From f609a14e3ac2e09cb6355bc60c40513a53cbd70a Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Apr 14 2020 17:17:05 +0000 Subject: - Resolves: rhbz#1823823 Please drop the dependency on fipscheck --- diff --git a/libreswan.spec b/libreswan.spec index c2f0cca..2b61dad 100644 --- a/libreswan.spec +++ b/libreswan.spec @@ -7,14 +7,13 @@ %global libreswan_config \\\ FINALLIBEXECDIR=%{_libexecdir}/ipsec \\\ FINALMANDIR=%{_mandir} \\\ - FIPSPRODUCTCHECK=%{_sysconfdir}/system-fips \\\ INC_RCDEFAULT=%{_initrddir} \\\ INC_USRLOCAL=%{_prefix} \\\ INITSYSTEM=systemd \\\ PYTHON_BINARY=%{__python3} \\\ SHELL_BINARY=%{_bindir}/sh \\\ USE_DNSSEC=true \\\ - USE_FIPSCHECK=true \\\ + USE_FIPSCHECK=false \\\ USE_KLIPS=false \\\ USE_LABELED_IPSEC=true \\\ USE_LDAP=true \\\ @@ -34,7 +33,7 @@ Name: libreswan Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec # version is generated in the release script Version: 3.31 -Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist} +Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist} License: GPLv2 Url: https://libreswan.org/ Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz @@ -67,8 +66,6 @@ BuildRequires: unbound-devel >= 1.6.0-6 BuildRequires: ldns-devel BuildRequires: libseccomp-devel BuildRequires: libselinux-devel -BuildRequires: fipscheck-devel -Requires: fipscheck%{_isa} Buildrequires: audit-libs-devel BuildRequires: libcap-ng-devel BuildRequires: openldap-devel @@ -127,14 +124,6 @@ make %{?_smp_mflags} \ programs FS=$(pwd) -# Add generation of HMAC checksums of the final stripped binaries -%define __spec_install_post \ - %{?__debug_package:%{__debug_install_post}} \ - %{__arch_install_post} \ - %{__os_install_post} \ - fipshmac -d %{buildroot}%{_libdir}/fipscheck %{buildroot}%{_libexecdir}/ipsec/pluto \ -%{nil} - %install make \ DESTDIR=%{buildroot} \ @@ -152,8 +141,6 @@ install -d %{buildroot}%{_sysconfdir}/sysctl.d install -m 0644 packaging/fedora/libreswan-sysctl.conf \ %{buildroot}%{_sysconfdir}/sysctl.d/50-libreswan.conf -mkdir -p %{buildroot}%{_libdir}/fipscheck - echo "include %{_sysconfdir}/ipsec.d/*.secrets" \ > %{buildroot}%{_sysconfdir}/ipsec.secrets rm -fr %{buildroot}%{_sysconfdir}/rc.d/rc* @@ -208,9 +195,11 @@ export NSS_DISABLE_HW_GCM=1 %{_sbindir}/ipsec %{_libexecdir}/ipsec %doc %{_mandir}/*/* -%{_libdir}/fipscheck/pluto.hmac %changelog +* Tue Apr 14 2020 Paul Wouters - 3.31-2 +- Resolves: rhbz#1823823 Please drop the dependency on fipscheck + * Tue Mar 03 2020 Paul Wouters - 3.31-1 - Resolves: rhbz#1809770 libreswan-3.31 is available (fixes rekey regression) @@ -317,7 +306,7 @@ export NSS_DISABLE_HW_GCM=1 - Remove support for /etc/sysconfig/pluto (use native systemd instead) * Thu May 05 2016 Paul Wouters - 3.17-2 -- Resolves: rhbz#1324956 prelink is gone, /etc/prelink.conf.d/* is no longer used +- Resolves: rhbz#1324956 prelink is gone, /etc/prelink.conf.d/* is no longer used * Thu Apr 07 2016 Paul Wouters - 3.17-1 - Updated to 3.17 for CVE-2016-3071