%bcond_without wildcard_psk Name: ipsec-tools Version: 0.8.2 Release: 2%{?_dist_release} Summary: Tools for configuring and using IPsec Summary(ja): IPsecツール License: BSD Group: System Environment/Base URL: http://ipsec-tools.sourceforge.net/ Source: http://prdownload.sourceforge.net/ipsec-tools/ipsec-tools-%{version}.tar.bz2 Source1: racoon.conf Source2: psk.txt Source3: p1_up_down Source4: racoon.init Source5: racoon.pam Source100: ipsec.conf # Ignore acquires that are sent by kernel for SAs that are already being # negotiated (#234491) Patch3: ipsec-tools-0.8.0-acquires.patch # Support for labeled IPSec on loopback Patch4: ipsec-tools-0.8.0-loopback.patch # Create racoon as PIE Patch11: ipsec-tools-0.7.1-pie.patch # Fix leak in certification handling Patch14: ipsec-tools-0.7.2-moreleaks.patch # Do not install development files Patch16: ipsec-tools-0.8.0-nodevel.patch # Use krb5 gssapi mechanism Patch18: ipsec-tools-0.7.3-gssapi-mech.patch # Drop -R from linker Patch19: ipsec-tools-0.7.3-build.patch # Silence strict aliasing warnings Patch20: ipsec-tools-0.8.0-aliasing.patch # CVE-2015-4047 Patch21: ipsec-tools-0.8.2-CVE-2015-4047.patch # Calling_station-Id attribute for xauth RADIUS requests Patch22: ipsec-tools-0.8.2-952413.patch Patch100: racoon-wildcard_id.patch #BuildRequires: openssl-devel, krb5-devel, bison, flex, automake, libtool BuildRequires: bison, flex, automake, libtool, glibc-kernheaders BuildRequires: openssl-devel, pam-devel, krb5-devel #BuildRequires: libselinux-devel >= 1.30.28-2 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root #Requires: initscripts >= 7.31.11.EL-1 Requires: initscripts Vendor: Project Vine Distribution: Vine Linux %description This is the IPsec-Tools package. You need this package in order to really use the IPsec functionality in the linux-2.5+ kernels. This package builds: - setkey, a program to directly manipulate policies and SAs - racoon, an IKEv1 keying daemon %description -l ja これは IPsecツールのパッケージです。Linux Kernel 2.5 以上の IPsec 機能を使うにはこのパッケージが必要です。パッケージには以下の物が 含まれています。 - setkey, SA と SP を操作/設定する為のプログラム - racoon, IKEv1 自動鍵交換デーモン %prep %setup -q #%patch -p1 #%patch2 -p1 #%patch5 -p1 -b .64bit %patch3 -p1 -b .acquires %patch4 -p1 -b .loopback %patch11 -p1 -b .pie %patch14 -p1 -b .moreleaks %patch16 -p1 -b .nodevel %patch18 -p1 -b .gssapi-mech %patch19 -p1 -b .build %patch20 -p1 -b .aliasing %patch21 -p1 -b .cve_2015_4047 %patch22 -p1 -b .station_id %if %{with wildcard_psk} %patch100 -p0 -b wildcard_id %endif ./bootstrap %build sed -i 's|-Werror||g' configure LDFLAGS="-Wl,--as-needed" export LDFLAGS %configure \ --with-kernel-headers=/usr/include \ --sysconfdir=%{_sysconfdir}/racoon \ --without-readline \ --enable-adminport \ --enable-hybrid \ --enable-frag \ --enable-dpd \ --enable-gssapi \ --enable-natt \ --disable-security-context \ --disable-audit \ --with-libpam make %install rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT/sbin mkdir -p $RPM_BUILD_ROOT%{_sbindir} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d make install DESTDIR=$RPM_BUILD_ROOT install -m 600 %{SOURCE1} \ $RPM_BUILD_ROOT%{_sysconfdir}/racoon/racoon.conf install -m 600 %{SOURCE2} \ $RPM_BUILD_ROOT%{_sysconfdir}/racoon/psk.txt mv $RPM_BUILD_ROOT%{_sbindir}/setkey $RPM_BUILD_ROOT/sbin mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/certs mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts install -m 700 %{SOURCE3} \ $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts/p1_up_down install -D -m755 %{SOURCE4} $RPM_BUILD_ROOT%{_initrddir}/racoon install -D -m644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/racoon install -D -m644 %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.conf # no devel stuff for now rm -rf $RPM_BUILD_ROOT%{_libdir}/libipsec.{a,la} \ $RPM_BUILD_ROOT%{_libdir}/libracoon.{a,la} \ $RPM_BUILD_ROOT%{_includedir} \ $RPM_BUILD_ROOT%{_mandir}/man3 %clean rm -rf $RPM_BUILD_ROOT %post if [ $1 = 1 ]; then chkconfig --add racoon fi %preun if [ $1 = 0 ]; then service racoon stop > /dev/null 2>&1 /sbin/chkconfig --del racoon fi %files %defattr(-,root,root) %doc src/racoon/samples/racoon.conf src/racoon/samples/psk.txt %doc src/racoon/doc/FAQ %doc ChangeLog NEWS README /sbin/* %{_sbindir}/* %{_mandir}/man*/* %config %{_sysconfdir}/rc.d/init.d/racoon %dir /etc/racoon %dir /etc/racoon/certs %dir /etc/racoon/scripts %dir /var/racoon /etc/racoon/scripts/* %config(noreplace) %{_sysconfdir}/racoon/psk.txt %config(noreplace) %{_sysconfdir}/racoon/racoon.conf %config(noreplace) %{_sysconfdir}/ipsec.conf %config(noreplace) %{_sysconfdir}/pam.d/racoon %changelog * Tue Dec 19 2017 Tomohiro "Tomo-p" KATO 0.8.2-2 - added Patch21,22 * Wed Apr 02 2014 Tomohiro "Tomo-p" KATO 0.8.2-1 - new upstream release. * Tue Dec 10 2013 Tomohiro "Tomo-p" KATO 0.8.1-1 - new upstream release. * Fri Apr 22 2011 Tomohiro "Tomo-p" KATO 0.8.0-1 - new upstream release. - shipped all patches from Fedora RawHide. - added Patch100 but not applied as default. * Sun Feb 06 2011 Yoji TOYODA 0.6.7-2 - rebuild with openssl-1.0.0c * Sun Sep 28 2008 Shu KONNO 0.6.7-1vl5 - applied new versioning policy, spec in utf-8 * Sun Jun 10 2007 Ryoichi INAGAKI 0.6.7-0vl1 - new upstream release (including security fix CVE-2007-1841) - rebuilt with new toolchain * Wed Feb 28 2007 Kunio Murasawa 0.6.6-1vl1 - initial build for Vine Linux * Wed Jan 17 2007 Harald Hoyer - 0.6.6-1 - version 0.6.6 * Sun Oct 01 2006 Jesse Keating - 0.6.5-6 - rebuilt for unwind info generation, broken in gcc-4.1.1-21 * Mon Sep 25 2006 Harald Hoyer - 0.6.5-5 - added patch for selinux integration (bug #207159) * Fri Aug 4 2006 Harald Hoyer - 0.6.5-4 - backport of important 0.6.6 fixes: - sets NAT-T ports to 0 if no NAT encapsulation - fixed memory leak * Wed Jul 12 2006 Jesse Keating - 0.6.5-3.1 - rebuild * Wed Jun 21 2006 Harald Hoyer - 0.6.5-3 - more build requirements * Tue Apr 18 2006 Dan Walsh - 0.6.5-2 - Fix patch to build MLS Stuff correctly * Tue Apr 18 2006 Dan Walsh - 0.6.5-1 - Update to latest upstream version - Add MLS Patch to allow use of labeled networks - Patch provided by Joy Latten * Fri Feb 10 2006 Jesse Keating - 0.6.4-1.1 - bump again for double-long bug on ppc(64) * Tue Feb 07 2006 Harald Hoyer 0.6.4-1 - version 0.6.4 * Tue Feb 07 2006 Jesse Keating - 0.6.3-1.2 - rebuilt for new gcc4.1 snapshot and glibc changes * Fri Dec 09 2005 Jesse Keating - rebuilt * Mon Dec 05 2005 Harald Hoyer 0.6.3-1 - version 0.6.3, which contains fixes for various DoS problems * Wed Nov 9 2005 Tomas Mraz 0.6.1-2 - rebuilt against new openssl * Wed Oct 12 2005 Harald Hoyer 0.6.1-1 - version 0.6.1 * Mon Mar 28 2005 Bill Nottingham 0.5-4 - fix 64-bit issue in setph1attr() () * Mon Mar 14 2005 Bill Nottingham 0.5-3 - add patch for DoS (CAN-2005-0398, #145532) * Sat Mar 5 2005 Uwe Beck 0.5-2 - now racoon use /etc/racoon/racoon.conf as default - add the /var/racoon directory for racoon.sock * Wed Feb 23 2005 Bill Nottingham 0.5-1 - update to 0.5 * Thu Nov 4 2004 Bill Nottingham 0.3.3-2 - don't use new 0.3.3 handling of stdin in setkey; it breaks the format (#138105) * Mon Sep 27 2004 Bill Nottingham 0.3.3-1 - update to 0.3.3 (#122211) * Sun Aug 08 2004 Alan Cox 0.2.5-6 - fix buildreqs (Steve Grubb) * Mon Jun 28 2004 Nalin Dahyabhai 0.2.5-5 - rebuild * Fri Jun 25 2004 Nalin Dahyabhai 0.2.5-4 - backport certificate validation fixes from 0.3.3 (#126568) * Tue Jun 15 2004 Elliot Lee - rebuilt * Wed Apr 14 2004 Bill Nottingham - 0.2.5-2 - add patch for potential remote DoS (CAN-2004-0403) * Tue Apr 6 2004 Bill Nottingham - update to 0.2.5 * Tue Mar 02 2004 Elliot Lee - rebuilt * Mon Feb 23 2004 Bill Nottingham - update to 0.2.4, fix racoon install location (#116374, ) * Fri Feb 13 2004 Elliot Lee - rebuilt * Mon Dec 8 2003 Bill Nottingham 0.2.2-8 - rebuild * Fri Aug 29 2003 Bill Nottingham 0.2.2-7 - add fix for #103238 * Tue Aug 5 2003 Bill Nottingham 0.2.2-6 - update kernel interface bits, rebuild against them * Tue Jul 29 2003 Bill Nottingham 0.2.2-5 - rebuild * Wed Jul 2 2003 Bill Notitngham 0.2.2-4 - ship a much more pared-down racoon.conf and psk.txt * Thu Jun 5 2003 Bill Notitngham 0.2.2-3 - update pfkey header for current kernels * Wed Jun 04 2003 Elliot Lee - rebuilt * Fri May 2 2003 Bill Nottingham 0.2.2-1 - update to 0.2.2 * Fri Mar 7 2003 Bill Nottingham - initial build