Пакет strongswan: Specfile

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
Name: strongswan
Version: 4.2.17
Release: alt0.M50.1

Summary: StrongSWAN IPSEC implementation
License: GPLv2+
Group: System/Servers

Url: http://www.strongswan.org
Source0: %name-%version.tar.bz2
Source1: ipsec.init
Patch0: strongswan-4.2.10-alt-shreq.patch
Patch1: strongswan-4.2.14-alt-glibc29.patch
Patch2: strongswan-4.x.x_invalid_ike_state.patch
Packager: Michael Shigorin <mike@altlinux.org>

# Automatically added by buildreq on Thu Jan 08 2009
BuildRequires: flex gcc-c++ glibc-devel-static libgmp-devel libldap-devel

BuildRequires: libopensc-devel

%package -n lib%name
Summary: StrongSWAN IPSEC implementation libraries
License: GPL
Group: System/Servers

%description
FreeS/WAN is a free implementation of IPSEC & IKE for Linux.  IPSEC is
the Internet Protocol Security and uses strong cryptography to provide
both authentication and encryption services.  These services allow you
to build secure tunnels through untrusted networks.  Everything passing
through the untrusted net is encrypted by the ipsec gateway machine and
decrypted by the gateway at the other end of the tunnel.  The resulting
tunnel is a virtual private network or VPN.

This package contains the daemons and userland tools for setting up
FreeS/WAN on a freeswan enabled kernel.

%description -n lib%name
libraries for strongswan

%add_findprov_lib_path %_libdir/%name

%prep
%setup
%patch0 -p1
%patch1 -p1

%build
%autoreconf
%configure \
       --sysconfdir=%_sysconfdir/%name \
       --libdir=%_libdir/%name \
       --libexecdir=%_libdir/%name \
       --localstatedir=%_var \
       --datadir=%_datadir/%name \
       --enable-http \
       --enable-ldap \
       --enable-smartcard \
       --enable-cisco-quirks \
       --enable-nat-transport
%make_build

%install
%make_build install DESTDIR=%buildroot
install -d %buildroot%_initdir
install -m0755 %SOURCE1 %buildroot%_initdir/ipsec

%files
%doc CREDITS README
%docdir %_docdir/%name-%version
%attr(700,root,root) %dir %_sysconfdir/%name
%attr(700,root,root) %dir %_sysconfdir/%name/ipsec.d/
%attr(700,root,root) %dir %_sysconfdir/%name/ipsec.d/acerts
%attr(700,root,root) %dir %_sysconfdir/%name/ipsec.d/aacerts
%attr(700,root,root) %dir %_sysconfdir/%name/ipsec.d/ocspcerts
%attr(700,root,root) %dir %_sysconfdir/%name/ipsec.d/certs
%attr(700,root,root) %dir %_sysconfdir/%name/ipsec.d/cacerts
%attr(700,root,root) %dir %_sysconfdir/%name/ipsec.d/crls
%attr(700,root,root) %dir %_sysconfdir/%name/ipsec.d/private
%config(noreplace) %_sysconfdir/%name/strongswan.conf
%config(noreplace) %_sysconfdir/%name/ipsec.conf
%config(noreplace) %_initrddir/ipsec
%_sbindir/*
%_mandir/*/*

%files -n lib%name
%dir %_libdir/%name/ipsec
%_libdir/%name/*

%changelog
* Thu Jul 23 2009 Michael Shigorin <mike@altlinux.org> 4.2.17-alt0.M50.1
- 4.2.17 built for M50:
  + the RDN parser vulnerability discovered by Orange Labs research team
    was not completely fixed in version 4.2.16. Some more modifications
    had to be applied to the asn1_length() function.
- thanks crux@ for prompt notification

* Tue Jun 23 2009 Michael Shigorin <mike@altlinux.org> 4.2.16-alt1
- 4.2.16 fixes DoS vulnerability in the ASN.1 parser;
  thanks crux@ for notification (closes: #20527)

* Thu May 28 2009 Michael Shigorin <mike@altlinux.org> 4.2.15-alt1
- 4.2.15 fixes two DoS issues with charon
  + sending a malformed IKE_SA_INIT request leaved an incomplete state
    which caused a null pointer dereference if a subsequent
    CREATE_CHILD_SA request was sent
  + sending an IKE_AUTH request with either a missing TSi or TSr payload
    caused a null pointer derefence because the checks for TSi and TSr
    were interchanged
  + patch2 unneeded (included upstream)
- thanks crux@ for heads-up (closes: #20206)

* Wed May 13 2009 Michael Shigorin <mike@altlinux.org> 4.2.14-alt1
- 4.2.14 fixes CVE-2009-0790: DoS against dead peer detection code
- fixed FTBFS with glibc-2.9
- appled vendor patch fixing invalid IKE state issue

* Sat Jan 10 2009 Michael Shigorin <mike@altlinux.org> 4.2.10-alt3
- added a patch to avoid superfluous file dependencies

* Thu Jan 08 2009 Michael Shigorin <mike@altlinux.org> 4.2.10-alt2
- fixed ntpd comments in initscript ;-)

* Thu Jan 08 2009 Michael Shigorin <mike@altlinux.org> 4.2.10-alt1
- 4.2.10
- removed patches (builds as is)
- spec cleanup

* Wed Oct 10 2007 Grigory Milev <week@altlinux.ru> 4.1.6-alt2
- Rebuild for x86_64
- cleanup spec
- move libraries to separate package

* Mon Sep 03 2007 $inister <sinister@altlinux.ru> 4.1.6-alt1
- new version

* Tue Aug 28 2007 $inister <sinister@altlinux.ru> 4.1.5-alt1
- initial packaging
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Версия: v24.4.2
Наверх