diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a73ba6d --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/kronosnet-1.21.tar.xz diff --git a/.kronosnet.metadata b/.kronosnet.metadata new file mode 100644 index 0000000..9fe3e2f --- /dev/null +++ b/.kronosnet.metadata @@ -0,0 +1 @@ +c377962a50c474ceb3d644d05c81e568bef29bfa SOURCES/kronosnet-1.21.tar.xz diff --git a/SOURCES/bz1954551-enable-stack-clash-protection.patch b/SOURCES/bz1954551-enable-stack-clash-protection.patch new file mode 100644 index 0000000..d63c718 --- /dev/null +++ b/SOURCES/bz1954551-enable-stack-clash-protection.patch @@ -0,0 +1,58 @@ +commit e13b7c74634c511d44603a203a328f4d67920321 +Author: Christine Caulfield +Date: Mon May 10 13:00:58 2021 +0100 + + [build] Add -fstack-clash-protection to release builds + + CentOS Stream CI insists on this but it's generally a 'good thing' + +diff --git a/configure.ac b/configure.ac +index e429dcc..020cbe1 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -173,6 +173,23 @@ AC_ARG_ENABLE([libnozzle], + + AM_CONDITIONAL([BUILD_LIBNOZZLE], [test x$enable_libnozzle = xyes]) + ++## local helper functions ++# this function checks if CC support options passed as ++# args. Global CPPFLAGS are ignored during this test. ++cc_supports_flag() { ++ saveCPPFLAGS="$CPPFLAGS" ++ CPPFLAGS="$@" ++ if echo $CC | grep -q clang; then ++ CPPFLAGS="-Werror $CPPFLAGS" ++ fi ++ AC_MSG_CHECKING([whether $CC supports "$@"]) ++ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], ++ [RC=0; AC_MSG_RESULT([yes])], ++ [RC=1; AC_MSG_RESULT([no])]) ++ CPPFLAGS="$saveCPPFLAGS" ++ return $RC ++} ++ + # Checks for libraries. + AX_PTHREAD(,[AC_MSG_ERROR([POSIX threads support is required])]) + saved_LIBS="$LIBS" +@@ -297,12 +314,20 @@ AC_ARG_WITH([testdir], + + AC_SUBST([TESTDIR]) + ++# Check for availablility of hardening options ++HARDENING_FLAGS="-fstack-clash-protection" ++for j in $HARDENING_FLAGS; do ++ if cc_supports_flag $j; then ++ EXTRA_HARDENING_FLAGS="$EXTRA_HARDENING_FLAGS $j"; ++ fi ++done ++ + # debug build stuff + if test "x${enable_debug}" = xyes; then + AC_DEFINE_UNQUOTED([DEBUG], [1], [Compiling Debugging code]) + OPT_CFLAGS="-O0" + else +- OPT_CFLAGS="-O3" ++ OPT_CFLAGS="-O3 $EXTRA_HARDENING_FLAGS" + fi + + # gdb flags diff --git a/SPECS/kronosnet.spec b/SPECS/kronosnet.spec new file mode 100644 index 0000000..e707f04 --- /dev/null +++ b/SPECS/kronosnet.spec @@ -0,0 +1,542 @@ +############################################################################### +############################################################################### +## +## Copyright (C) 2012-2019 Red Hat, Inc. All rights reserved. +## +## This copyrighted material is made available to anyone wishing to use, +## modify, copy, or redistribute it subject to the terms and conditions +## of the GNU General Public License v.2 or higher +## +############################################################################### +############################################################################### + +# set defaults from ./configure invocation +%bcond_without sctp +%bcond_without nss +%bcond_without openssl +%bcond_without zlib +%bcond_without lz4 +%bcond_without lzo2 +%bcond_without lzma +%bcond_without bzip2 +%bcond_without zstd +%bcond_without libnozzle +%bcond_without runautogen +%bcond_with rpmdebuginfo +%bcond_with overriderpmdebuginfo +%bcond_without buildman +%bcond_with installtests + +%if %{with overriderpmdebuginfo} +%undefine _enable_debug_packages +%endif + +# main (empty) package +# http://www.rpm.org/max-rpm/s1-rpm-subpack-spec-file-changes.html + +Name: kronosnet +Summary: Multipoint-to-Multipoint VPN daemon +Version: 1.21 +Release: 4%{?dist} +License: GPLv2+ and LGPLv2+ +URL: https://kronosnet.org +Source0: https://kronosnet.org/releases/%{name}-%{version}.tar.xz + +Patch0: bz1954551-enable-stack-clash-protection.patch + +# Build dependencies +BuildRequires: make +BuildRequires: gcc libqb-devel +# required to build man pages +%if %{with buildman} +BuildRequires: libxml2-devel doxygen doxygen2man +%endif +%if %{with sctp} +BuildRequires: lksctp-tools-devel +%endif +%if %{with nss} +BuildRequires: nss-devel +%endif +%if %{with openssl} +BuildRequires: openssl-devel +%endif +%if %{with zlib} +BuildRequires: zlib-devel +%endif +%if %{with lz4} +BuildRequires: lz4-devel +%endif +%if %{with lzo2} +BuildRequires: lzo-devel +%endif +%if %{with lzma} +BuildRequires: xz-devel +%endif +%if %{with bzip2} +BuildRequires: bzip2-devel +%endif +%if %{with zstd} +BuildRequires: libzstd-devel +%endif +%if %{with libnozzle} +BuildRequires: libnl3-devel +%endif +%if %{with runautogen} +BuildRequires: autoconf automake libtool +%endif + +%prep +%setup -q -n %{name}-%{version} +%patch0 -p1 -b .bz1954551-enable-stack-clash-protection + +%build +%if %{with runautogen} +./autogen.sh +%endif + +%{configure} \ +%if %{with installtests} + --enable-install-tests \ +%else + --disable-install-tests \ +%endif +%if %{with buildman} + --enable-man \ +%else + --disable-man \ +%endif +%if %{with sctp} + --enable-libknet-sctp \ +%else + --disable-libknet-sctp \ +%endif +%if %{with nss} + --enable-crypto-nss \ +%else + --disable-crypto-nss \ +%endif +%if %{with openssl} + --enable-crypto-openssl \ +%else + --disable-crypto-openssl \ +%endif +%if %{with zlib} + --enable-compress-zlib \ +%else + --disable-compress-zlib \ +%endif +%if %{with lz4} + --enable-compress-lz4 \ +%else + --disable-compress-lz4 \ +%endif +%if %{with lzo2} + --enable-compress-lzo2 \ +%else + --disable-compress-lzo2 \ +%endif +%if %{with lzma} + --enable-compress-lzma \ +%else + --disable-compress-lzma \ +%endif +%if %{with bzip2} + --enable-compress-bzip2 \ +%else + --disable-compress-bzip2 \ +%endif +%if %{with zstd} + --enable-compress-zstd \ +%else + --disable-compress-zstd \ +%endif +%if %{with libnozzle} + --enable-libnozzle \ +%else + --disable-libnozzle \ +%endif + --with-initdefaultdir=%{_sysconfdir}/sysconfig/ \ + --with-systemddir=%{_unitdir} + +make %{_smp_mflags} + +%install +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} + +# tree cleanup +# remove static libraries +find %{buildroot} -name "*.a" -exec rm {} \; +# remove libtools leftovers +find %{buildroot} -name "*.la" -exec rm {} \; + +# remove init scripts +rm -rf %{buildroot}/etc/init.d + +# remove docs +rm -rf %{buildroot}/usr/share/doc/kronosnet + +# main empty package +%description + The kronosnet source + +%if %{with libnozzle} +%package -n libnozzle1 +Summary: Simple userland wrapper around kernel tap devices +License: LGPLv2+ + +%description -n libnozzle1 + This is an over-engineered commodity library to manage a pool + of tap devices and provides the basic + pre-up.d/up.d/down.d/post-down.d infrastructure. + +%files -n libnozzle1 +%license COPYING.* COPYRIGHT +%{_libdir}/libnozzle.so.* + +%if 0%{?ldconfig_scriptlets} +%ldconfig_scriptlets -n libnozzle1 +%else +%post -n libnozzle1 -p /sbin/ldconfig +%postun -n libnozzle1 -p /sbin/ldconfig +%endif + +%package -n libnozzle1-devel +Summary: Simple userland wrapper around kernel tap devices (developer files) +License: LGPLv2+ +Requires: libnozzle1%{_isa} = %{version}-%{release} +Requires: pkgconfig + +%description -n libnozzle1-devel + This is an over-engineered commodity library to manage a pool + of tap devices and provides the basic + pre-up.d/up.d/down.d/post-down.d infrastructure. + +%files -n libnozzle1-devel +%license COPYING.* COPYRIGHT +%{_libdir}/libnozzle.so +%{_includedir}/libnozzle.h +%{_libdir}/pkgconfig/libnozzle.pc +%if %{with buildman} +%{_mandir}/man3/nozzle*.3.gz +%endif +%endif + +%package -n libknet1 +Summary: Kronosnet core switching implementation +License: LGPLv2+ + +%description -n libknet1 + The whole kronosnet core is implemented in this library. + Please refer to the not-yet-existing documentation for further + information. + +%files -n libknet1 +%license COPYING.* COPYRIGHT +%{_libdir}/libknet.so.* +%dir %{_libdir}/kronosnet + +%if 0%{?ldconfig_scriptlets} +%ldconfig_scriptlets -n libknet1 +%else +%post -n libknet1 -p /sbin/ldconfig +%postun -n libknet1 -p /sbin/ldconfig +%endif + +%package -n libknet1-devel +Summary: Kronosnet core switching implementation (developer files) +License: LGPLv2+ +Requires: libknet1%{_isa} = %{version}-%{release} +Requires: pkgconfig + +%description -n libknet1-devel + The whole kronosnet core is implemented in this library. + Please refer to the not-yet-existing documentation for further + information. + +%files -n libknet1-devel +%license COPYING.* COPYRIGHT +%{_libdir}/libknet.so +%{_includedir}/libknet.h +%{_libdir}/pkgconfig/libknet.pc +%if %{with buildman} +%{_mandir}/man3/knet*.3.gz +%endif + +%if %{with nss} +%package -n libknet1-crypto-nss-plugin +Summary: Provides libknet1 nss support +License: LGPLv2+ +Requires: libknet1%{_isa} = %{version}-%{release} + +%description -n libknet1-crypto-nss-plugin + Provides NSS crypto support for libknet1. + +%files -n libknet1-crypto-nss-plugin +%{_libdir}/kronosnet/crypto_nss.so +%endif + +%if %{with openssl} +%package -n libknet1-crypto-openssl-plugin +Summary: Provides libknet1 openssl support +License: LGPLv2+ +Requires: libknet1%{_isa} = %{version}-%{release} + +%description -n libknet1-crypto-openssl-plugin + Provides OpenSSL crypto support for libknet1. + +%files -n libknet1-crypto-openssl-plugin +%{_libdir}/kronosnet/crypto_openssl.so +%endif + +%if %{with zlib} +%package -n libknet1-compress-zlib-plugin +Summary: Provides libknet1 zlib support +License: LGPLv2+ +Requires: libknet1%{_isa} = %{version}-%{release} + +%description -n libknet1-compress-zlib-plugin + Provides zlib compression support for libknet1. + +%files -n libknet1-compress-zlib-plugin +%{_libdir}/kronosnet/compress_zlib.so +%endif + +%if %{with lz4} +%package -n libknet1-compress-lz4-plugin +Summary: Provides libknet1 lz4 and lz4hc support +License: LGPLv2+ +Requires: libknet1%{_isa} = %{version}-%{release} + +%description -n libknet1-compress-lz4-plugin + Provides lz4 and lz4hc compression support for libknet1. + +%files -n libknet1-compress-lz4-plugin +%{_libdir}/kronosnet/compress_lz4.so +%{_libdir}/kronosnet/compress_lz4hc.so +%endif + +%if %{with lzo2} +%package -n libknet1-compress-lzo2-plugin +Summary: Provides libknet1 lzo2 support +License: LGPLv2+ +Requires: libknet1%{_isa} = %{version}-%{release} + +%description -n libknet1-compress-lzo2-plugin + Provides lzo2 compression support for libknet1. + +%files -n libknet1-compress-lzo2-plugin +%{_libdir}/kronosnet/compress_lzo2.so +%endif + +%if %{with lzma} +%package -n libknet1-compress-lzma-plugin +Summary: Provides libknet1 lzma support +License: LGPLv2+ +Requires: libknet1%{_isa} = %{version}-%{release} + +%description -n libknet1-compress-lzma-plugin + Provides lzma compression support for libknet1. + +%files -n libknet1-compress-lzma-plugin +%{_libdir}/kronosnet/compress_lzma.so +%endif + +%if %{with bzip2} +%package -n libknet1-compress-bzip2-plugin +Summary: Provides libknet1 bzip2 support +License: LGPLv2+ +Requires: libknet1%{_isa} = %{version}-%{release} + +%description -n libknet1-compress-bzip2-plugin + Provides bzip2 compression support for libknet1. + +%files -n libknet1-compress-bzip2-plugin +%{_libdir}/kronosnet/compress_bzip2.so +%endif + +%if %{with zstd} +%package -n libknet1-compress-zstd-plugin +Summary: Provides libknet1 zstd support +License: LGPLv2+ +Requires: libknet1%{_isa} = %{version}-%{release} + +%description -n libknet1-compress-zstd-plugin + Provides zstd compression support for libknet1. + +%files -n libknet1-compress-zstd-plugin +%{_libdir}/kronosnet/compress_zstd.so +%endif + +%package -n libknet1-crypto-plugins-all +Summary: Provides libknet1 crypto plugins meta package +License: LGPLv2+ +%if %{with nss} +Requires: libknet1-crypto-nss-plugin%{_isa} = %{version}-%{release} +%endif +%if %{with openssl} +Requires: libknet1-crypto-openssl-plugin%{_isa} = %{version}-%{release} +%endif + +%description -n libknet1-crypto-plugins-all + Provides meta package to install all of libknet1 crypto plugins + +%files -n libknet1-crypto-plugins-all + +%package -n libknet1-compress-plugins-all +Summary: Provides libknet1 compress plugins meta package +License: LGPLv2+ +%if %{with zlib} +Requires: libknet1-compress-zlib-plugin%{_isa} = %{version}-%{release} +%endif +%if %{with lz4} +Requires: libknet1-compress-lz4-plugin%{_isa} = %{version}-%{release} +%endif +%if %{with lzo2} +Requires: libknet1-compress-lzo2-plugin%{_isa} = %{version}-%{release} +%endif +%if %{with lzma} +Requires: libknet1-compress-lzma-plugin%{_isa} = %{version}-%{release} +%endif +%if %{with bzip2} +Requires: libknet1-compress-bzip2-plugin%{_isa} = %{version}-%{release} +%endif +%if %{with zstd} +Requires: libknet1-compress-zstd-plugin%{_isa} = %{version}-%{release} +%endif + +%description -n libknet1-compress-plugins-all + Meta package to install all of libknet1 compress plugins + +%files -n libknet1-compress-plugins-all + +%package -n libknet1-plugins-all +Summary: Provides libknet1 plugins meta package +License: LGPLv2+ +Requires: libknet1-compress-plugins-all%{_isa} = %{version}-%{release} +Requires: libknet1-crypto-plugins-all%{_isa} = %{version}-%{release} + +%description -n libknet1-plugins-all + Meta package to install all of libknet1 plugins + +%files -n libknet1-plugins-all + +%if %{with installtests} +%package -n kronosnet-tests +Summary: Provides kronosnet test suite +License: GPLv2+ +Requires: libknet1%{_isa} = %{version}-%{release} + +%description -n kronosnet-tests + This package contains all the libknet and libnozzle test suite. + +%files -n kronosnet-tests +%{_libdir}/kronosnet/tests/* +%endif + +%if %{with rpmdebuginfo} +%debug_package +%endif + +%changelog +* Mon Aug 09 2021 Mohan Boddu - 1.21-4 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Wed Jun 16 2021 Florian Weimer - 1.21-3 +- Rebuilt for RHEL 9 BETA for openssl 3.0 + Related: rhbz#1971065 + +* Thu May 13 2021 Christine Caulfield - 1.21-2 +- add -fstack-clash-protection to the build. For the CI + Resolves: rhbz#1954551 + +* Wed Apr 28 2021 Christine Caulfield - 1.21-1 +- Rebase to 1.21 to incorporate fixes for CI complaints & openssl3 + Resolves: rhbz#1954551 + +* Fri Apr 16 2021 Mohan Boddu - 1.20-3 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 1.20-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Oct 19 2020 Fabio M. Di Nitto - 1.20-1 +- New upstream release +- Fix TX/RX stats collections +- Minor test suite improvements +- Minor build fixes + +* Mon Aug 17 2020 Fabio M. Di Nitto - 1.19-1 +- New upstream release +- Add native support for openssl 3.0 (drop API COMPAT macros). +- Code cleanup of public APIs. Lots of lines of code moved around, no + functional changes. +- Removed kronosnetd unsupported code completely +- Removed unused poc-code from the source tree +- Make sure to initialize epoll events structures + +* Tue Jul 28 2020 Fedora Release Engineering - 1.18-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jul 14 2020 Fabio M. Di Nitto - 1.18-1 +- New upstream release +- Add ability to change crypto configuration at runtime without + restarting knet and without packet drop +- Add compatibility support for openssl 3.0 +- Add functional testing framework and new test cases +- Minor build fixes +- Fix BuildRequires to use libqb doxygen2man vs internal copy + +* Thu Apr 23 2020 Fabio M. Di Nitto - 1.16-1 +- New upstream release +- Fix major issues with SCTP transport +- Fix build with recent gcc +- Minor bug fixes +- Update BuildRequires now that libqb is used unconditionally + +* Wed Mar 04 2020 Fabio M. Di Nitto - 1.15-1 +- New upstream release +- Fix major interaction issues between stats gathering and PMTUd +- Fix UDP socket options that could lead to knet not being properly + functional +- Man pages updates +- Minor bug fixes + +* Fri Jan 31 2020 Fabio M. Di Nitto - 1.14-1 +- New upstream release +- Fixes several major issues with newer kernels +- Fix build with gcc10 + +* Wed Jan 29 2020 Fedora Release Engineering - 1.13-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Oct 16 2019 Fabio M. Di Nitto - 1.13-1 +- New upstream release +- Fixes more memory corruption problems on unstable networks. + +* Fri Sep 20 2019 Fabio M. Di Nitto - 1.12-1 +- New upstream release +- Fixes memory corruption problem on unstable networks. + +* Wed Aug 21 2019 Fabio M. Di Nitto - 1.11-1 +- New upstream release +- Fixes major issues with PMTUd implementation when used in combination with + crypto. + +* Thu Jul 25 2019 Fedora Release Engineering - 1.10-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Wed Jun 12 2019 Fabio M. Di Nitto - 1.10-1 +- New upstream release +- fix URL in spec file (rhbz#1708616) + +* Thu May 09 2019 Fabio M. Di Nitto - 1.9-1 +- New upstream release + +* Wed May 08 2019 Fabio M. Di Nitto - 1.8-2 +- Fix ldconfig scriptlet (Resolves rhbz#1699074) +- Cleanup .gitignore (Resolves rhbz#1699093) + +* Wed Apr 03 2019 Madison Kelly - 1.8-1 +- Updated to upstream release v1.8.