From d0792a1bf6486eb84d0a5543e693c7f2f51132e2 Mon Sep 17 00:00:00 2001 From: Avesh Agarwal Date: Fri, 30 Aug 2013 15:41:45 -0400 Subject: [PATCH 1/4] Enabled fips support - Enabled TNC's ifmap support - Enabled TNC's pdp support - Fixed hardocded package name in this spec file --- strongswan.spec | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/strongswan.spec b/strongswan.spec index 0e9aa4c..f62adaf 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -9,7 +9,7 @@ Name: strongswan Version: 5.1.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: An OpenSource IPsec-based VPN Solution Group: System Environment/Daemons License: GPLv2+ @@ -90,6 +90,7 @@ echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/stro --sysconfdir=%{_sysconfdir}/%{name} \ --with-ipsecdir=%{_libexecdir}/%{name} \ --with-ipseclibdir=%{_libdir}/%{name} \ + --with-fips-mode=2 \ --with-tss=trousers \ --enable-openssl \ --enable-md4 \ @@ -103,6 +104,8 @@ echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/stro --enable-farp \ --enable-dhcp \ --enable-sqlite \ + --enable-tnc-ifmap \ + --enable-tnc-pdp \ --enable-imc-test \ --enable-imv-test \ --enable-imc-scanner \ @@ -130,8 +133,8 @@ sed -i 's/\t/ /' src/strongswan.conf src/starter/ipsec.conf make install DESTDIR=%{buildroot} # prefix man pages for i in %{buildroot}%{_mandir}/*/*; do - if echo "$i" | grep -vq '/strongswan[^\/]*$'; then - mv "$i" "`echo "$i" | sed -re 's|/([^/]+)$|/strongswan_\1|'`" + if echo "$i" | grep -vq '/%{name}[^\/]*$'; then + mv "$i" "`echo "$i" | sed -re 's|/([^/]+)$|/%{name}_\1|'`" fi done # delete unwanted library files @@ -300,6 +303,8 @@ fi %{_libdir}/%{name}/plugins/lib%{name}-tnccs-11.so %{_libdir}/%{name}/plugins/lib%{name}-tnccs-dynamic.so %{_libdir}/%{name}/plugins/lib%{name}-eap-radius.so +%{_libdir}/%{name}/plugins/lib%{name}-tnc-ifmap.so +%{_libdir}/%{name}/plugins/lib%{name}-tnc-pdp.so %dir %{_libexecdir}/%{name} %{_libexecdir}/%{name}/attest %{_libexecdir}/%{name}/pacman @@ -312,6 +317,12 @@ fi %changelog +* Fri Aug 30 2013 Avesh Agarwal - 5.1.0-2 +- Enabled fips support +- Enabled TNC's ifmap support +- Enabled TNC's pdp support +- Fixed hardocded package name in this spec file + * Wed Aug 7 2013 Avesh Agarwal - 5.1.0-1 - rhbz#981429: New upstream release - Fixes CVE-2013-5018: rhbz#991216, rhbz#991215 From 5c4f5c4a528ae9e368ee1a834e8090f97fae1e51 Mon Sep 17 00:00:00 2001 From: Avesh Agarwal Date: Thu, 12 Sep 2013 13:21:54 -0400 Subject: [PATCH 2/4] Fixed initialization crash of IMV and IMC particularly attestation imv/imc as libstrongswas was not getting initialized. --- imcv-initialization-crash-git-5ec08.patch | 145 ++++++++++++++++++++++ strongswan.spec | 9 +- 2 files changed, 153 insertions(+), 1 deletion(-) create mode 100644 imcv-initialization-crash-git-5ec08.patch diff --git a/imcv-initialization-crash-git-5ec08.patch b/imcv-initialization-crash-git-5ec08.patch new file mode 100644 index 0000000..d1fc80c --- /dev/null +++ b/imcv-initialization-crash-git-5ec08.patch @@ -0,0 +1,145 @@ +diff -urNp strongswan-5.1.0/src/libimcv/plugins/imv_os/imv_os_agent.c strongswan-5.1.0-test/src/libimcv/plugins/imv_os/imv_os_agent.c +--- strongswan-5.1.0/src/libimcv/plugins/imv_os/imv_os_agent.c 2013-07-04 15:55:16.000000000 -0400 ++++ strongswan-5.1.0-test/src/libimcv/plugins/imv_os/imv_os_agent.c 2013-09-11 15:39:04.263741942 -0400 +@@ -779,6 +779,14 @@ imv_agent_if_t *imv_os_agent_create(cons + TNC_Version *actual_version) + { + private_imv_os_agent_t *this; ++ imv_agent_t *agent; ++ ++ agent = imv_agent_create(name, msg_types, countof(msg_types), id, ++ actual_version); ++ if (!agent) ++ { ++ return NULL; ++ } + + INIT(this, + .public = { +@@ -790,16 +798,10 @@ imv_agent_if_t *imv_os_agent_create(cons + .solicit_recommendation = _solicit_recommendation, + .destroy = _destroy, + }, +- .agent = imv_agent_create(name, msg_types, countof(msg_types), id, +- actual_version), ++ .agent = agent, + .db = imv_os_database_create(imcv_db), + ); + +- if (!this->agent) +- { +- destroy(this); +- return NULL; +- } + return &this->public; + } + +diff -urNp strongswan-5.1.0/src/libimcv/plugins/imv_test/imv_test_agent.c strongswan-5.1.0-test/src/libimcv/plugins/imv_test/imv_test_agent.c +--- strongswan-5.1.0/src/libimcv/plugins/imv_test/imv_test_agent.c 2013-06-21 17:27:07.000000000 -0400 ++++ strongswan-5.1.0-test/src/libimcv/plugins/imv_test/imv_test_agent.c 2013-09-11 15:39:04.263741942 -0400 +@@ -296,6 +296,14 @@ imv_agent_if_t *imv_test_agent_create(co + TNC_Version *actual_version) + { + private_imv_test_agent_t *this; ++ imv_agent_t *agent; ++ ++ agent = imv_agent_create(name, msg_types, countof(msg_types), id, ++ actual_version); ++ if (!agent) ++ { ++ return NULL; ++ } + + INIT(this, + .public = { +@@ -307,15 +315,9 @@ imv_agent_if_t *imv_test_agent_create(co + .solicit_recommendation = _solicit_recommendation, + .destroy = _destroy, + }, +- .agent = imv_agent_create(name, msg_types, countof(msg_types), id, +- actual_version), ++ .agent = agent, + ); + +- if (!this->agent) +- { +- destroy(this); +- return NULL; +- } + return &this->public; + } + +diff -urNp strongswan-5.1.0/src/libpts/plugins/imc_attestation/imc_attestation.c strongswan-5.1.0-test/src/libpts/plugins/imc_attestation/imc_attestation.c +--- strongswan-5.1.0/src/libpts/plugins/imc_attestation/imc_attestation.c 2013-05-14 05:16:46.000000000 -0400 ++++ strongswan-5.1.0-test/src/libpts/plugins/imc_attestation/imc_attestation.c 2013-09-11 15:39:04.264741942 -0400 +@@ -71,11 +71,6 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID + DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name); + return TNC_RESULT_ALREADY_INITIALIZED; + } +- if (!pts_meas_algo_probe(&supported_algorithms) || +- !pts_dh_group_probe(&supported_dh_groups)) +- { +- return TNC_RESULT_FATAL; +- } + imc_attestation = imc_agent_create(imc_name, msg_types, countof(msg_types), + imc_id, actual_version); + if (!imc_attestation) +@@ -83,6 +78,13 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID + return TNC_RESULT_FATAL; + } + ++ if (!pts_meas_algo_probe(&supported_algorithms) || ++ !pts_dh_group_probe(&supported_dh_groups)) ++ { ++ imc_attestation->destroy(imc_attestation); ++ imc_attestation = NULL; ++ return TNC_RESULT_FATAL; ++ } + libpts_init(); + + if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1) +diff -urNp strongswan-5.1.0/src/libpts/plugins/imv_attestation/imv_attestation_agent.c strongswan-5.1.0-test/src/libpts/plugins/imv_attestation/imv_attestation_agent.c +--- strongswan-5.1.0/src/libpts/plugins/imv_attestation/imv_attestation_agent.c 2013-07-10 05:00:34.000000000 -0400 ++++ strongswan-5.1.0-test/src/libpts/plugins/imv_attestation/imv_attestation_agent.c 2013-09-11 15:39:04.264741942 -0400 +@@ -565,8 +565,16 @@ imv_agent_if_t *imv_attestation_agent_cr + TNC_Version *actual_version) + { + private_imv_attestation_agent_t *this; ++ imv_agent_t *agent; + char *hash_alg, *dh_group, *cadir; + ++ agent = imv_agent_create(name, msg_types, countof(msg_types), id, ++ actual_version); ++ if (!agent) ++ { ++ return NULL; ++ } ++ + hash_alg = lib->settings->get_str(lib->settings, + "libimcv.plugins.imv-attestation.hash_algorithm", "sha256"); + dh_group = lib->settings->get_str(lib->settings, +@@ -584,8 +592,7 @@ imv_agent_if_t *imv_attestation_agent_cr + .solicit_recommendation = _solicit_recommendation, + .destroy = _destroy, + }, +- .agent = imv_agent_create(name, msg_types, countof(msg_types), id, +- actual_version), ++ .agent = agent, + .supported_algorithms = PTS_MEAS_ALGO_NONE, + .supported_dh_groups = PTS_DH_GROUP_NONE, + .pts_credmgr = credential_manager_create(), +@@ -595,8 +602,7 @@ imv_agent_if_t *imv_attestation_agent_cr + + libpts_init(); + +- if (!this->agent || +- !pts_meas_algo_probe(&this->supported_algorithms) || ++ if (!pts_meas_algo_probe(&this->supported_algorithms) || + !pts_dh_group_probe(&this->supported_dh_groups) || + !pts_meas_algo_update(hash_alg, &this->supported_algorithms) || + !pts_dh_group_update(dh_group, &this->supported_dh_groups)) +@@ -613,4 +619,3 @@ imv_agent_if_t *imv_attestation_agent_cr + + return &this->public; + } +- diff --git a/strongswan.spec b/strongswan.spec index f62adaf..a3d5772 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -9,7 +9,7 @@ Name: strongswan Version: 5.1.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: An OpenSource IPsec-based VPN Solution Group: System Environment/Daemons License: GPLv2+ @@ -19,6 +19,7 @@ Patch0: strongswan-init.patch Patch1: strongswan-pts-ecp-disable.patch Patch2: libstrongswan-plugin.patch Patch3: libstrongswan-settings-debug.patch +Patch4: imcv-initialization-crash-git-5ec08.patch BuildRequires: gmp-devel BuildRequires: libcurl-devel @@ -79,6 +80,7 @@ implementation possessing a standard IF-IMC/IMV interface. %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1" > README.Fedora @@ -317,6 +319,11 @@ fi %changelog +* Thu Sep 12 2013 Avesh Agarwal - 5.1.0-3 +- Fixed initialization crash of IMV and IMC particularly + attestation imv/imc as libstrongswas was not getting + initialized. + * Fri Aug 30 2013 Avesh Agarwal - 5.1.0-2 - Enabled fips support - Enabled TNC's ifmap support From b43681bf1b7dad2fdb787a714e923d99618ddef3 Mon Sep 17 00:00:00 2001 From: Avesh Agarwal Date: Fri, 1 Nov 2013 15:04:43 -0400 Subject: [PATCH 3/4] Support for PT-TLS (RFC 6876) - Support for SWID IMC/IMV - Support for command line IKE client charon-cmd - Changed location of pki to /usr/bin - Added swid tags files - Added man pages for pki and charon-cmd - Renamed pki to strongswan-pki to avoid conflict with pki-core/pki-tools package. - Update local patches - Fixes CVE-2013-6075 - Fixes CVE-2013-6076 - Fixed autoconf/automake issue as configure.ac got changed and it required running autoreconf during the build process. - added strongswan signature file to the sources. --- .gitignore | 2 + imcv-initialization-crash-git-5ec08.patch | 145 ---------------------- libstrongswan-plugin.patch | 6 +- libstrongswan-settings-debug.patch | 6 +- sources | 3 +- strongswan-init.patch | 32 ++--- strongswan-pts-ecp-disable.patch | 6 +- strongswan.spec | 43 +++++-- 8 files changed, 65 insertions(+), 178 deletions(-) delete mode 100644 imcv-initialization-crash-git-5ec08.patch diff --git a/.gitignore b/.gitignore index ee1d37e..caf2c88 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,5 @@ /strongswan-5.0.3.tar.bz2 /strongswan-5.0.4.tar.bz2 /strongswan-5.1.0.tar.bz2 +/strongswan-5.1.1.tar.bz2 +/strongswan-5.1.1.tar.bz2.sig diff --git a/imcv-initialization-crash-git-5ec08.patch b/imcv-initialization-crash-git-5ec08.patch deleted file mode 100644 index d1fc80c..0000000 --- a/imcv-initialization-crash-git-5ec08.patch +++ /dev/null @@ -1,145 +0,0 @@ -diff -urNp strongswan-5.1.0/src/libimcv/plugins/imv_os/imv_os_agent.c strongswan-5.1.0-test/src/libimcv/plugins/imv_os/imv_os_agent.c ---- strongswan-5.1.0/src/libimcv/plugins/imv_os/imv_os_agent.c 2013-07-04 15:55:16.000000000 -0400 -+++ strongswan-5.1.0-test/src/libimcv/plugins/imv_os/imv_os_agent.c 2013-09-11 15:39:04.263741942 -0400 -@@ -779,6 +779,14 @@ imv_agent_if_t *imv_os_agent_create(cons - TNC_Version *actual_version) - { - private_imv_os_agent_t *this; -+ imv_agent_t *agent; -+ -+ agent = imv_agent_create(name, msg_types, countof(msg_types), id, -+ actual_version); -+ if (!agent) -+ { -+ return NULL; -+ } - - INIT(this, - .public = { -@@ -790,16 +798,10 @@ imv_agent_if_t *imv_os_agent_create(cons - .solicit_recommendation = _solicit_recommendation, - .destroy = _destroy, - }, -- .agent = imv_agent_create(name, msg_types, countof(msg_types), id, -- actual_version), -+ .agent = agent, - .db = imv_os_database_create(imcv_db), - ); - -- if (!this->agent) -- { -- destroy(this); -- return NULL; -- } - return &this->public; - } - -diff -urNp strongswan-5.1.0/src/libimcv/plugins/imv_test/imv_test_agent.c strongswan-5.1.0-test/src/libimcv/plugins/imv_test/imv_test_agent.c ---- strongswan-5.1.0/src/libimcv/plugins/imv_test/imv_test_agent.c 2013-06-21 17:27:07.000000000 -0400 -+++ strongswan-5.1.0-test/src/libimcv/plugins/imv_test/imv_test_agent.c 2013-09-11 15:39:04.263741942 -0400 -@@ -296,6 +296,14 @@ imv_agent_if_t *imv_test_agent_create(co - TNC_Version *actual_version) - { - private_imv_test_agent_t *this; -+ imv_agent_t *agent; -+ -+ agent = imv_agent_create(name, msg_types, countof(msg_types), id, -+ actual_version); -+ if (!agent) -+ { -+ return NULL; -+ } - - INIT(this, - .public = { -@@ -307,15 +315,9 @@ imv_agent_if_t *imv_test_agent_create(co - .solicit_recommendation = _solicit_recommendation, - .destroy = _destroy, - }, -- .agent = imv_agent_create(name, msg_types, countof(msg_types), id, -- actual_version), -+ .agent = agent, - ); - -- if (!this->agent) -- { -- destroy(this); -- return NULL; -- } - return &this->public; - } - -diff -urNp strongswan-5.1.0/src/libpts/plugins/imc_attestation/imc_attestation.c strongswan-5.1.0-test/src/libpts/plugins/imc_attestation/imc_attestation.c ---- strongswan-5.1.0/src/libpts/plugins/imc_attestation/imc_attestation.c 2013-05-14 05:16:46.000000000 -0400 -+++ strongswan-5.1.0-test/src/libpts/plugins/imc_attestation/imc_attestation.c 2013-09-11 15:39:04.264741942 -0400 -@@ -71,11 +71,6 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID - DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name); - return TNC_RESULT_ALREADY_INITIALIZED; - } -- if (!pts_meas_algo_probe(&supported_algorithms) || -- !pts_dh_group_probe(&supported_dh_groups)) -- { -- return TNC_RESULT_FATAL; -- } - imc_attestation = imc_agent_create(imc_name, msg_types, countof(msg_types), - imc_id, actual_version); - if (!imc_attestation) -@@ -83,6 +78,13 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID - return TNC_RESULT_FATAL; - } - -+ if (!pts_meas_algo_probe(&supported_algorithms) || -+ !pts_dh_group_probe(&supported_dh_groups)) -+ { -+ imc_attestation->destroy(imc_attestation); -+ imc_attestation = NULL; -+ return TNC_RESULT_FATAL; -+ } - libpts_init(); - - if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1) -diff -urNp strongswan-5.1.0/src/libpts/plugins/imv_attestation/imv_attestation_agent.c strongswan-5.1.0-test/src/libpts/plugins/imv_attestation/imv_attestation_agent.c ---- strongswan-5.1.0/src/libpts/plugins/imv_attestation/imv_attestation_agent.c 2013-07-10 05:00:34.000000000 -0400 -+++ strongswan-5.1.0-test/src/libpts/plugins/imv_attestation/imv_attestation_agent.c 2013-09-11 15:39:04.264741942 -0400 -@@ -565,8 +565,16 @@ imv_agent_if_t *imv_attestation_agent_cr - TNC_Version *actual_version) - { - private_imv_attestation_agent_t *this; -+ imv_agent_t *agent; - char *hash_alg, *dh_group, *cadir; - -+ agent = imv_agent_create(name, msg_types, countof(msg_types), id, -+ actual_version); -+ if (!agent) -+ { -+ return NULL; -+ } -+ - hash_alg = lib->settings->get_str(lib->settings, - "libimcv.plugins.imv-attestation.hash_algorithm", "sha256"); - dh_group = lib->settings->get_str(lib->settings, -@@ -584,8 +592,7 @@ imv_agent_if_t *imv_attestation_agent_cr - .solicit_recommendation = _solicit_recommendation, - .destroy = _destroy, - }, -- .agent = imv_agent_create(name, msg_types, countof(msg_types), id, -- actual_version), -+ .agent = agent, - .supported_algorithms = PTS_MEAS_ALGO_NONE, - .supported_dh_groups = PTS_DH_GROUP_NONE, - .pts_credmgr = credential_manager_create(), -@@ -595,8 +602,7 @@ imv_agent_if_t *imv_attestation_agent_cr - - libpts_init(); - -- if (!this->agent || -- !pts_meas_algo_probe(&this->supported_algorithms) || -+ if (!pts_meas_algo_probe(&this->supported_algorithms) || - !pts_dh_group_probe(&this->supported_dh_groups) || - !pts_meas_algo_update(hash_alg, &this->supported_algorithms) || - !pts_dh_group_update(dh_group, &this->supported_dh_groups)) -@@ -613,4 +619,3 @@ imv_agent_if_t *imv_attestation_agent_cr - - return &this->public; - } -- diff --git a/libstrongswan-plugin.patch b/libstrongswan-plugin.patch index ce0951d..f204a1e 100644 --- a/libstrongswan-plugin.patch +++ b/libstrongswan-plugin.patch @@ -1,6 +1,6 @@ -diff -urNp strongswan-5.1.0-patched/src/libstrongswan/plugins/plugin_loader.c strongswan-5.1.0-current/src/libstrongswan/plugins/plugin_loader.c ---- strongswan-5.1.0-patched/src/libstrongswan/plugins/plugin_loader.c 2013-08-06 17:16:36.266031511 -0400 -+++ strongswan-5.1.0-current/src/libstrongswan/plugins/plugin_loader.c 2013-08-06 17:49:15.703354848 -0400 +diff -urNp strongswan-5.1.1-patched/src/libstrongswan/plugins/plugin_loader.c strongswan-5.1.1-current/src/libstrongswan/plugins/plugin_loader.c +--- strongswan-5.1.1-patched/src/libstrongswan/plugins/plugin_loader.c 2013-11-01 13:12:06.046927153 -0400 ++++ strongswan-5.1.1-current/src/libstrongswan/plugins/plugin_loader.c 2013-11-01 13:16:59.680916657 -0400 @@ -353,7 +353,7 @@ static plugin_entry_t *load_plugin(priva return NULL; } diff --git a/libstrongswan-settings-debug.patch b/libstrongswan-settings-debug.patch index 66bca56..692690d 100644 --- a/libstrongswan-settings-debug.patch +++ b/libstrongswan-settings-debug.patch @@ -1,6 +1,6 @@ -diff -urNp strongswan-5.1.0-patched/src/libstrongswan/utils/settings.c strongswan-5.1.0-current/src/libstrongswan/utils/settings.c ---- strongswan-5.1.0-patched/src/libstrongswan/utils/settings.c 2013-08-06 17:16:36.244031484 -0400 -+++ strongswan-5.1.0-current/src/libstrongswan/utils/settings.c 2013-08-06 17:52:43.272606717 -0400 +diff -urNp strongswan-5.1.1-patched/src/libstrongswan/utils/settings.c strongswan-5.1.1-current/src/libstrongswan/utils/settings.c +--- strongswan-5.1.1-patched/src/libstrongswan/utils/settings.c 2013-11-01 13:12:06.034927154 -0400 ++++ strongswan-5.1.1-current/src/libstrongswan/utils/settings.c 2013-11-01 13:18:56.230912491 -0400 @@ -960,7 +960,7 @@ static bool parse_file(linked_list_t *co { if (errno == ENOENT) diff --git a/sources b/sources index 388cdfe..b3b0e07 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ -c1cd0a3ba9960f590cae28c8470800e8 strongswan-5.1.0.tar.bz2 +e3af3d493d22286be3cd794533a8966a strongswan-5.1.1.tar.bz2 +5381c48d5cabec932aa2904abde93cd3 strongswan-5.1.1.tar.bz2.sig diff --git a/strongswan-init.patch b/strongswan-init.patch index ccd653a..eb29bdb 100644 --- a/strongswan-init.patch +++ b/strongswan-init.patch @@ -1,7 +1,7 @@ -diff -urNp strongswan-5.1.0-patched/configure.ac strongswan-5.1.0-current/configure.ac ---- strongswan-5.1.0-patched/configure.ac 2013-08-06 17:16:36.279031528 -0400 -+++ strongswan-5.1.0-current/configure.ac 2013-08-06 17:35:01.750380445 -0400 -@@ -1311,6 +1311,8 @@ AC_CONFIG_FILES([ +diff -urNp strongswan-5.1.1-patched/configure.ac strongswan-5.1.1-current/configure.ac +--- strongswan-5.1.1-patched/configure.ac 2013-11-01 13:12:05.964927156 -0400 ++++ strongswan-5.1.1-current/configure.ac 2013-11-01 13:12:24.357926499 -0400 +@@ -1330,6 +1330,8 @@ AC_CONFIG_FILES([ man/Makefile init/Makefile init/systemd/Makefile @@ -10,9 +10,9 @@ diff -urNp strongswan-5.1.0-patched/configure.ac strongswan-5.1.0-current/config src/Makefile src/include/Makefile src/libstrongswan/Makefile -diff -urNp strongswan-5.1.0-patched/init/Makefile.am strongswan-5.1.0-current/init/Makefile.am ---- strongswan-5.1.0-patched/init/Makefile.am 2013-08-06 17:16:36.279031528 -0400 -+++ strongswan-5.1.0-current/init/Makefile.am 2013-08-06 17:36:19.905472912 -0400 +diff -urNp strongswan-5.1.1-patched/init/Makefile.am strongswan-5.1.1-current/init/Makefile.am +--- strongswan-5.1.1-patched/init/Makefile.am 2013-11-01 13:12:05.966927156 -0400 ++++ strongswan-5.1.1-current/init/Makefile.am 2013-11-01 13:12:24.357926499 -0400 @@ -1,5 +1,5 @@ -SUBDIRS = @@ -20,14 +20,14 @@ diff -urNp strongswan-5.1.0-patched/init/Makefile.am strongswan-5.1.0-current/in if HAVE_SYSTEMD SUBDIRS += systemd -diff -urNp strongswan-5.1.0-patched/init/sysvinit/Makefile.am strongswan-5.1.0-current/init/sysvinit/Makefile.am ---- strongswan-5.1.0-patched/init/sysvinit/Makefile.am 1969-12-31 19:00:00.000000000 -0500 -+++ strongswan-5.1.0-current/init/sysvinit/Makefile.am 2013-07-31 15:56:21.919959000 -0400 +diff -urNp strongswan-5.1.1-patched/init/sysvinit/Makefile.am strongswan-5.1.1-current/init/sysvinit/Makefile.am +--- strongswan-5.1.1-patched/init/sysvinit/Makefile.am 1969-12-31 19:00:00.000000000 -0500 ++++ strongswan-5.1.1-current/init/sysvinit/Makefile.am 2013-11-01 13:12:24.358926499 -0400 @@ -0,0 +1 @@ +noinst_DATA = strongswan -diff -urNp strongswan-5.1.0-patched/init/sysvinit/strongswan strongswan-5.1.0-current/init/sysvinit/strongswan ---- strongswan-5.1.0-patched/init/sysvinit/strongswan 1969-12-31 19:00:00.000000000 -0500 -+++ strongswan-5.1.0-current/init/sysvinit/strongswan 2013-07-31 15:56:21.920958000 -0400 +diff -urNp strongswan-5.1.1-patched/init/sysvinit/strongswan strongswan-5.1.1-current/init/sysvinit/strongswan +--- strongswan-5.1.1-patched/init/sysvinit/strongswan 1969-12-31 19:00:00.000000000 -0500 ++++ strongswan-5.1.1-current/init/sysvinit/strongswan 2013-11-01 13:12:24.358926499 -0400 @@ -0,0 +1,100 @@ +#!/bin/sh +# @@ -129,9 +129,9 @@ diff -urNp strongswan-5.1.0-patched/init/sysvinit/strongswan strongswan-5.1.0-cu + exit 2 +esac +exit $? -diff -urNp strongswan-5.1.0-patched/init/sysvinit/strongswan.in strongswan-5.1.0-current/init/sysvinit/strongswan.in ---- strongswan-5.1.0-patched/init/sysvinit/strongswan.in 1969-12-31 19:00:00.000000000 -0500 -+++ strongswan-5.1.0-current/init/sysvinit/strongswan.in 2013-07-31 15:56:21.919959000 -0400 +diff -urNp strongswan-5.1.1-patched/init/sysvinit/strongswan.in strongswan-5.1.1-current/init/sysvinit/strongswan.in +--- strongswan-5.1.1-patched/init/sysvinit/strongswan.in 1969-12-31 19:00:00.000000000 -0500 ++++ strongswan-5.1.1-current/init/sysvinit/strongswan.in 2013-11-01 13:12:24.359926499 -0400 @@ -0,0 +1,100 @@ +#!/bin/sh +# diff --git a/strongswan-pts-ecp-disable.patch b/strongswan-pts-ecp-disable.patch index 59054eb..4f5c141 100644 --- a/strongswan-pts-ecp-disable.patch +++ b/strongswan-pts-ecp-disable.patch @@ -1,6 +1,6 @@ -diff -urNp strongswan-5.1.0-patched/src/libpts/pts/pts_dh_group.c strongswan-5.1.0-current/src/libpts/pts/pts_dh_group.c ---- strongswan-5.1.0-patched/src/libpts/pts/pts_dh_group.c 2013-08-06 17:16:36.238031476 -0400 -+++ strongswan-5.1.0-current/src/libpts/pts/pts_dh_group.c 2013-08-06 17:44:48.005036651 -0400 +diff -urNp strongswan-5.1.1-patched/src/libpts/pts/pts_dh_group.c strongswan-5.1.1-current/src/libpts/pts/pts_dh_group.c +--- strongswan-5.1.1-patched/src/libpts/pts/pts_dh_group.c 2013-11-01 13:12:05.985927156 -0400 ++++ strongswan-5.1.1-current/src/libpts/pts/pts_dh_group.c 2013-11-01 13:15:12.192920500 -0400 @@ -74,6 +74,16 @@ bool pts_dh_group_probe(pts_dh_group_t * { DBG1(DBG_PTS, format2, "mandatory", diffie_hellman_group_names, diff --git a/strongswan.spec b/strongswan.spec index a3d5772..f7e2d23 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -8,8 +8,8 @@ %endif Name: strongswan -Version: 5.1.0 -Release: 3%{?dist} +Version: 5.1.1 +Release: 1%{?dist} Summary: An OpenSource IPsec-based VPN Solution Group: System Environment/Daemons License: GPLv2+ @@ -19,9 +19,8 @@ Patch0: strongswan-init.patch Patch1: strongswan-pts-ecp-disable.patch Patch2: libstrongswan-plugin.patch Patch3: libstrongswan-settings-debug.patch -Patch4: imcv-initialization-crash-git-5ec08.patch -BuildRequires: gmp-devel +BuildRequires: gmp-devel autoconf automake BuildRequires: libcurl-devel BuildRequires: openldap-devel BuildRequires: openssl-devel @@ -80,13 +79,12 @@ implementation possessing a standard IF-IMC/IMV interface. %patch1 -p1 %patch2 -p1 %patch3 -p1 -%patch4 -p1 echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1" > README.Fedora %build # for initscript patch to work -#autoreconf +autoreconf %configure --disable-static \ --with-ipsec-script=%{name} \ --sysconfdir=%{_sysconfdir}/%{name} \ @@ -116,6 +114,8 @@ echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/stro --enable-imv-attestation \ --enable-imv-os \ --enable-imc-os \ + --enable-imc-swid \ + --enable-imv-swid \ --enable-eap-tnc \ --enable-tnccs-20 \ --enable-tnccs-11 \ @@ -125,6 +125,7 @@ echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/stro --enable-eap-radius \ --enable-curl \ --enable-eap-identity \ + --enable-cmd \ %{?_enable_nm} @@ -151,6 +152,8 @@ chmod 700 %{buildroot}%{_sysconfdir}/%{name} %else install -D -m 755 init/sysvinit/%{name} %{buildroot}/%{_initddir}/%{name} %endif +#rename /usr/bin/pki to avoid conflict with pki-core/pki-tools +mv %{buildroot}%{_bindir}/pki %{buildroot}%{_bindir}/%{name}-pki # Create ipsec.d directory tree. install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d @@ -259,13 +262,15 @@ fi %{_libexecdir}/%{name}/_updown_espmark %{_libexecdir}/%{name}/charon %{_libexecdir}/%{name}/openac -%{_libexecdir}/%{name}/pki %{_libexecdir}/%{name}/scepclient %{_libexecdir}/%{name}/starter %{_libexecdir}/%{name}/stroke %{_libexecdir}/%{name}/_imv_policy %{_libexecdir}/%{name}/imv_policy_manager +%{_bindir}/%{name}-pki +%{_sbindir}/charon-cmd %{_sbindir}/%{name} +%{_mandir}/man1/%{name}_pki*.1.gz %{_mandir}/man5/%{name}.conf.5.gz %{_mandir}/man5/%{name}_ipsec.conf.5.gz %{_mandir}/man5/%{name}_ipsec.secrets.5.gz @@ -274,6 +279,7 @@ fi %{_mandir}/man8/%{name}__updown_espmark.8.gz %{_mandir}/man8/%{name}_openac.8.gz %{_mandir}/man8/%{name}_scepclient.8.gz +%{_mandir}/man8/%{name}_charon-cmd.8.gz %files tnc-imcvs %dir %{_libdir}/%{name} @@ -290,10 +296,12 @@ fi %{_libdir}/%{name}/imcvs/imc-scanner.so %{_libdir}/%{name}/imcvs/imc-test.so %{_libdir}/%{name}/imcvs/imc-os.so +%{_libdir}/%{name}/imcvs/imc-swid.so %{_libdir}/%{name}/imcvs/imv-attestation.so %{_libdir}/%{name}/imcvs/imv-scanner.so %{_libdir}/%{name}/imcvs/imv-test.so %{_libdir}/%{name}/imcvs/imv-os.so +%{_libdir}/%{name}/imcvs/imv-swid.so %dir %{_libdir}/%{name}/plugins %{_libdir}/%{name}/plugins/lib%{name}-pkcs7.so %{_libdir}/%{name}/plugins/lib%{name}-sqlite.so @@ -310,6 +318,11 @@ fi %dir %{_libexecdir}/%{name} %{_libexecdir}/%{name}/attest %{_libexecdir}/%{name}/pacman +%{_libexecdir}/%{name}/pt-tls-client +#swid files +%{_libexecdir}/%{name}/*.swidtag +%dir %{_datadir}/regid.2004-03.org.%{name} +%{_datadir}/regid.2004-03.org.%{name}/*.swidtag %if 0%{?enable_nm} %files charon-nm @@ -319,6 +332,22 @@ fi %changelog +* Fri Nov 1 2013 Avesh Agarwal - 5.1.1-1 +- Support for PT-TLS (RFC 6876) +- Support for SWID IMC/IMV +- Support for command line IKE client charon-cmd +- Changed location of pki to /usr/bin +- Added swid tags files +- Added man pages for pki and charon-cmd +- Renamed pki to strongswan-pki to avoid conflict with + pki-core/pki-tools package. +- Update local patches +- Fixes CVE-2013-6075 +- Fixes CVE-2013-6076 +- Fixed autoconf/automake issue as configure.ac got changed + and it required running autoreconf during the build process. +- added strongswan signature file to the sources. + * Thu Sep 12 2013 Avesh Agarwal - 5.1.0-3 - Fixed initialization crash of IMV and IMC particularly attestation imv/imc as libstrongswas was not getting From 4fa580f8cd62b369380453dca32028d439aa519d Mon Sep 17 00:00:00 2001 From: Avesh Agarwal Date: Mon, 2 Dec 2013 16:07:57 -0500 Subject: [PATCH 4/4] Resolves: 973315 - Resolves: 1036844 --- libstrongswan-973315.patch | 137 +++++++++++++++++++++++++++++++++++++ strongswan-1036844.patch | 22 ++++++ strongswan.spec | 10 ++- 3 files changed, 168 insertions(+), 1 deletion(-) create mode 100644 libstrongswan-973315.patch create mode 100644 strongswan-1036844.patch diff --git a/libstrongswan-973315.patch b/libstrongswan-973315.patch new file mode 100644 index 0000000..20710b3 --- /dev/null +++ b/libstrongswan-973315.patch @@ -0,0 +1,137 @@ +diff -urNp strongswan-5.1.1-patched/src/libstrongswan/Makefile.am strongswan-5.1.1-current/src/libstrongswan/Makefile.am +--- strongswan-5.1.1-patched/src/libstrongswan/Makefile.am 2013-11-01 13:12:06.038927154 -0400 ++++ strongswan-5.1.1-current/src/libstrongswan/Makefile.am 2013-12-02 15:22:56.501380158 -0500 +@@ -102,6 +102,8 @@ AM_CFLAGS = \ + AM_LDFLAGS = \ + -no-undefined + ++AM_LDFLAGS = -rdynamic ++ + if USE_LEAK_DETECTIVE + AM_CPPFLAGS += -DLEAK_DETECTIVE + libstrongswan_la_SOURCES += utils/leak_detective.c +diff -urNp strongswan-5.1.1-patched/src/libstrongswan/plugins/cmac/Makefile.am strongswan-5.1.1-current/src/libstrongswan/plugins/cmac/Makefile.am +--- strongswan-5.1.1-patched/src/libstrongswan/plugins/cmac/Makefile.am 2013-11-01 13:12:06.045927153 -0400 ++++ strongswan-5.1.1-current/src/libstrongswan/plugins/cmac/Makefile.am 2013-12-02 15:22:56.502380158 -0500 +@@ -13,4 +13,5 @@ endif + libstrongswan_cmac_la_SOURCES = \ + cmac_plugin.h cmac_plugin.c cmac.h cmac.c + +-libstrongswan_cmac_la_LDFLAGS = -module -avoid-version ++libstrongswan_cmac_la_LDFLAGS = -no-undefined -module -avoid-version ++libstrongswan_cmac_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la +\ No newline at end of file +diff -urNp strongswan-5.1.1-patched/src/libstrongswan/plugins/constraints/Makefile.am strongswan-5.1.1-current/src/libstrongswan/plugins/constraints/Makefile.am +--- strongswan-5.1.1-patched/src/libstrongswan/plugins/constraints/Makefile.am 2013-11-01 13:12:06.054927153 -0400 ++++ strongswan-5.1.1-current/src/libstrongswan/plugins/constraints/Makefile.am 2013-12-02 15:22:56.526380158 -0500 +@@ -14,4 +14,5 @@ libstrongswan_constraints_la_SOURCES = \ + constraints_plugin.h constraints_plugin.c \ + constraints_validator.h constraints_validator.c + +-libstrongswan_constraints_la_LDFLAGS = -module -avoid-version ++libstrongswan_constraints_la_LDFLAGS = -no-undefined -module -avoid-version ++libstrongswan_constraints_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la +diff -urNp strongswan-5.1.1-patched/src/libstrongswan/plugins/hmac/Makefile.am strongswan-5.1.1-current/src/libstrongswan/plugins/hmac/Makefile.am +--- strongswan-5.1.1-patched/src/libstrongswan/plugins/hmac/Makefile.am 2013-11-01 13:12:06.051927153 -0400 ++++ strongswan-5.1.1-current/src/libstrongswan/plugins/hmac/Makefile.am 2013-12-02 15:22:56.526380158 -0500 +@@ -13,4 +13,5 @@ endif + libstrongswan_hmac_la_SOURCES = \ + hmac_plugin.h hmac_plugin.c hmac.h hmac.c + +-libstrongswan_hmac_la_LDFLAGS = -module -avoid-version ++libstrongswan_hmac_la_LDFLAGS = -no-undefined -module -avoid-version ++libstrongswan_hmac_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la +diff -urNp strongswan-5.1.1-patched/src/libstrongswan/plugins/nonce/Makefile.am strongswan-5.1.1-current/src/libstrongswan/plugins/nonce/Makefile.am +--- strongswan-5.1.1-patched/src/libstrongswan/plugins/nonce/Makefile.am 2013-11-01 13:12:06.053927153 -0400 ++++ strongswan-5.1.1-current/src/libstrongswan/plugins/nonce/Makefile.am 2013-12-02 15:22:56.527380158 -0500 +@@ -14,4 +14,5 @@ libstrongswan_nonce_la_SOURCES = \ + nonce_plugin.h nonce_plugin.c \ + nonce_nonceg.c nonce_nonceg.h + +-libstrongswan_nonce_la_LDFLAGS = -module -avoid-version ++libstrongswan_nonce_la_LDFLAGS = -no-undefined -module -avoid-version ++libstrongswan_nonce_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la +diff -urNp strongswan-5.1.1-patched/src/libstrongswan/plugins/openssl/Makefile.am strongswan-5.1.1-current/src/libstrongswan/plugins/openssl/Makefile.am +--- strongswan-5.1.1-patched/src/libstrongswan/plugins/openssl/Makefile.am 2013-11-01 13:12:06.050927153 -0400 ++++ strongswan-5.1.1-current/src/libstrongswan/plugins/openssl/Makefile.am 2013-12-02 15:22:56.527380158 -0500 +@@ -31,5 +31,6 @@ libstrongswan_openssl_la_SOURCES = \ + openssl_hmac.c openssl_hmac.h \ + openssl_gcm.c openssl_gcm.h + +-libstrongswan_openssl_la_LDFLAGS = -module -avoid-version +-libstrongswan_openssl_la_LIBADD = -lcrypto ++libstrongswan_openssl_la_LDFLAGS = -no-undefined -module -avoid-version ++libstrongswan_openssl_la_LIBADD = -lcrypto \ ++ $(top_builddir)/src/libstrongswan/libstrongswan.la +diff -urNp strongswan-5.1.1-patched/src/libstrongswan/plugins/pem/Makefile.am strongswan-5.1.1-current/src/libstrongswan/plugins/pem/Makefile.am +--- strongswan-5.1.1-patched/src/libstrongswan/plugins/pem/Makefile.am 2013-11-01 13:12:06.045927153 -0400 ++++ strongswan-5.1.1-current/src/libstrongswan/plugins/pem/Makefile.am 2013-12-02 15:22:56.527380158 -0500 +@@ -15,4 +15,5 @@ libstrongswan_pem_la_SOURCES = \ + pem_builder.c pem_builder.h \ + pem_encoder.c pem_encoder.h + +-libstrongswan_pem_la_LDFLAGS = -module -avoid-version ++libstrongswan_pem_la_LDFLAGS = -no-undefined -module -avoid-version ++libstrongswan_pem_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la +diff -urNp strongswan-5.1.1-patched/src/libstrongswan/plugins/pgp/Makefile.am strongswan-5.1.1-current/src/libstrongswan/plugins/pgp/Makefile.am +--- strongswan-5.1.1-patched/src/libstrongswan/plugins/pgp/Makefile.am 2013-11-01 13:12:06.047927153 -0400 ++++ strongswan-5.1.1-current/src/libstrongswan/plugins/pgp/Makefile.am 2013-12-02 15:22:56.528380158 -0500 +@@ -17,4 +17,5 @@ libstrongswan_pgp_la_SOURCES = \ + pgp_encoder.h pgp_encoder.c \ + pgp_builder.h pgp_builder.c + +-libstrongswan_pgp_la_LDFLAGS = -module -avoid-version ++libstrongswan_pgp_la_LDFLAGS = -no-undefined -module -avoid-version ++libstrongswan_pgp_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la +diff -urNp strongswan-5.1.1-patched/src/libstrongswan/plugins/random/Makefile.am strongswan-5.1.1-current/src/libstrongswan/plugins/random/Makefile.am +--- strongswan-5.1.1-patched/src/libstrongswan/plugins/random/Makefile.am 2013-11-01 13:12:06.043927154 -0400 ++++ strongswan-5.1.1-current/src/libstrongswan/plugins/random/Makefile.am 2013-12-02 15:22:56.528380158 -0500 +@@ -16,4 +16,5 @@ libstrongswan_random_la_SOURCES = \ + random_plugin.h random_plugin.c \ + random_rng.c random_rng.h + +-libstrongswan_random_la_LDFLAGS = -module -avoid-version ++libstrongswan_random_la_LDFLAGS = -no-undefined -module -avoid-version ++libstrongswan_random_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la +diff -urNp strongswan-5.1.1-patched/src/libstrongswan/plugins/revocation/Makefile.am strongswan-5.1.1-current/src/libstrongswan/plugins/revocation/Makefile.am +--- strongswan-5.1.1-patched/src/libstrongswan/plugins/revocation/Makefile.am 2013-11-01 13:12:06.058927153 -0400 ++++ strongswan-5.1.1-current/src/libstrongswan/plugins/revocation/Makefile.am 2013-12-02 15:22:56.528380158 -0500 +@@ -14,4 +14,5 @@ libstrongswan_revocation_la_SOURCES = \ + revocation_plugin.h revocation_plugin.c \ + revocation_validator.h revocation_validator.c + +-libstrongswan_revocation_la_LDFLAGS = -module -avoid-version ++libstrongswan_revocation_la_LDFLAGS = -no-undefined -module -avoid-version ++libstrongswan_revocation_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la +diff -urNp strongswan-5.1.1-patched/src/libstrongswan/plugins/sqlite/Makefile.am strongswan-5.1.1-current/src/libstrongswan/plugins/sqlite/Makefile.am +--- strongswan-5.1.1-patched/src/libstrongswan/plugins/sqlite/Makefile.am 2013-11-01 13:12:06.051927153 -0400 ++++ strongswan-5.1.1-current/src/libstrongswan/plugins/sqlite/Makefile.am 2013-12-02 15:22:56.547380158 -0500 +@@ -14,5 +14,6 @@ libstrongswan_sqlite_la_SOURCES = \ + sqlite_plugin.h sqlite_plugin.c \ + sqlite_database.h sqlite_database.c + +-libstrongswan_sqlite_la_LDFLAGS = -module -avoid-version +-libstrongswan_sqlite_la_LIBADD = -lsqlite3 ++libstrongswan_sqlite_la_LDFLAGS = -no-undefined -module -avoid-version ++libstrongswan_sqlite_la_LIBADD = -lsqlite3 \ ++ $(top_builddir)/src/libstrongswan/libstrongswan.la +diff -urNp strongswan-5.1.1-patched/src/libstrongswan/plugins/x509/Makefile.am strongswan-5.1.1-current/src/libstrongswan/plugins/x509/Makefile.am +--- strongswan-5.1.1-patched/src/libstrongswan/plugins/x509/Makefile.am 2013-11-01 13:12:06.056927153 -0400 ++++ strongswan-5.1.1-current/src/libstrongswan/plugins/x509/Makefile.am 2013-12-02 15:22:56.548380158 -0500 +@@ -19,4 +19,5 @@ libstrongswan_x509_la_SOURCES = \ + x509_ocsp_request.h x509_ocsp_request.c \ + x509_ocsp_response.h x509_ocsp_response.c + +-libstrongswan_x509_la_LDFLAGS = -module -avoid-version ++libstrongswan_x509_la_LDFLAGS = -no-undefined -module -avoid-version ++libstrongswan_x509_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la +diff -urNp strongswan-5.1.1-patched/src/libstrongswan/plugins/xcbc/Makefile.am strongswan-5.1.1-current/src/libstrongswan/plugins/xcbc/Makefile.am +--- strongswan-5.1.1-patched/src/libstrongswan/plugins/xcbc/Makefile.am 2013-11-01 13:12:06.059927153 -0400 ++++ strongswan-5.1.1-current/src/libstrongswan/plugins/xcbc/Makefile.am 2013-12-02 15:22:56.561380158 -0500 +@@ -13,4 +13,5 @@ endif + libstrongswan_xcbc_la_SOURCES = \ + xcbc_plugin.h xcbc_plugin.c xcbc.h xcbc.c + +-libstrongswan_xcbc_la_LDFLAGS = -module -avoid-version ++libstrongswan_xcbc_la_LDFLAGS = -no-undefined -module -avoid-version ++libstrongswan_xcbc_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la diff --git a/strongswan-1036844.patch b/strongswan-1036844.patch new file mode 100644 index 0000000..f221f80 --- /dev/null +++ b/strongswan-1036844.patch @@ -0,0 +1,22 @@ +diff -urNp strongswan-5.1.1-patched/configure.ac strongswan-5.1.1-current/configure.ac +--- strongswan-5.1.1-patched/configure.ac 2013-11-01 13:14:29.753922017 -0400 ++++ strongswan-5.1.1-current/configure.ac 2013-12-02 15:33:47.530389926 -0500 +@@ -20,7 +20,17 @@ + # ============================ + + AC_INIT([strongSwan],[5.1.1]) +-AM_INIT_AUTOMAKE([tar-ustar subdir-objects]) ++AM_INIT_AUTOMAKE(m4_esyscmd([ ++ echo tar-ustar ++ echo subdir-objects ++ case `automake --version | head -n 1` in ++ *" 1.9"*);; ++ *" 1.10"*);; ++ *" 1.11"*);; ++ # don't use parallel test harness in 1.12 and up ++ *) echo serial-tests;; ++ esac ++])) + m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES]) + AC_CONFIG_MACRO_DIR([m4/config]) + AC_CONFIG_HEADERS([config.h]) diff --git a/strongswan.spec b/strongswan.spec index f7e2d23..8235f5c 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -9,7 +9,7 @@ Name: strongswan Version: 5.1.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: An OpenSource IPsec-based VPN Solution Group: System Environment/Daemons License: GPLv2+ @@ -19,6 +19,8 @@ Patch0: strongswan-init.patch Patch1: strongswan-pts-ecp-disable.patch Patch2: libstrongswan-plugin.patch Patch3: libstrongswan-settings-debug.patch +Patch4: libstrongswan-973315.patch +Patch5: strongswan-1036844.patch BuildRequires: gmp-devel autoconf automake BuildRequires: libcurl-devel @@ -79,6 +81,8 @@ implementation possessing a standard IF-IMC/IMV interface. %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 +%patch5 -p1 echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1" > README.Fedora @@ -332,6 +336,10 @@ fi %changelog +* Mon Dec 2 2013 Avesh Agarwal - 5.1.1-2 +- Resolves: 973315 +- Resolves: 1036844 + * Fri Nov 1 2013 Avesh Agarwal - 5.1.1-1 - Support for PT-TLS (RFC 6876) - Support for SWID IMC/IMV