diff --git a/.gitignore b/.gitignore index 5010c06..f5cb6c3 100644 --- a/.gitignore +++ b/.gitignore @@ -18,3 +18,4 @@ /libreswan-3.16.tar.gz /libreswan-3.17.tar.gz /libreswan-3.18.tar.gz +/libreswan-3.19.tar.gz diff --git a/libreswan.spec b/libreswan.spec index ebbad03..ff2686b 100644 --- a/libreswan.spec +++ b/libreswan.spec @@ -1,10 +1,11 @@ %global USE_FIPSCHECK true -%global USE_LIBCAP_NG 0 +%global USE_LIBCAP_NG true %global USE_LABELED_IPSEC true %global USE_CRL_FETCHING true %global USE_DNSSEC true %global USE_NM true %global USE_LINUX_AUDIT true +%global USE_SECCOMP false %global _hardened_build 1 @@ -17,8 +18,8 @@ Name: libreswan Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols -Version: 3.18 -Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}.1 +Version: 3.19 +Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist} License: GPLv2 Url: https://libreswan.org/ Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz @@ -47,6 +48,12 @@ BuildRequires: libevent-devel %if %{USE_DNSSEC} BuildRequires: unbound-devel %endif +%if %{USE_SECCOMP} +BuildRequires: libseccomp-devel +%endif +%if %{USE_LABELED_IPSEC} +BuildRequires: libselinux-devel +%endif %if %{USE_FIPSCHECK} BuildRequires: fipscheck-devel >= %{fipscheck_version} Requires: fipscheck%{_isa} >= %{fipscheck_version} @@ -116,6 +123,7 @@ make %{?_smp_mflags} \ USE_LIBCURL=true \ %endif USE_DNSSEC="%{USE_DNSSEC}" \ + USE_SECCOMP="%{USE_SECCOMP}" \ INC_USRLOCAL=%{_prefix} \ FINALLIBEXECDIR=%{_libexecdir}/ipsec \ MANTREE=%{_mandir} \ @@ -130,8 +138,7 @@ FS=$(pwd) %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ - fipshmac -d %{buildroot}%{_libdir}/fipscheck %{buildroot}%{_libexecdir}/ipsec/* \ - fipshmac -d %{buildroot}%{_libdir}/fipscheck %{buildroot}%{_sbindir}/ipsec \ + fipshmac -d %{buildroot}%{_libdir}/fipscheck %{buildroot}%{_libexecdir}/ipsec/pluto \ %{nil} %endif @@ -175,6 +182,10 @@ rm -fr %{buildroot}%{_sysconfdir}/rc.d/rc* # We only run the CAVS tests. cp %{SOURCE1} %{SOURCE2} %{SOURCE3} . bunzip2 *.fax.bz2 + +# work around for older xen based machines +export NSS_DISABLE_HW_GCM=1 + : starting CAVS test for IKEv2 OBJ.linux.*/programs/pluto/cavp -v2 ikev2.fax | \ diff -u ikev2.fax - > /dev/null @@ -217,10 +228,13 @@ OBJ.linux.*/programs/pluto/cavp -v1psk ikev1_psk.fax | \ %attr(0644,root,root) %doc %{_mandir}/*/* %if %{USE_FIPSCHECK} -%{_libdir}/fipscheck/*.hmac +%{_libdir}/fipscheck/pluto.hmac %endif %changelog +* Sun Jan 15 2017 Paul Wouters - 3.19-1 +- Updated to 3.19 (see download.libreswan.org/CHANGES) + * Mon Dec 19 2016 Miro HronĨok - 3.18-1.1 - Rebuild for Python 3.6 diff --git a/sources b/sources index fa35e32..c7af9e2 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -d8b493de7179635a6ed2a4d0e1b35282 ikev1_dsa.fax.bz2 -c4fe7041300e6c21f4561ce818b5002f ikev1_psk.fax.bz2 -7716c48a1a2b17ba25e89b79889d4004 ikev2.fax.bz2 -600c40e0d94c61408c7b4948971d78f4 libreswan-3.18.tar.gz +SHA512 (ikev1_dsa.fax.bz2) = 627cbac14248bd68e8d22fbca247668a7749ef0c2e41df8d776d62df9a21403d3a246c0bd82c3faedce62de90b9f91a87f753e17b056319000bba7d2038461ac +SHA512 (ikev1_psk.fax.bz2) = 1b2daec32edc56b410c036db2688c92548a9bd9914994bc7e555b301dd6db4497a6b3e89dc12ddf36826ae90b40fcde501a5a45c0d59098e07839073d219d467 +SHA512 (ikev2.fax.bz2) = 0d3748d1bd574f6f1f3e4db847eca126ce649566ea710ef227426f433122752b80d1d6b8acf9d0df07b5597c1e45447e3a2fcb3391756e834e8e75f99df8e51e +SHA512 (libreswan-3.19.tar.gz) = fdd8fa33cd0da4c8dd2be86a5689316668041b3788b918c243a0f36f149876b14d13b3115aa203cee3885db95760bde16bee60e701e7027e412299dc2321b233