diff options
author | Alin Năstac <mrness@gentoo.org> | 2009-06-28 09:45:59 +0000 |
---|---|---|
committer | Alin Năstac <mrness@gentoo.org> | 2009-06-28 09:45:59 +0000 |
commit | 50f3699b7d4526faa51b0d1b355686218e6b0c0f (patch) | |
tree | 1ce1f47224bc80af88b46b7fe4b4b690c4ef4c06 /net-misc/openswan | |
parent | Bump to 1.14, fixes #272747 (diff) | |
download | gentoo-2-50f3699b7d4526faa51b0d1b355686218e6b0c0f.tar.gz gentoo-2-50f3699b7d4526faa51b0d1b355686218e6b0c0f.tar.bz2 gentoo-2-50f3699b7d4526faa51b0d1b355686218e6b0c0f.zip |
Version bump wrt security bug #275233. Fix sed error (#275448).
(Portage version: 2.1.6.13/cvs/Linux x86_64)
Diffstat (limited to 'net-misc/openswan')
-rw-r--r-- | net-misc/openswan/ChangeLog | 10 | ||||
-rw-r--r-- | net-misc/openswan/files/openswan-2.4.15-deprecated-ldap.patch | 11 | ||||
-rw-r--r-- | net-misc/openswan/files/openswan-2.4.15-gentoo.patch | 175 | ||||
-rw-r--r-- | net-misc/openswan/openswan-2.4.15.ebuild | 125 | ||||
-rw-r--r-- | net-misc/openswan/openswan-2.6.22.ebuild | 4 |
5 files changed, 322 insertions, 3 deletions
diff --git a/net-misc/openswan/ChangeLog b/net-misc/openswan/ChangeLog index cde3c7b734d4..4f1d37886680 100644 --- a/net-misc/openswan/ChangeLog +++ b/net-misc/openswan/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for net-misc/openswan # Copyright 2002-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/ChangeLog,v 1.64 2009/06/24 17:18:36 mrness Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/ChangeLog,v 1.65 2009/06/28 09:45:59 mrness Exp $ + +*openswan-2.4.15 (28 Jun 2009) + + 28 Jun 2009; Alin Năstac <mrness@gentoo.org> + +files/openswan-2.4.15-deprecated-ldap.patch, + +files/openswan-2.4.15-gentoo.patch, +openswan-2.4.15.ebuild, + openswan-2.6.22.ebuild: + Version bump wrt security bug #275233. Fix sed error (#275448). *openswan-2.6.22 (24 Jun 2009) diff --git a/net-misc/openswan/files/openswan-2.4.15-deprecated-ldap.patch b/net-misc/openswan/files/openswan-2.4.15-deprecated-ldap.patch new file mode 100644 index 000000000000..33c70e83a30a --- /dev/null +++ b/net-misc/openswan/files/openswan-2.4.15-deprecated-ldap.patch @@ -0,0 +1,11 @@ +diff -Nru openswan-2.4.15.orig/programs/pluto/fetch.c openswan-2.4.15/programs/pluto/fetch.c +--- openswan-2.4.15.orig/programs/pluto/fetch.c 2004-06-14 04:01:32.000000000 +0200 ++++ openswan-2.4.15/programs/pluto/fetch.c 2009-06-28 11:24:17.000000000 +0200 +@@ -28,6 +28,7 @@ + #include <openswan.h> + + #ifdef LDAP_VER ++#define LDAP_DEPRECATED 1 + #include <ldap.h> + #endif + diff --git a/net-misc/openswan/files/openswan-2.4.15-gentoo.patch b/net-misc/openswan/files/openswan-2.4.15-gentoo.patch new file mode 100644 index 000000000000..35ccb2f24a0c --- /dev/null +++ b/net-misc/openswan/files/openswan-2.4.15-gentoo.patch @@ -0,0 +1,175 @@ +diff -Nru openswan-2.4.15.orig/lib/liblwres/Makefile openswan-2.4.15/lib/liblwres/Makefile +--- openswan-2.4.15.orig/lib/liblwres/Makefile 2007-10-22 16:33:11.000000000 +0200 ++++ openswan-2.4.15/lib/liblwres/Makefile 2009-06-28 11:21:35.000000000 +0200 +@@ -17,8 +17,8 @@ + + CINCLUDES = -I${srcdir}/unix/include \ + -I. -I./include -I${srcdir}/include +-CDEFINES = -g +-CWARNINGS = -Werror ++CDEFINES = ++CWARNINGS = + + CFLAGS+=${CINCLUDES} ${CDEFINES} ${CWARNINGS} + +diff -Nru openswan-2.4.15.orig/Makefile.inc openswan-2.4.15/Makefile.inc +--- openswan-2.4.15.orig/Makefile.inc 2009-06-25 06:01:16.000000000 +0200 ++++ openswan-2.4.15/Makefile.inc 2009-06-28 11:21:35.000000000 +0200 +@@ -46,7 +46,7 @@ + DESTDIR?= + + # "local" part of tree, used in building other pathnames +-INC_USRLOCAL=/usr/local ++INC_USRLOCAL?=/usr + + # PUBDIR is where the "ipsec" command goes; beware, many things define PATH + # settings which are assumed to include it (or at least, to include *some* +@@ -91,7 +91,7 @@ + + # sample configuration files go into + INC_DOCDIR?=share/doc +-FINALEXAMPLECONFDIR=${INC_USRLOCAL}/${INC_DOCDIR}/openswan ++FINALEXAMPLECONFDIR?=${INC_USRLOCAL}/${INC_DOCDIR}/openswan + EXAMPLECONFDIR=${DESTDIR}${FINALEXAMPLECONFDIR} + + FINALDOCDIR?=${INC_USRLOCAL}/${INC_DOCDIR}/openswan +diff -Nru openswan-2.4.15.orig/programs/_confread/_confread.in openswan-2.4.15/programs/_confread/_confread.in +--- openswan-2.4.15.orig/programs/_confread/_confread.in 2006-04-12 21:55:42.000000000 +0200 ++++ openswan-2.4.15/programs/_confread/_confread.in 2009-06-28 11:21:35.000000000 +0200 +@@ -14,7 +14,7 @@ + # + # RCSID $Id: _confread.in,v 1.81.2.5 2006/04/12 19:55:42 mcr Exp $ + # +-# Extract configuration info from /etc/ipsec.conf, repackage as assignments ++# Extract configuration info from /etc/ipsec/ipsec.conf, repackage as assignments + # to shell variables or tab-delimited fields. Success or failure is reported + # inline, as extra data, due to the vagaries of shell backquote handling. + # In the absence of --varprefix, output is tab-separated fields, like: +diff -Nru openswan-2.4.15.orig/programs/_confread/ipsec.conf.in openswan-2.4.15/programs/_confread/ipsec.conf.in +--- openswan-2.4.15.orig/programs/_confread/ipsec.conf.in 2006-10-19 05:49:46.000000000 +0200 ++++ openswan-2.4.15/programs/_confread/ipsec.conf.in 2009-06-28 11:22:29.000000000 +0200 +@@ -1,4 +1,4 @@ +-# /etc/ipsec.conf - Openswan IPsec configuration file ++# /etc/ipsec/ipsec.conf - Openswan IPsec configuration file + # RCSID $Id: ipsec.conf.in,v 1.15.2.6 2006/10/19 03:49:46 paul Exp $ + + # This file: @FINALEXAMPLECONFDIR@/ipsec.conf-sample +diff -Nru openswan-2.4.15.orig/programs/examples/l2tp-psk.conf.in openswan-2.4.15/programs/examples/l2tp-psk.conf.in +--- openswan-2.4.15.orig/programs/examples/l2tp-psk.conf.in 2007-11-02 02:49:40.000000000 +0100 ++++ openswan-2.4.15/programs/examples/l2tp-psk.conf.in 2009-06-28 11:21:35.000000000 +0200 +@@ -11,7 +11,7 @@ + # + # Use a Preshared Key. Disable Perfect Forward Secrecy. + # +- # PreSharedSecret needs to be specified in /etc/ipsec.secrets as ++ # PreSharedSecret needs to be specified in /etc/ipsec/ipsec.secrets as + # YourIPAddress %any: "sharedsecret" + authby=secret + pfs=no +diff -Nru openswan-2.4.15.orig/programs/_include/_include.in openswan-2.4.15/programs/_include/_include.in +--- openswan-2.4.15.orig/programs/_include/_include.in 2003-01-06 22:44:04.000000000 +0100 ++++ openswan-2.4.15/programs/_include/_include.in 2009-06-28 11:21:35.000000000 +0200 +@@ -47,10 +47,10 @@ + do + if test ! -r "$f" + then +- if test ! "$f" = "/etc/ipsec.conf" ++ if test ! "$f" = "/etc/ipsec/ipsec.conf" + then + echo "#:cannot open configuration file \'$f\'" +- if test "$f" = "/etc/ipsec.secrets" ++ if test "$f" = "/etc/ipsec/ipsec.secrets" + then + echo "#:Your secrets file will be created when you start FreeS/WAN for the first time." + fi +diff -Nru openswan-2.4.15.orig/programs/mailkey/mailkey.in openswan-2.4.15/programs/mailkey/mailkey.in +--- openswan-2.4.15.orig/programs/mailkey/mailkey.in 2006-10-29 01:49:23.000000000 +0200 ++++ openswan-2.4.15/programs/mailkey/mailkey.in 2009-06-28 11:21:35.000000000 +0200 +@@ -60,7 +60,7 @@ + + "$test1st" + +-Common concerns: This account must be able to read /etc/ipsec.secrets. ++Common concerns: This account must be able to read /etc/ipsec/ipsec.secrets. + If you haven't generated your key yet, please run 'ipsec newhostkey'." + exit 0 + } +diff -Nru openswan-2.4.15.orig/programs/Makefile.program openswan-2.4.15/programs/Makefile.program +--- openswan-2.4.15.orig/programs/Makefile.program 2007-06-19 16:49:19.000000000 +0200 ++++ openswan-2.4.15/programs/Makefile.program 2009-06-28 11:21:35.000000000 +0200 +@@ -34,7 +34,6 @@ + WERROR:= -Werror + endif + +-CFLAGS+= ${WERROR} + + ifneq ($(LD_LIBRARY_PATH),) + LDFLAGS=-L$(LD_LIBRARY_PATH) +diff -Nru openswan-2.4.15.orig/programs/pluto/Makefile openswan-2.4.15/programs/pluto/Makefile +--- openswan-2.4.15.orig/programs/pluto/Makefile 2007-11-06 19:56:26.000000000 +0100 ++++ openswan-2.4.15/programs/pluto/Makefile 2009-06-28 11:21:35.000000000 +0200 +@@ -210,7 +210,7 @@ + endif + + ifeq ($(USE_WEAKSTUFF),true) +-WEAK_DEFS=-DUSE_VERYWEAK_DH1=1 #-DUSE_1DES ++WEAK_DEFS=-DUSE_VERYWEAK_DH1=1 -DUSE_1DES + endif + + ifeq ($(USE_EXTRACRYPTO),true) +diff -Nru openswan-2.4.15.orig/programs/setup/Makefile openswan-2.4.15/programs/setup/Makefile +--- openswan-2.4.15.orig/programs/setup/Makefile 2004-12-18 19:13:43.000000000 +0100 ++++ openswan-2.4.15/programs/setup/Makefile 2009-06-28 11:21:35.000000000 +0200 +@@ -33,25 +33,10 @@ + @rm -f $(BINDIR)/setup + @$(INSTALL) $(INSTBINFLAGS) setup $(RCDIR)/ipsec + @ln -s $(FINALRCDIR)/ipsec $(BINDIR)/setup +- -@for i in 0 1 2 3 4 5 6; do mkdir -p $(RCDIR)/../rc$$i.d; done +- -@cd $(RCDIR)/../rc0.d && ln -f -s ../init.d/ipsec K76ipsec +- -@cd $(RCDIR)/../rc1.d && ln -f -s ../init.d/ipsec K76ipsec +- -@cd $(RCDIR)/../rc2.d && ln -f -s ../init.d/ipsec S47ipsec +- -@cd $(RCDIR)/../rc3.d && ln -f -s ../init.d/ipsec S47ipsec +- -@cd $(RCDIR)/../rc4.d && ln -f -s ../init.d/ipsec S47ipsec +- -@cd $(RCDIR)/../rc5.d && ln -f -s ../init.d/ipsec S47ipsec +- -@cd $(RCDIR)/../rc6.d && ln -f -s ../init.d/ipsec K76ipsec + + install_file_list:: + @echo $(RCDIR)/ipsec + @echo $(BINDIR)/setup +- @echo $(RCDIR)/../rc0.d/K76ipsec +- @echo $(RCDIR)/../rc1.d/K76ipsec +- @echo $(RCDIR)/../rc2.d/S47ipsec +- @echo $(RCDIR)/../rc3.d/S47ipsec +- @echo $(RCDIR)/../rc4.d/S47ipsec +- @echo $(RCDIR)/../rc5.d/S47ipsec +- @echo $(RCDIR)/../rc6.d/K76ipsec + + clean:: + @rm -f setup +diff -Nru openswan-2.4.15.orig/programs/showhostkey/showhostkey.in openswan-2.4.15/programs/showhostkey/showhostkey.in +--- openswan-2.4.15.orig/programs/showhostkey/showhostkey.in 2007-06-19 17:27:27.000000000 +0200 ++++ openswan-2.4.15/programs/showhostkey/showhostkey.in 2009-06-28 11:21:35.000000000 +0200 +@@ -18,7 +18,7 @@ + usage="Usage: $me [--file secrets] [--left] [--right] [--txt gateway] [--id id] + [--dhclient] [--ipseckey]" + +-file=/etc/ipsec.secrets ++file=/etc/ipsec/ipsec.secrets + fmt="" + gw= + id= +diff -Nru openswan-2.4.15.orig/testing/utils/ikeping/Makefile openswan-2.4.15/testing/utils/ikeping/Makefile +--- openswan-2.4.15.orig/testing/utils/ikeping/Makefile 2004-04-03 21:44:52.000000000 +0200 ++++ openswan-2.4.15/testing/utils/ikeping/Makefile 2009-06-28 11:21:35.000000000 +0200 +@@ -27,10 +27,9 @@ + FREESWANINCLS= -I$(FREESWANLIBDIR) -I${OPENSWANSRCDIR} + FREESWANLIB=$(FREESWANLIBDIR)/libfreeswan.a + +-CFLAGS = -g -Wall -W -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast \ ++CFLAGS = -Wall -W -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast \ + -Wcast-qual -Wmissing-declarations -Wwrite-strings + CFLAGS+= -Wstrict-prototypes +-CFLAGS+= -Werror + #CFLAGS+= -Wundef + + HDRDIRS = $(FREESWANINCLS) diff --git a/net-misc/openswan/openswan-2.4.15.ebuild b/net-misc/openswan/openswan-2.4.15.ebuild new file mode 100644 index 000000000000..6e9372068fdd --- /dev/null +++ b/net-misc/openswan/openswan-2.4.15.ebuild @@ -0,0 +1,125 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/openswan-2.4.15.ebuild,v 1.1 2009/06/28 09:45:59 mrness Exp $ + +EAPI="2" + +inherit eutils linux-info + +DESCRIPTION="Open Source implementation of IPsec for the Linux operating system (was SuperFreeS/WAN)." +HOMEPAGE="http://www.openswan.org/" +SRC_URI="http://www.openswan.org/download/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~sparc ~x86" +IUSE="curl ldap smartcard extra-algorithms weak-algorithms" + +COMMON_DEPEND="!net-misc/strongswan + dev-libs/gmp + dev-lang/perl + smartcard? ( dev-libs/opensc ) + curl? ( net-misc/curl ) + ldap? ( net-nds/openldap )" +DEPEND="${COMMON_DEPEND} + virtual/linux-sources" +RDEPEND="${COMMON_DEPEND} + virtual/logger + sys-apps/iproute2" + +pkg_setup() { + linux-info_pkg_setup + + if kernel_is 2 6; then + einfo "This ebuild will set ${P} to use 2.6 native IPsec (KAME)." + einfo "KLIPS will not be compiled/installed." + MYMAKE="programs" + + elif kernel_is 2 4; then + if ! [[ -d "${KERNEL_DIR}/net/ipsec" ]]; then + eerror "You need to have an IPsec enabled 2.4.x kernel." + eerror "Ensure you have one running and make a symlink to it in /usr/src/linux" + die + fi + + einfo "Using patched-in IPsec code for kernel 2.4" + einfo "Your kernel only supports KLIPS for kernel level IPsec." + MYMAKE="confcheck programs" + + else + die "Unsupported kernel version" + fi +} + +src_prepare() { + epatch "${FILESDIR}"/${P}-gentoo.patch + epatch "${FILESDIR}"/${P}-deprecated-ldap.patch + + find . -type f -regex '.*[.][1-8]' -exec sed -i \ + -e s:/usr/local:/usr:g \ + -e s:/etc/ipsec[.]conf:/etc/ipsec/ipsec.conf:g \ + -e s:/etc/ipsec[.]secrets:/etc/ipsec/ipsec.secrets:g '{}' \; || + die "failed to replace text in xml docs" +} + +get_make_options() { + echo KERNELSRC=\"${KERNEL_DIR}\" \ + FINALCONFDIR=/etc/ipsec \ + FINALCONFFILE=/etc/ipsec/ipsec.conf \ + FINALEXAMPLECONFDIR=/usr/share/doc/${PF} \ + INC_RCDEFAULT=/etc/init.d \ + INC_USRLOCAL=/usr \ + INC_MANDIR=share/man \ + FINALDOCDIR=/usr/share/doc/${PF} \ + DESTDIR=\"${D}\" \ + USERCOMPILE=\"${CFLAGS}\" + if use smartcard ; then + echo USE_SMARTCARD=true + fi + if use extra-algorithms ; then + echo USE_EXTRACRYPTO=true + fi + if use weak-algorithms ; then + echo USE_WEAKSTUFF=true + fi + echo USE_OE=false # by default, turn off Opportunistic Encryption + echo USE_LWRES=false # needs bind9 with lwres support + local USETHREADS=false + if use curl; then + echo USE_LIBCURL=true + USETHREADS=true + fi + if use ldap; then + echo USE_LDAP=true + USETHREADS=true + fi + echo HAVE_THREADS=${USETHREADS} +} + +src_compile() { + eval set -- $(get_make_options) + emake "$@" \ + ${MYMAKE} || die "emake failed" +} + +src_install() { + eval set -- $(get_make_options) + emake "$@" \ + install || die "emake install failed" + + dosym /etc/ipsec/ipsec.d /etc/ipsec.d + + doinitd "${FILESDIR}"/ipsec || die "failed to install init script" + + dodir /var/run/pluto || die "failed to create /var/run/pluto" +} + +pkg_postinst() { + if kernel_is 2 6; then + CONFIG_CHECK="~NET_KEY ~INET_XFRM_MODE_TRANSPORT ~INET_XFRM_MODE_TUNNEL ~INET_AH ~INET_ESP ~INET_IPCOMP" + WARNING_INET_AH="CONFIG_INET_AH:\tmissing IPsec AH support (needed if you want only authentication)" + WARNING_INET_ESP="CONFIG_INET_ESP:\tmissing IPsec ESP support (needed if you want authentication and encryption)" + WARNING_INET_IPCOMP="CONFIG_INET_IPCOMP:\tmissing IPsec Payload Compression (required for compress=yes)" + check_extra_config + fi +} diff --git a/net-misc/openswan/openswan-2.6.22.ebuild b/net-misc/openswan/openswan-2.6.22.ebuild index 09ddbdc646a0..333b30aad621 100644 --- a/net-misc/openswan/openswan-2.6.22.ebuild +++ b/net-misc/openswan/openswan-2.6.22.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2009 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/openswan-2.6.22.ebuild,v 1.1 2009/06/24 17:18:36 mrness Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/openswan-2.6.22.ebuild,v 1.2 2009/06/28 09:45:59 mrness Exp $ EAPI="2" @@ -61,7 +61,7 @@ pkg_setup() { src_prepare() { epatch "${FILESDIR}"/${P}-gentoo.patch - find . -regex '.*[.][1-8]' -exec sed -i \ + find . -type f -regex '.*[.][1-8]' -exec sed -i \ -e s:/usr/local:/usr:g '{}' \; || die "failed to replace text in xml docs" } |