Пакет strongswan: Specfile
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 | Name: strongswan Version: 4.2.17 Release: alt0.M50.1 Summary: StrongSWAN IPSEC implementation License: GPLv2+ Group: System/Servers Url: http://www.strongswan.org Source0: %name-%version.tar.bz2 Source1: ipsec.init Patch0: strongswan-4.2.10-alt-shreq.patch Patch1: strongswan-4.2.14-alt-glibc29.patch Patch2: strongswan-4.x.x_invalid_ike_state.patch Packager: Michael Shigorin <mike@altlinux.org> # Automatically added by buildreq on Thu Jan 08 2009 BuildRequires: flex gcc-c++ glibc-devel-static libgmp-devel libldap-devel BuildRequires: libopensc-devel %package -n lib%name Summary: StrongSWAN IPSEC implementation libraries License: GPL Group: System/Servers %description FreeS/WAN is a free implementation of IPSEC & IKE for Linux. IPSEC is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the ipsec gateway machine and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network or VPN. This package contains the daemons and userland tools for setting up FreeS/WAN on a freeswan enabled kernel. %description -n lib%name libraries for strongswan %add_findprov_lib_path %_libdir/%name %prep %setup %patch0 -p1 %patch1 -p1 %build %autoreconf %configure \ --sysconfdir=%_sysconfdir/%name \ --libdir=%_libdir/%name \ --libexecdir=%_libdir/%name \ --localstatedir=%_var \ --datadir=%_datadir/%name \ --enable-http \ --enable-ldap \ --enable-smartcard \ --enable-cisco-quirks \ --enable-nat-transport %make_build %install %make_build install DESTDIR=%buildroot install -d %buildroot%_initdir install -m0755 %SOURCE1 %buildroot%_initdir/ipsec %files %doc CREDITS README %docdir %_docdir/%name-%version %attr(700,root,root) %dir %_sysconfdir/%name %attr(700,root,root) %dir %_sysconfdir/%name/ipsec.d/ %attr(700,root,root) %dir %_sysconfdir/%name/ipsec.d/acerts %attr(700,root,root) %dir %_sysconfdir/%name/ipsec.d/aacerts %attr(700,root,root) %dir %_sysconfdir/%name/ipsec.d/ocspcerts %attr(700,root,root) %dir %_sysconfdir/%name/ipsec.d/certs %attr(700,root,root) %dir %_sysconfdir/%name/ipsec.d/cacerts %attr(700,root,root) %dir %_sysconfdir/%name/ipsec.d/crls %attr(700,root,root) %dir %_sysconfdir/%name/ipsec.d/private %config(noreplace) %_sysconfdir/%name/strongswan.conf %config(noreplace) %_sysconfdir/%name/ipsec.conf %config(noreplace) %_initrddir/ipsec %_sbindir/* %_mandir/*/* %files -n lib%name %dir %_libdir/%name/ipsec %_libdir/%name/* %changelog * Thu Jul 23 2009 Michael Shigorin <mike@altlinux.org> 4.2.17-alt0.M50.1 - 4.2.17 built for M50: + the RDN parser vulnerability discovered by Orange Labs research team was not completely fixed in version 4.2.16. Some more modifications had to be applied to the asn1_length() function. - thanks crux@ for prompt notification * Tue Jun 23 2009 Michael Shigorin <mike@altlinux.org> 4.2.16-alt1 - 4.2.16 fixes DoS vulnerability in the ASN.1 parser; thanks crux@ for notification (closes: #20527) * Thu May 28 2009 Michael Shigorin <mike@altlinux.org> 4.2.15-alt1 - 4.2.15 fixes two DoS issues with charon + sending a malformed IKE_SA_INIT request leaved an incomplete state which caused a null pointer dereference if a subsequent CREATE_CHILD_SA request was sent + sending an IKE_AUTH request with either a missing TSi or TSr payload caused a null pointer derefence because the checks for TSi and TSr were interchanged + patch2 unneeded (included upstream) - thanks crux@ for heads-up (closes: #20206) * Wed May 13 2009 Michael Shigorin <mike@altlinux.org> 4.2.14-alt1 - 4.2.14 fixes CVE-2009-0790: DoS against dead peer detection code - fixed FTBFS with glibc-2.9 - appled vendor patch fixing invalid IKE state issue * Sat Jan 10 2009 Michael Shigorin <mike@altlinux.org> 4.2.10-alt3 - added a patch to avoid superfluous file dependencies * Thu Jan 08 2009 Michael Shigorin <mike@altlinux.org> 4.2.10-alt2 - fixed ntpd comments in initscript ;-) * Thu Jan 08 2009 Michael Shigorin <mike@altlinux.org> 4.2.10-alt1 - 4.2.10 - removed patches (builds as is) - spec cleanup * Wed Oct 10 2007 Grigory Milev <week@altlinux.ru> 4.1.6-alt2 - Rebuild for x86_64 - cleanup spec - move libraries to separate package * Mon Sep 03 2007 $inister <sinister@altlinux.ru> 4.1.6-alt1 - new version * Tue Aug 28 2007 $inister <sinister@altlinux.ru> 4.1.5-alt1 - initial packaging |