- Updated to 3.21

2017-08-09 22:53:01 -04:00 · 2017-08-09 22:53:01 -04:00 · 19d822c715
commit 19d822c715
parent ca2756ca86
3 changed files with 38 additions and 26 deletions
--- a/.gitignore
+++ b/.gitignore
@ -21,3 +21,4 @@
 /libreswan-3.19.tar.gz
 /libreswan-3.20dr4.tar.gz
 /libreswan-3.20.tar.gz
+/libreswan-3.21.tar.gz
--- a/libreswan.spec
+++ b/libreswan.spec
@ -1,25 +1,28 @@
-%global USE_FIPSCHECK true
-%global USE_LIBCAP_NG true
-%global USE_LABELED_IPSEC true
-%global USE_CRL_FETCHING true
-%global USE_DNSSEC true
-%global USE_NM true
-%global USE_LINUX_AUDIT true
-%global USE_SECCOMP false

+# These are rpm macros and are 0 or 1
+%global crl_fetching 1
 %global _hardened_build 1
-
-%global fipscheck_version 1.3.0
 %global buildefence 0
 %global development 0
 %global cavstests 1

-#global prever dr1
+# These are libreswan/make macros and are false or true
+%global USE_FIPSCHECK true
+%global USE_LIBCAP_NG true
+%global USE_LABELED_IPSEC true
+%global USE_DNSSEC true
+%global USE_NM true
+%global USE_LINUX_AUDIT true
+# not production ready yet
+%global USE_SECCOMP false
+
+#global prever rc1

 Name: libreswan
 Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols
-Version: 3.20
-Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}.2
+# version is generated in the release script
+Version: 3.21
+Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}
 License: GPLv2
 Url: https://libreswan.org/
 Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz
@ -46,7 +49,7 @@ BuildRequires: nss-devel >= 3.16.1, nspr-devel
 BuildRequires: pam-devel
 BuildRequires: libevent-devel
 %if %{USE_DNSSEC}
-BuildRequires: unbound-devel
+BuildRequires: unbound-devel >= 1.6.0-6 ldns-devel
 %endif
 %if %{USE_SECCOMP}
 BuildRequires: libseccomp-devel
@ -55,8 +58,8 @@ BuildRequires: libseccomp-devel
 BuildRequires: libselinux-devel
 %endif
 %if %{USE_FIPSCHECK}
-BuildRequires: fipscheck-devel >= %{fipscheck_version}
-Requires: fipscheck%{_isa} >= %{fipscheck_version}
+BuildRequires: fipscheck-devel
+Requires: fipscheck%{_isa}
 %endif
 %if %{USE_LINUX_AUDIT}
 Buildrequires: audit-libs-devel
@ -65,7 +68,7 @@ Buildrequires: audit-libs-devel
 %if %{USE_LIBCAP_NG}
 BuildRequires: libcap-ng-devel
 %endif
-%if %{USE_CRL_FETCHING}
+%if %{crl_fetching}
 BuildRequires: openldap-devel curl-devel
 %endif
 %if %{buildefence}
@ -118,9 +121,12 @@ make %{?_smp_mflags} \
 %endif
  USE_LIBCAP_NG="%{USE_LIBCAP_NG}" \
  USE_LABELED_IPSEC="%{USE_LABELED_IPSEC}" \
-%if %{USE_CRL_FETCHING}
+%if %{crl_fetching}
  USE_LDAP=true \
  USE_LIBCURL=true \
+%else
+  USE_LDAP=false \
+  USE_LIBCURL=false \
 %endif
  USE_DNSSEC="%{USE_DNSSEC}" \
  USE_SECCOMP="%{USE_SECCOMP}" \
@ -128,7 +134,6 @@ make %{?_smp_mflags} \
  FINALLIBEXECDIR=%{_libexecdir}/ipsec \
  MANTREE=%{_mandir} \
  INC_RCDEFAULT=%{_initrddir} \
-  WERROR_CFLAGS="" \
  NSS_REQ_AVA_COPY=false \
  programs
 FS=$(pwd)
@ -160,13 +165,15 @@ make \
 %endif
  USE_LIBCAP_NG="%{USE_LIBCAP_NG}" \
  USE_LABELED_IPSEC="%{USE_LABELED_IPSEC}" \
-%if %{USE_CRL_FETCHING}
+%if %{crl_fetching}
  USE_LDAP=true \
  USE_LIBCURL=true \
+%else
+  USE_LDAP=false \
+  USE_LIBCURL=false \
 %endif
  USE_DNSSEC="%{USE_DNSSEC}" \
  USE_SECCOMP="%{USE_SECCOMP}" \
-  WERROR_CFLAGS="" \
  NSS_REQ_AVA_COPY=false \
  install
 FS=$(pwd)
@ -189,7 +196,8 @@ install -m 0644 packaging/fedora/libreswan-tmpfiles.conf  \
 mkdir -p %{buildroot}%{_libdir}/fipscheck
 %endif

-echo "include %{_sysconfdir}/ipsec.d/*.secrets" > %{buildroot}%{_sysconfdir}/ipsec.secrets
+echo "include %{_sysconfdir}/ipsec.d/*.secrets" \
+     > %{buildroot}%{_sysconfdir}/ipsec.secrets
 rm -fr %{buildroot}%{_sysconfdir}/rc.d/rc*

 %if %{cavstests}
@ -204,13 +212,13 @@ bunzip2 *.fax.bz2
 export NSS_DISABLE_HW_GCM=1

 : starting CAVS test for IKEv2
-OBJ.linux.*/programs/pluto/cavp -v2 ikev2.fax | \
+OBJ.linux.%{_arch}/testing/cavp/cavp -v2 ikev2.fax | \
    diff -u ikev2.fax - > /dev/null
 : starting CAVS test for IKEv1 RSASIG
-OBJ.linux.*/programs/pluto/cavp -v1sig ikev1_dsa.fax | \
+OBJ.linux.%{_arch}/testing/cavp/cavp -v1sig ikev1_dsa.fax | \
    diff -u ikev1_dsa.fax - > /dev/null
 : starting CAVS test for IKEv1 PSK
-OBJ.linux.*/programs/pluto/cavp -v1psk ikev1_psk.fax | \
+OBJ.linux.%{_arch}/testing/cavp/cavp -v1psk ikev1_psk.fax | \
    diff -u ikev1_psk.fax - > /dev/null
 : CAVS tests passed
 %endif
@ -249,6 +257,9 @@ OBJ.linux.*/programs/pluto/cavp -v1psk ikev1_psk.fax | \
 %endif

 %changelog
+* Wed Aug  9 2017 Paul Wouters <pwouters@redhat.com> - 3.21-1
+- Updated to 3.21
+
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.20-1.2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

--- a/2
+++ b/2
@ -1,4 +1,4 @@
-SHA512 (libreswan-3.20.tar.gz) = 89f562412d03e0e9af1bceeda18ab73a749046c37e05dab719468cb537e16803a3b270781de9de88416b2d63b7b0fd85df0c593ca59c30ba3d681526f272fc93
 SHA512 (ikev1_dsa.fax.bz2) = 627cbac14248bd68e8d22fbca247668a7749ef0c2e41df8d776d62df9a21403d3a246c0bd82c3faedce62de90b9f91a87f753e17b056319000bba7d2038461ac
 SHA512 (ikev1_psk.fax.bz2) = 1b2daec32edc56b410c036db2688c92548a9bd9914994bc7e555b301dd6db4497a6b3e89dc12ddf36826ae90b40fcde501a5a45c0d59098e07839073d219d467
 SHA512 (ikev2.fax.bz2) = 0d3748d1bd574f6f1f3e4db847eca126ce649566ea710ef227426f433122752b80d1d6b8acf9d0df07b5597c1e45447e3a2fcb3391756e834e8e75f99df8e51e
+SHA512 (libreswan-3.21.tar.gz) = f1ef002b3e0869920edfebfc8efd73d9a9f84f64a77ad4832f46b12dfdd3c31cdf48c1473522b63f155058592c46af05995756af5440ca3e9c0fa5207436e0fc