Bump version

Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>

.gitignore

@@ -1 +1,3 @@
 /strongswan-5.8.4.tar.bz2
+/strongswan-5.9.0.tar.bz2
+/strongswan-5.9.1.tar.bz2

sources

@@ -1 +1 @@
-SHA512 (strongswan-5.8.4.tar.bz2) = 15e866b0d6cc4ea94f17856b519d926ae08c15d3b62f675f62685d0722ca8fa26b46afb1ad1c866e9d5f347d77a747f57d0c6d7f6bd57762f37d7798f9e28103
+SHA512 (strongswan-5.9.1.tar.bz2) = 222625e77bd86959da6dd7346cfa9f92569fc396a494bb95ddf2c8e0680b7e8041541e8a14320517a0c735d713ae0fdc0d0c4694215e812817814b0b4efc3497

strongswan-5.8.2-extern-global.patch

@@ -1,11 +0,0 @@
---- strongswan-5.8.2/src/swanctl/swanctl.h.orig	2020-02-23 00:35:39.051000000 +0200
-+++ strongswan-5.8.2/src/swanctl/swanctl.h	2020-02-23 00:35:51.930355656 +0200
-@@ -30,7 +30,7 @@
- /**
-  * Base directory for credentials and config
-  */
--char *swanctl_dir;
-+extern char *swanctl_dir;
- 
- /**
-  * Configuration file for connections, etc.

strongswan-5.9.1-runtime-dir.patch

@@ -0,0 +1,12 @@
+diff -Naur strongswan-5.9.1-orig/init/systemd-starter/strongswan-starter.service.in strongswan-5.9.1/init/systemd-starter/strongswan-starter.service.in
+--- strongswan-5.9.1-orig/init/systemd-starter/strongswan-starter.service.in	2020-10-16 08:36:37.000000000 -0400
++++ strongswan-5.9.1/init/systemd-starter/strongswan-starter.service.in	2021-02-12 14:06:09.985042362 -0500
+@@ -5,6 +5,8 @@
+ [Service]
+ ExecStart=@SBINDIR@/@IPSEC_SCRIPT@ start --nofork
+ Restart=on-abnormal
++RuntimeDirectory=strongswan
++RuntimeDirectoryMode=0755
+ 
+ [Install]
+ WantedBy=multi-user.target

strongswan.spec

@@ -3,14 +3,14 @@
 %global dist .nhrp.3%{?dist}
 
 Name:           strongswan
-Version:        5.8.4
-Release:        2%{?dist}
+Version:        5.9.1
+Release:        1%{?dist}
 Summary:        An OpenSource IPsec-based VPN and TNC solution
 License:        GPLv2+
 URL:            http://www.strongswan.org/
 Source0:        http://download.strongswan.org/%{name}-%{version}%{?prerelease}.tar.bz2
 Source1:        tmpfiles-strongswan.conf
-Patch0:         strongswan-5.8.4-runtime-dir.patch
+Patch0:         strongswan-5.9.1-runtime-dir.patch
 Patch1:         strongswan-5.6.0-uintptr_t.patch
 Patch3:         strongswan-5.6.2-CVE-2018-5388.patch
 
@@ -25,6 +25,7 @@ Patch16:        0007-vyos-terminate-connections-source-dest.patch
 # only needed for pre-release versions
 #BuildRequires:  autoconf automake
 
+BuildRequires: make
 BuildRequires:  gcc
 BuildRequires:  systemd-devel
 BuildRequires:  gmp-devel
@@ -40,6 +41,7 @@ BuildRequires:  json-c-devel
 BuildRequires:  libgcrypt-devel
 BuildRequires:  systemd-devel
 BuildRequires:  iptables-devel
+BuildRequires:  libcap-devel
 
 BuildRequires:  NetworkManager-libnm-devel
 Requires(post): systemd
@@ -116,7 +118,7 @@ PT-TLS to support TNC over TLS.
     --bindir=%{_libexecdir}/strongswan \
     --with-ipseclibdir=%{_libdir}/strongswan \
     --with-piddir=%{_rundir}/strongswan \
-    --with-fips-mode=2 \
+    --with-nm-ca-dir=%{_sysconfdir}/strongswan/ipsec.d/cacerts/ \
     --enable-bypass-lan \
     --enable-tss-trousers \
     --enable-nm \
@@ -189,7 +191,9 @@ PT-TLS to support TNC over TLS.
 %ifarch x86_64 %{ix86}
     --enable-aesni \
 %endif
-    --enable-kernel-libipsec
+    --enable-kernel-libipsec \
+    --with-capabilities=libcap \
+    CPPFLAGS="-DSTARTER_ALLOW_NON_ROOT"
 
 # disable certain plugins in the daemon configuration by default
 for p in bypass-lan; do
@@ -289,6 +293,34 @@ install -D -m 0644 %{SOURCE1} %{buildroot}/%{_tmpfilesdir}/strongswan.conf
 %{_libexecdir}/strongswan/charon-nm
 
 %changelog
+* Fri Feb 12 2021 Paul Wouters <pwouters@redhat.com> - 5.9.1-1
+- Resolves: rhbz# 1896545 strongswan-5.9.1 is available
+
+* Thu Feb 11 2021 Davide Cavalca <dcavalca@fedoraproject.org> - 5.9.0-4
+- Build with with capabilities support
+- Resolves: rhbz#1911572 StrongSwan not configured with libcap support
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.9.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Thu Oct 22 12:43:48 EDT 2020 Paul Wouters <pwouters@redhat.com> - 5.9.0-2
+- Resolves: rhbz#1886759 charon looking for certificates in the wrong place
+
+* Mon Sep 28 12:36:45 EDT 2020 Paul Wouters <pwouters@redhat.com> - 5.9.0-1
+- Resolves: rhbz#1861747 strongswan-5.9.0 is available
+- Remove --enable-fips-mode=2, which defaults strongswan to FIPS only.
+  (use fips_mode = 2 in plugins {} openssl {} in strongswan.conf to enable FIPS)
+
+* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.8.4-5
+- Second attempt - Rebuilt for
+  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.8.4-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Apr 21 2020 Björn Esser <besser82@fedoraproject.org> - 5.8.4-3
+- Rebuild (json-c)
+
 * Sun Apr 12 2020 Mikhail Zabaluev <mikhail.zabaluev@gmail.com> - 5.8.4-2
 - Patch0: Add RuntimeDirectory options to service files (#1789263)
 
@@ -296,9 +328,6 @@ install -D -m 0644 %{SOURCE1} %{buildroot}/%{_tmpfilesdir}/strongswan.conf
 - Updated to 5.8.4
 - Patch4 has been applied upstream
 
-* Sun Apr 12 2020 Mikhail Zabaluev <mikhail.zabaluev@gmail.com> - 5.8.2-6
-- Patch0: Add RuntimeDirectory options to service files (#1789263)
-
 * Sat Feb 22 2020 Mikhail Zabaluev <mikhail.zabaluev@gmail.com> - 5.8.2-5
 - Patch to declare a global variable with extern (#1800117)