From 197cfad5ef70e942c47002346ec9c86f6cdcd4fa Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 19 Mar 2025 14:42:22 +0300 Subject: [PATCH] Revert OL changes --- .../1000-Add-Oracle-Linux-identifier.patch | 39 -- SOURCES/copy-patches.sh | 0 SPECS/libguestfs.spec | 15 +- SPECS/libreswan.spec | 557 ------------------ 4 files changed, 4 insertions(+), 607 deletions(-) delete mode 100644 SOURCES/1000-Add-Oracle-Linux-identifier.patch mode change 100644 => 100755 SOURCES/copy-patches.sh delete mode 100644 SPECS/libreswan.spec diff --git a/SOURCES/1000-Add-Oracle-Linux-identifier.patch b/SOURCES/1000-Add-Oracle-Linux-identifier.patch deleted file mode 100644 index 2780691..0000000 --- a/SOURCES/1000-Add-Oracle-Linux-identifier.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 39e25217dccb4b49f2ab481f0b026f1498973647 Mon Sep 17 00:00:00 2001 -From: Darren Archibald -Date: Mon, 3 Oct 2022 09:55:14 -0700 -Subject: [PATCH] Add Oracle Linux identifier - -Signed-off-by: Darren Archibald ---- - daemon/inspect_fs_unix.ml | 1 + - m4/guestfs-appliance.m4 | 2 +- - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/daemon/inspect_fs_unix.ml b/daemon/inspect_fs_unix.ml -index d8dce60..ee89ff0 100644 ---- a/daemon/inspect_fs_unix.ml -+++ b/daemon/inspect_fs_unix.ml -@@ -159,6 +159,7 @@ and distro_of_os_release_id = function - | "pardus" -> Some DISTRO_PARDUS - | "pld" -> Some DISTRO_PLD_LINUX - | "rhel" -> Some DISTRO_RHEL -+ | "ol" -> Some DISTRO_ORACLE_LINUX - | "rocky" -> Some DISTRO_ROCKY - | "sles" | "sled" -> Some DISTRO_SLES - | "ubuntu" -> Some DISTRO_UBUNTU -diff --git a/m4/guestfs-appliance.m4 b/m4/guestfs-appliance.m4 -index 4e671d2..dc06d1a 100644 ---- a/m4/guestfs-appliance.m4 -+++ b/m4/guestfs-appliance.m4 -@@ -114,7 +114,7 @@ if test "x$ENABLE_APPLIANCE" = "xyes"; then - fi ) | tr '@<:@:lower:@:>@' '@<:@:upper:@:>@' - )" - AS_CASE([$DISTRO], -- [FEDORA | RHEL | CENTOS | ALMALINUX | CLOUDLINUX \ -+ [FEDORA | RHEL | OL | CENTOS | ALMALINUX | CLOUDLINUX \ - | ROCKY | VIRTUOZZO], - [DISTRO=REDHAT], - [OPENSUSE* | SLED | SLES],[DISTRO=SUSE], --- -2.39.3 - diff --git a/SOURCES/copy-patches.sh b/SOURCES/copy-patches.sh old mode 100644 new mode 100755 diff --git a/SPECS/libguestfs.spec b/SPECS/libguestfs.spec index 2845ee9..3af2ba9 100644 --- a/SPECS/libguestfs.spec +++ b/SPECS/libguestfs.spec @@ -45,7 +45,7 @@ Summary: Access and modify virtual machine disk images Name: libguestfs Epoch: 1 Version: 1.50.2 -Release: 2.0.1%{?dist} +Release: 2%{?dist} License: LGPLv2+ # Build only for architectures that have a kernel @@ -131,8 +131,6 @@ Patch0037: 0037-New-APIs-findfs_partuuid-and-findfs_partlabel.patch Patch0038: 0038-inspection-Resolve-PARTUUID-and-PARTLABEL-in-etc-fst.patch Patch0039: 0039-daemon-New-command_out-and-sh_out-APIs.patch -Patch1000: 1000-Add-Oracle-Linux-identifier.patch - %if 0%{patches_touch_autotools} BuildRequires: autoconf, automake, libtool, gettext-devel %endif @@ -247,7 +245,9 @@ BuildRequires: attr BuildRequires: augeas-libs BuildRequires: bash BuildRequires: binutils +%if !0%{?rhel} BuildRequires: btrfs-progs +%endif BuildRequires: bzip2 BuildRequires: clevis-luks BuildRequires: coreutils @@ -578,7 +578,7 @@ guests. Install this package if you want libguestfs to be able to inspect non-Linux guests and display icons from them. The only reason this is a separate package is to avoid core libguestfs -having to depend on Perl. +having to depend on Perl. See https://bugzilla.redhat.com/1194158 %package bash-completion @@ -797,7 +797,6 @@ fi %endif --without-java \ --disable-erlang \ - --with-extra-packages="btrfs-progs" \ $extra # 'INSTALLDIRS' ensures that Perl and Ruby libs are installed in the @@ -1147,12 +1146,6 @@ rm ocaml/html/.gitignore %changelog -* Mon Mar 17 2025 EL Errata - 1.50.2-2.0.1 -- Add btrfs-progs to the packages installed in the appliance [Orabug: 34137448] -- Replace upstream references from a description tag -- Fix build on Oracle Linux [Orabug: 29319324] -- Set DISTRO_ORACLE_LINUX correspeonding to ol - * Thu Feb 27 2025 Richard W.M. Jones - 1:1.50.2-2 - Add new APIs to allow command output > 4MB resolves: RHEL-81095 diff --git a/SPECS/libreswan.spec b/SPECS/libreswan.spec deleted file mode 100644 index 4a2937b..0000000 --- a/SPECS/libreswan.spec +++ /dev/null @@ -1,557 +0,0 @@ -%global _hardened_build 1 -# These are rpm macros and are 0 or 1 -%global with_efence 0 -%global with_development 0 -%global with_cavstests 1 -%global nss_version 3.52 -%global unbound_version 1.6.6 -# Libreswan config options -%global libreswan_config \\\ - FINALLIBEXECDIR=%{_libexecdir}/ipsec \\\ - FINALMANDIR=%{_mandir} \\\ - PREFIX=%{_prefix} \\\ - INITSYSTEM=systemd \\\ - PYTHON_BINARY=%{__python3} \\\ - SHELL_BINARY=%{_bindir}/sh \\\ - USE_DNSSEC=true \\\ - USE_LABELED_IPSEC=true \\\ - USE_LDAP=true \\\ - USE_LIBCAP_NG=true \\\ - USE_LIBCURL=true \\\ - USE_LINUX_AUDIT=true \\\ - USE_NM=true \\\ - USE_NSS_IPSEC_PROFILE=true \\\ - USE_SECCOMP=true \\\ - USE_AUTHPAM=true \\\ -%{nil} - -#global prever dr1 - -Name: libreswan -Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec -# version is generated in the release script -Version: 4.15 -Release: %{?prever:0.}3%{?prever:.%{prever}}.0.1%{?dist}.3 -License: GPLv2 -Url: https://libreswan.org/ -Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz -%if 0%{with_cavstests} -Source1: https://download.libreswan.org/cavs/ikev1_dsa.fax.bz2 -Source2: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2 -Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2 -%endif -Patch: libreswan-4.6-ikev1-policy-defaults-to-drop.patch -Patch: libreswan-4.15-ondemand-tcp.patch -Patch: libreswan-4.15-netlink-extack.patch -Patch: libreswan-4.15-create-child-sa-race-condition.patch -Patch: libreswan-4.15-rereadsecrets.patch - -Patch100: libreswan-oracle.patch - -BuildRequires: audit-libs-devel -BuildRequires: bison -BuildRequires: curl-devel -BuildRequires: flex -BuildRequires: gcc make -BuildRequires: hostname -BuildRequires: ldns-devel -BuildRequires: libcap-ng-devel -BuildRequires: libevent-devel -BuildRequires: libseccomp-devel -BuildRequires: libselinux-devel -BuildRequires: nspr-devel -BuildRequires: nss-devel >= %{nss_version} -BuildRequires: nss-tools >= %{nss_version} -BuildRequires: openldap-devel -BuildRequires: pam-devel -BuildRequires: pkgconfig -BuildRequires: systemd-devel -BuildRequires: unbound-devel >= %{unbound_version} -BuildRequires: xmlto -%if 0%{with_efence} -BuildRequires: ElectricFence -%endif -Requires: iproute >= 2.6.8 -Requires: nss >= %{nss_version} -Requires: nss-softokn -Requires: nss-tools -Requires: unbound-libs >= %{unbound_version} -Requires(post): bash -Requires(post): coreutils -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd - -%description -Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is -the Internet Protocol Security and uses strong cryptography to provide -both authentication and encryption services. These services allow you -to build secure tunnels through untrusted networks. Everything passing -through the untrusted net is encrypted by the ipsec gateway machine and -decrypted by the gateway at the other end of the tunnel. The resulting -tunnel is a virtual private network or VPN. - -This package contains the daemons and userland tools for setting up -Libreswan. - -Libreswan also supports IKEv2 (RFC7296) and Secure Labeling - -Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04 - -%prep -%setup -q -n libreswan-%{version}%{?prever} -# enable crypto-policies support -sed -i "s:#[ ]*include \(.*\)\(/crypto-policies/back-ends/libreswan.config\)$:include \1\2:" configs/ipsec.conf.in -%autopatch -p1 - -%build -make %{?_smp_mflags} \ -%if 0%{with_development} - OPTIMIZE_CFLAGS="%{?_hardened_cflags}" \ -%else - OPTIMIZE_CFLAGS="%{optflags}" \ -%endif - WERROR_CFLAGS="-Werror -Wno-missing-field-initializers -Wno-lto-type-mismatch -Wno-maybe-uninitialized" \ -%if 0%{with_efence} - USE_EFENCE=true \ -%endif - USERLINK="%{?__global_ldflags} -Wl,-z,relro -Wl,--as-needed -Wl,-z,now -flto --no-lto" \ - %{libreswan_config} \ - programs -FS=$(pwd) - - -%install -make \ - DESTDIR=%{buildroot} \ - %{libreswan_config} \ - install -FS=$(pwd) -rm -rf %{buildroot}/usr/share/doc/libreswan -rm -rf %{buildroot}%{_libexecdir}/ipsec/*check - -install -d -m 0755 %{buildroot}%{_rundir}/pluto -install -d %{buildroot}%{_sbindir} - -install -d %{buildroot}%{_sysconfdir}/sysctl.d -install -m 0644 packaging/fedora/libreswan-sysctl.conf \ - %{buildroot}%{_sysconfdir}/sysctl.d/50-libreswan.conf - -echo "include %{_sysconfdir}/ipsec.d/*.secrets" \ - > %{buildroot}%{_sysconfdir}/ipsec.secrets -rm -fr %{buildroot}%{_sysconfdir}/rc.d/rc* - -%if 0%{with_cavstests} -%check -# There is an elaborate upstream testing infrastructure which we do not -# run here - it takes hours and uses kvm -# We only run the CAVS tests. -cp %{SOURCE1} %{SOURCE2} %{SOURCE3} . -bunzip2 *.fax.bz2 - -: starting CAVS test for IKEv2 -%{buildroot}%{_libexecdir}/ipsec/cavp -v2 ikev2.fax | \ - diff -u ikev2.fax - > /dev/null -: starting CAVS test for IKEv1 RSASIG -%{buildroot}%{_libexecdir}/ipsec/cavp -v1dsa ikev1_dsa.fax | \ - diff -u ikev1_dsa.fax - > /dev/null -: starting CAVS test for IKEv1 PSK -%{buildroot}%{_libexecdir}/ipsec/cavp -v1psk ikev1_psk.fax | \ - diff -u ikev1_psk.fax - > /dev/null -: CAVS tests passed -%endif - -# Some of these tests will show ERROR for negative testing - it will exit on real errors -%{buildroot}%{_libexecdir}/ipsec/algparse -tp || { echo prooposal test failed; exit 1; } -%{buildroot}%{_libexecdir}/ipsec/algparse -ta || { echo algorithm test failed; exit 1; } -: Algorithm parser tests passed - -# self test for pluto daemon - this also shows which algorithms it allows in FIPS mode -tmpdir=$(mktemp -d /tmp/libreswan-XXXXX) -certutil -N -d sql:$tmpdir --empty-password -%{buildroot}%{_libexecdir}/ipsec/pluto --selftest --nssdir $tmpdir --rundir $tmpdir -: pluto self-test passed - verify FIPS algorithms allowed is still compliant with NIST - -%post -%systemd_post ipsec.service - -%preun -%systemd_preun ipsec.service - -%postun -%systemd_postun_with_restart ipsec.service - -%files -%doc CHANGES COPYING CREDITS README* LICENSE -%doc docs/*.* docs/examples -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.conf -%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ipsec.secrets -%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d -%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/policies -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/policies/* -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysctl.d/50-libreswan.conf -%attr(0755,root,root) %dir %{_rundir}/pluto -%attr(0700,root,root) %dir %{_sharedstatedir}/ipsec -%attr(0700,root,root) %dir %{_sharedstatedir}/ipsec/nss -%attr(0644,root,root) %{_tmpfilesdir}/libreswan.conf -%attr(0644,root,root) %{_unitdir}/ipsec.service -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/pluto -%config(noreplace) %{_sysconfdir}/logrotate.d/libreswan -%{_sbindir}/ipsec -%{_libexecdir}/ipsec -%doc %{_mandir}/*/* - -%changelog -* Tue Mar 18 2025 Craig Guiller - 4.15-3.0.1.3 -- Add libreswan-oracle.patch to detect Oracle Linux distro - -* Fri Jan 24 2025 Daiki Ueno - 4.15-3.3 -- showhostkey: fix regression after RHEL-68755 (RHEL-75967) - -* Fri Nov 22 2024 Daiki Ueno - 4.15-3.2 -- crypto: refcnt struct secret_pubkey_stuff when passing to helper thread (RHEL-68755) - -* Tue Nov 12 2024 Daiki Ueno - 4.15-3.1 -- pluto: ignore CREATE_CHILD_SA request if crypto is in progress (RHEL-71496) - -* Tue Aug 6 2024 Daiki Ueno - 4.15-3 -- Fix release number - -* Tue Aug 6 2024 Daiki Ueno - 4.15-2 -- Fix auto=ondemand connection initialization with TCP (RHEL-51879) -- Make use of Netlink extack for additional error reporting (RHEL-51881) - -* Tue Jul 30 2024 Daiki Ueno - 4.15-1 -- Update to 4.15 (RHEL-50006) - -* Thu Jul 11 2024 Daiki Ueno - 4.12-4 -- Bump release to synchronize with el9_5 package - -* Wed Jun 5 2024 Daiki Ueno - 4.12-3 -- Fix CVE-2024-3652 (RHEL-32483) - -* Thu Apr 11 2024 Daiki Ueno - 4.12-2 -- Fix CVE-2024-2357 (RHEL-28743) -- x509: unpack IPv6 general names based on length (RHEL-32720) - -* Wed Aug 9 2023 Daiki Ueno - 4.12-1 -- Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712 -- Resolves: rhbz#2215956 - -* Fri May 05 2023 Sahana Prasad - 4.9-5 -- Just bumping up the version to include bugs for CVE-2023-2295. There is no - code fix for it. Fix for it is including the code fix for CVE-2023-30570. -- Fix CVE-2023-2295 Regression of CVE-2023-30570 fixes in the - Red Hat Enterprise Linux -- Resolves: rhbz#2189777, rhbz#2190148 - -* Thu May 04 2023 Sahana Prasad - 4.9-4 -- Just bumping up the version as an incorrect 9.3 build was created. -- Related: rhbz#2187171 - -* Thu May 04 2023 Sahana Prasad - 4.9-3 -- Fix CVE-2023-30570:Malicious IKEv1 Aggressive Mode packets can crash - libreswan -- Resolves: rhbz#2187171 - -* Tue Apr 4 2023 Daiki Ueno - 4.9-2 -- Fix CVE-2023-23009: remote DoS via crafted TS payload with an - incorrect selector length (rhbz#2173674) - -* Wed Jan 4 2023 Daiki Ueno - 4.9-1 -- Update to 4.9. Resolves: rhbz#2128669 -- Switch to using %%autopatch as in Fedora - -* Wed Feb 2 2022 Daiki Ueno - 4.6-3 -- Drop IKEv1 packets by default, based on the Debian patch - by Daniel Kahn Gillmor (rhbz#2039877) - -* Mon Jan 17 2022 Daiki Ueno - 4.6-2 -- Related: rhbz#2017355 rebuild to reflect gating.yaml change - -* Mon Jan 17 2022 Daiki Ueno - 4.6-1 -- Update to 4.6. Resolves: rhbz#2017355 - -* Mon Jan 10 2022 Daiki Ueno - 4.5-1 -- Update to 4.5. Resolves: rhbz#2017355 - -* Mon Aug 09 2021 Mohan Boddu - 4.4-3.1 -- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - Related: rhbz#1991688 - -* Wed Jul 21 2021 Daiki Ueno - 4.4-3 -- Backport removal gethostbyname2 uses from the upstream -- Fix issues spotted by covscan (rhbz#1938784) - -* Tue Jul 13 2021 Daiki Ueno - 4.4-2 -- Rebuild with newer GCC to fix annocheck failures - -* Thu Jul 1 2021 Daiki Ueno - 4.4-1 -- Update to 4.4. Resolves: rhbz#1975812 -- Port compiler warning suppression by Paul Wouters: - https://src.fedoraproject.org/rpms/libreswan/c/8d7f98d41444ac77c562f735b4b93038f5346ce2?branch=rawhide - -* Thu Jun 24 2021 Daiki Ueno - 4.2-1.3 -- Fix FTBFS with OpenSSL 3.0 (rhbz#1975439) - -* Tue Jun 22 2021 Mohan Boddu - 4.2-1.2 -- Rebuilt for RHEL 9 BETA for openssl 3.0 - Related: rhbz#1971065 - -* Fri Apr 16 2021 Mohan Boddu - 4.2-1.1 -- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - -* Wed Feb 03 2021 Paul Wouters - 4.2-1 -- Update to 4.2 - -* Tue Jan 26 2021 Fedora Release Engineering - 4.2-0.1.rc1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Sat Dec 19 19:59:55 EST 2020 Paul Wouters - 4.2-0.1.rc1 -- Resolves: rhbz#1867580 pluto process frequently dumps core - (disable USE_NSS_KDF until nss fixes have propagated) - -* Sat Dec 19 2020 Adam Williamson - 4.1-4 -- Rebuild for ldns soname bump - -* Mon Nov 23 11:50:41 EST 2020 Paul Wouters - 4.1-3 -- Resolves: rhbz#1894381 Libreswan 4.1-2 breaks l2tp connection to Windows VPN server - -* Mon Oct 26 10:21:57 EDT 2020 Paul Wouters - 4.1-2 -- Resolves: rhbz#1889538 libreswan's /var/lib/ipsec/nss missing - -* Sun Oct 18 21:49:39 EDT 2020 Paul Wouters - 4.1-1 -- Updated to 4.1 - interop fix for Cisco - -* Thu Oct 15 10:27:14 EDT 2020 Paul Wouters - 4.0-1 -- Resolves: rhbz#1888448 libreswan-4.0 is available - -* Wed Sep 30 14:05:58 EDT 2020 Paul Wouters - 4.0-0.2.rc1 -- Rebuild for libevent 2.1.12 with a soname bump - -* Sun Sep 27 22:49:40 EDT 2020 Paul Wouters - 4.0-0.1.rc1 -- Updated to 4.0rc1 - -* Thu Aug 27 2020 Paul Wouters - 3.32-4 -- Resolves: rhbz#1864043 libreswan: FTBFS in Fedora rawhide/f33 - -* Sat Aug 01 2020 Fedora Release Engineering - 3.32-3.2 -- Second attempt - Rebuilt for - https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Tue Jul 28 2020 Fedora Release Engineering - 3.32-3.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Tue Jun 30 2020 Jeff Law - 3.32-3 -- Initialize ppk_id_p in ikev2_parent_inR1outI2_tail to avoid uninitialized - object - -* Tue May 26 2020 Paul Wouters - 3.32-2 -- Backport NSS guarding fix for unannounced changed api in NSS causing segfault - -* Mon May 11 2020 Paul Wouters - 3.32-1 -- Resolves: rhbz#1809770 libreswan-3.32 is available - -* Tue Apr 14 2020 Paul Wouters - 3.31-2 -- Resolves: rhbz#1823823 Please drop the dependency on fipscheck - -* Tue Mar 03 2020 Paul Wouters - 3.31-1 -- Resolves: rhbz#1809770 libreswan-3.31 is available (fixes rekey regression) - -* Fri Feb 14 2020 Paul Wouters - 3.30-1 -- Resolves: rhbz#1802896 libreswan-3.30 is available -- Resolves: rhbz#1799598 libreswan: FTBFS in Fedora rawhide/f32 -- Resolves: rhbz#1760571 [abrt] libreswan: configsetupcheck(): verify:366:configsetupcheck:TypeError: - -* Wed Jan 29 2020 Fedora Release Engineering - 3.29-2.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Thu Jan 09 2020 Paul Wouters - 3.29-2 -- _updown.netkey: fix syntax error in checking routes - -* Thu Jul 25 2019 Fedora Release Engineering - 3.29-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Mon Jun 10 2019 Paul Wouters - 3.29-1 -- Resolves: rhbz#1718986 Updated to 3.29 for CVE-2019-10155 - -* Tue May 21 2019 Paul Wouters - 3.28-1 -- Updated to 3.28 (many imported bugfixes, including CVE-2019-12312) - -* Fri Feb 01 2019 Fedora Release Engineering - 3.27-1.2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Mon Jan 14 2019 Björn Esser - 3.27-1.1 -- Rebuilt for libcrypt.so.2 (#1666033) - -* Mon Oct 08 2018 Paul Wouters - 3.27-1 -- Updated to 3.27 (various bugfixes) - -* Thu Sep 27 2018 Paul Wouters - 3.26-3 -- Add fedora python fixup for _unbound-hook - -* Mon Sep 17 2018 Paul Wouters - 3.26-2 -- linking against freebl is no longer needed (and wasn't done in 3.25) - -* Mon Sep 17 2018 Paul Wouters - 3.26-1 -- Updated to 3.26 (CHACHA20POLY1305, ECDSA and RSA-PSS support) - -* Fri Jul 13 2018 Fedora Release Engineering - 3.25-3.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Mon Jul 09 2018 Paul Wouters - 3.25-3 -- Fix Opportunistic IPsec _unbound-hook argument parsing -- Make rundir readable for all (so we can hand out permissions later) - -* Mon Jul 02 2018 Paul Wouters - 3.25-2 -- Relax deleting IKE SA's and IPsec SA's to avoid interop issues with third party VPN vendors - -* Wed Jun 27 2018 Paul Wouters - 3.25-1 -- Updated to 3.25 - -* Mon Feb 19 2018 Paul Wouters - 3.23-2 -- Support crypto-policies package -- Pull in some patches from upstream and IANA registry updates -- gcc7 format-truncate fixes and workarounds - -* Wed Feb 07 2018 Fedora Release Engineering - 3.23-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Thu Jan 25 2018 Paul Wouters - 3.23-1 -- Updated to 3.23 - support for MOBIKE, PPK, CMAC, nic offload and performance improvements - -* Sat Jan 20 2018 Björn Esser - 3.22-1.1 -- Rebuilt for switch to libxcrypt - -* Mon Oct 23 2017 Paul Wouters - 3.22-1 -- Updated to 3.22 - many bugfixes, and unbound ipsecmod support - -* Wed Aug 9 2017 Paul Wouters - 3.21-1 -- Updated to 3.21 - -* Thu Aug 03 2017 Fedora Release Engineering - 3.20-1.2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Wed Jul 26 2017 Fedora Release Engineering - 3.20-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Tue Mar 14 2017 Paul Wouters - 3.20-1 -- Updated to 3.20 - -* Fri Mar 03 2017 Paul Wouters - 3.20-0.1.dr4 -- Update to 3.20dr4 to test mozbz#1336487 export CERT_CompareAVA - -* Fri Feb 10 2017 Fedora Release Engineering - 3.19-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Fri Feb 03 2017 Paul Wouters - 3.19-2 -- Resolves: rhbz#1392191 libreswan: crash when OSX client connects -- Improved uniqueid and session replacing support -- Test Buffer warning fix on size_t -- Re-introduce --configdir for backwards compatibility - -* Sun Jan 15 2017 Paul Wouters - 3.19-1 -- Updated to 3.19 (see download.libreswan.org/CHANGES) - -* Mon Dec 19 2016 Miro Hrončok - 3.18-1.1 -- Rebuild for Python 3.6 - -* Fri Jul 29 2016 Paul Wouters - 3.18-1 -- Updated to 3.18 for CVE-2016-5391 rhbz#1361164 and VTI support -- Remove support for /etc/sysconfig/pluto (use native systemd instead) - -* Thu May 05 2016 Paul Wouters - 3.17-2 -- Resolves: rhbz#1324956 prelink is gone, /etc/prelink.conf.d/* is no longer used - -* Thu Apr 07 2016 Paul Wouters - 3.17-1 -- Updated to 3.17 for CVE-2016-3071 -- Disable LIBCAP_NG as it prevents unbound-control from working properly -- Temporarilly disable WERROR due to a few minor known issues - -* Thu Feb 04 2016 Fedora Release Engineering - 3.16-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Fri Dec 18 2015 Paul Wouters - 3.16-1 -- Updated to 3.16 (see https://download.libreswan.org/CHANGES) - -* Tue Aug 11 2015 Paul Wouters - 3.15-1 -- Updated to 3.15 (see http://download.libreswan.org/CHANGES) -- Resolves: rhbz#CVE-2015-3240 IKE daemon restart when receiving a bad DH gx -- NSS database creation moved from spec file to service file -- Run CAVS tests on package build -- Added BuildRequire systemd-units and xmlto -- Bumped minimum required nss to 3.16.1 -- Install tmpfiles -- Install sysctl file -- Update doc files to include - -* Mon Jul 13 2015 Paul Wouters - 3.13-2 -- Resolves: rhbz#1238967 Switch libreswan to use python3 - -* Wed Jun 17 2015 Fedora Release Engineering - 3.13-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Mon Jun 01 2015 Paul Wouters - 3.13-1 -- Updated to 3.13 for CVE-2015-3204 - -* Fri Nov 07 2014 Paul Wouters - 3.12-1 -- Updated to 3.12 Various IKEv2 fixes - -* Wed Oct 22 2014 Paul Wouters - 3.11-1 -- Updated to 3.11 (many fixes, including startup fixes) -- Resolves: rhbz#1144941 libreswan 3.10 upgrade breaks old ipsec.secrets configs -- Resolves: rhbz#1147072 ikev1 aggr mode connection fails after libreswan upgrade -- Resolves: rhbz#1144831 Libreswan appears to start with systemd before all the NICs are up and running - -* Tue Sep 09 2014 Paul Wouters - 3.10-3 -- Fix some coverity issues, auto=route on bootup and snprintf on 32bit machines - -* Mon Sep 01 2014 Paul Wouters - 3.10-1 -- Updated to 3.10, major bugfix release, new xauth status options - -* Sun Aug 17 2014 Fedora Release Engineering - 3.9-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - -* Thu Jul 10 2014 Paul Wouters - 3.9-1 -- Updated to 3.9. IKEv2 enhancements, ESP/IKE algo enhancements -- Mark libreswan-fips.conf as config file -- attr modifier for man pages no longer needed -- BUGS file no longer exists upstream - -* Sat Jun 07 2014 Fedora Release Engineering - 3.8-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Sat Jan 18 2014 Paul Wouters - 3.8-1 -- Updated to 3.8, fixes rhbz#CVE-2013-6467 (rhbz#1054102) - -* Wed Dec 11 2013 Paul Wouters - 3.7-1 -- Updated to 3.7, fixes CVE-2013-4564 -- Fixes creating a bogus NSS db on startup (rhbz#1005410) - -* Thu Oct 31 2013 Paul Wouters - 3.6-1 -- Updated to 3.6 (IKEv2, MODECFG, Cisco interop fixes) -- Generate empty NSS db if none exists - -* Mon Aug 19 2013 Paul Wouters - 3.5-3 -- Add a Provides: for openswan-doc - -* Sat Aug 03 2013 Fedora Release Engineering - 3.5-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Mon Jul 15 2013 Paul Wouters - 3.5-2 -- Added interop patch for (some?) Cisco VPN clients sending 16 zero - bytes of extraneous IKE data -- Removed fipscheck_version - -* Sat Jul 13 2013 Paul Wouters - 3.5-1 -- Updated to 3.5 - -* Thu Jun 06 2013 Paul Wouters - 3.4-1 -- Updated to 3.4, which only contains style changes to kernel coding style -- IN MEMORIAM: June 3rd, 2013 Hugh Daniel - -* Mon May 13 2013 Paul Wouters - 3.3-1 -- Updated to 3.3, which resolves CVE-2013-2052 - -* Sat Apr 13 2013 Paul Wouters - 3.2-1 -- Initial package for Fedora