diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2020-09-02 14:09:07 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2020-09-02 14:09:07 +0100 |
| commit | b17a3ef12038de50228bade1f05502c74e135321 (patch) | |
| tree | 9026dffec53f92cba48ca9a500a4f778e6304380 /net-vpn | |
| parent | 3cf7c3ef441822c889356fd1812ebf2944a59851 (diff) | |
gentoo resync : 02.09.2020
Diffstat (limited to 'net-vpn')
| -rw-r--r-- | net-vpn/Manifest.gz | bin | 6884 -> 6878 bytes | |||
| -rw-r--r-- | net-vpn/networkmanager-strongswan/Manifest | 2 | ||||
| -rw-r--r-- | net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.5.2.ebuild | 2 | ||||
| -rw-r--r-- | net-vpn/strongswan/Manifest | 7 | ||||
| -rw-r--r-- | net-vpn/strongswan/files/strongswan-5.8.2-gcc-10.patch | 45 | ||||
| -rw-r--r-- | net-vpn/strongswan/strongswan-5.8.1.ebuild | 308 | ||||
| -rw-r--r-- | net-vpn/strongswan/strongswan-5.8.2.ebuild | 310 | ||||
| -rw-r--r-- | net-vpn/strongswan/strongswan-5.8.4.ebuild | 2 | ||||
| -rw-r--r-- | net-vpn/tor/Manifest | 2 | ||||
| -rw-r--r-- | net-vpn/tor/tor-0.4.3.6.ebuild | 2 |
10 files changed, 6 insertions, 674 deletions
diff --git a/net-vpn/Manifest.gz b/net-vpn/Manifest.gz Binary files differindex 57f2eb2b9657..cc2fd3947a87 100644 --- a/net-vpn/Manifest.gz +++ b/net-vpn/Manifest.gz diff --git a/net-vpn/networkmanager-strongswan/Manifest b/net-vpn/networkmanager-strongswan/Manifest index fccbec72830b..58143cfe16d8 100644 --- a/net-vpn/networkmanager-strongswan/Manifest +++ b/net-vpn/networkmanager-strongswan/Manifest @@ -1,5 +1,5 @@ DIST NetworkManager-strongswan-1.4.5.tar.bz2 306689 BLAKE2B c00a45eede846b927ea63c97d8fec75ceae296fe0f32aa61c87438adbb4bb0108c61c5b6e056dc8973f8bab6a51f8c63443695816a03b9c360565cb880b2d6f5 SHA512 b1c8958ec40065ec251f625ac69707d3e86e2d3b0466bd33a23edbdabefa952582ee066fc7e61bfd5921ed8340a7233353a219cff50fdc279a67c8269920cb86 DIST NetworkManager-strongswan-1.5.2.tar.bz2 300735 BLAKE2B f8ac0002d14bc79b33b897785eb60ac46d43d29c2e897a9d2249c905a524bd7e8942d8bb535a551956b81be0af16b6fa8876a8c636aadc06d2c068a4b21b403e SHA512 c79f011470778ae05f80b71330acfd7df75363fd089624007e9bdd82b75513a23eaaa3ef10141f780df075eb501ee675e4c293710e0a4c5fd9d4f4b0565bae59 EBUILD networkmanager-strongswan-1.4.5-r2.ebuild 917 BLAKE2B 8163558c167b08e633ef46a30e5b1b664fc7e6121a2724b1fb65f301efe0de10ad4c46b7d7576b1765cd11ff42ba58f2efb2f73300582a64ddf5b1b567e26539 SHA512 83930fd4237db1d9771d6f8e80daab49baaa299d15b95fd7c4bc7bfee263d1a94dadfb86a442667fc629a34fee7a600bf3c96aac82311639c4d5966f5219125c -EBUILD networkmanager-strongswan-1.5.2.ebuild 980 BLAKE2B 3959a82633cfefc13e9dd7d3ba9bda3925dde6e9df531c1ea612fc4075e8dd077c46964ecd5ead10393fc53747b207b474a810942b52ea3235ca3f8c2c1d0cbc SHA512 9cec1eb1a9e1955c4fa1a18aa3320739d4d9839f9c3757e44d1227a8cb1e093109add7e26c78566ea30aa6c327461b783382b28f7c06266cc82d336d81f630ab +EBUILD networkmanager-strongswan-1.5.2.ebuild 978 BLAKE2B b3b985a307cae9b27f24912b1a4592b4b32a84f1ea816747839ed24cd360c32c01e89f2cf7931a4cf9bd916a4f35b444ccd0f1db8bfe209eb9280770567167f3 SHA512 a86a679dc9615c53202357e0e956154364994eefde2deb65dfc634a927492d69aa7f2e202c7db827955537a8bd2ae8c4e30505ed8cbf57a80d700910b1762a82 MISC metadata.xml 250 BLAKE2B d57634b040c498296655940e3ee580c8580075a4190e2600113cee5548ff44a2025568380f3d5d9f3ca0fcd1ea5d41c9871395ffbcf4bd32d8df6a494852a885 SHA512 c225bdf339347a1768b255d905f3831904cdc375f3d4e90e41c68645b8bcfe2dfdf8e6aa4c67063103f459808a387c8edd9b35b073b8be175f7a3bd490fe3dca diff --git a/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.5.2.ebuild b/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.5.2.ebuild index 38d75a8c1745..545ed8ca1cab 100644 --- a/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.5.2.ebuild +++ b/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.5.2.ebuild @@ -14,7 +14,7 @@ SRC_URI="https://download.strongswan.org/${MY_PN}/${MY_P}.tar.bz2" LICENSE="GPL-2+" SLOT="0" -KEYWORDS="~amd64 ~x86" +KEYWORDS="amd64 x86" RDEPEND=" app-crypt/libsecret diff --git a/net-vpn/strongswan/Manifest b/net-vpn/strongswan/Manifest index f00eb5f906c8..3726dbe217e2 100644 --- a/net-vpn/strongswan/Manifest +++ b/net-vpn/strongswan/Manifest @@ -1,11 +1,6 @@ AUX ipsec 451 BLAKE2B deb3fff7043e04c1630119bb0cbbd6fa9b6f15666131ac9744a32d35cf3bc0629fe99cf9936b9cdb464627c1a8c121b8485f164166efda428825a55aab557d18 SHA512 d11ccc36ee89df5974547441fdb6c539dd3a7a5e235e318c1beddca7d4f5cace857f2dc75752e6fa913177eec9c3afcbed52de5bc08e8c314096d439cbc3bc6c -AUX strongswan-5.8.2-gcc-10.patch 1276 BLAKE2B 217fdbc9f858ce01ca13ccc3572d3ea7eae2d059ec6979e5263b919cee6da3eef2681a413265a1b78a267840d06341531d3676b9f5aa58717b577e976beeff5c SHA512 3762446b8bb0acce29882172afb826cc52be94187f28cbdb125be53a7b3c0f1229c1069194be7d96d7315ad056021d9271fe9f8b1d68980df6bc97ddc3d84aa7 -DIST strongswan-5.8.1.tar.bz2 4517921 BLAKE2B 07a82309515a054b267a063fc0e2f49fd03d16b221b1ee26a33c8d367df140797320e1ef7007a39074e40c472022d941656b3ae93d2eb860152cdc5a5d3dbc8a SHA512 630d24643b3d61e931bb25cdd083ad3c55f92fe41f3fcd3198012eee486fb3b1a16dc3f80936162afb7da9e471d45d92b7d183a00153a558babb2a79e5f6813f -DIST strongswan-5.8.2.tar.bz2 4533402 BLAKE2B edbfa8dbe1ac00c140cfe9e906ac7aa1b6f3ddfd528dec84e7b1799e5ecdd0f6114679168ebcff9185c8abae78b46dfc43ddc4dabecd44f720285bd175d7a249 SHA512 423e7924acfe8a03ad7d4359ae9086fd516798fcf5eb948a27b52ea719f4d8954b83ea30ce94191ea1647616611df8a1215cb4d5c7ec48676624df6c41853e1d DIST strongswan-5.8.4.tar.bz2 4546240 BLAKE2B f58f53a17c02924a3ad75bfadd5956f62098c41468ec5fe8d51bf0f0465c8936d8ca846a41a0b6ff6ac24ccd2229e726d3ea2b48904abf5743bbe766e5f5f81c SHA512 15e866b0d6cc4ea94f17856b519d926ae08c15d3b62f675f62685d0722ca8fa26b46afb1ad1c866e9d5f347d77a747f57d0c6d7f6bd57762f37d7798f9e28103 DIST strongswan-5.9.0.tar.bz2 4568404 BLAKE2B daf5cce5cbe12253f9ad201d89323ab7d54ba7ff466685b84830737689e4d417fbb97d053d8c9f3de5acb6dee9a192ebae48ec0d4aa07ba3c8969ee6d8f06ab3 SHA512 b982ce7c3e940ad75ab71b02ce3e2813b41c6b098cde5b6f3f3513d095f409fe989ae6e38a31eff51c57423bf452c3610cd5cd8cd7f45ff932581d9859df1821 -EBUILD strongswan-5.8.1.ebuild 9507 BLAKE2B 3912bd097b1c8f7d5b5aed00ff9396b2863ae3165f9f656e4dd6f0793f9b02d321115f23ad3c21558d6b2be13ebd6f14d28513209a703c61870b528cde566ec3 SHA512 17b8df9b5eab7c26425208e3d14d1b2596f3373d88314337cc2d397da574665d94bdca61a35ed6a143e5bc807f4b5514f7066841802a328b18f693c28e434fb9 -EBUILD strongswan-5.8.2.ebuild 9554 BLAKE2B 973ba926d32ac8d506925b2cabc0bc131571a4dd49627420bf0b8a528fedad36e2d734db07d66a5e0a24cf01a262398988b1854ad56c494e803622a66be16cb7 SHA512 f1b8267dfd94967a10d159a04c8aa9e1f558be69c30d6f6ce851845b25f6e87e0f788b079409ac2efdad1311b8d4ae7472ef6a9bb09a7fe1fe66a6ef4e16ad52 -EBUILD strongswan-5.8.4.ebuild 9515 BLAKE2B 9da89d7dffb55664c94178d028df11c60cef92ae98e95b15bfebced135eedebdc66ebdeec81a2df9b24368b229019d9bb300c4e1b5e757290566ee0316665bdb SHA512 4daf56011ff35db845d07ea6326f5243fadb821db8c97e06bca56189a188897a756657c4fc11ba324dedb63b74e0ad723316571173565ee9f43ef2595879f6af +EBUILD strongswan-5.8.4.ebuild 9514 BLAKE2B bb0b45236104e978ef0f168cf3cd1c7eb43a98d21b930127c5f8b94c37f04b5afda4a73e19b93b2d8594114cfac380a559c11b5a3d57c7b3a456a8e73b8d58af SHA512 a6e8bb0432ff86e5b3eb8fe2fe581c6aa90b68747dd25584ce4ae15ae0001803f64620ef8a672c8ed6e67db31ca1d8ba8ff225b56da66eec1318e64fdadb1a91 EBUILD strongswan-5.9.0.ebuild 9531 BLAKE2B 8b354f5e452e4a88bb55161b72a7df14b4c48568b94968b3ff01a18d65003ef899a51ed404efa7bd10df18d6653ca156ecd796a4b22aaa7987355fd5002e9cab SHA512 0e6325bd0a83b114f6b45638af1fe7a13c0d824bd353ef72767783861c80af3d7c1ea6dab2959113b881bbd8cc1fd007e13db05037dcf364181be4796643a071 MISC metadata.xml 4228 BLAKE2B 113700b03d706f7ca76cfb67c45dbd5a703f6c45aca08784f7665807c30d5539a9f60d42beb96b72618bbf3587238a3fa7f5a21c8c34550e8bd7f30f72e84cbb SHA512 86c2718a8db2da6f00f9c15bb3b0c7f72af5d6f86e977aae46a3f6a4bbd861e4d30dba15459cfa21fbb484a5818fc32183bd935acce29f30accdcca8b7ae31c9 diff --git a/net-vpn/strongswan/files/strongswan-5.8.2-gcc-10.patch b/net-vpn/strongswan/files/strongswan-5.8.2-gcc-10.patch deleted file mode 100644 index a7be11729c7f..000000000000 --- a/net-vpn/strongswan/files/strongswan-5.8.2-gcc-10.patch +++ /dev/null @@ -1,45 +0,0 @@ -https://bugs.gentoo.org/706408 -https://github.com/strongswan/strongswan/pull/163 - -From a1f73a67aed56628c4655caa1ae50a6a2e4ec639 Mon Sep 17 00:00:00 2001 -From: Sergei Trofimovich <slyfox@gentoo.org> -Date: Sun, 26 Jan 2020 11:03:27 +0000 -Subject: [PATCH] swanctl: fix build failure against gcc-10 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -On gcc-10 (and gcc-9 -fno-common) build fails as: - -``` -libtool: link: gcc ... -o .libs/swanctl ... -ld: commands/load_authorities.o:strongswan/src/swanctl/./swanctl.h:33: - multiple definition of `swanctl_dir'; commands/load_all.o:strongswan/src/swanctl/./swanctl.h:33: first defined here -``` - -gcc-10 will change the default from -fcommon to fno-common: -https://gcc.gnu.org/PR85678. - -The error also happens if CFLAGS=-fno-common passed explicitly. - -Reported-by: Toralf Förster -Bug: https://bugs.gentoo.org/706408 -Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> ---- - src/swanctl/swanctl.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/src/swanctl/swanctl.h -+++ b/src/swanctl/swanctl.h -@@ -30,7 +30,7 @@ - /** - * Base directory for credentials and config - */ --char *swanctl_dir; -+extern char *swanctl_dir; - - /** - * Configuration file for connections, etc. --- -2.25.0 - diff --git a/net-vpn/strongswan/strongswan-5.8.1.ebuild b/net-vpn/strongswan/strongswan-5.8.1.ebuild deleted file mode 100644 index 168a76a9f0d3..000000000000 --- a/net-vpn/strongswan/strongswan-5.8.1.ebuild +++ /dev/null @@ -1,308 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" -inherit linux-info systemd user - -DESCRIPTION="IPsec-based VPN solution, supporting IKEv1/IKEv2 and MOBIKE" -HOMEPAGE="https://www.strongswan.org/" -SRC_URI="https://download.strongswan.org/${P}.tar.bz2" - -LICENSE="GPL-2 RSA DES" -SLOT="0" -KEYWORDS="amd64 arm ppc ~ppc64 x86" -IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite systemd pam pkcs11" - -STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici" -STRONGSWAN_PLUGINS_OPT="aesni blowfish ccm chapoly ctr forecast gcm ha ipseckey newhope ntru padlock rdrand save-keys unbound whitelist" -for mod in $STRONGSWAN_PLUGINS_STD; do - IUSE="${IUSE} +strongswan_plugins_${mod}" -done - -for mod in $STRONGSWAN_PLUGINS_OPT; do - IUSE="${IUSE} strongswan_plugins_${mod}" -done - -COMMON_DEPEND="!net-misc/openswan - gmp? ( >=dev-libs/gmp-4.1.5:= ) - gcrypt? ( dev-libs/libgcrypt:0 ) - caps? ( sys-libs/libcap ) - curl? ( net-misc/curl ) - ldap? ( net-nds/openldap ) - openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist] ) - mysql? ( dev-db/mysql-connector-c:= ) - sqlite? ( >=dev-db/sqlite-3.3.1 ) - systemd? ( sys-apps/systemd ) - networkmanager? ( net-misc/networkmanager ) - pam? ( sys-libs/pam ) - strongswan_plugins_unbound? ( net-dns/unbound:= net-libs/ldns )" -DEPEND="${COMMON_DEPEND} - virtual/linux-sources - sys-kernel/linux-headers" -RDEPEND="${COMMON_DEPEND} - virtual/logger - sys-apps/iproute2 - !net-vpn/libreswan - selinux? ( sec-policy/selinux-ipsec )" - -UGID="ipsec" - -pkg_setup() { - linux-info_pkg_setup - - elog "Linux kernel version: ${KV_FULL}" - - if ! kernel_is -ge 2 6 16; then - eerror - eerror "This ebuild currently only supports ${PN} with the" - eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16." - eerror - fi - - if kernel_is -lt 2 6 34; then - ewarn - ewarn "IMPORTANT KERNEL NOTES: Please read carefully..." - ewarn - - if kernel_is -lt 2 6 29; then - ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to" - ewarn "include all required IPv6 modules even if you just intend" - ewarn "to run on IPv4 only." - ewarn - ewarn "This has been fixed with kernels >= 2.6.29." - ewarn - fi - - if kernel_is -lt 2 6 33; then - ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards" - ewarn "compliant implementation for SHA-2 HMAC support in ESP and" - ewarn "miss SHA384 and SHA512 HMAC support altogether." - ewarn - ewarn "If you need any of those features, please use kernel >= 2.6.33." - ewarn - fi - - if kernel_is -lt 2 6 34; then - ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only" - ewarn "ESP cipher is only included in kernels >= 2.6.34." - ewarn - ewarn "If you need it, please use kernel >= 2.6.34." - ewarn - fi - fi - - if use non-root; then - enewgroup ${UGID} - enewuser ${UGID} -1 -1 -1 ${UGID} - fi -} - -src_configure() { - local myconf="" - - if use non-root; then - myconf="${myconf} --with-user=${UGID} --with-group=${UGID}" - fi - - # If a user has already enabled db support, those plugins will - # most likely be desired as well. Besides they don't impose new - # dependencies and come at no cost (except for space). - if use mysql || use sqlite; then - myconf="${myconf} --enable-attr-sql --enable-sql" - fi - - # strongSwan builds and installs static libs by default which are - # useless to the user (and to strongSwan for that matter) because no - # header files or alike get installed... so disabling them is safe. - if use pam && use eap; then - myconf="${myconf} --enable-eap-gtc" - else - myconf="${myconf} --disable-eap-gtc" - fi - - for mod in $STRONGSWAN_PLUGINS_STD; do - if use strongswan_plugins_${mod}; then - myconf+=" --enable-${mod}" - fi - done - - for mod in $STRONGSWAN_PLUGINS_OPT; do - if use strongswan_plugins_${mod}; then - myconf+=" --enable-${mod}" - fi - done - - econf \ - --disable-static \ - --enable-ikev1 \ - --enable-ikev2 \ - --enable-swanctl \ - --enable-socket-dynamic \ - $(use_enable curl) \ - $(use_enable constraints) \ - $(use_enable ldap) \ - $(use_enable debug leak-detective) \ - $(use_enable dhcp) \ - $(use_enable eap eap-sim) \ - $(use_enable eap eap-sim-file) \ - $(use_enable eap eap-simaka-sql) \ - $(use_enable eap eap-simaka-pseudonym) \ - $(use_enable eap eap-simaka-reauth) \ - $(use_enable eap eap-identity) \ - $(use_enable eap eap-md5) \ - $(use_enable eap eap-aka) \ - $(use_enable eap eap-aka-3gpp2) \ - $(use_enable eap md4) \ - $(use_enable eap eap-mschapv2) \ - $(use_enable eap eap-radius) \ - $(use_enable eap eap-tls) \ - $(use_enable eap eap-ttls) \ - $(use_enable eap xauth-eap) \ - $(use_enable eap eap-dynamic) \ - $(use_enable farp) \ - $(use_enable gmp) \ - $(use_enable gcrypt) \ - $(use_enable mysql) \ - $(use_enable networkmanager nm) \ - $(use_enable openssl) \ - $(use_enable pam xauth-pam) \ - $(use_enable pkcs11) \ - $(use_enable sqlite) \ - $(use_enable systemd) \ - $(use_with caps capabilities libcap) \ - --with-piddir=/run \ - --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \ - ${myconf} -} - -src_install() { - emake DESTDIR="${D}" install - - if ! use systemd; then - rm -rf "${ED}"/lib/systemd || die - fi - - doinitd "${FILESDIR}"/ipsec - - local dir_ugid - if use non-root; then - fowners ${UGID}:${UGID} \ - /etc/ipsec.conf \ - /etc/strongswan.conf - - dir_ugid="${UGID}" - else - dir_ugid="root" - fi - - diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid} - dodir /etc/ipsec.d \ - /etc/ipsec.d/aacerts \ - /etc/ipsec.d/acerts \ - /etc/ipsec.d/cacerts \ - /etc/ipsec.d/certs \ - /etc/ipsec.d/crls \ - /etc/ipsec.d/ocspcerts \ - /etc/ipsec.d/private \ - /etc/ipsec.d/reqs - - dodoc NEWS README TODO - - # shared libs are used only internally and there are no static libs, - # so it's safe to get rid of the .la files - find "${D}" -name '*.la' -delete || die "Failed to remove .la files." -} - -pkg_preinst() { - has_version "<net-vpn/strongswan-4.3.6-r1" - upgrade_from_leq_4_3_6=$(( !$? )) - - has_version "<net-vpn/strongswan-4.3.6-r1[-caps]" - previous_4_3_6_with_caps=$(( !$? )) -} - -pkg_postinst() { - if ! use openssl && ! use gcrypt; then - elog - elog "${PN} has been compiled without both OpenSSL and libgcrypt support." - elog "Please note that this might effect availability and speed of some" - elog "cryptographic features. You are advised to enable the OpenSSL plugin." - elif ! use openssl; then - elog - elog "${PN} has been compiled without the OpenSSL plugin. This might effect" - elog "availability and speed of some cryptographic features. There will be" - elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21," - elog "25, 26) and ECDSA." - fi - - if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then - chmod 0750 "${ROOT}"/etc/ipsec.d \ - "${ROOT}"/etc/ipsec.d/aacerts \ - "${ROOT}"/etc/ipsec.d/acerts \ - "${ROOT}"/etc/ipsec.d/cacerts \ - "${ROOT}"/etc/ipsec.d/certs \ - "${ROOT}"/etc/ipsec.d/crls \ - "${ROOT}"/etc/ipsec.d/ocspcerts \ - "${ROOT}"/etc/ipsec.d/private \ - "${ROOT}"/etc/ipsec.d/reqs - - ewarn - ewarn "The default permissions for /etc/ipsec.d/* have been tightened for" - ewarn "security reasons. Your system installed directories have been" - ewarn "updated accordingly. Please check if necessary." - ewarn - - if [[ $previous_4_3_6_with_caps == 1 ]]; then - if ! use non-root; then - ewarn - ewarn "IMPORTANT: You previously had ${PN} installed without root" - ewarn "privileges because it was implied by the 'caps' USE flag." - ewarn "This has been changed. If you want ${PN} with user privileges," - ewarn "you have to re-emerge it with the 'non-root' USE flag enabled." - ewarn - fi - fi - fi - if ! use caps && ! use non-root; then - ewarn - ewarn "You have decided to run ${PN} with root privileges and built it" - ewarn "without support for POSIX capability dropping. It is generally" - ewarn "strongly suggested that you reconsider- especially if you intend" - ewarn "to run ${PN} as server with a public ip address." - ewarn - ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled." - ewarn - fi - if use non-root; then - elog - elog "${PN} has been installed without superuser privileges (USE=non-root)." - elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'" - elog "but also a few to the IKEv2 daemon 'charon'." - elog - elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot" - elog - elog "pluto uses a helper script by default to insert/remove routing and" - elog "policy rules upon connection start/stop which requires superuser" - elog "privileges. charon in contrast does this internally and can do so" - elog "even with reduced (user) privileges." - elog - elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown" - elog "script to pluto or charon which requires superuser privileges, you" - elog "can work around this limitation by using sudo to grant the" - elog "user \"ipsec\" the appropriate rights." - elog "For example (the default case):" - elog "/etc/sudoers:" - elog " ipsec ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/ipsec" - elog "Under the specific connection block in /etc/ipsec.conf:" - elog " leftupdown=\"sudo -E ipsec _updown iptables\"" - elog - fi - elog - elog "Make sure you have _all_ required kernel modules available including" - elog "the appropriate cryptographic algorithms. A list is available at:" - elog " http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules" - elog - elog "The up-to-date manual is available online at:" - elog " http://wiki.strongswan.org/" - elog -} diff --git a/net-vpn/strongswan/strongswan-5.8.2.ebuild b/net-vpn/strongswan/strongswan-5.8.2.ebuild deleted file mode 100644 index bfcd20769ca0..000000000000 --- a/net-vpn/strongswan/strongswan-5.8.2.ebuild +++ /dev/null @@ -1,310 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" -inherit linux-info systemd user - -DESCRIPTION="IPsec-based VPN solution, supporting IKEv1/IKEv2 and MOBIKE" -HOMEPAGE="https://www.strongswan.org/" -SRC_URI="https://download.strongswan.org/${P}.tar.bz2" - -LICENSE="GPL-2 RSA DES" -SLOT="0" -KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86" -IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite systemd pam pkcs11" - -STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici" -STRONGSWAN_PLUGINS_OPT="aesni blowfish ccm chapoly ctr forecast gcm ha ipseckey newhope ntru padlock rdrand save-keys unbound whitelist" -for mod in $STRONGSWAN_PLUGINS_STD; do - IUSE="${IUSE} +strongswan_plugins_${mod}" -done - -for mod in $STRONGSWAN_PLUGINS_OPT; do - IUSE="${IUSE} strongswan_plugins_${mod}" -done - -COMMON_DEPEND="!net-misc/openswan - gmp? ( >=dev-libs/gmp-4.1.5:= ) - gcrypt? ( dev-libs/libgcrypt:0 ) - caps? ( sys-libs/libcap ) - curl? ( net-misc/curl ) - ldap? ( net-nds/openldap ) - openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist] ) - mysql? ( dev-db/mysql-connector-c:= ) - sqlite? ( >=dev-db/sqlite-3.3.1 ) - systemd? ( sys-apps/systemd ) - networkmanager? ( net-misc/networkmanager ) - pam? ( sys-libs/pam ) - strongswan_plugins_unbound? ( net-dns/unbound:= net-libs/ldns )" -DEPEND="${COMMON_DEPEND} - virtual/linux-sources - sys-kernel/linux-headers" -RDEPEND="${COMMON_DEPEND} - virtual/logger - sys-apps/iproute2 - !net-vpn/libreswan - selinux? ( sec-policy/selinux-ipsec )" - -PATCHES=("${FILESDIR}"/${P}-gcc-10.patch) - -UGID="ipsec" - -pkg_setup() { - linux-info_pkg_setup - - elog "Linux kernel version: ${KV_FULL}" - - if ! kernel_is -ge 2 6 16; then - eerror - eerror "This ebuild currently only supports ${PN} with the" - eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16." - eerror - fi - - if kernel_is -lt 2 6 34; then - ewarn - ewarn "IMPORTANT KERNEL NOTES: Please read carefully..." - ewarn - - if kernel_is -lt 2 6 29; then - ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to" - ewarn "include all required IPv6 modules even if you just intend" - ewarn "to run on IPv4 only." - ewarn - ewarn "This has been fixed with kernels >= 2.6.29." - ewarn - fi - - if kernel_is -lt 2 6 33; then - ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards" - ewarn "compliant implementation for SHA-2 HMAC support in ESP and" - ewarn "miss SHA384 and SHA512 HMAC support altogether." - ewarn - ewarn "If you need any of those features, please use kernel >= 2.6.33." - ewarn - fi - - if kernel_is -lt 2 6 34; then - ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only" - ewarn "ESP cipher is only included in kernels >= 2.6.34." - ewarn - ewarn "If you need it, please use kernel >= 2.6.34." - ewarn - fi - fi - - if use non-root; then - enewgroup ${UGID} - enewuser ${UGID} -1 -1 -1 ${UGID} - fi -} - -src_configure() { - local myconf="" - - if use non-root; then - myconf="${myconf} --with-user=${UGID} --with-group=${UGID}" - fi - - # If a user has already enabled db support, those plugins will - # most likely be desired as well. Besides they don't impose new - # dependencies and come at no cost (except for space). - if use mysql || use sqlite; then - myconf="${myconf} --enable-attr-sql --enable-sql" - fi - - # strongSwan builds and installs static libs by default which are - # useless to the user (and to strongSwan for that matter) because no - # header files or alike get installed... so disabling them is safe. - if use pam && use eap; then - myconf="${myconf} --enable-eap-gtc" - else - myconf="${myconf} --disable-eap-gtc" - fi - - for mod in $STRONGSWAN_PLUGINS_STD; do - if use strongswan_plugins_${mod}; then - myconf+=" --enable-${mod}" - fi - done - - for mod in $STRONGSWAN_PLUGINS_OPT; do - if use strongswan_plugins_${mod}; then - myconf+=" --enable-${mod}" - fi - done - - econf \ - --disable-static \ - --enable-ikev1 \ - --enable-ikev2 \ - --enable-swanctl \ - --enable-socket-dynamic \ - $(use_enable curl) \ - $(use_enable constraints) \ - $(use_enable ldap) \ - $(use_enable debug leak-detective) \ - $(use_enable dhcp) \ - $(use_enable eap eap-sim) \ - $(use_enable eap eap-sim-file) \ - $(use_enable eap eap-simaka-sql) \ - $(use_enable eap eap-simaka-pseudonym) \ - $(use_enable eap eap-simaka-reauth) \ - $(use_enable eap eap-identity) \ - $(use_enable eap eap-md5) \ - $(use_enable eap eap-aka) \ - $(use_enable eap eap-aka-3gpp2) \ - $(use_enable eap md4) \ - $(use_enable eap eap-mschapv2) \ - $(use_enable eap eap-radius) \ - $(use_enable eap eap-tls) \ - $(use_enable eap eap-ttls) \ - $(use_enable eap xauth-eap) \ - $(use_enable eap eap-dynamic) \ - $(use_enable farp) \ - $(use_enable gmp) \ - $(use_enable gcrypt) \ - $(use_enable mysql) \ - $(use_enable networkmanager nm) \ - $(use_enable openssl) \ - $(use_enable pam xauth-pam) \ - $(use_enable pkcs11) \ - $(use_enable sqlite) \ - $(use_enable systemd) \ - $(use_with caps capabilities libcap) \ - --with-piddir=/run \ - --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \ - ${myconf} -} - -src_install() { - emake DESTDIR="${D}" install - - if ! use systemd; then - rm -rf "${ED}"/lib/systemd || die - fi - - doinitd "${FILESDIR}"/ipsec - - local dir_ugid - if use non-root; then - fowners ${UGID}:${UGID} \ - /etc/ipsec.conf \ - /etc/strongswan.conf - - dir_ugid="${UGID}" - else - dir_ugid="root" - fi - - diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid} - dodir /etc/ipsec.d \ - /etc/ipsec.d/aacerts \ - /etc/ipsec.d/acerts \ - /etc/ipsec.d/cacerts \ - /etc/ipsec.d/certs \ - /etc/ipsec.d/crls \ - /etc/ipsec.d/ocspcerts \ - /etc/ipsec.d/private \ - /etc/ipsec.d/reqs - - dodoc NEWS README TODO - - # shared libs are used only internally and there are no static libs, - # so it's safe to get rid of the .la files - find "${D}" -name '*.la' -delete || die "Failed to remove .la files." -} - -pkg_preinst() { - has_version "<net-vpn/strongswan-4.3.6-r1" - upgrade_from_leq_4_3_6=$(( !$? )) - - has_version "<net-vpn/strongswan-4.3.6-r1[-caps]" - previous_4_3_6_with_caps=$(( !$? )) -} - -pkg_postinst() { - if ! use openssl && ! use gcrypt; then - elog - elog "${PN} has been compiled without both OpenSSL and libgcrypt support." - elog "Please note that this might effect availability and speed of some" - elog "cryptographic features. You are advised to enable the OpenSSL plugin." - elif ! use openssl; then - elog - elog "${PN} has been compiled without the OpenSSL plugin. This might effect" - elog "availability and speed of some cryptographic features. There will be" - elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21," - elog "25, 26) and ECDSA." - fi - - if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then - chmod 0750 "${ROOT}"/etc/ipsec.d \ - "${ROOT}"/etc/ipsec.d/aacerts \ - "${ROOT}"/etc/ipsec.d/acerts \ - "${ROOT}"/etc/ipsec.d/cacerts \ - "${ROOT}"/etc/ipsec.d/certs \ - "${ROOT}"/etc/ipsec.d/crls \ - "${ROOT}"/etc/ipsec.d/ocspcerts \ - "${ROOT}"/etc/ipsec.d/private \ - "${ROOT}"/etc/ipsec.d/reqs - - ewarn - ewarn "The default permissions for /etc/ipsec.d/* have been tightened for" - ewarn "security reasons. Your system installed directories have been" - ewarn "updated accordingly. Please check if necessary." - ewarn - - if [[ $previous_4_3_6_with_caps == 1 ]]; then - if ! use non-root; then - ewarn - ewarn "IMPORTANT: You previously had ${PN} installed without root" - ewarn "privileges because it was implied by the 'caps' USE flag." - ewarn "This has been changed. If you want ${PN} with user privileges," - ewarn "you have to re-emerge it with the 'non-root' USE flag enabled." - ewarn - fi - fi - fi - if ! use caps && ! use non-root; then - ewarn - ewarn "You have decided to run ${PN} with root privileges and built it" - ewarn "without support for POSIX capability dropping. It is generally" - ewarn "strongly suggested that you reconsider- especially if you intend" - ewarn "to run ${PN} as server with a public ip address." - ewarn - ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled." - ewarn - fi - if use non-root; then - elog - elog "${PN} has been installed without superuser privileges (USE=non-root)." - elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'" - elog "but also a few to the IKEv2 daemon 'charon'." - elog - elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot" - elog - elog "pluto uses a helper script by default to insert/remove routing and" - elog "policy rules upon connection start/stop which requires superuser" - elog "privileges. charon in contrast does this internally and can do so" - elog "even with reduced (user) privileges." - elog - elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown" - elog "script to pluto or charon which requires superuser privileges, you" - elog "can work around this limitation by using sudo to grant the" - elog "user \"ipsec\" the appropriate rights." - elog "For example (the default case):" - elog "/etc/sudoers:" - elog " ipsec ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/ipsec" - elog "Under the specific connection block in /etc/ipsec.conf:" - elog " leftupdown=\"sudo -E ipsec _updown iptables\"" - elog - fi - elog - elog "Make sure you have _all_ required kernel modules available including" - elog "the appropriate cryptographic algorithms. A list is available at:" - elog " http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules" - elog - elog "The up-to-date manual is available online at:" - elog " http://wiki.strongswan.org/" - elog -} diff --git a/net-vpn/strongswan/strongswan-5.8.4.ebuild b/net-vpn/strongswan/strongswan-5.8.4.ebuild index 201d9f38df77..38463dfcf54e 100644 --- a/net-vpn/strongswan/strongswan-5.8.4.ebuild +++ b/net-vpn/strongswan/strongswan-5.8.4.ebuild @@ -10,7 +10,7 @@ SRC_URI="https://download.strongswan.org/${P}.tar.bz2" LICENSE="GPL-2 RSA DES" SLOT="0" -KEYWORDS="amd64 arm ~arm64 ~ppc ~ppc64 x86" +KEYWORDS="amd64 arm ~arm64 ppc ~ppc64 x86" IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite systemd pam pkcs11" STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici" diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest index e7d310678650..6e3beee35970 100644 --- a/net-vpn/tor/Manifest +++ b/net-vpn/tor/Manifest @@ -8,6 +8,6 @@ DIST tor-0.4.2.8.tar.gz 7610427 BLAKE2B 5b637047f4944e97350ef1354f61ed6ac611a166 DIST tor-0.4.3.6.tar.gz 7745954 BLAKE2B 3b04b2c79281483ef72421f8f5bfbc4f48358b6d38c151470eea7ea9bd2666e7098fe3fb0887d551f796443718791a3a464b007669c96e6bbcce7d7fc4c25d3a SHA512 f4ab0788d27b3eab40853dde31eaf087ac84616fc3488973e7d01f4dbd3e71ba6ce3a3afcf0c6272223897d0a9c1556aa26dbc4d9b98cc5b43dd729d20a2fcca DIST tor-0.4.4.4-rc.tar.gz 7795842 BLAKE2B 0e6774815208a6f5531671bf270caa009a6336f38f611e34244835c2f8fba7d884cf60a53221984665a44229e8b828330b258c9dd3b5ac99c80c5c801d159f31 SHA512 73ebc346ba3deb118efbd4d8f1a48fdb700c65723acb211a7ec16d756c12c9171f4d5bb8ae07862a337c77cc7e20f44dbeef5c2232b4973f0a47be623d9feb6b EBUILD tor-0.4.2.8.ebuild 2281 BLAKE2B feb38bdd43a223cdad0544ccb9c3b6bfa090070d7653fd01679b2a271237074715bf5da25f2d9304c66d03a69a274c9c9d2273d37e484ffc228a58c66634822a SHA512 f2801fd1f4b739df5ec280925b1a3f83ea2436d3afed1abbdce1e7750f5d6f3dfd647b865fba460524b3b18b1692a47c152b934fa750c60365592420587308ab -EBUILD tor-0.4.3.6.ebuild 2366 BLAKE2B 70e491cecac923f91bf5b088df6a7e1db41fa3ced75d263af5ead3b7698575d27dc1c274ab4f0bbbf83b14d53d6be5aed48c838c2f7116483eac8384b384787e SHA512 e0df14a1601b1f016e49b647421c8648f6503f3e02d690495b5c68bcfe48f516db97dea9a5fb3db260db739050a492e3b1ee18ca333146f572e5aacb14ca89c5 +EBUILD tor-0.4.3.6.ebuild 2363 BLAKE2B e42103419090a96fde8c77b9ab4df41cc69d1411cea21d409b298b8c1913afe2c01bb88e8fca09a095a8c5ab0cee1dd6f2c7f1d5eacd223881bab5c58eb33ac9 SHA512 92bbb573a3303350652300beee5f870e083176397e7ce5f486544ec2e228e7e97829e445a38c72bb3a53d2588d5a2493b0a33a223e5a14fa830201d6da28af0e EBUILD tor-0.4.4.4_rc.ebuild 2402 BLAKE2B 2ddd16fb2589331bdca30872700afe444bc8f7b6165b190dd359b7b1d064fd63895e226b2759e72be088b7ba03ec753f9d3c258d96cdeab3de4bfcea4a072e95 SHA512 94d4a5287088bd3a4bcd700e983091d0c11d917a001194049d87ed85f0ac21c487c420f95302caeb69ebab7e434df4ea45a4b4d84a4fa1d2696652b482b22b85 MISC metadata.xml 603 BLAKE2B ec373768719960730196a7c66d762b8fb1d4b215d98ff963bb610f4eb2ccb5dde4134306bf467af9463de4640d1da50364dbeee31ac1b3facba0c484519d1f86 SHA512 c7877f120e63daf302fe3cf0b153a6a3488dffab7c05cb254a9a0c95a8b578bc72623bf12ed32790ef8abc02c692b445c068645bd1fb45b8478e6daa4e0a4542 diff --git a/net-vpn/tor/tor-0.4.3.6.ebuild b/net-vpn/tor/tor-0.4.3.6.ebuild index 48e00f892b0f..cb87e6f0fc37 100644 --- a/net-vpn/tor/tor-0.4.3.6.ebuild +++ b/net-vpn/tor/tor-0.4.3.6.ebuild @@ -15,7 +15,7 @@ S="${WORKDIR}/${MY_PF}" LICENSE="BSD GPL-2" SLOT="0" -KEYWORDS="amd64 arm arm64 ~mips ~ppc ~ppc64 ~x86 ~ppc-macos" +KEYWORDS="amd64 arm arm64 ~mips ppc ppc64 x86 ~ppc-macos" IUSE="caps doc libressl lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd" DEPEND=" |