1 | %bcond_with wildcard_psk |
---|
2 | |
---|
3 | Name: ipsec-tools |
---|
4 | Version: 0.8.1 |
---|
5 | Release: 1%{?_dist_release} |
---|
6 | Summary: Tools for configuring and using IPsec |
---|
7 | Summary(ja): IPsecツール |
---|
8 | License: BSD |
---|
9 | Group: System Environment/Base |
---|
10 | URL: http://ipsec-tools.sourceforge.net/ |
---|
11 | Source: http://prdownload.sourceforge.net/ipsec-tools/ipsec-tools-%{version}.tar.bz2 |
---|
12 | Source1: racoon.conf |
---|
13 | Source2: psk.txt |
---|
14 | Source3: p1_up_down |
---|
15 | Source4: racoon.init |
---|
16 | Source5: racoon.pam |
---|
17 | |
---|
18 | Source100: ipsec.conf |
---|
19 | |
---|
20 | # Ignore acquires that are sent by kernel for SAs that are already being |
---|
21 | # negotiated (#234491) |
---|
22 | Patch3: ipsec-tools-0.8.0-acquires.patch |
---|
23 | # Support for labeled IPSec on loopback |
---|
24 | Patch4: ipsec-tools-0.8.0-loopback.patch |
---|
25 | # Create racoon as PIE |
---|
26 | Patch11: ipsec-tools-0.7.1-pie.patch |
---|
27 | # Fix leak in certification handling |
---|
28 | Patch14: ipsec-tools-0.7.2-moreleaks.patch |
---|
29 | # Do not install development files |
---|
30 | Patch16: ipsec-tools-0.8.0-nodevel.patch |
---|
31 | # Use krb5 gssapi mechanism |
---|
32 | Patch18: ipsec-tools-0.7.3-gssapi-mech.patch |
---|
33 | # Drop -R from linker |
---|
34 | Patch19: ipsec-tools-0.7.3-build.patch |
---|
35 | # Silence strict aliasing warnings |
---|
36 | Patch20: ipsec-tools-0.8.0-aliasing.patch |
---|
37 | |
---|
38 | Patch100: racoon-wildcard_id.patch |
---|
39 | |
---|
40 | #BuildRequires: openssl-devel, krb5-devel, bison, flex, automake, libtool |
---|
41 | BuildRequires: bison, flex, automake, libtool, glibc-kernheaders |
---|
42 | BuildRequires: openssl-devel, pam-devel, krb5-devel |
---|
43 | #BuildRequires: libselinux-devel >= 1.30.28-2 |
---|
44 | BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root |
---|
45 | #Requires: initscripts >= 7.31.11.EL-1 |
---|
46 | Requires: initscripts |
---|
47 | |
---|
48 | Vendor: Project Vine |
---|
49 | Distribution: Vine Linux |
---|
50 | |
---|
51 | %description |
---|
52 | This is the IPsec-Tools package. You need this package in order to |
---|
53 | really use the IPsec functionality in the linux-2.5+ kernels. This |
---|
54 | package builds: |
---|
55 | |
---|
56 | - setkey, a program to directly manipulate policies and SAs |
---|
57 | - racoon, an IKEv1 keying daemon |
---|
58 | |
---|
59 | %description -l ja |
---|
60 | これは IPsecツールのパッケージです。Linux Kernel 2.5 以上の IPsec |
---|
61 | 機能を使うにはこのパッケージが必要です。パッケージには以下の物が |
---|
62 | 含まれています。 |
---|
63 | |
---|
64 | - setkey, SA と SP を操作/設定する為のプログラム |
---|
65 | - racoon, IKEv1 自動鍵交換デーモン |
---|
66 | |
---|
67 | %prep |
---|
68 | %setup -q |
---|
69 | #%patch -p1 |
---|
70 | #%patch2 -p1 |
---|
71 | #%patch5 -p1 -b .64bit |
---|
72 | |
---|
73 | %patch3 -p1 -b .acquires |
---|
74 | %patch4 -p1 -b .loopback |
---|
75 | |
---|
76 | %patch11 -p1 -b .pie |
---|
77 | %patch14 -p1 -b .moreleaks |
---|
78 | %patch16 -p1 -b .nodevel |
---|
79 | %patch18 -p1 -b .gssapi-mech |
---|
80 | %patch19 -p1 -b .build |
---|
81 | %patch20 -p1 -b .aliasing |
---|
82 | |
---|
83 | %if %{with wildcard_psk} |
---|
84 | %patch100 -p0 -b wildcard_id |
---|
85 | %endif |
---|
86 | |
---|
87 | ./bootstrap |
---|
88 | |
---|
89 | %build |
---|
90 | sed -i 's|-Werror||g' configure |
---|
91 | LDFLAGS="-Wl,--as-needed" |
---|
92 | export LDFLAGS |
---|
93 | %configure \ |
---|
94 | --with-kernel-headers=/usr/include \ |
---|
95 | --sysconfdir=%{_sysconfdir}/racoon \ |
---|
96 | --without-readline \ |
---|
97 | --enable-adminport \ |
---|
98 | --enable-hybrid \ |
---|
99 | --enable-frag \ |
---|
100 | --enable-dpd \ |
---|
101 | --enable-gssapi \ |
---|
102 | --enable-natt \ |
---|
103 | --disable-security-context \ |
---|
104 | --disable-audit \ |
---|
105 | --with-libpam |
---|
106 | make |
---|
107 | |
---|
108 | %install |
---|
109 | rm -rf $RPM_BUILD_ROOT |
---|
110 | mkdir -p $RPM_BUILD_ROOT/sbin |
---|
111 | mkdir -p $RPM_BUILD_ROOT%{_sbindir} |
---|
112 | mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon |
---|
113 | mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d |
---|
114 | make install DESTDIR=$RPM_BUILD_ROOT |
---|
115 | |
---|
116 | install -m 600 %{SOURCE1} \ |
---|
117 | $RPM_BUILD_ROOT%{_sysconfdir}/racoon/racoon.conf |
---|
118 | install -m 600 %{SOURCE2} \ |
---|
119 | $RPM_BUILD_ROOT%{_sysconfdir}/racoon/psk.txt |
---|
120 | |
---|
121 | mv $RPM_BUILD_ROOT%{_sbindir}/setkey $RPM_BUILD_ROOT/sbin |
---|
122 | |
---|
123 | mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/certs |
---|
124 | mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts |
---|
125 | |
---|
126 | install -m 700 %{SOURCE3} \ |
---|
127 | $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts/p1_up_down |
---|
128 | install -D -m755 %{SOURCE4} $RPM_BUILD_ROOT%{_initrddir}/racoon |
---|
129 | install -D -m644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/racoon |
---|
130 | |
---|
131 | install -D -m644 %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.conf |
---|
132 | |
---|
133 | # no devel stuff for now |
---|
134 | rm -rf $RPM_BUILD_ROOT%{_libdir}/libipsec.{a,la} \ |
---|
135 | $RPM_BUILD_ROOT%{_libdir}/libracoon.{a,la} \ |
---|
136 | $RPM_BUILD_ROOT%{_includedir} \ |
---|
137 | $RPM_BUILD_ROOT%{_mandir}/man3 |
---|
138 | |
---|
139 | |
---|
140 | %clean |
---|
141 | rm -rf $RPM_BUILD_ROOT |
---|
142 | |
---|
143 | %post |
---|
144 | if [ $1 = 1 ]; then |
---|
145 | chkconfig --add racoon |
---|
146 | fi |
---|
147 | |
---|
148 | %preun |
---|
149 | if [ $1 = 0 ]; then |
---|
150 | service racoon stop > /dev/null 2>&1 |
---|
151 | /sbin/chkconfig --del racoon |
---|
152 | fi |
---|
153 | |
---|
154 | %files |
---|
155 | %defattr(-,root,root) |
---|
156 | %doc src/racoon/samples/racoon.conf src/racoon/samples/psk.txt |
---|
157 | %doc src/racoon/doc/FAQ |
---|
158 | %doc ChangeLog NEWS README |
---|
159 | /sbin/* |
---|
160 | %{_sbindir}/* |
---|
161 | %{_mandir}/man*/* |
---|
162 | %config %{_sysconfdir}/rc.d/init.d/racoon |
---|
163 | %dir /etc/racoon |
---|
164 | %dir /etc/racoon/certs |
---|
165 | %dir /etc/racoon/scripts |
---|
166 | %dir /var/racoon |
---|
167 | /etc/racoon/scripts/* |
---|
168 | %config(noreplace) %{_sysconfdir}/racoon/psk.txt |
---|
169 | %config(noreplace) %{_sysconfdir}/racoon/racoon.conf |
---|
170 | %config(noreplace) %{_sysconfdir}/ipsec.conf |
---|
171 | %config(noreplace) %{_sysconfdir}/pam.d/racoon |
---|
172 | |
---|
173 | %changelog |
---|
174 | * Tue Dec 10 2013 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.1-1 |
---|
175 | - new upstream release. |
---|
176 | |
---|
177 | * Fri Apr 22 2011 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.0-1 |
---|
178 | - new upstream release. |
---|
179 | - shipped all patches from Fedora RawHide. |
---|
180 | - added Patch100 but not applied as default. |
---|
181 | |
---|
182 | * Sun Feb 06 2011 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.6.7-2 |
---|
183 | - rebuild with openssl-1.0.0c |
---|
184 | |
---|
185 | * Sun Sep 28 2008 Shu KONNO <owa@bg.wakwak.com> 0.6.7-1vl5 |
---|
186 | - applied new versioning policy, spec in utf-8 |
---|
187 | |
---|
188 | * Sun Jun 10 2007 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 0.6.7-0vl1 |
---|
189 | - new upstream release (including security fix CVE-2007-1841) |
---|
190 | - rebuilt with new toolchain |
---|
191 | |
---|
192 | * Wed Feb 28 2007 Kunio Murasawa <murasawa@fa2.so-net.ne.jp> 0.6.6-1vl1 |
---|
193 | - initial build for Vine Linux |
---|
194 | |
---|
195 | * Wed Jan 17 2007 Harald Hoyer <harald@redhat.com> - 0.6.6-1 |
---|
196 | - version 0.6.6 |
---|
197 | |
---|
198 | * Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 0.6.5-6 |
---|
199 | - rebuilt for unwind info generation, broken in gcc-4.1.1-21 |
---|
200 | |
---|
201 | * Mon Sep 25 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-5 |
---|
202 | - added patch for selinux integration (bug #207159) |
---|
203 | |
---|
204 | * Fri Aug 4 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-4 |
---|
205 | - backport of important 0.6.6 fixes: |
---|
206 | - sets NAT-T ports to 0 if no NAT encapsulation |
---|
207 | - fixed memory leak |
---|
208 | |
---|
209 | * Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.6.5-3.1 |
---|
210 | - rebuild |
---|
211 | |
---|
212 | * Wed Jun 21 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-3 |
---|
213 | - more build requirements |
---|
214 | |
---|
215 | * Tue Apr 18 2006 Dan Walsh <dwalsh@redhat.com> - 0.6.5-2 |
---|
216 | - Fix patch to build MLS Stuff correctly |
---|
217 | |
---|
218 | * Tue Apr 18 2006 Dan Walsh <dwalsh@redhat.com> - 0.6.5-1 |
---|
219 | - Update to latest upstream version |
---|
220 | - Add MLS Patch to allow use of labeled networks |
---|
221 | - Patch provided by Joy Latten <latten@austin.ibm.com> |
---|
222 | |
---|
223 | * Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.6.4-1.1 |
---|
224 | - bump again for double-long bug on ppc(64) |
---|
225 | |
---|
226 | * Tue Feb 07 2006 Harald Hoyer <harald@redhat.com> 0.6.4-1 |
---|
227 | - version 0.6.4 |
---|
228 | |
---|
229 | * Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.6.3-1.2 |
---|
230 | - rebuilt for new gcc4.1 snapshot and glibc changes |
---|
231 | |
---|
232 | * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> |
---|
233 | - rebuilt |
---|
234 | |
---|
235 | * Mon Dec 05 2005 Harald Hoyer <harald@redhat.com> 0.6.3-1 |
---|
236 | - version 0.6.3, which contains fixes for various DoS problems |
---|
237 | |
---|
238 | * Wed Nov 9 2005 Tomas Mraz <tmraz@redhat.com> 0.6.1-2 |
---|
239 | - rebuilt against new openssl |
---|
240 | |
---|
241 | * Wed Oct 12 2005 Harald Hoyer <harald@redhat.com> 0.6.1-1 |
---|
242 | - version 0.6.1 |
---|
243 | |
---|
244 | * Mon Mar 28 2005 Bill Nottingham <notting@redhat.com> 0.5-4 |
---|
245 | - fix 64-bit issue in setph1attr() (<aviro@redhat.com>) |
---|
246 | |
---|
247 | * Mon Mar 14 2005 Bill Nottingham <notting@redhat.com> 0.5-3 |
---|
248 | - add patch for DoS (CAN-2005-0398, #145532) |
---|
249 | |
---|
250 | * Sat Mar 5 2005 Uwe Beck <ubeck@c3pdm.com> 0.5-2 |
---|
251 | - now racoon use /etc/racoon/racoon.conf as default |
---|
252 | - add the /var/racoon directory for racoon.sock |
---|
253 | |
---|
254 | * Wed Feb 23 2005 Bill Nottingham <notting@redhat.com> 0.5-1 |
---|
255 | - update to 0.5 |
---|
256 | |
---|
257 | * Thu Nov 4 2004 Bill Nottingham <notting@redhat.com> 0.3.3-2 |
---|
258 | - don't use new 0.3.3 handling of stdin in setkey; it breaks the |
---|
259 | format (#138105) |
---|
260 | |
---|
261 | * Mon Sep 27 2004 Bill Nottingham <notting@redhat.com> 0.3.3-1 |
---|
262 | - update to 0.3.3 (#122211) |
---|
263 | |
---|
264 | * Sun Aug 08 2004 Alan Cox <alan@redhat.com> 0.2.5-6 |
---|
265 | - fix buildreqs (Steve Grubb) |
---|
266 | |
---|
267 | * Mon Jun 28 2004 Nalin Dahyabhai <nalin@redhat.com> 0.2.5-5 |
---|
268 | - rebuild |
---|
269 | |
---|
270 | * Fri Jun 25 2004 Nalin Dahyabhai <nalin@redhat.com> 0.2.5-4 |
---|
271 | - backport certificate validation fixes from 0.3.3 (#126568) |
---|
272 | |
---|
273 | * Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com> |
---|
274 | - rebuilt |
---|
275 | |
---|
276 | * Wed Apr 14 2004 Bill Nottingham <notting@redhat.com> - 0.2.5-2 |
---|
277 | - add patch for potential remote DoS (CAN-2004-0403) |
---|
278 | |
---|
279 | * Tue Apr 6 2004 Bill Nottingham <notting@redhat.com> |
---|
280 | - update to 0.2.5 |
---|
281 | |
---|
282 | * Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com> |
---|
283 | - rebuilt |
---|
284 | |
---|
285 | * Mon Feb 23 2004 Bill Nottingham <notting@redhat.com> |
---|
286 | - update to 0.2.4, fix racoon install location (#116374, <kajtzu@fi.basen.net>) |
---|
287 | |
---|
288 | * Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com> |
---|
289 | - rebuilt |
---|
290 | |
---|
291 | * Mon Dec 8 2003 Bill Nottingham <notting@redhat.com> 0.2.2-8 |
---|
292 | - rebuild |
---|
293 | |
---|
294 | * Fri Aug 29 2003 Bill Nottingham <notting@redhat.com> 0.2.2-7 |
---|
295 | - add fix for #103238 |
---|
296 | |
---|
297 | * Tue Aug 5 2003 Bill Nottingham <notting@redhat.com> 0.2.2-6 |
---|
298 | - update kernel interface bits, rebuild against them |
---|
299 | |
---|
300 | * Tue Jul 29 2003 Bill Nottingham <notting@redhat.com> 0.2.2-5 |
---|
301 | - rebuild |
---|
302 | |
---|
303 | * Wed Jul 2 2003 Bill Notitngham <notting@redhat.com> 0.2.2-4 |
---|
304 | - ship a much more pared-down racoon.conf and psk.txt |
---|
305 | |
---|
306 | * Thu Jun 5 2003 Bill Notitngham <notting@redhat.com> 0.2.2-3 |
---|
307 | - update pfkey header for current kernels |
---|
308 | |
---|
309 | * Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com> |
---|
310 | - rebuilt |
---|
311 | |
---|
312 | * Fri May 2 2003 Bill Nottingham <notting@redhat.com> 0.2.2-1 |
---|
313 | - update to 0.2.2 |
---|
314 | |
---|
315 | * Fri Mar 7 2003 Bill Nottingham <notting@redhat.com> |
---|
316 | - initial build |
---|