Bug 22959 - openswan should be replaced by libreswan or dropped
Summary: openswan should be replaced by libreswan or dropped
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: release_blocker normal
Target Milestone: Mageia 7
Assignee: All Packagers
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-04-27 18:31 CEST by David Walser
Modified: 2018-12-02 15:58 CET (History)
1 user (show)

See Also:
Source RPM: openswan-2.6.39-11.mga7.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2018-04-27 18:31:33 CEST
openswan is dead and libreswan was forked from it to continue its development.  There are likely several security vulnerabilities that are unfixed in our package.  Other distros have already made the switch.  We should also make the switch or drop it if we aren't going to maintain the package.
David Walser 2018-04-27 18:31:47 CEST

Target Milestone: --- => Mageia 7
Assignee: bugsquad => pkg-bugs
Priority: Normal => release_blocker

Comment 1 Stig-Ørjan Smelror 2018-12-02 00:04:02 CET
A new version of openswan has been pushed to Cauldron.

Cheers,
Stig

CC: (none) => smelror

Comment 2 David Walser 2018-12-02 00:28:56 CET
Thanks, but that's not what's needed.  See the bug title and Comment 0.
Comment 3 Stig-Ørjan Smelror 2018-12-02 00:33:33 CET
But you also said that "openswan is dead", which it isn't and so I thought an update would be a good thing.

Getting libreswan to work is a bit more difficult since it requires fipscheck which doesn't compile because FIPS is disabled in our openssl.

Cheers,
Stig
Comment 4 David Walser 2018-12-02 00:58:43 CET
Are you sure it isn't dead?  Maybe our package just wasn't up to date.  Either way, libreswan is the way forward.
Comment 5 Stig-Ørjan Smelror 2018-12-02 10:40:26 CET
libreswan has been imported to Cauldron.

Please test it. I have no idea if it works.
Had to hack the spec file a little after importing it from Fedora to get it to build. Disabled fipscheck as well.

When this package has been tested and validated to work as expected, I will Obsolete openswan.


Cheers,
Stig
Comment 6 Stig-Ørjan Smelror 2018-12-02 10:44:15 CET
Well...

Openswan is obsoleted already. I just didn't read the spec file thoroughly.
Comment 7 David Walser 2018-12-02 15:58:31 CET
That works.  I don't use it and certainly can't test it, but if there's an issue with it I'm sure someone will let us know.

Note You need to log in before you can comment on or make changes to this bug.