diff -Nru libreswan-3.32/debian/changelog libreswan-3.32/debian/changelog --- libreswan-3.32/debian/changelog 2020-06-30 23:40:37.000000000 +0000 +++ libreswan-3.32/debian/changelog 2020-08-24 19:37:54.000000000 +0000 @@ -1,3 +1,24 @@ +libreswan (3.32-3ubuntu2) groovy; urgency=medium + + * d/tests/opportunistic and d/tests/cavp: fix how it exit 77 to skip + the test in case of ping, wget, dig failures. + + -- Eduardo Barretto Mon, 24 Aug 2020 16:37:54 -0300 + +libreswan (3.32-3ubuntu1) groovy; urgency=medium + + * d/tests/control: make opportunistic and cavp skippable if builder + doesn't have access to internet. + * d/tests/opportunistic: if ping or wget fails then exit 77 to skip + the test. + * d/tests/cavp: if wget fails then exit 77 to skip the test. + * d/patches/fix-libselinux3.1-deprecated.patch: this fixes current + ftbfs with libselinux3.1. + * d/patches/fix-ftbfs-s390x.patch: fix maybe-uninitialized + warning/error. + + -- Eduardo Barretto Fri, 21 Aug 2020 12:00:11 -0300 + libreswan (3.32-3build1) groovy; urgency=medium * No-change rebuild against libldns3. diff -Nru libreswan-3.32/debian/control libreswan-3.32/debian/control --- libreswan-3.32/debian/control 2020-05-26 20:51:07.000000000 +0000 +++ libreswan-3.32/debian/control 2020-08-21 15:00:11.000000000 +0000 @@ -1,7 +1,8 @@ Source: libreswan Section: net Priority: optional -Maintainer: Daniel Kahn Gillmor +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Daniel Kahn Gillmor Uploaders: Paul Wouters , Ondřej Surý , diff -Nru libreswan-3.32/debian/patches/fix-ftbfs-s390x.patch libreswan-3.32/debian/patches/fix-ftbfs-s390x.patch --- libreswan-3.32/debian/patches/fix-ftbfs-s390x.patch 1970-01-01 00:00:00.000000000 +0000 +++ libreswan-3.32/debian/patches/fix-ftbfs-s390x.patch 2020-08-21 15:00:11.000000000 +0000 @@ -0,0 +1,16 @@ +Description: fix FTBFS on s390x + error: ‘incl’ may be used uninitialized in this function + [-Werror=maybe-uninitialized] +Author: Eduardo Barretto + +--- libreswan-3.32.orig/programs/pluto/virtual.c ++++ libreswan-3.32/programs/pluto/virtual.c +@@ -172,7 +172,7 @@ void init_virtual_ip(const char *private + if (next == NULL) + next = str + strlen(str); + +- bool incl; ++ bool incl = false; + if (read_subnet(str, next - str, + &(private_net_incl[i_incl]), + &(private_net_excl[i_excl]), diff -Nru libreswan-3.32/debian/patches/fix-libselinux3.1-deprecated.patch libreswan-3.32/debian/patches/fix-libselinux3.1-deprecated.patch --- libreswan-3.32/debian/patches/fix-libselinux3.1-deprecated.patch 1970-01-01 00:00:00.000000000 +0000 +++ libreswan-3.32/debian/patches/fix-libselinux3.1-deprecated.patch 2020-08-21 15:00:11.000000000 +0000 @@ -0,0 +1,71 @@ +Description: fix deprecated libselinux function calls + error: 'security_context_t' is deprecated + error: 'avc_init' is deprecated + error: 'sidput' is deprecated +Author: Eduardo Barretto + +--- libreswan-3.32.orig/contrib/labeled-ipsec/getpeercon_server.c ++++ libreswan-3.32/contrib/labeled-ipsec/getpeercon_server.c +@@ -64,7 +64,7 @@ int main(int argc, char *argv[]) + srv_sock_path = argv[1]; + + { +- security_context_t ctx; ++ char *ctx; + int rc = getcon(&ctx); + + fprintf(stderr, "-> running as %s\n", +@@ -142,7 +142,7 @@ int main(int argc, char *argv[]) + struct sockaddr_in6 *const cli_sock_6addr = (struct sockaddr_in6 *)&cli_sock_saddr; + socklen_t cli_sock_addr_len; + char cli_sock_addr_str[INET6_ADDRSTRLEN + 1]; +- security_context_t ctx; ++ char *ctx; + char *ctx_str; + + //fflush(stdout); +--- libreswan-3.32.orig/programs/pluto/security_selinux.c ++++ libreswan-3.32/programs/pluto/security_selinux.c +@@ -28,13 +28,13 @@ void init_avc(void) + libreswan_log("selinux support is enabled."); + } + +- if (avc_init("libreswan", NULL, NULL, NULL, NULL) == 0) ++ if (avc_open(NULL, 0) == 0) + selinux_ready = 1; + else + libreswan_log("selinux: could not initialize avc."); + } + +-int within_range(security_context_t sl, security_context_t range) ++int within_range(char *sl, char *range) + { + int rtn = 1; + security_id_t slsid; +@@ -60,7 +60,6 @@ int within_range(security_context_t sl, + rtn = avc_context_to_sid(range, &rangesid); + if (rtn != 0) { + dbg("within_range: Unable to retrieve sid for range context (%s)", range); +- sidput(slsid); + return 0; + } + +@@ -72,8 +71,6 @@ int within_range(security_context_t sl, + rtn = avc_has_perm(slsid, rangesid, tclass, av, NULL, &avd); + if (rtn != 0) { + dbg("within_range: The sl (%s) is not within range of (%s)", sl, range); +- sidput(slsid); +- sidput(rangesid); + return 0; + } + dbg("within_range: The sl (%s) is within range of (%s)", sl, range); +--- libreswan-3.32.orig/programs/pluto/security_selinux.h ++++ libreswan-3.32/programs/pluto/security_selinux.h +@@ -20,6 +20,6 @@ + #include + + void init_avc(void); +-int within_range(security_context_t sl, security_context_t range); ++int within_range(char *sl, char *range); + + #endif /* _SECURITY_SELINUX_H */ diff -Nru libreswan-3.32/debian/patches/series libreswan-3.32/debian/patches/series --- libreswan-3.32/debian/patches/series 2020-05-26 20:51:07.000000000 +0000 +++ libreswan-3.32/debian/patches/series 2020-08-21 15:00:11.000000000 +0000 @@ -4,3 +4,5 @@ 0004-fix-spelling-errors.patch 0005-Ensure-using-compat-interface-due-to-subtle-NSS-API-.patch 0006-Use-pkg-config-recommended-by-the-environment.patch +fix-libselinux3.1-deprecated.patch +fix-ftbfs-s390x.patch diff -Nru libreswan-3.32/debian/tests/cavp libreswan-3.32/debian/tests/cavp --- libreswan-3.32/debian/tests/cavp 2020-05-26 20:54:36.000000000 +0000 +++ libreswan-3.32/debian/tests/cavp 2020-08-24 19:37:54.000000000 +0000 @@ -15,7 +15,7 @@ workdir=$(mktemp -d) cd "$workdir" -wget --quiet https://download.libreswan.org/cavs/{ikev1_dsa,ikev1_psk,ikev2}.fax.bz2 +wget --quiet https://download.libreswan.org/cavs/{ikev1_dsa,ikev1_psk,ikev2}.fax.bz2 || exit 77 bunzip2 *.fax.bz2 "$cavp" -v2 ikev2.fax | diff -u ikev2.fax - > /dev/null diff -Nru libreswan-3.32/debian/tests/control libreswan-3.32/debian/tests/control --- libreswan-3.32/debian/tests/control 2020-05-28 12:13:33.000000000 +0000 +++ libreswan-3.32/debian/tests/control 2020-08-21 14:53:06.000000000 +0000 @@ -1,5 +1,5 @@ Tests: opportunistic -Restrictions: needs-root, isolation-machine, needs-internet +Restrictions: needs-root, isolation-machine, needs-internet, skippable Depends: dnsutils, iputils-ping, @@ -14,7 +14,7 @@ @, Tests: cavp -Restrictions: needs-internet, allow-stderr +Restrictions: needs-internet, allow-stderr, skippable Depends: bzip2, ca-certificates, diff -Nru libreswan-3.32/debian/tests/opportunistic libreswan-3.32/debian/tests/opportunistic --- libreswan-3.32/debian/tests/opportunistic 2020-05-26 20:51:07.000000000 +0000 +++ libreswan-3.32/debian/tests/opportunistic 2020-08-24 19:37:54.000000000 +0000 @@ -5,11 +5,11 @@ badstring='OH noooooos!!' -ping -c 5 oe.libreswan.org 2>&1 +ping -c 5 oe.libreswan.org 2>&1 || exit 77 -dig +short -x `dig +short oe.libreswan.org` ipseckey +trusted-key=/usr/share/dns/root.key +sigchase +dig +short -x `dig +short oe.libreswan.org` ipseckey +trusted-key=/usr/share/dns/root.key +sigchase || exit 77 -wget -q --tries=2 --timeout=5 -O "${AUTOPKGTEST_ARTIFACTS}/before.html" http://oe.libreswan.org/ +wget -q --tries=2 --timeout=5 -O "${AUTOPKGTEST_ARTIFACTS}/before.html" http://oe.libreswan.org/ || exit 77 grep -F "$badstring" "${AUTOPKGTEST_ARTIFACTS}/before.html" @@ -30,12 +30,12 @@ # TODO: better details? ipsec whack --trafficstatus -ping -c 5 oe.libreswan.org 2>&1 +ping -c 5 oe.libreswan.org 2>&1 || exit 77 systemctl --no-pager status ipsec # now fetch some stuff from oe.libreswan.org, make sure it's good! -wget -q --tries=2 --timeout=5 -O "${AUTOPKGTEST_ARTIFACTS}/after.html" http://oe.libreswan.org/ +wget -q --tries=2 --timeout=5 -O "${AUTOPKGTEST_ARTIFACTS}/after.html" http://oe.libreswan.org/ || exit 77 if grep -F "$badstring" "${AUTOPKGTEST_ARTIFACTS}/after.html"; then printf "we got 'oh nooooooos' from http://oe.libreswan.org after bringing up opportunistic ipsec\n"