Bug 22959

Summary: openswan should be replaced by libreswan or dropped
Product: Mageia Reporter: David Walser <luigiwalser>
Component: RPM PackagesAssignee: All Packagers <pkg-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: release_blocker CC: smelror
Version: Cauldron   
Target Milestone: Mageia 7   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: openswan-2.6.39-11.mga7.src.rpm CVE:
Status comment:

Description David Walser 2018-04-27 18:31:33 CEST 
openswan is dead and libreswan was forked from it to continue its development.  There are likely several security vulnerabilities that are unfixed in our package.  Other distros have already made the switch.  We should also make the switch or drop it if we aren't going to maintain the package.
David Walser 2018-04-27 18:31:47 CEST

Priority: Normal => release_blocker
Assignee: bugsquad => pkg-bugs
Target Milestone: --- => Mageia 7

Comment 1 Stig-Ørjan Smelror 2018-12-02 00:04:02 CET 
A new version of openswan has been pushed to Cauldron.

Cheers,
Stig

CC: (none) => smelror

Comment 2 David Walser 2018-12-02 00:28:56 CET 
Thanks, but that's not what's needed.  See the bug title and Comment 0.
Comment 3 Stig-Ørjan Smelror 2018-12-02 00:33:33 CET 
But you also said that "openswan is dead", which it isn't and so I thought an update would be a good thing.

Getting libreswan to work is a bit more difficult since it requires fipscheck which doesn't compile because FIPS is disabled in our openssl.

Cheers,
Stig
Comment 4 David Walser 2018-12-02 00:58:43 CET 
Are you sure it isn't dead?  Maybe our package just wasn't up to date.  Either way, libreswan is the way forward.
Comment 5 Stig-Ørjan Smelror 2018-12-02 10:40:26 CET 
libreswan has been imported to Cauldron.

Please test it. I have no idea if it works.
Had to hack the spec file a little after importing it from Fedora to get it to build. Disabled fipscheck as well.

When this package has been tested and validated to work as expected, I will Obsolete openswan.


Cheers,
Stig
Comment 6 Stig-Ørjan Smelror 2018-12-02 10:44:15 CET 
Well...

Openswan is obsoleted already. I just didn't read the spec file thoroughly.
Comment 7 David Walser 2018-12-02 15:58:31 CET 
That works.  I don't use it and certainly can't test it, but if there's an issue with it I'm sure someone will let us know.
Comment 8 Stig-Ørjan Smelror 2018-12-24 22:29:25 CET 
(In reply to David Walser from comment #7)
> That works.  I don't use it and certainly can't test it, but if there's an
> issue with it I'm sure someone will let us know.

Should I close this report?
Comment 9 David Walser 2018-12-24 23:50:26 CET 
Sophie says we still have openswan.  It looks like openswan-doc wasn't obsoleted.
Comment 10 Stig-Ørjan Smelror 2018-12-25 00:02:49 CET 
Thanks David.

Fixed in libreswan 3.27-4.

OK to close now?
Comment 11 David Walser 2018-12-25 00:06:41 CET 
Thanks.  Nice work.

Status: NEW => RESOLVED
Resolution: (none) => FIXED