From d2d808cb75c15bd080e455376811f4a3161d4546 Mon Sep 17 00:00:00 2001 From: Waldemar Brodkorb Date: Fri, 1 May 2015 04:22:53 -0500 Subject: update openswan to latest upstream version --- package/openswan/patches/patch-Makefile_inc | 40 +++++++++-------------------- 1 file changed, 12 insertions(+), 28 deletions(-) (limited to 'package/openswan/patches/patch-Makefile_inc') diff --git a/package/openswan/patches/patch-Makefile_inc b/package/openswan/patches/patch-Makefile_inc index 9c73c7ce0..b6c272859 100644 --- a/package/openswan/patches/patch-Makefile_inc +++ b/package/openswan/patches/patch-Makefile_inc @@ -1,39 +1,23 @@ ---- openswan-2.6.41.orig/Makefile.inc 2014-02-21 21:46:57.000000000 +0100 -+++ openswan-2.6.41/Makefile.inc 2014-03-12 18:39:50.906115397 +0100 -@@ -169,7 +169,7 @@ INSTALL=install - # how backup names are composed. - # Note that the install procedures will never overwrite an existing config - # file, which is why -b is not specified for them. --INSTBINFLAGS=-b --suffix=.old -+INSTBINFLAGS= - INSTSUIDFLAGS=--mode=u+rxs,g+rx,o+rx --group=root -b --suffix=.old - INSTMANFLAGS= - INSTCONFFLAGS= -@@ -191,10 +191,10 @@ BISONOSFLAGS= +--- openswan-2.6.43.orig/Makefile.inc 2015-03-13 13:49:09.000000000 -0500 ++++ openswan-2.6.43/Makefile.inc 2015-05-01 04:11:06.067427001 -0500 +@@ -194,17 +194,17 @@ BISONOSFLAGS= #Example for a cross compile: #USERCOMPILE?=-g ${PORTDEFINE} -I/usr/local/arm_tools/arm-elf/inc -L/usr/local/arm_tools/lib/gcc-lib GCC_LINT ?= -DGCC_LINT --USERCOMPILE?=-g -O3 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 ${WERROR} $(GCC_LINT) -+USERCOMPILE?=-g -O3 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 ${WERROR} $(GCC_LINT) +-USERCOMPILE?=-g -O3 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 ${WERROR} $(GCC_LINT) ${USERCOMPILEEXTRA} ++USERCOMPILE?= # on fedora/rhel #USERCOMPILE?=-g -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIE -pie -DSUPPORT_BROKEN_ANDROID_ICS -KLIPSCOMPILE=-O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -DCONFIG_KLIPS_ALG -DDISABLE_UDP_CHECKSUM -+KLIPSCOMPILE=-O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -DCONFIG_KLIPS_ALG -DDISABLE_UDP_CHECKSUM ++KLIPSCOMPILE=-DCONFIG_KLIPS_ALG -DDISABLE_UDP_CHECKSUM # Additional debugging for developers (warning: can crash openswan!) #USERCOMPILE?=-g -DLEAK_DETECTIVE -lefence # You can also run this before starting openswan on glibc systems: -@@ -283,12 +283,12 @@ RH_KERNELSRC?=/lib/modules/2.6.9-1.681_F - # Note you need a locally running bind9 nameserver with lwres{} enabled - # to use this, or have the "lwres" package installed and running. - # This only affects conns that use DNS for keys in lookups. --USE_LWRES?=false -+USE_LWRES?=true + #export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) - # Do a new lookup every time a connection is (re)started. This works better - # on hosts with some dyndns service, since DPD will cause a new dns lookup, - # but it could be a potential security issue if receiving spoofed dns. --USE_DYNAMICDNS?=true -+USE_DYNAMICDNS?=false + # extra link flags +-USERLINK?=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now ${USERLINKEXTRA} ++USERLINK?=${USERLINKEXTRA} + # on fedora/rhel + #USERLINK=-g -pie - # Do we want all the configuration files like ipsec.conf and ipsec.secrets - # and any certificates to be in a single directory defined by -- cgit v1.2.3