Update to 4.9

Also switch to using %autopatch as in Fedora.

Resolves: #2128669
Signed-off-by: Daiki Ueno <dueno@redhat.com>
This commit is contained in:
Daiki Ueno 2023-01-04 11:27:11 +09:00
parent d36dffc2c8
commit 28de992c74
4 changed files with 10 additions and 24 deletions

1
.gitignore vendored
View File

@ -41,3 +41,4 @@
/libreswan-4.4.tar.gz
/libreswan-4.5.tar.gz
/libreswan-4.6.tar.gz
/libreswan-4.9.tar.gz

View File

@ -58,23 +58,6 @@ index 5b5aba723f..68fbccf442 100644
#ifdef HAVE_LABELED_IPSEC
SOPT(KBF_SECCTX, SECCTX);
diff --git a/programs/pluto/server.c b/programs/pluto/server.c
index 665f0ed8b9..448dbca076 100644
--- a/programs/pluto/server.c
+++ b/programs/pluto/server.c
@@ -188,12 +188,7 @@ bool pluto_listen_tcp = false;
enum ddos_mode pluto_ddos_mode = DDOS_AUTO; /* default to auto-detect */
enum global_ikev1_policy pluto_ikev1_pol =
-#ifdef USE_IKEv1
- GLOBAL_IKEv1_ACCEPT;
-#else
- /* there is no IKEv1 code compiled in to send a REJECT */
GLOBAL_IKEv1_DROP;
-#endif
#ifdef HAVE_SECCOMP
enum seccomp_mode pluto_seccomp_mode = SECCOMP_DISABLED;
--
2.34.1

View File

@ -30,8 +30,8 @@
Name: libreswan
Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
# version is generated in the release script
Version: 4.6
Release: %{?prever:0.}3%{?prever:.%{prever}}%{?dist}
Version: 4.9
Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}
License: GPLv2
Url: https://libreswan.org/
Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz
@ -40,8 +40,7 @@ Source1: https://download.libreswan.org/cavs/ikev1_dsa.fax.bz2
Source2: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2
Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2
%endif
Patch0: libreswan-4.6-openssl3.patch
Patch1: libreswan-4.6-ikev1-policy-defaults-to-drop.patch
Patch: libreswan-4.6-ikev1-policy-defaults-to-drop.patch
BuildRequires: audit-libs-devel
BuildRequires: bison
@ -95,10 +94,9 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
%prep
%setup -q -n libreswan-%{version}%{?prever}
%patch0 -p1 -b .openssl3
%patch1 -p1 -b .ikev1-drop
# enable crypto-policies support
sed -i "s:#[ ]*include \(.*\)\(/crypto-policies/back-ends/libreswan.config\)$:include \1\2:" configs/ipsec.conf.in
%autopatch -p1
%build
make %{?_smp_mflags} \
@ -198,6 +196,10 @@ certutil -N -d sql:$tmpdir --empty-password
%doc %{_mandir}/*/*
%changelog
* Wed Jan 4 2023 Daiki Ueno <dueno@redhat.com> - 4.9-1
- Update to 4.9. Resolves: rhbz#2128669
- Switch to using %%autopatch as in Fedora
* Wed Feb 2 2022 Daiki Ueno <dueno@redhat.com> - 4.6-3
- Drop IKEv1 packets by default, based on the Debian patch
by Daniel Kahn Gillmor (rhbz#2039877)

View File

@ -1,4 +1,4 @@
SHA512 (ikev1_dsa.fax.bz2) = 627cbac14248bd68e8d22fbca247668a7749ef0c2e41df8d776d62df9a21403d3a246c0bd82c3faedce62de90b9f91a87f753e17b056319000bba7d2038461ac
SHA512 (ikev1_psk.fax.bz2) = 1b2daec32edc56b410c036db2688c92548a9bd9914994bc7e555b301dd6db4497a6b3e89dc12ddf36826ae90b40fcde501a5a45c0d59098e07839073d219d467
SHA512 (ikev2.fax.bz2) = 0d3748d1bd574f6f1f3e4db847eca126ce649566ea710ef227426f433122752b80d1d6b8acf9d0df07b5597c1e45447e3a2fcb3391756e834e8e75f99df8e51e
SHA512 (libreswan-4.6.tar.gz) = c1c3efd7665dee6caaf08cb5aa50fcd37c299acad4b62648284fdb04edd50ba8fc8d33a9fb210edaf2312697f8cd251f33a6b16587eb2cfefd1269b4482dd499
SHA512 (libreswan-4.9.tar.gz) = 4a43b09b0ef1bacc64ca1b74e7c268df7f024d8b6a9633a489f373ecd9327b173e9508dbc13c4d25ee74f3e2ba569d9d38dfd851fd98cf3cde4a61ef90a1d9d5