%define _enable_debug_packages %{nil} %define debug_package %{nil} Summary: An implementation of IPSEC & IKE for Linux Name: openswan Version: 2.6.39 Release: %mkrel 10 License: GPLv2+ Group: System/Servers URL: http://www.openswan.org/ Source0: http://www.openswan.org/download/openswan-%{version}.tar.gz Source1: http://www.openswan.org/download/openswan-%{version}.tar.gz.sig Patch0: openswan-2.6.28-manfix.patch Patch1: openswan-2.6.39-format_not_a_string_literal_and_no_format_arguments.diff Patch2: openswan-2.6.39-glibc217-crypt.patch Patch3: openswan-2.6.39-CVE-2013-6466.patch Patch4: openswan-2.6.39-CVE-2014-2037.patch Patch5: openswan-2.6.41-nat-traversal.patch Requires(post): rpm-helper Requires(preun): rpm-helper Provides: ipsec-userland Requires: lsof Requires: iproute2 Conflicts: freeswan BuildRequires: bison BuildRequires: gmp-devel BuildRequires: pam-devel BuildRequires: dos2unix BuildRequires: flex BuildRequires: xmlto BuildRequires: docbook-dtd412-xml BuildRequires: docbook-style-xsl %description Openswan is a free implementation of IPSEC & IKE for Linux, a fork of the FreeS/WAN project. IPSEC is Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the ipsec gateway machine and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network or VPN. This package contains the daemons and userland tools for setting up Openswan on a kernel with either the 2.6 native IPsec code, or FreeS/WAN's KLIPS. %package doc Summary: An implementation of IPSEC & IKE for Linux Group: System/Servers %description doc Openswan is a free implementation of IPSEC & IKE for Linux, a fork of the FreeS/WAN project. This is the documentation for Openswan. %prep %setup -q -n openswan-%{version} %patch0 -p0 -b .manfix %patch1 -p0 -b .format_not_a_string_literal_and_no_format_arguments %patch2 -p1 -b .glibc217-crypt %patch3 -p1 -b .CVE-2013-6466 %patch4 -p1 -b .CVE-2014-2037 %patch5 -p1 -b .nat-traversal find . -type f -name "*.html" -exec dos2unix {} \; %build %serverbuild find . -name "Makefile*" | xargs perl -pi -e "s|libexec|%{_lib}|g" export CLFAGS=$(echo %{optflags} -fno-strict-aliasing -Wno-error=unused-but-set-variable -fPIE) # the %%make_build macro doesn't seem to work make \ USERCOMPILE="-g $CLFAGS" \ INC_USRLOCAL=%{_prefix} \ MANTREE=%{_mandir} \ INC_RCDEFAULT=%{_initrddir} \ CONFDIR=%{_sysconfdir}/%name \ FINALCONFDIR=%{_sysconfdir}/%name \ FINALCONFFILE=%{_sysconfdir}/%name/ipsec.conf \ FINALLIBEXECDIR=%{_libdir}/ipsec \ FINALLIBDIR=%{_libdir}/ipsec \ programs %install %make_build \ DESTDIR=%{buildroot} \ INC_USRLOCAL=%{_prefix} \ MANTREE=%{buildroot}%{_mandir} \ INC_RCDEFAULT=%{_initrddir} \ INC_USRLOCAL=%{_prefix} \ INC_RCDEFAULT=%{_initrddir} \ FINALCONFDIR=%{_sysconfdir}/%name \ FINALLIBEXECDIR=%{_libdir}/ipsec \ FINALLIBDIR=%{_libdir}/ipsec \ install install -d -m700 %{buildroot}%{_localstatedir}/lib/run/pluto install -d %{buildroot}%{_sbindir} # Remove old documentation for the time being. rm -rf %{buildroot}%{_defaultdocdir}/freeswan # cleanup rm -rf %{buildroot}%{_sysconfdir}/rc.d/rc* rm -rf %{buildroot}%{_sysconfdir}/rc.d/init.d/setup rm -rf %{buildroot}%{_docdir}/%{name} %preun %_preun_service ipsec %post %_post_service ipsec %files %doc BUGS CHANGES COPYING CREDITS README %attr(0755,root,root) %{_initrddir}/ipsec %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/ipsec.conf %attr(0700,root,root) %dir %{_sysconfdir}/%{name}/ipsec.d %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/ipsec.d/*/* %{_sbindir}/ipsec %dir %{_libdir}/ipsec %{_libdir}/ipsec/* %{_localstatedir}/lib/run/pluto %{_mandir}/*/* %files doc %doc docs/* %changelog * Thu May 12 2016 tv <tv> 2.6.39-10.mga6 + Revision: 1014178 - use std build macros; prevent commented out macros to break build * Fri Feb 12 2016 umeabot <umeabot> 2.6.39-9.mga6 + Revision: 956552 - Mageia 6 Mass Rebuild * Fri Aug 28 2015 cjw <cjw> 2.6.39-8.mga6 + Revision: 870445 - fix build: add -fPIE to compiler flags since setting them in the spec file overrides the upstream flags that include -fPIE * Wed Oct 15 2014 umeabot <umeabot> 2.6.39-7.mga5 + Revision: 742726 - Second Mageia 5 Mass Rebuild * Thu Oct 02 2014 luigiwalser <luigiwalser> 2.6.39-6.mga5 + Revision: 734658 - add upstream patch to fix NAT traversal, broken by CVE-2014-2037 fix * Tue Sep 16 2014 umeabot <umeabot> 2.6.39-5.mga5 + Revision: 683250 - Mageia 5 Mass Rebuild * Mon Feb 24 2014 luigiwalser <luigiwalser> 2.6.39-4.mga5 + Revision: 596504 - rediff upstream patches to fix CVE-2013-6466 * Sat Oct 19 2013 umeabot <umeabot> 2.6.39-3.mga4 + Revision: 532674 - Mageia 4 Mass Rebuild * Thu Aug 22 2013 luigiwalser <luigiwalser> 2.6.39-2.mga4 + Revision: 469204 - add patch from mancha to fix null pointer deref with glibc 2.17 * Sat Aug 03 2013 luigiwalser <luigiwalser> 2.6.39-1.mga4 + Revision: 462940 - merge updates from Patrick Hibbs <codebase7> (mga#10867) - Update to version 2.6.39 - Remove dependancy on ipsec-tools as it's not needed by openswan - Update patch 1 (state.c has been fixed upstream) - Drop CVE patches (fixed upstream) * Thu May 16 2013 luigiwalser <luigiwalser> 2.6.28-6.mga4 + Revision: 413350 - add two more patches from upstream related to CVE-2013-2053 * Thu May 16 2013 luigiwalser <luigiwalser> 2.6.28-5.mga3 + Revision: 413343 - add patches from redhat to fix CVE-2013-2053 * Sun Jan 13 2013 umeabot <umeabot> 2.6.28-4.mga3 + Revision: 362172 - Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild * Mon Oct 15 2012 luigiwalser <luigiwalser> 2.6.28-3.mga3 + Revision: 306628 - fix dos2unix usage - fix build error - add patch from RedHat to fix CVE-2010-330[28] and CVE-2010-375[23] - add patch from RedHat to fix CVE-2011-4073 * Sun Mar 06 2011 ennael <ennael> 2.6.28-2.mga1 + Revision: 65411 - imported package openswan