From 2ba804af9303188e7d8f7d30d6428d0a62218863 Mon Sep 17 00:00:00 2001
From: Paul Wouters <paul.wouters@aiven.io>
Date: Fri, 31 May 2024 18:21:01 -0400
Subject: [PATCH] * Fri May 31 2024 Paul Wouters <paul.wouters@aiven.io> -
 5.9.14-1

- Resolves: rhbz#2254560 CVE-2023-41913 buffer overflow and possible RCE
- Resolved: rhbz#2250666 Update to 5.9.14 (IKEv2 OCSP extensions, seqno/regno overflow handling
- Update to 5.9.13 (OCSP nonce set regression configuration option charon.ocsp_nonce_len)
- Update to 5.9.12 (CVE-2023-41913 fix, various IKEv2 fixes)
---
 .gitignore      |  2 ++
 sources         |  4 ++--
 strongswan.spec | 10 ++++++++--
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/.gitignore b/.gitignore
index dcb2460..c1a348d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,3 +17,5 @@
 /strongswan-5.9.10.tar.bz2.sig
 /strongswan-5.9.11.tar.bz2
 /strongswan-5.9.11.tar.bz2.sig
+/strongswan-5.9.14.tar.bz2
+/strongswan-5.9.14.tar.bz2.sig
diff --git a/sources b/sources
index 2e384ac..2489101 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (strongswan-5.9.11.tar.bz2) = d500523215f5ec5c5550c4d2c49060b350ae396d8c60170792c46775d04fc7a132aa70a6242145477753668351d26ed957e08903683ecc340aa8d84fb2ae5498
-SHA512 (strongswan-5.9.11.tar.bz2.sig) = a434dc338641c808d3461de17c893a0d3b761cdba6cea5db0551fc75df498cfae26db379a86fd2a0a0e7710676a1cd657c01da435054a6814ec4ce6099db2b68
+SHA512 (strongswan-5.9.14.tar.bz2) = e48bc9d215f9de6b54e24f7b4765d59aec4c615291d5c1f24f6a6d7da45dc8b17b2e0e150faf5fabb35e5d465abc5e6f6efa06cd002467067c5d7844ead359f6
+SHA512 (strongswan-5.9.14.tar.bz2.sig) = 1b3d57448caab91060fe3d209d90708c57dbf35ae62c97574107b32677cff73f13f7545dc91682ef84400bb8a2f105a1761aba8334763dc8c35d97be7921c242
diff --git a/strongswan.spec b/strongswan.spec
index ff593ed..cbfb654 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -15,8 +15,8 @@
 %global forgeurl0 https://github.com/strongswan/strongswan
 
 Name:           strongswan
-Version:        5.9.11
-Release:        3%{?dist}
+Version:        5.9.14
+Release:        1%{?dist}
 Summary:        An OpenSource IPsec-based VPN and TNC solution
 License:        GPLv2+
 URL:            https://www.strongswan.org/
@@ -416,6 +416,12 @@ install -D -m 0644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.co
 %endif
 
 %changelog
+* Fri May 31 2024 Paul Wouters <paul.wouters@aiven.io> - 5.9.14-1
+- Resolves: rhbz#2254560 CVE-2023-41913 buffer overflow and possible RCE
+- Resolved: rhbz#2250666 Update to 5.9.14 (IKEv2 OCSP extensions, seqno/regno overflow handling
+- Update to 5.9.13 (OCSP nonce set regression configuration option charon.ocsp_nonce_len)
+- Update to 5.9.12 (CVE-2023-41913 fix, various IKEv2 fixes)
+
 * Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 5.9.11-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild