* Mon Sep 28 12:36:45 EDT 2020 Paul Wouters <pwouters@redhat.com> - 5.9.0-1

- Resolves: rhbz#1861747 strongswan-5.9.0 is available - Remove --enable-fips-mode=2, which defaults strongswan to FIPS only. (use fips_mode = 2 in plugins {} openssl {} in strongswan.conf to enable FIPS)
merge in master branch changes (5.8.4-2)
2020-09-28 22:55:56 -04:00 · 2020-04-20 20:54:07 -04:00 · 2020-04-12 12:22:20 +03:00
8 changed files with 81 additions and 355 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,10 +1,2 @@
 /strongswan-5.8.4.tar.bz2
 /strongswan-5.9.0.tar.bz2
 /strongswan-5.9.1.tar.bz2
 /strongswan-5.9.2.tar.bz2
 /strongswan-5.9.3.tar.bz2
 /strongswan-5.9.4.tar.bz2
 /948F158A4E76A27BF3D07532DF42C170B34DBA77
 /strongswan-5.9.5.tar.bz2
 /strongswan-5.9.5.tar.bz2.sig
 /STRONGSWAN-RELEASE-PGP-KEY
--- a/4
+++ b/4
@@ -1,3 +1 @@
-SHA512 (strongswan-5.9.5.tar.bz2.sig) = 377889158484968d33b70a2a8ae149432191bc4614a2c5c3865eea1170bee1bae8ccf844d41ea5b4a087d300cc0967cba3aec6255c33976be060022871e094c5
+SHA512 (strongswan-5.9.0.tar.bz2) = b982ce7c3e940ad75ab71b02ce3e2813b41c6b098cde5b6f3f3513d095f409fe989ae6e38a31eff51c57423bf452c3610cd5cd8cd7f45ff932581d9859df1821
 SHA512 (strongswan-5.9.5.tar.bz2) = 3b11c4edb1ffccf0ea5b8b843acfe2eb18dcd3857fc2818b8481c4febe7959261e1b2804c3af29068319df469fa0b784682d3ba4d49a3eb580841ff3c34e33a1
 SHA512 (STRONGSWAN-RELEASE-PGP-KEY) = 2803ebc9bdbbe88e19b75130ad9cc36af730fd3d0c9055665da99ce9b831ce518b0083f98389e6fb9b00dd62da28fcbb03df5dbf899df52b59d49c6bd34c6d37
--- a/strongswan-5.6.2-CVE-2018-5388.patch
+++ b/strongswan-5.6.2-CVE-2018-5388.patch
@@ -0,0 +1,15 @@
 diff -Naur strongswan-5.6.2-orig/src/libcharon/plugins/stroke/stroke_socket.c strongswan-5.6.2/src/libcharon/plugins/stroke/stroke_socket.c
 --- strongswan-5.6.2-orig/src/libcharon/plugins/stroke/stroke_socket.c	2017-11-09 10:57:30.000000000 -0500
 +++ strongswan-5.6.2/src/libcharon/plugins/stroke/stroke_socket.c	2018-05-24 00:00:32.382953618 -0400
@@ -628,6 +628,11 @@
 		return FALSE;
 	}
 +	if (len < offsetof(stroke_msg_t, buffer))
 +	{
 +		DBG1(DBG_CFG, "invalid stroke message length %d", len);
 +		return FALSE;
 +	}
 	/* read message (we need an additional byte to terminate the buffer) */
 	msg = malloc(len + 1);
 	msg->length = len;
--- a/strongswan-5.8.2-extern-global.patch
+++ b/strongswan-5.8.2-extern-global.patch
@@ -0,0 +1,11 @@
 --- strongswan-5.8.2/src/swanctl/swanctl.h.orig	2020-02-23 00:35:39.051000000 +0200
 +++ strongswan-5.8.2/src/swanctl/swanctl.h	2020-02-23 00:35:51.930355656 +0200
@@ -30,7 +30,7 @@
 /**
  * Base directory for credentials and config
  */
 -char *swanctl_dir;
 +extern char *swanctl_dir;
 /**
  * Configuration file for connections, etc.
--- a/strongswan-5.8.4-runtime-dir.patch
+++ b/strongswan-5.8.4-runtime-dir.patch
@@ -0,0 +1,24 @@
 diff -ur strongswan-5.8.4.orig/init/systemd/strongswan.service.in strongswan-5.8.4/init/systemd/strongswan.service.in
 --- strongswan-5.8.4.orig/init/systemd/strongswan.service.in	2019-08-27 16:26:53.000000000 +0300
 +++ strongswan-5.8.4/init/systemd/strongswan.service.in	2020-04-12 12:05:57.383596844 +0300
@@ -9,6 +9,8 @@
 ExecReload=@SBINDIR@/swanctl --reload
 ExecReload=@SBINDIR@/swanctl --load-all --noprompt
 Restart=on-abnormal
 +RuntimeDirectory=strongswan
 +RuntimeDirectoryMode=0755
 [Install]
 WantedBy=multi-user.target
 diff -ur strongswan-5.8.4.orig/init/systemd-starter/strongswan-starter.service.in strongswan-5.8.4/init/systemd-starter/strongswan-starter.service.in
 --- strongswan-5.8.4.orig/init/systemd-starter/strongswan-starter.service.in	2019-08-27 16:26:53.000000000 +0300
 +++ strongswan-5.8.4/init/systemd-starter/strongswan-starter.service.in	2020-04-12 12:05:51.810559482 +0300
@@ -6,6 +6,8 @@
 ExecStart=@SBINDIR@/@IPSEC_SCRIPT@ start --nofork
 StandardOutput=syslog
 Restart=on-abnormal
 +RuntimeDirectory=strongswan
 +RuntimeDirectoryMode=0755
 [Install]
 WantedBy=multi-user.target
--- a/strongswan-5.9.4-test-socket.patch
+++ b/strongswan-5.9.4-test-socket.patch
@@ -1,31 +0,0 @@
 From 377039d24648f82dac35dcf22a2b43de81f2fb96 Mon Sep 17 00:00:00 2001
 From: Petr Mensik <pemensik@redhat.com>
 Date: Thu, 11 Nov 2021 05:48:38 +0100
 Subject: [PATCH] Skip test case, which always hangs
 It just stops and does not continue. Avoid that test.
 ---
 src/libtls/tests/suites/test_socket.c | 2 ++
 1 file changed, 2 insertions(+)
 diff --git a/src/libtls/tests/suites/test_socket.c b/src/libtls/tests/suites/test_socket.c
 index 9e26e91..5296680 100644
 --- a/src/libtls/tests/suites/test_socket.c
 +++ b/src/libtls/tests/suites/test_socket.c
@@ -804,11 +804,13 @@ Suite *socket_suite_create()
 	add_tls_versions_test(test_tls_12_server, TLS_1_0, TLS_1_3);
 	suite_add_tcase(s, tc);
 +#if 0
 	tc = tcase_create("TLS 1.3/key exchange groups");
 	tcase_add_checked_fixture(tc, setup_creds, teardown_creds);
 	tcase_add_loop_test(tc, test_tls13_ke_groups, 0,
 						tls_crypto_get_supported_groups(NULL));
 	suite_add_tcase(s, tc);
 +#endif
 	tc = tcase_create("TLS 1.3/signature schemes");
 	tcase_add_checked_fixture(tc, setup_all_creds, teardown_creds);
 -- 
 2.31.1
--- a/strongswan-5.9.5-atexit-handlers.patch
+++ b/strongswan-5.9.5-atexit-handlers.patch
@@ -1,71 +0,0 @@
 --- strongswan-5.9.5-orig/src/libstrongswan/plugins/openssl/openssl_plugin.c	2022-01-08 12:54:02.000000000 +0100
 +++ strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_plugin.c	2022-02-23 23:12:03.685111475 +0100
@@ -16,7 +16,6 @@
 #include <library.h>
 #include <utils/debug.h>
 -#include <collections/array.h>
 #include <threading/thread.h>
 #include <threading/mutex.h>
 #include <threading/thread_value.h>
@@ -74,13 +73,6 @@
 	 * public functions
 	 */
 	openssl_plugin_t public;
 -
 -#if OPENSSL_VERSION_NUMBER >= 0x30000000L
 -	/**
 -	 * Loaded providers
 -	 */
 -	array_t *providers;
 -#endif
 };
 /**
@@ -881,21 +873,12 @@
 #endif
 	}
 	*features = f;
 -	return countof(f);
 +	return count;
 }
 METHOD(plugin_t, destroy, void,
 	private_openssl_plugin_t *this)
 {
 -#if OPENSSL_VERSION_NUMBER >= 0x30000000L
 -	OSSL_PROVIDER *provider;
 -	while (array_remove(this->providers, ARRAY_TAIL, &provider))
 -	{
 -		OSSL_PROVIDER_unload(provider);
 -	}
 -	array_destroy(this->providers);
 -#endif /* OPENSSL_VERSION_NUMBER */
 -
 /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we
  * can't call it as we couldn't re-initialize the library (as required by the
  * unit tests and the Android app) */
@@ -1009,20 +992,16 @@
 			DBG1(DBG_LIB, "unable to load OpenSSL FIPS provider");
 			return NULL;
 		}
 -		array_insert_create(&this->providers, ARRAY_TAIL, fips);
 		/* explicitly load the base provider containing encoding functions */
 -		array_insert_create(&this->providers, ARRAY_TAIL,
 -							OSSL_PROVIDER_load(NULL, "base"));
 +		OSSL_PROVIDER_load(NULL, "base");
 	}
 	else if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy",
 									 TRUE, lib->ns))
 	{
 		/* load the legacy provider for algorithms like MD4, DES, BF etc. */
 -		array_insert_create(&this->providers, ARRAY_TAIL,
 -							OSSL_PROVIDER_load(NULL, "legacy"));
 +		OSSL_PROVIDER_load(NULL, "legacy");
 		/* explicitly load the default provider, as mentioned by crypto(7) */
 -		array_insert_create(&this->providers, ARRAY_TAIL,
 -							OSSL_PROVIDER_load(NULL, "default"));
 +		OSSL_PROVIDER_load(NULL, "default");
 	}
 	ossl_provider_names_t data = {};
 	OSSL_PROVIDER_do_all(NULL, concat_ossl_providers, &data);
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -1,36 +1,21 @@
 %global _hardened_build 1
 #%%define prerelease dr1
 %bcond_without python3
 %bcond_without perl
 %bcond_with    check
 %if (0%{?fedora} && 0%{?fedora} < 36) || (0%{?rhel} && 0%{?rhel} < 9)
 # trousers was retired for F36+ and no longer available in RHEL with 9+
 %bcond_without tss_trousers
 %else
 %bcond_with tss_trousers
 %endif
 Name:           strongswan
-Version:        5.9.5
+Version:        5.9.0
-Release:        3%{?dist}
+Release:        1%{?dist}
 Summary:        An OpenSource IPsec-based VPN and TNC solution
 License:        GPLv2+
 URL:            http://www.strongswan.org/
-Source0:        http://download.strongswan.org/strongswan-%{version}%{?prerelease}.tar.bz2
+Source0:        http://download.strongswan.org/%{name}-%{version}%{?prerelease}.tar.bz2
-Source1:        http://download.strongswan.org/strongswan-%{version}%{?prerelease}.tar.bz2.sig
+Source1:        tmpfiles-strongswan.conf
-Source2:        https://download.strongswan.org/STRONGSWAN-RELEASE-PGP-KEY
+Patch0:         strongswan-5.8.4-runtime-dir.patch
-Source3:        tmpfiles-strongswan.conf
+Patch1:         strongswan-5.6.0-uintptr_t.patch
-Patch0:         strongswan-5.6.0-uintptr_t.patch
+Patch3:         strongswan-5.6.2-CVE-2018-5388.patch
 # https://git.strongswan.org/?p=strongswan.git;a=commit;h=3eecd40cec6415fc033f8d9141ab652047e71524
 Patch1:         strongswan-5.9.5-atexit-handlers.patch
 # only needed for pre-release versions
 #BuildRequires:  autoconf automake
 BuildRequires:  gnupg2
 BuildRequires:  make
 BuildRequires:  gcc
 BuildRequires:  systemd-devel
 BuildRequires:  gmp-devel
@@ -39,30 +24,13 @@ BuildRequires:  openldap-devel
 BuildRequires:  openssl-devel
 BuildRequires:  sqlite-devel
 BuildRequires:  gettext-devel
 BuildRequires:  trousers-devel
 BuildRequires:  libxml2-devel
 BuildRequires:  pam-devel
 BuildRequires:  json-c-devel
 BuildRequires:  libgcrypt-devel
 BuildRequires:  systemd-devel
 BuildRequires:  iptables-devel
 BuildRequires:  libcap-devel
 BuildRequires:  tpm2-tss-devel
 Recommends:     tpm2-tools
 %if %{with python3}
 BuildRequires:  python3-devel
 BuildRequires:  python3-setuptools
 BuildRequires:  python3-pytest
 %endif
 %if %{with perl}
 BuildRequires:  perl-devel perl-macros
 BuildRequires:  perl(ExtUtils::MakeMaker)
 %endif
 %if %{with tss_trousers}
 BuildRequires:  trousers-devel
 %endif
 BuildRequires:  NetworkManager-libnm-devel
 Requires(post): systemd
@@ -83,8 +51,8 @@ in userland, using TUN devices and its own IPsec implementation libipsec.
 %package charon-nm
 Summary:        NetworkManager plugin for Strongswan
 Requires:       dbus
-Obsoletes:      strongswan-NetworkManager < 0:5.0.4-5
+Obsoletes:      %{name}-NetworkManager < 0:5.0.4-5
-Conflicts:      strongswan-NetworkManager < 0:5.0.4-5
+Conflicts:      %{name}-NetworkManager < 0:5.0.4-5
 Conflicts:      NetworkManager-strongswan < 1.4.2-1
 %description charon-nm
 NetworkManager plugin integrates a subset of Strongswan capabilities
@@ -92,14 +60,14 @@ to NetworkManager.
 %package sqlite
 Summary: SQLite support for strongSwan
-Requires: strongswan = %{version}-%{release}
+Requires: %{name} = %{version}-%{release}
 %description sqlite
 The sqlite plugin adds an SQLite database backend to strongSwan.
 %package tnc-imcvs
 Summary: Trusted network connect (TNC)'s IMC/IMV functionality
-Requires: strongswan = %{version}-%{release}
+Requires: %{name} = %{version}-%{release}
-Requires: strongswan-sqlite = %{version}-%{release}
+Requires: %{name}-sqlite = %{version}-%{release}
 %description tnc-imcvs
 This package provides Trusted Network Connect's (TNC) architecture support.
 It includes support for TNC client and server (IF-TNCCS), IMC and IMV message
@@ -110,39 +78,11 @@ modules can be used by any third party TNC Client/Server implementation
 possessing a standard IF-IMC/IMV interface. In addition, it implements
 PT-TLS to support TNC over TLS.
 %if %{with python3}
 %package -n python3-vici
 Summary: Strongswan Versatile IKE Configuration Interface python bindings
 BuildArch: noarch
 %description -n python3-vici
 VICI is an attempt to improve the situation for system integrators by providing
 a stable IPC interface, allowing external tools to query, configure
 and control the IKE daemon.
 The Versatile IKE Configuration Interface (VICI) python bindings provides module
 for Strongswan runtime configuration from python applications.
 %endif
 %if %{with perl}
 %package -n perl-vici
 Summary: Strongswan Versatile IKE Configuration Interface perl bindings
 BuildArch: noarch
 %description -n perl-vici
 VICI is an attempt to improve the situation for system integrators by providing
 a stable IPC interface, allowing external tools to query, configure
 and control the IKE daemon.
 The Versatile IKE Configuration Interface (VICI) perl bindings provides module
 for Strongswan runtime configuration from perl applications.
 %endif
 # TODO: make also ruby-vici
 %prep
-%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
+%setup -q -n %{name}-%{version}%{?prerelease}
-%autosetup -n %{name}-%{version}%{?prerelease} -p1
+%patch0 -p1
 %patch1 -p1
 %patch3 -p1
 %build
 # only for snapshots
@@ -159,9 +99,8 @@ for Strongswan runtime configuration from perl applications.
    --bindir=%{_libexecdir}/strongswan \
    --with-ipseclibdir=%{_libdir}/strongswan \
    --with-piddir=%{_rundir}/strongswan \
    --with-nm-ca-dir=%{_sysconfdir}/strongswan/ipsec.d/cacerts/ \
    --enable-bypass-lan \
-    --enable-tss-tss2 \
+    --enable-tss-trousers \
    --enable-nm \
    --enable-systemd \
    --enable-openssl \
@@ -225,74 +164,24 @@ for Strongswan runtime configuration from perl applications.
    --enable-curl \
    --enable-cmd \
    --enable-acert \
    --enable-aikgen \
    --enable-vici \
    --enable-swanctl \
    --enable-duplicheck \
 %ifarch x86_64 %{ix86}
    --enable-aesni \
 %endif
-%if %{with python3}
+    --enable-kernel-libipsec
    PYTHON=%{python3} --enable-python-eggs \
 %endif
 %if %{with perl}
    --enable-perl-cpan \
 %endif
 %if %{with check}
    --enable-test-vectors \
 %endif
 %if %{with tss_trousers}
    --enable-tss-trousers \
    --enable-aikgen \
 %endif
    --enable-kernel-libipsec \
    --with-capabilities=libcap \
    CPPFLAGS="-DSTARTER_ALLOW_NON_ROOT"
 # TODO: --enable-python-eggs-install not python3 ready
 # disable certain plugins in the daemon configuration by default
 for p in bypass-lan; do
    echo -e "\ncharon.plugins.${p}.load := no" >> conf/plugins/${p}.opt
 done
-%make_build
+make %{?_smp_mflags}
 pushd src/libcharon/plugins/vici
 %if %{with python3}
  pushd python
    %make_build
    sed -e "s,/var/run/charon.vici,%{_rundir}/strongswan/charon.vici," -i vici/session.py
    #py3_build
  popd
 %endif
 %if %{with perl}
  pushd perl/Vici-Session/
    perl Makefile.PL INSTALLDIRS=vendor
    %make_build
  popd
 %endif
 popd
 %install
-%make_install
+make install DESTDIR=%{buildroot}
 pushd src/libcharon/plugins/vici
 %if %{with python3}
  pushd python
    # TODO: --enable-python-eggs breaks our previous build. Do it now
    # propose better way to upstream
    %py3_build
    %py3_install
  popd
 %endif
 %if %{with perl}
  %make_install -C perl/Vici-Session
  rm -f %{buildroot}{%{perl_archlib}/perllocal.pod,%{perl_vendorarch}/auto/Vici/Session/.packlist}
 %endif
 popd
 # prefix man pages
 for i in %{buildroot}%{_mandir}/*/*; do
    if echo "$i" | grep -vq '/strongswan[^\/]*$'; then
@@ -311,36 +200,21 @@ for i in aacerts acerts certs cacerts crls ocspcerts private reqs; do
    install -d -m 700 %{buildroot}%{_sysconfdir}/strongswan/ipsec.d/${i}
 done
 install -d -m 0700 %{buildroot}%{_rundir}/strongswan
-install -D -m 0644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/strongswan.conf
+install -D -m 0644 %{SOURCE1} %{buildroot}/%{_tmpfilesdir}/strongswan.conf
 install -D -m 0644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.conf
 %check
 %if %{with check}
  # Seen some tests hang. Ensure we do not block builder forever
  export TESTS_VERBOSITY=1
  timeout 600 %make_build check
 %endif
 %if %{with python}
  pushd src/libcharon/plugins/vici
    %pytest
  popd
 %endif
 :
 %post
-%systemd_post strongswan.service strongswan-starter.service
+%systemd_post %{name}.service
 %preun
-%systemd_preun strongswan.service strongswan-starter.service
+%systemd_preun %{name}.service
 %postun
-%systemd_postun_with_restart strongswan.service strongswan-starter.service
+%systemd_postun_with_restart %{name}.service
 %files
 %doc README NEWS TODO ChangeLog
 %license COPYING
-%dir %attr(0755,root,root) %{_sysconfdir}/strongswan
+%dir %attr(0700,root,root) %{_sysconfdir}/strongswan
 %config(noreplace) %{_sysconfdir}/strongswan/*
 %dir %{_libdir}/strongswan
 %exclude %{_libdir}/strongswan/imcvs
@@ -370,7 +244,6 @@ install -D -m 0644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.co
 %{_datadir}/strongswan/templates/database/
 %attr(0755,root,root) %dir %{_rundir}/strongswan
 %attr(0644,root,root) %{_tmpfilesdir}/strongswan.conf
 %attr(0644,root,root) %{_tmpfilesdir}/strongswan-starter.conf
 %files sqlite
 %{_libdir}/strongswan/plugins/libstrongswan-sqlite.so
@@ -397,100 +270,12 @@ install -D -m 0644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.co
 %{_datadir}/dbus-1/system.d/nm-strongswan-service.conf
 %{_libexecdir}/strongswan/charon-nm
 %if %{with python3}
 %files -n python3-vici
 %license COPYING
 %doc src/libcharon/plugins/vici/python/README.rst
 %{python3_sitelib}/vici
 %{python3_sitelib}/vici-%{version}-py*.egg-info
 %endif
 %if %{with perl}
 %license COPYING
 %files -n perl-vici
 %{perl_vendorlib}/Vici
 %endif
 %changelog
 * Fri Feb 25 2022 Arne Reiter <redhat@arnereiter.de> - 5.9.5-3
 - Resolves: rhbz#2048108 - segfault at 18 ip 00007f4c7c0d841c sp 00007ffe49f61b70 error 4 in libc.so.6
 * Tue Jan 25 2022 Paul Wouters <paul.wouters@aiven.io> - 5.9.5-2
 - Use newly published/cleaned strongswan gpg key
 * Mon Jan 24 2022 Paul Wouters <paul.wouters@aiven.io> - 5.9.5-1
 - Resolves rhbz#2044361 strongswan-5.9.5 is available (CVE-2021-45079)
 * Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.9.4-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 * Thu Dec 16 2021 Neal Gompa <ngompa@datto.com> - 5.9.4-4
 - Disable TPM/TSS 1.2 support for F36+ / RHEL9+
 - Resolves: rhbz#2033299 Drop TPM/TSS 1.2 support (trousers)
 * Thu Nov 11 2021 Petr Menšík <pemensik@redhat.com> - 5.9.4-3
 - Resolves rhbz#1419441 Add python and perl vici bindings
 - Adds optional tests run
 * Tue Nov 09 2021 Paul Wouters <paul.wouters@aiven.io> - 5.9.4-2
 - Resolves rhbz#2018547 'strongswan restart' breaks ipsec started with strongswan-starter
 - Return to using tmpfiles, but extend to cover strongswan-starter service too
 - Cleanup old patches
 * Wed Oct 20 2021 Paul Wouters <paul.wouters@aiven.io> - 5.9.4-1
 - Resolves: rhbz#2015165 strongswan-5.9.4 is available
 - Resolves: rhbz#2015611 CVE-2021-41990 strongswan: gmp plugin: integer overflow via a crafted certificate with an RSASSA-PSS signature
 - Resolves: rhbz#2015614 CVE-2021-41991 strongswan: integer overflow when replacing certificates in cache
 - Add BuildRequire for tpm2-tss-devel and weak dependency for tpm2-tools
 * Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 5.9.3-4
 - Rebuilt with OpenSSL 3.0.0
 * Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.9.3-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 * Sat Jul 10 2021 Björn Esser <besser82@fedoraproject.org> - 5.9.3-2
 - Rebuild for versioned symbols in json-c
 * Tue Jul 06 2021 Paul Wouters <paul.wouters@aiven.io> - 5.9.3-1
 - Resolves: rhbz#1979574 strongswan-5.9.3 is available
 - Make strongswan main dir world readable so apps can find strongswan.conf
 * Thu Jun 03 2021 Paul Wouters <paul.wouters@aiven.io> - 5.9.2-1
 - Resolves: rhbz#1896545 strongswan-5.9.2 is available
 * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 5.9.1-2
 - Rebuilt for updated systemd-rpm-macros
  See https://pagure.io/fesco/issue/2583.
 * Fri Feb 12 2021 Paul Wouters <pwouters@redhat.com> - 5.9.1-1
 - Resolves: rhbz#1896545 strongswan-5.9.1 is available
 * Thu Feb 11 2021 Davide Cavalca <dcavalca@fedoraproject.org> - 5.9.0-4
 - Build with with capabilities support
 - Resolves: rhbz#1911572 StrongSwan not configured with libcap support
 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.9.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Thu Oct 22 12:43:48 EDT 2020 Paul Wouters <pwouters@redhat.com> - 5.9.0-2
 - Resolves: rhbz#1886759 charon looking for certificates in the wrong place
 * Mon Sep 28 12:36:45 EDT 2020 Paul Wouters <pwouters@redhat.com> - 5.9.0-1
 - Resolves: rhbz#1861747 strongswan-5.9.0 is available
 - Remove --enable-fips-mode=2, which defaults strongswan to FIPS only.
  (use fips_mode = 2 in plugins {} openssl {} in strongswan.conf to enable FIPS)
 * Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.8.4-5
 - Second attempt - Rebuilt for
  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.8.4-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Tue Apr 21 2020 Björn Esser <besser82@fedoraproject.org> - 5.8.4-3
 - Rebuild (json-c)
 * Sun Apr 12 2020 Mikhail Zabaluev <mikhail.zabaluev@gmail.com> - 5.8.4-2
 - Patch0: Add RuntimeDirectory options to service files (#1789263)
@@ -498,6 +283,9 @@ install -D -m 0644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.co
 - Updated to 5.8.4
 - Patch4 has been applied upstream
 * Sun Apr 12 2020 Mikhail Zabaluev <mikhail.zabaluev@gmail.com> - 5.8.2-6
 - Patch0: Add RuntimeDirectory options to service files (#1789263)
 * Sat Feb 22 2020 Mikhail Zabaluev <mikhail.zabaluev@gmail.com> - 5.8.2-5
 - Patch to declare a global variable with extern (#1800117)
Author	SHA1	Message	Date
Paul Wouters	a1432abe4e	* Mon Sep 28 12:36:45 EDT 2020 Paul Wouters <pwouters@redhat.com> - 5.9.0-1 - Resolves: rhbz#1861747 strongswan-5.9.0 is available - Remove --enable-fips-mode=2, which defaults strongswan to FIPS only. (use fips_mode = 2 in plugins {} openssl {} in strongswan.conf to enable FIPS)	2020-09-28 22:55:56 -04:00
Paul Wouters	68ceebaf2b	merge in master branch changes (5.8.4-2)	2020-04-20 20:54:07 -04:00
Mikhail Zabaluev	2145455b59	Patch0: Add RuntimeDirectory options to service files (#1789263 )	2020-04-12 12:22:20 +03:00