%define basic-name freeswan %define ipsecdir %{_prefix}/lib/ipsec Name: super-freeswan Summary: FreeS/WAN IPSEC implemetation with patches Version: 1.99.8 Release: 10mdk Epoch: 2 URL: http://www.freeswan.ca/ Source0: %{name}-%{version}.tar.gz Source2: freeswan-1.97-ipsec.secrets Source3: README.ipsecrets2pem Patch0: %{name}-1.99.7.3-advroute-v7.patch.bz2 Patch1: %{name}-%{version}-LC_ALL.patch.bz2 Patch2: super-freeswan-1.99.8-gcc34.patch.bz2 Patch3: super-freeswan-1.99.8-CAN-2004-0590.patch.bz2 License: GPL Group: System/Servers BuildRequires: gmp-devel, openssl-devel Provides: freeswan Prereq: chkconfig, rpm-helper BuildRoot: %{_tmppath}/%{name}-%{version}-root %description FreeS/WAN is a free implementation of IPSEC & IKE for Linux. IPSEC is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the ipsec gateway machine and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network or VPN. Super-FreeS/WAN is highly patched version with X.509 auth, NAT-Traversal, Delete SA, Dead Peer detection, and alternative cipher support. %package doc Group: Documentation Summary: Super FreeS/WAN ipsec documentation %description doc Super FreeS/WAN ipsec html documentation %prep %setup -q %patch0 -p1 -b .advroute %patch1 -p1 -b .LC_ALL %patch2 -p1 -b .gcc34 %patch3 -p1 -b .CAN-2004-0590 [ -x %{_sourcedir}/%{name}-gendiff.sh ] && %{_sourcedir}/%{name}-gendiff.sh %{name}-%{version} # change some default settings find . -type f | xargs perl -pi -e "s,/usr/local/man,%{_mandir},g" find . -type f | xargs perl -pi -e "s,/usr/local,%{_prefix},g" find . -type f | xargs perl -pi -e "s,/libexec/ipsec,/lib/ipsec,g" find . -type f | xargs perl -pi -e "s,/etc/ipsec.conf,/etc/freeswan/ipsec.conf,g" find . -type f | xargs perl -pi -e "s,/etc/ipsec.secrets,/etc/freeswan/ipsec.secrets,g" find . -type f | xargs perl -pi -e "s,/etc/ipsec.d,/etc/freeswan/ipsec.d,g" # inline lib64 fixes perl -pi -e 's,(LDFLAGS.+)/lib\b,\1/%{_lib},' contrib/fswcert/Makefile %build %serverbuild perl -p -i -e "s|INC_USRLOCAL=/usr/local|INC_USRLOCAL=/usr|" Makefile.inc perl -p -i -e "s|INC_USRLOCAL=/libexec/ipsec/|INC_USRLOCAL=/lib/ipsec/|" Makefile.inc %make OPT_FLAGS="$RPM_OPT_FLAGS" INC_USRLOCAL=%{_prefix} CONFDIR=%{_sysconfdir}/freeswan/ FINALCONFDIR=%{_sysconfdir}/freeswan FINALCONFFILE=%{_sysconfdir}/freeswan/ipsec.conf MANTREE=%{_mandir} INC_RCDEFAULT=%{_initrddir} programs #build some contrib stuff pushd contrib gcc -o espinudp-check espinudp-check.c pushd ipsecrets2pem make popd pushd fswcert make popd popd %install [ "%{buildroot}" != "/" ] && rm -rf %{buildroot} %{make} \ DESTDIR=%{buildroot} \ INC_USRLOCAL=%{_prefix} \ MANTREE=%{buildroot}%{_mandir} \ CONFDIR=%{buildroot}/%{_sysconfdir}/freeswan \ INC_RCDEFAULT=%{_initrddir} \ install install -d -m700 %{buildroot}%{_localstatedir}/run/pluto install -d %{buildroot}%{_sbindir} for i in crls cacerts private; do install -d -m700 %{buildroot}%{_sysconfdir}/freeswan/ipsec.d/$i done install -m600 %{SOURCE2} %{buildroot}%{_sysconfdir}/freeswan/ipsec.secrets install %{SOURCE3} %{_builddir}/%{name}-%{version}/ install -d %{buildroot}%{_sysconfdir}/sysconfig #install the contribs stuff install %{_builddir}/%{name}-%{version}/contrib/_updown %{buildroot}/%{ipsecdir}/_updown.virtual install %{_builddir}/%{name}-%{version}/contrib/_updown.x509 %{buildroot}/%{ipsecdir}/_updown.x509.virtual install %{_builddir}/%{name}-%{version}/contrib/fswcert/README %{_builddir}/%{name}-%{version}/README.fswcert install %{_builddir}/%{name}-%{version}/contrib/README.v* %{_builddir}/%{name}-%{version}/ install %{_builddir}/%{name}-%{version}/contrib/espinudp-check %{buildroot}/%{ipsecdir}/ strip %{_builddir}/%{name}-%{version}/contrib/ipsecrets2pem/ipsecrets2pem install %{_builddir}/%{name}-%{version}/contrib/ipsecrets2pem/ipsecrets2pem %{buildroot}/%{ipsecdir}/ install %{_builddir}/%{name}-%{version}/contrib/fswcert/fswcert %{buildroot}/%{ipsecdir}/ install %{_builddir}/%{name}-%{version}/utils/*.advroute %{buildroot}/%{ipsecdir}/ # I didn't ask to install these... %{__rm} -rf %{buildroot}/usr/local %{__rm} -rf %{buildroot}/%{_includedir} %{__rm} -rf %{buildroot}/%{_prefix}/lib/libdes.a %{__rm} -f %{buildroot}%{ipsecdir}/uml_netjig # rename the conflicting des_crypt.3.bz2 man3 page mv %{buildroot}/%{_mandir}/man3/des_crypt.3 %{buildroot}/%{_mandir}/man3/des_crypt-super-freeswan.3 %post is=%{_sysconfdir}/freeswan/ipsec.secrets; if [ ! -f $is ]; then ipsec newhostkey --output $is && chmod 400 $is; else ipsec newhostkey --output $is.rpmnew && chmod 400 $is.rpmnew; fi %_post_service ipsec %preun %_preun_service ipsec %clean [ "%{buildroot}" != "/" ] && rm -rf %{buildroot} %files %defattr(-,root,root) %doc BUGS CHANGES CHANGES.ipsec_alg CHANGES.SUPERFS CHANGES.X509 COPYING %doc CREDITS INSTALL README README.ipsec_alg README.NAT-Traversal README.fswcert %doc doc/HOWTO.ipsec_alg README.x509 README.selectors README.DPD README.virtual_ip %doc README.AdvancedRouting README.AggressiveMode %doc contrib/espinudp-check.c contrib/ipsecrets2pem %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/freeswan/ipsec.conf %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/freeswan/ipsec.secrets %attr(0700,root,root) %dir %{_sysconfdir}/freeswan/ipsec.d %attr(0700,root,root) %dir %{_sysconfdir}/freeswan/ipsec.d/crls %attr(0700,root,root) %dir %{_sysconfdir}/freeswan/ipsec.d/cacerts %attr(0700,root,root) %dir %{_sysconfdir}/freeswan/ipsec.d/private %config(noreplace) %{_initrddir}/ipsec %dir %{ipsecdir} %{ipsecdir}/* %{_sbindir}/ipsec %{_mandir}/*/* %{_localstatedir}/run/pluto %files doc %defattr(-,root,root) %doc doc/* %changelog * Wed Mar 09 2005 Nicolas Lécureuil <neoclust@zarb.org> 1.99.8-10mdk - security fix for CAN-2004-0590 (Vincent Danen <vdanen@mandrakesoft.com>) * Wed Nov 3 2004 Gwenole Beauchesne <gbeauchesne@mandrakesoft.com> 1.99.8-9mdk - fix build with gcc3.4 * Thu Apr 15 2004 Gwenole Beauchesne <gbeauchesne@mandrakesoft.com> 1.99.8-8mdk - hardcode /usr/lib/ipsec directories * Tue Jan 20 2004 Florin <florin@mandrakesoft.com> 1.99.8-7mdk - fix a typo error in the scripts * Mon Jan 19 2004 Florin <florin@mandrakesoft.com> 1.99.8-6mdk - add the LC_ALL patch to fix a NIC detection for diff locales * Fri Dec 05 2003 Florin <florin@mandrakesoft.com> 1.99.8-5mdk - use /etc/freeswan instead of /etc/super-freeswan - use the /etc/freeswan/ipsec.d/ entries * Tue Dec 02 2003 Florin <florin@mandrakesoft.com> 1.99.8-4mdk - rename the conflicting des_crypt.3 man page - strip ipsecrets2pem * Thu Nov 27 2003 Florin <florin@mandrakesoft.com> 1.99.8-3mdk - rebuild - compile fswcert aswell * Tue Nov 25 2003 Florin <florin@mandrakesoft.com> 1.99.8-2mdk - zillions of fixes * Thu Aug 28 2003 Florin <florin@mandrakesoft.com> 1.99-8.1mdk - 1.99.8 * Tue Jul 8 2003 Tuomo Soini <tis@foobar.fi> 1:1.99.8-1foo - super-freeswan-1.99.8 * Fri Jul 4 2003 Tuomo Soini <tis@foobar.fi> 1:1.99.8rc2-0foo - super-freeswan-1.99.8rc2 * Fri Jul 4 2003 Tuomo Soini <tis@foobar.fi> 1:1.99.7.3-5foo - x509patch latest * Fri Jun 27 2003 Tuomo Soini <tis@foobar.fi> 1:1.99.7.3-4foo - patch to psk problems with x509 patch - advanced routing patch v7 * Thu Jun 26 2003 Tuomo Soini <tis@foobar.fi> 1:1.99.7.3-3foo - fix for advanced routing patch * Wed Jun 25 2003 Tuomo Soini <tis@foobar.fi> 1:1.99.7.3-2foo - nat-t-06 patch * Sat Jun 7 2003 Tuomo Soini <tis@foobar.fi> 1:1.99.7.3-1foo - super-freeswan-1.99.7.3 * Wed Jun 4 2003 Tuomo Soini <tis@foobar.fi> 1:1.99.7.2-6foo - super-freeswan with latest advroute patch * Tue Jun 3 2003 Tuomo Soini <tis@foobar.fi> 1:1.99.7.2-5foo - enable policyroute by default * Tue Jun 3 2003 Tuomo Soini <tis@foobar.fi> 1:1.99.7.2-4foo - remove uml_netjig which is not necessary * Tue Jun 3 2003 Tuomo Soini <tis@foobar.fi> 1:1.99.7.2-3foo - super-freeswan-1.99.7.2-advroute-v3.patch * Mon Jun 2 2003 Tuomo Soini <tis@foobar.fi> 1:1.99.7.2-2foo - keep advroute patch in sync with sfs-2.00 patch * Sat May 31 2003 Tuomo Soini <tis@foobar.fi> 1:1.99.7.2-1foo - super-freeswan-1.99.7.2 - new advroute patch with advroute disabled by default * Fri May 30 2003 Tuomo Soini <tis@foobar.fi> 1:1.99.7.1-1foo - super-freeswan-1.99.7.1 * Thu May 29 2003 Tuomo Soini <tis@foobar.fi> 1:1.99.7-4foo - Added all files in /usr/lib/ipsec to spec-file * Wed May 21 2003 Tuomo Soini <tis@foobar.fi> 1:1.99.7-3foo - added iproute2 advancedroute patch - added fix patch for nokia and cisco * Wed May 14 2003 Tuomo Soini <tis@foobar.fi> 1:1.99.7-2foo - advanced route patch * Wed May 14 2003 Tuomo Soini <tis@foobar.fi> 1:1.99.7-1foo - super-freeswan-1.99.7 - added contrib and doc stuff * Sat Apr 26 2003 Tuomo Soini <tis@foobar.fi> 1:1.99.6.2-2foo - README.X509 has changed to README.x509 in distribution * Fri Apr 25 2003 Tuomo Soini <tis@foobar.fi> 1:1.99.6.2-1foo - super-freeswan-1.99.6.2 * Thu Apr 17 2003 Tuomo Soini <tis@foobar.fi> 1:1.99.6.1-4foo - fixed remote rpm update - added epoch to make 1.99.6.1 install over 1.99_kb versions * Thu Apr 10 2003 Tuomo Soini <tis@foobar.fi> 1.99.6.1-3foo - snatgwoepatch * Tue Apr 8 2003 Tuomo Soini <tis@foobar.fi> 1.99.6.1-2foo - changed required to klips only - Added kernel-version to patch creation * Sun Mar 30 2003 Tuomo Soini <tis@foobar.fi> 1.99.6.1-1foo - super-freeswan-1.99.6.1 - changed over-restrictive ipsec.conf mode * Sat Mar 22 2003 Tuomo Soini <tis@foobar.fi> 1.99.6-1foo - super-freeswan-1.99.6 * Wed Mar 12 2003 Tuomo Soini <tis@foobar.fi> 1.99.6rc3-2foo - added README.AgressiveMode to docs * Mon Mar 10 2003 Tuomo Soini <tis@foobar.fi> 1.99.6rc3-1foo - super-freeswan-1.99.6rc3 * Fri Mar 7 2003 Tuomo Soini <tis@foobar.fi> 1.99_kb2c-2foo - fix for doc problem * Wed Mar 5 2003 Tuomo Soini <tis@foobar.fi> 1.99.5.1-1foo - super-freeswan-1.99.5.1 * Sat Feb 22 2003 Tuomo Soini <tis@foobar.fi> 1.99.5-2foo - fix for x.509 problem * Sat Feb 22 2003 Tuomo Soini <tis@foobar.fi> 1.99.5-1foo - super-freeswan-1.99.5 * Sun Feb 2 2003 Tuomo Soini <tis@foobar.fi> 1.99_kb4-1foo - super-freeswan-1.99_kb4 * Sun Jan 26 2003 Tuomo Soini <tis@foobar.fi> 1.99_kb2c-1foo - super-freeswan-1.99_kb2c * Tue Jan 14 2003 Tuomo Soini <tis@foobar.fi> 1.99_kb2b-1foo - super-freeswan-1.99_kb2b * Fri Jan 10 2003 Tuomo Soini <tis@foobar.fi> 1.99_kb3-1foo - super-freeswan-1.99_kb3 * Thu Jan 9 2003 Tuomo Soini <tis@foobar.fi> 1.99_kb3rc8-1foo - super-freeswan-1.99_kb3rc8 * Tue Jan 7 2003 Tuomo Soini <tis@foobar.fi> 1.99_kb2-6foo - nat-t-0.5a patch * Sun Jan 5 2003 Tuomo Soini <tis@foobar.fi> 1.99_kb2-5foo - Added experimental patch for nat-t-ike-03 problem * Fri Jan 3 2003 Tuomo Soini <tis@foobar.fi> 1.99_kb2-4foo - upgraded nat-t patch from 0.4 to 0.5 * Fri Dec 27 2002 Tuomo Soini <tis@foobar.fi> 1.99_kb2-3foo - added policyrouting _updown script - added README.virtual_ip * Thu Nov 21 2002 Tuomo Soini <tis@foobar.fi> 1.99_kb2-2foo - Docs added back * Wed Nov 21 2002 Tuomo Soini <tis@foobar.fi> 1.99_kb2-1foo - require klips >= 1.99_kb1 - upgrade to super-freeswan-1.99_kb2 * Mon Nov 11 2002 Tuomo Soini <tis@foobar.fi> 1.99_kb1-2foo - added BuildReq openssl-devel * Wed Nov 06 2002 Tuomo Soini <tis@foobar.fi> 1.99_kb1-1foo - upgrade to new super-freeswan-1.99_kb1 * Mon Oct 28 2002 Tuomo Soini <tis@foobar.fi> 1.98b_kb10-2foo - remove some unnecessary files from installation ...rh8fix * Sun Oct 27 2002 Tuomo Soini <tis@foobar.fi> 1.98b_kb10-1foo - upgrade to super-freeswan-1.98b_kb10 * Fri Oct 25 2002 Tuomo Soini <tis@foobar.fi> 1.98b_kb9-1foo - regenerated iproute patches into one patch - added fixes for 1.98b_kb9 bugs - added fixes from freeswan-candpre1.99-2002oct25S - added optional gendiff to rpmbuild for patch building * Fri Oct 25 2002 Tuomo Soini <tis@foobar.fi> 1.98b_kb8-4foo - fixed iproute _updown scripts not to use next_hop * Fri Oct 25 2002 Tuomo Soini <tis@foobar.fi> 1.98b_kb8-3foo - Added nat-traversal quick fix from mlafon@arkoon.net * Fri Oct 18 2002 Tuomo Soini <tis@foobar.fi> 1.98b_kb8-2foo - Added ASSERTION FAILED patch from mlafon@arkoon.net * Wed Oct 16 2002 Tuomo Soini <tis@foobar.fi> 1.98b_kb8-1foo - Upgrade to super-freeswan-1.98b_kb8 * Sat Oct 12 2002 Tuomo Soini <tis@foobar.fi> 1.98b_kb7-1foo - Upgrade to super-freeswan-1.98b_kb7 * Fri Oct 11 2002 Tuomo Soini <tis@foobar.fi> 1.98b_kb6-2foo - Provide freeswan * Thu Oct 10 2002 Tuomo Soini <tis@foobar.fi> 1.98b_kb6-1foo - changed to super-freeswan but kept fix patches and iproute support * Tue Sep 17 2002 Tuomo Soini <tis@foobar.fi> 1.98b-8foo - Simplify package a lot - foobarize * Thu Aug 22 2002 Tuomo Soini <tis@foobar.fi> 1.98b-t7 - compile for latest rh7.3 update kernel 2.4.18-10 * Thu Jul 25 2002 Tuomo Soini <tis@foobar.fi> 1.98b-t6 - upgrade to x.509 patch 0.9.14 - fixed iproute patch to patch _updown.x509 * Sat Jul 20 2002 Tuomo Soini <tis@foobar.fi> 1.98b-t5 - upgrade to alg-0.8.0 - added ipsec "condrestart" when doing upgrade - changed to kill ipsec after netfs * Mon Jul 08 2002 Tuomo Soini <tis@foobar.fi> 1.98b-t4 - changed alg 0.8.0-rc2 to be included by default * Mon Jul 08 2002 Tuomo Soini <tis@foobar.fi> 1.98b-t3 - add alg 0.8.0_pre14 as optional patchset * Sat Jul 06 2002 Tuomo Soini <tis@foobar.fi> 1.98b-t2 - update RPM.README * Wed Jul 03 2002 Tuomo Soini <tis@foobar.fi> 1.98b-t1 - upgrade to freeswan-1.98b * Wed Jul 03 2002 Tuomo Soini <tis@foobar.fi> 1.97-t12 - iproute patch for custom updown script too - upgrade to x509 patch 0.9.13 * Mon Jun 24 2002 Tuomo Soini <tis@foobar.fi> 1.97-t11 - added Vendor * Thu Jun 20 2002 Tuomo Soini <tis@foobar.fi> 1.97-t10 - default kver and kext to latest rh kernel - upgrade to x.509 patch 0.9.12 * Fri May 24 2002 Tuomo Soini <tis@foobar.fi> 1.97-t9 - default kver and kext to latest rh kernel * Mon May 08 2002 Tuomo Soini <tis@foobar.fi> 1.97-t8 - build for rh7.3 * Mon May 06 2002 Tuomo Soini <tis@foobar.fi> 1.97-t7 - upgrade to x.509 patch 0.9.11 * Tue Apr 23 2002 Tuomo Soini <tis@foobar.fi> 1.97-t6 - default to /usr/src/linux-2.4 as kernel-source directory * Fri Apr 19 2002 Tuomo Soini <tis@foobar.fi> 1.97-t5 - don't mangle extraversion if oldconfig is used - fixed ip route del error in iproute patch * Wed Apr 17 2002 Tuomo Soini <tis@foobar.fi> 1.97-t4 - allways copy kernel-source into build dir - don't add smp to extraversion if rh config is not used and somebody gives --with smp - don't require specific kernel version to be installed if build with --with oldconfig (may be non-redhat kernel) * Wed Apr 17 2002 Tuomo Soini <tis@foobar.fi> 1.97-t3 - fixed klips module build with non-rh kernel * Tue Apr 16 2002 Tuomo Soini <tis@foobar.fi> 1.97-t2 - optional klips module build added * Mon Apr 15 2002 Tuomo Soini <tis@foobar.fi> 1.97-t1 - upgrade to freeswan-1.97 - upgrade to x.509 patch 0.9.10 * Sun Mar 10 2002 Tuomo Soini <tis@foobar.fi> 1.96-t1 - upgrade to freeswan-1.96 - upgrade to x.509 patch 0.9.9 * Thu Feb 28 2002 Tuomo Soini <tis@foobar.fi> 1.95-t6 - changed /etc/sysconfig/freeswan to /etc/sysconfig/ipsec * Wed Feb 27 2002 Tuomo Soini <tis@foobar.fi> 1.95-t5 - some fixes by Nigel Metheringham - added config-file /etc/sysconfig/freeswan for DEFAULTSOURCE address * Fri Feb 22 2002 Tuomo Soini <tis@foobar.fi> 1.95-t4 - remove gmp-devel version requirement to get package building on rh6.2 * Thu Feb 21 2002 Tuomo Soini <tis@foobar.fi> 1.95-t3 - better documentation in included ipsec.secrets - removed false openssl requirement * Thu Feb 07 2002 Tuomo Soini <tis@foobar.fi> 1.95-t2 - upgrade to x.509 patch 0.9.8 - remove fswcert tool from freeswan package * Tue Feb 05 2002 Tuomo Soini <tis@foobar.fi> 1.95-t1 - upgrade to freeswan-1.95 * Fri Feb 01 2002 Tuomo Soini <tis@foobar.fi> cand2002jan31y-t1 - upgrade to latest release-candidate * Fri Jan 25 2002 Tuomo Soini <tis@foobar.fi> 1.94-t5 - changed pckagee to add empty ipsec.secrets instead of prefilled * Sun Jan 06 2002 Tuomo Soini <tis@foobar.fi> 1.94-t4 - Fixed _updown not to log RTNETLINK message when ip route del doesn't find route to delete * Sun Jan 06 2002 Tuomo Soini <tis@foobar.fi> 1.94-t3 - Added iproute support - Added iptables support * Fri Dec 21 2001 Tuomo Soini <tis@foobar.fi> 1.94-t2 - upgrade to X 509 patch 0.9.7 * Wed Dec 12 2001 Tuomo Soini <tis@foobar.fi> 1.94-t1 - upgrade to freeswan-1.94 - upgrade to X.509 patch 0.9.6 - needed specfile changes * Sat Dec 08 2001 Tuomo Soini <tis@foobar.fi> cand2001dec6z-t1 - upgrade to release-candidate freeswan * Wed Dec 05 2001 Tuomo Soini <tis@foobar.fi> 1.93-t1 - upgrade to freeswan-1.93 - upgrade to X.509 patch 0.9.5 * Sat Dec 01 2001 Tuomo Soini <tis@foobar.fi> 1.92-t8 - upgrade to X.509 patch 0.9.5 * Mon Nov 26 2001 Tuomo Soini <tis@foobar.fi> 1.92-t7 - upgrade to X.509 patch 0.9.4 * Mon Nov 19 2001 Tuomo Soini <tis@foobar.fi> 1.92-t6 - build with X.509 support on * Mon Nov 19 2001 Tuomo Soini <tis@foobar.fi> 1.92-t5 - make X509 optional with default on * Tue Nov 13 2001 Tuomo Soini <tis@foobar.fi> 1.92-t4 - added /etc/ipsec.d and subdirs to package - added gmp to packet requirements - added DESTDIR= to build * Mon Nov 12 2001 Tuomo Soini <tis@foobar.fi> 1.92-t3 - added x509 certificate support patch - nearly rewrote whole rpm * Fri Nov 09 2001 Tuomo Soini <tis@foobar.fi> 1.92-t2 - removed one mandrake-specific rpm-script * Fri Nov 09 2001 Tuomo Soini <tis@foobar.fi> 1.92-t1 - changed to last stable release * Thu Nov 08 2001 Tuomo Soini <tis@foobar.fi> snap2001nov8b-t1 - first try to port to redhat. Removed some mandrake-specific things. # EOF