%define _enable_debug_packages %{nil}
%define debug_package %{nil}
Summary: An implementation of IPSEC & IKE for Linux
Name: openswan
Version: 2.6.28
%define subrel 1
Release: %mkrel 2
License: GPLv2+
Group: System/Servers
URL: http://www.openswan.org/
Source0: http://www.openswan.org/download/openswan-%{version}.tar.gz
Source1: http://www.openswan.org/download/openswan-%{version}.tar.gz.asc
Patch0: openswan-2.6.28-manfix.patch
Patch1: openswan-2.6.21-format_not_a_string_literal_and_no_format_arguments.diff
# patch 2 from RedHat, also fixes CVE-2010-3752 and CVE-2010-3753
Patch2: openswan-2.6.28-CVE-2010-3302-CVE-2010-3308.patch
Patch3: openswan-cve-2011-4073.patch
Requires(post): rpm-helper
Requires(preun): rpm-helper
Provides: ipsec-userland
Requires: lsof
Requires: iproute2
Requires: ipsec-tools
Conflicts: freeswan
BuildRequires: bison
BuildRequires: gmp-devel
BuildRequires: pam-devel
BuildRequires: dos2unix
BuildRequires: flex
BuildRequires: xmlto
BuildRequires: docbook-dtd412-xml
BuildRequires: docbook-style-xsl
%description
Openswan is a free implementation of IPSEC & IKE for Linux, a fork of the
FreeS/WAN project.
IPSEC is Internet Protocol Security and uses strong cryptography to
provide both authentication and encryption services. These services
allow you to build secure tunnels through untrusted networks.
Everything passing through the untrusted net is encrypted by the ipsec
gateway machine and decrypted by the gateway at the other end of the
tunnel. The resulting tunnel is a virtual private network or VPN.
This package contains the daemons and userland tools for setting up
Openswan on a kernel with either the 2.6 native IPsec code, or
FreeS/WAN's KLIPS.
%package doc
Summary: An implementation of IPSEC & IKE for Linux
Group: System/Servers
%description doc
Openswan is a free implementation of IPSEC & IKE for Linux, a fork of the
FreeS/WAN project.
This is the documentation for Openswan.
%prep
%setup -q -n openswan-%{version}
%patch0 -p0 -b .manfix
%patch1 -p0 -b .format_not_a_string_literal_and_no_format_arguments
%patch2 -p1 -b .xauth
%patch3 -p1 -b .ike
find . -type f -name "*.html" -exec dos2unix {} \;
%build
%serverbuild
find . -name "Makefile*" | xargs perl -pi -e "s|libexec|%{_lib}|g"
export CLFAGS=$(echo %{optflags} -fno-strict-aliasing -Wno-error=unused-but-set-variable)
# the %make macro doesn't seem to work
make \
USERCOMPILE="-g $CLFAGS" \
INC_USRLOCAL=%{_prefix} \
MANTREE=%{_mandir} \
INC_RCDEFAULT=%{_initrddir} \
CONFDIR=%{_sysconfdir}/%name \
FINALCONFDIR=%{_sysconfdir}/%name \
FINALCONFFILE=%{_sysconfdir}/%name/ipsec.conf \
FINALLIBEXECDIR=%{_libdir}/ipsec \
FINALLIBDIR=%{_libdir}/ipsec \
programs
%install
rm -rf %{buildroot}
%{make} \
DESTDIR=%{buildroot} \
INC_USRLOCAL=%{_prefix} \
MANTREE=%{buildroot}%{_mandir} \
INC_RCDEFAULT=%{_initrddir} \
INC_USRLOCAL=%{_prefix} \
INC_RCDEFAULT=%{_initrddir} \
FINALCONFDIR=%{_sysconfdir}/%name \
FINALLIBEXECDIR=%{_libdir}/ipsec \
FINALLIBDIR=%{_libdir}/ipsec \
install
install -d -m700 %{buildroot}%{_localstatedir}/lib/run/pluto
install -d %{buildroot}%{_sbindir}
# Remove old documentation for the time being.
rm -rf %{buildroot}%{_defaultdocdir}/freeswan
# cleanup
rm -rf %{buildroot}%{_sysconfdir}/rc.d/rc*
rm -rf %{buildroot}%{_sysconfdir}/rc.d/init.d/setup
rm -rf %{buildroot}%{_docdir}/%{name}
%preun
%_preun_service ipsec
%post
%_post_service ipsec
%clean
rm -rf %{buildroot}
%files
%doc BUGS CHANGES COPYING CREDITS README
%attr(0755,root,root) %{_initrddir}/ipsec
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/ipsec.conf
%attr(0700,root,root) %dir %{_sysconfdir}/%{name}/ipsec.d
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/ipsec.d/*/*
%{_sbindir}/ipsec
%dir %{_libdir}/ipsec
%{_libdir}/ipsec/*
%{_localstatedir}/lib/run/pluto
%{_mandir}/*/*
%files doc
%doc doc/*
%changelog
* Mon Oct 15 2012 luigiwalser <luigiwalser> 2.6.28-2.1.mga2
+ Revision: 306641
- fix dos2unix usage
- fix build error
- add patch from RedHat to fix CVE-2010-330[28] and CVE-2010-375[23]
- add patch from RedHat to fix CVE-2011-4073
+ ennael <ennael>
- imported package openswan
