new version 5.1.3rc1

.gitignore

@@ -8,3 +8,4 @@
 /strongswan-5.1.1.tar.bz2
 /strongswan-5.1.1.tar.bz2.sig
 /strongswan-5.1.2.tar.bz2
+/strongswan-5.1.3rc1.tar.bz2

libstrongswan-settings-debug.patch

@@ -1,30 +0,0 @@
-diff -urNp strongswan-5.1.1-patched/src/libstrongswan/utils/settings.c strongswan-5.1.1-current/src/libstrongswan/utils/settings.c
---- strongswan-5.1.1-patched/src/libstrongswan/utils/settings.c	2013-11-01 13:12:06.034927154 -0400
-+++ strongswan-5.1.1-current/src/libstrongswan/utils/settings.c	2013-11-01 13:18:56.230912491 -0400
-@@ -960,7 +960,7 @@ static bool parse_file(linked_list_t *co
- 	{
- 		if (errno == ENOENT)
- 		{
--			DBG2(DBG_LIB, "'%s' does not exist, ignored", file);
-+			DBG1(DBG_LIB, "'%s' does not exist, ignored", file);
- 			return TRUE;
- 		}
- 		DBG1(DBG_LIB, "failed to stat '%s': %s", file, strerror(errno));
-@@ -1023,7 +1023,7 @@ static bool parse_files(linked_list_t *c
- 
- 	if (!strlen(pattern))
- 	{
--		DBG2(DBG_LIB, "empty include pattern, ignored");
-+		DBG1(DBG_LIB, "empty include pattern, ignored");
- 		return TRUE;
- 	}
- 
-@@ -1055,7 +1055,7 @@ static bool parse_files(linked_list_t *c
- 		status = glob(pat, GLOB_ERR, NULL, &buf);
- 		if (status == GLOB_NOMATCH)
- 		{
--			DBG2(DBG_LIB, "no files found matching '%s', ignored", pat);
-+			DBG1(DBG_LIB, "no files found matching '%s', ignored", pat);
- 		}
- 		else if (status != 0)
- 		{

sources

@@ -1 +1 @@
-d45a2e89c624bceaf2e53c9b9cdddf83  strongswan-5.1.2.tar.bz2
+67cf88ae5cc8a4ade4fd8006b72c5912  strongswan-5.1.3rc1.tar.bz2

strongswan-5.1.2-autoconf.patch

@@ -1,26 +0,0 @@
-commit af15c71bfbfab2e732159f06bb024aa77a489246
-Author: Tobias Brunner <tobias@strongswan.org>
-Date:   Mon Mar 3 17:14:26 2014 +0100
-
-    configure: Fix autoreconf with older autotools
-    
-    Older autoconf versions (e.g. on CentOS 6.5) produce an empty else block
-    for the removed empty argument, which the shell then trips over when
-    executing ./configure.
-    
-    Fixes #536.
-
-diff --git a/configure.ac b/configure.ac
-index 8a925c2..ec189c9 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -528,8 +528,7 @@ AC_CHECK_FUNC(
- 			 AC_MSG_FAILURE([qsort_r has unknown semantics])])
- 		])
- 		CFLAGS="$save_CFLAGS"
--	],
--	[]
-+	]
- )
- 
- AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r)

strongswan-5.1.2-libexec.patch

@@ -1,64 +0,0 @@
-diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am
-index d172b15..5dfab01 100644
---- a/src/checksum/Makefile.am
-+++ b/src/checksum/Makefile.am
-@@ -102,7 +102,7 @@ endif
- if USE_TOOLS
-   exes += $(DESTDIR)$(ipsecdir)/openac
-   exes += $(DESTDIR)$(ipsecdir)/scepclient
--  exes += $(DESTDIR)$(bindir)/pki
-+  exes += $(DESTDIR)$(ipsecdir)/pki
- endif
- 
- if USE_ATTR_SQL
-diff --git a/src/ipsec/_ipsec.in b/src/ipsec/_ipsec.in
-index 3c1f998..f39eb16 100644
---- a/src/ipsec/_ipsec.in
-+++ b/src/ipsec/_ipsec.in
-@@ -15,7 +15,7 @@
- # for more details.
- 
- # define a minimum PATH environment in case it is not set
--PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@:@IPSEC_BINDIR@"
-+PATH="@IPSEC_DIR@:/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@:@IPSEC_BINDIR@"
- export PATH
- 
- # set daemon name
-@@ -28,7 +28,6 @@ IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`"
- 
- # where the private directory and the config files are
- IPSEC_DIR="@IPSEC_DIR@"
--IPSEC_BINDIR="@IPSEC_BINDIR@"
- IPSEC_SBINDIR="@IPSEC_SBINDIR@"
- IPSEC_CONFDIR="@IPSEC_CONFDIR@"
- IPSEC_PIDDIR="@IPSEC_PIDDIR@"
-@@ -40,7 +39,7 @@ IPSEC_CHARON_PID="${IPSEC_PIDDIR}/${DAEMON_NAME}.pid"
- IPSEC_STROKE="${IPSEC_DIR}/stroke"
- IPSEC_STARTER="${IPSEC_DIR}/starter"
- 
--export IPSEC_DIR IPSEC_BINDIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID
-+export IPSEC_DIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID
- 
- IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland"
- 
-@@ -316,7 +315,7 @@ update)
- 	;;
- pki)
- 	shift
--	exec $IPSEC_BINDIR/pki "$@"
-+	exec pki "$@"
- 	;;
- version|--version)
- 	printf "$OS_NAME $IPSEC_NAME $IPSEC_VERSION\n"
-diff --git a/src/pki/Makefile.am b/src/pki/Makefile.am
-index efbed9b..7835152 100644
---- a/src/pki/Makefile.am
-+++ b/src/pki/Makefile.am
-@@ -1,6 +1,6 @@
- SUBDIRS = man
- 
--bin_PROGRAMS = pki
-+ipsec_PROGRAMS = pki
- 
- pki_SOURCES = pki.c pki.h command.c command.h \
- 	commands/gen.c \

strongswan-pts-ecp-disable.patch

@@ -1,20 +0,0 @@
-diff -urNp strongswan-5.1.1-patched/src/libpts/pts/pts_dh_group.c strongswan-5.1.1-current/src/libpts/pts/pts_dh_group.c
---- strongswan-5.1.1-patched/src/libpts/pts/pts_dh_group.c	2013-11-01 13:12:05.985927156 -0400
-+++ strongswan-5.1.1-current/src/libpts/pts/pts_dh_group.c	2013-11-01 13:15:12.192920500 -0400
-@@ -74,6 +74,16 @@ bool pts_dh_group_probe(pts_dh_group_t *
- 	{
- 		DBG1(DBG_PTS, format2, "mandatory", diffie_hellman_group_names,
- 											ECP_256_BIT);
-+		/* Openssl in Fedora does not allow ECP_256 and ECP_384, so lets not die
-+ 		 * here. As far as, there is one dh group available, lets continue. It makes
-+ 		 * it non-compliant to TCG's PTS standard, but there is no choice right now.
-+ 		 * see redhat bz # 319901.	
-+ 		 */ 
-+		if(*dh_groups != PTS_DH_GROUP_NONE) 
-+		{
-+			return TRUE;		
-+		}
-+
- 	}
- 	return FALSE;
- }

strongswan.spec

@@ -1,8 +1,8 @@
 %global _hardened_build 1
 
 Name:           strongswan
-Version:        5.1.2
+Version:        5.1.3rc1
-Release:        4%{?dist}
+Release: 1%{?dist}
 Summary:        An OpenSource IPsec-based VPN Solution
 Group:          System Environment/Daemons
 License:        GPLv2+
@@ -10,27 +10,15 @@ URL:            http://www.strongswan.org/
 Source0:        http://download.strongswan.org/%{name}-%{version}.tar.bz2
 # Initscript for epel6
 Source1:        %{name}.sysvinit
-# Avoid breakage with Fedora OpenSSL
-# http://wiki.strongswan.org/issues/537
-Patch1:         strongswan-pts-ecp-disable.patch
 # Use dlopen(file, RTLD_NOW|RTLD_GLOBAL) for the plugin loader
 # http://wiki.strongswan.org/issues/538
 Patch2:         libstrongswan-plugin.patch
-# Use DBG1 for settings.c debug messages
-# http://wiki.strongswan.org/issues/539
-Patch3:         libstrongswan-settings-debug.patch
 # Link plugins to libstrongswan
 # http://wiki.strongswan.org/issues/538 (same as for Patch2)
 Patch4:         libstrongswan-973315.patch
 # Fix selinux issues caused by leaking file descriptors to xtables-multi
 # http://wiki.strongswan.org/issues/519
 Patch6:         strongswan-5.1.1-selinux.patch
-# Fix configure.ac to build for epel6
-# http://wiki.strongswan.org/issues/536
-Patch7:         strongswan-5.1.2-autoconf.patch
-# Fix pki utility location
-# http://wiki.strongswan.org/issues/552
-Patch8:         strongswan-5.1.2-libexec.patch
 BuildRequires:  gmp-devel autoconf automake
 BuildRequires:  libcurl-devel
 BuildRequires:  openldap-devel
@@ -85,22 +73,22 @@ PT-TLS to support TNC over TLS.
 
 %prep
 %setup -q
-%patch1 -p1
 %patch2 -p1
-%patch3 -p1
 %patch4 -p1
 %patch6 -p1
-%patch7 -p1
-%patch8 -p1
 
 echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1" > README.Fedora
 
 %build
 autoreconf
+# --with-ipsecdir moves internal commands to /usr/libexec/strongswan
+# --with-bindir moves 'pki' command to /usr/libexec/strongswan
+# See: http://wiki.strongswan.org/issues/552
 %configure --disable-static \
     --with-ipsec-script=%{name} \
     --sysconfdir=%{_sysconfdir}/%{name} \
     --with-ipsecdir=%{_libexecdir}/%{name} \
+    --with-bindir=%{_libexecdir}/%{name} \
     --with-ipseclibdir=%{_libdir}/%{name} \
     --with-fips-mode=2 \
     --with-tss=trousers \
@@ -473,6 +461,9 @@ fi
 %endif
 
 %changelog
+* Mon Apr 14 2014 Pavel Šimerda <psimerda@redhat.com> - 5.1.3rc1-1
+- new version 5.1.3rc1
+
 * Mon Mar 24 2014 Pavel Šimerda <psimerda@redhat.com> - 5.1.2-4
 - #1069928 - updated libexec patch.