Tree - rpms/libreswan - CentOS Git server

rpms / libreswan

Blame SPECS/libreswan.spec

Blob History Raw

		d8e7ea	`%global _hardened_build 1`
		d8e7ea	`# These are rpm macros and are 0 or 1`
		d8e7ea	`%global with_efence 0`
		d8e7ea	`%global with_development 0`
		d8e7ea	`%global with_cavstests 1`
		f4989f	`# minimum version for support for rhbz#1651314`
		f4989f	`# should prob update for nss with IKEv1 quick mode support`
		14b573	`%global nss_version 3.53.1`
		f4989f	`%global unbound_version 1.6.6`
		d8e7ea	`%global libreswan_config \\\`
		d8e7ea	`FINALLIBEXECDIR=%{_libexecdir}/ipsec \\\`
		d8e7ea	`FINALMANDIR=%{_mandir} \\\`
		14b573	`FINALNSSDIR=%{_sysconfdir}/ipsec.d \\\`
		d8e7ea	`INITSYSTEM=systemd \\\`
		d8e7ea	`NSS_HAS_IPSEC_PROFILE=true \\\`
		14b573	`NSS_REQ_AVA_COPY=false \\\`
		14b573	`PREFIX=%{_prefix} \\\`
		f4989f	`PYTHON_BINARY=%{__python3} \\\`
		14b573	`SHELL_BINARY=%{_bindir}/sh \\\`
		d8e7ea	`USE_DNSSEC=true \\\`
		f4989f	`USE_FIPSCHECK=false \\\`
		d8e7ea	`USE_LABELED_IPSEC=true \\\`
		d8e7ea	`USE_LDAP=true \\\`
		d8e7ea	`USE_LIBCAP_NG=true \\\`
		d8e7ea	`USE_LIBCURL=true \\\`
		d8e7ea	`USE_LINUX_AUDIT=true \\\`
		d8e7ea	`USE_NM=true \\\`
		14b573	`USE_NSS_KDF=true \\\`
		d8e7ea	`USE_SECCOMP=true \\\`
		14b573	`USE_AUTHPAM=true \\\`
		f4989f	`USE_DH2=true \\\`
		d8e7ea	`%{nil}`
		d8e7ea
		d8e7ea	`#global prever rc1`
		d8e7ea
		d8e7ea	`Name: libreswan`
		d8e7ea	`Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols`
		d8e7ea	`# version is generated in the release script`
		084096	`Version: 4.9`
		14b573	`Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}`
		d8e7ea	`License: GPLv2`
		d8e7ea	`Url: https://libreswan.org/`
		f4989f
		d8e7ea	`Source0: https://download.libreswan.org/%{?prever:with_development/}%{name}-%{version}%{?prever}.tar.gz`
		d8e7ea	`%if 0%{with_cavstests}`
		d8e7ea	`Source1: https://download.libreswan.org/cavs/ikev1_dsa.fax.bz2`
		d8e7ea	`Source2: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2`
		d8e7ea	`Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2`
		d8e7ea	`%endif`
		d8e7ea
		14b573	`Patch1: libreswan-4.3-maintain-different-v1v2-split.patch`
		14b573	`Patch2: libreswan-3.32-1861360-nodefault-rsa-pss.patch`
		14b573	`Patch3: libreswan-4.1-maintain-obsolete-keywords.patch`
		e6177b	`Patch6: libreswan-4.3-1934186-config.patch`
		f4989f
		f4989f	`BuildRequires: audit-libs-devel`
		f4989f	`BuildRequires: bison`
		f4989f	`BuildRequires: curl-devel`
		f4989f	`BuildRequires: flex`
		14b573	`BuildRequires: gcc make`
		f4989f	`BuildRequires: ldns-devel`
		f4989f	`BuildRequires: libcap-ng-devel`
		d8e7ea	`BuildRequires: libevent-devel`
		d8e7ea	`BuildRequires: libseccomp-devel`
		d8e7ea	`BuildRequires: libselinux-devel`
		f4989f	`BuildRequires: nspr-devel`
		f4989f	`BuildRequires: nss-devel >= %{nss_version}`
		14b573	`BuildRequires: nss-tools`
		f4989f	`BuildRequires: openldap-devel`
		f4989f	`BuildRequires: pam-devel`
		f4989f	`BuildRequires: pkgconfig`
		f4989f	`BuildRequires: hostname`
		f4989f	`BuildRequires: redhat-rpm-config`
		f4989f	`BuildRequires: systemd-devel`
		f4989f	`BuildRequires: unbound-devel >= %{unbound_version}`
		f4989f	`BuildRequires: xmlto`
		d8e7ea	`%if 0%{with_efence}`
		d8e7ea	`BuildRequires: ElectricFence`
		d8e7ea	`%endif`
		d8e7ea	`Requires: iproute >= 2.6.8`
		f4989f	`Requires: nss >= %{nss_version}`
		f4989f	`Requires: nss-softokn`
		f4989f	`Requires: nss-tools`
		f4989f	`Requires: unbound-libs >= %{unbound_version}`
		f4989f	`Requires(post): bash`
		f4989f	`Requires(post): coreutils`
		f4989f	`Requires(post): systemd`
		f4989f	`Requires(preun): systemd`
		f4989f	`Requires(postun): systemd`
		d8e7ea
		d8e7ea	`%description`
		d8e7ea	`Libreswan is a free implementation of IKE/IPsec for Linux. IPsec is`
		d8e7ea	`the Internet Protocol Security and uses strong cryptography to provide`
		d8e7ea	`both authentication and encryption services. These services allow you`
		d8e7ea	`to build secure tunnels through untrusted networks. Everything passing`
		d8e7ea	`through the untrusted net is encrypted by the ipsec gateway machine and`
		d8e7ea	`decrypted by the gateway at the other end of the tunnel. The resulting`
		d8e7ea	`tunnel is a virtual private network or VPN.`
		d8e7ea
		d8e7ea	`This package contains the daemons and userland tools for setting up`
		d8e7ea	`Libreswan.`
		d8e7ea
		d8e7ea	`Libreswan also supports IKEv2 (RFC7296) and Secure Labeling`
		d8e7ea
		d8e7ea	`Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04`
		d8e7ea
		d8e7ea	`%prep`
		d8e7ea	`%setup -q -n libreswan-%{version}%{?prever}`
		6c3ab4	`%patch1 -p1`
		6c3ab4	`%patch2 -p1`
		6c3ab4	`%patch3 -p1`
		e6177b	`%patch6 -p1`
		d8e7ea
		d8e7ea	`# linking to freebl is not needed`
		d8e7ea	`sed -i "s/-lfreebl //" mk/config.mk`
		d8e7ea
		d8e7ea	`# enable crypto-policies support`
		14b573	`sed -i "s:#[ ]include $.$$/crypto-policies/back-ends/libreswan.config$$:include \1\2:" configs/ipsec.conf.in`
		d8e7ea
		d8e7ea	`%build`
		d8e7ea	`make %{?_smp_mflags} \`
		d8e7ea	`%if 0%{with_development}`
		f4989f	`OPTIMIZE_CFLAGS="%{?_hardened_cflags}" \`
		d8e7ea	`%else`
		f4989f	`OPTIMIZE_CFLAGS="%{optflags}" \`
		d8e7ea	`%endif`
		f4989f	`%if 0%{with_efence}`
		f4989f	`USE_EFENCE=true \`
		f4989f	`%endif`
		f4989f	`WERROR_CFLAGS="-Werror -Wno-missing-field-initializers" \`
		f4989f	`USERLINK="%{?__global_ldflags}" \`
		f4989f	`%{libreswan_config} \`
		f4989f	`programs`
		d8e7ea	`FS=$(pwd)`
		d8e7ea
		d8e7ea	`%install`
		d8e7ea	`make \`
		d8e7ea	`DESTDIR=%{buildroot} \`
		d8e7ea	`%{libreswan_config} \`
		d8e7ea	`install`
		d8e7ea	`FS=$(pwd)`
		d8e7ea	`rm -rf %{buildroot}/usr/share/doc/libreswan`
		f4989f	`rm -rf %{buildroot}%{_libexecdir}/ipsec/*check`
		d8e7ea
		d8e7ea	`install -d -m 0755 %{buildroot}%{_rundir}/pluto`
		d8e7ea	`install -d %{buildroot}%{_sbindir}`
		d8e7ea
		d8e7ea	`install -d %{buildroot}%{_sysconfdir}/sysctl.d`
		d8e7ea	`install -m 0644 packaging/fedora/libreswan-sysctl.conf \`
		d8e7ea	`%{buildroot}%{_sysconfdir}/sysctl.d/50-libreswan.conf`
		d8e7ea
		d8e7ea	`echo "include %{_sysconfdir}/ipsec.d/*.secrets" \`
		d8e7ea	`> %{buildroot}%{_sysconfdir}/ipsec.secrets`
		d8e7ea	`rm -fr %{buildroot}%{_sysconfdir}/rc.d/rc*`
		d8e7ea
		d8e7ea	`%if 0%{with_cavstests}`
		d8e7ea	`%check`
		d8e7ea	`# There is an elaborate upstream testing infrastructure which we do not`
		d8e7ea	`# run here - it takes hours and uses kvm`
		d8e7ea	`# We only run the CAVS tests.`
		d8e7ea	`cp %{SOURCE1} %{SOURCE2} %{SOURCE3} .`
		d8e7ea	`bunzip2 *.fax.bz2`
		d8e7ea
		d8e7ea	`: starting CAVS test for IKEv2`
		d8e7ea	`%{buildroot}%{_libexecdir}/ipsec/cavp -v2 ikev2.fax \| \`
		d8e7ea	`diff -u ikev2.fax - > /dev/null`
		d8e7ea	`: starting CAVS test for IKEv1 RSASIG`
		d8e7ea	`%{buildroot}%{_libexecdir}/ipsec/cavp -v1dsa ikev1_dsa.fax \| \`
		d8e7ea	`diff -u ikev1_dsa.fax - > /dev/null`
		d8e7ea	`: starting CAVS test for IKEv1 PSK`
		d8e7ea	`%{buildroot}%{_libexecdir}/ipsec/cavp -v1psk ikev1_psk.fax \| \`
		d8e7ea	`diff -u ikev1_psk.fax - > /dev/null`
		d8e7ea	`: CAVS tests passed`
		d8e7ea
		d8e7ea	`# Some of these tests will show ERROR for negative testing - it will exit on real errors`
		d8e7ea	`%{buildroot}%{_libexecdir}/ipsec/algparse -tp \|\| { echo prooposal test failed; exit 1; }`
		d8e7ea	`%{buildroot}%{_libexecdir}/ipsec/algparse -ta \|\| { echo algorithm test failed; exit 1; }`
		d8e7ea	`: Algorithm parser tests passed`
		d8e7ea
		d8e7ea	`# self test for pluto daemon - this also shows which algorithms it allows in FIPS mode`
		d8e7ea	`tmpdir=$(mktemp -d /tmp/libreswan-XXXXX)`
		d8e7ea	`certutil -N -d sql:$tmpdir --empty-password`
		d8e7ea	`%{buildroot}%{_libexecdir}/ipsec/pluto --selftest --nssdir $tmpdir --rundir $tmpdir`
		d8e7ea	`: pluto self-test passed - verify FIPS algorithms allowed is still compliant with NIST`
		d8e7ea
		d8e7ea	`%endif`
		d8e7ea
		d8e7ea	`%post`
		d8e7ea	`%systemd_post ipsec.service`
		d8e7ea
		d8e7ea	`%preun`
		d8e7ea	`%systemd_preun ipsec.service`
		d8e7ea
		d8e7ea	`%postun`
		d8e7ea	`%systemd_postun_with_restart ipsec.service`
		d8e7ea
		d8e7ea	`%files`
		d8e7ea	`%doc CHANGES COPYING CREDITS README* LICENSE`
		d8e7ea	`%doc docs/. docs/examples`
		d8e7ea	`%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.conf`
		d8e7ea	`%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ipsec.secrets`
		d8e7ea	`%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d`
		d8e7ea	`%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/policies`
		d8e7ea	`%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/policies/*`
		d8e7ea	`%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysctl.d/50-libreswan.conf`
		d8e7ea	`%attr(0755,root,root) %dir %{_rundir}/pluto`
		d8e7ea	`%attr(0644,root,root) %{_tmpfilesdir}/libreswan.conf`
		d8e7ea	`%attr(0644,root,root) %{_unitdir}/ipsec.service`
		d8e7ea	`%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/pluto`
		14b573	`%config(noreplace) %{_sysconfdir}/logrotate.d/libreswan`
		d8e7ea	`%{_sbindir}/ipsec`
		d8e7ea	`%{_libexecdir}/ipsec`
		d8e7ea	`%attr(0644,root,root) %doc %{_mandir}//`
		d8e7ea
		d8e7ea	`%changelog`
		084096	`* Mon Jan 9 2023 Daiki Ueno <dueno@redhat.com> - 4.9-1`
		084096	`- Resolves: rhbz#2128672 Rebase libreswan to 4.9`
		084096	`- Remove libreswan-4.4-ikev1-disable-diagnostics.patch no longer necessary`
		084096
		44718f	`* Thu Jan 13 2022 Daiki Ueno <dueno@redhat.com> - 4.5-1`
		44718f	`- Resolves: rhbz#2017352 Rebase libreswan to 4.5`
		44718f	`- Resolves: rhbz#2036903 ikev1: disable diagnostics logging on receiving malformed packets`
		44718f
		e6177b	`* Wed May 26 2021 Daiki Ueno <dueno@redhat.com> - 4.4-1`
		e6177b	`- Resolves: rhbz#1958968 Rebase libreswan to 4.4`
		e6177b	`- Resolves: rhbz#1954423 Libreswan: TS_UNACCEPTABLE on multiple connections between the same peers`
		e6177b
		e6177b	`* Thu Mar 04 2021 Paul Wouters <pwouters@redhat.com> - 4.3-3`
		e6177b	`- Resolves: rhbz#1933064 - IKEv2 support for Labeled IPsec`
		e6177b	`- Resolves: rhbz#1935150 RFE: Support IKE and ESP over TCP: RFC 8229`
		e6177b	`- Resolves: rhbz#1935339 virtual_private setting is missing in the default config`
		e6177b
		14b573	`* Sun Feb 21 2021 Paul Wouters <pwouters@redhat.com> - 4.3-1`
		14b573	`- Resolves: rhbz#1025061 - IKEv2 support for Labeled IPsec [update]`
		14b573
		14b573	`* Thu Feb 04 2021 Paul Wouters <pwouters@redhat.com> - 4.2-1`
		14b573	`- Resolves: rhbz#1891128 [Rebase] rebase libreswan to 4.2`
		14b573	`- Resolves: rhbz#1025061 - IKEv2 support for Labeled IPsec`
		14b573
		14b573	`* Tue Oct 27 22:11:42 EDT 2020 Paul Wouters <pwouters@redhat.com> - 4.1-1`
		14b573	`- Resolves: rhbz#1891128 [Rebase] rebase libreswan to 4.1`
		14b573	`- Resolves: rhbz#1889836 libreswan: add 3.x compat patches for obsoleted/removed keywords of 4.0 and re-port ikev2= patch`
		14b573
		14b573	`* Wed Jul 29 2020 Paul Wouters <pwouters@redhat.com> - 3.32-6`
		14b573	`- Resolves: rhbz#1861360 authby=rsasig must not imply usage of rsa-pss`
		14b573
		14b573	`* Wed Jul 22 2020 Paul Wouters <pwouters@redhat.com> - 3.32-5`
		14b573	`- Resolves: rhbz#1820206 Rebase to libreswan 3.32 [rebuild for USE_NSS_PRF]`
		14b573
		14b573	`* Wed Jul 01 2020 Paul Wouters <pwouters@redhat.com> - 3.32-4`
		14b573	`- Resolves: rhbz#1544463 ipsec service does not work correctly when seccomp filtering is enabled`
		14b573
		f4989f	`* Wed Jun 17 2020 Paul Wouters <pwouters@redhat.com> - 3.32-3`
		f4989f	`- Resolves: rhbz#1842597 regression: libreswan does not send PLUTO_BYTES env variables to updown script`
		f4989f	`- Resolves: rhbz#1847766 subsequent xfrmi interfaces configured outside of libreswan are not recognised properly`
		f4989f	`- Resolves: rhbz#1840212 protect libreswan against unannounced nss ABI change`
		f4989f
		f4989f	`* Thu Jun 11 2020 Paul Wouters <pwouters@redhat.com> - 3.32-2`
		f4989f	`- Resolves: rhbz#1820206 Rebase to libreswan 3.32 [addconn fix]`
		f4989f
		f4989f	`* Thu Apr 30 2020 Paul Wouters <pwouters@redhat.com> - 3.32-1`
		f4989f	`- Resolves: rhbz#1820206 Rebase to libreswan 3.32`
		f4989f	`- Resolves: rhbz#1816265 Use NSS to check whether FIPS mode is enabled`
		f4989f	`- Resolves: rhbz#1826337 libreswan in FIPS mode rejects ECDSA keys based on faulty RSA key size check being applied`
		f4989f
		6c3ab4	`* Tue Aug 13 2019 Paul Wouters <pwouters@redhat.com> - 3.29-6`
		6c3ab4	`- Resolves: rhbz#1714331 support NSS based IKE KDF's [require updated nss for rhbz 1738689, memleak fix]`
		6c3ab4
		6c3ab4	`* Thu Aug 08 2019 Paul Wouters <pwouters@redhat.com> - 3.29-5`
		6c3ab4	`- Resolves: rhbz#1714331 support NSS based IKE KDF's so libreswan does not need FIPS certification`
		6c3ab4
		6c3ab4	`* Thu Aug 01 2019 Paul Wouters <pwouters@redhat.com> - 3.29-4`
		6c3ab4	`- Resolves: rhbz#1699318 'ipsec show' has python3 invalid syntax`
		6c3ab4
		6c3ab4	`* Thu Jul 04 2019 Paul Wouters <pwouters@redhat.com> - 3.29-3`
		6c3ab4	`- Resolves: rhbz#1725205 XFRM policy for OE/32 peer is deleted when shunts for previous half-open state expire`
		6c3ab4
		6c3ab4	`* Thu Jun 27 2019 Paul Wouters <pwouters@redhat.com> - 3.29-2`
		6c3ab4	`- Resolves: rhbz#1723957 libreswan is missing linux audit calls for failed IKE SAs and failed IPsec SAs required for Common Criteria`
		6c3ab4
		d8e7ea	`* Mon Jun 10 2019 Paul Wouters <pwouters@redhat.com> - 3.29-1`
		d8e7ea	`- Resolves: rhbz#1712555 libreswan rebase to 3.29`
		d8e7ea
		d8e7ea	`* Tue May 28 2019 Paul Wouters <pwouters@redhat.com> - 3.28-2`
		d8e7ea	`- Resolves: rhbz#1713734: barf: shell syntax error in barf diagnostic tool`
		d8e7ea
		d8e7ea	`* Tue May 21 2019 Paul Wouters <pwouters@redhat.com> - 3.28-1`
		d8e7ea	`- Resolves: rhbz#1712555 libreswan rebase to 3.28`
		d8e7ea	`- Resolves: rhbz#1683706 Libreswan shows incorrect error messages`
		d8e7ea	`- Resolves: rhbz#1706180 Remove last usage of old (unused) PF_KEY API`
		d8e7ea	`- Resolves: rhbz#1677045 Opportunistic IPsec instances of /32 groups or auto=start that receive delete won't restart`
		d8e7ea	`- Resolves: rhbz#1686990 IKEv1 traffic interruption when responder deletes SAs 60 seconds before EVENT_SA_REPLACE`
		d8e7ea	`- Resolves: rhbz#1608353 /usr/sbin/ipsec part of the libreswan packages still invokes commands that were deprecated a decade ago`
		d8e7ea	`- Resolves: rhbz#1699318 'ipsec show' has python3 invalid syntax`
		d8e7ea	`- Resolves: rhbz#1679394 libreswan using NSS IPsec profiles regresses when critical flags are set causing validation failure`
		d8e7ea
		d8e7ea	`* Thu Feb 21 2019 Paul Wouters <pwouters@redhat.com> - 3.27-9`
		d8e7ea	`- Resolves: rhbz#1648776 limit connections to be ikev1only or ikev2only and make ikev2only the default [man page update]`
		d8e7ea
		d8e7ea	`* Fri Feb 15 2019 Paul Wouters <pwouters@redhat.com> - 3.27-8`
		d8e7ea	`- Resolves: rhbz#1664101 system wide crypto policies causing IKE_INIT packet fragmentation`
		d8e7ea
		d8e7ea	`* Tue Feb 05 2019 Paul Wouters <pwouters@redhat.com> - 3.27-7`
		d8e7ea	`- Resolves: rhbz#1671793 proessing ISAKMP_NEXT_D with additional payloads causes dangling pointer to deleted state`
		d8e7ea
		d8e7ea	`* Fri Feb 01 2019 Paul Wouters <pwouters@redhat.com> - 3.27-6`
		d8e7ea	`- Resolves: rhbz#1668342 SELinux prevents libreswan from using some outbound ports causing DNS resolution failures at connection at load time`
		d8e7ea
		d8e7ea	`* Thu Jan 10 2019 Paul Wouters <pwouters@redhat.com> - 3.27-5`
		d8e7ea	`- Resolves: rhbz#1664522 libreswan 3.25 in FIPS mode is incorrectly rejecting X.509 public keys that are >= 3072 bits`
		d8e7ea
		d8e7ea	`* Mon Dec 10 2018 Paul Wouters <pwouters@redhat.com> - 3.27-4`
		d8e7ea	`- Resolves: rhbz#1657846 libreswan no longer needs to provide openswan in rhel8`
		d8e7ea	`- Resolves: rhbz#1643388 libreswan: Unable to verify certificate with non-empty Extended Key Usage which does not include serverAuth or clientAuth`
		d8e7ea	`- Resolves: rhbz#1657854 remove userland support for deprecated KLIPS IPsec stack support`
		d8e7ea
		d8e7ea	`* Sun Dec 09 2018 Paul Wouters <pwouters@redhat.com> - 3.27-3`
		d8e7ea	`- Resolves: rhbz#1648776 limit connections to be ikev1only or ikev2only and make ikev2only the default`
		d8e7ea
		d8e7ea	`* Thu Nov 08 2018 Paul Wouters <pwouters@redhat.com> - 3.27-2`
		d8e7ea	`- Resolves: rhbz#1645137 Libreswan segfaults when it loads configuration file with more then 5 connections`
		d8e7ea
		d8e7ea	`* Mon Oct 08 2018 Paul Wouters <pwouters@redhat.com> - 3.27-1`
		d8e7ea	`- Resolves: rhbz#1566574 Rebase to libreswan 3.27`
		d8e7ea
		d8e7ea	`* Mon Sep 17 2018 Paul Wouters <pwouters@redhat.com> - 3.26-1`
		d8e7ea	`- Resolves: rhbz#1566574 Rebase to libreswan 3.26`
		d8e7ea	`- Resolves: rhbz#1527037 libreswan IPSEC implementation: should follow the policies of system-wide crypto policy`
		d8e7ea	`- Resolves: rhbz#1375779 [IKEv2 Conformance] Test IKEv2.EN.R.1.1.6.7: Sending INVALID_KE_PAYLOAD failed`
		d8e7ea	`- Resolves: rhbz#1085758 [TAHI][IKEv2] IKEv2.EN.I.1.2.1.1: Can't observe CREATE_CHILD_SA request for rekey`
		d8e7ea	`- Resolves: rhbz#1053048 [TAHI][IKEv2] IKEv2.EN.I.1.2.4.1-7: libreswan doesn't sent CREATE_CHILD_SA after IKE_SA Lifetime timeout`
		d8e7ea
		d8e7ea	`* Mon Aug 13 2018 Paul Wouters <pwouters@redhat.com> - 3.25-4`
		d8e7ea	`- Resolves: rhbz#1590823 libreswan: Use Python 3 in RHEL 8`
		d8e7ea
		d8e7ea	`* Wed Aug 01 2018 Charalampos Stratakis <cstratak@redhat.com> - 3.25-3.1`
		d8e7ea	`- Rebuild for platform-python`
		d8e7ea
		d8e7ea	`* Mon Jul 09 2018 Paul Wouters <pwouters@redhat.com> - 3.25-3`
		d8e7ea	`- Cleanup shebangs for python3`
		d8e7ea	`- Use the same options via macro for make programs and make install`
		d8e7ea	`- Remove old ifdefs`
		d8e7ea	`- Sync up patches to new upstream version`
		d8e7ea	`- Add Requires: for unbound-libs >= 1.6.6`
		d8e7ea	`- Enable crypto-policies support`
		d8e7ea	`- Make rundir world readable for easier permission granting for socket`
		d8e7ea
		d8e7ea	`* Tue Jun 26 2018 Charalampos Stratakis <cstratak@redhat.com> - 3.23-2.2`
		d8e7ea	`- Make python shebangs point to python3`
		d8e7ea
		d8e7ea	`* Fri Jun 22 2018 Troy Dawson <tdawson@redhat.com> - 3.23-2.1`
		d8e7ea	`- Fix python shebangs (#1580773)`
		d8e7ea
		d8e7ea	`* Mon Feb 19 2018 Paul Wouters <pwouters@redhat.com> - 3.23-2`
		d8e7ea	`- Support crypto-policies package`
		d8e7ea	`- Pull in some patches from upstream and IANA registry updates`
		d8e7ea	`- gcc7 format-truncate fixes and workarounds`
		d8e7ea
		d8e7ea	`* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.23-1.1`
		d8e7ea	`- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild`
		d8e7ea
		d8e7ea	`* Thu Jan 25 2018 Paul Wouters <pwouters@redhat.com> - 3.23-1`
		d8e7ea	`- Updated to 3.23 - support for MOBIKE, PPK, CMAC, nic offload and performance improvements`
		d8e7ea
		d8e7ea	`* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 3.22-1.1`
		d8e7ea	`- Rebuilt for switch to libxcrypt`
		d8e7ea
		d8e7ea	`* Mon Oct 23 2017 Paul Wouters <pwouters@redhat.com> - 3.22-1`
		d8e7ea	`- Updated to 3.22 - many bugfixes, and unbound ipsecmod support`
		d8e7ea
		d8e7ea	`* Wed Aug 9 2017 Paul Wouters <pwouters@redhat.com> - 3.21-1`
		d8e7ea	`- Updated to 3.21`
		d8e7ea
		d8e7ea	`* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.20-1.2`
		d8e7ea	`- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild`
		d8e7ea
		d8e7ea	`* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.20-1.1`
		d8e7ea	`- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild`
		d8e7ea
		d8e7ea	`* Tue Mar 14 2017 Paul Wouters <pwouters@redhat.com> - 3.20-1`
		d8e7ea	`- Updated to 3.20`
		d8e7ea
		d8e7ea	`* Fri Mar 03 2017 Paul Wouters <pwouters@redhat.com> - 3.20-0.1.dr4`
		d8e7ea	`- Update to 3.20dr4 to test mozbz#1336487 export CERT_CompareAVA`
		d8e7ea
		d8e7ea	`* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.19-1.1`
		d8e7ea	`- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild`
		d8e7ea
		d8e7ea	`* Fri Feb 03 2017 Paul Wouters <pwouters@redhat.com> - 3.19-2`
		d8e7ea	`- Resolves: rhbz#1392191 libreswan: crash when OSX client connects`
		d8e7ea	`- Improved uniqueid and session replacing support`
		d8e7ea	`- Test Buffer warning fix on size_t`
		d8e7ea	`- Re-introduce --configdir for backwards compatibility`
		d8e7ea
		d8e7ea	`* Sun Jan 15 2017 Paul Wouters <pwouters@redhat.com> - 3.19-1`
		d8e7ea	`- Updated to 3.19 (see download.libreswan.org/CHANGES)`
		d8e7ea
		d8e7ea	`* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 3.18-1.1`
		d8e7ea	`- Rebuild for Python 3.6`
		d8e7ea
		d8e7ea	`* Fri Jul 29 2016 Paul Wouters <pwouters@redhat.com> - 3.18-1`
		d8e7ea	`- Updated to 3.18 for CVE-2016-5391 rhbz#1361164 and VTI support`
		d8e7ea	`- Remove support for /etc/sysconfig/pluto (use native systemd instead)`
		d8e7ea
		d8e7ea	`* Thu May 05 2016 Paul Wouters <pwouters@redhat.com> - 3.17-2`
		d8e7ea	`- Resolves: rhbz#1324956 prelink is gone, /etc/prelink.conf.d/* is no longer used`
		d8e7ea
		d8e7ea	`* Thu Apr 07 2016 Paul Wouters <pwouters@redhat.com> - 3.17-1`
		d8e7ea	`- Updated to 3.17 for CVE-2016-3071`
		d8e7ea	`- Disable LIBCAP_NG as it prevents unbound-control from working properly`
		d8e7ea	`- Temporarilly disable WERROR due to a few minor known issues`
		d8e7ea
		d8e7ea	`* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 3.16-1.1`
		d8e7ea	`- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild`
		d8e7ea
		d8e7ea	`* Fri Dec 18 2015 Paul Wouters <pwouters@redhat.com> - 3.16-1`
		d8e7ea	`- Updated to 3.16 (see https://download.libreswan.org/CHANGES)`
		d8e7ea
		d8e7ea	`* Tue Aug 11 2015 Paul Wouters <pwouters@redhat.com> - 3.15-1`
		d8e7ea	`- Updated to 3.15 (see http://download.libreswan.org/CHANGES)`
		d8e7ea	`- Resolves: rhbz#CVE-2015-3240 IKE daemon restart when receiving a bad DH gx`
		d8e7ea	`- NSS database creation moved from spec file to service file`
		d8e7ea	`- Run CAVS tests on package build`
		d8e7ea	`- Added BuildRequire systemd-units and xmlto`
		d8e7ea	`- Bumped minimum required nss to 3.16.1`
		d8e7ea	`- Install tmpfiles`
		d8e7ea	`- Install sysctl file`
		d8e7ea	`- Update doc files to include`
		d8e7ea
		d8e7ea	`* Mon Jul 13 2015 Paul Wouters <pwouters@redhat.com> - 3.13-2`
		d8e7ea	`- Resolves: rhbz#1238967 Switch libreswan to use python3`
		d8e7ea
		d8e7ea	`* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.13-1.1`
		d8e7ea	`- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild`
		d8e7ea
		d8e7ea	`* Mon Jun 01 2015 Paul Wouters <pwouters@redhat.com> - 3.13-1`
		d8e7ea	`- Updated to 3.13 for CVE-2015-3204`
		d8e7ea
		d8e7ea	`* Fri Nov 07 2014 Paul Wouters <pwouters@redhat.com> - 3.12-1`
		d8e7ea	`- Updated to 3.12 Various IKEv2 fixes`
		d8e7ea
		d8e7ea	`* Wed Oct 22 2014 Paul Wouters <pwouters@redhat.com> - 3.11-1`
		d8e7ea	`- Updated to 3.11 (many fixes, including startup fixes)`
		d8e7ea	`- Resolves: rhbz#1144941 libreswan 3.10 upgrade breaks old ipsec.secrets configs`
		d8e7ea	`- Resolves: rhbz#1147072 ikev1 aggr mode connection fails after libreswan upgrade`
		d8e7ea	`- Resolves: rhbz#1144831 Libreswan appears to start with systemd before all the NICs are up and running`
		d8e7ea
		d8e7ea	`* Tue Sep 09 2014 Paul Wouters <pwouters@redhat.com> - 3.10-3`
		d8e7ea	`- Fix some coverity issues, auto=route on bootup and snprintf on 32bit machines`
		d8e7ea
		d8e7ea	`* Mon Sep 01 2014 Paul Wouters <pwouters@redhat.com> - 3.10-1`
		d8e7ea	`- Updated to 3.10, major bugfix release, new xauth status options`
		d8e7ea
		d8e7ea	`* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.9-1.1`
		d8e7ea	`- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild`
		d8e7ea
		d8e7ea	`* Thu Jul 10 2014 Paul Wouters <pwouters@redhat.com> - 3.9-1`
		d8e7ea	`- Updated to 3.9. IKEv2 enhancements, ESP/IKE algo enhancements`
		d8e7ea	`- Mark libreswan-fips.conf as config file`
		d8e7ea	`- attr modifier for man pages no longer needed`
		d8e7ea	`- BUGS file no longer exists upstream`
		d8e7ea
		d8e7ea	`* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.8-1.1`
		d8e7ea	`- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild`
		d8e7ea
		d8e7ea	`* Sat Jan 18 2014 Paul Wouters <pwouters@redhat.com> - 3.8-1`
		d8e7ea	`- Updated to 3.8, fixes rhbz#CVE-2013-6467 (rhbz#1054102)`
		d8e7ea
		d8e7ea	`* Wed Dec 11 2013 Paul Wouters <pwouters@redhat.com> - 3.7-1`
		d8e7ea	`- Updated to 3.7, fixes CVE-2013-4564`
		d8e7ea	`- Fixes creating a bogus NSS db on startup (rhbz#1005410)`
		d8e7ea
		d8e7ea	`* Thu Oct 31 2013 Paul Wouters <pwouters@redhat.com> - 3.6-1`
		d8e7ea	`- Updated to 3.6 (IKEv2, MODECFG, Cisco interop fixes)`
		d8e7ea	`- Generate empty NSS db if none exists`
		d8e7ea
		d8e7ea	`* Mon Aug 19 2013 Paul Wouters <pwouters@redhat.com> - 3.5-3`
		d8e7ea	`- Add a Provides: for openswan-doc`
		d8e7ea
		d8e7ea	`* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5-1.1`
		d8e7ea	`- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild`
		d8e7ea
		d8e7ea	`* Mon Jul 15 2013 Paul Wouters <pwouters@redhat.com> - 3.5-2`
		d8e7ea	`- Added interop patch for (some?) Cisco VPN clients sending 16 zero`
		d8e7ea	`bytes of extraneous IKE data`
		d8e7ea	`- Removed fipscheck_version`
		d8e7ea
		d8e7ea	`* Sat Jul 13 2013 Paul Wouters <pwouters@redhat.com> - 3.5-1`
		d8e7ea	`- Updated to 3.5`
		d8e7ea
		d8e7ea	`* Thu Jun 06 2013 Paul Wouters <pwouters@redhat.com> - 3.4-1`
		d8e7ea	`- Updated to 3.4, which only contains style changes to kernel coding style`
		d8e7ea	`- IN MEMORIAM: June 3rd, 2013 Hugh Daniel`
		d8e7ea
		d8e7ea	`* Mon May 13 2013 Paul Wouters <pwouters@redhat.com> - 3.3-1`
		d8e7ea	`- Updated to 3.3, which resolves CVE-2013-2052`
		d8e7ea
		d8e7ea	`* Sat Apr 13 2013 Paul Wouters <pwouters@redhat.com> - 3.2-1`
		d8e7ea	`- Initial package for Fedora`

rpms / libreswan

Source Code

Blame SPECS/libreswan.spec