[libreswan/f18] * Wed Dec 11 2013 Paul Wouters <pwouters at redhat.com> - 3.7-1 - Updated to 3.7, fixes CVE-2013-4564

Paul Wouters pwouters at fedoraproject.org
Wed Dec 11 19:00:23 UTC 2013


commit 97b7c9e572c6be0eedb2b474b499140e0cb304ba
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Dec 11 13:59:46 2013 -0500

    * Wed Dec 11 2013 Paul Wouters <pwouters at redhat.com> - 3.7-1
    - Updated to 3.7, fixes CVE-2013-4564

 .gitignore     |    2 ++
 libreswan.spec |   26 +++++++++++++++-----------
 sources        |    2 +-
 3 files changed, 18 insertions(+), 12 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 6a72691..81a99ac 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,6 @@
 /libreswan-3.2.tar.gz
 /libreswan-3.3.tar.gz
+/libreswan-3.4.tar.gz
 /libreswan-3.5.tar.gz
 /libreswan-3.6.tar.gz
+/libreswan-3.7.tar.gz
diff --git a/libreswan.spec b/libreswan.spec
index 2ca35ff..fb473c1 100644
--- a/libreswan.spec
+++ b/libreswan.spec
@@ -16,7 +16,7 @@
 
 Name: libreswan
 Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols
-Version: 3.6
+Version: 3.7
 Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}
 License: GPLv2
 Url: https://www.libreswan.org/
@@ -34,7 +34,7 @@ Provides: openswan = %{version}-%{release}
 Provides: openswan-doc = %{version}-%{release}
 
 BuildRequires: pkgconfig hostname
-BuildRequires: nss-devel >= 3.12.6-2, nspr-devel
+BuildRequires: nss-devel >= 3.14.3, nspr-devel
 BuildRequires: pam-devel
 %if %{USE_DNSSEC}
 BuildRequires: unbound-devel
@@ -98,7 +98,7 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
   USE_XAUTHPAM=true \
 %if %{USE_FIPSCHECK}
   USE_FIPSCHECK="%{USE_FIPSCHECK}" \
-  FIPSPRODUCTCHECK=/etc/system-fips \
+  FIPSPRODUCTCHECK=%{_sysconfdir}/system-fips \
 %endif
   USE_LIBCAP_NG="%{USE_LIBCAP_NG}" \
   USE_LABELED_IPSEC="%{USE_LABELED_IPSEC}" \
@@ -152,8 +152,8 @@ install -d %{buildroot}%{_sysconfdir}/prelink.conf.d/
 install -m644 packaging/fedora/libreswan-prelink.conf %{buildroot}%{_sysconfdir}/prelink.conf.d/libreswan-fips.conf
 %endif
 
-echo "include /etc/ipsec.d/*.secrets" > %{buildroot}%{_sysconfdir}/ipsec.secrets
-rm -fr %{buildroot}/etc/rc.d/rc*
+echo "include %{_sysconfdir}/ipsec.d/*.secrets" > %{buildroot}%{_sysconfdir}/ipsec.secrets
+rm -fr %{buildroot}%{_sysconfdir}/rc.d/rc*
 
 %files
 %doc BUGS CHANGES COPYING CREDITS README LICENSE
@@ -188,15 +188,19 @@ rm -fr %{buildroot}/etc/rc.d/rc*
 %systemd_postun_with_restart ipsec.service
 
 %post
-%systemd_post ipsec.service
-if [ ! -f /etc/ipsec.d/cert8.db ] ; then
-echo > /var/tmp/libreswan-nss-pwd
-certutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.d
-restorecon /etc/ipsec.d/*db 2>/dev/null || :
-rm /var/tmp/libreswan-nss-pwd
+if [ ! -f %{_sysconfdir}/ipsec.d/cert8.db ] ; then
+    TEMPFILE=$(/bin/mktemp %{_sysconfdir}/ipsec.d/nsspw.XXXXXXX)
+    [ $? -gt 0 ] && TEMPFILE=%{_sysconfdir}/ipsec.d/nsspw.$$
+    echo > ${TEMPFILE}
+    certutil -N -f ${TEMPFILE} -d %{_sysconfdir}/ipsec.d
+    restorecon %{_sysconfdir}/ipsec.d/*db 2>/dev/null || :
+    rm -f ${TEMPFILE}
 fi
 
 %changelog
+* Wed Dec 11 2013 Paul Wouters <pwouters at redhat.com> - 3.7-1
+- Updated to 3.7, fixes CVE-2013-4564
+
 * Sat Nov 02 2013 Paul Wouters <pwouters at redhat.com> - 3.6-1
 - Updated to 3.6 (IKEv2, MODECFG, Cisco interop fixes)
 - Generate empty NSS db if none exists
diff --git a/sources b/sources
index c5d2082..b268800 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-6c6f0ffec329e09d2d7fa24ae102c69b  libreswan-3.6.tar.gz
+5ab889e6a0c3b157c8dcd59966090e2f  libreswan-3.7.tar.gz


More information about the scm-commits mailing list