From fbee949c81c5f531f18b7d6535db7d7c1a25ab3549cb0e2bd7720429aff1d3e0 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Wed, 15 Feb 2012 12:52:12 +0000 Subject: [PATCH 1/3] Accepting request 102857 from home:a_jaeger:FactoryFix Only glib.h can be included, fix compilation. OBS-URL: https://build.opensuse.org/request/show/102857 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=38 --- strongswan-4.5.3-glib.patch | 14 ++++++++++++++ strongswan.changes | 5 +++++ strongswan.spec | 6 +++++- 3 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 strongswan-4.5.3-glib.patch diff --git a/strongswan-4.5.3-glib.patch b/strongswan-4.5.3-glib.patch new file mode 100644 index 0000000..ad0629b --- /dev/null +++ b/strongswan-4.5.3-glib.patch @@ -0,0 +1,14 @@ +Index: strongswan-4.5.3/src/libcharon/plugins/nm/nm_service.h +=================================================================== +--- strongswan-4.5.3.orig/src/libcharon/plugins/nm/nm_service.h ++++ strongswan-4.5.3/src/libcharon/plugins/nm/nm_service.h +@@ -21,8 +21,7 @@ + #ifndef NM_SERVICE_H_ + #define NM_SERVICE_H_ + +-#include +-#include ++#include + #include + + #include "nm_creds.h" diff --git a/strongswan.changes b/strongswan.changes index 5eabc3e..9bc562a 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Feb 6 10:27:00 UTC 2012 - aj@suse.de + +- Only glib.h can be included, fix compilation. + ------------------------------------------------------------------- Wed Dec 21 10:31:49 UTC 2011 - coolo@suse.com diff --git a/strongswan.spec b/strongswan.spec index 8c7e923..327cfb5 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -1,7 +1,7 @@ # # spec file for package strongswan # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,6 +15,8 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + + Name: strongswan Version: 4.5.3 Release: 0 @@ -41,6 +43,7 @@ Source3: %{name}-%{version}-rpmlintrc Source4: README.SUSE Patch1: %{name}_modprobe_syslog.patch Patch2: %{name}-%{version}-fmt-warnings.patch +Patch3: %{name}-%{version}-glib.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison BuildRequires: curl-devel @@ -234,6 +237,7 @@ and the load testing plugin for IKEv2 daemon. %setup -q -n %{name}-%{upstream_version} %patch1 -p0 %patch2 -p0 +%patch3 -p1 sed -e 's|@libexecdir@|%_libexecdir|g' \ < $RPM_SOURCE_DIR/strongswan.init.in \ > strongswan.init From 1a4d59ebd11b18c87ba3c57d14cfd1c7a6d32798cae380c80024500524018f3f Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Wed, 15 Feb 2012 13:32:28 +0000 Subject: [PATCH 2/3] - Updated to strongSwan 4.6.1 release: Changes in 4.6.1: - Because of changing checksums before and after installation which caused the integrity tests to fail we avoided directly linking libsimaka, libtls and libtnccs to those libcharon plugins which make use of these dynamiclibraries. Instead we linked the libraries to the charon daemon. Unfortunately Ubuntu 11.10 activated the --as-needed ld option which discards explicit links to dynamic libraries that are not actually used by the charon daemon itself, thus causing failures during the loading of the plugins which depend on these libraries for resolving external symbols. - Therefore our approach of computing integrity checksums for plugins had to be changed radically by moving the hash generation from the compilation to the post-installation phase. Changes in 4.6.0: - The new libstrongswan certexpire plugin collects expiration information of all used certificates and exports them to CSV files. It either directly exports them or uses cron style scheduling for batch exports. - Starter passes unresolved hostnames to charon, allowing it to do name resolution not before the connection attempt. This is especially useful with connections between hosts using dynamic IP addresses. Thanks to Mirko Parthey for the initial patch. - The android plugin can now be used without the Android frontend patch and provides DNS server registration and logging to logcat. - Pluto and starter (plus stroke and whack) have been ported to Android. - Support for ECDSA private and public key operations has been added to the pkcs11 plugin. The plugin now also provides DH and ECDH via PKCS#11 and can use tokens as random number generators (RNG). By default only private key operations are enabled, more advanced features have to be enabled by their option in strongswan.conf. This also applies to public OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=39 --- strongswan-4.5.3.tar.bz2 | 3 -- strongswan-4.5.3.tar.bz2.sig | 14 ------ ...tch => strongswan-4.6.1-fmt-warnings.patch | 10 ++-- ...-glib.patch => strongswan-4.6.1-glib.patch | 0 ....3-rpmlintrc => strongswan-4.6.1-rpmlintrc | 0 strongswan-4.6.1.tar.bz2 | 3 ++ strongswan-4.6.1.tar.bz2.sig | 14 ++++++ strongswan.changes | 47 +++++++++++++++++++ strongswan.spec | 8 +++- 9 files changed, 75 insertions(+), 24 deletions(-) delete mode 100644 strongswan-4.5.3.tar.bz2 delete mode 100644 strongswan-4.5.3.tar.bz2.sig rename strongswan-4.5.3-fmt-warnings.patch => strongswan-4.6.1-fmt-warnings.patch (74%) rename strongswan-4.5.3-glib.patch => strongswan-4.6.1-glib.patch (100%) rename strongswan-4.5.3-rpmlintrc => strongswan-4.6.1-rpmlintrc (100%) create mode 100644 strongswan-4.6.1.tar.bz2 create mode 100644 strongswan-4.6.1.tar.bz2.sig diff --git a/strongswan-4.5.3.tar.bz2 b/strongswan-4.5.3.tar.bz2 deleted file mode 100644 index 190cb12..0000000 --- a/strongswan-4.5.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a59fa0d9820fb06a3c848f4537b9256d2067265ad10e1b007b79f3b16279f1ff -size 3299522 diff --git a/strongswan-4.5.3.tar.bz2.sig b/strongswan-4.5.3.tar.bz2.sig deleted file mode 100644 index 1087a44..0000000 --- a/strongswan-4.5.3.tar.bz2.sig +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (GNU/Linux) - -iQGcBAABAgAGBQJOOFNGAAoJEN9CwXCzTbp37JUL/jmWmoYQ4qcSQtCfyLbW761a -8HvTeoAB+gE8srcOCdnSy/i+ebVp4My3VwwivQwCHWHcbC29RjZsytRxsItqN3UR -4LCEMQ9PA6oIHl7EPumc24RfcWd4TBrlxyk/TeOYOyT0GAjvPF+w0T73pEBMQHGF -qHQXziblGfB9pxxyVJpvPq7yW+wS7nIj+8B7evitC5TimW5D3rGN1eav+da16ynl -RJuGtRlxKTy/dnC+WzbJtyxGITcnl2lPao3SilazKDx55OEMboxSTfX3x0QZ2Y2z -jIV3UzmTh7ZTqOpGrxhMr8lPiuB9w9PWCzfno0WB99suzo7IQtjyfYRifa0A/b3S -Wtp4OLdBwgStnlQdXhk2INhBSMVH3FRGZOwzr7Eb2SLK2v0BDYn3/rPSZMd2bivO -zRQeYE9LfuUpJT2BTB69YsAg3pvU55g2mU7GD8cojkxcT60HHKl4ykzwR0dTJjyK -CwV6JYoWDGkZqwrRfwJrf9o6Xlk4KdyyQGRRm/8hqg== -=7D0s ------END PGP SIGNATURE----- diff --git a/strongswan-4.5.3-fmt-warnings.patch b/strongswan-4.6.1-fmt-warnings.patch similarity index 74% rename from strongswan-4.5.3-fmt-warnings.patch rename to strongswan-4.6.1-fmt-warnings.patch index 5d87e83..88db609 100644 --- a/strongswan-4.5.3-fmt-warnings.patch +++ b/strongswan-4.6.1-fmt-warnings.patch @@ -1,14 +1,14 @@ --- src/checksum/checksum_builder.c -+++ src/checksum/checksum_builder.c 2011/09/08 15:45:10 ++++ src/checksum/checksum_builder.c 2012/02/15 13:08:35 @@ -64,9 +64,9 @@ static void build_checksum(char *path, c fprintf(stderr, "dlopen failed: %s\n", dlerror()); } } -- printf("\t{\"%-20s%7u, 0x%08x, %6u, 0x%08x},\n", -+ printf("\t{\"%-20s%7zu, 0x%08x, %6zu, 0x%08x},\n", +- printf("\t{\"%-25s%7u, 0x%08x, %6u, 0x%08x},\n", ++ printf("\t{\"%-25s%7zu, 0x%08x, %6zu, 0x%08x},\n", name, fsize, fsum, ssize, ssum); -- fprintf(stderr, "\"%-20s%7u / 0x%08x %6u / 0x%08x\n", -+ fprintf(stderr, "\"%-20s%7zu / 0x%08x %6zu / 0x%08x\n", +- fprintf(stderr, "\"%-25s%7u / 0x%08x %6u / 0x%08x\n", ++ fprintf(stderr, "\"%-25s%7zu / 0x%08x %6zu / 0x%08x\n", name, fsize, fsum, ssize, ssum); } diff --git a/strongswan-4.5.3-glib.patch b/strongswan-4.6.1-glib.patch similarity index 100% rename from strongswan-4.5.3-glib.patch rename to strongswan-4.6.1-glib.patch diff --git a/strongswan-4.5.3-rpmlintrc b/strongswan-4.6.1-rpmlintrc similarity index 100% rename from strongswan-4.5.3-rpmlintrc rename to strongswan-4.6.1-rpmlintrc diff --git a/strongswan-4.6.1.tar.bz2 b/strongswan-4.6.1.tar.bz2 new file mode 100644 index 0000000..b86bf4a --- /dev/null +++ b/strongswan-4.6.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3d6dcdb3ce46dab51783b98c9bb54ebc931ff80941a0507d3cf3e3ac813eb439 +size 3400215 diff --git a/strongswan-4.6.1.tar.bz2.sig b/strongswan-4.6.1.tar.bz2.sig new file mode 100644 index 0000000..cc4486a --- /dev/null +++ b/strongswan-4.6.1.tar.bz2.sig @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.11 (GNU/Linux) + +iQGcBAABAgAGBQJOu2a7AAoJEN9CwXCzTbp381oL/39DrG28cCvChlGKLRCK1LaF +CpCGR/rKSWy71kkCHpGuDZgr+TXN5NzWV+vyj8CZubPg/lgiDyeNTwDG7O1qE5ZD +C9MDKWq4B8MHpHaPw2royqscRIs7lF4P4wil1F/vDftHzFWfBRp5+jOjMInlc0oP +rF+mqqGXdMVbSac0QmIC+MJbR4Di7+66SskPvsLeL7/HIC27zVG32j4uLTzevKfu +pgCQwUzqAE8A3VOPrjjP9pAYMto68hZoSIEOODEXF/VMHt7qOIjHDdpQYVDH9N9K +ZXMYIMDmJq8KAQbZGGjpMvv50pwG73RE+JbX0+3B5JD2rTQND1XpiC2+PWk53LSd +3EXx+RaufjC0YgaON3vDusGfa6v/KW2gU7EOumdTDNZi2iNijVLCN91WV9BwrgLV +T8j7P2lhoHN/ihsjSpq7+vTy+DGWgToA35IgC5kfBG75aZR35ho/dKFST15kMv35 +DnPbK7yEpHHyfYTblFej4mm6j+X8vbEPsJZpRtZq+A== +=Fip2 +-----END PGP SIGNATURE----- diff --git a/strongswan.changes b/strongswan.changes index 9bc562a..1bbd3bd 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,50 @@ +------------------------------------------------------------------- +Wed Feb 15 13:31:40 UTC 2012 - mt@suse.com + +- Updated to strongSwan 4.6.1 release: + Changes in 4.6.1: + - Because of changing checksums before and after installation which caused + the integrity tests to fail we avoided directly linking libsimaka, + libtls and libtnccs to those libcharon plugins which make use of these + dynamiclibraries. + Instead we linked the libraries to the charon daemon. Unfortunately + Ubuntu 11.10 activated the --as-needed ld option which discards explicit + links to dynamic libraries that are not actually used by the charon + daemon itself, thus causing failures during the loading of the plugins + which depend on these libraries for resolving external symbols. + - Therefore our approach of computing integrity checksums for plugins had + to be changed radically by moving the hash generation from the + compilation to the post-installation phase. + Changes in 4.6.0: + - The new libstrongswan certexpire plugin collects expiration information + of all used certificates and exports them to CSV files. It either + directly exports them or uses cron style scheduling for batch exports. + - Starter passes unresolved hostnames to charon, allowing it to do name + resolution not before the connection attempt. This is especially useful + with connections between hosts using dynamic IP addresses. + Thanks to Mirko Parthey for the initial patch. + - The android plugin can now be used without the Android frontend patch + and provides DNS server registration and logging to logcat. + - Pluto and starter (plus stroke and whack) have been ported to Android. + - Support for ECDSA private and public key operations has been added to + the pkcs11 plugin. The plugin now also provides DH and ECDH via PKCS#11 + and can use tokens as random number generators (RNG). By default only + private key operations are enabled, more advanced features have to be + enabled by their option in strongswan.conf. This also applies to public + key operations (even for keys not stored on the token) which were + enabled by default before. + - The libstrongswan plugin system now supports detailed plugin + dependencies. Many plugins have been extended to export its capabilities + and requirements. This allows the plugin loader to resolve plugin + loading order automatically, and in future releases, to dynamically load + the required features on demand. + Existing third party plugins are source (but not binary) compatible if + they properly initialize the new get_features() plugin function to NULL. + - The tnc-ifmap plugin implements a TNC IF-MAP 2.0 client which can + deliver metadata about IKE_SAs via a SOAP interface to a MAP server. + The tnc-ifmap plugin requires the Apache Axis2/C library. +- Merged patches, changed strongswan-doc to be a noarch package. + ------------------------------------------------------------------- Mon Feb 6 10:27:00 UTC 2012 - aj@suse.de diff --git a/strongswan.spec b/strongswan.spec index 327cfb5..52a7af5 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -18,7 +18,7 @@ Name: strongswan -Version: 4.5.3 +Version: 4.6.1 Release: 0 %define upstream_version %{version} %define strongswan_docdir %{_docdir}/%{name} @@ -108,6 +108,7 @@ Authors: and others %package doc +BuildArch: noarch Summary: OpenSource IPsec-based VPN Solution %description doc @@ -317,7 +318,7 @@ cat << EOT > ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets # EOT # -rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{charon,hydra,strongswan}.so +rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{charon,hydra,strongswan,simaka}.so find $RPM_BUILD_ROOT%{strongswan_libdir} \ -name "*.a" -o -name "*.la" | xargs -r rm -f # @@ -440,6 +441,8 @@ fi %{strongswan_libdir}/libhydra.so.0.0.0 %{strongswan_libdir}/libcharon.so.0 %{strongswan_libdir}/libcharon.so.0.0.0 +%{strongswan_libdir}/libsimaka.so.0 +%{strongswan_libdir}/libsimaka.so.0.0.0 %{strongswan_libdir}/libstrongswan.so.0 %{strongswan_libdir}/libstrongswan.so.0.0.0 %dir %{strongswan_plugins} @@ -475,6 +478,7 @@ fi %{strongswan_plugins}/libstrongswan-ha.so %{strongswan_plugins}/libstrongswan-hmac.so %{strongswan_plugins}/libstrongswan-kernel-netlink.so +%{strongswan_plugins}/libstrongswan-kernel-netlink.so %{strongswan_plugins}/libstrongswan-ldap.so %{strongswan_plugins}/libstrongswan-md4.so %{strongswan_plugins}/libstrongswan-md5.so From 3026c5b75b9caae3ad449ba8e998f93dfa3a934cdeaeb4cb9d00492d81946eae Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Wed, 15 Feb 2012 13:48:10 +0000 Subject: [PATCH 3/3] - Fixed rpmlint runlevel & fsf warnings, updated rpmlintrc OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=40 --- strongswan-4.6.1-rpmlintrc | 4 ++++ strongswan.changes | 1 + strongswan.init.in | 4 ++-- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/strongswan-4.6.1-rpmlintrc b/strongswan-4.6.1-rpmlintrc index 1a4d703..b6f2319 100644 --- a/strongswan-4.6.1-rpmlintrc +++ b/strongswan-4.6.1-rpmlintrc @@ -3,3 +3,7 @@ addFilter("strongswan.* incoherent-init-script-name ipsec") # - readme only, triggers full ipsec + ikev1&ikev2 install addFilter("strongswan.* no-binary") +# - link to init script, covered by service(8) +addFilter("strongswan.* no-manual-page-for-binary rcipsec") +# - no, restating tunnels on update may break the update +addFilter("strongswan.*restart_on_update-postun /etc/init.d/ipsec") diff --git a/strongswan.changes b/strongswan.changes index 1bbd3bd..60b23a0 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -44,6 +44,7 @@ Wed Feb 15 13:31:40 UTC 2012 - mt@suse.com deliver metadata about IKE_SAs via a SOAP interface to a MAP server. The tnc-ifmap plugin requires the Apache Axis2/C library. - Merged patches, changed strongswan-doc to be a noarch package. +- Fixed rpmlint runlevel & fsf warnings, updated rpmlintrc ------------------------------------------------------------------- Mon Feb 6 10:27:00 UTC 2012 - aj@suse.de diff --git a/strongswan.init.in b/strongswan.init.in index c6ac6ad..15a7e60 100644 --- a/strongswan.init.in +++ b/strongswan.init.in @@ -17,7 +17,7 @@ # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, # USA. # # /etc/init.d/ipsec @@ -41,7 +41,7 @@ # Should-Start: $time # Required-Stop: $syslog $remote_fs $named # Should-Stop: $time -# Default-Start: 3 4 5 +# Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: StrongSwan IPsec # Description: StrongSwan IPsec provides encrypted and authenticated