include $(TOPDIR)/rules.mk
PKG_NAME:=libreswan
-PKG_VERSION:=3.32
-PKG_RELEASE:=3
+PKG_VERSION:=4.1
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://download.libreswan.org/
-PKG_HASH:=236b57fee8f562302c54f2b16d8a839a9039fcb5893668e61b398ec6b179432e
+PKG_HASH:=216444c3a2ede7bed5820648856fa5d9cc8fc4b4122bd4a1129d1a5954d9227d
PKG_MAINTAINER:=Lucian Cristian <lucian.cristian@gmail.com>
PKG_LICENSE:=GPL-2.0-or-later
USE_LABELED_IPSEC=false \
USE_NM=false \
USE_NSS_KDF=true \
- USE_NSS_PRF=true \
USE_LIBCURL=false \
USE_GLIBC_KERN_FLIP_HEADERS=true \
USE_XAUTHPAM=false \
USE_LIBCAP_NG=true \
USE_SYSTEMD_WATCHDOG=false \
USE_SECCOMP=false\
- INC_USRLOCAL="/usr" \
+ PREFIX="/usr" \
FINALRUNDIR="/var/run/pluto" \
+ FINALNSSDIR="/etc/ipsec.d" \
MODPROBEARGS="-q" \
ARCH="$(LINUX_KARCH)" \
#include <errno.h>
#include "defs.h"
-@@ -172,7 +172,8 @@
+@@ -180,7 +180,8 @@
/* Send a duplicate packet when this impair is enabled - used for testing */
if (IMPAIR(JACOB_TWO_TWO)) {
/* sleep for half a second, and second another packet */
--- /dev/null
+--- a/include/fd.h 2020-10-25 12:29:43.527467613 +0200
++++ b/include/fd.h 2020-10-25 12:27:41.043595114 +0200
+@@ -26,6 +26,7 @@
+
+ #include <stdbool.h>
+ #include <stdlib.h> /* for ssize_t */
++#include <sys/types.h>
+
+ #include "where.h"
+
+++ /dev/null
-From db7715407efa43cd2a66caed67c02d8f7bb90b35 Mon Sep 17 00:00:00 2001
-From: Paul Wouters <pwouters@redhat.com>
-Date: Tue, 12 May 2020 12:56:38 -0400
-Subject: [PATCH] nss: move NSS_PKCS11_2_0_COMPAT define to
- ike_alg_encrypt_nss_gcm_ops.c
-
-It needs to go before any nss includes are done, and those includes are
-all over the place. But CK_GCM_PARAMS is only used in one file, so
-just define it there instead before the nss includes.
----
- lib/libswan/ike_alg_encrypt_nss_gcm_ops.c | 6 ++++++
- 1 files changed, 6 insertions(+), 0 deletions(-)
-
-diff --git a/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c b/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c
-index 93a027089a..571913cc1e 100644
---- a/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c
-+++ b/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c
-@@ -16,6 +16,12 @@
- #include <stdio.h>
- #include <stdlib.h>
-
-+/*
-+ * Special advise from Bob Relyea - needs to go before any nss include
-+ *
-+ */
-+#define NSS_PKCS11_2_0_COMPAT 1
-+
- #include "lswlog.h"
- #include "lswnss.h"
- #include "prmem.h"
--- /dev/null
+--- a/mk/targets.mk 2020-10-25 12:47:38.504784276 +0200
++++ b/mk/targets.mk 2020-10-25 12:48:16.242123361 +0200
+@@ -64,7 +64,7 @@
+ #
+ # For each define: TARGET clean-TARGET install-TARGET
+
+-TARGETS = base manpages
++TARGETS = base
+
+ $(foreach target,$(TARGETS),$(eval $(call recursive-target,$(target))))
+
+++ /dev/null
---- a/programs/pluto/kernel_xfrm.c 2020-05-16 19:12:30.107226478 +0300
-+++ b/programs/pluto/kernel_xfrm.c 2020-05-16 19:20:25.735522574 +0300
-@@ -2759,7 +2759,8 @@
- LOG_ERRNO(errno, "\"%s\"", proc_f);
- }
- } else {
-- LOG_ERRNO(errno, "could not stat \"%s\"", proc_f);
-+ DBG(DBG_KERNEL, DBG_log("starting without ipv6 support!"));
-+ disable_ipv6 = 1;
- }
-
- if (disable_ipv6 == 1) {