ipsec-tools-vl.spec 9.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328
  1. %bcond_without wildcard_psk
  2. Name: ipsec-tools
  3. Version: 0.8.2
  4. Release: 2%{?_dist_release}
  5. Summary: Tools for configuring and using IPsec
  6. Summary(ja): IPsecツール
  7. License: BSD
  8. Group: System Environment/Base
  9. URL: http://ipsec-tools.sourceforge.net/
  10. Source: http://prdownload.sourceforge.net/ipsec-tools/ipsec-tools-%{version}.tar.bz2
  11. Source1: racoon.conf
  12. Source2: psk.txt
  13. Source3: p1_up_down
  14. Source4: racoon.init
  15. Source5: racoon.pam
  16. Source100: ipsec.conf
  17. # Ignore acquires that are sent by kernel for SAs that are already being
  18. # negotiated (#234491)
  19. Patch3: ipsec-tools-0.8.0-acquires.patch
  20. # Support for labeled IPSec on loopback
  21. Patch4: ipsec-tools-0.8.0-loopback.patch
  22. # Create racoon as PIE
  23. Patch11: ipsec-tools-0.7.1-pie.patch
  24. # Fix leak in certification handling
  25. Patch14: ipsec-tools-0.7.2-moreleaks.patch
  26. # Do not install development files
  27. Patch16: ipsec-tools-0.8.0-nodevel.patch
  28. # Use krb5 gssapi mechanism
  29. Patch18: ipsec-tools-0.7.3-gssapi-mech.patch
  30. # Drop -R from linker
  31. Patch19: ipsec-tools-0.7.3-build.patch
  32. # Silence strict aliasing warnings
  33. Patch20: ipsec-tools-0.8.0-aliasing.patch
  34. # CVE-2015-4047
  35. Patch21: ipsec-tools-0.8.2-CVE-2015-4047.patch
  36. # Calling_station-Id attribute for xauth RADIUS requests
  37. Patch22: ipsec-tools-0.8.2-952413.patch
  38. Patch100: racoon-wildcard_id.patch
  39. #BuildRequires: openssl-devel, krb5-devel, bison, flex, automake, libtool
  40. BuildRequires: bison, flex, automake, libtool, glibc-kernheaders
  41. BuildRequires: openssl-devel, pam-devel, krb5-devel
  42. #BuildRequires: libselinux-devel >= 1.30.28-2
  43. BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
  44. #Requires: initscripts >= 7.31.11.EL-1
  45. Requires: initscripts
  46. Vendor: Project Vine
  47. Distribution: Vine Linux
  48. %description
  49. This is the IPsec-Tools package. You need this package in order to
  50. really use the IPsec functionality in the linux-2.5+ kernels. This
  51. package builds:
  52. - setkey, a program to directly manipulate policies and SAs
  53. - racoon, an IKEv1 keying daemon
  54. %description -l ja
  55. これは IPsecツールのパッケージです。Linux Kernel 2.5 以上の IPsec
  56. 機能を使うにはこのパッケージが必要です。パッケージには以下の物が
  57. 含まれています。
  58. - setkey, SA と SP を操作/設定する為のプログラム
  59. - racoon, IKEv1 自動鍵交換デーモン
  60. %prep
  61. %setup -q
  62. #%patch -p1
  63. #%patch2 -p1
  64. #%patch5 -p1 -b .64bit
  65. %patch3 -p1 -b .acquires
  66. %patch4 -p1 -b .loopback
  67. %patch11 -p1 -b .pie
  68. %patch14 -p1 -b .moreleaks
  69. %patch16 -p1 -b .nodevel
  70. %patch18 -p1 -b .gssapi-mech
  71. %patch19 -p1 -b .build
  72. %patch20 -p1 -b .aliasing
  73. %patch21 -p1 -b .cve_2015_4047
  74. %patch22 -p1 -b .station_id
  75. %if %{with wildcard_psk}
  76. %patch100 -p0 -b wildcard_id
  77. %endif
  78. ./bootstrap
  79. %build
  80. sed -i 's|-Werror||g' configure
  81. LDFLAGS="-Wl,--as-needed"
  82. export LDFLAGS
  83. %configure \
  84. --with-kernel-headers=/usr/include \
  85. --sysconfdir=%{_sysconfdir}/racoon \
  86. --without-readline \
  87. --enable-adminport \
  88. --enable-hybrid \
  89. --enable-frag \
  90. --enable-dpd \
  91. --enable-gssapi \
  92. --enable-natt \
  93. --disable-security-context \
  94. --disable-audit \
  95. --with-libpam
  96. make
  97. %install
  98. rm -rf $RPM_BUILD_ROOT
  99. mkdir -p $RPM_BUILD_ROOT/sbin
  100. mkdir -p $RPM_BUILD_ROOT%{_sbindir}
  101. mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon
  102. mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d
  103. make install DESTDIR=$RPM_BUILD_ROOT
  104. install -m 600 %{SOURCE1} \
  105. $RPM_BUILD_ROOT%{_sysconfdir}/racoon/racoon.conf
  106. install -m 600 %{SOURCE2} \
  107. $RPM_BUILD_ROOT%{_sysconfdir}/racoon/psk.txt
  108. mv $RPM_BUILD_ROOT%{_sbindir}/setkey $RPM_BUILD_ROOT/sbin
  109. mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/certs
  110. mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts
  111. install -m 700 %{SOURCE3} \
  112. $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts/p1_up_down
  113. install -D -m755 %{SOURCE4} $RPM_BUILD_ROOT%{_initrddir}/racoon
  114. install -D -m644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/racoon
  115. install -D -m644 %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.conf
  116. # no devel stuff for now
  117. rm -rf $RPM_BUILD_ROOT%{_libdir}/libipsec.{a,la} \
  118. $RPM_BUILD_ROOT%{_libdir}/libracoon.{a,la} \
  119. $RPM_BUILD_ROOT%{_includedir} \
  120. $RPM_BUILD_ROOT%{_mandir}/man3
  121. %clean
  122. rm -rf $RPM_BUILD_ROOT
  123. %post
  124. if [ $1 = 1 ]; then
  125. chkconfig --add racoon
  126. fi
  127. %preun
  128. if [ $1 = 0 ]; then
  129. service racoon stop > /dev/null 2>&1
  130. /sbin/chkconfig --del racoon
  131. fi
  132. %files
  133. %defattr(-,root,root)
  134. %doc src/racoon/samples/racoon.conf src/racoon/samples/psk.txt
  135. %doc src/racoon/doc/FAQ
  136. %doc ChangeLog NEWS README
  137. /sbin/*
  138. %{_sbindir}/*
  139. %{_mandir}/man*/*
  140. %config %{_sysconfdir}/rc.d/init.d/racoon
  141. %dir /etc/racoon
  142. %dir /etc/racoon/certs
  143. %dir /etc/racoon/scripts
  144. %dir /var/racoon
  145. /etc/racoon/scripts/*
  146. %config(noreplace) %{_sysconfdir}/racoon/psk.txt
  147. %config(noreplace) %{_sysconfdir}/racoon/racoon.conf
  148. %config(noreplace) %{_sysconfdir}/ipsec.conf
  149. %config(noreplace) %{_sysconfdir}/pam.d/racoon
  150. %changelog
  151. * Tue Dec 19 2017 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.2-2
  152. - added Patch21,22
  153. * Wed Apr 02 2014 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.2-1
  154. - new upstream release.
  155. * Tue Dec 10 2013 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.1-1
  156. - new upstream release.
  157. * Fri Apr 22 2011 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.0-1
  158. - new upstream release.
  159. - shipped all patches from Fedora RawHide.
  160. - added Patch100 but not applied as default.
  161. * Sun Feb 06 2011 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.6.7-2
  162. - rebuild with openssl-1.0.0c
  163. * Sun Sep 28 2008 Shu KONNO <owa@bg.wakwak.com> 0.6.7-1vl5
  164. - applied new versioning policy, spec in utf-8
  165. * Sun Jun 10 2007 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 0.6.7-0vl1
  166. - new upstream release (including security fix CVE-2007-1841)
  167. - rebuilt with new toolchain
  168. * Wed Feb 28 2007 Kunio Murasawa <murasawa@fa2.so-net.ne.jp> 0.6.6-1vl1
  169. - initial build for Vine Linux
  170. * Wed Jan 17 2007 Harald Hoyer <harald@redhat.com> - 0.6.6-1
  171. - version 0.6.6
  172. * Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 0.6.5-6
  173. - rebuilt for unwind info generation, broken in gcc-4.1.1-21
  174. * Mon Sep 25 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-5
  175. - added patch for selinux integration (bug #207159)
  176. * Fri Aug 4 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-4
  177. - backport of important 0.6.6 fixes:
  178. - sets NAT-T ports to 0 if no NAT encapsulation
  179. - fixed memory leak
  180. * Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.6.5-3.1
  181. - rebuild
  182. * Wed Jun 21 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-3
  183. - more build requirements
  184. * Tue Apr 18 2006 Dan Walsh <dwalsh@redhat.com> - 0.6.5-2
  185. - Fix patch to build MLS Stuff correctly
  186. * Tue Apr 18 2006 Dan Walsh <dwalsh@redhat.com> - 0.6.5-1
  187. - Update to latest upstream version
  188. - Add MLS Patch to allow use of labeled networks
  189. - Patch provided by Joy Latten <latten@austin.ibm.com>
  190. * Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.6.4-1.1
  191. - bump again for double-long bug on ppc(64)
  192. * Tue Feb 07 2006 Harald Hoyer <harald@redhat.com> 0.6.4-1
  193. - version 0.6.4
  194. * Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.6.3-1.2
  195. - rebuilt for new gcc4.1 snapshot and glibc changes
  196. * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
  197. - rebuilt
  198. * Mon Dec 05 2005 Harald Hoyer <harald@redhat.com> 0.6.3-1
  199. - version 0.6.3, which contains fixes for various DoS problems
  200. * Wed Nov 9 2005 Tomas Mraz <tmraz@redhat.com> 0.6.1-2
  201. - rebuilt against new openssl
  202. * Wed Oct 12 2005 Harald Hoyer <harald@redhat.com> 0.6.1-1
  203. - version 0.6.1
  204. * Mon Mar 28 2005 Bill Nottingham <notting@redhat.com> 0.5-4
  205. - fix 64-bit issue in setph1attr() (<aviro@redhat.com>)
  206. * Mon Mar 14 2005 Bill Nottingham <notting@redhat.com> 0.5-3
  207. - add patch for DoS (CAN-2005-0398, #145532)
  208. * Sat Mar 5 2005 Uwe Beck <ubeck@c3pdm.com> 0.5-2
  209. - now racoon use /etc/racoon/racoon.conf as default
  210. - add the /var/racoon directory for racoon.sock
  211. * Wed Feb 23 2005 Bill Nottingham <notting@redhat.com> 0.5-1
  212. - update to 0.5
  213. * Thu Nov 4 2004 Bill Nottingham <notting@redhat.com> 0.3.3-2
  214. - don't use new 0.3.3 handling of stdin in setkey; it breaks the
  215. format (#138105)
  216. * Mon Sep 27 2004 Bill Nottingham <notting@redhat.com> 0.3.3-1
  217. - update to 0.3.3 (#122211)
  218. * Sun Aug 08 2004 Alan Cox <alan@redhat.com> 0.2.5-6
  219. - fix buildreqs (Steve Grubb)
  220. * Mon Jun 28 2004 Nalin Dahyabhai <nalin@redhat.com> 0.2.5-5
  221. - rebuild
  222. * Fri Jun 25 2004 Nalin Dahyabhai <nalin@redhat.com> 0.2.5-4
  223. - backport certificate validation fixes from 0.3.3 (#126568)
  224. * Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
  225. - rebuilt
  226. * Wed Apr 14 2004 Bill Nottingham <notting@redhat.com> - 0.2.5-2
  227. - add patch for potential remote DoS (CAN-2004-0403)
  228. * Tue Apr 6 2004 Bill Nottingham <notting@redhat.com>
  229. - update to 0.2.5
  230. * Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
  231. - rebuilt
  232. * Mon Feb 23 2004 Bill Nottingham <notting@redhat.com>
  233. - update to 0.2.4, fix racoon install location (#116374, <kajtzu@fi.basen.net>)
  234. * Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
  235. - rebuilt
  236. * Mon Dec 8 2003 Bill Nottingham <notting@redhat.com> 0.2.2-8
  237. - rebuild
  238. * Fri Aug 29 2003 Bill Nottingham <notting@redhat.com> 0.2.2-7
  239. - add fix for #103238
  240. * Tue Aug 5 2003 Bill Nottingham <notting@redhat.com> 0.2.2-6
  241. - update kernel interface bits, rebuild against them
  242. * Tue Jul 29 2003 Bill Nottingham <notting@redhat.com> 0.2.2-5
  243. - rebuild
  244. * Wed Jul 2 2003 Bill Notitngham <notting@redhat.com> 0.2.2-4
  245. - ship a much more pared-down racoon.conf and psk.txt
  246. * Thu Jun 5 2003 Bill Notitngham <notting@redhat.com> 0.2.2-3
  247. - update pfkey header for current kernels
  248. * Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
  249. - rebuilt
  250. * Fri May 2 2003 Bill Nottingham <notting@redhat.com> 0.2.2-1
  251. - update to 0.2.2
  252. * Fri Mar 7 2003 Bill Nottingham <notting@redhat.com>
  253. - initial build