From ac410aae9dda7ec398a080652e3b9e8538dd421c Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 04 2020 00:58:55 +0000 Subject: import libreswan-3.32-7.el8_3 --- diff --git a/SOURCES/libreswan-3.32-1880466-labeled-ipsec.patch b/SOURCES/libreswan-3.32-1880466-labeled-ipsec.patch new file mode 100644 index 0000000..fe22d8d --- /dev/null +++ b/SOURCES/libreswan-3.32-1880466-labeled-ipsec.patch @@ -0,0 +1,25 @@ +diff -Naur libreswan-3.32-orig/lib/libipsecconf/starterwhack.c libreswan-3.32/lib/libipsecconf/starterwhack.c +--- libreswan-3.32-orig/lib/libipsecconf/starterwhack.c 2020-05-11 10:13:41.000000000 -0400 ++++ libreswan-3.32/lib/libipsecconf/starterwhack.c 2020-09-24 10:01:14.275131341 -0400 +@@ -663,7 +663,7 @@ + #endif + + #ifdef HAVE_LABELED_IPSEC +- if (conn->options_set[KSCF_POLICY_LABEL]) { ++ if (conn->strings_set[KSCF_POLICY_LABEL]) { + msg.policy_label = conn->policy_label; + starter_log(LOG_LEVEL_DEBUG, "conn: \"%s\" policy_label=%s", + conn->name, msg.policy_label); +diff -Naur libreswan-3.32-orig/programs/pluto/ikev1_spdb_struct.c libreswan-3.32/programs/pluto/ikev1_spdb_struct.c +--- libreswan-3.32-orig/programs/pluto/ikev1_spdb_struct.c 2020-05-11 10:13:41.000000000 -0400 ++++ libreswan-3.32/programs/pluto/ikev1_spdb_struct.c 2020-09-24 10:01:31.996278599 -0400 +@@ -59,8 +59,7 @@ + #include "nat_traversal.h" + + +-#ifndef USE_LABELED_IPSEC +- ++#ifndef HAVE_LABELED_IPSEC + static bool parse_secctx_attr(pb_stream *pbs UNUSED, struct state *st UNUSED) + { + /* diff --git a/SPECS/libreswan.spec b/SPECS/libreswan.spec index e256104..1e2f78b 100644 --- a/SPECS/libreswan.spec +++ b/SPECS/libreswan.spec @@ -38,7 +38,7 @@ Name: libreswan Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols # version is generated in the release script Version: 3.32 -Release: %{?prever:0.}6%{?prever:.%{prever}}%{?dist} +Release: %{?prever:0.}7%{?prever:.%{prever}}%{?dist} License: GPLv2 Url: https://libreswan.org/ @@ -56,7 +56,7 @@ Patch4: libreswan-3.32-1847766-xfrmi.patch Patch5: libreswan-3.32-1840212-nss-gcm.patch Patch6: libreswan-3.32-1544463-seccomp.patch Patch7: libreswan-3.32-1861360-nodefault-rsa-pss.patch - +Patch8: libreswan-3.32-1880466-labeled-ipsec.patch BuildRequires: audit-libs-devel BuildRequires: bison @@ -118,6 +118,7 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04 %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 pathfix.py -i %{__python3} -pn testing/cert_verify/usage_test \ testing/pluto/ikev1-01-fuzzer/cve-2015-3204.py \ @@ -231,6 +232,9 @@ certutil -N -d sql:$tmpdir --empty-password %attr(0644,root,root) %doc %{_mandir}/*/* %changelog +* Thu Sep 24 10:03:36 EDT 2020 Paul Wouters - 3.32-7 +- Resolves: rhbz#1882449 Labeled IPsec not working [rhel-8.3.0.z] + * Wed Jul 29 2020 Paul Wouters - 3.32-6 - Resolves: rhbz#1861360 authby=rsasig must not imply usage of rsa-pss