import NetworkManager-libreswan-1.2.22-3.el10

.NetworkManager-libreswan.metadata

@@ -0,0 +1 @@
+7f62450f66f2a21789fd6cfebbf3355ae99553ea SOURCES/NetworkManager-libreswan-1.2.22.tar.xz

.gitignore

@@ -0,0 +1 @@
+SOURCES/NetworkManager-libreswan-1.2.22.tar.xz

SOURCES/1001-editor-connect-stuff_changed_cb-from-populate_widget.patch

@@ -0,0 +1,81 @@
+From 4957f0123c109df05885b2c85bfabc8f7311fe62 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= <ihuguet@redhat.com>
+Date: Mon, 9 Sep 2024 12:25:58 +0200
+Subject: [PATCH] editor: connect stuff_changed_cb from populate_widget
+
+There is no need to do it in 2 different steps, we always have to
+connect it after creating the widget. Let's do it all together so no
+developer forgets.
+---
+ properties/nm-libreswan-editor.c | 47 --------------------------------
+ 1 file changed, 47 deletions(-)
+
+diff --git a/properties/nm-libreswan-editor.c b/properties/nm-libreswan-editor.c
+index b03d2fe..5687dc7 100644
+--- a/properties/nm-libreswan-editor.c
++++ b/properties/nm-libreswan-editor.c
+@@ -351,27 +351,6 @@ populate_widget (LibreswanEditor *self,
+ 	}
+ 		gtk_combo_box_set_active (GTK_COMBO_BOX (widget), idx);
+ 	}
+-}
+-
+-
+-/* Init the widget on the basis of its actual type.
+- *  widget_name: the name of the widget
+- *  key_name:    the name of the key where the config value is stored
+- *  alt_key_name:alternative name of the key
+- *  match_value: used only for toggle_button and combo_box widgets; when matched
+- *               in the former it will set the toggle button as active, in the latter
+- *               will be used as a match for enabling the third index of possible values
+- *               (a three-valued logic value is expected: "no", "yes" or "match_value").
+- */
+-static void
+-hook_stuff_changed_cb (LibreswanEditor *self,
+-                       const char *widget_name)
+-{
+-	LibreswanEditorPrivate *priv = LIBRESWAN_EDITOR_GET_PRIVATE (self);
+-	GtkWidget *widget;
+-
+-	widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, widget_name));
+-	g_return_if_fail (widget);
+ 
+ 	g_signal_connect (G_OBJECT (widget),
+ 	                  GTK_IS_CHECK_BUTTON (widget) ? "toggled" : "changed",
+@@ -471,33 +450,7 @@ init_editor_plugin (LibreswanEditor *self,
+ 	populate_widget (self, "group_entry", NM_LIBRESWAN_KEY_LEFTID, NULL, NULL);
+ 	populate_widget (self, "cert_entry", NM_LIBRESWAN_KEY_LEFTCERT, NULL, NULL);
+ 	populate_widget (self, "remoteid_entry", NM_LIBRESWAN_KEY_RIGHTID, NULL, NULL);
+-	hook_stuff_changed_cb (self, "gateway_entry");
+-	hook_stuff_changed_cb (self, "user_entry");
+-	hook_stuff_changed_cb (self, "group_entry");
+-	hook_stuff_changed_cb (self, "cert_entry");
+-	hook_stuff_changed_cb (self, "remoteid_entry");
+-
+-	/* Advanced Dialog */
+ 	populate_adv_dialog (self);
+-	hook_stuff_changed_cb (self, "domain_entry");
+-	hook_stuff_changed_cb (self, "phase1_entry");
+-	hook_stuff_changed_cb (self, "phase2_entry");
+-	hook_stuff_changed_cb (self, "phase1_lifetime_entry");
+-	hook_stuff_changed_cb (self, "phase2_lifetime_entry");
+-	hook_stuff_changed_cb (self, "rekey_checkbutton");
+-	hook_stuff_changed_cb (self, "pfs_checkbutton");
+-	hook_stuff_changed_cb (self, "local_network_entry");
+-	hook_stuff_changed_cb (self, "remote_network_entry");
+-	hook_stuff_changed_cb (self, "narrowing_checkbutton");
+-	hook_stuff_changed_cb (self, "fragmentation_combo");
+-	hook_stuff_changed_cb (self, "mobike_combo");
+-	hook_stuff_changed_cb (self, "dpd_delay_entry");
+-	hook_stuff_changed_cb (self, "dpd_timeout_entry");
+-	hook_stuff_changed_cb (self, "dpd_action_combo");
+-	hook_stuff_changed_cb (self, "ipsec_interface_entry");
+-	hook_stuff_changed_cb (self, "authby_entry");
+-	hook_stuff_changed_cb (self, "disable_modecfgclient_checkbutton");
+-	hook_stuff_changed_cb (self, "remote_cert_entry");
+ 
+ 	priv->advanced_dialog = GTK_WIDGET (gtk_builder_get_object (priv->builder, "libreswan-advanced-dialog"));
+ 	g_return_val_if_fail (priv->advanced_dialog != NULL, FALSE);
+-- 
+2.44.0
+

SOURCES/1002-properties-add-require-id-on-certificate.patch

@@ -0,0 +1,182 @@
+From 95517f4dd6de399f4608c63f48658228ac902c93 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= <ihuguet@redhat.com>
+Date: Mon, 9 Sep 2024 11:47:57 +0200
+Subject: [PATCH] properties: add require-id-on-certificate
+
+From `man ipsec.conf`:
+
+require-id-on-certificate:
+  When using certificates, check whether the IKE peer ID is present as
+  a subjectAltName (SAN) on the peer certificate. Accepted values are
+  yes (the default) or no. This check should only be disabled when
+  intentionally using certificates that do not have their peer ID specified
+  as a SAN on the certificate. These certificates violate RFC 4945 Section
+  3.1 and are normally rejected to prevent a compromised host from assuming
+  the IKE identity of another host. The SAN limits the IDs that the
+  peer is able to assume.
+---
+ properties/nm-libreswan-dialog.ui       | 26 +++++++++++++++++++++++++
+ properties/nm-libreswan-editor-plugin.c |  2 ++
+ properties/nm-libreswan-editor.c        |  9 +++++++++
+ shared/nm-service-defines.h             |  1 +
+ shared/utils.c                          |  5 +++++
+ src/nm-libreswan-service.c              |  1 +
+ 6 files changed, 44 insertions(+)
+
+diff --git a/properties/nm-libreswan-dialog.ui b/properties/nm-libreswan-dialog.ui
+index b682895..17a7171 100644
+--- a/properties/nm-libreswan-dialog.ui
++++ b/properties/nm-libreswan-dialog.ui
+@@ -1222,6 +1222,32 @@ config: authby &lt;value&gt;
+                         <property name="top_attach">0</property>
+                       </packing>
+                     </child>
++                   <child>
++                      <object class="GtkLabel" id="require_id_on_certificate_label">
++                        <property name="visible">True</property>
++                        <property name="can_focus">False</property>
++                        <property name="label" translatable="yes">Don't require remote certificate name</property>
++                        <property name="use_underline">True</property>
++                        <property name="mnemonic_widget">require_id_on_certificate_checkbutton</property>
++                        <property name="xalign">1</property>
++                      </object>
++                      <packing>
++                        <property name="left_attach">0</property>
++                        <property name="top_attach">1</property>
++                      </packing>
++                    </child>
++                    <child>
++                      <object class="GtkCheckButton" id="require_id_on_certificate_checkbutton">
++                        <property name="visible">True</property>
++                        <property name="can_focus">True</property>
++                        <property name="receives_default">False</property>
++                        <property name="draw_indicator">True</property>
++                      </object>
++                      <packing>
++                        <property name="left_attach">1</property>
++                        <property name="top_attach">1</property>
++                      </packing>
++                    </child>
+                   </object>
+                 </child>
+               </object>
+diff --git a/properties/nm-libreswan-editor-plugin.c b/properties/nm-libreswan-editor-plugin.c
+index fe473d1..7aa528e 100644
+--- a/properties/nm-libreswan-editor-plugin.c
++++ b/properties/nm-libreswan-editor-plugin.c
+@@ -214,6 +214,8 @@ import_from_file (NMVpnEditorPlugin *self,
+ 			nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_HOSTADDRFAMILY, str + NM_STRLEN("hostaddrfamily="));
+ 		else if (g_str_has_prefix (str, "clientaddrfamily="))
+ 			nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_CLIENTADDRFAMILY, str + NM_STRLEN("clientaddrfamily="));
++		else if (g_str_has_prefix (str, "require-id-on-certificate="))
++			nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_REQUIRE_ID_ON_CERTIFICATE, str + NM_STRLEN("require-id-on-certificate="));
+ 		else if (g_str_has_prefix (str, "rightsubnet=")) {
+ 			if (!g_str_has_prefix (str, "rightsubnet=0.0.0.0/0"))
+ 				nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_REMOTENETWORK, &str[12]);
+diff --git a/properties/nm-libreswan-editor.c b/properties/nm-libreswan-editor.c
+index 5687dc7..b350819 100644
+--- a/properties/nm-libreswan-editor.c
++++ b/properties/nm-libreswan-editor.c
+@@ -379,6 +379,7 @@ populate_adv_dialog (LibreswanEditor *self)
+ 	populate_widget (self, "authby_entry", NM_LIBRESWAN_KEY_AUTHBY, NULL, NULL);
+ 	populate_widget (self, "disable_modecfgclient_checkbutton", NM_LIBRESWAN_KEY_LEFTMODECFGCLIENT, NULL, "no");
+ 	populate_widget (self, "remote_cert_entry", NM_LIBRESWAN_KEY_RIGHTCERT, NULL, NULL);
++	populate_widget (self, "require_id_on_certificate_checkbutton", NM_LIBRESWAN_KEY_REQUIRE_ID_ON_CERTIFICATE, NULL, "no");
+ }
+ 
+ static gboolean
+@@ -642,6 +643,14 @@ update_adv_settings (LibreswanEditor *self, NMSettingVpn *s_vpn)
+ 		nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_RIGHTCERT, str);
+ 	else
+ 		nm_setting_vpn_remove_data_item (s_vpn, NM_LIBRESWAN_KEY_RIGHTCERT);
++
++	/* Disable Require ID on certificate */
++	widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "require_id_on_certificate_checkbutton"));
++	if (gtk_check_button_get_active (GTK_CHECK_BUTTON (widget)))
++		nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_REQUIRE_ID_ON_CERTIFICATE, "no");
++	else
++		nm_setting_vpn_remove_data_item (s_vpn, NM_LIBRESWAN_KEY_REQUIRE_ID_ON_CERTIFICATE);
++
+ }
+ 
+ static gboolean
+diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h
+index 167b837..5f523bd 100644
+--- a/shared/nm-service-defines.h
++++ b/shared/nm-service-defines.h
+@@ -73,6 +73,7 @@
+ #define NM_LIBRESWAN_KEY_TYPE                       "type"
+ #define NM_LIBRESWAN_KEY_HOSTADDRFAMILY             "hostaddrfamily"
+ #define NM_LIBRESWAN_KEY_CLIENTADDRFAMILY           "clientaddrfamily"
++#define NM_LIBRESWAN_KEY_REQUIRE_ID_ON_CERTIFICATE  "require-id-on-certificate"
+ 
+ #define NM_LIBRESWAN_IKEV2_NO      "no"
+ #define NM_LIBRESWAN_IKEV2_NEVER   "never"
+diff --git a/shared/utils.c b/shared/utils.c
+index 65bc603..9394099 100644
+--- a/shared/utils.c
++++ b/shared/utils.c
+@@ -122,6 +122,7 @@ nm_libreswan_config_write (gint fd,
+ 	const char *mobike;
+ 	const char *pfs;
+ 	const char *client_family;
++	const char *require_id_on_certificate;
+ 	const char *item;
+ 	gboolean is_ikev2 = FALSE;
+ 
+@@ -173,6 +174,10 @@ nm_libreswan_config_write (gint fd,
+ 	if (client_family && strlen (client_family))
+ 		WRITE_CHECK (fd, debug_write_fcn, error, " clientaddrfamily=%s", client_family);
+ 
++	require_id_on_certificate = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_REQUIRE_ID_ON_CERTIFICATE);
++	if (require_id_on_certificate && strlen (require_id_on_certificate))
++		WRITE_CHECK (fd, debug_write_fcn, error, " require-id-on-certificate=%s", require_id_on_certificate);
++
+ 	leftrsasigkey = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTRSASIGKEY);
+ 	rightrsasigkey = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_RIGHTRSASIGKEY);
+ 	leftcert = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTCERT);
+diff --git a/src/nm-libreswan-service.c b/src/nm-libreswan-service.c
+index e5956af..984e991 100644
+--- a/src/nm-libreswan-service.c
++++ b/src/nm-libreswan-service.c
+@@ -274,6 +274,7 @@ static ValidProperty valid_properties[] = {
+ 	{ NM_LIBRESWAN_KEY_TYPE,                       G_TYPE_STRING, 0, 0 },
+ 	{ NM_LIBRESWAN_KEY_HOSTADDRFAMILY,             G_TYPE_STRING, 0, 0 },
+ 	{ NM_LIBRESWAN_KEY_CLIENTADDRFAMILY,           G_TYPE_STRING, 0, 0 },
++	{ NM_LIBRESWAN_KEY_REQUIRE_ID_ON_CERTIFICATE,  G_TYPE_STRING, 0, 0 },
+ 	/* Ignored option for internal use */
+ 	{ NM_LIBRESWAN_KEY_PSK_INPUT_MODES,            G_TYPE_NONE, 0, 0 },
+ 	{ NM_LIBRESWAN_KEY_XAUTH_PASSWORD_INPUT_MODES, G_TYPE_NONE, 0, 0 },
+--- a/gtk4/nm-libreswan-dialog.ui
++++ b/gtk4/nm-libreswan-dialog.ui
+@@ -979,6 +979,27 @@
+                             </layout>
+                           </object>
+                         </child>
++                        <child>
++                          <object class="GtkLabel" id="require_id_on_certificate_label">
++                            <property name="label" translatable="1">Don&apos;t require remote certificate name</property>
++                            <property name="use_underline">1</property>
++                            <property name="mnemonic_widget">require_id_on_certificate_checkbutton</property>
++                            <property name="xalign">1</property>
++                            <layout>
++                              <property name="column">0</property>
++                              <property name="row">1</property>
++                            </layout>
++                          </object>
++                        </child>
++                        <child>
++                          <object class="GtkCheckButton" id="require_id_on_certificate_checkbutton">
++                            <property name="focusable">1</property>
++                            <layout>
++                              <property name="column">1</property>
++                              <property name="row">1</property>
++                            </layout>
++                          </object>
++                        </child>
+                       </object>
+                     </child>
+                   </object>
+-- 
+2.44.0
+

SPECS/NetworkManager-libreswan.spec

@@ -0,0 +1,426 @@
+%if 0%{?fedora} < 28 && 0%{?rhel} < 8
+%bcond_without libnm_glib
+%else
+%bcond_with libnm_glib
+%endif
+%if 0%{?fedora} < 36 && 0%{?rhel} < 10
+%bcond_with gtk4
+%else
+%bcond_without gtk4
+%endif
+
+%global nm_version       1:1.2.0
+%global nma_version      1.2.0
+
+Summary:   NetworkManager VPN plug-in for IPsec VPN
+Name:      NetworkManager-libreswan
+Version:   1.2.22
+Release:   3%{?dist}
+License:   GPL-2.0-or-later
+URL:       https://gitlab.gnome.org/GNOME/NetworkManager-libreswan
+Source0:   https://download.gnome.org/sources/NetworkManager-libreswan/1.2/%{name}-%{version}.tar.xz
+
+# These are not bugfixes, hence they are also relevant after
+# the next rebase of the source tarball.
+# Patch0001: 0001-some.patch
+
+# Bugfixes that are only relevant until next rebase of the package.
+# Patch1001: 1001-some.patch
+Patch1001: 1001-editor-connect-stuff_changed_cb-from-populate_widget.patch
+Patch1002: 1002-properties-add-require-id-on-certificate.patch
+
+BuildRequires: make
+BuildRequires: gcc
+BuildRequires: gtk3-devel
+BuildRequires: libnl3-devel
+BuildRequires: NetworkManager-libnm-devel >= %{nm_version}
+BuildRequires: libnma-devel >= %{nma_version}
+BuildRequires: libsecret-devel
+BuildRequires: intltool gettext
+
+%if %with libnm_glib
+BuildRequires: NetworkManager-devel >= %{nm_version}
+BuildRequires: NetworkManager-glib-devel >= %{nm_version}
+BuildRequires: libnm-gtk-devel >= %{nma_version}
+%endif
+
+%if %with gtk4
+BuildRequires: libnma-gtk4-devel
+%endif
+
+Requires: NetworkManager >= %{nm_version}
+Requires: dbus-common
+Requires: /usr/sbin/ipsec
+
+Provides: NetworkManager-openswan = %{version}-%{release}
+Obsoletes: NetworkManager-openswan < %{version}-%{release}
+
+%global _privatelibs libnm-libreswan-properties[.]so.*
+%global __provides_exclude ^(%{_privatelibs})$
+%global __requires_exclude ^(%{_privatelibs})$
+
+
+%description
+This package contains software for integrating the libreswan VPN software
+with NetworkManager and the GNOME desktop
+
+
+%package -n NetworkManager-libreswan-gnome
+Summary: NetworkManager VPN plugin for libreswan - GNOME files
+
+Requires: %{name}%{?_isa} = %{version}-%{release}
+Requires: shared-mime-info
+
+Provides: NetworkManager-openswan-gnome = %{version}-%{release}
+Obsoletes: NetworkManager-openswan-gnome < %{version}-%{release}
+
+%description -n NetworkManager-libreswan-gnome
+This package contains software for integrating VPN capabilities with
+the libreswan server with NetworkManager (GNOME files).
+
+
+%prep
+%autosetup -p1
+
+
+%build
+%configure \
+        --disable-static \
+%if %with gtk4
+        --with-gtk4 \
+%endif
+%if %without libnm_glib
+        --without-libnm-glib \
+%endif
+        --enable-more-warnings=yes \
+        --with-dist-version=%{version}-%{release}
+%make_build
+
+
+
+%install
+%make_install
+rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.la
+mv %{buildroot}%{_sysconfdir}/dbus-1 %{buildroot}%{_datadir}/
+
+%find_lang %{name}
+
+%files -f %{name}.lang
+%{_libdir}/NetworkManager/libnm-vpn-plugin-libreswan.so
+%{_datadir}/dbus-1/system.d/nm-libreswan-service.conf
+%{_prefix}/lib/NetworkManager/VPN/nm-libreswan-service.name
+%{_libexecdir}/nm-libreswan-service
+%{_libexecdir}/nm-libreswan-service-helper
+%{_mandir}/man5/nm-settings-libreswan.5.gz
+%doc AUTHORS NEWS
+%license COPYING
+
+
+%files -n NetworkManager-libreswan-gnome
+%{_libexecdir}/nm-libreswan-auth-dialog
+%{_libdir}/NetworkManager/libnm-vpn-plugin-libreswan-editor.so
+%{_metainfodir}/network-manager-libreswan.metainfo.xml
+
+%if %with libnm_glib
+%{_libdir}/NetworkManager/libnm-*-properties.so
+%{_sysconfdir}/NetworkManager/VPN/nm-libreswan-service.name
+%endif
+
+%if %with gtk4
+%{_libdir}/NetworkManager/libnm-gtk4-vpn-plugin-libreswan-editor.so
+%endif
+
+
+%changelog
+* Fri Oct 25 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 1.2.22-3
+- Rebuilt for MSVSphere 10
+
+* Thu Sep 12 2024 Íñigo Huguet <ihuguet@redhat.com> - 1.2.22-3
+- Support require-id-on-certificate (RHEL-58812)
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.2.22-2
+- Bump release for June 2024 mass rebuild
+
+* Wed May 22 2024 Beniamino Galvani <bgalvani@redhat.com> - 1.2.22-1
+- Add IPv6 support (RHEL-21875)
+
+* Fri Apr 19 2024 Íñigo Huguet <ihuguet@redhat.com> - 1.2.20-2
+- Added gating.yaml
+
+* Wed Apr 17 2024 Íñigo Huguet <ihuguet@redhat.com> - 1.2.20-1
+- Update to 1.2.20 release
+
+* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.18-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.18-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Dec 15 2023 Beniamino Galvani <bgalvani@redhat.com> - 1.2.18-1
+- Update to 1.2.18 release
+
+* Fri Sep 08 2023 Till Maas <opensource@till.name> - 1.2.16-5
+- Migrate to spdx license
+- Cleanup whitespace
+- Use make macros
+- Fix changelog
+- Update URL
+
+* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.16-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.16-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.16-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Fri Mar 11 2022 Lubomir Rintel <lkundrak@v3.sk> - 1.2.16-1
+- Update to 1.2.16 release
+
+* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.14-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.14-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Mon Feb 15 2021 Lubomir Rintel <lkundrak@v3.sk> - 1.2.14-2
+- Move dbus service file into /usr/share/dbus-1
+
+* Mon Jan 25 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.14-1.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Jan 12 2021 Beniamino Galvani <bgalvani@redhat.com> - 1.2.14-1
+- Update to 1.2.14 release
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.12-1.2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.12-1.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Wed Jul 31 2019 Francesco Giudici <fgiudici@redhat.com> - 1.2.12-1
+- Updated to 1.2.12
+
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.10-1.2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.10-1.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Thu Oct 18 2018 Francesco Giudici <fgiudici@redhat.com> - 1.2.10-1
+- Updated to 1.2.10
+- Import latest translations from upstream
+
+* Wed Aug 22 2018 Paul Wouters <pwouters@redhat.com> - 1.2.6-1
+- Updated to 1.2.6
+- Upstream patches for IKEv2 support
+
+* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.4-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.4-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Thu Nov 30 2017 Lubomir Rintel <lkundrak@v3.sk> - 1.2.4-4
+- Drop libnm-glib for Fedora 28
+
+* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.4-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Thu Jun 30 2016 Thomas Haller <thaller@redhat.com> - 1.2.4-1
+- Update to 1.2.4 release
+- Move base VPN plugin library to base libreswan package
+- Don't require nm-connection-editor anymore
+
+* Wed May 11 2016 Lubomir Rintel <lkundrak@v3.sk> - 1.2.2-1
+- Update to 1.2.2 release
+
+* Wed Apr 20 2016 Lubomir Rintel <lkundrak@v3.sk> - 1.2.0-1
+- Update to 1.2.0 release
+
+* Tue Apr  5 2016 Lubomir Rintel <lkundrak@v3.sk> - 1.2.0-0.4.rc1
+- Update to NetworkManager-libreswan 1.2-rc1
+
+* Tue Mar  1 2016 Lubomir Rintel <lkundrak@v3.sk> - 1.2.0-0.4.beta2
+- Update to NetworkManager-libreswan 1.2-beta2
+
+* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-0.4.beta1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Mon Feb 1 2016 Lubomir Rintel <lkundrak@v3.sk> - 1.2.0-0.3.beta1
+- Update to support Main mode & better Libreswan integration
+
+* Tue Jan 19 2016 Lubomir Rintel <lkundrak@v3.sk> - 1.2.0-0.2.beta1
+- Update to NetworkManager-libreswan 1.2-beta1
+
+* Wed Dec 16 2015 Lubomir Rintel <lkundrak@v3.sk> - 1.2.0-0.1.20151216gite52aff0
+- A newer git snapshot with import/export support
+
+* Mon Nov 16 2015 Lubomir Rintel <lkundrak@v3.sk> - 1.2.0-0.1.20151116git15db395
+- Rename to NetworkManager-libreswan
+- A newer git snapshot with multiple connection support
+
+* Fri Oct 23 2015 Lubomir Rintel <lkundrak@v3.sk> - 1.2.0-0.1.20151023git8a39c0f
+- Update to a newer git snapshot
+
+* Tue Sep 1 2015 Lubomir Rintel <lkundrak@v3.sk> - 1.2.0-0.1.20150901git92f1611
+- Update to 1.2 git snapshot with libnm-based properties plugin
+
+* Fri Aug 28 2015 Lubomir Rintel <lkundrak@v3.sk> - 1.0.6-2
+- Don't unconditionally set cisco-unity=yes
+
+* Thu Aug 27 2015 Lubomir Rintel <lkundrak@v3.sk> - 1.0.6-1
+- Update to 1.0.6 release
+
+* Tue Jun 16 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Tue May 5 2015 Lubomir Rintel <lkundrak@v3.sk> - 1.0.2-1
+- Update to 1.0.2 release
+
+* Mon Dec 22 2014 Dan Williams <dcbw@redhat.com> - 1.0.0-1
+- Update to 1.0
+
+* Fri Aug 15 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.8.4-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Fri Jun 06 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.8.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Thu Dec 12 2013 Avesh Agarwal <avagarwa@redhat.com> - 0.9.8.4-2
+- Fixes 1035786 (and its duplicate 1040924)
+
+* Tue Dec 10 2013 Avesh Agarwal <avagarwa@redhat.com> - 0.9.8.4-1
+- New upstream release 0.9.8.4
+- Fixed 926225
+- Fixed dependency to libreswan.
+- Created a new sub package NetworkManager-openswan-gnome
+- Various other spec file fixes.
+- Additional code changes are as follows:
+- Fixed an issue where proper network stack is not loaded unless
+  _stackmanager is run before starting pluto daemon service.
+- Fixed the termination operation of pluto daemon to comply with
+  libreswan changes.
+- Fixed various debug messages.
+- Fixed initiation of pluto daemon by this plugin to reflect the
+  changes in libreaswan.
+- Fixed defaults values for more parameters to help the VPN
+  connection stay more reliable.
+- Rewrote pluto watch API which watches the pluto process for its status.
+  Fixed memory leak issues as not all child processes were reaped correctly.
+  Also g_spwan_close_pid was not being called after children were reaped.
+  Also modified debugs and added more to help with debugging in the future.
+- Fixed an issue where nm-openswan service is searching for ipsec binary in
+  both /sbin and /usr/sbin leading to same operation twice, as /sbin is just
+  symlink to /usr/sbin, so removed /sbin from the search paths.
+- Fixed some libreswan related macro changes.
+- Fixed netmask issue when sending IP information to the nm openswan
+  plugin service.
+- Fixed the current code as it does not set the default route field
+  NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT when sending VPN information
+  to nm-openswan plugin. This fix sets the field to TRUE.
+- Fixed some issues found by coverity scan.
+- Fixed an issue where writing configuration on stdin should not end with
+  \n as it gives error. It used to work previously, but not with latest
+  NetworkManager versions.
+- libreswan related fixes, as some macros have been modified after forking
+  to libreswan from openswan.
+- openswan/libreswan does not provide tun0 interface, so fixed the code
+  where it sends tun0 interface.
+- Fix prcoessing of nm-openswan-dialog.ui file and added more error notifications.
+- Fixed dead code based on coverity scan.
+- Fixed gnomekeyring lib dependencies.
+- Fixed Networkmanager and related lib dependencies.
+- Fixed gtk label max width issue by setting it to 35.
+- NM-openswan was missing support for nm-openswan-auth-dialog.desktop.in.in.
+  So added a new nm-openswan-auth-dialog.desktop.in.in, and modified related
+  Makefile and configure.ac files.
+
+* Mon Aug 5 2013 Avesh Agarwal <avagarwa@redhat.com> - 0.9.8.0-1
+- Rebase to latest upstream version 0.9.8.0
+- Fixed several issues with the packaging
+
+* Fri Aug 02 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.3.995-6.git20120302
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.3.995-5.git20120302
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Thu Dec 13 2012 Avesh Agarwal <avagarwa@redhat.com> - 0.9.3.995-4
+Resolves: #845599, #865883
+
+* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.3.995-3.git20120302
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Fri Apr 27 2012 Avesh Agarwal <avagarwa@redhat.com> - 0.9.3.995-2
+- Ported changes from rhel to fedora
+
+* Fri Mar  2 2012 Dan Williams <dcbw@redhat.com> - 0.9.3.995-1
+- Update to 0.9.3.995 (0.9.4-beta1)
+- ui: add support for external UI mode, eg GNOME Shell
+
+* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Tue Dec 06 2011 Adam Jackson <ajax@redhat.com> - 0.9.0-2
+- Rebuild for new libpng
+
+* Fri Aug 26 2011 Dan Williams <dcbw@redhat.com> - 0.9.0-1
+- Update to 0.9.0
+- ui: translation fixes
+
+* Thu Jul 21 2011 Dan Williams <dcbw@redhat.com> - 0.8.999-2.git20110721
+- Update to git snapshot
+- Fixes for secrets handling and saving
+
+* Tue May 03 2011 Dan Williams <dcbw@redhat.com> - 0.8.999-1
+- Update to 0.8.999 (0.9-rc2)
+- Port to GTK 3.0 and GtkBuilder
+- Fix some issues with secrets storage
+
+* Sun Mar 27 2011 Christopher Aillon <caillon@redhat.com> - 0.8.0-9.20100411git
+- Rebuild against NetworkManager 0.9
+
+* Wed Feb 16 2011 Avesh Agarwal <avagarwa@redhat.com> - 0.8.0-8.20100411git
+- fixes for compile time errors
+
+* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.0-7.20100411git
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Tue Sep 7 2010 Avesh Agarwal <avagarwa@redhat.com> - 0.8.0-6.20100411git
+- Modified import and export interfaces to import_from_file and export_to_file, respectively,
+  due to changes in NMVpnPluginUiInterface struct in NM (bz 631159).
+
+* Mon Jul 26 2010 Avesh Agarwal <avagarwa@redhat.com> - 0.8.0-5.20100411git
+Resolves: #616910
+- Support for reading phase1 and phase2 algorithms through GUI
+
+* Tue Jul 13 2010 Avesh Agarwal <avagarwa@redhat.com> - 0.8.0-4.20100411git
+- Modified fix for the bz 607352
+- Fix to read connection configuration from stdin
+- Fix to read Xauth user password from stdin
+- Fix to delete the secret file as soon as read by Openswan
+
+* Thu Jul 8 2010 Avesh Agarwal <avagarwa@redhat.com> - 0.8.0-3.20100411git
+- Modified the patch so that it does not pass user password to
+  "ipsec whack" command.
+
+* Thu Jul 8 2010 Avesh Agarwal <avagarwa@redhat.com> - 0.8.0-2.20100411git
+- Modified to initiate VPN connections with openswan whack interface
+- Fixed the issue of world readable conf and secret files
+- Cleaned conf and secret files after VPN connection is stopped
+- Fixed the issue of storing sensitive information like user
+  password in a file (rhbz# 607352)
+- Changed PLUTO_SERVERBANNER to PLUTO_PEER_BANNER due
+  to the same change in Openswan
+- Modifed GUI to remove unused configuration boxes
+
+* Tue Jun 15 2010 Avesh Agarwal <avagarwa@redhat.com> - 0.8.0-1.20100%{version}t
+- Initial build