From c2d595a3ab7ba15485d3478fff448419e80b72c68e96b06b10ccbc17086079a6 Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Thu, 18 Nov 2010 15:56:31 +0000 Subject: [PATCH 1/3] Updating link to change in openSUSE:Factory/strongswan revision 27.0 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=44d1978dfe0d21d11f637ac9d9f5e88e --- strongswan-4.4.0-snprintf-fix.diff | 105 ----------------------------- strongswan-4.4.0.tar.bz2 | 3 - strongswan-4.4.0.tar.bz2.sig | 14 ---- strongswan.spec | 3 +- 4 files changed, 2 insertions(+), 123 deletions(-) delete mode 100644 strongswan-4.4.0-snprintf-fix.diff delete mode 100644 strongswan-4.4.0.tar.bz2 delete mode 100644 strongswan-4.4.0.tar.bz2.sig diff --git a/strongswan-4.4.0-snprintf-fix.diff b/strongswan-4.4.0-snprintf-fix.diff deleted file mode 100644 index 4b08b80..0000000 --- a/strongswan-4.4.0-snprintf-fix.diff +++ /dev/null @@ -1,105 +0,0 @@ -From 96e2f9f3a70a7c918772f7dde57c6cb8befbc60e Mon Sep 17 00:00:00 2001 -From: Martin Willi -Date: Fri, 18 Jun 2010 09:18:27 +0200 -Subject: [PATCH] snprintf() fixes, version 4.4.0 - ---- - .../credentials/ietf_attributes/ietf_attributes.c | 13 +++++++++++-- - src/libstrongswan/utils/identification.c | 12 ++++++++++++ - src/pluto/x509.c | 4 ++++ - 3 files changed, 27 insertions(+), 2 deletions(-) - -diff --git a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c -index ff3ddeb..de5b85b 100644 ---- a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c -+++ b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c -@@ -159,7 +159,7 @@ static char* get_string(private_ietf_attributes_t *this) - enumerator = this->list->create_enumerator(this->list); - while (enumerator->enumerate(enumerator, &attr)) - { -- int written = 0; -+ int written; - - if (first) - { -@@ -168,8 +168,12 @@ static char* get_string(private_ietf_attributes_t *this) - else - { - written = snprintf(pos, len, ", "); -+ if (written < 0 || written >= len) -+ { -+ break; -+ } - pos += written; -- len -= written; -+ len -= written; - } - - switch (attr->type) -@@ -194,8 +198,13 @@ static char* get_string(private_ietf_attributes_t *this) - break; - } - default: -+ written = 0; - break; - } -+ if (written < 0 || written >= len) -+ { -+ break; -+ } - pos += written; - len -= written; - } -diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c -index 6a3c393..6ccfa19 100644 ---- a/src/libstrongswan/utils/identification.c -+++ b/src/libstrongswan/utils/identification.c -@@ -297,18 +297,30 @@ static void dntoa(chunk_t dn, char *buf, size_t len) - { - written = snprintf(buf, len,"%s=", oid_names[oid].name); - } -+ if (written < 0 || written >= len) -+ { -+ break; -+ } - buf += written; - len -= written; - - chunk_printable(data, &printable, '?'); - written = snprintf(buf, len, "%.*s", printable.len, printable.ptr); - chunk_free(&printable); -+ if (written < 0 || written >= len) -+ { -+ break; -+ } - buf += written; - len -= written; - - if (data.ptr + data.len != dn.ptr + dn.len) - { - written = snprintf(buf, len, ", "); -+ if (written < 0 || written >= len) -+ { -+ break; -+ } - buf += written; - len -= written; - } -diff --git a/src/pluto/x509.c b/src/pluto/x509.c -index 0a29830..0abebc6 100644 ---- a/src/pluto/x509.c -+++ b/src/pluto/x509.c -@@ -393,6 +393,10 @@ void list_x509cert_chain(const char *caption, cert_t* cert, - { - written = snprintf(pos, len, ", %Y", id); - } -+ if (written < 0 || written >= len) -+ { -+ break; -+ } - pos += written; - len -= written; - } --- -1.7.0.4 - diff --git a/strongswan-4.4.0.tar.bz2 b/strongswan-4.4.0.tar.bz2 deleted file mode 100644 index 54b006c..0000000 --- a/strongswan-4.4.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:df40d9daf963ce4f4bef4177ed02d68c083521b307f52bebb1872c2ded4b2718 -size 2863754 diff --git a/strongswan-4.4.0.tar.bz2.sig b/strongswan-4.4.0.tar.bz2.sig deleted file mode 100644 index 32cf91a..0000000 --- a/strongswan-4.4.0.tar.bz2.sig +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.9 (GNU/Linux) - -iQGcBAABAgAGBQJL3c/MAAoJEN9CwXCzTbp386wL+gNDpVVgxsom7LkOyDNGmtyS -kTNI7gwW29aDzoara6wL/BeN38whxkA6d8JJ4XUQhytGcJMr/SA59ghVTjIUnK71 -7LtUP1VcTnJu7NTgtKcGCgmTWKgiZYRMNumneiePNOQHBZ1TAHo/HP1mxjUN3Q27 -ULTyAmfyzjuiaZOb/Cs3r9f4qZRZFJBxHrTzOP91f/bGF3Z+DQyiWwSFg9VYPTeC -EQ/MrXQMQaJp2qPvglCAqaSEseqkCbsH85WBE1VO8+h4NxO0vGVLnowVvVHkUfmL -otDW/zeBBnnazAZQ2QurnyqmxDh4Bt2xkFITHNAj2oDGCsKau/NuQ6A8efx51et+ -P1yMmjfbrtTSjiNBZ5v5g1iTjc93krzkMnFwzStmir4qeZklW5Ium/gufwE89L59 -zEG2OQGVTBVFg+hK8jq6mLyW7UOKmNSRw/dJQe1IODd9PQ2+9PbMix/AXcS7qNjV -VL8oHxoQfb5Fjfwi8HUxmRJAyBAYE7b2299fsRANBg== -=p3Rw ------END PGP SIGNATURE----- diff --git a/strongswan.spec b/strongswan.spec index 32af3af..045265d 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -23,7 +23,7 @@ Name: strongswan %define strongswan_docdir %{_docdir}/%{name} %define strongswan_plugins %{_libexecdir}/ipsec/plugins Version: 4.5.0 -Release: 0 +Release: 1 License: GPLv2+ Group: Productivity/Networking/Security Summary: OpenSource IPsec-based VPN Solution @@ -498,6 +498,7 @@ fi %{strongswan_plugins}/libstrongswan-mysql.so %if 0%{suse_version} >= 1110 + %files sqlite %defattr(-,root,root) %dir %{strongswan_plugins} From fb1a841f06ce9e0a48759b703689a8b1c6ed51dedf0facbbd16c541127f93a2d Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Mon, 22 Nov 2010 09:10:09 +0000 Subject: [PATCH 2/3] - Cleaned up spec file; use with_mysql,sqlite,gcrypt,nm flags - Disabled tests sub-package with load-tester and test-vectors plugins by default using a with_tests flag. OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=22 --- strongswan.changes | 7 +++ strongswan.spec | 153 ++++++++++++++++++++++++++------------------- 2 files changed, 94 insertions(+), 66 deletions(-) diff --git a/strongswan.changes b/strongswan.changes index 2b05921..01c7650 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Nov 22 09:05:30 UTC 2010 - mt@suse.de + +- Cleaned up spec file; use with_mysql,sqlite,gcrypt,nm flags +- Disabled tests sub-package with load-tester and test-vectors + plugins by default using a with_tests flag. + ------------------------------------------------------------------- Tue Nov 16 12:01:46 UTC 2010 - mt@suse.de diff --git a/strongswan.spec b/strongswan.spec index 045265d..d1f6c6c 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -22,6 +22,11 @@ Name: strongswan %define upstream_version 4.5.0 %define strongswan_docdir %{_docdir}/%{name} %define strongswan_plugins %{_libexecdir}/ipsec/plugins +%define with_mysql 1 +%define with_sqlite 0%{suse_version} >= 1110 +%define with_gcrypt 0%{suse_version} >= 1110 +%define with_nm 0%{suse_version} >= 1110 +%define with_tests 0 Version: 4.5.0 Release: 1 License: GPLv2+ @@ -42,15 +47,20 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison flex gmp-devel gperf pkg-config BuildRequires: libcap-devel BuildRequires: libopenssl-devel -BuildRequires: libgcrypt-devel BuildRequires: openldap2-devel BuildRequires: curl-devel pam-devel -%if 0%{suse_version} >= 1110 -BuildRequires: libuuid-devel -BuildRequires: NetworkManager-devel +%if %with_mysql +BuildRequires: libmysqlclient-devel +%endif +%if %with_sqlite BuildRequires: sqlite3-devel %endif -BuildRequires: libmysqlclient-devel +%if %with_gcrypt +BuildRequires: libgcrypt-devel +%endif +%if %with_nm +BuildRequires: NetworkManager-devel +%endif %description StrongSwan is an OpenSource IPsec-based VPN Solution for Linux @@ -117,44 +127,6 @@ StrongSwan is an OpenSource IPsec-based VPN Solution for Linux This package provides the strongswan library and plugins. -%package mysql -License: GPLv2+ -Summary: OpenSource IPsec-based VPN Solution -Group: Productivity/Networking/Security -Requires: strongswan-libs0 = %{version} - -%description mysql -StrongSwan is an OpenSource IPsec-based VPN Solution for Linux - -This package provides the strongswan mysql plugin. - -%if 0%{suse_version} >= 1110 - -%package sqlite -License: GPLv2+ -Summary: OpenSource IPsec-based VPN Solution -Group: Productivity/Networking/Security -Requires: strongswan-libs0 = %{version} - -%description sqlite -StrongSwan is an OpenSource IPsec-based VPN Solution for Linux - -This package provides the strongswan sqlite plugin. - -%endif - -%package tests -License: GPLv2+ -Summary: OpenSource IPsec-based VPN Solution -Group: Productivity/Networking/Security -Requires: strongswan-libs0 = %{version} - -%description tests -StrongSwan is an OpenSource IPsec-based VPN Solution for Linux - -This package provides the strongswan crypto test-vectors plugin -and the load testing plugin for IKEv2 daemon. - %package ikev1 License: GPLv2+ Summary: OpenSource IPsec-based VPN Solution @@ -193,8 +165,6 @@ Group: Productivity/Networking/Security PreReq: grep %insserv_prereq %fillup_prereq Requires: strongswan-libs0 = %{version} Requires: strongswan-daemon = %{version} -#Recommends: strongswan-ikev1 = %{version} -#Recommends: strongswan-ikev2 = %{version} Provides: strongswan-daemon-starter = %{version} Provides: strongswan = %{version} ipsec VPN Obsoletes: strongswan < %{version} @@ -207,8 +177,35 @@ This package provides the /etc/init.d/ipsec service script and allows to maintain both, IKEv1 and IKEv2 daemons, using /etc/ipsec.conf and /etc/ipsec.sectes files. -%if 0%{suse_version} >= 1110 +%if %with_mysql +%package mysql +License: GPLv2+ +Summary: OpenSource IPsec-based VPN Solution +Group: Productivity/Networking/Security +Requires: strongswan-libs0 = %{version} +%description mysql +StrongSwan is an OpenSource IPsec-based VPN Solution for Linux + +This package provides the strongswan mysql plugin. + +%endif + +%if %with_sqlite +%package sqlite +License: GPLv2+ +Summary: OpenSource IPsec-based VPN Solution +Group: Productivity/Networking/Security +Requires: strongswan-libs0 = %{version} + +%description sqlite +StrongSwan is an OpenSource IPsec-based VPN Solution for Linux + +This package provides the strongswan sqlite plugin. + +%endif + +%if %with_nm %package nm License: GPLv2+ Summary: OpenSource IPsec-based VPN Solution @@ -226,6 +223,21 @@ NetworkManager-strongswan graphical user interface. %endif +%if %with_tests +%package tests +License: GPLv2+ +Summary: OpenSource IPsec-based VPN Solution +Group: Productivity/Networking/Security +Requires: strongswan-libs0 = %{version} + +%description tests +StrongSwan is an OpenSource IPsec-based VPN Solution for Linux + +This package provides the strongswan crypto test-vectors plugin +and the load testing plugin for IKEv2 daemon. + +%endif + %prep %setup -q -n %{name}-%{upstream_version} %patch1 -p0 @@ -269,16 +281,24 @@ export RPM_OPT_FLAGS CFLAGS --enable-sql \ --enable-attr-sql \ --enable-addrblock \ -%if 0%{suse_version} >= 1110 - --enable-gcrypt \ - --enable-nm \ +%if %with_mysql + --enable-mysql \ +%endif +%if %with_sqlite --enable-sqlite \ %endif - --enable-ldap \ - --enable-curl \ - --enable-mysql \ +%if %with_gcrypt + --enable-gcrypt \ +%endif +%if %with_nm + --enable-nm \ +%endif +%if %with_tests --enable-load-tester \ - --enable-test-vectors + --enable-test-vectors \ +%endif + --enable-ldap \ + --enable-curl make %{?_smp_mflags:%_smp_mflags} %install @@ -383,16 +403,6 @@ fi %defattr(-,root,root) %dir %{_libexecdir}/ipsec %{_libexecdir}/ipsec/charon -#%dir %{strongswan_plugins} - -%if 0%{suse_version} >= 1110 - -%files nm -%defattr(-,root,root) -%dir %{_libexecdir}/ipsec -%dir %{strongswan_plugins} -%{strongswan_plugins}/libstrongswan-nm.so -%endif %files doc %defattr(-,root,root) @@ -465,7 +475,7 @@ fi %{strongswan_plugins}/libstrongswan-eap-sim.so %{strongswan_plugins}/libstrongswan-farp.so %{strongswan_plugins}/libstrongswan-fips-prf.so -%if 0%{suse_version} >= 1110 +%if %with_gcrypt %{strongswan_plugins}/libstrongswan-gcrypt.so %endif %{strongswan_plugins}/libstrongswan-gmp.so @@ -492,23 +502,34 @@ fi %{strongswan_plugins}/libstrongswan-xcbc.so %dir %ghost %{_localstatedir}/run/strongswan +%if %with_nm +%files nm +%defattr(-,root,root) +%dir %{_libexecdir}/ipsec +%dir %{strongswan_plugins} +%{strongswan_plugins}/libstrongswan-nm.so +%endif + +%if %with_mysql %files mysql %defattr(-,root,root) %dir %{strongswan_plugins} %{strongswan_plugins}/libstrongswan-mysql.so +%endif -%if 0%{suse_version} >= 1110 - +%if %with_sqlite %files sqlite %defattr(-,root,root) %dir %{strongswan_plugins} %{strongswan_plugins}/libstrongswan-sqlite.so %endif +%if %with_tests %files tests %defattr(-,root,root) %dir %{strongswan_plugins} %{strongswan_plugins}/libstrongswan-load-tester.so %{strongswan_plugins}/libstrongswan-test-vectors.so +%endif %changelog From 4285aa3d61d2b4191531db705914c17a981083ae6805f1bd9a113ae112ed5b55 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Mon, 22 Nov 2010 09:12:08 +0000 Subject: [PATCH 3/3] improved changelog entry OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=23 --- strongswan.changes | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/strongswan.changes b/strongswan.changes index 01c7650..99d60a5 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -3,7 +3,8 @@ Mon Nov 22 09:05:30 UTC 2010 - mt@suse.de - Cleaned up spec file; use with_mysql,sqlite,gcrypt,nm flags - Disabled tests sub-package with load-tester and test-vectors - plugins by default using a with_tests flag. + plugins by default using a with_tests flag (causes load error + in "ipsec pki" when enabled but the package is not installed). ------------------------------------------------------------------- Tue Nov 16 12:01:46 UTC 2010 - mt@suse.de