jengelh/strongswan
SHA256
1
0
Fork 0
forked from pool/strongswan
Code Pull Requests Activity

Accepting request 239460 from home:msmeissn:branches:network:vpn

Browse Source 
- disable gcrypt plugin by default, so it will only use openssl
  FATE#316931
- enable fips mode 2

OBS-URL: https://build.opensuse.org/request/show/239460
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=70
This commit is contained in:
Tomáš Chvátal 2014-07-10 12:59:35 +00:00 committed by Git OBS Bridge
parent ff86b72d5b
commit 3645b48ec5
3 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
strongswan-fips-disablegcrypt.patch Normal file
View File

@ -0,0 +1,13 @@
Index: strongswan-5.1.3/conf/plugins/gcrypt.conf
===================================================================
--- strongswan-5.1.3.orig/conf/plugins/gcrypt.conf
+++ strongswan-5.1.3/conf/plugins/gcrypt.conf
@@ -2,7 +2,7 @@ gcrypt {
# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
- load = yes
+ load = no
# Use faster random numbers in gcrypt; for testing only, produces weak keys!
# quick_random = no

7
strongswan.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Thu Jul 3 13:39:45 UTC 2014 - meissner@suse.com
- disable gcrypt plugin by default, so it will only use openssl
FATE#316931
- enable fips mode 2
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jun 20 17:38:07 UTC 2014 - crrodriguez@opensuse.org Fri Jun 20 17:38:07 UTC 2014 - crrodriguez@opensuse.org

3
strongswan.spec
View File

@ -63,6 +63,7 @@ Source4: README.SUSE
Source5: %{name}.keyring Source5: %{name}.keyring
Patch1: %{name}_modprobe_syslog.patch Patch1: %{name}_modprobe_syslog.patch
Patch2: %{name}_ipsec_service.patch Patch2: %{name}_ipsec_service.patch
Patch3: %{name}-fips-disablegcrypt.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: bison BuildRequires: bison
BuildRequires: curl-devel BuildRequires: curl-devel
@ -243,6 +244,7 @@ and the load testing plugin for IKEv2 daemon.
%setup -q -n %{name}-%{upstream_version} %setup -q -n %{name}-%{upstream_version}
%patch1 -p0 %patch1 -p0
%patch2 -p0 %patch2 -p0
%patch3 -p1
sed -e 's|@libexecdir@|%_libexecdir|g' \ sed -e 's|@libexecdir@|%_libexecdir|g' \
< $RPM_SOURCE_DIR/strongswan.init.in \ < $RPM_SOURCE_DIR/strongswan.init.in \
> strongswan.init > strongswan.init
@ -257,6 +259,7 @@ export RPM_OPT_FLAGS CFLAGS
--enable-integrity-test \ --enable-integrity-test \
--with-capabilities=libcap \ --with-capabilities=libcap \
--with-plugindir=%{strongswan_plugins} \ --with-plugindir=%{strongswan_plugins} \
--with-fips=2 \
--with-resolv-conf=%{_rundir}/%{name}/resolv.conf \ --with-resolv-conf=%{_rundir}/%{name}/resolv.conf \
--with-piddir=%{_rundir}/%{name} \ --with-piddir=%{_rundir}/%{name} \
--enable-pkcs11 \ --enable-pkcs11 \