Update to 4.5

Resolves: #2017355 Signed-off-by: Daiki Ueno <dueno@redhat.com>
2022-01-10 17:39:43 +01:00 · 2022-01-10 17:39:43 +01:00 · 7b891f3811
commit 7b891f3811
parent aac47aac46
4 changed files with 97 additions and 14 deletions
--- a/.gitignore
+++ b/.gitignore
@ -39,3 +39,4 @@
 /libreswan-4.2rc1.tar.gz
 /libreswan-4.2.tar.gz
 /libreswan-4.4.tar.gz
+/libreswan-4.5.tar.gz
--- a/libreswan-4.5-openssl3.patch
+++ b/libreswan-4.5-openssl3.patch
@ -0,0 +1,88 @@
+From 88b96bba93c97546bd1b7ccdfb1b805d4b209037 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Tue, 11 Jan 2022 11:03:37 +0100
+Subject: [PATCH] libreswan-4.5-openssl3.patch
+
+---
+ programs/pluto/ikev2_ipseckey.h      | 7 +------
+ programs/pluto/ikev2_ipseckey_dnsr.c | 7 ++++++-
+ programs/pluto/ikev2_ipseckey_dnsr.h | 8 ++++++++
+ 3 files changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/programs/pluto/ikev2_ipseckey.h b/programs/pluto/ikev2_ipseckey.h
+index a1441b0..d364483 100644
+--- a/programs/pluto/ikev2_ipseckey.h
+++ b/programs/pluto/ikev2_ipseckey.h
+@@ -1,4 +1,5 @@
+ #include "state.h"
+#include "ikev2_ipseckey_dnsr.h" /* for dns_status */
+ 
+ #ifndef _IKEV2_IPSECKEY_H
+ #define _IKEV2_IPSECKEY_H
+@@ -11,12 +12,6 @@
+ 
+ #define IS_LIBUNBOUND LSW_LIBUNBOUND_ENABLED
+ 
+-typedef enum {
+-	DNS_OK = STF_OK,
+-	DNS_FATAL = STF_FATAL,
+-	DNS_SUSPEND = STF_SUSPEND,
+-} dns_status;
+-
+ dns_status responder_fetch_idi_ipseckey(struct ike_sa *ike,
+ 					stf_status (*callback)(struct ike_sa *ike,
+ 							       struct msg_digest *md,
+diff --git a/programs/pluto/ikev2_ipseckey_dnsr.c b/programs/pluto/ikev2_ipseckey_dnsr.c
+index be7f20a..60a4b7d 100644
+--- a/programs/pluto/ikev2_ipseckey_dnsr.c
+++ b/programs/pluto/ikev2_ipseckey_dnsr.c
+@@ -19,6 +19,12 @@
+  * for more details.
+  */
+ 
+/* This file has been split from ikev2_ipseckey.c to avoid macro
+ * conflicts between NSS headers and OpenSSL 3.0 headers (included
+ * through <ldns/ldns.h>. Therefore, this file should not include
+ * internal headers that depends on NSS headers.
+ */
+
+ #ifndef USE_DNSSEC
+ # error this file should only be compiled when DNSSEC is defined
+ #endif
+@@ -30,7 +36,6 @@
+ #include <unbound.h>
+ #include "unbound-event.h"
+ #include "dnssec.h"    /* includes unbound.h */
+-#include "ikev2_ipseckey.h" /* for dns_status */
+ #include "ikev2_ipseckey_dnsr.h"
+ 
+ struct p_dns_req *pluto_dns_list = NULL; /* DNS queries linked list */
+diff --git a/programs/pluto/ikev2_ipseckey_dnsr.h b/programs/pluto/ikev2_ipseckey_dnsr.h
+index f73febe..27404ae 100644
+--- a/programs/pluto/ikev2_ipseckey_dnsr.h
+++ b/programs/pluto/ikev2_ipseckey_dnsr.h
+@@ -3,6 +3,12 @@
+ #ifndef _IKEV2_IPSECKEY_DNSR_H
+ #define _IKEV2_IPSECKEY_DNSR_H
+ 
+typedef enum {
+	DNS_OK = STF_OK,
+	DNS_FATAL = STF_FATAL,
+	DNS_SUSPEND = STF_SUSPEND,
+} dns_status;
+
+ struct p_dns_req;
+ 
+ typedef void dnsr_cb_fn(struct p_dns_req *);
+@@ -23,6 +29,8 @@ typedef void dnsr_pubkeys_cb_fn(struct p_dns_req *dnsr,
+ typedef void dnsr_validate_address_cb_fn(struct p_dns_req *dnsr,
+ 					 unsigned char *addr);
+ 
+struct ike_sa;
+
+ struct p_dns_req {
+ 	dns_status dns_status;
+ 
+-- 
+2.31.1
+
--- a/libreswan.spec
+++ b/libreswan.spec
@ -30,8 +30,8 @@
 Name: libreswan
 Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
 # version is generated in the release script
-Version: 4.4
-Release: %{?prever:0.}3%{?prever:.%{prever}}%{?dist}.1
+Version: 4.5
+Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}
 License: GPLv2
 Url: https://libreswan.org/
 Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz
@ -40,11 +40,7 @@ Source1: https://download.libreswan.org/cavs/ikev1_dsa.fax.bz2
 Source2: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2
 Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2
 %endif
-Patch0: libreswan-4.2-openssl3.patch
-Patch1: libreswan-4.4-ipcheck.patch
-# Partially backported https://github.com/libreswan/libreswan/commit/4af9072e62237daad9fea9bb769f6dfbdf2e4ea1
-Patch2: libreswan-4.4-getaddrinfo.patch
-Patch3: libreswan-4.4-covscan.patch
+Patch0: libreswan-4.5-openssl3.patch

 BuildRequires: audit-libs-devel
 BuildRequires: bison
@ -98,14 +94,9 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04

 %prep
 %setup -q -n libreswan-%{version}%{?prever}
-%patch0 -b .openssl3
+%patch0 -p1 -b .openssl3
 # enable crypto-policies support
 sed -i "s:#[ ]*include \(.*\)\(/crypto-policies/back-ends/libreswan.config\)$:include \1\2:" configs/ipsec.conf.in
-# disable some testing tools that throw warnings on arm
-%patch1 -p1
-sed -i "s/SUBDIRS += ipcheck/#SUBDIRS += ipchec/" testing/programs/Makefile
-%patch2 -p1 -b .getaddrinfo
-%patch3 -p1 -b .covscan

 %build
 make %{?_smp_mflags} \
@ -205,6 +196,9 @@ certutil -N -d sql:$tmpdir --empty-password
 %doc %{_mandir}/*/*

 %changelog
+* Mon Jan 10 2022 Daiki Ueno <dueno@redhat.com> - 4.5-1
+- Update to 4.5. Resolves: rhbz#2017355
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4.4-3.1
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
--- a/2
+++ b/2
@ -1,4 +1,4 @@
 SHA512 (ikev1_dsa.fax.bz2) = 627cbac14248bd68e8d22fbca247668a7749ef0c2e41df8d776d62df9a21403d3a246c0bd82c3faedce62de90b9f91a87f753e17b056319000bba7d2038461ac
 SHA512 (ikev1_psk.fax.bz2) = 1b2daec32edc56b410c036db2688c92548a9bd9914994bc7e555b301dd6db4497a6b3e89dc12ddf36826ae90b40fcde501a5a45c0d59098e07839073d219d467
 SHA512 (ikev2.fax.bz2) = 0d3748d1bd574f6f1f3e4db847eca126ce649566ea710ef227426f433122752b80d1d6b8acf9d0df07b5597c1e45447e3a2fcb3391756e834e8e75f99df8e51e
-SHA512 (libreswan-4.4.tar.gz) = 108b2ac7a36454c48ce448a83ddd81e72d7fbb7cf8b042116d9bd31f195cdab4ccd6311d72af7ab4cc6d054df50d30a6bfc50b56fe7cbfd35d54a68804a6678b
+SHA512 (libreswan-4.5.tar.gz) = 451a4f71099aa4776624a4c127fdaff492acc38a44228255dcbf955efa0982fd963c989d63522f56279eec6a9ef738febb573dde34aa541724ab11e37a554f9e