[3644] | 1 | %bcond_with wildcard_psk |
---|
| 2 | |
---|
[521] | 3 | Name: ipsec-tools |
---|
[3644] | 4 | Version: 0.8.0 |
---|
| 5 | Release: 1%{?_dist_release} |
---|
[521] | 6 | Summary: Tools for configuring and using IPsec |
---|
| 7 | Summary(ja): IPsecツール |
---|
| 8 | License: BSD |
---|
| 9 | Group: System Environment/Base |
---|
| 10 | URL: http://ipsec-tools.sourceforge.net/ |
---|
| 11 | Source: http://prdownload.sourceforge.net/ipsec-tools/ipsec-tools-%{version}.tar.bz2 |
---|
[3644] | 12 | Source1: racoon.conf |
---|
| 13 | Source2: psk.txt |
---|
| 14 | Source3: p1_up_down |
---|
| 15 | Source4: racoon.init |
---|
| 16 | Source5: racoon.pam |
---|
[521] | 17 | |
---|
[3644] | 18 | Source100: ipsec.conf |
---|
[521] | 19 | |
---|
[3644] | 20 | # Ignore acquires that are sent by kernel for SAs that are already being |
---|
| 21 | # negotiated (#234491) |
---|
| 22 | Patch3: ipsec-tools-0.8.0-acquires.patch |
---|
| 23 | # Support for labeled IPSec on loopback |
---|
| 24 | Patch4: ipsec-tools-0.8.0-loopback.patch |
---|
| 25 | # Create racoon as PIE |
---|
| 26 | Patch11: ipsec-tools-0.7.1-pie.patch |
---|
| 27 | # Fix leak in certification handling |
---|
| 28 | Patch14: ipsec-tools-0.7.2-moreleaks.patch |
---|
| 29 | # Do not install development files |
---|
| 30 | Patch16: ipsec-tools-0.8.0-nodevel.patch |
---|
| 31 | # Use krb5 gssapi mechanism |
---|
| 32 | Patch18: ipsec-tools-0.7.3-gssapi-mech.patch |
---|
| 33 | # Drop -R from linker |
---|
| 34 | Patch19: ipsec-tools-0.7.3-build.patch |
---|
| 35 | # Silence strict aliasing warnings |
---|
| 36 | Patch20: ipsec-tools-0.8.0-aliasing.patch |
---|
| 37 | |
---|
| 38 | Patch100: racoon-wildcard_id.patch |
---|
| 39 | |
---|
[521] | 40 | #BuildRequires: openssl-devel, krb5-devel, bison, flex, automake, libtool |
---|
[3644] | 41 | BuildRequires: bison, flex, automake, libtool, glibc-kernheaders |
---|
| 42 | BuildRequires: openssl-devel, pam-devel, krb5-devel |
---|
[521] | 43 | #BuildRequires: libselinux-devel >= 1.30.28-2 |
---|
| 44 | BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root |
---|
| 45 | #Requires: initscripts >= 7.31.11.EL-1 |
---|
| 46 | Requires: initscripts |
---|
| 47 | |
---|
| 48 | Vendor: Project Vine |
---|
| 49 | Distribution: Vine Linux |
---|
| 50 | |
---|
| 51 | %description |
---|
| 52 | This is the IPsec-Tools package. You need this package in order to |
---|
| 53 | really use the IPsec functionality in the linux-2.5+ kernels. This |
---|
| 54 | package builds: |
---|
| 55 | |
---|
| 56 | - setkey, a program to directly manipulate policies and SAs |
---|
| 57 | - racoon, an IKEv1 keying daemon |
---|
| 58 | |
---|
| 59 | %description -l ja |
---|
| 60 | これは IPsecツールのパッケージです。Linux Kernel 2.5 以上の IPsec |
---|
| 61 | 機能を使うにはこのパッケージが必要です。パッケージには以下の物が |
---|
| 62 | 含まれています。 |
---|
| 63 | |
---|
| 64 | - setkey, SA と SP を操作/設定する為のプログラム |
---|
| 65 | - racoon, IKEv1 自動鍵交換デーモン |
---|
| 66 | |
---|
| 67 | %prep |
---|
| 68 | %setup -q |
---|
[3644] | 69 | #%patch -p1 |
---|
| 70 | #%patch2 -p1 |
---|
| 71 | #%patch5 -p1 -b .64bit |
---|
[521] | 72 | |
---|
[3644] | 73 | %patch3 -p1 -b .acquires |
---|
| 74 | %patch4 -p1 -b .loopback |
---|
[521] | 75 | |
---|
[3644] | 76 | %patch11 -p1 -b .pie |
---|
| 77 | %patch14 -p1 -b .moreleaks |
---|
| 78 | %patch16 -p1 -b .nodevel |
---|
| 79 | %patch18 -p1 -b .gssapi-mech |
---|
| 80 | %patch19 -p1 -b .build |
---|
| 81 | %patch20 -p1 -b .aliasing |
---|
| 82 | |
---|
| 83 | %if %{with wildcard_psk} |
---|
| 84 | %patch100 -p0 -b wildcard_id |
---|
| 85 | %endif |
---|
| 86 | |
---|
| 87 | ./bootstrap |
---|
| 88 | |
---|
[521] | 89 | %build |
---|
| 90 | sed -i 's|-Werror||g' configure |
---|
[3644] | 91 | LDFLAGS="-Wl,--as-needed" |
---|
| 92 | export LDFLAGS |
---|
| 93 | %configure \ |
---|
| 94 | --with-kernel-headers=/usr/include \ |
---|
[521] | 95 | --sysconfdir=%{_sysconfdir}/racoon \ |
---|
| 96 | --without-readline \ |
---|
| 97 | --enable-adminport \ |
---|
| 98 | --enable-hybrid \ |
---|
| 99 | --enable-frag \ |
---|
| 100 | --enable-dpd \ |
---|
[3644] | 101 | --enable-gssapi \ |
---|
| 102 | --enable-natt \ |
---|
| 103 | --disable-security-context \ |
---|
| 104 | --disable-audit \ |
---|
| 105 | --with-libpam |
---|
[521] | 106 | make |
---|
| 107 | |
---|
| 108 | %install |
---|
| 109 | rm -rf $RPM_BUILD_ROOT |
---|
| 110 | mkdir -p $RPM_BUILD_ROOT/sbin |
---|
| 111 | mkdir -p $RPM_BUILD_ROOT%{_sbindir} |
---|
| 112 | mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon |
---|
| 113 | mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d |
---|
| 114 | make install DESTDIR=$RPM_BUILD_ROOT |
---|
| 115 | |
---|
[3644] | 116 | install -m 600 %{SOURCE1} \ |
---|
[521] | 117 | $RPM_BUILD_ROOT%{_sysconfdir}/racoon/racoon.conf |
---|
[3644] | 118 | install -m 600 %{SOURCE2} \ |
---|
[521] | 119 | $RPM_BUILD_ROOT%{_sysconfdir}/racoon/psk.txt |
---|
| 120 | |
---|
| 121 | mv $RPM_BUILD_ROOT%{_sbindir}/setkey $RPM_BUILD_ROOT/sbin |
---|
| 122 | |
---|
| 123 | mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/certs |
---|
[3644] | 124 | mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts |
---|
[521] | 125 | |
---|
[3644] | 126 | install -m 700 %{SOURCE3} \ |
---|
| 127 | $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts/p1_up_down |
---|
| 128 | install -D -m755 %{SOURCE4} $RPM_BUILD_ROOT%{_initrddir}/racoon |
---|
| 129 | install -D -m644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/racoon |
---|
| 130 | |
---|
| 131 | install -D -m644 %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.conf |
---|
| 132 | |
---|
| 133 | # no devel stuff for now |
---|
| 134 | rm -rf $RPM_BUILD_ROOT%{_libdir}/libipsec.{a,la} \ |
---|
| 135 | $RPM_BUILD_ROOT%{_libdir}/libracoon.{a,la} \ |
---|
| 136 | $RPM_BUILD_ROOT%{_includedir} \ |
---|
| 137 | $RPM_BUILD_ROOT%{_mandir}/man3 |
---|
| 138 | |
---|
| 139 | |
---|
[521] | 140 | %clean |
---|
| 141 | rm -rf $RPM_BUILD_ROOT |
---|
| 142 | |
---|
[3644] | 143 | %post |
---|
| 144 | if [ $1 = 1 ]; then |
---|
| 145 | chkconfig --add racoon |
---|
| 146 | fi |
---|
| 147 | |
---|
| 148 | %preun |
---|
| 149 | if [ $1 = 0 ]; then |
---|
| 150 | service racoon stop > /dev/null 2>&1 |
---|
| 151 | /sbin/chkconfig --del racoon |
---|
| 152 | fi |
---|
| 153 | |
---|
[521] | 154 | %files |
---|
| 155 | %defattr(-,root,root) |
---|
| 156 | %doc src/racoon/samples/racoon.conf src/racoon/samples/psk.txt |
---|
| 157 | %doc src/racoon/doc/FAQ |
---|
| 158 | %doc ChangeLog NEWS README |
---|
| 159 | /sbin/* |
---|
| 160 | %{_sbindir}/* |
---|
| 161 | %{_mandir}/man*/* |
---|
[3644] | 162 | %config %{_sysconfdir}/rc.d/init.d/racoon |
---|
[521] | 163 | %dir /etc/racoon |
---|
| 164 | %dir /etc/racoon/certs |
---|
[3644] | 165 | %dir /etc/racoon/scripts |
---|
[521] | 166 | %dir /var/racoon |
---|
[3644] | 167 | /etc/racoon/scripts/* |
---|
[521] | 168 | %config(noreplace) %{_sysconfdir}/racoon/psk.txt |
---|
| 169 | %config(noreplace) %{_sysconfdir}/racoon/racoon.conf |
---|
| 170 | %config(noreplace) %{_sysconfdir}/ipsec.conf |
---|
[3644] | 171 | %config(noreplace) %{_sysconfdir}/pam.d/racoon |
---|
[521] | 172 | |
---|
| 173 | %changelog |
---|
[3644] | 174 | * Fri Apr 22 2011 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.0-1 |
---|
| 175 | - new upstream release. |
---|
| 176 | - shipped all patches from Fedora RawHide. |
---|
| 177 | - added Patch100 but not applied as default. |
---|
| 178 | |
---|
[2653] | 179 | * Sun Feb 06 2011 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.6.7-2 |
---|
| 180 | - rebuild with openssl-1.0.0c |
---|
| 181 | |
---|
[521] | 182 | * Sun Sep 28 2008 Shu KONNO <owa@bg.wakwak.com> 0.6.7-1vl5 |
---|
| 183 | - applied new versioning policy, spec in utf-8 |
---|
| 184 | |
---|
| 185 | * Sun Jun 10 2007 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 0.6.7-0vl1 |
---|
| 186 | - new upstream release (including security fix CVE-2007-1841) |
---|
| 187 | - rebuilt with new toolchain |
---|
| 188 | |
---|
| 189 | * Wed Feb 28 2007 Kunio Murasawa <murasawa@fa2.so-net.ne.jp> 0.6.6-1vl1 |
---|
| 190 | - initial build for Vine Linux |
---|
| 191 | |
---|
| 192 | * Wed Jan 17 2007 Harald Hoyer <harald@redhat.com> - 0.6.6-1 |
---|
| 193 | - version 0.6.6 |
---|
| 194 | |
---|
| 195 | * Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 0.6.5-6 |
---|
| 196 | - rebuilt for unwind info generation, broken in gcc-4.1.1-21 |
---|
| 197 | |
---|
| 198 | * Mon Sep 25 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-5 |
---|
| 199 | - added patch for selinux integration (bug #207159) |
---|
| 200 | |
---|
| 201 | * Fri Aug 4 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-4 |
---|
| 202 | - backport of important 0.6.6 fixes: |
---|
| 203 | - sets NAT-T ports to 0 if no NAT encapsulation |
---|
| 204 | - fixed memory leak |
---|
| 205 | |
---|
| 206 | * Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.6.5-3.1 |
---|
| 207 | - rebuild |
---|
| 208 | |
---|
| 209 | * Wed Jun 21 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-3 |
---|
| 210 | - more build requirements |
---|
| 211 | |
---|
| 212 | * Tue Apr 18 2006 Dan Walsh <dwalsh@redhat.com> - 0.6.5-2 |
---|
| 213 | - Fix patch to build MLS Stuff correctly |
---|
| 214 | |
---|
| 215 | * Tue Apr 18 2006 Dan Walsh <dwalsh@redhat.com> - 0.6.5-1 |
---|
| 216 | - Update to latest upstream version |
---|
| 217 | - Add MLS Patch to allow use of labeled networks |
---|
| 218 | - Patch provided by Joy Latten <latten@austin.ibm.com> |
---|
| 219 | |
---|
| 220 | * Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.6.4-1.1 |
---|
| 221 | - bump again for double-long bug on ppc(64) |
---|
| 222 | |
---|
| 223 | * Tue Feb 07 2006 Harald Hoyer <harald@redhat.com> 0.6.4-1 |
---|
| 224 | - version 0.6.4 |
---|
| 225 | |
---|
| 226 | * Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.6.3-1.2 |
---|
| 227 | - rebuilt for new gcc4.1 snapshot and glibc changes |
---|
| 228 | |
---|
| 229 | * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> |
---|
| 230 | - rebuilt |
---|
| 231 | |
---|
| 232 | * Mon Dec 05 2005 Harald Hoyer <harald@redhat.com> 0.6.3-1 |
---|
| 233 | - version 0.6.3, which contains fixes for various DoS problems |
---|
| 234 | |
---|
| 235 | * Wed Nov 9 2005 Tomas Mraz <tmraz@redhat.com> 0.6.1-2 |
---|
| 236 | - rebuilt against new openssl |
---|
| 237 | |
---|
| 238 | * Wed Oct 12 2005 Harald Hoyer <harald@redhat.com> 0.6.1-1 |
---|
| 239 | - version 0.6.1 |
---|
| 240 | |
---|
| 241 | * Mon Mar 28 2005 Bill Nottingham <notting@redhat.com> 0.5-4 |
---|
| 242 | - fix 64-bit issue in setph1attr() (<aviro@redhat.com>) |
---|
| 243 | |
---|
| 244 | * Mon Mar 14 2005 Bill Nottingham <notting@redhat.com> 0.5-3 |
---|
| 245 | - add patch for DoS (CAN-2005-0398, #145532) |
---|
| 246 | |
---|
| 247 | * Sat Mar 5 2005 Uwe Beck <ubeck@c3pdm.com> 0.5-2 |
---|
| 248 | - now racoon use /etc/racoon/racoon.conf as default |
---|
| 249 | - add the /var/racoon directory for racoon.sock |
---|
| 250 | |
---|
| 251 | * Wed Feb 23 2005 Bill Nottingham <notting@redhat.com> 0.5-1 |
---|
| 252 | - update to 0.5 |
---|
| 253 | |
---|
| 254 | * Thu Nov 4 2004 Bill Nottingham <notting@redhat.com> 0.3.3-2 |
---|
| 255 | - don't use new 0.3.3 handling of stdin in setkey; it breaks the |
---|
| 256 | format (#138105) |
---|
| 257 | |
---|
| 258 | * Mon Sep 27 2004 Bill Nottingham <notting@redhat.com> 0.3.3-1 |
---|
| 259 | - update to 0.3.3 (#122211) |
---|
| 260 | |
---|
| 261 | * Sun Aug 08 2004 Alan Cox <alan@redhat.com> 0.2.5-6 |
---|
| 262 | - fix buildreqs (Steve Grubb) |
---|
| 263 | |
---|
| 264 | * Mon Jun 28 2004 Nalin Dahyabhai <nalin@redhat.com> 0.2.5-5 |
---|
| 265 | - rebuild |
---|
| 266 | |
---|
| 267 | * Fri Jun 25 2004 Nalin Dahyabhai <nalin@redhat.com> 0.2.5-4 |
---|
| 268 | - backport certificate validation fixes from 0.3.3 (#126568) |
---|
| 269 | |
---|
| 270 | * Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com> |
---|
| 271 | - rebuilt |
---|
| 272 | |
---|
| 273 | * Wed Apr 14 2004 Bill Nottingham <notting@redhat.com> - 0.2.5-2 |
---|
| 274 | - add patch for potential remote DoS (CAN-2004-0403) |
---|
| 275 | |
---|
| 276 | * Tue Apr 6 2004 Bill Nottingham <notting@redhat.com> |
---|
| 277 | - update to 0.2.5 |
---|
| 278 | |
---|
| 279 | * Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com> |
---|
| 280 | - rebuilt |
---|
| 281 | |
---|
| 282 | * Mon Feb 23 2004 Bill Nottingham <notting@redhat.com> |
---|
| 283 | - update to 0.2.4, fix racoon install location (#116374, <kajtzu@fi.basen.net>) |
---|
| 284 | |
---|
| 285 | * Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com> |
---|
| 286 | - rebuilt |
---|
| 287 | |
---|
| 288 | * Mon Dec 8 2003 Bill Nottingham <notting@redhat.com> 0.2.2-8 |
---|
| 289 | - rebuild |
---|
| 290 | |
---|
| 291 | * Fri Aug 29 2003 Bill Nottingham <notting@redhat.com> 0.2.2-7 |
---|
| 292 | - add fix for #103238 |
---|
| 293 | |
---|
| 294 | * Tue Aug 5 2003 Bill Nottingham <notting@redhat.com> 0.2.2-6 |
---|
| 295 | - update kernel interface bits, rebuild against them |
---|
| 296 | |
---|
| 297 | * Tue Jul 29 2003 Bill Nottingham <notting@redhat.com> 0.2.2-5 |
---|
| 298 | - rebuild |
---|
| 299 | |
---|
| 300 | * Wed Jul 2 2003 Bill Notitngham <notting@redhat.com> 0.2.2-4 |
---|
| 301 | - ship a much more pared-down racoon.conf and psk.txt |
---|
| 302 | |
---|
| 303 | * Thu Jun 5 2003 Bill Notitngham <notting@redhat.com> 0.2.2-3 |
---|
| 304 | - update pfkey header for current kernels |
---|
| 305 | |
---|
| 306 | * Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com> |
---|
| 307 | - rebuilt |
---|
| 308 | |
---|
| 309 | * Fri May 2 2003 Bill Nottingham <notting@redhat.com> 0.2.2-1 |
---|
| 310 | - update to 0.2.2 |
---|
| 311 | |
---|
| 312 | * Fri Mar 7 2003 Bill Nottingham <notting@redhat.com> |
---|
| 313 | - initial build |
---|