Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package strongswan for openSUSE:Factory
checked in at 2022-10-12 18:22:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/strongswan (Old)
and /work/SRC/openSUSE:Factory/.strongswan.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "strongswan"
Wed Oct 12 18:22:45 2022 rev:86 rq:1009635 version:5.9.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/strongswan/strongswan.changes 2022-08-02
22:08:37.465674332 +0200
+++ /work/SRC/openSUSE:Factory/.strongswan.new.2275/strongswan.changes
2022-10-12 18:22:51.465389593 +0200
@@ -1,0 +2,22 @@
+Mon Oct 3 20:36:03 UTC 2022 - Jan Engelhardt <jeng...@inai.de>
+
+- Update to release 5.9.8
+ * Fixed a vulnerability related to online certificate
+ revocation checking that was caused because the revocation
+ plugin used potentially untrusted OCSP URIs and CRL
+ distribution points in certificates.
+ * The `pki --scep/--scepca` commands implement the HTTP-based
+ "Simple Certificate Enrollment Protocol" (RFC 8894 SCEP)
+ replacing the old and long deprecated scepclient that has
+ been removed.
+ * The `pki --est|estca` commands implement the HTTPS-based
+ "Enrollment over Secure Transport" (RFC 7070 EST) protocol.
+ * The TLS client implementation now sends an empty certificate
+ payload if a certificate request is received but no
+ certificate is available.
+ * The socket plugins don't set the SO_REUSEADDR option anymore
+ on the IKE UDP sockets, so an error is triggered if e.g. two
+ daemons (e.g. charon and charon-systemd) are running
+ concurrently using the same ports.
+
+-------------------------------------------------------------------
Old:
----
strongswan-5.9.7.tar.bz2
strongswan-5.9.7.tar.bz2.sig
New:
----
strongswan-5.9.8.tar.bz2
strongswan-5.9.8.tar.bz2.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ strongswan.spec ++++++
--- /var/tmp/diff_new_pack.fW7NND/_old 2022-10-12 18:22:52.601392431 +0200
+++ /var/tmp/diff_new_pack.fW7NND/_new 2022-10-12 18:22:52.609392451 +0200
@@ -17,7 +17,7 @@
Name: strongswan
-Version: 5.9.7
+Version: 5.9.8
Release: 0
%define upstream_version %{version}
%define strongswan_docdir %{_docdir}/%{name}
@@ -460,7 +460,6 @@
%{buildroot}/%{_libexecdir}/ipsec/stroke \
%{buildroot}/%{_libexecdir}/ipsec/starter \
%{buildroot}/%{_libexecdir}/ipsec/pool \
- %{buildroot}/%{_libexecdir}/ipsec/scepclient \
%{buildroot}/%{_libexecdir}/ipsec/imv_policy_manager \
%{buildroot}/%{_libexecdir}/ipsec/_fipscheck \
%{buildroot}/%{_bindir}/pt-tls-client \
@@ -573,7 +572,6 @@
%{_libexecdir}/ipsec/xfrmi
%{_libexecdir}/ipsec/duplicheck
%{_libexecdir}/ipsec/pool
-%{_libexecdir}/ipsec/scepclient
%{_libexecdir}/ipsec/starter
%{_libexecdir}/ipsec/stroke
%{_libexecdir}/ipsec/charon
@@ -593,7 +591,6 @@
%{strongswan_docdir}/LICENSE
%{strongswan_docdir}/AUTHORS
%{strongswan_docdir}/ChangeLog
-%{_mandir}/man8/scepclient.8*
%{_mandir}/man5/swanctl.conf.5.*
%{_mandir}/man8/swanctl.8.*
@@ -612,7 +609,6 @@
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/imcv.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/pki.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/pool.conf
-%config(noreplace) %attr(600,root,root) %{strongswan_configs}/scepclient.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/starter.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/tnc.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/swanctl.conf
@@ -946,7 +942,6 @@
%{strongswan_templates}/config/strongswan.d/imcv.conf
%{strongswan_templates}/config/strongswan.d/pki.conf
%{strongswan_templates}/config/strongswan.d/pool.conf
-%{strongswan_templates}/config/strongswan.d/scepclient.conf
%{strongswan_templates}/config/strongswan.d/starter.conf
%{strongswan_templates}/config/strongswan.d/tnc.conf
%{strongswan_templates}/config/strongswan.d/swanctl.conf
++++++ strongswan-5.9.7.tar.bz2 -> strongswan-5.9.8.tar.bz2 ++++++
++++ 24172 lines of diff (skipped)
