rpms/libreswan
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import libreswan-4.9-1.el9

Browse Source
This commit is contained in:
CentOS Sources 2023-05-09 05:22:30 +00:00 committed by Stepan Oksanichenko
parent f01e355669
commit 8f89aa022a
5 changed files with 10 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,4 +1,4 @@
SOURCES/ikev1_dsa.fax.bz2 SOURCES/ikev1_dsa.fax.bz2
SOURCES/ikev1_psk.fax.bz2 SOURCES/ikev1_psk.fax.bz2
SOURCES/ikev2.fax.bz2 SOURCES/ikev2.fax.bz2
SOURCES/libreswan-4.6.tar.gz SOURCES/libreswan-4.9.tar.gz

2
.libreswan.metadata
View File

@ -1,4 +1,4 @@
b35cd50b8bc0a08b9c07713bf19c72d53bfe66bb SOURCES/ikev1_dsa.fax.bz2 b35cd50b8bc0a08b9c07713bf19c72d53bfe66bb SOURCES/ikev1_dsa.fax.bz2
861d97bf488f9e296cad8c43ab72f111a5b1a848 SOURCES/ikev1_psk.fax.bz2 861d97bf488f9e296cad8c43ab72f111a5b1a848 SOURCES/ikev1_psk.fax.bz2
fcaf77f3deae3d8e99cdb3b1f8abea63167a0633 SOURCES/ikev2.fax.bz2 fcaf77f3deae3d8e99cdb3b1f8abea63167a0633 SOURCES/ikev2.fax.bz2
8df902f58f9341d45b4b529b73126bf654764934 SOURCES/libreswan-4.6.tar.gz 12b7351ca7e6ba1ac787239e67027a4d82f02f10 SOURCES/libreswan-4.9.tar.gz

17
SOURCES/libreswan-4.6-ikev1-policy-defaults-to-drop.patch
View File

@ -58,23 +58,6 @@ index 5b5aba723f..68fbccf442 100644
#ifdef HAVE_LABELED_IPSEC #ifdef HAVE_LABELED_IPSEC
SOPT(KBF_SECCTX, SECCTX); SOPT(KBF_SECCTX, SECCTX);
diff --git a/programs/pluto/server.c b/programs/pluto/server.c
index 665f0ed8b9..448dbca076 100644
--- a/programs/pluto/server.c
+++ b/programs/pluto/server.c
@@ -188,12 +188,7 @@ bool pluto_listen_tcp = false;
enum ddos_mode pluto_ddos_mode = DDOS_AUTO; /* default to auto-detect */
enum global_ikev1_policy pluto_ikev1_pol =
-#ifdef USE_IKEv1
- GLOBAL_IKEv1_ACCEPT;
-#else
- /* there is no IKEv1 code compiled in to send a REJECT */
GLOBAL_IKEv1_DROP;
-#endif
#ifdef HAVE_SECCOMP
enum seccomp_mode pluto_seccomp_mode = SECCOMP_DISABLED;
-- --
2.34.1 2.34.1

52
SOURCES/libreswan-4.6-openssl3.patch
View File

@ -1,52 +0,0 @@
From 0212bc6a7c0ac3aa5d8da82bf22132993d339ffc Mon Sep 17 00:00:00 2001
From: Paul Wouters <paul.wouters@aiven.io>
Date: Thu, 13 Jan 2022 15:31:50 -0500
Subject: [PATCH] building: fix fedora rawhide build
Avoid clashing openssl/nss headers
Patch based on work by Daiki Ueno <dueno@redhat.com>
Resolves: https://github.com/libreswan/libreswan/pull/611
---
programs/pluto/ikev2_ipseckey.h | 4 ++--
programs/pluto/ikev2_ipseckey_dnsr.c | 4 +++-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/programs/pluto/ikev2_ipseckey.h b/programs/pluto/ikev2_ipseckey.h
index 243e5b1776..5ef3f966ec 100644
--- a/programs/pluto/ikev2_ipseckey.h
+++ b/programs/pluto/ikev2_ipseckey.h
@@ -1,5 +1,3 @@
-#include "state.h"
-
#ifndef _IKEV2_IPSECKEY_H
#define _IKEV2_IPSECKEY_H
@@ -11,6 +9,8 @@
#define IS_LIBUNBOUND LSW_LIBUNBOUND_ENABLED
+struct ike_sa;
+
typedef enum {
DNS_OK = STF_OK,
DNS_FATAL = STF_FATAL,
diff --git a/programs/pluto/ikev2_ipseckey_dnsr.c b/programs/pluto/ikev2_ipseckey_dnsr.c
index b07ed72f2b..09767bf65d 100644
--- a/programs/pluto/ikev2_ipseckey_dnsr.c
+++ b/programs/pluto/ikev2_ipseckey_dnsr.c
@@ -32,7 +32,9 @@
#include "dnssec.h" /* includes unbound.h */
#include "ikev2_ipseckey.h" /* for dns_status */
#include "ikev2_ipseckey_dnsr.h"
-#include "secrets.h"
+
+/* Do not include secrets.h as it will cause conflicts via NSS/OPENSSL headers */
+extern const struct pubkey_type pubkey_type_rsa;
struct p_dns_req *pluto_dns_list = NULL; /* DNS queries linked list */
--
2.31.1

14
SPECS/libreswan.spec
View File

@ -30,8 +30,8 @@
Name: libreswan Name: libreswan
Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
# version is generated in the release script # version is generated in the release script
Version: 4.6 Version: 4.9
Release: %{?prever:0.}3%{?prever:.%{prever}}%{?dist} Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}
License: GPLv2 License: GPLv2
Url: https://libreswan.org/ Url: https://libreswan.org/
Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz
@ -40,8 +40,7 @@ Source1: https://download.libreswan.org/cavs/ikev1_dsa.fax.bz2
Source2: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2 Source2: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2
Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2 Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2
%endif %endif
Patch0: libreswan-4.6-openssl3.patch Patch: libreswan-4.6-ikev1-policy-defaults-to-drop.patch
Patch1: libreswan-4.6-ikev1-policy-defaults-to-drop.patch
BuildRequires: audit-libs-devel BuildRequires: audit-libs-devel
BuildRequires: bison BuildRequires: bison
@ -95,10 +94,9 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
%prep %prep
%setup -q -n libreswan-%{version}%{?prever} %setup -q -n libreswan-%{version}%{?prever}
%patch0 -p1 -b .openssl3
%patch1 -p1 -b .ikev1-drop
# enable crypto-policies support # enable crypto-policies support
sed -i "s:#[ ]*include \(.*\)\(/crypto-policies/back-ends/libreswan.config\)$:include \1\2:" configs/ipsec.conf.in sed -i "s:#[ ]*include \(.*\)\(/crypto-policies/back-ends/libreswan.config\)$:include \1\2:" configs/ipsec.conf.in
%autopatch -p1
%build %build
make %{?_smp_mflags} \ make %{?_smp_mflags} \
@ -198,6 +196,10 @@ certutil -N -d sql:$tmpdir --empty-password
%doc %{_mandir}/*/* %doc %{_mandir}/*/*
%changelog %changelog
* Wed Jan 4 2023 Daiki Ueno <dueno@redhat.com> - 4.9-1
- Update to 4.9. Resolves: rhbz#2128669
- Switch to using %%autopatch as in Fedora
* Wed Feb 2 2022 Daiki Ueno <dueno@redhat.com> - 4.6-3 * Wed Feb 2 2022 Daiki Ueno <dueno@redhat.com> - 4.6-3
- Drop IKEv1 packets by default, based on the Debian patch - Drop IKEv1 packets by default, based on the Debian patch
by Daniel Kahn Gillmor (rhbz#2039877) by Daniel Kahn Gillmor (rhbz#2039877)