From 7b891f381163ecb5e0522dfdfc59c38e25f2988d Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Mon, 10 Jan 2022 17:39:43 +0100 Subject: [PATCH] Update to 4.5 Resolves: #2017355 Signed-off-by: Daiki Ueno --- .gitignore | 1 + libreswan-4.5-openssl3.patch | 88 ++++++++++++++++++++++++++++++++++++ libreswan.spec | 20 +++----- sources | 2 +- 4 files changed, 97 insertions(+), 14 deletions(-) create mode 100644 libreswan-4.5-openssl3.patch diff --git a/.gitignore b/.gitignore index c402c17..311d993 100644 --- a/.gitignore +++ b/.gitignore @@ -39,3 +39,4 @@ /libreswan-4.2rc1.tar.gz /libreswan-4.2.tar.gz /libreswan-4.4.tar.gz +/libreswan-4.5.tar.gz diff --git a/libreswan-4.5-openssl3.patch b/libreswan-4.5-openssl3.patch new file mode 100644 index 0000000..2e12649 --- /dev/null +++ b/libreswan-4.5-openssl3.patch @@ -0,0 +1,88 @@ +From 88b96bba93c97546bd1b7ccdfb1b805d4b209037 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Tue, 11 Jan 2022 11:03:37 +0100 +Subject: [PATCH] libreswan-4.5-openssl3.patch + +--- + programs/pluto/ikev2_ipseckey.h | 7 +------ + programs/pluto/ikev2_ipseckey_dnsr.c | 7 ++++++- + programs/pluto/ikev2_ipseckey_dnsr.h | 8 ++++++++ + 3 files changed, 15 insertions(+), 7 deletions(-) + +diff --git a/programs/pluto/ikev2_ipseckey.h b/programs/pluto/ikev2_ipseckey.h +index a1441b0..d364483 100644 +--- a/programs/pluto/ikev2_ipseckey.h ++++ b/programs/pluto/ikev2_ipseckey.h +@@ -1,4 +1,5 @@ + #include "state.h" ++#include "ikev2_ipseckey_dnsr.h" /* for dns_status */ + + #ifndef _IKEV2_IPSECKEY_H + #define _IKEV2_IPSECKEY_H +@@ -11,12 +12,6 @@ + + #define IS_LIBUNBOUND LSW_LIBUNBOUND_ENABLED + +-typedef enum { +- DNS_OK = STF_OK, +- DNS_FATAL = STF_FATAL, +- DNS_SUSPEND = STF_SUSPEND, +-} dns_status; +- + dns_status responder_fetch_idi_ipseckey(struct ike_sa *ike, + stf_status (*callback)(struct ike_sa *ike, + struct msg_digest *md, +diff --git a/programs/pluto/ikev2_ipseckey_dnsr.c b/programs/pluto/ikev2_ipseckey_dnsr.c +index be7f20a..60a4b7d 100644 +--- a/programs/pluto/ikev2_ipseckey_dnsr.c ++++ b/programs/pluto/ikev2_ipseckey_dnsr.c +@@ -19,6 +19,12 @@ + * for more details. + */ + ++/* This file has been split from ikev2_ipseckey.c to avoid macro ++ * conflicts between NSS headers and OpenSSL 3.0 headers (included ++ * through . Therefore, this file should not include ++ * internal headers that depends on NSS headers. ++ */ ++ + #ifndef USE_DNSSEC + # error this file should only be compiled when DNSSEC is defined + #endif +@@ -30,7 +36,6 @@ + #include + #include "unbound-event.h" + #include "dnssec.h" /* includes unbound.h */ +-#include "ikev2_ipseckey.h" /* for dns_status */ + #include "ikev2_ipseckey_dnsr.h" + + struct p_dns_req *pluto_dns_list = NULL; /* DNS queries linked list */ +diff --git a/programs/pluto/ikev2_ipseckey_dnsr.h b/programs/pluto/ikev2_ipseckey_dnsr.h +index f73febe..27404ae 100644 +--- a/programs/pluto/ikev2_ipseckey_dnsr.h ++++ b/programs/pluto/ikev2_ipseckey_dnsr.h +@@ -3,6 +3,12 @@ + #ifndef _IKEV2_IPSECKEY_DNSR_H + #define _IKEV2_IPSECKEY_DNSR_H + ++typedef enum { ++ DNS_OK = STF_OK, ++ DNS_FATAL = STF_FATAL, ++ DNS_SUSPEND = STF_SUSPEND, ++} dns_status; ++ + struct p_dns_req; + + typedef void dnsr_cb_fn(struct p_dns_req *); +@@ -23,6 +29,8 @@ typedef void dnsr_pubkeys_cb_fn(struct p_dns_req *dnsr, + typedef void dnsr_validate_address_cb_fn(struct p_dns_req *dnsr, + unsigned char *addr); + ++struct ike_sa; ++ + struct p_dns_req { + dns_status dns_status; + +-- +2.31.1 + diff --git a/libreswan.spec b/libreswan.spec index cb0c018..a0b176c 100644 --- a/libreswan.spec +++ b/libreswan.spec @@ -30,8 +30,8 @@ Name: libreswan Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec # version is generated in the release script -Version: 4.4 -Release: %{?prever:0.}3%{?prever:.%{prever}}%{?dist}.1 +Version: 4.5 +Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist} License: GPLv2 Url: https://libreswan.org/ Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz @@ -40,11 +40,7 @@ Source1: https://download.libreswan.org/cavs/ikev1_dsa.fax.bz2 Source2: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2 Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2 %endif -Patch0: libreswan-4.2-openssl3.patch -Patch1: libreswan-4.4-ipcheck.patch -# Partially backported https://github.com/libreswan/libreswan/commit/4af9072e62237daad9fea9bb769f6dfbdf2e4ea1 -Patch2: libreswan-4.4-getaddrinfo.patch -Patch3: libreswan-4.4-covscan.patch +Patch0: libreswan-4.5-openssl3.patch BuildRequires: audit-libs-devel BuildRequires: bison @@ -98,14 +94,9 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04 %prep %setup -q -n libreswan-%{version}%{?prever} -%patch0 -b .openssl3 +%patch0 -p1 -b .openssl3 # enable crypto-policies support sed -i "s:#[ ]*include \(.*\)\(/crypto-policies/back-ends/libreswan.config\)$:include \1\2:" configs/ipsec.conf.in -# disable some testing tools that throw warnings on arm -%patch1 -p1 -sed -i "s/SUBDIRS += ipcheck/#SUBDIRS += ipchec/" testing/programs/Makefile -%patch2 -p1 -b .getaddrinfo -%patch3 -p1 -b .covscan %build make %{?_smp_mflags} \ @@ -205,6 +196,9 @@ certutil -N -d sql:$tmpdir --empty-password %doc %{_mandir}/*/* %changelog +* Mon Jan 10 2022 Daiki Ueno - 4.5-1 +- Update to 4.5. Resolves: rhbz#2017355 + * Mon Aug 09 2021 Mohan Boddu - 4.4-3.1 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 diff --git a/sources b/sources index d170a29..0b9d120 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ SHA512 (ikev1_dsa.fax.bz2) = 627cbac14248bd68e8d22fbca247668a7749ef0c2e41df8d776d62df9a21403d3a246c0bd82c3faedce62de90b9f91a87f753e17b056319000bba7d2038461ac SHA512 (ikev1_psk.fax.bz2) = 1b2daec32edc56b410c036db2688c92548a9bd9914994bc7e555b301dd6db4497a6b3e89dc12ddf36826ae90b40fcde501a5a45c0d59098e07839073d219d467 SHA512 (ikev2.fax.bz2) = 0d3748d1bd574f6f1f3e4db847eca126ce649566ea710ef227426f433122752b80d1d6b8acf9d0df07b5597c1e45447e3a2fcb3391756e834e8e75f99df8e51e -SHA512 (libreswan-4.4.tar.gz) = 108b2ac7a36454c48ce448a83ddd81e72d7fbb7cf8b042116d9bd31f195cdab4ccd6311d72af7ab4cc6d054df50d30a6bfc50b56fe7cbfd35d54a68804a6678b +SHA512 (libreswan-4.5.tar.gz) = 451a4f71099aa4776624a4c127fdaff492acc38a44228255dcbf955efa0982fd963c989d63522f56279eec6a9ef738febb573dde34aa541724ab11e37a554f9e