Resolves rhbz#2112274 strongswan-5.9.8 is available
Patch1 removes CFLAGS -Wno-format which interferes with -Werror=format-security Add BuildRequire for autoconf and automake, now required for release Remove obsolete patches
This commit is contained in:
Arne Reiter
2
.gitignore
vendored
2
.gitignore
vendored
@@ -9,3 +9,5 @@
|
||||
/strongswan-5.9.5.tar.bz2.sig
|
||||
/strongswan-5.9.6.tar.bz2
|
||||
/strongswan-5.9.6.tar.bz2.sig
|
||||
/strongswan-5.9.8.tar.bz2
|
||||
/strongswan-5.9.8.tar.bz2.sig
|
||||
|
||||
4
sources
4
sources
@@ -1,2 +1,2 @@
|
||||
SHA512 (strongswan-5.9.6.tar.bz2.sig) = c5f863eb1f504033aec2ab48f802584f97bb39650e55e829e31f36ea1594428caab84ea559ba82b56b060019598aada02df09311b583b098e32f5abad9fab29b
|
||||
SHA512 (strongswan-5.9.6.tar.bz2) = 8efb7a55b074485b874e941e42462e97a404b4f84e2f90ed18ef66274731b22d167a571f6fd028dccc1f199f2e591c82616d0a832a5084e1981c6b867fe5bb6a
|
||||
SHA512 (strongswan-5.9.8.tar.bz2.sig) = bf5c5fbcb6d14381260d1e79f6164170c3d568fbe2f623afb42b59bfa7e085551e26c43e4a41f4d8271d5f46601366f34fb52067bdd4c25a7633fa2fda83d5ae
|
||||
SHA512 (strongswan-5.9.8.tar.bz2) = 16d3afc80704f896f3f97addf452b4bb29fc1911c54e980f76ac48bdbe2340ce3bd4e79024848cb7961bbe9ad5458d93389343878ca042af658d51b11219666b
|
||||
|
||||
@@ -1,31 +0,0 @@
|
||||
From 377039d24648f82dac35dcf22a2b43de81f2fb96 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Thu, 11 Nov 2021 05:48:38 +0100
|
||||
Subject: [PATCH] Skip test case, which always hangs
|
||||
|
||||
It just stops and does not continue. Avoid that test.
|
||||
---
|
||||
src/libtls/tests/suites/test_socket.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/src/libtls/tests/suites/test_socket.c b/src/libtls/tests/suites/test_socket.c
|
||||
index 9e26e91..5296680 100644
|
||||
--- a/src/libtls/tests/suites/test_socket.c
|
||||
+++ b/src/libtls/tests/suites/test_socket.c
|
||||
@@ -804,11 +804,13 @@ Suite *socket_suite_create()
|
||||
add_tls_versions_test(test_tls_12_server, TLS_1_0, TLS_1_3);
|
||||
suite_add_tcase(s, tc);
|
||||
|
||||
+#if 0
|
||||
tc = tcase_create("TLS 1.3/key exchange groups");
|
||||
tcase_add_checked_fixture(tc, setup_creds, teardown_creds);
|
||||
tcase_add_loop_test(tc, test_tls13_ke_groups, 0,
|
||||
tls_crypto_get_supported_groups(NULL));
|
||||
suite_add_tcase(s, tc);
|
||||
+#endif
|
||||
|
||||
tc = tcase_create("TLS 1.3/signature schemes");
|
||||
tcase_add_checked_fixture(tc, setup_all_creds, teardown_creds);
|
||||
--
|
||||
2.31.1
|
||||
|
||||
@@ -1,71 +0,0 @@
|
||||
--- strongswan-5.9.5-orig/src/libstrongswan/plugins/openssl/openssl_plugin.c 2022-01-08 12:54:02.000000000 +0100
|
||||
+++ strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_plugin.c 2022-02-23 23:12:03.685111475 +0100
|
||||
@@ -16,7 +16,6 @@
|
||||
|
||||
#include <library.h>
|
||||
#include <utils/debug.h>
|
||||
-#include <collections/array.h>
|
||||
#include <threading/thread.h>
|
||||
#include <threading/mutex.h>
|
||||
#include <threading/thread_value.h>
|
||||
@@ -74,13 +73,6 @@
|
||||
* public functions
|
||||
*/
|
||||
openssl_plugin_t public;
|
||||
-
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
- /**
|
||||
- * Loaded providers
|
||||
- */
|
||||
- array_t *providers;
|
||||
-#endif
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -881,21 +873,12 @@
|
||||
#endif
|
||||
}
|
||||
*features = f;
|
||||
- return countof(f);
|
||||
+ return count;
|
||||
}
|
||||
|
||||
METHOD(plugin_t, destroy, void,
|
||||
private_openssl_plugin_t *this)
|
||||
{
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
- OSSL_PROVIDER *provider;
|
||||
- while (array_remove(this->providers, ARRAY_TAIL, &provider))
|
||||
- {
|
||||
- OSSL_PROVIDER_unload(provider);
|
||||
- }
|
||||
- array_destroy(this->providers);
|
||||
-#endif /* OPENSSL_VERSION_NUMBER */
|
||||
-
|
||||
/* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we
|
||||
* can't call it as we couldn't re-initialize the library (as required by the
|
||||
* unit tests and the Android app) */
|
||||
@@ -1009,20 +992,16 @@
|
||||
DBG1(DBG_LIB, "unable to load OpenSSL FIPS provider");
|
||||
return NULL;
|
||||
}
|
||||
- array_insert_create(&this->providers, ARRAY_TAIL, fips);
|
||||
/* explicitly load the base provider containing encoding functions */
|
||||
- array_insert_create(&this->providers, ARRAY_TAIL,
|
||||
- OSSL_PROVIDER_load(NULL, "base"));
|
||||
+ OSSL_PROVIDER_load(NULL, "base");
|
||||
}
|
||||
else if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy",
|
||||
TRUE, lib->ns))
|
||||
{
|
||||
/* load the legacy provider for algorithms like MD4, DES, BF etc. */
|
||||
- array_insert_create(&this->providers, ARRAY_TAIL,
|
||||
- OSSL_PROVIDER_load(NULL, "legacy"));
|
||||
+ OSSL_PROVIDER_load(NULL, "legacy");
|
||||
/* explicitly load the default provider, as mentioned by crypto(7) */
|
||||
- array_insert_create(&this->providers, ARRAY_TAIL,
|
||||
- OSSL_PROVIDER_load(NULL, "default"));
|
||||
+ OSSL_PROVIDER_load(NULL, "default");
|
||||
}
|
||||
ossl_provider_names_t data = {};
|
||||
OSSL_PROVIDER_do_all(NULL, concat_ossl_providers, &data);
|
||||
@@ -1,11 +0,0 @@
|
||||
--- strongswan-5.9.6-orig/src/libstrongswan/utils/enum.c 2022-04-16 10:08:07.000000000 +0200
|
||||
+++ strongswan-5.9.6/src/libstrongswan/utils/enum.c 2022-06-20 23:21:47.408857710 +0200
|
||||
@@ -97,7 +97,7 @@
|
||||
return buf;
|
||||
}
|
||||
|
||||
- if (snprintf(buf, len, e->names[0]) >= len)
|
||||
+ if (snprintf(buf, len, "%s", e->names[0]) >= len)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
12
strongswan-5.9.7-error-no-format.patch
Normal file
12
strongswan-5.9.7-error-no-format.patch
Normal file
@@ -0,0 +1,12 @@
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index f9e6e55c2..247d055d8 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -1480,7 +1480,6 @@ else
|
||||
fi
|
||||
# disable some warnings, whether explicitly enabled above or by default
|
||||
# these are not compatible with our custom printf specifiers
|
||||
-WARN_CFLAGS="$WARN_CFLAGS -Wno-format"
|
||||
WARN_CFLAGS="$WARN_CFLAGS -Wno-format-security"
|
||||
# we generally use comments, but GCC doesn't seem to recognize many of them
|
||||
WARN_CFLAGS="$WARN_CFLAGS -Wno-implicit-fallthrough"
|
||||
@@ -13,8 +13,8 @@
|
||||
%endif
|
||||
|
||||
Name: strongswan
|
||||
Version: 5.9.6
|
||||
Release: 2%{?dist}
|
||||
Version: 5.9.8
|
||||
Release: 1%{?dist}
|
||||
Summary: An OpenSource IPsec-based VPN and TNC solution
|
||||
License: GPLv2+
|
||||
URL: http://www.strongswan.org/
|
||||
@@ -23,12 +23,11 @@ Source1: http://download.strongswan.org/strongswan-%{version}%{?prereleas
|
||||
Source2: https://download.strongswan.org/STRONGSWAN-RELEASE-PGP-KEY
|
||||
Source3: tmpfiles-strongswan.conf
|
||||
Patch0: strongswan-5.6.0-uintptr_t.patch
|
||||
# https://github.com/strongswan/strongswan/issues/1025
|
||||
Patch1: strongswan-5.9.6-error-format-security.patch
|
||||
|
||||
# only needed for pre-release versions
|
||||
#BuildRequires: autoconf automake
|
||||
# https://github.com/strongswan/strongswan/issues/1198
|
||||
Patch1: strongswan-5.9.7-error-no-format.patch
|
||||
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: gnupg2
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc
|
||||
@@ -412,6 +411,12 @@ install -D -m 0644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.co
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Sun Oct 16 2022 Arne Reiter <redhat@arnereiter.de> - 5.9.8-1
|
||||
- Resolves rhbz#2112274 strongswan-5.9.8 is available
|
||||
- Patch1 removes CFLAGS -Wno-format which interferes with -Werror=format-security
|
||||
- Add BuildRequire for autoconf and automake, now required for release
|
||||
- Remove obsolete patches
|
||||
|
||||
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.9.6-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
|
||||
|
||||
Reference in New Issue
Block a user