From 15e47bc2975502f661e79f6babe3ed010c647707 Mon Sep 17 00:00:00 2001
From: Python Maint <python-maint@redhat.com>
Date: Mon, 13 Jun 2022 17:17:06 +0200
Subject: [PATCH 1/9] Rebuilt for Python 3.11

---
 strongswan.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/strongswan.spec b/strongswan.spec
index b6cdd25..bd95001 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -14,7 +14,7 @@
 
 Name:           strongswan
 Version:        5.9.5
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        An OpenSource IPsec-based VPN and TNC solution
 License:        GPLv2+
 URL:            http://www.strongswan.org/
@@ -411,6 +411,9 @@ install -D -m 0644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.co
 %endif
 
 %changelog
+* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 5.9.5-4
+- Rebuilt for Python 3.11
+
 * Fri Feb 25 2022 Arne Reiter <redhat@arnereiter.de> - 5.9.5-3
 - Resolves: rhbz#2048108 - segfault at 18 ip 00007f4c7c0d841c sp 00007ffe49f61b70 error 4 in libc.so.6
 

From 9f5e4942d3e95ca1088066e594a2b6b0e2ab2b3d Mon Sep 17 00:00:00 2001
From: Arne Reiter <github@arnereiter.de>
Date: Wed, 22 Jun 2022 18:02:45 +0200
Subject: [PATCH 2/9] Resolves rhbz#2080070 strongswan-5.9.6 is available

---
 sources                                      |  4 ++--
 strongswan-5.9.6-error-format-security.patch | 11 +++++++++++
 strongswan.spec                              | 10 +++++++---
 3 files changed, 20 insertions(+), 5 deletions(-)
 create mode 100644 strongswan-5.9.6-error-format-security.patch

diff --git a/sources b/sources
index afd1af0..46624f9 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (strongswan-5.9.5.tar.bz2.sig) = 377889158484968d33b70a2a8ae149432191bc4614a2c5c3865eea1170bee1bae8ccf844d41ea5b4a087d300cc0967cba3aec6255c33976be060022871e094c5
-SHA512 (strongswan-5.9.5.tar.bz2) = 3b11c4edb1ffccf0ea5b8b843acfe2eb18dcd3857fc2818b8481c4febe7959261e1b2804c3af29068319df469fa0b784682d3ba4d49a3eb580841ff3c34e33a1
+SHA512 (strongswan-5.9.6.tar.bz2.sig) = c5f863eb1f504033aec2ab48f802584f97bb39650e55e829e31f36ea1594428caab84ea559ba82b56b060019598aada02df09311b583b098e32f5abad9fab29b
+SHA512 (strongswan-5.9.6.tar.bz2) = 8efb7a55b074485b874e941e42462e97a404b4f84e2f90ed18ef66274731b22d167a571f6fd028dccc1f199f2e591c82616d0a832a5084e1981c6b867fe5bb6a
 SHA512 (STRONGSWAN-RELEASE-PGP-KEY) = 2803ebc9bdbbe88e19b75130ad9cc36af730fd3d0c9055665da99ce9b831ce518b0083f98389e6fb9b00dd62da28fcbb03df5dbf899df52b59d49c6bd34c6d37
diff --git a/strongswan-5.9.6-error-format-security.patch b/strongswan-5.9.6-error-format-security.patch
new file mode 100644
index 0000000..883fe1e
--- /dev/null
+++ b/strongswan-5.9.6-error-format-security.patch
@@ -0,0 +1,11 @@
+--- strongswan-5.9.6-orig/src/libstrongswan/utils/enum.c	2022-04-16 10:08:07.000000000 +0200
++++ strongswan-5.9.6/src/libstrongswan/utils/enum.c	2022-06-20 23:21:47.408857710 +0200
+@@ -97,7 +97,7 @@
+ 		return buf;
+ 	}
+ 
+-	if (snprintf(buf, len, e->names[0]) >= len)
++	if (snprintf(buf, len, "%s", e->names[0]) >= len)
+ 	{
+ 		return NULL;
+ 	}
diff --git a/strongswan.spec b/strongswan.spec
index bd95001..e1f0deb 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -13,8 +13,8 @@
 %endif
 
 Name:           strongswan
-Version:        5.9.5
-Release:        4%{?dist}
+Version:        5.9.6
+Release:        1%{?dist}
 Summary:        An OpenSource IPsec-based VPN and TNC solution
 License:        GPLv2+
 URL:            http://www.strongswan.org/
@@ -23,7 +23,7 @@ Source1:        http://download.strongswan.org/strongswan-%{version}%{?prereleas
 Source2:        https://download.strongswan.org/STRONGSWAN-RELEASE-PGP-KEY
 Source3:        tmpfiles-strongswan.conf
 Patch0:         strongswan-5.6.0-uintptr_t.patch
-Patch1:         strongswan-5.9.5-atexit-handlers.patch
+Patch1:         strongswan-5.9.6-error-format-security.patch
 
 # only needed for pre-release versions
 #BuildRequires:  autoconf automake
@@ -411,6 +411,10 @@ install -D -m 0644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.co
 %endif
 
 %changelog
+* Wed Jun 22 2022 Arne Reiter <redhat@arnereiter.de> - 5.9.6-1
+- Resolves rhbz#2080070 strongswan-5.9.6 is available
+- Fixed missing format string in enum_flags_to_string()
+
 * Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 5.9.5-4
 - Rebuilt for Python 3.11
 

From 271d4eca547ade2a7f052f0343ea978d3d80b523 Mon Sep 17 00:00:00 2001
From: Arne Reiter <github@arnereiter.de>
Date: Thu, 23 Jun 2022 08:54:21 +0200
Subject: [PATCH 3/9] Resolves rhbz#2080070 strongswan-5.9.6 is available

---
 .gitignore | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.gitignore b/.gitignore
index 6125c9f..bb70b7f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,4 +7,6 @@
 /948F158A4E76A27BF3D07532DF42C170B34DBA77
 /strongswan-5.9.5.tar.bz2
 /strongswan-5.9.5.tar.bz2.sig
+/strongswan-5.9.6.tar.bz2
+/strongswan-5.9.6.tar.bz2.sig
 /STRONGSWAN-RELEASE-PGP-KEY

From de70bbe3c59309edb6c1bdedde9efa059f97c2d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 23 Jun 2022 17:15:48 +0200
Subject: [PATCH 4/9] Remove signature key from a cache, include it inside git

Key should be tracked by git. It is small and should not change very
often. Ensure signature has trust anchor.
---
 .gitignore      | 1 -
 sources         | 1 -
 strongswan.spec | 1 +
 3 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index bb70b7f..98babc2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,4 +9,3 @@
 /strongswan-5.9.5.tar.bz2.sig
 /strongswan-5.9.6.tar.bz2
 /strongswan-5.9.6.tar.bz2.sig
-/STRONGSWAN-RELEASE-PGP-KEY
diff --git a/sources b/sources
index 46624f9..5bbb68c 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,2 @@
 SHA512 (strongswan-5.9.6.tar.bz2.sig) = c5f863eb1f504033aec2ab48f802584f97bb39650e55e829e31f36ea1594428caab84ea559ba82b56b060019598aada02df09311b583b098e32f5abad9fab29b
 SHA512 (strongswan-5.9.6.tar.bz2) = 8efb7a55b074485b874e941e42462e97a404b4f84e2f90ed18ef66274731b22d167a571f6fd028dccc1f199f2e591c82616d0a832a5084e1981c6b867fe5bb6a
-SHA512 (STRONGSWAN-RELEASE-PGP-KEY) = 2803ebc9bdbbe88e19b75130ad9cc36af730fd3d0c9055665da99ce9b831ce518b0083f98389e6fb9b00dd62da28fcbb03df5dbf899df52b59d49c6bd34c6d37
diff --git a/strongswan.spec b/strongswan.spec
index e1f0deb..ac2fbd9 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -23,6 +23,7 @@ Source1:        http://download.strongswan.org/strongswan-%{version}%{?prereleas
 Source2:        https://download.strongswan.org/STRONGSWAN-RELEASE-PGP-KEY
 Source3:        tmpfiles-strongswan.conf
 Patch0:         strongswan-5.6.0-uintptr_t.patch
+# https://github.com/strongswan/strongswan/issues/1025
 Patch1:         strongswan-5.9.6-error-format-security.patch
 
 # only needed for pre-release versions

From ea8baece11ccf9a6e9b23f17dab4c544ec8018d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 23 Jun 2022 19:41:55 +0200
Subject: [PATCH 5/9] fixup! Remove signature key from a cache, include it
 inside git

---
 STRONGSWAN-RELEASE-PGP-KEY | 48 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 STRONGSWAN-RELEASE-PGP-KEY

diff --git a/STRONGSWAN-RELEASE-PGP-KEY b/STRONGSWAN-RELEASE-PGP-KEY
new file mode 100644
index 0000000..5f4c016
--- /dev/null
+++ b/STRONGSWAN-RELEASE-PGP-KEY
@@ -0,0 +1,48 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGNBEoycP0BDACzL8ymURD7gnaNbGx2VGieNQr/gNISWhqgHaeUxuSkrInxl89A
+ClvN7DoF2cD7slEqIMQh/8t6xVzmh9teu5uyeV1eyG/CuFMUqawXqpn/sYa2SkgX
+C/qHB2hIbFg2K4k5LJHxzqHb1OdtOcU6lHg9yrvYcoO+FTVR+rYaVgYbbbziTB/v
+hAAzvdTdgwMgoQMSXA7FsJ0mALny4IeiCoi6S6qRVDm4zcu11UFT9g1VmhmeHqtU
+SQso72bPKKhYvu7ZaQrLhkvY9inWr6m9dxV8Zgb1ivZGhzsNzrhGAsz9jmiB5POF
+Mfph0hREMiS33ph/YMJducGQHYGEza9mKBdUaaAAEL3fCpde7vRa+c5Gc/Y5RUB7
+iUsb2KQY+7xTiSUnCHbsMwhndG0dJspVXcz6X+2S3Ty4GaiqkvxI9KLiwiECNl0I
+oLX5s/FIW6KW+GnxJTp/3h6vvqm8i0+yIwk+ETM4XfhHMwuPkDyf6km1ag3nIUw6
+pSSfnQMPhj5rXIMAEQEAAbQwQW5kcmVhcyBTdGVmZmVuIDxhbmRyZWFzLnN0ZWZm
+ZW5Ac3Ryb25nc3dhbi5vcmc+iQG3BBMBAgAhBQJKMnD9AhsDBwsJCAcDAgEEFQII
+AwQWAgMBAh4BAheAAAoJEN9CwXCzTbp3t5AL/jrXnnGIHLn8M9rmyoeNe7JQUE5A
+GSV3UFaZHgHmjbvIHA+dRvh1MPlHuWbaZkHVPtRFvFtEgksc944+XcKoNoExKGKr
+wLQcUExUiQ0IyNwH70u7f1uFNcbY85Oue5ASzm+wAntnmIlNsN+MHewRWC6f6gYn
+1aHwsvh09fz0A34v9wdtim2ek/Voxe3AIDIw2MTNmwF61pXEsrH0wqYnGhYLZ7Qb
+thnDnHQaUd3IPSa6uAgOOiCoCbKCvP4u/iVm0rmXN9uzmm/i4Y0cE3DopGsqrR5D
+fWYJjgP4KBCln0LgWtYI8pcYcmA5E+l+fijNcMidtzWHMW2Mj0oZZsO+wlRUYLGh
+/jRASgq7rXuxV+oGKcBn4RqSHlZ5/BYlvowUxnNFC4tLLlneHidS8TurjacM3fwR
+MP5NMmcS5d9sVLG1uxl+/g2cRMtphHiziz+79jDc+tSxqRO5lhqyItAD6LC2GxB3
+iC5afnMx49+YWzhUTeL/KfkrD9w3/n7O00kLtLkDDQRKjOHDEAwAxdh8W7j/QhE3
+KZNmJGsK/QtJ72zZRGRcdUPH6GG//GaAG5hSCjM8q+0MR/G+31uk32RbzRIj1sHQ
+8fY0znxPmaeD1wow0hCbDTq+Ep3K8ouaqoqjlP4rd+I94OtxNfXgmllf7BDOZ6lI
+wUY8ba8cFCPYsv8ZvRXo82XfwFYevQ9kTLqkJT52mMyPZLwYx4DNwuqFtQQEBLKg
+IVXVgpK6SE72MFP8vyFsdrL0ORgxoWI6PIHbnIRY1KiWUzOSrqirZUHH9MPuzFuB
+R0+jEAajeKoxycn0ILLM5PBAEFXFgBdtNNCtshe1fR5aPsXcGZsZRjc7mbAHLRqa
+pVhk7oX31WrGqGHkSM/GAnf3aAzsnCkO5+Tje2iyuoG5OhQbHsvMBOtdvQrwnorl
+56EguzuK1mGDsczNsuAYRcKiasCWpsjoytDH+dGEQmKXydD9r06cxPx+mWmWKLo4
+w+k4mMC0lFRYKi83cwTpaMpHOeW4+3d1tJfkCQy+vjUz4aZJ/WSXAAMFDACqmeXA
+Al7WssHkjVZ/vwQfHLHNMZsGEEucvV7KNqMF4Fe6nRbbE6GJOuz6taeFkJIppBqV
+xhSNOsf5soOXfGp0IgYoC37GPI6AAb4UnG5GVcaAMQAXUYcwfDGGuV/EO5pPrEyP
+jy++GvjhxcKV3HmUuAfcgyhTGhDOVPxU28Roz3+8Eig085v+lyqAsgFduBrf+ZV+
+lHjIOSXSWmTiT8EVSA3fpN14/qhltudhdGIZ/pCW303H9Bd9c4Uc9OzYhRr1VpO6
+lpYfTFNey8KQL4z9Kjt0RPscz2hYDOJ1cTFWs/4Z+9mBJODwrnIiORLlgV2NlP5E
+ZY4MccVFd9K7E/OPQdt3Uv6+6BjYRntY7wsX617T5Rmj8n6AhbpngmWg2D6wRfm7
+TyI0Wtz5icCoJIEHQwB/3EhBzQl7tBc0cClwCYm7nTYRt+SL2tfylWy9Leail+ay
+M6zwMW0klV42E4u8DCy/aJrwmEiVwuwGbXL6z46M9EZguof38MTEmLsHls+JAZ8E
+GAECAAkFAkqM4cMCGwwACgkQ30LBcLNNunffBgv/b/v3eQoZTWgOB5MnXhIrg/Ki
+kYTYbnEG9wWM7XIST8bpP7f/UKyD44CCVJH7SVTGAXeyjglnuYXy4FwaTdFmm6al
+W0sCp4rnmADi5BLLzQlCUa5J0iZ+oAZnAH60BezUM+CYz/QBW3NJmP3323PeM4H4
+MZ0vLv3wgaLkFlaK/eASBoC7KuZWAnvsNOdLQ29L4BYgW2Jwk1+PxszjT369DsMU
+Y3iY6gM9rM71Ajd8x98hd1r26LILGntAEEXxs+13Kka7J4GCqf8/J9ZR01dDp8QM
++M9EHFLnthpAyUuSXm5Qlglavnf7tU6AA0SFuA0pP5CXVLG1DLT1fJvNOqjdzPsf
+u/48AM2Lpxj0gKt1yDQc890GxwnOL1iZ6+XMh9/ujWy7Q7dI4M2mthwYFXldWrPS
+CmMToWfl62BxPdY5FIECXeRwTIO9sI0LQVc2eAG8lDsge05q1nJFxo9WKr7ewAdF
+b/fMIr7XMwoMj2SQSy/tZVCBnDXR5Gw5HSxRnIAS
+=ze82
+-----END PGP PUBLIC KEY BLOCK-----

From 27a4aa816783db08a88eef879a9b1e8288e297bb Mon Sep 17 00:00:00 2001
From: Fedora Release Engineering <releng@fedoraproject.org>
Date: Sat, 23 Jul 2022 09:32:45 +0000
Subject: [PATCH 6/9] Rebuilt for
 https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
---
 strongswan.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/strongswan.spec b/strongswan.spec
index ac2fbd9..2a60d3b 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -14,7 +14,7 @@
 
 Name:           strongswan
 Version:        5.9.6
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        An OpenSource IPsec-based VPN and TNC solution
 License:        GPLv2+
 URL:            http://www.strongswan.org/
@@ -412,6 +412,9 @@ install -D -m 0644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.co
 %endif
 
 %changelog
+* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.9.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
 * Wed Jun 22 2022 Arne Reiter <redhat@arnereiter.de> - 5.9.6-1
 - Resolves rhbz#2080070 strongswan-5.9.6 is available
 - Fixed missing format string in enum_flags_to_string()

From d8e91f4aa49e373ddbd9438eb33c72aaeeb81ee3 Mon Sep 17 00:00:00 2001
From: Arne Reiter <github@arnereiter.de>
Date: Sun, 16 Oct 2022 11:47:16 +0200
Subject: [PATCH 7/9] Resolves rhbz#2112274 strongswan-5.9.8 is available

Patch1 removes CFLAGS -Wno-format which interferes with -Werror=format-security
Add BuildRequire for autoconf and automake, now required for release
Remove obsolete patches
---
 .gitignore                                   |  2 +
 sources                                      |  4 +-
 strongswan-5.9.4-test-socket.patch           | 31 ---------
 strongswan-5.9.5-atexit-handlers.patch       | 71 --------------------
 strongswan-5.9.6-error-format-security.patch | 11 ---
 strongswan-5.9.7-error-no-format.patch       | 12 ++++
 strongswan.spec                              | 19 ++++--
 7 files changed, 28 insertions(+), 122 deletions(-)
 delete mode 100644 strongswan-5.9.4-test-socket.patch
 delete mode 100644 strongswan-5.9.5-atexit-handlers.patch
 delete mode 100644 strongswan-5.9.6-error-format-security.patch
 create mode 100644 strongswan-5.9.7-error-no-format.patch

diff --git a/.gitignore b/.gitignore
index 98babc2..0905c28 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,5 @@
 /strongswan-5.9.5.tar.bz2.sig
 /strongswan-5.9.6.tar.bz2
 /strongswan-5.9.6.tar.bz2.sig
+/strongswan-5.9.8.tar.bz2
+/strongswan-5.9.8.tar.bz2.sig
diff --git a/sources b/sources
index 5bbb68c..28d5d8b 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (strongswan-5.9.6.tar.bz2.sig) = c5f863eb1f504033aec2ab48f802584f97bb39650e55e829e31f36ea1594428caab84ea559ba82b56b060019598aada02df09311b583b098e32f5abad9fab29b
-SHA512 (strongswan-5.9.6.tar.bz2) = 8efb7a55b074485b874e941e42462e97a404b4f84e2f90ed18ef66274731b22d167a571f6fd028dccc1f199f2e591c82616d0a832a5084e1981c6b867fe5bb6a
+SHA512 (strongswan-5.9.8.tar.bz2.sig) = bf5c5fbcb6d14381260d1e79f6164170c3d568fbe2f623afb42b59bfa7e085551e26c43e4a41f4d8271d5f46601366f34fb52067bdd4c25a7633fa2fda83d5ae
+SHA512 (strongswan-5.9.8.tar.bz2) = 16d3afc80704f896f3f97addf452b4bb29fc1911c54e980f76ac48bdbe2340ce3bd4e79024848cb7961bbe9ad5458d93389343878ca042af658d51b11219666b
diff --git a/strongswan-5.9.4-test-socket.patch b/strongswan-5.9.4-test-socket.patch
deleted file mode 100644
index 48e72b5..0000000
--- a/strongswan-5.9.4-test-socket.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 377039d24648f82dac35dcf22a2b43de81f2fb96 Mon Sep 17 00:00:00 2001
-From: Petr Mensik <pemensik@redhat.com>
-Date: Thu, 11 Nov 2021 05:48:38 +0100
-Subject: [PATCH] Skip test case, which always hangs
-
-It just stops and does not continue. Avoid that test.
----
- src/libtls/tests/suites/test_socket.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/libtls/tests/suites/test_socket.c b/src/libtls/tests/suites/test_socket.c
-index 9e26e91..5296680 100644
---- a/src/libtls/tests/suites/test_socket.c
-+++ b/src/libtls/tests/suites/test_socket.c
-@@ -804,11 +804,13 @@ Suite *socket_suite_create()
- 	add_tls_versions_test(test_tls_12_server, TLS_1_0, TLS_1_3);
- 	suite_add_tcase(s, tc);
- 
-+#if 0
- 	tc = tcase_create("TLS 1.3/key exchange groups");
- 	tcase_add_checked_fixture(tc, setup_creds, teardown_creds);
- 	tcase_add_loop_test(tc, test_tls13_ke_groups, 0,
- 						tls_crypto_get_supported_groups(NULL));
- 	suite_add_tcase(s, tc);
-+#endif
- 
- 	tc = tcase_create("TLS 1.3/signature schemes");
- 	tcase_add_checked_fixture(tc, setup_all_creds, teardown_creds);
--- 
-2.31.1
-
diff --git a/strongswan-5.9.5-atexit-handlers.patch b/strongswan-5.9.5-atexit-handlers.patch
deleted file mode 100644
index b3b2739..0000000
--- a/strongswan-5.9.5-atexit-handlers.patch
+++ /dev/null
@@ -1,71 +0,0 @@
---- strongswan-5.9.5-orig/src/libstrongswan/plugins/openssl/openssl_plugin.c	2022-01-08 12:54:02.000000000 +0100
-+++ strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_plugin.c	2022-02-23 23:12:03.685111475 +0100
-@@ -16,7 +16,6 @@
- 
- #include <library.h>
- #include <utils/debug.h>
--#include <collections/array.h>
- #include <threading/thread.h>
- #include <threading/mutex.h>
- #include <threading/thread_value.h>
-@@ -74,13 +73,6 @@
- 	 * public functions
- 	 */
- 	openssl_plugin_t public;
--
--#if OPENSSL_VERSION_NUMBER >= 0x30000000L
--	/**
--	 * Loaded providers
--	 */
--	array_t *providers;
--#endif
- };
- 
- /**
-@@ -881,21 +873,12 @@
- #endif
- 	}
- 	*features = f;
--	return countof(f);
-+	return count;
- }
- 
- METHOD(plugin_t, destroy, void,
- 	private_openssl_plugin_t *this)
- {
--#if OPENSSL_VERSION_NUMBER >= 0x30000000L
--	OSSL_PROVIDER *provider;
--	while (array_remove(this->providers, ARRAY_TAIL, &provider))
--	{
--		OSSL_PROVIDER_unload(provider);
--	}
--	array_destroy(this->providers);
--#endif /* OPENSSL_VERSION_NUMBER */
--
- /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we
-  * can't call it as we couldn't re-initialize the library (as required by the
-  * unit tests and the Android app) */
-@@ -1009,20 +992,16 @@
- 			DBG1(DBG_LIB, "unable to load OpenSSL FIPS provider");
- 			return NULL;
- 		}
--		array_insert_create(&this->providers, ARRAY_TAIL, fips);
- 		/* explicitly load the base provider containing encoding functions */
--		array_insert_create(&this->providers, ARRAY_TAIL,
--							OSSL_PROVIDER_load(NULL, "base"));
-+		OSSL_PROVIDER_load(NULL, "base");
- 	}
- 	else if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy",
- 									 TRUE, lib->ns))
- 	{
- 		/* load the legacy provider for algorithms like MD4, DES, BF etc. */
--		array_insert_create(&this->providers, ARRAY_TAIL,
--							OSSL_PROVIDER_load(NULL, "legacy"));
-+		OSSL_PROVIDER_load(NULL, "legacy");
- 		/* explicitly load the default provider, as mentioned by crypto(7) */
--		array_insert_create(&this->providers, ARRAY_TAIL,
--							OSSL_PROVIDER_load(NULL, "default"));
-+		OSSL_PROVIDER_load(NULL, "default");
- 	}
- 	ossl_provider_names_t data = {};
- 	OSSL_PROVIDER_do_all(NULL, concat_ossl_providers, &data);
diff --git a/strongswan-5.9.6-error-format-security.patch b/strongswan-5.9.6-error-format-security.patch
deleted file mode 100644
index 883fe1e..0000000
--- a/strongswan-5.9.6-error-format-security.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- strongswan-5.9.6-orig/src/libstrongswan/utils/enum.c	2022-04-16 10:08:07.000000000 +0200
-+++ strongswan-5.9.6/src/libstrongswan/utils/enum.c	2022-06-20 23:21:47.408857710 +0200
-@@ -97,7 +97,7 @@
- 		return buf;
- 	}
- 
--	if (snprintf(buf, len, e->names[0]) >= len)
-+	if (snprintf(buf, len, "%s", e->names[0]) >= len)
- 	{
- 		return NULL;
- 	}
diff --git a/strongswan-5.9.7-error-no-format.patch b/strongswan-5.9.7-error-no-format.patch
new file mode 100644
index 0000000..52a8f60
--- /dev/null
+++ b/strongswan-5.9.7-error-no-format.patch
@@ -0,0 +1,12 @@
+diff --git a/configure.ac b/configure.ac
+index f9e6e55c2..247d055d8 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1480,7 +1480,6 @@ else
+ fi
+ # disable some warnings, whether explicitly enabled above or by default
+ # these are not compatible with our custom printf specifiers
+-WARN_CFLAGS="$WARN_CFLAGS -Wno-format"
+ WARN_CFLAGS="$WARN_CFLAGS -Wno-format-security"
+ # we generally use comments, but GCC doesn't seem to recognize many of them
+ WARN_CFLAGS="$WARN_CFLAGS -Wno-implicit-fallthrough"
diff --git a/strongswan.spec b/strongswan.spec
index 2a60d3b..6f2c763 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -13,8 +13,8 @@
 %endif
 
 Name:           strongswan
-Version:        5.9.6
-Release:        2%{?dist}
+Version:        5.9.8
+Release:        1%{?dist}
 Summary:        An OpenSource IPsec-based VPN and TNC solution
 License:        GPLv2+
 URL:            http://www.strongswan.org/
@@ -23,12 +23,11 @@ Source1:        http://download.strongswan.org/strongswan-%{version}%{?prereleas
 Source2:        https://download.strongswan.org/STRONGSWAN-RELEASE-PGP-KEY
 Source3:        tmpfiles-strongswan.conf
 Patch0:         strongswan-5.6.0-uintptr_t.patch
-# https://github.com/strongswan/strongswan/issues/1025
-Patch1:         strongswan-5.9.6-error-format-security.patch
-
-# only needed for pre-release versions
-#BuildRequires:  autoconf automake
+# https://github.com/strongswan/strongswan/issues/1198
+Patch1:         strongswan-5.9.7-error-no-format.patch
 
+BuildRequires:  autoconf
+BuildRequires:  automake
 BuildRequires:  gnupg2
 BuildRequires:  make
 BuildRequires:  gcc
@@ -412,6 +411,12 @@ install -D -m 0644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.co
 %endif
 
 %changelog
+* Sun Oct 16 2022 Arne Reiter <redhat@arnereiter.de> - 5.9.8-1
+- Resolves rhbz#2112274 strongswan-5.9.8 is available
+- Patch1 removes CFLAGS -Wno-format which interferes with -Werror=format-security
+- Add BuildRequire for autoconf and automake, now required for release
+- Remove obsolete patches
+
 * Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.9.6-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 

From 243ac7aa4a55ab43970f7f1aa82425c25b6fe27e Mon Sep 17 00:00:00 2001
From: Paul Wouters <paul.wouters@aiven.io>
Date: Sun, 16 Oct 2022 21:55:29 -0400
Subject: [PATCH 8/9] remove obsoleted --enable-imc-swid, --enable-imv-swid

---
 strongswan.spec | 2 --
 1 file changed, 2 deletions(-)

diff --git a/strongswan.spec b/strongswan.spec
index 6f2c763..e2bd5b7 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -215,8 +215,6 @@ for Strongswan runtime configuration from perl applications.
     --enable-imv-attestation \
     --enable-imv-os \
     --enable-imc-os \
-    --enable-imc-swid \
-    --enable-imv-swid \
     --enable-imc-swima \
     --enable-imv-swima \
     --enable-imc-hcd \

From 199f1d87082f5ec1f981465dcf4208f32b06b3a1 Mon Sep 17 00:00:00 2001
From: Paul Wouters <paul.wouters@aiven.io>
Date: Sun, 16 Oct 2022 22:42:15 -0400
Subject: [PATCH 9/9] fixup systemd build requires

---
 strongswan.spec | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/strongswan.spec b/strongswan.spec
index e2bd5b7..7272bc8 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -31,7 +31,9 @@ BuildRequires:  automake
 BuildRequires:  gnupg2
 BuildRequires:  make
 BuildRequires:  gcc
+BuildRequires:  systemd
 BuildRequires:  systemd-devel
+BuildRequires:  systemd-rpm-macros
 BuildRequires:  gmp-devel
 BuildRequires:  libcurl-devel
 BuildRequires:  openldap-devel
@@ -42,7 +44,6 @@ BuildRequires:  libxml2-devel
 BuildRequires:  pam-devel
 BuildRequires:  json-c-devel
 BuildRequires:  libgcrypt-devel
-BuildRequires:  systemd-devel
 BuildRequires:  iptables-devel
 BuildRequires:  libcap-devel
 BuildRequires:  tpm2-tss-devel