strongswan/strongswan.spec

Name:             strongswan
Version:          5.9.10
Release:          4
Summary:          An OpenSource IPsec-based VPN and TNC solution
License:          GPLv2+
URL:              http://www.strongswan.org/
Source0:          http://download.strongswan.org/strongswan-%{version}.tar.bz2

Patch0:           remove-warning-no-format.patch
Patch1:           aes-crypter-support-sw64-arch.patch
# https://download.strongswan.org/security/CVE-2023-41913/strongswan-5.9.7-5.9.11_charon_tkm_dh_len.patch
Patch2:           CVE-2023-41913.patch

BuildRequires:    gcc chrpath autoconf automake libtool tpm2-abrmd
BuildRequires:    systemd-devel gmp-devel libcurl-devel NetworkManager-libnm-devel openldap-devel
BuildRequires:    compat-openssl11-devel sqlite-devel gettext-devel trousers-devel libxml2-devel pam-devel
BuildRequires:    json-c-devel libgcrypt-devel systemd-devel iptables-devel tpm2-tss-devel tpm2-abrmd-devel
Requires(post):   systemd
Requires(preun):  systemd
Requires(postun): systemd
Requires:         tpm2-abrmd
Requires:         %{name}-sqlite = %{version}-%{release}
Requires:         %{name}-tnc-imcvs = %{version}-%{release}
Requires:         %{name}-libipsec = %{version}-%{release}

%description
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange
protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel.

%package libipsec
Summary: Strongswan's libipsec backend
%description libipsec
The kernel-libipsec plugin provides an IPsec backend that works entirely in userland, using TUN devices and its own IPsec implementation libipsec.

%package charon-nm
Summary:NetworkManager plugin for Strongswan
Requires:dbus
Obsoletes:      %{name}-NetworkManager < 0:5.0.4-5
Conflicts:      %{name}-NetworkManager < 0:5.0.4-5
Conflicts:      NetworkManager-strongswan < 1.4.2-1

%description charon-nm
NetworkManager plugin integrates a subset of Strongswan capabilities to NetworkManager.

%package sqlite
Summary: SQLite support for strongSwan
Requires: %{name} = %{version}-%{release}

%description sqlite
The sqlite plugin adds an SQLite database backend to strongSwan.

%package tnc-imcvs
Summary: Trusted network connect (TNC)'s IMC/IMV functionality
Requires: %{name} = %{version}-%{release}
Requires: %{name}-sqlite = %{version}-%{release}

%description tnc-imcvs
This package provides Trusted Network Connect's (TNC) architec ture support.
It includes support for TNC client and server (IF-TNCCS), IMC and IMV message
exchange (IF-M), interface between IMC/IMV and TNC client/server (IF-IMC
and IF-IMV). It also includes PTS based IMC/IMV for TPM based remote
attestation, SWID IMC/IMV, and OS IMC/IMV. It's IMC/IMV dynamic libraries
modules can be used by any third party TNC Client/Server imple mentation
possessing a standard IF-IMC/IMV interface. In addition, it im plements
PT-TLS to support TNC over TLS.

%prep
%autosetup -n %{name}-%{version} -p1

%build
autoreconf -i
%configure --bindir=%{_libexecdir}/strongswan --sysconfdir=%{_sysconfdir}/strongswan \
           --with-ipsecdir=%{_libexecdir}/strongswan --with-ipseclibdir=%{_libdir}/strongswan \
           --with-ipsec-script=strongswan \
           --disable-static \
           --enable-tss-trousers --enable-nm --enable-systemd --enable-openssl --enable-unity \
           --enable-ctr --enable-ccm --enable-gcm --enable-chapoly --enable-md4 --enable-gcrypt \
           --enable-newhope --enable-xauth-eap --enable-xauth-pam --enable-xauth-noauth \
           --enable-eap-identity --enable-eap-md5 --enable-eap-gtc --enable-eap-tls --enable-eap-ttls \
           --enable-eap-peap --enable-eap-mschapv2 --enable-eap-tnc --enable-eap-sim --enable-eap-sim-file \
           --enable-eap-aka --enable-eap-aka-3gpp --enable-eap-aka-3gpp2 --enable-eap-dynamic --enable-eap-radius \
           --enable-ext-auth --enable-ipseckey --enable-pkcs11 --enable-tpm --enable-farp --enable-dhcp \
           --enable-ha --enable-led --enable-sql --enable-sqlite --enable-tnc-ifmap --enable-tnc-pdp \
           --enable-tnc-imc --enable-tnc-imv --enable-tnccs-20 --enable-tnccs-11 --enable-tnccs-dynamic \
           --enable-imc-test --enable-imv-test --enable-imc-scanner --enable-imv-scanner --enable-imc-attestation \
           --enable-imv-attestation --enable-imv-os --enable-imc-os --enable-imc-swid --enable-imv-swid \
           --enable-imc-swima --enable-imv-swima --enable-imc-hcd --enable-imv-hcd --enable-curl \
           --enable-cmd --enable-acert --enable-aikgen --enable-vici --enable-swanctl --enable-duplicheck \
           --enable-kernel-libipsec --enable-bypass-lan \
%ifarch x86_64 %{ix86}
           --enable-aesni
%endif

for p in bypass-lan; do
    echo -e "\ncharon.plugins.${p}.load := no" >> conf/plugins/${p}.opt
done

make %{?_smp_mflags}

%install
%make_install

mv %{buildroot}%{_datadir}/dbus-1 %{buildroot}%{_sysconfdir}/
# prefix man pages
for i in %{buildroot}%{_mandir}/*/*; do
    if echo "$i" | grep -vq '/strongswan[^\/]*$'; then
        mv "$i" "`echo "$i" | sed -re 's|/([^/]+)$|/strongswan_\1|'`"
    fi
done

rm -rf %{buildroot}%{_libdir}/strongswan/*.so

chmod 644 %{buildroot}%{_sysconfdir}/strongswan/strongswan.conf
install -d -m 700 %{buildroot}%{_sysconfdir}/strongswan/ipsec.d
install -d -m 700 %{buildroot}%{_sysconfdir}/strongswan/ipsec.d/{aacerts,acerts,cacerts,certs,crls,ocspcerts,private,reqs}

%delete_la

cd $RPM_BUILD_ROOT/usr
file `find -type f` | grep -w ELF | awk -F":" '{print $1}' | for i in `xargs`
do
chrpath -d $i
done
cd -
mkdir -p %{buildroot}/etc/ld.so.conf.d
echo "%{_libdir}/strongswan" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf

%preun
%systemd_preun strongswan.service

%post
/sbin/ldconfig
%systemd_post strongswan.service

%postun
/sbin/ldconfig
%systemd_postun_with_restart strongswan.service

%files
%doc README NEWS TODO ChangeLog
%license COPYING
%dir %attr(0700,root,root) %{_sysconfdir}/strongswan
%config(noreplace) %{_sysconfdir}/strongswan/*
%dir %{_libdir}/strongswan
%exclude %{_libdir}/strongswan/imcvs
%dir %{_libdir}/strongswan/plugins
%dir %{_libexecdir}/strongswan
%{_unitdir}/strongswan.service
%{_unitdir}/strongswan-starter.service
%{_sbindir}/charon-cmd
%{_sbindir}/charon-systemd
%{_sbindir}/strongswan
%{_sbindir}/swanctl
%{_libdir}/strongswan/*.so.*
%exclude %{_libdir}/strongswan/libimcv.so.*
%exclude %{_libdir}/strongswan/libtnccs.so.*
%exclude %{_libdir}/strongswan/libipsec.so.*
%{_libdir}/strongswan/plugins/*.so
%exclude %{_libdir}/strongswan/plugins/libstrongswan-sqlite.so
%exclude %{_libdir}/strongswan/plugins/libstrongswan-*tnc*.so
%exclude %{_libdir}/strongswan/plugins/libstrongswan-kernel-libipsec.so
%{_libexecdir}/strongswan/*
%exclude %{_libexecdir}/strongswan/attest
%exclude %{_libexecdir}/strongswan/pt-tls-client
%exclude %{_libexecdir}/strongswan/charon-nm
%exclude %dir %{_datadir}/strongswan/swidtag
%{_mandir}/man?/*.gz
%{_datadir}/strongswan/templates/config/
%{_datadir}/strongswan/templates/database/
%config(noreplace) /etc/ld.so.conf.d/*

%files sqlite
%{_libdir}/strongswan/plugins/libstrongswan-sqlite.so

%files tnc-imcvs
%{_sbindir}/sw-collector
%{_sbindir}/sec-updater
%dir %{_libdir}/strongswan/imcvs
%dir %{_libdir}/strongswan/plugins
%{_libdir}/strongswan/libimcv.so.*
%{_libdir}/strongswan/libtnccs.so.*
%{_libdir}/strongswan/plugins/libstrongswan-*tnc*.so
%{_libexecdir}/strongswan/attest
%{_libexecdir}/strongswan/pt-tls-client
%dir %{_datadir}/strongswan/swidtag
%{_datadir}/strongswan/swidtag/*.swidtag

%files libipsec
%{_libdir}/strongswan/libipsec.so.*
%{_libdir}/strongswan/plugins/libstrongswan-kernel-libipsec.so

%files charon-nm
%doc COPYING
%{_sysconfdir}/dbus-1/system.d/nm-strongswan-service.conf
%{_libexecdir}/strongswan/charon-nm

%changelog
* Thu Dec 14 2023 yaoxin <yao_xin001@hoperun.com> - 5.9.10-4
- Fix CVE-2023-41913

* Sun Oct 08 2023 openhosec <openhosec@hosec.net> - 5.9.10-3
- aes crypter support sw64 arch

* Tue Sept 19 2023 openhosec <openhosec@hosec.net> - 5.9.10-2
- fixed unable to set openssl fips mode

* Sat Mar 11 2023 openhosec <openhosec@hosec.net> - 5.9.10-1
- Upgrade to 5.9.10 version

* Wed Mar 01 2023 wangkai <wangkai385@h-partners.com> - 5.9.7-6
- Replace openssl-devel with compat-openssl11-devel

* Fri Feb 24 2023 xu_ping <xuping33@h-partners.com> - 5.9.7-5
- fix /usr/sbin/ipsec conflicts with libreswan.

* Mon Oct 10 2022 openhosec <openhosec@hosec.net> - 5.9.7-4
- Fix CVE-2022-40617

* Tue Sep 13 2022 wangkai <wangkai385@h-partners.com> - 5.9.7-3
- Add Requires strongswan-tnc-imcvs and strongswan-libipsec

* Mon Sep 05 2022 wangkai <wangkai385@h-partners.com> - 5.9.7-2
- Add Requires strongswan-sqlite

* Sat Aug 13 2022 openhosec <openhosec@hosec.net> - 5.9.7-1
- Upgrade to 5.9.7 version

* Tue Feb 08 2022 wangkai <wangkai385@huawei.com> - 5.7.2-11
- fix CVE-2021-45079

* Mon Oct 25 2021 wangkai <wangkai385@huawei.com> - 5.7.2-10
- fix CVE-2021-40990 CVE-2021-40991

* Thu Sep 09 2021 caodongxia <caodongxia@huawei.com> - 5.7.2-9
- fix rpath error

* Wed Sep 1 2021 caodongxia <caodongxia@huawei.com> - 5.7.2-8
- fix fuzz: use of uninitialized value

* Wed Aug 4 2021 shdluan <shdluan@163.com> - 5.7.2-7
- fix multiple defination of variable

* Sat Jul 18 2020 yaokai13 <yaokai13@huawei.com> - 5.7.2-6
- Unpack the merged package to fix the issue #l1N2UN

* Thu May 28 2020 Senlin Xia <xiasenlin1@huawei.com> - 5.7.2-5
- prefix man pages
 
* Fri Feb 14 2020 Ling Yang <lingyang2@huawei.com> - 5.7.2-4
- Package init
Package init 2020-02-14 11:27:10 +08:00			`Name: strongswan`
update to 5.9.10 2023-03-11 18:22:19 +08:00			`Version: 5.9.10`
Fix CVE-2023-41913 2023-12-14 09:48:32 +08:00			`Release: 4`
Package init 2020-02-14 11:27:10 +08:00			`Summary: An OpenSource IPsec-based VPN and TNC solution`
			`License: GPLv2+`
			`URL: http://www.strongswan.org/`
			`Source0: http://download.strongswan.org/strongswan-%{version}.tar.bz2`
fix multiple definition Signed-off-by: shdluan <shdluan@163.com> 2021-08-04 09:27:04 +08:00
upgrade to 5.9.7 version 2022-08-14 08:39:17 +08:00			`Patch0: remove-warning-no-format.patch`
aes crypter support sw64 arch 2023-10-08 14:51:34 +08:00			`Patch1: aes-crypter-support-sw64-arch.patch`
Fix CVE-2023-41913 2023-12-14 09:48:32 +08:00			`# https://download.strongswan.org/security/CVE-2023-41913/strongswan-5.9.7-5.9.11_charon_tkm_dh_len.patch`
			`Patch2: CVE-2023-41913.patch`
fix CVE-2021-40990 CVE-2021-40991 2021-10-25 11:44:22 +08:00
upgrade to 5.9.7 version 2022-08-14 08:39:17 +08:00			`BuildRequires: gcc chrpath autoconf automake libtool tpm2-abrmd`
			`BuildRequires: systemd-devel gmp-devel libcurl-devel NetworkManager-libnm-devel openldap-devel`
Replace openssl-devel with compat-openssl11-devel (cherry picked from commit 4f2002c6b2374b6469ea800801422d8bde26c9ad) 2023-03-01 18:46:02 +08:00			`BuildRequires: compat-openssl11-devel sqlite-devel gettext-devel trousers-devel libxml2-devel pam-devel`
upgrade to 5.9.7 version 2022-08-14 08:39:17 +08:00			`BuildRequires: json-c-devel libgcrypt-devel systemd-devel iptables-devel tpm2-tss-devel tpm2-abrmd-devel`
Package init 2020-02-14 11:27:10 +08:00			`Requires(post): systemd`
			`Requires(preun): systemd`
			`Requires(postun): systemd`
upgrade to 5.9.7 version 2022-08-14 08:39:17 +08:00			`Requires: tpm2-abrmd`
Add Requires strongswan-sqlite (cherry picked from commit 9d7600b9b8e8482a0f5b8dbe742c6e6d06ff1219) 2022-09-05 15:50:06 +08:00			`Requires: %{name}-sqlite = %{version}-%{release}`
Add Requires strongswan-tnc-imcvs and strongswan-libipsec (cherry picked from commit 046172c21b5967721d77edd23be608b7b57f5c2f) 2022-09-13 15:50:52 +08:00			`Requires: %{name}-tnc-imcvs = %{version}-%{release}`
			`Requires: %{name}-libipsec = %{version}-%{release}`
Package init 2020-02-14 11:27:10 +08:00
			`%description`
			`The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange`
			`protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel.`

Unpack the merged package to fix the issue #l1N2UN 2020-07-18 09:23:33 +08:00			`%package libipsec`
			`Summary: Strongswan's libipsec backend`
			`%description libipsec`
			`The kernel-libipsec plugin provides an IPsec backend that works entirely in userland, using TUN devices and its own IPsec implementation libipsec.`

			`%package charon-nm`
			`Summary:NetworkManager plugin for Strongswan`
			`Requires:dbus`
			`Obsoletes: %{name}-NetworkManager < 0:5.0.4-5`
			`Conflicts: %{name}-NetworkManager < 0:5.0.4-5`
			`Conflicts: NetworkManager-strongswan < 1.4.2-1`

			`%description charon-nm`
			`NetworkManager plugin integrates a subset of Strongswan capabilities to NetworkManager.`

			`%package sqlite`
			`Summary: SQLite support for strongSwan`
			`Requires: %{name} = %{version}-%{release}`

			`%description sqlite`
			`The sqlite plugin adds an SQLite database backend to strongSwan.`

			`%package tnc-imcvs`
			`Summary: Trusted network connect (TNC)'s IMC/IMV functionality`
			`Requires: %{name} = %{version}-%{release}`
			`Requires: %{name}-sqlite = %{version}-%{release}`

			`%description tnc-imcvs`
			`This package provides Trusted Network Connect's (TNC) architec ture support.`
			`It includes support for TNC client and server (IF-TNCCS), IMC and IMV message`
			`exchange (IF-M), interface between IMC/IMV and TNC client/server (IF-IMC`
			`and IF-IMV). It also includes PTS based IMC/IMV for TPM based remote`
			`attestation, SWID IMC/IMV, and OS IMC/IMV. It's IMC/IMV dynamic libraries`
			`modules can be used by any third party TNC Client/Server imple mentation`
			`possessing a standard IF-IMC/IMV interface. In addition, it im plements`
			`PT-TLS to support TNC over TLS.`
Package init 2020-02-14 11:27:10 +08:00
			`%prep`
Unpack the merged package to fix the issue #l1N2UN 2020-07-18 09:23:33 +08:00			`%autosetup -n %{name}-%{version} -p1`
Package init 2020-02-14 11:27:10 +08:00
			`%build`
upgrade to 5.9.7 version 2022-08-14 08:39:17 +08:00			`autoreconf -i`
			`%configure --bindir=%{_libexecdir}/strongswan --sysconfdir=%{_sysconfdir}/strongswan \`
			`--with-ipsecdir=%{_libexecdir}/strongswan --with-ipseclibdir=%{_libdir}/strongswan \`
fixed unable to set openssl fips mode 2023-09-19 09:43:32 +08:00			`--with-ipsec-script=strongswan \`
upgrade to 5.9.7 version 2022-08-14 08:39:17 +08:00			`--disable-static \`
Package init 2020-02-14 11:27:10 +08:00			`--enable-tss-trousers --enable-nm --enable-systemd --enable-openssl --enable-unity \`
			`--enable-ctr --enable-ccm --enable-gcm --enable-chapoly --enable-md4 --enable-gcrypt \`
			`--enable-newhope --enable-xauth-eap --enable-xauth-pam --enable-xauth-noauth \`
			`--enable-eap-identity --enable-eap-md5 --enable-eap-gtc --enable-eap-tls --enable-eap-ttls \`
			`--enable-eap-peap --enable-eap-mschapv2 --enable-eap-tnc --enable-eap-sim --enable-eap-sim-file \`
			`--enable-eap-aka --enable-eap-aka-3gpp --enable-eap-aka-3gpp2 --enable-eap-dynamic --enable-eap-radius \`
			`--enable-ext-auth --enable-ipseckey --enable-pkcs11 --enable-tpm --enable-farp --enable-dhcp \`
			`--enable-ha --enable-led --enable-sql --enable-sqlite --enable-tnc-ifmap --enable-tnc-pdp \`
			`--enable-tnc-imc --enable-tnc-imv --enable-tnccs-20 --enable-tnccs-11 --enable-tnccs-dynamic \`
			`--enable-imc-test --enable-imv-test --enable-imc-scanner --enable-imv-scanner --enable-imc-attestation \`
			`--enable-imv-attestation --enable-imv-os --enable-imc-os --enable-imc-swid --enable-imv-swid \`
			`--enable-imc-swima --enable-imv-swima --enable-imc-hcd --enable-imv-hcd --enable-curl \`
			`--enable-cmd --enable-acert --enable-aikgen --enable-vici --enable-swanctl --enable-duplicheck \`
upgrade to 5.9.7 version 2022-08-14 08:39:17 +08:00			`--enable-kernel-libipsec --enable-bypass-lan \`
Package init 2020-02-14 11:27:10 +08:00			`%ifarch x86_64 %{ix86}`
			`--enable-aesni`
			`%endif`

			`for p in bypass-lan; do`
			`echo -e "\ncharon.plugins.${p}.load := no" >> conf/plugins/${p}.opt`
			`done`

			`make %{?_smp_mflags}`

			`%install`
			`%make_install`

upgrade to 5.9.7 version 2022-08-14 08:39:17 +08:00			`mv %{buildroot}%{_datadir}/dbus-1 %{buildroot}%{_sysconfdir}/`
prefix man pages 2020-05-28 20:25:37 +08:00			`# prefix man pages`
			`for i in %{buildroot}%{_mandir}//; do`
			`if echo "$i" \| grep -vq '/strongswan[^\/]*$'; then`
			mv "$i" "`echo "$i" \| sed -re 's\|/([^/]+)$\|/strongswan_\1\|'`"
			`fi`
			`done`

Package init 2020-02-14 11:27:10 +08:00			`rm -rf %{buildroot}%{_libdir}/strongswan/*.so`

			`chmod 644 %{buildroot}%{_sysconfdir}/strongswan/strongswan.conf`
			`install -d -m 700 %{buildroot}%{_sysconfdir}/strongswan/ipsec.d`
upgrade to 5.9.7 version 2022-08-14 08:39:17 +08:00			`install -d -m 700 %{buildroot}%{_sysconfdir}/strongswan/ipsec.d/{aacerts,acerts,cacerts,certs,crls,ocspcerts,private,reqs}`
Package init 2020-02-14 11:27:10 +08:00
			`%delete_la`

fix rpath error 2021-09-09 18:08:10 +08:00			`cd $RPM_BUILD_ROOT/usr`
			file `find -type f` \| grep -w ELF \| awk -F":" '{print $1}' \| for i in `xargs`
			`do`
			`chrpath -d $i`
			`done`
			`cd -`
			`mkdir -p %{buildroot}/etc/ld.so.conf.d`
			`echo "%{_libdir}/strongswan" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf`

Package init 2020-02-14 11:27:10 +08:00			`%preun`
			`%systemd_preun strongswan.service`

			`%post`
fix rpath error 2021-09-09 18:08:10 +08:00			`/sbin/ldconfig`
Package init 2020-02-14 11:27:10 +08:00			`%systemd_post strongswan.service`

			`%postun`
fix rpath error 2021-09-09 18:08:10 +08:00			`/sbin/ldconfig`
Package init 2020-02-14 11:27:10 +08:00			`%systemd_postun_with_restart strongswan.service`

			`%files`
Unpack the merged package to fix the issue #l1N2UN 2020-07-18 09:23:33 +08:00			`%doc README NEWS TODO ChangeLog`
Package init 2020-02-14 11:27:10 +08:00			`%license COPYING`
			`%dir %attr(0700,root,root) %{_sysconfdir}/strongswan`
			`%config(noreplace) %{_sysconfdir}/strongswan/*`
			`%dir %{_libdir}/strongswan`
Unpack the merged package to fix the issue #l1N2UN 2020-07-18 09:23:33 +08:00			`%exclude %{_libdir}/strongswan/imcvs`
Package init 2020-02-14 11:27:10 +08:00			`%dir %{_libdir}/strongswan/plugins`
			`%dir %{_libexecdir}/strongswan`
Unpack the merged package to fix the issue #l1N2UN 2020-07-18 09:23:33 +08:00			`%{_unitdir}/strongswan.service`
upgrade to 5.9.7 version 2022-08-14 08:39:17 +08:00			`%{_unitdir}/strongswan-starter.service`
Unpack the merged package to fix the issue #l1N2UN 2020-07-18 09:23:33 +08:00			`%{_sbindir}/charon-cmd`
			`%{_sbindir}/charon-systemd`
fix /usr/sbin/ipsec conflicts with libreswan. Signed-off-by: cherry530 <xuping33@huawei.com> (cherry picked from commit 686062627b845ce0b050ab4e9a91f5737caf6bfa) 2023-02-24 16:17:44 +08:00			`%{_sbindir}/strongswan`
Unpack the merged package to fix the issue #l1N2UN 2020-07-18 09:23:33 +08:00			`%{_sbindir}/swanctl`
Package init 2020-02-14 11:27:10 +08:00			`%{_libdir}/strongswan/.so.`
Unpack the merged package to fix the issue #l1N2UN 2020-07-18 09:23:33 +08:00			`%exclude %{_libdir}/strongswan/libimcv.so.*`
			`%exclude %{_libdir}/strongswan/libtnccs.so.*`
			`%exclude %{_libdir}/strongswan/libipsec.so.*`
Package init 2020-02-14 11:27:10 +08:00			`%{_libdir}/strongswan/plugins/*.so`
Unpack the merged package to fix the issue #l1N2UN 2020-07-18 09:23:33 +08:00			`%exclude %{_libdir}/strongswan/plugins/libstrongswan-sqlite.so`
			`%exclude %{_libdir}/strongswan/plugins/libstrongswan-tnc.so`
			`%exclude %{_libdir}/strongswan/plugins/libstrongswan-kernel-libipsec.so`
Package init 2020-02-14 11:27:10 +08:00			`%{_libexecdir}/strongswan/*`
Unpack the merged package to fix the issue #l1N2UN 2020-07-18 09:23:33 +08:00			`%exclude %{_libexecdir}/strongswan/attest`
			`%exclude %{_libexecdir}/strongswan/pt-tls-client`
			`%exclude %{_libexecdir}/strongswan/charon-nm`
			`%exclude %dir %{_datadir}/strongswan/swidtag`
			`%{_mandir}/man?/*.gz`
Package init 2020-02-14 11:27:10 +08:00			`%{_datadir}/strongswan/templates/config/`
			`%{_datadir}/strongswan/templates/database/`
fix rpath error 2021-09-09 18:08:10 +08:00			`%config(noreplace) /etc/ld.so.conf.d/*`
Unpack the merged package to fix the issue #l1N2UN 2020-07-18 09:23:33 +08:00
			`%files sqlite`
			`%{_libdir}/strongswan/plugins/libstrongswan-sqlite.so`

			`%files tnc-imcvs`
			`%{_sbindir}/sw-collector`
			`%{_sbindir}/sec-updater`
			`%dir %{_libdir}/strongswan/imcvs`
			`%dir %{_libdir}/strongswan/plugins`
			`%{_libdir}/strongswan/libimcv.so.*`
			`%{_libdir}/strongswan/libtnccs.so.*`
			`%{_libdir}/strongswan/plugins/libstrongswan-tnc.so`
			`%{_libexecdir}/strongswan/attest`
			`%{_libexecdir}/strongswan/pt-tls-client`
Package init 2020-02-14 11:27:10 +08:00			`%dir %{_datadir}/strongswan/swidtag`
			`%{_datadir}/strongswan/swidtag/*.swidtag`

Unpack the merged package to fix the issue #l1N2UN 2020-07-18 09:23:33 +08:00			`%files libipsec`
			`%{_libdir}/strongswan/libipsec.so.*`
			`%{_libdir}/strongswan/plugins/libstrongswan-kernel-libipsec.so`

			`%files charon-nm`
			`%doc COPYING`
			`%{_sysconfdir}/dbus-1/system.d/nm-strongswan-service.conf`
			`%{_libexecdir}/strongswan/charon-nm`
Package init 2020-02-14 11:27:10 +08:00
			`%changelog`
Fix CVE-2023-41913 2023-12-14 09:48:32 +08:00			`* Thu Dec 14 2023 yaoxin <yao_xin001@hoperun.com> - 5.9.10-4`
			`- Fix CVE-2023-41913`

aes crypter support sw64 arch 2023-10-08 14:51:34 +08:00			`* Sun Oct 08 2023 openhosec <openhosec@hosec.net> - 5.9.10-3`
			`- aes crypter support sw64 arch`

fixed unable to set openssl fips mode 2023-09-19 09:43:32 +08:00			`* Tue Sept 19 2023 openhosec <openhosec@hosec.net> - 5.9.10-2`
			`- fixed unable to set openssl fips mode`

update to 5.9.10 2023-03-11 18:22:19 +08:00			`* Sat Mar 11 2023 openhosec <openhosec@hosec.net> - 5.9.10-1`
			`- Upgrade to 5.9.10 version`

Replace openssl-devel with compat-openssl11-devel (cherry picked from commit 4f2002c6b2374b6469ea800801422d8bde26c9ad) 2023-03-01 18:46:02 +08:00			`* Wed Mar 01 2023 wangkai <wangkai385@h-partners.com> - 5.9.7-6`
			`- Replace openssl-devel with compat-openssl11-devel`

fix /usr/sbin/ipsec conflicts with libreswan. Signed-off-by: cherry530 <xuping33@huawei.com> (cherry picked from commit 686062627b845ce0b050ab4e9a91f5737caf6bfa) 2023-02-24 16:17:44 +08:00			`* Fri Feb 24 2023 xu_ping <xuping33@h-partners.com> - 5.9.7-5`
			`- fix /usr/sbin/ipsec conflicts with libreswan.`

fix CVE-2022-40617 2022-10-09 13:51:21 +08:00			`* Mon Oct 10 2022 openhosec <openhosec@hosec.net> - 5.9.7-4`
			`- Fix CVE-2022-40617`

Add Requires strongswan-tnc-imcvs and strongswan-libipsec (cherry picked from commit 046172c21b5967721d77edd23be608b7b57f5c2f) 2022-09-13 15:50:52 +08:00			`* Tue Sep 13 2022 wangkai <wangkai385@h-partners.com> - 5.9.7-3`
			`- Add Requires strongswan-tnc-imcvs and strongswan-libipsec`

Add Requires strongswan-sqlite (cherry picked from commit 9d7600b9b8e8482a0f5b8dbe742c6e6d06ff1219) 2022-09-05 15:50:06 +08:00			`* Mon Sep 05 2022 wangkai <wangkai385@h-partners.com> - 5.9.7-2`
			`- Add Requires strongswan-sqlite`

upgrade to 5.9.7 version 2022-08-14 08:39:17 +08:00			`* Sat Aug 13 2022 openhosec <openhosec@hosec.net> - 5.9.7-1`
			`- Upgrade to 5.9.7 version`

fix CVE-2021-45079 2022-02-08 18:56:09 +08:00			`* Tue Feb 08 2022 wangkai <wangkai385@huawei.com> - 5.7.2-11`
			`- fix CVE-2021-45079`

fix CVE-2021-40990 CVE-2021-40991 2021-10-25 11:44:22 +08:00			`* Mon Oct 25 2021 wangkai <wangkai385@huawei.com> - 5.7.2-10`
			`- fix CVE-2021-40990 CVE-2021-40991`

fix rpath error 2021-09-09 18:08:10 +08:00			`* Thu Sep 09 2021 caodongxia <caodongxia@huawei.com> - 5.7.2-9`
			`- fix rpath error`

fix fuzz: use of uninitialized value (cherry picked from commit 2dac6e2500b83cd89641fa54a533d7ebb32bb89c) 2021-09-01 15:27:51 +08:00			`* Wed Sep 1 2021 caodongxia <caodongxia@huawei.com> - 5.7.2-8`
			`- fix fuzz: use of uninitialized value`

modify bad date in changelog 2022-06-16 17:20:34 +08:00			`* Wed Aug 4 2021 shdluan <shdluan@163.com> - 5.7.2-7`
fix multiple definition Signed-off-by: shdluan <shdluan@163.com> 2021-08-04 09:27:04 +08:00			`- fix multiple defination of variable`

Unpack the merged package to fix the issue #l1N2UN 2020-07-18 09:23:33 +08:00			`* Sat Jul 18 2020 yaokai13 <yaokai13@huawei.com> - 5.7.2-6`
			`- Unpack the merged package to fix the issue #l1N2UN`

prefix man pages 2020-05-28 20:25:37 +08:00			`* Thu May 28 2020 Senlin Xia <xiasenlin1@huawei.com> - 5.7.2-5`
			`- prefix man pages`

Package init 2020-02-14 11:27:10 +08:00			`* Fri Feb 14 2020 Ling Yang <lingyang2@huawei.com> - 5.7.2-4`
			`- Package init`