Bump version with .nhrp

0001-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch

@@ -1,7 +1,7 @@
 From 4904344754c2884e36b40532a8b65229c3355ff6 Mon Sep 17 00:00:00 2001
 From: Tobias Brunner <tobias@strongswan.org>
 Date: Fri, 17 Jul 2015 11:53:58 +0200
-Subject: [PATCH 1/7] ike: Adhere to IKE_SA limit when checking out by config
+Subject: [PATCH 1/6] ike: Adhere to IKE_SA limit when checking out by config
 
 This prevents new SAs from getting created if we hit the global IKE_SA
 limit (we still allow checkout_new(), which is used for rekeying).

0002-charon-add-optional-source-and-remote-overrides-for-.patch

@@ -1,7 +1,7 @@
 From bc5cee05ee42b7566ed3539546757c3183aa7053 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
 Date: Mon, 21 Sep 2015 13:41:58 +0300
-Subject: [PATCH 2/7] charon: add optional source and remote overrides for
+Subject: [PATCH 2/6] charon: add optional source and remote overrides for
  initiate
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8

0003-vici-send-certificates-for-ike-sa-events.patch

@@ -1,7 +1,7 @@
 From 0220ba579f8df26f90a1152f115f2a339a755708 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
 Date: Mon, 21 Sep 2015 13:42:05 +0300
-Subject: [PATCH 3/7] vici: send certificates for ike-sa events
+Subject: [PATCH 3/6] vici: send certificates for ike-sa events
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit

0004-vici-add-support-for-individual-sa-state-changes.patch

@@ -1,7 +1,7 @@
 From 5ad4fd199b718d8281021a6e31d682872b59a34c Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
 Date: Mon, 21 Sep 2015 13:42:11 +0300
-Subject: [PATCH 4/7] vici: add support for individual sa state changes
+Subject: [PATCH 4/6] vici: add support for individual sa state changes
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit

0005-vici-add-deprecated-async-parameter.patch

@@ -1,7 +1,7 @@
 From b251c17bfba838ee565a4f4af35b249024e35e77 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
 Date: Mon, 21 Sep 2015 13:42:15 +0300
-Subject: [PATCH 5/7] vici: add (deprecated) async parameter
+Subject: [PATCH 5/6] vici: add (deprecated) async parameter
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit

0006-support-gre-key-in-ikev1.patch

@@ -1,7 +1,7 @@
 From b2e130f8ce765d5bd0f12ad16ef2434c820c11b1 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
 Date: Mon, 21 Sep 2015 13:42:18 +0300
-Subject: [PATCH 6/7] support gre key in ikev1
+Subject: [PATCH 6/6] support gre key in ikev1
 
 this implements gre key negotiation in ikev1 similarly to the
 ipsec-tools patch in alpine.

0007-vyos-terminate-connections-source-dest.patch

@@ -1,124 +0,0 @@
-From 4e0a88132b5e3e99b250d044f4434702cae2abaa Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zoran=20Peri=C4=8Di=C4=87?= <zpericic@netst.org>
-Date: Wed, 22 Jan 2020 13:12:39 +0100
-Subject: [PATCH 7/7] vyos-terminate-connections-source-dest
-
----
- src/libcharon/plugins/vici/vici_control.c | 27 ++++++++++++++++++++---
- src/swanctl/commands/terminate.c          | 18 ++++++++++++++-
- 2 files changed, 41 insertions(+), 4 deletions(-)
-
-diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c
-index 718d14b3c..39da4a10d 100644
---- a/src/libcharon/plugins/vici/vici_control.c
-+++ b/src/libcharon/plugins/vici/vici_control.c
-@@ -269,12 +269,13 @@ CALLBACK(terminate, vici_message_t*,
- 	private_vici_control_t *this, char *name, u_int id, vici_message_t *request)
- {
- 	enumerator_t *enumerator, *isas, *csas;
--	char *child, *ike, *errmsg = NULL;
-+	char *child, *ike, *errmsg = NULL, *my_host_str, *other_host_str;
- 	u_int child_id, ike_id, current, *del, done = 0;
- 	bool force;
- 	int timeout;
- 	ike_sa_t *ike_sa;
- 	child_sa_t *child_sa;
-+	host_t *my_host = NULL, *other_host = NULL;
- 	array_t *ids;
- 	vici_builder_t *builder;
- 	controller_cb_t log_cb = NULL;
-@@ -290,12 +291,23 @@ CALLBACK(terminate, vici_message_t*,
- 	force = request->get_bool(request, FALSE, "force");
- 	timeout = request->get_int(request, 0, "timeout");
- 	log.level = request->get_int(request, 1, "loglevel");
-+	my_host_str = request->get_str(request, NULL, "my-host");
-+	other_host_str = request->get_str(request, NULL, "other-host");
- 
--	if (!child && !ike && !ike_id && !child_id)
-+	if (!child && !ike && !ike_id && !child_id && !my_host_str &&!other_host_str)
- 	{
- 		return send_reply(this, "missing terminate selector");
- 	}
--
-+	if (my_host_str && !other_host_str || other_host_str && !my_host_str)
-+	{
-+		return send_reply(this, "missing source or remote");
-+	}
-+	else
-+	{
-+		my_host = host_create_from_string(my_host_str, 0);
-+		other_host = host_create_from_string(other_host_str, 0);
-+		DBG1(DBG_CFG, "vici terminate with source me %H and other %H", my_host, other_host);
-+	}
- 	if (ike_id)
- 	{
- 		DBG1(DBG_CFG, "vici terminate IKE_SA #%d", ike_id);
-@@ -358,6 +370,15 @@ CALLBACK(terminate, vici_message_t*,
- 		{
- 			array_insert(ids, ARRAY_TAIL, &ike_id);
- 		}
-+		else if (my_host && other_host)
-+		{
-+			if (!my_host->ip_equals(my_host, ike_sa->get_my_host(ike_sa)) || !other_host->ip_equals(other_host, ike_sa->get_other_host(ike_sa)))
-+			{
-+				continue;
-+			}
-+			current = ike_sa->get_unique_id(ike_sa);
-+			array_insert(ids, ARRAY_TAIL, &current);
-+		}
- 	}
- 	isas->destroy(isas);
- 
-diff --git a/src/swanctl/commands/terminate.c b/src/swanctl/commands/terminate.c
-index 2309843b2..37d0bde3f 100644
---- a/src/swanctl/commands/terminate.c
-+++ b/src/swanctl/commands/terminate.c
-@@ -37,7 +37,7 @@ static int terminate(vici_conn_t *conn)
- 	vici_req_t *req;
- 	vici_res_t *res;
- 	command_format_options_t format = COMMAND_FORMAT_NONE;
--	char *arg, *child = NULL, *ike = NULL;
-+	char *arg, *child = NULL, *ike = NULL, *my_host = NULL, *other_host = NULL;
- 	int ret = 0, timeout = 0, level = 1, child_id = 0, ike_id = 0;
- 	bool force = FALSE;
- 
-@@ -74,6 +74,12 @@ static int terminate(vici_conn_t *conn)
- 			case 'l':
- 				level = atoi(arg);
- 				continue;
-+			case 'S':
-+				my_host = arg;
-+				continue;
-+			case 'R':
-+				other_host = arg;
-+				continue;
- 			case EOF:
- 				break;
- 			default:
-@@ -109,6 +115,14 @@ static int terminate(vici_conn_t *conn)
- 	{
- 		vici_add_key_valuef(req, "force", "yes");
- 	}
-+	if (my_host)
-+	{
-+		vici_add_key_valuef(req, "my-host", "%s", my_host);
-+	}
-+	if (other_host)
-+	{
-+		vici_add_key_valuef(req, "other-host", "%s", other_host);
-+	}
- 	if (timeout)
- 	{
- 		vici_add_key_valuef(req, "timeout", "%d", timeout * 1000);
-@@ -155,6 +169,8 @@ static void __attribute__ ((constructor))reg()
- 		{
- 			{"help",		'h', 0, "show usage information"},
- 			{"child",		'c', 1, "terminate by CHILD_SA name"},
-+			{"source",		'S', 1, "override source address"},
-+			{"remote",		'R', 1, "override remote address"},
- 			{"ike",			'i', 1, "terminate by IKE_SA name"},
- 			{"child-id",	'C', 1, "terminate by CHILD_SA reqid"},
- 			{"ike-id",		'I', 1, "terminate by IKE_SA unique identifier"},
--- 
-2.24.1
-

strongswan.spec

@@ -3,7 +3,7 @@
 
 Name:           strongswan
 Version:        5.7.2
-Release:        3.nhrp.2%{?dist}
+Release:        1.nhrp%{?dist}
 Summary:        An OpenSource IPsec-based VPN and TNC solution
 License:        GPLv2+
 URL:            http://www.strongswan.org/
@@ -17,7 +17,6 @@ Patch12:        0003-vici-send-certificates-for-ike-sa-events.patch
 Patch13:        0004-vici-add-support-for-individual-sa-state-changes.patch
 Patch14:        0005-vici-add-deprecated-async-parameter.patch
 Patch15:        0006-support-gre-key-in-ikev1.patch
-Patch16:        0007-vyos-terminate-connections-source-dest.patch
 
 # only needed for pre-release versions
 #BuildRequires:  autoconf automake
@@ -95,7 +94,7 @@ PT-TLS to support TNC over TLS.
 %patch13 -p1
 %patch14 -p1
 %patch15 -p1
-%patch16 -p1
+
 
 %build
 # only for snapshots
@@ -281,12 +280,6 @@ done
 %{_libexecdir}/strongswan/charon-nm
 
 %changelog
-* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.7.2-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.7.2-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
 * Wed Jan 09 2019 Paul Wouters <pwouters@redhat.com> - 5.7.2-1
 - Updated to 5.7.2