rpms-fedora-extras/strongswan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support for PT-TLS (RFC 6876)

Browse Source 
- Support for SWID IMC/IMV
- Support for command line IKE client charon-cmd
- Changed location of pki to /usr/bin
- Added swid tags files
- Added man pages for pki and charon-cmd
- Renamed pki to strongswan-pki to avoid conflict with
  pki-core/pki-tools package.
- Update local patches
- Fixes CVE-2013-6075
- Fixes CVE-2013-6076
- Fixed autoconf/automake issue as configure.ac got changed
  and it required running autoreconf during the build process.
- added strongswan signature file to the sources.
This commit is contained in:
Avesh Agarwal
2013-11-01 15:04:43 -04:00
parent 5c4f5c4a52
commit b43681bf1b
8 changed files with 65 additions and 178 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -5,3 +5,5 @@
/strongswan-5.0.3.tar.bz2 /strongswan-5.0.3.tar.bz2
/strongswan-5.0.4.tar.bz2 /strongswan-5.0.4.tar.bz2
/strongswan-5.1.0.tar.bz2 /strongswan-5.1.0.tar.bz2
/strongswan-5.1.1.tar.bz2
/strongswan-5.1.1.tar.bz2.sig

145
imcv-initialization-crash-git-5ec08.patch
View File

@@ -1,145 +0,0 @@
diff -urNp strongswan-5.1.0/src/libimcv/plugins/imv_os/imv_os_agent.c strongswan-5.1.0-test/src/libimcv/plugins/imv_os/imv_os_agent.c
--- strongswan-5.1.0/src/libimcv/plugins/imv_os/imv_os_agent.c 2013-07-04 15:55:16.000000000 -0400
+++ strongswan-5.1.0-test/src/libimcv/plugins/imv_os/imv_os_agent.c 2013-09-11 15:39:04.263741942 -0400
@@ -779,6 +779,14 @@ imv_agent_if_t *imv_os_agent_create(cons
TNC_Version *actual_version)
{
private_imv_os_agent_t *this;
+ imv_agent_t *agent;
+
+ agent = imv_agent_create(name, msg_types, countof(msg_types), id,
+ actual_version);
+ if (!agent)
+ {
+ return NULL;
+ }
INIT(this,
.public = {
@@ -790,16 +798,10 @@ imv_agent_if_t *imv_os_agent_create(cons
.solicit_recommendation = _solicit_recommendation,
.destroy = _destroy,
},
- .agent = imv_agent_create(name, msg_types, countof(msg_types), id,
- actual_version),
+ .agent = agent,
.db = imv_os_database_create(imcv_db),
);
- if (!this->agent)
- {
- destroy(this);
- return NULL;
- }
return &this->public;
}
diff -urNp strongswan-5.1.0/src/libimcv/plugins/imv_test/imv_test_agent.c strongswan-5.1.0-test/src/libimcv/plugins/imv_test/imv_test_agent.c
--- strongswan-5.1.0/src/libimcv/plugins/imv_test/imv_test_agent.c 2013-06-21 17:27:07.000000000 -0400
+++ strongswan-5.1.0-test/src/libimcv/plugins/imv_test/imv_test_agent.c 2013-09-11 15:39:04.263741942 -0400
@@ -296,6 +296,14 @@ imv_agent_if_t *imv_test_agent_create(co
TNC_Version *actual_version)
{
private_imv_test_agent_t *this;
+ imv_agent_t *agent;
+
+ agent = imv_agent_create(name, msg_types, countof(msg_types), id,
+ actual_version);
+ if (!agent)
+ {
+ return NULL;
+ }
INIT(this,
.public = {
@@ -307,15 +315,9 @@ imv_agent_if_t *imv_test_agent_create(co
.solicit_recommendation = _solicit_recommendation,
.destroy = _destroy,
},
- .agent = imv_agent_create(name, msg_types, countof(msg_types), id,
- actual_version),
+ .agent = agent,
);
- if (!this->agent)
- {
- destroy(this);
- return NULL;
- }
return &this->public;
}
diff -urNp strongswan-5.1.0/src/libpts/plugins/imc_attestation/imc_attestation.c strongswan-5.1.0-test/src/libpts/plugins/imc_attestation/imc_attestation.c
--- strongswan-5.1.0/src/libpts/plugins/imc_attestation/imc_attestation.c 2013-05-14 05:16:46.000000000 -0400
+++ strongswan-5.1.0-test/src/libpts/plugins/imc_attestation/imc_attestation.c 2013-09-11 15:39:04.264741942 -0400
@@ -71,11 +71,6 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID
DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name);
return TNC_RESULT_ALREADY_INITIALIZED;
}
- if (!pts_meas_algo_probe(&supported_algorithms) ||
- !pts_dh_group_probe(&supported_dh_groups))
- {
- return TNC_RESULT_FATAL;
- }
imc_attestation = imc_agent_create(imc_name, msg_types, countof(msg_types),
imc_id, actual_version);
if (!imc_attestation)
@@ -83,6 +78,13 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID
return TNC_RESULT_FATAL;
}
+ if (!pts_meas_algo_probe(&supported_algorithms) ||
+ !pts_dh_group_probe(&supported_dh_groups))
+ {
+ imc_attestation->destroy(imc_attestation);
+ imc_attestation = NULL;
+ return TNC_RESULT_FATAL;
+ }
libpts_init();
if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1)
diff -urNp strongswan-5.1.0/src/libpts/plugins/imv_attestation/imv_attestation_agent.c strongswan-5.1.0-test/src/libpts/plugins/imv_attestation/imv_attestation_agent.c
--- strongswan-5.1.0/src/libpts/plugins/imv_attestation/imv_attestation_agent.c 2013-07-10 05:00:34.000000000 -0400
+++ strongswan-5.1.0-test/src/libpts/plugins/imv_attestation/imv_attestation_agent.c 2013-09-11 15:39:04.264741942 -0400
@@ -565,8 +565,16 @@ imv_agent_if_t *imv_attestation_agent_cr
TNC_Version *actual_version)
{
private_imv_attestation_agent_t *this;
+ imv_agent_t *agent;
char *hash_alg, *dh_group, *cadir;
+ agent = imv_agent_create(name, msg_types, countof(msg_types), id,
+ actual_version);
+ if (!agent)
+ {
+ return NULL;
+ }
+
hash_alg = lib->settings->get_str(lib->settings,
"libimcv.plugins.imv-attestation.hash_algorithm", "sha256");
dh_group = lib->settings->get_str(lib->settings,
@@ -584,8 +592,7 @@ imv_agent_if_t *imv_attestation_agent_cr
.solicit_recommendation = _solicit_recommendation,
.destroy = _destroy,
},
- .agent = imv_agent_create(name, msg_types, countof(msg_types), id,
- actual_version),
+ .agent = agent,
.supported_algorithms = PTS_MEAS_ALGO_NONE,
.supported_dh_groups = PTS_DH_GROUP_NONE,
.pts_credmgr = credential_manager_create(),
@@ -595,8 +602,7 @@ imv_agent_if_t *imv_attestation_agent_cr
libpts_init();
- if (!this->agent ||
- !pts_meas_algo_probe(&this->supported_algorithms) ||
+ if (!pts_meas_algo_probe(&this->supported_algorithms) ||
!pts_dh_group_probe(&this->supported_dh_groups) ||
!pts_meas_algo_update(hash_alg, &this->supported_algorithms) ||
!pts_dh_group_update(dh_group, &this->supported_dh_groups))
@@ -613,4 +619,3 @@ imv_agent_if_t *imv_attestation_agent_cr
return &this->public;
}
-

6
libstrongswan-plugin.patch
View File

@@ -1,6 +1,6 @@
diff -urNp strongswan-5.1.0-patched/src/libstrongswan/plugins/plugin_loader.c strongswan-5.1.0-current/src/libstrongswan/plugins/plugin_loader.c diff -urNp strongswan-5.1.1-patched/src/libstrongswan/plugins/plugin_loader.c strongswan-5.1.1-current/src/libstrongswan/plugins/plugin_loader.c
--- strongswan-5.1.0-patched/src/libstrongswan/plugins/plugin_loader.c 2013-08-06 17:16:36.266031511 -0400 --- strongswan-5.1.1-patched/src/libstrongswan/plugins/plugin_loader.c 2013-11-01 13:12:06.046927153 -0400
+++ strongswan-5.1.0-current/src/libstrongswan/plugins/plugin_loader.c 2013-08-06 17:49:15.703354848 -0400 +++ strongswan-5.1.1-current/src/libstrongswan/plugins/plugin_loader.c 2013-11-01 13:16:59.680916657 -0400
@@ -353,7 +353,7 @@ static plugin_entry_t *load_plugin(priva @@ -353,7 +353,7 @@ static plugin_entry_t *load_plugin(priva
return NULL; return NULL;
} }

6
libstrongswan-settings-debug.patch
View File

@@ -1,6 +1,6 @@
diff -urNp strongswan-5.1.0-patched/src/libstrongswan/utils/settings.c strongswan-5.1.0-current/src/libstrongswan/utils/settings.c diff -urNp strongswan-5.1.1-patched/src/libstrongswan/utils/settings.c strongswan-5.1.1-current/src/libstrongswan/utils/settings.c
--- strongswan-5.1.0-patched/src/libstrongswan/utils/settings.c 2013-08-06 17:16:36.244031484 -0400 --- strongswan-5.1.1-patched/src/libstrongswan/utils/settings.c 2013-11-01 13:12:06.034927154 -0400
+++ strongswan-5.1.0-current/src/libstrongswan/utils/settings.c 2013-08-06 17:52:43.272606717 -0400 +++ strongswan-5.1.1-current/src/libstrongswan/utils/settings.c 2013-11-01 13:18:56.230912491 -0400
@@ -960,7 +960,7 @@ static bool parse_file(linked_list_t *co @@ -960,7 +960,7 @@ static bool parse_file(linked_list_t *co
{ {
if (errno == ENOENT) if (errno == ENOENT)

3
sources
View File

@@ -1 +1,2 @@
c1cd0a3ba9960f590cae28c8470800e8 strongswan-5.1.0.tar.bz2 e3af3d493d22286be3cd794533a8966a strongswan-5.1.1.tar.bz2
5381c48d5cabec932aa2904abde93cd3 strongswan-5.1.1.tar.bz2.sig

32
strongswan-init.patch
View File

@@ -1,7 +1,7 @@
diff -urNp strongswan-5.1.0-patched/configure.ac strongswan-5.1.0-current/configure.ac diff -urNp strongswan-5.1.1-patched/configure.ac strongswan-5.1.1-current/configure.ac
--- strongswan-5.1.0-patched/configure.ac 2013-08-06 17:16:36.279031528 -0400 --- strongswan-5.1.1-patched/configure.ac 2013-11-01 13:12:05.964927156 -0400
+++ strongswan-5.1.0-current/configure.ac 2013-08-06 17:35:01.750380445 -0400 +++ strongswan-5.1.1-current/configure.ac 2013-11-01 13:12:24.357926499 -0400
@@ -1311,6 +1311,8 @@ AC_CONFIG_FILES([ @@ -1330,6 +1330,8 @@ AC_CONFIG_FILES([
man/Makefile man/Makefile
init/Makefile init/Makefile
init/systemd/Makefile init/systemd/Makefile
@@ -10,9 +10,9 @@ diff -urNp strongswan-5.1.0-patched/configure.ac strongswan-5.1.0-current/config
src/Makefile src/Makefile
src/include/Makefile src/include/Makefile
src/libstrongswan/Makefile src/libstrongswan/Makefile
diff -urNp strongswan-5.1.0-patched/init/Makefile.am strongswan-5.1.0-current/init/Makefile.am diff -urNp strongswan-5.1.1-patched/init/Makefile.am strongswan-5.1.1-current/init/Makefile.am
--- strongswan-5.1.0-patched/init/Makefile.am 2013-08-06 17:16:36.279031528 -0400 --- strongswan-5.1.1-patched/init/Makefile.am 2013-11-01 13:12:05.966927156 -0400
+++ strongswan-5.1.0-current/init/Makefile.am 2013-08-06 17:36:19.905472912 -0400 +++ strongswan-5.1.1-current/init/Makefile.am 2013-11-01 13:12:24.357926499 -0400
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
-SUBDIRS = -SUBDIRS =
@@ -20,14 +20,14 @@ diff -urNp strongswan-5.1.0-patched/init/Makefile.am strongswan-5.1.0-current/in
if HAVE_SYSTEMD if HAVE_SYSTEMD
SUBDIRS += systemd SUBDIRS += systemd
diff -urNp strongswan-5.1.0-patched/init/sysvinit/Makefile.am strongswan-5.1.0-current/init/sysvinit/Makefile.am diff -urNp strongswan-5.1.1-patched/init/sysvinit/Makefile.am strongswan-5.1.1-current/init/sysvinit/Makefile.am
--- strongswan-5.1.0-patched/init/sysvinit/Makefile.am 1969-12-31 19:00:00.000000000 -0500 --- strongswan-5.1.1-patched/init/sysvinit/Makefile.am 1969-12-31 19:00:00.000000000 -0500
+++ strongswan-5.1.0-current/init/sysvinit/Makefile.am 2013-07-31 15:56:21.919959000 -0400 +++ strongswan-5.1.1-current/init/sysvinit/Makefile.am 2013-11-01 13:12:24.358926499 -0400
@@ -0,0 +1 @@ @@ -0,0 +1 @@
+noinst_DATA = strongswan +noinst_DATA = strongswan
diff -urNp strongswan-5.1.0-patched/init/sysvinit/strongswan strongswan-5.1.0-current/init/sysvinit/strongswan diff -urNp strongswan-5.1.1-patched/init/sysvinit/strongswan strongswan-5.1.1-current/init/sysvinit/strongswan
--- strongswan-5.1.0-patched/init/sysvinit/strongswan 1969-12-31 19:00:00.000000000 -0500 --- strongswan-5.1.1-patched/init/sysvinit/strongswan 1969-12-31 19:00:00.000000000 -0500
+++ strongswan-5.1.0-current/init/sysvinit/strongswan 2013-07-31 15:56:21.920958000 -0400 +++ strongswan-5.1.1-current/init/sysvinit/strongswan 2013-11-01 13:12:24.358926499 -0400
@@ -0,0 +1,100 @@ @@ -0,0 +1,100 @@
+#!/bin/sh +#!/bin/sh
+# +#
@@ -129,9 +129,9 @@ diff -urNp strongswan-5.1.0-patched/init/sysvinit/strongswan strongswan-5.1.0-cu
+ exit 2 + exit 2
+esac +esac
+exit $? +exit $?
diff -urNp strongswan-5.1.0-patched/init/sysvinit/strongswan.in strongswan-5.1.0-current/init/sysvinit/strongswan.in diff -urNp strongswan-5.1.1-patched/init/sysvinit/strongswan.in strongswan-5.1.1-current/init/sysvinit/strongswan.in
--- strongswan-5.1.0-patched/init/sysvinit/strongswan.in 1969-12-31 19:00:00.000000000 -0500 --- strongswan-5.1.1-patched/init/sysvinit/strongswan.in 1969-12-31 19:00:00.000000000 -0500
+++ strongswan-5.1.0-current/init/sysvinit/strongswan.in 2013-07-31 15:56:21.919959000 -0400 +++ strongswan-5.1.1-current/init/sysvinit/strongswan.in 2013-11-01 13:12:24.359926499 -0400
@@ -0,0 +1,100 @@ @@ -0,0 +1,100 @@
+#!/bin/sh +#!/bin/sh
+# +#

6
strongswan-pts-ecp-disable.patch
View File

@@ -1,6 +1,6 @@
diff -urNp strongswan-5.1.0-patched/src/libpts/pts/pts_dh_group.c strongswan-5.1.0-current/src/libpts/pts/pts_dh_group.c diff -urNp strongswan-5.1.1-patched/src/libpts/pts/pts_dh_group.c strongswan-5.1.1-current/src/libpts/pts/pts_dh_group.c
--- strongswan-5.1.0-patched/src/libpts/pts/pts_dh_group.c 2013-08-06 17:16:36.238031476 -0400 --- strongswan-5.1.1-patched/src/libpts/pts/pts_dh_group.c 2013-11-01 13:12:05.985927156 -0400
+++ strongswan-5.1.0-current/src/libpts/pts/pts_dh_group.c 2013-08-06 17:44:48.005036651 -0400 +++ strongswan-5.1.1-current/src/libpts/pts/pts_dh_group.c 2013-11-01 13:15:12.192920500 -0400
@@ -74,6 +74,16 @@ bool pts_dh_group_probe(pts_dh_group_t * @@ -74,6 +74,16 @@ bool pts_dh_group_probe(pts_dh_group_t *
{ {
DBG1(DBG_PTS, format2, "mandatory", diffie_hellman_group_names, DBG1(DBG_PTS, format2, "mandatory", diffie_hellman_group_names,

43
strongswan.spec
View File

@@ -8,8 +8,8 @@
%endif %endif
Name: strongswan Name: strongswan
Version: 5.1.0 Version: 5.1.1
Release: 3%{?dist} Release: 1%{?dist}
Summary: An OpenSource IPsec-based VPN Solution Summary: An OpenSource IPsec-based VPN Solution
Group: System Environment/Daemons Group: System Environment/Daemons
License: GPLv2+ License: GPLv2+
@@ -19,9 +19,8 @@ Patch0: strongswan-init.patch
Patch1: strongswan-pts-ecp-disable.patch Patch1: strongswan-pts-ecp-disable.patch
Patch2: libstrongswan-plugin.patch Patch2: libstrongswan-plugin.patch
Patch3: libstrongswan-settings-debug.patch Patch3: libstrongswan-settings-debug.patch
Patch4: imcv-initialization-crash-git-5ec08.patch
BuildRequires: gmp-devel BuildRequires: gmp-devel autoconf automake
BuildRequires: libcurl-devel BuildRequires: libcurl-devel
BuildRequires: openldap-devel BuildRequires: openldap-devel
BuildRequires: openssl-devel BuildRequires: openssl-devel
@@ -80,13 +79,12 @@ implementation possessing a standard IF-IMC/IMV interface.
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1
echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1" > README.Fedora echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1" > README.Fedora
%build %build
# for initscript patch to work # for initscript patch to work
#autoreconf autoreconf
%configure --disable-static \ %configure --disable-static \
--with-ipsec-script=%{name} \ --with-ipsec-script=%{name} \
--sysconfdir=%{_sysconfdir}/%{name} \ --sysconfdir=%{_sysconfdir}/%{name} \
@@ -116,6 +114,8 @@ echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/stro
--enable-imv-attestation \ --enable-imv-attestation \
--enable-imv-os \ --enable-imv-os \
--enable-imc-os \ --enable-imc-os \
--enable-imc-swid \
--enable-imv-swid \
--enable-eap-tnc \ --enable-eap-tnc \
--enable-tnccs-20 \ --enable-tnccs-20 \
--enable-tnccs-11 \ --enable-tnccs-11 \
@@ -125,6 +125,7 @@ echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/stro
--enable-eap-radius \ --enable-eap-radius \
--enable-curl \ --enable-curl \
--enable-eap-identity \ --enable-eap-identity \
--enable-cmd \
%{?_enable_nm} %{?_enable_nm}
@@ -151,6 +152,8 @@ chmod 700 %{buildroot}%{_sysconfdir}/%{name}
%else %else
install -D -m 755 init/sysvinit/%{name} %{buildroot}/%{_initddir}/%{name} install -D -m 755 init/sysvinit/%{name} %{buildroot}/%{_initddir}/%{name}
%endif %endif
#rename /usr/bin/pki to avoid conflict with pki-core/pki-tools
mv %{buildroot}%{_bindir}/pki %{buildroot}%{_bindir}/%{name}-pki
# Create ipsec.d directory tree. # Create ipsec.d directory tree.
install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d
@@ -259,13 +262,15 @@ fi
%{_libexecdir}/%{name}/_updown_espmark %{_libexecdir}/%{name}/_updown_espmark
%{_libexecdir}/%{name}/charon %{_libexecdir}/%{name}/charon
%{_libexecdir}/%{name}/openac %{_libexecdir}/%{name}/openac
%{_libexecdir}/%{name}/pki
%{_libexecdir}/%{name}/scepclient %{_libexecdir}/%{name}/scepclient
%{_libexecdir}/%{name}/starter %{_libexecdir}/%{name}/starter
%{_libexecdir}/%{name}/stroke %{_libexecdir}/%{name}/stroke
%{_libexecdir}/%{name}/_imv_policy %{_libexecdir}/%{name}/_imv_policy
%{_libexecdir}/%{name}/imv_policy_manager %{_libexecdir}/%{name}/imv_policy_manager
%{_bindir}/%{name}-pki
%{_sbindir}/charon-cmd
%{_sbindir}/%{name} %{_sbindir}/%{name}
%{_mandir}/man1/%{name}_pki*.1.gz
%{_mandir}/man5/%{name}.conf.5.gz %{_mandir}/man5/%{name}.conf.5.gz
%{_mandir}/man5/%{name}_ipsec.conf.5.gz %{_mandir}/man5/%{name}_ipsec.conf.5.gz
%{_mandir}/man5/%{name}_ipsec.secrets.5.gz %{_mandir}/man5/%{name}_ipsec.secrets.5.gz
@@ -274,6 +279,7 @@ fi
%{_mandir}/man8/%{name}__updown_espmark.8.gz %{_mandir}/man8/%{name}__updown_espmark.8.gz
%{_mandir}/man8/%{name}_openac.8.gz %{_mandir}/man8/%{name}_openac.8.gz
%{_mandir}/man8/%{name}_scepclient.8.gz %{_mandir}/man8/%{name}_scepclient.8.gz
%{_mandir}/man8/%{name}_charon-cmd.8.gz
%files tnc-imcvs %files tnc-imcvs
%dir %{_libdir}/%{name} %dir %{_libdir}/%{name}
@@ -290,10 +296,12 @@ fi
%{_libdir}/%{name}/imcvs/imc-scanner.so %{_libdir}/%{name}/imcvs/imc-scanner.so
%{_libdir}/%{name}/imcvs/imc-test.so %{_libdir}/%{name}/imcvs/imc-test.so
%{_libdir}/%{name}/imcvs/imc-os.so %{_libdir}/%{name}/imcvs/imc-os.so
%{_libdir}/%{name}/imcvs/imc-swid.so
%{_libdir}/%{name}/imcvs/imv-attestation.so %{_libdir}/%{name}/imcvs/imv-attestation.so
%{_libdir}/%{name}/imcvs/imv-scanner.so %{_libdir}/%{name}/imcvs/imv-scanner.so
%{_libdir}/%{name}/imcvs/imv-test.so %{_libdir}/%{name}/imcvs/imv-test.so
%{_libdir}/%{name}/imcvs/imv-os.so %{_libdir}/%{name}/imcvs/imv-os.so
%{_libdir}/%{name}/imcvs/imv-swid.so
%dir %{_libdir}/%{name}/plugins %dir %{_libdir}/%{name}/plugins
%{_libdir}/%{name}/plugins/lib%{name}-pkcs7.so %{_libdir}/%{name}/plugins/lib%{name}-pkcs7.so
%{_libdir}/%{name}/plugins/lib%{name}-sqlite.so %{_libdir}/%{name}/plugins/lib%{name}-sqlite.so
@@ -310,6 +318,11 @@ fi
%dir %{_libexecdir}/%{name} %dir %{_libexecdir}/%{name}
%{_libexecdir}/%{name}/attest %{_libexecdir}/%{name}/attest
%{_libexecdir}/%{name}/pacman %{_libexecdir}/%{name}/pacman
%{_libexecdir}/%{name}/pt-tls-client
#swid files
%{_libexecdir}/%{name}/*.swidtag
%dir %{_datadir}/regid.2004-03.org.%{name}
%{_datadir}/regid.2004-03.org.%{name}/*.swidtag
%if 0%{?enable_nm} %if 0%{?enable_nm}
%files charon-nm %files charon-nm
@@ -319,6 +332,22 @@ fi
%changelog %changelog
* Fri Nov 1 2013 Avesh Agarwal <avagarwa@redhat.com> - 5.1.1-1
- Support for PT-TLS (RFC 6876)
- Support for SWID IMC/IMV
- Support for command line IKE client charon-cmd
- Changed location of pki to /usr/bin
- Added swid tags files
- Added man pages for pki and charon-cmd
- Renamed pki to strongswan-pki to avoid conflict with
pki-core/pki-tools package.
- Update local patches
- Fixes CVE-2013-6075
- Fixes CVE-2013-6076
- Fixed autoconf/automake issue as configure.ac got changed
and it required running autoreconf during the build process.
- added strongswan signature file to the sources.
* Thu Sep 12 2013 Avesh Agarwal <avagarwa@redhat.com> - 5.1.0-3 * Thu Sep 12 2013 Avesh Agarwal <avagarwa@redhat.com> - 5.1.0-3
- Fixed initialization crash of IMV and IMC particularly - Fixed initialization crash of IMV and IMC particularly
attestation imv/imc as libstrongswas was not getting attestation imv/imc as libstrongswas was not getting