Hello community, here is the log from the commit of package strongswan for openSUSE:Factory checked in at 2020-05-07 15:05:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/strongswan (Old) and /work/SRC/openSUSE:Factory/.strongswan.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "strongswan" Thu May 7 15:05:48 2020 rev:74 rq:800175 version:5.8.4 Changes: -------- --- /work/SRC/openSUSE:Factory/strongswan/strongswan.changes 2020-04-02 17:42:32.361358110 +0200 +++ /work/SRC/openSUSE:Factory/.strongswan.new.2738/strongswan.changes 2020-05-07 15:05:51.415752556 +0200 @@ -1,0 +2,62 @@ +Fri May 1 09:39:42 UTC 2020 - Bjørn Lie <[email protected]> + +- Update to version 5.8.4: + * In IKEv1 Quick Mode make sure that a proposal exists before + determining lifetimes (fixes a crash due to a null-pointer + dereference in 5.8.3). + * OpenSSL currently doesn't support squeezing bytes out of a + SHAKE128/256 XOF (support was added with 5.8.3) multiple times. + Unfortunately, EVP_DigestFinalXOF() completely resets the + context and later calls not simply fail, they cause a + null-pointer dereference in libcrypto. c5c1898d73 fixes the + crash at the cost of repeating initializing the whole state and + allocating too much data for subsequent calls (hopefully, once + the OpenSSL issue 7894 is resolved we can implement this more + efficiently). + * On 32-bit platforms, reading arbitrary 32-bit integers from + config files (e.g. for charon.spi_min/max) has been fixed. + * charon-nm now allows using fixed source ports. +- Changes from version 5.8.3: + * Updates for the NM plugin (and backend, which has to be updated + to be compatible): + + EAP-TLS authentication (#2097) + + Certificate source (file, agent, smartcard) is selectable + independently + + Add support to configure local and remote identities (#2581) + + Support configuring a custom server port (#625) + + Show hint regarding password storage policy + + Replaced the term "gateway" with "server" + + Fixes build issues due to use of deprecated GLib + macros/functions + + Updated Glade file to GTK 3.2 + * The NM backend now supports reauthentication and redirection. + * Previously used reqids are now reallocated, which works around + an issue on FreeBSD where the kernel doesn't allow the daemon + to use reqids > 16383 (#2315). + * On Linux, throw type routes are installed in table 220 for + passthrough policies. The kernel will then fall back on routes + in routing tables with lower priorities for matching traffic. + This way, they require less information (e.g. no interface or + source IP) and can be installed earlier and are not affected by + updates. + * For IKEv1, the lifetimes of the actually selected transform are + returned to the initiator, which is an issue if the peer uses + different lifetimes for different transforms (#3329). We now + also return the correct transform and proposal IDs (proposal ID + was always 0, transform ID 1). IKE_SAs are now not + re-established anymore (e.g. after several retransmits) if a + deletion has been queued (#3335). + * Added support for Ed448 keys and certificates via openssl + plugin and pki tool. + * Added support for SHA-3 and SHAKE128/256 in the openssl plugin. + * The use of algorithm IDs from the private use range can now be + enabled globally, to use them even if no strongSwan vendor ID + was exchanged (05e373aeb0). + * Fixed a compiler issue that may have caused invalid keyUsage + extensions in certificates (#3249). + * A lot of spelling fixes. + * Fixed several reported issues. +- Drop 0006-Resolve-multiple-definition-of-swanctl_dir.patch: Fixed + upstream. + +------------------------------------------------------------------- Old: ---- 0006-Resolve-multiple-definition-of-swanctl_dir.patch strongswan-5.8.2.tar.bz2 strongswan-5.8.2.tar.bz2.sig New: ---- strongswan-5.8.4.tar.bz2 strongswan-5.8.4.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ strongswan.spec ++++++ --- /var/tmp/diff_new_pack.WTkLVc/_old 2020-05-07 15:05:52.587755149 +0200 +++ /var/tmp/diff_new_pack.WTkLVc/_new 2020-05-07 15:05:52.591755157 +0200 @@ -17,7 +17,7 @@ Name: strongswan -Version: 5.8.2 +Version: 5.8.4 Release: 0 %define upstream_version %{version} %define strongswan_docdir %{_docdir}/%{name} @@ -80,7 +80,6 @@ Patch3: %{name}_fipscheck.patch %endif Patch5: 0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch -Patch6: 0006-Resolve-multiple-definition-of-swanctl_dir.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison BuildRequires: curl-devel @@ -257,7 +256,6 @@ %patch3 -p1 %endif %patch5 -p1 -%patch6 -p1 sed -e 's|@libexecdir@|%_libexecdir|g' \ < %{_sourcedir}/strongswan.init.in \ > strongswan.init ++++++ strongswan-5.8.2.tar.bz2 -> strongswan-5.8.4.tar.bz2 ++++++ ++++ 18413 lines of diff (skipped)
