Support for PT-TLS (RFC 6876)
- Support for SWID IMC/IMV - Support for command line IKE client charon-cmd - Changed location of pki to /usr/bin - Added swid tags files - Added man pages for pki and charon-cmd - Renamed pki to strongswan-pki to avoid conflict with pki-core/pki-tools package. - Update local patches - Fixes CVE-2013-6075 - Fixes CVE-2013-6076 - Fixed autoconf/automake issue as configure.ac got changed and it required running autoreconf during the build process. - added strongswan signature file to the sources. - Fixed initialization crash of IMV and IMC particularly attestation imv/imc as libstrongswas was not getting initialized. - Enabled fips support - Enabled TNC's ifmap support - Enabled TNC's pdp support - Fixed hardocded package name in this spec file
This commit is contained in:
Avesh Agarwal
2
.gitignore
vendored
2
.gitignore
vendored
@@ -5,3 +5,5 @@
|
||||
/strongswan-5.0.3.tar.bz2
|
||||
/strongswan-5.0.4.tar.bz2
|
||||
/strongswan-5.1.0.tar.bz2
|
||||
/strongswan-5.1.1.tar.bz2
|
||||
/strongswan-5.1.1.tar.bz2.sig
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
diff -urNp strongswan-5.1.0-patched/src/libstrongswan/plugins/plugin_loader.c strongswan-5.1.0-current/src/libstrongswan/plugins/plugin_loader.c
|
||||
--- strongswan-5.1.0-patched/src/libstrongswan/plugins/plugin_loader.c 2013-08-06 17:16:36.266031511 -0400
|
||||
+++ strongswan-5.1.0-current/src/libstrongswan/plugins/plugin_loader.c 2013-08-06 17:49:15.703354848 -0400
|
||||
diff -urNp strongswan-5.1.1-patched/src/libstrongswan/plugins/plugin_loader.c strongswan-5.1.1-current/src/libstrongswan/plugins/plugin_loader.c
|
||||
--- strongswan-5.1.1-patched/src/libstrongswan/plugins/plugin_loader.c 2013-11-01 13:12:06.046927153 -0400
|
||||
+++ strongswan-5.1.1-current/src/libstrongswan/plugins/plugin_loader.c 2013-11-01 13:16:59.680916657 -0400
|
||||
@@ -353,7 +353,7 @@ static plugin_entry_t *load_plugin(priva
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
diff -urNp strongswan-5.1.0-patched/src/libstrongswan/utils/settings.c strongswan-5.1.0-current/src/libstrongswan/utils/settings.c
|
||||
--- strongswan-5.1.0-patched/src/libstrongswan/utils/settings.c 2013-08-06 17:16:36.244031484 -0400
|
||||
+++ strongswan-5.1.0-current/src/libstrongswan/utils/settings.c 2013-08-06 17:52:43.272606717 -0400
|
||||
diff -urNp strongswan-5.1.1-patched/src/libstrongswan/utils/settings.c strongswan-5.1.1-current/src/libstrongswan/utils/settings.c
|
||||
--- strongswan-5.1.1-patched/src/libstrongswan/utils/settings.c 2013-11-01 13:12:06.034927154 -0400
|
||||
+++ strongswan-5.1.1-current/src/libstrongswan/utils/settings.c 2013-11-01 13:18:56.230912491 -0400
|
||||
@@ -960,7 +960,7 @@ static bool parse_file(linked_list_t *co
|
||||
{
|
||||
if (errno == ENOENT)
|
||||
|
||||
@@ -1,24 +0,0 @@
|
||||
diff -urNp strongswan-5.1.0-patched/scripts/Makefile.am strongswan-5.1.0-current/scripts/Makefile.am
|
||||
--- strongswan-5.1.0-patched/scripts/Makefile.am 2013-08-07 16:46:57.759056262 -0400
|
||||
+++ strongswan-5.1.0-current/scripts/Makefile.am 2013-08-07 16:47:51.240021382 -0400
|
||||
@@ -36,7 +36,7 @@ dh_speed_LDADD = $(top_builddir)/src/lib
|
||||
pubkey_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt
|
||||
crypt_burn_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
|
||||
hash_burn_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
|
||||
-malloc_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
|
||||
+malloc_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt
|
||||
fetch_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
|
||||
dnssec_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
|
||||
|
||||
diff -urNp strongswan-5.1.0-patched/scripts/Makefile.in strongswan-5.1.0-current/scripts/Makefile.in
|
||||
--- strongswan-5.1.0-patched/scripts/Makefile.in 2013-08-07 16:46:57.758056263 -0400
|
||||
+++ strongswan-5.1.0-current/scripts/Makefile.in 2013-08-07 16:59:06.506583680 -0400
|
||||
@@ -414,7 +414,7 @@ dh_speed_LDADD = $(top_builddir)/src/lib
|
||||
pubkey_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt
|
||||
crypt_burn_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
|
||||
hash_burn_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
|
||||
-malloc_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
|
||||
+malloc_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt
|
||||
fetch_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
|
||||
dnssec_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
|
||||
all: all-am
|
||||
3
sources
3
sources
@@ -1 +1,2 @@
|
||||
c1cd0a3ba9960f590cae28c8470800e8 strongswan-5.1.0.tar.bz2
|
||||
e3af3d493d22286be3cd794533a8966a strongswan-5.1.1.tar.bz2
|
||||
5381c48d5cabec932aa2904abde93cd3 strongswan-5.1.1.tar.bz2.sig
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
diff -urNp strongswan-5.1.0-patched/configure.ac strongswan-5.1.0-current/configure.ac
|
||||
--- strongswan-5.1.0-patched/configure.ac 2013-08-06 17:16:36.279031528 -0400
|
||||
+++ strongswan-5.1.0-current/configure.ac 2013-08-06 17:35:01.750380445 -0400
|
||||
@@ -1311,6 +1311,8 @@ AC_CONFIG_FILES([
|
||||
diff -urNp strongswan-5.1.1-patched/configure.ac strongswan-5.1.1-current/configure.ac
|
||||
--- strongswan-5.1.1-patched/configure.ac 2013-11-01 13:12:05.964927156 -0400
|
||||
+++ strongswan-5.1.1-current/configure.ac 2013-11-01 13:12:24.357926499 -0400
|
||||
@@ -1330,6 +1330,8 @@ AC_CONFIG_FILES([
|
||||
man/Makefile
|
||||
init/Makefile
|
||||
init/systemd/Makefile
|
||||
@@ -10,9 +10,9 @@ diff -urNp strongswan-5.1.0-patched/configure.ac strongswan-5.1.0-current/config
|
||||
src/Makefile
|
||||
src/include/Makefile
|
||||
src/libstrongswan/Makefile
|
||||
diff -urNp strongswan-5.1.0-patched/init/Makefile.am strongswan-5.1.0-current/init/Makefile.am
|
||||
--- strongswan-5.1.0-patched/init/Makefile.am 2013-08-06 17:16:36.279031528 -0400
|
||||
+++ strongswan-5.1.0-current/init/Makefile.am 2013-08-06 17:36:19.905472912 -0400
|
||||
diff -urNp strongswan-5.1.1-patched/init/Makefile.am strongswan-5.1.1-current/init/Makefile.am
|
||||
--- strongswan-5.1.1-patched/init/Makefile.am 2013-11-01 13:12:05.966927156 -0400
|
||||
+++ strongswan-5.1.1-current/init/Makefile.am 2013-11-01 13:12:24.357926499 -0400
|
||||
@@ -1,5 +1,5 @@
|
||||
|
||||
-SUBDIRS =
|
||||
@@ -20,14 +20,14 @@ diff -urNp strongswan-5.1.0-patched/init/Makefile.am strongswan-5.1.0-current/in
|
||||
|
||||
if HAVE_SYSTEMD
|
||||
SUBDIRS += systemd
|
||||
diff -urNp strongswan-5.1.0-patched/init/sysvinit/Makefile.am strongswan-5.1.0-current/init/sysvinit/Makefile.am
|
||||
--- strongswan-5.1.0-patched/init/sysvinit/Makefile.am 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ strongswan-5.1.0-current/init/sysvinit/Makefile.am 2013-07-31 15:56:21.919959000 -0400
|
||||
diff -urNp strongswan-5.1.1-patched/init/sysvinit/Makefile.am strongswan-5.1.1-current/init/sysvinit/Makefile.am
|
||||
--- strongswan-5.1.1-patched/init/sysvinit/Makefile.am 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ strongswan-5.1.1-current/init/sysvinit/Makefile.am 2013-11-01 13:12:24.358926499 -0400
|
||||
@@ -0,0 +1 @@
|
||||
+noinst_DATA = strongswan
|
||||
diff -urNp strongswan-5.1.0-patched/init/sysvinit/strongswan strongswan-5.1.0-current/init/sysvinit/strongswan
|
||||
--- strongswan-5.1.0-patched/init/sysvinit/strongswan 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ strongswan-5.1.0-current/init/sysvinit/strongswan 2013-07-31 15:56:21.920958000 -0400
|
||||
diff -urNp strongswan-5.1.1-patched/init/sysvinit/strongswan strongswan-5.1.1-current/init/sysvinit/strongswan
|
||||
--- strongswan-5.1.1-patched/init/sysvinit/strongswan 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ strongswan-5.1.1-current/init/sysvinit/strongswan 2013-11-01 13:12:24.358926499 -0400
|
||||
@@ -0,0 +1,100 @@
|
||||
+#!/bin/sh
|
||||
+#
|
||||
@@ -129,9 +129,9 @@ diff -urNp strongswan-5.1.0-patched/init/sysvinit/strongswan strongswan-5.1.0-cu
|
||||
+ exit 2
|
||||
+esac
|
||||
+exit $?
|
||||
diff -urNp strongswan-5.1.0-patched/init/sysvinit/strongswan.in strongswan-5.1.0-current/init/sysvinit/strongswan.in
|
||||
--- strongswan-5.1.0-patched/init/sysvinit/strongswan.in 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ strongswan-5.1.0-current/init/sysvinit/strongswan.in 2013-07-31 15:56:21.919959000 -0400
|
||||
diff -urNp strongswan-5.1.1-patched/init/sysvinit/strongswan.in strongswan-5.1.1-current/init/sysvinit/strongswan.in
|
||||
--- strongswan-5.1.1-patched/init/sysvinit/strongswan.in 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ strongswan-5.1.1-current/init/sysvinit/strongswan.in 2013-11-01 13:12:24.359926499 -0400
|
||||
@@ -0,0 +1,100 @@
|
||||
+#!/bin/sh
|
||||
+#
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
diff -urNp strongswan-5.1.0-patched/src/libpts/pts/pts_dh_group.c strongswan-5.1.0-current/src/libpts/pts/pts_dh_group.c
|
||||
--- strongswan-5.1.0-patched/src/libpts/pts/pts_dh_group.c 2013-08-06 17:16:36.238031476 -0400
|
||||
+++ strongswan-5.1.0-current/src/libpts/pts/pts_dh_group.c 2013-08-06 17:44:48.005036651 -0400
|
||||
diff -urNp strongswan-5.1.1-patched/src/libpts/pts/pts_dh_group.c strongswan-5.1.1-current/src/libpts/pts/pts_dh_group.c
|
||||
--- strongswan-5.1.1-patched/src/libpts/pts/pts_dh_group.c 2013-11-01 13:12:05.985927156 -0400
|
||||
+++ strongswan-5.1.1-current/src/libpts/pts/pts_dh_group.c 2013-11-01 13:15:12.192920500 -0400
|
||||
@@ -74,6 +74,16 @@ bool pts_dh_group_probe(pts_dh_group_t *
|
||||
{
|
||||
DBG1(DBG_PTS, format2, "mandatory", diffie_hellman_group_names,
|
||||
|
||||
@@ -8,8 +8,8 @@
|
||||
%endif
|
||||
|
||||
Name: strongswan
|
||||
Version: 5.1.0
|
||||
Release: 2%{?dist}
|
||||
Version: 5.1.1
|
||||
Release: 1%{?dist}
|
||||
Summary: An OpenSource IPsec-based VPN Solution
|
||||
Group: System Environment/Daemons
|
||||
License: GPLv2+
|
||||
@@ -19,9 +19,8 @@ Patch0: strongswan-init.patch
|
||||
Patch1: strongswan-pts-ecp-disable.patch
|
||||
Patch2: libstrongswan-plugin.patch
|
||||
Patch3: libstrongswan-settings-debug.patch
|
||||
Patch4: malloc-speed-lrt.patch
|
||||
|
||||
BuildRequires: gmp-devel
|
||||
BuildRequires: gmp-devel autoconf automake
|
||||
BuildRequires: libcurl-devel
|
||||
BuildRequires: openldap-devel
|
||||
BuildRequires: openssl-devel
|
||||
@@ -80,18 +79,18 @@ implementation possessing a standard IF-IMC/IMV interface.
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
|
||||
echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1" > README.Fedora
|
||||
|
||||
%build
|
||||
# for initscript patch to work
|
||||
#autoreconf
|
||||
autoreconf
|
||||
%configure --disable-static \
|
||||
--with-ipsec-script=%{name} \
|
||||
--sysconfdir=%{_sysconfdir}/%{name} \
|
||||
--with-ipsecdir=%{_libexecdir}/%{name} \
|
||||
--with-ipseclibdir=%{_libdir}/%{name} \
|
||||
--with-fips-mode=2 \
|
||||
--with-tss=trousers \
|
||||
--enable-openssl \
|
||||
--enable-md4 \
|
||||
@@ -105,6 +104,8 @@ echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/stro
|
||||
--enable-farp \
|
||||
--enable-dhcp \
|
||||
--enable-sqlite \
|
||||
--enable-tnc-ifmap \
|
||||
--enable-tnc-pdp \
|
||||
--enable-imc-test \
|
||||
--enable-imv-test \
|
||||
--enable-imc-scanner \
|
||||
@@ -113,6 +114,8 @@ echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/stro
|
||||
--enable-imv-attestation \
|
||||
--enable-imv-os \
|
||||
--enable-imc-os \
|
||||
--enable-imc-swid \
|
||||
--enable-imv-swid \
|
||||
--enable-eap-tnc \
|
||||
--enable-tnccs-20 \
|
||||
--enable-tnccs-11 \
|
||||
@@ -122,6 +125,7 @@ echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/stro
|
||||
--enable-eap-radius \
|
||||
--enable-curl \
|
||||
--enable-eap-identity \
|
||||
--enable-cmd \
|
||||
%{?_enable_nm}
|
||||
|
||||
|
||||
@@ -132,8 +136,8 @@ sed -i 's/\t/ /' src/strongswan.conf src/starter/ipsec.conf
|
||||
make install DESTDIR=%{buildroot}
|
||||
# prefix man pages
|
||||
for i in %{buildroot}%{_mandir}/*/*; do
|
||||
if echo "$i" | grep -vq '/strongswan[^\/]*$'; then
|
||||
mv "$i" "`echo "$i" | sed -re 's|/([^/]+)$|/strongswan_\1|'`"
|
||||
if echo "$i" | grep -vq '/%{name}[^\/]*$'; then
|
||||
mv "$i" "`echo "$i" | sed -re 's|/([^/]+)$|/%{name}_\1|'`"
|
||||
fi
|
||||
done
|
||||
# delete unwanted library files
|
||||
@@ -148,6 +152,8 @@ chmod 700 %{buildroot}%{_sysconfdir}/%{name}
|
||||
%else
|
||||
install -D -m 755 init/sysvinit/%{name} %{buildroot}/%{_initddir}/%{name}
|
||||
%endif
|
||||
#rename /usr/bin/pki to avoid conflict with pki-core/pki-tools
|
||||
mv %{buildroot}%{_bindir}/pki %{buildroot}%{_bindir}/%{name}-pki
|
||||
|
||||
# Create ipsec.d directory tree.
|
||||
install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d
|
||||
@@ -256,13 +262,15 @@ fi
|
||||
%{_libexecdir}/%{name}/_updown_espmark
|
||||
%{_libexecdir}/%{name}/charon
|
||||
%{_libexecdir}/%{name}/openac
|
||||
%{_libexecdir}/%{name}/pki
|
||||
%{_libexecdir}/%{name}/scepclient
|
||||
%{_libexecdir}/%{name}/starter
|
||||
%{_libexecdir}/%{name}/stroke
|
||||
%{_libexecdir}/%{name}/_imv_policy
|
||||
%{_libexecdir}/%{name}/imv_policy_manager
|
||||
%{_bindir}/%{name}-pki
|
||||
%{_sbindir}/charon-cmd
|
||||
%{_sbindir}/%{name}
|
||||
%{_mandir}/man1/%{name}_pki*.1.gz
|
||||
%{_mandir}/man5/%{name}.conf.5.gz
|
||||
%{_mandir}/man5/%{name}_ipsec.conf.5.gz
|
||||
%{_mandir}/man5/%{name}_ipsec.secrets.5.gz
|
||||
@@ -271,6 +279,7 @@ fi
|
||||
%{_mandir}/man8/%{name}__updown_espmark.8.gz
|
||||
%{_mandir}/man8/%{name}_openac.8.gz
|
||||
%{_mandir}/man8/%{name}_scepclient.8.gz
|
||||
%{_mandir}/man8/%{name}_charon-cmd.8.gz
|
||||
|
||||
%files tnc-imcvs
|
||||
%dir %{_libdir}/%{name}
|
||||
@@ -287,10 +296,12 @@ fi
|
||||
%{_libdir}/%{name}/imcvs/imc-scanner.so
|
||||
%{_libdir}/%{name}/imcvs/imc-test.so
|
||||
%{_libdir}/%{name}/imcvs/imc-os.so
|
||||
%{_libdir}/%{name}/imcvs/imc-swid.so
|
||||
%{_libdir}/%{name}/imcvs/imv-attestation.so
|
||||
%{_libdir}/%{name}/imcvs/imv-scanner.so
|
||||
%{_libdir}/%{name}/imcvs/imv-test.so
|
||||
%{_libdir}/%{name}/imcvs/imv-os.so
|
||||
%{_libdir}/%{name}/imcvs/imv-swid.so
|
||||
%dir %{_libdir}/%{name}/plugins
|
||||
%{_libdir}/%{name}/plugins/lib%{name}-pkcs7.so
|
||||
%{_libdir}/%{name}/plugins/lib%{name}-sqlite.so
|
||||
@@ -302,9 +313,16 @@ fi
|
||||
%{_libdir}/%{name}/plugins/lib%{name}-tnccs-11.so
|
||||
%{_libdir}/%{name}/plugins/lib%{name}-tnccs-dynamic.so
|
||||
%{_libdir}/%{name}/plugins/lib%{name}-eap-radius.so
|
||||
%{_libdir}/%{name}/plugins/lib%{name}-tnc-ifmap.so
|
||||
%{_libdir}/%{name}/plugins/lib%{name}-tnc-pdp.so
|
||||
%dir %{_libexecdir}/%{name}
|
||||
%{_libexecdir}/%{name}/attest
|
||||
%{_libexecdir}/%{name}/pacman
|
||||
%{_libexecdir}/%{name}/pt-tls-client
|
||||
#swid files
|
||||
%{_libexecdir}/%{name}/*.swidtag
|
||||
%dir %{_datadir}/regid.2004-03.org.%{name}
|
||||
%{_datadir}/regid.2004-03.org.%{name}/*.swidtag
|
||||
|
||||
%if 0%{?enable_nm}
|
||||
%files charon-nm
|
||||
@@ -314,6 +332,29 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Nov 1 2013 Avesh Agarwal <avagarwa@redhat.com> - 5.1.1-1
|
||||
- Support for PT-TLS (RFC 6876)
|
||||
- Support for SWID IMC/IMV
|
||||
- Support for command line IKE client charon-cmd
|
||||
- Changed location of pki to /usr/bin
|
||||
- Added swid tags files
|
||||
- Added man pages for pki and charon-cmd
|
||||
- Renamed pki to strongswan-pki to avoid conflict with
|
||||
pki-core/pki-tools package.
|
||||
- Update local patches
|
||||
- Fixes CVE-2013-6075
|
||||
- Fixes CVE-2013-6076
|
||||
- Fixed autoconf/automake issue as configure.ac got changed
|
||||
and it required running autoreconf during the build process.
|
||||
- added strongswan signature file to the sources.
|
||||
- Fixed initialization crash of IMV and IMC particularly
|
||||
attestation imv/imc as libstrongswas was not getting
|
||||
initialized.
|
||||
- Enabled fips support
|
||||
- Enabled TNC's ifmap support
|
||||
- Enabled TNC's pdp support
|
||||
- Fixed hardocded package name in this spec file
|
||||
|
||||
* Wed Aug 7 2013 Avesh Agarwal <avagarwa@redhat.com> - 5.1.0-2
|
||||
- Fixed linker error when compilating malloc-speed that
|
||||
lrt is missing. Did not have this problem on f19 and F20.
|
||||
|
||||
Reference in New Issue
Block a user