir %{strongswan_docdir}
%{strongswan_docdir}/TODO
%{strongswan_docdir}/NEWS
%{strongswan_docdir}/README
%{strongswan_docdir}/COPYING
%{strongswan_docdir}/LICENSE
%{strongswan_docdir}/AUTHORS
%{strongswan_docdir}/ChangeLog
%{_mandir}/man5/swanctl.conf.5.*
%{_mandir}/man8/swanctl.8.*
%files libs0
%{_tmpfilesdir}/%{name}.conf %{_tmpfilesdir}/%{name}.conf
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/strongswan.conf %config(noreplace) %attr(600,root,root) %{_sysconfdir}/strongswan.conf
%dir %{strongswan_configs} %dir %{strongswan_configs}
@@ -521,13 +473,10 @@ fi
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/imcv.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/imcv.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/pki.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/pki.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/pool.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/pool.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/starter.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/tnc.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/tnc.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/swanctl.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/swanctl.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/addrblock.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/addrblock.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/aes.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/counters.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/counters.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/curve25519.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/drbg.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/drbg.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/vici.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/vici.conf
%if %{with afalg} %if %{with afalg}
@@ -544,7 +493,6 @@ fi
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/coupling.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/coupling.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/ctr.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/ctr.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/curl.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/curl.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/des.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/dhcp.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/dhcp.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/dnskey.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/dnskey.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/duplicheck.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/duplicheck.conf
@@ -576,37 +524,30 @@ fi
%endif %endif
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/gmp.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/gmp.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/ha.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/ha.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/hmac.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/kdf.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/kdf.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/kernel-netlink.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/kernel-netlink.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/ldap.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/ldap.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/led.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/led.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/md4.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/md4.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/md5.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/mgf1.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/mgf1.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/nonce.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/nonce.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/openssl.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/openssl.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/pem.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/pem.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/pgp.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/pgp.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/pkcs11.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/pkcs11.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/pkcs12.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/pkcs1.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/pkcs1.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/pkcs7.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/pkcs7.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/pkcs8.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/pkcs8.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/pubkey.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/pubkey.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/radattr.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/radattr.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/random.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/random.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/rc2.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/resolve.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/resolve.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/revocation.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/revocation.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/sha1.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/sha2.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/smp.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/smp.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/socket-default.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/socket-default.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/soup.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/soup.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/sql.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/sql.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/sshkey.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/sshkey.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/stroke.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/tnccs-11.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/tnccs-11.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/tnccs-20.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/tnccs-20.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/tnccs-dynamic.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/tnccs-dynamic.conf
@@ -645,7 +586,6 @@ fi
%{strongswan_libdir}/imcvs/imv-test.so %{strongswan_libdir}/imcvs/imv-test.so
%dir %{strongswan_plugins} %dir %{strongswan_plugins}
%{strongswan_plugins}/libstrongswan-addrblock.so %{strongswan_plugins}/libstrongswan-addrblock.so
%{strongswan_plugins}/libstrongswan-aes.so
%if %{with afalg} %if %{with afalg}
%{strongswan_plugins}/libstrongswan-af-alg.so %{strongswan_plugins}/libstrongswan-af-alg.so
%endif %endif
@@ -661,7 +601,6 @@ fi
%{strongswan_plugins}/libstrongswan-coupling.so %{strongswan_plugins}/libstrongswan-coupling.so
%{strongswan_plugins}/libstrongswan-ctr.so %{strongswan_plugins}/libstrongswan-ctr.so
%{strongswan_plugins}/libstrongswan-curl.so %{strongswan_plugins}/libstrongswan-curl.so
%{strongswan_plugins}/libstrongswan-des.so
%{strongswan_plugins}/libstrongswan-dhcp.so %{strongswan_plugins}/libstrongswan-dhcp.so
%{strongswan_plugins}/libstrongswan-dnskey.so %{strongswan_plugins}/libstrongswan-dnskey.so
%{strongswan_plugins}/libstrongswan-duplicheck.so %{strongswan_plugins}/libstrongswan-duplicheck.so
@@ -693,13 +632,11 @@ fi
%endif %endif
%{strongswan_plugins}/libstrongswan-gmp.so %{strongswan_plugins}/libstrongswan-gmp.so
%{strongswan_plugins}/libstrongswan-ha.so %{strongswan_plugins}/libstrongswan-ha.so
%{strongswan_plugins}/libstrongswan-hmac.so
%{strongswan_plugins}/libstrongswan-kdf.so %{strongswan_plugins}/libstrongswan-kdf.so
%{strongswan_plugins}/libstrongswan-kernel-netlink.so %{strongswan_plugins}/libstrongswan-kernel-netlink.so
%{strongswan_plugins}/libstrongswan-ldap.so %{strongswan_plugins}/libstrongswan-ldap.so
%{strongswan_plugins}/libstrongswan-led.so %{strongswan_plugins}/libstrongswan-led.so
%{strongswan_plugins}/libstrongswan-md4.so %{strongswan_plugins}/libstrongswan-md4.so
%{strongswan_plugins}/libstrongswan-md5.so
%{strongswan_plugins}/libstrongswan-mgf1.so %{strongswan_plugins}/libstrongswan-mgf1.so
%{strongswan_plugins}/libstrongswan-nonce.so %{strongswan_plugins}/libstrongswan-nonce.so
%{strongswan_plugins}/libstrongswan-openssl.so %{strongswan_plugins}/libstrongswan-openssl.so
@@ -707,17 +644,13 @@ fi
%{strongswan_plugins}/libstrongswan-pgp.so %{strongswan_plugins}/libstrongswan-pgp.so
%{strongswan_plugins}/libstrongswan-pkcs1.so %{strongswan_plugins}/libstrongswan-pkcs1.so
%{strongswan_plugins}/libstrongswan-pkcs11.so %{strongswan_plugins}/libstrongswan-pkcs11.so
%{strongswan_plugins}/libstrongswan-pkcs12.so
%{strongswan_plugins}/libstrongswan-pkcs7.so %{strongswan_plugins}/libstrongswan-pkcs7.so
%{strongswan_plugins}/libstrongswan-pkcs8.so %{strongswan_plugins}/libstrongswan-pkcs8.so
%{strongswan_plugins}/libstrongswan-pubkey.so %{strongswan_plugins}/libstrongswan-pubkey.so
%{strongswan_plugins}/libstrongswan-radattr.so %{strongswan_plugins}/libstrongswan-radattr.so
%{strongswan_plugins}/libstrongswan-random.so %{strongswan_plugins}/libstrongswan-random.so
%{strongswan_plugins}/libstrongswan-rc2.so
%{strongswan_plugins}/libstrongswan-resolve.so %{strongswan_plugins}/libstrongswan-resolve.so
%{strongswan_plugins}/libstrongswan-revocation.so %{strongswan_plugins}/libstrongswan-revocation.so
%{strongswan_plugins}/libstrongswan-sha1.so
%{strongswan_plugins}/libstrongswan-sha2.so
%{strongswan_plugins}/libstrongswan-smp.so %{strongswan_plugins}/libstrongswan-smp.so
%{strongswan_plugins}/libstrongswan-socket-default.so %{strongswan_plugins}/libstrongswan-socket-default.so
%{strongswan_plugins}/libstrongswan-soup.so %{strongswan_plugins}/libstrongswan-soup.so
@@ -736,7 +669,6 @@ fi
%{strongswan_plugins}/libstrongswan-xauth-generic.so %{strongswan_plugins}/libstrongswan-xauth-generic.so
%{strongswan_plugins}/libstrongswan-xauth-pam.so %{strongswan_plugins}/libstrongswan-xauth-pam.so
%{strongswan_plugins}/libstrongswan-xcbc.so %{strongswan_plugins}/libstrongswan-xcbc.so
%{strongswan_plugins}/libstrongswan-curve25519.so
%{strongswan_plugins}/libstrongswan-vici.so %{strongswan_plugins}/libstrongswan-vici.so
%{strongswan_plugins}/libstrongswan-bypass-lan.so %{strongswan_plugins}/libstrongswan-bypass-lan.so
%dir %{strongswan_datadir} %dir %{strongswan_datadir}
@@ -749,7 +681,6 @@ fi
%dir %{strongswan_templates}/database/sql %dir %{strongswan_templates}/database/sql
%{strongswan_templates}/config/strongswan.conf %{strongswan_templates}/config/strongswan.conf
%{strongswan_templates}/config/plugins/addrblock.conf %{strongswan_templates}/config/plugins/addrblock.conf
%{strongswan_templates}/config/plugins/aes.conf
%if %{with afalg} %if %{with afalg}
%{strongswan_templates}/config/plugins/af-alg.conf %{strongswan_templates}/config/plugins/af-alg.conf
%endif %endif
@@ -765,7 +696,6 @@ fi
%{strongswan_templates}/config/plugins/coupling.conf %{strongswan_templates}/config/plugins/coupling.conf
%{strongswan_templates}/config/plugins/ctr.conf %{strongswan_templates}/config/plugins/ctr.conf
%{strongswan_templates}/config/plugins/curl.conf %{strongswan_templates}/config/plugins/curl.conf
%{strongswan_templates}/config/plugins/des.conf
%{strongswan_templates}/config/plugins/dhcp.conf %{strongswan_templates}/config/plugins/dhcp.conf
%{strongswan_templates}/config/plugins/dnskey.conf %{strongswan_templates}/config/plugins/dnskey.conf
%{strongswan_templates}/config/plugins/drbg.conf %{strongswan_templates}/config/plugins/drbg.conf
@@ -798,13 +728,11 @@ fi
%endif %endif
%{strongswan_templates}/config/plugins/gmp.conf %{strongswan_templates}/config/plugins/gmp.conf
%{strongswan_templates}/config/plugins/ha.conf %{strongswan_templates}/config/plugins/ha.conf
%{strongswan_templates}/config/plugins/hmac.conf
%{strongswan_templates}/config/plugins/kdf.conf %{strongswan_templates}/config/plugins/kdf.conf
%{strongswan_templates}/config/plugins/kernel-netlink.conf %{strongswan_templates}/config/plugins/kernel-netlink.conf
%{strongswan_templates}/config/plugins/ldap.conf %{strongswan_templates}/config/plugins/ldap.conf
%{strongswan_templates}/config/plugins/led.conf %{strongswan_templates}/config/plugins/led.conf
%{strongswan_templates}/config/plugins/md4.conf %{strongswan_templates}/config/plugins/md4.conf
%{strongswan_templates}/config/plugins/md5.conf
%{strongswan_templates}/config/plugins/mgf1.conf %{strongswan_templates}/config/plugins/mgf1.conf
%{strongswan_templates}/config/plugins/nonce.conf %{strongswan_templates}/config/plugins/nonce.conf
%{strongswan_templates}/config/plugins/openssl.conf %{strongswan_templates}/config/plugins/openssl.conf
@@ -812,23 +740,18 @@ fi
%{strongswan_templates}/config/plugins/pgp.conf %{strongswan_templates}/config/plugins/pgp.conf
%{strongswan_templates}/config/plugins/pkcs1.conf %{strongswan_templates}/config/plugins/pkcs1.conf
%{strongswan_templates}/config/plugins/pkcs11.conf %{strongswan_templates}/config/plugins/pkcs11.conf
%{strongswan_templates}/config/plugins/pkcs12.conf
%{strongswan_templates}/config/plugins/pkcs7.conf %{strongswan_templates}/config/plugins/pkcs7.conf
%{strongswan_templates}/config/plugins/pkcs8.conf %{strongswan_templates}/config/plugins/pkcs8.conf
%{strongswan_templates}/config/plugins/pubkey.conf %{strongswan_templates}/config/plugins/pubkey.conf
%{strongswan_templates}/config/plugins/radattr.conf %{strongswan_templates}/config/plugins/radattr.conf
%{strongswan_templates}/config/plugins/random.conf %{strongswan_templates}/config/plugins/random.conf
%{strongswan_templates}/config/plugins/rc2.conf
%{strongswan_templates}/config/plugins/resolve.conf %{strongswan_templates}/config/plugins/resolve.conf
%{strongswan_templates}/config/plugins/revocation.conf %{strongswan_templates}/config/plugins/revocation.conf
%{strongswan_templates}/config/plugins/sha1.conf
%{strongswan_templates}/config/plugins/sha2.conf
%{strongswan_templates}/config/plugins/smp.conf %{strongswan_templates}/config/plugins/smp.conf
%{strongswan_templates}/config/plugins/socket-default.conf %{strongswan_templates}/config/plugins/socket-default.conf
%{strongswan_templates}/config/plugins/soup.conf %{strongswan_templates}/config/plugins/soup.conf
%{strongswan_templates}/config/plugins/sql.conf %{strongswan_templates}/config/plugins/sql.conf
%{strongswan_templates}/config/plugins/sshkey.conf %{strongswan_templates}/config/plugins/sshkey.conf
%{strongswan_templates}/config/plugins/stroke.conf
%{strongswan_templates}/config/plugins/tnc-imc.conf %{strongswan_templates}/config/plugins/tnc-imc.conf
%{strongswan_templates}/config/plugins/tnc-imv.conf %{strongswan_templates}/config/plugins/tnc-imv.conf
%{strongswan_templates}/config/plugins/tnc-pdp.conf %{strongswan_templates}/config/plugins/tnc-pdp.conf
@@ -843,7 +766,6 @@ fi
%{strongswan_templates}/config/plugins/xauth-generic.conf %{strongswan_templates}/config/plugins/xauth-generic.conf
%{strongswan_templates}/config/plugins/xauth-pam.conf %{strongswan_templates}/config/plugins/xauth-pam.conf
%{strongswan_templates}/config/plugins/xcbc.conf %{strongswan_templates}/config/plugins/xcbc.conf
%{strongswan_templates}/config/plugins/curve25519.conf
%{strongswan_templates}/config/plugins/vici.conf %{strongswan_templates}/config/plugins/vici.conf
%{strongswan_templates}/config/plugins/bypass-lan.conf %{strongswan_templates}/config/plugins/bypass-lan.conf
%{strongswan_templates}/config/strongswan.d/charon-systemd.conf %{strongswan_templates}/config/strongswan.d/charon-systemd.conf
@@ -852,14 +774,12 @@ fi
%{strongswan_templates}/config/strongswan.d/imcv.conf %{strongswan_templates}/config/strongswan.d/imcv.conf
%{strongswan_templates}/config/strongswan.d/pki.conf %{strongswan_templates}/config/strongswan.d/pki.conf
%{strongswan_templates}/config/strongswan.d/pool.conf %{strongswan_templates}/config/strongswan.d/pool.conf
%{strongswan_templates}/config/strongswan.d/starter.conf
%{strongswan_templates}/config/strongswan.d/tnc.conf %{strongswan_templates}/config/strongswan.d/tnc.conf
%{strongswan_templates}/config/strongswan.d/swanctl.conf %{strongswan_templates}/config/strongswan.d/swanctl.conf
%{strongswan_templates}/database/imv/data.sql %{strongswan_templates}/database/imv/data.sql
%{strongswan_templates}/database/imv/tables.sql %{strongswan_templates}/database/imv/tables.sql
%if %{with nm} %if %{with nm}
%files nm %files nm
%dir %{_libexecdir}/ipsec %dir %{_libexecdir}/ipsec
%dir %{strongswan_plugins} %dir %{strongswan_plugins}
@@ -868,7 +788,6 @@ fi
%endif %endif
%if %{with mysql} %if %{with mysql}
%files mysql %files mysql
%dir %{strongswan_libdir} %dir %{strongswan_libdir}
%dir %{strongswan_plugins} %dir %{strongswan_plugins}
@@ -888,7 +807,6 @@ fi
%endif %endif
%if %{with sqlite} %if %{with sqlite}
%files sqlite %files sqlite
%dir %{strongswan_libdir} %dir %{strongswan_libdir}
%dir %{strongswan_plugins} %dir %{strongswan_plugins}
@@ -907,7 +825,6 @@ fi
%endif %endif
%if %{with tests} %if %{with tests}
%files tests %files tests
%dir %{strongswan_configs} %dir %{strongswan_configs}
%dir %{strongswan_configs}/charon %dir %{strongswan_configs}/charon
@@ -927,4 +844,49 @@ fi
%{strongswan_plugins}/libstrongswan-test-vectors.so %{strongswan_plugins}/libstrongswan-test-vectors.so
%endif %endif
%if %{with stroke}
%files ipsec
%config(noreplace) %attr(600,root,root) %_sysconfdir/ipsec.conf
%config(noreplace) %attr(600,root,root) %_sysconfdir/ipsec.secrets
%dir %_sysconfdir/ipsec.d
%dir %_sysconfdir/ipsec.d/crls
%dir %_sysconfdir/ipsec.d/reqs
%dir %_sysconfdir/ipsec.d/certs
%dir %_sysconfdir/ipsec.d/acerts
%dir %_sysconfdir/ipsec.d/aacerts
%dir %_sysconfdir/ipsec.d/cacerts
%dir %_sysconfdir/ipsec.d/ocspcerts
%dir %attr(700,root,root) %_sysconfdir/ipsec.d/private
%_sbindir/ipsec
%_mandir/man8/ipsec.8*
%_mandir/man5/ipsec.conf.5*
%_mandir/man5/ipsec.secrets.5*
%dir %_libexecdir/ipsec/
%_libexecdir/ipsec/starter
%_libexecdir/ipsec/stroke
%_unitdir/strongswan-starter.service
%dir %strongswan_plugins/
%strongswan_plugins/libstrongswan-stroke.so
%dir %strongswan_configs/
%dir %strongswan_configs/charon/
%config(noreplace) %attr(600,root,root) %strongswan_configs/starter.conf
%config(noreplace) %attr(600,root,root) %strongswan_configs/charon/stroke.conf
%dir %strongswan_templates/
%dir %strongswan_templates/config/
%dir %strongswan_templates/config/plugins/
%strongswan_templates/config/plugins/stroke.conf
%dir %strongswan_templates/config/strongswan.d/
%strongswan_templates/config/strongswan.d/starter.conf
%endif
%files doc
%dir %strongswan_docdir
%strongswan_docdir/TODO
%strongswan_docdir/NEWS
%strongswan_docdir/README
%strongswan_docdir/COPYING
%strongswan_docdir/LICENSE
%strongswan_docdir/AUTHORS
%strongswan_docdir/ChangeLog
%changelog %changelog