/[packages]/updates/5/ipsec-tools/current/SPECS/ipsec-tools.spec
ViewVC logotype

Contents of /updates/5/ipsec-tools/current/SPECS/ipsec-tools.spec

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1186893 - (show annotations) (download)
Fri Dec 29 00:31:58 2017 UTC (17 months, 2 weeks ago) by luigiwalser
File size: 5635 byte(s)
add patch from ubuntu to fix CVE-2016-10396
1 %define LIBMAJ 0
2 %define libname %mklibname ipsec %LIBMAJ
3 %define libnamedev %mklibname -d ipsec
4
5 Name: ipsec-tools
6 Version: 0.8.1
7 %define subrel 1
8 Release: %mkrel 5
9 Summary: Tools for configuring and using IPSEC
10 License: BSD
11 Group: Networking/Other
12 URL: http://ipsec-tools.sourceforge.net/
13 Source: http://prdownloads.sourceforge.net/ipsec-tools/ipsec-tools-%{version}.tar.bz2
14 Source3: racoon.conf
15 Source4: psk.txt
16 Source6: ipsec-setkey-initscript
17 Source7: racoon-initscript
18 Source8: racoon.sysconfig
19 Patch0: ipsec-tools-0.8.0-manfix.patch
20 Patch1: ipsec-tools-0.8.1-includes.patch
21 Patch3: ipsec-tools-0.8.0-link.patch
22 Patch4: ipsec-tools-0.8.1-null-ptr-deref.patch
23 # Fedora patches
24 Patch103: ipsec-tools-0.8.0-acquires.patch
25 Patch104: ipsec-tools-0.8.0-loopback.patch
26 Patch105: ipsec-tools-0.8.0-build.patch
27 # the following patches were also submitted upstream:
28 Patch111: ipsec-tools-0.8.0-pie.patch
29 Patch112: ipsec-tools-0.8.2-CVE-2016-10396.patch
30 BuildRequires: openssl-devel
31 BuildRequires: krb5-devel
32 BuildRequires: flex
33 BuildRequires: bison
34 BuildRequires: libpam-devel
35 Requires: %{libname} = %{version}
36 Requires(pre): rpm-helper
37 Requires: rpm-helper
38 Provides: kvpnc-backend
39
40 %description
41 This is the IPsec-Tools package. You need this package in order to
42 really use the IPsec functionality in the linux-2.6 and above kernels.
43 This package builds:
44
45 - libipsec, a PFKeyV2 library
46 - setkey, a program to directly manipulate policies and SAs
47 - racoon, an IKEv1 keying daemon
48
49 %define old_libname %mklibname ipsec-tools 0
50 %define old_libname_devel %mklibname -d ipsec 0
51
52 %package -n %{libname}
53 Summary: The shared libraries used by ipsec-tools
54 Group: System/Libraries
55 Requires(post): grep, coreutils
56 Requires(preun): grep, coreutils
57 Requires: grep, coreutils
58 Provides: libipsec = %{version}-%{release}
59 Provides: libipsec-tools = %{version}-%{release}
60 Obsoletes: libipsec-tools
61 Provides: %old_libname = %{version}-%{release}
62 Obsoletes: %old_libname
63
64 %description -n %{libname}
65 These are the shared libraries for the IPsec-Tools package.
66
67 %package -n %{libnamedev}
68 Summary: Headers for programs for %libname
69 Group: Development/C
70 Requires: %{libname} = %{version}
71 Provides: libipsec-tools-devel = %{version}-%{release}
72 Provides: libipsec-devel = %{version}-%{release}
73 Obsoletes: libipsec-tools-devel
74 Provides: %{old_libname}-devel = %{version}-%{release}
75 Obsoletes: %{old_libname}-devel
76 Obsoletes: %{old_libname_devel} < 0.7
77
78
79 %description -n %{libnamedev}
80 These are development headers for libipsec
81
82 %prep
83 %setup -q
84 %patch0 -p1 -b .manfix
85 %patch1 -p1 -b .includes
86 %patch3 -p1 -b .link
87 %patch4 -p1 -b .nullptr
88 %patch103 -p1 -b .acquires
89 %patch104 -p1 -b .loopback
90 %patch105 -p1 -b .build
91 %patch111 -p1 -b .pie
92 %patch112 -p1 -b .CVE-2016-10396
93
94 sed -i 's|-Werror||g' configure*
95
96
97 %build
98 ./bootstrap
99 %configure2_5x \
100 --prefix=%{_prefix} \
101 --mandir=%{_mandir} \
102 --libdir=/%{_lib} \
103 --sbindir=/sbin \
104 --localstatedir=%{_localstatedir}/lib \
105 --sysconfdir=%{_sysconfdir}/racoon \
106 --with-kernel-headers=%{_includedir} \
107 --enable-shared \
108 --disable-rpath \
109 --enable-hybrid \
110 --enable-frag \
111 --enable-dpd \
112 --enable-adminport \
113 --enable-gssapi \
114 --enable-natt \
115 --with-libpam \
116 --enable-security-context=no \
117 --disable-audit
118 make
119
120 %install
121 %makeinstall_std
122
123 mkdir -p $RPM_BUILD_ROOT/etc/racoon/
124
125 install -m 0600 %{SOURCE3} $RPM_BUILD_ROOT/etc/racoon/racoon.conf
126 install -m 0600 %{SOURCE4} $RPM_BUILD_ROOT/etc/racoon/psk.txt
127 mkdir -m 0700 -p $RPM_BUILD_ROOT/etc/racoon/certs
128
129 mkdir -p $RPM_BUILD_ROOT/%{_initrddir}
130 install -m 0755 %{SOURCE6} $RPM_BUILD_ROOT/%{_initrddir}/ipsec-setkey
131 install -m 0755 %{SOURCE7} $RPM_BUILD_ROOT/%{_initrddir}/racoon
132
133 mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
134 # racoon.sysconfig
135 install -m 0644 %{SOURCE8} %{buildroot}%{_sysconfdir}/sysconfig/racoon
136
137 # pam file
138 mkdir -p %{buildroot}%{_sysconfdir}/pam.d
139 cat > %{buildroot}%{_sysconfdir}/pam.d/racoon <<EOF
140 #%PAM-1.0
141 auth required pam_nologin.so
142 auth include system-auth
143 account include system-auth
144 EOF
145
146 # default ipsec.conf file
147 cat > %{buildroot}%{_sysconfdir}/ipsec.conf <<EOF
148 #!/usr/sbin/setkey -f
149 #
150 # File /etc/ipsec.conf
151
152 # delete the SAD and SPD
153 flush;
154 spdflush;
155
156 # Define here your security policies
157
158 # Example
159 # ipsec between two machines: 192.168.1.10 and 192.168.1.20
160 #
161 # spdadd 192.168.1.10 192.168.1.20 any -P in ipsec
162 # esp/transport//require
163 # ah/transport//require;
164 #
165 # spdadd 192.168.1.20 192.168.1.10 any -P out ipsec
166 # esp/transport//require
167 # ah/transport//require;
168
169 EOF
170
171 # remove some files from the sample dir so we can include it
172 # in %%doc. Also fix their permissions
173 rm -f src/racoon/samples/*.in
174 find src/racoon/samples -type f -exec chmod 0644 {} \;
175
176 %post
177 %_post_service ipsec-setkey
178 %_post_service racoon
179
180 %preun
181 %_preun_service ipsec-setkey
182 %_preun_service racoon
183
184 %files
185 %doc ChangeLog NEWS README
186 %doc src/racoon/samples
187 %doc src/racoon/doc/*
188 /sbin/*
189 %{_mandir}/man*/*
190 %dir %{_sysconfdir}/racoon
191 %dir %{_sysconfdir}/racoon/certs
192 %config(noreplace) %{_sysconfdir}/sysconfig/racoon
193 %config(noreplace) %{_sysconfdir}/racoon/psk.txt
194 %config(noreplace) %{_sysconfdir}/racoon/racoon.conf
195 %config(noreplace) %attr(0600,root,root) %{_sysconfdir}/ipsec.conf
196 %config(noreplace) %{_sysconfdir}/pam.d/racoon
197 %attr (0755,root,root) %{_initrddir}/ipsec-setkey
198 %attr (0755,root,root) %{_initrddir}/racoon
199 %dir /var/lib/racoon
200
201 %files -n %{libname}
202 %doc ChangeLog NEWS README
203 /%{_lib}/*.so.*
204
205 %files -n %{libnamedev}
206 /%{_lib}/libipsec.la
207 /%{_lib}/libipsec.a
208 /%{_lib}/libipsec.so
209 /%{_lib}/libracoon.la
210 /%{_lib}/libracoon.a
211 /%{_lib}/libracoon.so
212 %{_includedir}/*

  ViewVC Help
Powered by ViewVC 1.1.26