Hello community, here is the log from the commit of package strongswan for openSUSE:Factory checked in at 2020-01-29 13:10:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/strongswan (Old) and /work/SRC/openSUSE:Factory/.strongswan.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "strongswan" Wed Jan 29 13:10:50 2020 rev:70 rq:767305 version:5.8.2 Changes: -------- --- /work/SRC/openSUSE:Factory/strongswan/strongswan.changes 2018-07-21 10:25:08.590958604 +0200 +++ /work/SRC/openSUSE:Factory/.strongswan.new.26092/strongswan.changes 2020-01-29 13:11:12.033949593 +0100 @@ -1,0 +2,26 @@ +Sun Jan 26 08:54:01 UTC 2020 - Jan Engelhardt <jeng...@inai.de> + +- Replace %__-type macro indirections. Update homepage URL to https. + +------------------------------------------------------------------- +Mon Jan 6 22:06:58 UTC 2020 - Bjørn Lie <bjorn....@gmail.com> + +- Update to version 5.8.2: + * The systemd service units have changed their name. + "strongswan" is now "strongswan-starter", and + "strongswan-swanctl" is now "strongswan". + After installation, you need to `systemctl disable` the old + name and `systemctl enable`+start the new one. + * Fix CVE-2018-17540, CVE-2018-16151 and CVE-2018-16152. + * boo#1109845 and boo#1107874. +- Please check included NEWS file for info on what other changes + that have been done in versions 5.8.2, 5.8.1 5.8.0, 5.7.2, 5.7.1 + and 5.7.0. +- Rebase strongswan_ipsec_service.patch. +- Disable patches that need rebase or dropping: + * strongswan_modprobe_syslog.patch + * 0006-fix-compilation-error-by-adding-stdint.h.patch +- Add conditional pkgconfig(libsystemd) BuildRequires: New + dependency. + +------------------------------------------------------------------- Old: ---- strongswan-5.6.3.tar.bz2 strongswan-5.6.3.tar.bz2.sig New: ---- strongswan-5.8.2.tar.bz2 strongswan-5.8.2.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ strongswan.spec ++++++ --- /var/tmp/diff_new_pack.S6pmoQ/_old 2020-01-29 13:11:15.093951157 +0100 +++ /var/tmp/diff_new_pack.S6pmoQ/_new 2020-01-29 13:11:15.093951157 +0100 @@ -1,7 +1,7 @@ # # spec file for package strongswan # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,12 +12,12 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: strongswan -Version: 5.6.3 +Version: 5.8.2 Release: 0 %define upstream_version %{version} %define strongswan_docdir %{_docdir}/%{name} @@ -64,8 +64,7 @@ Summary: IPsec-based VPN solution License: GPL-2.0-or-later Group: Productivity/Networking/Security -Url: http://www.strongswan.org/ -Requires: strongswan-ipsec = %{version} +URL: https://www.strongswan.org/ Source0: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2 Source1: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2.sig Source2: %{name}.init.in @@ -76,6 +75,7 @@ Source6: fipscheck.sh.in Source7: fips-enforce.conf %endif +# Needs rebase Patch1: %{name}_modprobe_syslog.patch Patch2: %{name}_ipsec_service.patch %if %{with fipscheck} @@ -84,6 +84,7 @@ Patch4: %{name}_fipsfilter.patch %endif Patch5: 0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch +# Needs rebase Patch6: 0006-fix-compilation-error-by-adding-stdint.h.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison @@ -112,6 +113,7 @@ %endif %if %{with systemd} %{?systemd_requires} +BuildRequires: pkgconfig(libsystemd) %endif BuildRequires: iptables %if %{with systemd} @@ -126,6 +128,7 @@ BuildRequires: fipscheck %endif BuildRequires: libtool +Requires: strongswan-ipsec = %{version} %description StrongSwan is an IPsec-based VPN solution for Linux. @@ -159,9 +162,9 @@ This package triggers the installation of both, IKEv1 and IKEv2 daemons. %package doc -BuildArch: noarch Summary: Documentation for strongSwan Group: Documentation/Man +BuildArch: noarch %description doc StrongSwan is an IPsec-based VPN solution for Linux. @@ -254,7 +257,8 @@ %prep %setup -q -n %{name}-%{upstream_version} -%patch1 -p1 +# Needs rebase, file it patches no longer exists. +#patch1 -p1 %patch2 -p1 %if %{with fipscheck} %patch3 -p1 @@ -262,7 +266,8 @@ #patch4 -p1 %endif %patch5 -p1 -%patch6 -p1 +# Needs rebase. +#patch6 -p1 sed -e 's|@libexecdir@|%_libexecdir|g' \ < %{_sourcedir}/strongswan.init.in \ > strongswan.init @@ -288,6 +293,7 @@ --with-resolv-conf=%{_rundir}/%{name}/resolv.conf \ --with-piddir=%{_rundir}/%{name} \ %if %{with systemd} + --enable-systemd \ --with-systemdsystemunitdir=%{_unitdir} \ %endif --enable-pkcs11 \ @@ -442,7 +448,7 @@ install -c -m644 %{_sourcedir}/README.SUSE \ %{buildroot}/%{strongswan_docdir}/ %if %{with systemd} -%{__install} -d -m 0755 %{buildroot}%{_tmpfilesdir} +install -d -m 0755 %{buildroot}%{_tmpfilesdir} echo 'd %{_rundir}/%{name} 0770 root root' > %{buildroot}%{_tmpfilesdir}/%{name}.conf %endif %if %{with fipscheck} @@ -477,7 +483,7 @@ %post libs0 /sbin/ldconfig %{?tmpfiles_create:%tmpfiles_create %{_tmpfilesdir}/%{name}.conf} -%{!?tmpfiles_create:test -d %{_rundir}/%{name} || %{__mkdir_p} %{_rundir}/%{name}} +%{!?tmpfiles_create:test -d %{_rundir}/%{name} || mkdir -p %{_rundir}/%{name}} %postun libs0 -p /sbin/ldconfig @@ -551,9 +557,11 @@ %dir %{_sysconfdir}/ipsec.d/ocspcerts %dir %attr(700,root,root) %{_sysconfdir}/ipsec.d/private %if %{with systemd} +%{_unitdir}/strongswan-starter.service %{_unitdir}/strongswan.service -%{_sysconfdir}/dbus-1/system.d/nm-strongswan-service.conf +%{_datadir}/dbus-1/system.d/nm-strongswan-service.conf %{_sbindir}/rcstrongswan +%{_sbindir}/charon-systemd %else %config %{_sysconfdir}/init.d/ipsec %{_sbindir}/rcipsec @@ -574,6 +582,7 @@ %if %{with test} %{_libexecdir}/ipsec/conftest %endif +%{_libexecdir}/ipsec/xfrmi %{_libexecdir}/ipsec/duplicheck %{_libexecdir}/ipsec/pool %{_libexecdir}/ipsec/scepclient @@ -583,6 +592,7 @@ %{_libexecdir}/ipsec/_imv_policy %{_libexecdir}/ipsec/imv_policy_manager %dir %{strongswan_plugins} +%{strongswan_plugins}/libstrongswan-drbg.so %{strongswan_plugins}/libstrongswan-stroke.so %{strongswan_plugins}/libstrongswan-updown.so @@ -609,6 +619,9 @@ %dir %{strongswan_configs} %dir %{strongswan_configs}/charon %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon.conf +%if %{with systemd} +%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon-systemd.conf +%endif %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon-logging.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/imcv.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/pki.conf @@ -621,6 +634,7 @@ %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/aes.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/counters.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/curve25519.conf +%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/drbg.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/vici.conf %if %{with afalg} %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/af-alg.conf @@ -856,6 +870,7 @@ %{strongswan_templates}/config/plugins/des.conf %{strongswan_templates}/config/plugins/dhcp.conf %{strongswan_templates}/config/plugins/dnskey.conf +%{strongswan_templates}/config/plugins/drbg.conf %{strongswan_templates}/config/plugins/duplicheck.conf %{strongswan_templates}/config/plugins/eap-aka-3gpp2.conf %{strongswan_templates}/config/plugins/eap-aka.conf @@ -931,6 +946,9 @@ %{strongswan_templates}/config/plugins/xcbc.conf %{strongswan_templates}/config/plugins/curve25519.conf %{strongswan_templates}/config/plugins/vici.conf +%if %{with systemd} +%{strongswan_templates}/config/strongswan.d/charon-systemd.conf +%endif %{strongswan_templates}/config/strongswan.d/charon-logging.conf %{strongswan_templates}/config/strongswan.d/charon.conf %{strongswan_templates}/config/strongswan.d/imcv.conf ++++++ strongswan-5.6.3.tar.bz2 -> strongswan-5.8.2.tar.bz2 ++++++ ++++ 200924 lines of diff (skipped) ++++++ strongswan_ipsec_service.patch ++++++ --- /var/tmp/diff_new_pack.S6pmoQ/_old 2020-01-29 13:11:20.217953777 +0100 +++ /var/tmp/diff_new_pack.S6pmoQ/_new 2020-01-29 13:11:20.217953777 +0100 @@ -1,7 +1,7 @@ Index: strongswan-5.6.2/init/systemd/strongswan.service.in =================================================================== ---- strongswan-5.6.2.orig/init/systemd/strongswan.service.in 2017-02-07 08:04:04.000000000 +0100 -+++ strongswan-5.6.2/init/systemd/strongswan.service.in 2018-04-17 16:53:57.546334751 +0200 +--- strongswan-5.6.2.orig/init/systemd-starter/strongswan-starter.service.in 2017-02-07 08:04:04.000000000 +0100 ++++ strongswan-5.6.2/init/systemd-starter/strongswan-starter.service.in 2018-04-17 16:53:57.546334751 +0200 @@ -9,3 +9,4 @@ Restart=on-abnormal [Install]