From 80ac8dac11bb71c74a09535b3d43d04541449de3 Mon Sep 17 00:00:00 2001 From: Lucian Cristian Date: Sun, 25 Oct 2020 15:05:58 +0200 Subject: [PATCH] libreswan: update to 4.1 Signed-off-by: Lucian Cristian --- net/libreswan/Makefile | 10 +++---- net/libreswan/patches/010-nanosleep.patch | 2 +- .../patches/030-fix_musl_build.patch | 10 +++++++ net/libreswan/patches/030-fix_nss_3.52.patch | 30 ------------------- net/libreswan/patches/040-disable_man.patch | 11 +++++++ .../099-continue_on_missing_ipv6.patch | 12 -------- 6 files changed, 27 insertions(+), 48 deletions(-) create mode 100644 net/libreswan/patches/030-fix_musl_build.patch delete mode 100644 net/libreswan/patches/030-fix_nss_3.52.patch create mode 100644 net/libreswan/patches/040-disable_man.patch delete mode 100644 net/libreswan/patches/099-continue_on_missing_ipv6.patch diff --git a/net/libreswan/Makefile b/net/libreswan/Makefile index 0fe02e1798..365745e529 100644 --- a/net/libreswan/Makefile +++ b/net/libreswan/Makefile @@ -7,12 +7,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libreswan -PKG_VERSION:=3.32 -PKG_RELEASE:=3 +PKG_VERSION:=4.1 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://download.libreswan.org/ -PKG_HASH:=236b57fee8f562302c54f2b16d8a839a9039fcb5893668e61b398ec6b179432e +PKG_HASH:=216444c3a2ede7bed5820648856fa5d9cc8fc4b4122bd4a1129d1a5954d9227d PKG_MAINTAINER:=Lucian Cristian PKG_LICENSE:=GPL-2.0-or-later @@ -74,15 +74,15 @@ MAKE_FLAGS+= \ USE_LABELED_IPSEC=false \ USE_NM=false \ USE_NSS_KDF=true \ - USE_NSS_PRF=true \ USE_LIBCURL=false \ USE_GLIBC_KERN_FLIP_HEADERS=true \ USE_XAUTHPAM=false \ USE_LIBCAP_NG=true \ USE_SYSTEMD_WATCHDOG=false \ USE_SECCOMP=false\ - INC_USRLOCAL="/usr" \ + PREFIX="/usr" \ FINALRUNDIR="/var/run/pluto" \ + FINALNSSDIR="/etc/ipsec.d" \ MODPROBEARGS="-q" \ ARCH="$(LINUX_KARCH)" \ diff --git a/net/libreswan/patches/010-nanosleep.patch b/net/libreswan/patches/010-nanosleep.patch index 12427c144c..45481cd1b4 100644 --- a/net/libreswan/patches/010-nanosleep.patch +++ b/net/libreswan/patches/010-nanosleep.patch @@ -9,7 +9,7 @@ #include #include "defs.h" -@@ -172,7 +172,8 @@ +@@ -180,7 +180,8 @@ /* Send a duplicate packet when this impair is enabled - used for testing */ if (IMPAIR(JACOB_TWO_TWO)) { /* sleep for half a second, and second another packet */ diff --git a/net/libreswan/patches/030-fix_musl_build.patch b/net/libreswan/patches/030-fix_musl_build.patch new file mode 100644 index 0000000000..7183a19899 --- /dev/null +++ b/net/libreswan/patches/030-fix_musl_build.patch @@ -0,0 +1,10 @@ +--- a/include/fd.h 2020-10-25 12:29:43.527467613 +0200 ++++ b/include/fd.h 2020-10-25 12:27:41.043595114 +0200 +@@ -26,6 +26,7 @@ + + #include + #include /* for ssize_t */ ++#include + + #include "where.h" + diff --git a/net/libreswan/patches/030-fix_nss_3.52.patch b/net/libreswan/patches/030-fix_nss_3.52.patch deleted file mode 100644 index 11209b9c41..0000000000 --- a/net/libreswan/patches/030-fix_nss_3.52.patch +++ /dev/null @@ -1,30 +0,0 @@ -From db7715407efa43cd2a66caed67c02d8f7bb90b35 Mon Sep 17 00:00:00 2001 -From: Paul Wouters -Date: Tue, 12 May 2020 12:56:38 -0400 -Subject: [PATCH] nss: move NSS_PKCS11_2_0_COMPAT define to - ike_alg_encrypt_nss_gcm_ops.c - -It needs to go before any nss includes are done, and those includes are -all over the place. But CK_GCM_PARAMS is only used in one file, so -just define it there instead before the nss includes. ---- - lib/libswan/ike_alg_encrypt_nss_gcm_ops.c | 6 ++++++ - 1 files changed, 6 insertions(+), 0 deletions(-) - -diff --git a/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c b/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c -index 93a027089a..571913cc1e 100644 ---- a/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c -+++ b/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c -@@ -16,6 +16,12 @@ - #include - #include - -+/* -+ * Special advise from Bob Relyea - needs to go before any nss include -+ * -+ */ -+#define NSS_PKCS11_2_0_COMPAT 1 -+ - #include "lswlog.h" - #include "lswnss.h" - #include "prmem.h" diff --git a/net/libreswan/patches/040-disable_man.patch b/net/libreswan/patches/040-disable_man.patch new file mode 100644 index 0000000000..92850d5325 --- /dev/null +++ b/net/libreswan/patches/040-disable_man.patch @@ -0,0 +1,11 @@ +--- a/mk/targets.mk 2020-10-25 12:47:38.504784276 +0200 ++++ b/mk/targets.mk 2020-10-25 12:48:16.242123361 +0200 +@@ -64,7 +64,7 @@ + # + # For each define: TARGET clean-TARGET install-TARGET + +-TARGETS = base manpages ++TARGETS = base + + $(foreach target,$(TARGETS),$(eval $(call recursive-target,$(target)))) + diff --git a/net/libreswan/patches/099-continue_on_missing_ipv6.patch b/net/libreswan/patches/099-continue_on_missing_ipv6.patch deleted file mode 100644 index 10fd572fbf..0000000000 --- a/net/libreswan/patches/099-continue_on_missing_ipv6.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- a/programs/pluto/kernel_xfrm.c 2020-05-16 19:12:30.107226478 +0300 -+++ b/programs/pluto/kernel_xfrm.c 2020-05-16 19:20:25.735522574 +0300 -@@ -2759,7 +2759,8 @@ - LOG_ERRNO(errno, "\"%s\"", proc_f); - } - } else { -- LOG_ERRNO(errno, "could not stat \"%s\"", proc_f); -+ DBG(DBG_KERNEL, DBG_log("starting without ipv6 support!")); -+ disable_ipv6 = 1; - } - - if (disable_ipv6 == 1) { -- 2.30.2