Bump version

.gitignore

@@ -1,3 +1 @@
 /strongswan-5.8.4.tar.bz2
-/strongswan-5.9.0.tar.bz2
-/strongswan-5.9.1.tar.bz2

sources

@@ -1 +1 @@
-SHA512 (strongswan-5.9.1.tar.bz2) = 222625e77bd86959da6dd7346cfa9f92569fc396a494bb95ddf2c8e0680b7e8041541e8a14320517a0c735d713ae0fdc0d0c4694215e812817814b0b4efc3497
+SHA512 (strongswan-5.8.4.tar.bz2) = 15e866b0d6cc4ea94f17856b519d926ae08c15d3b62f675f62685d0722ca8fa26b46afb1ad1c866e9d5f347d77a747f57d0c6d7f6bd57762f37d7798f9e28103

strongswan-5.8.2-extern-global.patch

@@ -0,0 +1,11 @@
+--- strongswan-5.8.2/src/swanctl/swanctl.h.orig	2020-02-23 00:35:39.051000000 +0200
++++ strongswan-5.8.2/src/swanctl/swanctl.h	2020-02-23 00:35:51.930355656 +0200
+@@ -30,7 +30,7 @@
+ /**
+  * Base directory for credentials and config
+  */
+-char *swanctl_dir;
++extern char *swanctl_dir;
+ 
+ /**
+  * Configuration file for connections, etc.

strongswan-5.9.1-runtime-dir.patch

@@ -1,12 +0,0 @@
-diff -Naur strongswan-5.9.1-orig/init/systemd-starter/strongswan-starter.service.in strongswan-5.9.1/init/systemd-starter/strongswan-starter.service.in
---- strongswan-5.9.1-orig/init/systemd-starter/strongswan-starter.service.in	2020-10-16 08:36:37.000000000 -0400
-+++ strongswan-5.9.1/init/systemd-starter/strongswan-starter.service.in	2021-02-12 14:06:09.985042362 -0500
-@@ -5,6 +5,8 @@
- [Service]
- ExecStart=@SBINDIR@/@IPSEC_SCRIPT@ start --nofork
- Restart=on-abnormal
-+RuntimeDirectory=strongswan
-+RuntimeDirectoryMode=0755
- 
- [Install]
- WantedBy=multi-user.target

strongswan.spec

@@ -3,14 +3,14 @@
 %global dist .nhrp.3%{?dist}
 
 Name:           strongswan
-Version:        5.9.1
+Version:        5.8.4
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        An OpenSource IPsec-based VPN and TNC solution
 License:        GPLv2+
 URL:            http://www.strongswan.org/
 Source0:        http://download.strongswan.org/%{name}-%{version}%{?prerelease}.tar.bz2
 Source1:        tmpfiles-strongswan.conf
-Patch0:         strongswan-5.9.1-runtime-dir.patch
+Patch0:         strongswan-5.8.4-runtime-dir.patch
 Patch1:         strongswan-5.6.0-uintptr_t.patch
 Patch3:         strongswan-5.6.2-CVE-2018-5388.patch
 
@@ -25,7 +25,6 @@ Patch16:        0007-vyos-terminate-connections-source-dest.patch
 # only needed for pre-release versions
 #BuildRequires:  autoconf automake
 
-BuildRequires: make
 BuildRequires:  gcc
 BuildRequires:  systemd-devel
 BuildRequires:  gmp-devel
@@ -41,7 +40,6 @@ BuildRequires:  json-c-devel
 BuildRequires:  libgcrypt-devel
 BuildRequires:  systemd-devel
 BuildRequires:  iptables-devel
-BuildRequires:  libcap-devel
 
 BuildRequires:  NetworkManager-libnm-devel
 Requires(post): systemd
@@ -118,7 +116,7 @@ PT-TLS to support TNC over TLS.
     --bindir=%{_libexecdir}/strongswan \
     --with-ipseclibdir=%{_libdir}/strongswan \
     --with-piddir=%{_rundir}/strongswan \
-    --with-nm-ca-dir=%{_sysconfdir}/strongswan/ipsec.d/cacerts/ \
+    --with-fips-mode=2 \
     --enable-bypass-lan \
     --enable-tss-trousers \
     --enable-nm \
@@ -191,9 +189,7 @@ PT-TLS to support TNC over TLS.
 %ifarch x86_64 %{ix86}
     --enable-aesni \
 %endif
-    --enable-kernel-libipsec \
+    --enable-kernel-libipsec
-    --with-capabilities=libcap \
-    CPPFLAGS="-DSTARTER_ALLOW_NON_ROOT"
 
 # disable certain plugins in the daemon configuration by default
 for p in bypass-lan; do
@@ -293,34 +289,6 @@ install -D -m 0644 %{SOURCE1} %{buildroot}/%{_tmpfilesdir}/strongswan.conf
 %{_libexecdir}/strongswan/charon-nm
 
 %changelog
-* Fri Feb 12 2021 Paul Wouters <pwouters@redhat.com> - 5.9.1-1
-- Resolves: rhbz# 1896545 strongswan-5.9.1 is available
-
-* Thu Feb 11 2021 Davide Cavalca <dcavalca@fedoraproject.org> - 5.9.0-4
-- Build with with capabilities support
-- Resolves: rhbz#1911572 StrongSwan not configured with libcap support
-
-* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.9.0-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Thu Oct 22 12:43:48 EDT 2020 Paul Wouters <pwouters@redhat.com> - 5.9.0-2
-- Resolves: rhbz#1886759 charon looking for certificates in the wrong place
-
-* Mon Sep 28 12:36:45 EDT 2020 Paul Wouters <pwouters@redhat.com> - 5.9.0-1
-- Resolves: rhbz#1861747 strongswan-5.9.0 is available
-- Remove --enable-fips-mode=2, which defaults strongswan to FIPS only.
-  (use fips_mode = 2 in plugins {} openssl {} in strongswan.conf to enable FIPS)
-
-* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.8.4-5
-- Second attempt - Rebuilt for
-  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.8.4-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Tue Apr 21 2020 Björn Esser <besser82@fedoraproject.org> - 5.8.4-3
-- Rebuild (json-c)
-
 * Sun Apr 12 2020 Mikhail Zabaluev <mikhail.zabaluev@gmail.com> - 5.8.4-2
 - Patch0: Add RuntimeDirectory options to service files (#1789263)
 
@@ -328,6 +296,9 @@ install -D -m 0644 %{SOURCE1} %{buildroot}/%{_tmpfilesdir}/strongswan.conf
 - Updated to 5.8.4
 - Patch4 has been applied upstream
 
+* Sun Apr 12 2020 Mikhail Zabaluev <mikhail.zabaluev@gmail.com> - 5.8.2-6
+- Patch0: Add RuntimeDirectory options to service files (#1789263)
+
 * Sat Feb 22 2020 Mikhail Zabaluev <mikhail.zabaluev@gmail.com> - 5.8.2-5
 - Patch to declare a global variable with extern (#1800117)