Hello community, here is the log from the commit of package strongswan for openSUSE:Factory checked in at 2014-07-21 21:40:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/strongswan (Old) and /work/SRC/openSUSE:Factory/.strongswan.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "strongswan" Changes: -------- --- /work/SRC/openSUSE:Factory/strongswan/strongswan.changes 2014-06-30 21:50:27.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.strongswan.new/strongswan.changes 2014-07-21 22:35:06.000000000 +0200 @@ -1,0 +2,7 @@ +Thu Jul 3 13:39:45 UTC 2014 - [email protected] + +- disable gcrypt plugin by default, so it will only use openssl + fate#316931 [+strongswan-fips-disablegcrypt.patch] +- enable fips mode 2 + +------------------------------------------------------------------- New: ---- strongswan-fips-disablegcrypt.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ strongswan.spec ++++++ --- /var/tmp/diff_new_pack.OYj06Q/_old 2014-07-21 22:35:07.000000000 +0200 +++ /var/tmp/diff_new_pack.OYj06Q/_new 2014-07-21 22:35:07.000000000 +0200 @@ -63,6 +63,7 @@ Source5: %{name}.keyring Patch1: %{name}_modprobe_syslog.patch Patch2: %{name}_ipsec_service.patch +Patch3: %{name}-fips-disablegcrypt.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison BuildRequires: curl-devel @@ -243,6 +244,7 @@ %setup -q -n %{name}-%{upstream_version} %patch1 -p0 %patch2 -p0 +%patch3 -p1 sed -e 's|@libexecdir@|%_libexecdir|g' \ < $RPM_SOURCE_DIR/strongswan.init.in \ > strongswan.init @@ -257,6 +259,7 @@ --enable-integrity-test \ --with-capabilities=libcap \ --with-plugindir=%{strongswan_plugins} \ + --with-fips=2 \ --with-resolv-conf=%{_rundir}/%{name}/resolv.conf \ --with-piddir=%{_rundir}/%{name} \ --enable-pkcs11 \ ++++++ strongswan-fips-disablegcrypt.patch ++++++ References: fate#316931 Index: strongswan-5.1.3/conf/plugins/gcrypt.conf =================================================================== --- strongswan-5.1.3.orig/conf/plugins/gcrypt.conf +++ strongswan-5.1.3/conf/plugins/gcrypt.conf @@ -2,7 +2,7 @@ gcrypt { # Whether to load the plugin. Can also be an integer to increase the # priority of this plugin. - load = yes + load = no # Use faster random numbers in gcrypt; for testing only, produces weak keys! # quick_random = no -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
