From fb3b63c5746d1f43f53a8f9a35044ad321b17625 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Fri, 25 Oct 2024 13:45:21 +0300 Subject: [PATCH] import NetworkManager-libreswan-1.2.22-3.el10 --- .NetworkManager-libreswan.metadata | 1 + .gitignore | 1 + ...tuff_changed_cb-from-populate_widget.patch | 81 ++++ ...erties-add-require-id-on-certificate.patch | 182 ++++++++ SPECS/NetworkManager-libreswan.spec | 426 ++++++++++++++++++ 5 files changed, 691 insertions(+) create mode 100644 .NetworkManager-libreswan.metadata create mode 100644 .gitignore create mode 100644 SOURCES/1001-editor-connect-stuff_changed_cb-from-populate_widget.patch create mode 100644 SOURCES/1002-properties-add-require-id-on-certificate.patch create mode 100644 SPECS/NetworkManager-libreswan.spec diff --git a/.NetworkManager-libreswan.metadata b/.NetworkManager-libreswan.metadata new file mode 100644 index 0000000..2188a15 --- /dev/null +++ b/.NetworkManager-libreswan.metadata @@ -0,0 +1 @@ +7f62450f66f2a21789fd6cfebbf3355ae99553ea SOURCES/NetworkManager-libreswan-1.2.22.tar.xz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6fe0fdb --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/NetworkManager-libreswan-1.2.22.tar.xz diff --git a/SOURCES/1001-editor-connect-stuff_changed_cb-from-populate_widget.patch b/SOURCES/1001-editor-connect-stuff_changed_cb-from-populate_widget.patch new file mode 100644 index 0000000..4bdd793 --- /dev/null +++ b/SOURCES/1001-editor-connect-stuff_changed_cb-from-populate_widget.patch @@ -0,0 +1,81 @@ +From 4957f0123c109df05885b2c85bfabc8f7311fe62 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= +Date: Mon, 9 Sep 2024 12:25:58 +0200 +Subject: [PATCH] editor: connect stuff_changed_cb from populate_widget + +There is no need to do it in 2 different steps, we always have to +connect it after creating the widget. Let's do it all together so no +developer forgets. +--- + properties/nm-libreswan-editor.c | 47 -------------------------------- + 1 file changed, 47 deletions(-) + +diff --git a/properties/nm-libreswan-editor.c b/properties/nm-libreswan-editor.c +index b03d2fe..5687dc7 100644 +--- a/properties/nm-libreswan-editor.c ++++ b/properties/nm-libreswan-editor.c +@@ -351,27 +351,6 @@ populate_widget (LibreswanEditor *self, + } + gtk_combo_box_set_active (GTK_COMBO_BOX (widget), idx); + } +-} +- +- +-/* Init the widget on the basis of its actual type. +- * widget_name: the name of the widget +- * key_name: the name of the key where the config value is stored +- * alt_key_name:alternative name of the key +- * match_value: used only for toggle_button and combo_box widgets; when matched +- * in the former it will set the toggle button as active, in the latter +- * will be used as a match for enabling the third index of possible values +- * (a three-valued logic value is expected: "no", "yes" or "match_value"). +- */ +-static void +-hook_stuff_changed_cb (LibreswanEditor *self, +- const char *widget_name) +-{ +- LibreswanEditorPrivate *priv = LIBRESWAN_EDITOR_GET_PRIVATE (self); +- GtkWidget *widget; +- +- widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, widget_name)); +- g_return_if_fail (widget); + + g_signal_connect (G_OBJECT (widget), + GTK_IS_CHECK_BUTTON (widget) ? "toggled" : "changed", +@@ -471,33 +450,7 @@ init_editor_plugin (LibreswanEditor *self, + populate_widget (self, "group_entry", NM_LIBRESWAN_KEY_LEFTID, NULL, NULL); + populate_widget (self, "cert_entry", NM_LIBRESWAN_KEY_LEFTCERT, NULL, NULL); + populate_widget (self, "remoteid_entry", NM_LIBRESWAN_KEY_RIGHTID, NULL, NULL); +- hook_stuff_changed_cb (self, "gateway_entry"); +- hook_stuff_changed_cb (self, "user_entry"); +- hook_stuff_changed_cb (self, "group_entry"); +- hook_stuff_changed_cb (self, "cert_entry"); +- hook_stuff_changed_cb (self, "remoteid_entry"); +- +- /* Advanced Dialog */ + populate_adv_dialog (self); +- hook_stuff_changed_cb (self, "domain_entry"); +- hook_stuff_changed_cb (self, "phase1_entry"); +- hook_stuff_changed_cb (self, "phase2_entry"); +- hook_stuff_changed_cb (self, "phase1_lifetime_entry"); +- hook_stuff_changed_cb (self, "phase2_lifetime_entry"); +- hook_stuff_changed_cb (self, "rekey_checkbutton"); +- hook_stuff_changed_cb (self, "pfs_checkbutton"); +- hook_stuff_changed_cb (self, "local_network_entry"); +- hook_stuff_changed_cb (self, "remote_network_entry"); +- hook_stuff_changed_cb (self, "narrowing_checkbutton"); +- hook_stuff_changed_cb (self, "fragmentation_combo"); +- hook_stuff_changed_cb (self, "mobike_combo"); +- hook_stuff_changed_cb (self, "dpd_delay_entry"); +- hook_stuff_changed_cb (self, "dpd_timeout_entry"); +- hook_stuff_changed_cb (self, "dpd_action_combo"); +- hook_stuff_changed_cb (self, "ipsec_interface_entry"); +- hook_stuff_changed_cb (self, "authby_entry"); +- hook_stuff_changed_cb (self, "disable_modecfgclient_checkbutton"); +- hook_stuff_changed_cb (self, "remote_cert_entry"); + + priv->advanced_dialog = GTK_WIDGET (gtk_builder_get_object (priv->builder, "libreswan-advanced-dialog")); + g_return_val_if_fail (priv->advanced_dialog != NULL, FALSE); +-- +2.44.0 + diff --git a/SOURCES/1002-properties-add-require-id-on-certificate.patch b/SOURCES/1002-properties-add-require-id-on-certificate.patch new file mode 100644 index 0000000..7c33e5a --- /dev/null +++ b/SOURCES/1002-properties-add-require-id-on-certificate.patch @@ -0,0 +1,182 @@ +From 95517f4dd6de399f4608c63f48658228ac902c93 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= +Date: Mon, 9 Sep 2024 11:47:57 +0200 +Subject: [PATCH] properties: add require-id-on-certificate + +From `man ipsec.conf`: + +require-id-on-certificate: + When using certificates, check whether the IKE peer ID is present as + a subjectAltName (SAN) on the peer certificate. Accepted values are + yes (the default) or no. This check should only be disabled when + intentionally using certificates that do not have their peer ID specified + as a SAN on the certificate. These certificates violate RFC 4945 Section + 3.1 and are normally rejected to prevent a compromised host from assuming + the IKE identity of another host. The SAN limits the IDs that the + peer is able to assume. +--- + properties/nm-libreswan-dialog.ui | 26 +++++++++++++++++++++++++ + properties/nm-libreswan-editor-plugin.c | 2 ++ + properties/nm-libreswan-editor.c | 9 +++++++++ + shared/nm-service-defines.h | 1 + + shared/utils.c | 5 +++++ + src/nm-libreswan-service.c | 1 + + 6 files changed, 44 insertions(+) + +diff --git a/properties/nm-libreswan-dialog.ui b/properties/nm-libreswan-dialog.ui +index b682895..17a7171 100644 +--- a/properties/nm-libreswan-dialog.ui ++++ b/properties/nm-libreswan-dialog.ui +@@ -1222,6 +1222,32 @@ config: authby <value> + 0 + + ++ ++ ++ True ++ False ++ Don't require remote certificate name ++ True ++ require_id_on_certificate_checkbutton ++ 1 ++ ++ ++ 0 ++ 1 ++ ++ ++ ++ ++ True ++ True ++ False ++ True ++ ++ ++ 1 ++ 1 ++ ++ + + + +diff --git a/properties/nm-libreswan-editor-plugin.c b/properties/nm-libreswan-editor-plugin.c +index fe473d1..7aa528e 100644 +--- a/properties/nm-libreswan-editor-plugin.c ++++ b/properties/nm-libreswan-editor-plugin.c +@@ -214,6 +214,8 @@ import_from_file (NMVpnEditorPlugin *self, + nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_HOSTADDRFAMILY, str + NM_STRLEN("hostaddrfamily=")); + else if (g_str_has_prefix (str, "clientaddrfamily=")) + nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_CLIENTADDRFAMILY, str + NM_STRLEN("clientaddrfamily=")); ++ else if (g_str_has_prefix (str, "require-id-on-certificate=")) ++ nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_REQUIRE_ID_ON_CERTIFICATE, str + NM_STRLEN("require-id-on-certificate=")); + else if (g_str_has_prefix (str, "rightsubnet=")) { + if (!g_str_has_prefix (str, "rightsubnet=0.0.0.0/0")) + nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_REMOTENETWORK, &str[12]); +diff --git a/properties/nm-libreswan-editor.c b/properties/nm-libreswan-editor.c +index 5687dc7..b350819 100644 +--- a/properties/nm-libreswan-editor.c ++++ b/properties/nm-libreswan-editor.c +@@ -379,6 +379,7 @@ populate_adv_dialog (LibreswanEditor *self) + populate_widget (self, "authby_entry", NM_LIBRESWAN_KEY_AUTHBY, NULL, NULL); + populate_widget (self, "disable_modecfgclient_checkbutton", NM_LIBRESWAN_KEY_LEFTMODECFGCLIENT, NULL, "no"); + populate_widget (self, "remote_cert_entry", NM_LIBRESWAN_KEY_RIGHTCERT, NULL, NULL); ++ populate_widget (self, "require_id_on_certificate_checkbutton", NM_LIBRESWAN_KEY_REQUIRE_ID_ON_CERTIFICATE, NULL, "no"); + } + + static gboolean +@@ -642,6 +643,14 @@ update_adv_settings (LibreswanEditor *self, NMSettingVpn *s_vpn) + nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_RIGHTCERT, str); + else + nm_setting_vpn_remove_data_item (s_vpn, NM_LIBRESWAN_KEY_RIGHTCERT); ++ ++ /* Disable Require ID on certificate */ ++ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "require_id_on_certificate_checkbutton")); ++ if (gtk_check_button_get_active (GTK_CHECK_BUTTON (widget))) ++ nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_REQUIRE_ID_ON_CERTIFICATE, "no"); ++ else ++ nm_setting_vpn_remove_data_item (s_vpn, NM_LIBRESWAN_KEY_REQUIRE_ID_ON_CERTIFICATE); ++ + } + + static gboolean +diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h +index 167b837..5f523bd 100644 +--- a/shared/nm-service-defines.h ++++ b/shared/nm-service-defines.h +@@ -73,6 +73,7 @@ + #define NM_LIBRESWAN_KEY_TYPE "type" + #define NM_LIBRESWAN_KEY_HOSTADDRFAMILY "hostaddrfamily" + #define NM_LIBRESWAN_KEY_CLIENTADDRFAMILY "clientaddrfamily" ++#define NM_LIBRESWAN_KEY_REQUIRE_ID_ON_CERTIFICATE "require-id-on-certificate" + + #define NM_LIBRESWAN_IKEV2_NO "no" + #define NM_LIBRESWAN_IKEV2_NEVER "never" +diff --git a/shared/utils.c b/shared/utils.c +index 65bc603..9394099 100644 +--- a/shared/utils.c ++++ b/shared/utils.c +@@ -122,6 +122,7 @@ nm_libreswan_config_write (gint fd, + const char *mobike; + const char *pfs; + const char *client_family; ++ const char *require_id_on_certificate; + const char *item; + gboolean is_ikev2 = FALSE; + +@@ -173,6 +174,10 @@ nm_libreswan_config_write (gint fd, + if (client_family && strlen (client_family)) + WRITE_CHECK (fd, debug_write_fcn, error, " clientaddrfamily=%s", client_family); + ++ require_id_on_certificate = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_REQUIRE_ID_ON_CERTIFICATE); ++ if (require_id_on_certificate && strlen (require_id_on_certificate)) ++ WRITE_CHECK (fd, debug_write_fcn, error, " require-id-on-certificate=%s", require_id_on_certificate); ++ + leftrsasigkey = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTRSASIGKEY); + rightrsasigkey = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_RIGHTRSASIGKEY); + leftcert = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTCERT); +diff --git a/src/nm-libreswan-service.c b/src/nm-libreswan-service.c +index e5956af..984e991 100644 +--- a/src/nm-libreswan-service.c ++++ b/src/nm-libreswan-service.c +@@ -274,6 +274,7 @@ static ValidProperty valid_properties[] = { + { NM_LIBRESWAN_KEY_TYPE, G_TYPE_STRING, 0, 0 }, + { NM_LIBRESWAN_KEY_HOSTADDRFAMILY, G_TYPE_STRING, 0, 0 }, + { NM_LIBRESWAN_KEY_CLIENTADDRFAMILY, G_TYPE_STRING, 0, 0 }, ++ { NM_LIBRESWAN_KEY_REQUIRE_ID_ON_CERTIFICATE, G_TYPE_STRING, 0, 0 }, + /* Ignored option for internal use */ + { NM_LIBRESWAN_KEY_PSK_INPUT_MODES, G_TYPE_NONE, 0, 0 }, + { NM_LIBRESWAN_KEY_XAUTH_PASSWORD_INPUT_MODES, G_TYPE_NONE, 0, 0 }, +--- a/gtk4/nm-libreswan-dialog.ui ++++ b/gtk4/nm-libreswan-dialog.ui +@@ -979,6 +979,27 @@ + + + ++ ++ ++ Don't require remote certificate name ++ 1 ++ require_id_on_certificate_checkbutton ++ 1 ++ ++ 0 ++ 1 ++ ++ ++ ++ ++ ++ 1 ++ ++ 1 ++ 1 ++ ++ ++ + + + +-- +2.44.0 + diff --git a/SPECS/NetworkManager-libreswan.spec b/SPECS/NetworkManager-libreswan.spec new file mode 100644 index 0000000..82562ec --- /dev/null +++ b/SPECS/NetworkManager-libreswan.spec @@ -0,0 +1,426 @@ +%if 0%{?fedora} < 28 && 0%{?rhel} < 8 +%bcond_without libnm_glib +%else +%bcond_with libnm_glib +%endif +%if 0%{?fedora} < 36 && 0%{?rhel} < 10 +%bcond_with gtk4 +%else +%bcond_without gtk4 +%endif + +%global nm_version 1:1.2.0 +%global nma_version 1.2.0 + +Summary: NetworkManager VPN plug-in for IPsec VPN +Name: NetworkManager-libreswan +Version: 1.2.22 +Release: 3%{?dist} +License: GPL-2.0-or-later +URL: https://gitlab.gnome.org/GNOME/NetworkManager-libreswan +Source0: https://download.gnome.org/sources/NetworkManager-libreswan/1.2/%{name}-%{version}.tar.xz + +# These are not bugfixes, hence they are also relevant after +# the next rebase of the source tarball. +# Patch0001: 0001-some.patch + +# Bugfixes that are only relevant until next rebase of the package. +# Patch1001: 1001-some.patch +Patch1001: 1001-editor-connect-stuff_changed_cb-from-populate_widget.patch +Patch1002: 1002-properties-add-require-id-on-certificate.patch + +BuildRequires: make +BuildRequires: gcc +BuildRequires: gtk3-devel +BuildRequires: libnl3-devel +BuildRequires: NetworkManager-libnm-devel >= %{nm_version} +BuildRequires: libnma-devel >= %{nma_version} +BuildRequires: libsecret-devel +BuildRequires: intltool gettext + +%if %with libnm_glib +BuildRequires: NetworkManager-devel >= %{nm_version} +BuildRequires: NetworkManager-glib-devel >= %{nm_version} +BuildRequires: libnm-gtk-devel >= %{nma_version} +%endif + +%if %with gtk4 +BuildRequires: libnma-gtk4-devel +%endif + +Requires: NetworkManager >= %{nm_version} +Requires: dbus-common +Requires: /usr/sbin/ipsec + +Provides: NetworkManager-openswan = %{version}-%{release} +Obsoletes: NetworkManager-openswan < %{version}-%{release} + +%global _privatelibs libnm-libreswan-properties[.]so.* +%global __provides_exclude ^(%{_privatelibs})$ +%global __requires_exclude ^(%{_privatelibs})$ + + +%description +This package contains software for integrating the libreswan VPN software +with NetworkManager and the GNOME desktop + + +%package -n NetworkManager-libreswan-gnome +Summary: NetworkManager VPN plugin for libreswan - GNOME files + +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: shared-mime-info + +Provides: NetworkManager-openswan-gnome = %{version}-%{release} +Obsoletes: NetworkManager-openswan-gnome < %{version}-%{release} + +%description -n NetworkManager-libreswan-gnome +This package contains software for integrating VPN capabilities with +the libreswan server with NetworkManager (GNOME files). + + +%prep +%autosetup -p1 + + +%build +%configure \ + --disable-static \ +%if %with gtk4 + --with-gtk4 \ +%endif +%if %without libnm_glib + --without-libnm-glib \ +%endif + --enable-more-warnings=yes \ + --with-dist-version=%{version}-%{release} +%make_build + + + +%install +%make_install +rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.la +mv %{buildroot}%{_sysconfdir}/dbus-1 %{buildroot}%{_datadir}/ + +%find_lang %{name} + +%files -f %{name}.lang +%{_libdir}/NetworkManager/libnm-vpn-plugin-libreswan.so +%{_datadir}/dbus-1/system.d/nm-libreswan-service.conf +%{_prefix}/lib/NetworkManager/VPN/nm-libreswan-service.name +%{_libexecdir}/nm-libreswan-service +%{_libexecdir}/nm-libreswan-service-helper +%{_mandir}/man5/nm-settings-libreswan.5.gz +%doc AUTHORS NEWS +%license COPYING + + +%files -n NetworkManager-libreswan-gnome +%{_libexecdir}/nm-libreswan-auth-dialog +%{_libdir}/NetworkManager/libnm-vpn-plugin-libreswan-editor.so +%{_metainfodir}/network-manager-libreswan.metainfo.xml + +%if %with libnm_glib +%{_libdir}/NetworkManager/libnm-*-properties.so +%{_sysconfdir}/NetworkManager/VPN/nm-libreswan-service.name +%endif + +%if %with gtk4 +%{_libdir}/NetworkManager/libnm-gtk4-vpn-plugin-libreswan-editor.so +%endif + + +%changelog +* Fri Oct 25 2024 MSVSphere Packaging Team - 1.2.22-3 +- Rebuilt for MSVSphere 10 + +* Thu Sep 12 2024 Íñigo Huguet - 1.2.22-3 +- Support require-id-on-certificate (RHEL-58812) + +* Mon Jun 24 2024 Troy Dawson - 1.2.22-2 +- Bump release for June 2024 mass rebuild + +* Wed May 22 2024 Beniamino Galvani - 1.2.22-1 +- Add IPv6 support (RHEL-21875) + +* Fri Apr 19 2024 Íñigo Huguet - 1.2.20-2 +- Added gating.yaml + +* Wed Apr 17 2024 Íñigo Huguet - 1.2.20-1 +- Update to 1.2.20 release + +* Mon Jan 22 2024 Fedora Release Engineering - 1.2.18-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 1.2.18-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Dec 15 2023 Beniamino Galvani - 1.2.18-1 +- Update to 1.2.18 release + +* Fri Sep 08 2023 Till Maas - 1.2.16-5 +- Migrate to spdx license +- Cleanup whitespace +- Use make macros +- Fix changelog +- Update URL + +* Wed Jul 19 2023 Fedora Release Engineering - 1.2.16-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Wed Jan 18 2023 Fedora Release Engineering - 1.2.16-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Wed Jul 20 2022 Fedora Release Engineering - 1.2.16-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Fri Mar 11 2022 Lubomir Rintel - 1.2.16-1 +- Update to 1.2.16 release + +* Wed Jan 19 2022 Fedora Release Engineering - 1.2.14-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Wed Jul 21 2021 Fedora Release Engineering - 1.2.14-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Mon Feb 15 2021 Lubomir Rintel - 1.2.14-2 +- Move dbus service file into /usr/share/dbus-1 + +* Mon Jan 25 2021 Fedora Release Engineering - 1.2.14-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jan 12 2021 Beniamino Galvani - 1.2.14-1 +- Update to 1.2.14 release + +* Mon Jul 27 2020 Fedora Release Engineering - 1.2.12-1.2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jan 28 2020 Fedora Release Engineering - 1.2.12-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Jul 31 2019 Francesco Giudici - 1.2.12-1 +- Updated to 1.2.12 + +* Wed Jul 24 2019 Fedora Release Engineering - 1.2.10-1.2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu Jan 31 2019 Fedora Release Engineering - 1.2.10-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Thu Oct 18 2018 Francesco Giudici - 1.2.10-1 +- Updated to 1.2.10 +- Import latest translations from upstream + +* Wed Aug 22 2018 Paul Wouters - 1.2.6-1 +- Updated to 1.2.6 +- Upstream patches for IKEv2 support + +* Thu Jul 12 2018 Fedora Release Engineering - 1.2.4-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Feb 07 2018 Fedora Release Engineering - 1.2.4-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Nov 30 2017 Lubomir Rintel - 1.2.4-4 +- Drop libnm-glib for Fedora 28 + +* Wed Aug 02 2017 Fedora Release Engineering - 1.2.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1.2.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 1.2.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Jun 30 2016 Thomas Haller - 1.2.4-1 +- Update to 1.2.4 release +- Move base VPN plugin library to base libreswan package +- Don't require nm-connection-editor anymore + +* Wed May 11 2016 Lubomir Rintel - 1.2.2-1 +- Update to 1.2.2 release + +* Wed Apr 20 2016 Lubomir Rintel - 1.2.0-1 +- Update to 1.2.0 release + +* Tue Apr 5 2016 Lubomir Rintel - 1.2.0-0.4.rc1 +- Update to NetworkManager-libreswan 1.2-rc1 + +* Tue Mar 1 2016 Lubomir Rintel - 1.2.0-0.4.beta2 +- Update to NetworkManager-libreswan 1.2-beta2 + +* Wed Feb 03 2016 Fedora Release Engineering - 1.2.0-0.4.beta1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Mon Feb 1 2016 Lubomir Rintel - 1.2.0-0.3.beta1 +- Update to support Main mode & better Libreswan integration + +* Tue Jan 19 2016 Lubomir Rintel - 1.2.0-0.2.beta1 +- Update to NetworkManager-libreswan 1.2-beta1 + +* Wed Dec 16 2015 Lubomir Rintel - 1.2.0-0.1.20151216gite52aff0 +- A newer git snapshot with import/export support + +* Mon Nov 16 2015 Lubomir Rintel - 1.2.0-0.1.20151116git15db395 +- Rename to NetworkManager-libreswan +- A newer git snapshot with multiple connection support + +* Fri Oct 23 2015 Lubomir Rintel - 1.2.0-0.1.20151023git8a39c0f +- Update to a newer git snapshot + +* Tue Sep 1 2015 Lubomir Rintel - 1.2.0-0.1.20150901git92f1611 +- Update to 1.2 git snapshot with libnm-based properties plugin + +* Fri Aug 28 2015 Lubomir Rintel - 1.0.6-2 +- Don't unconditionally set cisco-unity=yes + +* Thu Aug 27 2015 Lubomir Rintel - 1.0.6-1 +- Update to 1.0.6 release + +* Tue Jun 16 2015 Fedora Release Engineering - 1.0.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue May 5 2015 Lubomir Rintel - 1.0.2-1 +- Update to 1.0.2 release + +* Mon Dec 22 2014 Dan Williams - 1.0.0-1 +- Update to 1.0 + +* Fri Aug 15 2014 Fedora Release Engineering - 0.9.8.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Fri Jun 06 2014 Fedora Release Engineering - 0.9.8.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu Dec 12 2013 Avesh Agarwal - 0.9.8.4-2 +- Fixes 1035786 (and its duplicate 1040924) + +* Tue Dec 10 2013 Avesh Agarwal - 0.9.8.4-1 +- New upstream release 0.9.8.4 +- Fixed 926225 +- Fixed dependency to libreswan. +- Created a new sub package NetworkManager-openswan-gnome +- Various other spec file fixes. +- Additional code changes are as follows: +- Fixed an issue where proper network stack is not loaded unless + _stackmanager is run before starting pluto daemon service. +- Fixed the termination operation of pluto daemon to comply with + libreswan changes. +- Fixed various debug messages. +- Fixed initiation of pluto daemon by this plugin to reflect the + changes in libreaswan. +- Fixed defaults values for more parameters to help the VPN + connection stay more reliable. +- Rewrote pluto watch API which watches the pluto process for its status. + Fixed memory leak issues as not all child processes were reaped correctly. + Also g_spwan_close_pid was not being called after children were reaped. + Also modified debugs and added more to help with debugging in the future. +- Fixed an issue where nm-openswan service is searching for ipsec binary in + both /sbin and /usr/sbin leading to same operation twice, as /sbin is just + symlink to /usr/sbin, so removed /sbin from the search paths. +- Fixed some libreswan related macro changes. +- Fixed netmask issue when sending IP information to the nm openswan + plugin service. +- Fixed the current code as it does not set the default route field + NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT when sending VPN information + to nm-openswan plugin. This fix sets the field to TRUE. +- Fixed some issues found by coverity scan. +- Fixed an issue where writing configuration on stdin should not end with + \n as it gives error. It used to work previously, but not with latest + NetworkManager versions. +- libreswan related fixes, as some macros have been modified after forking + to libreswan from openswan. +- openswan/libreswan does not provide tun0 interface, so fixed the code + where it sends tun0 interface. +- Fix prcoessing of nm-openswan-dialog.ui file and added more error notifications. +- Fixed dead code based on coverity scan. +- Fixed gnomekeyring lib dependencies. +- Fixed Networkmanager and related lib dependencies. +- Fixed gtk label max width issue by setting it to 35. +- NM-openswan was missing support for nm-openswan-auth-dialog.desktop.in.in. + So added a new nm-openswan-auth-dialog.desktop.in.in, and modified related + Makefile and configure.ac files. + +* Mon Aug 5 2013 Avesh Agarwal - 0.9.8.0-1 +- Rebase to latest upstream version 0.9.8.0 +- Fixed several issues with the packaging + +* Fri Aug 02 2013 Fedora Release Engineering - 0.9.3.995-6.git20120302 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Feb 13 2013 Fedora Release Engineering - 0.9.3.995-5.git20120302 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Dec 13 2012 Avesh Agarwal - 0.9.3.995-4 +Resolves: #845599, #865883 + +* Wed Jul 18 2012 Fedora Release Engineering - 0.9.3.995-3.git20120302 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Apr 27 2012 Avesh Agarwal - 0.9.3.995-2 +- Ported changes from rhel to fedora + +* Fri Mar 2 2012 Dan Williams - 0.9.3.995-1 +- Update to 0.9.3.995 (0.9.4-beta1) +- ui: add support for external UI mode, eg GNOME Shell + +* Thu Jan 12 2012 Fedora Release Engineering - 0.9.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Dec 06 2011 Adam Jackson - 0.9.0-2 +- Rebuild for new libpng + +* Fri Aug 26 2011 Dan Williams - 0.9.0-1 +- Update to 0.9.0 +- ui: translation fixes + +* Thu Jul 21 2011 Dan Williams - 0.8.999-2.git20110721 +- Update to git snapshot +- Fixes for secrets handling and saving + +* Tue May 03 2011 Dan Williams - 0.8.999-1 +- Update to 0.8.999 (0.9-rc2) +- Port to GTK 3.0 and GtkBuilder +- Fix some issues with secrets storage + +* Sun Mar 27 2011 Christopher Aillon - 0.8.0-9.20100411git +- Rebuild against NetworkManager 0.9 + +* Wed Feb 16 2011 Avesh Agarwal - 0.8.0-8.20100411git +- fixes for compile time errors + +* Mon Feb 07 2011 Fedora Release Engineering - 0.8.0-7.20100411git +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Sep 7 2010 Avesh Agarwal - 0.8.0-6.20100411git +- Modified import and export interfaces to import_from_file and export_to_file, respectively, + due to changes in NMVpnPluginUiInterface struct in NM (bz 631159). + +* Mon Jul 26 2010 Avesh Agarwal - 0.8.0-5.20100411git +Resolves: #616910 +- Support for reading phase1 and phase2 algorithms through GUI + +* Tue Jul 13 2010 Avesh Agarwal - 0.8.0-4.20100411git +- Modified fix for the bz 607352 +- Fix to read connection configuration from stdin +- Fix to read Xauth user password from stdin +- Fix to delete the secret file as soon as read by Openswan + +* Thu Jul 8 2010 Avesh Agarwal - 0.8.0-3.20100411git +- Modified the patch so that it does not pass user password to + "ipsec whack" command. + +* Thu Jul 8 2010 Avesh Agarwal - 0.8.0-2.20100411git +- Modified to initiate VPN connections with openswan whack interface +- Fixed the issue of world readable conf and secret files +- Cleaned conf and secret files after VPN connection is stopped +- Fixed the issue of storing sensitive information like user + password in a file (rhbz# 607352) +- Changed PLUTO_SERVERBANNER to PLUTO_PEER_BANNER due + to the same change in Openswan +- Modifed GUI to remove unused configuration boxes + +* Tue Jun 15 2010 Avesh Agarwal - 0.8.0-1.20100%{version}t +- Initial build