[libreswan/el6] * Sat Nov 02 2013 Paul Wouters <pwouters at redhat.com> - 3.6-1 - Updated to 3.6 (IKEv2, MODECFG, Cisco

Sat Nov 2 23:33:54 UTC 2013

commit d19d44b234fa10fb83e9280f7ab48965892139a0
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Nov 2 16:34:00 2013 -0700

    * Sat Nov 02 2013 Paul Wouters <pwouters at redhat.com> - 3.6-1
    - Updated to 3.6 (IKEv2, MODECFG, Cisco interop fixes)
    - Generate empty NSS db if none exists

 .gitignore     |    1 +
 libreswan.spec |   31 +++++++++++++++++++++++--------
 sources        |    2 +-
 3 files changed, 25 insertions(+), 9 deletions(-)
---

diff --git a/.gitignore b/.gitignore
index 300c5ab..c7810e6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
 /libreswan-3.3.tar.gz
 /libreswan-3.4.tar.gz
 /libreswan-3.5.tar.gz
+/libreswan-3.6.tar.gz
diff --git a/libreswan.spec b/libreswan.spec
index 1b115bf..294668e 100644
--- a/libreswan.spec
+++ b/libreswan.spec
@@ -14,8 +14,8 @@
 
 Name: libreswan
 Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols
-Version: 3.5
-Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist}
+Version: 3.6
+Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}
 License: GPLv2
 Url: https://www.libreswan.org/
 Source: https://download.libreswan.org/%{name}-%{version}%{?prever}.tar.gz
@@ -27,8 +27,6 @@ Requires(post): /sbin/chkconfig
 Requires(preun): /sbin/chkconfig
 Requires(preun): /sbin/service
 
-Patch1: libreswan-3.5-cisco-interop.patch
-
 Conflicts: openswan
 
 BuildRequires: pkgconfig net-tools
@@ -39,7 +37,6 @@ BuildRequires: unbound-devel
 %endif
 %if %{USE_FIPSCHECK}
 BuildRequires: fipscheck-devel >= %{fipscheck_version}
-# we need fipshmac
 Requires: fipscheck%{_isa} >= %{fipscheck_version}
 %endif
 %if %{USE_LINUX_AUDIT}
@@ -78,8 +75,6 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
 
 %prep
 %setup -q -n libreswan-%{version}%{?prever}
-%patch1 -p1 -b .ciscovpn
-
 
 %build
 %if %{buildefence}
@@ -95,10 +90,12 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
 %endif
   INITSYSTEM=sysvinit \
   USERLINK="-g -pie -Wl,-z,relro,-z,now %{?efence}" \
-  USE_DYNAMICDNS=true \
   USE_NM=%{USE_NM} \
   USE_XAUTHPAM=true \
+%if %{USE_FIPSCHECK}
   USE_FIPSCHECK=%{USE_FIPSCHECK} \
+  FIPSPRODUCTCHECK=/etc/system-fips \
+%endif
   USE_LIBCAP_NG=%{USE_LIBCAP_NG} \
   USE_LABELED_IPSEC=%{USE_LABELED_IPSEC} \
   USE_LDAP=%{USE_CRL_FETCHING} \
@@ -146,6 +143,11 @@ install -d %{buildroot}%{_sbindir}
 echo "include /etc/ipsec.d/*.secrets" > %{buildroot}%{_sysconfdir}/ipsec.secrets
 rm -fr %{buildroot}/etc/rc.d/rc*
 
+%if %{USE_FIPSCHECK}
+install -d %{buildroot}%{_sysconfdir}/prelink.conf.d/
+install -m644 packaging/fedora/libreswan-prelink.conf %{buildroot}%{_sysconfdir}/prelink.conf.d/libreswan-fips.conf
+%endif
+
 %files 
 %doc BUGS CHANGES COPYING CREDITS README LICENSE
 %doc docs/*.*
@@ -167,6 +169,9 @@ rm -fr %{buildroot}/etc/rc.d/rc*
 
 %if %{USE_FIPSCHECK}
 %{_sbindir}/.ipsec.hmac
+# We own the directory so we don't have to require prelink
+%attr(0755,root,root) %dir %{_sysconfdir}/prelink.conf.d/
+%{_sysconfdir}/prelink.conf.d/libreswan-fips.conf
 %endif
 
 %preun
@@ -182,8 +187,18 @@ fi
 
 %post 
 /sbin/chkconfig --add ipsec || :
+if [ ! -f /etc/ipsec.d/cert8.db ] ; then
+echo > /var/tmp/libreswan-nss-pwd
+certutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.d
+restorecon /etc/ipsec.d/*db 2>/dev/null || :
+rm /var/tmp/libreswan-nss-pwd
+fi
 
 %changelog
+* Sat Nov 02 2013 Paul Wouters <pwouters at redhat.com> - 3.6-1
+- Updated to 3.6 (IKEv2, MODECFG, Cisco interop fixes)
+- Generate empty NSS db if none exists
+
 * Mon Jul 15 2013 Paul Wouters <pwouters at redhat.com> - 3.5-2
 - Initial package for EPEL6
 - Do not obsolete, only conflict, with openswan for RHEL6
diff --git a/sources b/sources
index 8f1dec2..c5d2082 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-7dbf9dbd79836b567e3231006eed3109  libreswan-3.5.tar.gz
+6c6f0ffec329e09d2d7fa24ae102c69b  libreswan-3.6.tar.gz
