diff --git a/0001-fix-libselinux-deprecated.patch b/0001-fix-libselinux-deprecated.patch deleted file mode 100644 index 6c66ccc2650ff8449a0b24888db78f40131814e5..0000000000000000000000000000000000000000 --- a/0001-fix-libselinux-deprecated.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 54b0f3bf7c87ccd8e9f7c74872371d571f0c118c Mon Sep 17 00:00:00 2001 -From: si-gui <245140120@qq.com> -Date: Tue, 15 Sep 2020 19:57:58 +0800 -Subject: [PATCH] fix libselinux deprecated - -Signed-off-by: si-gui <245140120@qq.com> ---- - contrib/labeled-ipsec/getpeercon_server.c | 4 ++-- - programs/pluto/security_selinux.c | 7 ++----- - programs/pluto/security_selinux.h | 2 +- - 3 files changed, 5 insertions(+), 8 deletions(-) - -diff --git a/contrib/labeled-ipsec/getpeercon_server.c b/contrib/labeled-ipsec/getpeercon_server.c -index 57a24d0..aa2e2b4 100644 ---- a/contrib/labeled-ipsec/getpeercon_server.c -+++ b/contrib/labeled-ipsec/getpeercon_server.c -@@ -64,7 +64,7 @@ int main(int argc, char *argv[]) - srv_sock_path = argv[1]; - - { -- security_context_t ctx; -+ char *ctx; - int rc = getcon(&ctx); - - fprintf(stderr, "-> running as %s\n", -@@ -136,7 +136,7 @@ int main(int argc, char *argv[]) - struct sockaddr_in6 *const cli_sock_6addr = (struct sockaddr_in6 *)&cli_sock_saddr; - socklen_t cli_sock_addr_len; - char cli_sock_addr_str[INET6_ADDRSTRLEN + 1]; -- security_context_t ctx; -+ char *ctx; - char *ctx_str; - - //fflush(stdout); -diff --git a/programs/pluto/security_selinux.c b/programs/pluto/security_selinux.c -index ac5028e..c09a2d0 100644 ---- a/programs/pluto/security_selinux.c -+++ b/programs/pluto/security_selinux.c -@@ -27,13 +27,13 @@ void init_avc(void) - DBG_log("selinux support is enabled."); - } - -- if (avc_init("libreswan", NULL, NULL, NULL, NULL) == 0) -+ if (avc_open(NULL, 0) == 0) - selinux_ready = 1; - else - DBG_log("selinux: could not initialize avc."); - } - --int within_range(security_context_t sl, security_context_t range) -+int within_range(char *sl, char *range) - { - int rtn = 1; - security_id_t slsid; -@@ -61,7 +61,6 @@ int within_range(security_context_t sl, security_context_t range) - if (rtn != 0) { - DBG_log("within_range: Unable to retrieve sid for range context (%s)", - range); -- sidput(slsid); - return 0; - } - -@@ -74,8 +73,6 @@ int within_range(security_context_t sl, security_context_t range) - if (rtn != 0) { - DBG_log("within_range: The sl (%s) is not within range of (%s)", sl, - range); -- sidput(slsid); -- sidput(rangesid); - return 0; - } - DBG_log("within_range: The sl (%s) is within range of (%s)", sl, -diff --git a/programs/pluto/security_selinux.h b/programs/pluto/security_selinux.h -index cccd60f..7c07bd8 100644 ---- a/programs/pluto/security_selinux.h -+++ b/programs/pluto/security_selinux.h -@@ -20,6 +20,6 @@ - #include - - void init_avc(void); --int within_range(security_context_t sl, security_context_t range); -+int within_range(char *sl, char *range); - - #endif /* _SECURITY_SELINUX_H */ --- -2.23.0 - diff --git a/0002-fix-pluto-abort.patch b/0002-fix-pluto-abort.patch deleted file mode 100644 index 053b19b55ade6f9bdb9549a04cfdf6a4d0ddc861..0000000000000000000000000000000000000000 --- a/0002-fix-pluto-abort.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 4c08ae4152c6dbd9ecc7126c2e32468dcf1a6589 Mon Sep 17 00:00:00 2001 -From: si-gui <245140120@qq.com> -Date: Tue, 15 Sep 2020 20:19:26 +0800 -Subject: [PATCH] fix libselinux deprecated - -Signed-off-by: si-gui <245140120@qq.com> ---- - programs/pluto/ike_alg_encrypt_nss_gcm_ops.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/programs/pluto/ike_alg_encrypt_nss_gcm_ops.c b/programs/pluto/ike_alg_encrypt_nss_gcm_ops.c -index 4352645..4143186 100644 ---- a/programs/pluto/ike_alg_encrypt_nss_gcm_ops.c -+++ b/programs/pluto/ike_alg_encrypt_nss_gcm_ops.c -@@ -17,6 +17,13 @@ - - #include - -+/* -+ *Special advise from Bob Relyea - needs to go before any nss include -+ * -+ */ -+ -+#define NSS_PKCS11_2_0_COMPAT 1 -+ - #include "lswlog.h" - #include "lswnss.h" - #include "prmem.h" --- -2.23.0 - diff --git a/ikev1_dsa.fax.bz2 b/ikev1_dsa.fax.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..eb1c5d87f4a5d3f70c32961756c138a1ee1f5956 Binary files /dev/null and b/ikev1_dsa.fax.bz2 differ diff --git a/ikev1_psk.fax.bz2 b/ikev1_psk.fax.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..7f29d6c04dd1223768b4e79ad57ab83bc97bf8ae Binary files /dev/null and b/ikev1_psk.fax.bz2 differ diff --git a/v3.25.tar.gz b/ikev2.fax.bz2 similarity index 34% rename from v3.25.tar.gz rename to ikev2.fax.bz2 index aa01fcec17c04f0db6c0d04f3ad1d921f6828dbd..1f9f433e1334cf5d514d1dc5051d7fbdd8545bdb 100644 Binary files a/v3.25.tar.gz and b/ikev2.fax.bz2 differ diff --git a/libreswan-3.25-relax-delete.patch b/libreswan-3.25-relax-delete.patch deleted file mode 100644 index e5a02800f12a057204348dc7c8bd0185f7097b73..0000000000000000000000000000000000000000 --- a/libreswan-3.25-relax-delete.patch +++ /dev/null @@ -1,62 +0,0 @@ -diff --git a/programs/pluto/state.c b/programs/pluto/state.c -index 7b33145..a3bcc3c 100644 ---- a/programs/pluto/state.c -+++ b/programs/pluto/state.c -@@ -3155,27 +3155,40 @@ void ISAKMP_SA_established(const struct state *pst) - d = next; - } - -- if (c->newest_isakmp_sa != SOS_NOBODY && -- c->newest_isakmp_sa != pst->st_serialno) { -- struct state *old_p1 = state_by_serialno(c->newest_isakmp_sa); -+ /* -+ * This only affects IKEv2, since we don't store any -+ * received INITIAL_CONTACT for IKEv1. -+ * We don't do this on IKEv1, because it seems to -+ * confuse various third parties (Windows, Cisco VPN 300, -+ * and juniper -+ * likely because this would be called before the IPsec SA -+ * of QuickMode is installed, so the remote endpoints view -+ * this IKE SA still as the active one? -+ */ -+ if (pst->st_seen_initialc) { - -- DBG(DBG_CONTROL, DBG_log("deleting replaced IKE state for %s", -- old_p1->st_connection->name)); -- old_p1->st_suppress_del_notify = TRUE; -- event_force(EVENT_SA_EXPIRE, old_p1); -- } -+ if (c->newest_isakmp_sa != SOS_NOBODY && -+ c->newest_isakmp_sa != pst->st_serialno) { -+ struct state *old_p1 = state_by_serialno(c->newest_isakmp_sa); - -- if (pst->st_seen_initialc && (c->newest_ipsec_sa != SOS_NOBODY)) -- { -- struct state *old_p2 = state_by_serialno(c->newest_ipsec_sa); -- struct connection *d = old_p2 == NULL ? NULL : old_p2->st_connection; -+ DBG(DBG_CONTROL, DBG_log("deleting replaced IKE state for %s", -+ old_p1->st_connection->name)); -+ old_p1->st_suppress_del_notify = TRUE; -+ event_force(EVENT_SA_EXPIRE, old_p1); -+ } - -- if (c == d && same_id(&c->spd.that.id, &d->spd.that.id)) -+ if (c->newest_ipsec_sa != SOS_NOBODY) - { -- DBG(DBG_CONTROL, DBG_log("Initial Contact received, deleting old state #%lu from connection '%s'", -- c->newest_ipsec_sa, c->name)); -- old_p2->st_suppress_del_notify = TRUE; -- event_force(EVENT_SA_EXPIRE, old_p2); -+ struct state *old_p2 = state_by_serialno(c->newest_ipsec_sa); -+ struct connection *d = old_p2 == NULL ? NULL : old_p2->st_connection; -+ -+ if (c == d && same_id(&c->spd.that.id, &d->spd.that.id)) -+ { -+ DBG(DBG_CONTROL, DBG_log("Initial Contact received, deleting old state #%lu from connection '%s'", -+ c->newest_ipsec_sa, c->name)); -+ old_p2->st_suppress_del_notify = TRUE; -+ event_force(EVENT_SA_EXPIRE, old_p2); -+ } - } - } - diff --git a/libreswan-3.25-unbound-hook.patch b/libreswan-3.25-unbound-hook.patch deleted file mode 100644 index 007ae735e21f370ed9456cc2858f068354fb09eb..0000000000000000000000000000000000000000 --- a/libreswan-3.25-unbound-hook.patch +++ /dev/null @@ -1,35 +0,0 @@ -commit 9dce290a0d2df5c278ed9442b10954d65cc238e4 -Author: Paul Wouters -Date: Sun Jul 8 22:29:52 2018 -0400 - - _unbound-hook: Fixup adding IPv4 pubkey into pluto. Expect unbound to quote argument as 1 - -diff --git a/programs/_unbound-hook/_unbound-hook.in b/programs/_unbound-hook/_unbound-hook.in -index 0d266d5..38279de 100755 ---- a/programs/_unbound-hook/_unbound-hook.in -+++ b/programs/_unbound-hook/_unbound-hook.in -@@ -29,14 +29,17 @@ try: - except: - sys.exit("Bad arguments to ipsec _unbound") - --while (argv != []): -+# unbound now quotes the entire RRDATAs, so it counts as 1 argument in the list -+data = argv.pop(0).split(" ") -+ -+while (data != []): - try: -- gwprec = argv.pop(0) -- gwtype = argv.pop(0) -- gwalg = argv.pop(0) -- gwid = argv.pop(0) -- pubkey = argv.pop(0) -- addkeyip = "ipsec whack --keyid @%s --addkey --pubkeyrsa 0s%s"%(ip, pubkey) -+ gwprec = data.pop(0) -+ gwtype = data.pop(0) -+ gwalg = data.pop(0) -+ gwid = data.pop(0) -+ pubkey = data.pop(0) -+ addkeyip = "ipsec whack --keyid %s --addkey --pubkeyrsa 0s%s"%(ip, pubkey) - addkeyhostname = "ipsec whack --keyid @%s --addkey --pubkeyrsa 0s%s"%(qname, pubkey) - print("processing an IPSECKEY record for Opportunistic IPsec to %s(%s)"%(qname,ip)) - print(subprocess.call(addkeyip, shell=True)) diff --git a/libreswan-4.1.tar.gz b/libreswan-4.1.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..45b3509154c862e77e2a9d0a70a08c6ed3c7c66e Binary files /dev/null and b/libreswan-4.1.tar.gz differ diff --git a/libreswan.spec b/libreswan.spec index 64a8f6d939a716f6517639970e23372257e29a8d..10fff34a536f3cb6f1b654c4161ddf85dfa9e17c 100644 --- a/libreswan.spec +++ b/libreswan.spec @@ -1,13 +1,16 @@ +%global nss_version 3.44.0-8 +%global unbound_version 1.6.6 %global libreswan_config \\\ - FINALMANDIR=%{_mandir} \\\ - INC_USRLOCAL=%{_prefix} \\\ - INC_RCDEFAULT=%{_initrddir} \\\ + SHELL_BINARY=/usr/bin/sh \\\ FINALLIBEXECDIR=%{_libexecdir}/ipsec \\\ - FIPSPRODUCTCHECK=%{_sysconfdir}/system-fips \\\ + FINALMANDIR=%{_mandir} \\\ + PREFIX=%{_prefix} \\\ INITSYSTEM=systemd \\\ NSS_REQ_AVA_COPY=false \\\ + NSS_HAS_IPSEC_PROFILE=true \\\ + PYTHON_BINARY=%{__python3} \\\ USE_DNSSEC=true \\\ - USE_FIPSCHECK=true \\\ + USE_FIPSCHECK=false \\\ USE_LABELED_IPSEC=true \\\ USE_LDAP=true \\\ USE_LIBCAP_NG=true \\\ @@ -16,90 +19,142 @@ USE_NM=true \\\ USE_SECCOMP=true \\\ USE_XAUTHPAM=true \\\ + USE_NSS_KDF=true \\\ %{nil} -Name: libreswan -Version: 3.25 -Release: 10 -Summary: A free implementation of IPsec & IKE for Linux -License: GPLv2 -Url: https://github.com/libreswan/libreswan -Source0: https://github.com/libreswan/libreswan/archive/v%{version}.tar.gz -Source1: openeuler-libreswan-sysctl.conf -Source2: openeuler-libreswan-tmpfiles.conf - -Patch0001: libreswan-3.25-relax-delete.patch -Patch0002: libreswan-3.25-unbound-hook.patch -Patch0003: 0001-fix-libselinux-deprecated.patch -Patch0004: 0002-fix-pluto-abort.patch - -BuildRequires: gcc pkgconfig hostname bison flex systemd-devel nss-devel >= 3.16.1 -BuildRequires: nspr-devel pam-devel libevent-devel unbound-devel >= 1.6.0-6 ldns-devel -BuildRequires: libseccomp-devel libselinux-devel fipscheck-devel audit-libs-devel -BuildRequires: libcap-ng-devel openldap-devel curl-devel xmlto - -Requires: fipscheck nss-tools nss-softokn iproute >= 2.6.8 unbound-libs >= 1.6.6 -Requires(post): bash coreutils systemd -Requires(preun): systemd -Requires(postun): systemd -Provides: openswan = %{version}-%{release} openswan-doc = %{version}-%{release} -Obsoletes: openswan < %{version}-%{release} -Conflicts: openswan < %{version}-%{release} +Name: libreswan +Summary: IKE implementation for IPsec with IKEv1 and IKEv2 support +Version: 4.1 +Release: 1 +License: GPLv2 +Url: https://libreswan.org/ +Source0: https://download.libreswan.org/%{name}-%{version}.tar.gz +Source1: https://download.libreswan.org/cavs/ikev1_dsa.fax.bz2 +Source2: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2 +Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2 +Source4: openeuler-libreswan-sysctl.conf + +BuildRequires: audit-libs-devel +BuildRequires: bison +BuildRequires: curl-devel +BuildRequires: flex +BuildRequires: gcc make +BuildRequires: ldns-devel +BuildRequires: libcap-ng-devel +BuildRequires: libevent-devel +BuildRequires: libseccomp-devel +BuildRequires: libselinux-devel +BuildRequires: nspr-devel +BuildRequires: nss-devel >= %{nss_version} +BuildRequires: nss-tools +BuildRequires: openldap-devel +BuildRequires: pam-devel +BuildRequires: pkgconfig +BuildRequires: hostname +BuildRequires: systemd-devel +BuildRequires: unbound-devel >= %{unbound_version} +BuildRequires: xmlto + +Requires: %{name}-help = %{version}-%{release} +Requires: iproute >= 2.6.8 +Requires: nss >= %{nss_version} +Requires: nss-softokn +Requires: nss-tools +Requires: unbound-libs >= %{unbound_version} +Requires(post): bash +Requires(post): coreutils +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd %description -Libreswan is an Internet Key Exchange (IKE) implementation for Linux. -It supports IKEv1 and IKEv2 and has support for most of the extensions -(RFC + IETF drafts) related to IPsec, including IKEv2, X.509 Digital -Certificates, NAT Traversal, and many others. Libreswan uses the native -Linux IPsec stack (NETKEY/XFRM) per default. +Libreswan is an implementation of IKEv1 and IKEv2 for IPsec. IPsec is +the Internet Protocol Security and uses strong cryptography to provide +both authentication and encryption services. These services allow you +to build secure tunnels through untrusted networks. Everything passing +through the untrusted net is encrypted by the ipsec gateway machine and +decrypted by the gateway at the other end of the tunnel. The resulting +tunnel is a virtual private network or VPN. + +This package contains the daemons and userland tools for setting up +Libreswan. + +Libreswan also supports IKEv2 (RFC7296) and Secure Labeling + +Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04 %package help -Summary: Help documents for libreswan -Requires: %{name} = %{version}-%{release} +Summary: Help documents for libreswan %description help Man pages and other related help documents for libreswan. %prep -%autosetup -n %{name}-%{version} -p1 -sed -i "s:/usr/bin/python:/usr/bin/python3:" programs/show/show.in -sed -i "s:/usr/bin/python:/usr/bin/python3:" programs/verify/verify.in -sed -i "s:/usr/bin/python:/usr/bin/python3:" testing/x509/dist_certs.py -sed -i "s:/usr/bin/python:/usr/bin/python3:" testing/cert_verify/usage_test -sed -i "s:/usr/bin/python:/usr/bin/python3:" testing/pluto/ikev1-01-fuzzer/cve-2015-3204.py -sed -i "s:/usr/bin/python:/usr/bin/python3:" testing/pluto/ikev2-15-fuzzer/send_bad_packets.py -sed -i "s:#[ ]*include \(.*\)\(/crypto-policies/back-ends/libreswan.config\)$:include \1\2:" programs/configs/ipsec.conf.in +%setup -q -n libreswan-%{version}%{?prever} + +sed -i "s/-lfreebl //" mk/config.mk + +sed -i "s:#[ ]*include \(.*\)\(/crypto-policies/back-ends/libreswan.config\)$:include \1\2:" configs/ipsec.conf.in + +sed -i "s/-pthread$/-DALLOW_MICROSOFT_BAD_PROPOSAL -pthread/" mk/config.mk + +sed -i '/config setup/a\\t# Specifies a directory forNSS database files\n\tnssdir=/etc/ipsec.d' configs/ipsec.conf.in + +sed -i '/ipsec --checknss/s/$/ --nssdir \/etc\/ipsec.d/' ./initsystems/systemd/ipsec.service.in %build -%make_build \ - USERCOMPILE="-g -DGCC_LINT %{optflags} %{?efence} -fPIE -pie -fno-strict-aliasing -Wformat-nonliteral -Wformat-security" \ - USERLINK="-g -pie -Wl,-z,relro,-z,now %{?efence}" %{libreswan_config} programs +make %{?_smp_mflags} \ + OPTIMIZE_CFLAGS="%{optflags}" \ + WERROR_CFLAGS="-Werror -Wno-missing-field-initializers -Wno-lto-type-mismatch -Wno-maybe-uninitialized" \ + USERLINK="-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -flto --no-lto" \ + %{libreswan_config} \ + programs FS=$(pwd) -%define __spec_install_post \ - %{?__debug_package:%{__debug_install_post}} \ - %{__arch_install_post} \ - %{__os_install_post} \ - fipshmac -d %{buildroot}%{_libdir}/fipscheck %{buildroot}%{_libexecdir}/ipsec/pluto \ -%{nil} - %install -%make_install %{libreswan_config} +make \ + DESTDIR=%{buildroot} \ + %{libreswan_config} \ + install FS=$(pwd) +rm -rf %{buildroot}/usr/share/doc/libreswan +rm -rf %{buildroot}%{_libexecdir}/ipsec/*check -install -d -m 0700 %{buildroot}{%{_rundir}/pluto,%{_localstatedir}/log/pluto/peer} -install -d %{buildroot}{%{_sbindir},%{_tmpfilesdir},%{_libdir}/fipscheck,%{_sysconfdir}/sysctl.d} +install -d -m 0755 %{buildroot}%{_rundir}/pluto +install -d %{buildroot}%{_sbindir} -install -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/sysctl.d/50-libreswan.conf +install -d %{buildroot}%{_sysconfdir}/sysctl.d +install -m 0644 %{SOURCE4} \ + %{buildroot}%{_sysconfdir}/sysctl.d/50-libreswan.conf -install -m 0644 %{SOURCE2} %{buildroot}%{_tmpfilesdir}/libreswan.conf - -echo "include %{_sysconfdir}/ipsec.d/*.secrets" > %{buildroot}%{_sysconfdir}/ipsec.secrets +echo "include %{_sysconfdir}/ipsec.d/*.secrets" \ + > %{buildroot}%{_sysconfdir}/ipsec.secrets +rm -fr %{buildroot}%{_sysconfdir}/rc.d/rc* %check +cp %{SOURCE1} %{SOURCE2} %{SOURCE3} . +bunzip2 *.fax.bz2 + +: starting CAVS test for IKEv2 +%{buildroot}%{_libexecdir}/ipsec/cavp -v2 ikev2.fax | \ + diff -u ikev2.fax - > /dev/null +: starting CAVS test for IKEv1 RSASIG +%{buildroot}%{_libexecdir}/ipsec/cavp -v1dsa ikev1_dsa.fax | \ + diff -u ikev1_dsa.fax - > /dev/null +: starting CAVS test for IKEv1 PSK +%{buildroot}%{_libexecdir}/ipsec/cavp -v1psk ikev1_psk.fax | \ + diff -u ikev1_psk.fax - > /dev/null +: CAVS tests passed + +%{buildroot}%{_libexecdir}/ipsec/algparse -tp || { echo prooposal test failed; exit 1; } +%{buildroot}%{_libexecdir}/ipsec/algparse -ta || { echo algorithm test failed; exit 1; } + +tmpdir=$(mktemp -d /tmp/libreswan-XXXXX) +certutil -N -d sql:$tmpdir --empty-password +%{buildroot}%{_libexecdir}/ipsec/pluto --selftest --nssdir $tmpdir --rundir $tmpdir +: pluto self-test passed - verify FIPS algorithms allowed is still compliant with NIST -export NSS_DISABLE_HW_GCM=1 %post %systemd_post ipsec.service @@ -111,27 +166,29 @@ export NSS_DISABLE_HW_GCM=1 %systemd_postun_with_restart ipsec.service %files -%doc COPYING CREDITS -%{_sbindir}/ipsec -%{_libexecdir}/ipsec -%{_libdir}/fipscheck/pluto.hmac +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.conf %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ipsec.secrets -%attr(0644,root,root) %{_unitdir}/ipsec.service -%attr(0644,root,root) %{_tmpfilesdir}/libreswan.conf +%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d +%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/policies %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/policies/* %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysctl.d/50-libreswan.conf -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/{ipsec.conf,pam.d/pluto} -%attr(0700,root,root) %dir %{_sysconfdir}/{ipsec.d,ipsec.d/policies} -%attr(0700,root,root) %dir %{_localstatedir}/log/{pluto,pluto/peer} %attr(0755,root,root) %dir %{_rundir}/pluto -%exclude /usr/share/doc/libreswan -%exclude %{_sysconfdir}/rc.d/rc* +%attr(0644,root,root) %{_tmpfilesdir}/libreswan.conf +%attr(0644,root,root) %{_unitdir}/ipsec.service +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/pluto +%attr(0700,root,root) %dir %{_sharedstatedir}/ipsec/nss +%{_sbindir}/ipsec +%{_libexecdir}/ipsec %files help -%doc README* CHANGES docs/*.* docs/examples -%doc %{_mandir}/*/* +%doc CHANGES COPYING CREDITS README* LICENSE +%doc docs/*.* docs/examples +%attr(0644,root,root) %doc %{_mandir}/*/* %changelog +* Fri Dec 04 2020 lingsheng - 4.1-1 +- Update to 4.1 + * Tue Sep 15 2020 Guoshuai Sun - 3.25-10 - Fix pluto abort diff --git a/libreswan.yaml b/libreswan.yaml index 000caf1dd9960dbec57e9f227d73ee85f31ba08c..b0175302a4849e264fa10792357456551f1f38df 100644 --- a/libreswan.yaml +++ b/libreswan.yaml @@ -1,4 +1,4 @@ -version_control: github -src_repo: libreswan/libreswan -tag_prefix: ^v -seperator: . \ No newline at end of file +version_control: github +src_repo: libreswan/libreswan +tag_prefix: "^v" +separator: "." diff --git a/openeuler-libreswan-tmpfiles.conf b/openeuler-libreswan-tmpfiles.conf deleted file mode 100644 index 94fa1bd50192a838ed8eef345f87c8d74788d04c..0000000000000000000000000000000000000000 --- a/openeuler-libreswan-tmpfiles.conf +++ /dev/null @@ -1 +0,0 @@ -d /run/pluto 755 root root -