SHA256
1
0
forked from pool/strongswan

Compare commits

..

72 Commits

Author SHA256 Message Date
Ana Guerrero
3bf0600596 Accepting request 1226518 from network:vpn
- rename -hmac subpackage to -fips because it isn't providing
  the hmac files, it provides the configuration drop in to
  enforce fips mode.

OBS-URL: https://build.opensuse.org/request/show/1226518
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=97
2024-11-27 21:05:20 +00:00
OBS User unknown
ef46e72ebe [info=da8f2965e2b2460d9eb4f7b25c3be52f7b60a42ab5b9bab48c984206a964d52e]
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=167
2024-11-26 12:59:57 +00:00
8c0cb384be [info=47ab1ca7708f6b09cc99afa33d7ec92c5e02aff2338545eedb72b0511ac25478]
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=166
2024-11-26 12:58:42 +00:00
cf0313df27 - rename -hmac subpackage to -fips because it isn't providing
the hmac files, it provides the configuration drop in to
  enforce fips mode.

- Removes deprecated SysV support
- Added prf-plus-modularization.patch that outsources the IKE
- move file %{_datadir}/dbus-1/system.d/nm-strongswan-service.conf
  to strongswan-nm subpackage, as it is needed for the
  NetworkManager plugin that uses strongswan-nm, not
- Removed unused requires and macro calls(bsc#1083261)
    improved oracle are not compatible with the earlier
    (wasn't the case since 5.0.0) and packets that have the flag
    also checked against IKEv2 signature schemes. If such
    constraints are used for certificate chain validation in
    transport mode connections coming over the same NAT device for
    Windows 7 IKEv2 clients, which announces its services over the
  * For the vici plugin a Python Egg has been added to allow
    Python applications to control or monitor the IKE daemon using
  * EAP server methods now can fulfill public key constraints,
- Fix build in factory
- Fix systemd unit dir
  from glibc
    IDr payload anymore.
  * Consistent logging of IKE and CHILD SAs at the audit (AUD) level.
  caused an INVALID_SYNTAX error on PowerPC platforms.
- Initial, unfinished package

OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=165
2024-11-26 12:56:29 +00:00
Ana Guerrero
3e9069345b Accepting request 1181997 from network:vpn
- Update description of ipsec package: no longer mention
  /etc/init.d, which is not there for a long time anymore.
- Drop legacy rc* -> sbin/service symlink. This was compatibilty
  boilerplate to transparently move between SySV and systemd
  [jsc#PED-264]. (forwarded request 1181914 from dimstar)

OBS-URL: https://build.opensuse.org/request/show/1181997
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=96
2024-06-21 14:02:56 +00:00
Ana Guerrero
6f280319a6 Accepting request 1160698 from network:vpn
- Update to release 5.9.14

OBS-URL: https://build.opensuse.org/request/show/1160698
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=95
2024-03-26 18:24:36 +00:00
Ana Guerrero
254c06c48b Accepting request 1151765 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/1151765
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=94
2024-02-27 21:45:09 +00:00
Dominique Leuenberger
5f45b7ef11 Accepting request 1132112 from network:vpn
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1132112
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=93
2023-12-09 21:49:13 +00:00
Ana Guerrero
caa40408d4 Accepting request 1129146 from network:vpn
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1129146
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=92
2023-11-27 21:42:05 +00:00
Dominique Leuenberger
e08e5b1209 Accepting request 1094810 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/1094810
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=91
2023-06-24 18:13:38 +00:00
Dominique Leuenberger
9c6e69afad Accepting request 1092643 from network:vpn
- Remove pre-SLE15 build logic
- Update to release 5.9.11

OBS-URL: https://build.opensuse.org/request/show/1092643
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=90
2023-06-14 14:28:35 +00:00
Dominique Leuenberger
657b2da015 Accepting request 1077378 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/1077378
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=89
2023-04-07 16:16:14 +00:00
Dominique Leuenberger
89db574bcf Accepting request 1068724 from network:vpn
- Update to release 5.9.10

OBS-URL: https://build.opensuse.org/request/show/1068724
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=88
2023-03-03 21:24:35 +00:00
Dominique Leuenberger
0da0fea063 Accepting request 1046554 from network:vpn
- Update to release 5.9.9

OBS-URL: https://build.opensuse.org/request/show/1046554
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=87
2023-01-04 17:10:26 +00:00
Dominique Leuenberger
02464c0051 Accepting request 1009635 from network:vpn
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1009635
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=86
2022-10-12 16:22:45 +00:00
Dominique Leuenberger
4e2b66f537 Accepting request 991802 from network:vpn
- Update to release 5.9.7

OBS-URL: https://build.opensuse.org/request/show/991802
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=85
2022-08-02 20:08:35 +00:00
Dominique Leuenberger
f3e86a936a Accepting request 975521 from network:vpn
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/975521
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=84
2022-05-08 19:52:07 +00:00
Dominique Leuenberger
2455babbdb Accepting request 963708 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/963708
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=83
2022-03-23 19:15:41 +00:00
Dominique Leuenberger
7ab7c7ff71 Accepting request 960587 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/960587
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=82
2022-03-11 20:41:06 +00:00
Dominique Leuenberger
de536ef929 Accepting request 950403 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/950403
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=81
2022-02-03 23:45:45 +00:00
Dominique Leuenberger
3e374b588f Accepting request 949260 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/949260
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=80
2022-01-26 20:26:51 +00:00
Dominique Leuenberger
ff45f5ef5d Accepting request 934253 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/934253
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=79
2021-12-01 19:46:40 +00:00
Dominique Leuenberger
86d1597046 Accepting request 933164 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/933164
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=78
2021-11-26 23:50:27 +00:00
Dominique Leuenberger
722030227c Accepting request 921963 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/921963
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=77
2021-09-29 18:18:12 +00:00
Dominique Leuenberger
0a0c8efb6c Accepting request 834251 from network:vpn
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/834251
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=76
2020-09-23 16:36:53 +00:00
Dominique Leuenberger
2e1fd31c95 Accepting request 831324 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/831324
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=75
2020-09-05 21:57:31 +00:00
Dominique Leuenberger
b280c57b1d Accepting request 800175 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/800175
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=74
2020-05-07 13:05:48 +00:00
Dominique Leuenberger
e87376d36d Accepting request 790269 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/790269
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=73
2020-04-02 15:42:30 +00:00
Dominique Leuenberger
e110a9611f Accepting request 775000 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/775000
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=72
2020-02-22 17:59:49 +00:00
Dominique Leuenberger
12fdfc6265 Accepting request 769616 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/769616
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=71
2020-02-06 12:18:28 +00:00
Dominique Leuenberger
f840ebb27d Accepting request 767305 from network:vpn
- Update to version 5.8.2:
  * Fix CVE-2018-17540, CVE-2018-16151 and CVE-2018-16152.
  * boo#1109845 and boo#1107874.

OBS-URL: https://build.opensuse.org/request/show/767305
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=70
2020-01-29 12:10:50 +00:00
Dominique Leuenberger
a348ee0611 Accepting request 624096 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/624096
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=69
2018-07-21 08:25:06 +00:00
Dominique Leuenberger
d48e33c256 Accepting request 613646 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/613646
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=68
2018-06-08 21:13:27 +00:00
Dominique Leuenberger
ea65466835 Accepting request 590079 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/590079
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=67
2018-03-24 15:15:16 +00:00
Dominique Leuenberger
adcc79ae6b Accepting request 573411 from network:vpn
- Update summaries and descriptions. Trim filler words and
  author list.
- Drop %if..%endif guards that are idempotent and do not affect
  the build result.
- Replace old $RPM_ shell variables. (forwarded request 534431 from jengelh)

OBS-URL: https://build.opensuse.org/request/show/573411
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=66
2018-02-07 17:41:10 +00:00
Dominique Leuenberger
a848a3d65d Accepting request 521289 from network:vpn
1

OBS-URL: https://build.opensuse.org/request/show/521289
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=65
2017-09-07 20:15:13 +00:00
Dominique Leuenberger
ce390f0920 Accepting request 514549 from network:vpn
1

OBS-URL: https://build.opensuse.org/request/show/514549
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=64
2017-08-24 16:45:53 +00:00
Dominique Leuenberger
253288c928 Accepting request 442527 from network:vpn
1

OBS-URL: https://build.opensuse.org/request/show/442527
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=63
2016-11-29 11:50:28 +00:00
Dominique Leuenberger
f3a0b7cca7 Accepting request 344762 from network:vpn
- Applied upstream fix for a authentication bypass vulnerability
  in the eap-mschapv2 plugin (CVE-2015-8023,bsc#953817).
  [+ 0007-strongswan-4.4.0-5.3.3_eap_mschapv2_state.patch]

OBS-URL: https://build.opensuse.org/request/show/344762
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=62
2015-11-17 13:23:11 +00:00
Dominique Leuenberger
ba2bed6a95 Accepting request 311158 from network:vpn
- Applied upstream fix for a rogue servers vulnerability, that may
  enable rogue servers able to authenticate itself with certificate
  issued by any CA the client trusts, to gain user credentials from
  a client in certain IKEv2 setups (bsc#933591,CVE-2015-4171).
  [+ 0006-strongswan-5.1.0-5.3.1_enforce_remote_auth.patch]
- Fix to apply unknown_payload patch if fips is disabled (<= 13.1)
  and renamed it to use number prefix corresponding with patch nr.
  [- strongswan-5.2.2-5.3.0_unknown_payload.patch,
   + 0005-strongswan-5.2.2-5.3.0_unknown_payload.patch]

OBS-URL: https://build.opensuse.org/request/show/311158
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=61
2015-06-09 06:49:35 +00:00
Dominique Leuenberger
a596ccdfc9 Accepting request 309675 from network:vpn
- Applied upstream fix for a DoS and potential remote code execution
  vulnerability through payload type (bsc#931272,CVE-2015-3991)
  [+ strongswan-5.2.2-5.3.0_unknown_payload.patch]

OBS-URL: https://build.opensuse.org/request/show/309675
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=60
2015-06-02 08:12:05 +00:00
Dominique Leuenberger
d688e99dd5 Accepting request 287701 from network:vpn
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/287701
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=59
2015-02-27 09:59:38 +00:00
Dominique Leuenberger
1902611f9f Accepting request 262968 from network:vpn
- Updated strongswan-hmac package description (bsc#856322).

- Disabled explicit gpg validation; osc source_validator does it.
- Guarded fipscheck and hmac package in the spec file for >13.1.

- Added generation of fips hmac hash files using fipshmac utility
  and a _fipscheck script to verify binaries/libraries/plugings
  shipped in the strongswan-hmac package.
  With enabled fips in the kernel, the ipsec script will call it
  before any action or in a enforced/manual "ipsec _fipscheck" call.
  Added config file to load openssl and kernel af-alg plugins, but
  not all the other modules which provide further/alternative algs.
  Applied a filter disallowing non-approved algorithms in fips mode.
  (fate#316931,bnc#856322).
  [+ strongswan_fipscheck.patch, strongswan_fipsfilter.patch]
- Fixed file list in the optional (disabled) strongswan-test package.
- Fixed build of the strongswan built-in integrity checksum library
  and enabled building it only on architectures tested to work.
- Fix to use bug number 897048 instead 856322 in last changes entry.
- Applied an upstream patch reverting to store algorithms in the
  registration order again as ordering them by identifier caused
  weaker algorithms to be proposed first by default (bsc#897512).
  [+0001-restore-registration-algorithm-order.bug897512.patch]

- Re-enabled gcrypt plugin and reverted to not enforce fips again
  as this breaks gcrypt and openssl plugins when the fips pattern
  option is not installed (fate#316931,bnc#856322).
  [- strongswan-fips-disablegcrypt.patch]
- Added empty strongswan-hmac package supposed to provide fips hmac
  files and enforce fips compliant operation later (bnc#856322).

OBS-URL: https://build.opensuse.org/request/show/262968
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=58
2014-11-26 09:33:53 +00:00
Stephan Kulow
8b662f08a7 Accepting request 241746 from network:vpn
- disable gcrypt plugin by default, so it will only use openssl
  fate#316931 [+strongswan-fips-disablegcrypt.patch]
- enable fips mode 2

OBS-URL: https://build.opensuse.org/request/show/241746
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=56
2014-07-21 19:40:28 +00:00
Stephan Kulow
971dcd097b Accepting request 238850 from network:vpn
1

OBS-URL: https://build.opensuse.org/request/show/238850
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=55
2014-06-30 19:45:22 +00:00
Tomáš Chvátal
088068a3b3 Accepting request 230123 from network:vpn
- Updated to strongSwan 5.1.3 providing the following changes:
  - Fixed an authentication bypass vulnerability triggered by rekeying
    an unestablished IKEv2 SA while it gets actively initiated. This
    allowed an attacker to trick a peer's IKE_SA state to established,
    without the need to provide any valid authentication credentials.
    (CVE-2014-2338, bnc#870572).
  - The acert plugin evaluates X.509 Attribute Certificates. Group
    membership information encoded as strings can be used to fulfill
    authorization checks defined with the rightgroups option.
    Attribute Certificates can be loaded locally or get exchanged in
    IKEv2 certificate payloads.
  - The pki command gained support to generate X.509 Attribute
    Certificates using the --acert subcommand, while the --print
    command supports the ac type. The openac utility has been removed
    in favor of the new pki functionality.
  - The libtls TLS 1.2 implementation as used by EAP-(T)TLS and other
    protocols has been extended by AEAD mode support, currently limited
    to AES-GCM.
  - Fixed an issue where CRL/OCSP trustchain validation broke enforcing
    CA constraints
  - Limited OCSP signing to specific certificates to improve performance
  - authKeyIdentifier is not added to self-signed certificates anymore
  - Fixed the comparison of IKE configs if only the cipher suites were
    different

- Updated to strongSwan 5.1.2 providing the following changes:
  - A new default configuration file layout is introduced. The new
    default strongswan.conf file mainly includes config snippets from
    the strongswan.d and strongswan.d/charon directories (the latter
    containing snippets for all plugins). The snippets, with commented
    defaults, are automatically generated and installed, if they don't
    exist yet. Also installed in $prefix/share/strongswan/templates so
    existing files can be compared to the current defaults.

OBS-URL: https://build.opensuse.org/request/show/230123
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=54
2014-04-17 12:09:47 +00:00
Tomáš Chvátal
d911ed5612 Accepting request 205541 from network:vpn
- Updated to strongSwan 5.1.1 minor release addressing two security
  fixes (bnc#847506,CVE-2013-6075, bnc#847509,CVE-2013-6076):
  - Fixed a denial-of-service vulnerability and potential authorization
    bypass triggered by a crafted ID_DER_ASN1_DN ID payload. The cause
    is an insufficient length check when comparing such identities. The
    vulnerability has been registered as CVE-2013-6075.
  - Fixed a denial-of-service vulnerability triggered by a crafted IKEv1
    fragmentation payload. The cause is a NULL pointer dereference. The
    vulnerability has been registered as CVE-2013-6076.
  - The lean stand-alone pt-tls-client can set up a RFC 6876 PT-TLS
    session with a strongSwan policy enforcement point which uses the
    tnc-pdp charon plugin.
  - The new TCG TNC SWID IMC/IMV pair supports targeted SWID requests
    for either full SWID Tag or concise SWID Tag ID inventories.
  - The XAuth backend in eap-radius now supports multiple XAuth
    exchanges for different credential types and display messages.
    All user input gets concatenated and verified with a single
    User-Password RADIUS attribute on the AAA. With an AAA supporting
    it, one for example can implement Password+Token authentication with
    proper dialogs on iOS and OS X clients.  - charon supports IKEv1 Mode
    Config exchange in push mode. The ipsec.conf modeconfig=push option
    enables it for both client and server, the same way as pluto used it.
  - Using the "ah" ipsec.conf keyword on both IKEv1 and IKEv2
    connections, charon can negotiate and install Security Associations
    integrity-protected by the Authentication Header protocol. Supported
    are plain AH(+IPComp) SAs only, but not the deprecated RFC2401 style
    ESP+AH bundles.
  [...]
- Adjusted file lists: this version installs the pki utility and manuals
  in common /usr directories and additional ipsec/pt-tls-client helper.

OBS-URL: https://build.opensuse.org/request/show/205541
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=53
2013-11-01 16:44:20 +00:00
Stephan Kulow
fadf7e8199 Accepting request 185964 from network:vpn
- Updated to strongSwan 5.1.0 release (bnc#833278, CVE-2013-5018)

OBS-URL: https://build.opensuse.org/request/show/185964
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=51
2013-08-05 18:55:10 +00:00
Stephan Kulow
bc8951c481 Accepting request 173989 from network:vpn
- Updated to strongSwan 5.0.4 release (bnc#815236, CVE-2013-2944):
  - Fixed a security vulnerability in the openssl plugin which was
    reported by Kevin Wojtysiak.  The vulnerability has been registered
    as CVE-2013-2944. Before the fix, if the openssl plugin's ECDSA
    signature verification was used, due to a misinterpretation of the
    error code returned by the OpenSSL ECDSA_verify() function, an empty
    or zeroed signature was accepted as a legitimate one. Refer to our
    blog for details.
  - The handling of a couple of other non-security relevant OpenSSL
    return codes was fixed as well.
  - The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses
    via its TCG TNC IF-MAP 2.1 interface.
  - The charon.initiator_only strongswan.conf option causes charon to
    ignore IKE initiation requests.
  - The openssl plugin can now use the openssl-fips library.
  The version 5.0.3 provides new ipseckey plugin, enabling authentication
  based on trustworthy public keys stored as IPSECKEY resource records in
  the DNS and protected by DNSSEC and new openssl plugin using the AES-NI
  accelerated version of AES-GCM if the hardware supports it.
  See http://wiki.strongswan.org/projects/strongswan/wiki/Changelog50
  for a list of all changes since the 5.0.1 release.

OBS-URL: https://build.opensuse.org/request/show/173989
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=50
2013-05-02 10:01:35 +00:00
Stephan Kulow
9d5f906e6f Accepting request 144037 from network:vpn
Verify GPG signature: Perform build-time offline GPG verification.
Please verify that included keyring matches your needs.
For manipulation with the offline keyring, please use gpg-offline tool from openSUSE:Factory, devel-tools-building or Base:System.
See the man page and/or /usr/share/doc/packages/gpg-offline/PACKAGING.HOWTO.

If you need to build your package for older products and don't want to mess spec file with ifs, please follow PACKAGING.HOWTO:
you can link or aggregate gpg-offline from
devel:tools:building or use following trick with "osc meta prjconf":

--- Cut here ----
%if 0%{?suse_version} &lt;= 1220
Substitute: gpg-offline
%endif

Macros:
%gpg_verify(dnf) \
%if 0%{?suse_version} &gt; 1220\
echo "WARNING: Using %%gpg_verify macro from prjconf, not from gpg-offline package."\
gpg-offline --directory="%{-d:%{-d*}}%{!-d:%{_sourcedir}}" --package="%{-n:%{-n*}}%{!-n:%{name}}""%{-f: %{-f*}}" --verify %{**}\
%else\
echo "WARNING: Dummy prjconf macro. gpg-offline is not available, skipping %{**} GPG signature verification!"\
%endif\
%nil
----------------- (forwarded request 143934 from sbrabec)

OBS-URL: https://build.opensuse.org/request/show/144037
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=48
2012-12-14 10:18:07 +00:00
Ismail Dönmez
c700515e8f Accepting request 141625 from network:vpn
- Fix systemd unit dir (forwarded request 141529 from elvigia)

OBS-URL: https://build.opensuse.org/request/show/141625
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=47
2012-11-18 19:27:10 +00:00
Ismail Dönmez
4b7aea4880 Accepting request 139871 from network:vpn
- Updated to strongSwan 5.0.1 release. Changes digest:
  - Introduced the sending of the standard IETF Assessment Result
    PA-TNC attribute by all strongSwan Integrity Measurement Verifiers.
  - Extended PTS Attestation IMC/IMV pair to provide full evidence of
    the Linux IMA measurement process. All pertinent file information
    of a Linux OS can be collected and stored in an SQL database.
  - The PA-TNC and PB-TNC protocols can now process huge data payloads.
  - The xauth-pam backend can authenticate IKEv1 XAuth and Hybrid
    authenticated clients against any PAM service.
  - The new unity plugin brings support for some parts of the IKEv1
    Cisco Unity Extensions.
  - The kernel-netlink plugin supports the new strongswan.conf option
    charon.install_virtual_ip_on.
  - Job handling in controller_t was fixed, which occasionally caused
    crashes on ipsec up/down.
  - Fixed transmission EAP-MSCHAPv2 user name if it contains a domain
    part.
  Changes digest from strongSwan 5.0.0 version:
  * The charon IKE daemon gained experimental support for the IKEv1
    protocol. Pluto has been removed from the 5.x series.
  * The NetworkManager charon plugin of previous releases is now
    provided by a separate executable (charon-nm) and it should work
    again with NM 0.9.
  * scepclient was updated and it now works fine with Windows Server
    2008 R2.
- Adopted spec file, enabled several plugins, e.g.: ccm, certexpire,
  coupling, ctr, duplicheck, eap-dynamic, eap-peap, eap-tls, eap-tnc,
  eap-ttls, gcm, nonce, radattr, tnc, tnccs, unity, xauth-eap and pam.
- Changed to install strongswan.service with alias to ipsec.service
  instead of the /etc/init.d/ipsec init script on openSUSE > 12.2.

OBS-URL: https://build.opensuse.org/request/show/139871
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=46
2012-11-08 20:54:04 +00:00
Stephan Kulow
b5cb816081 Accepting request 133236 from network:vpn
charon keying daemon start failure with openssl (bnc#779038)

OBS-URL: https://build.opensuse.org/request/show/133236
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=45
2012-09-11 07:20:14 +00:00
Stephan Kulow
4e96746b5a Accepting request 123120 from network:vpn
update to 4.6.4 / bnc#761325, CVE-2012-2388

OBS-URL: https://build.opensuse.org/request/show/123120
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=43
2012-06-01 05:24:16 +00:00
Stephan Kulow
e257efc664 Accepting request 120579 from network:vpn
update to strongswan-4.6.3

OBS-URL: https://build.opensuse.org/request/show/120579
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=42
2012-05-10 12:34:18 +00:00
Stephan Kulow
b116493b71 Accepting request 109123 from network:vpn
update to 4.6.2 (fwd of rq 107821)

OBS-URL: https://build.opensuse.org/request/show/109123
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=41
2012-03-16 12:26:15 +00:00
Stephan Kulow
09b27a0e41 Accepting request 105223 from network:vpn
update to 4.6.1, fixed glib.h build error

OBS-URL: https://build.opensuse.org/request/show/105223
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=40
2012-02-16 14:01:43 +00:00
Stephan Kulow
093e0e2909 Accepting request 97889 from network:vpn
- remove call to suse_update_config (very old work around) (forwarded request 97737 from coolo)

OBS-URL: https://build.opensuse.org/request/show/97889
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=39
2011-12-25 16:41:51 +00:00
Stephan Kulow
55e2264cda replace license with spdx.org variant
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=38
2011-12-06 18:06:11 +00:00
Sascha Peilicke
a091d377ed Autobuild autoformatter for 81895
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=36
2011-09-13 10:32:34 +00:00
Sascha Peilicke
c6ddc9b375 Accepting request 81895 from network:vpn
- remove _service file, too fragile

- Fixed version in last changelog entry

- Updated to strongSwan 4.5.3 release, changes overview since 4.5.2:

OBS-URL: https://build.opensuse.org/request/show/81895
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=35
2011-09-13 10:32:26 +00:00
Sascha Peilicke
8ea9e026ed Autobuild autoformatter for 81608
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=34
2011-09-09 10:27:07 +00:00
Sascha Peilicke
eac1b9e99a Accepting request 81608 from network:vpn
update to 4.5.3

OBS-URL: https://build.opensuse.org/request/show/81608
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=33
2011-09-09 10:26:54 +00:00
Sascha Peilicke
638d97ce57 Autobuild autoformatter for 74669
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=32
2011-06-28 09:25:23 +00:00
Sascha Peilicke
c9fcbafb1b Accepting request 74669 from network:vpn
update to current version

OBS-URL: https://build.opensuse.org/request/show/74669
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=31
2011-06-28 09:25:10 +00:00
Ruediger Oertel
7768750d0e Autobuild autoformatter for 53641
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=29
2010-11-22 11:59:45 +00:00
Ruediger Oertel
d8b764533d Accepting request 53641 from network:vpn
Accepted submit request 53641 from user mtomaschewski

OBS-URL: https://build.opensuse.org/request/show/53641
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=28
2010-11-22 11:59:34 +00:00
OBS User autobuild
421d2fceda Autobuild autoformatter for 53144
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=27
2010-11-18 15:56:31 +00:00
Ruediger Oertel
57e81b384b Accepting request 53144 from network:vpn
Accepted submit request 53144 from user mtomaschewski

OBS-URL: https://build.opensuse.org/request/show/53144
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=26
2010-11-18 15:56:26 +00:00
OBS User autobuild
a20c4c2cac Accepting request 45248 from network:vpn
Copy from network:vpn/strongswan based on submit request 45248 from user mtomaschewski

OBS-URL: https://build.opensuse.org/request/show/45248
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=25
2010-08-13 00:40:58 +00:00
OBS User autobuild
8ec0a8d6be Accepting request 42417 from network:vpn
Copy from network:vpn/strongswan based on submit request 42417 from user mtomaschewski

OBS-URL: https://build.opensuse.org/request/show/42417
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=22
2010-07-02 14:47:18 +00:00
OBS User autobuild
89ab8cfa03 Accepting request 40896 from network:vpn
Copy from network:vpn/strongswan based on submit request 40896 from user mtomaschewski

OBS-URL: https://build.opensuse.org/request/show/40896
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=21
2010-05-31 16:22:37 +00:00
4 changed files with 42 additions and 26 deletions

4
_scmsync.obsinfo Normal file
View File

@ -0,0 +1,4 @@
mtime: 1732622190
commit: da8f2965e2b2460d9eb4f7b25c3be52f7b60a42ab5b9bab48c984206a964d52e
url: https://src.opensuse.org/jengelh/strongswan
revision: master

3
build.specials.obscpio Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3ac4a036b66b71eed02d98e29f3a851b75b360034bc3c1e118a8a01d49357497
size 256

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Tue Nov 26 12:02:16 UTC 2024 - Dirk Müller <dmueller@suse.com>
- rename -hmac subpackage to -fips because it isn't providing
the hmac files, it provides the configuration drop in to
enforce fips mode.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jun 20 12:10:36 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org> Thu Jun 20 12:10:36 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
@ -104,7 +111,7 @@ Wed Apr 5 01:34:28 UTC 2023 - Mohd Saquib <mohd.saquib@suse.com>
vici aka swanctl interface which is current upstream's default. vici aka swanctl interface which is current upstream's default.
strongswan.service which enables swanctl interface is masked to strongswan.service which enables swanctl interface is masked to
stop interfering with the ipsec interface (bsc#1184144) stop interfering with the ipsec interface (bsc#1184144)
- Removes deprecated SysV support - Removes deprecated SysV support
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Mar 2 13:34:37 UTC 2023 - Jan Engelhardt <jengelh@inai.de> Thu Mar 2 13:34:37 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
@ -225,7 +232,7 @@ Wed Mar 16 12:57:46 UTC 2022 - Marcus Meissner <meissner@suse.com>
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Mar 3 14:49:26 UTC 2022 - Marcus Meissner <meissner@suse.com> Thu Mar 3 14:49:26 UTC 2022 - Marcus Meissner <meissner@suse.com>
- Added prf-plus-modularization.patch that outsources the IKE - Added prf-plus-modularization.patch that outsources the IKE
key derivation to openssl. (will be merged to 5.9.6) key derivation to openssl. (will be merged to 5.9.6)
- package the kdf config, template and plugin - package the kdf config, template and plugin
@ -415,9 +422,9 @@ Tue Mar 31 16:42:23 UTC 2020 - Madhu Mohan Nelemane <mmnelemane@suse.com>
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Feb 17 20:26:37 UTC 2020 - Johannes Kastl <kastl@b1-systems.de> Mon Feb 17 20:26:37 UTC 2020 - Johannes Kastl <kastl@b1-systems.de>
- move file %{_datadir}/dbus-1/system.d/nm-strongswan-service.conf - move file %{_datadir}/dbus-1/system.d/nm-strongswan-service.conf
to strongswan-nm subpackage, as it is needed for the to strongswan-nm subpackage, as it is needed for the
NetworkManager plugin that uses strongswan-nm, not NetworkManager plugin that uses strongswan-nm, not
strongswan-ipsec strongswan-ipsec
This fixes the following error: This fixes the following error:
``` ```
@ -624,7 +631,7 @@ Tue Apr 17 13:24:38 UTC 2018 - bjorn.lie@gmail.com
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Mar 16 08:55:10 UTC 2018 - mmnelemane@suse.com Fri Mar 16 08:55:10 UTC 2018 - mmnelemane@suse.com
- Removed unused requires and macro calls(bsc#1083261) - Removed unused requires and macro calls(bsc#1083261)
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Oct 17 11:27:54 UTC 2017 - jengelh@inai.de Tue Oct 17 11:27:54 UTC 2017 - jengelh@inai.de
@ -657,7 +664,7 @@ Tue Sep 5 17:10:11 CEST 2017 - ndas@suse.de
*By default the /etc/swanctl/conf.d directory is created and *.conf files in it are included in the default *By default the /etc/swanctl/conf.d directory is created and *.conf files in it are included in the default
swanctl.conf file. swanctl.conf file.
*The curl plugin now follows HTTP redirects (configurable via strongswan.conf). *The curl plugin now follows HTTP redirects (configurable via strongswan.conf).
*The CHILD_SA rekeying was fixed in charon-tkm and the behavior is refined a bit more since 5.5.3 *The CHILD_SA rekeying was fixed in charon-tkm and the behavior is refined a bit more since 5.5.3
@ -786,7 +793,7 @@ Mon Jul 4 12:00:00 UTC 2016 - doug@uq.edu.au
based random oracle has been fixed, generalized and based random oracle has been fixed, generalized and
standardized by employing the MGF1 mask generation function standardized by employing the MGF1 mask generation function
with SHA-512. As a consequence BLISS signatures unsing the with SHA-512. As a consequence BLISS signatures unsing the
improved oracle are not compatible with the earlier improved oracle are not compatible with the earlier
implementation. implementation.
* Support for auto=route with right=%any for transport mode * Support for auto=route with right=%any for transport mode
connections has been added (the ikev2/trap-any scenario connections has been added (the ikev2/trap-any scenario
@ -806,7 +813,7 @@ Mon Jul 4 12:00:00 UTC 2016 - doug@uq.edu.au
rightauth=any, which prevented it from using this same config rightauth=any, which prevented it from using this same config
as responder). as responder).
* The initiator flag in the IKEv2 header is compared again * The initiator flag in the IKEv2 header is compared again
(wasn't the case since 5.0.0) and packets that have the flag (wasn't the case since 5.0.0) and packets that have the flag
set incorrectly are again ignored. set incorrectly are again ignored.
* Implemented a demo Hardcopy Device IMC/IMV pair based on the * Implemented a demo Hardcopy Device IMC/IMV pair based on the
"Hardcopy Device Health Assessment Trusted Network Connect "Hardcopy Device Health Assessment Trusted Network Connect
@ -852,8 +859,8 @@ Mon Jul 4 12:00:00 UTC 2016 - doug@uq.edu.au
are chosen based on the strength of the signature key, but are chosen based on the strength of the signature key, but
specific hash algorithms may be configured in leftauth. specific hash algorithms may be configured in leftauth.
* Key types and hash algorithms specified in rightauth are now * Key types and hash algorithms specified in rightauth are now
also checked against IKEv2 signature schemes. If such also checked against IKEv2 signature schemes. If such
constraints are used for certificate chain validation in constraints are used for certificate chain validation in
existing configurations, in particular with peers that don't existing configurations, in particular with peers that don't
support RFC 7427, it may be necessary to disable this feature support RFC 7427, it may be necessary to disable this feature
with the charon.signature_authentication_constraints setting, with the charon.signature_authentication_constraints setting,
@ -862,7 +869,7 @@ Mon Jul 4 12:00:00 UTC 2016 - doug@uq.edu.au
* The new connmark plugin allows a host to bind conntrack flows * The new connmark plugin allows a host to bind conntrack flows
to a specific CHILD_SA by applying and restoring the SA mark to a specific CHILD_SA by applying and restoring the SA mark
to conntrack entries. This allows a peer to handle multiple to conntrack entries. This allows a peer to handle multiple
transport mode connections coming over the same NAT device for transport mode connections coming over the same NAT device for
client-initiated flows. A common use case is to protect client-initiated flows. A common use case is to protect
L2TP/IPsec, as supported by some systems. L2TP/IPsec, as supported by some systems.
* The forecast plugin can forward broadcast and multicast * The forecast plugin can forward broadcast and multicast
@ -870,13 +877,13 @@ Mon Jul 4 12:00:00 UTC 2016 - doug@uq.edu.au
using unique marks, it sets up the required Netfilter rules using unique marks, it sets up the required Netfilter rules
and uses a multicast/broadcast listener that forwards such and uses a multicast/broadcast listener that forwards such
messages to all connected clients. This plugin is designed for messages to all connected clients. This plugin is designed for
Windows 7 IKEv2 clients, which announces its services over the Windows 7 IKEv2 clients, which announces its services over the
tunnel if the negotiated IPsec policy allows it. tunnel if the negotiated IPsec policy allows it.
* For the vici plugin a Python Egg has been added to allow * For the vici plugin a Python Egg has been added to allow
Python applications to control or monitor the IKE daemon using Python applications to control or monitor the IKE daemon using
the VICI interface, similar to the existing ruby gem. The the VICI interface, similar to the existing ruby gem. The
Python library has been contributed by Björn Schuberg. Python library has been contributed by Björn Schuberg.
* EAP server methods now can fulfill public key constraints, * EAP server methods now can fulfill public key constraints,
such as rightcert or rightca. Additionally, public key and such as rightcert or rightca. Additionally, public key and
signature constraints can be specified for EAP methods in the signature constraints can be specified for EAP methods in the
rightauth keyword. Currently the EAP-TLS and EAP-TTLS methods rightauth keyword. Currently the EAP-TLS and EAP-TTLS methods
@ -1077,7 +1084,7 @@ Thu Jul 3 13:39:45 UTC 2014 - meissner@suse.com
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jun 20 17:38:07 UTC 2014 - crrodriguez@opensuse.org Fri Jun 20 17:38:07 UTC 2014 - crrodriguez@opensuse.org
- Fix build in factory - Fix build in factory
* Do not include var/run directories in package * Do not include var/run directories in package
* Move runtime data to /run and provide tmpfiles.d snippet * Move runtime data to /run and provide tmpfiles.d snippet
* Add proper systemd macros to rpm scriptlets. * Add proper systemd macros to rpm scriptlets.
@ -1324,7 +1331,7 @@ Thu Nov 29 19:13:40 CET 2012 - sbrabec@suse.cz
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Nov 16 04:02:32 UTC 2012 - crrodriguez@opensuse.org Fri Nov 16 04:02:32 UTC 2012 - crrodriguez@opensuse.org
- Fix systemd unit dir - Fix systemd unit dir
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Oct 31 15:25:16 UTC 2012 - mt@suse.de Wed Oct 31 15:25:16 UTC 2012 - mt@suse.de
@ -2007,7 +2014,7 @@ Wed Jun 10 11:04:44 CEST 2009 - mt@suse.de
Mon Jun 8 00:21:13 CEST 2009 - ro@suse.de Mon Jun 8 00:21:13 CEST 2009 - ro@suse.de
- rename getline to my_getline to avoid collision with function - rename getline to my_getline to avoid collision with function
from glibc from glibc
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jun 2 09:56:16 CEST 2009 - mt@suse.de Tue Jun 2 09:56:16 CEST 2009 - mt@suse.de
@ -2048,7 +2055,7 @@ Tue Mar 31 11:19:03 CEST 2009 - mt@suse.de
As a workaround such dates are set to the maximum representable As a workaround such dates are set to the maximum representable
time, i.e. Jan 19 03:14:07 UTC 2038. time, i.e. Jan 19 03:14:07 UTC 2038.
* Distinguished Names containing wildcards (*) are not sent in the * Distinguished Names containing wildcards (*) are not sent in the
IDr payload anymore. IDr payload anymore.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Oct 20 09:27:06 CEST 2008 - mt@suse.de Mon Oct 20 09:27:06 CEST 2008 - mt@suse.de
@ -2114,7 +2121,7 @@ Thu Aug 28 09:48:14 CEST 2008 - mt@suse.de
several hundred tunnels concurrently. several hundred tunnels concurrently.
* Fixed the --enable-integrity-test configure option which * Fixed the --enable-integrity-test configure option which
computes a SHA-1 checksum over the libstrongswan library. computes a SHA-1 checksum over the libstrongswan library.
* Consistent logging of IKE and CHILD SAs at the audit (AUD) level. * Consistent logging of IKE and CHILD SAs at the audit (AUD) level.
* Improved the performance of the SQL-based virtual IP address pool * Improved the performance of the SQL-based virtual IP address pool
by introducing an additional addresses table. The leases table by introducing an additional addresses table. The leases table
storing only history information has become optional and can be storing only history information has become optional and can be
@ -2218,7 +2225,7 @@ Tue Feb 19 11:44:03 CET 2008 - mt@suse.de
to the rekeyed IKE_SA so that the UDP encapsulation was lost with to the rekeyed IKE_SA so that the UDP encapsulation was lost with
the next CHILD_SA rekeying. the next CHILD_SA rekeying.
* Wrong type definition of the next_payload variable in id_payload.c * Wrong type definition of the next_payload variable in id_payload.c
caused an INVALID_SYNTAX error on PowerPC platforms. caused an INVALID_SYNTAX error on PowerPC platforms.
* Implemented IKEv2 EAP-SIM server and client test modules that use * Implemented IKEv2 EAP-SIM server and client test modules that use
triplets stored in a file. For details on the configuration see triplets stored in a file. For details on the configuration see
the scenario 'ikev2/rw-eap-sim-rsa'. the scenario 'ikev2/rw-eap-sim-rsa'.
@ -2250,5 +2257,5 @@ Mon Nov 26 10:19:40 CET 2007 - mt@suse.de
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Nov 22 10:25:56 CET 2007 - mt@suse.de Thu Nov 22 10:25:56 CET 2007 - mt@suse.de
- Initial, unfinished package - Initial, unfinished package

View File

@ -145,13 +145,15 @@ StrongSwan is an IPsec-based VPN solution for Linux.
This package provides the strongswan library and plugins. This package provides the strongswan library and plugins.
%package hmac %package fips
Summary: Config file to disable non FIPS-140-2 algos in strongSwan Summary: Config file to disable non FIPS-140-2 algos in strongSwan
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Requires: strongswan-ipsec = %{version} Requires: strongswan-ipsec = %{version}
Requires: strongswan-libs0 = %{version} Requires: strongswan-libs0 = %{version}
Provides: strongswan-hmac = %{version}-%{release}
Obsoletes: strongswan-hmac < %{version}-%{release}
%description hmac %description fips
The package provides a config file disabling alternative algorithm The package provides a config file disabling alternative algorithm
implementation when FIPS-140-2 compliant operation mode is enabled. implementation when FIPS-140-2 compliant operation mode is enabled.
@ -446,7 +448,7 @@ fi
%if %{with fipscheck} %if %{with fipscheck}
%files hmac %files fips
%dir %{strongswan_configs} %dir %{strongswan_configs}
%dir %{strongswan_configs}/charon %dir %{strongswan_configs}/charon
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/zzz_fips-enforce.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/zzz_fips-enforce.conf