diff --git a/0001-openssl-Ensure-the-thread-ID-is-never-zero.patch b/0001-openssl-Ensure-the-thread-ID-is-never-zero.patch deleted file mode 100644 index c051d0d..0000000 --- a/0001-openssl-Ensure-the-thread-ID-is-never-zero.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 901dbc1077f6c9bd29369cad848bc79a29c1a65b Mon Sep 17 00:00:00 2001 -From: Tobias Brunner -Date: Sat, 30 Jun 2012 10:05:41 +0200 -Subject: [PATCH] openssl: Ensure the thread ID is never zero - -This might otherwise cause problems because OpenSSL tries to lock -mutexes recursively if it assumes the lock is held by a different -thread e.g. during FIPS initialization. ---- - src/libstrongswan/plugins/openssl/openssl_plugin.c | 4 +++- - 1 files changed, 3 insertions(+), 1 deletions(-) - -diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c -index 5a11412..7daa92b 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_plugin.c -+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c -@@ -129,7 +129,9 @@ static void destroy_function(struct CRYPTO_dynlock_value *lock, - */ - static unsigned long id_function(void) - { -- return (unsigned long)thread_current_id(); -+ /* ensure the thread ID is never zero, otherwise OpenSSL might try to -+ * acquire locks recursively */ -+ return 1 + (unsigned long)thread_current_id(); - } - - /** --- -1.7.7 - diff --git a/strongswan-4.6.4-fmt-warnings.patch b/strongswan-4.6.4-fmt-warnings.patch deleted file mode 100644 index 88db609..0000000 --- a/strongswan-4.6.4-fmt-warnings.patch +++ /dev/null @@ -1,31 +0,0 @@ ---- src/checksum/checksum_builder.c -+++ src/checksum/checksum_builder.c 2012/02/15 13:08:35 -@@ -64,9 +64,9 @@ static void build_checksum(char *path, c - fprintf(stderr, "dlopen failed: %s\n", dlerror()); - } - } -- printf("\t{\"%-25s%7u, 0x%08x, %6u, 0x%08x},\n", -+ printf("\t{\"%-25s%7zu, 0x%08x, %6zu, 0x%08x},\n", - name, fsize, fsum, ssize, ssum); -- fprintf(stderr, "\"%-25s%7u / 0x%08x %6u / 0x%08x\n", -+ fprintf(stderr, "\"%-25s%7zu / 0x%08x %6zu / 0x%08x\n", - name, fsize, fsum, ssize, ssum); - } - -@@ -106,14 +106,14 @@ static void build_binary_checksum(char * - pos = strrchr(binary, '.'); - if (pos && streq(pos, ".so")) - { -- snprintf(name, sizeof(name), "%.*s\",", pos - binary, binary); -+ snprintf(name, sizeof(name), "%.*s\",", (int)(pos - binary), binary); - if (streq(name, "libstrongswan\",")) - { - snprintf(sname, sizeof(sname), "%s", "library_init"); - } - else - { -- snprintf(sname, sizeof(sname), "%.*s_init", pos - binary, binary); -+ snprintf(sname, sizeof(sname), "%.*s_init", (int)(pos - binary), binary); - } - build_checksum(path, name, sname); - } diff --git a/strongswan-4.6.4.tar.bz2 b/strongswan-4.6.4.tar.bz2 deleted file mode 100644 index b7510cb..0000000 --- a/strongswan-4.6.4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f372b4cc3d6c8a50a0b262e02e6a7fad43f91cc5a80cbd9432eb3c48ab2d4c69 -size 3504672 diff --git a/strongswan-4.6.4.tar.bz2.sig b/strongswan-4.6.4.tar.bz2.sig deleted file mode 100644 index 2080d3f..0000000 --- a/strongswan-4.6.4.tar.bz2.sig +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (GNU/Linux) - -iQGcBAABAgAGBQJPx4AbAAoJEN9CwXCzTbp3+GoL/Rs0El+oVlfUTT20/6IhwhI2 -1DJ2kRB97EqDYe7qzBVHaRs1ceU61JhsOEF+DICDttDamAYOlPMkU0Lonmk4uSqe -Z1TVC7vcQdJEW5dPgx8UYRSxB4VdYkGq8FZSfK0Hdcn69EVnRneqb1oqGPXs3unI -Eut8dounWYXSXtUhfajKeKmCXyMJDfSRAIoCsF4D/BpiU+VtHPqwLGS6KEfWsYyJ -cqq5mc4rAL4Y6rLsi6YhqXvrV9klmVpMnlq7dftod7xWXOFX6d6mDSCIH0BrNyar -AuWJ8CqO06Olp6V8sKTdrtBfuJelM4cEUyehwJbssem7bRCBikkzj0/Yxl7Uu77v -QplLktKlsq/K8SkzNaqjTNxe7SvrIcrY1ErJTm6iMuinvlIjzoYPhpfnbNcyrrXQ -qqJ1RTnrXWxDAt41vHTV8I4afhQdt9WlBrp+xYT42PiPll1V6vLx5f/OLDQUVvSo -co+HFiKgg43090Pi4x5N0J1D1tuVuE7g9IGa1RAyYg== -=XivO ------END PGP SIGNATURE----- diff --git a/strongswan-4.6.4-rpmlintrc b/strongswan-5.0.1-rpmlintrc similarity index 100% rename from strongswan-4.6.4-rpmlintrc rename to strongswan-5.0.1-rpmlintrc diff --git a/strongswan-5.0.1.tar.bz2 b/strongswan-5.0.1.tar.bz2 new file mode 100644 index 0000000..9447157 --- /dev/null +++ b/strongswan-5.0.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1a4dff19ef69d15e0b90b1ea80bd183235ac73b4ecd114aab58ed54de0f5c3b4 +size 3146776 diff --git a/strongswan-5.0.1.tar.bz2.sig b/strongswan-5.0.1.tar.bz2.sig new file mode 100644 index 0000000..b3c676b --- /dev/null +++ b/strongswan-5.0.1.tar.bz2.sig @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.11 (GNU/Linux) + +iQGcBAABAgAGBQJQa9S/AAoJEN9CwXCzTbp30d0L/3Uj1RYm8+25k+RLIWvU1q/L +z5+mLjNAZpxoV7t1lUuMAA2STvZFisMtoNkw2EhsdanRsEV+WYpL101EPPMja077 +BT86DVKk/IDtoGLKpQK41mV5h0bWzrUBXodw2ggoG1bOLhdfuV6z7hAn3GI+AgxM +Eus0TUWNT6VRZzYgTAcofmUyKM4Hruh5+82OSJtj8eeCqe333fdV/k6mumxYhoLB +b1Yp8NVuMmjbfp0T/kyMAlRMnOb1DGjun9sBNaPK+t6+wcToLDeijl+D83l67ZIl +Et0fehugK5dbkGtUbZHOJFWiSGyVP3eDVOjxMBp6ejBAwi0GwqNWXsE0GnHJr9TL +Q3TrM8Kt0vJ6mhlWU9KFGoRwpiyR+3pBc8smZkJvIs3kKIL5ItTVPsJcWJKu2iEd +L6+X15ZScalcrMJOGRYjgKh7cchIgVaudJOnPLtXjfyMuq+07Zz1ZhybUIu+i5Zo +q8AVLAoM6MkUXWKkJR51CH08+w32DaDp5p7yRyxCRA== +=100T +-----END PGP SIGNATURE----- diff --git a/strongswan.changes b/strongswan.changes index ce71a37..c4ffdac 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,40 @@ +------------------------------------------------------------------- +Wed Oct 31 15:25:16 UTC 2012 - mt@suse.de + +- Updated to strongSwan 5.0.1 release. Changes digest: + - Introduced the sending of the standard IETF Assessment Result + PA-TNC attribute by all strongSwan Integrity Measurement Verifiers. + - Extended PTS Attestation IMC/IMV pair to provide full evidence of + the Linux IMA measurement process. All pertinent file information + of a Linux OS can be collected and stored in an SQL database. + - The PA-TNC and PB-TNC protocols can now process huge data payloads. + - The xauth-pam backend can authenticate IKEv1 XAuth and Hybrid + authenticated clients against any PAM service. + - The new unity plugin brings support for some parts of the IKEv1 + Cisco Unity Extensions. + - The kernel-netlink plugin supports the new strongswan.conf option + charon.install_virtual_ip_on. + - Job handling in controller_t was fixed, which occasionally caused + crashes on ipsec up/down. + - Fixed transmission EAP-MSCHAPv2 user name if it contains a domain + part. + Changes digest from strongSwan 5.0.0 version: + * The charon IKE daemon gained experimental support for the IKEv1 + protocol. Pluto has been removed from the 5.x series. + * The NetworkManager charon plugin of previous releases is now + provided by a separate executable (charon-nm) and it should work + again with NM 0.9. + * scepclient was updated and it now works fine with Windows Server + 2008 R2. + For full list of the changes, please read the NEWS file shipped + in the strongswan-doc package or online: + http://wiki.strongswan.org/projects/strongswan/wiki/Changelog50 +- Adopted spec file, enabled several plugins, e.g.: ccm, certexpire, + coupling, ctr, duplicheck, eap-dynamic, eap-peap, eap-tls, eap-tnc, + eap-ttls, gcm, nonce, radattr, tnc, tnccs, unity, xauth-eap and pam. +- Changed to install strongswan.service with alias to ipsec.service + instead of the /etc/init.d/ipsec init script on openSUSE > 12.2. + ------------------------------------------------------------------- Fri Sep 7 08:36:57 UTC 2012 - mt@suse.de diff --git a/strongswan.spec b/strongswan.spec index a207c0b..36b0c5f 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -17,23 +17,40 @@ Name: strongswan -Version: 4.6.4 +Version: 5.0.1 Release: 0 %define upstream_version %{version} %define strongswan_docdir %{_docdir}/%{name} %define strongswan_libdir %{_libdir}/ipsec %define strongswan_plugins %{strongswan_libdir}/plugins -%define with_mysql 1 -%define with_sqlite 0%{suse_version} >= 1110 -%define with_gcrypt 0%{suse_version} >= 1110 -%define with_nm 0%{suse_version} >= 1110 -%define with_tests 0 +%if 0 +%bcond_without tests +%else +%bcond_with tests +%endif +%if 1 +%bcond_without mysql +%else +%bcond_with mysql +%endif +%if 0%{suse_version} >= 1110 +%bcond_without sqlite +%bcond_without gcrypt +%bcond_without nm +%else +%bcond_with sqlite +%bcond_with gcrypt +%bcond_with nm +%endif +%if 0%{suse_version} > 1220 +%bcond_without systemd +%else +%bcond_with systemd +%endif Summary: OpenSource IPsec-based VPN Solution License: GPL-2.0+ Group: Productivity/Networking/Security Url: http://www.strongswan.org/ -Requires: strongswan-ikev1 = %{version} -Requires: strongswan-ikev2 = %{version} Requires: strongswan-ipsec = %{version} Source0: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2 Source1: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2.sig @@ -41,8 +58,7 @@ Source2: %{name}.init.in Source3: %{name}-%{version}-rpmlintrc Source4: README.SUSE Patch1: %{name}_modprobe_syslog.patch -Patch2: %{name}-%{version}-fmt-warnings.patch -Patch3: 0001-openssl-Ensure-the-thread-ID-is-never-zero.patch +Patch2: %{name}_ipsec_service.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison BuildRequires: curl-devel @@ -51,21 +67,26 @@ BuildRequires: gmp-devel BuildRequires: gperf BuildRequires: libcap-devel BuildRequires: libopenssl-devel +BuildRequires: libsoup-devel BuildRequires: openldap2-devel BuildRequires: pam-devel +BuildRequires: pcsc-lite-devel BuildRequires: pkg-config -%if %with_mysql +%if %{with mysql} BuildRequires: libmysqlclient-devel %endif -%if %with_sqlite +%if %{with sqlite} BuildRequires: sqlite3-devel %endif -%if %with_gcrypt +%if %{with gcrypt} BuildRequires: libgcrypt-devel %endif -%if %with_nm +%if %{with nm} BuildRequires: NetworkManager-devel %endif +%if %{with systemd} +BuildRequires: systemd-devel +%endif BuildRequires: iptables BuildRequires: libnl >= 1.1 @@ -133,47 +154,14 @@ StrongSwan is an OpenSource IPsec-based VPN Solution for Linux This package provides the strongswan library and plugins. -%package ikev1 -Summary: OpenSource IPsec-based VPN Solution -Group: Productivity/Networking/Security -Requires: iproute2 -Requires: strongswan-ipsec = %{version} -Requires: strongswan-libs0 = %{version} -Provides: ikev1 -Provides: pluto -Provides: strongswan-daemon = %{version} -Conflicts: freeswan openswan strongswan < %{version} - -%description ikev1 -StrongSwan is an OpenSource IPsec-based VPN Solution for Linux - -This package provides the pluto IKEv1 daemon. - -%package ikev2 -Summary: OpenSource IPsec-based VPN Solution -Group: Productivity/Networking/Security -Requires: iproute2 -Requires: strongswan-daemon-starter = %{version} -Requires: strongswan-libs0 = %{version} -Provides: ikev2 -Provides: strongswan-daemon = %{version} -Conflicts: openswan strongswan < %{version} - -%description ikev2 -StrongSwan is an OpenSource IPsec-based VPN Solution for Linux - -This package provides the charon IKEv2 daemon. - %package ipsec Summary: OpenSource IPsec-based VPN Solution Group: Productivity/Networking/Security PreReq: grep %insserv_prereq %fillup_prereq -Requires: strongswan-daemon = %{version} Requires: strongswan-libs0 = %{version} Provides: VPN Provides: ipsec Provides: strongswan = %{version} -Provides: strongswan-daemon-starter = %{version} Obsoletes: strongswan < %{version} Conflicts: freeswan openswan @@ -181,10 +169,10 @@ Conflicts: freeswan openswan StrongSwan is an OpenSource IPsec-based VPN Solution for Linux This package provides the /etc/init.d/ipsec service script and allows -to maintain both, IKEv1 and IKEv2 daemons, using /etc/ipsec.conf and +to maintain both, IKEv1 and IKEv2, using the /etc/ipsec.conf and the /etc/ipsec.sectes files. -%if %with_mysql +%if %{with mysql} %package mysql Summary: OpenSource IPsec-based VPN Solution @@ -198,7 +186,7 @@ This package provides the strongswan mysql plugin. %endif -%if %with_sqlite +%if %{with sqlite} %package sqlite Summary: OpenSource IPsec-based VPN Solution @@ -212,14 +200,12 @@ This package provides the strongswan sqlite plugin. %endif -%if %with_nm +%if %{with nm} %package nm Summary: OpenSource IPsec-based VPN Solution Group: Productivity/Networking/Security -Requires: strongswan-ikev2 = %{version} Requires: strongswan-libs0 = %{version} -Provides: strongswan-daemon-starter = %{version} %description nm StrongSwan is an OpenSource IPsec-based VPN Solution for Linux @@ -230,7 +216,7 @@ NetworkManager-strongswan graphical user interface. %endif -%if %with_tests +%if %{with tests} %package tests @@ -250,7 +236,6 @@ and the load testing plugin for IKEv2 daemon. %setup -q -n %{name}-%{upstream_version} %patch1 -p0 %patch2 -p0 -%patch3 -p1 sed -e 's|@libexecdir@|%_libexecdir|g' \ < $RPM_SOURCE_DIR/strongswan.init.in \ > strongswan.init @@ -261,62 +246,95 @@ export RPM_OPT_FLAGS CFLAGS #libtoolize --force #autoreconf %configure \ + --enable-conftest \ --enable-integrity-test \ --with-capabilities=libcap \ --with-plugindir=%{strongswan_plugins} \ --with-resolv-conf=%{_localstatedir}/run/strongswan/resolv.conf \ - --enable-smartcard \ - --with-default-pkcs11=%{_libdir}/opensc-pkcs11.so \ - --enable-cisco-quirks \ + --enable-pkcs11 \ --enable-openssl \ --enable-agent \ - --enable-md4 \ + --enable-gcrypt \ --enable-blowfish \ + --enable-ctr \ + --enable-ccm \ + --enable-gcm \ + --enable-unity \ + --enable-md4 \ + --enable-af-alg \ --enable-eap-sim \ --enable-eap-sim-file \ + --enable-eap-sim-pcsc \ + --enable-eap-aka \ + --enable-eap-aka-3gpp2 \ --enable-eap-simaka-sql \ --enable-eap-simaka-pseudonym \ --enable-eap-simaka-reauth \ + --enable-eap-identity \ --enable-eap-md5 \ --enable-eap-gtc \ - --enable-eap-aka \ - --enable-eap-radius \ - --enable-eap-identity \ --enable-eap-mschapv2 \ - --enable-eap-aka-3gpp2 \ + --enable-eap-tls \ + --enable-eap-ttls \ + --enable-eap-peap \ + --enable-eap-tnc \ + --enable-eap-dynamic \ + --enable-eap-radius \ + --enable-xauth-eap \ + --enable-xauth-pam \ + --enable-tnc-pdp \ + --enable-tnc-imc \ + --enable-tnc-imv \ + --enable-tnccs-11 \ + --enable-tnccs-20 \ + --enable-tnccs-dynamic \ + --enable-imc-test \ + --enable-imv-test \ + --enable-imc-scanner \ + --enable-imv-scanner \ --enable-ha \ --enable-dhcp \ --enable-farp \ + --enable-smp \ --enable-sql \ --enable-attr-sql \ --enable-addrblock \ -%if %with_mysql + --enable-radattr \ + --enable-mediation \ + --enable-led \ + --enable-certexpire \ + --enable-duplicheck \ + --enable-coupling \ +%if %{with mysql} --enable-mysql \ %endif -%if %with_sqlite +%if %{with sqlite} --enable-sqlite \ %endif -%if %with_gcrypt +%if %{with gcrypt} --enable-gcrypt \ %endif -%if %with_nm +%if %{with nm} --enable-nm \ %endif -%if %with_tests +%if %{with tests} --enable-load-tester \ --enable-test-vectors \ %endif --enable-ldap \ + --enable-soup \ --enable-curl make %{?_smp_mflags:%_smp_mflags} %install export RPM_BUILD_ROOT -install -m755 -d ${RPM_BUILD_ROOT}%{_sbindir}/ -install -m755 -d ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.d/ -install -m755 -d ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/ +install -d -m755 ${RPM_BUILD_ROOT}%{_sbindir}/ +install -d -m755 ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.d/ +%if ! %{with systemd} +install -d -m755 ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/ install -m755 strongswan.init ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/ipsec ln -s %{_sysconfdir}/init.d/ipsec ${RPM_BUILD_ROOT}%{_sbindir}/rcipsec +%endif # make install DESTDIR="$RPM_BUILD_ROOT" # @@ -330,15 +348,18 @@ cat << EOT > ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets # EOT # -rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{charon,hydra,radius,strongswan,simaka}.so +rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{charon,hydra,strongswan}.so +rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{radius,simaka,tls,tnccs,imcv}.so find $RPM_BUILD_ROOT%{strongswan_libdir} \ -name "*.a" -o -name "*.la" | xargs -r rm -f # -install -m755 -d ${RPM_BUILD_ROOT}%{strongswan_docdir}/ -install -m644 TODO NEWS README COPYING CREDITS \ - ${RPM_SOURCE_DIR}/README.SUSE \ - ${RPM_BUILD_ROOT}%{strongswan_docdir}/ -install -m755 -d $RPM_BUILD_ROOT%{_localstatedir}/run/strongswan +install -d -m755 ${RPM_BUILD_ROOT}%{strongswan_docdir}/ +install -c -m644 TODO NEWS README COPYING LICENSE \ + AUTHORS ChangeLog \ + ${RPM_BUILD_ROOT}%{strongswan_docdir}/ +install -c -m644 ${RPM_SOURCE_DIR}/README.SUSE \ + ${RPM_BUILD_ROOT}%{strongswan_docdir}/ +install -d -m755 $RPM_BUILD_ROOT%{_localstatedir}/run/strongswan %post libs0 %{run_ldconfig} @@ -349,19 +370,27 @@ test -d %{_localstatedir}/run/strongswan || \ %{run_ldconfig} %post ipsec +%if ! %{with systemd} %{fillup_and_insserv ipsec} +%endif %preun ipsec +%if ! %{with systemd} %{stop_on_removal ipsec} -if test -s %{_sysconfdir}/ipsec.secrets.rpmsave; then - cp -p --backup=numbered %{_sysconfdir}/ipsec.secrets.rpmsave %{_sysconfdir}/ipsec.secrets.rpmsave.old +%endif +if test -s %{_sysconfdir}/ipsec.secrets.rpmsave ; then + cp -p --backup=numbered %{_sysconfdir}/ipsec.secrets.rpmsave \ + %{_sysconfdir}/ipsec.secrets.rpmsave.old fi -if test -s %{_sysconfdir}/ipsec.conf.rpmsave; then - cp -p --backup=numbered %{_sysconfdir}/ipsec.conf.rpmsave %{_sysconfdir}/ipsec.conf.rpmsave.old +if test -s %{_sysconfdir}/ipsec.conf.rpmsave ; then + cp -p --backup=numbered %{_sysconfdir}/ipsec.conf.rpmsave \ + %{_sysconfdir}/ipsec.conf.rpmsave.old fi %postun ipsec +%if ! %{with systemd} %{insserv_cleanup} +%endif %files %defattr(-,root,root) @@ -381,38 +410,34 @@ fi %dir %{_sysconfdir}/ipsec.d/cacerts %dir %{_sysconfdir}/ipsec.d/ocspcerts %dir %attr(700,root,root) %{_sysconfdir}/ipsec.d/private +%if %{with systemd} +/lib/systemd/system/strongswan.service +%else %config %{_sysconfdir}/init.d/ipsec %{_sbindir}/rcipsec +%endif %{_sbindir}/ipsec %{_mandir}/man8/ipsec.8* %{_mandir}/man5/ipsec.conf.5* %{_mandir}/man5/ipsec.secrets.5* %{_mandir}/man5/strongswan.conf.5* %dir %{_libexecdir}/ipsec +%{_libexecdir}/ipsec/_copyright %{_libexecdir}/ipsec/_updown %{_libexecdir}/ipsec/_updown_espmark -%{_libexecdir}/ipsec/_copyright -%{_libexecdir}/ipsec/pki +%{_libexecdir}/ipsec/conftest +%{_libexecdir}/ipsec/duplicheck %{_libexecdir}/ipsec/openac +%{_libexecdir}/ipsec/pki +%{_libexecdir}/ipsec/pool %{_libexecdir}/ipsec/scepclient %{_libexecdir}/ipsec/starter %{_libexecdir}/ipsec/stroke +%{_libexecdir}/ipsec/charon %dir %{strongswan_plugins} %{strongswan_plugins}/libstrongswan-stroke.so %{strongswan_plugins}/libstrongswan-updown.so -%files ikev1 -%defattr(-,root,root) -%dir %{_libexecdir}/ipsec -%{_libexecdir}/ipsec/whack -%{_libexecdir}/ipsec/pluto -%{_libexecdir}/ipsec/_pluto_adns - -%files ikev2 -%defattr(-,root,root) -%dir %{_libexecdir}/ipsec -%{_libexecdir}/ipsec/charon - %files doc %defattr(-,root,root) %dir %{strongswan_docdir} @@ -420,73 +445,74 @@ fi %{strongswan_docdir}/NEWS %{strongswan_docdir}/README %{strongswan_docdir}/COPYING -%{strongswan_docdir}/CREDITS -%{_mandir}/man3/anyaddr.3* -%{_mandir}/man3/atoaddr.3* -%{_mandir}/man3/atoasr.3* -%{_mandir}/man3/atoul.3* -%{_mandir}/man3/goodmask.3* -%{_mandir}/man3/initaddr.3* -%{_mandir}/man3/initsubnet.3* -%{_mandir}/man3/portof.3* -%{_mandir}/man3/rangetosubnet.3* -%{_mandir}/man3/sameaddr.3* -%{_mandir}/man3/subnetof.3* -%{_mandir}/man3/ttoaddr.3* -%{_mandir}/man3/ttodata.3* -%{_mandir}/man3/ttosa.3* -%{_mandir}/man3/ttoul.3* +%{strongswan_docdir}/LICENSE +%{strongswan_docdir}/AUTHORS +%{strongswan_docdir}/ChangeLog %{_mandir}/man8/_updown.8* %{_mandir}/man8/_updown_espmark.8* %{_mandir}/man8/openac.8* -%{_mandir}/man8/pluto.8* %{_mandir}/man8/scepclient.8* %files libs0 %defattr(-,root,root) %config(noreplace) %attr(600,root,root) %{_sysconfdir}/strongswan.conf %dir %{_libexecdir}/ipsec -%dir %{_libexecdir}/ipsec/pool %dir %{strongswan_libdir} %{strongswan_libdir}/libchecksum.so -%{strongswan_libdir}/libhydra.so.0 -%{strongswan_libdir}/libhydra.so.0.0.0 -%{strongswan_libdir}/libcharon.so.0 -%{strongswan_libdir}/libcharon.so.0.0.0 -%{strongswan_libdir}/libradius.so.0 -%{strongswan_libdir}/libradius.so.0.0.0 -%{strongswan_libdir}/libsimaka.so.0 -%{strongswan_libdir}/libsimaka.so.0.0.0 -%{strongswan_libdir}/libstrongswan.so.0 -%{strongswan_libdir}/libstrongswan.so.0.0.0 +%{strongswan_libdir}/libcharon.so.* +%{strongswan_libdir}/libhydra.so.* +%{strongswan_libdir}/libradius.so.* +%{strongswan_libdir}/libsimaka.so.* +%{strongswan_libdir}/libstrongswan.so.* +%{strongswan_libdir}/libtls.so.* +%{strongswan_libdir}/libtnccs.so.* +%{strongswan_libdir}/libimcv.so.* +%dir %{strongswan_libdir}/imcvs +%{strongswan_libdir}/imcvs/imc-scanner.so +%{strongswan_libdir}/imcvs/imc-test.so +%{strongswan_libdir}/imcvs/imv-scanner.so +%{strongswan_libdir}/imcvs/imv-test.so %dir %{strongswan_plugins} %{strongswan_plugins}/libstrongswan-addrblock.so %{strongswan_plugins}/libstrongswan-aes.so +%{strongswan_plugins}/libstrongswan-af-alg.so %{strongswan_plugins}/libstrongswan-agent.so %{strongswan_plugins}/libstrongswan-attr.so %{strongswan_plugins}/libstrongswan-attr-sql.so %{strongswan_plugins}/libstrongswan-blowfish.so +%{strongswan_plugins}/libstrongswan-ccm.so +%{strongswan_plugins}/libstrongswan-certexpire.so %{strongswan_plugins}/libstrongswan-cmac.so %{strongswan_plugins}/libstrongswan-constraints.so +%{strongswan_plugins}/libstrongswan-coupling.so +%{strongswan_plugins}/libstrongswan-ctr.so %{strongswan_plugins}/libstrongswan-curl.so %{strongswan_plugins}/libstrongswan-des.so %{strongswan_plugins}/libstrongswan-dhcp.so %{strongswan_plugins}/libstrongswan-dnskey.so +%{strongswan_plugins}/libstrongswan-duplicheck.so %{strongswan_plugins}/libstrongswan-eap-aka-3gpp2.so %{strongswan_plugins}/libstrongswan-eap-aka.so +%{strongswan_plugins}/libstrongswan-eap-dynamic.so %{strongswan_plugins}/libstrongswan-eap-gtc.so %{strongswan_plugins}/libstrongswan-eap-identity.so %{strongswan_plugins}/libstrongswan-eap-md5.so %{strongswan_plugins}/libstrongswan-eap-mschapv2.so +%{strongswan_plugins}/libstrongswan-eap-peap.so %{strongswan_plugins}/libstrongswan-eap-radius.so +%{strongswan_plugins}/libstrongswan-eap-sim-file.so +%{strongswan_plugins}/libstrongswan-eap-sim-pcsc.so +%{strongswan_plugins}/libstrongswan-eap-sim.so %{strongswan_plugins}/libstrongswan-eap-simaka-pseudonym.so %{strongswan_plugins}/libstrongswan-eap-simaka-reauth.so %{strongswan_plugins}/libstrongswan-eap-simaka-sql.so -%{strongswan_plugins}/libstrongswan-eap-sim-file.so -%{strongswan_plugins}/libstrongswan-eap-sim.so +%{strongswan_plugins}/libstrongswan-eap-tls.so +%{strongswan_plugins}/libstrongswan-eap-tnc.so +%{strongswan_plugins}/libstrongswan-eap-ttls.so %{strongswan_plugins}/libstrongswan-farp.so %{strongswan_plugins}/libstrongswan-fips-prf.so -%if %with_gcrypt +%{strongswan_plugins}/libstrongswan-gcm.so +%if %{with gcrypt} %{strongswan_plugins}/libstrongswan-gcrypt.so %endif %{strongswan_plugins}/libstrongswan-gmp.so @@ -494,36 +520,52 @@ fi %{strongswan_plugins}/libstrongswan-hmac.so %{strongswan_plugins}/libstrongswan-kernel-netlink.so %{strongswan_plugins}/libstrongswan-ldap.so +%{strongswan_plugins}/libstrongswan-led.so %{strongswan_plugins}/libstrongswan-md4.so %{strongswan_plugins}/libstrongswan-md5.so +%{strongswan_plugins}/libstrongswan-nonce.so %{strongswan_plugins}/libstrongswan-openssl.so %{strongswan_plugins}/libstrongswan-pem.so %{strongswan_plugins}/libstrongswan-pgp.so %{strongswan_plugins}/libstrongswan-pkcs1.so +%{strongswan_plugins}/libstrongswan-pkcs11.so %{strongswan_plugins}/libstrongswan-pkcs8.so %{strongswan_plugins}/libstrongswan-pubkey.so +%{strongswan_plugins}/libstrongswan-radattr.so %{strongswan_plugins}/libstrongswan-random.so %{strongswan_plugins}/libstrongswan-resolve.so %{strongswan_plugins}/libstrongswan-revocation.so %{strongswan_plugins}/libstrongswan-sha1.so %{strongswan_plugins}/libstrongswan-sha2.so -%{strongswan_plugins}/libstrongswan-socket*.so +%{strongswan_plugins}/libstrongswan-smp.so +%{strongswan_plugins}/libstrongswan-socket-default.so +%{strongswan_plugins}/libstrongswan-soup.so %{strongswan_plugins}/libstrongswan-sql.so +%{strongswan_plugins}/libstrongswan-tnc-imc.so +%{strongswan_plugins}/libstrongswan-tnc-imv.so +%{strongswan_plugins}/libstrongswan-tnc-pdp.so +%{strongswan_plugins}/libstrongswan-tnc-tnccs.so +%{strongswan_plugins}/libstrongswan-tnccs-11.so +%{strongswan_plugins}/libstrongswan-tnccs-20.so +%{strongswan_plugins}/libstrongswan-tnccs-dynamic.so +%{strongswan_plugins}/libstrongswan-unity.so %{strongswan_plugins}/libstrongswan-x509.so -%{strongswan_plugins}/libstrongswan-xauth.so +%{strongswan_plugins}/libstrongswan-xauth-eap.so +%{strongswan_plugins}/libstrongswan-xauth-generic.so +%{strongswan_plugins}/libstrongswan-xauth-pam.so %{strongswan_plugins}/libstrongswan-xcbc.so %dir %ghost %{_localstatedir}/run/strongswan -%if %with_nm +%if %{with nm} %files nm %defattr(-,root,root) %dir %{_libexecdir}/ipsec %dir %{strongswan_plugins} -%{strongswan_plugins}/libstrongswan-nm.so +%{_libexecdir}/ipsec/charon-nm %endif -%if %with_mysql +%if %{with mysql} %files mysql %defattr(-,root,root) @@ -531,7 +573,7 @@ fi %{strongswan_plugins}/libstrongswan-mysql.so %endif -%if %with_sqlite +%if %{with sqlite} %files sqlite %defattr(-,root,root) @@ -539,7 +581,7 @@ fi %{strongswan_plugins}/libstrongswan-sqlite.so %endif -%if %with_tests +%if %{with tests} %files tests %defattr(-,root,root) diff --git a/strongswan_ipsec_service.patch b/strongswan_ipsec_service.patch new file mode 100644 index 0000000..ab8b13b --- /dev/null +++ b/strongswan_ipsec_service.patch @@ -0,0 +1,7 @@ +--- init/systemd/strongswan.service.in ++++ init/systemd/strongswan.service.in 2012/10/31 15:21:11 +@@ -8,3 +8,4 @@ StandardOutput=syslog + + [Install] + WantedBy=multi-user.target ++Alias=ipsec.service diff --git a/strongswan_modprobe_syslog.patch b/strongswan_modprobe_syslog.patch index 26817fe..9e71673 100644 --- a/strongswan_modprobe_syslog.patch +++ b/strongswan_modprobe_syslog.patch @@ -1,6 +1,6 @@ --- src/starter/klips.c -+++ src/starter/klips.c 2010/03/02 16:43:05 -@@ -34,7 +34,7 @@ starter_klips_init(void) ++++ src/starter/klips.c 2012/10/30 17:07:23 +@@ -30,7 +30,7 @@ bool starter_klips_init(void) /* ipsec module makes the pf_key proc interface visible */ if (stat(PROC_MODULES, &stb) == 0) { @@ -9,7 +9,7 @@ } /* now test again */ -@@ -48,9 +48,9 @@ starter_klips_init(void) +@@ -42,9 +42,9 @@ bool starter_klips_init(void) } /* load crypto algorithm modules */ @@ -20,11 +20,11 @@ + ignore_result(system("modprobe -s ipsec_blowfish")); + ignore_result(system("modprobe -s ipsec_sha2")); - DBG(DBG_CONTROL, - DBG_log("Found KLIPS IPsec stack") + DBG2(DBG_APP, "found KLIPS IPsec stack"); + return TRUE; --- src/starter/netkey.c -+++ src/starter/netkey.c 2010/03/02 16:43:05 -@@ -34,7 +34,7 @@ starter_netkey_init(void) ++++ src/starter/netkey.c 2012/10/30 17:07:02 +@@ -31,7 +31,7 @@ bool starter_netkey_init(void) /* af_key module makes the netkey proc interface visible */ if (stat(PROC_MODULES, &stb) == 0) { @@ -33,7 +33,7 @@ } /* now test again */ -@@ -50,11 +50,11 @@ starter_netkey_init(void) +@@ -45,11 +45,11 @@ bool starter_netkey_init(void) /* make sure that all required IPsec modules are loaded */ if (stat(PROC_MODULES, &stb) == 0) { @@ -49,4 +49,4 @@ + ignore_result(system("modprobe -s xfrm_user")); } - DBG(DBG_CONTROL, + DBG2(DBG_APP, "found netkey IPsec stack");