diff options
Diffstat (limited to 'package/openswan')
-rw-r--r-- | package/openswan/Makefile | 8 | ||||
-rw-r--r-- | package/openswan/patches/patch-Makefile_inc | 40 | ||||
-rw-r--r-- | package/openswan/patches/patch-lib_libipsecconf_starterwhack_c | 6 | ||||
-rw-r--r-- | package/openswan/patches/patch-lib_liblwres_Makefile | 8 | ||||
-rw-r--r-- | package/openswan/patches/patch-lib_libopenswan_oswlog_c | 11 |
5 files changed, 23 insertions, 50 deletions
diff --git a/package/openswan/Makefile b/package/openswan/Makefile index a70454d15..525ddd2f1 100644 --- a/package/openswan/Makefile +++ b/package/openswan/Makefile @@ -4,12 +4,12 @@ include ${ADK_TOPDIR}/rules.mk PKG_NAME:= openswan -PKG_VERSION:= 2.6.41 +PKG_VERSION:= 2.6.43 PKG_RELEASE:= 1 -PKG_HASH:= f9ebb395cb0f717dc43942662ab65161035a99dbf8e680c1d1511d4de130d0fb +PKG_HASH:= ac7ef1d78766801f23c458cc7c3b080ca6e20c5144a1979598c319bc3bc7c88b PKG_DESCR:= ipsec software PKG_SECTION:= net/security -PKG_DEPENDS:= ip libgmp libpthread +PKG_DEPENDS:= libgmp libpthread PKG_BUILDDEP:= gmp PKG_URL:= http://www.openswan.org/ PKG_SITES:= http://www.openswan.org/download/ @@ -18,7 +18,7 @@ PKG_NOPARALLEL:= 1 DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz # GLOB_BRACE usage -PKG_LIBC_DEPENDS:= uclibc glibc +PKG_LIBC_DEPENDS:= uclibc-ng uclibc glibc include ${ADK_TOPDIR}/mk/package.mk diff --git a/package/openswan/patches/patch-Makefile_inc b/package/openswan/patches/patch-Makefile_inc index 9c73c7ce0..b6c272859 100644 --- a/package/openswan/patches/patch-Makefile_inc +++ b/package/openswan/patches/patch-Makefile_inc @@ -1,39 +1,23 @@ ---- openswan-2.6.41.orig/Makefile.inc 2014-02-21 21:46:57.000000000 +0100 -+++ openswan-2.6.41/Makefile.inc 2014-03-12 18:39:50.906115397 +0100 -@@ -169,7 +169,7 @@ INSTALL=install - # how backup names are composed. - # Note that the install procedures will never overwrite an existing config - # file, which is why -b is not specified for them. --INSTBINFLAGS=-b --suffix=.old -+INSTBINFLAGS= - INSTSUIDFLAGS=--mode=u+rxs,g+rx,o+rx --group=root -b --suffix=.old - INSTMANFLAGS= - INSTCONFFLAGS= -@@ -191,10 +191,10 @@ BISONOSFLAGS= +--- openswan-2.6.43.orig/Makefile.inc 2015-03-13 13:49:09.000000000 -0500 ++++ openswan-2.6.43/Makefile.inc 2015-05-01 04:11:06.067427001 -0500 +@@ -194,17 +194,17 @@ BISONOSFLAGS= #Example for a cross compile: #USERCOMPILE?=-g ${PORTDEFINE} -I/usr/local/arm_tools/arm-elf/inc -L/usr/local/arm_tools/lib/gcc-lib GCC_LINT ?= -DGCC_LINT --USERCOMPILE?=-g -O3 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 ${WERROR} $(GCC_LINT) -+USERCOMPILE?=-g -O3 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 ${WERROR} $(GCC_LINT) +-USERCOMPILE?=-g -O3 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 ${WERROR} $(GCC_LINT) ${USERCOMPILEEXTRA} ++USERCOMPILE?= # on fedora/rhel #USERCOMPILE?=-g -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIE -pie -DSUPPORT_BROKEN_ANDROID_ICS -KLIPSCOMPILE=-O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -DCONFIG_KLIPS_ALG -DDISABLE_UDP_CHECKSUM -+KLIPSCOMPILE=-O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -DCONFIG_KLIPS_ALG -DDISABLE_UDP_CHECKSUM ++KLIPSCOMPILE=-DCONFIG_KLIPS_ALG -DDISABLE_UDP_CHECKSUM # Additional debugging for developers (warning: can crash openswan!) #USERCOMPILE?=-g -DLEAK_DETECTIVE -lefence # You can also run this before starting openswan on glibc systems: -@@ -283,12 +283,12 @@ RH_KERNELSRC?=/lib/modules/2.6.9-1.681_F - # Note you need a locally running bind9 nameserver with lwres{} enabled - # to use this, or have the "lwres" package installed and running. - # This only affects conns that use DNS for keys in lookups. --USE_LWRES?=false -+USE_LWRES?=true + #export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) - # Do a new lookup every time a connection is (re)started. This works better - # on hosts with some dyndns service, since DPD will cause a new dns lookup, - # but it could be a potential security issue if receiving spoofed dns. --USE_DYNAMICDNS?=true -+USE_DYNAMICDNS?=false + # extra link flags +-USERLINK?=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now ${USERLINKEXTRA} ++USERLINK?=${USERLINKEXTRA} + # on fedora/rhel + #USERLINK=-g -pie - # Do we want all the configuration files like ipsec.conf and ipsec.secrets - # and any certificates to be in a single directory defined by diff --git a/package/openswan/patches/patch-lib_libipsecconf_starterwhack_c b/package/openswan/patches/patch-lib_libipsecconf_starterwhack_c index 2bc7e6910..46c6497fe 100644 --- a/package/openswan/patches/patch-lib_libipsecconf_starterwhack_c +++ b/package/openswan/patches/patch-lib_libipsecconf_starterwhack_c @@ -1,6 +1,6 @@ ---- openswan-2.6.38.orig/lib/libipsecconf/starterwhack.c 2012-03-23 22:33:43.000000000 +0100 -+++ openswan-2.6.38/lib/libipsecconf/starterwhack.c 2014-03-26 21:21:22.000000000 +0100 -@@ -17,7 +17,7 @@ +--- openswan-2.6.43.orig/lib/libipsecconf/starterwhack.c 2015-03-13 13:49:09.000000000 -0500 ++++ openswan-2.6.43/lib/libipsecconf/starterwhack.c 2015-05-01 04:01:15.147426999 -0500 +@@ -18,7 +18,7 @@ #include <sys/types.h> #include <sys/socket.h> #include <sys/un.h> diff --git a/package/openswan/patches/patch-lib_liblwres_Makefile b/package/openswan/patches/patch-lib_liblwres_Makefile index 5aaa2112e..fb788473a 100644 --- a/package/openswan/patches/patch-lib_liblwres_Makefile +++ b/package/openswan/patches/patch-lib_liblwres_Makefile @@ -1,11 +1,11 @@ ---- openswan-2.6.38.orig/lib/liblwres/Makefile 2012-03-23 22:33:43.000000000 +0100 -+++ openswan-2.6.38/lib/liblwres/Makefile 2012-07-25 18:21:02.000000000 +0200 +--- openswan-2.6.43.orig/lib/liblwres/Makefile 2015-03-13 13:49:09.000000000 -0500 ++++ openswan-2.6.43/lib/liblwres/Makefile 2015-05-01 04:01:15.175426999 -0500 @@ -23,7 +23,7 @@ CINCLUDES = -I${srcdir}${ISCARCH}/includ -I${srcdir}../libisc/include \ - -I. -I./include -I${srcdir}include + -I. -I./include -I${srcdir}include CDEFINES = -CWARNINGS = -Werror +#CWARNINGS = -Werror - CFLAGS+=${USERCOMPILE} ${PORTINCLUDE} ${CINCLUDES} ${CDEFINES} ${CWARNINGS} + CFLAGS+=${USERCOMPILE} ${PORTINCLUDE} ${CINCLUDES} ${CDEFINES} ${CWARNINGS} diff --git a/package/openswan/patches/patch-lib_libopenswan_oswlog_c b/package/openswan/patches/patch-lib_libopenswan_oswlog_c deleted file mode 100644 index a093b4e1b..000000000 --- a/package/openswan/patches/patch-lib_libopenswan_oswlog_c +++ /dev/null @@ -1,11 +0,0 @@ ---- openswan-2.6.38.orig/lib/libopenswan/oswlog.c 2012-03-23 22:33:43.000000000 +0100 -+++ openswan-2.6.38/lib/libopenswan/oswlog.c 2014-03-26 21:09:43.000000000 +0100 -@@ -24,7 +24,7 @@ - #include <string.h> - #include <unistd.h> - #include <signal.h> /* used only if MSG_NOSIGNAL not defined */ --#include <sys/queue.h> -+#include "queue.h" - #include <libgen.h> - #include <sys/stat.h> - #include <sys/types.h> |