diff options
author | Jeremy Olexa <darkside@gentoo.org> | 2013-09-05 00:00:29 +0000 |
---|---|---|
committer | Jeremy Olexa <darkside@gentoo.org> | 2013-09-05 00:00:29 +0000 |
commit | 2d5d4ccdf5595d7344d759eb7b6c66d3825f753f (patch) | |
tree | cad5426dbea703832a45d66fcfa9d80d9f3565f7 | |
parent | test commit for CIA hooks (diff) | |
download | darkside-2d5d4ccdf5595d7344d759eb7b6c66d3825f753f.tar.gz darkside-2d5d4ccdf5595d7344d759eb7b6c66d3825f753f.tar.bz2 darkside-2d5d4ccdf5595d7344d759eb7b6c66d3825f753f.zip |
[net-misc/openswan] add openswan-2.6.38 and mask >=2.6.39, bug 483576
-rw-r--r-- | net-misc/openswan/ChangeLog | 495 | ||||
-rw-r--r-- | net-misc/openswan/Manifest | 1 | ||||
-rw-r--r-- | net-misc/openswan/metadata.xml | 25 | ||||
-rw-r--r-- | net-misc/openswan/openswan-2.6.38.ebuild | 178 | ||||
-rw-r--r-- | profiles/package.mask | 7 |
5 files changed, 706 insertions, 0 deletions
diff --git a/net-misc/openswan/ChangeLog b/net-misc/openswan/ChangeLog new file mode 100644 index 0000000..9ff6d30 --- /dev/null +++ b/net-misc/openswan/ChangeLog @@ -0,0 +1,495 @@ +# ChangeLog for net-misc/openswan +# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/ChangeLog,v 1.91 2013/09/01 15:59:02 floppym Exp $ + + 04 Sep 2013; Jeremy Olexa <darkside@gentoo.org> +openswan-2.6.38.ebuild, + +metadata.xml: + [net-misc/openswan] add openswan-2.6.38 and mask >=2.6.39, bug 483576 + + 01 Sep 2013; Mike Gilbert <floppym@gentoo.org> openswan-2.6.39.ebuild: + Call tc-export AR CC, bug 483278. + + 01 Sep 2013; Agostino Sarubbo <ago@gentoo.org> openswan-2.6.39.ebuild: + Stable for x86, wrt bug #483204 + + 01 Sep 2013; Agostino Sarubbo <ago@gentoo.org> openswan-2.6.39.ebuild: + Stable for amd64, wrt bug #483204 + +*openswan-2.6.39 (01 Sep 2013) + + 01 Sep 2013; Mike Gilbert <floppym@gentoo.org> + +files/openswan-2.6.39-gentoo.patch, +openswan-2.6.39.ebuild: + Version bump. + + 06 Jan 2013; Mike Gilbert <floppym@gentoo.org> openswan-2.6.38.ebuild: + Remove /var/run/pluto after the build system creates it, bug 448834. + + 27 Dec 2012; Mike Gilbert <floppym@gentoo.org> -files/ipsec, + -files/openswan-2.4-allow-ms-bad-proposal.patch, + -files/openswan-2.4.15-deprecated-ldap.patch, + -files/openswan-2.4.15-gentoo.patch, -files/openswan-2.6.31-gentoo.patch, + -files/openswan-2.6.37-gentoo.patch, -openswan-2.4.15-r2.ebuild, + -openswan-2.6.31.ebuild, -openswan-2.6.37-r1.ebuild, -openswan-2.6.37.ebuild, + openswan-2.6.38.ebuild: + pluto creates /var/run/pluto on startup, so don't call keepdir. Bug 448834 by + flameeyes. Remove old. + + 14 Sep 2012; Agostino Sarubbo <ago@gentoo.org> openswan-2.6.38.ebuild: + Stable for amd64, wrt bug #434606 + + 14 Sep 2012; Agostino Sarubbo <ago@gentoo.org> openswan-2.6.38.ebuild: + Stable for X86, wrt bug #434606 + +*openswan-2.6.38 (07 Apr 2012) + + 07 Apr 2012; Mike Gilbert <floppym@gentoo.org> + +files/openswan-2.6.38-gentoo.patch, +openswan-2.6.38.ebuild: + Version bump. + + 06 Apr 2012; Mike Gilbert <floppym@gentoo.org> metadata.xml: + Change maintainer. + + 06 Apr 2012; Pacho Ramos <pacho@gentoo.org> metadata.xml: + Drop maintainer due retirement, bug #63588 + +*openswan-2.6.37-r1 (21 Nov 2011) + + 21 Nov 2011; Mike Frysinger <vapier@gentoo.org> +openswan-2.6.37-r1.ebuild: + Depend on the old output style of ifconfig, and simplify build flags a bit. + + 10 Nov 2011; Tony Vroon <chainsaw@gentoo.org> openswan-2.6.37.ebuild: + Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo & Ian + "idella4" Delaney in security bug #389097. + + 09 Nov 2011; Pawel Hajdan jr <phajdan.jr@gentoo.org> openswan-2.6.37.ebuild: + x86 stable wrt bug #389097 + +*openswan-2.6.37 (07 Nov 2011) + + 07 Nov 2011; Alin Năstac <mrness@gentoo.org> -openswan-2.6.29.ebuild, + -files/openswan-2.6.29-gentoo.patch, +openswan-2.6.37.ebuild, + +files/openswan-2.6.37-gentoo.patch: + Version bump (#368903); install cotrib files (#350083); use LDFLAGS + (#351019). + + 06 Jun 2011; Robin H. Johnson <robbat2@gentoo.org> openswan-2.4.15-r2.ebuild, + openswan-2.6.29.ebuild, openswan-2.6.31.ebuild: + Linux-3.0 changes. + +*openswan-2.6.31 (27 Nov 2010) + + 27 Nov 2010; Alin Năstac <mrness@gentoo.org> -openswan-2.6.28.ebuild, + -files/openswan-2.6.28-gentoo.patch, +openswan-2.6.31.ebuild, + +files/openswan-2.6.31-gentoo.patch: + Fix multilib-strict checks (#344735). + +*openswan-2.6.29 (29 Sep 2010) + + 29 Sep 2010; Alin Năstac <mrness@gentoo.org> -openswan-2.4.15.ebuild, + +openswan-2.6.29.ebuild, +files/openswan-2.6.29-gentoo.patch: + Version bump. + +*openswan-2.6.28 (15 Aug 2010) + + 15 Aug 2010; Alin Năstac <mrness@gentoo.org> -openswan-2.4.15-r1.ebuild, + openswan-2.4.15-r2.ebuild, -openswan-2.6.23-r1.ebuild, + -openswan-2.6.23-r2.ebuild, -files/openswan-2.6.23-gentoo.patch, + +openswan-2.6.28.ebuild, +files/openswan-2.6.28-gentoo.patch, + metadata.xml: + Mark version 2.4.15-r2 as stable on amd64 and x86. Version bump (#301813). + + 15 Dec 2009; Peter Volkov <pva@gentoo.org> metadata.xml: + metadata.xml: added required herd tag. + +*openswan-2.6.23-r2 (05 Dec 2009) +*openswan-2.4.15-r2 (05 Dec 2009) + + 05 Dec 2009; Alin Năstac <mrness@gentoo.org> +openswan-2.4.15-r2.ebuild, + -openswan-2.6.22.ebuild, -files/openswan-2.6.22-gentoo.patch, + +openswan-2.6.23-r2.ebuild: + Use selected CC (#293277). Install more doc files (#294533). + +*openswan-2.6.23-r1 (17 Sep 2009) + + 17 Sep 2009; Alin Năstac <mrness@gentoo.org> + files/openswan-2.6.23-gentoo.patch, -openswan-2.6.23.ebuild, + +openswan-2.6.23-r1.ebuild: + Re-add setup script (#284955). + +*openswan-2.6.23 (11 Sep 2009) +*openswan-2.4.15-r1 (11 Sep 2009) + + 11 Sep 2009; Alin Năstac <mrness@gentoo.org> + +files/openswan-2.4-allow-ms-bad-proposal.patch, + +files/openswan-2.6.23-gentoo.patch, + +files/openswan-2.6-allow-ms-bad-proposal.patch, metadata.xml, + +openswan-2.4.15-r1.ebuild, +openswan-2.6.23.ebuild: + Version bump. Correct ipsec.conf and ipsec.secrets paths in openswan-2.4 + documentation (#284235). Add ms-bad-proposal USE flag and patch (#284240). + + 30 Aug 2009; Alin Năstac <mrness@gentoo.org> + -files/openswan-2.4.14-deprecated-ldap.patch, + -files/openswan-2.4.14-gentoo-fixed.patch, + -files/openswan-2.4.14-getline.patch, + -files/openswan-2.6.21-gentoo-fixed.patch, -openswan-2.4.14.ebuild, + -openswan-2.6.21.ebuild: + Expunge exploitable versions from the tree (#275233). + + 29 Jun 2009; Markus Meier <maekke@gentoo.org> openswan-2.4.15.ebuild: + amd64 stable, bug #275233 + + 29 Jun 2009; Christian Faulhammer <fauli@gentoo.org> + openswan-2.4.15.ebuild: + stable x86, security bug 275233 + +*openswan-2.4.15 (28 Jun 2009) + + 28 Jun 2009; Alin Năstac <mrness@gentoo.org> + +files/openswan-2.4.15-deprecated-ldap.patch, + +files/openswan-2.4.15-gentoo.patch, +openswan-2.4.15.ebuild, + openswan-2.6.22.ebuild: + Version bump wrt security bug #275233. Fix sed error (#275448). + +*openswan-2.6.22 (24 Jun 2009) + + 24 Jun 2009; Alin Năstac <mrness@gentoo.org> + +files/openswan-2.6.22-gentoo.patch, +openswan-2.6.22.ebuild: + Version bump wrt security bug #275233. + + 14 Jun 2009; Alin Năstac <mrness@gentoo.org> + -files/openswan-2.4.13-deprecated-ldap.patch, + -files/openswan-2.4.13-gentoo-fixed.patch, + +files/openswan-2.4.14-getline.patch, -files/openswan-2.6.19-gentoo.patch, + -files/openswan-2.6.19-qa-fixes.patch, -openswan-2.4.13-r2.ebuild, + openswan-2.4.14.ebuild, -openswan-2.6.19.ebuild: + Fix compile error when built against glibc-2.10 (#271987). Remove obsolete + versions. + + 23 Apr 2009; Markus Meier <maekke@gentoo.org> openswan-2.4.14: + amd64/x86 stable, bug #264346 + + 15 Apr 2009; Alin Năstac <mrness@gentoo.org> + -files/openswan-2.4.14-gentoo.patch, + +files/openswan-2.4.14-gentoo-fixed.patch, + -files/openswan-2.6.21-gentoo.patch, + +files/openswan-2.6.21-gentoo-fixed.patch, openswan-2.4.14.ebuild, + openswan-2.6.21.ebuild: + Replace gentoo patches with with gentoo-fixed patches, added to cvs using + -kb flag (#264346). + + 10 Apr 2009; Alin Năstac <mrness@gentoo.org> + metadata.xml: + Add -kb flag to gentoo patch (#265612). Remove secure-tunneling herd (#265655). + +*openswan-2.6.21 (08 Apr 2009) +*openswan-2.4.14 (08 Apr 2009) + + 08 Apr 2009; Alin Năstac <mrness@gentoo.org> + +files/openswan-2.4.14-deprecated-ldap.patch, + +files/openswan-2.4.14-gentoo.patch, +files/openswan-2.6.21-gentoo.patch, + +openswan-2.4.14.ebuild, +openswan-2.6.21.ebuild: + Version bumps wrt to security bug #264346. Remove -Werror from compiler + options (#260927). + + 11 Jan 2009; Alin Năstac <mrness@gentoo.org> + -files/openswan-2.6.18-gentoo.patch, files/openswan-2.6.19-gentoo.patch, + -openswan-2.6.18.ebuild, openswan-2.6.19.ebuild: + Replace xmlto --skip-validation patch with app-text/docbook-xml-dtd:4.1.2 + dependency atom (#237132). + + 06 Dec 2008; Alin Năstac <mrness@gentoo.org> Manifest: + Fix checksums of the openswan-2.6.18.tar.gz file (#249867). + +*openswan-2.6.19 (03 Dec 2008) +*openswan-2.4.13-r2 (03 Dec 2008) + + 03 Dec 2008; Alin Năstac <mrness@gentoo.org> + -files/openswan-2.4.11-gentoo.patch, + -files/openswan-2.4.11-implicit-decl.patch, + -files/openswan-2.4.12-deprecated-ldap.patch, + -files/openswan-2.4.12-gentoo.patch, -files/openswan-2.6.16-gentoo.patch, + -files/openswan-2.6.16-qa-fixes.patch, + -files/openswan-2.6.16-refine-connection.patch, + +files/openswan-2.6.19-gentoo.patch, + +files/openswan-2.6.19-qa-fixes.patch, -openswan-2.4.11.ebuild, + -openswan-2.4.12.ebuild, -openswan-2.4.13-r1.ebuild, + +openswan-2.4.13-r2.ebuild, -openswan-2.6.16.ebuild, + openswan-2.6.18.ebuild, +openswan-2.6.19.ebuild: + Remove obsolete versions. Correct doc install path (#241976). Version bump. + +*openswan-2.6.18 (12 Oct 2008) +*openswan-2.4.13-r1 (12 Oct 2008) + + 12 Oct 2008; Alin Năstac <mrness@gentoo.org> + files/openswan-2.4.13-gentoo-fixed.patch, + +files/openswan-2.6.18-gentoo.patch, -openswan-2.4.13.ebuild, + +openswan-2.4.13-r1.ebuild, +openswan-2.6.18.ebuild: + Remove livetest script wrt security bug #238574. Skip xml validation (#237132). + +*openswan-2.6.16 (21 Sep 2008) + + 21 Sep 2008; Alin Năstac <mrness@gentoo.org> + +files/openswan-2.6.16-gentoo.patch, + +files/openswan-2.6.16-qa-fixes.patch, + +files/openswan-2.6.16-refine-connection.patch, +files/ipsec-initd, + metadata.xml, +openswan-2.6.16.ebuild: + Version bump to latest 2.6 version (#237132). + + 17 Sep 2008; Markus Meier <maekke@gentoo.org> openswan-2.4.13.ebuild: + amd64/x86 stable, bug #237603 + + 16 Aug 2008; Alin Năstac <mrness@gentoo.org> + -files/openswan-2.4.13-gentoo.patch, + +files/openswan-2.4.13-gentoo-fixed.patch, openswan-2.4.13.ebuild: + Fix patch broken by the $Id cvs replacement. + +*openswan-2.4.13 (15 Aug 2008) + + 15 Aug 2008; Alin Năstac <mrness@gentoo.org> + -files/openswan-2.4.9-gentoo.patch, -files/openswan-2.4.9-mkdir.patch, + +files/openswan-2.4.13-deprecated-ldap.patch, + +files/openswan-2.4.13-gentoo.patch, -openswan-2.4.9-r1.ebuild, + +openswan-2.4.13.ebuild: + Version bump. + + 28 Jun 2008; Thomas Anderson <gentoofan23@gentoo.org> + openswan-2.4.11.ebuild: + stable amd64, bug 225325 + + 19 Jun 2008; Christian Faulhammer <opfer@gentoo.org> + openswan-2.4.11.ebuild: + stable x86, bug 225325 + + 08 Jun 2008; Sven Wegener <swegener@gentoo.org> + files/openswan-2.4.12-gentoo.patch, openswan-2.4.12.ebuild: + Fixup src_unpack, hand edit patch to apply with CVS keyword replacements, + remove spurious backslash in find call. + +*openswan-2.4.12 (08 Jun 2008) + + 08 Jun 2008; Alin Năstac <mrness@gentoo.org> + +files/openswan-2.4.12-deprecated-ldap.patch, + +files/openswan-2.4.12-gentoo.patch, +openswan-2.4.12.ebuild: + Version bump. + +*openswan-2.4.11 (29 Jan 2008) + + 29 Jan 2008; Alin Năstac <mrness@gentoo.org> + +files/openswan-2.4.11-gentoo.patch, + +files/openswan-2.4.11-implicit-decl.patch, +openswan-2.4.11.ebuild: + Version bump (#207936). Add curl and ldap USE flags. + + 22 Oct 2007; Alin Năstac <mrness@gentoo.org> + -files/openswan-2.4.7-gentoo.patch, -files/openswan-2.4.8-gentoo.patch, + -files/openswan-2.4.8-smartcard-typo.patch, + -files/openswan-2.4.8-type-punned.patch, -openswan-2.4.7.ebuild, + -openswan-2.4.8.ebuild: + Remove obsolete versions. + +*openswan-2.4.9-r1 (26 Sep 2007) + + 26 Sep 2007; Alin Năstac <mrness@gentoo.org> + +files/openswan-2.4.9-mkdir.patch, -openswan-2.4.9.ebuild, + +openswan-2.4.9-r1.ebuild: + Fix erroneous creation of rundir and subsysdir (#193824). + Sanitize the ebuild code. + + 23 Sep 2007; Alin Năstac <mrness@gentoo.org> openswan-2.4.9.ebuild: + Stable on amd64 (#192964). + + 22 Sep 2007; Christian Faulhammer <opfer@gentoo.org> + openswan-2.4.9.ebuild: + stable x86, bug 192964 + +*openswan-2.4.9 (12 Jul 2007) + + 12 Jul 2007; Alin Năstac <mrness@gentoo.org> + +files/openswan-2.4.9-gentoo.patch, +openswan-2.4.9.ebuild: + Version bump. + + 14 Jun 2007; Alin Năstac <mrness@gentoo.org> + +files/openswan-2.4.8-smartcard-typo.patch, openswan-2.4.8.ebuild: + Add smartcard support (#181483). + +*openswan-2.4.8 (05 Jun 2007) + + 05 Jun 2007; Alin Năstac <mrness@gentoo.org> + +files/openswan-2.4.8-gentoo.patch, + +files/openswan-2.4.8-type-punned.patch, +openswan-2.4.8.ebuild: + Version bump with 2 new USE flags : extra-algorithms and weak-algorithms + (#180472). + + 24 May 2007; Gustavo Zacarias <gustavoz@gentoo.org> openswan-2.4.7.ebuild: + Keyworded ~sparc + + 19 Mar 2007; Bryan Østergaard <kloeri@gentoo.org> metadata.xml: + Remove pfeifer from metadata.xml due to retirement. + + 18 Mar 2007; Alin Năstac <mrness@gentoo.org> + -files/openswan-2.4.4-gentoo.patch, -openswan-2.4.4.ebuild: + Remove obsolete version. + + 14 Jan 2007; Alin Năstac <mrness@gentoo.org> openswan-2.4.7.ebuild: + Stable on amd64 and x86. + +*openswan-2.4.7 (07 Dec 2006) + + 07 Dec 2006; Alin Năstac <mrness@gentoo.org> + +files/openswan-2.4.7-gentoo.patch, metadata.xml, +openswan-2.4.7.ebuild: + Version bump (#134484). Fix dependencies (#147116). + + 22 Nov 2006; Charlie Shepherd <masterdriverz@gentoo.org> ChangeLog: + Change "exit" to "return" in init script and use doinitd. Thanks to Tomasz + Orzechowski for reporting and Sérgio Luís for init script. Closes Bug + 99138 + + 16 Oct 2006; Daniel Drake <dsd@gentoo.org> openswan-2.4.4.ebuild: + Use linux-mod, to fix bug #149197 reported by DominikBuerkle + + 19 Jun 2006; Alin Nastac <mrness@gentoo.org> files/ipsec: + Start ipsec after dns. + + 16 Feb 2006; Jay Pfeifer <pfeifer@gentoo.org> -openswan-1.0.7.ebuild: + Remove unsupported version 1.0.7. + Upstream no longer supports any 1.x version as of 01Jan2006. + + 29 Nov 2005; Jay Pfeifer <pfeifer@gentoo.org> + -files/openswan-2.2.0-gentoo.patch, -openswan-2.2.0.ebuild, + openswan-2.4.4.ebuild: + Mark 2.4.4 stable on x86 and amd64 as per bug #112568. + Remove version 2.2.0 + +*openswan-2.4.4 (28 Nov 2005) + + 28 Nov 2005; Jay Pfeifer <pfeifer@gentoo.org> + -files/openswan-2.4.3-gentoo.patch, +files/openswan-2.4.4-gentoo.patch, + -openswan-2.4.3.ebuild, +openswan-2.4.4.ebuild: + Version bump fixing gawk bugs and bug #112568 + Removing 2.4.3 + +*openswan-2.4.3 (15 Nov 2005) + + 15 Nov 2005; Jay Pfeifer <pfeifer@gentoo.org> + -files/openswan-2.4.2-gentoo.patch, +files/openswan-2.4.3-gentoo.patch, + -openswan-2.4.2.ebuild, +openswan-2.4.3.ebuild: + Version bump fixing assert in PSK+ID and aggressive mode. + Remove openswan-2.4.2. + +*openswan-2.4.2 (15 Nov 2005) + + 15 Nov 2005; Jay Pfeifer <pfeifer@gentoo.org> + -files/openswan-2.1.4-gentoo.patch, -files/openswan-2.1.5-gentoo.patch, + -files/openswan-2.3.0-gentoo.patch, -files/openswan-2.3.1-gentoo.patch, + +files/openswan-2.4.2-gentoo.patch, -openswan-1.0.6.ebuild, + -openswan-2.1.4.ebuild, -openswan-2.1.5.ebuild, openswan-2.2.0.ebuild, + -openswan-2.3.0.ebuild, -openswan-2.3.1.ebuild, +openswan-2.4.2.ebuild: + Version bump fixing bug #112568. + Cleaning-up old ebuilds. + + 15 Jul 2005; George Shapovalov <george@gentoo.org> openswan-*.ebuild: + changed dependency net-misc/host -> net-dns/host to account for package move + +*openswan-2.3.1 (12 Apr 2005) + + 12 Apr 2005; Jay Pfeifer <pfeifer@gentoo.org> + +files/openswan-2.3.1-gentoo.patch, +openswan-2.3.1.ebuild: + Version bump. + +*openswan-2.3.0 (20 Jan 2005) + + 20 Jan 2005; Jay Pfeifer <pfeifer@gentoo.org> + +files/openswan-2.3.0-gentoo.patch, +openswan-2.3.0.ebuild: + Version bump. + + 25 Oct 2004; Jay Pfeifer <pfeifer@gentoo.org> openswan-2.2.0.ebuild: + Stable on x86. + + 19 Oct 2004; Dylan Carlson <absinthe@gentoo.org> openswan-2.1.5.ebuild, + openswan-2.2.0.ebuild: + Stable on amd64. + +*openswan-2.2.0 (17 Sep 2004) + + 17 Sep 2004; Jay Pfeifer <pfeifer@gentoo.org> openswan-2.2.0.ebuild: + Version bump. + + 12 Sep 2004; Jay Pfeifer <pfeifer@gentoo.org> openswan-1.0.6.ebuild, + openswan-1.0.7.ebuild, openswan-2.1.4.ebuild, openswan-2.1.5.ebuild: + Fix-up of ebuilds to block strongswan. Closing bug #60794. + +*openswan-2.1.5 (12 Aug 2004) + + 12 Aug 2004; Jay Pfeifer <pfeifer@gentoo.org> openswan-2.1.5.ebuild: + Version bump. + +*openswan-1.0.7 (12 Aug 2004) + + 12 Aug 2004; Jay Pfeifer <pfeifer@gentoo.org> openswan-1.0.7.ebuild: + Version bump for the 1.x users. + + 23 Jul 2004; Jay Pfeifer <pfeifer@gentoo.org> openswan-1.0.6.ebuild: + Fix depend on iproute2 closing bug #57263. + + 01 Jul 2004; Jon Hood <squinky86@gentoo.org> openswan-1.0.6.ebuild, + openswan-2.1.4.ebuild: + change virtual/glibc to virtual/libc + +*openswan-1.0.6 (01 Jul 2004) + + 01 Jul 2004; Jay Pfeifer <pfeifer@gentoo.org> openswan-1.0.6.ebuild: + Version bump for the 1.x users. + +*openswan-2.1.4 (23 Jun 2004) + + 23 Jun 2004; Jay Pfeifer <pfeifer@gentoo.org> openswan-2.1.4.ebuild: + Version bump. Contains a fix for potential security issue in x509. + +*openswan-1.0.6rc1 (23 Jun 2004) + + 23 Jun 2004; Jay Pfeifer <pfeifer@gentoo.org> openswan-1.0.6_rc1.ebuild: + Initial import of Openswan 1.0.x series. + Superfreeswan users will now be migrated to openswan. + Contains fixes for potential security issues in x509. + + 19 Jun 2004; David Holm <dholm@gentoo.org> openswan-2.1.3.ebuild: + Added to ~ppc. + +*openswan-2.1.3 (19 Jun 2004) + + 19 Jun 2004; Jay Pfeifer <pfeifer@gentoo.org> openswan-2.1.3.ebuild: + Version bump. Contains fixes for potential security issues. + Info here: http://lists.openswan.org/pipermail/dev/2004-June/000370.html + Removing all prior versions. + + 15 Jun 2004; Danny van Dyk <kugelfang@gentoo.org> openswan-2.1.1.ebuild: + Marked stable on amd64. + +*openswan-2.1.2 (19 May 2004) + + 19 May 2004; Jay Pfeifer <pfeifer@gentoo.org> openswan-2.1.2.ebuild: + Version bump. + + 27 Apr 2004; Aron Griffis <agriffis@gentoo.org> openswan-2.0.0.ebuild, + openswan-2.1.0.ebuild, openswan-2.1.1.ebuild: + Add inherit eutils + + 31 Mar 2004; Daniel Ahlberg <aliz@gentoo.org> openswan-2.1.1.ebuild: + Adding amd64 keyword, closing #46317. + +*openswan-2.1.1 (29 Mar 2004) + + 29 Mar 2004; Jay Pfeifer <pfeifer@gentoo.org> openswan-2.1.1.ebuild: + Version bump. Closes Bug #46006. + +*openswan-2.1.0 (17 Mar 2004) + + 17 Mar 2004; Jay Pfeifer <pfeifer@gentoo.org> openswan-2.1.0.ebuild: + Version bump. + +*openswan-2.0.0 (22 Feb 2004) + + 22 Feb 2004; Jay Pfeifer <pfeifer@gentoo.org> openswan-2.0.0.ebuild: + Initial import. + Provides userspace IPsec tool/support for FreeS/WAN based 2.4 kernels + and native 2.6 (KAME) based IPsec. 2.6 support is a work in progress. + Enjoy :) diff --git a/net-misc/openswan/Manifest b/net-misc/openswan/Manifest new file mode 100644 index 0000000..d82f946 --- /dev/null +++ b/net-misc/openswan/Manifest @@ -0,0 +1 @@ +DIST openswan-2.6.38.tar.gz 10861574 SHA256 bdd3ccf31df1f3e8530887986ea8b6702a3db139486738213f5de8d8690b3723 SHA512 0963a9df548c901eb562185f97d844f57539668f11fbe2a43712223773053895c761b1d5d0be4fffa64014baf58ff2d7cf23676a3da51c5a5134b0639796ad10 WHIRLPOOL e270de7eceee7964148910ed4ec35a39df002ebca3ca892d9f13a2a06eaf1476019c5ac8830eb24c9389afb8256d43ea580d7a3d29dc828be88608a9535d9668 diff --git a/net-misc/openswan/metadata.xml b/net-misc/openswan/metadata.xml new file mode 100644 index 0000000..797968e --- /dev/null +++ b/net-misc/openswan/metadata.xml @@ -0,0 +1,25 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer> + <email>floppym@gentoo.org</email> + <name>Mike Gilbert</name> + </maintainer> + <longdescription>From the Openswan web site: Openswan is an Open Source +implementation of IPsec for the Linux operating system. Is it a code fork +of the FreeS/WAN project, started by a few of the developers who were +growing frustrated with the politics surrounding the FreeS/WAN project.</longdescription> + <use> + <flag name="curl">Include curl support (used for fetching CRLs)</flag> + <flag name="ldap">Include LDAP support (used for fetching CRLs)</flag> + <flag name="extra-algorithms">Include additional strong algorithms + (Blowfish, Twofish, Serpent and SHA2)</flag> + <flag name="weak-algorithms">Include weak algorithms (DH1)</flag> + <flag name="nocrypto-algorithms">Include algorithms that don't even encrypt + (1DES)</flag> + <flag name="ms-bad-proposal">Allow bad IP address proposal offered by an + Microsoft L2TP/IPSec servers</flag> + <flag name="nss">Include libnss support (adds smartcard support)</flag> + <flag name="ssl">Use OpenSSL libraries for BIGNUM support</flag> + </use> +</pkgmetadata> diff --git a/net-misc/openswan/openswan-2.6.38.ebuild b/net-misc/openswan/openswan-2.6.38.ebuild new file mode 100644 index 0000000..ec079b1 --- /dev/null +++ b/net-misc/openswan/openswan-2.6.38.ebuild @@ -0,0 +1,178 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/openswan-2.6.38.ebuild,v 1.5 2013/01/06 17:54:29 floppym Exp $ + +EAPI="4" + +inherit eutils linux-info toolchain-funcs flag-o-matic + +DESCRIPTION="Open Source implementation of IPsec for the Linux operating system (was SuperFreeS/WAN)." +HOMEPAGE="http://www.openswan.org/" +SRC_URI="http://download.openswan.org/openswan/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~ppc ~sparc x86" +IUSE="caps curl ldap pam ssl extra-algorithms weak-algorithms nocrypto-algorithms ms-bad-proposal nss" + +RESTRICT="test" # requires user mode linux setup + +COMMON_DEPEND="!net-misc/strongswan + dev-libs/gmp + dev-lang/perl + caps? ( sys-libs/libcap-ng ) + curl? ( net-misc/curl ) + ldap? ( net-nds/openldap ) + nss? ( dev-libs/nss ) + ssl? ( dev-libs/openssl )" +DEPEND="${COMMON_DEPEND} + virtual/linux-sources + app-text/xmlto + app-text/docbook-xml-dtd:4.1.2" # see bug 237132 +RDEPEND="${COMMON_DEPEND} + || ( sys-apps/net-tools[old-output] <sys-apps/net-tools-1.60_p201111202031570500 ) + virtual/logger + sys-apps/iproute2" + +pkg_setup() { + if use nocrypto-algorithms && ! use weak-algorithms; then + ewarn "Enabling nocrypto-algorithms USE flag has no effect when" + ewarn "weak-algorithms USE flag is disabled" + fi + + linux-info_pkg_setup + + if kernel_is -ge 2 6; then + einfo "This ebuild will set ${P} to use kernel native IPsec (KAME)." + MYMAKE="programs" + + elif kernel_is 2 4; then + if ! [[ -d "${KERNEL_DIR}/net/ipsec" ]]; then + eerror "You need to have an IPsec enabled 2.4.x kernel." + eerror "Ensure you have one running and make a symlink to it in /usr/src/linux" + die + fi + + einfo "Using patched-in IPsec code for kernel 2.4" + einfo "Your kernel only supports KLIPS for kernel level IPsec." + MYMAKE="confcheck programs" + + else + die "Unsupported kernel version" + fi + + # most code is OK, but programs/pluto code breaks strict aliasing + append-cflags -fno-strict-aliasing +} + +src_prepare() { + epatch "${FILESDIR}"/${P}-gentoo.patch + use ms-bad-proposal && epatch "${FILESDIR}"/${PN}-${PV%.*}-allow-ms-bad-proposal.patch + + find . -type f -regex '.*[.]\([1-8]\|html\|xml\)' -exec sed -i \ + -e s:/usr/local:/usr:g '{}' \; || + die "failed to replace text in docs" +} + +usetf() { usex $1 true false ; } +get_make_options() { + make_options=( + KERNELSRC="${KERNEL_DIR}" + FINALEXAMPLECONFDIR=/usr/share/doc/${PF} + INC_RCDEFAULT=/etc/init.d + INC_USRLOCAL=/usr + INC_MANDIR=share/man + FINALDOCDIR=/usr/share/doc/${PF}/html + FINALLIBDIR=/usr/$(get_libdir)/ipsec + DESTDIR="${D}" + USERCOMPILE="${CFLAGS}" + USERLINK="-Wl,-z,relro ${LDFLAGS}" + CC="$(tc-getCC)" + USE_LIBCAP_NG=$(usetf caps) + USE_LIBCURL=$(usetf curl) + USE_LDAP=$(usetf ldap) + USE_XAUTH=true + USE_XAUTHPAM=$(usetf pam) + USE_LIBNSS=$(usetf nss) + HAVE_OPENSSL=$(usetf ssl) + USE_EXTRACRYPTO=$(usetf extra-algorithms) + USE_WEAKSTUFF=$(usetf weak-algorithms) + ) + + if use weak-algorithms && use nocrypto-algorithms ; then + make_options+=( USE_NOCRYPTO=true ) + fi + + make_options+=( USE_LWRES=false ) # needs bind9 with lwres support + if use curl || use ldap || use pam; then + make_options+=( HAVE_THREADS=true ) + else + make_options+=( HAVE_THREADS=false ) + fi +} + +src_compile() { + local make_options; get_make_options + emake "${make_options[@]}" ${MYMAKE} +} + +src_install() { + local make_options; get_make_options + emake "${make_options[@]}" install + + dodoc CHANGES README + dodoc docs/{KNOWN_BUGS*,RELEASE-NOTES*,PATENTS*,debugging*} + docinto quickstarts + dodoc docs/quickstarts/* + + insinto /usr/share/doc/${PF} + doins -r contrib + docompress -x /usr/share/doc/${PF}/contrib + + newinitd "${FILESDIR}"/ipsec-initd ipsec + + # We don't need to install /var/run/pluto. + rm -rf "${D}var" || die +} + +pkg_preinst() { + if has_version "<net-misc/openswan-2.6.14" && pushd "${ROOT}etc/ipsec"; then + ewarn "Following files and directories were moved from '${ROOT}etc/ipsec' to '${ROOT}etc':" + local i err=0 + if [ -h "../ipsec.d" ]; then + rm "../ipsec.d" || die "failed to remove ../ipsec.d symlink" + fi + for i in *; do + if [ -e "../$i" ]; then + eerror " $i NOT MOVED, ../$i already exists!" + err=1 + elif [ -d "$i" ]; then + mv "$i" .. || die "failed to move $i directory" + ewarn " directory $i" + elif [ -f "$i" ]; then + sed -i -e 's:/etc/ipsec/:/etc/:g' "$i" && \ + mv "$i" .. && ewarn " file $i" || \ + die "failed to move $i file" + else + eerror " $i NOT MOVED, it is not a file nor a directory!" + err=1 + fi + done + popd + if [ $err -eq 0 ]; then + rmdir "${ROOT}etc/ipsec" || eerror "Failed to remove ${ROOT}etc/ipsec" + else + ewarn "${ROOT}etc/ipsec is not empty, you will have to remove it yourself" + fi + fi +} + +pkg_postinst() { + if kernel_is -ge 2 6; then + CONFIG_CHECK="~NET_KEY ~INET_XFRM_MODE_TRANSPORT ~INET_XFRM_MODE_TUNNEL ~INET_AH ~INET_ESP ~INET_IPCOMP" + WARNING_INET_AH="CONFIG_INET_AH:\tmissing IPsec AH support (needed if you want only authentication)" + WARNING_INET_ESP="CONFIG_INET_ESP:\tmissing IPsec ESP support (needed if you want authentication and encryption)" + WARNING_INET_IPCOMP="CONFIG_INET_IPCOMP:\tmissing IPsec Payload Compression (required for compress=yes)" + check_extra_config + fi +} diff --git a/profiles/package.mask b/profiles/package.mask new file mode 100644 index 0000000..7bdd72a --- /dev/null +++ b/profiles/package.mask @@ -0,0 +1,7 @@ +# Jeremy Olexa <darkside@gentoo.org> (5 Sept 2013) +# Mask higher versions because something is broken with it (for me). See +# https://bugs.gentoo.org/483576 . 2.6.39 was stabilized for existing CVE but +# that only applies if you have Opportunistic Encryption Support enabled which I +# do not (and neither do most people). +# http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2053 +>=net-misc/openswan-2.6.39 |