Commit Graph

157 Commits

Author SHA1 Message Date
Daiki Ueno
2329760e6b Fix auto=ondemand connection initialization with TCP
Resolves: RHEL-51880
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-08-06 11:06:10 +09:00
Daiki Ueno
021b38cdf6 Re-introduce libreswan-4.6-ikev1-policy-defaults-to-drop.patch
The patch was included in c9s but omitted when syncronized to Fedora.
Now that this is the default behavior in Libreswan 5, we want to keep
the patch to avoid any regressions.

Resolves: RHEL-52935
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-08-06 09:46:06 +09:00
Paul Wouters
a65932fd0e Add libreswan-4.15-ipsec_import.patch
Related: RHEL-32481
2024-06-28 06:41:10 +09:00
Paul Wouters
32be2a6df3 - Update libreswan to 4.15 for CVE-2024-3652
- Resolves rhbz#2274448 CVE-2024-3652 libreswan: IKEv1 default AH/ESP
  responder can crash and restart
- Allow "ipsec import" to try importing PKCS#12 non-interactively if
  there is no password

Resolves: RHEL-32481
2024-06-28 06:41:02 +09:00
Paul Wouters
38ded79037 - Update to 4.14 for CVE-2024-2357
* Security, see https://libreswan.org/security/CVE-2024-2357
* x509: unpack IPv6 general names based on length
* pluto: TFC padding was not set for AEAD algorithms

* Include now fixed ipcheck
* Exclude hunkcheck broken on s390x
* Remove obsoleted patch capng patch

Related: RHEL-32481
2024-06-28 06:40:57 +09:00
Paul Wouters
9bd683c343 Convert to %autorelease and %autochangelog
[skip changelog]

Related: RHEL-32481
2024-06-28 06:40:53 +09:00
Paul Wouters
707d65c3e1 new sources for 4.13
Related: RHEL-32481
2024-06-28 06:40:40 +09:00
Troy Dawson
651a14b04a Bump release for June 2024 mass rebuild 2024-06-24 08:58:02 -07:00
Fedora Release Engineering
4b310aa3b1 Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-25 03:22:55 +00:00
Fedora Release Engineering
cae5d5397d Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-21 05:11:44 +00:00
Paul Wouters
d609d0e8ad
- Update libcap-ng patch, fix email addresses in changelog 2023-09-08 12:45:22 -04:00
Paul Wouters
9051f09a66
- Patch for handling libcap-ng return values and fix capng_apply() call 2023-09-06 09:10:17 -04:00
Paul Wouters
4abe9188eb
- Remove ipsec show and ipsec verify
These commands are outdated, not very useful and cause a python
dependency that's big for some smaller deployments (eg openshift)
2023-09-05 17:18:14 -04:00
Daiki Ueno
131d137825 Migrate License field to SPDX license identifier
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2023-08-24 10:29:22 +09:00
Paul Wouters
67117b266a
- Update to 4.12 for CVE-2023-38710, CVE-2023-38711 and CVE-2023-38712
- Resolves: rhbz#2230225 libreswan-4.12 is available
2023-08-11 11:43:31 -04:00
Fedora Release Engineering
b3b4abc436 Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-07-20 11:56:51 +00:00
Paul Wouters
24737740dd
- Update to 4.11 for CVE-2023-30570 2023-05-04 10:44:38 -04:00
Paul Wouters
75627dbc99
add missing ikev2 vectors to sources 2023-02-28 21:37:54 -05:00
Paul Wouters
1de005450e
- Update to 4.10 for CVE-2023-23009 2023-02-28 21:29:21 -05:00
Fedora Release Engineering
02d01d8ef9 Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-01-19 17:19:12 +00:00
Paul Wouters
2b2374e75d
bump release 2023-01-10 13:58:10 -05:00
Paul Wouters
2865ae8e8c
update for new GPG key location
This new keyfile also no longer uses SHA1, though it is the same
base key as before.
2023-01-10 13:55:54 -05:00
Paul Wouters
74667615e4
cleanup old obsoleted patches 2023-01-10 13:50:11 -05:00
Paul Wouters
3ee4c1aee5
re-add the ike test vectors to sources 2022-10-13 20:30:28 -04:00
Paul Wouters
6b164e4601
- Update to 4.9 (maxbytes/maxpackets support, raw ECDSA support, misc fixes) 2022-10-13 20:23:35 -04:00
Paul Wouters
025ee05fb3
use 'new' %make_build and %make_install macros 2022-08-25 20:45:28 -04:00
Fedora Release Engineering
4d953fe693 Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-21 18:50:58 +00:00
Paul Wouters
4aab45b406
re-add LIBRESWAN-GPG-KEY.txt 2022-05-24 18:29:53 -04:00
Paul Wouters
fe733530df
- Updated to 4.7 (EAPTLS support, bugfixes) 2022-05-24 18:11:40 -04:00
Fedora Release Engineering
a75a38e0d1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-20 17:07:57 +00:00
Paul Wouters
1290d06104
- Re-enable USE_DNSSEC again with patch to resolve header conflicts 2022-01-13 16:53:11 -05:00
Paul Wouters
a47e3c9245
- Resolves: CVE-2022-23094
- Resolves: rhbz#2039604 libreswan-4.6 is available
- Add gpg key and signature check for build
- Temporarilly disable USE_DNSSEC in rawhide while we figure out openssl vs nss include clash
2022-01-11 22:43:31 -05:00
Paul Wouters
30bf23be45
update sources 2021-08-26 13:31:47 +03:00
Paul Wouters
6b9dd6c883
- Resolves rhbz#1996250 libreswan-4.5 is available 2021-08-26 12:10:55 +03:00
Paul Wouters
685ec15ac1
add Requires: for logrotate 2021-08-02 20:58:31 -04:00
Paul Wouters
3a50017748
- Resolves rhbz#1989198 libreswan should depend on procps-ng or pidof 2021-08-02 20:44:07 -04:00
Fedora Release Engineering
b36d311589 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-22 12:15:21 +00:00
Paul Wouters
7c4b294887
handle properly rpm sysctl config
Move sysctl config to correct %{_sysctldir}.
Apply sysctl config on install.

See https://docs.fedoraproject.org/en-US/packaging-guidelines/#_binfmt_d_sysctl_d_and_tmpfiles_d
2021-06-06 21:22:20 -04:00
Paul Wouters
0f00fff4b5
disable some testing tools that throw warnings on arm 2021-05-12 22:09:19 -04:00
Paul Wouters
8d7f98d414
add libreswan-4.4-ipcheck.patch to fixup some types for gcc. 2021-05-12 21:48:56 -04:00
Paul Wouters
73f45e85a5
- Resolves: rhbz#1952602 libreswan-4.4 is available 2021-05-12 17:00:47 -04:00
Zbigniew Jędrzejewski-Szmek
1f0b00f3c3 Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
2021-03-02 16:13:33 +01:00
Paul Wouters
59cde94ccc - update to 4.3 (minor bugfix release) 2021-02-21 12:09:31 -05:00
Paul Wouters
fdf40a922f - Updated to 4.2 2021-02-02 20:53:35 -05:00
Fedora Release Engineering
534953ce2e - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 17:53:38 +00:00
Paul Wouters
7f24ffd5dc - Resolves: rhbz#1867580 pluto process frequently dumps core
(disable USE_NSS_KDF until nss fixes have propagated)
2020-12-19 20:01:58 -05:00
Adam Williamson
d84dd699b8 Rebuild for ldns soname bump 2020-12-19 09:27:06 -08:00
Adam Williamson
efc202e0cd Revert to 4.1-3 state to rebuild for ldns soname bump 2020-12-19 09:23:16 -08:00
Adam Williamson
14dc4ee423 Rebuild for ldns soname bump 2020-12-19 09:01:19 -08:00
Paul Wouters
644402b247 re-add test vectors to sources file :/ 2020-12-17 13:52:08 -05:00