strongswan: Update to version 5.9.3

Message ID 20210824212904.1311282-1-adolf.belka@ipfire.org
State Accepted
Commit a41e24d4145a6163eb8f1ad5ba81a88162a532df
Headers show
Series strongswan: Update to version 5.9.3 | expand

Commit Message

Adolf Belka Aug. 24, 2021, 9:29 p.m. UTC
- Update from 5.9.2 to 5.9.3
- Update of rootfile not required
- Changelog
   strongswan-5.9.3
    - Added AES_ECB, SHA-3 and SHAKE-256 support to wolfssl plugin.
    - Added AES_CCM and SHA-3 signature support to openssl plugin.
    - The x509 and openssl plugins now consider the authorityKeyIdentifier, if
      available, before verifying signatures, which avoids unnecessary signature
      verifications after a CA key rollover if both certificates are loaded.
    - The pkcs11 plugin better handles optional attributes like CKA_TRUSTED, which
      previously depended on a version check.
    - charon-nm now supports using SANs as client identities, not only full DNs.
    - charon-tkm now handles IKE encryption.
    - A MOBIKE update is sent again if a a change in the NAT mappings is detected
      but the endpoints stay the same.
    - Converted most of the test case scenarios to the vici interface

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 lfs/strongswan | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Michael Tremer Aug. 31, 2021, 10 a.m. UTC | #1
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>

> On 24 Aug 2021, at 22:29, Adolf Belka <adolf.belka@ipfire.org> wrote:
> 
> - Update from 5.9.2 to 5.9.3
> - Update of rootfile not required
> - Changelog
>   strongswan-5.9.3
>    - Added AES_ECB, SHA-3 and SHAKE-256 support to wolfssl plugin.
>    - Added AES_CCM and SHA-3 signature support to openssl plugin.
>    - The x509 and openssl plugins now consider the authorityKeyIdentifier, if
>      available, before verifying signatures, which avoids unnecessary signature
>      verifications after a CA key rollover if both certificates are loaded.
>    - The pkcs11 plugin better handles optional attributes like CKA_TRUSTED, which
>      previously depended on a version check.
>    - charon-nm now supports using SANs as client identities, not only full DNs.
>    - charon-tkm now handles IKE encryption.
>    - A MOBIKE update is sent again if a a change in the NAT mappings is detected
>      but the endpoints stay the same.
>    - Converted most of the test case scenarios to the vici interface
> 
> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
> ---
> lfs/strongswan | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/lfs/strongswan b/lfs/strongswan
> index 0f00b071f..3b481ac2e 100644
> --- a/lfs/strongswan
> +++ b/lfs/strongswan
> @@ -24,7 +24,7 @@
> 
> include Config
> 
> -VER        = 5.9.2
> +VER        = 5.9.3
> 
> THISAPP    = strongswan-$(VER)
> DL_FILE    = $(THISAPP).tar.bz2
> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
> 
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> 
> -$(DL_FILE)_MD5 = 8918e6675e1be3784817641f07eadeb8
> +$(DL_FILE)_MD5 = 80ecabe0ce72d550d2d5de0118f89143
> 
> install : $(TARGET)
> 
> -- 
> 2.33.0
>

Patch

diff --git a/lfs/strongswan b/lfs/strongswan
index 0f00b071f..3b481ac2e 100644
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -24,7 +24,7 @@ 
 
 include Config
 
-VER        = 5.9.2
+VER        = 5.9.3
 
 THISAPP    = strongswan-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 8918e6675e1be3784817641f07eadeb8
+$(DL_FILE)_MD5 = 80ecabe0ce72d550d2d5de0118f89143
 
 install : $(TARGET)