Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>

.gitignore

@@ -4,3 +4,16 @@
 /strongswan-5.9.2.tar.bz2
 /strongswan-5.9.3.tar.bz2
 /strongswan-5.9.4.tar.bz2
+/948F158A4E76A27BF3D07532DF42C170B34DBA77
+/strongswan-5.9.5.tar.bz2
+/strongswan-5.9.5.tar.bz2.sig
+/strongswan-5.9.6.tar.bz2
+/strongswan-5.9.6.tar.bz2.sig
+/strongswan-5.9.8.tar.bz2
+/strongswan-5.9.8.tar.bz2.sig
+/strongswan-5.9.9.tar.bz2
+/strongswan-5.9.9.tar.bz2.sig
+/strongswan-5.9.10.tar.bz2
+/strongswan-5.9.10.tar.bz2.sig
+/strongswan-5.9.11.tar.bz2
+/strongswan-5.9.11.tar.bz2.sig

STRONGSWAN-RELEASE-PGP-KEY

@@ -0,0 +1,48 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGNBEoycP0BDACzL8ymURD7gnaNbGx2VGieNQr/gNISWhqgHaeUxuSkrInxl89A
+ClvN7DoF2cD7slEqIMQh/8t6xVzmh9teu5uyeV1eyG/CuFMUqawXqpn/sYa2SkgX
+C/qHB2hIbFg2K4k5LJHxzqHb1OdtOcU6lHg9yrvYcoO+FTVR+rYaVgYbbbziTB/v
+hAAzvdTdgwMgoQMSXA7FsJ0mALny4IeiCoi6S6qRVDm4zcu11UFT9g1VmhmeHqtU
+SQso72bPKKhYvu7ZaQrLhkvY9inWr6m9dxV8Zgb1ivZGhzsNzrhGAsz9jmiB5POF
+Mfph0hREMiS33ph/YMJducGQHYGEza9mKBdUaaAAEL3fCpde7vRa+c5Gc/Y5RUB7
+iUsb2KQY+7xTiSUnCHbsMwhndG0dJspVXcz6X+2S3Ty4GaiqkvxI9KLiwiECNl0I
+oLX5s/FIW6KW+GnxJTp/3h6vvqm8i0+yIwk+ETM4XfhHMwuPkDyf6km1ag3nIUw6
+pSSfnQMPhj5rXIMAEQEAAbQwQW5kcmVhcyBTdGVmZmVuIDxhbmRyZWFzLnN0ZWZm
+ZW5Ac3Ryb25nc3dhbi5vcmc+iQG3BBMBAgAhBQJKMnD9AhsDBwsJCAcDAgEEFQII
+AwQWAgMBAh4BAheAAAoJEN9CwXCzTbp3t5AL/jrXnnGIHLn8M9rmyoeNe7JQUE5A
+GSV3UFaZHgHmjbvIHA+dRvh1MPlHuWbaZkHVPtRFvFtEgksc944+XcKoNoExKGKr
+wLQcUExUiQ0IyNwH70u7f1uFNcbY85Oue5ASzm+wAntnmIlNsN+MHewRWC6f6gYn
+1aHwsvh09fz0A34v9wdtim2ek/Voxe3AIDIw2MTNmwF61pXEsrH0wqYnGhYLZ7Qb
+thnDnHQaUd3IPSa6uAgOOiCoCbKCvP4u/iVm0rmXN9uzmm/i4Y0cE3DopGsqrR5D
+fWYJjgP4KBCln0LgWtYI8pcYcmA5E+l+fijNcMidtzWHMW2Mj0oZZsO+wlRUYLGh
+/jRASgq7rXuxV+oGKcBn4RqSHlZ5/BYlvowUxnNFC4tLLlneHidS8TurjacM3fwR
+MP5NMmcS5d9sVLG1uxl+/g2cRMtphHiziz+79jDc+tSxqRO5lhqyItAD6LC2GxB3
+iC5afnMx49+YWzhUTeL/KfkrD9w3/n7O00kLtLkDDQRKjOHDEAwAxdh8W7j/QhE3
+KZNmJGsK/QtJ72zZRGRcdUPH6GG//GaAG5hSCjM8q+0MR/G+31uk32RbzRIj1sHQ
+8fY0znxPmaeD1wow0hCbDTq+Ep3K8ouaqoqjlP4rd+I94OtxNfXgmllf7BDOZ6lI
+wUY8ba8cFCPYsv8ZvRXo82XfwFYevQ9kTLqkJT52mMyPZLwYx4DNwuqFtQQEBLKg
+IVXVgpK6SE72MFP8vyFsdrL0ORgxoWI6PIHbnIRY1KiWUzOSrqirZUHH9MPuzFuB
+R0+jEAajeKoxycn0ILLM5PBAEFXFgBdtNNCtshe1fR5aPsXcGZsZRjc7mbAHLRqa
+pVhk7oX31WrGqGHkSM/GAnf3aAzsnCkO5+Tje2iyuoG5OhQbHsvMBOtdvQrwnorl
+56EguzuK1mGDsczNsuAYRcKiasCWpsjoytDH+dGEQmKXydD9r06cxPx+mWmWKLo4
+w+k4mMC0lFRYKi83cwTpaMpHOeW4+3d1tJfkCQy+vjUz4aZJ/WSXAAMFDACqmeXA
+Al7WssHkjVZ/vwQfHLHNMZsGEEucvV7KNqMF4Fe6nRbbE6GJOuz6taeFkJIppBqV
+xhSNOsf5soOXfGp0IgYoC37GPI6AAb4UnG5GVcaAMQAXUYcwfDGGuV/EO5pPrEyP
+jy++GvjhxcKV3HmUuAfcgyhTGhDOVPxU28Roz3+8Eig085v+lyqAsgFduBrf+ZV+
+lHjIOSXSWmTiT8EVSA3fpN14/qhltudhdGIZ/pCW303H9Bd9c4Uc9OzYhRr1VpO6
+lpYfTFNey8KQL4z9Kjt0RPscz2hYDOJ1cTFWs/4Z+9mBJODwrnIiORLlgV2NlP5E
+ZY4MccVFd9K7E/OPQdt3Uv6+6BjYRntY7wsX617T5Rmj8n6AhbpngmWg2D6wRfm7
+TyI0Wtz5icCoJIEHQwB/3EhBzQl7tBc0cClwCYm7nTYRt+SL2tfylWy9Leail+ay
+M6zwMW0klV42E4u8DCy/aJrwmEiVwuwGbXL6z46M9EZguof38MTEmLsHls+JAZ8E
+GAECAAkFAkqM4cMCGwwACgkQ30LBcLNNunffBgv/b/v3eQoZTWgOB5MnXhIrg/Ki
+kYTYbnEG9wWM7XIST8bpP7f/UKyD44CCVJH7SVTGAXeyjglnuYXy4FwaTdFmm6al
+W0sCp4rnmADi5BLLzQlCUa5J0iZ+oAZnAH60BezUM+CYz/QBW3NJmP3323PeM4H4
+MZ0vLv3wgaLkFlaK/eASBoC7KuZWAnvsNOdLQ29L4BYgW2Jwk1+PxszjT369DsMU
+Y3iY6gM9rM71Ajd8x98hd1r26LILGntAEEXxs+13Kka7J4GCqf8/J9ZR01dDp8QM
++M9EHFLnthpAyUuSXm5Qlglavnf7tU6AA0SFuA0pP5CXVLG1DLT1fJvNOqjdzPsf
+u/48AM2Lpxj0gKt1yDQc890GxwnOL1iZ6+XMh9/ujWy7Q7dI4M2mthwYFXldWrPS
+CmMToWfl62BxPdY5FIECXeRwTIO9sI0LQVc2eAG8lDsge05q1nJFxo9WKr7ewAdF
+b/fMIr7XMwoMj2SQSy/tZVCBnDXR5Gw5HSxRnIAS
+=ze82
+-----END PGP PUBLIC KEY BLOCK-----

sources

@@ -1 +1,2 @@
-SHA512 (strongswan-5.9.4.tar.bz2) = 796356c1d5c1ad410f0ed944ab4a131076d26f120ec6fa57796fe4060b0741201199625883ddc9ebd8a7ad299495f073cec76a6780ebd8f375605aae16750cf3
+SHA512 (strongswan-5.9.11.tar.bz2) = d500523215f5ec5c5550c4d2c49060b350ae396d8c60170792c46775d04fc7a132aa70a6242145477753668351d26ed957e08903683ecc340aa8d84fb2ae5498
+SHA512 (strongswan-5.9.11.tar.bz2.sig) = a434dc338641c808d3461de17c893a0d3b761cdba6cea5db0551fc75df498cfae26db379a86fd2a0a0e7710676a1cd657c01da435054a6814ec4ce6099db2b68

strongswan-5.9.4-test-socket.patch

@@ -1,31 +0,0 @@
-From 377039d24648f82dac35dcf22a2b43de81f2fb96 Mon Sep 17 00:00:00 2001
-From: Petr Mensik <pemensik@redhat.com>
-Date: Thu, 11 Nov 2021 05:48:38 +0100
-Subject: [PATCH] Skip test case, which always hangs
-
-It just stops and does not continue. Avoid that test.
----
- src/libtls/tests/suites/test_socket.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/libtls/tests/suites/test_socket.c b/src/libtls/tests/suites/test_socket.c
-index 9e26e91..5296680 100644
---- a/src/libtls/tests/suites/test_socket.c
-+++ b/src/libtls/tests/suites/test_socket.c
-@@ -804,11 +804,13 @@ Suite *socket_suite_create()
- 	add_tls_versions_test(test_tls_12_server, TLS_1_0, TLS_1_3);
- 	suite_add_tcase(s, tc);
- 
-+#if 0
- 	tc = tcase_create("TLS 1.3/key exchange groups");
- 	tcase_add_checked_fixture(tc, setup_creds, teardown_creds);
- 	tcase_add_loop_test(tc, test_tls13_ke_groups, 0,
- 						tls_crypto_get_supported_groups(NULL));
- 	suite_add_tcase(s, tc);
-+#endif
- 
- 	tc = tcase_create("TLS 1.3/signature schemes");
- 	tcase_add_checked_fixture(tc, setup_all_creds, teardown_creds);
--- 
-2.31.1
-

strongswan-5.9.7-error-no-format.patch

@@ -0,0 +1,12 @@
+diff --git a/configure.ac b/configure.ac
+index f9e6e55c2..247d055d8 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1480,7 +1480,6 @@ else
+ fi
+ # disable some warnings, whether explicitly enabled above or by default
+ # these are not compatible with our custom printf specifiers
+-WARN_CFLAGS="$WARN_CFLAGS -Wno-format"
+ WARN_CFLAGS="$WARN_CFLAGS -Wno-format-security"
+ # we generally use comments, but GCC doesn't seem to recognize many of them
+ WARN_CFLAGS="$WARN_CFLAGS -Wno-implicit-fallthrough"

strongswan.spec

@@ -12,24 +12,31 @@
 %bcond_with tss_trousers
 %endif
 
+%global forgeurl0 https://github.com/strongswan/strongswan
+
 Name:           strongswan
-Version:        5.9.4
-Release:        4%{?dist}
+Version:        5.9.11
+Release:        2%{?dist}
 Summary:        An OpenSource IPsec-based VPN and TNC solution
 License:        GPLv2+
-URL:            http://www.strongswan.org/
-Source0:        http://download.strongswan.org/strongswan-%{version}%{?prerelease}.tar.bz2
-Source1:        tmpfiles-strongswan.conf
+URL:            https://www.strongswan.org/
+VCS:            git:%{forgeurl0}
+Source0:        https://download.strongswan.org/strongswan-%{version}%{?prerelease}.tar.bz2
+Source1:        https://download.strongswan.org/strongswan-%{version}%{?prerelease}.tar.bz2.sig
+Source2:        https://download.strongswan.org/STRONGSWAN-RELEASE-PGP-KEY
+Source3:        tmpfiles-strongswan.conf
 Patch0:         strongswan-5.6.0-uintptr_t.patch
-# https://github.com/strongswan/strongswan/issues/752
-Patch1:         strongswan-5.9.4-test-socket.patch
+# https://github.com/strongswan/strongswan/issues/1198
+Patch1:         strongswan-5.9.7-error-no-format.patch
 
-# only needed for pre-release versions
-#BuildRequires:  autoconf automake
-
-BuildRequires: make
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  gnupg2
+BuildRequires:  make
 BuildRequires:  gcc
+BuildRequires:  systemd
 BuildRequires:  systemd-devel
+BuildRequires:  systemd-rpm-macros
 BuildRequires:  gmp-devel
 BuildRequires:  libcurl-devel
 BuildRequires:  openldap-devel
@@ -40,7 +47,6 @@ BuildRequires:  libxml2-devel
 BuildRequires:  pam-devel
 BuildRequires:  json-c-devel
 BuildRequires:  libgcrypt-devel
-BuildRequires:  systemd-devel
 BuildRequires:  iptables-devel
 BuildRequires:  libcap-devel
 BuildRequires:  tpm2-tss-devel
@@ -53,7 +59,7 @@ BuildRequires:  python3-pytest
 %endif
 
 %if %{with perl}
-BuildRequires:  perl-devel perl-macros
+BuildRequires:  perl-devel perl-generators
 BuildRequires:  perl(ExtUtils::MakeMaker)
 %endif
 
@@ -138,6 +144,7 @@ for Strongswan runtime configuration from perl applications.
 
 
 %prep
+%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
 %autosetup -n %{name}-%{version}%{?prerelease} -p1
 
 %build
@@ -212,8 +219,6 @@ for Strongswan runtime configuration from perl applications.
     --enable-imv-attestation \
     --enable-imv-os \
     --enable-imc-os \
-    --enable-imc-swid \
-    --enable-imv-swid \
     --enable-imc-swima \
     --enable-imv-swima \
     --enable-imc-hcd \
@@ -250,6 +255,9 @@ for p in bypass-lan; do
     echo -e "\ncharon.plugins.${p}.load := no" >> conf/plugins/${p}.opt
 done
 
+# ensure manual page is regenerated with local configuration
+rm -f src/ipsec/_ipsec.8
+
 %make_build
 
 pushd src/libcharon/plugins/vici
@@ -307,8 +315,8 @@ for i in aacerts acerts certs cacerts crls ocspcerts private reqs; do
     install -d -m 700 %{buildroot}%{_sysconfdir}/strongswan/ipsec.d/${i}
 done
 install -d -m 0700 %{buildroot}%{_rundir}/strongswan
-install -D -m 0644 %{SOURCE1} %{buildroot}/%{_tmpfilesdir}/strongswan.conf
-install -D -m 0644 %{SOURCE1} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.conf
+install -D -m 0644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/strongswan.conf
+install -D -m 0644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.conf
 
 
 %check
@@ -408,6 +416,59 @@ install -D -m 0644 %{SOURCE1} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.co
 %endif
 
 %changelog
+* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.9.11-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Fri Jul 14 2023 Paul Wouters <paul.wouters@aiven.io - 5.9.11-1
+- Resolves: rhbz#2214186 strongswan-5.9.11 is available
+
+* Tue Jun 13 2023 Python Maint <python-maint@redhat.com> - 5.9.10-2
+- Rebuilt for Python 3.12
+
+* Thu Mar 02 2023 Paul Wouters <paul.wouters@aiven.io - 5.9.10-1
+- Update to 5.9.10
+
+* Tue Feb 28 2023 Paul Wouters <paul.wouters@aiven.io - 5.9.9-3
+- Resolves: CVE-2023-26463 authorization bypass in TLS-based EAP methods
+
+* Mon Jan 16 2023 Petr Menšík <pemensik@redhat.com> - 5.9.9-2
+- Use configure paths in manual pages (#2106120)
+
+* Sun Jan 15 2023 Petr Menšík <pemensik@redhat.com> - 5.9.9-1
+- Update to 5.9.9 (#2157850)
+
+* Thu Dec 08 2022 Jitka Plesnikova <jplesnik@redhat.com> - 5.9.8-2
+- Add BR perl-generators to automatically generates run-time dependencies
+  for installed Perl files
+
+* Sun Oct 16 2022 Arne Reiter <redhat@arnereiter.de> - 5.9.8-1
+- Resolves rhbz#2112274 strongswan-5.9.8 is available
+- Patch1 removes CFLAGS -Wno-format which interferes with -Werror=format-security
+- Add BuildRequire for autoconf and automake, now required for release
+- Remove obsolete patches
+
+* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.9.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Wed Jun 22 2022 Arne Reiter <redhat@arnereiter.de> - 5.9.6-1
+- Resolves rhbz#2080070 strongswan-5.9.6 is available
+- Fixed missing format string in enum_flags_to_string()
+
+* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 5.9.5-4
+- Rebuilt for Python 3.11
+
+* Fri Feb 25 2022 Arne Reiter <redhat@arnereiter.de> - 5.9.5-3
+- Resolves: rhbz#2048108 - segfault at 18 ip 00007f4c7c0d841c sp 00007ffe49f61b70 error 4 in libc.so.6
+
+* Tue Jan 25 2022 Paul Wouters <paul.wouters@aiven.io> - 5.9.5-2
+- Use newly published/cleaned strongswan gpg key
+
+* Mon Jan 24 2022 Paul Wouters <paul.wouters@aiven.io> - 5.9.5-1
+- Resolves rhbz#2044361 strongswan-5.9.5 is available (CVE-2021-45079)
+
+* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.9.4-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
 * Thu Dec 16 2021 Neal Gompa <ngompa@datto.com> - 5.9.4-4
 - Disable TPM/TSS 1.2 support for F36+ / RHEL9+
 - Resolves: rhbz#2033299 Drop TPM/TSS 1.2 support (trousers)