Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package strongswan for openSUSE:Factory checked in at 2026-06-10 15:44:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/strongswan (Old) and /work/SRC/openSUSE:Factory/.strongswan.new.2375 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "strongswan" Wed Jun 10 15:44:45 2026 rev:107 rq:1358027 version:6.0.7 Changes: -------- --- /work/SRC/openSUSE:Factory/strongswan/strongswan.changes 2026-04-26 21:11:05.824888816 +0200 +++ /work/SRC/openSUSE:Factory/.strongswan.new.2375/strongswan.changes 2026-06-10 15:44:55.308251948 +0200 @@ -1,0 +2,25 @@ +Mon Jun 8 15:14:51 UTC 2026 - Jan Engelhardt <[email protected]> + +- Update to release 6.0.7 + * Fixed a vulnerability in libstrongswan related to the cloning + of certain identities that can result in an double-free and + potentially remote code execution. [CVE-2026-47895] + * The validity (notBefore/notAfter) of the last certificate in + the incomplete trust chain of a pre-trusted certificate is now + enforced. The validity of pre-trusted, self-signed certificates + is now also enforced. + * Enable mixed-family IPComp configs with Linux kernel 6.3 and + newer. + * charon-cmd does not default to IPv4 anymore and allows + configuring the local endpoint via --host-local option. + * The swanctl --list-conns command now accepts an --ike option to + filter connections by name. + +------------------------------------------------------------------- +Wed Jun 03 07:36:25 UTC 2026 - Rahul Jain <[email protected]> + +- Enable ChaCha20/Poly1305 and MGF1 support (bsc#1093020) + * Added --enable-chapoly and --enable-mgf1 configure options + * Added chapoly configuration files and plugin libraries + +------------------------------------------------------------------- Old: ---- strongswan-6.0.6.tar.bz2 strongswan-6.0.6.tar.bz2.sig New: ---- strongswan-6.0.7.tar.bz2 strongswan-6.0.7.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ strongswan.spec ++++++ --- /var/tmp/diff_new_pack.S5XTYy/_old 2026-06-10 15:44:56.688309136 +0200 +++ /var/tmp/diff_new_pack.S5XTYy/_new 2026-06-10 15:44:56.688309136 +0200 @@ -39,12 +39,13 @@ %bcond_without systemd Name: strongswan -Version: 6.0.6 +Version: 6.0.7 Release: 0 Summary: IPsec-based VPN solution License: GPL-2.0-or-later Group: Productivity/Networking/Security URL: https://www.strongswan.org/ +#Git-Clone: https://github.com/strongswan/strongswan Source0: http://download.strongswan.org/strongswan-%version.tar.bz2 Source1: http://download.strongswan.org/strongswan-%version.tar.bz2.sig Source2: %{name}.init.in @@ -236,6 +237,8 @@ --enable-ctr \ --enable-ccm \ --enable-gcm \ + --enable-chapoly \ + --enable-mgf1 \ --enable-unity \ --enable-md4 \ %if %{with afalg} @@ -528,6 +531,7 @@ %if %{with gcrypt} %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/gcrypt.conf %endif +%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/chapoly.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/gmp.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/ha.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/kdf.conf @@ -588,6 +592,7 @@ %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon-nm/fips-prf.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon-nm/gcm.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon-nm/gcrypt.conf +%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon-nm/chapoly.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon-nm/gmp.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon-nm/kdf.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon-nm/kernel-netlink.conf @@ -674,6 +679,7 @@ %if %{with gcrypt} %{strongswan_plugins}/libstrongswan-gcrypt.so %endif +%{strongswan_plugins}/libstrongswan-chapoly.so %{strongswan_plugins}/libstrongswan-gmp.so %{strongswan_plugins}/libstrongswan-ha.so %{strongswan_plugins}/libstrongswan-kdf.so @@ -769,6 +775,7 @@ %if %{with gcrypt} %{strongswan_templates}/config/plugins/gcrypt.conf %endif +%{strongswan_templates}/config/plugins/chapoly.conf %{strongswan_templates}/config/plugins/gmp.conf %{strongswan_templates}/config/plugins/ha.conf %{strongswan_templates}/config/plugins/kdf.conf ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.S5XTYy/_old 2026-06-10 15:44:56.740311292 +0200 +++ /var/tmp/diff_new_pack.S5XTYy/_new 2026-06-10 15:44:56.744311457 +0200 @@ -1,5 +1,5 @@ -mtime: 1776890031 -commit: 47b5bbab0c5ecf95cf511600c1e5ec4d90e1b02cb890c60a064d31c58002ad4f +mtime: 1780932302 +commit: 5515ac2d88c71dcc7d62cb74f3812f57a635354658dcaee1472e75484df8f45b url: https://src.opensuse.org/jengelh/strongswan revision: master ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-06-08 17:25:02.000000000 +0200 @@ -0,0 +1 @@ +.osc ++++++ strongswan-6.0.6.tar.bz2 -> strongswan-6.0.7.tar.bz2 ++++++ ++++ 2340 lines of diff (skipped)
