[strongswan/f18] rhbz#981429: New upstream release
avesh
avesh at fedoraproject.org
Wed Aug 7 20:28:18 UTC 2013
commit bc76bb8ca3e14539f72b491bf343b6bf0bd69278
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Wed Aug 7 16:28:08 2013 -0400
rhbz#981429: New upstream release
- Fixes CVE-2013-5018: rhbz#991216, rhbz#991215
- Fixes rhbz#991859 failed to build in rawhide
- Updated local patches and removed which are not needed
- Fixed errors around charon-nm
- Added plugins libstrongswan-pkcs12.so, libstrongswan-rc2.so,
libstrongswan-sshkey.so
- Added utility imv_policy_manager
.gitignore | 1 +
libimcv-attestatiom-imv-crash.patch | 27 ---------
libstrongswan-plugin.patch | 10 ++--
libstrongswan-settings-debug.patch | 12 ++--
sources | 2 +-
...ipsec-scepclient-to-strongswan-scepclient.patch | 25 ---------
...-Change-ipsec-updown-to-strongswan-updown.patch | 25 ---------
strongswan-init.patch | 57 +++++++++-----------
strongswan-pts-ecp-disable.patch | 6 +-
...-71d740cac68f83c77d981368a4c041eb620310ed.patch | 26 ---------
strongswan.spec | 29 ++++++----
11 files changed, 60 insertions(+), 160 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index d316010..ee1d37e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@
/strongswan-5.0.2.tar.bz2
/strongswan-5.0.3.tar.bz2
/strongswan-5.0.4.tar.bz2
+/strongswan-5.1.0.tar.bz2
diff --git a/libstrongswan-plugin.patch b/libstrongswan-plugin.patch
index 0f4dc32..ce0951d 100644
--- a/libstrongswan-plugin.patch
+++ b/libstrongswan-plugin.patch
@@ -1,8 +1,8 @@
-diff -urNp strongswan-5.0.4-patched/src/libstrongswan/plugins/plugin_loader.c strongswan-5.0.4-current/src/libstrongswan/plugins/plugin_loader.c
---- strongswan-5.0.4-patched/src/libstrongswan/plugins/plugin_loader.c 2013-05-01 15:50:51.375560719 -0400
-+++ strongswan-5.0.4-current/src/libstrongswan/plugins/plugin_loader.c 2013-05-22 16:30:24.121091911 -0400
-@@ -267,7 +267,7 @@ static bool load_plugin(private_plugin_l
- return FALSE;
+diff -urNp strongswan-5.1.0-patched/src/libstrongswan/plugins/plugin_loader.c strongswan-5.1.0-current/src/libstrongswan/plugins/plugin_loader.c
+--- strongswan-5.1.0-patched/src/libstrongswan/plugins/plugin_loader.c 2013-08-06 17:16:36.266031511 -0400
++++ strongswan-5.1.0-current/src/libstrongswan/plugins/plugin_loader.c 2013-08-06 17:49:15.703354848 -0400
+@@ -353,7 +353,7 @@ static plugin_entry_t *load_plugin(priva
+ return NULL;
}
}
- handle = dlopen(file, RTLD_LAZY);
diff --git a/libstrongswan-settings-debug.patch b/libstrongswan-settings-debug.patch
index f7cb93f..66bca56 100644
--- a/libstrongswan-settings-debug.patch
+++ b/libstrongswan-settings-debug.patch
@@ -1,7 +1,7 @@
-diff -urNp strongswan-5.0.4-patched/src/libstrongswan/utils/settings.c strongswan-5.0.4-current/src/libstrongswan/utils/settings.c
---- strongswan-5.0.4-patched/src/libstrongswan/utils/settings.c 2013-05-01 15:50:51.337560745 -0400
-+++ strongswan-5.0.4-current/src/libstrongswan/utils/settings.c 2013-06-18 13:13:27.801428152 -0400
-@@ -940,7 +940,7 @@ static bool parse_file(linked_list_t *co
+diff -urNp strongswan-5.1.0-patched/src/libstrongswan/utils/settings.c strongswan-5.1.0-current/src/libstrongswan/utils/settings.c
+--- strongswan-5.1.0-patched/src/libstrongswan/utils/settings.c 2013-08-06 17:16:36.244031484 -0400
++++ strongswan-5.1.0-current/src/libstrongswan/utils/settings.c 2013-08-06 17:52:43.272606717 -0400
+@@ -960,7 +960,7 @@ static bool parse_file(linked_list_t *co
{
if (errno == ENOENT)
{
@@ -10,7 +10,7 @@ diff -urNp strongswan-5.0.4-patched/src/libstrongswan/utils/settings.c strongswa
return TRUE;
}
DBG1(DBG_LIB, "failed to stat '%s': %s", file, strerror(errno));
-@@ -1003,7 +1003,7 @@ static bool parse_files(linked_list_t *c
+@@ -1023,7 +1023,7 @@ static bool parse_files(linked_list_t *c
if (!strlen(pattern))
{
@@ -19,7 +19,7 @@ diff -urNp strongswan-5.0.4-patched/src/libstrongswan/utils/settings.c strongswa
return TRUE;
}
-@@ -1035,7 +1035,7 @@ static bool parse_files(linked_list_t *c
+@@ -1055,7 +1055,7 @@ static bool parse_files(linked_list_t *c
status = glob(pat, GLOB_ERR, NULL, &buf);
if (status == GLOB_NOMATCH)
{
diff --git a/sources b/sources
index c5e1904..388cdfe 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-0ab0397b44b197febfd0f89148344035 strongswan-5.0.4.tar.bz2
+c1cd0a3ba9960f590cae28c8470800e8 strongswan-5.1.0.tar.bz2
diff --git a/strongswan-init.patch b/strongswan-init.patch
index 89317f8..ccd653a 100644
--- a/strongswan-init.patch
+++ b/strongswan-init.patch
@@ -1,7 +1,18 @@
-Index: strongswan-5.0.0/init/Makefile.am
-===================================================================
---- strongswan-5.0.0.orig/init/Makefile.am
-+++ strongswan-5.0.0/init/Makefile.am
+diff -urNp strongswan-5.1.0-patched/configure.ac strongswan-5.1.0-current/configure.ac
+--- strongswan-5.1.0-patched/configure.ac 2013-08-06 17:16:36.279031528 -0400
++++ strongswan-5.1.0-current/configure.ac 2013-08-06 17:35:01.750380445 -0400
+@@ -1311,6 +1311,8 @@ AC_CONFIG_FILES([
+ man/Makefile
+ init/Makefile
+ init/systemd/Makefile
++ init/sysvinit/Makefile
++ init/sysvinit/strongswan
+ src/Makefile
+ src/include/Makefile
+ src/libstrongswan/Makefile
+diff -urNp strongswan-5.1.0-patched/init/Makefile.am strongswan-5.1.0-current/init/Makefile.am
+--- strongswan-5.1.0-patched/init/Makefile.am 2013-08-06 17:16:36.279031528 -0400
++++ strongswan-5.1.0-current/init/Makefile.am 2013-08-06 17:36:19.905472912 -0400
@@ -1,5 +1,5 @@
-SUBDIRS =
@@ -9,16 +20,14 @@ Index: strongswan-5.0.0/init/Makefile.am
if HAVE_SYSTEMD
SUBDIRS += systemd
-Index: strongswan-5.0.0/init/sysvinit/Makefile.am
-===================================================================
---- /dev/null
-+++ strongswan-5.0.0/init/sysvinit/Makefile.am
+diff -urNp strongswan-5.1.0-patched/init/sysvinit/Makefile.am strongswan-5.1.0-current/init/sysvinit/Makefile.am
+--- strongswan-5.1.0-patched/init/sysvinit/Makefile.am 1969-12-31 19:00:00.000000000 -0500
++++ strongswan-5.1.0-current/init/sysvinit/Makefile.am 2013-07-31 15:56:21.919959000 -0400
@@ -0,0 +1 @@
+noinst_DATA = strongswan
-Index: strongswan-5.0.0/init/sysvinit/strongswan.in
-===================================================================
---- /dev/null
-+++ strongswan-5.0.0/init/sysvinit/strongswan.in
+diff -urNp strongswan-5.1.0-patched/init/sysvinit/strongswan strongswan-5.1.0-current/init/sysvinit/strongswan
+--- strongswan-5.1.0-patched/init/sysvinit/strongswan 1969-12-31 19:00:00.000000000 -0500
++++ strongswan-5.1.0-current/init/sysvinit/strongswan 2013-07-31 15:56:21.920958000 -0400
@@ -0,0 +1,100 @@
+#!/bin/sh
+#
@@ -39,7 +48,7 @@ Index: strongswan-5.0.0/init/sysvinit/strongswan.in
+# Source function library.
+. /etc/rc.d/init.d/functions
+
-+exec="@sbindir@/@ipsec_script@"
++exec="@SBINDIR@/@IPSEC_SCRIPT@"
+prog="strongswan"
+status_prog="starter"
+config="/etc/strongswan/strongswan.conf"
@@ -120,23 +129,9 @@ Index: strongswan-5.0.0/init/sysvinit/strongswan.in
+ exit 2
+esac
+exit $?
-Index: strongswan-5.0.0/configure.in
-===================================================================
---- strongswan-5.0.0.orig/configure.in
-+++ strongswan-5.0.0/configure.in
-@@ -1082,6 +1082,8 @@ AC_OUTPUT(
- man/Makefile
- init/Makefile
- init/systemd/Makefile
-+ init/sysvinit/Makefile
-+ init/sysvinit/strongswan
- src/Makefile
- src/include/Makefile
- src/libstrongswan/Makefile
-Index: strongswan-5.0.0/init/sysvinit/strongswan
-===================================================================
---- /dev/null
-+++ strongswan-5.0.0/init/sysvinit/strongswan
+diff -urNp strongswan-5.1.0-patched/init/sysvinit/strongswan.in strongswan-5.1.0-current/init/sysvinit/strongswan.in
+--- strongswan-5.1.0-patched/init/sysvinit/strongswan.in 1969-12-31 19:00:00.000000000 -0500
++++ strongswan-5.1.0-current/init/sysvinit/strongswan.in 2013-07-31 15:56:21.919959000 -0400
@@ -0,0 +1,100 @@
+#!/bin/sh
+#
@@ -157,7 +152,7 @@ Index: strongswan-5.0.0/init/sysvinit/strongswan
+# Source function library.
+. /etc/rc.d/init.d/functions
+
-+exec="@SBINDIR@/@IPSEC_SCRIPT@"
++exec="@sbindir@/@ipsec_script@"
+prog="strongswan"
+status_prog="starter"
+config="/etc/strongswan/strongswan.conf"
diff --git a/strongswan-pts-ecp-disable.patch b/strongswan-pts-ecp-disable.patch
index 6cd3ff4..59054eb 100644
--- a/strongswan-pts-ecp-disable.patch
+++ b/strongswan-pts-ecp-disable.patch
@@ -1,6 +1,6 @@
-diff -urNp strongswan-5.0.4-patched/src/libpts/pts/pts_dh_group.c strongswan-5.0.4-current/src/libpts/pts/pts_dh_group.c
---- strongswan-5.0.4-patched/src/libpts/pts/pts_dh_group.c 2013-05-01 15:50:51.332560748 -0400
-+++ strongswan-5.0.4-current/src/libpts/pts/pts_dh_group.c 2013-05-01 15:57:53.545271367 -0400
+diff -urNp strongswan-5.1.0-patched/src/libpts/pts/pts_dh_group.c strongswan-5.1.0-current/src/libpts/pts/pts_dh_group.c
+--- strongswan-5.1.0-patched/src/libpts/pts/pts_dh_group.c 2013-08-06 17:16:36.238031476 -0400
++++ strongswan-5.1.0-current/src/libpts/pts/pts_dh_group.c 2013-08-06 17:44:48.005036651 -0400
@@ -74,6 +74,16 @@ bool pts_dh_group_probe(pts_dh_group_t *
{
DBG1(DBG_PTS, format2, "mandatory", diffie_hellman_group_names,
diff --git a/strongswan.spec b/strongswan.spec
index 1ffc703..0e9aa4c 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -8,8 +8,8 @@
%endif
Name: strongswan
-Version: 5.0.4
-Release: 5%{?dist}
+Version: 5.1.0
+Release: 1%{?dist}
Summary: An OpenSource IPsec-based VPN Solution
Group: System Environment/Daemons
License: GPLv2+
@@ -19,10 +19,6 @@ Patch0: strongswan-init.patch
Patch1: strongswan-pts-ecp-disable.patch
Patch2: libstrongswan-plugin.patch
Patch3: libstrongswan-settings-debug.patch
-Patch4: strongswan.git-71d740cac68f83c77d981368a4c041eb620310ed.patch
-Patch5: libimcv-attestatiom-imv-crash.patch
-Patch6: strongswan-Change-ipsec-updown-to-strongswan-updown.patch
-Patch7: strongswan-Change-ipsec-scepclient-to-strongswan-scepclient.patch
BuildRequires: gmp-devel
BuildRequires: libcurl-devel
@@ -36,7 +32,7 @@ BuildRequires: libxml2-devel
BuildRequires: NetworkManager-devel
BuildRequires: NetworkManager-glib-devel
Obsoletes: %{name}-NetworkManager < 0:5.0.4-5
-Provides: %{name}-NetworkManager = 0:%{version}-%{release}
+Provides: %{name}-charon-nm = 0:%{version}-%{release}
%else
Obsoletes: %{name}-NetworkManager < 0:5.0.0-3.git20120619
%endif
@@ -83,10 +79,6 @@ implementation possessing a standard IF-IMC/IMV interface.
%patch1 -p1
%patch2 -p1
%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1" > README.Fedora
@@ -229,6 +221,9 @@ fi
%{_libdir}/%{name}/plugins/lib%{name}-pgp.so
%{_libdir}/%{name}/plugins/lib%{name}-pkcs1.so
%{_libdir}/%{name}/plugins/lib%{name}-pkcs8.so
+%{_libdir}/%{name}/plugins/lib%{name}-pkcs12.so
+%{_libdir}/%{name}/plugins/lib%{name}-rc2.so
+%{_libdir}/%{name}/plugins/lib%{name}-sshkey.so
%{_libdir}/%{name}/plugins/lib%{name}-pubkey.so
%{_libdir}/%{name}/plugins/lib%{name}-random.so
%{_libdir}/%{name}/plugins/lib%{name}-resolve.so
@@ -263,6 +258,8 @@ fi
%{_libexecdir}/%{name}/scepclient
%{_libexecdir}/%{name}/starter
%{_libexecdir}/%{name}/stroke
+%{_libexecdir}/%{name}/_imv_policy
+%{_libexecdir}/%{name}/imv_policy_manager
%{_sbindir}/%{name}
%{_mandir}/man5/%{name}.conf.5.gz
%{_mandir}/man5/%{name}_ipsec.conf.5.gz
@@ -315,6 +312,16 @@ fi
%changelog
+* Wed Aug 7 2013 Avesh Agarwal <avagarwa at redhat.com> - 5.1.0-1
+- rhbz#981429: New upstream release
+- Fixes CVE-2013-5018: rhbz#991216, rhbz#991215
+- Fixes rhbz#991859 failed to build in rawhide
+- Updated local patches and removed which are not needed
+- Fixed errors around charon-nm
+- Added plugins libstrongswan-pkcs12.so, libstrongswan-rc2.so,
+ libstrongswan-sshkey.so
+- Added utility imv_policy_manager
+
* Thu Jul 25 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 5.0.4-5
- rename strongswan-NetworkManager to strongswan-charon-nm
- fix enable_nm macro
More information about the scm-commits
mailing list