/[packages]/updates/5/ipsec-tools/current/SPECS/ipsec-tools.spec
ViewVC logotype

Annotation of /updates/5/ipsec-tools/current/SPECS/ipsec-tools.spec

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1186893 - (hide annotations) (download)
Fri Dec 29 00:31:58 2017 UTC (18 months, 2 weeks ago) by luigiwalser
File size: 5635 byte(s)
add patch from ubuntu to fix CVE-2016-10396
1 kharec 3447 %define LIBMAJ 0
2     %define libname %mklibname ipsec %LIBMAJ
3     %define libnamedev %mklibname -d ipsec
4    
5     Name: ipsec-tools
6 tmb 496340 Version: 0.8.1
7 luigiwalser 1186893 %define subrel 1
8 luigiwalser 822446 Release: %mkrel 5
9 kharec 3447 Summary: Tools for configuring and using IPSEC
10     License: BSD
11     Group: Networking/Other
12     URL: http://ipsec-tools.sourceforge.net/
13     Source: http://prdownloads.sourceforge.net/ipsec-tools/ipsec-tools-%{version}.tar.bz2
14     Source3: racoon.conf
15     Source4: psk.txt
16     Source6: ipsec-setkey-initscript
17     Source7: racoon-initscript
18     Source8: racoon.sysconfig
19 tmb 220061 Patch0: ipsec-tools-0.8.0-manfix.patch
20 tmb 496340 Patch1: ipsec-tools-0.8.1-includes.patch
21 tmb 220061 Patch3: ipsec-tools-0.8.0-link.patch
22 luigiwalser 822446 Patch4: ipsec-tools-0.8.1-null-ptr-deref.patch
23 kharec 3447 # Fedora patches
24 tmb 220061 Patch103: ipsec-tools-0.8.0-acquires.patch
25     Patch104: ipsec-tools-0.8.0-loopback.patch
26 tmb 220066 Patch105: ipsec-tools-0.8.0-build.patch
27 kharec 3447 # the following patches were also submitted upstream:
28 tmb 220061 Patch111: ipsec-tools-0.8.0-pie.patch
29 luigiwalser 1186893 Patch112: ipsec-tools-0.8.2-CVE-2016-10396.patch
30 ovitters 645222 BuildRequires: openssl-devel
31     BuildRequires: krb5-devel
32     BuildRequires: flex
33     BuildRequires: bison
34 kharec 3447 BuildRequires: libpam-devel
35     Requires: %{libname} = %{version}
36     Requires(pre): rpm-helper
37     Requires: rpm-helper
38     Provides: kvpnc-backend
39    
40     %description
41     This is the IPsec-Tools package. You need this package in order to
42     really use the IPsec functionality in the linux-2.6 and above kernels.
43     This package builds:
44    
45     - libipsec, a PFKeyV2 library
46     - setkey, a program to directly manipulate policies and SAs
47     - racoon, an IKEv1 keying daemon
48    
49     %define old_libname %mklibname ipsec-tools 0
50     %define old_libname_devel %mklibname -d ipsec 0
51    
52     %package -n %{libname}
53     Summary: The shared libraries used by ipsec-tools
54     Group: System/Libraries
55     Requires(post): grep, coreutils
56     Requires(preun): grep, coreutils
57     Requires: grep, coreutils
58     Provides: libipsec = %{version}-%{release}
59     Provides: libipsec-tools = %{version}-%{release}
60     Obsoletes: libipsec-tools
61     Provides: %old_libname = %{version}-%{release}
62     Obsoletes: %old_libname
63    
64     %description -n %{libname}
65     These are the shared libraries for the IPsec-Tools package.
66    
67     %package -n %{libnamedev}
68     Summary: Headers for programs for %libname
69     Group: Development/C
70     Requires: %{libname} = %{version}
71     Provides: libipsec-tools-devel = %{version}-%{release}
72     Provides: libipsec-devel = %{version}-%{release}
73     Obsoletes: libipsec-tools-devel
74     Provides: %{old_libname}-devel = %{version}-%{release}
75     Obsoletes: %{old_libname}-devel
76     Obsoletes: %{old_libname_devel} < 0.7
77    
78    
79     %description -n %{libnamedev}
80     These are development headers for libipsec
81    
82     %prep
83     %setup -q
84     %patch0 -p1 -b .manfix
85     %patch1 -p1 -b .includes
86 tmb 220063 %patch3 -p1 -b .link
87 luigiwalser 822446 %patch4 -p1 -b .nullptr
88 kharec 3447 %patch103 -p1 -b .acquires
89     %patch104 -p1 -b .loopback
90 tmb 220066 %patch105 -p1 -b .build
91 kharec 3447 %patch111 -p1 -b .pie
92 luigiwalser 1186893 %patch112 -p1 -b .CVE-2016-10396
93 kharec 3447
94     sed -i 's|-Werror||g' configure*
95    
96    
97     %build
98     ./bootstrap
99     %configure2_5x \
100     --prefix=%{_prefix} \
101     --mandir=%{_mandir} \
102     --libdir=/%{_lib} \
103     --sbindir=/sbin \
104     --localstatedir=%{_localstatedir}/lib \
105     --sysconfdir=%{_sysconfdir}/racoon \
106     --with-kernel-headers=%{_includedir} \
107     --enable-shared \
108     --disable-rpath \
109     --enable-hybrid \
110     --enable-frag \
111     --enable-dpd \
112     --enable-adminport \
113     --enable-gssapi \
114     --enable-natt \
115     --with-libpam \
116     --enable-security-context=no \
117     --disable-audit
118     make
119    
120     %install
121     %makeinstall_std
122    
123     mkdir -p $RPM_BUILD_ROOT/etc/racoon/
124    
125     install -m 0600 %{SOURCE3} $RPM_BUILD_ROOT/etc/racoon/racoon.conf
126     install -m 0600 %{SOURCE4} $RPM_BUILD_ROOT/etc/racoon/psk.txt
127     mkdir -m 0700 -p $RPM_BUILD_ROOT/etc/racoon/certs
128    
129     mkdir -p $RPM_BUILD_ROOT/%{_initrddir}
130     install -m 0755 %{SOURCE6} $RPM_BUILD_ROOT/%{_initrddir}/ipsec-setkey
131     install -m 0755 %{SOURCE7} $RPM_BUILD_ROOT/%{_initrddir}/racoon
132    
133     mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
134     # racoon.sysconfig
135     install -m 0644 %{SOURCE8} %{buildroot}%{_sysconfdir}/sysconfig/racoon
136    
137     # pam file
138     mkdir -p %{buildroot}%{_sysconfdir}/pam.d
139     cat > %{buildroot}%{_sysconfdir}/pam.d/racoon <<EOF
140     #%PAM-1.0
141     auth required pam_nologin.so
142     auth include system-auth
143     account include system-auth
144     EOF
145    
146     # default ipsec.conf file
147     cat > %{buildroot}%{_sysconfdir}/ipsec.conf <<EOF
148     #!/usr/sbin/setkey -f
149     #
150     # File /etc/ipsec.conf
151    
152     # delete the SAD and SPD
153     flush;
154     spdflush;
155    
156     # Define here your security policies
157    
158     # Example
159     # ipsec between two machines: 192.168.1.10 and 192.168.1.20
160     #
161     # spdadd 192.168.1.10 192.168.1.20 any -P in ipsec
162     # esp/transport//require
163     # ah/transport//require;
164     #
165     # spdadd 192.168.1.20 192.168.1.10 any -P out ipsec
166     # esp/transport//require
167     # ah/transport//require;
168    
169     EOF
170    
171     # remove some files from the sample dir so we can include it
172     # in %%doc. Also fix their permissions
173     rm -f src/racoon/samples/*.in
174     find src/racoon/samples -type f -exec chmod 0644 {} \;
175    
176     %post
177     %_post_service ipsec-setkey
178     %_post_service racoon
179    
180     %preun
181     %_preun_service ipsec-setkey
182     %_preun_service racoon
183    
184     %files
185     %doc ChangeLog NEWS README
186     %doc src/racoon/samples
187     %doc src/racoon/doc/*
188     /sbin/*
189     %{_mandir}/man*/*
190     %dir %{_sysconfdir}/racoon
191     %dir %{_sysconfdir}/racoon/certs
192     %config(noreplace) %{_sysconfdir}/sysconfig/racoon
193     %config(noreplace) %{_sysconfdir}/racoon/psk.txt
194     %config(noreplace) %{_sysconfdir}/racoon/racoon.conf
195     %config(noreplace) %attr(0600,root,root) %{_sysconfdir}/ipsec.conf
196     %config(noreplace) %{_sysconfdir}/pam.d/racoon
197     %attr (0755,root,root) %{_initrddir}/ipsec-setkey
198     %attr (0755,root,root) %{_initrddir}/racoon
199     %dir /var/lib/racoon
200    
201     %files -n %{libname}
202     %doc ChangeLog NEWS README
203     /%{_lib}/*.so.*
204    
205     %files -n %{libnamedev}
206     /%{_lib}/libipsec.la
207     /%{_lib}/libipsec.a
208     /%{_lib}/libipsec.so
209     /%{_lib}/libracoon.la
210     /%{_lib}/libracoon.a
211     /%{_lib}/libracoon.so
212     %{_includedir}/*

  ViewVC Help
Powered by ViewVC 1.1.26