Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package NetworkManager-strongswan for
openSUSE:Factory checked in at 2026-03-06 18:16:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/NetworkManager-strongswan (Old)
and /work/SRC/openSUSE:Factory/.NetworkManager-strongswan.new.561 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "NetworkManager-strongswan"
Fri Mar 6 18:16:36 2026 rev:29 rq:1336565 version:1.6.4
Changes:
--------
---
/work/SRC/openSUSE:Factory/NetworkManager-strongswan/NetworkManager-strongswan.changes
2025-10-04 18:51:04.273329101 +0200
+++
/work/SRC/openSUSE:Factory/.NetworkManager-strongswan.new.561/NetworkManager-strongswan.changes
2026-03-06 18:16:42.011441121 +0100
@@ -1,0 +2,6 @@
+Mon Dec 29 11:43:18 UTC 2025 - Dominique Leuenberger <[email protected]>
+
+- Update to version 1.6.4:
+ + Fixes regarding CVE-2025-9615
+
+-------------------------------------------------------------------
Old:
----
NetworkManager-strongswan-1.6.3.tar.bz2
NetworkManager-strongswan-1.6.3.tar.bz2.sig
New:
----
NetworkManager-strongswan-1.6.4.tar.bz2
NetworkManager-strongswan-1.6.4.tar.bz2.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ NetworkManager-strongswan.spec ++++++
--- /var/tmp/diff_new_pack.jXuMZx/_old 2026-03-06 18:16:42.699469811 +0100
+++ /var/tmp/diff_new_pack.jXuMZx/_new 2026-03-06 18:16:42.703469978 +0100
@@ -17,7 +17,7 @@
Name: NetworkManager-strongswan
-Version: 1.6.3
+Version: 1.6.4
Release: 0
Summary: NetworkManager VPN support for strongSwan
License: GPL-2.0-or-later
++++++ NetworkManager-strongswan-1.6.3.tar.bz2 ->
NetworkManager-strongswan-1.6.4.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/NetworkManager-strongswan-1.6.3/NEWS
new/NetworkManager-strongswan-1.6.4/NEWS
--- old/NetworkManager-strongswan-1.6.3/NEWS 2025-07-14 11:00:49.000000000
+0200
+++ new/NetworkManager-strongswan-1.6.4/NEWS 2025-12-12 15:35:53.000000000
+0100
@@ -1,3 +1,8 @@
+NetworkManager-strongswan-1.6.4
+-------------------------------
+
+- Fixes regarding CVE-2025-9615
+
NetworkManager-strongswan-1.6.3
-------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/NetworkManager-strongswan-1.6.3/auth-dialog/main.c
new/NetworkManager-strongswan-1.6.4/auth-dialog/main.c
--- old/NetworkManager-strongswan-1.6.3/auth-dialog/main.c 2025-07-01
13:15:07.000000000 +0200
+++ new/NetworkManager-strongswan-1.6.4/auth-dialog/main.c 2025-12-12
15:33:37.000000000 +0100
@@ -28,6 +28,7 @@
#include <glib/gi18n.h>
#include <gtk/gtk.h>
#include <libsecret/secret.h>
+#include <pwd.h>
#include <NetworkManager.h>
#include <nm-vpn-service-plugin.h>
@@ -217,6 +218,11 @@
printf("%s\n%s\n", secret_name, secret);
g_free(secret);
}
+}
+
+static void print_last_secret (const char *secret_name, gchar *secret)
+{
+ print_secret(secret_name, secret);
printf("\n\n");
fflush(stdout);
}
@@ -316,6 +322,17 @@
agent = getenv("SSH_AUTH_SOCK");
if (agent)
{
+ int uid = getuid();
+ struct passwd *pw = getpwuid(uid);
+
+ if (!pw)
+ {
+ fprintf(stderr, "Unable to determine
username for "
+ "authentication via
ssh-agent\n");
+ status = 1;
+ goto out;
+ }
+
if (external_ui_mode)
{
GKeyFile *keyfile;
@@ -326,6 +343,7 @@
g_key_file_set_string (keyfile,
UI_KEYFILE_GROUP, "Description", "SSH agent");
g_key_file_set_string (keyfile,
UI_KEYFILE_GROUP, "Title", _("Authenticate VPN"));
+ keyfile_add_entry_info (keyfile,
"agent-user", pw->pw_name, "SSH agent user", TRUE, FALSE);
keyfile_add_entry_info (keyfile,
"agent", agent, "SSH agent socket", TRUE, FALSE);
keyfile_print_stdout (keyfile);
@@ -333,7 +351,8 @@
}
else
{
- print_secret("agent", g_strdup (agent));
+ print_secret("agent-user", g_strdup
(pw->pw_name));
+ print_last_secret("agent", g_strdup
(agent));
wait_for_quit ();
}
}
@@ -366,7 +385,7 @@
}
else if (!external_ui_mode)
{
- print_secret("password", pass);
+ print_last_secret("password", pass);
wait_for_quit ();
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/NetworkManager-strongswan-1.6.3/configure
new/NetworkManager-strongswan-1.6.4/configure
--- old/NetworkManager-strongswan-1.6.3/configure 2025-07-14
11:01:52.000000000 +0200
+++ new/NetworkManager-strongswan-1.6.4/configure 2025-12-12
15:36:32.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for NetworkManager-strongswan 1.6.3.
+# Generated by GNU Autoconf 2.71 for NetworkManager-strongswan 1.6.4.
#
# Report bugs to <[email protected]>.
#
@@ -621,8 +621,8 @@
# Identity of this package.
PACKAGE_NAME='NetworkManager-strongswan'
PACKAGE_TARNAME='NetworkManager-strongswan'
-PACKAGE_VERSION='1.6.3'
-PACKAGE_STRING='NetworkManager-strongswan 1.6.3'
+PACKAGE_VERSION='1.6.4'
+PACKAGE_STRING='NetworkManager-strongswan 1.6.4'
PACKAGE_BUGREPORT='[email protected]'
PACKAGE_URL=''
@@ -1424,7 +1424,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures NetworkManager-strongswan 1.6.3 to adapt to many kinds
of systems.
+\`configure' configures NetworkManager-strongswan 1.6.4 to adapt to many kinds
of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1496,7 +1496,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of NetworkManager-strongswan
1.6.3:";;
+ short | recursive ) echo "Configuration of NetworkManager-strongswan
1.6.4:";;
esac
cat <<\_ACEOF
@@ -1649,7 +1649,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-NetworkManager-strongswan configure 1.6.3
+NetworkManager-strongswan configure 1.6.4
generated by GNU Autoconf 2.71
Copyright (C) 2021 Free Software Foundation, Inc.
@@ -2005,7 +2005,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by NetworkManager-strongswan $as_me 1.6.3, which was
+It was created by NetworkManager-strongswan $as_me 1.6.4, which was
generated by GNU Autoconf 2.71. Invocation command line was
$ $0$ac_configure_args_raw
@@ -3275,7 +3275,7 @@
# Define the identity of the package.
PACKAGE='NetworkManager-strongswan'
- VERSION='1.6.3'
+ VERSION='1.6.4'
printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h
@@ -15861,8 +15861,6 @@
printf "%s\n" "yes" >&6; }
fi
-LIBNM_CFLAGS="$LIBNM_CFLAGS -DNM_VERSION_MIN_REQUIRED=NM_VERSION_1_2"
-LIBNM_CFLAGS="$LIBNM_CFLAGS -DNM_VERSION_MAX_ALLOWED=NM_VERSION_1_2"
pkg_failed=no
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for libnma >= 1.1.0" >&5
@@ -16744,7 +16742,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by NetworkManager-strongswan $as_me 1.6.3, which was
+This file was extended by NetworkManager-strongswan $as_me 1.6.4, which was
generated by GNU Autoconf 2.71. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -16812,7 +16810,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config='$ac_cs_config_escaped'
ac_cs_version="\\
-NetworkManager-strongswan config.status 1.6.3
+NetworkManager-strongswan config.status 1.6.4
configured by $0, generated by GNU Autoconf 2.71,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/NetworkManager-strongswan-1.6.3/configure.ac
new/NetworkManager-strongswan-1.6.4/configure.ac
--- old/NetworkManager-strongswan-1.6.3/configure.ac 2025-07-14
10:58:39.000000000 +0200
+++ new/NetworkManager-strongswan-1.6.4/configure.ac 2025-12-12
15:34:21.000000000 +0100
@@ -1,6 +1,6 @@
AC_PREREQ([2.69])
-AC_INIT([NetworkManager-strongswan],[1.6.3],[[email protected]],[NetworkManager-strongswan])
+AC_INIT([NetworkManager-strongswan],[1.6.4],[[email protected]],[NetworkManager-strongswan])
AM_INIT_AUTOMAKE([subdir-objects])
AM_MAINTAINER_MODE
@@ -78,8 +78,6 @@
AM_CONDITIONAL(WITH_GTK4, test "$with_gtk4" != no)
PKG_CHECK_MODULES(LIBNM, libnm >= 1.1.0)
-LIBNM_CFLAGS="$LIBNM_CFLAGS -DNM_VERSION_MIN_REQUIRED=NM_VERSION_1_2"
-LIBNM_CFLAGS="$LIBNM_CFLAGS -DNM_VERSION_MAX_ALLOWED=NM_VERSION_1_2"
PKG_CHECK_MODULES(LIBNMA, libnma >= 1.1.0)
if test x"$with_gtk4" != xno; then
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/NetworkManager-strongswan-1.6.3/nm-strongswan-service.name.in
new/NetworkManager-strongswan-1.6.4/nm-strongswan-service.name.in
--- old/NetworkManager-strongswan-1.6.3/nm-strongswan-service.name.in
2025-07-01 13:15:07.000000000 +0200
+++ new/NetworkManager-strongswan-1.6.4/nm-strongswan-service.name.in
2025-12-12 15:33:37.000000000 +0100
@@ -2,6 +2,7 @@
name=strongswan
service=org.freedesktop.NetworkManager.strongswan
program=@CHARON@
+supports-safe-private-file-access=true
[libnm]
plugin=@NM_PLUGINDIR@/libnm-vpn-plugin-strongswan.so
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/NetworkManager-strongswan-1.6.3/po/NetworkManager-strongswan.pot
new/NetworkManager-strongswan-1.6.4/po/NetworkManager-strongswan.pot
--- old/NetworkManager-strongswan-1.6.3/po/NetworkManager-strongswan.pot
2025-07-14 11:01:59.000000000 +0200
+++ new/NetworkManager-strongswan-1.6.4/po/NetworkManager-strongswan.pot
2025-12-12 15:36:46.000000000 +0100
@@ -6,9 +6,9 @@
#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: NetworkManager-strongswan 1.6.3\n"
+"Project-Id-Version: NetworkManager-strongswan 1.6.4\n"
"Report-Msgid-Bugs-To: https://github.com/strongswan/strongswan\n";
-"POT-Creation-Date: 2025-07-14 11:01+0200\n"
+"POT-Creation-Date: 2025-12-12 15:36+0100\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <[email protected]>\n"
@@ -312,38 +312,38 @@
msgid "Choose a private key…"
msgstr ""
-#: auth-dialog/main.c:136
+#: auth-dialog/main.c:137
#, c-format
msgid "EAP password required to establish VPN connection '%s'."
msgstr ""
-#: auth-dialog/main.c:141
+#: auth-dialog/main.c:142
#, c-format
msgid ""
"Pre-shared key required to establish VPN connection '%s' (min. 20 "
"characters)."
msgstr ""
-#: auth-dialog/main.c:149
+#: auth-dialog/main.c:150
#, c-format
msgid "Smartcard PIN required to establish VPN connection '%s'."
msgstr ""
-#: auth-dialog/main.c:154
+#: auth-dialog/main.c:155
#, c-format
msgid ""
"Private key decryption password required to establish VPN connection '%s'."
msgstr ""
-#: auth-dialog/main.c:166 auth-dialog/main.c:184 auth-dialog/main.c:327
+#: auth-dialog/main.c:167 auth-dialog/main.c:185 auth-dialog/main.c:344
msgid "Authenticate VPN"
msgstr ""
-#: auth-dialog/main.c:168
+#: auth-dialog/main.c:169
msgid "Password:"
msgstr ""
-#: auth-dialog/main.c:345
+#: auth-dialog/main.c:364
msgid ""
"Configuration uses ssh-agent for authentication, but ssh-agent is not "
"running!"
