%define LIBMAJ 0 %define libname %mklibname ipsec %LIBMAJ %define libnamedev %{libname}-devel Name: ipsec-tools Version: 0.6.6 %define subrel 2 Release: %mkrel 2 Summary: Tools for configuring and using IPSEC License: BSD Group: Networking/Other URL: http://ipsec-tools.sourceforge.net/ Source: http://prdownloads.sourceforge.net/ipsec-tools/ipsec-tools-%{version}.tar.bz2 Source3: racoon.conf Source4: psk.txt Source6: ipsec-setkey-initscript Source7: racoon-initscript Source8: racoon.sysconfig Patch0: ipsec-tools-0.6.2b2-x86_64.patch Patch1: ipsec-tools-0.6.2b3-manfix.patch Patch2: ipsec-tools-0.5.2-includes.patch Patch3: ipsec-tools-0.6.6-gcc-misc.patch Patch4: ipsec-tools-0.6.6-CVE-2007-1841.patch Patch5: ipsec-tools-0.6.6-CVE-2008-3651_3652.patch BuildRequires: openssl-devel krb5-devel flex bison BuildRequires: libpam-devel BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root Requires: %{libname} = %{version} Requires(pre): rpm-helper Requires: rpm-helper Provides: kvpnc-backend %description This is the IPsec-Tools package. You need this package in order to really use the IPsec functionality in the linux-2.6 and above kernels. This package builds: - libipsec, a PFKeyV2 library - setkey, a program to directly manipulate policies and SAs - racoon, an IKEv1 keying daemon %define old_libname %mklibname ipsec-tools 0 %package -n %{libname} Summary: The shared libraries used by ipsec-tools Group: System/Libraries Requires(post): grep, sh-utils Requires(preun): grep, sh-utils Requires: grep, sh-utils Provides: libipsec = %{version}-%{release} Provides: libipsec-tools = %{version}-%{release} Obsoletes: libipsec-tools Provides: %old_libname = %{version}-%{release} Obsoletes: %old_libname %description -n %{libname} These are the shared libraries for the IPsec-Tools package. %package -n %{libnamedev} Summary: Headers for programs for %libname Group: Development/C Requires: %{libname} = %{version} Provides: libipsec-tools-devel = %{version}-%{release} Provides: libipsec-devel = %{version}-%{release} Obsoletes: libipsec-tools-devel Provides: %{old_libname}-devel = %{version}-%{release} Obsoletes: %{old_libname}-devel %description -n %{libnamedev} These are development headers for libipsec %prep %setup -q %patch0 -p1 -b .x86_64 %patch1 -p1 -b .manfix %patch2 -p1 -b .includes %patch3 -p1 -b .gcc41 %patch4 -p0 -b .cve-2007-1841 %patch5 -p1 -b .cve-2008-3651_3652 %build ./configure \ --prefix=%{_prefix} \ --mandir=%{_mandir} \ --libdir=/%{_lib} \ --sbindir=/sbin \ --localstatedir=%{_localstatedir} \ --sysconfdir=%{_sysconfdir}/racoon \ --with-kernel-headers=%{_includedir} \ --enable-shared \ --disable-rpath \ --enable-hybrid \ --enable-frag \ --enable-dpd \ --enable-adminport \ --enable-gssapi \ --enable-natt \ --with-libpam # removed: 0.6.1 says it's not supported in linux # --enable-samode-unspec make %install rm -rf $RPM_BUILD_ROOT %makeinstall_std mkdir -p $RPM_BUILD_ROOT/etc/racoon/ install -m 0600 %{SOURCE3} $RPM_BUILD_ROOT/etc/racoon/racoon.conf install -m 0600 %{SOURCE4} $RPM_BUILD_ROOT/etc/racoon/psk.txt mkdir -m 0700 -p $RPM_BUILD_ROOT/etc/racoon/certs mkdir -p $RPM_BUILD_ROOT/%{_initrddir} install -m 0755 %{SOURCE6} $RPM_BUILD_ROOT/%{_initrddir}/ipsec-setkey install -m 0755 %{SOURCE7} $RPM_BUILD_ROOT/%{_initrddir}/racoon mkdir -p %{buildroot}%{_sysconfdir}/sysconfig # racoon.sysconfig install -m 0644 %{SOURCE8} %{buildroot}%{_sysconfdir}/sysconfig/racoon # pam file mkdir -p %{buildroot}%{_sysconfdir}/pam.d cat > %{buildroot}%{_sysconfdir}/pam.d/racoon <<EOF #%PAM-1.0 auth required pam_nologin.so %if %mdkversion < 200700 auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth %else auth include system-auth account include system-auth %endif EOF # default ipsec.conf file cat > %{buildroot}%{_sysconfdir}/ipsec.conf <<EOF #!/usr/sbin/setkey -f # # File /etc/ipsec.conf # delete the SAD and SPD flush; spdflush; # Define here your security policies # Example # ipsec between two machines: 192.168.1.10 and 192.168.1.20 # # spdadd 192.168.1.10 192.168.1.20 any -P in ipsec # esp/transport//require # ah/transport//require; # # spdadd 192.168.1.20 192.168.1.10 any -P out ipsec # esp/transport//require # ah/transport//require; EOF # remove some files from the sample dir so we can include it # in %%doc. Also fix their permissions rm -f src/racoon/samples/*.in find src/racoon/samples -type f -exec chmod 0644 {} \; %clean rm -rf $RPM_BUILD_ROOT %post %_post_service ipsec-setkey %_post_service racoon %preun %_preun_service ipsec-setkey %_preun_service racoon %post -n %{libname} -p /sbin/ldconfig %postun -n %{libname} -p /sbin/ldconfig %files %defattr(-,root,root) %doc ChangeLog NEWS README %doc src/racoon/samples %doc src/racoon/doc/* /sbin/* %{_mandir}/man*/* %dir %{_sysconfdir}/racoon %dir %{_sysconfdir}/racoon/certs %config(noreplace) %{_sysconfdir}/sysconfig/racoon %config(noreplace) %{_sysconfdir}/racoon/psk.txt %config(noreplace) %{_sysconfdir}/racoon/racoon.conf %config(noreplace) %attr(0600,root,root) %{_sysconfdir}/ipsec.conf %config(noreplace) %{_sysconfdir}/pam.d/racoon %attr (0755,root,root) %{_initrddir}/ipsec-setkey %attr (0755,root,root) %{_initrddir}/racoon %dir /var/lib/racoon %files -n %{libname} %defattr(-,root,root) %doc ChangeLog NEWS README /%{_lib}/*.so.* %files -n %{libnamedev} %defattr(-,root,root) /%{_lib}/libipsec.la /%{_lib}/libipsec.a /%{_lib}/libipsec.so /%{_lib}/libracoon.la /%{_lib}/libracoon.a /%{_lib}/libracoon.so %{_includedir}/* %changelog * Fri Apr 13 2007 Vincent Danen <vdanen@mandriva.com> - P5: security fix for CVE-2008-3651 and CVE-2008-3652 * Fri Apr 13 2007 Vincent Danen <vdanen@mandriva.com> - P4: security fix for CVE-2007-1841 * Wed Sep 13 2006 Andreas Hasenack <andreas@mandriva.com> + 2006-09-13 21:02:42 (61328) - added PAM configuration file (PAM auth tested) * Wed Sep 13 2006 Andreas Hasenack <andreas@mandriva.com> + 2006-09-13 18:00:24 (61275) - added buildrequires for libpam-devel due to new pam support * Wed Sep 13 2006 Andreas Hasenack <andreas@mandriva.com> + 2006-09-13 17:56:17 (61274) - using mkrel - enabled pam support * Wed Sep 13 2006 Andreas Hasenack <andreas@mandriva.com> + 2006-09-13 15:08:47 (61234) - added support for parallel initscripts * Wed Sep 06 2006 Andreas Hasenack <andreas@mandriva.com> + 2006-09-06 14:51:25 (60275) - bunzipped patches and some source files - updated to version 0.6.6 - added gcc patch - don't run auto-tools, it's introducing a build error * Tue Sep 05 2006 Andreas Hasenack <andreas@mandriva.com> + 2006-09-05 23:19:11 (60179) - Import ipsec-tools * Sun Feb 05 2006 Andreas Hasenack <andreas@mandriva.com> 0.6.5-1mdk - updated to version 0.6.5 * Wed Jan 25 2006 Andreas Hasenack <andreas@mandriva.com> 0.6.4-1mdk - updated to version 0.6.4 - removed openssl0.9.8 patch, not needed anymore * Sun Nov 13 2005 Oden Eriksson <oeriksson@mandriva.com> 0.6.2b3-2mdk - added P3 from fedora to make it build against openssl-0.9.8a * Tue Oct 04 2005 Andreas Hasenack <andreas@mandriva.com> 0.6.2b3-1mdk - updated to version 0.6.2b3 - removed signwarn patch, already applied - removed warning patch, no longer needed - redid x86_64 patch - redid manfix patch - removed --enable-samode-unspec ./configure option, it's said to not work with linux - added "remote anonymous" section to default racoon.conf, taken from sample file in the documentation directory - added libracoon to file list in devel package * Wed Sep 7 2005 Gwenole Beauchesne <gbeauchesne@mandriva.com> 0.5.2-5mdk - don't forcibly redefine bcopy() & bzero() * Tue Jun 28 2005 Andreas Hasenack <andreas@mandriva.com> 0.5.2-4mdk - added a sample ipsec.conf file - use proper exit codes in the ipsec-setkey and racoon initscripts - only load ipv6 ipsec related modules if NETWORKING_IPV6=yes (ipsec-setkey init script) - added more documentation to %%doc - removed reload option from the racoon initscript since it's not supported anyway (was equal to restart) * Wed Jun 22 2005 Andreas Hasenack <andreas@mandriva.com> 0.5.2-3mdk - more fixes for paths in the manpage * Mon Jun 13 2005 Andreas Hasenack <andreas@mandriva.com> 0.5.2-2mdk - fix patch referenced in manpage * Mon Jun 13 2005 Andreas Hasenack <andreas@mandriva.com> 0.5.2-1mdk - updated to version 0.5.2 - using /etc/racoon for sysconfdir directory (fixes #16234) - added patch to fix a signedess warning with gcc4 - included missing /var/lib/racoon directory, fixing #16409 (why isn't rpm warning about this directory which wasn't being packaged?) - added a sysconfig file so that the admin can give racoon some command line arguments if needed * Tue May 03 2005 Couriousous <couriousous@mandriva.org> 0.5.1-2mdk - Fix x86_64 build * Sat Apr 30 2005 Couriousous <couriousous@mandriva.org> 0.5.1-1mdk - 0.5.1 - Enable more features - Patch to fix gssapi warning * Fri Mar 25 2005 Couriousous <couriousous@mandrake.org> 0.5-4mdk - Security fix (CAN-2005-0398) * Thu Mar 03 2005 Couriousous <couriousous@mandrake.org> 0.5-3mdk - Fix conflict with openswan ( #14133 ) * Wed Feb 23 2005 Christiaan Welvaart <cjw@daneel.dyndns.org> 0.5-2mdk - add BuildRequires: bison * Sat Feb 19 2005 Couriousous <couriousous@mandrake.org> 0.5-1mdk - 0.5 - Change library name libipsec-tools to libipsec * Sun Dec 26 2004 Couriousous <couriousous@mandrake.org> 0.4-2mdk - Add Provide kvpnc-backend * Mon Sep 22 2004 Couriousous <couriousous@sceen.net> 0.4-1mdk - 0.4 - Add startup scripts - Enable -devel package * Thu Jul 15 2004 Christiaan Welvaart <cjw@daneel.dyndns.org> 0.2.5-2mdk - add BuildRequires: flex * Thu Apr 08 2004 Florin <florin@mandrakesoft.com> 0.2.5-1mdk - 0.2.5 (security update) - /sbin now contains the binaries and not %{_sbindir} anymore * Wed Jan 21 2004 Florin <florin@mandrakesoft.com> 0.2.3-1mdk - first mandrake release