[libreswan/el6] * Sat Nov 02 2013 Paul Wouters <pwouters at redhat.com> - 3.6-1 - Updated to 3.6 (IKEv2, MODECFG, Cisco
Paul Wouters
pwouters at fedoraproject.org
Sat Nov 2 23:33:54 UTC 2013
commit d19d44b234fa10fb83e9280f7ab48965892139a0
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 2 16:34:00 2013 -0700
* Sat Nov 02 2013 Paul Wouters <pwouters at redhat.com> - 3.6-1
- Updated to 3.6 (IKEv2, MODECFG, Cisco interop fixes)
- Generate empty NSS db if none exists
.gitignore | 1 +
libreswan.spec | 31 +++++++++++++++++++++++--------
sources | 2 +-
3 files changed, 25 insertions(+), 9 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 300c5ab..c7810e6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
/libreswan-3.3.tar.gz
/libreswan-3.4.tar.gz
/libreswan-3.5.tar.gz
+/libreswan-3.6.tar.gz
diff --git a/libreswan.spec b/libreswan.spec
index 1b115bf..294668e 100644
--- a/libreswan.spec
+++ b/libreswan.spec
@@ -14,8 +14,8 @@
Name: libreswan
Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols
-Version: 3.5
-Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist}
+Version: 3.6
+Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}
License: GPLv2
Url: https://www.libreswan.org/
Source: https://download.libreswan.org/%{name}-%{version}%{?prever}.tar.gz
@@ -27,8 +27,6 @@ Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig
Requires(preun): /sbin/service
-Patch1: libreswan-3.5-cisco-interop.patch
-
Conflicts: openswan
BuildRequires: pkgconfig net-tools
@@ -39,7 +37,6 @@ BuildRequires: unbound-devel
%endif
%if %{USE_FIPSCHECK}
BuildRequires: fipscheck-devel >= %{fipscheck_version}
-# we need fipshmac
Requires: fipscheck%{_isa} >= %{fipscheck_version}
%endif
%if %{USE_LINUX_AUDIT}
@@ -78,8 +75,6 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
%prep
%setup -q -n libreswan-%{version}%{?prever}
-%patch1 -p1 -b .ciscovpn
-
%build
%if %{buildefence}
@@ -95,10 +90,12 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
%endif
INITSYSTEM=sysvinit \
USERLINK="-g -pie -Wl,-z,relro,-z,now %{?efence}" \
- USE_DYNAMICDNS=true \
USE_NM=%{USE_NM} \
USE_XAUTHPAM=true \
+%if %{USE_FIPSCHECK}
USE_FIPSCHECK=%{USE_FIPSCHECK} \
+ FIPSPRODUCTCHECK=/etc/system-fips \
+%endif
USE_LIBCAP_NG=%{USE_LIBCAP_NG} \
USE_LABELED_IPSEC=%{USE_LABELED_IPSEC} \
USE_LDAP=%{USE_CRL_FETCHING} \
@@ -146,6 +143,11 @@ install -d %{buildroot}%{_sbindir}
echo "include /etc/ipsec.d/*.secrets" > %{buildroot}%{_sysconfdir}/ipsec.secrets
rm -fr %{buildroot}/etc/rc.d/rc*
+%if %{USE_FIPSCHECK}
+install -d %{buildroot}%{_sysconfdir}/prelink.conf.d/
+install -m644 packaging/fedora/libreswan-prelink.conf %{buildroot}%{_sysconfdir}/prelink.conf.d/libreswan-fips.conf
+%endif
+
%files
%doc BUGS CHANGES COPYING CREDITS README LICENSE
%doc docs/*.*
@@ -167,6 +169,9 @@ rm -fr %{buildroot}/etc/rc.d/rc*
%if %{USE_FIPSCHECK}
%{_sbindir}/.ipsec.hmac
+# We own the directory so we don't have to require prelink
+%attr(0755,root,root) %dir %{_sysconfdir}/prelink.conf.d/
+%{_sysconfdir}/prelink.conf.d/libreswan-fips.conf
%endif
%preun
@@ -182,8 +187,18 @@ fi
%post
/sbin/chkconfig --add ipsec || :
+if [ ! -f /etc/ipsec.d/cert8.db ] ; then
+echo > /var/tmp/libreswan-nss-pwd
+certutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.d
+restorecon /etc/ipsec.d/*db 2>/dev/null || :
+rm /var/tmp/libreswan-nss-pwd
+fi
%changelog
+* Sat Nov 02 2013 Paul Wouters <pwouters at redhat.com> - 3.6-1
+- Updated to 3.6 (IKEv2, MODECFG, Cisco interop fixes)
+- Generate empty NSS db if none exists
+
* Mon Jul 15 2013 Paul Wouters <pwouters at redhat.com> - 3.5-2
- Initial package for EPEL6
- Do not obsolete, only conflict, with openswan for RHEL6
diff --git a/sources b/sources
index 8f1dec2..c5d2082 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-7dbf9dbd79836b567e3231006eed3109 libreswan-3.5.tar.gz
+6c6f0ffec329e09d2d7fa24ae102c69b libreswan-3.6.tar.gz
More information about the scm-commits
mailing list