diff --git a/.gitignore b/.gitignore index 45d6e51..b491166 100644 --- a/.gitignore +++ b/.gitignore @@ -21,3 +21,4 @@ /libreswan-3.19.tar.gz /libreswan-3.20dr4.tar.gz /libreswan-3.20.tar.gz +/libreswan-3.21.tar.gz diff --git a/libreswan.spec b/libreswan.spec index 04d0de9..8e9d6a3 100644 --- a/libreswan.spec +++ b/libreswan.spec @@ -1,25 +1,28 @@ -%global USE_FIPSCHECK true -%global USE_LIBCAP_NG true -%global USE_LABELED_IPSEC true -%global USE_CRL_FETCHING true -%global USE_DNSSEC true -%global USE_NM true -%global USE_LINUX_AUDIT true -%global USE_SECCOMP false +# These are rpm macros and are 0 or 1 +%global crl_fetching 1 %global _hardened_build 1 - -%global fipscheck_version 1.3.0 %global buildefence 0 %global development 0 %global cavstests 1 -#global prever dr1 +# These are libreswan/make macros and are false or true +%global USE_FIPSCHECK true +%global USE_LIBCAP_NG true +%global USE_LABELED_IPSEC true +%global USE_DNSSEC true +%global USE_NM true +%global USE_LINUX_AUDIT true +# not production ready yet +%global USE_SECCOMP false + +#global prever rc1 Name: libreswan Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols -Version: 3.20 -Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}.2 +# version is generated in the release script +Version: 3.21 +Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist} License: GPLv2 Url: https://libreswan.org/ Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz @@ -46,7 +49,7 @@ BuildRequires: nss-devel >= 3.16.1, nspr-devel BuildRequires: pam-devel BuildRequires: libevent-devel %if %{USE_DNSSEC} -BuildRequires: unbound-devel +BuildRequires: unbound-devel >= 1.6.0-6 ldns-devel %endif %if %{USE_SECCOMP} BuildRequires: libseccomp-devel @@ -55,8 +58,8 @@ BuildRequires: libseccomp-devel BuildRequires: libselinux-devel %endif %if %{USE_FIPSCHECK} -BuildRequires: fipscheck-devel >= %{fipscheck_version} -Requires: fipscheck%{_isa} >= %{fipscheck_version} +BuildRequires: fipscheck-devel +Requires: fipscheck%{_isa} %endif %if %{USE_LINUX_AUDIT} Buildrequires: audit-libs-devel @@ -65,7 +68,7 @@ Buildrequires: audit-libs-devel %if %{USE_LIBCAP_NG} BuildRequires: libcap-ng-devel %endif -%if %{USE_CRL_FETCHING} +%if %{crl_fetching} BuildRequires: openldap-devel curl-devel %endif %if %{buildefence} @@ -118,9 +121,12 @@ make %{?_smp_mflags} \ %endif USE_LIBCAP_NG="%{USE_LIBCAP_NG}" \ USE_LABELED_IPSEC="%{USE_LABELED_IPSEC}" \ -%if %{USE_CRL_FETCHING} +%if %{crl_fetching} USE_LDAP=true \ USE_LIBCURL=true \ +%else + USE_LDAP=false \ + USE_LIBCURL=false \ %endif USE_DNSSEC="%{USE_DNSSEC}" \ USE_SECCOMP="%{USE_SECCOMP}" \ @@ -128,7 +134,6 @@ make %{?_smp_mflags} \ FINALLIBEXECDIR=%{_libexecdir}/ipsec \ MANTREE=%{_mandir} \ INC_RCDEFAULT=%{_initrddir} \ - WERROR_CFLAGS="" \ NSS_REQ_AVA_COPY=false \ programs FS=$(pwd) @@ -160,13 +165,15 @@ make \ %endif USE_LIBCAP_NG="%{USE_LIBCAP_NG}" \ USE_LABELED_IPSEC="%{USE_LABELED_IPSEC}" \ -%if %{USE_CRL_FETCHING} +%if %{crl_fetching} USE_LDAP=true \ USE_LIBCURL=true \ +%else + USE_LDAP=false \ + USE_LIBCURL=false \ %endif USE_DNSSEC="%{USE_DNSSEC}" \ USE_SECCOMP="%{USE_SECCOMP}" \ - WERROR_CFLAGS="" \ NSS_REQ_AVA_COPY=false \ install FS=$(pwd) @@ -189,7 +196,8 @@ install -m 0644 packaging/fedora/libreswan-tmpfiles.conf \ mkdir -p %{buildroot}%{_libdir}/fipscheck %endif -echo "include %{_sysconfdir}/ipsec.d/*.secrets" > %{buildroot}%{_sysconfdir}/ipsec.secrets +echo "include %{_sysconfdir}/ipsec.d/*.secrets" \ + > %{buildroot}%{_sysconfdir}/ipsec.secrets rm -fr %{buildroot}%{_sysconfdir}/rc.d/rc* %if %{cavstests} @@ -204,13 +212,13 @@ bunzip2 *.fax.bz2 export NSS_DISABLE_HW_GCM=1 : starting CAVS test for IKEv2 -OBJ.linux.*/programs/pluto/cavp -v2 ikev2.fax | \ +OBJ.linux.%{_arch}/testing/cavp/cavp -v2 ikev2.fax | \ diff -u ikev2.fax - > /dev/null : starting CAVS test for IKEv1 RSASIG -OBJ.linux.*/programs/pluto/cavp -v1sig ikev1_dsa.fax | \ +OBJ.linux.%{_arch}/testing/cavp/cavp -v1sig ikev1_dsa.fax | \ diff -u ikev1_dsa.fax - > /dev/null : starting CAVS test for IKEv1 PSK -OBJ.linux.*/programs/pluto/cavp -v1psk ikev1_psk.fax | \ +OBJ.linux.%{_arch}/testing/cavp/cavp -v1psk ikev1_psk.fax | \ diff -u ikev1_psk.fax - > /dev/null : CAVS tests passed %endif @@ -249,6 +257,9 @@ OBJ.linux.*/programs/pluto/cavp -v1psk ikev1_psk.fax | \ %endif %changelog +* Wed Aug 9 2017 Paul Wouters - 3.21-1 +- Updated to 3.21 + * Thu Aug 03 2017 Fedora Release Engineering - 3.20-1.2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild diff --git a/sources b/sources index 020f57a..0a9065d 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (libreswan-3.20.tar.gz) = 89f562412d03e0e9af1bceeda18ab73a749046c37e05dab719468cb537e16803a3b270781de9de88416b2d63b7b0fd85df0c593ca59c30ba3d681526f272fc93 SHA512 (ikev1_dsa.fax.bz2) = 627cbac14248bd68e8d22fbca247668a7749ef0c2e41df8d776d62df9a21403d3a246c0bd82c3faedce62de90b9f91a87f753e17b056319000bba7d2038461ac SHA512 (ikev1_psk.fax.bz2) = 1b2daec32edc56b410c036db2688c92548a9bd9914994bc7e555b301dd6db4497a6b3e89dc12ddf36826ae90b40fcde501a5a45c0d59098e07839073d219d467 SHA512 (ikev2.fax.bz2) = 0d3748d1bd574f6f1f3e4db847eca126ce649566ea710ef227426f433122752b80d1d6b8acf9d0df07b5597c1e45447e3a2fcb3391756e834e8e75f99df8e51e +SHA512 (libreswan-3.21.tar.gz) = f1ef002b3e0869920edfebfc8efd73d9a9f84f64a77ad4832f46b12dfdd3c31cdf48c1473522b63f155058592c46af05995756af5440ca3e9c0fa5207436e0fc