summaryrefslogtreecommitdiff
path: root/package/openswan
diff options
context:
space:
mode:
Diffstat (limited to 'package/openswan')
-rw-r--r--package/openswan/Makefile8
-rw-r--r--package/openswan/patches/patch-Makefile_inc40
-rw-r--r--package/openswan/patches/patch-lib_libipsecconf_starterwhack_c6
-rw-r--r--package/openswan/patches/patch-lib_liblwres_Makefile8
-rw-r--r--package/openswan/patches/patch-lib_libopenswan_oswlog_c11
5 files changed, 23 insertions, 50 deletions
diff --git a/package/openswan/Makefile b/package/openswan/Makefile
index a70454d15..525ddd2f1 100644
--- a/package/openswan/Makefile
+++ b/package/openswan/Makefile
@@ -4,12 +4,12 @@
include ${ADK_TOPDIR}/rules.mk
PKG_NAME:= openswan
-PKG_VERSION:= 2.6.41
+PKG_VERSION:= 2.6.43
PKG_RELEASE:= 1
-PKG_HASH:= f9ebb395cb0f717dc43942662ab65161035a99dbf8e680c1d1511d4de130d0fb
+PKG_HASH:= ac7ef1d78766801f23c458cc7c3b080ca6e20c5144a1979598c319bc3bc7c88b
PKG_DESCR:= ipsec software
PKG_SECTION:= net/security
-PKG_DEPENDS:= ip libgmp libpthread
+PKG_DEPENDS:= libgmp libpthread
PKG_BUILDDEP:= gmp
PKG_URL:= http://www.openswan.org/
PKG_SITES:= http://www.openswan.org/download/
@@ -18,7 +18,7 @@ PKG_NOPARALLEL:= 1
DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz
# GLOB_BRACE usage
-PKG_LIBC_DEPENDS:= uclibc glibc
+PKG_LIBC_DEPENDS:= uclibc-ng uclibc glibc
include ${ADK_TOPDIR}/mk/package.mk
diff --git a/package/openswan/patches/patch-Makefile_inc b/package/openswan/patches/patch-Makefile_inc
index 9c73c7ce0..b6c272859 100644
--- a/package/openswan/patches/patch-Makefile_inc
+++ b/package/openswan/patches/patch-Makefile_inc
@@ -1,39 +1,23 @@
---- openswan-2.6.41.orig/Makefile.inc 2014-02-21 21:46:57.000000000 +0100
-+++ openswan-2.6.41/Makefile.inc 2014-03-12 18:39:50.906115397 +0100
-@@ -169,7 +169,7 @@ INSTALL=install
- # how backup names are composed.
- # Note that the install procedures will never overwrite an existing config
- # file, which is why -b is not specified for them.
--INSTBINFLAGS=-b --suffix=.old
-+INSTBINFLAGS=
- INSTSUIDFLAGS=--mode=u+rxs,g+rx,o+rx --group=root -b --suffix=.old
- INSTMANFLAGS=
- INSTCONFFLAGS=
-@@ -191,10 +191,10 @@ BISONOSFLAGS=
+--- openswan-2.6.43.orig/Makefile.inc 2015-03-13 13:49:09.000000000 -0500
++++ openswan-2.6.43/Makefile.inc 2015-05-01 04:11:06.067427001 -0500
+@@ -194,17 +194,17 @@ BISONOSFLAGS=
#Example for a cross compile:
#USERCOMPILE?=-g ${PORTDEFINE} -I/usr/local/arm_tools/arm-elf/inc -L/usr/local/arm_tools/lib/gcc-lib
GCC_LINT ?= -DGCC_LINT
--USERCOMPILE?=-g -O3 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 ${WERROR} $(GCC_LINT)
-+USERCOMPILE?=-g -O3 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 ${WERROR} $(GCC_LINT)
+-USERCOMPILE?=-g -O3 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 ${WERROR} $(GCC_LINT) ${USERCOMPILEEXTRA}
++USERCOMPILE?=
# on fedora/rhel
#USERCOMPILE?=-g -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIE -pie -DSUPPORT_BROKEN_ANDROID_ICS
-KLIPSCOMPILE=-O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -DCONFIG_KLIPS_ALG -DDISABLE_UDP_CHECKSUM
-+KLIPSCOMPILE=-O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -DCONFIG_KLIPS_ALG -DDISABLE_UDP_CHECKSUM
++KLIPSCOMPILE=-DCONFIG_KLIPS_ALG -DDISABLE_UDP_CHECKSUM
# Additional debugging for developers (warning: can crash openswan!)
#USERCOMPILE?=-g -DLEAK_DETECTIVE -lefence
# You can also run this before starting openswan on glibc systems:
-@@ -283,12 +283,12 @@ RH_KERNELSRC?=/lib/modules/2.6.9-1.681_F
- # Note you need a locally running bind9 nameserver with lwres{} enabled
- # to use this, or have the "lwres" package installed and running.
- # This only affects conns that use DNS for keys in lookups.
--USE_LWRES?=false
-+USE_LWRES?=true
+ #export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
- # Do a new lookup every time a connection is (re)started. This works better
- # on hosts with some dyndns service, since DPD will cause a new dns lookup,
- # but it could be a potential security issue if receiving spoofed dns.
--USE_DYNAMICDNS?=true
-+USE_DYNAMICDNS?=false
+ # extra link flags
+-USERLINK?=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now ${USERLINKEXTRA}
++USERLINK?=${USERLINKEXTRA}
+ # on fedora/rhel
+ #USERLINK=-g -pie
- # Do we want all the configuration files like ipsec.conf and ipsec.secrets
- # and any certificates to be in a single directory defined by
diff --git a/package/openswan/patches/patch-lib_libipsecconf_starterwhack_c b/package/openswan/patches/patch-lib_libipsecconf_starterwhack_c
index 2bc7e6910..46c6497fe 100644
--- a/package/openswan/patches/patch-lib_libipsecconf_starterwhack_c
+++ b/package/openswan/patches/patch-lib_libipsecconf_starterwhack_c
@@ -1,6 +1,6 @@
---- openswan-2.6.38.orig/lib/libipsecconf/starterwhack.c 2012-03-23 22:33:43.000000000 +0100
-+++ openswan-2.6.38/lib/libipsecconf/starterwhack.c 2014-03-26 21:21:22.000000000 +0100
-@@ -17,7 +17,7 @@
+--- openswan-2.6.43.orig/lib/libipsecconf/starterwhack.c 2015-03-13 13:49:09.000000000 -0500
++++ openswan-2.6.43/lib/libipsecconf/starterwhack.c 2015-05-01 04:01:15.147426999 -0500
+@@ -18,7 +18,7 @@
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
diff --git a/package/openswan/patches/patch-lib_liblwres_Makefile b/package/openswan/patches/patch-lib_liblwres_Makefile
index 5aaa2112e..fb788473a 100644
--- a/package/openswan/patches/patch-lib_liblwres_Makefile
+++ b/package/openswan/patches/patch-lib_liblwres_Makefile
@@ -1,11 +1,11 @@
---- openswan-2.6.38.orig/lib/liblwres/Makefile 2012-03-23 22:33:43.000000000 +0100
-+++ openswan-2.6.38/lib/liblwres/Makefile 2012-07-25 18:21:02.000000000 +0200
+--- openswan-2.6.43.orig/lib/liblwres/Makefile 2015-03-13 13:49:09.000000000 -0500
++++ openswan-2.6.43/lib/liblwres/Makefile 2015-05-01 04:01:15.175426999 -0500
@@ -23,7 +23,7 @@ CINCLUDES = -I${srcdir}${ISCARCH}/includ
-I${srcdir}../libisc/include \
- -I. -I./include -I${srcdir}include
+ -I. -I./include -I${srcdir}include
CDEFINES =
-CWARNINGS = -Werror
+#CWARNINGS = -Werror
- CFLAGS+=${USERCOMPILE} ${PORTINCLUDE} ${CINCLUDES} ${CDEFINES} ${CWARNINGS}
+ CFLAGS+=${USERCOMPILE} ${PORTINCLUDE} ${CINCLUDES} ${CDEFINES} ${CWARNINGS}
diff --git a/package/openswan/patches/patch-lib_libopenswan_oswlog_c b/package/openswan/patches/patch-lib_libopenswan_oswlog_c
deleted file mode 100644
index a093b4e1b..000000000
--- a/package/openswan/patches/patch-lib_libopenswan_oswlog_c
+++ /dev/null
@@ -1,11 +0,0 @@
---- openswan-2.6.38.orig/lib/libopenswan/oswlog.c 2012-03-23 22:33:43.000000000 +0100
-+++ openswan-2.6.38/lib/libopenswan/oswlog.c 2014-03-26 21:09:43.000000000 +0100
-@@ -24,7 +24,7 @@
- #include <string.h>
- #include <unistd.h>
- #include <signal.h> /* used only if MSG_NOSIGNAL not defined */
--#include <sys/queue.h>
-+#include "queue.h"
- #include <libgen.h>
- #include <sys/stat.h>
- #include <sys/types.h>