diff --git a/.gitignore b/.gitignore index f797522..f2c7a6e 100644 --- a/.gitignore +++ b/.gitignore @@ -30,3 +30,4 @@ /libreswan-3.27.tar.gz /libreswan-3.28.tar.gz /libreswan-3.29.tar.gz +/libreswan-3.30.tar.gz diff --git a/libreswan.spec b/libreswan.spec index 49a4adf..e05cdd7 100644 --- a/libreswan.spec +++ b/libreswan.spec @@ -11,14 +11,19 @@ INC_RCDEFAULT=%{_initrddir} \\\ INC_USRLOCAL=%{_prefix} \\\ INITSYSTEM=systemd \\\ + PYTHON_BINARY=%{__python3} \\\ + SHELL_BINARY=%{_bindir}/sh \\\ USE_DNSSEC=true \\\ USE_FIPSCHECK=true \\\ + USE_KLIPS=false \\\ USE_LABELED_IPSEC=true \\\ USE_LDAP=true \\\ USE_LIBCAP_NG=true \\\ USE_LIBCURL=true \\\ USE_LINUX_AUDIT=true \\\ USE_NM=true \\\ + USE_NSS_IPSEC_PROFILE=true \\\ + USE_NSS_PRF=true \\\ USE_SECCOMP=true \\\ USE_XAUTHPAM=true \\\ %{nil} @@ -26,10 +31,10 @@ #global prever rc1 Name: libreswan -Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols +Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec # version is generated in the release script -Version: 3.29 -Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist}.1 +Version: 3.30 +Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist} License: GPLv2 Url: https://libreswan.org/ Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz @@ -39,8 +44,6 @@ Source2: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2 Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2 %endif -Patch1: libreswan-3.29-updown-syntax.patch - Requires(post): bash coreutils systemd Requires(preun): systemd Requires(postun): systemd @@ -88,42 +91,35 @@ decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network or VPN. This package contains the daemons and userland tools for setting up -Libreswan. To build KLIPS, see the kmod-libreswan.spec file. +Libreswan. -Libreswan also supports IKEv2 (RFC4309) and Secure Labeling +Libreswan also supports IKEv2 (RFC7296) and Secure Labeling Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04 %prep %setup -q -n libreswan-%{version}%{?prever} # Fedora should really figure this versioning out itself, not burden upstream -sed -i "s:/usr/bin/python:/usr/bin/python3:" programs/verify/verify.in -sed -i "s:/usr/bin/python:/usr/bin/python3:" programs/show/show.in sed -i "s:/usr/bin/python:/usr/bin/python3:" testing/cert_verify/usage_test sed -i "s:/usr/bin/python:/usr/bin/python3:" testing/pluto/ikev1-01-fuzzer/cve-2015-3204.py sed -i "s:/usr/bin/python:/usr/bin/python3:" testing/pluto/ikev2-15-fuzzer/send_bad_packets.py sed -i "s:/usr/bin/python:/usr/bin/python3:" testing/x509/dist_certs.py -sed -i "s:/usr/bin/python:/usr/bin/python3:" programs/_unbound-hook/_unbound-hook.in # enable crypto-policies support sed -i "s:#[ ]*include \(.*\)\(/crypto-policies/back-ends/libreswan.config\)$:include \1\2:" programs/configs/ipsec.conf.in # linking to freebl is no longer needed sed -i "s/-lfreebl //" mk/config.mk -%patch1 -p1 - %build -%if 0%{with_efence} -%global efence "-lefence" -%endif - -#796683: -fno-strict-aliasing make %{?_smp_mflags} \ %if 0%{with_development} - USERCOMPILE="-g -DGCC_LINT %(echo %{optflags} | sed -e s/-O[0-9]*/ /) %{?efence} -fPIE -pie -fno-strict-aliasing -Wformat-nonliteral -Wformat-security" \ + OPTIMIZE_CFLAGS="%{?_hardened_cflags}" \ %else - USERCOMPILE="-g -DGCC_LINT %{optflags} %{?efence} -fPIE -pie -fno-strict-aliasing -Wformat-nonliteral -Wformat-security" \ + OPTIMIZE_CFLAGS="%{optflags}" \ %endif - USERLINK="-g -pie -Wl,-z,relro,-z,now %{?efence}" \ +%if 0%{with_efence} + USE_EFENCE=true \ +%endif + USERLINK="%{?__global_ldflags}" \ %{libreswan_config} \ programs FS=$(pwd) @@ -144,7 +140,7 @@ make \ FS=$(pwd) rm -rf %{buildroot}/usr/share/doc/libreswan -install -d -m 0700 %{buildroot}%{_rundir}/pluto +install -d -m 0755 %{buildroot}%{_rundir}/pluto # used when setting --perpeerlog without --perpeerlogbase install -d -m 0700 %{buildroot}%{_localstatedir}/log/pluto/peer install -d %{buildroot}%{_sbindir} @@ -212,6 +208,11 @@ export NSS_DISABLE_HW_GCM=1 %{_libdir}/fipscheck/pluto.hmac %changelog +* Fri Feb 14 2020 Paul Wouters - 3.30-1 +- Resolves: rhbz#1802896 libreswan-3.30 is available +- Resolves: rhbz#1799598 libreswan: FTBFS in Fedora rawhide/f32 +- Resolves: rhbz#1760571 [abrt] libreswan: configsetupcheck(): verify:366:configsetupcheck:TypeError: + * Wed Jan 29 2020 Fedora Release Engineering - 3.29-2.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild diff --git a/sources b/sources index 971f925..9358c0a 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ SHA512 (ikev1_dsa.fax.bz2) = 627cbac14248bd68e8d22fbca247668a7749ef0c2e41df8d776d62df9a21403d3a246c0bd82c3faedce62de90b9f91a87f753e17b056319000bba7d2038461ac SHA512 (ikev1_psk.fax.bz2) = 1b2daec32edc56b410c036db2688c92548a9bd9914994bc7e555b301dd6db4497a6b3e89dc12ddf36826ae90b40fcde501a5a45c0d59098e07839073d219d467 SHA512 (ikev2.fax.bz2) = 0d3748d1bd574f6f1f3e4db847eca126ce649566ea710ef227426f433122752b80d1d6b8acf9d0df07b5597c1e45447e3a2fcb3391756e834e8e75f99df8e51e -SHA512 (libreswan-3.29.tar.gz) = 4b4d91204d8b1724e0a9ad3ed55fc232c9a526211c3b47b6cc33fd160feb72538ef1661becca250bde815b9d7b75709bf16c7b372476605557b47c785cdf2535 +SHA512 (libreswan-3.30.tar.gz) = 1ea3505938231bacb762ec13c278b584239660e20994030423f0200ff32fcc0f0a0c74649b1470bbfc1165a762d3b60d0b1c5c56bff81a52415c7666736b5b99