- Resolves: CVE-2022-23094
- Resolves: rhbz#2039604 libreswan-4.6 is available - Add gpg key and signature check for build - Temporarilly disable USE_DNSSEC in rawhide while we figure out openssl vs nss include clash
This commit is contained in:
parent
30bf23be45
commit
a47e3c9245
3
.gitignore
vendored
3
.gitignore
vendored
@ -41,3 +41,6 @@
|
|||||||
/libreswan-4.3.tar.gz
|
/libreswan-4.3.tar.gz
|
||||||
/libreswan-4.4.tar.gz
|
/libreswan-4.4.tar.gz
|
||||||
/libreswan-4.5.tar.gz
|
/libreswan-4.5.tar.gz
|
||||||
|
/libreswan-4.6.tar.gz
|
||||||
|
/libreswan-4.6.tar.gz.asc
|
||||||
|
/LIBRESWAN-GPG-KEY.txt
|
||||||
|
@ -13,7 +13,7 @@
|
|||||||
INITSYSTEM=systemd \\\
|
INITSYSTEM=systemd \\\
|
||||||
PYTHON_BINARY=%{__python3} \\\
|
PYTHON_BINARY=%{__python3} \\\
|
||||||
SHELL_BINARY=%{_bindir}/sh \\\
|
SHELL_BINARY=%{_bindir}/sh \\\
|
||||||
USE_DNSSEC=true \\\
|
USE_DNSSEC=false \\\
|
||||||
USE_LABELED_IPSEC=true \\\
|
USE_LABELED_IPSEC=true \\\
|
||||||
USE_LDAP=true \\\
|
USE_LDAP=true \\\
|
||||||
USE_LIBCAP_NG=true \\\
|
USE_LIBCAP_NG=true \\\
|
||||||
@ -30,28 +30,32 @@
|
|||||||
Name: libreswan
|
Name: libreswan
|
||||||
Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
|
Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
|
||||||
# version is generated in the release script
|
# version is generated in the release script
|
||||||
Version: 4.5
|
Version: 4.6
|
||||||
Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}
|
Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Url: https://libreswan.org/
|
Url: https://libreswan.org/
|
||||||
Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz
|
Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz
|
||||||
|
Source1: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz.asc
|
||||||
|
Source2: https://download.libreswan.org/LIBRESWAN-GPG-KEY.txt
|
||||||
%if 0%{with_cavstests}
|
%if 0%{with_cavstests}
|
||||||
Source1: https://download.libreswan.org/cavs/ikev1_dsa.fax.bz2
|
Source3: https://download.libreswan.org/cavs/ikev1_dsa.fax.bz2
|
||||||
Source2: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2
|
Source4: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2
|
||||||
Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2
|
Source5: https://download.libreswan.org/cavs/ikev2.fax.bz2
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
BuildRequires: audit-libs-devel
|
BuildRequires: audit-libs-devel
|
||||||
BuildRequires: bison
|
BuildRequires: bison
|
||||||
BuildRequires: curl-devel
|
BuildRequires: curl-devel
|
||||||
BuildRequires: flex
|
BuildRequires: flex
|
||||||
BuildRequires: gcc make
|
BuildRequires: gcc
|
||||||
|
BuildRequires: gnupg2
|
||||||
BuildRequires: hostname
|
BuildRequires: hostname
|
||||||
BuildRequires: ldns-devel
|
BuildRequires: ldns-devel
|
||||||
BuildRequires: libcap-ng-devel
|
BuildRequires: libcap-ng-devel
|
||||||
BuildRequires: libevent-devel
|
BuildRequires: libevent-devel
|
||||||
BuildRequires: libseccomp-devel
|
BuildRequires: libseccomp-devel
|
||||||
BuildRequires: libselinux-devel
|
BuildRequires: libselinux-devel
|
||||||
|
BuildRequires: make
|
||||||
BuildRequires: nspr-devel
|
BuildRequires: nspr-devel
|
||||||
BuildRequires: nss-devel >= %{nss_version}
|
BuildRequires: nss-devel >= %{nss_version}
|
||||||
BuildRequires: nss-tools >= %{nss_version}
|
BuildRequires: nss-tools >= %{nss_version}
|
||||||
@ -96,10 +100,12 @@ Libreswan also supports IKEv2 (RFC7296) and Secure Labeling
|
|||||||
Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
|
Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
|
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
|
||||||
%setup -q -n libreswan-%{version}%{?prever}
|
%setup -q -n libreswan-%{version}%{?prever}
|
||||||
# enable crypto-policies support
|
# enable crypto-policies support
|
||||||
sed -i "s:#[ ]*include \(.*\)\(/crypto-policies/back-ends/libreswan.config\)$:include \1\2:" configs/ipsec.conf.in
|
sed -i "s:#[ ]*include \(.*\)\(/crypto-policies/back-ends/libreswan.config\)$:include \1\2:" configs/ipsec.conf.in
|
||||||
sed -i "s/SUBDIRS += ipcheck/#SUBDIRS += ipchec/" testing/programs/Makefile
|
sed -i "s/SUBDIRS += ipcheck/#SUBDIRS += ipchec/" testing/programs/Makefile
|
||||||
|
%autopatch -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
make %{?_smp_mflags} \
|
make %{?_smp_mflags} \
|
||||||
@ -142,8 +148,8 @@ rm -fr %{buildroot}%{_sysconfdir}/rc.d/rc*
|
|||||||
%check
|
%check
|
||||||
# There is an elaborate upstream testing infrastructure which we do not
|
# There is an elaborate upstream testing infrastructure which we do not
|
||||||
# run here - it takes hours and uses kvm
|
# run here - it takes hours and uses kvm
|
||||||
# We only run the CAVS tests.
|
# We only run the CAVS tests and startup selftest
|
||||||
cp %{SOURCE1} %{SOURCE2} %{SOURCE3} .
|
cp %{SOURCE3} %{SOURCE4} %{SOURCE5} .
|
||||||
bunzip2 *.fax.bz2
|
bunzip2 *.fax.bz2
|
||||||
|
|
||||||
: starting CAVS test for IKEv2
|
: starting CAVS test for IKEv2
|
||||||
@ -200,6 +206,12 @@ certutil -N -d sql:$tmpdir --empty-password
|
|||||||
%doc %{_mandir}/*/*
|
%doc %{_mandir}/*/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jan 12 2022 Paul Wouters <paul.wouters@aiven.io> - 4.6-1
|
||||||
|
- Resolves: CVE-2022-23094
|
||||||
|
- Resolves: rhbz#2039604 libreswan-4.6 is available
|
||||||
|
- Add gpg key and signature check for build
|
||||||
|
- Temporarilly disable USE_DNSSEC in rawhide while we figure out openssl vs nss include clash
|
||||||
|
|
||||||
* Thu Aug 26 2021 Paul Wouters <paul.wouters@aiven.io> - 4.5-1
|
* Thu Aug 26 2021 Paul Wouters <paul.wouters@aiven.io> - 4.5-1
|
||||||
- Resolves rhbz#1996250 libreswan-4.5 is available
|
- Resolves rhbz#1996250 libreswan-4.5 is available
|
||||||
|
|
||||||
|
4
sources
4
sources
@ -1,4 +1,6 @@
|
|||||||
|
SHA512 (LIBRESWAN-GPG-KEY.txt) = 4df07b77a8026b071dbd99723cf475f76948364c7e63c59ad59444595e042b6c426e28106ba614806c11f0f1d1f32570b60d5cfbaf0beada0621dd242a399000
|
||||||
SHA512 (ikev1_dsa.fax.bz2) = 627cbac14248bd68e8d22fbca247668a7749ef0c2e41df8d776d62df9a21403d3a246c0bd82c3faedce62de90b9f91a87f753e17b056319000bba7d2038461ac
|
SHA512 (ikev1_dsa.fax.bz2) = 627cbac14248bd68e8d22fbca247668a7749ef0c2e41df8d776d62df9a21403d3a246c0bd82c3faedce62de90b9f91a87f753e17b056319000bba7d2038461ac
|
||||||
SHA512 (ikev1_psk.fax.bz2) = 1b2daec32edc56b410c036db2688c92548a9bd9914994bc7e555b301dd6db4497a6b3e89dc12ddf36826ae90b40fcde501a5a45c0d59098e07839073d219d467
|
SHA512 (ikev1_psk.fax.bz2) = 1b2daec32edc56b410c036db2688c92548a9bd9914994bc7e555b301dd6db4497a6b3e89dc12ddf36826ae90b40fcde501a5a45c0d59098e07839073d219d467
|
||||||
SHA512 (ikev2.fax.bz2) = 65c65d86fd1a7539c0ad516b0f49546d5722b710225857ee2d2f5f3415ac7d023264746398f3637fd248a4ce2364957c516c31214ee33faefe58ac8e4e333a10
|
SHA512 (ikev2.fax.bz2) = 65c65d86fd1a7539c0ad516b0f49546d5722b710225857ee2d2f5f3415ac7d023264746398f3637fd248a4ce2364957c516c31214ee33faefe58ac8e4e333a10
|
||||||
SHA512 (libreswan-4.5.tar.gz) = 451a4f71099aa4776624a4c127fdaff492acc38a44228255dcbf955efa0982fd963c989d63522f56279eec6a9ef738febb573dde34aa541724ab11e37a554f9e
|
SHA512 (libreswan-4.6.tar.gz.asc) = c8dca0e0800124603ec8d41ef2edcf6d9d1df999aa4127861223b9af8e376e2afd7cdbf71449299fa12a5ce7e53fb0e3bf04566f069e6543507accc88559940b
|
||||||
|
SHA512 (libreswan-4.6.tar.gz) = c1c3efd7665dee6caaf08cb5aa50fcd37c299acad4b62648284fdb04edd50ba8fc8d33a9fb210edaf2312697f8cd251f33a6b16587eb2cfefd1269b4482dd499
|
||||||
|
Loading…
Reference in New Issue
Block a user