summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlin Năstac <mrness@gentoo.org>2009-06-28 09:45:59 +0000
committerAlin Năstac <mrness@gentoo.org>2009-06-28 09:45:59 +0000
commit50f3699b7d4526faa51b0d1b355686218e6b0c0f (patch)
tree1ce1f47224bc80af88b46b7fe4b4b690c4ef4c06 /net-misc/openswan
parentBump to 1.14, fixes #272747 (diff)
downloadgentoo-2-50f3699b7d4526faa51b0d1b355686218e6b0c0f.tar.gz
gentoo-2-50f3699b7d4526faa51b0d1b355686218e6b0c0f.tar.bz2
gentoo-2-50f3699b7d4526faa51b0d1b355686218e6b0c0f.zip
Version bump wrt security bug #275233. Fix sed error (#275448).
(Portage version: 2.1.6.13/cvs/Linux x86_64)
Diffstat (limited to 'net-misc/openswan')
-rw-r--r--net-misc/openswan/ChangeLog10
-rw-r--r--net-misc/openswan/files/openswan-2.4.15-deprecated-ldap.patch11
-rw-r--r--net-misc/openswan/files/openswan-2.4.15-gentoo.patch175
-rw-r--r--net-misc/openswan/openswan-2.4.15.ebuild125
-rw-r--r--net-misc/openswan/openswan-2.6.22.ebuild4
5 files changed, 322 insertions, 3 deletions
diff --git a/net-misc/openswan/ChangeLog b/net-misc/openswan/ChangeLog
index cde3c7b734d4..4f1d37886680 100644
--- a/net-misc/openswan/ChangeLog
+++ b/net-misc/openswan/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for net-misc/openswan
# Copyright 2002-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/ChangeLog,v 1.64 2009/06/24 17:18:36 mrness Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/ChangeLog,v 1.65 2009/06/28 09:45:59 mrness Exp $
+
+*openswan-2.4.15 (28 Jun 2009)
+
+ 28 Jun 2009; Alin Năstac <mrness@gentoo.org>
+ +files/openswan-2.4.15-deprecated-ldap.patch,
+ +files/openswan-2.4.15-gentoo.patch, +openswan-2.4.15.ebuild,
+ openswan-2.6.22.ebuild:
+ Version bump wrt security bug #275233. Fix sed error (#275448).
*openswan-2.6.22 (24 Jun 2009)
diff --git a/net-misc/openswan/files/openswan-2.4.15-deprecated-ldap.patch b/net-misc/openswan/files/openswan-2.4.15-deprecated-ldap.patch
new file mode 100644
index 000000000000..33c70e83a30a
--- /dev/null
+++ b/net-misc/openswan/files/openswan-2.4.15-deprecated-ldap.patch
@@ -0,0 +1,11 @@
+diff -Nru openswan-2.4.15.orig/programs/pluto/fetch.c openswan-2.4.15/programs/pluto/fetch.c
+--- openswan-2.4.15.orig/programs/pluto/fetch.c 2004-06-14 04:01:32.000000000 +0200
++++ openswan-2.4.15/programs/pluto/fetch.c 2009-06-28 11:24:17.000000000 +0200
+@@ -28,6 +28,7 @@
+ #include <openswan.h>
+
+ #ifdef LDAP_VER
++#define LDAP_DEPRECATED 1
+ #include <ldap.h>
+ #endif
+
diff --git a/net-misc/openswan/files/openswan-2.4.15-gentoo.patch b/net-misc/openswan/files/openswan-2.4.15-gentoo.patch
new file mode 100644
index 000000000000..35ccb2f24a0c
--- /dev/null
+++ b/net-misc/openswan/files/openswan-2.4.15-gentoo.patch
@@ -0,0 +1,175 @@
+diff -Nru openswan-2.4.15.orig/lib/liblwres/Makefile openswan-2.4.15/lib/liblwres/Makefile
+--- openswan-2.4.15.orig/lib/liblwres/Makefile 2007-10-22 16:33:11.000000000 +0200
++++ openswan-2.4.15/lib/liblwres/Makefile 2009-06-28 11:21:35.000000000 +0200
+@@ -17,8 +17,8 @@
+
+ CINCLUDES = -I${srcdir}/unix/include \
+ -I. -I./include -I${srcdir}/include
+-CDEFINES = -g
+-CWARNINGS = -Werror
++CDEFINES =
++CWARNINGS =
+
+ CFLAGS+=${CINCLUDES} ${CDEFINES} ${CWARNINGS}
+
+diff -Nru openswan-2.4.15.orig/Makefile.inc openswan-2.4.15/Makefile.inc
+--- openswan-2.4.15.orig/Makefile.inc 2009-06-25 06:01:16.000000000 +0200
++++ openswan-2.4.15/Makefile.inc 2009-06-28 11:21:35.000000000 +0200
+@@ -46,7 +46,7 @@
+ DESTDIR?=
+
+ # "local" part of tree, used in building other pathnames
+-INC_USRLOCAL=/usr/local
++INC_USRLOCAL?=/usr
+
+ # PUBDIR is where the "ipsec" command goes; beware, many things define PATH
+ # settings which are assumed to include it (or at least, to include *some*
+@@ -91,7 +91,7 @@
+
+ # sample configuration files go into
+ INC_DOCDIR?=share/doc
+-FINALEXAMPLECONFDIR=${INC_USRLOCAL}/${INC_DOCDIR}/openswan
++FINALEXAMPLECONFDIR?=${INC_USRLOCAL}/${INC_DOCDIR}/openswan
+ EXAMPLECONFDIR=${DESTDIR}${FINALEXAMPLECONFDIR}
+
+ FINALDOCDIR?=${INC_USRLOCAL}/${INC_DOCDIR}/openswan
+diff -Nru openswan-2.4.15.orig/programs/_confread/_confread.in openswan-2.4.15/programs/_confread/_confread.in
+--- openswan-2.4.15.orig/programs/_confread/_confread.in 2006-04-12 21:55:42.000000000 +0200
++++ openswan-2.4.15/programs/_confread/_confread.in 2009-06-28 11:21:35.000000000 +0200
+@@ -14,7 +14,7 @@
+ #
+ # RCSID $Id: _confread.in,v 1.81.2.5 2006/04/12 19:55:42 mcr Exp $
+ #
+-# Extract configuration info from /etc/ipsec.conf, repackage as assignments
++# Extract configuration info from /etc/ipsec/ipsec.conf, repackage as assignments
+ # to shell variables or tab-delimited fields. Success or failure is reported
+ # inline, as extra data, due to the vagaries of shell backquote handling.
+ # In the absence of --varprefix, output is tab-separated fields, like:
+diff -Nru openswan-2.4.15.orig/programs/_confread/ipsec.conf.in openswan-2.4.15/programs/_confread/ipsec.conf.in
+--- openswan-2.4.15.orig/programs/_confread/ipsec.conf.in 2006-10-19 05:49:46.000000000 +0200
++++ openswan-2.4.15/programs/_confread/ipsec.conf.in 2009-06-28 11:22:29.000000000 +0200
+@@ -1,4 +1,4 @@
+-# /etc/ipsec.conf - Openswan IPsec configuration file
++# /etc/ipsec/ipsec.conf - Openswan IPsec configuration file
+ # RCSID $Id: ipsec.conf.in,v 1.15.2.6 2006/10/19 03:49:46 paul Exp $
+
+ # This file: @FINALEXAMPLECONFDIR@/ipsec.conf-sample
+diff -Nru openswan-2.4.15.orig/programs/examples/l2tp-psk.conf.in openswan-2.4.15/programs/examples/l2tp-psk.conf.in
+--- openswan-2.4.15.orig/programs/examples/l2tp-psk.conf.in 2007-11-02 02:49:40.000000000 +0100
++++ openswan-2.4.15/programs/examples/l2tp-psk.conf.in 2009-06-28 11:21:35.000000000 +0200
+@@ -11,7 +11,7 @@
+ #
+ # Use a Preshared Key. Disable Perfect Forward Secrecy.
+ #
+- # PreSharedSecret needs to be specified in /etc/ipsec.secrets as
++ # PreSharedSecret needs to be specified in /etc/ipsec/ipsec.secrets as
+ # YourIPAddress %any: "sharedsecret"
+ authby=secret
+ pfs=no
+diff -Nru openswan-2.4.15.orig/programs/_include/_include.in openswan-2.4.15/programs/_include/_include.in
+--- openswan-2.4.15.orig/programs/_include/_include.in 2003-01-06 22:44:04.000000000 +0100
++++ openswan-2.4.15/programs/_include/_include.in 2009-06-28 11:21:35.000000000 +0200
+@@ -47,10 +47,10 @@
+ do
+ if test ! -r "$f"
+ then
+- if test ! "$f" = "/etc/ipsec.conf"
++ if test ! "$f" = "/etc/ipsec/ipsec.conf"
+ then
+ echo "#:cannot open configuration file \'$f\'"
+- if test "$f" = "/etc/ipsec.secrets"
++ if test "$f" = "/etc/ipsec/ipsec.secrets"
+ then
+ echo "#:Your secrets file will be created when you start FreeS/WAN for the first time."
+ fi
+diff -Nru openswan-2.4.15.orig/programs/mailkey/mailkey.in openswan-2.4.15/programs/mailkey/mailkey.in
+--- openswan-2.4.15.orig/programs/mailkey/mailkey.in 2006-10-29 01:49:23.000000000 +0200
++++ openswan-2.4.15/programs/mailkey/mailkey.in 2009-06-28 11:21:35.000000000 +0200
+@@ -60,7 +60,7 @@
+
+ "$test1st"
+
+-Common concerns: This account must be able to read /etc/ipsec.secrets.
++Common concerns: This account must be able to read /etc/ipsec/ipsec.secrets.
+ If you haven't generated your key yet, please run 'ipsec newhostkey'."
+ exit 0
+ }
+diff -Nru openswan-2.4.15.orig/programs/Makefile.program openswan-2.4.15/programs/Makefile.program
+--- openswan-2.4.15.orig/programs/Makefile.program 2007-06-19 16:49:19.000000000 +0200
++++ openswan-2.4.15/programs/Makefile.program 2009-06-28 11:21:35.000000000 +0200
+@@ -34,7 +34,6 @@
+ WERROR:= -Werror
+ endif
+
+-CFLAGS+= ${WERROR}
+
+ ifneq ($(LD_LIBRARY_PATH),)
+ LDFLAGS=-L$(LD_LIBRARY_PATH)
+diff -Nru openswan-2.4.15.orig/programs/pluto/Makefile openswan-2.4.15/programs/pluto/Makefile
+--- openswan-2.4.15.orig/programs/pluto/Makefile 2007-11-06 19:56:26.000000000 +0100
++++ openswan-2.4.15/programs/pluto/Makefile 2009-06-28 11:21:35.000000000 +0200
+@@ -210,7 +210,7 @@
+ endif
+
+ ifeq ($(USE_WEAKSTUFF),true)
+-WEAK_DEFS=-DUSE_VERYWEAK_DH1=1 #-DUSE_1DES
++WEAK_DEFS=-DUSE_VERYWEAK_DH1=1 -DUSE_1DES
+ endif
+
+ ifeq ($(USE_EXTRACRYPTO),true)
+diff -Nru openswan-2.4.15.orig/programs/setup/Makefile openswan-2.4.15/programs/setup/Makefile
+--- openswan-2.4.15.orig/programs/setup/Makefile 2004-12-18 19:13:43.000000000 +0100
++++ openswan-2.4.15/programs/setup/Makefile 2009-06-28 11:21:35.000000000 +0200
+@@ -33,25 +33,10 @@
+ @rm -f $(BINDIR)/setup
+ @$(INSTALL) $(INSTBINFLAGS) setup $(RCDIR)/ipsec
+ @ln -s $(FINALRCDIR)/ipsec $(BINDIR)/setup
+- -@for i in 0 1 2 3 4 5 6; do mkdir -p $(RCDIR)/../rc$$i.d; done
+- -@cd $(RCDIR)/../rc0.d && ln -f -s ../init.d/ipsec K76ipsec
+- -@cd $(RCDIR)/../rc1.d && ln -f -s ../init.d/ipsec K76ipsec
+- -@cd $(RCDIR)/../rc2.d && ln -f -s ../init.d/ipsec S47ipsec
+- -@cd $(RCDIR)/../rc3.d && ln -f -s ../init.d/ipsec S47ipsec
+- -@cd $(RCDIR)/../rc4.d && ln -f -s ../init.d/ipsec S47ipsec
+- -@cd $(RCDIR)/../rc5.d && ln -f -s ../init.d/ipsec S47ipsec
+- -@cd $(RCDIR)/../rc6.d && ln -f -s ../init.d/ipsec K76ipsec
+
+ install_file_list::
+ @echo $(RCDIR)/ipsec
+ @echo $(BINDIR)/setup
+- @echo $(RCDIR)/../rc0.d/K76ipsec
+- @echo $(RCDIR)/../rc1.d/K76ipsec
+- @echo $(RCDIR)/../rc2.d/S47ipsec
+- @echo $(RCDIR)/../rc3.d/S47ipsec
+- @echo $(RCDIR)/../rc4.d/S47ipsec
+- @echo $(RCDIR)/../rc5.d/S47ipsec
+- @echo $(RCDIR)/../rc6.d/K76ipsec
+
+ clean::
+ @rm -f setup
+diff -Nru openswan-2.4.15.orig/programs/showhostkey/showhostkey.in openswan-2.4.15/programs/showhostkey/showhostkey.in
+--- openswan-2.4.15.orig/programs/showhostkey/showhostkey.in 2007-06-19 17:27:27.000000000 +0200
++++ openswan-2.4.15/programs/showhostkey/showhostkey.in 2009-06-28 11:21:35.000000000 +0200
+@@ -18,7 +18,7 @@
+ usage="Usage: $me [--file secrets] [--left] [--right] [--txt gateway] [--id id]
+ [--dhclient] [--ipseckey]"
+
+-file=/etc/ipsec.secrets
++file=/etc/ipsec/ipsec.secrets
+ fmt=""
+ gw=
+ id=
+diff -Nru openswan-2.4.15.orig/testing/utils/ikeping/Makefile openswan-2.4.15/testing/utils/ikeping/Makefile
+--- openswan-2.4.15.orig/testing/utils/ikeping/Makefile 2004-04-03 21:44:52.000000000 +0200
++++ openswan-2.4.15/testing/utils/ikeping/Makefile 2009-06-28 11:21:35.000000000 +0200
+@@ -27,10 +27,9 @@
+ FREESWANINCLS= -I$(FREESWANLIBDIR) -I${OPENSWANSRCDIR}
+ FREESWANLIB=$(FREESWANLIBDIR)/libfreeswan.a
+
+-CFLAGS = -g -Wall -W -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast \
++CFLAGS = -Wall -W -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast \
+ -Wcast-qual -Wmissing-declarations -Wwrite-strings
+ CFLAGS+= -Wstrict-prototypes
+-CFLAGS+= -Werror
+ #CFLAGS+= -Wundef
+
+ HDRDIRS = $(FREESWANINCLS)
diff --git a/net-misc/openswan/openswan-2.4.15.ebuild b/net-misc/openswan/openswan-2.4.15.ebuild
new file mode 100644
index 000000000000..6e9372068fdd
--- /dev/null
+++ b/net-misc/openswan/openswan-2.4.15.ebuild
@@ -0,0 +1,125 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/openswan-2.4.15.ebuild,v 1.1 2009/06/28 09:45:59 mrness Exp $
+
+EAPI="2"
+
+inherit eutils linux-info
+
+DESCRIPTION="Open Source implementation of IPsec for the Linux operating system (was SuperFreeS/WAN)."
+HOMEPAGE="http://www.openswan.org/"
+SRC_URI="http://www.openswan.org/download/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~sparc ~x86"
+IUSE="curl ldap smartcard extra-algorithms weak-algorithms"
+
+COMMON_DEPEND="!net-misc/strongswan
+ dev-libs/gmp
+ dev-lang/perl
+ smartcard? ( dev-libs/opensc )
+ curl? ( net-misc/curl )
+ ldap? ( net-nds/openldap )"
+DEPEND="${COMMON_DEPEND}
+ virtual/linux-sources"
+RDEPEND="${COMMON_DEPEND}
+ virtual/logger
+ sys-apps/iproute2"
+
+pkg_setup() {
+ linux-info_pkg_setup
+
+ if kernel_is 2 6; then
+ einfo "This ebuild will set ${P} to use 2.6 native IPsec (KAME)."
+ einfo "KLIPS will not be compiled/installed."
+ MYMAKE="programs"
+
+ elif kernel_is 2 4; then
+ if ! [[ -d "${KERNEL_DIR}/net/ipsec" ]]; then
+ eerror "You need to have an IPsec enabled 2.4.x kernel."
+ eerror "Ensure you have one running and make a symlink to it in /usr/src/linux"
+ die
+ fi
+
+ einfo "Using patched-in IPsec code for kernel 2.4"
+ einfo "Your kernel only supports KLIPS for kernel level IPsec."
+ MYMAKE="confcheck programs"
+
+ else
+ die "Unsupported kernel version"
+ fi
+}
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-gentoo.patch
+ epatch "${FILESDIR}"/${P}-deprecated-ldap.patch
+
+ find . -type f -regex '.*[.][1-8]' -exec sed -i \
+ -e s:/usr/local:/usr:g \
+ -e s:/etc/ipsec[.]conf:/etc/ipsec/ipsec.conf:g \
+ -e s:/etc/ipsec[.]secrets:/etc/ipsec/ipsec.secrets:g '{}' \; ||
+ die "failed to replace text in xml docs"
+}
+
+get_make_options() {
+ echo KERNELSRC=\"${KERNEL_DIR}\" \
+ FINALCONFDIR=/etc/ipsec \
+ FINALCONFFILE=/etc/ipsec/ipsec.conf \
+ FINALEXAMPLECONFDIR=/usr/share/doc/${PF} \
+ INC_RCDEFAULT=/etc/init.d \
+ INC_USRLOCAL=/usr \
+ INC_MANDIR=share/man \
+ FINALDOCDIR=/usr/share/doc/${PF} \
+ DESTDIR=\"${D}\" \
+ USERCOMPILE=\"${CFLAGS}\"
+ if use smartcard ; then
+ echo USE_SMARTCARD=true
+ fi
+ if use extra-algorithms ; then
+ echo USE_EXTRACRYPTO=true
+ fi
+ if use weak-algorithms ; then
+ echo USE_WEAKSTUFF=true
+ fi
+ echo USE_OE=false # by default, turn off Opportunistic Encryption
+ echo USE_LWRES=false # needs bind9 with lwres support
+ local USETHREADS=false
+ if use curl; then
+ echo USE_LIBCURL=true
+ USETHREADS=true
+ fi
+ if use ldap; then
+ echo USE_LDAP=true
+ USETHREADS=true
+ fi
+ echo HAVE_THREADS=${USETHREADS}
+}
+
+src_compile() {
+ eval set -- $(get_make_options)
+ emake "$@" \
+ ${MYMAKE} || die "emake failed"
+}
+
+src_install() {
+ eval set -- $(get_make_options)
+ emake "$@" \
+ install || die "emake install failed"
+
+ dosym /etc/ipsec/ipsec.d /etc/ipsec.d
+
+ doinitd "${FILESDIR}"/ipsec || die "failed to install init script"
+
+ dodir /var/run/pluto || die "failed to create /var/run/pluto"
+}
+
+pkg_postinst() {
+ if kernel_is 2 6; then
+ CONFIG_CHECK="~NET_KEY ~INET_XFRM_MODE_TRANSPORT ~INET_XFRM_MODE_TUNNEL ~INET_AH ~INET_ESP ~INET_IPCOMP"
+ WARNING_INET_AH="CONFIG_INET_AH:\tmissing IPsec AH support (needed if you want only authentication)"
+ WARNING_INET_ESP="CONFIG_INET_ESP:\tmissing IPsec ESP support (needed if you want authentication and encryption)"
+ WARNING_INET_IPCOMP="CONFIG_INET_IPCOMP:\tmissing IPsec Payload Compression (required for compress=yes)"
+ check_extra_config
+ fi
+}
diff --git a/net-misc/openswan/openswan-2.6.22.ebuild b/net-misc/openswan/openswan-2.6.22.ebuild
index 09ddbdc646a0..333b30aad621 100644
--- a/net-misc/openswan/openswan-2.6.22.ebuild
+++ b/net-misc/openswan/openswan-2.6.22.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2009 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/openswan-2.6.22.ebuild,v 1.1 2009/06/24 17:18:36 mrness Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/openswan-2.6.22.ebuild,v 1.2 2009/06/28 09:45:59 mrness Exp $
EAPI="2"
@@ -61,7 +61,7 @@ pkg_setup() {
src_prepare() {
epatch "${FILESDIR}"/${P}-gentoo.patch
- find . -regex '.*[.][1-8]' -exec sed -i \
+ find . -type f -regex '.*[.][1-8]' -exec sed -i \
-e s:/usr/local:/usr:g '{}' \; ||
die "failed to replace text in xml docs"
}