updated to 3.7
This commit is contained in:
Paul Wouters
parent
923dd884a3
commit
fe276015a8
1
.gitignore
vendored
1
.gitignore
vendored
@ -3,3 +3,4 @@
|
||||
/libreswan-3.4.tar.gz
|
||||
/libreswan-3.5.tar.gz
|
||||
/libreswan-3.6.tar.gz
|
||||
/libreswan-3.7.tar.gz
|
||||
|
||||
@ -16,7 +16,7 @@
|
||||
|
||||
Name: libreswan
|
||||
Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols
|
||||
Version: 3.6
|
||||
Version: 3.7
|
||||
Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}
|
||||
License: GPLv2
|
||||
Url: https://www.libreswan.org/
|
||||
@ -34,7 +34,7 @@ Provides: openswan = %{version}-%{release}
|
||||
Provides: openswan-doc = %{version}-%{release}
|
||||
|
||||
BuildRequires: pkgconfig hostname
|
||||
BuildRequires: nss-devel >= 3.12.6-2, nspr-devel
|
||||
BuildRequires: nss-devel >= 3.14.3, nspr-devel
|
||||
BuildRequires: pam-devel
|
||||
%if %{USE_DNSSEC}
|
||||
BuildRequires: unbound-devel
|
||||
@ -99,7 +99,7 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
|
||||
USE_XAUTHPAM=true \
|
||||
%if %{USE_FIPSCHECK}
|
||||
USE_FIPSCHECK="%{USE_FIPSCHECK}" \
|
||||
FIPSPRODUCTCHECK=/etc/system-fips \
|
||||
FIPSPRODUCTCHECK=%{_sysconfdir}/system-fips \
|
||||
%endif
|
||||
USE_LIBCAP_NG="%{USE_LIBCAP_NG}" \
|
||||
USE_LABELED_IPSEC="%{USE_LABELED_IPSEC}" \
|
||||
@ -153,8 +153,8 @@ install -d %{buildroot}%{_sysconfdir}/prelink.conf.d/
|
||||
install -m644 packaging/fedora/libreswan-prelink.conf %{buildroot}%{_sysconfdir}/prelink.conf.d/libreswan-fips.conf
|
||||
%endif
|
||||
|
||||
echo "include /etc/ipsec.d/*.secrets" > %{buildroot}%{_sysconfdir}/ipsec.secrets
|
||||
rm -fr %{buildroot}/etc/rc.d/rc*
|
||||
echo "include %{_sysconfdir}/ipsec.d/*.secrets" > %{buildroot}%{_sysconfdir}/ipsec.secrets
|
||||
rm -fr %{buildroot}%{_sysconfdir}/rc.d/rc*
|
||||
|
||||
%files
|
||||
%doc BUGS CHANGES COPYING CREDITS README LICENSE
|
||||
@ -190,14 +190,19 @@ rm -fr %{buildroot}/etc/rc.d/rc*
|
||||
|
||||
%post
|
||||
%systemd_post ipsec.service
|
||||
if [ ! -f /etc/ipsec.d/cert8.db ] ; then
|
||||
echo > /var/tmp/libreswan-nss-pwd
|
||||
certutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.d
|
||||
restorecon /etc/ipsec.d/*db 2>/dev/null || :
|
||||
rm /var/tmp/libreswan-nss-pwd
|
||||
if [ ! -f %{_sysconfdir}/ipsec.d/cert8.db ] ; then
|
||||
TEMPFILE=$(/bin/mktemp %{_sysconfdir}/ipsec.d/nsspw.XXXXXXX)
|
||||
[ $? -gt 0 ] && TEMPFILE=%{_sysconfdir}/ipsec.d/nsspw.$$
|
||||
echo > ${TEMPFILE}
|
||||
certutil -N -f ${TEMPFILE} -d %{_sysconfdir}/ipsec.d
|
||||
restorecon %{_sysconfdir}/ipsec.d/*db 2>/dev/null || :
|
||||
rm -f ${TEMPFILE}
|
||||
fi
|
||||
|
||||
%changelog
|
||||
* Wed Dec 11 2013 Paul Wouters <pwouters@redhat.com> - 3.7-1
|
||||
- Updated to 3.7, fixes CVE-2013-4564
|
||||
|
||||
* Thu Oct 31 2013 Paul Wouters <pwouters@redhat.com> - 3.6-1
|
||||
- Updated to 3.6 (IKEv2, MODECFG, Cisco interop fixes)
|
||||
- Generate empty NSS db if none exists
|
||||
|
||||
Loading…
Reference in New Issue
Block a user