From 938e15f82e848b4c00075768528b801eaa963d28 Mon Sep 17 00:00:00 2001 From: Sahana Prasad Date: Tue, 14 Sep 2021 19:16:19 +0200 Subject: [PATCH 01/13] Rebuilt with OpenSSL 3.0.0 --- tcpcrypt.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tcpcrypt.spec b/tcpcrypt.spec index 16ee275..a5015e4 100644 --- a/tcpcrypt.spec +++ b/tcpcrypt.spec @@ -4,7 +4,7 @@ Summary: Opportunistically encrypt TCP connections Name: tcpcrypt Version: 0.5 -Release: 6%{?dist} +Release: 7%{?dist} License: BSD Url: http://tcpcrypt.org/ Source0: http://tcpcrypt.org//%{name}-%{version}.tar.gz @@ -106,6 +106,9 @@ useradd -r -g tcpcryptd -d /var/run/tcpcryptd -s /sbin/nologin \ %systemd_postun_with_restart tcpcryptd.service %changelog +* Tue Sep 14 2021 Sahana Prasad - 0.5-7 +- Rebuilt with OpenSSL 3.0.0 + * Fri Jul 23 2021 Fedora Release Engineering - 0.5-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild From 9c5e9251fda98204f11fb5bd440cdc36cd96b5cd Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 22 Jan 2022 02:24:26 +0000 Subject: [PATCH 02/13] - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- tcpcrypt.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tcpcrypt.spec b/tcpcrypt.spec index a5015e4..62b06f3 100644 --- a/tcpcrypt.spec +++ b/tcpcrypt.spec @@ -4,7 +4,7 @@ Summary: Opportunistically encrypt TCP connections Name: tcpcrypt Version: 0.5 -Release: 7%{?dist} +Release: 8%{?dist} License: BSD Url: http://tcpcrypt.org/ Source0: http://tcpcrypt.org//%{name}-%{version}.tar.gz @@ -106,6 +106,9 @@ useradd -r -g tcpcryptd -d /var/run/tcpcryptd -s /sbin/nologin \ %systemd_postun_with_restart tcpcryptd.service %changelog +* Sat Jan 22 2022 Fedora Release Engineering - 0.5-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + * Tue Sep 14 2021 Sahana Prasad - 0.5-7 - Rebuilt with OpenSSL 3.0.0 From 2b16cc5e612d04465a5d3c45dca742d535b7f786 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 23 Jul 2022 10:11:27 +0000 Subject: [PATCH 03/13] Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- tcpcrypt.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tcpcrypt.spec b/tcpcrypt.spec index 62b06f3..c2520f5 100644 --- a/tcpcrypt.spec +++ b/tcpcrypt.spec @@ -4,7 +4,7 @@ Summary: Opportunistically encrypt TCP connections Name: tcpcrypt Version: 0.5 -Release: 8%{?dist} +Release: 9%{?dist} License: BSD Url: http://tcpcrypt.org/ Source0: http://tcpcrypt.org//%{name}-%{version}.tar.gz @@ -106,6 +106,9 @@ useradd -r -g tcpcryptd -d /var/run/tcpcryptd -s /sbin/nologin \ %systemd_postun_with_restart tcpcryptd.service %changelog +* Sat Jul 23 2022 Fedora Release Engineering - 0.5-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + * Sat Jan 22 2022 Fedora Release Engineering - 0.5-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild From 0005726b5e155a034f9deb8816a9978d0bfcd050 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 21 Jan 2023 04:45:30 +0000 Subject: [PATCH 04/13] Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- tcpcrypt.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tcpcrypt.spec b/tcpcrypt.spec index c2520f5..74d9ff8 100644 --- a/tcpcrypt.spec +++ b/tcpcrypt.spec @@ -4,7 +4,7 @@ Summary: Opportunistically encrypt TCP connections Name: tcpcrypt Version: 0.5 -Release: 9%{?dist} +Release: 10%{?dist} License: BSD Url: http://tcpcrypt.org/ Source0: http://tcpcrypt.org//%{name}-%{version}.tar.gz @@ -106,6 +106,9 @@ useradd -r -g tcpcryptd -d /var/run/tcpcryptd -s /sbin/nologin \ %systemd_postun_with_restart tcpcryptd.service %changelog +* Sat Jan 21 2023 Fedora Release Engineering - 0.5-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + * Sat Jul 23 2022 Fedora Release Engineering - 0.5-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild From b363879202b4d608eca2f7e822de9011a2d5f66b Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Thu, 23 Feb 2023 09:31:10 -0500 Subject: [PATCH 05/13] fix: remove broken firewalld integration The "direct" XML element has never been valid inside of a service definition. So the firewalld integration has never worked. New firewalld enforces sane configuration at startup. Old firewalld would ignore the broken service definition and load the rest of the configuration. --- tcpcrypt-firewalld.xml | 12 ------------ tcpcrypt.spec | 11 ++++------- tcpcryptd-firewall | 17 +---------------- 3 files changed, 5 insertions(+), 35 deletions(-) delete mode 100644 tcpcrypt-firewalld.xml diff --git a/tcpcrypt-firewalld.xml b/tcpcrypt-firewalld.xml deleted file mode 100644 index 01ecbd0..0000000 --- a/tcpcrypt-firewalld.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - - - -p tcp -m mark --mark 0x0/0x10 -j NFQUEUE --queue-num 666 - -j tcpcrypt - - - - -p tcp -m mark --mark 0x0/0x10 -j NFQUEUE --queue-num 666 - -j tcpcrypt - diff --git a/tcpcrypt.spec b/tcpcrypt.spec index 74d9ff8..a2aab3a 100644 --- a/tcpcrypt.spec +++ b/tcpcrypt.spec @@ -4,14 +4,13 @@ Summary: Opportunistically encrypt TCP connections Name: tcpcrypt Version: 0.5 -Release: 10%{?dist} +Release: 11%{?dist} License: BSD Url: http://tcpcrypt.org/ Source0: http://tcpcrypt.org//%{name}-%{version}.tar.gz SOURCE1: tmpfiles-tcpcrypt.conf SOURCE2: tcpcryptd.service SOURCE3: tcpcryptd-firewall -SOURCE4: tcpcrypt-firewalld.xml Requires: %{name}-libs%{?_isa} = %{version}-%{release} BuildRequires: make BuildRequires: gcc @@ -23,8 +22,6 @@ Requires(post): systemd Requires(preun): systemd Requires(postun): systemd Requires(pre): shadow-utils -# we need to require it to install our file -Requires: firewalld %description Provides a protocol that attempts to encrypt (almost) all of your @@ -62,8 +59,6 @@ mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/ %{buildroot}/run/tcpcryptd install -D -m 0644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/tcpcrypt.conf mkdir -p %{buildroot}%{_unitdir} install -m 0755 %{SOURCE2} %{buildroot}/%{_unitdir}/tcpcryptd.service -# install firewalld policy needed for tracking and marking packets -install -D -m 0644 %{SOURCE4} %{buildroot}/%{_prefix}/lib/firewalld/services/tcpcryptd.xml %files libs %doc README.markdown @@ -80,7 +75,6 @@ install -D -m 0644 %{SOURCE4} %{buildroot}/%{_prefix}/lib/firewalld/services/tcp %{_mandir}/man8/* %attr(0644,root,root) %{_tmpfilesdir}/tcpcrypt.conf %attr(0644,root,root) %{_unitdir}/tcpcryptd.service -%attr(0644,root,root) %{_prefix}/lib/firewalld/services/tcpcryptd.xml %attr(0755,tcpcryptd,tcpcryptd) %dir /run/tcpcryptd %files devel @@ -106,6 +100,9 @@ useradd -r -g tcpcryptd -d /var/run/tcpcryptd -s /sbin/nologin \ %systemd_postun_with_restart tcpcryptd.service %changelog +* Thu Feb 23 2023 Eric Garver - 0.5-11 +- remove broken firewalld service definition + * Sat Jan 21 2023 Fedora Release Engineering - 0.5-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild diff --git a/tcpcryptd-firewall b/tcpcryptd-firewall index e598db8..65a6cee 100755 --- a/tcpcryptd-firewall +++ b/tcpcryptd-firewall @@ -1,19 +1,6 @@ #!/bin/sh -# Check if we need to use firewalld or will handle rules directly with iptables - - -systemctl status firewalld.service >/dev/null -RETVAL=$? -if [ $RETVAL -eq 0 ] -then - # use firewalld - firewall-cmd --reload - firewall-cmd --direct --get-rules ipv4 raw tcpcrypt - firewall-cmd --direct --get-rules ipv4 mangle tcpcrypt -else - # use iptables manually - +# use iptables manually if [ "$1" == "start" ] then iptables -t raw -N tcpcrypt @@ -34,5 +21,3 @@ then iptables -t mangle -F tcpcrypt iptables -t mangle -D PREROUTING -j tcpcrypt fi - -fi From 5fae8d3e2106ce91e4ab98623771abbb8789b1f7 Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Thu, 23 Feb 2023 09:37:32 -0500 Subject: [PATCH 06/13] fix: remove bash-isms --- tcpcrypt.spec | 5 ++++- tcpcryptd-firewall | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/tcpcrypt.spec b/tcpcrypt.spec index a2aab3a..f86f51c 100644 --- a/tcpcrypt.spec +++ b/tcpcrypt.spec @@ -4,7 +4,7 @@ Summary: Opportunistically encrypt TCP connections Name: tcpcrypt Version: 0.5 -Release: 11%{?dist} +Release: 12%{?dist} License: BSD Url: http://tcpcrypt.org/ Source0: http://tcpcrypt.org//%{name}-%{version}.tar.gz @@ -100,6 +100,9 @@ useradd -r -g tcpcryptd -d /var/run/tcpcryptd -s /sbin/nologin \ %systemd_postun_with_restart tcpcryptd.service %changelog +* Thu Feb 23 2023 Eric Garver - 0.5-12 +- remove bash-isms from tcpcryptd-firewall + * Thu Feb 23 2023 Eric Garver - 0.5-11 - remove broken firewalld service definition diff --git a/tcpcryptd-firewall b/tcpcryptd-firewall index 65a6cee..33d1075 100755 --- a/tcpcryptd-firewall +++ b/tcpcryptd-firewall @@ -1,7 +1,7 @@ #!/bin/sh # use iptables manually -if [ "$1" == "start" ] +if [ "$1" = "start" ] then iptables -t raw -N tcpcrypt iptables -t raw -A tcpcrypt -p tcp -m mark --mark 0x0/0x10 -j NFQUEUE --queue-num 666 @@ -13,7 +13,7 @@ then # launch `tcpcryptd` with `-x 0x10` fi -if [ "$1" == "stop" ] +if [ "$1" = "stop" ] then iptables -t raw -F tcpcrypt iptables -t raw -D PREROUTING -j tcpcrypt From 83630378cab74fc7da3f59e3ca6977d80d770f1e Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 22 Jul 2023 03:18:34 +0000 Subject: [PATCH 07/13] Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- tcpcrypt.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tcpcrypt.spec b/tcpcrypt.spec index f86f51c..f5af400 100644 --- a/tcpcrypt.spec +++ b/tcpcrypt.spec @@ -4,7 +4,7 @@ Summary: Opportunistically encrypt TCP connections Name: tcpcrypt Version: 0.5 -Release: 12%{?dist} +Release: 13%{?dist} License: BSD Url: http://tcpcrypt.org/ Source0: http://tcpcrypt.org//%{name}-%{version}.tar.gz @@ -100,6 +100,9 @@ useradd -r -g tcpcryptd -d /var/run/tcpcryptd -s /sbin/nologin \ %systemd_postun_with_restart tcpcryptd.service %changelog +* Sat Jul 22 2023 Fedora Release Engineering - 0.5-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + * Thu Feb 23 2023 Eric Garver - 0.5-12 - remove bash-isms from tcpcryptd-firewall From 96bd83752f2acc7bc032f34e373702f7108b43e3 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 27 Jan 2024 05:36:09 +0000 Subject: [PATCH 08/13] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- tcpcrypt.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tcpcrypt.spec b/tcpcrypt.spec index f5af400..ab9acb9 100644 --- a/tcpcrypt.spec +++ b/tcpcrypt.spec @@ -4,7 +4,7 @@ Summary: Opportunistically encrypt TCP connections Name: tcpcrypt Version: 0.5 -Release: 13%{?dist} +Release: 14%{?dist} License: BSD Url: http://tcpcrypt.org/ Source0: http://tcpcrypt.org//%{name}-%{version}.tar.gz @@ -100,6 +100,9 @@ useradd -r -g tcpcryptd -d /var/run/tcpcryptd -s /sbin/nologin \ %systemd_postun_with_restart tcpcryptd.service %changelog +* Sat Jan 27 2024 Fedora Release Engineering - 0.5-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Sat Jul 22 2023 Fedora Release Engineering - 0.5-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild From 91b6efd427880225df3d695a424d76f6ae7aef92 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 20 Jul 2024 07:10:40 +0000 Subject: [PATCH 09/13] Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild --- tcpcrypt.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tcpcrypt.spec b/tcpcrypt.spec index ab9acb9..8a83bbd 100644 --- a/tcpcrypt.spec +++ b/tcpcrypt.spec @@ -4,7 +4,7 @@ Summary: Opportunistically encrypt TCP connections Name: tcpcrypt Version: 0.5 -Release: 14%{?dist} +Release: 15%{?dist} License: BSD Url: http://tcpcrypt.org/ Source0: http://tcpcrypt.org//%{name}-%{version}.tar.gz @@ -100,6 +100,9 @@ useradd -r -g tcpcryptd -d /var/run/tcpcryptd -s /sbin/nologin \ %systemd_postun_with_restart tcpcryptd.service %changelog +* Sat Jul 20 2024 Fedora Release Engineering - 0.5-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + * Sat Jan 27 2024 Fedora Release Engineering - 0.5-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From 8be4d9a4112f91973dec1868bdbc5ec4ec8ddb5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20Such=C3=BD?= Date: Wed, 4 Sep 2024 22:17:55 +0200 Subject: [PATCH 10/13] convert license to SPDX This is part of https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4 --- tcpcrypt.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tcpcrypt.spec b/tcpcrypt.spec index 8a83bbd..2a4a2a8 100644 --- a/tcpcrypt.spec +++ b/tcpcrypt.spec @@ -4,8 +4,9 @@ Summary: Opportunistically encrypt TCP connections Name: tcpcrypt Version: 0.5 -Release: 15%{?dist} -License: BSD +Release: 16%{?dist} +# Automatically converted from old format: BSD - review is highly recommended. +License: LicenseRef-Callaway-BSD Url: http://tcpcrypt.org/ Source0: http://tcpcrypt.org//%{name}-%{version}.tar.gz SOURCE1: tmpfiles-tcpcrypt.conf @@ -100,6 +101,9 @@ useradd -r -g tcpcryptd -d /var/run/tcpcryptd -s /sbin/nologin \ %systemd_postun_with_restart tcpcryptd.service %changelog +* Wed Sep 04 2024 Miroslav Suchý - 0.5-16 +- convert license to SPDX + * Sat Jul 20 2024 Fedora Release Engineering - 0.5-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild From 9f91cd0e6bfc1365008a1dd21f04ff615cb58448 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sun, 19 Jan 2025 12:29:34 +0000 Subject: [PATCH 11/13] Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild --- tcpcrypt.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tcpcrypt.spec b/tcpcrypt.spec index 2a4a2a8..cf5642a 100644 --- a/tcpcrypt.spec +++ b/tcpcrypt.spec @@ -4,7 +4,7 @@ Summary: Opportunistically encrypt TCP connections Name: tcpcrypt Version: 0.5 -Release: 16%{?dist} +Release: 17%{?dist} # Automatically converted from old format: BSD - review is highly recommended. License: LicenseRef-Callaway-BSD Url: http://tcpcrypt.org/ @@ -101,6 +101,9 @@ useradd -r -g tcpcryptd -d /var/run/tcpcryptd -s /sbin/nologin \ %systemd_postun_with_restart tcpcryptd.service %changelog +* Sun Jan 19 2025 Fedora Release Engineering - 0.5-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + * Wed Sep 04 2024 Miroslav Suchý - 0.5-16 - convert license to SPDX From 62c4fd5a765ab30ad5f776afc3be53a19df3eac6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 11 Feb 2025 16:44:39 +0100 Subject: [PATCH 12/13] Add sysusers.d config file to allow rpm to create users/groups automatically See https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers. --- tcpcrypt.spec | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/tcpcrypt.spec b/tcpcrypt.spec index cf5642a..e61f288 100644 --- a/tcpcrypt.spec +++ b/tcpcrypt.spec @@ -4,7 +4,7 @@ Summary: Opportunistically encrypt TCP connections Name: tcpcrypt Version: 0.5 -Release: 17%{?dist} +Release: 18%{?dist} # Automatically converted from old format: BSD - review is highly recommended. License: LicenseRef-Callaway-BSD Url: http://tcpcrypt.org/ @@ -22,7 +22,6 @@ BuildRequires: systemd Requires(post): systemd Requires(preun): systemd Requires(postun): systemd -Requires(pre): shadow-utils %description Provides a protocol that attempts to encrypt (almost) all of your @@ -47,6 +46,11 @@ Contains libraries used by tcpcryptd server and tcpcrypt-aware applications %prep %autosetup +# Create a sysusers.d config file +cat >tcpcrypt.sysusers.conf </dev/null || groupadd -r tcpcryptd -getent passwd tcpcryptd >/dev/null || \ -useradd -r -g tcpcryptd -d /var/run/tcpcryptd -s /sbin/nologin \ --c "tcpcrypt daemon account" tcpcryptd || exit 0 %post %systemd_post tcpcryptd.service @@ -101,6 +103,9 @@ useradd -r -g tcpcryptd -d /var/run/tcpcryptd -s /sbin/nologin \ %systemd_postun_with_restart tcpcryptd.service %changelog +* Tue Feb 11 2025 Zbigniew Jędrzejewski-Szmek - 0.5-18 +- Add sysusers.d config file to allow rpm to create users/groups automatically + * Sun Jan 19 2025 Fedora Release Engineering - 0.5-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild From 3bed1886a7b1d203b3b01725bd8cde80b71c2185 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 25 Jul 2025 19:08:58 +0000 Subject: [PATCH 13/13] Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild --- tcpcrypt.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tcpcrypt.spec b/tcpcrypt.spec index e61f288..050228a 100644 --- a/tcpcrypt.spec +++ b/tcpcrypt.spec @@ -4,7 +4,7 @@ Summary: Opportunistically encrypt TCP connections Name: tcpcrypt Version: 0.5 -Release: 18%{?dist} +Release: 19%{?dist} # Automatically converted from old format: BSD - review is highly recommended. License: LicenseRef-Callaway-BSD Url: http://tcpcrypt.org/ @@ -103,6 +103,9 @@ install -m0644 -D tcpcrypt.sysusers.conf %{buildroot}%{_sysusersdir}/tcpcrypt.co %systemd_postun_with_restart tcpcryptd.service %changelog +* Fri Jul 25 2025 Fedora Release Engineering - 0.5-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + * Tue Feb 11 2025 Zbigniew Jędrzejewski-Szmek - 0.5-18 - Add sysusers.d config file to allow rpm to create users/groups automatically