rpms/libreswan
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Backport NSS guarding fix for unannounced changed api in NSS causing segfault

Browse Source
This commit is contained in:
Paul Wouters 2020-05-26 10:25:11 -04:00
parent d739ec1a68
commit 444620748c
2 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
libreswan-3.32-nss-api.patch Normal file
View File

@ -0,0 +1,16 @@
diff -Naur libreswan-3.32-orig/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c libreswan-3.32/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c
--- libreswan-3.32-orig/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c 2020-05-11 10:13:41.000000000 -0400
+++ libreswan-3.32/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c 2020-05-26 10:23:26.563318038 -0400
@@ -16,6 +16,12 @@
#include <stdio.h>
#include <stdlib.h>
+/*
+ * Special advise from Bob Relyea - needs to go before any nss include
+ *
+ */
+#define NSS_PKCS11_2_0_COMPAT 1
+
#include "lswlog.h"
#include "lswnss.h"
#include "prmem.h"

8
libreswan.spec
View File

@ -33,7 +33,7 @@ Name: libreswan
Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
# version is generated in the release script
Version: 3.32
Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}
Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist}
License: GPLv2
Url: https://libreswan.org/
Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz
@ -44,6 +44,7 @@ Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2
%endif
Patch1: libreswan-3.30-s390x.patch
Patch2: libreswan-3.32-nss-api.patch
Requires(post): bash coreutils systemd
Requires(preun): systemd
@ -99,6 +100,8 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
%prep
%setup -q -n libreswan-%{version}%{?prever}
%patch1 -p1
%patch2 -p1
# Fedora should really figure this versioning out itself, not burden upstream
sed -i "s:/usr/bin/python:/usr/bin/python3:" testing/cert_verify/usage_test
sed -i "s:/usr/bin/python:/usr/bin/python3:" testing/pluto/ikev1-01-fuzzer/cve-2015-3204.py
@ -197,6 +200,9 @@ export NSS_DISABLE_HW_GCM=1
%doc %{_mandir}/*/*
%changelog
* Tue May 26 2020 Paul Wouters <pwouters@redhat.com> - 3.32-2
- Backport NSS guarding fix for unannounced changed api in NSS causing segfault
* Mon May 11 2020 Paul Wouters <pwouters@redhat.com> - 3.32-1
- Resolves: rhbz#1809770 libreswan-3.32 is available