diff options
Diffstat (limited to 'net-misc')
-rw-r--r-- | net-misc/openswan/ChangeLog | 8 | ||||
-rw-r--r-- | net-misc/openswan/Manifest | 13 | ||||
-rw-r--r-- | net-misc/openswan/files/openswan-2.6.22-gentoo.patch | 130 | ||||
-rw-r--r-- | net-misc/openswan/openswan-2.6.22.ebuild | 161 |
4 files changed, 306 insertions, 6 deletions
diff --git a/net-misc/openswan/ChangeLog b/net-misc/openswan/ChangeLog index f1a8c3cb3b20..cde3c7b734d4 100644 --- a/net-misc/openswan/ChangeLog +++ b/net-misc/openswan/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-misc/openswan # Copyright 2002-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/ChangeLog,v 1.63 2009/06/14 10:25:30 mrness Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/ChangeLog,v 1.64 2009/06/24 17:18:36 mrness Exp $ + +*openswan-2.6.22 (24 Jun 2009) + + 24 Jun 2009; Alin Năstac <mrness@gentoo.org> + +files/openswan-2.6.22-gentoo.patch, +openswan-2.6.22.ebuild: + Version bump wrt security bug #275233. 14 Jun 2009; Alin Năstac <mrness@gentoo.org> -files/openswan-2.4.13-deprecated-ldap.patch, diff --git a/net-misc/openswan/Manifest b/net-misc/openswan/Manifest index 3ff5681fec71..995563d36d50 100644 --- a/net-misc/openswan/Manifest +++ b/net-misc/openswan/Manifest @@ -7,16 +7,19 @@ AUX openswan-2.4.14-deprecated-ldap.patch 372 RMD160 7ec7ef91ad9712026be01e5f896 AUX openswan-2.4.14-gentoo-fixed.patch 7744 RMD160 23cd42532116253854ed1526f464d411c710d3ba SHA1 425c282ce312518828936d764b7a707148ff0557 SHA256 849193e8b2107a8f4f6a7d91b447ab4f628760b4117f0b1cdc3ded8b2f4d98c5 AUX openswan-2.4.14-getline.patch 1559 RMD160 56da53a0ec2685ad60c5e4109867e7e2398c75f2 SHA1 bbdcda81dfa52581c8efc15d9fc88249a45113bd SHA256 c8c8fcaffcdc694df3152f5b581b31ff3dc3ae7ad3a131392e5ee082756e33d2 AUX openswan-2.6.21-gentoo-fixed.patch 4930 RMD160 ee9dbfed38c81da04254ecd4695193f8f2660459 SHA1 9591a633b545db49560953dd11b9ee55c99ba167 SHA256 943a3eb1a3c42ab3024e3015a8e4b5586aa65e348fac01f2d2600d7fca59fe5b +AUX openswan-2.6.22-gentoo.patch 5088 RMD160 e61921ae0c795e38c44e38f5a22f0881aaf4d893 SHA1 783cee333a0fa0f820c76d7bda808404c650aa39 SHA256 e95a2cd4fa2aff4c1d75951c27595045602180a6865920594b318ec6cd576db8 DIST openswan-2.4.14.tar.gz 3762031 RMD160 c3165fa58d540d30a5adfbc1070a21ca6762c17b SHA1 6f79c969164f80ae7d2b5a436bd798c428615687 SHA256 5c5886c026f79a85bee0ac2888fc3c7da87b8f8c493f02a51a5ce6b8675a4ddf DIST openswan-2.6.21.tar.gz 6201306 RMD160 d94fcd50a55ae6bb28787b2fc1966c9c43927fbe SHA1 b43fd73e8a10b00b08a4b1784730f2656430f977 SHA256 e773aa22f86ef12999f9a78c98ad5ba09980ccd1d14ab16361e9f21e40742fe7 +DIST openswan-2.6.22.tar.gz 8152865 RMD160 dd06dbf7147407c9dc31efa29253d4c06ef5f0b1 SHA1 44cc5d6dd850b926f9addfd88ec2540984b08563 SHA256 05f4db569206b2bb31d99a322eb75a4830567e2859f485a12fdbaee37d91704b EBUILD openswan-2.4.14.ebuild 3563 RMD160 0ac58588efb85c67fd861a1be1bb5d1990e51fdf SHA1 ed96d4397f72e2f1495cf182e8b36b97bcf59088 SHA256 734e7605f5d6caa4063e4d30a83be1d87975a1f02a4f31d702496d965c473a2c EBUILD openswan-2.6.21.ebuild 4530 RMD160 73110832a157567fa866d9bdbc387d79eacded1c SHA1 83e83bbd4ce899e307c33292bc6a1a43bb341215 SHA256 133787849bfb63f7899a09e38070ecea9b8c67cae6f255f4f9d7982106297d61 -MISC ChangeLog 12339 RMD160 d71ce2c94b7e925da624f92575fa05006d1ede93 SHA1 bd74f77fdf6c0f3306a385651e3d86df66956777 SHA256 d6e33a2efa1dbcc5b65f453415eb2d7f61437a68c98d756ec1c960455303b584 +EBUILD openswan-2.6.22.ebuild 4524 RMD160 4675374fe68da207e66d89252f2b54ffb661d7d8 SHA1 a841e07e42fdd6caad7a3a2a9c25e937188995b8 SHA256 048a513d1b5d38a5465228cc28573983cfef4814f71391d1834b236dd2d1de39 +MISC ChangeLog 12525 RMD160 0e2526b2d066d99f5e17040eaa75f76163246a02 SHA1 a7f184ac1f0a1a21ad111d7fd2f3b563289b189c SHA256 2aa0c9d4b2380e98aa659b995323c7b3e9a9d98a013c59755709fb85f7d714aa MISC metadata.xml 1052 RMD160 714461d3b0b057e2859462b89308234ff326aa35 SHA1 fe024e83c6632467d13b7d80c57ec94fda1137de SHA256 2fc6636bb523697c3e909cd6e4106402978f9a51435ae4c0ec9e27767b41ad16 -----BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.10 (GNU/Linux) +Version: GnuPG v2.0.11 (GNU/Linux) -iEYEARECAAYFAko07FEACgkQts85UDFmaOWB+ACbBxuJA60T60tWt5yWdl8PaEK8 -DkUAn2n+yZ7vvFXAhYjZ6mVTCji83g0a -=Tx93 +iEYEARECAAYFAkpCX/cACgkQts85UDFmaOV3PACfb6b7G/vQJYs7FWn9MNBEIGlN +xawAn3Qyp+FhEJQwH/LIZ8YDUKpV4GcN +=6mhu -----END PGP SIGNATURE----- diff --git a/net-misc/openswan/files/openswan-2.6.22-gentoo.patch b/net-misc/openswan/files/openswan-2.6.22-gentoo.patch new file mode 100644 index 000000000000..cf163b5ad351 --- /dev/null +++ b/net-misc/openswan/files/openswan-2.6.22-gentoo.patch @@ -0,0 +1,130 @@ +diff -Nru openswan-2.6.22.orig/lib/libdns/Makefile openswan-2.6.22/lib/libdns/Makefile +--- openswan-2.6.22.orig/lib/libdns/Makefile 2009-06-23 04:53:08.000000000 +0200 ++++ openswan-2.6.22/lib/libdns/Makefile 2009-06-24 18:54:55.000000000 +0200 +@@ -30,8 +30,8 @@ + -I${srcdir}../libisc/nothreads/include \ + -I. -I./include -I${srcdir}include \ + -I${srcdir}../libisc/include +-CDEFINES = -g ${USERCOMPILE} ${PORTINCLUDE} +-CWARNINGS = -Werror ++CDEFINES = ${USERCOMPILE} ${PORTINCLUDE} ++CWARNINGS = + + CFLAGS+=${CINCLUDES} ${CDEFINES} ${CWARNINGS} + +diff -Nru openswan-2.6.22.orig/lib/libisc/Makefile openswan-2.6.22/lib/libisc/Makefile +--- openswan-2.6.22.orig/lib/libisc/Makefile 2009-06-23 04:53:08.000000000 +0200 ++++ openswan-2.6.22/lib/libisc/Makefile 2009-06-24 18:54:55.000000000 +0200 +@@ -22,8 +22,8 @@ + -I${srcdir}nothreads/include \ + -I. -I./include -I${srcdir}include \ + $(PORTINCLUDE) -I${OPENSWANSRCDIR}/include +-CDEFINES = -g -DHAVE_STRERROR ${USERCOMPILE} ${PORTINCLUDE} +-# CWARNINGS = -Werror ++CDEFINES = -DHAVE_STRERROR ${USERCOMPILE} ${PORTINCLUDE} ++# CWARNINGS = + + CFLAGS+=${CINCLUDES} ${CDEFINES} ${CWARNINGS} + +diff -Nru openswan-2.6.22.orig/lib/liblwres/Makefile openswan-2.6.22/lib/liblwres/Makefile +--- openswan-2.6.22.orig/lib/liblwres/Makefile 2009-06-23 04:53:08.000000000 +0200 ++++ openswan-2.6.22/lib/liblwres/Makefile 2009-06-24 18:54:55.000000000 +0200 +@@ -22,8 +22,8 @@ + -I${srcdir}../libisc/${ISCARCH}/include \ + -I${srcdir}../libisc/include \ + -I. -I./include -I${srcdir}include +-CDEFINES = -g +-CWARNINGS = -Werror ++CDEFINES = ++CWARNINGS = + + CFLAGS+=${USERCOMPILE} ${PORTINCLUDE} ${CINCLUDES} ${CDEFINES} ${CWARNINGS} + +diff -Nru openswan-2.6.22.orig/Makefile.inc openswan-2.6.22/Makefile.inc +--- openswan-2.6.22.orig/Makefile.inc 2009-06-23 04:53:08.000000000 +0200 ++++ openswan-2.6.22/Makefile.inc 2009-06-24 18:54:55.000000000 +0200 +@@ -49,7 +49,7 @@ + DESTDIR?= + + # "local" part of tree, used in building other pathnames +-INC_USRLOCAL=/usr/local ++INC_USRLOCAL?=/usr + + # PUBDIR is where the "ipsec" command goes; beware, many things define PATH + # settings which are assumed to include it (or at least, to include *some* +@@ -94,7 +94,7 @@ + + # sample configuration files go into + INC_DOCDIR?=share/doc +-FINALEXAMPLECONFDIR=${INC_USRLOCAL}/${INC_DOCDIR}/openswan ++FINALEXAMPLECONFDIR?=${INC_USRLOCAL}/${INC_DOCDIR}/openswan + EXAMPLECONFDIR=${DESTDIR}${FINALEXAMPLECONFDIR} + + FINALDOCDIR?=${INC_USRLOCAL}/${INC_DOCDIR}/openswan +diff -Nru openswan-2.6.22.orig/programs/Makefile.program openswan-2.6.22/programs/Makefile.program +--- openswan-2.6.22.orig/programs/Makefile.program 2009-06-23 04:53:08.000000000 +0200 ++++ openswan-2.6.22/programs/Makefile.program 2009-06-24 18:54:55.000000000 +0200 +@@ -53,7 +53,6 @@ + WERROR:= -Werror + endif + +-CFLAGS+= ${WERROR} + + ifneq ($(LD_LIBRARY_PATH),) + LDFLAGS=-L$(LD_LIBRARY_PATH) +diff -Nru openswan-2.6.22.orig/programs/setup/Makefile openswan-2.6.22/programs/setup/Makefile +--- openswan-2.6.22.orig/programs/setup/Makefile 2009-06-23 04:53:08.000000000 +0200 ++++ openswan-2.6.22/programs/setup/Makefile 2009-06-24 18:54:55.000000000 +0200 +@@ -18,7 +18,6 @@ + + # this dance is because setup has to get installed as /etc/rc.d/init.d/ipsec + # not as /etc/rc.d/init.d/setup. +-PROGRAMDIR=$(RCDIR) + PROGRAM=setup + EXTRA8MAN=setup.8 + +@@ -29,32 +28,6 @@ + # into the $BINDIR. + # + # the priorities match those in setup's chkconfig line +-doinstall:: setup +- @rm -f $(BINDIR)/setup +- @$(INSTALL) $(INSTBINFLAGS) setup $(RCDIR)/ipsec +- @ln -s $(FINALRCDIR)/ipsec $(BINDIR)/setup +- -@for i in 0 1 2 3 4 5 6; do mkdir -p $(RCDIR)/../rc$$i.d; done +- -@cd $(RCDIR)/../rc0.d && ln -f -s ../init.d/ipsec K76ipsec +- -@cd $(RCDIR)/../rc1.d && ln -f -s ../init.d/ipsec K76ipsec +- -@cd $(RCDIR)/../rc2.d && ln -f -s ../init.d/ipsec S47ipsec +- -@cd $(RCDIR)/../rc3.d && ln -f -s ../init.d/ipsec S47ipsec +- -@cd $(RCDIR)/../rc4.d && ln -f -s ../init.d/ipsec S47ipsec +- -@cd $(RCDIR)/../rc5.d && ln -f -s ../init.d/ipsec S47ipsec +- -@cd $(RCDIR)/../rc6.d && ln -f -s ../init.d/ipsec K76ipsec +- +-install_file_list:: +- @echo $(RCDIR)/ipsec +- @echo $(BINDIR)/setup +- @echo $(RCDIR)/../rc0.d/K76ipsec +- @echo $(RCDIR)/../rc1.d/K76ipsec +- @echo $(RCDIR)/../rc2.d/S47ipsec +- @echo $(RCDIR)/../rc3.d/S47ipsec +- @echo $(RCDIR)/../rc4.d/S47ipsec +- @echo $(RCDIR)/../rc5.d/S47ipsec +- @echo $(RCDIR)/../rc6.d/K76ipsec +- +-cleanall:: +- @rm -f setup + + # + # $Log: not supported by cvs2svn $ +diff -Nru openswan-2.6.22.orig/testing/utils/make-uml.sh openswan-2.6.22/testing/utils/make-uml.sh +--- openswan-2.6.22.orig/testing/utils/make-uml.sh 2009-06-23 04:53:08.000000000 +0200 ++++ openswan-2.6.22/testing/utils/make-uml.sh 2009-06-24 18:54:55.000000000 +0200 +@@ -262,7 +262,7 @@ + + cd $OPENSWANSRCDIR || exit 1 + +-make WERROR=-Werror USE_OBJDIR=true programs ++make USE_OBJDIR=true programs + + # now, execute the Makefile that we have created! + cd $POOLSPACE && make $OPENSWANHOSTS diff --git a/net-misc/openswan/openswan-2.6.22.ebuild b/net-misc/openswan/openswan-2.6.22.ebuild new file mode 100644 index 000000000000..09ddbdc646a0 --- /dev/null +++ b/net-misc/openswan/openswan-2.6.22.ebuild @@ -0,0 +1,161 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/openswan-2.6.22.ebuild,v 1.1 2009/06/24 17:18:36 mrness Exp $ + +EAPI="2" + +inherit eutils linux-info + +DESCRIPTION="Open Source implementation of IPsec for the Linux operating system (was SuperFreeS/WAN)." +HOMEPAGE="http://www.openswan.org/" +SRC_URI="http://www.openswan.org/download/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~sparc ~x86" +IUSE="curl ldap smartcard extra-algorithms weak-algorithms nocrypto-algorithms" + +COMMON_DEPEND="!net-misc/strongswan + dev-libs/gmp + dev-lang/perl + smartcard? ( dev-libs/opensc ) + curl? ( net-misc/curl ) + ldap? ( net-nds/openldap )" +DEPEND="${COMMON_DEPEND} + virtual/linux-sources + app-text/xmlto + app-text/docbook-xml-dtd:4.1.2" # see bug 237132 +RDEPEND="${COMMON_DEPEND} + virtual/logger + sys-apps/iproute2" + +pkg_setup() { + if use nocrypto-algorithms && ! use weak-algorithms; then + ewarn "Enabling nocrypto-algorithms USE flag has no effect when" + ewarn "weak-algorithms USE flag is disabled" + fi + + linux-info_pkg_setup + + if kernel_is 2 6; then + einfo "This ebuild will set ${P} to use 2.6 native IPsec (KAME)." + einfo "KLIPS will not be compiled/installed." + MYMAKE="programs" + + elif kernel_is 2 4; then + if ! [[ -d "${KERNEL_DIR}/net/ipsec" ]]; then + eerror "You need to have an IPsec enabled 2.4.x kernel." + eerror "Ensure you have one running and make a symlink to it in /usr/src/linux" + die + fi + + einfo "Using patched-in IPsec code for kernel 2.4" + einfo "Your kernel only supports KLIPS for kernel level IPsec." + MYMAKE="confcheck programs" + + else + die "Unsupported kernel version" + fi +} + +src_prepare() { + epatch "${FILESDIR}"/${P}-gentoo.patch + + find . -regex '.*[.][1-8]' -exec sed -i \ + -e s:/usr/local:/usr:g '{}' \; || + die "failed to replace text in xml docs" +} + +get_make_options() { + echo KERNELSRC=\"${KERNEL_DIR}\" \ + FINALEXAMPLECONFDIR=/usr/share/doc/${PF} \ + INC_RCDEFAULT=/etc/init.d \ + INC_USRLOCAL=/usr \ + INC_MANDIR=share/man \ + FINALDOCDIR=/usr/share/doc/${PF}/html \ + DESTDIR=\"${D}\" \ + USERCOMPILE=\"${CFLAGS}\" + if use smartcard ; then + echo USE_SMARTCARD=true + fi + if use extra-algorithms ; then + echo USE_EXTRACRYPTO=true + else + echo USE_EXTRACRYPTO=false + fi + if use weak-algorithms ; then + echo USE_WEAKSTUFF=true + if use nocrypto-algorithms; then + echo USE_NOCRYPTO=true + fi + fi + echo USE_LWRES=false # needs bind9 with lwres support + local USETHREADS=false + if use curl; then + echo USE_LIBCURL=true + USETHREADS=true + fi + if use ldap; then + echo USE_LDAP=true + USETHREADS=true + fi + echo HAVE_THREADS=${USETHREADS} +} + +src_compile() { + eval set -- $(get_make_options) + emake "$@" \ + ${MYMAKE} || die "emake failed" +} + +src_install() { + eval set -- $(get_make_options) + emake "$@" \ + install || die "emake install failed" + + newinitd "${FILESDIR}"/ipsec-initd ipsec || die "failed to install init script" + + dodir /var/run/pluto || die "failed to create /var/run/pluto" +} + +pkg_preinst() { + if has_version "<net-misc/openswan-2.6.14" && pushd "${ROOT}etc/ipsec"; then + ewarn "Following files and directories were moved from '${ROOT}etc/ipsec' to '${ROOT}etc':" + local i err=0 + if [ -h "../ipsec.d" ]; then + rm "../ipsec.d" || die "failed to remove ../ipsec.d symlink" + fi + for i in *; do + if [ -e "../$i" ]; then + eerror " $i NOT MOVED, ../$i already exists!" + err=1 + elif [ -d "$i" ]; then + mv "$i" .. || die "failed to move $i directory" + ewarn " directory $i" + elif [ -f "$i" ]; then + sed -i -e 's:/etc/ipsec/:/etc/:g' "$i" && \ + mv "$i" .. && ewarn " file $i" || \ + die "failed to move $i file" + else + eerror " $i NOT MOVED, it is not a file nor a directory!" + err=1 + fi + done + popd + if [ $err -eq 0 ]; then + rmdir "${ROOT}etc/ipsec" || eerror "Failed to remove ${ROOT}etc/ipsec" + else + ewarn "${ROOT}etc/ipsec is not empty, you will have to remove it yourself" + fi + fi +} + +pkg_postinst() { + if kernel_is 2 6; then + CONFIG_CHECK="~NET_KEY ~INET_XFRM_MODE_TRANSPORT ~INET_XFRM_MODE_TUNNEL ~INET_AH ~INET_ESP ~INET_IPCOMP" + WARNING_INET_AH="CONFIG_INET_AH:\tmissing IPsec AH support (needed if you want only authentication)" + WARNING_INET_ESP="CONFIG_INET_ESP:\tmissing IPsec ESP support (needed if you want authentication and encryption)" + WARNING_INET_IPCOMP="CONFIG_INET_IPCOMP:\tmissing IPsec Payload Compression (required for compress=yes)" + check_extra_config + fi +} |