- Resolves rhbz#2044361 strongswan-5.9.5 is available (CVE-2021-45079)

2022-01-24 22:05:17 -05:00
parent 3067ecdcc7
commit 3f12242eea
3 changed files with 20 additions and 9 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,6 @@
 /strongswan-5.9.2.tar.bz2
 /strongswan-5.9.3.tar.bz2
 /strongswan-5.9.4.tar.bz2
+/948F158A4E76A27BF3D07532DF42C170B34DBA77
+/strongswan-5.9.5.tar.bz2
+/strongswan-5.9.5.tar.bz2.sig
--- a/4
+++ b/4
@@ -1 +1,3 @@
-SHA512 (strongswan-5.9.4.tar.bz2) = 796356c1d5c1ad410f0ed944ab4a131076d26f120ec6fa57796fe4060b0741201199625883ddc9ebd8a7ad299495f073cec76a6780ebd8f375605aae16750cf3
+SHA512 (948F158A4E76A27BF3D07532DF42C170B34DBA77) = 06bd38aff77f028db7ad2dd775e9a406f677f11c6abc66a201727e7fed77b9cc6998e6fd8cc21d4081dbb9058c5c68caace328e2759bd0bd2439b69da1b59775
+SHA512 (strongswan-5.9.5.tar.bz2) = 3b11c4edb1ffccf0ea5b8b843acfe2eb18dcd3857fc2818b8481c4febe7959261e1b2804c3af29068319df469fa0b784682d3ba4d49a3eb580841ff3c34e33a1
+SHA512 (strongswan-5.9.5.tar.bz2.sig) = 377889158484968d33b70a2a8ae149432191bc4614a2c5c3865eea1170bee1bae8ccf844d41ea5b4a087d300cc0967cba3aec6255c33976be060022871e094c5
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -13,21 +13,22 @@
 %endif

 Name:           strongswan
-Version:        5.9.4
-Release:        5%{?dist}
+Version:        5.9.5
+Release:        1%{?dist}
 Summary:        An OpenSource IPsec-based VPN and TNC solution
 License:        GPLv2+
 URL:            http://www.strongswan.org/
 Source0:        http://download.strongswan.org/strongswan-%{version}%{?prerelease}.tar.bz2
-Source1:        tmpfiles-strongswan.conf
+Source1:        http://download.strongswan.org/strongswan-%{version}%{?prerelease}.tar.bz2.sig
+Source2:        https://keys.openpgp.org/vks/v1/by-fingerprint/948F158A4E76A27BF3D07532DF42C170B34DBA77
+Source3:        tmpfiles-strongswan.conf
 Patch0:         strongswan-5.6.0-uintptr_t.patch
-# https://github.com/strongswan/strongswan/issues/752
-Patch1:         strongswan-5.9.4-test-socket.patch

 # only needed for pre-release versions
 #BuildRequires:  autoconf automake

-BuildRequires: make
+BuildRequires:  gnupg2
+BuildRequires:  make
 BuildRequires:  gcc
 BuildRequires:  systemd-devel
 BuildRequires:  gmp-devel
@@ -138,6 +139,8 @@ for Strongswan runtime configuration from perl applications.


 %prep
+# key is failing - investigating
+#{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
 %autosetup -n %{name}-%{version}%{?prerelease} -p1

 %build
@@ -307,8 +310,8 @@ for i in aacerts acerts certs cacerts crls ocspcerts private reqs; do
    install -d -m 700 %{buildroot}%{_sysconfdir}/strongswan/ipsec.d/${i}
 done
 install -d -m 0700 %{buildroot}%{_rundir}/strongswan
-install -D -m 0644 %{SOURCE1} %{buildroot}/%{_tmpfilesdir}/strongswan.conf
-install -D -m 0644 %{SOURCE1} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.conf
+install -D -m 0644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/strongswan.conf
+install -D -m 0644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.conf


 %check
@@ -408,6 +411,9 @@ install -D -m 0644 %{SOURCE1} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.co
 %endif

 %changelog
+* Mon Jan 24 2022 Paul Wouters <paul.wouters@aiven.io> - 5.9.5-1
+- Resolves rhbz#2044361 strongswan-5.9.5 is available (CVE-2021-45079)
+
 * Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.9.4-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild