Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
DISCONTINUED:openSUSE:11.1:Update
ipsec-tools
ipsec-tools.spec
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ipsec-tools.spec of Package ipsec-tools
# # spec file for package ipsec-tools (Version 0.7.1) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild Name: ipsec-tools BuildRequires: bison flex kernel-source krb5-devel openssl-devel pam pam-devel readline-devel Version: 0.7.1 Release: 10.<RELEASE49> License: BSD 3-Clause Group: Productivity/Networking/Security Provides: racoon PreReq: %insserv_prereq %fillup_prereq AutoReqProv: on Summary: IPsec Utilities Source: http://prdownloads.sourceforge.net/ipsec-tools/ipsec-tools-%{version}.tar.bz2 Patch0: no_werror.patch Patch1: fix-ph1-leak.patch Patch3: racoon.conf_macros.patch Patch4: fix_leak_in_crypto_openssl.c.diff Patch5: fix_leak_in_nattraversal.c.diff Patch6: fix_null_dereference_in_isakmp_frag.c.diff Patch7: fix_sockaddr_overflow_in_ipsec_doi.c.diff Source1: racoon.init Source2: sysconfig.racoon Source3: setkey.conf.sample Url: http://ipsec-tools.sourceforge.net/ Prefix: /usr BuildRoot: %{_tmppath}/%{name}-%{version}-build %description This is the IPsec-Tools package. This package is needed to really make use of the IPsec functionality in the version 2.5 and 2.6 Linux kernels. This package builds: - libipsec, a PFKeyV2 library - setkey, a program to directly manipulate policies and SAs - racoon, an IKEv1 keying daemon These sources can be found at the IPsec-Tools home page at: http://ipsec-tools.sourceforge.net/ Authors: -------- Derek Atkins <derek@ihtfp.com> Michal Ludvig <michal@logix.cz> Emmanuel Dreyfus <manu@netbsd.org> Yvan Vanhullebus <vanhu@free.fr> %prep %setup %patch0 -p1 %patch1 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 %build %{suse_update_config -f . src/racoon} export PATH=$PATH:/usr/lib/mit/bin CFLAGS="$RPM_OPT_FLAGS" \ ./configure --prefix=/usr --disable-shared \ --mandir=%{_mandir} --infodir=%{_infodir} --libdir=%{_libdir} \ --libexecdir=%{_libdir} --sysconfdir=/etc/racoon \ --sharedstatedir=/var/run --localstatedir=/var/run \ --enable-dpd --enable-hybrid --enable-frag \ --enable-natt=yes --enable-gssapi=yes --enable-stats=yes \ --enable-adminport --with-libpam --enable-security-context=no make make check %install rm -rf $RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT rm $RPM_BUILD_ROOT/usr/include/racoon/admin.h \ $RPM_BUILD_ROOT/usr/include/racoon/evt.h \ $RPM_BUILD_ROOT/usr/include/racoon/gcmalloc.h \ $RPM_BUILD_ROOT/usr/include/racoon/ipsec_doi.h \ $RPM_BUILD_ROOT/usr/include/racoon/isakmp.h \ $RPM_BUILD_ROOT/usr/include/racoon/isakmp_cfg.h \ $RPM_BUILD_ROOT/usr/include/racoon/isakmp_unity.h \ $RPM_BUILD_ROOT/usr/include/racoon/isakmp_var.h \ $RPM_BUILD_ROOT/usr/include/racoon/isakmp_xauth.h \ $RPM_BUILD_ROOT/usr/include/racoon/misc.h \ $RPM_BUILD_ROOT/usr/include/racoon/racoonctl.h \ $RPM_BUILD_ROOT/usr/include/racoon/schedule.h \ $RPM_BUILD_ROOT/usr/include/racoon/sockmisc.h \ $RPM_BUILD_ROOT/usr/include/racoon/var.h \ $RPM_BUILD_ROOT/usr/include/racoon/vmbuf.h \ $RPM_BUILD_ROOT/usr/%{_lib}/libracoon.a \ $RPM_BUILD_ROOT/usr/%{_lib}/libracoon.la mkdir -p $RPM_BUILD_ROOT/etc/init.d install -m 0755 $RPM_SOURCE_DIR/racoon.init $RPM_BUILD_ROOT/etc/init.d/racoon ln -sf /etc/init.d/racoon $RPM_BUILD_ROOT/usr/sbin/rcracoon mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates install -m 644 $RPM_SOURCE_DIR/sysconfig.racoon $RPM_BUILD_ROOT/var/adm/fillup-templates/ mkdir -p $RPM_BUILD_ROOT/usr/share/doc/packages/%{name}/ cp -rv src/racoon/samples $RPM_BUILD_ROOT/usr/share/doc/packages/%{name}/ cp -v src/setkey/sample* $RPM_BUILD_ROOT/usr/share/doc/packages/%{name}/ mkdir -p $RPM_BUILD_ROOT/etc/racoon install -m 0600 src/racoon/samples/psk.txt $RPM_BUILD_ROOT/etc/racoon/ install -m 0644 src/racoon/samples/racoon.conf $RPM_BUILD_ROOT/etc/racoon/ cp -v $RPM_SOURCE_DIR/setkey.conf.sample $RPM_BUILD_ROOT/etc/racoon/setkey.conf touch $RPM_BUILD_ROOT/var/run/racoon/racoon.sock %post %{fillup_and_insserv racoon} %postun %{insserv_cleanup} %clean if test ! -z "$RPM_BUILD_ROOT" -a "$RPM_BUILD_ROOT" != "/"; then rm -rf $RPM_BUILD_ROOT fi %files %defattr(-,root,root) %dir /etc/racoon %config(noreplace) /etc/racoon/psk.txt %config(noreplace) /etc/racoon/racoon.conf %config(noreplace) /etc/racoon/setkey.conf %config /etc/init.d/racoon /usr/sbin/rcracoon %dir /usr/include/libipsec/ %doc /usr/share/doc/packages/%{name}/ /var/adm/fillup-templates/sysconfig.racoon /usr/include/libipsec/libpfkey.h /usr/%{_lib}/libipsec.a /usr/%{_lib}/libipsec.la /usr/sbin/racoon /usr/sbin/racoonctl /usr/sbin/setkey /usr/sbin/plainrsa-gen /var/run/racoon %ghost /var/run/racoon/racoon.sock %{_mandir}/man*/* %changelog * Thu Jun 11 2009 jbohac@suse.cz - fix_leak_in_crypto_openssl.c.diff (bnc#504186) - fix_leak_in_nattraversal.c.diff (bnc#504186) - fix_null_dereference_in_isakmp_frag.c.diff (bnc#498859, CVE-2009-1574) - fix_sockaddr_overflow_in_ipsec_doi.c.diff (bnc#506710) * Tue Sep 23 2008 jbohac@suse.cz - fixed a memory leak in PH1 (bnc#416906, CVE-2008-3652) * Thu Aug 14 2008 jbohac@suse.cz - Upgrade to 0.7.1 o Fixes a memory leak when invalid proposal received o Some fixes in DPD o do not set default gss id if xauth is used o fixed hybrid enabled builds o fixed compilation on FreeBSD8 o cleanup in network port value manipulation o gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in purge_ipsec_spi() o Generates a log if cert validation has been disabled by configuration o better handling for pfkey socket read errors o Fixes in yacc / bison stuff o new plog() macro (reduced CPU usage when logging is disabled) o Try to works better with huge SPD/SAD o Corrected modecfg option syntax o Many other various fixes... * Wed Nov 07 2007 jbohac@suse.cz - Upgrade to 0.7 * Thu Apr 12 2007 jbohac@jikos.cz - Fix a DoS in isakmp_info_recv (CVE-2007-1841, 260791) * Thu Mar 29 2007 aj@suse.de - Add flex and bison to BuildRequires. * Thu May 04 2006 jbohac@suse.cz - fixed a segfault in GSSAPI initialization (#172196) - the /var/run/racoon directory was missing from the package which prevented racoon from starting (#170552) - fixed - fixed unexpanded macros in racoon.conf (#170552) * Tue Mar 21 2006 jbohac@suse.cz - upgrade to 0.6.5 (bugfix release) - Fixed zombie PH1 handler when isakmp_send() fails in isakmp_ph1resend() - Temporary fix for /32 subnets parsing. - make software behave as the documentation advertise for INTERNAL_NETMASK4. Keep the old INTERNAL_MASK4 to avoid breaking backward compatibility. - Fixed / cleaned up signal handling. - added --with-libpam and --enable-adminport (#159647) * Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires * Tue Dec 13 2005 jbohac@suse.cz - fixed build * Tue Dec 13 2005 jbohac@suse.cz - upgrade to 0.6.4 - added krb5 support ( --enable-gssapi) - added statistics logging support ( --enable-stats) * Wed Nov 23 2005 jbohac@suse.cz - upgrade to 0.6.3 - fixes #134834 and an openssl incompatibility issue * Tue Nov 08 2005 jbohac@suse.cz - fixed build for s390 * Thu Oct 20 2005 jbohac@suse.cz - upgraded to version 0.6.2 - enabled NAT-T - fixed build with current openssl * Wed Aug 31 2005 jbohac@suse.cz - fixed permissions for /etc/racoon/psk.txt (bug #114383) * Tue Aug 23 2005 jbohac@suse.cz - upgrade to version 0.6.1 * Wed Aug 03 2005 jbohac@suse.cz - fixed build on beta (disabled -Werror again) * Tue Aug 02 2005 cthiel@suse.de - fixed build * Tue Aug 02 2005 jbohac@suse.cz - upgrade to version 0.6 * Thu May 05 2005 jbohac@suse.cz - upgrade to version 0.5.2 - disabled -Werror, because bison-generated code would not compile * Wed Apr 13 2005 jbohac@suse.cz - upgrade to version 0.5.1 - fixed compilation warning/errors regarding char/int signedness * Wed Apr 13 2005 jbohac@suse.cz - upgrade to version 0.5.1 - fixed compilation warning/errors regarding char/int signedness * Wed Mar 16 2005 jbohac@suse.cz The patch in the previous release was not applied correctly; fixed. * Tue Mar 15 2005 jbohac@suse.cz - security fix - insecure header parsing (Bug ID: 64726) * Sat Feb 19 2005 lmuelle@suse.de - Update to version 0.5. * Wed Jan 05 2005 jbohac@suse.cz - update to ipsec-tools-0.5-rc1 * Thu Nov 18 2004 mludvig@suse.cz - Update to version 0.4 * Tue Sep 14 2004 ro@suse.de - undef __P first to make it build * Tue Aug 10 2004 mludvig@suse.cz - Update to 0.4rc1 * Tue Jun 15 2004 mludvig@suse.cz - Update to 0.3.3 to fix a X.509 cert verification security bug. (http://marc.theaimsgroup.com/?l=bugtraq&m=108726102304507&w=2) * Mon May 17 2004 mludvig@suse.cz - Fixed comment in racoon.conf (#40576) * Wed Apr 21 2004 mludvig@suse.cz - Update to 0.3.1 to fix CAN-2004-0403 * Thu Apr 15 2004 mludvig@suse.cz - Update to final 0.3. We had all patches in the package anyway... * Thu Apr 08 2004 mludvig@suse.cz - Fixed setkey to support multiline commands in interactive mode. - Added 'exit' command to setkey. The two changes fix TAHI/ipsec tests. - Emit messages about Keep-Alive packets with DEBUG severity instead of INFO. With INFO it only polutes syslog every 20s. * Mon Apr 05 2004 mludvig@suse.cz - Fixed X.509 security bug (#38373) * Thu Apr 01 2004 mludvig@suse.cz - Report received SADB_X_NAT_T_NEW_MAPPING message. - Avoid segfault with unknown PF_KEY messages. - Move encmode update out of the loop. NAT-T now works even with more than one proposal. * Tue Mar 30 2004 mludvig@suse.cz - Rewritten the testsuite to avoid failures on 32b platforms. * Fri Mar 26 2004 mludvig@suse.cz - Handle input lines one by one in interactive mode (preventing premature exit on syntax error). * Thu Mar 25 2004 mludvig@suse.cz - Update to 0.3rc4: - Fixed adding "null" encryption via 'setkey'. - Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7 - Fixed NAT-T in aggresive mode. - Fixed testsuite and added testsuite run into make check. * Tue Mar 23 2004 mludvig@suse.cz - Fix segfault with AES. - Enable testsuite. * Mon Mar 22 2004 mludvig@suse.cz - Fix "null" encryption setup in setkey. * Fri Mar 19 2004 mludvig@suse.cz - Fix duplicate ipsec service (#36575) - Update to 0.3rc3 * Thu Mar 11 2004 mludvig@suse.cz - Update to 0.3rc2 * Mon Mar 08 2004 mludvig@suse.cz - Add sysconfig and init.d files. * Fri Mar 05 2004 mludvig@suse.cz - Include samples config files in the RPM. * Thu Mar 04 2004 mludvig@suse.cz - update to 0.3rc1 * Tue Feb 03 2004 mludvig@suse.cz - Update to 0.2.4 * Mon Jan 26 2004 ro@suse.de - updated neededforbuild "kernel-source-26" -> "kernel-source" * Thu Jan 15 2004 mludvig@suse.cz - update to ipsec-tools-0.2.3 * Sat Jan 10 2004 adrian@suse.de - remove obsolete %%run_ldconfig * Tue Dec 23 2003 mludvig@suse.cz - Recognize IPSEC_DIR_FWD when dumping SPD. * Fri Dec 19 2003 mludvig@suse.cz - Added many fixes gathered from the mailing list. - Added support for specifying SA lifebytes. * Wed Dec 17 2003 garloff@suse.de - Package ipsec-tools 0.2.2.
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor