source: projects/specs/trunk/i/ipsec-tools/ipsec-tools-vl.spec @ 11285

Revision 11285, 9.5 KB checked in by tomop, 6 years ago (diff)

ipsec-tools-0.8.2-2

Line 
1%bcond_without wildcard_psk
2
3Name: ipsec-tools
4Version: 0.8.2
5Release: 2%{?_dist_release}
6Summary: Tools for configuring and using IPsec
7Summary(ja): IPsecツール
8License: BSD
9Group: System Environment/Base
10URL: http://ipsec-tools.sourceforge.net/
11Source: http://prdownload.sourceforge.net/ipsec-tools/ipsec-tools-%{version}.tar.bz2
12Source1: racoon.conf
13Source2: psk.txt
14Source3: p1_up_down
15Source4: racoon.init
16Source5: racoon.pam
17
18Source100: ipsec.conf
19
20# Ignore acquires that are sent by kernel for SAs that are already being
21# negotiated (#234491)
22Patch3: ipsec-tools-0.8.0-acquires.patch
23# Support for labeled IPSec on loopback
24Patch4: ipsec-tools-0.8.0-loopback.patch
25# Create racoon as PIE
26Patch11: ipsec-tools-0.7.1-pie.patch
27# Fix leak in certification handling
28Patch14: ipsec-tools-0.7.2-moreleaks.patch
29# Do not install development files
30Patch16: ipsec-tools-0.8.0-nodevel.patch
31# Use krb5 gssapi mechanism
32Patch18: ipsec-tools-0.7.3-gssapi-mech.patch
33# Drop -R from linker
34Patch19: ipsec-tools-0.7.3-build.patch
35# Silence strict aliasing warnings
36Patch20: ipsec-tools-0.8.0-aliasing.patch
37# CVE-2015-4047
38Patch21: ipsec-tools-0.8.2-CVE-2015-4047.patch
39# Calling_station-Id attribute for xauth RADIUS requests
40Patch22: ipsec-tools-0.8.2-952413.patch
41
42Patch100: racoon-wildcard_id.patch
43
44#BuildRequires: openssl-devel, krb5-devel, bison, flex, automake, libtool
45BuildRequires: bison, flex, automake, libtool, glibc-kernheaders
46BuildRequires: openssl-devel, pam-devel, krb5-devel
47#BuildRequires: libselinux-devel >= 1.30.28-2
48BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
49#Requires: initscripts >= 7.31.11.EL-1
50Requires: initscripts
51
52Vendor: Project Vine
53Distribution: Vine Linux
54       
55%description
56This is the IPsec-Tools package.  You need this package in order to
57really use the IPsec functionality in the linux-2.5+ kernels.  This
58package builds:
59 
60        - setkey, a program to directly manipulate policies and SAs
61        - racoon, an IKEv1 keying daemon
62
63%description -l ja
64これは IPsecツールのパッケージです。Linux Kernel 2.5 以上の IPsec
65機能を使うにはこのパッケージが必要です。パッケージには以下の物が
66含まれています。
67
68        - setkey, SA と SP を操作/設定する為のプログラム
69        - racoon, IKEv1 自動鍵交換デーモン
70
71%prep
72%setup -q
73#%patch -p1
74#%patch2 -p1
75#%patch5 -p1 -b .64bit
76
77%patch3 -p1 -b .acquires
78%patch4 -p1 -b .loopback
79
80%patch11 -p1 -b .pie
81%patch14 -p1 -b .moreleaks
82%patch16 -p1 -b .nodevel
83%patch18 -p1 -b .gssapi-mech
84%patch19 -p1 -b .build
85%patch20 -p1 -b .aliasing
86%patch21 -p1 -b .cve_2015_4047
87%patch22 -p1 -b .station_id
88
89%if %{with wildcard_psk}
90%patch100 -p0 -b wildcard_id
91%endif
92
93./bootstrap
94
95%build
96sed -i 's|-Werror||g' configure
97LDFLAGS="-Wl,--as-needed"
98export LDFLAGS
99%configure \
100 --with-kernel-headers=/usr/include \
101 --sysconfdir=%{_sysconfdir}/racoon \
102 --without-readline \
103 --enable-adminport \
104 --enable-hybrid \
105 --enable-frag \
106 --enable-dpd \
107 --enable-gssapi \
108 --enable-natt \
109 --disable-security-context \
110 --disable-audit \
111 --with-libpam
112make
113
114%install
115rm -rf $RPM_BUILD_ROOT
116mkdir -p $RPM_BUILD_ROOT/sbin
117mkdir -p $RPM_BUILD_ROOT%{_sbindir}
118mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon
119mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d
120make install DESTDIR=$RPM_BUILD_ROOT
121
122install -m 600 %{SOURCE1} \
123  $RPM_BUILD_ROOT%{_sysconfdir}/racoon/racoon.conf
124install -m 600 %{SOURCE2} \
125  $RPM_BUILD_ROOT%{_sysconfdir}/racoon/psk.txt
126
127mv $RPM_BUILD_ROOT%{_sbindir}/setkey $RPM_BUILD_ROOT/sbin
128
129mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/certs
130mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts
131
132install -m 700 %{SOURCE3} \
133  $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts/p1_up_down
134install -D -m755 %{SOURCE4} $RPM_BUILD_ROOT%{_initrddir}/racoon
135install -D -m644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/racoon
136
137install -D -m644 %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.conf
138
139# no devel stuff for now
140rm -rf $RPM_BUILD_ROOT%{_libdir}/libipsec.{a,la} \
141      $RPM_BUILD_ROOT%{_libdir}/libracoon.{a,la} \
142      $RPM_BUILD_ROOT%{_includedir} \
143      $RPM_BUILD_ROOT%{_mandir}/man3
144
145
146%clean
147rm -rf $RPM_BUILD_ROOT
148
149%post
150if [ $1 = 1 ]; then
151        chkconfig --add racoon
152fi
153
154%preun
155if [ $1 = 0 ]; then
156        service racoon stop > /dev/null 2>&1
157        /sbin/chkconfig --del racoon
158fi
159
160%files
161%defattr(-,root,root)
162%doc src/racoon/samples/racoon.conf src/racoon/samples/psk.txt
163%doc src/racoon/doc/FAQ
164%doc ChangeLog NEWS README
165/sbin/*
166%{_sbindir}/*
167%{_mandir}/man*/*
168%config %{_sysconfdir}/rc.d/init.d/racoon
169%dir /etc/racoon
170%dir /etc/racoon/certs
171%dir /etc/racoon/scripts
172%dir /var/racoon
173/etc/racoon/scripts/*
174%config(noreplace) %{_sysconfdir}/racoon/psk.txt
175%config(noreplace) %{_sysconfdir}/racoon/racoon.conf
176%config(noreplace) %{_sysconfdir}/ipsec.conf
177%config(noreplace) %{_sysconfdir}/pam.d/racoon
178
179%changelog
180* Tue Dec 19 2017 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.2-2
181- added Patch21,22
182
183* Wed Apr 02 2014 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.2-1
184- new upstream release.
185
186* Tue Dec 10 2013 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.1-1
187- new upstream release.
188
189* Fri Apr 22 2011 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.0-1
190- new upstream release.
191- shipped all patches from Fedora RawHide.
192- added Patch100 but not applied as default.
193
194* Sun Feb 06 2011 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.6.7-2
195- rebuild with openssl-1.0.0c
196
197* Sun Sep 28 2008 Shu KONNO <owa@bg.wakwak.com> 0.6.7-1vl5
198- applied new versioning policy, spec in utf-8
199
200* Sun Jun 10 2007 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 0.6.7-0vl1
201- new upstream release (including security fix CVE-2007-1841)
202- rebuilt with new toolchain
203
204* Wed Feb 28 2007 Kunio Murasawa <murasawa@fa2.so-net.ne.jp> 0.6.6-1vl1
205- initial build for Vine Linux
206
207* Wed Jan 17 2007 Harald Hoyer <harald@redhat.com> - 0.6.6-1
208- version 0.6.6
209
210* Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 0.6.5-6
211- rebuilt for unwind info generation, broken in gcc-4.1.1-21
212
213* Mon Sep 25 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-5
214- added patch for selinux integration (bug #207159)
215
216* Fri Aug  4 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-4
217- backport of important 0.6.6 fixes:
218  - sets NAT-T ports to 0 if no NAT encapsulation
219  - fixed memory leak
220
221* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.6.5-3.1
222- rebuild
223
224* Wed Jun 21 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-3
225- more build requirements
226
227* Tue Apr 18 2006 Dan Walsh <dwalsh@redhat.com> - 0.6.5-2
228- Fix patch to build MLS Stuff correctly
229
230* Tue Apr 18 2006 Dan Walsh <dwalsh@redhat.com> - 0.6.5-1
231- Update to latest upstream version
232- Add MLS Patch to allow use of labeled networks
233- Patch provided by Joy Latten <latten@austin.ibm.com>
234
235* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.6.4-1.1
236- bump again for double-long bug on ppc(64)
237
238* Tue Feb 07 2006 Harald Hoyer <harald@redhat.com> 0.6.4-1
239- version 0.6.4
240
241* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.6.3-1.2
242- rebuilt for new gcc4.1 snapshot and glibc changes
243
244* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
245- rebuilt
246
247* Mon Dec 05 2005 Harald Hoyer <harald@redhat.com> 0.6.3-1
248- version 0.6.3, which contains fixes for various DoS problems
249
250* Wed Nov  9 2005 Tomas Mraz <tmraz@redhat.com> 0.6.1-2
251- rebuilt against new openssl
252
253* Wed Oct 12 2005 Harald Hoyer <harald@redhat.com> 0.6.1-1
254- version 0.6.1
255
256* Mon Mar 28 2005 Bill Nottingham <notting@redhat.com> 0.5-4
257- fix 64-bit issue in setph1attr() (<aviro@redhat.com>)
258
259* Mon Mar 14 2005 Bill Nottingham <notting@redhat.com> 0.5-3
260- add patch for DoS (CAN-2005-0398, #145532)
261
262* Sat Mar  5 2005 Uwe Beck <ubeck@c3pdm.com> 0.5-2
263- now racoon use /etc/racoon/racoon.conf as default
264- add the /var/racoon directory for racoon.sock
265
266* Wed Feb 23 2005 Bill Nottingham <notting@redhat.com> 0.5-1
267- update to 0.5
268
269* Thu Nov  4 2004 Bill Nottingham <notting@redhat.com> 0.3.3-2
270- don't use new 0.3.3 handling of stdin in setkey; it breaks the
271  format (#138105)
272
273* Mon Sep 27 2004 Bill Nottingham <notting@redhat.com> 0.3.3-1
274- update to 0.3.3 (#122211)
275
276* Sun Aug 08 2004 Alan Cox <alan@redhat.com> 0.2.5-6
277- fix buildreqs (Steve Grubb)
278
279* Mon Jun 28 2004 Nalin Dahyabhai <nalin@redhat.com> 0.2.5-5
280- rebuild
281
282* Fri Jun 25 2004 Nalin Dahyabhai <nalin@redhat.com> 0.2.5-4
283- backport certificate validation fixes from 0.3.3 (#126568)
284
285* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
286- rebuilt
287
288* Wed Apr 14 2004 Bill Nottingham <notting@redhat.com> - 0.2.5-2
289- add patch for potential remote DoS (CAN-2004-0403)
290
291* Tue Apr  6 2004 Bill Nottingham <notting@redhat.com>
292- update to 0.2.5
293
294* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
295- rebuilt
296
297* Mon Feb 23 2004 Bill Nottingham <notting@redhat.com>
298- update to 0.2.4, fix racoon install location (#116374, <kajtzu@fi.basen.net>)
299
300* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
301- rebuilt
302
303* Mon Dec  8 2003 Bill Nottingham <notting@redhat.com> 0.2.2-8
304- rebuild
305
306* Fri Aug 29 2003 Bill Nottingham <notting@redhat.com> 0.2.2-7
307- add fix for #103238
308
309* Tue Aug  5 2003 Bill Nottingham <notting@redhat.com> 0.2.2-6
310- update kernel interface bits, rebuild against them
311
312* Tue Jul 29 2003 Bill Nottingham <notting@redhat.com> 0.2.2-5
313- rebuild
314
315* Wed Jul  2 2003 Bill Notitngham <notting@redhat.com> 0.2.2-4
316- ship a much more pared-down racoon.conf and psk.txt
317
318* Thu Jun  5 2003 Bill Notitngham <notting@redhat.com> 0.2.2-3
319- update pfkey header for current kernels
320
321* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
322- rebuilt
323
324* Fri May  2 2003 Bill Nottingham <notting@redhat.com> 0.2.2-1
325- update to 0.2.2
326
327* Fri Mar  7 2003 Bill Nottingham <notting@redhat.com>
328- initial build
Note: See TracBrowser for help on using the repository browser.