1 | %bcond_with systemd |
---|
2 | %bcond_with fips2 |
---|
3 | %bcond_without tss |
---|
4 | |
---|
5 | %global _unpackaged_files_terminate_build 1 |
---|
6 | %global _hardened_build 0 |
---|
7 | #%%define prerelease dr1 |
---|
8 | |
---|
9 | Name: strongswan |
---|
10 | Version: 5.8.4 |
---|
11 | Release: 1%{?_dist_release}%{?with_systemd:.systemd} |
---|
12 | Summary: An OpenSource IPsec-based VPN and TNC solution |
---|
13 | Summary(ja): オープンソースのIPsec VPN/TNCソリューション |
---|
14 | Vendor: Project Vine |
---|
15 | Distribution: Vine Linux |
---|
16 | |
---|
17 | License: GPLv2+ |
---|
18 | URL: https://www.strongswan.org/ |
---|
19 | Source0: https://download.strongswan.org/%{name}-%{version}%{?prerelease}.tar.bz2 |
---|
20 | Source1: tmpfiles-strongswan.conf |
---|
21 | Source1000: strongswan.init |
---|
22 | Patch0: strongswan-5.8.4-runtime-dir.patch |
---|
23 | Patch1: strongswan-5.6.0-uintptr_t.patch |
---|
24 | Patch3: strongswan-5.6.2-CVE-2018-5388.patch |
---|
25 | |
---|
26 | # only needed for pre-release versions |
---|
27 | #BuildRequires: autoconf automake |
---|
28 | |
---|
29 | BuildRequires: gmp-devel |
---|
30 | BuildRequires: curl-devel |
---|
31 | BuildRequires: openldap-devel |
---|
32 | BuildRequires: openssl-devel |
---|
33 | BuildRequires: sqlite3-devel |
---|
34 | BuildRequires: gettext-devel |
---|
35 | BuildRequires: libxml2-devel |
---|
36 | BuildRequires: pam-devel |
---|
37 | BuildRequires: libgcrypt-devel |
---|
38 | BuildRequires: iptables-devel |
---|
39 | %if %{with tss} |
---|
40 | BuildRequires: trousers-devel |
---|
41 | BuildRequires: json-c-devel >= 0.14 |
---|
42 | %endif |
---|
43 | |
---|
44 | %if "%{?_dist_release}" != "vl6" |
---|
45 | BuildRequires: NetworkManager-libnm-devel |
---|
46 | %endif |
---|
47 | |
---|
48 | %if %{with systemd} |
---|
49 | BuildRequires: systemd-devel |
---|
50 | Requires(post): systemd |
---|
51 | Requires(preun): systemd |
---|
52 | Requires(postun): systemd |
---|
53 | %else |
---|
54 | Requires(post): /sbin/chkconfig |
---|
55 | Requires(preun): /sbin/chkconfig |
---|
56 | Requires(postun): /sbin/chkconfig |
---|
57 | %endif |
---|
58 | |
---|
59 | %description |
---|
60 | The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key |
---|
61 | exchange protocols in conjunction with the native NETKEY IPsec stack of the |
---|
62 | Linux kernel. |
---|
63 | |
---|
64 | %package libipsec |
---|
65 | Summary: Strongswan's libipsec backend |
---|
66 | %description libipsec |
---|
67 | The kernel-libipsec plugin provides an IPsec backend that works entirely |
---|
68 | in userland, using TUN devices and its own IPsec implementation libipsec. |
---|
69 | |
---|
70 | %package charon-nm |
---|
71 | Summary: NetworkManager plugin for Strongswan |
---|
72 | Requires: dbus |
---|
73 | Obsoletes: %{name}-NetworkManager < 0:5.0.4-5 |
---|
74 | Conflicts: %{name}-NetworkManger < 0:5.0.4-5 |
---|
75 | %description charon-nm |
---|
76 | NetworkManager plugin integrates a subset of Strongswan capabilities |
---|
77 | to NetworkManager. |
---|
78 | |
---|
79 | %if %{with tss} |
---|
80 | %package tnc-imcvs |
---|
81 | Summary: Trusted network connect (TNC)'s IMC/IMV functionality |
---|
82 | Requires: %{name} = %{version} |
---|
83 | %description tnc-imcvs |
---|
84 | This package provides Trusted Network Connect's (TNC) architecture support. |
---|
85 | It includes support for TNC client and server (IF-TNCCS), IMC and IMV message |
---|
86 | exchange (IF-M), interface between IMC/IMV and TNC client/server (IF-IMC |
---|
87 | and IF-IMV). It also includes PTS based IMC/IMV for TPM based remote |
---|
88 | attestation, SWID IMC/IMV, and OS IMC/IMV. It's IMC/IMV dynamic libraries |
---|
89 | modules can be used by any third party TNC Client/Server implementation |
---|
90 | possessing a standard IF-IMC/IMV interface. In addition, it implements |
---|
91 | PT-TLS to support TNC over TLS. |
---|
92 | %endif |
---|
93 | |
---|
94 | |
---|
95 | %debug_package |
---|
96 | |
---|
97 | |
---|
98 | %prep |
---|
99 | %setup -q -n %{name}-%{version}%{?prerelease} |
---|
100 | %patch0 -p1 |
---|
101 | %patch1 -p1 |
---|
102 | %patch3 -p1 |
---|
103 | |
---|
104 | %build |
---|
105 | # only for snapshots |
---|
106 | #autoreconf |
---|
107 | |
---|
108 | # --with-ipsecdir moves internal commands to /usr/libexec/strongswan |
---|
109 | # --bindir moves 'pki' command to /usr/libexec/strongswan |
---|
110 | # See: http://wiki.strongswan.org/issues/552 |
---|
111 | # too broken to enable: --enable-sha3 --enable-rdrand --enable-connmark --enable-forecast |
---|
112 | %configure --disable-static \ |
---|
113 | --with-ipsec-script=strongswan \ |
---|
114 | --sysconfdir=%{_sysconfdir}/strongswan \ |
---|
115 | --with-ipsecdir=%{_libexecdir}/strongswan \ |
---|
116 | --bindir=%{_libexecdir}/strongswan \ |
---|
117 | --with-ipseclibdir=%{_libdir}/strongswan \ |
---|
118 | %if %{with fips2} |
---|
119 | --with-fips-mode=2 \ |
---|
120 | %endif |
---|
121 | %if "%{?_dist_release}" != "vl6" |
---|
122 | --enable-nm \ |
---|
123 | %endif |
---|
124 | --enable-openssl \ |
---|
125 | --enable-unity \ |
---|
126 | --enable-ctr \ |
---|
127 | --enable-ccm \ |
---|
128 | --enable-gcm \ |
---|
129 | --enable-chapoly \ |
---|
130 | --enable-md4 \ |
---|
131 | --enable-gcrypt \ |
---|
132 | --enable-newhope \ |
---|
133 | --enable-xauth-eap \ |
---|
134 | --enable-xauth-pam \ |
---|
135 | --enable-xauth-noauth \ |
---|
136 | --enable-eap-identity \ |
---|
137 | --enable-eap-md5 \ |
---|
138 | --enable-eap-gtc \ |
---|
139 | --enable-eap-tls \ |
---|
140 | --enable-eap-ttls \ |
---|
141 | --enable-eap-peap \ |
---|
142 | --enable-eap-mschapv2 \ |
---|
143 | --enable-eap-tnc \ |
---|
144 | --enable-eap-sim \ |
---|
145 | --enable-eap-sim-file \ |
---|
146 | --enable-eap-aka \ |
---|
147 | --enable-eap-aka-3gpp \ |
---|
148 | --enable-eap-aka-3gpp2 \ |
---|
149 | --enable-eap-dynamic \ |
---|
150 | --enable-eap-radius \ |
---|
151 | --enable-ext-auth \ |
---|
152 | --enable-ipseckey \ |
---|
153 | --enable-pkcs11 \ |
---|
154 | --enable-farp \ |
---|
155 | --enable-dhcp \ |
---|
156 | --enable-ha \ |
---|
157 | --enable-led \ |
---|
158 | --enable-sqlite \ |
---|
159 | --enable-tnc-ifmap \ |
---|
160 | --enable-tnc-pdp \ |
---|
161 | --enable-tnc-imc \ |
---|
162 | --enable-tnc-imv \ |
---|
163 | --enable-tnccs-20 \ |
---|
164 | --enable-tnccs-11 \ |
---|
165 | --enable-tnccs-dynamic \ |
---|
166 | --enable-curl \ |
---|
167 | --enable-cmd \ |
---|
168 | --enable-acert \ |
---|
169 | --enable-vici \ |
---|
170 | --enable-swanctl \ |
---|
171 | --enable-duplicheck \ |
---|
172 | %if %{with tss} |
---|
173 | --enable-tss-trousers \ |
---|
174 | --enable-aikgen \ |
---|
175 | --enable-tpm \ |
---|
176 | --enable-imc-test \ |
---|
177 | --enable-imv-test \ |
---|
178 | --enable-imc-scanner \ |
---|
179 | --enable-imv-scanner \ |
---|
180 | --enable-imc-attestation \ |
---|
181 | --enable-imv-attestation \ |
---|
182 | --enable-imv-os \ |
---|
183 | --enable-imc-os \ |
---|
184 | --enable-imc-swid \ |
---|
185 | --enable-imv-swid \ |
---|
186 | --enable-imc-swima \ |
---|
187 | --enable-imv-swima \ |
---|
188 | --enable-imc-hcd \ |
---|
189 | --enable-imv-hcd \ |
---|
190 | %endif |
---|
191 | %ifarch x86_64 %{ix86} |
---|
192 | --enable-aesni \ |
---|
193 | %endif |
---|
194 | %if %{with systemd} |
---|
195 | --enable-systemd \ |
---|
196 | %endif |
---|
197 | --enable-kernel-libipsec |
---|
198 | |
---|
199 | |
---|
200 | |
---|
201 | make %{?_smp_mflags} |
---|
202 | |
---|
203 | %install |
---|
204 | rm -rf %{buildroot} |
---|
205 | |
---|
206 | make install DESTDIR=%{buildroot} |
---|
207 | |
---|
208 | # prefix man pages |
---|
209 | for i in %{buildroot}%{_mandir}/*/*; do |
---|
210 | if echo "$i" | grep -vq '/strongswan[^\/]*$'; then |
---|
211 | mv "$i" "`echo "$i" | sed -re 's|/([^/]+)$|/strongswan_\1|'`" |
---|
212 | fi |
---|
213 | done |
---|
214 | find %{buildroot} -type f -name '*.la' -delete |
---|
215 | # delete unwanted library files - no consumers, so no -devel package |
---|
216 | rm %{buildroot}%{_libdir}/strongswan/*.so |
---|
217 | # fix config permissions |
---|
218 | chmod 644 %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf |
---|
219 | |
---|
220 | # Create ipsec.d directory tree. |
---|
221 | install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d |
---|
222 | for i in aacerts acerts certs cacerts crls ocspcerts private reqs; do |
---|
223 | install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d/${i} |
---|
224 | done |
---|
225 | |
---|
226 | %if %{with systemd} |
---|
227 | install -D -p -m 0644 %{SOURCE1} %{buildroot}/%{_tmpfilesdir}/strongswan.conf |
---|
228 | %else |
---|
229 | mkdir -p %{buildroot}%{_initdir} |
---|
230 | install -m755 %{SOURCE1000} %{buildroot}%{_initdir}/ipsec |
---|
231 | %endif |
---|
232 | |
---|
233 | |
---|
234 | %post |
---|
235 | %if %{with systemd} |
---|
236 | %systemd_post %{name}.service |
---|
237 | %else |
---|
238 | /sbin/chkconfig --add ipsec |
---|
239 | %endif |
---|
240 | |
---|
241 | %preun |
---|
242 | %if %{with systemd} |
---|
243 | %systemd_preun %{name}.service |
---|
244 | %else |
---|
245 | if [ $1 -eq 0 -o -x /bin/systemctl ]; then |
---|
246 | /sbin/service ipsec stop |
---|
247 | /sbin/chkconfig --del ipsec |
---|
248 | fi |
---|
249 | %endif |
---|
250 | |
---|
251 | %postun |
---|
252 | %if %{with systemd} |
---|
253 | %systemd_postun_with_restart %{name}.service |
---|
254 | %else |
---|
255 | if [ $1 -gt 0 ]; then |
---|
256 | /sbin/service ipsec condrestart |
---|
257 | fi |
---|
258 | %endif |
---|
259 | |
---|
260 | %files |
---|
261 | %doc README NEWS TODO ChangeLog |
---|
262 | %{!?_licensedir:%global license %%doc} |
---|
263 | %license COPYING |
---|
264 | %dir %attr(0700,root,root) %{_sysconfdir}/strongswan |
---|
265 | %config(noreplace) %{_sysconfdir}/strongswan/* |
---|
266 | %dir %{_libdir}/strongswan |
---|
267 | %dir %{_libdir}/strongswan/plugins |
---|
268 | %dir %{_libexecdir}/strongswan |
---|
269 | %{_sbindir}/charon-cmd |
---|
270 | %{_sbindir}/strongswan |
---|
271 | %{_sbindir}/swanctl |
---|
272 | %{_libdir}/strongswan/*.so.* |
---|
273 | %exclude %{_libdir}/strongswan/libipsec.so.* |
---|
274 | %{_libdir}/strongswan/plugins/*.so |
---|
275 | %exclude %{_libdir}/strongswan/plugins/libstrongswan-kernel-libipsec.so |
---|
276 | %{_libexecdir}/strongswan/* |
---|
277 | %if "%{?_dist_release}" != "vl6" |
---|
278 | %exclude %{_libexecdir}/strongswan/charon-nm |
---|
279 | %endif |
---|
280 | %{_mandir}/man?/*.gz |
---|
281 | %{_datadir}/strongswan/templates/config/ |
---|
282 | %if %{with tss} |
---|
283 | %exclude %{_libdir}/strongswan/imcvs |
---|
284 | %exclude %{_libdir}/strongswan/libimcv.so.* |
---|
285 | %exclude %{_libdir}/strongswan/libtnccs.so.* |
---|
286 | %exclude %{_libdir}/strongswan/libradius.so.* |
---|
287 | %exclude %{_libdir}/strongswan/plugins/libstrongswan-pkcs7.so |
---|
288 | %exclude %{_libdir}/strongswan/plugins/libstrongswan-sqlite.so |
---|
289 | %exclude %{_libdir}/strongswan/plugins/libstrongswan-*tnc*.so |
---|
290 | %exclude %{_libdir}/strongswan/plugins/libstrongswan-eap-radius.so |
---|
291 | %exclude %{_libexecdir}/strongswan/attest |
---|
292 | %exclude %{_libexecdir}/strongswan/pt-tls-client |
---|
293 | %{_datadir}/strongswan/templates/database/ |
---|
294 | %exclude %dir %{_datadir}/strongswan/swidtag |
---|
295 | %endif |
---|
296 | %if %{with systemd} |
---|
297 | %{_sbindir}/charon-systemd |
---|
298 | %{_unitdir}/strongswan.service |
---|
299 | %{_unitdir}/strongswan-starter.service |
---|
300 | %{_tmpfilesdir}/strongswan.conf |
---|
301 | %else |
---|
302 | %{_initdir}/ipsec |
---|
303 | %endif |
---|
304 | |
---|
305 | %if %{with tss} |
---|
306 | %files tnc-imcvs |
---|
307 | %{_sbindir}/sw-collector |
---|
308 | %{_sbindir}/sec-updater |
---|
309 | %dir %{_libdir}/strongswan/imcvs |
---|
310 | %dir %{_libdir}/strongswan/plugins |
---|
311 | %{_libdir}/strongswan/libimcv.so.* |
---|
312 | %{_libdir}/strongswan/libtnccs.so.* |
---|
313 | %{_libdir}/strongswan/libradius.so.* |
---|
314 | %{_libdir}/strongswan/plugins/libstrongswan-pkcs7.so |
---|
315 | %{_libdir}/strongswan/plugins/libstrongswan-sqlite.so |
---|
316 | %{_libdir}/strongswan/plugins/libstrongswan-*tnc*.so |
---|
317 | %{_libdir}/strongswan/plugins/libstrongswan-eap-radius.so |
---|
318 | %{_libexecdir}/strongswan/attest |
---|
319 | %{_libexecdir}/strongswan/pt-tls-client |
---|
320 | %dir %{_datadir}/strongswan/swidtag |
---|
321 | %{_datadir}/strongswan/swidtag/*.swidtag |
---|
322 | %endif |
---|
323 | |
---|
324 | %files libipsec |
---|
325 | %{_libdir}/strongswan/libipsec.so.* |
---|
326 | %{_libdir}/strongswan/plugins/libstrongswan-kernel-libipsec.so |
---|
327 | |
---|
328 | %if "%{?_dist_release}" != "vl6" |
---|
329 | %files charon-nm |
---|
330 | %license COPYING |
---|
331 | %{_datadir}/dbus-1/system.d/nm-strongswan-service.conf |
---|
332 | %{_libexecdir}/strongswan/charon-nm |
---|
333 | %endif |
---|
334 | |
---|
335 | %changelog |
---|
336 | * Sat May 16 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> - 5.8.4-1 |
---|
337 | - new upstream release. |
---|
338 | - imported Patch0 from rawhide. |
---|
339 | - fixed systemd stuff. |
---|
340 | |
---|
341 | * Sun Mar 15 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> - 5.8.2-1 |
---|
342 | - new upstream release. |
---|
343 | |
---|
344 | * Wed Nov 20 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> - 5.8.1-1 |
---|
345 | - new upstream release. |
---|
346 | |
---|
347 | * Tue Jan 01 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> - 5.7.2-1 |
---|
348 | - new upstream release. |
---|
349 | |
---|
350 | * Wed Nov 07 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> - 5.7.1-1 |
---|
351 | - new upstream release. |
---|
352 | - imported Patch3 from rawhide. |
---|
353 | |
---|
354 | * Mon Mar 05 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> - 5.6.2-2 |
---|
355 | - initial build for Vine Linux. |
---|
356 | |
---|
357 | * Wed Feb 21 2018 Lubomir Rintel <lkundrak@v3.sk> - 5.6.2-1 |
---|
358 | - Updated to 5.6.2 (Dropped libnm-glib use in charon-nm) |
---|
359 | |
---|
360 | * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 5.6.1-2 |
---|
361 | - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild |
---|
362 | |
---|
363 | * Fri Dec 22 2017 Paul Wouters <pwouters@redhat.com> - 5.6.1-1 |
---|
364 | - Updated to 5.6.1 (RSA-PSS support) |
---|
365 | |
---|
366 | * Sun Dec 10 2017 Björn Esser <besser82@fedoraproject.org> - 5.6.0-3 |
---|
367 | - Rebuilt for libjson-c.so.3 |
---|
368 | |
---|
369 | * Fri Dec 01 2017 Lubomir Rintel <lkundrak@v3.sk> - 5.6.0-2 |
---|
370 | - Fix the placement of charon-nm D-Bus policy |
---|
371 | |
---|
372 | * Sat Sep 09 2017 Paul Wouters <pwouters@redhat.com> - 5.6.0-1 |
---|
373 | - Updated to 5.6.0 |
---|
374 | - Fixup configure arguments, enabled a bunch of new features |
---|
375 | - Added new BuildRequires: |
---|
376 | - Fixup Obsolete/Conflicts, use license macro |
---|
377 | - Don't require autoconf/autotools for non-snapshots |
---|
378 | - Remove macro overuse, remove fedora/rhel checks and sysvinit support |
---|
379 | - Make listings/grouping of all plugins/libs to reduce file listing |
---|
380 | |
---|
381 | * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5.5.3-3 |
---|
382 | - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild |
---|
383 | |
---|
384 | * Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5.5.3-2 |
---|
385 | - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild |
---|
386 | |
---|
387 | * Mon Jun 12 2017 Paul Wouters <pwouters@redhat.com> - 5.5.3-1 |
---|
388 | - Updated to 5.5.3 |
---|
389 | |
---|
390 | * Sat May 27 2017 Paul Wouters <pwouters@redhat.com> - 5.5.2-1 |
---|
391 | - Updated to 5.5.2 |
---|
392 | |
---|
393 | * Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5.5.0-3 |
---|
394 | - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild |
---|
395 | |
---|
396 | * Thu Sep 15 2016 Pavel Šimerda <psimerda@redhat.com> - 5.5.0-2 |
---|
397 | - Resolves: #1367796 - Enable the unity plugin |
---|
398 | |
---|
399 | * Mon Aug 08 2016 Pavel Šimerda <psimerda@redhat.com> - 5.5.0-1 |
---|
400 | - New version 5.5.0 |
---|
401 | |
---|
402 | * Wed Jun 22 2016 Pavel Šimerda <psimerda@redhat.com> |
---|
403 | - Enable IKEv2 GCM (requires gcrypt module as well) - merged from f22 by Paul Wouters |
---|
404 | |
---|
405 | * Wed Jun 22 2016 Pavel Šimerda <psimerda@redhat.com> - 5.4.0-1 |
---|
406 | - New version 5.4.0 |
---|
407 | |
---|
408 | * Thu Mar 03 2016 Pavel Šimerda <psimerda@redhat.com> - 5.3.5-1 |
---|
409 | - New version 5.3.5 |
---|
410 | |
---|
411 | * Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 5.3.3-3 |
---|
412 | - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild |
---|
413 | |
---|
414 | * Fri Jan 15 2016 Paul Wouters <pwouters@redhat.com> - 5.3.3-2 |
---|
415 | - Enable IKEv2 GCM (requires gcrypt module as well) |
---|
416 | |
---|
417 | * Tue Sep 29 2015 Pavel Šimerda <psimerda@redhat.com> - 5.3.3-1 |
---|
418 | - new version 5.3.3 |
---|
419 | |
---|
420 | * Thu Sep 24 2015 Pavel Šimerda <psimerda@redhat.com> - 5.3.2-3 |
---|
421 | - Resolves: #1264598 - strongswan: many configuration files are not protected |
---|
422 | |
---|
423 | * Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.3.2-2 |
---|
424 | - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild |
---|
425 | |
---|
426 | * Tue Jun 09 2015 Pavel Šimerda <psimerda@redhat.com> |
---|
427 | - new version 5.3.2 |
---|
428 | |
---|
429 | * Fri Jun 05 2015 Pavel Šimerda <psimerda@redhat.com> - 5.3.1-1 |
---|
430 | - new version 5.3.1 |
---|
431 | |
---|
432 | * Tue Mar 31 2015 Pavel Šimerda <psimerda@redhat.com> - 5.3.0-1 |
---|
433 | - new version 5.3.0 |
---|
434 | |
---|
435 | * Fri Feb 20 2015 Avesh Agarwal <avagarwa@redhat.com> - 5.2.2-2 |
---|
436 | - Fixes strongswan swanctl service issue rhbz#1193106 |
---|
437 | |
---|
438 | * Tue Jan 06 2015 Pavel Šimerda <psimerda@redhat.com> - 5.2.2-1 |
---|
439 | - new version 5.2.2 |
---|
440 | |
---|
441 | * Thu Dec 18 2014 Avesh Agarwal <avagarwa@redhat.com> - 5.2.2-0.2.dr1 |
---|
442 | - Enabled ccm, and ctr plugins as it seems enabling just openssl does |
---|
443 | not work for using ccm and ctr algos. |
---|
444 | |
---|
445 | * Mon Dec 8 2014 Avesh Agarwal <avagarwa@redhat.com> - 5.2.2-0.1.dr1 |
---|
446 | - New strongswan developer release 5.2.2dr1 |
---|
447 | |
---|
448 | * Mon Nov 24 2014 Avesh Agarwal <avagarwa@redhat.com> - 5.2.1-2 |
---|
449 | - 1167331: Enabled native systemd support. |
---|
450 | - Does not disable old systemd, starter, ipsec.conf support yet. |
---|
451 | |
---|
452 | * Thu Oct 30 2014 Avesh Agarwal <avagarwa@redhat.com> - 5.2.1-1 |
---|
453 | - New upstream release 5.2.1 |
---|
454 | |
---|
455 | * Thu Oct 16 2014 Avesh Agarwal <avagarwa@redhat.com> - 5.2.1-0.2.rc1 |
---|
456 | - New upstream release candidate 5.2.1rc1 |
---|
457 | |
---|
458 | * Fri Oct 10 2014 Pavel Šimerda <psimerda@redhat.com> - 5.2.1-1 |
---|
459 | - new version 5.2.1dr1 |
---|
460 | |
---|
461 | * Thu Sep 25 2014 Pavel Šimerda <psimerda@redhat.com> - 5.2.0-7 |
---|
462 | - use upstream patch for json/json-c dependency |
---|
463 | |
---|
464 | * Thu Sep 25 2014 Pavel Šimerda <psimerda@redhat.com> - 5.2.0-6 |
---|
465 | - Resolves: #1146145 - Strongswan is compiled without xauth-noauth plugin |
---|
466 | |
---|
467 | * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.2.0-5 |
---|
468 | - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild |
---|
469 | |
---|
470 | * Tue Aug 05 2014 Pavel Šimerda <psimerda@redhat.com> - 5.2.0-4 |
---|
471 | - Resolves: #1081804 - enable Kernel IPSec support |
---|
472 | |
---|
473 | * Wed Jul 30 2014 Pavel Šimerda <psimerda@redhat.com> - 5.2.0-3 |
---|
474 | - rebuilt |
---|
475 | |
---|
476 | * Tue Jul 29 2014 Pavel Šimerda <psimerda@redhat.com> - 5.2.0-2 |
---|
477 | - fix json-c dependency |
---|
478 | |
---|
479 | * Tue Jul 15 2014 Avesh Agarwal <avagarwa@redhat.com> - 5.2.0-1 |
---|
480 | - New upstream release 5.2.0 |
---|
481 | - The Attestation IMC/IMV pair supports the IMA-NG |
---|
482 | measurement format |
---|
483 | - Aikgen tool to generate an Attestation Identity Key bound |
---|
484 | to a TPM |
---|
485 | - Swanctl tool to provide a portable, complete IKE |
---|
486 | configuration and control interface for the command |
---|
487 | line using vici interface with libvici library |
---|
488 | - PT-EAP transport protocol (RFC 7171) for TNC |
---|
489 | - Enabled support for acert for checking X509 attribute certificate |
---|
490 | - Updated patches, removed selinux patch as upstream has fixed it |
---|
491 | in this release. |
---|
492 | - Updated spec file with minor cleanups |
---|
493 | |
---|
494 | * Thu Jun 26 2014 Pavel Šimerda <psimerda@redhat.com> - 5.2.0-0.4.dr6 |
---|
495 | - improve prerelease macro |
---|
496 | |
---|
497 | * Thu Jun 26 2014 Pavel Šimerda <psimerda@redhat.com> - 5.2.0-0.3 |
---|
498 | - Resolves: #1111895 - bump to 5.2.0dr6 |
---|
499 | |
---|
500 | * Thu Jun 12 2014 Pavel Šimerda <psimerda@redhat.com> - 5.2.0-0.2 |
---|
501 | - Related: #1087437 - remove or upstream all patches not specific to fedora/epel |
---|
502 | |
---|
503 | * Thu Jun 12 2014 Pavel Šimerda <psimerda@redhat.com> - 5.2.0-0.1.dr5 |
---|
504 | - fix the pre-release version according to guidelines before it gets branched |
---|
505 | |
---|
506 | * Fri Jun 06 2014 Pavel Šimerda <psimerda@redhat.com> - 5.2.0dr5-1 |
---|
507 | - new version 5.2.0dr5 |
---|
508 | - add json-c-devel to build deps |
---|
509 | |
---|
510 | * Mon May 26 2014 Pavel Šimerda <psimerda@redhat.com> - 5.2.0dr4-3 |
---|
511 | - merge two related patches |
---|
512 | |
---|
513 | * Mon May 26 2014 Pavel Šimerda <psimerda@redhat.com> - 5.2.0dr4-2 |
---|
514 | - clean up the patches a bit |
---|
515 | |
---|
516 | * Thu May 22 2014 Avesh Agarwal <avagarwa@redhat.com> - 5.2.0dr4-1 |
---|
517 | - New upstream developer release 5.2.0dr4 |
---|
518 | - Attestation IMV/IMC supports IMA-NG measurement format now |
---|
519 | - Aikgen tool to generate an Attestation Identity Key bound |
---|
520 | to a TPM |
---|
521 | - PT-EAP transport protocol (RFC 7171) for TNC |
---|
522 | - vici plugin provides IKE Configuration Interface for charon |
---|
523 | - Enabled support for acert for checking X509 attribute certificate |
---|
524 | - Updated patches |
---|
525 | - Updated spec file with minor cleanups |
---|
526 | |
---|
527 | * Tue Apr 15 2014 Pavel Šimerda <psimerda@redhat.com> - 5.1.3-1 |
---|
528 | - new version 5.1.3 |
---|
529 | |
---|
530 | * Mon Apr 14 2014 Pavel Šimerda <psimerda@redhat.com> - 5.1.3rc1-1 |
---|
531 | - new version 5.1.3rc1 |
---|
532 | |
---|
533 | * Mon Mar 24 2014 Pavel Šimerda <psimerda@redhat.com> - 5.1.2-4 |
---|
534 | - #1069928 - updated libexec patch. |
---|
535 | |
---|
536 | * Tue Mar 18 2014 Pavel Šimerda <psimerda@redhat.com> - 5.1.2-3 |
---|
537 | - fixed el6 initscript |
---|
538 | - fixed pki directory location |
---|
539 | |
---|
540 | * Fri Mar 14 2014 Pavel Šimerda <psimerda@redhat.com> - 5.1.2-2 |
---|
541 | - clean up the specfile a bit |
---|
542 | - replace the initscript patch with an individual initscript |
---|
543 | - patch to build for epel6 |
---|
544 | |
---|
545 | * Mon Mar 03 2014 Pavel Šimerda <psimerda@redhat.com> - 5.1.2-1 |
---|
546 | - #1071353 - bump to 5.1.2 |
---|
547 | - #1071338 - strongswan is compiled without xauth-pam plugin |
---|
548 | - remove obsolete patches |
---|
549 | - sent all patches upstream |
---|
550 | - added comments to all patches |
---|
551 | - don't touch the config with sed |
---|
552 | |
---|
553 | * Thu Feb 20 2014 Avesh Agarwal <avagarwa@redhat.com> - 5.1.1-6 |
---|
554 | - Fixed full hardening for strongswan (full relro and PIE). |
---|
555 | The previous macros had a typo and did not work |
---|
556 | (see bz#1067119). |
---|
557 | - Fixed tnc package description to reflect the current state of |
---|
558 | the package. |
---|
559 | - Fixed pki binary and moved it to /usr/libexece/strongswan as |
---|
560 | others binaries are there too. |
---|
561 | |
---|
562 | * Wed Feb 19 2014 Pavel Šimerda <psimerda@redhat.com> - 5.1.1-5 |
---|
563 | - #903638 - SELinux is preventing /usr/sbin/xtables-multi from 'read' accesses on the chr_file /dev/random |
---|
564 | |
---|
565 | * Thu Jan 09 2014 Pavel Šimerda <psimerda@redhat.com> - 5.1.1-4 |
---|
566 | - Removed redundant patches and *.spec commands caused by branch merging |
---|
567 | |
---|
568 | * Wed Jan 08 2014 Pavel Šimerda <psimerda@redhat.com> - 5.1.1-3 |
---|
569 | - rebuilt |
---|
570 | |
---|
571 | * Mon Dec 2 2013 Avesh Agarwal <avagarwa@redhat.com> - 5.1.1-2 |
---|
572 | - Resolves: 973315 |
---|
573 | - Resolves: 1036844 |
---|
574 | |
---|
575 | * Fri Nov 1 2013 Avesh Agarwal <avagarwa@redhat.com> - 5.1.1-1 |
---|
576 | - Support for PT-TLS (RFC 6876) |
---|
577 | - Support for SWID IMC/IMV |
---|
578 | - Support for command line IKE client charon-cmd |
---|
579 | - Changed location of pki to /usr/bin |
---|
580 | - Added swid tags files |
---|
581 | - Added man pages for pki and charon-cmd |
---|
582 | - Renamed pki to strongswan-pki to avoid conflict with |
---|
583 | pki-core/pki-tools package. |
---|
584 | - Update local patches |
---|
585 | - Fixes CVE-2013-6075 |
---|
586 | - Fixes CVE-2013-6076 |
---|
587 | - Fixed autoconf/automake issue as configure.ac got changed |
---|
588 | and it required running autoreconf during the build process. |
---|
589 | - added strongswan signature file to the sources. |
---|
590 | |
---|
591 | * Thu Sep 12 2013 Avesh Agarwal <avagarwa@redhat.com> - 5.1.0-3 |
---|
592 | - Fixed initialization crash of IMV and IMC particularly |
---|
593 | attestation imv/imc as libstrongswas was not getting |
---|
594 | initialized. |
---|
595 | |
---|
596 | * Fri Aug 30 2013 Avesh Agarwal <avagarwa@redhat.com> - 5.1.0-2 |
---|
597 | - Enabled fips support |
---|
598 | - Enabled TNC's ifmap support |
---|
599 | - Enabled TNC's pdp support |
---|
600 | - Fixed hardocded package name in this spec file |
---|
601 | |
---|
602 | * Wed Aug 7 2013 Avesh Agarwal <avagarwa@redhat.com> - 5.1.0-1 |
---|
603 | - rhbz#981429: New upstream release |
---|
604 | - Fixes CVE-2013-5018: rhbz#991216, rhbz#991215 |
---|
605 | - Fixes rhbz#991859 failed to build in rawhide |
---|
606 | - Updated local patches and removed which are not needed |
---|
607 | - Fixed errors around charon-nm |
---|
608 | - Added plugins libstrongswan-pkcs12.so, libstrongswan-rc2.so, |
---|
609 | libstrongswan-sshkey.so |
---|
610 | - Added utility imv_policy_manager |
---|
611 | |
---|
612 | * Thu Jul 25 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 5.0.4-5 |
---|
613 | - rename strongswan-NetworkManager to strongswan-charon-nm |
---|
614 | - fix enable_nm macro |
---|
615 | |
---|
616 | * Mon Jul 15 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 5.0.4-4 |
---|
617 | - %%files tries to package some of the shared objects as directories (#984437) |
---|
618 | - fix broken systemd unit file (#984300) |
---|
619 | - fix rpmlint error: description-line-too-long |
---|
620 | - fix rpmlint error: macro-in-comment |
---|
621 | - fix rpmlint error: spelling-error Summary(en_US) fuctionality |
---|
622 | - depend on 'systemd' instead of 'systemd-units' |
---|
623 | - use new systemd scriptlet macros |
---|
624 | - NetworkManager subpackage should have a copy of the license (#984490) |
---|
625 | - enable hardened_build as this package meets the PIE criteria (#984429) |
---|
626 | - invocation of "ipsec _updown iptables" is broken as ipsec is renamed |
---|
627 | to strongswan in this package (#948306) |
---|
628 | - invocation of "ipsec scepclient" is broken as ipsec is renamed |
---|
629 | to strongswan in this package |
---|
630 | - add /etc/strongswan/ipsec.d and missing subdirectories |
---|
631 | - conditionalize building of strongswan-NetworkManager subpackage as the |
---|
632 | version of NetworkManager in EL6 is too old (#984497) |
---|
633 | |
---|
634 | * Fri Jun 28 2013 Avesh Agarwal <avagarwa@redhat.com> - 5.0.4-3 |
---|
635 | - Patch to fix a major crash issue when Freeradius loads |
---|
636 | attestatiom-imv and does not initialize libstrongswan which |
---|
637 | causes crash due to calls to PTS algorithms probing APIs. |
---|
638 | So this patch fixes the order of initialization. This issues |
---|
639 | does not occur with charon because libstrongswan gets |
---|
640 | initialized earlier. |
---|
641 | - Patch that allows to outputs errors when there are permission |
---|
642 | issues when accessing strongswan.conf. |
---|
643 | - Patch to make loading of modules configurable when libimcv |
---|
644 | is used in stand alone mode without charon with freeradius |
---|
645 | and wpa_supplicant. |
---|
646 | |
---|
647 | * Tue Jun 11 2013 Avesh Agarwal <avagarwa@redhat.com> - 5.0.4-2 |
---|
648 | - Enabled TNCCS 1.1 protocol |
---|
649 | - Fixed libxm2-devel build dependency |
---|
650 | - Patch to fix the issue with loading of plugins |
---|
651 | |
---|
652 | * Wed May 1 2013 Avesh Agarwal <avagarwa@redhat.com> - 5.0.4-1 |
---|
653 | - New upstream release |
---|
654 | - Fixes for CVE-2013-2944 |
---|
655 | - Enabled support for OS IMV/IMC |
---|
656 | - Created and applied a patch to disable ECP in fedora, because |
---|
657 | Openssl in Fedora does not allow ECP_256 and ECP_384. It makes |
---|
658 | it non-compliant to TCG's PTS standard, but there is no choice |
---|
659 | right now. see redhat bz # 319901. |
---|
660 | - Enabled Trousers support for TPM based operations. |
---|
661 | |
---|
662 | * Sat Apr 20 2013 Pavel Šimerda <psimerda@redhat.com> - 5.0.3-2 |
---|
663 | - Rebuilt for a single specfile for rawhide/f19/f18/el6 |
---|
664 | |
---|
665 | * Fri Apr 19 2013 Avesh Agarwal <avagarwa@redhat.com> - 5.0.3-1 |
---|
666 | - New upstream release |
---|
667 | - Enabled curl and eap-identity plugins |
---|
668 | - Enabled support for eap-radius plugin. |
---|
669 | |
---|
670 | * Thu Apr 18 2013 Pavel Šimerda <psimerda@redhat.com> - 5.0.2-3 |
---|
671 | - Add gettext-devel to BuildRequires because of epel6 |
---|
672 | - Remove unnecessary comments |
---|
673 | |
---|
674 | * Tue Mar 19 2013 Avesh Agarwal <avagarwa@redhat.com> - 5.0.2-2 |
---|
675 | - Enabled support for eap-radius plugin. |
---|
676 | |
---|
677 | * Mon Mar 11 2013 Avesh Agarwal <avagarwa@redhat.com> - 5.0.2-1 |
---|
678 | - Update to upstream release 5.0.2 |
---|
679 | - Created sub package strongswan-tnc-imcvs that provides trusted network |
---|
680 | connect's IMC and IMV funtionality. Specifically it includes PTS |
---|
681 | based IMC/IMV for TPM based remote attestation and scanner and test |
---|
682 | IMCs and IMVs. The Strongswan's IMC/IMV dynamic libraries can be used |
---|
683 | by any third party TNC Client/Server implementation possessing a |
---|
684 | standard IF-IMC/IMV interface. |
---|
685 | |
---|
686 | * Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.0.1-2 |
---|
687 | - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild |
---|
688 | |
---|
689 | * Thu Oct 04 2012 Pavel Šimerda <psimerda@redhat.com> - 5.0.1-1 |
---|
690 | - Update to release 5.0.1 |
---|
691 | |
---|
692 | * Thu Oct 04 2012 Pavel Šimerda <psimerda@redhat.com> - 5.0.0-4.git20120619 |
---|
693 | - Add plugins to interoperate with Windows 7 and Android (#862472) |
---|
694 | (contributed by Haim Gelfenbeyn) |
---|
695 | |
---|
696 | * Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.0.0-3.git20120619 |
---|
697 | - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild |
---|
698 | |
---|
699 | * Sun Jul 08 2012 Pavel Šimerda <pavlix@pavlix.net> - 5.0.0-2.git20120619 |
---|
700 | - Fix configure substitutions in initscripts |
---|
701 | |
---|
702 | * Wed Jul 04 2012 Pavel Šimerda <psimerda@redhat.com> - 5.0.0-1.git20120619 |
---|
703 | - Update to current upstream release |
---|
704 | - Comment out all stuff that is only needed for git builds |
---|
705 | - Remove renaming patch from git |
---|
706 | - Improve init patch used for EPEL |
---|
707 | |
---|
708 | * Thu Jun 21 2012 Pavel Šimerda <psimerda@redhat.com> - 5.0.0-0.3.git20120619 |
---|
709 | - Build with openssl plugin enabled |
---|
710 | |
---|
711 | * Wed Jun 20 2012 Pavel Šimerda <psimerda@redhat.com> - 5.0.0-0.2.git20120619 |
---|
712 | - Add README.Fedora with link to 4.6 to 5.0 migration information |
---|
713 | |
---|
714 | * Tue Jun 19 2012 Pavel Šimerda - 5.0.0-0.1.git20120619 |
---|
715 | - Snapshot of upcoming major release |
---|
716 | - Move patches and renaming upstream |
---|
717 | http://wiki.strongswan.org/issues/194 |
---|
718 | http://wiki.strongswan.org/issues/195 |
---|
719 | - Notified upstream about manpage issues |
---|
720 | |
---|
721 | * Tue Jun 19 2012 Pavel Šimerda - 4.6.4-2 |
---|
722 | - Make initscript patch more distro-neutral |
---|
723 | - Add links to bugreports for patches |
---|
724 | |
---|
725 | * Fri Jun 01 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.4-1 |
---|
726 | - New upstream version (CVE-2012-2388) |
---|
727 | |
---|
728 | * Sat May 26 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.3-2 |
---|
729 | - Add --enable-nm to configure |
---|
730 | - Add NetworkManager-devel to BuildRequires |
---|
731 | - Add NetworkManager-glib-devel to BuildRequires |
---|
732 | - Add strongswan-NetworkManager package |
---|
733 | |
---|
734 | * Sat May 26 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.3-1 |
---|
735 | - New version of Strongswan |
---|
736 | - Support for RFC 3110 DNSKEY (see upstream changelog) |
---|
737 | - Fix corrupt scriptlets |
---|
738 | |
---|
739 | * Fri Mar 30 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.2-2 |
---|
740 | - #808612 - strongswan binary renaming side-effect |
---|
741 | |
---|
742 | * Sun Feb 26 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.2-1 |
---|
743 | - New upstream version |
---|
744 | - Changed from .tar.gz to .tar.bz2 |
---|
745 | - Added libstrongswan-pkcs8.so |
---|
746 | |
---|
747 | * Wed Feb 15 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.1-8 |
---|
748 | - Fix initscript's status function |
---|
749 | |
---|
750 | * Wed Feb 15 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.1-7 |
---|
751 | - Expand tabs in config files for better readability |
---|
752 | - Add sysvinit script for epel6 |
---|
753 | |
---|
754 | * Wed Feb 15 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.1-6 |
---|
755 | - Fix program name in systemd unit file |
---|
756 | |
---|
757 | * Tue Feb 14 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.1-5 |
---|
758 | - Improve fedora/epel conditionals |
---|
759 | |
---|
760 | * Sat Jan 21 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.1-4 |
---|
761 | - Protect configuration directory from ordinary users |
---|
762 | - Add still missing directory /etc/strongswan |
---|
763 | |
---|
764 | * Fri Jan 20 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.1-3 |
---|
765 | - Change directory structure to avoid clashes with Openswan |
---|
766 | - Prefixed all manpages with 'strongswan_' |
---|
767 | - Every file now includes 'strongswan' somewhere in its path |
---|
768 | - Removed conflict with Openswan |
---|
769 | - Finally fix permissions on strongswan.conf |
---|
770 | |
---|
771 | * Fri Jan 20 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.1-2 |
---|
772 | - Change license tag from GPL to GPLv2+ |
---|
773 | - Change permissions on /etc/strongswan.conf to 644 |
---|
774 | - Rename ipsec.8 manpage to strongswan.8 |
---|
775 | - Fix empty scriptlets for non-fedora builds |
---|
776 | - Add ldconfig scriptlet |
---|
777 | - Add missing directories and files |
---|
778 | |
---|
779 | * Sun Jan 01 2012 Pavel Šimerda <pavlix@pavlix.net - 4.6.1-1 |
---|
780 | - Bump to version 4.6.1 |
---|
781 | |
---|
782 | * Sun Jan 01 2012 Pavel Šimerda <pavlix@pavlix.net - 4.6.0-3 |
---|
783 | - Add systemd scriptlets |
---|
784 | - Add conditions to also support EPEL6 |
---|
785 | |
---|
786 | * Sat Dec 10 2011 Pavel Šimerda <pavlix@pavlix.net> - 4.6.0-2 |
---|
787 | - Experimental build for development |
---|