[libreswan/el6] * Wed Dec 11 2013 Paul Wouters <pwouters at redhat.com> - 3.7-1 - Updated to 3.7, fixes CVE-2013-4564
Paul Wouters
pwouters at fedoraproject.org
Wed Dec 11 19:31:31 UTC 2013
commit 67f379378a65dbb177c4d9338d7218f2d3b33895
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Dec 11 14:31:27 2013 -0500
* Wed Dec 11 2013 Paul Wouters <pwouters at redhat.com> - 3.7-1
- Updated to 3.7, fixes CVE-2013-4564
.gitignore | 1 +
libreswan.spec | 30 ++++++++++++++++++++----------
sources | 2 +-
3 files changed, 22 insertions(+), 11 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index c7810e6..81a99ac 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@
/libreswan-3.4.tar.gz
/libreswan-3.5.tar.gz
/libreswan-3.6.tar.gz
+/libreswan-3.7.tar.gz
diff --git a/libreswan.spec b/libreswan.spec
index 294668e..16ef7fc 100644
--- a/libreswan.spec
+++ b/libreswan.spec
@@ -14,7 +14,7 @@
Name: libreswan
Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols
-Version: 3.6
+Version: 3.7
Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}
License: GPLv2
Url: https://www.libreswan.org/
@@ -27,10 +27,13 @@ Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig
Requires(preun): /sbin/service
-Conflicts: openswan
+Conflicts: openswan < %{version}-%{release}
+Obsoletes: openswan < %{version}-%{release}
+Provides: openswan = %{version}-%{release}
+Provides: openswan-doc = %{version}-%{release}
BuildRequires: pkgconfig net-tools
-BuildRequires: nss-devel >= 3.12.6-2, nspr-devel
+BuildRequires: nss-devel >= 3.14.3, nspr-devel
BuildRequires: pam-devel
%if %{USE_DNSSEC}
BuildRequires: unbound-devel
@@ -94,7 +97,7 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
USE_XAUTHPAM=true \
%if %{USE_FIPSCHECK}
USE_FIPSCHECK=%{USE_FIPSCHECK} \
- FIPSPRODUCTCHECK=/etc/system-fips \
+ FIPSPRODUCTCHECK="%{_sysconfdir}/system-fips" \
%endif
USE_LIBCAP_NG=%{USE_LIBCAP_NG} \
USE_LABELED_IPSEC=%{USE_LABELED_IPSEC} \
@@ -143,9 +146,11 @@ install -d %{buildroot}%{_sbindir}
echo "include /etc/ipsec.d/*.secrets" > %{buildroot}%{_sysconfdir}/ipsec.secrets
rm -fr %{buildroot}/etc/rc.d/rc*
+install -m 0755 initsystems/sysvinit/init.rhel %{buildroot}%{_initrddir}/ipsec
+
%if %{USE_FIPSCHECK}
install -d %{buildroot}%{_sysconfdir}/prelink.conf.d/
-install -m644 packaging/fedora/libreswan-prelink.conf %{buildroot}%{_sysconfdir}/prelink.conf.d/libreswan-fips.conf
+install -m644 packaging/rhel/libreswan-prelink.conf %{buildroot}%{_sysconfdir}/prelink.conf.d/libreswan-fips.conf
%endif
%files
@@ -187,14 +192,19 @@ fi
%post
/sbin/chkconfig --add ipsec || :
-if [ ! -f /etc/ipsec.d/cert8.db ] ; then
-echo > /var/tmp/libreswan-nss-pwd
-certutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.d
-restorecon /etc/ipsec.d/*db 2>/dev/null || :
-rm /var/tmp/libreswan-nss-pwd
+if [ ! -f %{_sysconfdir}/ipsec.d/cert8.db ] ; then
+ TEMPFILE=$(/bin/mktemp %{_sysconfdir}/ipsec.d/nsspw.XXXXXXX)
+ [ $? -gt 0 ] && TEMPFILE=%{_sysconfdir}/ipsec.d/nsspw.$$
+ echo > ${TEMPFILE}
+ certutil -N -f ${TEMPFILE} -d %{_sysconfdir}/ipsec.d
+ restorecon %{_sysconfdir}/ipsec.d/*db 2>/dev/null || :
+ rm -f ${TEMPFILE}
fi
%changelog
+* Wed Dec 11 2013 Paul Wouters <pwouters at redhat.com> - 3.7-1
+- Updated to 3.7, fixes CVE-2013-4564
+
* Sat Nov 02 2013 Paul Wouters <pwouters at redhat.com> - 3.6-1
- Updated to 3.6 (IKEv2, MODECFG, Cisco interop fixes)
- Generate empty NSS db if none exists
diff --git a/sources b/sources
index c5d2082..b268800 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-6c6f0ffec329e09d2d7fa24ae102c69b libreswan-3.6.tar.gz
+5ab889e6a0c3b157c8dcd59966090e2f libreswan-3.7.tar.gz
More information about the scm-commits
mailing list