%define LIBMAJ 0 %define libname %mklibname ipsec %LIBMAJ %define libnamedev %mklibname -d ipsec Name: ipsec-tools Version: 0.8.1 Release: %mkrel 5 Summary: Tools for configuring and using IPSEC License: BSD Group: Networking/Other URL: http://ipsec-tools.sourceforge.net/ Source: http://prdownloads.sourceforge.net/ipsec-tools/ipsec-tools-%{version}.tar.bz2 Source3: racoon.conf Source4: psk.txt Source6: ipsec-setkey-initscript Source7: racoon-initscript Source8: racoon.sysconfig Patch0: ipsec-tools-0.8.0-manfix.patch Patch1: ipsec-tools-0.8.1-includes.patch Patch3: ipsec-tools-0.8.0-link.patch Patch4: ipsec-tools-0.8.1-null-ptr-deref.patch # Fedora patches Patch103: ipsec-tools-0.8.0-acquires.patch Patch104: ipsec-tools-0.8.0-loopback.patch Patch105: ipsec-tools-0.8.0-build.patch # the following patches were also submitted upstream: Patch111: ipsec-tools-0.8.0-pie.patch BuildRequires: openssl-devel BuildRequires: krb5-devel BuildRequires: flex BuildRequires: bison BuildRequires: libpam-devel Requires: %{libname} = %{version} Requires(pre): rpm-helper Requires: rpm-helper Provides: kvpnc-backend %description This is the IPsec-Tools package. You need this package in order to really use the IPsec functionality in the linux-2.6 and above kernels. This package builds: - libipsec, a PFKeyV2 library - setkey, a program to directly manipulate policies and SAs - racoon, an IKEv1 keying daemon %define old_libname %mklibname ipsec-tools 0 %define old_libname_devel %mklibname -d ipsec 0 %package -n %{libname} Summary: The shared libraries used by ipsec-tools Group: System/Libraries Requires(post): grep, coreutils Requires(preun): grep, coreutils Requires: grep, coreutils Provides: libipsec = %{version}-%{release} Provides: libipsec-tools = %{version}-%{release} Obsoletes: libipsec-tools Provides: %old_libname = %{version}-%{release} Obsoletes: %old_libname %description -n %{libname} These are the shared libraries for the IPsec-Tools package. %package -n %{libnamedev} Summary: Headers for programs for %libname Group: Development/C Requires: %{libname} = %{version} Provides: libipsec-tools-devel = %{version}-%{release} Provides: libipsec-devel = %{version}-%{release} Obsoletes: libipsec-tools-devel Provides: %{old_libname}-devel = %{version}-%{release} Obsoletes: %{old_libname}-devel Obsoletes: %{old_libname_devel} < 0.7 %description -n %{libnamedev} These are development headers for libipsec %prep %setup -q %patch0 -p1 -b .manfix %patch1 -p1 -b .includes %patch3 -p1 -b .link %patch4 -p1 -b .nullptr %patch103 -p1 -b .acquires %patch104 -p1 -b .loopback %patch105 -p1 -b .build %patch111 -p1 -b .pie sed -i 's|-Werror||g' configure* %build ./bootstrap %configure2_5x \ --prefix=%{_prefix} \ --mandir=%{_mandir} \ --libdir=/%{_lib} \ --sbindir=/sbin \ --localstatedir=%{_localstatedir}/lib \ --sysconfdir=%{_sysconfdir}/racoon \ --with-kernel-headers=%{_includedir} \ --enable-shared \ --disable-rpath \ --enable-hybrid \ --enable-frag \ --enable-dpd \ --enable-adminport \ --enable-gssapi \ --enable-natt \ --with-libpam \ --enable-security-context=no \ --disable-audit make %install %makeinstall_std mkdir -p $RPM_BUILD_ROOT/etc/racoon/ install -m 0600 %{SOURCE3} $RPM_BUILD_ROOT/etc/racoon/racoon.conf install -m 0600 %{SOURCE4} $RPM_BUILD_ROOT/etc/racoon/psk.txt mkdir -m 0700 -p $RPM_BUILD_ROOT/etc/racoon/certs mkdir -p $RPM_BUILD_ROOT/%{_initrddir} install -m 0755 %{SOURCE6} $RPM_BUILD_ROOT/%{_initrddir}/ipsec-setkey install -m 0755 %{SOURCE7} $RPM_BUILD_ROOT/%{_initrddir}/racoon mkdir -p %{buildroot}%{_sysconfdir}/sysconfig # racoon.sysconfig install -m 0644 %{SOURCE8} %{buildroot}%{_sysconfdir}/sysconfig/racoon # pam file mkdir -p %{buildroot}%{_sysconfdir}/pam.d cat > %{buildroot}%{_sysconfdir}/pam.d/racoon <<EOF #%PAM-1.0 auth required pam_nologin.so auth include system-auth account include system-auth EOF # default ipsec.conf file cat > %{buildroot}%{_sysconfdir}/ipsec.conf <<EOF #!/usr/sbin/setkey -f # # File /etc/ipsec.conf # delete the SAD and SPD flush; spdflush; # Define here your security policies # Example # ipsec between two machines: 192.168.1.10 and 192.168.1.20 # # spdadd 192.168.1.10 192.168.1.20 any -P in ipsec # esp/transport//require # ah/transport//require; # # spdadd 192.168.1.20 192.168.1.10 any -P out ipsec # esp/transport//require # ah/transport//require; EOF # remove some files from the sample dir so we can include it # in %%doc. Also fix their permissions rm -f src/racoon/samples/*.in find src/racoon/samples -type f -exec chmod 0644 {} \; %post %_post_service ipsec-setkey %_post_service racoon %preun %_preun_service ipsec-setkey %_preun_service racoon %files %doc ChangeLog NEWS README %doc src/racoon/samples %doc src/racoon/doc/* /sbin/* %{_mandir}/man*/* %dir %{_sysconfdir}/racoon %dir %{_sysconfdir}/racoon/certs %config(noreplace) %{_sysconfdir}/sysconfig/racoon %config(noreplace) %{_sysconfdir}/racoon/psk.txt %config(noreplace) %{_sysconfdir}/racoon/racoon.conf %config(noreplace) %attr(0600,root,root) %{_sysconfdir}/ipsec.conf %config(noreplace) %{_sysconfdir}/pam.d/racoon %attr (0755,root,root) %{_initrddir}/ipsec-setkey %attr (0755,root,root) %{_initrddir}/racoon %dir /var/lib/racoon %files -n %{libname} %doc ChangeLog NEWS README /%{_lib}/*.so.* %files -n %{libnamedev} /%{_lib}/libipsec.la /%{_lib}/libipsec.a /%{_lib}/libipsec.so /%{_lib}/libracoon.la /%{_lib}/libracoon.a /%{_lib}/libracoon.so %{_includedir}/* %changelog * Wed May 20 2015 luigiwalser <luigiwalser> 0.8.1-5.mga5 + Revision: 822446 - add patch to fix null pointer dereference * Wed Oct 15 2014 umeabot <umeabot> 0.8.1-4.mga5 + Revision: 746428 - Second Mageia 5 Mass Rebuild * Tue Sep 16 2014 umeabot <umeabot> 0.8.1-3.mga5 + Revision: 680546 - Mageia 5 Mass Rebuild * Tue Oct 22 2013 umeabot <umeabot> 0.8.1-2.mga4 + Revision: 541691 - Mageia 4 Mass Rebuild * Sun Oct 13 2013 tmb <tmb> 0.8.1-1.mga4 + Revision: 496340 - update to 0.8.1 - rediff p1 - drop p4 (automake fix, merged) * Sat Jan 12 2013 umeabot <umeabot> 0.8.0-3.mga3 + Revision: 354463 - Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild * Sat Jan 05 2013 cjw <cjw> 0.8.0-2.mga3 + Revision: 339210 - patch4: fix build with automake 1.13 * Tue Mar 06 2012 tmb <tmb> 0.8.0-1.mga2 + Revision: 220077 - fix typo in initscripts - add P105 to fix build (fedora) - drop buildroot and defattr - rediff patches: P0, P1, P3, P103, P104, P111 - drop merged patches: P2, P105, P106, P109, P110, P113 - update to 0.8.0 * Sun Mar 06 2011 ennael <ennael> 0.7.3-4.mga1 + Revision: 65570 - clean spec file + kharec <kharec> - imported package ipsec-tools * Fri Dec 03 2010 Oden Eriksson <oeriksson@mandriva.com> 0.7.3-4mdv2011.0 + Revision: 605980 - rebuild * Wed Apr 28 2010 Funda Wang <fwang@mandriva.org> 0.7.3-3mdv2010.1 + Revision: 539967 - fix linkage problem * Fri Feb 26 2010 Oden Eriksson <oeriksson@mandriva.com> 0.7.3-2mdv2010.1 + Revision: 511579 - rebuilt against openssl-0.9.8m * Sat Sep 26 2009 Frederik Himpe <fhimpe@mandriva.org> 0.7.3-1mdv2010.0 + Revision: 449597 - Update to new version 0.7.3 - Add patch from PLD fixing double installation of header file * Sun May 03 2009 Frederik Himpe <fhimpe@mandriva.org> 0.7.2-1mdv2010.0 + Revision: 371015 - Update to new version 0.7.2 - Remove security patch integrated upstream - Add Fedora patches - Set %%define _disable_ld_no_undefined 1 to fix undefined references - Explicitly disable audit support to make it build even if libaudit-devel is installed * Sat Aug 23 2008 Frederik Himpe <fhimpe@mandriva.org> 0.7.1-1mdv2009.0 + Revision: 275249 - Add patch fixing security problem CVE-2008-3652 - Update to version 0.7.1 (fixes CVE-2008-3651) * Tue Jun 17 2008 Thierry Vignaud <tv@mandriva.org> 0.7-2mdv2009.0 + Revision: 221638 - rebuild - kill re-definition of %%buildroot on Pixel's request + Pixel <pixel@mandriva.com> - do not call ldconfig in %%post/%%postun, it is now handled by filetriggers - adapt to %%_localstatedir now being /var instead of /var/lib (#22312) + Olivier Blin <oblin@mandriva.com> - restore BuildRoot * Wed Oct 17 2007 Andreas Hasenack <andreas@mandriva.com> 0.7-1mdv2008.1 + Revision: 99702 - updated to version 0.7 - comply with new devel package policy (drop soname from it) - drop patches which are no longer needed (gcc-misc, werror) - disable security context or else we need selinux * Thu Aug 23 2007 Thierry Vignaud <tv@mandriva.org> 0.6.7-1mdv2008.0 + Revision: 69963 - patch 4: fix build by disabling -Werror which make build randomly fails for no good reason when newer gcc spit out more warnings - fileutils, sh-utils & textutils have been obsoleted by coreutils a long time ago * Sat Apr 07 2007 Andreas Hasenack <andreas@mandriva.com> 0.6.7-1mdv2007.1 + Revision: 151144 - updated to version 0.6.7, fixing a DoS (CVE-2007-1841) * Thu Sep 14 2006 Andreas Hasenack <andreas@mandriva.com> 0.6.6-2mdv2007.0 + Revision: 61328 - added PAM configuration file (PAM auth tested) * Thu Sep 14 2006 Andreas Hasenack <andreas@mandriva.com> 0.6.6-1mdv2007.0 + Revision: 61275 - added buildrequires for libpam-devel due to new pam support - using mkrel - enabled pam support - added support for parallel initscripts - bunzipped patches and some source files - updated to version 0.6.6 - added gcc patch - don't run auto-tools, it's introducing a build error - Import ipsec-tools * Sun Feb 05 2006 Andreas Hasenack <andreas@mandriva.com> 0.6.5-1mdk - updated to version 0.6.5 * Wed Jan 25 2006 Andreas Hasenack <andreas@mandriva.com> 0.6.4-1mdk - updated to version 0.6.4 - removed openssl0.9.8 patch, not needed anymore * Sun Nov 13 2005 Oden Eriksson <oeriksson@mandriva.com> 0.6.2b3-2mdk - added P3 from fedora to make it build against openssl-0.9.8a * Wed Oct 05 2005 Andreas Hasenack <andreas@mandriva.com> 0.6.2b3-1mdk - updated to version 0.6.2b3 - removed signwarn patch, already applied - removed warning patch, no longer needed - redid x86_64 patch - redid manfix patch - removed --enable-samode-unspec ./configure option, it's said to not work with linux - added "remote anonymous" section to default racoon.conf, taken from sample file in the documentation directory - added libracoon to file list in devel package * Thu Sep 08 2005 Gwenole Beauchesne <gbeauchesne@mandriva.com> 0.5.2-5mdk - don't forcibly redefine bcopy() & bzero() * Wed Jun 29 2005 Andreas Hasenack <andreas@mandriva.com> 0.5.2-4mdk - added a sample ipsec.conf file - use proper exit codes in the ipsec-setkey and racoon initscripts - only load ipv6 ipsec related modules if NETWORKING_IPV6=yes (ipsec-setkey init script) - added more documentation to %%doc - removed reload option from the racoon initscript since it's not supported anyway (was equal to restart) * Thu Jun 23 2005 Andreas Hasenack <andreas@mandriva.com> 0.5.2-3mdk - more fixes for paths in the manpage * Tue Jun 14 2005 Andreas Hasenack <andreas@mandriva.com> 0.5.2-2mdk - fix patch referenced in manpage * Tue Jun 14 2005 Andreas Hasenack <andreas@mandriva.com> 0.5.2-1mdk - updated to version 0.5.2 - using /etc/racoon for sysconfdir directory (fixes #16234) - added patch to fix a signedess warning with gcc4 - included missing /var/lib/racoon directory, fixing #16409 (why isn't rpm warning about this directory which wasn't being packaged?) - added a sysconfig file so that the admin can give racoon some command line arguments if needed * Wed May 04 2005 Couriousous <couriousous@mandriva.org> 0.5.1-2mdk - Fix x86_64 build * Sun May 01 2005 Couriousous <couriousous@mandriva.org> 0.5.1-1mdk - 0.5.1 - Enable more features - Patch to fix gssapi warning * Fri Mar 25 2005 Couriousous <couriousous@mandrake.org> 0.5-4mdk - Security fix (CAN-2005-0398) * Thu Mar 03 2005 Couriousous <couriousous@mandrake.org> 0.5-3mdk - Fix conflict with openswan ( #14133 ) * Wed Feb 23 2005 Christiaan Welvaart <cjw@daneel.dyndns.org> 0.5-2mdk - add BuildRequires: bison * Sat Feb 19 2005 Couriousous <couriousous@mandrake.org> 0.5-1mdk - 0.5 - Change library name libipsec-tools to libipsec * Sun Dec 26 2004 Couriousous <couriousous@mandrake.org> 0.4-2mdk - Add Provide kvpnc-backend * Thu Sep 23 2004 Couriousous <couriousous@sceen.net> 0.4-1mdk - 0.4 - Add startup scripts - Enable -devel package * Fri Jul 16 2004 Christiaan Welvaart <cjw@daneel.dyndns.org> 0.2.5-2mdk - add BuildRequires: flex * Fri Apr 09 2004 Florin <florin@mandrakesoft.com> 0.2.5-1mdk - 0.2.5 (security update) - /sbin now contains the binaries and not /usr/sbin anymore