security update, fixes #52
authorWaldemar Brodkorb <mail@waldemar-brodkorb.de>
Tue, 15 Nov 2005 10:20:12 +0000 (10:20 +0000)
committerWaldemar Brodkorb <mail@waldemar-brodkorb.de>
Tue, 15 Nov 2005 10:20:12 +0000 (10:20 +0000)
SVN-Revision: 2494

openwrt/package/base-files/default/etc/banner
openwrt/package/openswan/Makefile
openwrt/package/openswan/patches/pluto-includes.patch
openwrt/package/openswan/patches/scripts.patch
openwrt/target/linux/package/openswan/Makefile

index 374aad427e0d0184a92ed57106afc00f76f31429..50805eff3a58f8e2479d60e271d459d56b2a7d5c 100644 (file)
@@ -3,7 +3,7 @@
  |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
  |_______||   __|_____|__|__||________||__|  |____|
           |__| W I R E L E S S   F R E E D O M
- WHITE RUSSIAN (RC3) -------------------------------
+ WHITE RUSSIAN (RC4) -------------------------------
   * 2 oz Vodka   Mix the Vodka and Kahlua together
   * 1 oz Kahlua  over ice, then float the cream or
   * 1/2oz cream  milk on the top.
index 0e92d8a1b02ebad338b0da2add6b1338745d99cb..39ff4af089e03f5a06824f22b2922ced968874d1 100644 (file)
@@ -3,9 +3,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openswan
-PKG_VERSION:=2.3.1
+PKG_VERSION:=2.4.2
 PKG_RELEASE:=1
-PKG_MD5SUM:=3dcf1cd7efcbe8db3148fc288d429db1
+PKG_MD5SUM:=38c7ad91312bdd67fa57fe987b21183e
 
 PKG_SOURCE_URL:=http://www.openswan.org/download
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
@@ -19,12 +19,6 @@ $(eval $(call PKG_template,OPENSWAN,openswan,$(PKG_VERSION)-$(PKG_RELEASE),$(ARC
 FLAGS := $(TARGET_CFLAGS) -I$(PKG_BUILD_DIR)/linux/include -L$(STAGING_DIR)/usr/lib -I$(STAGING_DIR)/usr/include
 
 $(PKG_BUILD_DIR)/.built:
-#      $(MAKE) -C $(PKG_BUILD_DIR) \
-#              $(TARGET_CONFIGURE_OPTS) \
-#              KERNELSRC="$(LINUX_DIR)" \
-#              ARCH="mips" \
-#              USERCOMPILE="$(FLAGS)" \
-#              module
        $(MAKE) -C $(PKG_BUILD_DIR) \
                $(TARGET_CONFIGURE_OPTS) \
                KERNELSRC="$(LINUX_DIR)" \
index d189c1f4a8c72c9caff74bf16c687bde9ee1ccb0..8cd1398d4a917558674e3ece7475e003d9000766 100644 (file)
@@ -1,25 +1,12 @@
-diff -urN openswan-2.3.1dr6.old/programs/pluto/Makefile openswan-2.3.1dr6/programs/pluto/Makefile
---- openswan-2.3.1dr6.old/programs/pluto/Makefile      2005-03-27 22:21:41.000000000 +0200
-+++ openswan-2.3.1dr6/programs/pluto/Makefile  2005-04-05 02:58:42.000000000 +0200
-@@ -66,7 +66,7 @@
- # where to find klips headers and Openswan headers
- # and 2.6 kernel's <rtnetlink.h> and <xfrm.h>
--HDRDIRS = -I${OPENSWANSRCDIR}/programs/pluto/linux26 -I${OPENSWANSRCDIR}/include -I$(KLIPSINC) 
-+HDRDIRS = -I${OPENSWANSRCDIR}/programs/pluto/linux26 -I${OPENSWANSRCDIR}/include -I$(KLIPSINC)  $(EXTRA_INCLUDE)
- # On non-LINUX systems, these one of these may be needed (see endian.h)
- # BYTE_ORDER = -DBIG_ENDIAN=4321 -DLITTLE_ENDIAN=1234 -DBYTE_ORDER=BIG_ENDIAN
-diff -urN openswan-2.3.1dr6.old/programs/pluto/Makefile openswan-2.3.1dr6.dev/programs/pluto/Makefile
---- openswan-2.3.1dr6.old/programs/pluto/Makefile      2005-04-05 03:00:36.000000000 +0200
-+++ openswan-2.3.1dr6.dev/programs/pluto/Makefile      2005-04-05 03:06:18.000000000 +0200
-@@ -255,7 +255,7 @@
- LIBSPLUTO+=$(IPSECPOLICY_LIBS) $(X509_LIBS) $(SMARTCARD_LIBS) 
+diff -Nur openswan-2.4.0.orig/programs/pluto/Makefile openswan-2.4.0/programs/pluto/Makefile
+--- openswan-2.4.0.orig/programs/pluto/Makefile        2005-08-12 03:12:38.000000000 +0200
++++ openswan-2.4.0/programs/pluto/Makefile     2005-09-29 13:41:14.016377750 +0200
+@@ -271,7 +271,7 @@
  LIBSPLUTO+=$(HAVE_THREADS_LIBS) ${XAUTHPAM_LIBS}
  LIBSPLUTO+=${CURL_LIBS} 
+ LIBSPLUTO+=${EXTRA_CRYPTO_LIBS}
 -LIBSPLUTO+= -lgmp -lresolv # -lefence
-+LIBSPLUTO+= $(EXTRA_LIBS) -lgmp -lresolv # -lefence
++LIBSPLUTO+=$(EXTRA_LIBS) -lgmp -lresolv # -lefence
  
  ifneq ($(LD_LIBRARY_PATH),)
  LDFLAGS=-L$(LD_LIBRARY_PATH)
-Binary files openswan-2.3.1dr6.old/programs/pluto/.Makefile.swp and openswan-2.3.1dr6.dev/programs/pluto/.Makefile.swp differ
index f788f78e9d9e560f189b199362d007718381c7e0..5925f0768a78fb6a2e8ce1cfe67df0b4b8fec12d 100644 (file)
-diff -uNr openswan-2.3.0.orig/programs/loggerfix openswan-2.3.0/programs/loggerfix
---- openswan-2.3.0.orig/programs/loggerfix     1970-01-01 00:00:00.000000000 +0000
-+++ openswan-2.3.0/programs/loggerfix  2005-02-02 20:34:54.000000000 +0000
+diff -Nur openswan-2.4.0.orig/programs/loggerfix openswan-2.4.0/programs/loggerfix
+--- openswan-2.4.0.orig/programs/loggerfix     1970-01-01 01:00:00.000000000 +0100
++++ openswan-2.4.0/programs/loggerfix  2005-09-29 13:44:43.325458750 +0200
 @@ -0,0 +1,5 @@
 +#!/bin/sh
 +# use filename instead of /dev/null to log, but dont log to flash or ram
 +# pref. log to nfs mount
 +echo "$*" >> /dev/null
 +exit 0
-diff -uNr openswan-2.3.0.orig/programs/look/look.in openswan-2.3.0/programs/look/look.in
---- openswan-2.3.0.orig/programs/look/look.in  2003-10-31 02:32:42.000000000 +0000
-+++ openswan-2.3.0/programs/look/look.in       2005-02-02 20:34:54.000000000 +0000
-@@ -79,7 +79,7 @@
+diff -Nur openswan-2.4.0.orig/programs/look/look.in openswan-2.4.0/programs/look/look.in
+--- openswan-2.4.0.orig/programs/look/look.in  2005-08-18 16:10:09.000000000 +0200
++++ openswan-2.4.0/programs/look/look.in       2005-09-29 13:44:49.537847000 +0200
+@@ -84,7 +84,7 @@
  then
        pat="$pat|$defaultroutephys\$|$defaultroutevirt\$"
  else
--      for i in `echo "$IPSECinterfaces" | tr '=' ' '`
-+      for i in `echo "$IPSECinterfaces" | sed 's/=/ /'`
+-      for i in `echo "$IPSECinterfaces" | sed 's/=/ /'`
++      for i in `echo "$IPSECinterfaces" | tr '=' ' '`
        do
                pat="$pat|$i\$"
        done
-diff -uNr openswan-2.3.0.orig/programs/manual/manual.in openswan-2.3.0/programs/manual/manual.in
---- openswan-2.3.0.orig/programs/manual/manual.in      2004-11-01 22:49:01.000000000 +0000
-+++ openswan-2.3.0/programs/manual/manual.in   2005-02-02 20:34:54.000000000 +0000
+diff -Nur openswan-2.4.0.orig/programs/manual/manual.in openswan-2.4.0/programs/manual/manual.in
+--- openswan-2.4.0.orig/programs/manual/manual.in      2005-04-18 00:57:12.000000000 +0200
++++ openswan-2.4.0/programs/manual/manual.in   2005-09-29 13:44:52.446028750 +0200
 @@ -104,7 +104,7 @@
                                sub(/:/, " ", $0)
                                if (interf != "")
                                        print $3 "@" interf
--                       }' | tr '\n' ' '`"
-+                       }' | sed ':a;N;$!ba;s/\n/ /g'`"
+-                       }' | sed ':a;N;$!ba;s/\n/ /g'`"
++                       }' | tr '\n' ' '`"
        ;;
  esac
- diff -uNr openswan-2.3.0.orig/programs/_startklips/_startklips.in openswan-2.3.0/programs/_startklips/_startklips.in
---- openswan-2.3.0.orig/programs/_startklips/_startklips.in    2004-12-10 12:38:28.000000000 +0000
-+++ openswan-2.3.0/programs/_startklips/_startklips.in 2005-02-02 20:34:54.000000000 +0000
-@@ -292,7 +292,12 @@
+diff -Nur openswan-2.4.0.orig/programs/_plutorun/_plutorun.in openswan-2.4.0/programs/_plutorun/_plutorun.in
+--- openswan-2.4.0.orig/programs/_plutorun/_plutorun.in        2005-04-21 23:57:16.000000000 +0200
++++ openswan-2.4.0/programs/_plutorun/_plutorun.in     2005-09-29 13:44:53.442091000 +0200
+@@ -147,7 +147,7 @@
+                       exit 1
                fi
-                 unset MODPATH MODULECONF        # no user overrides!
-                 depmod -a >/dev/null 2>&1
--                modprobe -v ipsec
-+                if [ -f modprobe ]
-+                                                                      then modprobe -v ipsec
-+                                                              elif [ -f insmod ]
-+                                                                      then insmod ipsec
-+                                                              fi
-+                                                                      
-         fi
-         if test ! -f $ipsecversion
-         then
-diff -uNr openswan-2.3.0.orig/programs/setup/setup.in openswan-2.3.0/programs/setup/setup.in
---- openswan-2.3.0.orig/programs/setup/setup.in        2004-03-22 00:24:06.000000000 +0000
-+++ openswan-2.3.0/programs/setup/setup.in     2005-02-02 20:34:54.000000000 +0000
-@@ -110,12 +110,22 @@
- # do it
- case "$1" in
-   start|--start|stop|--stop|_autostop|_autostart)
--      if test " `id -u`" != " 0"
-+      if [ "x${USER}" != "xroot" ]
+       else
+-              if test ! -w "`dirname $stderrlog`"
++              if test ! -w "`echo $stderrlog | sed -r 's/(^.*\/)(.*$)/\1/'`"
+               then
+                       echo Cannot write to directory to create \"$stderrlog\".
+                       exit 1
+diff -Nur openswan-2.4.0.orig/programs/_realsetup/_realsetup.in openswan-2.4.0/programs/_realsetup/_realsetup.in
+--- openswan-2.4.0.orig/programs/_realsetup/_realsetup.in      2005-07-28 02:23:48.000000000 +0200
++++ openswan-2.4.0/programs/_realsetup/_realsetup.in   2005-09-29 13:44:53.442091000 +0200
+@@ -235,7 +235,7 @@
+       # misc pre-Pluto setup
+-      perform test -d `dirname $subsyslock` "&&" touch $subsyslock
++      perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock
+       if test " $IPSECforwardcontrol" = " yes"
        then
-               echo "permission denied (must be superuser)" |
-                       logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
-               exit 1
-       fi
-+
-+      # make sure all required directories exist
-+      if [ ! -d /var/run/pluto ]
-+      then
-+              mkdir -p /var/run/pluto
-+      fi
-+      if [ ! -d /var/lock/subsys ]
-+      then
-+              mkdir -p /var/lock/subsys
-+      fi
-       tmp=/var/run/pluto/ipsec_setup.st
-       outtmp=/var/run/pluto/ipsec_setup.out
-       (
-diff -uNr openswan-2.3.0.orig/programs/showhostkey/showhostkey.in openswan-2.3.0/programs/showhostkey/showhostkey.in
---- openswan-2.3.0.orig/programs/showhostkey/showhostkey.in    2004-11-14 13:40:41.000000000 +0000
-+++ openswan-2.3.0/programs/showhostkey/showhostkey.in 2005-02-02 20:34:54.000000000 +0000
-@@ -63,7 +63,7 @@
-       exit 1
- fi
+@@ -347,7 +347,7 @@
+               lsmod 2>&1 | grep "^xfrm_user" > /dev/null && rmmod -s xfrm_user
+       fi 
  
--host="`hostname --fqdn`"
-+host="`cat /proc/sys/kernel/hostname`"
+-      perform test -d `dirname $subsyslock` "&&" rm -f $subsyslock
++      perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock
  
- awk ' BEGIN {
-
-diff -uNr openswan-2.3.0.orig/programs/send-pr/send-pr.in openswan-2.3.0/programs/send-pr/send-pr.in
---- openswan-2.3.0.orig/programs/send-pr/send-pr.in    2003-07-14 12:26:17.000000000 +0000
-+++ openswan-2.3.0/programs/send-pr/send-pr.in 2005-02-02 20:34:54.000000000 +0000
+       perform rm -f $info $lock $plutopid
+       perform echo "...Openswan IPsec stopped" "|" $LOGONLY
+diff -Nur openswan-2.4.0.orig/programs/send-pr/send-pr.in openswan-2.4.0/programs/send-pr/send-pr.in
+--- openswan-2.4.0.orig/programs/send-pr/send-pr.in    2005-04-18 01:04:46.000000000 +0200
++++ openswan-2.4.0/programs/send-pr/send-pr.in 2005-09-29 13:44:53.442091000 +0200
 @@ -402,7 +402,7 @@
                    else
                        if [ "$fieldname" != "Category" ]
                        then
--                          values=`${BINDIR}/query-pr --valid-values $fieldname | tr '\n' ' ' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
-+                          values=`${BINDIR}/query-pr --valid-values $fieldname | sed ':a;N;$!ba;s/\n/ /g' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
+-                          values=`${BINDIR}/query-pr --valid-values $fieldname | sed ':a;N;$!ba;s/\n/ /g' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
++                          values=`${BINDIR}/query-pr --valid-values $fieldname | tr '\n' ' ' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
                            valslen=`echo "$values" | wc -c`
                        else
                            values="choose from a category listed above"
@@ -102,8 +80,8 @@ diff -uNr openswan-2.3.0.orig/programs/send-pr/send-pr.in openswan-2.3.0/program
                        else
                                desc="<${values} (one line)>";
                        fi
--                      dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
-+                      dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
+-                      dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
++                      dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
                        echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL
                    fi
                    echo "${fmtname}${desc}" >> $file
@@ -111,8 +89,8 @@ diff -uNr openswan-2.3.0.orig/programs/send-pr/send-pr.in openswan-2.3.0/program
                        desc="  $default_val";
                    else
                        desc="  <`${BINDIR}/query-pr --field-description $fieldname` (multiple lines)>";
--                      dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
-+                      dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
+-                      dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
++                      dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
                        echo "s/^${dpat}//" >> $FIXFIL
                    fi
                    echo "${fmtname}" >> $file;
@@ -120,46 +98,53 @@ diff -uNr openswan-2.3.0.orig/programs/send-pr/send-pr.in openswan-2.3.0/program
                        desc="${default_val}"
                    else
                        desc="<`${BINDIR}/query-pr --field-description $fieldname` (one line)>"
--                      dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
-+                      dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
+-                      dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
++                      dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
                        echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL
                    fi
                    echo "${fmtname}${desc}" >> $file
-diff -uNr openswan-2.3.0.orig/programs/_realsetup/_realsetup.in openswan-2.3.0/programs/_realsetup/_realsetup.in
---- openswan-2.3.0.orig/programs/_realsetup/_realsetup.in      2004-12-10 13:10:04.000000000 +0000
-+++ openswan-2.3.0/programs/_realsetup/_realsetup.in   2005-02-02 20:34:54.000000000 +0000
-@@ -209,7 +209,7 @@
-       # misc pre-Pluto setup
--      perform test -d `dirname $subsyslock` "&&" touch $subsyslock
-+      perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock
-       if test " $IPSECforwardcontrol" = " yes"
+diff -Nur openswan-2.4.0.orig/programs/setup/setup.in openswan-2.4.0/programs/setup/setup.in
+--- openswan-2.4.0.orig/programs/setup/setup.in        2005-07-25 21:17:03.000000000 +0200
++++ openswan-2.4.0/programs/setup/setup.in     2005-09-29 13:44:52.446028750 +0200
+@@ -117,12 +117,22 @@
+ # do it
+ case "$1" in
+   start|--start|stop|--stop|_autostop|_autostart)
+-      if test " `id -u`" != " 0"
++      if [ "x${USER}" != "xroot" ]
        then
-@@ -313,7 +313,7 @@
-               lsmod 2>&1 | grep "^xfrm_user" > /dev/null && rmmod -s xfrm_user
-       fi 
+               echo "permission denied (must be superuser)" |
+                       logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
+               exit 1
+       fi
++
++      # make sure all required directories exist
++      if [ ! -d /var/run/pluto ]
++      then
++              mkdir -p /var/run/pluto
++      fi
++      if [ ! -d /var/lock/subsys ]
++      then
++              mkdir -p /var/lock/subsys
++      fi
+       tmp=/var/run/pluto/ipsec_setup.st
+       outtmp=/var/run/pluto/ipsec_setup.out
+       (
+diff -Nur openswan-2.4.0.orig/programs/showhostkey/showhostkey.in openswan-2.4.0/programs/showhostkey/showhostkey.in
+--- openswan-2.4.0.orig/programs/showhostkey/showhostkey.in    2004-11-14 14:40:41.000000000 +0100
++++ openswan-2.4.0/programs/showhostkey/showhostkey.in 2005-09-29 13:44:52.446028750 +0200
+@@ -63,7 +63,7 @@
+       exit 1
+ fi
  
--      perform test -d `dirname $subsyslock` "&&" rm -f $subsyslock
-+      perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock
+-host="`hostname --fqdn`"
++host="`cat /proc/sys/kernel/hostname`"
  
-       perform rm -f $info $lock $plutopid
-       perform echo "...Openswan IPsec stopped" "|" $LOGONLY
---- openswan-2.3.0.orig/programs/_plutorun/_plutorun.in        2004-11-03 20:21:08.000000000 +0000
-+++ openswan-2.3.0/programs/_plutorun/_plutorun.in     2005-02-02 20:34:54.000000000 +0000
-@@ -140,7 +140,7 @@
-                       exit 1
-               fi
-       else
--              if test ! -w "`dirname $stderrlog`"
-+              if test ! -w "`echo $stderrlog | sed -r 's/(^.*\/)(.*$)/\1/'`"
-               then
-                       echo Cannot write to directory to create \"$stderrlog\".
-                       exit 1
-diff -urN openswan-2.3.1.old/programs/_startklips/_startklips.in openswan-2.3.1/programs/_startklips/_startklips.in
---- openswan-2.3.1.old/programs/_startklips/_startklips.in     2005-04-10 23:57:51.000000000 +0200
-+++ openswan-2.3.1/programs/_startklips/_startklips.in 2005-04-11 00:00:36.000000000 +0200
+ awk ' BEGIN {
+               inkey = 0
+diff -Nur openswan-2.4.0.orig/programs/_startklips/_startklips.in openswan-2.4.0/programs/_startklips/_startklips.in
+--- openswan-2.4.0.orig/programs/_startklips/_startklips.in    2005-03-31 23:07:27.000000000 +0200
++++ openswan-2.4.0/programs/_startklips/_startklips.in 2005-09-29 13:44:53.442091000 +0200
 @@ -262,15 +262,15 @@
      echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
      exit
@@ -207,3 +192,17 @@ diff -urN openswan-2.3.1.old/programs/_startklips/_startklips.in openswan-2.3.1/
        fi
  fi
  
+@@ -305,7 +305,12 @@
+               fi
+                 unset MODPATH MODULECONF        # no user overrides!
+                 depmod -a >/dev/null 2>&1
+-                modprobe -v ipsec
++                if [ -f modprobe ]
++                                                                      then modprobe -v ipsec
++                                                              elif [ -f insmod ]
++                                                                      then insmod ipsec
++                                                              fi
++                                                                      
+         fi
+         if test ! -f $ipsecversion
+         then
index a105a1f540576bfe834935dfd2f4e75fa1417a93..0344336fe867bde9e8b881e5a00e4fdf1d747513 100644 (file)
@@ -3,9 +3,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openswan
-PKG_VERSION:=2.3.1
+PKG_VERSION:=2.4.2
 PKG_RELEASE:=1
-PKG_MD5SUM:=3dcf1cd7efcbe8db3148fc288d429db1
+PKG_MD5SUM:=38c7ad91312bdd67fa57fe987b21183e
 
 PKG_SOURCE_URL:=http://www.openswan.org/download
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
@@ -28,6 +28,7 @@ $(PKG_BUILD_DIR)/.built:
                KERNELSRC="$(KERNEL_DIR)" \
                ARCH="mips" \
                USERCOMPILE="$(FLAGS)" \
+               AS="$(TARGET_CC) -c $(TARGET_CFLAGS)" \
                module
 
 $(IPKG_KMOD_OPENSWAN):