rpms/libreswan
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- Re-enable USE_DNSSEC again with patch to resolve header conflicts

Browse Source
This commit is contained in:
Paul Wouters 2022-01-13 16:53:11 -05:00
parent a47e3c9245
commit 1290d06104
No known key found for this signature in database
GPG Key ID: DB48D2E5122468BF
2 changed files with 53 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
libreswan-4.6-openssl-nss.patch Normal file
View File

@ -0,0 +1,46 @@
commit 0212bc6a7c0ac3aa5d8da82bf22132993d339ffc
Author: Paul Wouters <paul.wouters@aiven.io>
Date: Thu Jan 13 15:31:50 2022 -0500
building: fix fedora rawhide build
Avoid clashing openssl/nss headers
Patch based on work by Daiki Ueno <dueno@redhat.com>
Resolves: https://github.com/libreswan/libreswan/pull/611
diff --git a/programs/pluto/ikev2_ipseckey.h b/programs/pluto/ikev2_ipseckey.h
index 243e5b1776..5ef3f966ec 100644
--- a/programs/pluto/ikev2_ipseckey.h
+++ b/programs/pluto/ikev2_ipseckey.h
@@ -1,5 +1,3 @@
-#include "state.h"
-
#ifndef _IKEV2_IPSECKEY_H
#define _IKEV2_IPSECKEY_H
@@ -11,6 +9,8 @@
#define IS_LIBUNBOUND LSW_LIBUNBOUND_ENABLED
+struct ike_sa;
+
typedef enum {
DNS_OK = STF_OK,
DNS_FATAL = STF_FATAL,
diff --git a/programs/pluto/ikev2_ipseckey_dnsr.c b/programs/pluto/ikev2_ipseckey_dnsr.c
index b07ed72f2b..09767bf65d 100644
--- a/programs/pluto/ikev2_ipseckey_dnsr.c
+++ b/programs/pluto/ikev2_ipseckey_dnsr.c
@@ -32,7 +32,9 @@
#include "dnssec.h" /* includes unbound.h */
#include "ikev2_ipseckey.h" /* for dns_status */
#include "ikev2_ipseckey_dnsr.h"
-#include "secrets.h"
+
+/* Do not include secrets.h as it will cause conflicts via NSS/OPENSSL headers */
+extern const struct pubkey_type pubkey_type_rsa;
struct p_dns_req *pluto_dns_list = NULL; /* DNS queries linked list */

9
libreswan.spec
View File

@ -13,7 +13,7 @@
INITSYSTEM=systemd \\\
PYTHON_BINARY=%{__python3} \\\
SHELL_BINARY=%{_bindir}/sh \\\
USE_DNSSEC=false \\\
USE_DNSSEC=true \\\
USE_LABELED_IPSEC=true \\\
USE_LDAP=true \\\
USE_LIBCAP_NG=true \\\
@ -31,7 +31,7 @@ Name: libreswan
Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
# version is generated in the release script
Version: 4.6
Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}
Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist}
License: GPLv2
Url: https://libreswan.org/
Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz
@ -43,6 +43,8 @@ Source4: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2
Source5: https://download.libreswan.org/cavs/ikev2.fax.bz2
%endif
Patch1: libreswan-4.6-openssl-nss.patch
BuildRequires: audit-libs-devel
BuildRequires: bison
BuildRequires: curl-devel
@ -206,6 +208,9 @@ certutil -N -d sql:$tmpdir --empty-password
%doc %{_mandir}/*/*
%changelog
* Thu Jan 13 2022 Paul Wouters <paul.wouters@aiven.io> - 4.6-2
- Re-enable USE_DNSSEC again with patch to resolve header conflicts
* Wed Jan 12 2022 Paul Wouters <paul.wouters@aiven.io> - 4.6-1
- Resolves: CVE-2022-23094
- Resolves: rhbz#2039604 libreswan-4.6 is available