123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328 |
- %bcond_without wildcard_psk
- Name: ipsec-tools
- Version: 0.8.2
- Release: 2%{?_dist_release}
- Summary: Tools for configuring and using IPsec
- Summary(ja): IPsecツール
- License: BSD
- Group: System Environment/Base
- URL: http://ipsec-tools.sourceforge.net/
- Source: http://prdownload.sourceforge.net/ipsec-tools/ipsec-tools-%{version}.tar.bz2
- Source1: racoon.conf
- Source2: psk.txt
- Source3: p1_up_down
- Source4: racoon.init
- Source5: racoon.pam
- Source100: ipsec.conf
- # Ignore acquires that are sent by kernel for SAs that are already being
- # negotiated (#234491)
- Patch3: ipsec-tools-0.8.0-acquires.patch
- # Support for labeled IPSec on loopback
- Patch4: ipsec-tools-0.8.0-loopback.patch
- # Create racoon as PIE
- Patch11: ipsec-tools-0.7.1-pie.patch
- # Fix leak in certification handling
- Patch14: ipsec-tools-0.7.2-moreleaks.patch
- # Do not install development files
- Patch16: ipsec-tools-0.8.0-nodevel.patch
- # Use krb5 gssapi mechanism
- Patch18: ipsec-tools-0.7.3-gssapi-mech.patch
- # Drop -R from linker
- Patch19: ipsec-tools-0.7.3-build.patch
- # Silence strict aliasing warnings
- Patch20: ipsec-tools-0.8.0-aliasing.patch
- # CVE-2015-4047
- Patch21: ipsec-tools-0.8.2-CVE-2015-4047.patch
- # Calling_station-Id attribute for xauth RADIUS requests
- Patch22: ipsec-tools-0.8.2-952413.patch
- Patch100: racoon-wildcard_id.patch
- #BuildRequires: openssl-devel, krb5-devel, bison, flex, automake, libtool
- BuildRequires: bison, flex, automake, libtool, glibc-kernheaders
- BuildRequires: openssl-devel, pam-devel, krb5-devel
- #BuildRequires: libselinux-devel >= 1.30.28-2
- BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
- #Requires: initscripts >= 7.31.11.EL-1
- Requires: initscripts
- Vendor: Project Vine
- Distribution: Vine Linux
-
- %description
- This is the IPsec-Tools package. You need this package in order to
- really use the IPsec functionality in the linux-2.5+ kernels. This
- package builds:
-
- - setkey, a program to directly manipulate policies and SAs
- - racoon, an IKEv1 keying daemon
- %description -l ja
- これは IPsecツールのパッケージです。Linux Kernel 2.5 以上の IPsec
- 機能を使うにはこのパッケージが必要です。パッケージには以下の物が
- 含まれています。
- - setkey, SA と SP を操作/設定する為のプログラム
- - racoon, IKEv1 自動鍵交換デーモン
- %prep
- %setup -q
- #%patch -p1
- #%patch2 -p1
- #%patch5 -p1 -b .64bit
- %patch3 -p1 -b .acquires
- %patch4 -p1 -b .loopback
- %patch11 -p1 -b .pie
- %patch14 -p1 -b .moreleaks
- %patch16 -p1 -b .nodevel
- %patch18 -p1 -b .gssapi-mech
- %patch19 -p1 -b .build
- %patch20 -p1 -b .aliasing
- %patch21 -p1 -b .cve_2015_4047
- %patch22 -p1 -b .station_id
- %if %{with wildcard_psk}
- %patch100 -p0 -b wildcard_id
- %endif
- ./bootstrap
- %build
- sed -i 's|-Werror||g' configure
- LDFLAGS="-Wl,--as-needed"
- export LDFLAGS
- %configure \
- --with-kernel-headers=/usr/include \
- --sysconfdir=%{_sysconfdir}/racoon \
- --without-readline \
- --enable-adminport \
- --enable-hybrid \
- --enable-frag \
- --enable-dpd \
- --enable-gssapi \
- --enable-natt \
- --disable-security-context \
- --disable-audit \
- --with-libpam
- make
- %install
- rm -rf $RPM_BUILD_ROOT
- mkdir -p $RPM_BUILD_ROOT/sbin
- mkdir -p $RPM_BUILD_ROOT%{_sbindir}
- mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon
- mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d
- make install DESTDIR=$RPM_BUILD_ROOT
- install -m 600 %{SOURCE1} \
- $RPM_BUILD_ROOT%{_sysconfdir}/racoon/racoon.conf
- install -m 600 %{SOURCE2} \
- $RPM_BUILD_ROOT%{_sysconfdir}/racoon/psk.txt
- mv $RPM_BUILD_ROOT%{_sbindir}/setkey $RPM_BUILD_ROOT/sbin
- mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/certs
- mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts
- install -m 700 %{SOURCE3} \
- $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts/p1_up_down
- install -D -m755 %{SOURCE4} $RPM_BUILD_ROOT%{_initrddir}/racoon
- install -D -m644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/racoon
- install -D -m644 %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.conf
- # no devel stuff for now
- rm -rf $RPM_BUILD_ROOT%{_libdir}/libipsec.{a,la} \
- $RPM_BUILD_ROOT%{_libdir}/libracoon.{a,la} \
- $RPM_BUILD_ROOT%{_includedir} \
- $RPM_BUILD_ROOT%{_mandir}/man3
- %clean
- rm -rf $RPM_BUILD_ROOT
- %post
- if [ $1 = 1 ]; then
- chkconfig --add racoon
- fi
- %preun
- if [ $1 = 0 ]; then
- service racoon stop > /dev/null 2>&1
- /sbin/chkconfig --del racoon
- fi
- %files
- %defattr(-,root,root)
- %doc src/racoon/samples/racoon.conf src/racoon/samples/psk.txt
- %doc src/racoon/doc/FAQ
- %doc ChangeLog NEWS README
- /sbin/*
- %{_sbindir}/*
- %{_mandir}/man*/*
- %config %{_sysconfdir}/rc.d/init.d/racoon
- %dir /etc/racoon
- %dir /etc/racoon/certs
- %dir /etc/racoon/scripts
- %dir /var/racoon
- /etc/racoon/scripts/*
- %config(noreplace) %{_sysconfdir}/racoon/psk.txt
- %config(noreplace) %{_sysconfdir}/racoon/racoon.conf
- %config(noreplace) %{_sysconfdir}/ipsec.conf
- %config(noreplace) %{_sysconfdir}/pam.d/racoon
- %changelog
- * Tue Dec 19 2017 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.2-2
- - added Patch21,22
- * Wed Apr 02 2014 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.2-1
- - new upstream release.
- * Tue Dec 10 2013 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.1-1
- - new upstream release.
- * Fri Apr 22 2011 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.0-1
- - new upstream release.
- - shipped all patches from Fedora RawHide.
- - added Patch100 but not applied as default.
- * Sun Feb 06 2011 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.6.7-2
- - rebuild with openssl-1.0.0c
- * Sun Sep 28 2008 Shu KONNO <owa@bg.wakwak.com> 0.6.7-1vl5
- - applied new versioning policy, spec in utf-8
- * Sun Jun 10 2007 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 0.6.7-0vl1
- - new upstream release (including security fix CVE-2007-1841)
- - rebuilt with new toolchain
- * Wed Feb 28 2007 Kunio Murasawa <murasawa@fa2.so-net.ne.jp> 0.6.6-1vl1
- - initial build for Vine Linux
- * Wed Jan 17 2007 Harald Hoyer <harald@redhat.com> - 0.6.6-1
- - version 0.6.6
- * Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 0.6.5-6
- - rebuilt for unwind info generation, broken in gcc-4.1.1-21
- * Mon Sep 25 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-5
- - added patch for selinux integration (bug #207159)
- * Fri Aug 4 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-4
- - backport of important 0.6.6 fixes:
- - sets NAT-T ports to 0 if no NAT encapsulation
- - fixed memory leak
- * Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.6.5-3.1
- - rebuild
- * Wed Jun 21 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-3
- - more build requirements
- * Tue Apr 18 2006 Dan Walsh <dwalsh@redhat.com> - 0.6.5-2
- - Fix patch to build MLS Stuff correctly
- * Tue Apr 18 2006 Dan Walsh <dwalsh@redhat.com> - 0.6.5-1
- - Update to latest upstream version
- - Add MLS Patch to allow use of labeled networks
- - Patch provided by Joy Latten <latten@austin.ibm.com>
- * Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.6.4-1.1
- - bump again for double-long bug on ppc(64)
- * Tue Feb 07 2006 Harald Hoyer <harald@redhat.com> 0.6.4-1
- - version 0.6.4
- * Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.6.3-1.2
- - rebuilt for new gcc4.1 snapshot and glibc changes
- * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- - rebuilt
- * Mon Dec 05 2005 Harald Hoyer <harald@redhat.com> 0.6.3-1
- - version 0.6.3, which contains fixes for various DoS problems
- * Wed Nov 9 2005 Tomas Mraz <tmraz@redhat.com> 0.6.1-2
- - rebuilt against new openssl
- * Wed Oct 12 2005 Harald Hoyer <harald@redhat.com> 0.6.1-1
- - version 0.6.1
- * Mon Mar 28 2005 Bill Nottingham <notting@redhat.com> 0.5-4
- - fix 64-bit issue in setph1attr() (<aviro@redhat.com>)
- * Mon Mar 14 2005 Bill Nottingham <notting@redhat.com> 0.5-3
- - add patch for DoS (CAN-2005-0398, #145532)
- * Sat Mar 5 2005 Uwe Beck <ubeck@c3pdm.com> 0.5-2
- - now racoon use /etc/racoon/racoon.conf as default
- - add the /var/racoon directory for racoon.sock
- * Wed Feb 23 2005 Bill Nottingham <notting@redhat.com> 0.5-1
- - update to 0.5
- * Thu Nov 4 2004 Bill Nottingham <notting@redhat.com> 0.3.3-2
- - don't use new 0.3.3 handling of stdin in setkey; it breaks the
- format (#138105)
- * Mon Sep 27 2004 Bill Nottingham <notting@redhat.com> 0.3.3-1
- - update to 0.3.3 (#122211)
- * Sun Aug 08 2004 Alan Cox <alan@redhat.com> 0.2.5-6
- - fix buildreqs (Steve Grubb)
- * Mon Jun 28 2004 Nalin Dahyabhai <nalin@redhat.com> 0.2.5-5
- - rebuild
- * Fri Jun 25 2004 Nalin Dahyabhai <nalin@redhat.com> 0.2.5-4
- - backport certificate validation fixes from 0.3.3 (#126568)
- * Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- - rebuilt
- * Wed Apr 14 2004 Bill Nottingham <notting@redhat.com> - 0.2.5-2
- - add patch for potential remote DoS (CAN-2004-0403)
- * Tue Apr 6 2004 Bill Nottingham <notting@redhat.com>
- - update to 0.2.5
- * Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
- - rebuilt
- * Mon Feb 23 2004 Bill Nottingham <notting@redhat.com>
- - update to 0.2.4, fix racoon install location (#116374, <kajtzu@fi.basen.net>)
- * Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- - rebuilt
- * Mon Dec 8 2003 Bill Nottingham <notting@redhat.com> 0.2.2-8
- - rebuild
- * Fri Aug 29 2003 Bill Nottingham <notting@redhat.com> 0.2.2-7
- - add fix for #103238
- * Tue Aug 5 2003 Bill Nottingham <notting@redhat.com> 0.2.2-6
- - update kernel interface bits, rebuild against them
- * Tue Jul 29 2003 Bill Nottingham <notting@redhat.com> 0.2.2-5
- - rebuild
- * Wed Jul 2 2003 Bill Notitngham <notting@redhat.com> 0.2.2-4
- - ship a much more pared-down racoon.conf and psk.txt
- * Thu Jun 5 2003 Bill Notitngham <notting@redhat.com> 0.2.2-3
- - update pfkey header for current kernels
- * Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
- - rebuilt
- * Fri May 2 2003 Bill Nottingham <notting@redhat.com> 0.2.2-1
- - update to 0.2.2
- * Fri Mar 7 2003 Bill Nottingham <notting@redhat.com>
- - initial build
|