diff --git a/.gitignore b/.gitignore index 98babc2..0905c28 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,5 @@ /strongswan-5.9.5.tar.bz2.sig /strongswan-5.9.6.tar.bz2 /strongswan-5.9.6.tar.bz2.sig +/strongswan-5.9.8.tar.bz2 +/strongswan-5.9.8.tar.bz2.sig diff --git a/sources b/sources index 5bbb68c..28d5d8b 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (strongswan-5.9.6.tar.bz2.sig) = c5f863eb1f504033aec2ab48f802584f97bb39650e55e829e31f36ea1594428caab84ea559ba82b56b060019598aada02df09311b583b098e32f5abad9fab29b -SHA512 (strongswan-5.9.6.tar.bz2) = 8efb7a55b074485b874e941e42462e97a404b4f84e2f90ed18ef66274731b22d167a571f6fd028dccc1f199f2e591c82616d0a832a5084e1981c6b867fe5bb6a +SHA512 (strongswan-5.9.8.tar.bz2.sig) = bf5c5fbcb6d14381260d1e79f6164170c3d568fbe2f623afb42b59bfa7e085551e26c43e4a41f4d8271d5f46601366f34fb52067bdd4c25a7633fa2fda83d5ae +SHA512 (strongswan-5.9.8.tar.bz2) = 16d3afc80704f896f3f97addf452b4bb29fc1911c54e980f76ac48bdbe2340ce3bd4e79024848cb7961bbe9ad5458d93389343878ca042af658d51b11219666b diff --git a/strongswan-5.9.4-test-socket.patch b/strongswan-5.9.4-test-socket.patch deleted file mode 100644 index 48e72b5..0000000 --- a/strongswan-5.9.4-test-socket.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 377039d24648f82dac35dcf22a2b43de81f2fb96 Mon Sep 17 00:00:00 2001 -From: Petr Mensik -Date: Thu, 11 Nov 2021 05:48:38 +0100 -Subject: [PATCH] Skip test case, which always hangs - -It just stops and does not continue. Avoid that test. ---- - src/libtls/tests/suites/test_socket.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/libtls/tests/suites/test_socket.c b/src/libtls/tests/suites/test_socket.c -index 9e26e91..5296680 100644 ---- a/src/libtls/tests/suites/test_socket.c -+++ b/src/libtls/tests/suites/test_socket.c -@@ -804,11 +804,13 @@ Suite *socket_suite_create() - add_tls_versions_test(test_tls_12_server, TLS_1_0, TLS_1_3); - suite_add_tcase(s, tc); - -+#if 0 - tc = tcase_create("TLS 1.3/key exchange groups"); - tcase_add_checked_fixture(tc, setup_creds, teardown_creds); - tcase_add_loop_test(tc, test_tls13_ke_groups, 0, - tls_crypto_get_supported_groups(NULL)); - suite_add_tcase(s, tc); -+#endif - - tc = tcase_create("TLS 1.3/signature schemes"); - tcase_add_checked_fixture(tc, setup_all_creds, teardown_creds); --- -2.31.1 - diff --git a/strongswan-5.9.5-atexit-handlers.patch b/strongswan-5.9.5-atexit-handlers.patch deleted file mode 100644 index b3b2739..0000000 --- a/strongswan-5.9.5-atexit-handlers.patch +++ /dev/null @@ -1,71 +0,0 @@ ---- strongswan-5.9.5-orig/src/libstrongswan/plugins/openssl/openssl_plugin.c 2022-01-08 12:54:02.000000000 +0100 -+++ strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_plugin.c 2022-02-23 23:12:03.685111475 +0100 -@@ -16,7 +16,6 @@ - - #include - #include --#include - #include - #include - #include -@@ -74,13 +73,6 @@ - * public functions - */ - openssl_plugin_t public; -- --#if OPENSSL_VERSION_NUMBER >= 0x30000000L -- /** -- * Loaded providers -- */ -- array_t *providers; --#endif - }; - - /** -@@ -881,21 +873,12 @@ - #endif - } - *features = f; -- return countof(f); -+ return count; - } - - METHOD(plugin_t, destroy, void, - private_openssl_plugin_t *this) - { --#if OPENSSL_VERSION_NUMBER >= 0x30000000L -- OSSL_PROVIDER *provider; -- while (array_remove(this->providers, ARRAY_TAIL, &provider)) -- { -- OSSL_PROVIDER_unload(provider); -- } -- array_destroy(this->providers); --#endif /* OPENSSL_VERSION_NUMBER */ -- - /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we - * can't call it as we couldn't re-initialize the library (as required by the - * unit tests and the Android app) */ -@@ -1009,20 +992,16 @@ - DBG1(DBG_LIB, "unable to load OpenSSL FIPS provider"); - return NULL; - } -- array_insert_create(&this->providers, ARRAY_TAIL, fips); - /* explicitly load the base provider containing encoding functions */ -- array_insert_create(&this->providers, ARRAY_TAIL, -- OSSL_PROVIDER_load(NULL, "base")); -+ OSSL_PROVIDER_load(NULL, "base"); - } - else if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy", - TRUE, lib->ns)) - { - /* load the legacy provider for algorithms like MD4, DES, BF etc. */ -- array_insert_create(&this->providers, ARRAY_TAIL, -- OSSL_PROVIDER_load(NULL, "legacy")); -+ OSSL_PROVIDER_load(NULL, "legacy"); - /* explicitly load the default provider, as mentioned by crypto(7) */ -- array_insert_create(&this->providers, ARRAY_TAIL, -- OSSL_PROVIDER_load(NULL, "default")); -+ OSSL_PROVIDER_load(NULL, "default"); - } - ossl_provider_names_t data = {}; - OSSL_PROVIDER_do_all(NULL, concat_ossl_providers, &data); diff --git a/strongswan-5.9.6-error-format-security.patch b/strongswan-5.9.6-error-format-security.patch deleted file mode 100644 index 883fe1e..0000000 --- a/strongswan-5.9.6-error-format-security.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- strongswan-5.9.6-orig/src/libstrongswan/utils/enum.c 2022-04-16 10:08:07.000000000 +0200 -+++ strongswan-5.9.6/src/libstrongswan/utils/enum.c 2022-06-20 23:21:47.408857710 +0200 -@@ -97,7 +97,7 @@ - return buf; - } - -- if (snprintf(buf, len, e->names[0]) >= len) -+ if (snprintf(buf, len, "%s", e->names[0]) >= len) - { - return NULL; - } diff --git a/strongswan-5.9.7-error-no-format.patch b/strongswan-5.9.7-error-no-format.patch new file mode 100644 index 0000000..52a8f60 --- /dev/null +++ b/strongswan-5.9.7-error-no-format.patch @@ -0,0 +1,12 @@ +diff --git a/configure.ac b/configure.ac +index f9e6e55c2..247d055d8 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1480,7 +1480,6 @@ else + fi + # disable some warnings, whether explicitly enabled above or by default + # these are not compatible with our custom printf specifiers +-WARN_CFLAGS="$WARN_CFLAGS -Wno-format" + WARN_CFLAGS="$WARN_CFLAGS -Wno-format-security" + # we generally use comments, but GCC doesn't seem to recognize many of them + WARN_CFLAGS="$WARN_CFLAGS -Wno-implicit-fallthrough" diff --git a/strongswan.spec b/strongswan.spec index 2a60d3b..6f2c763 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -13,8 +13,8 @@ %endif Name: strongswan -Version: 5.9.6 -Release: 2%{?dist} +Version: 5.9.8 +Release: 1%{?dist} Summary: An OpenSource IPsec-based VPN and TNC solution License: GPLv2+ URL: http://www.strongswan.org/ @@ -23,12 +23,11 @@ Source1: http://download.strongswan.org/strongswan-%{version}%{?prereleas Source2: https://download.strongswan.org/STRONGSWAN-RELEASE-PGP-KEY Source3: tmpfiles-strongswan.conf Patch0: strongswan-5.6.0-uintptr_t.patch -# https://github.com/strongswan/strongswan/issues/1025 -Patch1: strongswan-5.9.6-error-format-security.patch - -# only needed for pre-release versions -#BuildRequires: autoconf automake +# https://github.com/strongswan/strongswan/issues/1198 +Patch1: strongswan-5.9.7-error-no-format.patch +BuildRequires: autoconf +BuildRequires: automake BuildRequires: gnupg2 BuildRequires: make BuildRequires: gcc @@ -412,6 +411,12 @@ install -D -m 0644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.co %endif %changelog +* Sun Oct 16 2022 Arne Reiter - 5.9.8-1 +- Resolves rhbz#2112274 strongswan-5.9.8 is available +- Patch1 removes CFLAGS -Wno-format which interferes with -Werror=format-security +- Add BuildRequire for autoconf and automake, now required for release +- Remove obsolete patches + * Sat Jul 23 2022 Fedora Release Engineering - 5.9.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild