Compare commits
19 Commits
strongswan
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
|
d2bf10503b | ||
|
|
206f1fff39 | ||
|
c671c8eddf | ||
|
|
2054770361 | ||
|
1bd38c323e | ||
|
6c46f34786 | ||
|
|
66c97839f3 | ||
|
|
20b5f4d7fd | ||
|
|
d2e288f585 | ||
|
|
0ab6394034 | ||
|
|
a7360fff44 | ||
|
|
ad83060f5e | ||
|
|
77923c7621 | ||
|
|
457ad9b702 | ||
|
|
2d2adcb664 | ||
|
|
be375bffce | ||
|
|
cb849f3fc5 | ||
|
|
1d3dc6a769 | ||
|
|
2271eb0481 |
3
.gitignore
vendored
3
.gitignore
vendored
@@ -1 +1,2 @@
|
|||||||
/strongswan-5.6.3.tar.bz2
|
/strongswan-5.8.4.tar.bz2
|
||||||
|
/strongswan-5.9.0.tar.bz2
|
||||||
|
|||||||
2
sources
2
sources
@@ -1 +1 @@
|
|||||||
SHA512 (strongswan-5.6.3.tar.bz2) = 080402640952b1a08e95bfe9c7f33c6a7dd01ac401b5e7e2e78257c0f2bf0a4d6078141232ac62abfacef892c493f6824948b3165d54d72b4e436ed564fd2609
|
SHA512 (strongswan-5.9.0.tar.bz2) = b982ce7c3e940ad75ab71b02ce3e2813b41c6b098cde5b6f3f3513d095f409fe989ae6e38a31eff51c57423bf452c3610cd5cd8cd7f45ff932581d9859df1821
|
||||||
|
|||||||
24
strongswan-5.8.4-runtime-dir.patch
Normal file
24
strongswan-5.8.4-runtime-dir.patch
Normal file
@@ -0,0 +1,24 @@
|
|||||||
|
diff -ur strongswan-5.8.4.orig/init/systemd/strongswan.service.in strongswan-5.8.4/init/systemd/strongswan.service.in
|
||||||
|
--- strongswan-5.8.4.orig/init/systemd/strongswan.service.in 2019-08-27 16:26:53.000000000 +0300
|
||||||
|
+++ strongswan-5.8.4/init/systemd/strongswan.service.in 2020-04-12 12:05:57.383596844 +0300
|
||||||
|
@@ -9,6 +9,8 @@
|
||||||
|
ExecReload=@SBINDIR@/swanctl --reload
|
||||||
|
ExecReload=@SBINDIR@/swanctl --load-all --noprompt
|
||||||
|
Restart=on-abnormal
|
||||||
|
+RuntimeDirectory=strongswan
|
||||||
|
+RuntimeDirectoryMode=0755
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
diff -ur strongswan-5.8.4.orig/init/systemd-starter/strongswan-starter.service.in strongswan-5.8.4/init/systemd-starter/strongswan-starter.service.in
|
||||||
|
--- strongswan-5.8.4.orig/init/systemd-starter/strongswan-starter.service.in 2019-08-27 16:26:53.000000000 +0300
|
||||||
|
+++ strongswan-5.8.4/init/systemd-starter/strongswan-starter.service.in 2020-04-12 12:05:51.810559482 +0300
|
||||||
|
@@ -6,6 +6,8 @@
|
||||||
|
ExecStart=@SBINDIR@/@IPSEC_SCRIPT@ start --nofork
|
||||||
|
StandardOutput=syslog
|
||||||
|
Restart=on-abnormal
|
||||||
|
+RuntimeDirectory=strongswan
|
||||||
|
+RuntimeDirectoryMode=0755
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
@@ -2,12 +2,14 @@
|
|||||||
#%%define prerelease dr1
|
#%%define prerelease dr1
|
||||||
|
|
||||||
Name: strongswan
|
Name: strongswan
|
||||||
Version: 5.6.3
|
Version: 5.9.0
|
||||||
Release: 3%{?dist}
|
Release: 2%{?dist}
|
||||||
Summary: An OpenSource IPsec-based VPN and TNC solution
|
Summary: An OpenSource IPsec-based VPN and TNC solution
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
URL: http://www.strongswan.org/
|
URL: http://www.strongswan.org/
|
||||||
Source0: http://download.strongswan.org/%{name}-%{version}%{?prerelease}.tar.bz2
|
Source0: http://download.strongswan.org/%{name}-%{version}%{?prerelease}.tar.bz2
|
||||||
|
Source1: tmpfiles-strongswan.conf
|
||||||
|
Patch0: strongswan-5.8.4-runtime-dir.patch
|
||||||
Patch1: strongswan-5.6.0-uintptr_t.patch
|
Patch1: strongswan-5.6.0-uintptr_t.patch
|
||||||
Patch3: strongswan-5.6.2-CVE-2018-5388.patch
|
Patch3: strongswan-5.6.2-CVE-2018-5388.patch
|
||||||
|
|
||||||
@@ -78,6 +80,7 @@ PT-TLS to support TNC over TLS.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n %{name}-%{version}%{?prerelease}
|
%setup -q -n %{name}-%{version}%{?prerelease}
|
||||||
|
%patch0 -p1
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
|
|
||||||
@@ -95,7 +98,8 @@ PT-TLS to support TNC over TLS.
|
|||||||
--with-ipsecdir=%{_libexecdir}/strongswan \
|
--with-ipsecdir=%{_libexecdir}/strongswan \
|
||||||
--bindir=%{_libexecdir}/strongswan \
|
--bindir=%{_libexecdir}/strongswan \
|
||||||
--with-ipseclibdir=%{_libdir}/strongswan \
|
--with-ipseclibdir=%{_libdir}/strongswan \
|
||||||
--with-fips-mode=2 \
|
--with-piddir=%{_rundir}/strongswan \
|
||||||
|
--with-nm-ca-dir=%{_sysconfdir}/strongswan/ipsec.d/cacerts/ \
|
||||||
--enable-bypass-lan \
|
--enable-bypass-lan \
|
||||||
--enable-tss-trousers \
|
--enable-tss-trousers \
|
||||||
--enable-nm \
|
--enable-nm \
|
||||||
@@ -179,7 +183,6 @@ make %{?_smp_mflags}
|
|||||||
|
|
||||||
%install
|
%install
|
||||||
make install DESTDIR=%{buildroot}
|
make install DESTDIR=%{buildroot}
|
||||||
mv %{buildroot}%{_sysconfdir}/strongswan/dbus-1 %{buildroot}%{_sysconfdir}/
|
|
||||||
# prefix man pages
|
# prefix man pages
|
||||||
for i in %{buildroot}%{_mandir}/*/*; do
|
for i in %{buildroot}%{_mandir}/*/*; do
|
||||||
if echo "$i" | grep -vq '/strongswan[^\/]*$'; then
|
if echo "$i" | grep -vq '/strongswan[^\/]*$'; then
|
||||||
@@ -197,6 +200,8 @@ install -d -m 700 %{buildroot}%{_sysconfdir}/strongswan/ipsec.d
|
|||||||
for i in aacerts acerts certs cacerts crls ocspcerts private reqs; do
|
for i in aacerts acerts certs cacerts crls ocspcerts private reqs; do
|
||||||
install -d -m 700 %{buildroot}%{_sysconfdir}/strongswan/ipsec.d/${i}
|
install -d -m 700 %{buildroot}%{_sysconfdir}/strongswan/ipsec.d/${i}
|
||||||
done
|
done
|
||||||
|
install -d -m 0700 %{buildroot}%{_rundir}/strongswan
|
||||||
|
install -D -m 0644 %{SOURCE1} %{buildroot}/%{_tmpfilesdir}/strongswan.conf
|
||||||
|
|
||||||
%post
|
%post
|
||||||
%systemd_post %{name}.service
|
%systemd_post %{name}.service
|
||||||
@@ -217,7 +222,7 @@ done
|
|||||||
%dir %{_libdir}/strongswan/plugins
|
%dir %{_libdir}/strongswan/plugins
|
||||||
%dir %{_libexecdir}/strongswan
|
%dir %{_libexecdir}/strongswan
|
||||||
%{_unitdir}/strongswan.service
|
%{_unitdir}/strongswan.service
|
||||||
%{_unitdir}/strongswan-swanctl.service
|
%{_unitdir}/strongswan-starter.service
|
||||||
%{_sbindir}/charon-cmd
|
%{_sbindir}/charon-cmd
|
||||||
%{_sbindir}/charon-systemd
|
%{_sbindir}/charon-systemd
|
||||||
%{_sbindir}/strongswan
|
%{_sbindir}/strongswan
|
||||||
@@ -238,6 +243,8 @@ done
|
|||||||
%{_mandir}/man?/*.gz
|
%{_mandir}/man?/*.gz
|
||||||
%{_datadir}/strongswan/templates/config/
|
%{_datadir}/strongswan/templates/config/
|
||||||
%{_datadir}/strongswan/templates/database/
|
%{_datadir}/strongswan/templates/database/
|
||||||
|
%attr(0755,root,root) %dir %{_rundir}/strongswan
|
||||||
|
%attr(0644,root,root) %{_tmpfilesdir}/strongswan.conf
|
||||||
|
|
||||||
%files sqlite
|
%files sqlite
|
||||||
%{_libdir}/strongswan/plugins/libstrongswan-sqlite.so
|
%{_libdir}/strongswan/plugins/libstrongswan-sqlite.so
|
||||||
@@ -261,10 +268,70 @@ done
|
|||||||
|
|
||||||
%files charon-nm
|
%files charon-nm
|
||||||
%doc COPYING
|
%doc COPYING
|
||||||
%{_sysconfdir}/dbus-1/system.d/nm-strongswan-service.conf
|
%{_datadir}/dbus-1/system.d/nm-strongswan-service.conf
|
||||||
%{_libexecdir}/strongswan/charon-nm
|
%{_libexecdir}/strongswan/charon-nm
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Oct 22 12:43:48 EDT 2020 Paul Wouters <pwouters@redhat.com> - 5.9.0-2
|
||||||
|
- Resolves: rhbz#1886759 charon looking for certificates in the wrong place
|
||||||
|
|
||||||
|
* Mon Sep 28 12:36:45 EDT 2020 Paul Wouters <pwouters@redhat.com> - 5.9.0-1
|
||||||
|
- Resolves: rhbz#1861747 strongswan-5.9.0 is available
|
||||||
|
- Remove --enable-fips-mode=2, which defaults strongswan to FIPS only.
|
||||||
|
(use fips_mode = 2 in plugins {} openssl {} in strongswan.conf to enable FIPS)
|
||||||
|
|
||||||
|
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.8.4-5
|
||||||
|
- Second attempt - Rebuilt for
|
||||||
|
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.8.4-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Apr 21 2020 Björn Esser <besser82@fedoraproject.org> - 5.8.4-3
|
||||||
|
- Rebuild (json-c)
|
||||||
|
|
||||||
|
* Sun Apr 12 2020 Mikhail Zabaluev <mikhail.zabaluev@gmail.com> - 5.8.4-2
|
||||||
|
- Patch0: Add RuntimeDirectory options to service files (#1789263)
|
||||||
|
|
||||||
|
* Sun Apr 12 2020 Mikhail Zabaluev <mikhail.zabaluev@gmail.com> - 5.8.4-1
|
||||||
|
- Updated to 5.8.4
|
||||||
|
- Patch4 has been applied upstream
|
||||||
|
|
||||||
|
* Sat Feb 22 2020 Mikhail Zabaluev <mikhail.zabaluev@gmail.com> - 5.8.2-5
|
||||||
|
- Patch to declare a global variable with extern (#1800117)
|
||||||
|
|
||||||
|
* Mon Feb 10 2020 Paul Wouters <pwouters@redhat.com> - 5.8.2-4
|
||||||
|
- use tmpfile to ensure rundir is present
|
||||||
|
|
||||||
|
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.8.2-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Dec 28 2019 Paul Wouters <pwouters@redhat.com> - 5.8.2-2
|
||||||
|
- Use /run/strongswan as rundir to support strongswans in namespaces
|
||||||
|
|
||||||
|
* Tue Dec 17 2019 Mikhail Zabaluev <mikhail.zabaluev@gmail.com> - 5.8.2-1
|
||||||
|
- Update to 5.8.2 (#1784457)
|
||||||
|
- The D-Bus config file moved under datadir
|
||||||
|
|
||||||
|
* Mon Sep 02 2019 Mikhail Zabaluev <mikhail.zabaluev@gmail.com> - 5.8.1-1
|
||||||
|
- Update to 5.8.1 (#1711920)
|
||||||
|
- No more separate strongswan-swanctl.service to start out of order (#1775548)
|
||||||
|
- Added strongswan-starter.service
|
||||||
|
|
||||||
|
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.7.2-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.7.2-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jan 09 2019 Paul Wouters <pwouters@redhat.com> - 5.7.2-1
|
||||||
|
- Updated to 5.7.2
|
||||||
|
|
||||||
|
* Thu Oct 04 2018 Mikhail Zabaluev <mikhail.zabaluev@gmail.com> - 5.7.1-1
|
||||||
|
- Updated to 5.7.1
|
||||||
|
- Resolves rhbz#1635872 CVE-2018-16152
|
||||||
|
- Resolves rhbz#1635875 CVE-2018-16151
|
||||||
|
|
||||||
* Thu Aug 23 2018 Mikhail Zabaluev <mikhail.zabaluev@gmail.com> - 5.6.3-3
|
* Thu Aug 23 2018 Mikhail Zabaluev <mikhail.zabaluev@gmail.com> - 5.6.3-3
|
||||||
- Add plugin bypass-lan, disabled by default
|
- Add plugin bypass-lan, disabled by default
|
||||||
- Resolves rhbz#1554479 Update to strongswan-charon-nm fails
|
- Resolves rhbz#1554479 Update to strongswan-charon-nm fails
|
||||||
@@ -612,10 +679,10 @@ done
|
|||||||
* Mon Mar 11 2013 Avesh Agarwal <avagarwa@redhat.com> - 5.0.2-1
|
* Mon Mar 11 2013 Avesh Agarwal <avagarwa@redhat.com> - 5.0.2-1
|
||||||
- Update to upstream release 5.0.2
|
- Update to upstream release 5.0.2
|
||||||
- Created sub package strongswan-tnc-imcvs that provides trusted network
|
- Created sub package strongswan-tnc-imcvs that provides trusted network
|
||||||
connect's IMC and IMV funtionality. Specifically it includes PTS
|
connect's IMC and IMV funtionality. Specifically it includes PTS
|
||||||
based IMC/IMV for TPM based remote attestation and scanner and test
|
based IMC/IMV for TPM based remote attestation and scanner and test
|
||||||
IMCs and IMVs. The Strongswan's IMC/IMV dynamic libraries can be used
|
IMCs and IMVs. The Strongswan's IMC/IMV dynamic libraries can be used
|
||||||
by any third party TNC Client/Server implementation possessing a
|
by any third party TNC Client/Server implementation possessing a
|
||||||
standard IF-IMC/IMV interface.
|
standard IF-IMC/IMV interface.
|
||||||
|
|
||||||
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.0.1-2
|
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.0.1-2
|
||||||
|
|||||||
1
tmpfiles-strongswan.conf
Normal file
1
tmpfiles-strongswan.conf
Normal file
@@ -0,0 +1 @@
|
|||||||
|
D /run/strongswan 0755 root root -
|
||||||
Reference in New Issue
Block a user