From da94b51c67b45cfee94ca9a78d3bab3d0741e3fc Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Mar 12 2024 00:59:11 +0000 Subject: - Update to 4.14 for CVE-2024-2357 * Security, see https://libreswan.org/security/CVE-2024-2357 * x509: unpack IPv6 general names based on length * pluto: TFC padding was not set for AEAD algorithms * Include now fixed ipcheck * Exclude hunkcheck broken on s390x * Remove obsoleted patch capng patch --- diff --git a/.gitignore b/.gitignore index 013d005..56a4381 100644 --- a/.gitignore +++ b/.gitignore @@ -58,3 +58,5 @@ /libreswan-4.12.tar.gz.asc /libreswan-4.13.tar.gz /libreswan-4.13.tar.gz.asc +/libreswan-4.14.tar.gz +/libreswan-4.14.tar.gz.asc diff --git a/libreswan.spec b/libreswan.spec index 8bb2223..8efd04e 100644 --- a/libreswan.spec +++ b/libreswan.spec @@ -29,7 +29,7 @@ Name: libreswan Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec # version is generated in the release script -Version: 4.12 +Version: 4.14 Release: %autorelease # The code in lib/libswan/nss_copies.c is under MPL-2.0, while the # rest is under GPL-2.0-or-later @@ -44,8 +44,6 @@ Source4: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2 Source5: https://download.libreswan.org/cavs/ikev2.fax.bz2 %endif -Patch1: libreswan-4.12-libcap-ng.patch - BuildRequires: audit-libs-devel BuildRequires: bison BuildRequires: curl-devel @@ -110,7 +108,10 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04 %setup -q -n libreswan-%{version}%{?prever} # enable crypto-policies support sed -i "s:#[ ]*include \(.*\)\(/crypto-policies/back-ends/libreswan.config\)$:include \1\2:" configs/ipsec.conf.in -sed -i "s/SUBDIRS += ipcheck/#SUBDIRS += ipchec/" testing/programs/Makefile +%ifarch s390x +# throws error on s390x +sed -i "s/SUBDIRS += hunkcheck/#SUBDIRS += hunkcheck/" testing/programs/Makefile +%endif %autopatch -p1 %build diff --git a/sources b/sources index 454e4af..86f3f17 100644 --- a/sources +++ b/sources @@ -1,5 +1,5 @@ +SHA512 (libreswan-4.14.tar.gz) = fb4c4dc426530614d308a7c4f5d21123a166b1ad652f66393b45d4987a3e2be8e8bc135e7eedfe1c014db962b70f08108757f876e27cd9e7739a79764c6d4f2d +SHA512 (libreswan-4.14.tar.gz.asc) = 870c2f206b74f2f5391f145bf6b81e6e40ec8ecb3357554c77be105a2410ea0d3d2c70ac59963b0ebf495fff55d7c8be64b511d093ee6b5542ae1f3ee3ffbd51 SHA512 (ikev1_dsa.fax.bz2) = 627cbac14248bd68e8d22fbca247668a7749ef0c2e41df8d776d62df9a21403d3a246c0bd82c3faedce62de90b9f91a87f753e17b056319000bba7d2038461ac SHA512 (ikev1_psk.fax.bz2) = 1b2daec32edc56b410c036db2688c92548a9bd9914994bc7e555b301dd6db4497a6b3e89dc12ddf36826ae90b40fcde501a5a45c0d59098e07839073d219d467 SHA512 (ikev2.fax.bz2) = 65c65d86fd1a7539c0ad516b0f49546d5722b710225857ee2d2f5f3415ac7d023264746398f3637fd248a4ce2364957c516c31214ee33faefe58ac8e4e333a10 -SHA512 (libreswan-4.13.tar.gz) = 551bd4e86f6642b2f4c2fae340f73b3fd5c36953a60ce89e37938cd4fcf7131470d3819100577f86baf75214d8b632067a066348620a3fe48d8ed3c26d9897a8 -SHA512 (libreswan-4.13.tar.gz.asc) = 46b961d144fbd381e93a4deaa6bf9e2523233da02872189ae331d680930be093c4ad0b2ff21c89cd3ae819189fb5270a401f35d9aca40fa9bd7b694461b10ddd