diff --git a/.gitignore b/.gitignore index ee1d37e..caf2c88 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,5 @@ /strongswan-5.0.3.tar.bz2 /strongswan-5.0.4.tar.bz2 /strongswan-5.1.0.tar.bz2 +/strongswan-5.1.1.tar.bz2 +/strongswan-5.1.1.tar.bz2.sig diff --git a/libstrongswan-plugin.patch b/libstrongswan-plugin.patch index ce0951d..f204a1e 100644 --- a/libstrongswan-plugin.patch +++ b/libstrongswan-plugin.patch @@ -1,6 +1,6 @@ -diff -urNp strongswan-5.1.0-patched/src/libstrongswan/plugins/plugin_loader.c strongswan-5.1.0-current/src/libstrongswan/plugins/plugin_loader.c ---- strongswan-5.1.0-patched/src/libstrongswan/plugins/plugin_loader.c 2013-08-06 17:16:36.266031511 -0400 -+++ strongswan-5.1.0-current/src/libstrongswan/plugins/plugin_loader.c 2013-08-06 17:49:15.703354848 -0400 +diff -urNp strongswan-5.1.1-patched/src/libstrongswan/plugins/plugin_loader.c strongswan-5.1.1-current/src/libstrongswan/plugins/plugin_loader.c +--- strongswan-5.1.1-patched/src/libstrongswan/plugins/plugin_loader.c 2013-11-01 13:12:06.046927153 -0400 ++++ strongswan-5.1.1-current/src/libstrongswan/plugins/plugin_loader.c 2013-11-01 13:16:59.680916657 -0400 @@ -353,7 +353,7 @@ static plugin_entry_t *load_plugin(priva return NULL; } diff --git a/libstrongswan-settings-debug.patch b/libstrongswan-settings-debug.patch index 66bca56..692690d 100644 --- a/libstrongswan-settings-debug.patch +++ b/libstrongswan-settings-debug.patch @@ -1,6 +1,6 @@ -diff -urNp strongswan-5.1.0-patched/src/libstrongswan/utils/settings.c strongswan-5.1.0-current/src/libstrongswan/utils/settings.c ---- strongswan-5.1.0-patched/src/libstrongswan/utils/settings.c 2013-08-06 17:16:36.244031484 -0400 -+++ strongswan-5.1.0-current/src/libstrongswan/utils/settings.c 2013-08-06 17:52:43.272606717 -0400 +diff -urNp strongswan-5.1.1-patched/src/libstrongswan/utils/settings.c strongswan-5.1.1-current/src/libstrongswan/utils/settings.c +--- strongswan-5.1.1-patched/src/libstrongswan/utils/settings.c 2013-11-01 13:12:06.034927154 -0400 ++++ strongswan-5.1.1-current/src/libstrongswan/utils/settings.c 2013-11-01 13:18:56.230912491 -0400 @@ -960,7 +960,7 @@ static bool parse_file(linked_list_t *co { if (errno == ENOENT) diff --git a/malloc-speed-lrt.patch b/malloc-speed-lrt.patch deleted file mode 100644 index c032c15..0000000 --- a/malloc-speed-lrt.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -urNp strongswan-5.1.0-patched/scripts/Makefile.am strongswan-5.1.0-current/scripts/Makefile.am ---- strongswan-5.1.0-patched/scripts/Makefile.am 2013-08-07 16:46:57.759056262 -0400 -+++ strongswan-5.1.0-current/scripts/Makefile.am 2013-08-07 16:47:51.240021382 -0400 -@@ -36,7 +36,7 @@ dh_speed_LDADD = $(top_builddir)/src/lib - pubkey_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt - crypt_burn_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la - hash_burn_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la --malloc_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -+malloc_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt - fetch_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la - dnssec_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la - -diff -urNp strongswan-5.1.0-patched/scripts/Makefile.in strongswan-5.1.0-current/scripts/Makefile.in ---- strongswan-5.1.0-patched/scripts/Makefile.in 2013-08-07 16:46:57.758056263 -0400 -+++ strongswan-5.1.0-current/scripts/Makefile.in 2013-08-07 16:59:06.506583680 -0400 -@@ -414,7 +414,7 @@ dh_speed_LDADD = $(top_builddir)/src/lib - pubkey_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt - crypt_burn_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la - hash_burn_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la --malloc_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -+malloc_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt - fetch_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la - dnssec_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la - all: all-am diff --git a/sources b/sources index 388cdfe..b3b0e07 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ -c1cd0a3ba9960f590cae28c8470800e8 strongswan-5.1.0.tar.bz2 +e3af3d493d22286be3cd794533a8966a strongswan-5.1.1.tar.bz2 +5381c48d5cabec932aa2904abde93cd3 strongswan-5.1.1.tar.bz2.sig diff --git a/strongswan-init.patch b/strongswan-init.patch index ccd653a..eb29bdb 100644 --- a/strongswan-init.patch +++ b/strongswan-init.patch @@ -1,7 +1,7 @@ -diff -urNp strongswan-5.1.0-patched/configure.ac strongswan-5.1.0-current/configure.ac ---- strongswan-5.1.0-patched/configure.ac 2013-08-06 17:16:36.279031528 -0400 -+++ strongswan-5.1.0-current/configure.ac 2013-08-06 17:35:01.750380445 -0400 -@@ -1311,6 +1311,8 @@ AC_CONFIG_FILES([ +diff -urNp strongswan-5.1.1-patched/configure.ac strongswan-5.1.1-current/configure.ac +--- strongswan-5.1.1-patched/configure.ac 2013-11-01 13:12:05.964927156 -0400 ++++ strongswan-5.1.1-current/configure.ac 2013-11-01 13:12:24.357926499 -0400 +@@ -1330,6 +1330,8 @@ AC_CONFIG_FILES([ man/Makefile init/Makefile init/systemd/Makefile @@ -10,9 +10,9 @@ diff -urNp strongswan-5.1.0-patched/configure.ac strongswan-5.1.0-current/config src/Makefile src/include/Makefile src/libstrongswan/Makefile -diff -urNp strongswan-5.1.0-patched/init/Makefile.am strongswan-5.1.0-current/init/Makefile.am ---- strongswan-5.1.0-patched/init/Makefile.am 2013-08-06 17:16:36.279031528 -0400 -+++ strongswan-5.1.0-current/init/Makefile.am 2013-08-06 17:36:19.905472912 -0400 +diff -urNp strongswan-5.1.1-patched/init/Makefile.am strongswan-5.1.1-current/init/Makefile.am +--- strongswan-5.1.1-patched/init/Makefile.am 2013-11-01 13:12:05.966927156 -0400 ++++ strongswan-5.1.1-current/init/Makefile.am 2013-11-01 13:12:24.357926499 -0400 @@ -1,5 +1,5 @@ -SUBDIRS = @@ -20,14 +20,14 @@ diff -urNp strongswan-5.1.0-patched/init/Makefile.am strongswan-5.1.0-current/in if HAVE_SYSTEMD SUBDIRS += systemd -diff -urNp strongswan-5.1.0-patched/init/sysvinit/Makefile.am strongswan-5.1.0-current/init/sysvinit/Makefile.am ---- strongswan-5.1.0-patched/init/sysvinit/Makefile.am 1969-12-31 19:00:00.000000000 -0500 -+++ strongswan-5.1.0-current/init/sysvinit/Makefile.am 2013-07-31 15:56:21.919959000 -0400 +diff -urNp strongswan-5.1.1-patched/init/sysvinit/Makefile.am strongswan-5.1.1-current/init/sysvinit/Makefile.am +--- strongswan-5.1.1-patched/init/sysvinit/Makefile.am 1969-12-31 19:00:00.000000000 -0500 ++++ strongswan-5.1.1-current/init/sysvinit/Makefile.am 2013-11-01 13:12:24.358926499 -0400 @@ -0,0 +1 @@ +noinst_DATA = strongswan -diff -urNp strongswan-5.1.0-patched/init/sysvinit/strongswan strongswan-5.1.0-current/init/sysvinit/strongswan ---- strongswan-5.1.0-patched/init/sysvinit/strongswan 1969-12-31 19:00:00.000000000 -0500 -+++ strongswan-5.1.0-current/init/sysvinit/strongswan 2013-07-31 15:56:21.920958000 -0400 +diff -urNp strongswan-5.1.1-patched/init/sysvinit/strongswan strongswan-5.1.1-current/init/sysvinit/strongswan +--- strongswan-5.1.1-patched/init/sysvinit/strongswan 1969-12-31 19:00:00.000000000 -0500 ++++ strongswan-5.1.1-current/init/sysvinit/strongswan 2013-11-01 13:12:24.358926499 -0400 @@ -0,0 +1,100 @@ +#!/bin/sh +# @@ -129,9 +129,9 @@ diff -urNp strongswan-5.1.0-patched/init/sysvinit/strongswan strongswan-5.1.0-cu + exit 2 +esac +exit $? -diff -urNp strongswan-5.1.0-patched/init/sysvinit/strongswan.in strongswan-5.1.0-current/init/sysvinit/strongswan.in ---- strongswan-5.1.0-patched/init/sysvinit/strongswan.in 1969-12-31 19:00:00.000000000 -0500 -+++ strongswan-5.1.0-current/init/sysvinit/strongswan.in 2013-07-31 15:56:21.919959000 -0400 +diff -urNp strongswan-5.1.1-patched/init/sysvinit/strongswan.in strongswan-5.1.1-current/init/sysvinit/strongswan.in +--- strongswan-5.1.1-patched/init/sysvinit/strongswan.in 1969-12-31 19:00:00.000000000 -0500 ++++ strongswan-5.1.1-current/init/sysvinit/strongswan.in 2013-11-01 13:12:24.359926499 -0400 @@ -0,0 +1,100 @@ +#!/bin/sh +# diff --git a/strongswan-pts-ecp-disable.patch b/strongswan-pts-ecp-disable.patch index 59054eb..4f5c141 100644 --- a/strongswan-pts-ecp-disable.patch +++ b/strongswan-pts-ecp-disable.patch @@ -1,6 +1,6 @@ -diff -urNp strongswan-5.1.0-patched/src/libpts/pts/pts_dh_group.c strongswan-5.1.0-current/src/libpts/pts/pts_dh_group.c ---- strongswan-5.1.0-patched/src/libpts/pts/pts_dh_group.c 2013-08-06 17:16:36.238031476 -0400 -+++ strongswan-5.1.0-current/src/libpts/pts/pts_dh_group.c 2013-08-06 17:44:48.005036651 -0400 +diff -urNp strongswan-5.1.1-patched/src/libpts/pts/pts_dh_group.c strongswan-5.1.1-current/src/libpts/pts/pts_dh_group.c +--- strongswan-5.1.1-patched/src/libpts/pts/pts_dh_group.c 2013-11-01 13:12:05.985927156 -0400 ++++ strongswan-5.1.1-current/src/libpts/pts/pts_dh_group.c 2013-11-01 13:15:12.192920500 -0400 @@ -74,6 +74,16 @@ bool pts_dh_group_probe(pts_dh_group_t * { DBG1(DBG_PTS, format2, "mandatory", diffie_hellman_group_names, diff --git a/strongswan.spec b/strongswan.spec index 33ccdbd..b5f7226 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -8,8 +8,8 @@ %endif Name: strongswan -Version: 5.1.0 -Release: 2%{?dist} +Version: 5.1.1 +Release: 1%{?dist} Summary: An OpenSource IPsec-based VPN Solution Group: System Environment/Daemons License: GPLv2+ @@ -19,9 +19,8 @@ Patch0: strongswan-init.patch Patch1: strongswan-pts-ecp-disable.patch Patch2: libstrongswan-plugin.patch Patch3: libstrongswan-settings-debug.patch -Patch4: malloc-speed-lrt.patch -BuildRequires: gmp-devel +BuildRequires: gmp-devel autoconf automake BuildRequires: libcurl-devel BuildRequires: openldap-devel BuildRequires: openssl-devel @@ -80,18 +79,18 @@ implementation possessing a standard IF-IMC/IMV interface. %patch1 -p1 %patch2 -p1 %patch3 -p1 -%patch4 -p1 echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1" > README.Fedora %build # for initscript patch to work -#autoreconf +autoreconf %configure --disable-static \ --with-ipsec-script=%{name} \ --sysconfdir=%{_sysconfdir}/%{name} \ --with-ipsecdir=%{_libexecdir}/%{name} \ --with-ipseclibdir=%{_libdir}/%{name} \ + --with-fips-mode=2 \ --with-tss=trousers \ --enable-openssl \ --enable-md4 \ @@ -105,6 +104,8 @@ echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/stro --enable-farp \ --enable-dhcp \ --enable-sqlite \ + --enable-tnc-ifmap \ + --enable-tnc-pdp \ --enable-imc-test \ --enable-imv-test \ --enable-imc-scanner \ @@ -113,6 +114,8 @@ echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/stro --enable-imv-attestation \ --enable-imv-os \ --enable-imc-os \ + --enable-imc-swid \ + --enable-imv-swid \ --enable-eap-tnc \ --enable-tnccs-20 \ --enable-tnccs-11 \ @@ -122,6 +125,7 @@ echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/stro --enable-eap-radius \ --enable-curl \ --enable-eap-identity \ + --enable-cmd \ %{?_enable_nm} @@ -132,8 +136,8 @@ sed -i 's/\t/ /' src/strongswan.conf src/starter/ipsec.conf make install DESTDIR=%{buildroot} # prefix man pages for i in %{buildroot}%{_mandir}/*/*; do - if echo "$i" | grep -vq '/strongswan[^\/]*$'; then - mv "$i" "`echo "$i" | sed -re 's|/([^/]+)$|/strongswan_\1|'`" + if echo "$i" | grep -vq '/%{name}[^\/]*$'; then + mv "$i" "`echo "$i" | sed -re 's|/([^/]+)$|/%{name}_\1|'`" fi done # delete unwanted library files @@ -148,6 +152,8 @@ chmod 700 %{buildroot}%{_sysconfdir}/%{name} %else install -D -m 755 init/sysvinit/%{name} %{buildroot}/%{_initddir}/%{name} %endif +#rename /usr/bin/pki to avoid conflict with pki-core/pki-tools +mv %{buildroot}%{_bindir}/pki %{buildroot}%{_bindir}/%{name}-pki # Create ipsec.d directory tree. install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d @@ -256,13 +262,15 @@ fi %{_libexecdir}/%{name}/_updown_espmark %{_libexecdir}/%{name}/charon %{_libexecdir}/%{name}/openac -%{_libexecdir}/%{name}/pki %{_libexecdir}/%{name}/scepclient %{_libexecdir}/%{name}/starter %{_libexecdir}/%{name}/stroke %{_libexecdir}/%{name}/_imv_policy %{_libexecdir}/%{name}/imv_policy_manager +%{_bindir}/%{name}-pki +%{_sbindir}/charon-cmd %{_sbindir}/%{name} +%{_mandir}/man1/%{name}_pki*.1.gz %{_mandir}/man5/%{name}.conf.5.gz %{_mandir}/man5/%{name}_ipsec.conf.5.gz %{_mandir}/man5/%{name}_ipsec.secrets.5.gz @@ -271,6 +279,7 @@ fi %{_mandir}/man8/%{name}__updown_espmark.8.gz %{_mandir}/man8/%{name}_openac.8.gz %{_mandir}/man8/%{name}_scepclient.8.gz +%{_mandir}/man8/%{name}_charon-cmd.8.gz %files tnc-imcvs %dir %{_libdir}/%{name} @@ -287,10 +296,12 @@ fi %{_libdir}/%{name}/imcvs/imc-scanner.so %{_libdir}/%{name}/imcvs/imc-test.so %{_libdir}/%{name}/imcvs/imc-os.so +%{_libdir}/%{name}/imcvs/imc-swid.so %{_libdir}/%{name}/imcvs/imv-attestation.so %{_libdir}/%{name}/imcvs/imv-scanner.so %{_libdir}/%{name}/imcvs/imv-test.so %{_libdir}/%{name}/imcvs/imv-os.so +%{_libdir}/%{name}/imcvs/imv-swid.so %dir %{_libdir}/%{name}/plugins %{_libdir}/%{name}/plugins/lib%{name}-pkcs7.so %{_libdir}/%{name}/plugins/lib%{name}-sqlite.so @@ -302,9 +313,16 @@ fi %{_libdir}/%{name}/plugins/lib%{name}-tnccs-11.so %{_libdir}/%{name}/plugins/lib%{name}-tnccs-dynamic.so %{_libdir}/%{name}/plugins/lib%{name}-eap-radius.so +%{_libdir}/%{name}/plugins/lib%{name}-tnc-ifmap.so +%{_libdir}/%{name}/plugins/lib%{name}-tnc-pdp.so %dir %{_libexecdir}/%{name} %{_libexecdir}/%{name}/attest %{_libexecdir}/%{name}/pacman +%{_libexecdir}/%{name}/pt-tls-client +#swid files +%{_libexecdir}/%{name}/*.swidtag +%dir %{_datadir}/regid.2004-03.org.%{name} +%{_datadir}/regid.2004-03.org.%{name}/*.swidtag %if 0%{?enable_nm} %files charon-nm @@ -314,6 +332,29 @@ fi %changelog +* Fri Nov 1 2013 Avesh Agarwal - 5.1.1-1 +- Support for PT-TLS (RFC 6876) +- Support for SWID IMC/IMV +- Support for command line IKE client charon-cmd +- Changed location of pki to /usr/bin +- Added swid tags files +- Added man pages for pki and charon-cmd +- Renamed pki to strongswan-pki to avoid conflict with + pki-core/pki-tools package. +- Update local patches +- Fixes CVE-2013-6075 +- Fixes CVE-2013-6076 +- Fixed autoconf/automake issue as configure.ac got changed + and it required running autoreconf during the build process. +- added strongswan signature file to the sources. +- Fixed initialization crash of IMV and IMC particularly + attestation imv/imc as libstrongswas was not getting + initialized. +- Enabled fips support +- Enabled TNC's ifmap support +- Enabled TNC's pdp support +- Fixed hardocded package name in this spec file + * Wed Aug 7 2013 Avesh Agarwal - 5.1.0-2 - Fixed linker error when compilating malloc-speed that lrt is missing. Did not have this problem on f19 and F20.