%define _enable_debug_packages %{nil}
%define debug_package %{nil}
Summary: An implementation of IPSEC & IKE for Linux
Name: openswan
Version: 2.6.39
Release: %mkrel 10
License: GPLv2+
Group: System/Servers
URL: http://www.openswan.org/
Source0: http://www.openswan.org/download/openswan-%{version}.tar.gz
Source1: http://www.openswan.org/download/openswan-%{version}.tar.gz.sig
Patch0: openswan-2.6.28-manfix.patch
Patch1: openswan-2.6.39-format_not_a_string_literal_and_no_format_arguments.diff
Patch2: openswan-2.6.39-glibc217-crypt.patch
Patch3: openswan-2.6.39-CVE-2013-6466.patch
Patch4: openswan-2.6.39-CVE-2014-2037.patch
Patch5: openswan-2.6.41-nat-traversal.patch
Requires(post): rpm-helper
Requires(preun): rpm-helper
Provides: ipsec-userland
Requires: lsof
Requires: iproute2
Conflicts: freeswan
BuildRequires: bison
BuildRequires: gmp-devel
BuildRequires: pam-devel
BuildRequires: dos2unix
BuildRequires: flex
BuildRequires: xmlto
BuildRequires: docbook-dtd412-xml
BuildRequires: docbook-style-xsl
%description
Openswan is a free implementation of IPSEC & IKE for Linux, a fork of the
FreeS/WAN project.
IPSEC is Internet Protocol Security and uses strong cryptography to
provide both authentication and encryption services. These services
allow you to build secure tunnels through untrusted networks.
Everything passing through the untrusted net is encrypted by the ipsec
gateway machine and decrypted by the gateway at the other end of the
tunnel. The resulting tunnel is a virtual private network or VPN.
This package contains the daemons and userland tools for setting up
Openswan on a kernel with either the 2.6 native IPsec code, or
FreeS/WAN's KLIPS.
%package doc
Summary: An implementation of IPSEC & IKE for Linux
Group: System/Servers
%description doc
Openswan is a free implementation of IPSEC & IKE for Linux, a fork of the
FreeS/WAN project.
This is the documentation for Openswan.
%prep
%setup -q -n openswan-%{version}
%patch0 -p0 -b .manfix
%patch1 -p0 -b .format_not_a_string_literal_and_no_format_arguments
%patch2 -p1 -b .glibc217-crypt
%patch3 -p1 -b .CVE-2013-6466
%patch4 -p1 -b .CVE-2014-2037
%patch5 -p1 -b .nat-traversal
find . -type f -name "*.html" -exec dos2unix {} \;
%build
%serverbuild
find . -name "Makefile*" | xargs perl -pi -e "s|libexec|%{_lib}|g"
export CLFAGS=$(echo %{optflags} -fno-strict-aliasing -Wno-error=unused-but-set-variable -fPIE)
# the %%make_build macro doesn't seem to work
make \
USERCOMPILE="-g $CLFAGS" \
INC_USRLOCAL=%{_prefix} \
MANTREE=%{_mandir} \
INC_RCDEFAULT=%{_initrddir} \
CONFDIR=%{_sysconfdir}/%name \
FINALCONFDIR=%{_sysconfdir}/%name \
FINALCONFFILE=%{_sysconfdir}/%name/ipsec.conf \
FINALLIBEXECDIR=%{_libdir}/ipsec \
FINALLIBDIR=%{_libdir}/ipsec \
programs
%install
%make_build \
DESTDIR=%{buildroot} \
INC_USRLOCAL=%{_prefix} \
MANTREE=%{buildroot}%{_mandir} \
INC_RCDEFAULT=%{_initrddir} \
INC_USRLOCAL=%{_prefix} \
INC_RCDEFAULT=%{_initrddir} \
FINALCONFDIR=%{_sysconfdir}/%name \
FINALLIBEXECDIR=%{_libdir}/ipsec \
FINALLIBDIR=%{_libdir}/ipsec \
install
install -d -m700 %{buildroot}%{_localstatedir}/lib/run/pluto
install -d %{buildroot}%{_sbindir}
# Remove old documentation for the time being.
rm -rf %{buildroot}%{_defaultdocdir}/freeswan
# cleanup
rm -rf %{buildroot}%{_sysconfdir}/rc.d/rc*
rm -rf %{buildroot}%{_sysconfdir}/rc.d/init.d/setup
rm -rf %{buildroot}%{_docdir}/%{name}
%preun
%_preun_service ipsec
%post
%_post_service ipsec
%files
%doc BUGS CHANGES COPYING CREDITS README
%attr(0755,root,root) %{_initrddir}/ipsec
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/ipsec.conf
%attr(0700,root,root) %dir %{_sysconfdir}/%{name}/ipsec.d
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/ipsec.d/*/*
%{_sbindir}/ipsec
%dir %{_libdir}/ipsec
%{_libdir}/ipsec/*
%{_localstatedir}/lib/run/pluto
%{_mandir}/*/*
%files doc
%doc docs/*
%changelog
* Thu May 12 2016 tv <tv> 2.6.39-10.mga6
+ Revision: 1014178
- use std build macros; prevent commented out macros to break build
* Fri Feb 12 2016 umeabot <umeabot> 2.6.39-9.mga6
+ Revision: 956552
- Mageia 6 Mass Rebuild
* Fri Aug 28 2015 cjw <cjw> 2.6.39-8.mga6
+ Revision: 870445
- fix build: add -fPIE to compiler flags since setting them in the spec file overrides the upstream flags that include -fPIE
* Wed Oct 15 2014 umeabot <umeabot> 2.6.39-7.mga5
+ Revision: 742726
- Second Mageia 5 Mass Rebuild
* Thu Oct 02 2014 luigiwalser <luigiwalser> 2.6.39-6.mga5
+ Revision: 734658
- add upstream patch to fix NAT traversal, broken by CVE-2014-2037 fix
* Tue Sep 16 2014 umeabot <umeabot> 2.6.39-5.mga5
+ Revision: 683250
- Mageia 5 Mass Rebuild
* Mon Feb 24 2014 luigiwalser <luigiwalser> 2.6.39-4.mga5
+ Revision: 596504
- rediff upstream patches to fix CVE-2013-6466
* Sat Oct 19 2013 umeabot <umeabot> 2.6.39-3.mga4
+ Revision: 532674
- Mageia 4 Mass Rebuild
* Thu Aug 22 2013 luigiwalser <luigiwalser> 2.6.39-2.mga4
+ Revision: 469204
- add patch from mancha to fix null pointer deref with glibc 2.17
* Sat Aug 03 2013 luigiwalser <luigiwalser> 2.6.39-1.mga4
+ Revision: 462940
- merge updates from Patrick Hibbs <codebase7> (mga#10867)
- Update to version 2.6.39
- Remove dependancy on ipsec-tools as it's not needed by openswan
- Update patch 1 (state.c has been fixed upstream)
- Drop CVE patches (fixed upstream)
* Thu May 16 2013 luigiwalser <luigiwalser> 2.6.28-6.mga4
+ Revision: 413350
- add two more patches from upstream related to CVE-2013-2053
* Thu May 16 2013 luigiwalser <luigiwalser> 2.6.28-5.mga3
+ Revision: 413343
- add patches from redhat to fix CVE-2013-2053
* Sun Jan 13 2013 umeabot <umeabot> 2.6.28-4.mga3
+ Revision: 362172
- Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild
* Mon Oct 15 2012 luigiwalser <luigiwalser> 2.6.28-3.mga3
+ Revision: 306628
- fix dos2unix usage
- fix build error
- add patch from RedHat to fix CVE-2010-330[28] and CVE-2010-375[23]
- add patch from RedHat to fix CVE-2011-4073
* Sun Mar 06 2011 ennael <ennael> 2.6.28-2.mga1
+ Revision: 65411
- imported package openswan
distrib
>
Mageia
>
6
>
armv7hl
>
media
>
core-release-src
>
by-pkgid
>
8e6f31fb43c5dc7e676a6f6234c70858
>
files
>
9
