libreswan: update to 4.1
authorLucian Cristian <lucian.cristian@gmail.com>
Sun, 25 Oct 2020 13:05:58 +0000 (15:05 +0200)
committerHannu Nyman <hannu.nyman@iki.fi>
Sun, 25 Oct 2020 14:09:13 +0000 (16:09 +0200)
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
net/libreswan/Makefile
net/libreswan/patches/010-nanosleep.patch
net/libreswan/patches/030-fix_musl_build.patch [new file with mode: 0644]
net/libreswan/patches/030-fix_nss_3.52.patch [deleted file]
net/libreswan/patches/040-disable_man.patch [new file with mode: 0644]
net/libreswan/patches/099-continue_on_missing_ipv6.patch [deleted file]

index 0fe02e1798311f52d364b997896fb73f310e65a9..365745e529560df865bceaf977b91029356c8b01 100644 (file)
@@ -7,12 +7,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libreswan
-PKG_VERSION:=3.32
-PKG_RELEASE:=3
+PKG_VERSION:=4.1
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://download.libreswan.org/
-PKG_HASH:=236b57fee8f562302c54f2b16d8a839a9039fcb5893668e61b398ec6b179432e
+PKG_HASH:=216444c3a2ede7bed5820648856fa5d9cc8fc4b4122bd4a1129d1a5954d9227d
 
 PKG_MAINTAINER:=Lucian Cristian <lucian.cristian@gmail.com>
 PKG_LICENSE:=GPL-2.0-or-later
@@ -74,15 +74,15 @@ MAKE_FLAGS+= \
     USE_LABELED_IPSEC=false \
     USE_NM=false \
     USE_NSS_KDF=true \
-    USE_NSS_PRF=true \
     USE_LIBCURL=false \
     USE_GLIBC_KERN_FLIP_HEADERS=true \
     USE_XAUTHPAM=false \
     USE_LIBCAP_NG=true \
     USE_SYSTEMD_WATCHDOG=false \
     USE_SECCOMP=false\
-    INC_USRLOCAL="/usr" \
+    PREFIX="/usr" \
     FINALRUNDIR="/var/run/pluto" \
+    FINALNSSDIR="/etc/ipsec.d" \
     MODPROBEARGS="-q" \
     ARCH="$(LINUX_KARCH)" \
 
index 12427c144c0e9079cf049779ef9ae744ec7801e8..45481cd1b41290a907cb3fc8c54fbad32efffee0 100644 (file)
@@ -9,7 +9,7 @@
  #include <errno.h>
  
  #include "defs.h"
-@@ -172,7 +172,8 @@
+@@ -180,7 +180,8 @@
        /* Send a duplicate packet when this impair is enabled - used for testing */
        if (IMPAIR(JACOB_TWO_TWO)) {
                /* sleep for half a second, and second another packet */
diff --git a/net/libreswan/patches/030-fix_musl_build.patch b/net/libreswan/patches/030-fix_musl_build.patch
new file mode 100644 (file)
index 0000000..7183a19
--- /dev/null
@@ -0,0 +1,10 @@
+--- a/include/fd.h     2020-10-25 12:29:43.527467613 +0200
++++ b/include/fd.h     2020-10-25 12:27:41.043595114 +0200
+@@ -26,6 +26,7 @@
+ #include <stdbool.h>
+ #include <stdlib.h>           /* for ssize_t */
++#include <sys/types.h>
+ #include "where.h"
diff --git a/net/libreswan/patches/030-fix_nss_3.52.patch b/net/libreswan/patches/030-fix_nss_3.52.patch
deleted file mode 100644 (file)
index 11209b9..0000000
+++ /dev/null
@@ -1,30 +0,0 @@
-From db7715407efa43cd2a66caed67c02d8f7bb90b35 Mon Sep 17 00:00:00 2001
-From: Paul Wouters <pwouters@redhat.com>
-Date: Tue, 12 May 2020 12:56:38 -0400
-Subject: [PATCH] nss: move NSS_PKCS11_2_0_COMPAT define to
- ike_alg_encrypt_nss_gcm_ops.c
-
-It needs to go before any nss includes are done, and those includes are
-all over the place. But CK_GCM_PARAMS is only used in one file, so
-just define it there instead before the nss includes.
----
- lib/libswan/ike_alg_encrypt_nss_gcm_ops.c | 6 ++++++
- 1 files changed, 6 insertions(+), 0 deletions(-)
-
-diff --git a/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c b/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c
-index 93a027089a..571913cc1e 100644
---- a/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c
-+++ b/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c
-@@ -16,6 +16,12 @@
- #include <stdio.h>
- #include <stdlib.h>
-+/*
-+ * Special advise from Bob Relyea - needs to go before any nss include
-+ *
-+ */
-+#define NSS_PKCS11_2_0_COMPAT 1
-+
- #include "lswlog.h"
- #include "lswnss.h"
- #include "prmem.h"
diff --git a/net/libreswan/patches/040-disable_man.patch b/net/libreswan/patches/040-disable_man.patch
new file mode 100644 (file)
index 0000000..92850d5
--- /dev/null
@@ -0,0 +1,11 @@
+--- a/mk/targets.mk    2020-10-25 12:47:38.504784276 +0200
++++ b/mk/targets.mk    2020-10-25 12:48:16.242123361 +0200
+@@ -64,7 +64,7 @@
+ #
+ # For each define: TARGET clean-TARGET install-TARGET
+-TARGETS = base manpages
++TARGETS = base
+ $(foreach target,$(TARGETS),$(eval $(call recursive-target,$(target))))
diff --git a/net/libreswan/patches/099-continue_on_missing_ipv6.patch b/net/libreswan/patches/099-continue_on_missing_ipv6.patch
deleted file mode 100644 (file)
index 10fd572..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
---- a/programs/pluto/kernel_xfrm.c     2020-05-16 19:12:30.107226478 +0300
-+++ b/programs/pluto/kernel_xfrm.c     2020-05-16 19:20:25.735522574 +0300
-@@ -2759,7 +2759,8 @@
-                       LOG_ERRNO(errno, "\"%s\"", proc_f);
-               }
-       } else {
--              LOG_ERRNO(errno, "could not stat \"%s\"", proc_f);
-+              DBG(DBG_KERNEL, DBG_log("starting without ipv6 support!"));
-+              disable_ipv6 = 1;
-       }
-       if (disable_ipv6 == 1) {