From 6076fd449e485dbd253c5128a5da5eb057dbfe6b Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Jul 15 2014 18:06:03 +0000
Subject: New upstream release 5.2.0


- The Attestation IMC/IMV pair supports the IMA-NG
  measurement format
- Aikgen tool to generate an Attestation Identity Key bound
  to a TPM
- Swanctl tool to provide a portable, complete IKE
  configuration and control interface for the command
  line using vici interface with libvici library
- PT-EAP transport protocol (RFC 7171) for TNC
- Enabled support for acert for checking X509 attribute certificate
- Updated patches, removed selinux patch as upstream has fixed it
  in this release.
- Updated spec file with minor cleanups

---

diff --git a/.gitignore b/.gitignore
index bb9f937..b782d4e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,3 +15,6 @@
 /strongswan-5.2.0dr4.tar.bz2.sig
 /strongswan-5.2.0dr5.tar.bz2
 /strongswan-5.2.0dr6.tar.bz2
+/strongswan-5.2.0.tar.bz2
+/strongswan-5.2.0.tar.bz2.md5
+/strongswan-5.2.0.tar.bz2.sig
diff --git a/sources b/sources
index 1efac57..5ba0b9b 100644
--- a/sources
+++ b/sources
@@ -1 +1,3 @@
-6b9ac43a3934dcdf66ccbdfebc54081b  strongswan-5.2.0dr6.tar.bz2
+5cee4ee1a6ccb74400758b3ace54d46e  strongswan-5.2.0.tar.bz2
+946d3a8b2cb18779966b0abba3f955da  strongswan-5.2.0.tar.bz2.md5
+e5cc61017455e2777fe4b2fa4f3bf0b1  strongswan-5.2.0.tar.bz2.sig
diff --git a/strongswan-5.1.1-selinux.patch b/strongswan-5.1.1-selinux.patch
deleted file mode 100644
index 05f2407..0000000
--- a/strongswan-5.1.1-selinux.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-diff -urNp strongswan-5.2.0dr4-patched/src/charon/charon.c strongswan-5.2.0dr4-current/src/charon/charon.c
---- strongswan-5.2.0dr4-patched/src/charon/charon.c	2014-05-22 16:14:28.761324384 -0400
-+++ strongswan-5.2.0dr4-current/src/charon/charon.c	2014-05-22 16:19:00.239224819 -0400
-@@ -229,7 +229,7 @@ static bool check_pidfile()
- 	}
- 
- 	/* create new pidfile */
--	pidfile = fopen(PID_FILE, "w");
-+	pidfile = fopen(PID_FILE, "we");
- 	if (pidfile)
- 	{
- 		ignore_result(fchown(fileno(pidfile),
-diff -urNp strongswan-5.2.0dr4-patched/src/libstrongswan/plugins/random/random_plugin.c strongswan-5.2.0dr4-current/src/libstrongswan/plugins/random/random_plugin.c
---- strongswan-5.2.0dr4-patched/src/libstrongswan/plugins/random/random_plugin.c	2014-05-22 16:14:28.738324392 -0400
-+++ strongswan-5.2.0dr4-current/src/libstrongswan/plugins/random/random_plugin.c	2014-05-22 16:19:00.239224819 -0400
-@@ -83,7 +83,7 @@ bool random_plugin_get_strong_equals_tru
-  */
- static bool open_dev(char *file, int *fd)
- {
--	*fd = open(file, O_RDONLY);
-+	*fd = open(file, O_RDONLY | O_CLOEXEC);
- 	if (*fd == -1)
- 	{
- 		DBG1(DBG_LIB, "opening \"%s\" failed: %s", file, strerror(errno));
diff --git a/strongswan.spec b/strongswan.spec
index 8f26dd8..61f0ba2 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -1,24 +1,15 @@
 %global _hardened_build 1
-%define prerelease dr6
 
 Name:           strongswan
 Version:        5.2.0
-Release:        0.4%{?prerelease:.%{prerelease}}%{?dist}
+Release:        1%{?dist}
 Summary:        An OpenSource IPsec-based VPN and TNC solution
 Group:          System Environment/Daemons
 License:        GPLv2+
 URL:            http://www.strongswan.org/
-Source0:        http://download.strongswan.org/%{name}-%{version}%{?prerelease}.tar.bz2
+Source0:        http://download.strongswan.org/%{name}-%{version}.tar.bz2
 # Initscript for epel6
 Source1:        %{name}.sysvinit
-# Fix selinux issues caused by leaking file descriptors to xtables-multi
-#
-# Upstream doesn't like the patch because of lack of portability. We're
-# working with upstream to prepare an acceptable fix. When it's ready,
-# we'll switch to the new version and remove the patch.
-#
-# http://wiki.strongswan.org/issues/519
-Patch0:         strongswan-5.1.1-selinux.patch
 # Use RTLD_GLOBAL when loading plugins and link them to libstrongswan
 #
 # The patch hasn't been accepted upstream because of insufficient
@@ -99,8 +90,7 @@ possessing a standard IF-IMC/IMV interface. In addition, it implements
 PT-TLS to support TNC over TLS.
 
 %prep
-%setup -q -n %{name}-%{version}%{prerelease}
-%patch0 -p1
+%setup -q
 #%patch1 -p1
 
 echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1" > README.Fedora
@@ -157,7 +147,10 @@ autoreconf
     --enable-eap-identity \
     --enable-cmd \
     --enable-acert \
-    --enable-aikgen
+    --enable-aikgen \
+    --enable-vici \
+    --enable-swanctl
+
 make %{?_smp_mflags}
 
 %install
@@ -218,6 +211,8 @@ fi
 %{_sysconfdir}/%{name}/ipsec.d/
 %config(noreplace) %{_sysconfdir}/%{name}/ipsec.conf
 %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
+%{_sysconfdir}/%{name}/swanctl/
+%config(noreplace) %{_sysconfdir}/%{name}/swanctl/swanctl.conf
 %if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
 %{_unitdir}/%{name}.service
 %else
@@ -234,6 +229,8 @@ fi
 %{_libdir}/%{name}/libpttls.so.0.0.0
 %{_libdir}/%{name}/lib%{name}.so.0
 %{_libdir}/%{name}/lib%{name}.so.0.0.0
+%{_libdir}/%{name}/libvici.so.0
+%{_libdir}/%{name}/libvici.so.0.0.0
 %dir %{_libdir}/%{name}/plugins
 %{_libdir}/%{name}/plugins/lib%{name}-aes.so
 %{_libdir}/%{name}/plugins/lib%{name}-attr.so
@@ -281,6 +278,7 @@ fi
 %{_libdir}/%{name}/plugins/lib%{name}-curl.so
 %{_libdir}/%{name}/plugins/lib%{name}-eap-identity.so
 %{_libdir}/%{name}/plugins/lib%{name}-acert.so
+%{_libdir}/%{name}/plugins/lib%{name}-vici.so
 %dir %{_libexecdir}/%{name}
 %{_libexecdir}/%{name}/_copyright
 %{_libexecdir}/%{name}/_updown
@@ -295,15 +293,18 @@ fi
 %{_libexecdir}/%{name}/aikgen
 %{_sbindir}/charon-cmd
 %{_sbindir}/%{name}
+%{_sbindir}/swanctl
 %{_mandir}/man1/%{name}_pki*.1.gz
 %{_mandir}/man5/%{name}.conf.5.gz
 %{_mandir}/man5/%{name}_ipsec.conf.5.gz
 %{_mandir}/man5/%{name}_ipsec.secrets.5.gz
+%{_mandir}/man5/%{name}_swanctl.conf.5.gz
 %{_mandir}/man8/%{name}.8.gz
 %{_mandir}/man8/%{name}__updown.8.gz
 %{_mandir}/man8/%{name}__updown_espmark.8.gz
 %{_mandir}/man8/%{name}_scepclient.8.gz
 %{_mandir}/man8/%{name}_charon-cmd.8.gz
+%{_mandir}/man8/%{name}_swanctl.8.gz
 %{_sysconfdir}/%{name}/%{name}.d/
 %{_datadir}/%{name}/templates/config/
 %{_datadir}/%{name}/templates/database/
@@ -358,6 +359,21 @@ fi
 %endif
 
 %changelog
+* Tue Jul 15 2014 Avesh Agarwal <avagarwa@redhat.com> - 5.2.0-1
+- New upstream release 5.2.0
+- The Attestation IMC/IMV pair supports the IMA-NG
+  measurement format
+- Aikgen tool to generate an Attestation Identity Key bound
+  to a TPM
+- Swanctl tool to provide a portable, complete IKE
+  configuration and control interface for the command
+  line using vici interface with libvici library
+- PT-EAP transport protocol (RFC 7171) for TNC
+- Enabled support for acert for checking X509 attribute certificate
+- Updated patches, removed selinux patch as upstream has fixed it
+  in this release.
+- Updated spec file with minor cleanups
+
 * Thu Jun 26 2014 Pavel Šimerda <psimerda@redhat.com> - 5.2.0-0.4.dr6
 - improve prerelease macro