From 3f12242eeabc8cb6daf2325db38660c8828d9fb5 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Mon, 24 Jan 2022 22:05:17 -0500 Subject: [PATCH] - Resolves rhbz#2044361 strongswan-5.9.5 is available (CVE-2021-45079) --- .gitignore | 3 +++ sources | 4 +++- strongswan.spec | 22 ++++++++++++++-------- 3 files changed, 20 insertions(+), 9 deletions(-) diff --git a/.gitignore b/.gitignore index 2519948..c61f0a3 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,6 @@ /strongswan-5.9.2.tar.bz2 /strongswan-5.9.3.tar.bz2 /strongswan-5.9.4.tar.bz2 +/948F158A4E76A27BF3D07532DF42C170B34DBA77 +/strongswan-5.9.5.tar.bz2 +/strongswan-5.9.5.tar.bz2.sig diff --git a/sources b/sources index 6b105b6..d4f7516 100644 --- a/sources +++ b/sources @@ -1 +1,3 @@ -SHA512 (strongswan-5.9.4.tar.bz2) = 796356c1d5c1ad410f0ed944ab4a131076d26f120ec6fa57796fe4060b0741201199625883ddc9ebd8a7ad299495f073cec76a6780ebd8f375605aae16750cf3 +SHA512 (948F158A4E76A27BF3D07532DF42C170B34DBA77) = 06bd38aff77f028db7ad2dd775e9a406f677f11c6abc66a201727e7fed77b9cc6998e6fd8cc21d4081dbb9058c5c68caace328e2759bd0bd2439b69da1b59775 +SHA512 (strongswan-5.9.5.tar.bz2) = 3b11c4edb1ffccf0ea5b8b843acfe2eb18dcd3857fc2818b8481c4febe7959261e1b2804c3af29068319df469fa0b784682d3ba4d49a3eb580841ff3c34e33a1 +SHA512 (strongswan-5.9.5.tar.bz2.sig) = 377889158484968d33b70a2a8ae149432191bc4614a2c5c3865eea1170bee1bae8ccf844d41ea5b4a087d300cc0967cba3aec6255c33976be060022871e094c5 diff --git a/strongswan.spec b/strongswan.spec index 766a9c9..17f2e91 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -13,21 +13,22 @@ %endif Name: strongswan -Version: 5.9.4 -Release: 5%{?dist} +Version: 5.9.5 +Release: 1%{?dist} Summary: An OpenSource IPsec-based VPN and TNC solution License: GPLv2+ URL: http://www.strongswan.org/ Source0: http://download.strongswan.org/strongswan-%{version}%{?prerelease}.tar.bz2 -Source1: tmpfiles-strongswan.conf +Source1: http://download.strongswan.org/strongswan-%{version}%{?prerelease}.tar.bz2.sig +Source2: https://keys.openpgp.org/vks/v1/by-fingerprint/948F158A4E76A27BF3D07532DF42C170B34DBA77 +Source3: tmpfiles-strongswan.conf Patch0: strongswan-5.6.0-uintptr_t.patch -# https://github.com/strongswan/strongswan/issues/752 -Patch1: strongswan-5.9.4-test-socket.patch # only needed for pre-release versions #BuildRequires: autoconf automake -BuildRequires: make +BuildRequires: gnupg2 +BuildRequires: make BuildRequires: gcc BuildRequires: systemd-devel BuildRequires: gmp-devel @@ -138,6 +139,8 @@ for Strongswan runtime configuration from perl applications. %prep +# key is failing - investigating +#{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %autosetup -n %{name}-%{version}%{?prerelease} -p1 %build @@ -307,8 +310,8 @@ for i in aacerts acerts certs cacerts crls ocspcerts private reqs; do install -d -m 700 %{buildroot}%{_sysconfdir}/strongswan/ipsec.d/${i} done install -d -m 0700 %{buildroot}%{_rundir}/strongswan -install -D -m 0644 %{SOURCE1} %{buildroot}/%{_tmpfilesdir}/strongswan.conf -install -D -m 0644 %{SOURCE1} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.conf +install -D -m 0644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/strongswan.conf +install -D -m 0644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.conf %check @@ -408,6 +411,9 @@ install -D -m 0644 %{SOURCE1} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.co %endif %changelog +* Mon Jan 24 2022 Paul Wouters - 5.9.5-1 +- Resolves rhbz#2044361 strongswan-5.9.5 is available (CVE-2021-45079) + * Sat Jan 22 2022 Fedora Release Engineering - 5.9.4-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild