[strongswan/f18] Support for PT-TLS (RFC 6876)
avesh
avesh at fedoraproject.org
Fri Nov 1 19:24:03 UTC 2013
commit 1c9aa914d819aa173f139617d97be923e3823be3
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Fri Nov 1 15:25:00 2013 -0400
Support for PT-TLS (RFC 6876)
- Support for SWID IMC/IMV
- Support for command line IKE client charon-cmd
- Changed location of pki to /usr/bin
- Added swid tags files
- Added man pages for pki and charon-cmd
- Renamed pki to strongswan-pki to avoid conflict with
pki-core/pki-tools package.
- Update local patches
- Fixes CVE-2013-6075
- Fixes CVE-2013-6076
- Fixed autoconf/automake issue as configure.ac got changed
and it required running autoreconf during the build process.
- added strongswan signature file to the sources.
- Fixed initialization crash of IMV and IMC particularly
attestation imv/imc as libstrongswas was not getting
initialized.
- Enabled fips support
- Enabled TNC's ifmap support
- Enabled TNC's pdp support
- Fixed hardocded package name in this spec file
.gitignore | 2 +
libstrongswan-plugin.patch | 6 ++--
libstrongswan-settings-debug.patch | 6 ++--
malloc-speed-lrt.patch | 24 --------------
sources | 3 +-
strongswan-init.patch | 32 ++++++++++----------
strongswan-pts-ecp-disable.patch | 6 ++--
strongswan.spec | 59 ++++++++++++++++++++++++++++++-----
8 files changed, 79 insertions(+), 59 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index ee1d37e..caf2c88 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,5 @@
/strongswan-5.0.3.tar.bz2
/strongswan-5.0.4.tar.bz2
/strongswan-5.1.0.tar.bz2
+/strongswan-5.1.1.tar.bz2
+/strongswan-5.1.1.tar.bz2.sig
diff --git a/libstrongswan-plugin.patch b/libstrongswan-plugin.patch
index ce0951d..f204a1e 100644
--- a/libstrongswan-plugin.patch
+++ b/libstrongswan-plugin.patch
@@ -1,6 +1,6 @@
-diff -urNp strongswan-5.1.0-patched/src/libstrongswan/plugins/plugin_loader.c strongswan-5.1.0-current/src/libstrongswan/plugins/plugin_loader.c
---- strongswan-5.1.0-patched/src/libstrongswan/plugins/plugin_loader.c 2013-08-06 17:16:36.266031511 -0400
-+++ strongswan-5.1.0-current/src/libstrongswan/plugins/plugin_loader.c 2013-08-06 17:49:15.703354848 -0400
+diff -urNp strongswan-5.1.1-patched/src/libstrongswan/plugins/plugin_loader.c strongswan-5.1.1-current/src/libstrongswan/plugins/plugin_loader.c
+--- strongswan-5.1.1-patched/src/libstrongswan/plugins/plugin_loader.c 2013-11-01 13:12:06.046927153 -0400
++++ strongswan-5.1.1-current/src/libstrongswan/plugins/plugin_loader.c 2013-11-01 13:16:59.680916657 -0400
@@ -353,7 +353,7 @@ static plugin_entry_t *load_plugin(priva
return NULL;
}
diff --git a/libstrongswan-settings-debug.patch b/libstrongswan-settings-debug.patch
index 66bca56..692690d 100644
--- a/libstrongswan-settings-debug.patch
+++ b/libstrongswan-settings-debug.patch
@@ -1,6 +1,6 @@
-diff -urNp strongswan-5.1.0-patched/src/libstrongswan/utils/settings.c strongswan-5.1.0-current/src/libstrongswan/utils/settings.c
---- strongswan-5.1.0-patched/src/libstrongswan/utils/settings.c 2013-08-06 17:16:36.244031484 -0400
-+++ strongswan-5.1.0-current/src/libstrongswan/utils/settings.c 2013-08-06 17:52:43.272606717 -0400
+diff -urNp strongswan-5.1.1-patched/src/libstrongswan/utils/settings.c strongswan-5.1.1-current/src/libstrongswan/utils/settings.c
+--- strongswan-5.1.1-patched/src/libstrongswan/utils/settings.c 2013-11-01 13:12:06.034927154 -0400
++++ strongswan-5.1.1-current/src/libstrongswan/utils/settings.c 2013-11-01 13:18:56.230912491 -0400
@@ -960,7 +960,7 @@ static bool parse_file(linked_list_t *co
{
if (errno == ENOENT)
diff --git a/sources b/sources
index 388cdfe..b3b0e07 100644
--- a/sources
+++ b/sources
@@ -1 +1,2 @@
-c1cd0a3ba9960f590cae28c8470800e8 strongswan-5.1.0.tar.bz2
+e3af3d493d22286be3cd794533a8966a strongswan-5.1.1.tar.bz2
+5381c48d5cabec932aa2904abde93cd3 strongswan-5.1.1.tar.bz2.sig
diff --git a/strongswan-init.patch b/strongswan-init.patch
index ccd653a..eb29bdb 100644
--- a/strongswan-init.patch
+++ b/strongswan-init.patch
@@ -1,7 +1,7 @@
-diff -urNp strongswan-5.1.0-patched/configure.ac strongswan-5.1.0-current/configure.ac
---- strongswan-5.1.0-patched/configure.ac 2013-08-06 17:16:36.279031528 -0400
-+++ strongswan-5.1.0-current/configure.ac 2013-08-06 17:35:01.750380445 -0400
-@@ -1311,6 +1311,8 @@ AC_CONFIG_FILES([
+diff -urNp strongswan-5.1.1-patched/configure.ac strongswan-5.1.1-current/configure.ac
+--- strongswan-5.1.1-patched/configure.ac 2013-11-01 13:12:05.964927156 -0400
++++ strongswan-5.1.1-current/configure.ac 2013-11-01 13:12:24.357926499 -0400
+@@ -1330,6 +1330,8 @@ AC_CONFIG_FILES([
man/Makefile
init/Makefile
init/systemd/Makefile
@@ -10,9 +10,9 @@ diff -urNp strongswan-5.1.0-patched/configure.ac strongswan-5.1.0-current/config
src/Makefile
src/include/Makefile
src/libstrongswan/Makefile
-diff -urNp strongswan-5.1.0-patched/init/Makefile.am strongswan-5.1.0-current/init/Makefile.am
---- strongswan-5.1.0-patched/init/Makefile.am 2013-08-06 17:16:36.279031528 -0400
-+++ strongswan-5.1.0-current/init/Makefile.am 2013-08-06 17:36:19.905472912 -0400
+diff -urNp strongswan-5.1.1-patched/init/Makefile.am strongswan-5.1.1-current/init/Makefile.am
+--- strongswan-5.1.1-patched/init/Makefile.am 2013-11-01 13:12:05.966927156 -0400
++++ strongswan-5.1.1-current/init/Makefile.am 2013-11-01 13:12:24.357926499 -0400
@@ -1,5 +1,5 @@
-SUBDIRS =
@@ -20,14 +20,14 @@ diff -urNp strongswan-5.1.0-patched/init/Makefile.am strongswan-5.1.0-current/in
if HAVE_SYSTEMD
SUBDIRS += systemd
-diff -urNp strongswan-5.1.0-patched/init/sysvinit/Makefile.am strongswan-5.1.0-current/init/sysvinit/Makefile.am
---- strongswan-5.1.0-patched/init/sysvinit/Makefile.am 1969-12-31 19:00:00.000000000 -0500
-+++ strongswan-5.1.0-current/init/sysvinit/Makefile.am 2013-07-31 15:56:21.919959000 -0400
+diff -urNp strongswan-5.1.1-patched/init/sysvinit/Makefile.am strongswan-5.1.1-current/init/sysvinit/Makefile.am
+--- strongswan-5.1.1-patched/init/sysvinit/Makefile.am 1969-12-31 19:00:00.000000000 -0500
++++ strongswan-5.1.1-current/init/sysvinit/Makefile.am 2013-11-01 13:12:24.358926499 -0400
@@ -0,0 +1 @@
+noinst_DATA = strongswan
-diff -urNp strongswan-5.1.0-patched/init/sysvinit/strongswan strongswan-5.1.0-current/init/sysvinit/strongswan
---- strongswan-5.1.0-patched/init/sysvinit/strongswan 1969-12-31 19:00:00.000000000 -0500
-+++ strongswan-5.1.0-current/init/sysvinit/strongswan 2013-07-31 15:56:21.920958000 -0400
+diff -urNp strongswan-5.1.1-patched/init/sysvinit/strongswan strongswan-5.1.1-current/init/sysvinit/strongswan
+--- strongswan-5.1.1-patched/init/sysvinit/strongswan 1969-12-31 19:00:00.000000000 -0500
++++ strongswan-5.1.1-current/init/sysvinit/strongswan 2013-11-01 13:12:24.358926499 -0400
@@ -0,0 +1,100 @@
+#!/bin/sh
+#
@@ -129,9 +129,9 @@ diff -urNp strongswan-5.1.0-patched/init/sysvinit/strongswan strongswan-5.1.0-cu
+ exit 2
+esac
+exit $?
-diff -urNp strongswan-5.1.0-patched/init/sysvinit/strongswan.in strongswan-5.1.0-current/init/sysvinit/strongswan.in
---- strongswan-5.1.0-patched/init/sysvinit/strongswan.in 1969-12-31 19:00:00.000000000 -0500
-+++ strongswan-5.1.0-current/init/sysvinit/strongswan.in 2013-07-31 15:56:21.919959000 -0400
+diff -urNp strongswan-5.1.1-patched/init/sysvinit/strongswan.in strongswan-5.1.1-current/init/sysvinit/strongswan.in
+--- strongswan-5.1.1-patched/init/sysvinit/strongswan.in 1969-12-31 19:00:00.000000000 -0500
++++ strongswan-5.1.1-current/init/sysvinit/strongswan.in 2013-11-01 13:12:24.359926499 -0400
@@ -0,0 +1,100 @@
+#!/bin/sh
+#
diff --git a/strongswan-pts-ecp-disable.patch b/strongswan-pts-ecp-disable.patch
index 59054eb..4f5c141 100644
--- a/strongswan-pts-ecp-disable.patch
+++ b/strongswan-pts-ecp-disable.patch
@@ -1,6 +1,6 @@
-diff -urNp strongswan-5.1.0-patched/src/libpts/pts/pts_dh_group.c strongswan-5.1.0-current/src/libpts/pts/pts_dh_group.c
---- strongswan-5.1.0-patched/src/libpts/pts/pts_dh_group.c 2013-08-06 17:16:36.238031476 -0400
-+++ strongswan-5.1.0-current/src/libpts/pts/pts_dh_group.c 2013-08-06 17:44:48.005036651 -0400
+diff -urNp strongswan-5.1.1-patched/src/libpts/pts/pts_dh_group.c strongswan-5.1.1-current/src/libpts/pts/pts_dh_group.c
+--- strongswan-5.1.1-patched/src/libpts/pts/pts_dh_group.c 2013-11-01 13:12:05.985927156 -0400
++++ strongswan-5.1.1-current/src/libpts/pts/pts_dh_group.c 2013-11-01 13:15:12.192920500 -0400
@@ -74,6 +74,16 @@ bool pts_dh_group_probe(pts_dh_group_t *
{
DBG1(DBG_PTS, format2, "mandatory", diffie_hellman_group_names,
diff --git a/strongswan.spec b/strongswan.spec
index 33ccdbd..b5f7226 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -8,8 +8,8 @@
%endif
Name: strongswan
-Version: 5.1.0
-Release: 2%{?dist}
+Version: 5.1.1
+Release: 1%{?dist}
Summary: An OpenSource IPsec-based VPN Solution
Group: System Environment/Daemons
License: GPLv2+
@@ -19,9 +19,8 @@ Patch0: strongswan-init.patch
Patch1: strongswan-pts-ecp-disable.patch
Patch2: libstrongswan-plugin.patch
Patch3: libstrongswan-settings-debug.patch
-Patch4: malloc-speed-lrt.patch
-BuildRequires: gmp-devel
+BuildRequires: gmp-devel autoconf automake
BuildRequires: libcurl-devel
BuildRequires: openldap-devel
BuildRequires: openssl-devel
@@ -80,18 +79,18 @@ implementation possessing a standard IF-IMC/IMV interface.
%patch1 -p1
%patch2 -p1
%patch3 -p1
-%patch4 -p1
echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1" > README.Fedora
%build
# for initscript patch to work
-#autoreconf
+autoreconf
%configure --disable-static \
--with-ipsec-script=%{name} \
--sysconfdir=%{_sysconfdir}/%{name} \
--with-ipsecdir=%{_libexecdir}/%{name} \
--with-ipseclibdir=%{_libdir}/%{name} \
+ --with-fips-mode=2 \
--with-tss=trousers \
--enable-openssl \
--enable-md4 \
@@ -105,6 +104,8 @@ echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/stro
--enable-farp \
--enable-dhcp \
--enable-sqlite \
+ --enable-tnc-ifmap \
+ --enable-tnc-pdp \
--enable-imc-test \
--enable-imv-test \
--enable-imc-scanner \
@@ -113,6 +114,8 @@ echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/stro
--enable-imv-attestation \
--enable-imv-os \
--enable-imc-os \
+ --enable-imc-swid \
+ --enable-imv-swid \
--enable-eap-tnc \
--enable-tnccs-20 \
--enable-tnccs-11 \
@@ -122,6 +125,7 @@ echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/stro
--enable-eap-radius \
--enable-curl \
--enable-eap-identity \
+ --enable-cmd \
%{?_enable_nm}
@@ -132,8 +136,8 @@ sed -i 's/\t/ /' src/strongswan.conf src/starter/ipsec.conf
make install DESTDIR=%{buildroot}
# prefix man pages
for i in %{buildroot}%{_mandir}/*/*; do
- if echo "$i" | grep -vq '/strongswan[^\/]*$'; then
- mv "$i" "`echo "$i" | sed -re 's|/([^/]+)$|/strongswan_\1|'`"
+ if echo "$i" | grep -vq '/%{name}[^\/]*$'; then
+ mv "$i" "`echo "$i" | sed -re 's|/([^/]+)$|/%{name}_\1|'`"
fi
done
# delete unwanted library files
@@ -148,6 +152,8 @@ chmod 700 %{buildroot}%{_sysconfdir}/%{name}
%else
install -D -m 755 init/sysvinit/%{name} %{buildroot}/%{_initddir}/%{name}
%endif
+#rename /usr/bin/pki to avoid conflict with pki-core/pki-tools
+mv %{buildroot}%{_bindir}/pki %{buildroot}%{_bindir}/%{name}-pki
# Create ipsec.d directory tree.
install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d
@@ -256,13 +262,15 @@ fi
%{_libexecdir}/%{name}/_updown_espmark
%{_libexecdir}/%{name}/charon
%{_libexecdir}/%{name}/openac
-%{_libexecdir}/%{name}/pki
%{_libexecdir}/%{name}/scepclient
%{_libexecdir}/%{name}/starter
%{_libexecdir}/%{name}/stroke
%{_libexecdir}/%{name}/_imv_policy
%{_libexecdir}/%{name}/imv_policy_manager
+%{_bindir}/%{name}-pki
+%{_sbindir}/charon-cmd
%{_sbindir}/%{name}
+%{_mandir}/man1/%{name}_pki*.1.gz
%{_mandir}/man5/%{name}.conf.5.gz
%{_mandir}/man5/%{name}_ipsec.conf.5.gz
%{_mandir}/man5/%{name}_ipsec.secrets.5.gz
@@ -271,6 +279,7 @@ fi
%{_mandir}/man8/%{name}__updown_espmark.8.gz
%{_mandir}/man8/%{name}_openac.8.gz
%{_mandir}/man8/%{name}_scepclient.8.gz
+%{_mandir}/man8/%{name}_charon-cmd.8.gz
%files tnc-imcvs
%dir %{_libdir}/%{name}
@@ -287,10 +296,12 @@ fi
%{_libdir}/%{name}/imcvs/imc-scanner.so
%{_libdir}/%{name}/imcvs/imc-test.so
%{_libdir}/%{name}/imcvs/imc-os.so
+%{_libdir}/%{name}/imcvs/imc-swid.so
%{_libdir}/%{name}/imcvs/imv-attestation.so
%{_libdir}/%{name}/imcvs/imv-scanner.so
%{_libdir}/%{name}/imcvs/imv-test.so
%{_libdir}/%{name}/imcvs/imv-os.so
+%{_libdir}/%{name}/imcvs/imv-swid.so
%dir %{_libdir}/%{name}/plugins
%{_libdir}/%{name}/plugins/lib%{name}-pkcs7.so
%{_libdir}/%{name}/plugins/lib%{name}-sqlite.so
@@ -302,9 +313,16 @@ fi
%{_libdir}/%{name}/plugins/lib%{name}-tnccs-11.so
%{_libdir}/%{name}/plugins/lib%{name}-tnccs-dynamic.so
%{_libdir}/%{name}/plugins/lib%{name}-eap-radius.so
+%{_libdir}/%{name}/plugins/lib%{name}-tnc-ifmap.so
+%{_libdir}/%{name}/plugins/lib%{name}-tnc-pdp.so
%dir %{_libexecdir}/%{name}
%{_libexecdir}/%{name}/attest
%{_libexecdir}/%{name}/pacman
+%{_libexecdir}/%{name}/pt-tls-client
+#swid files
+%{_libexecdir}/%{name}/*.swidtag
+%dir %{_datadir}/regid.2004-03.org.%{name}
+%{_datadir}/regid.2004-03.org.%{name}/*.swidtag
%if 0%{?enable_nm}
%files charon-nm
@@ -314,6 +332,29 @@ fi
%changelog
+* Fri Nov 1 2013 Avesh Agarwal <avagarwa at redhat.com> - 5.1.1-1
+- Support for PT-TLS (RFC 6876)
+- Support for SWID IMC/IMV
+- Support for command line IKE client charon-cmd
+- Changed location of pki to /usr/bin
+- Added swid tags files
+- Added man pages for pki and charon-cmd
+- Renamed pki to strongswan-pki to avoid conflict with
+ pki-core/pki-tools package.
+- Update local patches
+- Fixes CVE-2013-6075
+- Fixes CVE-2013-6076
+- Fixed autoconf/automake issue as configure.ac got changed
+ and it required running autoreconf during the build process.
+- added strongswan signature file to the sources.
+- Fixed initialization crash of IMV and IMC particularly
+ attestation imv/imc as libstrongswas was not getting
+ initialized.
+- Enabled fips support
+- Enabled TNC's ifmap support
+- Enabled TNC's pdp support
+- Fixed hardocded package name in this spec file
+
* Wed Aug 7 2013 Avesh Agarwal <avagarwa at redhat.com> - 5.1.0-2
- Fixed linker error when compilating malloc-speed that
lrt is missing. Did not have this problem on f19 and F20.
More information about the scm-commits
mailing list