Update to 4.5

Resolves: #2017355 Signed-off-by: Daiki Ueno <dueno@redhat.com>
2022-01-10 17:39:43 +01:00 · 2022-01-10 17:39:43 +01:00 · 7b891f3811
commit 7b891f3811
parent aac47aac46
4 changed files with 97 additions and 14 deletions
--- a/.gitignore
+++ b/.gitignore
@ -39,3 +39,4 @@
 /libreswan-4.2rc1.tar.gz
 /libreswan-4.2.tar.gz
 /libreswan-4.4.tar.gz
 /libreswan-4.5.tar.gz
--- a/libreswan-4.5-openssl3.patch
+++ b/libreswan-4.5-openssl3.patch
@ -0,0 +1,88 @@
 From 88b96bba93c97546bd1b7ccdfb1b805d4b209037 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Tue, 11 Jan 2022 11:03:37 +0100
 Subject: [PATCH] libreswan-4.5-openssl3.patch
 ---
 programs/pluto/ikev2_ipseckey.h      | 7 +------
 programs/pluto/ikev2_ipseckey_dnsr.c | 7 ++++++-
 programs/pluto/ikev2_ipseckey_dnsr.h | 8 ++++++++
 3 files changed, 15 insertions(+), 7 deletions(-)
 diff --git a/programs/pluto/ikev2_ipseckey.h b/programs/pluto/ikev2_ipseckey.h
 index a1441b0..d364483 100644
 --- a/programs/pluto/ikev2_ipseckey.h
 +++ b/programs/pluto/ikev2_ipseckey.h
@@ -1,4 +1,5 @@
 #include "state.h"
 +#include "ikev2_ipseckey_dnsr.h" /* for dns_status */
 #ifndef _IKEV2_IPSECKEY_H
 #define _IKEV2_IPSECKEY_H
@@ -11,12 +12,6 @@
 #define IS_LIBUNBOUND LSW_LIBUNBOUND_ENABLED
 -typedef enum {
 -	DNS_OK = STF_OK,
 -	DNS_FATAL = STF_FATAL,
 -	DNS_SUSPEND = STF_SUSPEND,
 -} dns_status;
 -
 dns_status responder_fetch_idi_ipseckey(struct ike_sa *ike,
 					stf_status (*callback)(struct ike_sa *ike,
 							       struct msg_digest *md,
 diff --git a/programs/pluto/ikev2_ipseckey_dnsr.c b/programs/pluto/ikev2_ipseckey_dnsr.c
 index be7f20a..60a4b7d 100644
 --- a/programs/pluto/ikev2_ipseckey_dnsr.c
 +++ b/programs/pluto/ikev2_ipseckey_dnsr.c
@@ -19,6 +19,12 @@
  * for more details.
  */
 +/* This file has been split from ikev2_ipseckey.c to avoid macro
 + * conflicts between NSS headers and OpenSSL 3.0 headers (included
 + * through <ldns/ldns.h>. Therefore, this file should not include
 + * internal headers that depends on NSS headers.
 + */
 +
 #ifndef USE_DNSSEC
 # error this file should only be compiled when DNSSEC is defined
 #endif
@@ -30,7 +36,6 @@
 #include <unbound.h>
 #include "unbound-event.h"
 #include "dnssec.h"    /* includes unbound.h */
 -#include "ikev2_ipseckey.h" /* for dns_status */
 #include "ikev2_ipseckey_dnsr.h"
 struct p_dns_req *pluto_dns_list = NULL; /* DNS queries linked list */
 diff --git a/programs/pluto/ikev2_ipseckey_dnsr.h b/programs/pluto/ikev2_ipseckey_dnsr.h
 index f73febe..27404ae 100644
 --- a/programs/pluto/ikev2_ipseckey_dnsr.h
 +++ b/programs/pluto/ikev2_ipseckey_dnsr.h
@@ -3,6 +3,12 @@
 #ifndef _IKEV2_IPSECKEY_DNSR_H
 #define _IKEV2_IPSECKEY_DNSR_H
 +typedef enum {
 +	DNS_OK = STF_OK,
 +	DNS_FATAL = STF_FATAL,
 +	DNS_SUSPEND = STF_SUSPEND,
 +} dns_status;
 +
 struct p_dns_req;
 typedef void dnsr_cb_fn(struct p_dns_req *);
@@ -23,6 +29,8 @@ typedef void dnsr_pubkeys_cb_fn(struct p_dns_req *dnsr,
 typedef void dnsr_validate_address_cb_fn(struct p_dns_req *dnsr,
 					 unsigned char *addr);
 +struct ike_sa;
 +
 struct p_dns_req {
 	dns_status dns_status;
 -- 
 2.31.1
--- a/libreswan.spec
+++ b/libreswan.spec
@ -30,8 +30,8 @@
 Name: libreswan
 Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
 # version is generated in the release script
-Version: 4.4
+Version: 4.5
-Release: %{?prever:0.}3%{?prever:.%{prever}}%{?dist}.1
+Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}
 License: GPLv2
 Url: https://libreswan.org/
 Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz
@ -40,11 +40,7 @@ Source1: https://download.libreswan.org/cavs/ikev1_dsa.fax.bz2
 Source2: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2
 Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2
 %endif
-Patch0: libreswan-4.2-openssl3.patch
+Patch0: libreswan-4.5-openssl3.patch
 Patch1: libreswan-4.4-ipcheck.patch
 # Partially backported https://github.com/libreswan/libreswan/commit/4af9072e62237daad9fea9bb769f6dfbdf2e4ea1
 Patch2: libreswan-4.4-getaddrinfo.patch
 Patch3: libreswan-4.4-covscan.patch
 BuildRequires: audit-libs-devel
 BuildRequires: bison
@ -98,14 +94,9 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
 %prep
 %setup -q -n libreswan-%{version}%{?prever}
-%patch0 -b .openssl3
+%patch0 -p1 -b .openssl3
 # enable crypto-policies support
 sed -i "s:#[ ]*include \(.*\)\(/crypto-policies/back-ends/libreswan.config\)$:include \1\2:" configs/ipsec.conf.in
 # disable some testing tools that throw warnings on arm
 %patch1 -p1
 sed -i "s/SUBDIRS += ipcheck/#SUBDIRS += ipchec/" testing/programs/Makefile
 %patch2 -p1 -b .getaddrinfo
 %patch3 -p1 -b .covscan
 %build
 make %{?_smp_mflags} \
@ -205,6 +196,9 @@ certutil -N -d sql:$tmpdir --empty-password
 %doc %{_mandir}/*/*
 %changelog
 * Mon Jan 10 2022 Daiki Ueno <dueno@redhat.com> - 4.5-1
 - Update to 4.5. Resolves: rhbz#2017355
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4.4-3.1
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
--- a/2
+++ b/2
@ -1,4 +1,4 @@
 SHA512 (ikev1_dsa.fax.bz2) = 627cbac14248bd68e8d22fbca247668a7749ef0c2e41df8d776d62df9a21403d3a246c0bd82c3faedce62de90b9f91a87f753e17b056319000bba7d2038461ac
 SHA512 (ikev1_psk.fax.bz2) = 1b2daec32edc56b410c036db2688c92548a9bd9914994bc7e555b301dd6db4497a6b3e89dc12ddf36826ae90b40fcde501a5a45c0d59098e07839073d219d467
 SHA512 (ikev2.fax.bz2) = 0d3748d1bd574f6f1f3e4db847eca126ce649566ea710ef227426f433122752b80d1d6b8acf9d0df07b5597c1e45447e3a2fcb3391756e834e8e75f99df8e51e
-SHA512 (libreswan-4.4.tar.gz) = 108b2ac7a36454c48ce448a83ddd81e72d7fbb7cf8b042116d9bd31f195cdab4ccd6311d72af7ab4cc6d054df50d30a6bfc50b56fe7cbfd35d54a68804a6678b
+SHA512 (libreswan-4.5.tar.gz) = 451a4f71099aa4776624a4c127fdaff492acc38a44228255dcbf955efa0982fd963c989d63522f56279eec6a9ef738febb573dde34aa541724ab11e37a554f9e