From b5963e1653f4fc006acb15a969faf273bf1d0120 Mon Sep 17 00:00:00 2001
From: Pavel Šimerda <pavlix@pavlix.net>
Date: Jan 07 2014 14:41:33 +0000
Subject: Merge remote-tracking branch 'origin/el6'


Conflicts:
	.gitignore
	libstrongswan-plugin.patch
	libstrongswan-settings-debug.patch
	sources
	strongswan-init.patch
	strongswan-pts-ecp-disable.patch
	strongswan.spec

---

diff --git a/libimcv-attestatiom-imv-crash.patch b/libimcv-attestatiom-imv-crash.patch
new file mode 100644
index 0000000..825ce81
--- /dev/null
+++ b/libimcv-attestatiom-imv-crash.patch
@@ -0,0 +1,27 @@
+diff -urNp strongswan-5.0.4-patched/src/libpts/plugins/imv_attestation/imv_attestation.c strongswan-5.0.4-current/src/libpts/plugins/imv_attestation/imv_attestation.c
+--- strongswan-5.0.4-patched/src/libpts/plugins/imv_attestation/imv_attestation.c	2013-05-01 15:50:51.331560749 -0400
++++ strongswan-5.0.4-current/src/libpts/plugins/imv_attestation/imv_attestation.c	2013-06-28 11:10:30.703893643 -0400
+@@ -90,11 +90,6 @@ TNC_Result TNC_IMV_Initialize(TNC_IMVID
+ 		DBG1(DBG_IMV, "IMV \"%s\" has already been initialized", imv_name);
+ 		return TNC_RESULT_ALREADY_INITIALIZED;
+ 	}
+-	if (!pts_meas_algo_probe(&supported_algorithms) ||
+-		!pts_dh_group_probe(&supported_dh_groups))
+-	{
+-		return TNC_RESULT_FATAL;
+-	}
+ 	imv_attestation = imv_agent_create(imv_name, msg_types, countof(msg_types),
+ 									   imv_id, actual_version);
+ 	if (!imv_attestation)
+@@ -104,6 +99,11 @@ TNC_Result TNC_IMV_Initialize(TNC_IMVID
+ 
+ 	libpts_init();
+ 
++	if (!pts_meas_algo_probe(&supported_algorithms) ||
++		!pts_dh_group_probe(&supported_dh_groups))
++	{
++		return TNC_RESULT_FATAL;
++	}
+ 	if (min_version > TNC_IFIMV_VERSION_1 || max_version < TNC_IFIMV_VERSION_1)
+ 	{
+ 		DBG1(DBG_IMV, "no common IF-IMV version");
diff --git a/strongswan-Change-ipsec-scepclient-to-strongswan-scepclient.patch b/strongswan-Change-ipsec-scepclient-to-strongswan-scepclient.patch
new file mode 100644
index 0000000..ca4e05e
--- /dev/null
+++ b/strongswan-Change-ipsec-scepclient-to-strongswan-scepclient.patch
@@ -0,0 +1,25 @@
+From c282e8fa3c55a9d0046a3119d7b2a3fe07d83c37 Mon Sep 17 00:00:00 2001
+From: Jamie Nguyen <j@jamielinux.com>
+Date: Mon, 15 Jul 2013 22:31:34 +0100
+Subject: [PATCH] Change 'ipsec scepclient' to 'strongswan scepclent'
+
+---
+ src/starter/starter.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/starter/starter.c b/src/starter/starter.c
+index 917e52d..868b224 100644
+--- a/src/starter/starter.c
++++ b/src/starter/starter.c
+@@ -293,7 +293,7 @@ static void generate_selfcert()
+ #endif
+ 		setegid(gid);
+ 		seteuid(uid);
+-		ignore_result(system("ipsec scepclient --out pkcs1 --out cert-self --quiet"));
++		ignore_result(system("strongswan scepclient --out pkcs1 --out cert-self --quiet"));
+ 		seteuid(0);
+ 		setegid(0);
+ 
+-- 
+1.8.3.1
+
diff --git a/strongswan-Change-ipsec-updown-to-strongswan-updown.patch b/strongswan-Change-ipsec-updown-to-strongswan-updown.patch
new file mode 100644
index 0000000..2f62d39
--- /dev/null
+++ b/strongswan-Change-ipsec-updown-to-strongswan-updown.patch
@@ -0,0 +1,25 @@
+From daa81c04068956ff34fb0efb72956401969a8d9b Mon Sep 17 00:00:00 2001
+From: Jamie Nguyen <j@jamielinux.com>
+Date: Mon, 15 Jul 2013 13:42:14 +0100
+Subject: [PATCH] Change 'ipsec _updown' to 'strongswan _updown'
+
+---
+ src/starter/confread.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/starter/confread.c b/src/starter/confread.c
+index f0f05b0..ffd44c0 100644
+--- a/src/starter/confread.c
++++ b/src/starter/confread.c
+@@ -38,7 +38,7 @@
+ static const char ike_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536";
+ static const char esp_defaults[] = "aes128-sha1,3des-sha1";
+ 
+-static const char firewall_defaults[] = "ipsec _updown iptables";
++static const char firewall_defaults[] = "strongswan _updown iptables";
+ 
+ static bool daemon_exists(char *daemon, char *path)
+ {
+-- 
+1.8.3.1
+
diff --git a/strongswan.git-71d740cac68f83c77d981368a4c041eb620310ed.patch b/strongswan.git-71d740cac68f83c77d981368a4c041eb620310ed.patch
new file mode 100644
index 0000000..d58cc00
--- /dev/null
+++ b/strongswan.git-71d740cac68f83c77d981368a4c041eb620310ed.patch
@@ -0,0 +1,26 @@
+From 71d740cac68f83c77d981368a4c041eb620310ed Mon Sep 17 00:00:00 2001
+From: Andreas Steffen <andreas.steffen@strongswan.org>
+Date: Fri, 24 May 2013 12:56:21 +0200
+Subject: [PATCH] Make plugins in standalone libimcv configurable
+
+---
+ src/libimcv/imcv.c |    3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/src/libimcv/imcv.c b/src/libimcv/imcv.c
+index 6cee0ad..f9ecf79 100644
+--- a/src/libimcv/imcv.c
++++ b/src/libimcv/imcv.c
+@@ -118,7 +118,8 @@ bool libimcv_init(void)
+ 		openlog("imcv", 0, LOG_DAEMON);
+ 
+ 		if (!lib->plugins->load(lib->plugins, NULL,
+-							"sha1 sha2 random nonce gmp pubkey x509"))
++				lib->settings->get_str(lib->settings, "libimcv.load",
++					"random nonce gmp pubkey x509")))
+ 		{
+ 			library_deinit();
+ 			return FALSE;
+-- 
+1.7.4.1
+
diff --git a/strongswan.spec b/strongswan.spec
index 8235f5c..c37ff0f 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -192,6 +192,12 @@ fi
 %else
 %endif
 
+# Create ipsec.d directory tree.
+install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d
+for i in aacerts acerts certs cacerts crls ocspcerts private reqs; do
+    install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d/${i}
+done
+
 
 %files
 %doc README README.Fedora COPYING NEWS TODO