File novell-ipsec-tools.spec of Package novell-ipsec-tools

#
# spec file for package novell-ipsec-tools (Version 0.7.1)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#

# norootforbuild


Name:           novell-ipsec-tools
BuildRequires:  bison flex kernel-source openssl-devel
Version:        0.7.1
Release:        2.<RELEASE5>
License:        BSD 3-Clause
Group:          Productivity/Networking/Security
PreReq:         %insserv_prereq %fillup_prereq
AutoReqProv:    on
Summary:        IPsec Utilities with turnpike plugin enabled
Source:         ipsec-tools-%{version}.tar.bz2
Source1:        racoon.init
Source2:        sysconfig.racoon
Source3:        setkey.conf.sample
Source4:        racoon.conf.turnpike
Patch0:         %{name}_plugins-support-configure.patch
Patch1:         %{name}_plugins-support-racoon.conf.patch
Patch2:         %{name}_plugins-support-core.patch
Patch3:         %{name}_plugins-support-nortel.patch
Patch4:         %{name}_plugins-cfparse.patch
Patch5:         %{name}_CVE-2009-1632.patch
Url:            http://forge.novell.com/modules/xfmod/project/?turnpike
Prefix:         /usr
Conflicts:      ipsec-tools
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
%define _sysconfdir     /etc/racoon
%define _sharedstatedir /var/run
%define _localstatedir  /var/run
%define sysconfdir      /etc

%description
This is the patched IPsec-Tools package, that contains patches for the
plugin framework to make vendor plugins make use of these tools to
provide IPSec based solutions like VPN client.

This package is needed to make use of the IPsec functionality in the
version 2.5 and 2.6 Linux kernels. This package builds:

* libipsec, a PFKeyV2 library

* setkey, a program to directly manipulate policies and SAs

* racoon, an IKEv1 keying daemon

These sources can be found at the IPsec-Tools home page at:
http://ipsec-tools.sourceforge.net/

The source and details about the framework can be found at
http://forge.novell.com/modules/xfmod/project/?turnpike

novell-ipsec-tools is a preview package to be used along with the
Novell VPN client. This package will be merged with the main stream
ipsec-tools in future.



%package devel
License:        BSD 3-Clause
Provides:       libipsec libracoon
Requires:       novell-ipsec-tools = %{version} flex glibc-devel
Summary:        IPsec Utilities with turnpike plugin enabled
Provides:       ipsec-tools-devel
Group:          Development/Libraries/Other
AutoReqProv:    on
PreReq:         %install_info_prereq
PreReq:         %install_info_prereq %insserv_prereq  %fillup_prereq

%description devel
This is the IPsec-Tools package. This package is needed to really make
use of the IPsec functionality in the version 2.5 and 2.6 Linux
kernels. This package builds:

* libipsec, a PFKeyV2 library

* setkey, a program to directly manipulate policies and SAs

* racoon, an IKEv1 keying daemon

These sources can be found at the IPsec-Tools home page at:
http://ipsec-tools.sourceforge.net/

This package additionally contain the plugin framework to make vendor
plugins make use of these tools to provide IPSec based solutions like
VPN client.

The source and details about the framework can be found at
http://forge.novell.com/modules/xfmod/project/?turnpike



%prep
%setup -q -n ipsec-tools-%{version}
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
ln -sf acracoon.m4 acinclude.m4

%build
%{suse_update_config -f . src/racoon}
#autoreconf -fi
./bootstrap
#export CFLAGS="$RPM_OPT_FLAGS"
./configure --prefix=/usr --disable-shared \
	--with-readline=no \
	--enable-plugins-support \
	--mandir=%{_mandir} --infodir=%{_infodir} --libdir=%{_libdir} \
	--libexecdir=%{_libdir} --sysconfdir=%{_sysconfdir} \
	--sharedstatedir=%{_sharedstatedir} --localstatedir=%{_localstatedir} \
	--enable-adminport --enable-natt \
	--enable-natt-versions=00,01,02,03,rfc \
	--enable-apclient \
	--enable-dpd --enable-hybrid --enable-frag \
	--enable-security-context=no
make 

%check
make check

%install
make install DESTDIR=$RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/etc/init.d
install -m 0755 %{S:1} $RPM_BUILD_ROOT/etc/init.d/racoond
ln -sf /etc/init.d/racoond $RPM_BUILD_ROOT%{_sbindir}/rcracoond
mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
install -m 644 %{S:2} $RPM_BUILD_ROOT/var/adm/fillup-templates/
mkdir -p $RPM_BUILD_ROOT/%{_defaultdocdir}/%{name}/
cp -rv src/racoon/samples $RPM_BUILD_ROOT/%{_defaultdocdir}/%{name}/
cp -v src/setkey/sample* $RPM_BUILD_ROOT/%{_defaultdocdir}/%{name}/
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}
mkdir -p -m 0755 $RPM_BUILD_ROOT/%{_sharedstatedir}/%{name}
install -m 0600 src/racoon/samples/psk.txt $RPM_BUILD_ROOT/%{_sysconfdir}
#install -m 0644 src/racoon/samples/racoon.conf $RPM_BUILD_ROOT/{_sysconfdir}
cp -v %{S:3} $RPM_BUILD_ROOT/%{_sysconfdir}/setkey.conf
cp -v %{S:4} $RPM_BUILD_ROOT/%{_sysconfdir}/racoon.conf
cp -v %{S:4} $RPM_BUILD_ROOT/%{_defaultdocdir}/%{name}/

%post
%{fillup_and_insserv racoond}

%preun
%stop_on_removal racoond

%postun
%restart_on_update racoond
%{insserv_cleanup}

%clean

%files
%defattr(-,root,root)
%dir %{_sysconfdir}
%config(noreplace) %{_sysconfdir}/psk.txt
%config(noreplace) %{_sysconfdir}/racoon.conf
%config(noreplace) %{_sysconfdir}/setkey.conf
%config /etc/init.d/racoond
%{_sbindir}/rcracoond
%doc %{_defaultdocdir}/%{name}/
/var/adm/fillup-templates/sysconfig.racoon
%{_sbindir}/racoon
%{_sbindir}/racoonctl
%{_sbindir}/setkey
%{_sbindir}/plainrsa-gen
%dir %{_localstatedir}/racoon
%doc %{_mandir}/man*/*

%files devel
%defattr(-,root,root)
%dir %{_includedir}/plugin_frame/
%dir %{_includedir}/libipsec/
%dir %{_includedir}/racoon/
%{_includedir}/plugin_frame/*
%{_includedir}/libipsec/*
%{_includedir}/racoon/*
%{_libdir}/libipsec.a
%{_libdir}/libipsec.la
%{_libdir}/libracoon.a
%{_libdir}/libracoon.la

%changelog
* Tue Jun 16 2009 bili@suse.de
- Fix DoS attack and memory leaks(bnc#504186, CVE-2009-1632).
  - Fix a x509 signature verification memory leak.
  - Fix a memory leak in nat-t keepalive code.
  - Fix a remote crash in fragmentation code.
* Sat Nov 29 2008 bili@suse.de
- Fixing the security policy finding bug(bnc#449513).
* Sat Nov 22 2008 bili@suse.de
- Upgrade to 0.7.1.
* Wed Oct 08 2008 bili@suse.de
- Add Obsoletes in spec(bnc#430911).
* Fri May 23 2008 bili@suse.de
- Fix rpm remove error(bnc#393339).
* Thu May 15 2008 bili@suse.de
- Add the conflicts with ipsec-tools (bnc#386797).
* Tue Apr 22 2008 bili@suse.de
-  Change the debug level in racoon.conf.turnpike.(#382264)
* Wed Nov 14 2007 bili@suse.de
- To conform to LSB change the init script for racoon as
  /etc/init.d/racoond and name the convenience symlink
  /usr/sbin/rcracoond. (bugzilla #335263).
* Tue Nov 06 2007 ro@suse.de
- fix string comparison patch
- drop novell-ipsec-tools-NULL_test_fix.patch
* Fri Oct 19 2007 pth@suse.de
- Fix broken null pointer checks.
- Patch configure.ac and rebuild autotools stuff instead of patching
  configure (no_werror.patch and s390_configure_fix.patch)
- Use AC_HELP_STRING consistently.
- Use rpm definitions of pathes in .spec as much as possible instead
  of hardcoding them.
- Add AUTOMAKE_OPTIONS=foreign to Makefile.am
- Give patch a descriptive name.
* Thu Oct 18 2007 ro@suse.de
- rebase on original tarball plus recreated diff
- add fixes from ipsec-tools package:
  - fixed a segfault in GSSAPI initialization (#172196)
  - Fix a DoS in isakmp_info_recv (CVE-2007-1841, 260791)
* Sat Aug 04 2007 aj@suse.de
- Fix compiler warning.
* Fri Mar 30 2007 ro@suse.de
- added flex,bison to buildreq
* Fri Nov 17 2006 tsureshkumar@suse.de
- add hooks for ident mode
- propogate event for adminport clients when peer disconnects (ike
  delete message).
* Fri Aug 11 2006 tsureshkumar@suse.de
- fix for wildcard match when nodes match in bucket
- add hooks at ident mode also
* Sat May 20 2006 tsureshkumar@suse.de
- 64 bit fixes (macros redefined)
- added a new hook to pre-process config mode acks.
* Thu May 04 2006 tsureshukmar@novell.com
- 64 bit fixes :  #162616, #157875
- fix a segfault/invalid memory allocation in dispatch.c
- clean all sizes/ILP/binary-read-write for 64 bit m/c
- 64 bit port - make lengths to be size_t for binary data transfer.
* Tue Apr 18 2006 tsureshkumar@suse.de
- fixed comparision errors for --enable-apclient
* Wed Mar 29 2006 rvinay@suse.de
- Added Hook point function call in Main mode also .
* Thu Mar 23 2006 tsureshkumar@suse.de
- restart & stop the service when doing update/delete.
* Mon Mar 13 2006 tsureshkumar@suse.de
- modify spec file "Provides: ipsec-tools" to make ipsec-tools
  dependant packages happy (openswan).  (bugzilla #157089).
- enable natt version 03 (required for NBM)
* Thu Mar 02 2006 rvinay@suse.de
- Package resubmitted.
* Tue Feb 28 2006 rvinay@suse.de
- racoon.conf filename handling
* Sat Feb 11 2006 rvinay@suse.de
- Removed the .tar.gz file
* Sat Feb 11 2006 rvinay@suse.de
- In admin.c , assigned new racoon.conf to the lcconf object and sent SIGHUP to itself
* Thu Feb 02 2006 tsureshkumar@suse.de
- use same dh_group in racoon.conf.turnpike for all proposals
* Wed Feb 01 2006 tsureshkumar2@suse.de
- install racoon.conf.turnpike in /etc/racoon/racoon.conf & samples
- added racoon.conf.turnpike
- applied patches from ipsec-tools package
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Thu Jan 19 2006 tsureshkumar@novell.com
- add conflicts with ipsec-tools for libraries.
* Tue Jan 17 2006 tsureshkumar@novell.com
-keep away from libreadline. comments from haripriya
* Mon Jan 16 2006 spreggna@novell.com
- Remvoed all the warnings
- Fixed the openssl dir selection for X86_64 machine
- Fixed the return type for signal_handler for s390-ibm-linux machine
* Mon Jan 16 2006 tsuershkumar@novell.com
- added lib64 directory for openssl. This is for 64 bit machines.
* Fri Jan 13 2006 tsureshkumar@novell.com
- removed rm -rf $BUILD_ROOT
* Thu Jan 12 2006 spreggna@novell.com
- upgraded to 0.6.3.
* Tue Jan 10 2006 spreggna@novell.com
- static linking of libcrypto
* Thu Dec 22 2005 tsureshkumar@novell.com
- merged with other patches
* Tue Dec 13 2005 spreggna@novell.com
  * ipsec-tools.spec.in: disable installing racoon.conf as
  there is a hard fix in turnpike.
* Mon Dec 12 2005 tsureshkumar@novell.com
- setkey.conf.sample: added. sample setkey.conf.
- ipsec-tools.spec.in (make): add turnpike directory. enable admin port.
  copy setkey.conf.sample to be included into build.
- merged the patches to enable plugins with ipsec-tools
- cloned from ipsec-tools