[3644] | 1 | %bcond_with wildcard_psk |
---|
| 2 | |
---|
[10954] | 3 | %if %{with wildcard_psk} |
---|
| 4 | %define rel_wildcard_psk _wildcard |
---|
| 5 | %endif |
---|
| 6 | |
---|
[521] | 7 | Name: ipsec-tools |
---|
[10954] | 8 | Version: 0.8.2 |
---|
| 9 | Release: 1%{?_dist_release}%{?rel_wildcard_psk} |
---|
[521] | 10 | Summary: Tools for configuring and using IPsec |
---|
| 11 | Summary(ja): IPsecツール |
---|
| 12 | License: BSD |
---|
| 13 | Group: System Environment/Base |
---|
| 14 | URL: http://ipsec-tools.sourceforge.net/ |
---|
| 15 | Source: http://prdownload.sourceforge.net/ipsec-tools/ipsec-tools-%{version}.tar.bz2 |
---|
[3644] | 16 | Source1: racoon.conf |
---|
| 17 | Source2: psk.txt |
---|
| 18 | Source3: p1_up_down |
---|
| 19 | Source4: racoon.init |
---|
| 20 | Source5: racoon.pam |
---|
[521] | 21 | |
---|
[3644] | 22 | Source100: ipsec.conf |
---|
[521] | 23 | |
---|
[3644] | 24 | # Ignore acquires that are sent by kernel for SAs that are already being |
---|
| 25 | # negotiated (#234491) |
---|
| 26 | Patch3: ipsec-tools-0.8.0-acquires.patch |
---|
| 27 | # Support for labeled IPSec on loopback |
---|
| 28 | Patch4: ipsec-tools-0.8.0-loopback.patch |
---|
| 29 | # Create racoon as PIE |
---|
| 30 | Patch11: ipsec-tools-0.7.1-pie.patch |
---|
| 31 | # Fix leak in certification handling |
---|
| 32 | Patch14: ipsec-tools-0.7.2-moreleaks.patch |
---|
| 33 | # Do not install development files |
---|
| 34 | Patch16: ipsec-tools-0.8.0-nodevel.patch |
---|
| 35 | # Use krb5 gssapi mechanism |
---|
| 36 | Patch18: ipsec-tools-0.7.3-gssapi-mech.patch |
---|
| 37 | # Drop -R from linker |
---|
| 38 | Patch19: ipsec-tools-0.7.3-build.patch |
---|
| 39 | # Silence strict aliasing warnings |
---|
| 40 | Patch20: ipsec-tools-0.8.0-aliasing.patch |
---|
| 41 | |
---|
| 42 | Patch100: racoon-wildcard_id.patch |
---|
| 43 | |
---|
[521] | 44 | #BuildRequires: openssl-devel, krb5-devel, bison, flex, automake, libtool |
---|
[3644] | 45 | BuildRequires: bison, flex, automake, libtool, glibc-kernheaders |
---|
| 46 | BuildRequires: openssl-devel, pam-devel, krb5-devel |
---|
[521] | 47 | #BuildRequires: libselinux-devel >= 1.30.28-2 |
---|
| 48 | BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root |
---|
| 49 | #Requires: initscripts >= 7.31.11.EL-1 |
---|
| 50 | Requires: initscripts |
---|
| 51 | |
---|
| 52 | Vendor: Project Vine |
---|
| 53 | Distribution: Vine Linux |
---|
| 54 | |
---|
| 55 | %description |
---|
| 56 | This is the IPsec-Tools package. You need this package in order to |
---|
| 57 | really use the IPsec functionality in the linux-2.5+ kernels. This |
---|
| 58 | package builds: |
---|
| 59 | |
---|
| 60 | - setkey, a program to directly manipulate policies and SAs |
---|
| 61 | - racoon, an IKEv1 keying daemon |
---|
| 62 | |
---|
| 63 | %description -l ja |
---|
| 64 | これは IPsecツールのパッケージです。Linux Kernel 2.5 以上の IPsec |
---|
| 65 | 機能を使うにはこのパッケージが必要です。パッケージには以下の物が |
---|
| 66 | 含まれています。 |
---|
| 67 | |
---|
| 68 | - setkey, SA と SP を操作/設定する為のプログラム |
---|
| 69 | - racoon, IKEv1 自動鍵交換デーモン |
---|
| 70 | |
---|
| 71 | %prep |
---|
| 72 | %setup -q |
---|
[3644] | 73 | #%patch -p1 |
---|
| 74 | #%patch2 -p1 |
---|
| 75 | #%patch5 -p1 -b .64bit |
---|
[521] | 76 | |
---|
[3644] | 77 | %patch3 -p1 -b .acquires |
---|
| 78 | %patch4 -p1 -b .loopback |
---|
[521] | 79 | |
---|
[3644] | 80 | %patch11 -p1 -b .pie |
---|
| 81 | %patch14 -p1 -b .moreleaks |
---|
| 82 | %patch16 -p1 -b .nodevel |
---|
| 83 | %patch18 -p1 -b .gssapi-mech |
---|
| 84 | %patch19 -p1 -b .build |
---|
| 85 | %patch20 -p1 -b .aliasing |
---|
| 86 | |
---|
| 87 | %if %{with wildcard_psk} |
---|
| 88 | %patch100 -p0 -b wildcard_id |
---|
| 89 | %endif |
---|
| 90 | |
---|
| 91 | ./bootstrap |
---|
| 92 | |
---|
[521] | 93 | %build |
---|
| 94 | sed -i 's|-Werror||g' configure |
---|
[3644] | 95 | LDFLAGS="-Wl,--as-needed" |
---|
| 96 | export LDFLAGS |
---|
| 97 | %configure \ |
---|
| 98 | --with-kernel-headers=/usr/include \ |
---|
[521] | 99 | --sysconfdir=%{_sysconfdir}/racoon \ |
---|
| 100 | --without-readline \ |
---|
| 101 | --enable-adminport \ |
---|
| 102 | --enable-hybrid \ |
---|
| 103 | --enable-frag \ |
---|
| 104 | --enable-dpd \ |
---|
[3644] | 105 | --enable-gssapi \ |
---|
| 106 | --enable-natt \ |
---|
| 107 | --disable-security-context \ |
---|
| 108 | --disable-audit \ |
---|
| 109 | --with-libpam |
---|
[521] | 110 | make |
---|
| 111 | |
---|
| 112 | %install |
---|
| 113 | rm -rf $RPM_BUILD_ROOT |
---|
| 114 | mkdir -p $RPM_BUILD_ROOT/sbin |
---|
| 115 | mkdir -p $RPM_BUILD_ROOT%{_sbindir} |
---|
| 116 | mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon |
---|
| 117 | mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d |
---|
| 118 | make install DESTDIR=$RPM_BUILD_ROOT |
---|
| 119 | |
---|
[3644] | 120 | install -m 600 %{SOURCE1} \ |
---|
[521] | 121 | $RPM_BUILD_ROOT%{_sysconfdir}/racoon/racoon.conf |
---|
[3644] | 122 | install -m 600 %{SOURCE2} \ |
---|
[521] | 123 | $RPM_BUILD_ROOT%{_sysconfdir}/racoon/psk.txt |
---|
| 124 | |
---|
| 125 | mv $RPM_BUILD_ROOT%{_sbindir}/setkey $RPM_BUILD_ROOT/sbin |
---|
| 126 | |
---|
| 127 | mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/certs |
---|
[3644] | 128 | mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts |
---|
[521] | 129 | |
---|
[3644] | 130 | install -m 700 %{SOURCE3} \ |
---|
| 131 | $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts/p1_up_down |
---|
| 132 | install -D -m755 %{SOURCE4} $RPM_BUILD_ROOT%{_initrddir}/racoon |
---|
| 133 | install -D -m644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/racoon |
---|
| 134 | |
---|
| 135 | install -D -m644 %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.conf |
---|
| 136 | |
---|
| 137 | # no devel stuff for now |
---|
| 138 | rm -rf $RPM_BUILD_ROOT%{_libdir}/libipsec.{a,la} \ |
---|
| 139 | $RPM_BUILD_ROOT%{_libdir}/libracoon.{a,la} \ |
---|
| 140 | $RPM_BUILD_ROOT%{_includedir} \ |
---|
| 141 | $RPM_BUILD_ROOT%{_mandir}/man3 |
---|
| 142 | |
---|
| 143 | |
---|
[521] | 144 | %clean |
---|
| 145 | rm -rf $RPM_BUILD_ROOT |
---|
| 146 | |
---|
[3644] | 147 | %post |
---|
| 148 | if [ $1 = 1 ]; then |
---|
| 149 | chkconfig --add racoon |
---|
| 150 | fi |
---|
| 151 | |
---|
| 152 | %preun |
---|
| 153 | if [ $1 = 0 ]; then |
---|
| 154 | service racoon stop > /dev/null 2>&1 |
---|
| 155 | /sbin/chkconfig --del racoon |
---|
| 156 | fi |
---|
| 157 | |
---|
[521] | 158 | %files |
---|
| 159 | %defattr(-,root,root) |
---|
| 160 | %doc src/racoon/samples/racoon.conf src/racoon/samples/psk.txt |
---|
| 161 | %doc src/racoon/doc/FAQ |
---|
| 162 | %doc ChangeLog NEWS README |
---|
| 163 | /sbin/* |
---|
| 164 | %{_sbindir}/* |
---|
| 165 | %{_mandir}/man*/* |
---|
[3644] | 166 | %config %{_sysconfdir}/rc.d/init.d/racoon |
---|
[521] | 167 | %dir /etc/racoon |
---|
| 168 | %dir /etc/racoon/certs |
---|
[3644] | 169 | %dir /etc/racoon/scripts |
---|
[521] | 170 | %dir /var/racoon |
---|
[3644] | 171 | /etc/racoon/scripts/* |
---|
[521] | 172 | %config(noreplace) %{_sysconfdir}/racoon/psk.txt |
---|
| 173 | %config(noreplace) %{_sysconfdir}/racoon/racoon.conf |
---|
| 174 | %config(noreplace) %{_sysconfdir}/ipsec.conf |
---|
[3644] | 175 | %config(noreplace) %{_sysconfdir}/pam.d/racoon |
---|
[521] | 176 | |
---|
| 177 | %changelog |
---|
[10954] | 178 | * Wed Apr 2 2014 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.2-1 |
---|
| 179 | - new upstream release. |
---|
| 180 | |
---|
[8115] | 181 | * Tue Dec 10 2013 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.1-1 |
---|
| 182 | - new upstream release. |
---|
| 183 | |
---|
[3644] | 184 | * Fri Apr 22 2011 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.0-1 |
---|
| 185 | - new upstream release. |
---|
| 186 | - shipped all patches from Fedora RawHide. |
---|
| 187 | - added Patch100 but not applied as default. |
---|
| 188 | |
---|
[2653] | 189 | * Sun Feb 06 2011 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.6.7-2 |
---|
| 190 | - rebuild with openssl-1.0.0c |
---|
| 191 | |
---|
[521] | 192 | * Sun Sep 28 2008 Shu KONNO <owa@bg.wakwak.com> 0.6.7-1vl5 |
---|
| 193 | - applied new versioning policy, spec in utf-8 |
---|
| 194 | |
---|
| 195 | * Sun Jun 10 2007 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 0.6.7-0vl1 |
---|
| 196 | - new upstream release (including security fix CVE-2007-1841) |
---|
| 197 | - rebuilt with new toolchain |
---|
| 198 | |
---|
| 199 | * Wed Feb 28 2007 Kunio Murasawa <murasawa@fa2.so-net.ne.jp> 0.6.6-1vl1 |
---|
| 200 | - initial build for Vine Linux |
---|
| 201 | |
---|
| 202 | * Wed Jan 17 2007 Harald Hoyer <harald@redhat.com> - 0.6.6-1 |
---|
| 203 | - version 0.6.6 |
---|
| 204 | |
---|
| 205 | * Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 0.6.5-6 |
---|
| 206 | - rebuilt for unwind info generation, broken in gcc-4.1.1-21 |
---|
| 207 | |
---|
| 208 | * Mon Sep 25 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-5 |
---|
| 209 | - added patch for selinux integration (bug #207159) |
---|
| 210 | |
---|
| 211 | * Fri Aug 4 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-4 |
---|
| 212 | - backport of important 0.6.6 fixes: |
---|
| 213 | - sets NAT-T ports to 0 if no NAT encapsulation |
---|
| 214 | - fixed memory leak |
---|
| 215 | |
---|
| 216 | * Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.6.5-3.1 |
---|
| 217 | - rebuild |
---|
| 218 | |
---|
| 219 | * Wed Jun 21 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-3 |
---|
| 220 | - more build requirements |
---|
| 221 | |
---|
| 222 | * Tue Apr 18 2006 Dan Walsh <dwalsh@redhat.com> - 0.6.5-2 |
---|
| 223 | - Fix patch to build MLS Stuff correctly |
---|
| 224 | |
---|
| 225 | * Tue Apr 18 2006 Dan Walsh <dwalsh@redhat.com> - 0.6.5-1 |
---|
| 226 | - Update to latest upstream version |
---|
| 227 | - Add MLS Patch to allow use of labeled networks |
---|
| 228 | - Patch provided by Joy Latten <latten@austin.ibm.com> |
---|
| 229 | |
---|
| 230 | * Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.6.4-1.1 |
---|
| 231 | - bump again for double-long bug on ppc(64) |
---|
| 232 | |
---|
| 233 | * Tue Feb 07 2006 Harald Hoyer <harald@redhat.com> 0.6.4-1 |
---|
| 234 | - version 0.6.4 |
---|
| 235 | |
---|
| 236 | * Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.6.3-1.2 |
---|
| 237 | - rebuilt for new gcc4.1 snapshot and glibc changes |
---|
| 238 | |
---|
| 239 | * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> |
---|
| 240 | - rebuilt |
---|
| 241 | |
---|
| 242 | * Mon Dec 05 2005 Harald Hoyer <harald@redhat.com> 0.6.3-1 |
---|
| 243 | - version 0.6.3, which contains fixes for various DoS problems |
---|
| 244 | |
---|
| 245 | * Wed Nov 9 2005 Tomas Mraz <tmraz@redhat.com> 0.6.1-2 |
---|
| 246 | - rebuilt against new openssl |
---|
| 247 | |
---|
| 248 | * Wed Oct 12 2005 Harald Hoyer <harald@redhat.com> 0.6.1-1 |
---|
| 249 | - version 0.6.1 |
---|
| 250 | |
---|
| 251 | * Mon Mar 28 2005 Bill Nottingham <notting@redhat.com> 0.5-4 |
---|
| 252 | - fix 64-bit issue in setph1attr() (<aviro@redhat.com>) |
---|
| 253 | |
---|
| 254 | * Mon Mar 14 2005 Bill Nottingham <notting@redhat.com> 0.5-3 |
---|
| 255 | - add patch for DoS (CAN-2005-0398, #145532) |
---|
| 256 | |
---|
| 257 | * Sat Mar 5 2005 Uwe Beck <ubeck@c3pdm.com> 0.5-2 |
---|
| 258 | - now racoon use /etc/racoon/racoon.conf as default |
---|
| 259 | - add the /var/racoon directory for racoon.sock |
---|
| 260 | |
---|
| 261 | * Wed Feb 23 2005 Bill Nottingham <notting@redhat.com> 0.5-1 |
---|
| 262 | - update to 0.5 |
---|
| 263 | |
---|
| 264 | * Thu Nov 4 2004 Bill Nottingham <notting@redhat.com> 0.3.3-2 |
---|
| 265 | - don't use new 0.3.3 handling of stdin in setkey; it breaks the |
---|
| 266 | format (#138105) |
---|
| 267 | |
---|
| 268 | * Mon Sep 27 2004 Bill Nottingham <notting@redhat.com> 0.3.3-1 |
---|
| 269 | - update to 0.3.3 (#122211) |
---|
| 270 | |
---|
| 271 | * Sun Aug 08 2004 Alan Cox <alan@redhat.com> 0.2.5-6 |
---|
| 272 | - fix buildreqs (Steve Grubb) |
---|
| 273 | |
---|
| 274 | * Mon Jun 28 2004 Nalin Dahyabhai <nalin@redhat.com> 0.2.5-5 |
---|
| 275 | - rebuild |
---|
| 276 | |
---|
| 277 | * Fri Jun 25 2004 Nalin Dahyabhai <nalin@redhat.com> 0.2.5-4 |
---|
| 278 | - backport certificate validation fixes from 0.3.3 (#126568) |
---|
| 279 | |
---|
| 280 | * Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com> |
---|
| 281 | - rebuilt |
---|
| 282 | |
---|
| 283 | * Wed Apr 14 2004 Bill Nottingham <notting@redhat.com> - 0.2.5-2 |
---|
| 284 | - add patch for potential remote DoS (CAN-2004-0403) |
---|
| 285 | |
---|
| 286 | * Tue Apr 6 2004 Bill Nottingham <notting@redhat.com> |
---|
| 287 | - update to 0.2.5 |
---|
| 288 | |
---|
| 289 | * Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com> |
---|
| 290 | - rebuilt |
---|
| 291 | |
---|
| 292 | * Mon Feb 23 2004 Bill Nottingham <notting@redhat.com> |
---|
| 293 | - update to 0.2.4, fix racoon install location (#116374, <kajtzu@fi.basen.net>) |
---|
| 294 | |
---|
| 295 | * Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com> |
---|
| 296 | - rebuilt |
---|
| 297 | |
---|
| 298 | * Mon Dec 8 2003 Bill Nottingham <notting@redhat.com> 0.2.2-8 |
---|
| 299 | - rebuild |
---|
| 300 | |
---|
| 301 | * Fri Aug 29 2003 Bill Nottingham <notting@redhat.com> 0.2.2-7 |
---|
| 302 | - add fix for #103238 |
---|
| 303 | |
---|
| 304 | * Tue Aug 5 2003 Bill Nottingham <notting@redhat.com> 0.2.2-6 |
---|
| 305 | - update kernel interface bits, rebuild against them |
---|
| 306 | |
---|
| 307 | * Tue Jul 29 2003 Bill Nottingham <notting@redhat.com> 0.2.2-5 |
---|
| 308 | - rebuild |
---|
| 309 | |
---|
| 310 | * Wed Jul 2 2003 Bill Notitngham <notting@redhat.com> 0.2.2-4 |
---|
| 311 | - ship a much more pared-down racoon.conf and psk.txt |
---|
| 312 | |
---|
| 313 | * Thu Jun 5 2003 Bill Notitngham <notting@redhat.com> 0.2.2-3 |
---|
| 314 | - update pfkey header for current kernels |
---|
| 315 | |
---|
| 316 | * Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com> |
---|
| 317 | - rebuilt |
---|
| 318 | |
---|
| 319 | * Fri May 2 2003 Bill Nottingham <notting@redhat.com> 0.2.2-1 |
---|
| 320 | - update to 0.2.2 |
---|
| 321 | |
---|
| 322 | * Fri Mar 7 2003 Bill Nottingham <notting@redhat.com> |
---|
| 323 | - initial build |
---|