rpms/openswan/F-11 openswan-2.6-24-relpath.patch, NONE, 1.1 openswan-2.6-selinux.patch, 1.2, 1.3 openswan-2.6.24-nspr.patch, NONE, 1.1 openswan-2.6.24-warnings.patch, NONE, 1.1 openswan-550023.patch, NONE, 1.1 openswan-ipsec-help.patch, NONE, 1.1 openswan-setup.patch, NONE, 1.1 .cvsignore, 1.27, 1.28 openswan.spec, 1.80, 1.81 sources, 1.26, 1.27 openswan-2.6-initscript-correction.patch, 1.1, NONE openswan-2.6-relpath.patch, 1.1, NONE openswan-2.6.16-examples.patch, 1.1, NONE openswan-2.6.22-CVE-2009-2185.patch, 1.1, NONE openswan-2.6.22-gcc44.patch, 1.1, NONE openswan-2.6.22-nss.patch, 1.1, NONE openswan-2.6.22-selinux.patch, 1.1, NONE
avesh agarwal
avesh at fedoraproject.org
Thu Feb 25 22:19:35 UTC 2010
Author: avesh
Update of /cvs/pkgs/rpms/openswan/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22247
Modified Files:
.cvsignore openswan.spec sources
Added Files:
openswan-2.6-24-relpath.patch openswan-2.6-selinux.patch
openswan-2.6.24-nspr.patch openswan-2.6.24-warnings.patch
openswan-550023.patch openswan-ipsec-help.patch
openswan-setup.patch
Removed Files:
openswan-2.6-initscript-correction.patch
openswan-2.6-relpath.patch openswan-2.6.16-examples.patch
openswan-2.6.22-CVE-2009-2185.patch
openswan-2.6.22-gcc44.patch openswan-2.6.22-nss.patch
openswan-2.6.22-selinux.patch
Log Message:
* Mon Feb 25 2010 Avesh Agarwal <avagarwa at redhat.com> - 2.6.24-1
- New upstream release
- Cisco interop patches
- Improved init script
- Fix to allow ";" in the ike/esp parameters
- Fix to unset IKEv2 Critical flag for payloads defined in RFC 4306
- Fix to Zeroize ISAKMP and IPsec SA's when in FIPS mode
- Fix to the issue where Some programs were installed
twice causing .old files
- lwdns.req.log moved from /var/tmp/ to /var/run/pluto/ .
This is to avoid an SElinux AVC Denial
- Fix for the issueo where ipsec help shows the list twice
- Fix for compile time warnings
- Modified summary in spec file
- Replaced buildroot with RPM_BUILD_ROOT in spec file
- Included html files in the doc package
- Patch for disabling openswan startup at the system
boot by default
- Supports smartcards now
- Supports PSK with NSS
- Supports libcap-ng for lowering capabilities of pluto process
- Updated README.nss
- Fixed rhbz 550023: pluto's child process can not add routes, and
errors are displayed when running is updown.netkey script
- Modified package description
- Fixed a typo (IKEv2 RFC number).
openswan-2.6-24-relpath.patch:
Makefile.inc | 2 ++
programs/setup/Makefile | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
--- NEW FILE openswan-2.6-24-relpath.patch ---
diff -urNp openswan-2.6.24-orig/Makefile.inc openswan-2.6.24/Makefile.inc
--- openswan-2.6.24-orig/Makefile.inc 2010-01-09 20:34:38.000000000 -0500
+++ openswan-2.6.24/Makefile.inc 2010-01-11 12:15:53.000000000 -0500
@@ -123,6 +123,8 @@ FINALRCDIR=$(shell for d in $(INC_RCDIRS
do if test -d $(DESTDIR)/$$d ; \
then echo $$d ; exit 0 ; \
fi ; done ; echo $(INC_RCDEFAULT) )
+# this needs to be a relative path from BINDIR
+RELFINALRCDIR=../../..$(FINALRCDIR)
RCDIR=$(DESTDIR)$(FINALRCDIR)
diff -urNp openswan-2.6.24-orig/programs/setup/Makefile openswan-2.6.24/programs/setup/Makefile
--- openswan-2.6.24-orig/programs/setup/Makefile 2010-01-09 20:34:38.000000000 -0500
+++ openswan-2.6.24/programs/setup/Makefile 2010-01-11 12:15:53.000000000 -0500
@@ -32,7 +32,7 @@ include ${srcdir}../Makefile.program
doinstall:: setup
@rm -f $(BINDIR)/setup
@$(INSTALL) $(INSTBINFLAGS) setup $(RCDIR)/ipsec
- @ln -s $(FINALRCDIR)/ipsec $(BINDIR)/setup
+ @ln -s $(RELFINALRCDIR)/ipsec $(BINDIR)/setup
- at for i in 0 1 2 3 4 5 6; do mkdir -p $(RCDIR)/../rc$$i.d; done
- at cd $(RCDIR)/../rc0.d && ln -f -s ../init.d/ipsec K76ipsec
- at cd $(RCDIR)/../rc1.d && ln -f -s ../init.d/ipsec K76ipsec
openswan-2.6-selinux.patch:
verify.in | 13 -------------
1 file changed, 13 deletions(-)
Index: openswan-2.6-selinux.patch
===================================================================
RCS file: openswan-2.6-selinux.patch
diff -N openswan-2.6-selinux.patch
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ openswan-2.6-selinux.patch 25 Feb 2010 22:19:34 -0000 1.3
@@ -0,0 +1,23 @@
+diff -urNp openswan-2.6.24-orig/programs/verify/verify.in openswan-2.6.24/programs/verify/verify.in
+--- openswan-2.6.24-orig/programs/verify/verify.in 2010-01-09 20:34:38.000000000 -0500
++++ openswan-2.6.24/programs/verify/verify.in 2010-01-11 12:17:47.000000000 -0500
+@@ -276,19 +276,6 @@ sub installstartcheck {
+ } else { warnchk "","UNKNOWN"; }
+ }
+
+- if ( -e "/selinux/enforce") {
+- printfun "Testing against enforced SElinux mode";
+- open("cat", "/selinux/enforce");
+- if(<cat> == "1")
+- {
+- errchk "";
+- print "\n SElinux is running in 'enforced' mode.\n If you encounter network related SElinux errors, especially when using KLIPS,\n try disabling SElinux using:\n";
+- print "\n echo \"0\" > /selinux/enforce (or edit /etc/sysconfig/selinux)\n\n";
+- $reterr = 1;
+- }
+- else { errchk "1"; }
+- }
+-
+ if ( -c "/dev/hw_random" || -c "/dev/hwrng" ) {
+ printfun "Hardware RNG detected, testing if used properly";
+ run "pidof rngd";
openswan-2.6.24-nspr.patch:
rsasigkey/Makefile | 5 ++++-
showhostkey/Makefile | 5 ++++-
2 files changed, 8 insertions(+), 2 deletions(-)
--- NEW FILE openswan-2.6.24-nspr.patch ---
diff -urNp openswan-2.6.24-orig/programs/rsasigkey/Makefile openswan-2.6.24/programs/rsasigkey/Makefile
--- openswan-2.6.24-orig/programs/rsasigkey/Makefile 2010-01-09 20:34:38.000000000 -0500
+++ openswan-2.6.24/programs/rsasigkey/Makefile 2010-01-11 16:28:41.000000000 -0500
@@ -18,7 +18,7 @@ include ${OPENSWANSRCDIR}/Makefile.inc
ifeq ($(USE_LIBNSS),true)
CFLAGS+=-DHAVE_LIBNSS
# temp workaround for bug in nspr 4.8.2
-CFLAGS+=-Wno-strict-prototypes
+#CFLAGS+=-Wno-strict-prototypes
ifeq ($(USE_FIPSCHECK),true)
FIPS_CHECK=1
CFLAGS+=-DFIPS_CHECK
@@ -38,3 +38,6 @@ endif
include ${srcdir}../Makefile.program
+ifeq ($(USE_LIBNSS),true)
+CFLAGS+=-Wno-strict-prototypes
+endif
diff -urNp openswan-2.6.24-orig/programs/showhostkey/Makefile openswan-2.6.24/programs/showhostkey/Makefile
--- openswan-2.6.24-orig/programs/showhostkey/Makefile 2010-01-09 20:34:38.000000000 -0500
+++ openswan-2.6.24/programs/showhostkey/Makefile 2010-01-11 16:29:32.000000000 -0500
@@ -18,10 +18,13 @@ ifeq ($(USE_LIBNSS),true)
CFLAGS+=-DHAVE_LIBNSS
INCLUDES+=-I/usr/include/nspr4 -I/usr/include/nss3
# temp workaround for bug in nspr 4.8.2
-CFLAGS+=-Wno-strict-prototypes
+#CFLAGS+=-Wno-strict-prototypes
endif
PROGRAM=showhostkey
include ${srcdir}../Makefile.program
+ifeq ($(USE_LIBNSS),true)
+CFLAGS+=-Wno-strict-prototypes
+endif
openswan-2.6.24-warnings.patch:
lib/libopenswan/oswconf.c | 5 ++++-
programs/pluto/kernel.c | 4 ++--
programs/pluto/pluto_crypt.c | 1 +
programs/pluto/rcv_info.c | 4 +++-
programs/pluto/rcv_whack.c | 9 +++++++--
programs/pluto/whack.c | 5 ++++-
6 files changed, 21 insertions(+), 7 deletions(-)
--- NEW FILE openswan-2.6.24-warnings.patch ---
diff -urNp openswan-2.6.24-orig/lib/libopenswan/oswconf.c openswan-2.6.24/lib/libopenswan/oswconf.c
--- openswan-2.6.24-orig/lib/libopenswan/oswconf.c 2010-01-09 20:34:38.000000000 -0500
+++ openswan-2.6.24/lib/libopenswan/oswconf.c 2010-01-14 22:03:45.000000000 -0500
@@ -206,7 +206,7 @@ char *getNSSPassword(PK11SlotInfo *slot,
char* strings;
char* token=NULL;
const long maxPwdFileSize = NSSpwdfilesize;
- int i, tlen;
+ int i, tlen=0;
if (slot) {
token = PK11_GetTokenName(slot);
@@ -214,6 +214,9 @@ char *getNSSPassword(PK11SlotInfo *slot,
tlen = PORT_Strlen(token);
//openswan_log("authentication needed for token name %s with length %d",token,tlen);
}
+ else {
+ return 0;
+ }
}
else {
return 0;
diff -urNp openswan-2.6.24-orig/programs/pluto/kernel.c openswan-2.6.24/programs/pluto/kernel.c
--- openswan-2.6.24-orig/programs/pluto/kernel.c 2010-01-09 20:34:38.000000000 -0500
+++ openswan-2.6.24/programs/pluto/kernel.c 2010-01-15 10:45:47.000000000 -0500
@@ -360,12 +360,12 @@ fmt_common_shell_out(char *buf, int blen
char *p;
int l;
strncat(srcip_str, "PLUTO_MY_SOURCEIP=", sizeof(srcip_str));
- strncat(srcip_str, "'", sizeof(srcip_str));
+ strncat(srcip_str, "'", sizeof(srcip_str)-strlen(srcip_str)-1);
l = strlen(srcip_str);
p = srcip_str + l;
addrtot(&sr->this.host_srcip, 0, p, sizeof(srcip_str));
- strncat(srcip_str, "'", sizeof(srcip_str));
+ strncat(srcip_str, "'", sizeof(srcip_str)-strlen(srcip_str)-1);
}
{
diff -urNp openswan-2.6.24-orig/programs/pluto/pluto_crypt.c openswan-2.6.24/programs/pluto/pluto_crypt.c
--- openswan-2.6.24-orig/programs/pluto/pluto_crypt.c 2010-01-09 20:34:38.000000000 -0500
+++ openswan-2.6.24/programs/pluto/pluto_crypt.c 2010-01-14 22:30:25.000000000 -0500
@@ -976,6 +976,7 @@ pluto_helper_thread(void *w) {
struct pluto_crypto_worker *helper;
helper=(struct pluto_crypto_worker *)w;
pluto_crypto_helper(helper->pcw_helper_pipe, helper->pcw_helpernum);
+ return NULL;
}
#endif
diff -urNp openswan-2.6.24-orig/programs/pluto/rcv_info.c openswan-2.6.24/programs/pluto/rcv_info.c
--- openswan-2.6.24-orig/programs/pluto/rcv_info.c 2010-01-09 20:34:38.000000000 -0500
+++ openswan-2.6.24/programs/pluto/rcv_info.c 2010-01-15 10:58:54.000000000 -0500
@@ -313,7 +313,9 @@ info_handle(int infoctlfd)
{
case IPSEC_CMD_QUERY_HOSTPAIR:
info_lookuphostpair(&ipcq);
- write(infofd, &ipcq, ipcq.head.ipm_msg_len);
+ if(write(infofd, &ipcq, ipcq.head.ipm_msg_len) == -1 ) {
+ plog("info_handle: write error");
+ }
break;
default:
diff -urNp openswan-2.6.24-orig/programs/pluto/rcv_whack.c openswan-2.6.24/programs/pluto/rcv_whack.c
--- openswan-2.6.24-orig/programs/pluto/rcv_whack.c 2010-01-09 20:34:38.000000000 -0500
+++ openswan-2.6.24/programs/pluto/rcv_whack.c 2010-01-15 11:18:13.000000000 -0500
@@ -156,8 +156,13 @@ static bool writewhackrecord(char *buf,
//DBG_log("buflen: %u abuflen: %u\n", header[0], abuflen);
- fwrite(header, sizeof(u_int32_t)*3, 1, whackrecordfile);
- fwrite(buf, abuflen, 1, whackrecordfile);
+ if(fwrite(header, sizeof(u_int32_t)*3, 1, whackrecordfile) < 1) {
+ DBG_log("writewhackrecord: fwrite error when writing header");
+ }
+
+ if(fwrite(buf, abuflen, 1, whackrecordfile) < 1) {
+ DBG_log("writewhackrecord: fwrite error when writing buf");
+ }
return TRUE;
}
diff -urNp openswan-2.6.24-orig/programs/pluto/whack.c openswan-2.6.24/programs/pluto/whack.c
--- openswan-2.6.24-orig/programs/pluto/whack.c 2010-01-09 20:34:38.000000000 -0500
+++ openswan-2.6.24/programs/pluto/whack.c 2010-01-15 11:13:58.000000000 -0500
@@ -1957,7 +1957,10 @@ main(int argc, char **argv)
}
le++; /* include NL in line */
- write(1, ls, le - ls);
+ if(write(1, ls, le - ls) != (le-ls)) {
+ int e = errno;
+ fprintf(stderr, "whack: write() failed to stdout(%d %s)\n", e, strerror(e));
+ }
fsync(1);
/* figure out prefix number
openswan-550023.patch:
plutomain.c | 4 ++++
1 file changed, 4 insertions(+)
--- NEW FILE openswan-550023.patch ---
diff -urNp openswan-2.6.24-orig/programs/pluto/plutomain.c openswan-2.6.24/programs/pluto/plutomain.c
--- openswan-2.6.24-orig/programs/pluto/plutomain.c 2010-01-09 20:34:38.000000000 -0500
+++ openswan-2.6.24/programs/pluto/plutomain.c 2010-02-25 16:04:55.000000000 -0500
@@ -321,6 +321,10 @@ main(int argc, char **argv)
capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
CAP_NET_BIND_SERVICE, CAP_NET_ADMIN, CAP_NET_RAW,
CAP_IPC_LOCK, -1);
+ /* Pluto's child processes require the capability CAP_NET_ADMIN to deals
+ * with routes.
+ */
+ capng_updatev(CAPNG_ADD, CAPNG_BOUNDING_SET, CAP_NET_ADMIN, -1);
capng_apply(CAPNG_SELECT_BOTH);
#endif
openswan-ipsec-help.patch:
ipsec.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- NEW FILE openswan-ipsec-help.patch ---
diff -urNp openswan-2.6.24-orig/programs/ipsec/ipsec.in openswan-2.6.24/programs/ipsec/ipsec.in
--- openswan-2.6.24-orig/programs/ipsec/ipsec.in 2010-01-09 20:34:38.000000000 -0500
+++ openswan-2.6.24/programs/ipsec/ipsec.in 2010-01-13 17:52:10.000000000 -0500
@@ -79,9 +79,9 @@ case "$1" in
--help)
echo "Usage: ipsec command argument ..."
echo "where command is one of:"
- for f in `ls $IPSEC_LIBDIR $IPSEC_EXECDIR | egrep -v -i "$DONTMENTION"`
+ for f in `ls $IPSEC_LIBDIR | egrep -v -i "$DONTMENTION"`
do
- if test -x $IPSEC_LIBDIR/$f || test -x $IPSEC_EXECDIR/$f
+ if test -x $IPSEC_LIBDIR/$f
then
echo " $f"
fi
openswan-setup.patch:
setup.in | 2 --
1 file changed, 2 deletions(-)
--- NEW FILE openswan-setup.patch ---
--- openswan-2.6.24-orig/programs/setup/setup.in 2010-01-09 20:34:38.000000000 -0500
+++ openswan-2.6.24/programs/setup/setup.in 2010-02-08 14:10:37.000000000 -0500
@@ -5,8 +5,6 @@
# Provides: openswan
# Required-Start: $network $syslog $named
# Required-Stop: $syslog
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
# Short-Description: Start Openswan IPsec at boot time
# Description: Enable automatic key management for IPsec (KLIPS and NETKEY)
### END INIT INFO
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/openswan/F-11/.cvsignore,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -p -r1.27 -r1.28
--- .cvsignore 10 Sep 2009 16:35:40 -0000 1.27
+++ .cvsignore 25 Feb 2010 22:19:33 -0000 1.28
@@ -11,3 +11,4 @@ openswan-2.6.18.tar.gz
openswan-2.6.19.tar.gz
openswan-2.6.21.tar.gz
openswan-2.6.22.tar.gz
+openswan-2.6.24.tar.gz
Index: openswan.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openswan/F-11/openswan.spec,v
retrieving revision 1.80
retrieving revision 1.81
diff -u -p -r1.80 -r1.81
--- openswan.spec 10 Sep 2009 16:35:41 -0000 1.80
+++ openswan.spec 25 Feb 2010 22:19:35 -0000 1.81
@@ -1,11 +1,12 @@
%define USE_LIBNSS 1
%define USE_FIPSCHECK 1
+%define USE_LIBCAP_NG 1
%define nss_version 3.12.3-2
%define fipscheck_version 1.2.0-1
-Summary: Openswan IPSEC implementation
+Summary: IPSEC implementation with IKEv1 and IKEv2 keying protocols
Name: openswan
-Version: 2.6.22
+Version: 2.6.24
Release: 1%{?dist}
License: GPLv2+
@@ -14,14 +15,13 @@ Source: openswan-%{version}.tar.gz
Source2: ipsec.conf
-Patch1: openswan-2.6.16-examples.patch
-Patch2: openswan-2.6-relpath.patch
-Patch3: openswan-2.6.22-selinux.patch
-Patch4: openswan-2.6-initscript-correction.patch
-Patch5: openswan-2.6.22-gcc44.patch
-Patch6: openswan-2.6.22-nss.patch
-Patch7: openswan-2.6.22-CVE-2009-2185.patch
-
+Patch1: openswan-2.6-24-relpath.patch
+Patch2: openswan-2.6-selinux.patch
+Patch3: openswan-2.6.24-nspr.patch
+Patch4: openswan-ipsec-help.patch
+Patch5: openswan-2.6.24-warnings.patch
+Patch6: openswan-setup.patch
+Patch7: openswan-550023.patch
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -39,12 +39,16 @@ Requires(preun): /sbin/service
BuildRequires: fipscheck-devel >= %{fipscheck_version}
%endif
+%if %{USE_LIBCAP_NG}
+BuildRequires: libcap-ng-devel
+%endif
+
Provides: ipsec-userland = %{version}-%{release}
#unless kernel with NETKEY supplies this capability we cannot do this
#Requires: ipsec-kernel
%package doc
-Summary: Openswan IPSEC full documentation
+Summary: Full documentation of Openswan IPSEC implementation
Group: System Environment/Daemons
%description
@@ -57,11 +61,10 @@ decrypted by the gateway at the other en
tunnel is a virtual private network or VPN.
This package contains the daemons and userland tools for setting up
-Openswan. It optionally also builds the Openswan KLIPS IPsec stack that
-is an alternative for the NETKEY/XFRM IPsec stack that exists in the
-default Linux kernel.
+Openswan. It supports the NETKEY/XFRM IPsec kernel stack that exists
+in the default Linux kernel.
-Openswan 2.6.x also supports IKEv2 (RFC4309)
+Openswan 2.6.x also supports IKEv2 (RFC4306)
%description doc
This package contains extensive documentation of the Openswan IPSEC
@@ -72,9 +75,9 @@ system.
find doc/examples -type f -print0 | xargs -0 chmod a-x
find doc -name .gitignore -print0 | xargs -0 rm -v
-%patch1 -p1
-%patch2 -p1 -b .relpath
-%patch3 -p1 -b .selinux
+%patch1 -p1 -b .relpath
+%patch2 -p1 -b .selinux
+%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
@@ -97,6 +100,9 @@ find doc -name .gitignore -print0 | xarg
%if %{USE_FIPSCHECK}
USE_FIPSCHECK=true \
%endif
+%if %{USE_LIBCAP_NG}
+ USE_LIBCAP_NG=true \
+%endif
programs
FS=$(pwd)
@@ -134,14 +140,11 @@ FS=$(pwd)
fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/spi \
fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/spigrp \
fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_startklips \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_startklips.old \
fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_startnetkey \
fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/tncfg \
fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_updown \
fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_updown.klips \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_updown.klips.old \
fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_updown.mast \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_updown.mast.old \
fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_updown.netkey \
fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/verify \
fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/whack \
@@ -150,48 +153,48 @@ FS=$(pwd)
%endif
%install
-rm -rf %{buildroot}
+rm -rf $RPM_BUILD_ROOT
%{__make} \
- DESTDIR=%{buildroot} \
+ DESTDIR=$RPM_BUILD_ROOT \
INC_USRLOCAL=%{_prefix} \
FINALLIBDIR=%{_libexecdir}/ipsec \
IPSEC_LIBDIR="${IPSEC_LIBDIR-/usr/libexec/ipsec}" \
- MANTREE=%{buildroot}%{_mandir} \
+ MANTREE=$RPM_BUILD_ROOT%{_mandir} \
INC_RCDEFAULT=%{_initrddir} \
install
FS=$(pwd)
-rm -rf %{buildroot}/usr/share/doc/openswan
+rm -rf $RPM_BUILD_ROOT/usr/share/doc/openswan
# ipsec and setup both installed by default - they are identical
-rm -f %{buildroot}/etc/rc.d/init.d/setup
-rm -f %{buildroot}/usr/share/man/man3/*
-install -d -m 0700 %{buildroot}%{_localstatedir}/run/pluto
-install -d %{buildroot}%{_sbindir}
-find %{buildroot}/etc/ipsec.d -type f -exec chmod 644 {} \;
+rm -f $RPM_BUILD_ROOT/etc/rc.d/init.d/setup
+rm -f $RPM_BUILD_ROOT/usr/share/man/man3/*
+install -d -m 0700 $RPM_BUILD_ROOT%{_localstatedir}/run/pluto
+install -d $RPM_BUILD_ROOT%{_sbindir}
+find $RPM_BUILD_ROOT/etc/ipsec.d -type f -exec chmod 644 {} \;
-mkdir -p %{buildroot}%{_sysconfdir}
-install -m 600 %{SOURCE2} %{buildroot}%{_sysconfdir}/ipsec.conf
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}
+install -m 600 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.conf
-sed -i -e 's#/usr/lib/#%{_libexecdir}/#g' %{buildroot}%{_initrddir}/ipsec
+sed -i -e 's#/usr/lib/#%{_libexecdir}/#g' $RPM_BUILD_ROOT%{_initrddir}/ipsec
-echo "include /etc/ipsec.d/*.secrets" > %{buildroot}%{_sysconfdir}/ipsec.secrets
+echo "include /etc/ipsec.d/*.secrets" > $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.secrets
-chmod a-x %{buildroot}%{_mandir}/*/*
+chmod a-x $RPM_BUILD_ROOT%{_mandir}/*/*
# nuke duplicate docs to save space. this leaves html and ps
rm -f doc/HOWTO.pdf doc/HOWTO.txt
-rm -fr %{buildroot}/etc/rc.d/rc*
+rm -fr $RPM_BUILD_ROOT/etc/rc.d/rc*
-rm -fr %{buildroot}%{_sysconfdir}/ipsec.d/examples
+rm -fr $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.d/examples
%clean
-rm -rf %{buildroot}
+rm -rf $RPM_BUILD_ROOT
%files doc
%defattr(-,root,root)
%doc doc/README.* doc/CHANGES.* doc/CREDITS.* doc/2.6.known-issues
-%doc doc/examples doc/std doc/quickstarts doc/example-configs
+%doc doc/examples doc/std doc/quickstarts doc/*.html
%files
%defattr(-,root,root)
@@ -225,6 +228,33 @@ fi
chkconfig --add ipsec || :
%changelog
+* Mon Feb 25 2010 Avesh Agarwal <avagarwa at redhat.com> - 2.6.24-1
+- New upstream release
+- Cisco interop patches
+- Improved init script
+- Fix to allow ";" in the ike/esp parameters
+- Fix to unset IKEv2 Critical flag for payloads defined in RFC 4306
+- Fix to Zeroize ISAKMP and IPsec SA's when in FIPS mode
+- Fix to the issue where Some programs were installed
+ twice causing .old files
+- lwdns.req.log moved from /var/tmp/ to /var/run/pluto/ .
+ This is to avoid an SElinux AVC Denial
+- Fix for the issueo where ipsec help shows the list twice
+- Fix for compile time warnings
+- Modified summary in spec file
+- Replaced buildroot with RPM_BUILD_ROOT in spec file
+- Included html files in the doc package
+- Patch for disabling openswan startup at the system
+ boot by default
+- Supports smartcards now
+- Supports PSK with NSS
+- Supports libcap-ng for lowering capabilities of pluto process
+- Updated README.nss
+- Fixed rhbz 550023: pluto's child process can not add routes, and
+ errors are displayed when running is updown.netkey script
+- Modified package description
+- Fixed a typo (IKEv2 RFC number).
+
* Thu Sep 10 2009 Avesh Agarwal <avagarwa at redhat.com> - 2.6.22-1
- New upstream release
- Added support for using PSK with NSS
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/openswan/F-11/sources,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -p -r1.26 -r1.27
--- sources 10 Sep 2009 16:35:41 -0000 1.26
+++ sources 25 Feb 2010 22:19:35 -0000 1.27
@@ -1 +1 @@
-9a30009bade8a1b09fba27680c87cf72 openswan-2.6.22.tar.gz
+1c76b6982c05392f7c360afb92699661 openswan-2.6.24.tar.gz
--- openswan-2.6-initscript-correction.patch DELETED ---
--- openswan-2.6-relpath.patch DELETED ---
--- openswan-2.6.16-examples.patch DELETED ---
--- openswan-2.6.22-CVE-2009-2185.patch DELETED ---
--- openswan-2.6.22-gcc44.patch DELETED ---
--- openswan-2.6.22-nss.patch DELETED ---
--- openswan-2.6.22-selinux.patch DELETED ---
More information about the scm-commits
mailing list