diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2020-11-25 22:39:15 +0000 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2020-11-25 22:39:15 +0000 |
| commit | d934827bf44b7cfcf6711964418148fa60877668 (patch) | |
| tree | 0625f358789b5e015e49db139cc1dbc9be00428f /net-vpn | |
| parent | 2e34d110f164bf74d55fced27fe0000201b3eec5 (diff) | |
gentoo resync : 25.11.2020
Diffstat (limited to 'net-vpn')
49 files changed, 1317 insertions, 1577 deletions
diff --git a/net-vpn/6tunnel/6tunnel-0.12.ebuild b/net-vpn/6tunnel/6tunnel-0.12.ebuild deleted file mode 100644 index a159170ed1c3..000000000000 --- a/net-vpn/6tunnel/6tunnel-0.12.ebuild +++ /dev/null @@ -1,13 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -DESCRIPTION="TCP proxy for applications that don't speak IPv6" -HOMEPAGE="https://github.com/wojtekka/6tunnel" -SRC_URI="https://github.com/wojtekka/${PN}/releases/download/${PV}/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 ~s390 x86" -IUSE="" diff --git a/net-vpn/6tunnel/6tunnel-0.13.ebuild b/net-vpn/6tunnel/6tunnel-0.13.ebuild index 2947248fbbae..7b1c7485ecae 100644 --- a/net-vpn/6tunnel/6tunnel-0.13.ebuild +++ b/net-vpn/6tunnel/6tunnel-0.13.ebuild @@ -5,9 +5,12 @@ EAPI=7 DESCRIPTION="TCP proxy for applications that don't speak IPv6" HOMEPAGE="https://github.com/wojtekka/6tunnel" -SRC_URI="https://github.com/wojtekka/${PN}/releases/download/${PV}/${P}.tar.gz" +SRC_URI="https://github.com/wojtekka/6tunnel/releases/download/${PV}/${P}.tar.gz" LICENSE="GPL-2" SLOT="0" -KEYWORDS="~amd64 ~s390 ~x86" -IUSE="" +KEYWORDS="amd64 ~s390 x86" + +PATCHES=( + "${FILESDIR}/${P}-test.patch" +) diff --git a/net-vpn/6tunnel/Manifest b/net-vpn/6tunnel/Manifest index 7b83f7d235f6..5e6543d90a50 100644 --- a/net-vpn/6tunnel/Manifest +++ b/net-vpn/6tunnel/Manifest @@ -1,5 +1,4 @@ -DIST 6tunnel-0.12.tar.gz 96364 BLAKE2B 3c36cc4fc632bcb0136981dace4ae46d2823901eb92d0f82b58b801ad139879b0e2ca129099a651bc51dc8f29aa3db89a0be62d7dabda87d66361474558b66a1 SHA512 56c5b8b285c730e25a1bd57a37fc6d169c4c54a842e7763a1580231158858a098b8eb5549dd8adf0c5ae4516cce9c70b00ae82f27b6e152ca10eba7681b8808b +AUX 6tunnel-0.13-test.patch 3041 BLAKE2B c942ef9d53874a4e5048e8e3bc3366d08a164afd9da0bacbdc9aa7e5fb70a4e9f074f68c968c889fc126d4952237409740924ad4c010db42a948a480f93e6919 SHA512 564de163518cd67a46c04c6dbbd0400e82f6d1fc4035b16fefb430d3c99613c5d840ddb06543a3eeb26b096f2a4f2f9dc10924376b963d44e35bfe8466d9a028 DIST 6tunnel-0.13.tar.gz 103054 BLAKE2B 4aa10cd798ff3e3ab1e78bf3497c007e63a3e0cef094f507976fa495e6b544601cd9a231b828fc21db35a45e67a9dc4f13b1339e82d4f198c842c9b1177b95ad SHA512 e495b561e2fe4483417cf44291d729377fe02123f21b7d58b9aed294c676392d860de7474b6bcb4e3e4ffdcd87752ee1af070dfbab028b5de5adb778b0241f72 -EBUILD 6tunnel-0.12.ebuild 364 BLAKE2B 780fd8c0fce16a2ed6d05e49228bb5f1b67b0b7450895801522161d62823e30e2429e1faafa63ad514f2220f08b5fd0f45a37c4debfea4502346d92853732f47 SHA512 dea90ebbbd893ab828af9359c02489bca73c2e4736242a402ef6a0ce26b96e0fb79b0f81c14fed3b2b1d7b4f0ab314f7485d7ce33f08d185c7c9d41f8bd5f630 -EBUILD 6tunnel-0.13.ebuild 366 BLAKE2B b3c1979060b404e9285fd63dec26049e3077670c2dc989906da0bbd42025d36edd545101177a0fb85f04434941617909d341d69d68273e1e8af87d437db7ef06 SHA512 ea76a73975f2767e584bd245b7269c2e92d4573612518f214a52ab04050ad76a8bdf01c4ca70a9b460e3e10eff3664761d4d4a5d6775e7a875d65d96aefa494a +EBUILD 6tunnel-0.13.ebuild 402 BLAKE2B d0a3bc2570d4977864db9cd66bf24153e54deea2700bb3cbae1dc121bdf10d23e051b6a1288fb57974a73cf18b545310495fa6bd047f1d5b1f372c4f1d75f1e9 SHA512 13d0a4f8d4e71f687a76af41300a5c966920eef289dd67dc8855372a3ab74a5ba385581ce954461133e0d701889b289e299d721533c5e5a860fe83b8b48e9954 MISC metadata.xml 368 BLAKE2B 66dc904d7524c2f61313445e7dfe583df69a6bfbbdd1ec8b4203206ec47bb178bb2c5bdacb618cfe47409fb0328ab32e6a6bff123725ed1088e9f2422b4c9e26 SHA512 1a6a98313e5a0e60c51174622e8b96d1b25b0a9b6060a55b1ec18690bf8def973f70c6597077663ab518f4d8135bf7ea114052be801b324e91f80d2580fa7914 diff --git a/net-vpn/6tunnel/files/6tunnel-0.13-test.patch b/net-vpn/6tunnel/files/6tunnel-0.13-test.patch new file mode 100644 index 000000000000..1cac66ea73cf --- /dev/null +++ b/net-vpn/6tunnel/files/6tunnel-0.13-test.patch @@ -0,0 +1,56 @@ +From 9e4119f03f57eec67b97dddbf09d363b638791dc Mon Sep 17 00:00:00 2001 +From: Wojtek Kaniewski <wojtekka@toxygen.net> +Date: Fri, 18 Sep 2020 20:36:19 +0200 +Subject: [PATCH] Move test script to Python 3 + +--- + test.py | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/test.py b/test.py +index c56feca..4a754bd 100755 +--- a/test.py ++++ b/test.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + + import os + import socket +@@ -8,7 +8,7 @@ import select + (SUCCESS, COMMAND_FAIL, CONNECT_FAIL, DISCONNECT, ACCEPT_FAIL, DATA_MISMATCH) = range(6) + labels = ["success", "command fail", "connection fail", "disconnection", "accept fail", "data mismatch"] + +-def test(expect, client_af, server_af, from_ip, to_ip, args="", client_sends_first="NICK nick\r\n", server_receives="NICK nick\r\n", app_responds="", app_inserts="", server_sends_then=":localhost 001 nick :Welcome\r\n"): ++def test(expect, client_af, server_af, from_ip, to_ip, args="", client_sends_first=b"NICK nick\r\n", server_receives=b"NICK nick\r\n", app_responds=b"", app_inserts=b"", server_sends_then=b":localhost 001 nick :Welcome\r\n"): + # Open and close a socket to get random port available + + client_sock = socket.socket(client_af, socket.SOCK_STREAM, 0) +@@ -26,7 +26,7 @@ def test(expect, client_af, server_af, from_ip, to_ip, args="", client_sends_fir + server_port = server_sock.getsockname()[1] + + all_args = "-1 %s %d %s %d" % (args, client_port, to_ip, server_port) +- print "Running with %s" % all_args ++ print ("Running with %s" % all_args) + if os.system("./6tunnel " + all_args) != 0: + if expect != COMMAND_FAIL: + raise Exception("expected %s yet command failed" % labels[expect]) +@@ -139,11 +139,11 @@ test(COMMAND_FAIL, socket.AF_INET6, socket.AF_INET6, '::1', '::1', '-6 -s 127.0. + + # Test IRC password options + +-test(SUCCESS, socket.AF_INET, socket.AF_INET6, '127.0.0.1', '::1', '-I password', app_inserts="PASS password\r\n") ++test(SUCCESS, socket.AF_INET, socket.AF_INET6, '127.0.0.1', '::1', '-I password', app_inserts=b"PASS password\r\n") + +-test(ACCEPT_FAIL, socket.AF_INET, socket.AF_INET6, '127.0.0.1', '::1', '-i password', client_sends_first="NICK nick\r\n") ++test(ACCEPT_FAIL, socket.AF_INET, socket.AF_INET6, '127.0.0.1', '::1', '-i password', client_sends_first=b"NICK nick\r\n") + +-test(ACCEPT_FAIL, socket.AF_INET, socket.AF_INET6, '127.0.0.1', '::1', '-i password', client_sends_first="PASS invalid\r\nNICK nick\r\n", app_responds=":6tunnel 464 * :Password incorrect\r\n") ++test(ACCEPT_FAIL, socket.AF_INET, socket.AF_INET6, '127.0.0.1', '::1', '-i password', client_sends_first=b"PASS invalid\r\nNICK nick\r\n", app_responds=b":6tunnel 464 * :Password incorrect\r\n") + +-test(SUCCESS, socket.AF_INET, socket.AF_INET6, '127.0.0.1', '::1', '-i password', client_sends_first="PASS password\r\nNICK nick\r\n") ++test(SUCCESS, socket.AF_INET, socket.AF_INET6, '127.0.0.1', '::1', '-i password', client_sends_first=b"PASS password\r\nNICK nick\r\n") + +-- +2.26.2 + diff --git a/net-vpn/Manifest.gz b/net-vpn/Manifest.gz Binary files differindex 7a334298c8ff..03f05a975434 100644 --- a/net-vpn/Manifest.gz +++ b/net-vpn/Manifest.gz diff --git a/net-vpn/freelan/Manifest b/net-vpn/freelan/Manifest deleted file mode 100644 index c9db62981504..000000000000 --- a/net-vpn/freelan/Manifest +++ /dev/null @@ -1,6 +0,0 @@ -AUX freelan-2.2-boost-1.70-asio.patch 805 BLAKE2B f5f920d7ece3b33b4b06e014db4fa776b4804698579618859c11ff65359a3ea5ba4395fde30ff4ac960d17d5d838c6b6c1f254e432a2ec799fdb417f4f3f5097 SHA512 19a23501b1fcb9e6fa655c5ec948f52a0e782e95cd66cbe39abf50a3a7ca5a2775db365bfe296a48cb34f322a4c53c9dca1a1a2ec3a581f2e0ac6115ec4fd238 -AUX freelan-2.2-boost-1.70.patch 2161 BLAKE2B 117652cf276c8a3f51142170e013595c0842dc0572935d4e04f10c5d725adb7921200bb891de55eb042cddb71a2cfddbd0d614081576910cb82d9eef0b399c41 SHA512 6ee657fbfe90f71b672a425103b972af2fa2692dd90b88e991bc8013a25dfa6fd8e2ed91bf106d219333ee56b92cc02eedc378b93b497c11008a152d05d0481a -AUX openrc/freelan.initd 260 BLAKE2B d4e8fe25be6935e392fd940ff4509568a9c4e2666ea47998a705f0b7f304e90e14c095856d320b868c544e1f22269898466d2ab5ac9ec6c6098b631ab37a7927 SHA512 72bdad57ae939226fcf75e6a99631634b190413f946eb5a165f870ffb1bdac33050f04fb4cde347c64c0ccd86c7e4800c5b6671ec86ad3fb88ee791f1c509fac -DIST freelan-2.2.tar.gz 3071919 BLAKE2B d63cc4133e6c4a55a966d605150c30566b23c3ca69d8eb2df2cd7dd23e2b6325a3b809c4d3c1c6db649988643ab5dd294f11ef90b5b849ad3f9c4c6f4789083f SHA512 e44ffcec6d85f8d2e46ed29267e0b198589009b0bc131bc6fcaa35f21e47b5db13d6ebeb83d7fee7f5baa9c91bd709d37039fd4e66f8f1720521a82d9241dfc0 -EBUILD freelan-2.2.ebuild 1334 BLAKE2B 888fff55bbb2522dc14e1456febcb5b26353cccd5b92c737c915a799a13d8f28a6281fa9b49f443fecc30b103c4fe1a5deaf95f0749a09e639727ba4a282a741 SHA512 042ab04708af750e3e14da45bb00ca5c34cb68c2502285943f2c5c491f16cc1be4a3d67c7b9a2153cafd407d2eeabaf531025049865ad88db2e5e9dd91e1bc50 -MISC metadata.xml 340 BLAKE2B 0357b1c5d1b93bc0eda1ef8fab979eff07eff843168adcf3c81ca210d129b8ff84167704c49c2d1940e4e9aea0ac50f11ec80da36a88e988cb66c8b7b109684b SHA512 864027adfa1b5b2947c04b737a862aabb9dee4f411d837489cad78bd0e46cd92d31a71ee1167dc938ec0dd23d8005dc1255df6d1b21820f05c3b420f1e280608 diff --git a/net-vpn/freelan/files/freelan-2.2-boost-1.70-asio.patch b/net-vpn/freelan/files/freelan-2.2-boost-1.70-asio.patch deleted file mode 100644 index 2410ad06f6c5..000000000000 --- a/net-vpn/freelan/files/freelan-2.2-boost-1.70-asio.patch +++ /dev/null @@ -1,25 +0,0 @@ -From a3e4150d6df690ea083a74f2e66894dc2af0cd9e Mon Sep 17 00:00:00 2001 -From: QuantumEntangledAndy <sheepchaan@gmail.com> -Date: Sat, 8 Jun 2019 10:10:10 +0700 -Subject: [PATCH] Fix for boost versions less than 1.66 - ---- - libs/fscp/include/fscp/server.hpp | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/libs/fscp/include/fscp/server.hpp b/libs/fscp/include/fscp/server.hpp -index 2b18a595..1f4b30ee 100644 ---- a/libs/fscp/include/fscp/server.hpp -+++ b/libs/fscp/include/fscp/server.hpp -@@ -288,7 +288,11 @@ namespace fscp - */ - boost::asio::io_service& get_io_service() - { -+#if BOOST_ASIO_VERSION >= 101200 // Boost 1.66+ - return reinterpret_cast<boost::asio::io_context&>(get_socket().get_executor().context()); -+#else -+ return get_socket().get_io_service(); -+#endif - } - - /** diff --git a/net-vpn/freelan/files/freelan-2.2-boost-1.70.patch b/net-vpn/freelan/files/freelan-2.2-boost-1.70.patch deleted file mode 100644 index 1fa2bb48d658..000000000000 --- a/net-vpn/freelan/files/freelan-2.2-boost-1.70.patch +++ /dev/null @@ -1,50 +0,0 @@ -From d16490d00a47c8dcf008fa1b3219f54669716da3 Mon Sep 17 00:00:00 2001 -From: Sebastien Vincent <sebastien.vincent@cppextrem.com> -Date: Sun, 19 May 2019 17:57:07 +0200 -Subject: [PATCH] [build] Adds support for Boost >= 1.70. - ---- - libs/freelan/src/core.cpp | 2 +- - libs/fscp/include/fscp/server.hpp | 2 +- - libs/fscp/src/server.cpp | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/libs/freelan/src/core.cpp b/libs/freelan/src/core.cpp -index 840a522a..969ae305 100644 ---- a/libs/freelan/src/core.cpp -+++ b/libs/freelan/src/core.cpp -@@ -777,7 +777,7 @@ namespace freelan - - boost::apply_visitor( - asiotap::endpoint_async_resolve_visitor( -- boost::make_shared<resolver_type>(boost::ref(m_io_service)), -+ boost::make_shared<resolver_type>(m_io_service), - to_protocol(m_configuration.fscp.hostname_resolution_protocol), - resolver_query::address_configured, - DEFAULT_SERVICE, -diff --git a/libs/fscp/include/fscp/server.hpp b/libs/fscp/include/fscp/server.hpp -index 3766b4a3..2b18a595 100644 ---- a/libs/fscp/include/fscp/server.hpp -+++ b/libs/fscp/include/fscp/server.hpp -@@ -288,7 +288,7 @@ namespace fscp - */ - boost::asio::io_service& get_io_service() - { -- return get_socket().get_io_service(); -+ return reinterpret_cast<boost::asio::io_context&>(get_socket().get_executor().context()); - } - - /** -diff --git a/libs/fscp/src/server.cpp b/libs/fscp/src/server.cpp -index cb717ec4..62b92dca 100644 ---- a/libs/fscp/src/server.cpp -+++ b/libs/fscp/src/server.cpp -@@ -1106,7 +1106,7 @@ namespace fscp - template <typename WaitHandler> - void server::ep_hello_context_type::async_wait_reply(boost::asio::io_service& io_service, uint32_t hello_unique_number, const boost::posix_time::time_duration& timeout, WaitHandler handler) - { -- const boost::shared_ptr<boost::asio::deadline_timer> timer = boost::make_shared<boost::asio::deadline_timer>(boost::ref(io_service), timeout); -+ const boost::shared_ptr<boost::asio::deadline_timer> timer = boost::make_shared<boost::asio::deadline_timer>(io_service, timeout); - - m_pending_requests[hello_unique_number] = pending_request_status(timer); - diff --git a/net-vpn/freelan/files/openrc/freelan.initd b/net-vpn/freelan/files/openrc/freelan.initd deleted file mode 100644 index e1e4232f4382..000000000000 --- a/net-vpn/freelan/files/openrc/freelan.initd +++ /dev/null @@ -1,12 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -command="/usr/bin/freelan" -command_args="-s -p /var/run/freelan.pid" -pidfile="/var/run/freelan.pid" - -depend() { - need net - use logger -} diff --git a/net-vpn/freelan/freelan-2.2.ebuild b/net-vpn/freelan/freelan-2.2.ebuild deleted file mode 100644 index 5230dbc4e9a8..000000000000 --- a/net-vpn/freelan/freelan-2.2.ebuild +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit scons-utils toolchain-funcs - -DESCRIPTION="Peer-to-peer VPN software that abstracts a LAN over the Internet" -HOMEPAGE="http://www.freelan.org/" -SRC_URI="https://github.com/freelan-developers/freelan/archive/${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="~amd64" -IUSE="debug" - -DEPEND=" - dev-libs/boost:=[threads] - dev-libs/openssl:0= - net-misc/curl:= - virtual/libiconv - net-libs/miniupnpc:= -" -RDEPEND="${DEPEND}" - -PATCHES=( - "${FILESDIR}"/${PN}-2.2-boost-1.70.patch - "${FILESDIR}"/${PN}-2.2-boost-1.70-asio.patch -) - -src_prepare() { - export FREELAN_NO_GIT=1 - export FREELAN_NO_GIT_VERSION=${PV} - - sed -e "s/CXXFLAGS='-O3'/CXXFLAGS=''/" \ - -e "s/CXXFLAGS=\['-Werror'\]/CXXFLAGS=[]/" \ - -e "s/CXXFLAGS=\['-pedantic'\]/CXXFLAGS=[]/" \ - -i SConstruct || die - default -} - -src_compile() { - tc-export CXX CC AR - export LINK="$(tc-getCXX)" - - local MYSCONS=( - "--mode=$(usex debug debug release)" - prefix="${EPREFIX:-/}" - bin_prefix="/usr" - apps - ) - escons "${MYSCONS[@]}" -} - -src_install() { - DESTDIR="${D}" escons --mode=release install prefix="${EPREFIX:-/}" bin_prefix="/usr" - dobin build/release/bin/freelan - dodoc CONTRIBUTING.md README.md - - newinitd "${FILESDIR}/openrc/freelan.initd" freelan -} diff --git a/net-vpn/freelan/metadata.xml b/net-vpn/freelan/metadata.xml deleted file mode 100644 index a3e769a44857..000000000000 --- a/net-vpn/freelan/metadata.xml +++ /dev/null @@ -1,11 +0,0 @@ -<?xml version='1.0' encoding='UTF-8'?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> -<pkgmetadata> - <maintainer type="person"> - <email>aballier@gentoo.org</email> - <name>Alexis Ballier</name> - </maintainer> - <upstream> - <remote-id type="github">freelan-developers/freelan</remote-id> - </upstream> -</pkgmetadata> diff --git a/net-vpn/i2pd/Manifest b/net-vpn/i2pd/Manifest index 6a55c3034154..0637cc15011b 100644 --- a/net-vpn/i2pd/Manifest +++ b/net-vpn/i2pd/Manifest @@ -1,16 +1,15 @@ AUX 99i2pd 44 BLAKE2B d7a2d45f79ecb34f50eaddc09f318339eedfb2444d0a96d97691c6f3950e63f8f827ec3697ec52f60e29c3e01f232d6c12cf776883672203f01645e5e2d5d994 SHA512 0bd08ff5b1b2ad8d91572efee848a760e2fb46d9c1a5ead3fbdde91d679d832d985905952b393eb523ec9d8f1815bf1512ae61fbc059d10f0773991ac097c23f -AUX i2pd-2.14.0-fix_installed_components.patch 1033 BLAKE2B dc6a64bc143583184e7b6af1104d5c68dbd96e7a873c6ad335f3b7feba31fb70e155e1117a7f59c1571e8d368048a2a12d664fa170c5378ab553736e47c96d75 SHA512 b4d91487657d1d0b89b8a43eb962e7f87dfb56fdb40fd7e10f4818d1d87cd814833f72c823e808756545c580517b7ce8bf1e11e55d15addd84abc343587f9d66 AUX i2pd-2.25.0-lib-path.patch 725 BLAKE2B ad87fbfae2cb78945d0e0f62ea9d0ab45e1676908ebb11d6c4844a6160e0eb2714fa1221e886d158454a7ba3c19af7d1bb672035195993fb4633162a761e3bcb SHA512 1e1942c8c424ecefb0b62ee96973b2b238553a887a42cb5d9206cbea31e3136b7b3ad0b8ff1f290cbb507f1cc404e8a6e3c1a52551ac0aa719fbadbcf5ccc43b AUX i2pd-2.6.0-r3.confd 322 BLAKE2B 1abce31d300785fe0f42eb0c15bc26f723e99bfe4f3d21ef4d83620c064838d0e27f89f287a97404276490b848bd1372a40b915d4830b7755d801c4bda551099 SHA512 083f4c860d7556bd14f2765b098743c25f996ef16de3982430ff27ac7711051738d48709654441099ea8c755b6d9a6e25b52286f7e8c928d3f39f1207a9517a9 AUX i2pd-2.6.0-r3.initd 1385 BLAKE2B 5c754a7e289f8d102b2690f78fb3e9b805c6eb46208fba8d8200886dcd30e5e7ba682bb9eb493d654bbec03b8fa7ec58cf885f91203db400280c9de4d9c1e377 SHA512 c09d9164fedac748162eeeafabf4776e16869e7ad06ba5f1b008fa57655fbe8f9633804575e44011b61130699e394bd0d8623b13e9614623b8a9b34e5ad6ecd5 AUX i2pd-2.6.0-r3.logrotate 215 BLAKE2B 07cd3e250996ae2d4632795174750779a199c31107ed82a561b3f1dca84c6a81b6bac178ea06256325a2946876b9e75f9f6c453e5836a23911d5ecd802dc8b59 SHA512 e6080b719cb1616a96b4e4e9ff7074881f88dc699147fd5a201861c5836cf4807a00767a2c370f36e847b0d4ddb2129d8c3c3fc8043325fb8f3d0bc27feca2a3 AUX i2pd-2.6.0-r3.service 638 BLAKE2B 881b5e680af0dbb674766b4cc0a234e0a49db66f1f4a8ce762326f9bb8fb7437177d9c80988f514c34dd2ba2bab1909a10ee5ef912eee4711ea4ed9c5a6a4423 SHA512 8e35123ea30325e9f1de3d488d96a35b6e983e006084e983ab116aa5febd64feacb7643f3d9c3c7c7865375518e1acef060b4b02e9b052036f8d42f9dcc47a87 -DIST i2pd-2.31.0.tar.gz 1092238 BLAKE2B 61424b8d5796511a1bae4d0274b86fa198e0fb2e590312e7e5039533bca2ded494f9bdd7406951c82a99259772581ee716159f6500921f9fb8b5fd4aa217ce9a SHA512 af1583c6c2fb2073d6d3d32f0b394da3f1bc4a3d232aa47880f457447c6592801c48f6a05b1a7d2955c58d888c4c574e15082bf2583921797e24e5cda4c188e0 DIST i2pd-2.32.0.tar.gz 1098880 BLAKE2B 0b5db302cac78c6993fd7c25362bad512c0597222059c21d0902c1378228425bafc6e39040c1a99122b66dfca106db64ff69783b23e40caf528764f7ec1709c6 SHA512 f76eb2744b55b4099914cb42e7fe6821e3b7b3dbbc93d491a83cfb8cd9fb67e6559f20891874215060a3797b5f66051480e49670032c952fcddf91aa96e0e41e DIST i2pd-2.32.1.tar.gz 1099034 BLAKE2B be32443d2d686247459e74396202ff5fc595be27b7a4e207aa756f35c6b65fe05b006491bb9b8a564bc2b3c1144dae1dcba8dcfdff95cedfb032ca137f30d617 SHA512 2c492942526b5d6dd787baaf6ad31b036c593d633a36ba951c02d3289607be5e43562057622deee51db724854eef6f4bd67eaec62699b07aad47ee49fd291783 DIST i2pd-2.33.0.tar.gz 1101578 BLAKE2B d569a7900bda1fecc19f6ec966cd004d04599993193de9bcda89620dff9909889c14165aca457e6a5fa0539614304af11be573329b9a54596684d3232ee28833 SHA512 7a3e7a8a908be8a12b675fda4ce923cb2b0eaf3e9b12a513b9ae7b56e9ecb593eef0ea278debb4027406d50ee9a46599a6792a54ce2e2f4e2c44c1fc82479910 -EBUILD i2pd-2.31.0.ebuild 2437 BLAKE2B 8e7e6c41aee82040a0202e16b272e9a0e73f19837aad7116734b019cddcefd0dcf017eb39770b8cd64bf73e996133c51abaadaa07c263a8a336be6b04b9219e8 SHA512 b6ee8b144168f1fe97010f920a1f64351bba82f733a591a5ccf38dc553d774d07d94d3213d7442ba8e1d88e3e0b7552c311697ae01db2f4307c66dfb2139ccd9 +DIST i2pd-2.34.0.tar.gz 1103199 BLAKE2B 16e16a0e396b22f5de797455a97322e51bc2289e770617106d4daa9a7cd6d1d94d4d84955e182493f3c11dbacd527fbb3f127bd4e2e555a7b04f7eb697213dcb SHA512 74c8234b850159c6e680fa61b20e2c22a0f04ca8397b4aa68f92fa20520fb74a63e442ac75c2fbb17dc1e5a193011b9b38085cee08746de4496620778aa7f027 EBUILD i2pd-2.32.0.ebuild 2385 BLAKE2B c7bf3ba9a9253aeab8dd3b73da080cfc97ec9b14d7751dfeae127101a7a8c7aa39344cb911db78a9c20821c7816b12e21bc364f540c3681e8099df68e5143515 SHA512 b216e0088a0deaff9987ac0dc2a05188badc83c82ef87572fbe229c2fff852aed376fe5c6f5ee3895ad904d601036827536afee211a614bd78ffbb467fc70f0a EBUILD i2pd-2.32.1.ebuild 2383 BLAKE2B 712f839637188daa1e78e5c89d7b728c585a905fe5593d80cfcb9fb14a7ea82e6346484f975f854004ca5d2276ebb71dabd553a4cec4609e3a19d8ecfab8d955 SHA512 0c51d8c302e2222ea9d48a31007367a4805b290616c060ebaa968311e0d29ef34810f9eccbb3ed2e8de284f995893874410c8cb6cbb0e54f1f1167575da2dc8c EBUILD i2pd-2.33.0.ebuild 2387 BLAKE2B e196864e0e52c694af51a72573dff6b670ca8babd00fd1bb47ad9ad39be97f7e4f0df16b41b69f3657437bc3074b40f5df76372a8c8aac6cd8b633de32437e4a SHA512 e47b0bb709174825dd6ca3d28e48589a00fc2eeb9a681f9c46aef379996965e2812bca136ffe7ea0e763dd0d6b88e53afa19d7fb2e22890b8e2e0cd35d048f0f +EBUILD i2pd-2.34.0.ebuild 2387 BLAKE2B e196864e0e52c694af51a72573dff6b670ca8babd00fd1bb47ad9ad39be97f7e4f0df16b41b69f3657437bc3074b40f5df76372a8c8aac6cd8b633de32437e4a SHA512 e47b0bb709174825dd6ca3d28e48589a00fc2eeb9a681f9c46aef379996965e2812bca136ffe7ea0e763dd0d6b88e53afa19d7fb2e22890b8e2e0cd35d048f0f MISC metadata.xml 683 BLAKE2B 85b4a13c13c88a69ecbfbb10e60881bc583b6539a42cf4ac8d061537bb6c0ed55dd2d15ced732f69ce46afe4b0381d7d7233fef9ad8dad4a9eb51e49aa904706 SHA512 5c6c84f95f4264eb3a33cc6c0de0f0890063ba2ca3cb56852303f919e1c4a152d7a3b1c593c0ba066e5485ee9e843ffc2836ea89ed8ee42aa56c1b602d5a2a62 diff --git a/net-vpn/i2pd/files/i2pd-2.14.0-fix_installed_components.patch b/net-vpn/i2pd/files/i2pd-2.14.0-fix_installed_components.patch deleted file mode 100644 index fe7bdcc4083f..000000000000 --- a/net-vpn/i2pd/files/i2pd-2.14.0-fix_installed_components.patch +++ /dev/null @@ -1,31 +0,0 @@ ---- a/build/CMakeLists.txt -+++ b/build/CMakeLists.txt -@@ -455,20 +455,7 @@ if (WITH_BINARY) - endif () - endif () - --install(FILES ../LICENSE -- DESTINATION . -- COMPONENT Runtime -- ) --# Take a copy on Appveyor --install(FILES "C:/projects/openssl-$ENV{OPENSSL}/LICENSE" -- DESTINATION . -- COMPONENT Runtime -- RENAME LICENSE_OPENSSL -- OPTIONAL # for local builds only! -- ) -- - file(GLOB_RECURSE I2PD_SOURCES "../libi2pd/*.cpp" "../libi2pd_client/*.cpp" "../daemon/*.cpp" "../build" "../Win32" "../Makefile*") --install(FILES ${I2PD_SOURCES} DESTINATION src/ COMPONENT Source) - # install(DIRECTORY ../ DESTINATION src/ - # # OPTIONAL - # COMPONENT Source FILES_MATCHING -@@ -477,7 +464,6 @@ install(FILES ${I2PD_SOURCES} DESTINATION src/ COMPONENT Source) - # ) - - file(GLOB I2PD_HEADERS "../libi2pd/*.h" "../libi2pd_client/*.h" "../daemon/*.h") --install(FILES ${I2PD_HEADERS} DESTINATION src/ COMPONENT Headers) - # install(DIRECTORY ../ DESTINATION src/ - # # OPTIONAL - # COMPONENT Headers FILES_MATCHING diff --git a/net-vpn/i2pd/i2pd-2.31.0.ebuild b/net-vpn/i2pd/i2pd-2.34.0.ebuild index a83bf4a4cdaa..acc70c57b412 100644 --- a/net-vpn/i2pd/i2pd-2.31.0.ebuild +++ b/net-vpn/i2pd/i2pd-2.34.0.ebuild @@ -3,7 +3,7 @@ EAPI=7 -inherit systemd cmake toolchain-funcs +inherit cmake toolchain-funcs systemd DESCRIPTION="A C++ daemon for accessing the I2P anonymous network" HOMEPAGE="https://github.com/PurpleI2P/i2pd" @@ -11,7 +11,7 @@ SRC_URI="https://github.com/PurpleI2P/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" LICENSE="BSD" SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~x86" +KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~sparc ~x86" IUSE="cpu_flags_x86_aes cpu_flags_x86_avx i2p-hardening libressl static +upnp" RDEPEND=" @@ -21,23 +21,22 @@ RDEPEND=" dev-libs/boost:=[threads] !libressl? ( dev-libs/openssl:0=[-bindist] ) libressl? ( dev-libs/libressl:0= ) - upnp? ( net-libs/miniupnpc ) + upnp? ( net-libs/miniupnpc:= ) )" DEPEND="${RDEPEND} static? ( dev-libs/boost:=[static-libs,threads] + sys-libs/zlib[static-libs] !libressl? ( dev-libs/openssl:0=[static-libs] ) libressl? ( dev-libs/libressl:0=[static-libs] ) - sys-libs/zlib:=[static-libs] - upnp? ( net-libs/miniupnpc[static-libs] ) + upnp? ( net-libs/miniupnpc:=[static-libs] ) )" CMAKE_USE_DIR="${S}/build" DOCS=( README.md contrib/i2pd.conf contrib/tunnels.conf ) -PATCHES=( "${FILESDIR}/${PN}-2.14.0-fix_installed_components.patch" - "${FILESDIR}/i2pd-2.25.0-lib-path.patch" ) +PATCHES=( "${FILESDIR}/i2pd-2.25.0-lib-path.patch" ) pkg_pretend() { if use i2p-hardening && ! tc-is-gcc; then diff --git a/net-vpn/ipsec-tools/Manifest b/net-vpn/ipsec-tools/Manifest index 0398c8de0cde..357cb044c7f7 100644 --- a/net-vpn/ipsec-tools/Manifest +++ b/net-vpn/ipsec-tools/Manifest @@ -1,7 +1,6 @@ AUX ipsec-tools-0.8.0-sysctl.patch 485 BLAKE2B 95d0ef609a8a744bf8b3451a9b6b8ee4e79d79c99bd7919d45c6fc99d61904e16b3213afbfcde4743dc1be8de0b4455f1da2b3faf210c21833cbd482ab7d0c52 SHA512 a2a96cea5c2b451665d54572e471a6c2b4fb72382dcd90bda536aaabf78cdd36d630d5c1fa56372b95066dc7dffd56480d3402fdbe2d56825a017b2cc075ac66 AUX ipsec-tools-CVE-2015-4047.patch 517 BLAKE2B 2ef6ddd4b78d7602bc4b19d76a794a1e172049b515932f00d3fe0f63b8157f3652a86f39473dc2f85b017d141790c5bc13378e79d008239899849484c4d9d42a SHA512 1dfda43a9d5919fbf274a28addbf798083f48094c65b88426d471a56e5339b72c9438c36efc6d6a3d74b4a084103c2fd4d1f974cbe494ee1228b2dbcaa304b49 AUX ipsec-tools-CVE-2016-10396.patch 5805 BLAKE2B dd3c80403033b5a914302bea61de9c8cf088002f27d0a76d42e26c834593faabebd5366a7b46fbf5376fa93086a63a6630b04c2ac895374b1c0b80cd996b7247 SHA512 f0ae3465a41c478db59644d270560452f4f1bbf8ca79e7169a033c5139a4c484c22fb3f5f7f82da5bda0fd436331112f47698648e79a4839c45cdd904fb65d7e -AUX ipsec-tools-add-openssl-1.1.x-support.patch 32066 BLAKE2B b8380408c90bb93f0b95938de2efc61c80d727ae61a1417134583a8c74055fcfe1f7f75893f1f701b0f301a16d8b4d14f1b8a09d1e81d238821bcc122dfe183f SHA512 f2bd85f1c51226da6fc50d3473129e4c2e3c0e46107337f8d676029b7072b98bf164b6813a16de7dd4481f80038453b55a5ff56e7f5ec08ab07641034258e778 AUX ipsec-tools-def-psk.patch 907 BLAKE2B 511982e1e7902f10442ca7ec7cd2a732f8a523f5fdc4a3630833d4280518296a3b4c735648c2793a40ad7d2d914019dc19699a51f0cdaddc35b13e94ea0d6b49 SHA512 683f168fac390df602ece1608db7f65370749c291e837497fa68fe4f39ddab907d10d67d4c80d583d7f12a1ea0bf02ba98d228e7c6e9267b49a1a8a7e57e99c4 AUX ipsec-tools-include-vendoridh.patch 434 BLAKE2B ae27d4fc5630ee372314a855ec0c17b9f9efc5f87cbc6b86c1decd685212478a4a5592bd64c2a5ed19779243114eca4bff7f7e243bdc508454ef0bf4d998245f SHA512 fc39e09dd7b1a2d3b6cdfbfad9f4978ab5d070ae2435cf77fe2283b566bea1d58cd26dbf6cafb563587200724c9602a32ce737fd163b757872e8a6d2c8007d5c AUX ipsec-tools.conf 1209 BLAKE2B 6d84eede1d77f09f1dac1db6866c7a877494cfbce69f01fb09f5961ae213547f2e5aca9ab068e375d2fdba8e326444e2b3f3d3cd6249f641e30127b8c5c52efb SHA512 727297a06b75b883a7bd730d84f7a7cec04f81b51df71a6d2419602d835abe3c958d27aac176e29e2463421792843517bda802b3437b306ab43e94d178593bfa @@ -13,5 +12,6 @@ AUX racoon.init.d-r3 1295 BLAKE2B 730b7c7069ea94f0e27fe3c0ed344d6f9631e0445d2368 AUX racoon.pam.d 156 BLAKE2B 91ebefbb1264fe3fe98df0a72ac22a4cd8a787b3b391af5769798e0b0185f0a588bc089d229c76138fd2db39fbe6bd33924f0d53e0513074d9c2d7abf88dcb78 SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c AUX racoon.service 244 BLAKE2B f7e268518787a67e9363c936b8a9e69763c41db1926f99f3f001fdf738b0b3a92cd62770ab6cc0189cea20ca22d3abe675c832363ad77974e3f531ffbf525e7b SHA512 56d84f36b307e1ea93f3cdc9fbb7b459f4b3b65ea2bb765f61def10d06a3ff09d61b8d53b21796a55022279e791d751f3bc1ccf0d0f85799a743371390930567 DIST ipsec-tools-0.8.2.tar.bz2 866465 BLAKE2B cf8c9175d96326fc5c74e6b1921bc66911256e289e6fe9cef77f26c197546902be3ebd5696af39c749a2abaac3f42010c9e2a281fd208122cd59222044b9dd4c SHA512 2b7d0efa908d3a699be7ef8b2b126a3809956cb7add50e8efb1cfdfc2d9b70c39ef517379cb9a4fad9e5f0c25937e98535b06c32bd3e729f5129da4ab133e30f -EBUILD ipsec-tools-0.8.2-r6.ebuild 7956 BLAKE2B 270b0b564f4f37b2a334ade4947eb26b14f202ba546b31f13a7f9f65743c363f995db4c730b23a37a511c39aca7d929be1e03a46efd1066305a299fc4215082c SHA512 11b47ba7dd381be70dbdee1a5a30c6151c078310e7ff2d7bfb07434a5deac3e3cc91c1690bc569fa4a21c11f4511c6812d2de9b26111107ce5e69684ed68a848 +DIST ipsec-tools-add-openssl-1.1.x-support.patch 32066 BLAKE2B b8380408c90bb93f0b95938de2efc61c80d727ae61a1417134583a8c74055fcfe1f7f75893f1f701b0f301a16d8b4d14f1b8a09d1e81d238821bcc122dfe183f SHA512 f2bd85f1c51226da6fc50d3473129e4c2e3c0e46107337f8d676029b7072b98bf164b6813a16de7dd4481f80038453b55a5ff56e7f5ec08ab07641034258e778 +EBUILD ipsec-tools-0.8.2-r6.ebuild 8046 BLAKE2B 67e0fe18b60eb350ed3de64e26270f4f7965aca43d5c507e9b686204831ae248167a9f03fbff52de8929b01d419ca897b36fe590e98909ed58662cff78203e2d SHA512 7b11ff40eec543f7a4e8bb7db63c813d07b42d7a9b88a3253752a5496429e21dc64715baa0ee2c0710c41d3561a12f714d3b6087cd28d2d4741c6960a9fb6965 MISC metadata.xml 632 BLAKE2B 705ccbcd150c7180f882207dd5e7a8b0765b58f8296be9bb299e982207d88031b770186b665ee936ca834b2b8601a78f7d2ade63b88d6aa09808b2fe3a89be87 SHA512 7636e9dd2ed9069933b2215829660c3d7c1b43d9c4ad3303cf8889618bd659f68a27994ae520ec7e327060337a196e8b720140e5b32fc6830158be0f0fff1eb8 diff --git a/net-vpn/ipsec-tools/files/ipsec-tools-add-openssl-1.1.x-support.patch b/net-vpn/ipsec-tools/files/ipsec-tools-add-openssl-1.1.x-support.patch deleted file mode 100644 index 5d55c59cbd81..000000000000 --- a/net-vpn/ipsec-tools/files/ipsec-tools-add-openssl-1.1.x-support.patch +++ /dev/null @@ -1,1096 +0,0 @@ -From 071fec7181255b9234add44865a435dfdefee520 Mon Sep 17 00:00:00 2001 -In-Reply-To: <20180528120513.560-1-cote2004-github@yahoo.com> -References: <20180528120513.560-1-cote2004-github@yahoo.com> -From: Eneas U de Queiroz <cote2004-github@yahoo.com> -Date: Wed, 30 May 2018 15:42:20 -0300 -Subject: [PATCH v2 1/1] ipsec-tools: add openssl 1.1 support -To: equeiroz@troianet.com.br - -This patch updates the calls to openssl 1.1 API, and adds a -compatibility layer so it compiles with (at least) openssl 1.0.2, I -haven't tested it with lower versions, but all that's needed is to edit -the openssl_compat.* files and add the missing functions there--they're -usually trivial. - -Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> ---- - src/racoon/Makefile.am | 10 +-- - src/racoon/algorithm.c | 6 +- - src/racoon/cfparse.y | 2 +- - src/racoon/crypto_openssl.c | 197 +++++++++++++++++++++------------------- - src/racoon/crypto_openssl.h | 2 +- - src/racoon/eaytest.c | 7 +- - src/racoon/ipsec_doi.c | 2 +- - src/racoon/openssl_compat.c | 213 ++++++++++++++++++++++++++++++++++++++++++++ - src/racoon/openssl_compat.h | 45 ++++++++++ - src/racoon/plainrsa-gen.c | 41 +++++---- - src/racoon/prsa_par.y | 28 ++++-- - src/racoon/rsalist.c | 5 +- - 12 files changed, 431 insertions(+), 127 deletions(-) - create mode 100644 src/racoon/openssl_compat.c - create mode 100644 src/racoon/openssl_compat.h - -diff --git a/src/racoon/Makefile.am b/src/racoon/Makefile.am -index dbaded9..4c585f3 100644 ---- a/src/racoon/Makefile.am -+++ b/src/racoon/Makefile.am -@@ -4,7 +4,7 @@ sbin_PROGRAMS = racoon racoonctl plainrsa-gen - noinst_PROGRAMS = eaytest - include_racoon_HEADERS = racoonctl.h var.h vmbuf.h misc.h gcmalloc.h admin.h \ - schedule.h sockmisc.h isakmp_var.h isakmp.h isakmp_xauth.h \ -- isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h -+ isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h openssl_compat.h - lib_LTLIBRARIES = libracoon.la - - adminsockdir=${localstatedir}/racoon -@@ -32,7 +32,7 @@ racoon_SOURCES = \ - gssapi.c dnssec.c getcertsbyname.c privsep.c \ - pfkey.c admin.c evt.c ipsec_doi.c oakley.c grabmyaddr.c vendorid.c \ - policy.c localconf.c remoteconf.c crypto_openssl.c algorithm.c \ -- proposal.c sainfo.c strnames.c \ -+ openssl_compat.c proposal.c sainfo.c strnames.c \ - plog.c logger.c schedule.c str2val.c \ - safefile.c backupsa.c genlist.c rsalist.c \ - cftoken.l cfparse.y prsa_tok.l prsa_par.y -@@ -51,12 +51,12 @@ libracoon_la_SOURCES = kmpstat.c vmbuf.c sockmisc.c misc.c - libracoon_la_CFLAGS = -DNOUSE_PRIVSEP $(AM_CFLAGS) - - plainrsa_gen_SOURCES = plainrsa-gen.c plog.c \ -- crypto_openssl.c logger.c -+ crypto_openssl.c logger.c openssl_compat.c - EXTRA_plainrsa_gen_SOURCES = $(MISSING_ALGOS) - plainrsa_gen_LDADD = $(CRYPTOBJS) vmbuf.o misc.o - plainrsa_gen_DEPENDENCIES = $(CRYPTOBJS) vmbuf.o misc.o - --eaytest_SOURCES = eaytest.c plog.c logger.c -+eaytest_SOURCES = eaytest.c plog.c logger.c openssl_compat.c - EXTRA_eaytest_SOURCES = missing/crypto/sha2/sha2.c - eaytest_LDADD = crypto_openssl_test.o vmbuf.o str2val.o misc_noplog.o \ - $(CRYPTOBJS) -@@ -75,7 +75,7 @@ noinst_HEADERS = \ - debugrm.h isakmp.h misc.h sainfo.h \ - dhgroup.h isakmp_agg.h netdb_dnssec.h schedule.h \ - isakmp_cfg.h isakmp_xauth.h isakmp_unity.h isakmp_frag.h \ -- throttle.h privsep.h \ -+ throttle.h privsep.h openssl_compat.h \ - cfparse_proto.h cftoken_proto.h genlist.h rsalist.h \ - missing/crypto/sha2/sha2.h missing/crypto/rijndael/rijndael_local.h \ - missing/crypto/rijndael/rijndael-api-fst.h \ -diff --git a/src/racoon/algorithm.c b/src/racoon/algorithm.c -index 3fd50f6..66c874b 100644 ---- a/src/racoon/algorithm.c -+++ b/src/racoon/algorithm.c -@@ -128,7 +128,7 @@ static struct enc_algorithm oakley_encdef[] = { - { "aes", algtype_aes, OAKLEY_ATTR_ENC_ALG_AES, 16, - eay_aes_encrypt, eay_aes_decrypt, - eay_aes_weakkey, eay_aes_keylen, }, --#ifdef HAVE_OPENSSL_CAMELLIA_H -+#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA) - { "camellia", algtype_camellia, OAKLEY_ATTR_ENC_ALG_CAMELLIA, 16, - eay_camellia_encrypt, eay_camellia_decrypt, - eay_camellia_weakkey, eay_camellia_keylen, }, -@@ -168,7 +168,7 @@ static struct enc_algorithm ipsec_encdef[] = { - { "twofish", algtype_twofish, IPSECDOI_ESP_TWOFISH, 16, - NULL, NULL, - NULL, eay_twofish_keylen, }, --#ifdef HAVE_OPENSSL_IDEA_H -+#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA) - { "3idea", algtype_3idea, IPSECDOI_ESP_3IDEA, 8, - NULL, NULL, - NULL, NULL, }, -@@ -179,7 +179,7 @@ static struct enc_algorithm ipsec_encdef[] = { - { "rc4", algtype_rc4, IPSECDOI_ESP_RC4, 8, - NULL, NULL, - NULL, NULL, }, --#ifdef HAVE_OPENSSL_CAMELLIA_H -+#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA) - { "camellia", algtype_camellia, IPSECDOI_ESP_CAMELLIA, 16, - NULL, NULL, - NULL, eay_camellia_keylen, }, -diff --git a/src/racoon/cfparse.y b/src/racoon/cfparse.y -index 0d9bd67..8415752 100644 ---- a/src/racoon/cfparse.y -+++ b/src/racoon/cfparse.y -@@ -2564,7 +2564,7 @@ set_isakmp_proposal(rmconf) - plog(LLV_DEBUG2, LOCATION, NULL, - "encklen=%d\n", s->encklen); - -- memset(types, 0, ARRAYLEN(types)); -+ memset(types, 0, sizeof types); - types[algclass_isakmp_enc] = s->algclass[algclass_isakmp_enc]; - types[algclass_isakmp_hash] = s->algclass[algclass_isakmp_hash]; - types[algclass_isakmp_dh] = s->algclass[algclass_isakmp_dh]; -diff --git a/src/racoon/crypto_openssl.c b/src/racoon/crypto_openssl.c -index 55b076a..8fb358f 100644 ---- a/src/racoon/crypto_openssl.c -+++ b/src/racoon/crypto_openssl.c -@@ -90,6 +90,7 @@ - #endif - #endif - #include "plog.h" -+#include "openssl_compat.h" - - #define USE_NEW_DES_API - -@@ -316,9 +317,12 @@ eay_cmp_asn1dn(n1, n2) - i = idx+1; - goto end; - } -- if ((ea->value->length == 1 && ea->value->data[0] == '*') || -- (eb->value->length == 1 && eb->value->data[0] == '*')) { -- if (OBJ_cmp(ea->object,eb->object)) { -+ ASN1_STRING *sa = X509_NAME_ENTRY_get_data(ea); -+ ASN1_STRING *sb = X509_NAME_ENTRY_get_data(eb); -+ if ((ASN1_STRING_length(sa) == 1 && ASN1_STRING_get0_data(sa)[0] == '*') || -+ (ASN1_STRING_length(sb) == 1 && ASN1_STRING_get0_data(sb)[0] == '*')) { -+ if (OBJ_cmp(X509_NAME_ENTRY_get_object(ea), -+ X509_NAME_ENTRY_get_object(eb))) { - i = idx+1; - goto end; - } -@@ -430,7 +434,7 @@ cb_check_cert_local(ok, ctx) - - if (!ok) { - X509_NAME_oneline( -- X509_get_subject_name(ctx->current_cert), -+ X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)), - buf, - 256); - /* -@@ -438,7 +442,8 @@ cb_check_cert_local(ok, ctx) - * ok if they are self signed. But we should still warn - * the user. - */ -- switch (ctx->error) { -+ int ctx_error = X509_STORE_CTX_get_error(ctx); -+ switch (ctx_error) { - case X509_V_ERR_CERT_HAS_EXPIRED: - case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: - case X509_V_ERR_INVALID_CA: -@@ -453,9 +458,9 @@ cb_check_cert_local(ok, ctx) - } - plog(log_tag, LOCATION, NULL, - "%s(%d) at depth:%d SubjectName:%s\n", -- X509_verify_cert_error_string(ctx->error), -- ctx->error, -- ctx->error_depth, -+ X509_verify_cert_error_string(ctx_error), -+ ctx_error, -+ X509_STORE_CTX_get_error_depth(ctx), - buf); - } - ERR_clear_error(); -@@ -477,10 +482,11 @@ cb_check_cert_remote(ok, ctx) - - if (!ok) { - X509_NAME_oneline( -- X509_get_subject_name(ctx->current_cert), -+ X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)), - buf, - 256); -- switch (ctx->error) { -+ int ctx_error=X509_STORE_CTX_get_error(ctx); -+ switch (ctx_error) { - case X509_V_ERR_UNABLE_TO_GET_CRL: - ok = 1; - log_tag = LLV_WARNING; -@@ -490,9 +496,9 @@ cb_check_cert_remote(ok, ctx) - } - plog(log_tag, LOCATION, NULL, - "%s(%d) at depth:%d SubjectName:%s\n", -- X509_verify_cert_error_string(ctx->error), -- ctx->error, -- ctx->error_depth, -+ X509_verify_cert_error_string(ctx_error), -+ ctx_error, -+ X509_STORE_CTX_get_error_depth(ctx), - buf); - } - ERR_clear_error(); -@@ -516,14 +522,15 @@ eay_get_x509asn1subjectname(cert) - if (x509 == NULL) - goto error; - -+ X509_NAME *subject_name = X509_get_subject_name(x509); - /* get the length of the name */ -- len = i2d_X509_NAME(x509->cert_info->subject, NULL); -+ len = i2d_X509_NAME(subject_name, NULL); - name = vmalloc(len); - if (!name) - goto error; - /* get the name */ - bp = (unsigned char *) name->v; -- len = i2d_X509_NAME(x509->cert_info->subject, &bp); -+ len = i2d_X509_NAME(subject_name, &bp); - - X509_free(x509); - -@@ -661,15 +668,16 @@ eay_get_x509asn1issuername(cert) - if (x509 == NULL) - goto error; - -+ X509_NAME *issuer_name = X509_get_issuer_name(x509); - /* get the length of the name */ -- len = i2d_X509_NAME(x509->cert_info->issuer, NULL); -+ len = i2d_X509_NAME(issuer_name, NULL); - name = vmalloc(len); - if (name == NULL) - goto error; - - /* get the name */ - bp = (unsigned char *) name->v; -- len = i2d_X509_NAME(x509->cert_info->issuer, &bp); -+ len = i2d_X509_NAME(issuer_name, &bp); - - X509_free(x509); - -@@ -850,7 +858,7 @@ eay_check_x509sign(source, sig, cert) - return -1; - } - -- res = eay_rsa_verify(source, sig, evp->pkey.rsa); -+ res = eay_rsa_verify(source, sig, EVP_PKEY_get0_RSA(evp)); - - EVP_PKEY_free(evp); - X509_free(x509); -@@ -992,7 +1000,7 @@ eay_get_x509sign(src, privkey) - if (evp == NULL) - return NULL; - -- sig = eay_rsa_sign(src, evp->pkey.rsa); -+ sig = eay_rsa_sign(src, EVP_PKEY_get0_RSA(evp)); - - EVP_PKEY_free(evp); - -@@ -1079,7 +1087,11 @@ eay_strerror() - int line, flags; - unsigned long es; - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ es = 0; /* even when allowed by OPENSSL_API_COMPAT, it is defined as 0 */ -+#else - es = CRYPTO_thread_id(); -+#endif - - while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){ - n = snprintf(ebuf + len, sizeof(ebuf) - len, -@@ -1100,7 +1112,7 @@ vchar_t * - evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc) - { - vchar_t *res; -- EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX *ctx; - - if (!e) - return NULL; -@@ -1111,7 +1123,7 @@ evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc - if ((res = vmalloc(data->l)) == NULL) - return NULL; - -- EVP_CIPHER_CTX_init(&ctx); -+ ctx = EVP_CIPHER_CTX_new(); - - switch(EVP_CIPHER_nid(e)){ - case NID_bf_cbc: -@@ -1125,54 +1137,41 @@ evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc - /* XXX: can we do that also for algos with a fixed key size ? - */ - /* init context without key/iv -- */ -- if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc)) -- { -- OpenSSL_BUG(); -- vfree(res); -- return NULL; -- } -+ */ -+ if (!EVP_CipherInit(ctx, e, NULL, NULL, enc)) -+ goto out; - -- /* update key size -- */ -- if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l)) -- { -- OpenSSL_BUG(); -- vfree(res); -- return NULL; -- } -- -- /* finalize context init with desired key size -- */ -- if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v, -+ /* update key size -+ */ -+ if (!EVP_CIPHER_CTX_set_key_length(ctx, key->l)) -+ goto out; -+ -+ /* finalize context init with desired key size -+ */ -+ if (!EVP_CipherInit(ctx, NULL, (u_char *) key->v, - (u_char *) iv->v, enc)) -- { -- OpenSSL_BUG(); -- vfree(res); -- return NULL; -- } -+ goto out; - break; - default: -- if (!EVP_CipherInit(&ctx, e, (u_char *) key->v, -- (u_char *) iv->v, enc)) { -- OpenSSL_BUG(); -- vfree(res); -- return NULL; -- } -+ if (!EVP_CipherInit(ctx, e, (u_char *) key->v, -+ (u_char *) iv->v, enc)) -+ goto out; - } - - /* disable openssl padding */ -- EVP_CIPHER_CTX_set_padding(&ctx, 0); -+ EVP_CIPHER_CTX_set_padding(ctx, 0); - -- if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) { -- OpenSSL_BUG(); -- vfree(res); -- return NULL; -- } -+ if (!EVP_Cipher(ctx, (u_char *) res->v, (u_char *) data->v, data->l)) -+ goto out; - -- EVP_CIPHER_CTX_cleanup(&ctx); -+ EVP_CIPHER_CTX_free(ctx); - - return res; -+out: -+ EVP_CIPHER_CTX_free(ctx); -+ OpenSSL_BUG(); -+ vfree(res); -+ return NULL; - } - - int -@@ -1230,7 +1229,7 @@ eay_des_keylen(len) - return evp_keylen(len, EVP_des_cbc()); - } - --#ifdef HAVE_OPENSSL_IDEA_H -+#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA) - /* - * IDEA-CBC - */ -@@ -1587,7 +1586,7 @@ eay_aes_keylen(len) - return len; - } - --#if defined(HAVE_OPENSSL_CAMELLIA_H) -+#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA) - /* - * CAMELLIA-CBC - */ -@@ -1680,9 +1679,9 @@ eay_hmac_init(key, md) - vchar_t *key; - const EVP_MD *md; - { -- HMAC_CTX *c = racoon_malloc(sizeof(*c)); -+ HMAC_CTX *c = HMAC_CTX_new(); - -- HMAC_Init(c, key->v, key->l, md); -+ HMAC_Init_ex(c, key->v, key->l, md, NULL); - - return (caddr_t)c; - } -@@ -1761,8 +1760,7 @@ eay_hmacsha2_512_final(c) - - HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); - res->l = l; -- HMAC_cleanup((HMAC_CTX *)c); -- (void)racoon_free(c); -+ HMAC_CTX_free((HMAC_CTX *)c); - - if (SHA512_DIGEST_LENGTH != res->l) { - plog(LLV_ERROR, LOCATION, NULL, -@@ -1811,8 +1809,7 @@ eay_hmacsha2_384_final(c) - - HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); - res->l = l; -- HMAC_cleanup((HMAC_CTX *)c); -- (void)racoon_free(c); -+ HMAC_CTX_free((HMAC_CTX *)c); - - if (SHA384_DIGEST_LENGTH != res->l) { - plog(LLV_ERROR, LOCATION, NULL, -@@ -1861,8 +1858,7 @@ eay_hmacsha2_256_final(c) - - HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); - res->l = l; -- HMAC_cleanup((HMAC_CTX *)c); -- (void)racoon_free(c); -+ HMAC_CTX_free((HMAC_CTX *)c); - - if (SHA256_DIGEST_LENGTH != res->l) { - plog(LLV_ERROR, LOCATION, NULL, -@@ -1912,8 +1908,7 @@ eay_hmacsha1_final(c) - - HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); - res->l = l; -- HMAC_cleanup((HMAC_CTX *)c); -- (void)racoon_free(c); -+ HMAC_CTX_free((HMAC_CTX *)c); - - if (SHA_DIGEST_LENGTH != res->l) { - plog(LLV_ERROR, LOCATION, NULL, -@@ -1962,8 +1957,7 @@ eay_hmacmd5_final(c) - - HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); - res->l = l; -- HMAC_cleanup((HMAC_CTX *)c); -- (void)racoon_free(c); -+ HMAC_CTX_free((HMAC_CTX *)c); - - if (MD5_DIGEST_LENGTH != res->l) { - plog(LLV_ERROR, LOCATION, NULL, -@@ -2266,6 +2260,7 @@ eay_dh_generate(prime, g, publen, pub, priv) - u_int32_t g; - { - BIGNUM *p = NULL; -+ BIGNUM *BNg = NULL; - DH *dh = NULL; - int error = -1; - -@@ -2276,25 +2271,28 @@ eay_dh_generate(prime, g, publen, pub, priv) - - if ((dh = DH_new()) == NULL) - goto end; -- dh->p = p; -- p = NULL; /* p is now part of dh structure */ -- dh->g = NULL; -- if ((dh->g = BN_new()) == NULL) -+ if ((BNg = BN_new()) == NULL) - goto end; -- if (!BN_set_word(dh->g, g)) -+ if (!BN_set_word(BNg, g)) - goto end; -+ if (! DH_set0_pqg(dh, p, NULL, BNg)) -+ goto end; -+ BNg = NULL; -+ p = NULL; /* p is now part of dh structure */ - - if (publen != 0) -- dh->length = publen; -+ DH_set_length(dh, publen); - - /* generate public and private number */ - if (!DH_generate_key(dh)) - goto end; - - /* copy results to buffers */ -- if (eay_bn2v(pub, dh->pub_key) < 0) -+ BIGNUM *pub_key, *priv_key; -+ DH_get0_key(dh, (const BIGNUM**) &pub_key, (const BIGNUM**) &priv_key); -+ if (eay_bn2v(pub, pub_key) < 0) - goto end; -- if (eay_bn2v(priv, dh->priv_key) < 0) { -+ if (eay_bn2v(priv, priv_key) < 0) { - vfree(*pub); - goto end; - } -@@ -2306,6 +2304,8 @@ end: - DH_free(dh); - if (p != 0) - BN_free(p); -+ if (BNg != 0) -+ BN_free(BNg); - return(error); - } - -@@ -2319,6 +2319,10 @@ eay_dh_compute(prime, g, pub, priv, pub2, key) - int l; - unsigned char *v = NULL; - int error = -1; -+ BIGNUM *p = BN_new(); -+ BIGNUM *BNg = BN_new(); -+ BIGNUM *pub_key = BN_new(); -+ BIGNUM *priv_key = BN_new(); - - /* make public number to compute */ - if (eay_v2bn(&dh_pub, pub2) < 0) -@@ -2327,19 +2331,21 @@ eay_dh_compute(prime, g, pub, priv, pub2, key) - /* make DH structure */ - if ((dh = DH_new()) == NULL) - goto end; -- if (eay_v2bn(&dh->p, prime) < 0) -+ if (p == NULL || BNg == NULL || pub_key == NULL || priv_key == NULL) - goto end; -- if (eay_v2bn(&dh->pub_key, pub) < 0) -+ -+ if (eay_v2bn(&p, prime) < 0) - goto end; -- if (eay_v2bn(&dh->priv_key, priv) < 0) -+ if (eay_v2bn(&pub_key, pub) < 0) - goto end; -- dh->length = pub2->l * 8; -- -- dh->g = NULL; -- if ((dh->g = BN_new()) == NULL) -+ if (eay_v2bn(&priv_key, priv) < 0) - goto end; -- if (!BN_set_word(dh->g, g)) -+ if (!BN_set_word(BNg, g)) - goto end; -+ DH_set0_key(dh, pub_key, priv_key); -+ DH_set_length(dh, pub2->l * 8); -+ DH_set0_pqg(dh, p, NULL, BNg); -+ pub_key = priv_key = p = BNg = NULL; - - if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL) - goto end; -@@ -2350,6 +2356,14 @@ eay_dh_compute(prime, g, pub, priv, pub2, key) - error = 0; - - end: -+ if (p != NULL) -+ BN_free(p); -+ if (BNg != NULL) -+ BN_free(BNg); -+ if (pub_key != NULL) -+ BN_free(pub_key); -+ if (priv_key != NULL) -+ BN_free(priv_key); - if (dh_pub != NULL) - BN_free(dh_pub); - if (dh != NULL) -@@ -2400,12 +2414,14 @@ eay_bn2v(var, bn) - void - eay_init() - { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - #ifdef HAVE_OPENSSL_ENGINE_H - ENGINE_load_builtin_engines(); - ENGINE_register_all_complete(); - #endif -+#endif - } - - vchar_t * -@@ -2504,8 +2520,7 @@ binbuf_pubkey2rsa(vchar_t *binbuf) - goto out; - } - -- rsa_pub->n = mod; -- rsa_pub->e = exp; -+ RSA_set0_key(rsa_pub, mod, exp, NULL); - - out: - return rsa_pub; -@@ -2582,5 +2597,5 @@ eay_random() - const char * - eay_version() - { -- return SSLeay_version(SSLEAY_VERSION); -+ return OpenSSL_version(OPENSSL_VERSION); - } -diff --git a/src/racoon/crypto_openssl.h b/src/racoon/crypto_openssl.h -index 66fac73..ee5b765 100644 ---- a/src/racoon/crypto_openssl.h -+++ b/src/racoon/crypto_openssl.h -@@ -124,7 +124,7 @@ extern vchar_t *eay_aes_decrypt __P((vchar_t *, vchar_t *, vchar_t *)); - extern int eay_aes_weakkey __P((vchar_t *)); - extern int eay_aes_keylen __P((int)); - --#if defined(HAVE_OPENSSL_CAMELLIA_H) -+#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA) - /* Camellia */ - extern vchar_t *eay_camellia_encrypt __P((vchar_t *, vchar_t *, vchar_t *)); - extern vchar_t *eay_camellia_decrypt __P((vchar_t *, vchar_t *, vchar_t *)); -diff --git a/src/racoon/eaytest.c b/src/racoon/eaytest.c -index 1474bdc..ae09db3 100644 ---- a/src/racoon/eaytest.c -+++ b/src/racoon/eaytest.c -@@ -62,6 +62,7 @@ - #include "dhgroup.h" - #include "crypto_openssl.h" - #include "gnuc.h" -+#include "openssl_compat.h" - - #include "package_version.h" - -@@ -103,7 +104,7 @@ rsa_verify_with_pubkey(src, sig, pubkey_txt) - printf ("PEM_read_PUBKEY(): %s\n", eay_strerror()); - return -1; - } -- error = eay_check_rsasign(src, sig, evp->pkey.rsa); -+ error = eay_check_rsasign(src, sig, EVP_PKEY_get0_RSA(evp)); - - return error; - } -@@ -698,7 +699,7 @@ ciphertest(ac, av) - eay_cast_encrypt, eay_cast_decrypt) < 0) - return -1; - --#ifdef HAVE_OPENSSL_IDEA_H -+#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA) - if (ciphertest_1 ("IDEA", - &data, 8, - &key, key.l, -@@ -715,7 +716,7 @@ ciphertest(ac, av) - eay_rc5_encrypt, eay_rc5_decrypt) < 0) - return -1; - #endif --#if defined(HAVE_OPENSSL_CAMELLIA_H) -+#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA) - if (ciphertest_1 ("CAMELLIA", - &data, 16, - &key, key.l, -diff --git a/src/racoon/ipsec_doi.c b/src/racoon/ipsec_doi.c -index 84a4c71..b52469f 100644 ---- a/src/racoon/ipsec_doi.c -+++ b/src/racoon/ipsec_doi.c -@@ -715,7 +715,7 @@ out: - /* key length must not be specified on some algorithms */ - if (keylen) { - if (sa->enctype == OAKLEY_ATTR_ENC_ALG_DES --#ifdef HAVE_OPENSSL_IDEA_H -+#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA) - || sa->enctype == OAKLEY_ATTR_ENC_ALG_IDEA - #endif - || sa->enctype == OAKLEY_ATTR_ENC_ALG_3DES) { -diff --git a/src/racoon/openssl_compat.c b/src/racoon/openssl_compat.c -new file mode 100644 -index 0000000..864b5fb ---- /dev/null -+++ b/src/racoon/openssl_compat.c -@@ -0,0 +1,213 @@ -+/* -+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -+ * -+ * Licensed under the OpenSSL license (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+#include "openssl_compat.h" -+ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ -+#include <string.h> -+ -+static void *OPENSSL_zalloc(size_t num) -+{ -+ void *ret = OPENSSL_malloc(num); -+ -+ if (ret != NULL) -+ memset(ret, 0, num); -+ return ret; -+} -+ -+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) -+{ -+ /* If the fields n and e in r are NULL, the corresponding input -+ * parameters MUST be non-NULL for n and e. d may be -+ * left NULL (in case only the public key is used). -+ */ -+ if ((r->n == NULL && n == NULL) -+ || (r->e == NULL && e == NULL)) -+ return 0; -+ -+ if (n != NULL) { -+ BN_free(r->n); -+ r->n = n; -+ } -+ if (e != NULL) { -+ BN_free(r->e); -+ r->e = e; -+ } -+ if (d != NULL) { -+ BN_free(r->d); -+ r->d = d; -+ } -+ -+ return 1; -+} -+ -+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) -+{ -+ /* If the fields p and q in r are NULL, the corresponding input -+ * parameters MUST be non-NULL. -+ */ -+ if ((r->p == NULL && p == NULL) -+ || (r->q == NULL && q == NULL)) -+ return 0; -+ -+ if (p != NULL) { -+ BN_free(r->p); -+ r->p = p; -+ } -+ if (q != NULL) { -+ BN_free(r->q); -+ r->q = q; -+ } -+ -+ return 1; -+} -+ -+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) -+{ -+ /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input -+ * parameters MUST be non-NULL. -+ */ -+ if ((r->dmp1 == NULL && dmp1 == NULL) -+ || (r->dmq1 == NULL && dmq1 == NULL) -+ || (r->iqmp == NULL && iqmp == NULL)) -+ return 0; -+ -+ if (dmp1 != NULL) { -+ BN_free(r->dmp1); -+ r->dmp1 = dmp1; -+ } -+ if (dmq1 != NULL) { -+ BN_free(r->dmq1); -+ r->dmq1 = dmq1; -+ } -+ if (iqmp != NULL) { -+ BN_free(r->iqmp); -+ r->iqmp = iqmp; -+ } -+ -+ return 1; -+} -+ -+void RSA_get0_key(const RSA *r, -+ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) -+{ -+ if (n != NULL) -+ *n = r->n; -+ if (e != NULL) -+ *e = r->e; -+ if (d != NULL) -+ *d = r->d; -+} -+ -+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) -+{ -+ if (p != NULL) -+ *p = r->p; -+ if (q != NULL) -+ *q = r->q; -+} -+ -+void RSA_get0_crt_params(const RSA *r, -+ const BIGNUM **dmp1, const BIGNUM **dmq1, -+ const BIGNUM **iqmp) -+{ -+ if (dmp1 != NULL) -+ *dmp1 = r->dmp1; -+ if (dmq1 != NULL) -+ *dmq1 = r->dmq1; -+ if (iqmp != NULL) -+ *iqmp = r->iqmp; -+} -+ -+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) -+{ -+ /* If the fields p and g in d are NULL, the corresponding input -+ * parameters MUST be non-NULL. q may remain NULL. -+ */ -+ if ((dh->p == NULL && p == NULL) -+ || (dh->g == NULL && g == NULL)) -+ return 0; -+ -+ if (p != NULL) { -+ BN_free(dh->p); -+ dh->p = p; -+ } -+ if (q != NULL) { -+ BN_free(dh->q); -+ dh->q = q; -+ } -+ if (g != NULL) { -+ BN_free(dh->g); -+ dh->g = g; -+ } -+ -+ if (q != NULL) { -+ dh->length = BN_num_bits(q); -+ } -+ -+ return 1; -+} -+ -+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) -+{ -+ if (pub_key != NULL) -+ *pub_key = dh->pub_key; -+ if (priv_key != NULL) -+ *priv_key = dh->priv_key; -+} -+ -+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) -+{ -+ /* If the field pub_key in dh is NULL, the corresponding input -+ * parameters MUST be non-NULL. The priv_key field may -+ * be left NULL. -+ */ -+ if (dh->pub_key == NULL && pub_key == NULL) -+ return 0; -+ -+ if (pub_key != NULL) { -+ BN_free(dh->pub_key); -+ dh->pub_key = pub_key; -+ } -+ if (priv_key != NULL) { -+ BN_free(dh->priv_key); -+ dh->priv_key = priv_key; -+ } -+ -+ return 1; -+} -+ -+int DH_set_length(DH *dh, long length) -+{ -+ dh->length = length; -+ return 1; -+} -+ -+HMAC_CTX *HMAC_CTX_new(void) -+{ -+ return OPENSSL_zalloc(sizeof(HMAC_CTX)); -+} -+ -+void HMAC_CTX_free(HMAC_CTX *ctx) -+{ -+ HMAC_CTX_cleanup(ctx); -+ OPENSSL_free(ctx); -+} -+ -+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) -+{ -+ if (pkey->type != EVP_PKEY_RSA) { -+ return NULL; -+ } -+ return pkey->pkey.rsa; -+} -+ -+ -+#endif /* OPENSSL_VERSION_NUMBER */ -diff --git a/src/racoon/openssl_compat.h b/src/racoon/openssl_compat.h -new file mode 100644 -index 0000000..9e152c2 ---- /dev/null -+++ b/src/racoon/openssl_compat.h -@@ -0,0 +1,45 @@ -+#ifndef OPENSSL_COMPAT_H -+#define OPENSSL_COMPAT_H -+ -+#include <openssl/opensslv.h> -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ -+#include <openssl/rsa.h> -+#include <openssl/dh.h> -+#include <openssl/evp.h> -+#include <openssl/hmac.h> -+ -+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); -+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); -+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); -+void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); -+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); -+void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp); -+ -+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); -+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); -+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); -+int DH_set_length(DH *dh, long length); -+ -+HMAC_CTX *HMAC_CTX_new(void); -+void HMAC_CTX_free(HMAC_CTX* ctx); -+ -+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); -+ -+#define ASN1_STRING_length(s) s->length -+#define ASN1_STRING_get0_data(s) s->data -+ -+#define X509_get_subject_name(x) x->cert_info->subject -+#define X509_get_issuer_name(x) x->cert_info->issuer -+#define X509_NAME_ENTRY_get_data(n) n->value -+#define X509_NAME_ENTRY_get_object(n) n->object -+#define X509_STORE_CTX_get_current_cert(ctx) ctx->current_cert -+#define X509_STORE_CTX_get_error(ctx) ctx->error -+#define X509_STORE_CTX_get_error_depth(ctx) ctx->error_depth -+ -+#define OPENSSL_VERSION SSLEAY_VERSION -+#define OpenSSL_version SSLeay_version -+ -+#endif /* OPENSSL_VERSION_NUMBER */ -+ -+#endif /* OPENSSL_COMPAT_H */ -diff --git a/src/racoon/plainrsa-gen.c b/src/racoon/plainrsa-gen.c -index cad1861..b949b08 100644 ---- a/src/racoon/plainrsa-gen.c -+++ b/src/racoon/plainrsa-gen.c -@@ -60,6 +60,7 @@ - #include "vmbuf.h" - #include "plog.h" - #include "crypto_openssl.h" -+#include "openssl_compat.h" - - #include "package_version.h" - -@@ -90,12 +91,14 @@ mix_b64_pubkey(const RSA *key) - char *binbuf; - long binlen, ret; - vchar_t *res; -- -- binlen = 1 + BN_num_bytes(key->e) + BN_num_bytes(key->n); -+ const BIGNUM *e, *n; -+ -+ RSA_get0_key(key, &n, &e, NULL); -+ binlen = 1 + BN_num_bytes(e) + BN_num_bytes(n); - binbuf = malloc(binlen); - memset(binbuf, 0, binlen); -- binbuf[0] = BN_bn2bin(key->e, (unsigned char *) &binbuf[1]); -- ret = BN_bn2bin(key->n, (unsigned char *) (&binbuf[binbuf[0] + 1])); -+ binbuf[0] = BN_bn2bin(e, (unsigned char *) &binbuf[1]); -+ ret = BN_bn2bin(n, (unsigned char *) (&binbuf[binbuf[0] + 1])); - if (1 + binbuf[0] + ret != binlen) { - plog(LLV_ERROR, LOCATION, NULL, - "Pubkey generation failed. This is really strange...\n"); -@@ -131,16 +134,20 @@ print_rsa_key(FILE *fp, const RSA *key) - - fprintf(fp, "# : PUB 0s%s\n", pubkey64->v); - fprintf(fp, ": RSA\t{\n"); -- fprintf(fp, "\t# RSA %d bits\n", BN_num_bits(key->n)); -+ const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; -+ RSA_get0_key(key, &n, &e, &d); -+ RSA_get0_factors(key, &p, &q); -+ RSA_get0_crt_params(key, &dmp1, &dmq1, &iqmp); -+ fprintf(fp, "\t# RSA %d bits\n", BN_num_bits(n)); - fprintf(fp, "\t# pubkey=0s%s\n", pubkey64->v); -- fprintf(fp, "\tModulus: 0x%s\n", lowercase(BN_bn2hex(key->n))); -- fprintf(fp, "\tPublicExponent: 0x%s\n", lowercase(BN_bn2hex(key->e))); -- fprintf(fp, "\tPrivateExponent: 0x%s\n", lowercase(BN_bn2hex(key->d))); -- fprintf(fp, "\tPrime1: 0x%s\n", lowercase(BN_bn2hex(key->p))); -- fprintf(fp, "\tPrime2: 0x%s\n", lowercase(BN_bn2hex(key->q))); -- fprintf(fp, "\tExponent1: 0x%s\n", lowercase(BN_bn2hex(key->dmp1))); -- fprintf(fp, "\tExponent2: 0x%s\n", lowercase(BN_bn2hex(key->dmq1))); -- fprintf(fp, "\tCoefficient: 0x%s\n", lowercase(BN_bn2hex(key->iqmp))); -+ fprintf(fp, "\tModulus: 0x%s\n", lowercase(BN_bn2hex(n))); -+ fprintf(fp, "\tPublicExponent: 0x%s\n", lowercase(BN_bn2hex(e))); -+ fprintf(fp, "\tPrivateExponent: 0x%s\n", lowercase(BN_bn2hex(d))); -+ fprintf(fp, "\tPrime1: 0x%s\n", lowercase(BN_bn2hex(p))); -+ fprintf(fp, "\tPrime2: 0x%s\n", lowercase(BN_bn2hex(q))); -+ fprintf(fp, "\tExponent1: 0x%s\n", lowercase(BN_bn2hex(dmp1))); -+ fprintf(fp, "\tExponent2: 0x%s\n", lowercase(BN_bn2hex(dmq1))); -+ fprintf(fp, "\tCoefficient: 0x%s\n", lowercase(BN_bn2hex(iqmp))); - fprintf(fp, " }\n"); - - vfree(pubkey64); -@@ -203,11 +210,13 @@ int - gen_rsa_key(FILE *fp, size_t bits, unsigned long exp) - { - int ret; -- RSA *key; -+ RSA *key = RSA_new(); -+ BIGNUM *e = BN_new(); - -- key = RSA_generate_key(bits, exp, NULL, NULL); -- if (!key) { -+ BN_set_word(e, exp); -+ if (! RSA_generate_key_ex(key, bits, e, NULL)) { - fprintf(stderr, "RSA_generate_key(): %s\n", eay_strerror()); -+ RSA_free(key); - return -1; - } - -diff --git a/src/racoon/prsa_par.y b/src/racoon/prsa_par.y -index 1987e4d..27ce4c6 100644 ---- a/src/racoon/prsa_par.y -+++ b/src/racoon/prsa_par.y -@@ -68,6 +68,7 @@ - #include "isakmp_var.h" - #include "handler.h" - #include "crypto_openssl.h" -+#include "openssl_compat.h" - #include "sockmisc.h" - #include "rsalist.h" - -@@ -85,7 +86,18 @@ char *prsa_cur_fname = NULL; - struct genlist *prsa_cur_list = NULL; - enum rsa_key_type prsa_cur_type = RSA_TYPE_ANY; - --static RSA *rsa_cur; -+struct my_rsa_st { -+ BIGNUM *n; -+ BIGNUM *e; -+ BIGNUM *d; -+ BIGNUM *p; -+ BIGNUM *q; -+ BIGNUM *dmp1; -+ BIGNUM *dmq1; -+ BIGNUM *iqmp; -+}; -+ -+static struct my_rsa_st *rsa_cur; - - void - prsaerror(const char *s, ...) -@@ -201,8 +213,12 @@ rsa_statement: - rsa_cur->iqmp = NULL; - } - } -- $$ = rsa_cur; -- rsa_cur = RSA_new(); -+ RSA * rsa_tmp = RSA_new(); -+ RSA_set0_key(rsa_tmp, rsa_cur->n, rsa_cur->e, rsa_cur->d); -+ RSA_set0_factors(rsa_tmp, rsa_cur->p, rsa_cur->q); -+ RSA_set0_crt_params(rsa_tmp, rsa_cur->dmp1, rsa_cur->dmq1, rsa_cur->iqmp); -+ $$ = rsa_tmp; -+ memset(rsa_cur, 0, sizeof(struct my_rsa_st)); - } - | TAG_PUB BASE64 - { -@@ -351,10 +367,12 @@ prsa_parse_file(struct genlist *list, char *fname, enum rsa_key_type type) - prsa_cur_fname = fname; - prsa_cur_list = list; - prsa_cur_type = type; -- rsa_cur = RSA_new(); -+ rsa_cur = malloc(sizeof(struct my_rsa_st)); -+ memset(rsa_cur, 0, sizeof(struct my_rsa_st)); - ret = prsaparse(); - if (rsa_cur) { -- RSA_free(rsa_cur); -+ memset(rsa_cur, 0, sizeof(struct my_rsa_st)); -+ free(rsa_cur); - rsa_cur = NULL; - } - fclose (fp); -diff --git a/src/racoon/rsalist.c b/src/racoon/rsalist.c -index f152c82..96e8363 100644 ---- a/src/racoon/rsalist.c -+++ b/src/racoon/rsalist.c -@@ -52,6 +52,7 @@ - #include "genlist.h" - #include "remoteconf.h" - #include "crypto_openssl.h" -+#include "openssl_compat.h" - - #ifndef LIST_FIRST - #define LIST_FIRST(head) ((head)->lh_first) -@@ -98,7 +99,9 @@ rsa_key_dup(struct rsa_key *key) - return NULL; - - if (key->rsa) { -- new->rsa = key->rsa->d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa); -+ const BIGNUM *d; -+ RSA_get0_key(key->rsa, NULL, NULL, &d); -+ new->rsa = (d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa)); - if (new->rsa == NULL) - goto dup_error; - } --- -2.16.1 - diff --git a/net-vpn/ipsec-tools/ipsec-tools-0.8.2-r6.ebuild b/net-vpn/ipsec-tools/ipsec-tools-0.8.2-r6.ebuild index 92c5ce61b3ac..12630f200d8f 100644 --- a/net-vpn/ipsec-tools/ipsec-tools-0.8.2-r6.ebuild +++ b/net-vpn/ipsec-tools/ipsec-tools-0.8.2-r6.ebuild @@ -7,7 +7,8 @@ inherit flag-o-matic autotools linux-info pam systemd DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation" HOMEPAGE="http://ipsec-tools.sourceforge.net/" -SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2 + https://dev.gentoo.org/~juippis/distfiles/tmp/ipsec-tools-add-openssl-1.1.x-support.patch" LICENSE="BSD GPL-2" SLOT="0" @@ -188,7 +189,7 @@ src_prepare() { eapply "${FILESDIR}/${PN}-include-vendoridh.patch" eapply "${FILESDIR}"/${PN}-0.8.0-sysctl.patch #425770 eapply "${FILESDIR}"/${PN}-CVE-2015-4047.patch - eapply "${FILESDIR}"/${PN}-add-openssl-1.1.x-support.patch + eapply "${DISTDIR}"/${PN}-add-openssl-1.1.x-support.patch eapply "${FILESDIR}"/${PN}-CVE-2016-10396.patch AT_M4DIR="${S}" eautoreconf diff --git a/net-vpn/libreswan/Manifest b/net-vpn/libreswan/Manifest index e2cc28179521..ffb721a7acd1 100644 --- a/net-vpn/libreswan/Manifest +++ b/net-vpn/libreswan/Manifest @@ -1,6 +1,9 @@ AUX libreswan-3.30-ip-path.patch 563 BLAKE2B 838ae401b4e7c04378e8cbb2561a6d348896883942683682c8ac3b31de56d360460bc2ea2c26f579a6f36078101270167b775579fd2502c72dd680620c12a585 SHA512 a8a391386014cff3b867fb8c0ba8c83ecb93c11d35aea205877b66e3104712311e19f13eb9659ee158833512c199d0104b5a796ebef37a1bc210e254abc6f573 AUX libreswan-3.32-nss-compat.patch 680 BLAKE2B 5eb1f43e95d2f0801e0725ae1186e96ccf529200b0f1e4c8aa8d6d09248114f45a61468ad88a247a85c2f97b019ab0a022c6ce8a6ed263097c8d42c0008cfa43 SHA512 231b3985f333cc4a6f588b6854a217847136dd67305152dd14be96db8c0d7e043b885c47382276387e44939e26d046753d16853f3f0f17b43f966e3c3213c8e1 DIST libreswan-3.32.tar.gz 4141631 BLAKE2B 37a4cb5c1f52d69b17ba60abd2b7a181d9f5567914a453ab875185110aeda4d33ecdaacfc83e361f153860a1db66faec70e0ad06af65e310af28ae72ce68fc6a SHA512 bb65512351059e2fac6f1c3ed1e291eabd6835faacf6d9c58649dd71dab1bb4fe6d6074178dea6dea01f24d39f3fbefd84c6060e4d8436b5d057fa55ae4467f3 +DIST libreswan-4.1.tar.gz 3427012 BLAKE2B 2ec58a53756efd2dc8e6a9e305c1efd1e3b8b1aaa089d783e86cf19d747b99838de451a2f94965981e0e2342d5866c16f36c4cf07e7ab971f3e689f8616c28f6 SHA512 c98dfdf6bff17eda6f028e35653b822941665989e37974266bcc54fda20e05f71b86c1dfee858a8ba9a544f86e9217e8e08fa2dfe03ab011f6c2d039b4ee05fe EBUILD libreswan-3.32-r1.ebuild 3165 BLAKE2B c0144e07373f076366d0baeb9c9c2472edc6c07f7fbb6ee37c7865ea37cdf4476e3f3119c51efeb1ac4ba54caad84a14727811387cf6eacd3be9724a5ede7b1d SHA512 1bd84beadae36e45f948b0c902e5ee4058c79a26a7d72b985bda62bfe3267e468f0c6ea970fe73f70e34332a286fe3c8da9f6e8b34b5f3c9d8eb742508b40344 EBUILD libreswan-3.32.ebuild 3127 BLAKE2B dfd79e648967070d3a2ae7018873647a03d162bf904f4f70fa7d2baf9969d7912407a56869986f0c83675e65e5f27e5622ffccf4c6b1b3bcecb3200472976372 SHA512 5937f4ee0eba31fa8cbfcb477e19e5d2f74b1fafba9be035cdb64e88e80d5bc0acfd6dd995de54e449be6a8ff01a893ad64d578d4eb7b5e72f42f748fc829333 +EBUILD libreswan-4.1-r1.ebuild 3236 BLAKE2B cee2764473852cb447748a71b0294a47bebdb0962109748a089ac471d58a4fce00f4485f0bd7ebb99a10411356945c46aa29d9ca1984bdef0f98fc7bd3995336 SHA512 6f4e7b3df6bd703c4e81950772478de4b73ebc6635307ac304480d1f89e96f99677c86dbdc28f1e063e51eb1305c7ca9c68bbfc852d733efd24ed76b285504b9 +EBUILD libreswan-4.1.ebuild 3169 BLAKE2B 48d18e851be46585a86c2f26068da3bdcc000f79f5f7318a560c7b47c688a0ff6a0be260b453cb503d65189000e6449020d469e534d939a8e937803063a48059 SHA512 e03c9d576ffc51a4c471b2cf8d063221911fbf7cae2434034466a8d85e131d24e375f9fe8457a8a5002923a5b0c3a49ca42f97d307798f415b373225da60580a MISC metadata.xml 319 BLAKE2B 6bae0756e29efeb1cf77d60f7e38fe62ffa5f24c3745e07900e6ef5f65194c50f6a479d97fdcc24804ccdcfefd9707b12f08dffe613fcf798afc421826de36e4 SHA512 924161f15c0f7a9666a6d7a422b45da679190e1a0f2859b997ddd753cbf49df9da337e5420040210736f76fa712dca3ec8862480f62bd321de71e74bee7c0865 diff --git a/net-vpn/libreswan/libreswan-4.1-r1.ebuild b/net-vpn/libreswan/libreswan-4.1-r1.ebuild new file mode 100644 index 000000000000..e837a675077b --- /dev/null +++ b/net-vpn/libreswan/libreswan-4.1-r1.ebuild @@ -0,0 +1,120 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit systemd toolchain-funcs + +SRC_URI="https://download.libreswan.org/${P}.tar.gz" +KEYWORDS="~amd64 ~arm ~ppc ~x86" + +DESCRIPTION="IPsec implementation for Linux, fork of Openswan" +HOMEPAGE="https://libreswan.org/" + +LICENSE="GPL-2 BSD-4 RSA DES" +SLOT="0" +IUSE="caps curl dnssec ldap networkmanager pam seccomp selinux systemd test" +RESTRICT="!test? ( test )" + +DEPEND=" + dev-libs/gmp:0= + dev-libs/libevent:0= + dev-libs/nspr + >=dev-libs/nss-3.42 + >=sys-kernel/linux-headers-4.19 + caps? ( sys-libs/libcap-ng ) + curl? ( net-misc/curl ) + dnssec? ( >=net-dns/unbound-1.9.1-r1:= net-libs/ldns ) + ldap? ( net-nds/openldap ) + pam? ( sys-libs/pam ) + seccomp? ( sys-libs/libseccomp ) + selinux? ( sys-libs/libselinux ) + systemd? ( sys-apps/systemd:0= ) +" +BDEPEND=" + app-text/docbook-xml-dtd:4.1.2 + app-text/xmlto + dev-libs/nss + sys-devel/bison + sys-devel/flex + virtual/pkgconfig + test? ( dev-python/setproctitle ) +" +RDEPEND="${DEPEND} + dev-libs/nss[utils(+)] + sys-apps/iproute2 + !net-vpn/strongswan + selinux? ( sec-policy/selinux-ipsec ) +" + +usetf() { + usex "$1" true false +} + +PATCHES=( "${FILESDIR}/${PN}-3.30-ip-path.patch" ) + +src_prepare() { + sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die + sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die + default +} + +src_configure() { + tc-export AR CC + export PREFIX=/usr + export FINALEXAMPLECONFDIR=/usr/share/doc/${PF} + export FINALDOCDIR=/usr/share/doc/${PF}/html + export INITSYSTEM=openrc + export INITDDIRS= + export INITDDIR_DEFAULT=/etc/init.d + export USERCOMPILE=${CFLAGS} + export USERLINK=${LDFLAGS} + export USE_DNSSEC=$(usetf dnssec) + export USE_LABELED_IPSEC=$(usetf selinux) + export USE_LIBCAP_NG=$(usetf caps) + export USE_LIBCURL=$(usetf curl) + export USE_LINUX_AUDIT=$(usetf selinux) + export USE_LDAP=$(usetf ldap) + export USE_NM=$(usetf networkmanager) + export USE_SECCOMP=$(usetf seccomp) + export USE_SYSTEMD_WATCHDOG=$(usetf systemd) + export SD_WATCHDOGSEC=$(usex systemd 200 0) + export USE_XAUTHPAM=$(usetf pam) + export DEBUG_CFLAGS= + export OPTIMIZE_CFLAGS= + export WERROR_CFLAGS= +} + +src_compile() { + emake all + emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" all +} + +src_test() { + : # integration tests only that require set of kvms to be set up +} + +src_install() { + default + emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" DESTDIR="${D}" install + + echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets + fperms 0600 /etc/ipsec.secrets + + keepdir /var/lib/ipsec/nss + fperms 0700 /var/lib/ipsec/nss + + dodoc -r docs + + find "${D}" -type d -empty -delete || die +} + +pkg_postinst() { + local IPSEC_CONFDIR=${ROOT}/var/lib/ipsec/nss + if [[ ! -f ${IPSEC_CONFDIR}/cert8.db && ! -f ${IPSEC_CONFDIR}/cert9.db ]] ; then + ebegin "Setting up NSS database in ${IPSEC_CONFDIR} with empty password" + certutil -N -d "${IPSEC_CONFDIR}" --empty-password + eend $? + einfo "To set a password: certutil -W -d sql:${IPSEC_CONFDIR}" + fi +} diff --git a/net-vpn/libreswan/libreswan-4.1.ebuild b/net-vpn/libreswan/libreswan-4.1.ebuild new file mode 100644 index 000000000000..711934427676 --- /dev/null +++ b/net-vpn/libreswan/libreswan-4.1.ebuild @@ -0,0 +1,117 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit systemd toolchain-funcs + +SRC_URI="https://download.libreswan.org/${P}.tar.gz" +KEYWORDS="~amd64 ~arm ~ppc ~x86" + +DESCRIPTION="IPsec implementation for Linux, fork of Openswan" +HOMEPAGE="https://libreswan.org/" + +LICENSE="GPL-2 BSD-4 RSA DES" +SLOT="0" +IUSE="caps curl dnssec ldap networkmanager pam seccomp selinux systemd test" +RESTRICT="!test? ( test )" + +DEPEND=" + dev-libs/gmp:0= + dev-libs/libevent:0= + dev-libs/nspr + >=dev-libs/nss-3.42 + >=sys-kernel/linux-headers-4.19 + caps? ( sys-libs/libcap-ng ) + curl? ( net-misc/curl ) + dnssec? ( >=net-dns/unbound-1.9.1-r1:= net-libs/ldns ) + ldap? ( net-nds/openldap ) + pam? ( sys-libs/pam ) + seccomp? ( sys-libs/libseccomp ) + selinux? ( sys-libs/libselinux ) + systemd? ( sys-apps/systemd:0= ) +" +BDEPEND=" + app-text/docbook-xml-dtd:4.1.2 + app-text/xmlto + dev-libs/nss + sys-devel/bison + sys-devel/flex + virtual/pkgconfig + test? ( dev-python/setproctitle ) +" +RDEPEND="${DEPEND} + dev-libs/nss[utils(+)] + sys-apps/iproute2 + !net-vpn/strongswan + selinux? ( sec-policy/selinux-ipsec ) +" + +usetf() { + usex "$1" true false +} + +PATCHES=( "${FILESDIR}/${PN}-3.30-ip-path.patch" ) + +src_prepare() { + sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die + sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die + default +} + +src_configure() { + tc-export AR CC + export PREFIX=/usr + export FINALEXAMPLECONFDIR=/usr/share/doc/${PF} + export FINALDOCDIR=/usr/share/doc/${PF}/html + export INITSYSTEM=openrc + export INITDDIRS= + export INITDDIR_DEFAULT=/etc/init.d + export USERCOMPILE=${CFLAGS} + export USERLINK=${LDFLAGS} + export USE_DNSSEC=$(usetf dnssec) + export USE_LABELED_IPSEC=$(usetf selinux) + export USE_LIBCAP_NG=$(usetf caps) + export USE_LIBCURL=$(usetf curl) + export USE_LINUX_AUDIT=$(usetf selinux) + export USE_LDAP=$(usetf ldap) + export USE_NM=$(usetf networkmanager) + export USE_SECCOMP=$(usetf seccomp) + export USE_SYSTEMD_WATCHDOG=$(usetf systemd) + export SD_WATCHDOGSEC=$(usex systemd 200 0) + export USE_XAUTHPAM=$(usetf pam) + export DEBUG_CFLAGS= + export OPTIMIZE_CFLAGS= + export WERROR_CFLAGS= +} + +src_compile() { + emake all + emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" all +} + +src_test() { + : # integration tests only that require set of kvms to be set up +} + +src_install() { + default + emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" DESTDIR="${D}" install + + echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets + fperms 0600 /etc/ipsec.secrets + + dodoc -r docs + + find "${D}" -type d -empty -delete || die +} + +pkg_postinst() { + local IPSEC_CONFDIR=${ROOT}/etc/ipsec.d + if [[ ! -f ${IPSEC_CONFDIR}/cert8.db && ! -f ${IPSEC_CONFDIR}/cert9.db ]] ; then + ebegin "Setting up NSS database in ${IPSEC_CONFDIR} with empty password" + certutil -N -d "${IPSEC_CONFDIR}" --empty-password + eend $? + einfo "To set a password: certutil -W -d sql:${IPSEC_CONFDIR}" + fi +} diff --git a/net-vpn/ocserv/Manifest b/net-vpn/ocserv/Manifest index 1c61e88c8ef7..ccadca3c5048 100644 --- a/net-vpn/ocserv/Manifest +++ b/net-vpn/ocserv/Manifest @@ -1,4 +1,6 @@ AUX ocserv 182 BLAKE2B b7ea6c381fed7406bda8fae3638445d6cd2e2acaf5f5c310227fc56f62e3286df6bb49063db8d2ab8dce2c6d5e8487b50085875f2af057b662aeb37b5adfe77a SHA512 9e0dcc3668e5e7584b4f01f56c0b48c7a1099b3658ee2387cd899050030328c497e64f9409a1af589ab42f8b6b1e7f13828a50b478906721ccad9d3013f3b06a DIST ocserv-1.0.1.tar.xz 787800 BLAKE2B 655a2a6e1434a5b31b157e0f73df3d6d04011c06fd5a1f39f1152752abdc837974c739bc0694a804a1e96b4e219c78c5cf1a58040bbcdcad3e326d0c9e584c7b SHA512 953e1b6084f68f8627b5383e28b5fcde987881e66feac645a40fa37d895f0711b171c9029c3703773dfbd5432d747f92c71af9240c2df3381599902a7d5fe880 +DIST ocserv-1.1.1.tar.xz 818988 BLAKE2B 06fdc47fcabea162ddd417f315c53e85f4ccdc1dc9b60b624c06ee4adae9d6f0ee96f94c15daafa0633b4925720519da7220914008c64c5771f61416208a570e SHA512 1173416f0d32f9faf98e539c8e73316a50ac93b519d1ade19374a3df865d10d975e13ac53e0c5a5e77c80f3605d7a810287b18b85b798887d227389761b54220 EBUILD ocserv-1.0.1.ebuild 1744 BLAKE2B fd40acea30c43fbc6903b7c6007bcb9ac9730092c9e593bc2cfc32b3f4b9e07b4621ba10ea16af1af8a76754f50ed16bc0533e6d2dff4c485cf0555be4811ba0 SHA512 46c4ef4267bc1b53f30c56626738b40221c5677c47b6d5ca4c00b27c1d3fbfe71dd1a1b506aa1d3748ae549cfb5a43d038153e3481df491ec4fde772b9539f1a +EBUILD ocserv-1.1.1.ebuild 1724 BLAKE2B 2ecad19445504125fe6f00f65df5cf2d4bd81be2eef841ed2cb44fcb8421265e43c667d50b0ea10bc382e0a7ca34c2b4236ec5ee7014357dd77b37d959fb66c6 SHA512 a5c08e580d40f008b665d361a35ba3092f5d2e8b1d67ea417012ec6b84ebf83182925952a51215bc04a319d37b94d3deb6f4256e025a174419f78351fd873655 MISC metadata.xml 325 BLAKE2B 1bb6068aff761fbf40d489d5d60bcbf295a079a2fffbb99af64abfcecaedf7cb5407b3f94b6823b58690912f43dc4427cd8d7a658d2f809b45462702ba5f0aeb SHA512 4fb35360034ac9639198ebd1e0917848b807e0a53ec10eb2d4e1a90a4f3f631b582e6f3d6e3a7d50f2f284ff47dc1a2ec4d362fa73f6b5a1834ef531bb2bc5ca diff --git a/net-vpn/ocserv/ocserv-1.1.1.ebuild b/net-vpn/ocserv/ocserv-1.1.1.ebuild new file mode 100644 index 000000000000..41a683070d56 --- /dev/null +++ b/net-vpn/ocserv/ocserv-1.1.1.ebuild @@ -0,0 +1,81 @@ +# Copyright 2019-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit systemd + +DESCRIPTION="Openconnect SSL VPN server" +HOMEPAGE="https://ocserv.gitlab.io/www/index.html" +SRC_URI="ftp://ftp.infradead.org/pub/ocserv/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" +IUSE="geoip kerberos +lz4 otp pam radius +seccomp systemd tcpd test" +RESTRICT="!test? ( test )" + +BDEPEND=" + virtual/pkgconfig + test? ( + net-libs/gnutls[tools(+)] + net-libs/socket_wrapper + net-vpn/openconnect + sys-libs/nss_wrapper + sys-libs/uid_wrapper + ) +" +DEPEND=" + dev-libs/libnl:3= + dev-libs/libev:0= + >=dev-libs/nettle-2.7:0= + dev-libs/pcl:0= + dev-libs/protobuf-c:0= + >=net-libs/gnutls-3.3.0:0= + net-libs/http-parser:0= + sys-libs/readline:0= + sys-libs/talloc:0= + geoip? ( dev-libs/geoip:0= ) + kerberos? ( virtual/krb5 ) + lz4? ( app-arch/lz4:0= ) + otp? ( sys-auth/oath-toolkit:0= ) + pam? ( sys-libs/pam:0= ) + radius? ( net-dialup/freeradius-client:0= ) + seccomp? ( sys-libs/libseccomp:0= ) + systemd? ( sys-apps/systemd:0= ) + tcpd? ( sys-apps/tcp-wrappers:0= ) +" +RDEPEND="${DEPEND}" + +src_configure() { + local myconf=( + --without-root-tests + --without-nuttcp-tests + + $(use_enable seccomp) + $(use_enable systemd) + + $(use_with geoip) + $(use_with kerberos gssapi) + $(use_with lz4) + $(use_with otp liboath) + $(use_with radius) + $(use_with tcpd libwrap) + ) + econf "${myconf[@]}" +} + +src_install() { + default + + dodoc doc/sample.{config,passwd} + use otp && dodoc doc/sample.otp + + doinitd "${FILESDIR}"/ocserv + + if use systemd; then + systemd_dounit doc/systemd/socket-activated/ocserv.{service,socket} + else + systemd_dounit doc/systemd/standalone/ocserv.service + fi +} diff --git a/net-vpn/openconnect/Manifest b/net-vpn/openconnect/Manifest index 11b0ed6e7c44..9570cec3067b 100644 --- a/net-vpn/openconnect/Manifest +++ b/net-vpn/openconnect/Manifest @@ -1,10 +1,17 @@ AUX 8.09-gnutls-buffer-overflow.patch 2172 BLAKE2B 6c1251936ad2606c9b68036820e930efc392132b365faa14e690a6df4daa339c24614f856423a2d7d04bcbb3b799e96486dfb18430a6b9d8016eaeaf60a19ee5 SHA512 d74920e6eb5f8ef6ca4dcf03cf8d47a5e2ed480573dfd0c8742851e9b830fc6b379b24e945c5b429a50919a7a5041f007ba76ba93dc22eaecb27e84a84a89011 +AUX README.OpenRC 957 BLAKE2B f390ce810ce550d0456f1885224edbe578106464d448ec3181cb152f61bc2f951ba3e21a79555d2edbff88414d09ead2598808350e7584b97cd03abab5f642de SHA512 8a94e74fd2fbcce0f5959f6565ec9f4fd63da8fea7126f69ed4812b1002cbc55435c533d0827ac3989534e32e5cf42beef954e22ce0276b224e3629e7641d12d AUX README.OpenRC.txt 715 BLAKE2B 1f76faac7bf705fc3a4adbb8902e0fbd3354e654f0af59cb59b92fc4188400c9dfeef0267ebe39c8eb4842df8a6421aaf472e7bd20097cdc0d620e10fbafd28a SHA512 172b845cc46465119d14e304a0ea9a13d28497bc9e80688eab3ccce0e14ee17917fb6b8a06dd7e9a4657ef4f51a023045ac45bc5d8823e29b2d0cb9854425f66 AUX openconnect.conf.in 941 BLAKE2B 8cfa197edfe3b3754e45281b33d51bee0dd80746ac129b071710ca9d6f5aa5da16a3c3ad5fa52c6bfdc0ae4a9b1e3cfea2c20909c6164e67e0dba880cf08fc8a SHA512 a689df7141621c80bca77fdd1e01397b98882c7fd8db79b2fe1495916656522234e3af739538002533c003e4243e9af4bf80cd73bae961e15568997ce89ef6d5 AUX openconnect.init.in-r4 1775 BLAKE2B 2237238a2d149532e90c96190829e9ef51afa50487a0fd45c3c4d2e983fb8755bdf0de3eca44df740b286f4d353b03d71fcd2c2a27129f18031b2bd01989f738 SHA512 7b832550ef21ddb4b1c0eae7f3838b925745a5ebbdb74f1583fb8710b75175ebcbc7b1558ce95f59cd78542bec8bc01f7ab6d32ec4a5b168bb8a516a8907d362 +AUX openconnect.initd.8.10 2431 BLAKE2B 7de9090247f4c59173aeb70e1349368af2ab78f51651cdf1173d35f7273858c9c37f9bfb34b947a72bd8c3116c47ba002b5357207eef7aeba151e094475ce213 SHA512 7fd9e67473d69438ae383370dcdd109847169e86f41f23af88dfd6eb01202d2fcadded91e52a735881785d16713b471e1972b9ae44dfd2a4c7914ac7b11d66a3 AUX openconnect.logrotate 116 BLAKE2B 308d088f7c06239ec68831e415df420362c1825ae279fa6f736f36df0bf2e7efc8ea6a4ab43d9b53680dd0ab5028c92bf70a0597b56a20da06b302457e7d5f07 SHA512 ea1b6caf6278fea515c299072ee799ab3676014784703d7fa8e4f4d7bfc4599650c386d9706a3e6d92c195c9e5e1628fa6efc1124e1ae72875cc9eaab73cb077 DIST openconnect-8.09.tar.gz 2083279 BLAKE2B 4588c693a7a641faad271b034e8713f00fda04a872641e45a8ce3e1a236b8d2f4e1b8d973d20e7a9fc656f9460a0e990cbaada008d4ecf9a46353f20c25ac87a SHA512 f6890f5bce4b36b162e4590bce8a61d65fc0ae803d62a3dd408fbb13e96ce41b6443740132808491093032545aea919f9076e34bc11160c503c5e3c46457e7bd +DIST openconnect-8.10.tar.gz 2084534 BLAKE2B 98ad0e24e09bc565f359139540f60eb9b6b5ed2239a9c46c56889b8554fc3de3605c10f1bb4fa0b0b206ba35404ae90a389ab8dcee54cf05a24d984529d24c2a SHA512 a36a106cf5c637602fc5bd3cd12df8f6dfe55217c1aae93c66ca33208507f3f8cda15e3a46d75615c7fcea1859d1a04017a07674ad0246876154467305477356 DIST vpnc-scripts-20200226.tar.gz 21460 BLAKE2B 8f00ce3dc49725758abce27f3688946df1bbd4e92769ef02aa9ee66db8b9f41bef3442eaa5405ab1467476899c6d364dfea898ed924ca83497823a85515d48e5 SHA512 3a1eac4ccfaefb0f837189c8cef696b33ab8b8a68cb50a3ad29206b708d0aa479e8eed0c09bef6f60d056cd98d63cc898a1609d734030a63df3be2cfa6c00f9a +DIST vpnc-scripts-20200930.tar.gz 22305 BLAKE2B 5db809ef674cb3cb8f1c775adc1e83debbda28fdcf47e0b0527efe6d1cea09781ef02b2827d9704140b884a85e7ec51fba497f47f6793520b471a7bba0dde6b6 SHA512 5f42bc7b168b5fdfc3ebd4bae52a42a654f102982852cc74240972e16e77fe0b54d82175e2a067e1d7e408bd14c3f465f7eb82b23b41885cb25a813d9587fd3d EBUILD openconnect-8.09-r1.ebuild 3095 BLAKE2B 2b9f88751028da80c8dd3e0c39128ecc940f99633f2749f41ae5ef5560890603e7642c0885dd986c37a5c8d452b98f1bc9fb19b8ace4bc6f5a1a1f2f7602ebe8 SHA512 f61df9f3ad778ee35add92ee7a8df860e1454dfe3c73ec444852eabe955b4fa9adc1f2d6218941bebd89f6eeb2feb55ce126ba92109a3f3b1c6457dc90391300 -EBUILD openconnect-9999.ebuild 3013 BLAKE2B f376c7b9e4f3b48cb983d13e5164035416c29c50a9eb0818443c5c41ef74df09adabfc64c7f34161ab065096974bf70db9686c95c01780e4e5696a458578bbd4 SHA512 d758170016064de6193cb0fdf3ff8af3b473da65f72fc0a16d5312fc3a037256bb9684cf2e5dc364e1383a3bc59d8783c7d8d722297c04328ca20104d850f340 +EBUILD openconnect-8.09-r3.ebuild 3084 BLAKE2B fa1f5198b19c6f1f087121146a7f96c7c0ffaaf63d130ff24cf7f6e71dd8f1ef73d24e369b790667ea606f55446df960b79d5bd936fb870438f412118873cdb7 SHA512 44356a847ea5d761df076f1cf02865ab7e6a3849dc0e87a32855ba24b7fa4f8c3d5a0a8fd6b00d4e9a03a615f8548f6d9346d28174288db703eeccf7ce3a4e1b +EBUILD openconnect-8.10-r1.ebuild 3270 BLAKE2B 83f06415e53148cd616ca0661e0549d41b968c36838ba6c44795856384ae350a4aace0a44443fb943d0bf377cbfcfdf16737d178ae92a1847d076cee06684a93 SHA512 c9cb27ca20c6bc4376c222dcebbec97d5b9aafadb33ad9251a98a0c92d94433fac96accf895776a2d2f3563e318ab5fde887e8a9a1d4b2cf8c206f2ddb1a2f43 +EBUILD openconnect-8.10.ebuild 3018 BLAKE2B 40e56f3c298581ac136c08388a70a3bcf306981a28a574da190b19cd5b1f71975da5efb64e471e0159784ee12564925cc762eafc0007be3788017d5bc18ee7f0 SHA512 c94a4e599f7208d7a8d603613e494855486eb03746847c5576f659aca7bb0f95f85b666c9e77c6ff8ad14f403b10fd7a9db00777f49892da44e7262c7e6ac84f +EBUILD openconnect-9999.ebuild 3018 BLAKE2B da050b6e7e47275cffa39484a073ea73651e31e7ee9a0e56aefdd282cc12e1f0259fd21dc0a3f6a70bf5894b701f61cb52756751b30a98cbe0cd9d4236fb207c SHA512 eb3b92d8469a90936fc5a99c266d3608624e4de2217ca02b042fc106ae90b1f71c288450d6c3e7781a9eb2168459a981909e2947f32d6487a97b49efb29ae62d MISC metadata.xml 523 BLAKE2B c4a4ebc18284b99d3b983740180460ad1c83933860c4d8df14886a740cad0a1dbf363881ffd430adb24feaf49a2a9d02f6d3a80d5bcd96fc36f2cdb1aea2bff5 SHA512 7701ea4b9ed4d0051d915700fbd20eb28ca03024f8c4beecd8e0192e8cfd82c136cec32f29cd1e76a3059913f1b04af8066ee2700cab393bb270a8cbe18214c8 diff --git a/net-vpn/openconnect/files/README.OpenRC b/net-vpn/openconnect/files/README.OpenRC new file mode 100644 index 000000000000..baa617d94eaa --- /dev/null +++ b/net-vpn/openconnect/files/README.OpenRC @@ -0,0 +1,30 @@ +The service script for openconnect supports multiple vpn tunnels. + +You need to create a symbolic link to /etc/init.d/openconnect in +/etc/init.d for each tunnel instead of calling it directly: + +ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0 + +Also, create a configuration file for the tunnel in /etc/openconnect. To +follow this example, the configuration file would be called +/etc/openconnect/vpn0.conf. See man openconnect for the options that can +go in this file. + +You can then start the vpn tunnel like this: + +rc-service openconnect.vpn0 start + +If you would like to run preup, postup, predown, and/or postdown scripts, +You need to create a directory in /etc/openconnect with the name of the vpn: + +mkdir /etc/openconnect/vpn0 + +Then add executable shell files: + +mkdir /etc/openconnect/vpn0 +cd /etc/openconnect/vpn0 +echo '#!/bin/sh' > preup.sh +cp preup.sh predown.sh +cp preup.sh postup.sh +cp preup.sh postdown.sh +chmod 755 /etc/openconnect/vpn0/* diff --git a/net-vpn/openconnect/files/openconnect.initd.8.10 b/net-vpn/openconnect/files/openconnect.initd.8.10 new file mode 100644 index 000000000000..cec5350e17ce --- /dev/null +++ b/net-vpn/openconnect/files/openconnect.initd.8.10 @@ -0,0 +1,105 @@ +#!/sbin/openrc-run +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +VPN="${RC_SVCNAME#*.}" +VPNCONF=/etc/openconnect/${VPN}.conf +VPNDIR="/etc/openconnect/${VPN}" +VPNLOG="/var/log/openconnect/${VPN}" +VPNLOGFILE="${VPNLOG}/openconnect.log" +VPNERRFILE="${VPNLOG}/openconnect.err" + +command="/usr/sbin/openconnect" +name="OpenConnect: ${VPN}" +pidfile="/run/openconnect/${VPN}.pid" +stopsig="SIGINT" + +depend() { + before netmount +} + +checkconfig() { + if [ $VPN = "openconnect" ]; then + eerror "You cannot call openconnect directly. You must create a symbolic link to it with the vpn name:" + eerror + eerror "ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0" + eerror + eerror "And then call it instead:" + eerror + eerror "/etc/init.d/openconnect.vpn0 start" + return 1 + fi + if [ ! -f "${VPNCONF}" ]; then + ewarn "The configuration file for ${VPN} does not exist." + ewarn "Please create ${VPNCONF}" + ewarn "This will become a fatal error in a future release." + fi + local server vpnopts password + eval server=\$server_${VPN} + eval vpnopts=\$vpnopts_${VPN} + eval password=\$password_${VPN} + if [ -n "$server" ] || [ -n "$vpnopts" ] || [ -n "password" ]; then + ewarn "server_${VPN}, vpnopts${VPN} and password_${VPN} are deprecated" + ewarn"Please move them to the appropriate settings in ${VPNCONF}" + ewarn "They will be ignored in the future." + fi + return 0 +} + +checktuntap() { + if [ "$RC_UNAME" = "Linux" -a ! -e /dev/net/tun ] ; then + if ! modprobe tun ; then + eerror "TUN/TAP support is not available in this kernel" + return 1 + fi + fi +} + +run_hook() { + if [ -x "$1" ]; then + "$@" + fi +} + +start_pre() { + checkconfig || return + checktuntap || return + checkpath -d "${VPNLOG}" || return + checkpath -d /run/openconnect || return + run_hook "${VPNDIR}/preup.sh" +} + +start() { + local server vpnopts password + eval server=\$server_${VPN} + eval vpnopts=\$vpnopts_${VPN} + eval password=\$password_${VPN} + + ebegin "Starting ${name}" + start-stop-daemon --start --exec "${command}" -- \ + --background \ + --config="${VPNCONF:-/dev/null}" \ + --interface="${VPN}" \ + --pid-file="${pidfile}" \ + ${vpnopts} \ + "${server}" \ + >> "${VPNLOGFILE}" \ + 2>> "${VPNERRFILE}" \ + <<EOF +${password} +EOF + eend $? +} + +start_post() { + run_hook "${VPNDIR}/postup.sh" +} + +stop_pre() { + checkconfig || return + run_hook "${VPNDIR}/predown.sh" +} + +stop_post() { + run_hook "${VPNDIR}/postdown.sh" +} diff --git a/net-vpn/openconnect/openconnect-8.09-r3.ebuild b/net-vpn/openconnect/openconnect-8.09-r3.ebuild new file mode 100644 index 000000000000..5008e83fa2c8 --- /dev/null +++ b/net-vpn/openconnect/openconnect-8.09-r3.ebuild @@ -0,0 +1,152 @@ +# Copyright 2011-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python{3_6,3_7,3_8,3_9} ) +PYTHON_REQ_USE="xml" + +inherit linux-info python-any-r1 + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git" + inherit git-r3 autotools +else + ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz" + KEYWORDS="amd64 arm arm64 ~ppc64 x86" +fi +VPNC_VER=20200226 +SRC_URI="${ARCHIVE_URI} + ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz" + +DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" +HOMEPAGE="http://www.infradead.org/openconnect.html" + +LICENSE="LGPL-2.1 GPL-2" +SLOT="0/5" +IUSE="doc +gnutls gssapi libproxy lz4 nls smartcard stoken test" +RESTRICT="!test? ( test )" + +DEPEND=" + dev-libs/libxml2 + sys-libs/zlib + !gnutls? ( + >=dev-libs/openssl-1.0.1h:0= + ) + gnutls? ( + app-crypt/trousers + app-misc/ca-certificates + dev-libs/nettle + >=net-libs/gnutls-3.6.13:0= + dev-libs/libtasn1:0= + app-crypt/tpm2-tss + ) + gssapi? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + lz4? ( app-arch/lz4:= ) + nls? ( virtual/libintl ) + smartcard? ( sys-apps/pcsc-lite:0= ) + stoken? ( app-crypt/stoken ) +" +RDEPEND="${DEPEND} + sys-apps/iproute2 +" +BDEPEND=" + virtual/pkgconfig + doc? ( ${PYTHON_DEPS} sys-apps/groff ) + nls? ( sys-devel/gettext ) + test? ( + net-libs/socket_wrapper + net-vpn/ocserv + sys-libs/uid_wrapper + ) +" + +CONFIG_CHECK="~TUN" + +pkg_pretend() { + check_extra_config +} + +pkg_setup() { + : +} + +src_unpack() { + if [[ ${PV} == 9999 ]]; then + git-r3_src_unpack + fi + default +} + +src_prepare() { + local PATCHES=( + "${FILESDIR}"/8.09-gnutls-buffer-overflow.patch + ) + default + if [[ ${PV} == 9999 ]]; then + eautoreconf + fi +} + +src_configure() { + if use doc; then + python_setup + else + export ac_cv_path_PYTHON= + fi + + # Used by tests if userpriv is disabled + addwrite /run/netns + + local myconf=( + --disable-dsa-tests + $(use_enable nls) + --disable-static + $(use_with !gnutls openssl) + $(use_with gnutls) + $(use_with libproxy) + $(use_with lz4) + $(use_with gssapi) + $(use_with smartcard libpcsclite) + $(use_with stoken) + --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" + --without-java + ) + + econf "${myconf[@]}" +} + +src_test() { + local charset + for charset in UTF-8 ISO8859-2; do + if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then + # If we don't have valid cs_CZ locale data, auth-nonascii will fail. + # Force a test skip by exiting with status 77. + sed -i -e '2i exit 77' tests/auth-nonascii || die + break + fi + done + default +} + +src_install() { + default + + find "${ED}" -name '*.la' -delete || die + + dodoc "${FILESDIR}"/README.OpenRC.txt + + newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect + insinto /etc/openconnect + + newconfd "${FILESDIR}"/openconnect.conf.in openconnect + + exeinto /etc/openconnect + newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh + + insinto /etc/logrotate.d + newins "${FILESDIR}"/openconnect.logrotate openconnect + + keepdir /var/log/openconnect +} diff --git a/net-vpn/openconnect/openconnect-8.10-r1.ebuild b/net-vpn/openconnect/openconnect-8.10-r1.ebuild new file mode 100644 index 000000000000..e4c566efb121 --- /dev/null +++ b/net-vpn/openconnect/openconnect-8.10-r1.ebuild @@ -0,0 +1,153 @@ +# Copyright 2011-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python{3_6,3_7,3_8,3_9} ) +PYTHON_REQ_USE="xml" + +inherit linux-info python-any-r1 + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git" + inherit git-r3 autotools +else + ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz" + KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" +fi +VPNC_VER=20200930 +SRC_URI="${ARCHIVE_URI} + ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz" + +DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" +HOMEPAGE="http://www.infradead.org/openconnect.html" + +LICENSE="LGPL-2.1 GPL-2" +SLOT="0/5" +IUSE="doc +gnutls gssapi libproxy lz4 nls smartcard stoken test" +RESTRICT="!test? ( test )" + +DEPEND=" + dev-libs/libxml2 + sys-libs/zlib + !gnutls? ( + >=dev-libs/openssl-1.0.1h:0= + ) + gnutls? ( + app-crypt/trousers + app-misc/ca-certificates + dev-libs/nettle + >=net-libs/gnutls-3.6.13:0= + dev-libs/libtasn1:0= + app-crypt/tpm2-tss + ) + gssapi? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + lz4? ( app-arch/lz4:= ) + nls? ( virtual/libintl ) + smartcard? ( sys-apps/pcsc-lite:0= ) + stoken? ( app-crypt/stoken ) +" +RDEPEND="${DEPEND} + sys-apps/iproute2 +" +BDEPEND=" + virtual/pkgconfig + doc? ( ${PYTHON_DEPS} sys-apps/groff ) + nls? ( sys-devel/gettext ) + test? ( + net-libs/socket_wrapper + net-vpn/ocserv + sys-libs/uid_wrapper + ) +" + +CONFIG_CHECK="~TUN" + +pkg_pretend() { + check_extra_config +} + +pkg_setup() { + : +} + +src_unpack() { + if [[ ${PV} == 9999 ]]; then + git-r3_src_unpack + fi + default +} + +src_prepare() { + default + if [[ ${PV} == 9999 ]]; then + eautoreconf + fi +} + +src_configure() { + if use doc; then + python_setup + else + export ac_cv_path_PYTHON= + fi + + # Used by tests if userpriv is disabled + addwrite /run/netns + + local myconf=( + --disable-dsa-tests + $(use_enable nls) + --disable-static + $(use_with !gnutls openssl) + $(use_with gnutls) + $(use_with libproxy) + $(use_with lz4) + $(use_with gssapi) + $(use_with smartcard libpcsclite) + $(use_with stoken) + --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" + --without-java + ) + + econf "${myconf[@]}" +} + +src_test() { + local charset + for charset in UTF-8 ISO8859-2; do + if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then + # If we don't have valid cs_CZ locale data, auth-nonascii will fail. + # Force a test skip by exiting with status 77. + sed -i -e '2i exit 77' tests/auth-nonascii || die + break + fi + done + default +} + +src_install() { + default + find "${ED}" -name '*.la' -delete || die + + exeinto /etc/openconnect + newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh + + newinitd "${FILESDIR}"/openconnect.initd.${PV} openconnect + dodoc "${FILESDIR}"/README.OpenRC + insinto /etc/logrotate.d + newins "${FILESDIR}"/openconnect.logrotate openconnect + + keepdir /var/log/openconnect +} + +pkg_postinst() { + local v + for v in ${REPLACING_VERSIONS}; do + ver_test $v -ge 8.10-r1 && continue + ewarn "openconnect tunnel-specific configurations stored in ${EROOT}/etc/conf.d" + ewarn "should be migrated to ${EROOT}/etc/openconnect/<tunnel>.conf" + ewarn "For more information see ${EROOT}/usr/share/doc/${PF}/README.OpenRC" + done +} diff --git a/net-vpn/openconnect/openconnect-8.10.ebuild b/net-vpn/openconnect/openconnect-8.10.ebuild new file mode 100644 index 000000000000..0b5bc45bd93e --- /dev/null +++ b/net-vpn/openconnect/openconnect-8.10.ebuild @@ -0,0 +1,149 @@ +# Copyright 2011-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python{3_6,3_7,3_8,3_9} ) +PYTHON_REQ_USE="xml" + +inherit linux-info python-any-r1 + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git" + inherit git-r3 autotools +else + ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz" + KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" +fi +VPNC_VER=20200930 +SRC_URI="${ARCHIVE_URI} + ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz" + +DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" +HOMEPAGE="http://www.infradead.org/openconnect.html" + +LICENSE="LGPL-2.1 GPL-2" +SLOT="0/5" +IUSE="doc +gnutls gssapi libproxy lz4 nls smartcard stoken test" +RESTRICT="!test? ( test )" + +DEPEND=" + dev-libs/libxml2 + sys-libs/zlib + !gnutls? ( + >=dev-libs/openssl-1.0.1h:0= + ) + gnutls? ( + app-crypt/trousers + app-misc/ca-certificates + dev-libs/nettle + >=net-libs/gnutls-3.6.13:0= + dev-libs/libtasn1:0= + app-crypt/tpm2-tss + ) + gssapi? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + lz4? ( app-arch/lz4:= ) + nls? ( virtual/libintl ) + smartcard? ( sys-apps/pcsc-lite:0= ) + stoken? ( app-crypt/stoken ) +" +RDEPEND="${DEPEND} + sys-apps/iproute2 +" +BDEPEND=" + virtual/pkgconfig + doc? ( ${PYTHON_DEPS} sys-apps/groff ) + nls? ( sys-devel/gettext ) + test? ( + net-libs/socket_wrapper + net-vpn/ocserv + sys-libs/uid_wrapper + ) +" + +CONFIG_CHECK="~TUN" + +pkg_pretend() { + check_extra_config +} + +pkg_setup() { + : +} + +src_unpack() { + if [[ ${PV} == 9999 ]]; then + git-r3_src_unpack + fi + default +} + +src_prepare() { + default + if [[ ${PV} == 9999 ]]; then + eautoreconf + fi +} + +src_configure() { + if use doc; then + python_setup + else + export ac_cv_path_PYTHON= + fi + + # Used by tests if userpriv is disabled + addwrite /run/netns + + local myconf=( + --disable-dsa-tests + $(use_enable nls) + --disable-static + $(use_with !gnutls openssl) + $(use_with gnutls) + $(use_with libproxy) + $(use_with lz4) + $(use_with gssapi) + $(use_with smartcard libpcsclite) + $(use_with stoken) + --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" + --without-java + ) + + econf "${myconf[@]}" +} + +src_test() { + local charset + for charset in UTF-8 ISO8859-2; do + if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then + # If we don't have valid cs_CZ locale data, auth-nonascii will fail. + # Force a test skip by exiting with status 77. + sed -i -e '2i exit 77' tests/auth-nonascii || die + break + fi + done + default +} + +src_install() { + default + + find "${ED}" -name '*.la' -delete || die + + dodoc "${FILESDIR}"/README.OpenRC.txt + + newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect + insinto /etc/openconnect + + newconfd "${FILESDIR}"/openconnect.conf.in openconnect + + exeinto /etc/openconnect + newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh + + insinto /etc/logrotate.d + newins "${FILESDIR}"/openconnect.logrotate openconnect + + keepdir /var/log/openconnect +} diff --git a/net-vpn/openconnect/openconnect-9999.ebuild b/net-vpn/openconnect/openconnect-9999.ebuild index d341fc87dca1..3932a14244b3 100644 --- a/net-vpn/openconnect/openconnect-9999.ebuild +++ b/net-vpn/openconnect/openconnect-9999.ebuild @@ -13,7 +13,7 @@ if [[ ${PV} == 9999 ]]; then inherit git-r3 autotools else ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz" - KEYWORDS="~amd64 ~ppc64" + KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" fi VPNC_VER=20200226 SRC_URI="${ARCHIVE_URI} @@ -24,20 +24,22 @@ HOMEPAGE="http://www.infradead.org/openconnect.html" LICENSE="LGPL-2.1 GPL-2" SLOT="0/5" -IUSE="doc +gnutls gssapi libproxy lz4 nls smartcard static-libs stoken test" +IUSE="doc +gnutls gssapi libproxy lz4 nls smartcard stoken test" RESTRICT="!test? ( test )" DEPEND=" dev-libs/libxml2 sys-libs/zlib !gnutls? ( - >=dev-libs/openssl-1.0.1h:0=[static-libs?] + >=dev-libs/openssl-1.0.1h:0= ) gnutls? ( app-crypt/trousers app-misc/ca-certificates dev-libs/nettle - >=net-libs/gnutls-3.6.13:0=[static-libs?] + >=net-libs/gnutls-3.6.13:0= + dev-libs/libtasn1:0= + app-crypt/tpm2-tss ) gssapi? ( virtual/krb5 ) libproxy? ( net-libs/libproxy ) @@ -97,7 +99,7 @@ src_configure() { local myconf=( --disable-dsa-tests $(use_enable nls) - $(use_enable static-libs static) + --disable-static $(use_with !gnutls openssl) $(use_with gnutls) $(use_with libproxy) diff --git a/net-vpn/openvpn/Manifest b/net-vpn/openvpn/Manifest index 650a20f1ffd0..15474bbab1f9 100644 --- a/net-vpn/openvpn/Manifest +++ b/net-vpn/openvpn/Manifest @@ -3,6 +3,8 @@ AUX openvpn-2.1.conf 892 BLAKE2B d0ce49ecc6275c9677e56de5d13afcc69169666441cb6d8 AUX openvpn-2.1.init 4187 BLAKE2B 9ab133bda1db2d94afbf1e35840515452029319c38bb796af90b117dcfcd8552da2ea236399c2708a4862de753a8f92cdff80a69cfdcc5d53e206f9f3ffc48d8 SHA512 2d97a41b3998c196c440dcaf43ad8992eae27c5356c94b24f4cc4b20169350f3d6c8d65bb9c2517415ee15637fa60298d9cd8252ad9aa3eec6ae3a847ede0611 AUX up.sh 2865 BLAKE2B f359c0078148a8ec59b68227844f39d784df2271e9640b54f50a9c0b6b67450cf8b397dba8fd735931790648c1d485c149a55ffcbf095623b491b8a827eccab9 SHA512 35201b0e60ad20358080007e595eb4f96d186ba8e88f0485c55d164c28e3d78a12f3e09347ba3d76abb9b8b03fb4a53664bd74ab484be1548090022b956925fd DIST openvpn-2.4.9.tar.gz 1000602 BLAKE2B 4a10ec76d1a816f9184dd33e4384623e011a1af40ea38ad56cc06f70ab2c911b6fd92cf8ffcd2ec3ab4179fef87feb187fc9df61c5bea92b1c69ee4113093866 SHA512 7683dfb93592968459f080a07ea750992b7444708cdb1a5aafc0118ab8528fc488f2b9fbd7d042e57ad1811303208875237ae9decf0bb4977c45cd30da53751b +DIST openvpn-2.5.0-r1.tar.gz 1815964 BLAKE2B cca1c1ec4fbfe0c337c14525cf706280c9d961c4bba992dfa0b13c9f96e00092864301138037485095716c746ef6ff3473a2085780b3ef77183bf4a6f1c602ae SHA512 3deb55973b87cc95c0437ab9ce6c43fdc246aa7e42e3e68bd6a5651deffa798b6750f625917cb2aaa2c82f0b3a0805bcf206a2aa8e2c735fd24e6bd38f736562 EBUILD openvpn-2.4.9.ebuild 4163 BLAKE2B 74c7a130da53fcfe4aad644534c87dc2f00a1321e55a91d671f20b6afe0d1676135663991f4110d44ae0feea3433a4841d0c5d251f81fc32decefd3b5288f32f SHA512 5382fdc7fe0e8f27311ea4cccba195969666acafc43979ce79268912d628d03d8f09ba5f912db75873d009e6bb869448b88efe452a80ed338c6f7972db8bda55 +EBUILD openvpn-2.5.0-r1.ebuild 4099 BLAKE2B 578cb4fc0310317a1e00c132cf4cf4c9721e046a06e74fe55afdad4079d298708d59bc56193104c35b6c99b6ad5c103ecfb29daeb69f59727b8c7520b0becb25 SHA512 95e40a586f1f9495a2cd11f3f83e9c46440c5cb1a63c61ce9d81205da67c0db801a14844e2fc5f27c4a34ce27784f87413217ed14f337b288ec8f3b0a4550ccd EBUILD openvpn-9999.ebuild 4148 BLAKE2B d2942eb2659d5cc1cef40143b6cd84e4e869031cc23ac419865db1286c7bf3ec7c66433ed2c3149d654206f74b3db14b3cea17a5d90332e9bfa5cbb6b172fdf5 SHA512 0807ceb96db862c33e42c7b2eb1224cfdb01d32e09048250bb69a05244af9835e805a9a87fb47d8a0a2422c12088ab515389b180d93286093f2089eab2709c8d -MISC metadata.xml 998 BLAKE2B 800c147b67d26d0ae3856c3aebfd7bec9326aaa67ffcb16b57e00ad722b8154bcd4cd6daef741ebb0f12032ef986e0b3b5a4cf99014df1fbd54699a98ed13a0c SHA512 d7e07e98986611dc410a3ab1b0bf2bb3925fcc9f3388c9649ce7a01baa2fa076d7766b4e1b9749048aa1d1850cb9053e8822ce7a1870002805c176c6a60e6db8 +MISC metadata.xml 1158 BLAKE2B 2d27c7254e0249fad84a5e676cb2c60f0edbb5cda6e66e44f380a39e835f4df72931c983d1989d03169e6003f497f39d928fdbe6548e3df799ffb62c8ba7cc45 SHA512 29af52059d7f381cf4956c116ba3d4ad420ae35af9a33ed97779f6b3cee291003def855e3b84bdafd60f30bdcad1baba70a639d2ad01c01af0a52ef18c50d9e5 diff --git a/net-vpn/openvpn/metadata.xml b/net-vpn/openvpn/metadata.xml index 4d0024cb2edf..caa9b97acdf9 100644 --- a/net-vpn/openvpn/metadata.xml +++ b/net-vpn/openvpn/metadata.xml @@ -15,7 +15,9 @@ networks using an encrypted tunnel.</longdescription> <use> <flag name="down-root">Enable the down-root plugin</flag> <flag name="iproute2">Enabled iproute2 support instead of net-tools</flag> - <flag name="mbedtls">Use mbed TLS instead of OpenSSL</flag> + <flag name="mbedtls">Use mbed TLS as the backend crypto library</flag> + <flag name="openssl">Use OpenSSL as the backend crypto library</flag> + <flag name="libressl">Use OpenSSL as the backend crypto library</flag> <flag name="pkcs11">Enable PKCS#11 smartcard support</flag> <flag name="plugins">Enable the OpenVPN plugin system</flag> </use> diff --git a/net-vpn/openvpn/openvpn-2.5.0-r1.ebuild b/net-vpn/openvpn/openvpn-2.5.0-r1.ebuild new file mode 100644 index 000000000000..094213d0203f --- /dev/null +++ b/net-vpn/openvpn/openvpn-2.5.0-r1.ebuild @@ -0,0 +1,151 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools flag-o-matic systemd linux-info + +DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes" +SRC_URI="https://build.openvpn.net/downloads/releases/${P}.tar.gz -> ${P}-r1.tar.gz" +HOMEPAGE="https://openvpn.net/" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos" + +IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls +openssl pam" +IUSE+=" pkcs11 +plugins selinux +ssl systemd test userland_BSD" + +RESTRICT="!test? ( test )" +REQUIRED_USE=" + ^^ ( openssl libressl mbedtls ) + pkcs11? ( !mbedtls ) + !plugins? ( !pam !down-root ) + inotify? ( plugins ) +" + +CDEPEND=" + kernel_linux? ( + iproute2? ( sys-apps/iproute2[-minimal] ) + ) + libressl? ( dev-libs/libressl:0= ) + lz4? ( app-arch/lz4 ) + lzo? ( >=dev-libs/lzo-1.07 ) + mbedtls? ( net-libs/mbedtls:= ) + openssl? ( >=dev-libs/openssl-0.9.8:0= ) + pam? ( sys-libs/pam ) + pkcs11? ( >=dev-libs/pkcs11-helper-1.11 ) + systemd? ( sys-apps/systemd ) +" +DEPEND="${CDEPEND} + test? ( dev-util/cmocka ) +" +RDEPEND="${CDEPEND} + acct-group/openvpn + acct-user/openvpn + selinux? ( sec-policy/selinux-openvpn ) +" + +CONFIG_CHECK="~TUN" + +pkg_setup() { + linux-info_pkg_setup +} + +src_prepare() { + default + eautoreconf +} + +src_configure() { + local -a myeconfargs + + if use libressl || ! use mbedtls; then + myeconfargs+=( + $(use_enable pkcs11) + ) + fi + myeconfargs+=( + $(use_enable inotify async-push) + --with-crypto-library=$(usex mbedtls mbedtls openssl) + $(use_enable lz4) + $(use_enable lzo) + $(use_enable plugins) + $(use_enable iproute2) + $(use_enable pam plugin-auth-pam) + $(use_enable down-root plugin-down-root) + $(use_enable systemd) + ) + SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \ + TMPFILES_DIR="/usr/lib/tmpfiles.d" \ + IPROUTE=$(usex iproute2 '/bin/ip' '') \ + econf "${myeconfargs[@]}" +} + +src_test() { + make check || die "top-level tests failed" + pushd tests/unit_tests > /dev/null || die + make check || die "unit tests failed" + popd > /dev/null || die +} + +src_install() { + default + find "${ED}/usr" -name '*.la' -delete + # install documentation + dodoc AUTHORS ChangeLog PORTS README README.IPv6 + + # Install some helper scripts + keepdir /etc/openvpn + exeinto /etc/openvpn + doexe "${FILESDIR}/up.sh" + doexe "${FILESDIR}/down.sh" + + # Install the init script and config file + newinitd "${FILESDIR}/${PN}-2.1.init" openvpn + newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn + + # install examples, controlled by the respective useflag + if use examples ; then + # dodoc does not supportly support directory traversal, #15193 + docinto /usr/share/doc/${PF}/examples + dodoc -r sample contrib + fi + + # https://bugs.gentoo.org/755680#c3 + doman doc/openvpn.8 +} + +pkg_postinst() { + if use x64-macos; then + elog "You might want to install tuntaposx for TAP interface support:" + elog "http://tuntaposx.sourceforge.net" + fi + + elog "The openvpn init script expects to find the configuration file" + elog "openvpn.conf in /etc/openvpn along with any extra files it may need." + elog "" + elog "To create more VPNs, simply create a new .conf file for it and" + elog "then create a symlink to the openvpn init script from a link called" + elog "openvpn.newconfname - like so" + elog " cd /etc/openvpn" + elog " ${EDITOR##*/} foo.conf" + elog " cd /etc/init.d" + elog " ln -s openvpn openvpn.foo" + elog "" + elog "You can then treat openvpn.foo as any other service, so you can" + elog "stop one vpn and start another if you need to." + + if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then + ewarn "" + ewarn "WARNING: If you use the remote keyword then you are deemed to be" + ewarn "a client by our init script and as such we force up,down scripts." + ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you" + ewarn "can move your scripts to." + fi + + if use plugins ; then + einfo "" + einfo "plugins have been installed into /usr/$(get_libdir)/${PN}/plugins" + fi +} diff --git a/net-vpn/peervpn/Manifest b/net-vpn/peervpn/Manifest deleted file mode 100644 index 864486820550..000000000000 --- a/net-vpn/peervpn/Manifest +++ /dev/null @@ -1,7 +0,0 @@ -AUX peervpn-0.044-strncpy-null-terminator.patch 3556 BLAKE2B 94b2a64b72b8486f600dd423d17b6a0762195d999d2e3509bc92225aef755d5e33e5ef8cb0851a8e5491a9f237495eb4d960650e97f22c4a2d619a96b0724b7d SHA512 d09686271ead53a5433a60b7b6551fea23661d5a76f55f7c6c2d94b1c8946c83d51990388d5e77049ccce2ad64292ce8ab815ffec94eacb53738be34584370c6 -AUX peervpn.initd 590 BLAKE2B 39a2ec06a71eb99de9a37cd42b05c63fd07af042b8b48652e07ecc182e4413391cd4135a4e776af509660801cbc5c3f13fbd9b8a15e3dfe55aaad84ca12f5f9d SHA512 68ef4c4de590ff6be19135f86fb9cbac88f80dac7a5094d262281404d8fa3aac2b22f532f65834a6d2da95818d55eb2a451d4724e1c4c783be60fb410bfbaa33 -AUX peervpn.logrotated 87 BLAKE2B c6b72aed372a87d766a9ba0e69b48929fd2484743c5576f9d87333be3a241479794f83d201e366483dee30aee48a4e5a2ad9fb7e6864f84bb9e4b47556dfaf67 SHA512 474d2cd0c92786d5b7b45604a235a9102197e9e3520c812db86c1183bc0ab0963dbbb538ff684a44bc47184eb3e87d77e6b2ddab72c52fccca529cc16f56f515 -AUX peervpn.service 256 BLAKE2B 51abeea30d4ebe81a7b9acf1ae0e5e8b65ddcaedd4ae2c3f0e6ab3e4524d75d9848328bfed737f8b39effeedd68e7d7ed9f1376ac144ae27c4d77b0603fdd496 SHA512 d2d7336ed77324f30d3a4d83fe47b43bbafc3340525eac862bd7637e3a72a70dba1dc9ea21ed59e1606c8d1c03c3ee5ab9da73b49e71cf70e536369ae9ecf01c -DIST peervpn-0.044.tar.gz 81948 BLAKE2B 7fcf4805846b304c8d26ab06a5f56fa7aa281eab05860f192e635ba12173954cd00502328239771b1882b0b74c8f24f796c51e86fd5d39765f51d2aa26953c6b SHA512 5dd8e056287a905f3aaddf93d6dad917047e6f7da30942f412ff7b2846afd26fb9f4e500cfcb76966b4045db2a37096f1aa43b87e777ff31c2e467aa0415cdba -EBUILD peervpn-0.044-r5.ebuild 1984 BLAKE2B 06f2d9ccae4306a25c09cc6f4e88667cf99512f15bb8e44160e3a4abcb047780dae809b80886719550a5d9726af45ea06d4e76916904b9ce4efcff528a33892a SHA512 aa5dbbe642f80062f87e0696ca24cb6e0b5b6972c6e21ebcca8f1967adc2ab42566b3087f1c370e6c4be9ffe019a09c475a3a09f2af92a106a65091a167ce21a -MISC metadata.xml 252 BLAKE2B 8efaf3584f131c0b67db417959443281e33ebeed3f51ed5032692c2ce88d38528a099940e970b171502aebdb8f0d203406350a9c46d6e700d75e8c40210b07d6 SHA512 b1d67eead7ededffaba731f36dca9165a9d55ac8fcde9fb15e136b7e4d10931eb3e2af6ffa0a6b8f1a4a2085145f3f30a87e32f3c01359a42a9365279457e119 diff --git a/net-vpn/peervpn/files/peervpn-0.044-strncpy-null-terminator.patch b/net-vpn/peervpn/files/peervpn-0.044-strncpy-null-terminator.patch deleted file mode 100644 index e16d0ef80239..000000000000 --- a/net-vpn/peervpn/files/peervpn-0.044-strncpy-null-terminator.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 5dda3477ed31888b86792ed05c17d80a77fe0b03 Mon Sep 17 00:00:00 2001 -From: Zac Medico <zmedico@gentoo.org> -Date: Thu, 30 Mar 2017 16:03:27 -0700 -Subject: [PATCH] config.ic: fix strncpy calls to copy null terminator for 512 - byte strings - -This problem caused a 512 byte psk setting to trigger authentication -failure, since the strlen call used to set password_len would return -an unpredictable result on each peer. - -https://github.com/peervpn/peervpn/pull/20 ---- - config.ic | 26 +++++++++++++------------- - 1 file changed, 13 insertions(+), 13 deletions(-) - -diff --git a/config.ic b/config.ic -index e0eba35..405e9de 100644 ---- a/config.ic -+++ b/config.ic -@@ -147,55 +147,55 @@ static int parseConfigLine(char *line, int len, struct s_initconfig *cs) { - return 1; - } - else if(parseConfigLineCheckCommand(line,len,"local",&vpos)) { -- strncpy(cs->sourceip,&line[vpos],CONFPARSER_NAMEBUF_SIZE); -+ strncpy(cs->sourceip,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); - return 1; - } - else if(parseConfigLineCheckCommand(line,len,"port",&vpos)) { -- strncpy(cs->sourceport,&line[vpos],CONFPARSER_NAMEBUF_SIZE); -+ strncpy(cs->sourceport,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); - return 1; - } - else if(parseConfigLineCheckCommand(line,len,"user",&vpos)) { -- strncpy(cs->userstr,&line[vpos],CONFPARSER_NAMEBUF_SIZE); -+ strncpy(cs->userstr,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); - return 1; - } - else if(parseConfigLineCheckCommand(line,len,"group",&vpos)) { -- strncpy(cs->groupstr,&line[vpos],CONFPARSER_NAMEBUF_SIZE); -+ strncpy(cs->groupstr,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); - return 1; - } - else if(parseConfigLineCheckCommand(line,len,"chroot",&vpos)) { -- strncpy(cs->chrootstr,&line[vpos],CONFPARSER_NAMEBUF_SIZE); -+ strncpy(cs->chrootstr,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); - return 1; - } - else if(parseConfigLineCheckCommand(line,len,"networkname",&vpos)) { -- strncpy(cs->networkname,&line[vpos],CONFPARSER_NAMEBUF_SIZE); -+ strncpy(cs->networkname,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); - return 1; - } - else if(parseConfigLineCheckCommand(line,len,"interface",&vpos)) { -- strncpy(cs->tapname,&line[vpos],CONFPARSER_NAMEBUF_SIZE); -+ strncpy(cs->tapname,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); - return 1; - } - else if(parseConfigLineCheckCommand(line,len,"ifconfig4",&vpos)) { -- strncpy(cs->ifconfig4,&line[vpos],CONFPARSER_NAMEBUF_SIZE); -+ strncpy(cs->ifconfig4,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); - return 1; - } - else if(parseConfigLineCheckCommand(line,len,"ifconfig6",&vpos)) { -- strncpy(cs->ifconfig6,&line[vpos],CONFPARSER_NAMEBUF_SIZE); -+ strncpy(cs->ifconfig6,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); - return 1; - } - else if(parseConfigLineCheckCommand(line,len,"upcmd",&vpos)) { -- strncpy(cs->upcmd,&line[vpos],CONFPARSER_NAMEBUF_SIZE); -+ strncpy(cs->upcmd,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); - return 1; - } - else if(parseConfigLineCheckCommand(line,len,"initpeers",&vpos)) { -- strncpy(cs->initpeers,&line[vpos],CONFPARSER_NAMEBUF_SIZE); -+ strncpy(cs->initpeers,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); - return 1; - } - else if(parseConfigLineCheckCommand(line,len,"engine",&vpos)) { -- strncpy(cs->engines,&line[vpos],CONFPARSER_NAMEBUF_SIZE); -+ strncpy(cs->engines,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); - return 1; - } - else if(parseConfigLineCheckCommand(line,len,"psk",&vpos)) { -- strncpy(cs->password,&line[vpos],CONFPARSER_NAMEBUF_SIZE); -+ strncpy(cs->password,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); - cs->password_len = strlen(cs->password); - return 1; - } --- -2.10.2 - diff --git a/net-vpn/peervpn/files/peervpn.initd b/net-vpn/peervpn/files/peervpn.initd deleted file mode 100644 index 77d98a9558b0..000000000000 --- a/net-vpn/peervpn/files/peervpn.initd +++ /dev/null @@ -1,21 +0,0 @@ -#!/sbin/openrc-run -# Copyright 2016-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -description="peervpn server" -pidfile=${pidfile:-"/run/${RC_SVCNAME}.pid"} -logfile=${logfile:-"/var/log/${RC_SVCNAME}/${RC_SVCNAME}.log"} -user=${RC_SVCNAME} -group=${RC_SVCNAME} - -command="/usr/sbin/${RC_SVCNAME}" -command_args="${command_args:-/etc/peervpn/peervpn.conf}" -command_background="true" -# peervpn will drop privileges based on user and group config file settings -start_stop_daemon_args=" - --stdout ${logfile} - --stderr ${logfile}" - -depend() { - need net -} diff --git a/net-vpn/peervpn/files/peervpn.logrotated b/net-vpn/peervpn/files/peervpn.logrotated deleted file mode 100644 index e99669c91358..000000000000 --- a/net-vpn/peervpn/files/peervpn.logrotated +++ /dev/null @@ -1,7 +0,0 @@ -/var/log/peervpn/peervpn.log { - missingok - size 5M - rotate 3 - compress - copytruncate -} diff --git a/net-vpn/peervpn/files/peervpn.service b/net-vpn/peervpn/files/peervpn.service deleted file mode 100644 index 13c5310f517b..000000000000 --- a/net-vpn/peervpn/files/peervpn.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=peervpn server -Requires=network-online.target -After=network-online.target - -[Service] -Environment=PEERVPN_OPTS="/etc/peervpn/peervpn.conf" -ExecStart=/usr/sbin/peervpn $PEERVPN_OPTS -Restart=on-failure - -[Install] -WantedBy=multi-user.target diff --git a/net-vpn/peervpn/metadata.xml b/net-vpn/peervpn/metadata.xml deleted file mode 100644 index 3e0eb5a02d53..000000000000 --- a/net-vpn/peervpn/metadata.xml +++ /dev/null @@ -1,8 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> -<pkgmetadata> - <!-- maintainer-needed --> - <upstream> - <remote-id type="github">peervpn/peervpn</remote-id> - </upstream> -</pkgmetadata> diff --git a/net-vpn/peervpn/peervpn-0.044-r5.ebuild b/net-vpn/peervpn/peervpn-0.044-r5.ebuild deleted file mode 100644 index a768d8ee2efb..000000000000 --- a/net-vpn/peervpn/peervpn-0.044-r5.ebuild +++ /dev/null @@ -1,75 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit systemd toolchain-funcs user - -DESCRIPTION="P2P mesh VPN" -HOMEPAGE="https://github.com/peervpn/peervpn" -EGIT_COMMIT="eb35174277fbf745c5ee0d5875d659dad819adfc" -SRC_URI="https://github.com/peervpn/peervpn/archive/${EGIT_COMMIT}.tar.gz -> ${P}.tar.gz" - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="libressl" -RDEPEND="libressl? ( dev-libs/libressl:0= ) - !libressl? ( <dev-libs/openssl-1.1:0= )" -DEPEND="${RDEPEND}" - -S=${WORKDIR}/${PN}-${EGIT_COMMIT} - -PATCHES=( - "${FILESDIR}/${P}-strncpy-null-terminator.patch" -) - -pkg_setup() { - enewgroup ${PN} - enewuser ${PN} -1 -1 -1 ${PN} -} - -src_prepare() { - default - sed -e 's|^CFLAGS+=-O2||' -i Makefile || die -} - -src_compile() { - emake CC=$(tc-getCC) -} - -src_install() { - dosbin ${PN} - - insinto /etc/${PN} - newins peervpn.conf peervpn.conf.example - # read-only group access for bug 629418 - fowners root:${PN} /etc/${PN} - fperms 0750 /etc/${PN} - - newinitd "${FILESDIR}/${PN}.initd" "${PN}" - systemd_dounit "${FILESDIR}/${PN}.service" - - keepdir /var/log/${PN} - insinto /etc/logrotate.d - newins "${FILESDIR}/${PN}.logrotated" "${PN}" -} - -pkg_preinst() { - if ! has_version '>=net-vpn/peervpn-0.044-r4' && \ - [[ -d ${EROOT}/etc/${PN} && ! -L ${EROOT}/etc/${PN} && - $(find "${EROOT}/etc/${PN}" -maxdepth 1 -user "${PN}" ! -type l -print) ]]; then - ewarn "Tightening '${EROOT}/etc/${PN}' permissions for bug 629418" - # Tighten the parent directory permissions first, in - # order to protect against race conditions involving a - # less-privileged user. - chown root:${PN} "${EROOT}/etc/${PN}" - chmod g+rX-w,o-rwx "${EROOT}/etc/${PN}" - # Don't chown/chmod the referent of a symlink - # owned by a less-privileged user. - while read -r -d ''; do - chown root:${PN} "${REPLY}" || die - chmod g+rX-w,o-rwx "${REPLY}" || die - done < <(find "${EROOT}/etc/${PN}" -mindepth 1 -maxdepth 1 -user "${PN}" ! -type l -print0) - fi -} diff --git a/net-vpn/strongswan/Manifest b/net-vpn/strongswan/Manifest index 3726dbe217e2..d98f3e8eaec0 100644 --- a/net-vpn/strongswan/Manifest +++ b/net-vpn/strongswan/Manifest @@ -1,6 +1,6 @@ AUX ipsec 451 BLAKE2B deb3fff7043e04c1630119bb0cbbd6fa9b6f15666131ac9744a32d35cf3bc0629fe99cf9936b9cdb464627c1a8c121b8485f164166efda428825a55aab557d18 SHA512 d11ccc36ee89df5974547441fdb6c539dd3a7a5e235e318c1beddca7d4f5cace857f2dc75752e6fa913177eec9c3afcbed52de5bc08e8c314096d439cbc3bc6c -DIST strongswan-5.8.4.tar.bz2 4546240 BLAKE2B f58f53a17c02924a3ad75bfadd5956f62098c41468ec5fe8d51bf0f0465c8936d8ca846a41a0b6ff6ac24ccd2229e726d3ea2b48904abf5743bbe766e5f5f81c SHA512 15e866b0d6cc4ea94f17856b519d926ae08c15d3b62f675f62685d0722ca8fa26b46afb1ad1c866e9d5f347d77a747f57d0c6d7f6bd57762f37d7798f9e28103 DIST strongswan-5.9.0.tar.bz2 4568404 BLAKE2B daf5cce5cbe12253f9ad201d89323ab7d54ba7ff466685b84830737689e4d417fbb97d053d8c9f3de5acb6dee9a192ebae48ec0d4aa07ba3c8969ee6d8f06ab3 SHA512 b982ce7c3e940ad75ab71b02ce3e2813b41c6b098cde5b6f3f3513d095f409fe989ae6e38a31eff51c57423bf452c3610cd5cd8cd7f45ff932581d9859df1821 -EBUILD strongswan-5.8.4.ebuild 9514 BLAKE2B bb0b45236104e978ef0f168cf3cd1c7eb43a98d21b930127c5f8b94c37f04b5afda4a73e19b93b2d8594114cfac380a559c11b5a3d57c7b3a456a8e73b8d58af SHA512 a6e8bb0432ff86e5b3eb8fe2fe581c6aa90b68747dd25584ce4ae15ae0001803f64620ef8a672c8ed6e67db31ca1d8ba8ff225b56da66eec1318e64fdadb1a91 -EBUILD strongswan-5.9.0.ebuild 9531 BLAKE2B 8b354f5e452e4a88bb55161b72a7df14b4c48568b94968b3ff01a18d65003ef899a51ed404efa7bd10df18d6653ca156ecd796a4b22aaa7987355fd5002e9cab SHA512 0e6325bd0a83b114f6b45638af1fe7a13c0d824bd353ef72767783861c80af3d7c1ea6dab2959113b881bbd8cc1fd007e13db05037dcf364181be4796643a071 +DIST strongswan-5.9.1.tar.bz2 4590867 BLAKE2B 1515764352e7473c47f853a5aa68e582d1fd61122ac1e1577bdc7813da77e0213803c69abf41a1667166e32fb9f2a4bfe8c74616d6431e698e31cf51e939ce3e SHA512 222625e77bd86959da6dd7346cfa9f92569fc396a494bb95ddf2c8e0680b7e8041541e8a14320517a0c735d713ae0fdc0d0c4694215e812817814b0b4efc3497 +EBUILD strongswan-5.9.0.ebuild 9527 BLAKE2B 2ef6b0a313b9fccdd5b389f09fc0cb46f1bdbcf72888ee026e194aa7abd595e034591ffd10db3e75109c18a1779cde184e2e51572a3e1aaedcf1ceaa841ea1f0 SHA512 ae80168f8334a9ea110a3e7ea87e083a530f4219f1d687dd0559318ef189d08333872758f0987bdb8f2e2e538a8cd4c434d1bc8ea07aa427bf6de77803daf1ae +EBUILD strongswan-5.9.1.ebuild 9477 BLAKE2B 019c0fd2fa014b2dc42143abb4a6b2409d97b27811f0fb5772e73f9d51ee77e96de35a66866425e8f0f8b74275d81a75fce179c80fac5edf1f4377fd2450e107 SHA512 40ea090b9e259192c54e6bd2c836de809562af59eb2a6eb8e975088d7b7f1a6bd4772e67f64eb180ccfab6fff34b15146f9208634a23096064e2743d0eb9cdad MISC metadata.xml 4228 BLAKE2B 113700b03d706f7ca76cfb67c45dbd5a703f6c45aca08784f7665807c30d5539a9f60d42beb96b72618bbf3587238a3fa7f5a21c8c34550e8bd7f30f72e84cbb SHA512 86c2718a8db2da6f00f9c15bb3b0c7f72af5d6f86e977aae46a3f6a4bbd861e4d30dba15459cfa21fbb484a5818fc32183bd935acce29f30accdcca8b7ae31c9 diff --git a/net-vpn/strongswan/strongswan-5.9.0.ebuild b/net-vpn/strongswan/strongswan-5.9.0.ebuild index f38e8cb03334..119c3deceb5b 100644 --- a/net-vpn/strongswan/strongswan-5.9.0.ebuild +++ b/net-vpn/strongswan/strongswan-5.9.0.ebuild @@ -10,7 +10,7 @@ SRC_URI="https://download.strongswan.org/${P}.tar.bz2" LICENSE="GPL-2 RSA DES" SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86" +KEYWORDS="amd64 arm ~arm64 ppc ~ppc64 x86" IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite systemd pam pkcs11" STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici" diff --git a/net-vpn/strongswan/strongswan-5.8.4.ebuild b/net-vpn/strongswan/strongswan-5.9.1.ebuild index 38463dfcf54e..3ec804ee2611 100644 --- a/net-vpn/strongswan/strongswan-5.8.4.ebuild +++ b/net-vpn/strongswan/strongswan-5.9.1.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI="7" -inherit linux-info systemd user +inherit linux-info systemd DESCRIPTION="IPsec-based VPN solution, supporting IKEv1/IKEv2 and MOBIKE" HOMEPAGE="https://www.strongswan.org/" @@ -10,11 +10,11 @@ SRC_URI="https://download.strongswan.org/${P}.tar.bz2" LICENSE="GPL-2 RSA DES" SLOT="0" -KEYWORDS="amd64 arm ~arm64 ppc ~ppc64 x86" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86" IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite systemd pam pkcs11" STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici" -STRONGSWAN_PLUGINS_OPT="aesni blowfish ccm chapoly ctr forecast gcm ha ipseckey newhope ntru padlock rdrand save-keys unbound whitelist" +STRONGSWAN_PLUGINS_OPT="aesni blowfish bypass-lan ccm chapoly ctr forecast gcm ha ipseckey newhope ntru padlock rdrand save-keys unbound whitelist" for mod in $STRONGSWAN_PLUGINS_STD; do IUSE="${IUSE} +strongswan_plugins_${mod}" done @@ -23,7 +23,10 @@ for mod in $STRONGSWAN_PLUGINS_OPT; do IUSE="${IUSE} strongswan_plugins_${mod}" done -COMMON_DEPEND="!net-misc/openswan +COMMON_DEPEND="non-root? ( + acct-user/ipsec + acct-group/ipsec + ) gmp? ( >=dev-libs/gmp-4.1.5:= ) gcrypt? ( dev-libs/libgcrypt:0 ) caps? ( sys-libs/libcap ) @@ -36,9 +39,11 @@ COMMON_DEPEND="!net-misc/openswan networkmanager? ( net-misc/networkmanager ) pam? ( sys-libs/pam ) strongswan_plugins_unbound? ( net-dns/unbound:= net-libs/ldns )" + DEPEND="${COMMON_DEPEND} virtual/linux-sources sys-kernel/linux-headers" + RDEPEND="${COMMON_DEPEND} virtual/logger sys-apps/iproute2 @@ -90,11 +95,6 @@ pkg_setup() { ewarn fi fi - - if use non-root; then - enewgroup ${UGID} - enewuser ${UGID} -1 -1 -1 ${UGID} - fi } src_configure() { @@ -300,9 +300,9 @@ pkg_postinst() { elog elog "Make sure you have _all_ required kernel modules available including" elog "the appropriate cryptographic algorithms. A list is available at:" - elog " http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules" + elog " https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules" elog elog "The up-to-date manual is available online at:" - elog " http://wiki.strongswan.org/" + elog " https://wiki.strongswan.org/" elog } diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest index c0f3c4bf635e..0d54c4cefe0b 100644 --- a/net-vpn/tor/Manifest +++ b/net-vpn/tor/Manifest @@ -3,9 +3,12 @@ AUX tor-0.2.7.4-torrc.sample.patch 1341 BLAKE2B c6b398d6fd417e9029196046529109ed AUX tor-0.3.3.2-alpha-tor.service.in.patch 305 BLAKE2B 6ed92587a7f4ba3e40837e9114c69ba738a5849e28b886cb7326bb4f0e8b40861407f40ca21988ac188280a4eb8031cba699eda63e66b968013a9796713a5468 SHA512 ef4023423cd96c85106d0dcd3f381ffa1adcfab8c4ae49046c3dc4a45c61401e0db205483144421f620279f6a989c821c581f202561e5c24da7ccdc61a267521 AUX tor.confd 44 BLAKE2B 70df86a361c7b735283c5699e4d8d8a054a84629c749adb4dc57c196d49df4492471cb8b21dde43d668b31171ee2dfae81562a70367c72801ae60046908b022e SHA512 9028ac41e3acdf4405095addb69537e87edecafaec840296ac27a5a8992fe132dc822e4e4abb8826f76460c438da2719dea17859690d03e17198a82086a3d660 AUX tor.initd-r9 942 BLAKE2B 1008ed981e1e7040b098f5c8c509e6a5de89e94b6fa110998c50b0521b99cb80e9b793a78de3de0e0e89d56553c32f3a6566015dd2c4fd77c812577f6f637d7a SHA512 fa3a6f52dc733d27f954299cfb32fc813ef731e1d124096450f7b53f0e4fce9f41cf48b66651d1f5383c18bdca8a87d6bbe03c65dc8a5f9a58660bb8db0040a1 +AUX tor.service 1050 BLAKE2B 7f6553b9f4b928f0c924d73ee6f9df8a99ee75ec1801f6b865a7d8e40ff30290bf836907b561586d0f429b7ddf05286ab51974d207906a0fe52cb2fbcc8e160f SHA512 786481b20d7cab9696656c5136ff74c9c2aaa73ca3d63b163a294b9b3c4b628da387cb5ec3ada81277ca81cff16ead5162f3b4d64cb0d773c22f2e4607c3194b AUX torrc-r2 136 BLAKE2B 022636974f24bc630657a67fe95805b1d647a5d18cce3dbc6fd42e9d1fee71aa3b4faa425274437f8a7c2f9c608b4f8f9be6d4dd7c7bc4a58bd1ea096353e698 SHA512 7cf8c81e2e84b12bfc1242782b370335041f566165be6d9742d10768f0541d921caa378c6429fdb55f2c3e1433141f65bc936795126e677cc0921ce82de22bc2 -DIST tor-0.4.3.6.tar.gz 7745954 BLAKE2B 3b04b2c79281483ef72421f8f5bfbc4f48358b6d38c151470eea7ea9bd2666e7098fe3fb0887d551f796443718791a3a464b007669c96e6bbcce7d7fc4c25d3a SHA512 f4ab0788d27b3eab40853dde31eaf087ac84616fc3488973e7d01f4dbd3e71ba6ce3a3afcf0c6272223897d0a9c1556aa26dbc4d9b98cc5b43dd729d20a2fcca DIST tor-0.4.4.5.tar.gz 7808696 BLAKE2B b1c7342d5f1998b372529a8da1719a4f31c4e2516f9b666755b0edf29c7d66fa84a730fceed11e5c0bd1346f6fe06d7c96dd6a2161b0b2c3824468cd2f88f077 SHA512 8b7bedf998c66b33cb7b248ef33eb551dd75cca7eabf2133f716948d5bc83408d0be2ec1968e1c860b1067746b5645ea6e8f23478458b5eb2f5573ea7ecaecb7 -EBUILD tor-0.4.3.6.ebuild 2363 BLAKE2B e42103419090a96fde8c77b9ab4df41cc69d1411cea21d409b298b8c1913afe2c01bb88e8fca09a095a8c5ab0cee1dd6f2c7f1d5eacd223881bab5c58eb33ac9 SHA512 92bbb573a3303350652300beee5f870e083176397e7ce5f486544ec2e228e7e97829e445a38c72bb3a53d2588d5a2493b0a33a223e5a14fa830201d6da28af0e -EBUILD tor-0.4.4.5.ebuild 2402 BLAKE2B 2ddd16fb2589331bdca30872700afe444bc8f7b6165b190dd359b7b1d064fd63895e226b2759e72be088b7ba03ec753f9d3c258d96cdeab3de4bfcea4a072e95 SHA512 94d4a5287088bd3a4bcd700e983091d0c11d917a001194049d87ed85f0ac21c487c420f95302caeb69ebab7e434df4ea45a4b4d84a4fa1d2696652b482b22b85 +DIST tor-0.4.4.6.tar.gz 7806477 BLAKE2B 8eb5f22825193a61be42105ad32bd82e662c1859971fb2248fe05da2f80d1a3a9cbc96ee4f47f4127da56c328f5c60a6f57d5641cfa90b79becc8bf622f56f3f SHA512 84f981bed6d8c89d3de437e35dd2ad2ca3ee5efd7ce6b78e3e00bf40f644f495b960a7a741be5dd7ba096d73d5f941974722a44e9d3ef4fbcd02b20274d565fb +DIST tor-0.4.5.1-alpha.tar.gz 7901876 BLAKE2B 328e6ee53125a2b3242436e57cb8df7ad6a2b79a31357ce08de6d035b70ff31c64d3574fc6cae59ef3a321c6cfd06bf996df222c531eeff73f46c1bd30636664 SHA512 f68dfae2a682d8648197fc97c516da13fce359902dc6da934605b402d1f5154e1322f4a4e63ad73629a170cc600396eb8dea89b4223c1ffae236291d0de87ea7 +EBUILD tor-0.4.4.5.ebuild 2396 BLAKE2B 222e94672d20bc9b073b668a84ee446c9c2ea3161da990e2599119046d3586c1e781f75f4f8617c2f224072c3f8b50ff8b4fd3a6529535eceff072cbd12d4104 SHA512 d5e477251f5d13f48c4f46adebde4c24ebb89fb80547ee1719f534fa091f65f3444da25d4ebd717e24b37fe63387d5ea3af261949822482f45bb8b2205ac84aa +EBUILD tor-0.4.4.6.ebuild 2396 BLAKE2B 222e94672d20bc9b073b668a84ee446c9c2ea3161da990e2599119046d3586c1e781f75f4f8617c2f224072c3f8b50ff8b4fd3a6529535eceff072cbd12d4104 SHA512 d5e477251f5d13f48c4f46adebde4c24ebb89fb80547ee1719f534fa091f65f3444da25d4ebd717e24b37fe63387d5ea3af261949822482f45bb8b2205ac84aa +EBUILD tor-0.4.5.1_alpha.ebuild 2347 BLAKE2B 87d97ba428f73fc7d8db86339500620824ab5f87d76b5a135931b39f4579061d3238790b34f08479f512ddc124871d777dec2453e348910b5132fe4ce870be7e SHA512 0ad5b1b7bc105b155c48452d974ff6250f27345b948e69b1b145b422413f087aec961c650f43f6706e2b1834092abbf23800d2800a1879715e5f3e1f284a4272 MISC metadata.xml 603 BLAKE2B ec373768719960730196a7c66d762b8fb1d4b215d98ff963bb610f4eb2ccb5dde4134306bf467af9463de4640d1da50364dbeee31ac1b3facba0c484519d1f86 SHA512 c7877f120e63daf302fe3cf0b153a6a3488dffab7c05cb254a9a0c95a8b578bc72623bf12ed32790ef8abc02c692b445c068645bd1fb45b8478e6daa4e0a4542 diff --git a/net-vpn/tor/files/tor.service b/net-vpn/tor/files/tor.service new file mode 100644 index 000000000000..16638240c544 --- /dev/null +++ b/net-vpn/tor/files/tor.service @@ -0,0 +1,38 @@ +# tor.service -- this systemd configuration file for Tor sets up a +# relatively conservative, hardened Tor service. You may need to +# edit it if you are making changes to your Tor configuration that it +# does not allow. Package maintainers: this should be a starting point +# for your tor.service; it is not the last point. + +[Unit] +Description=Anonymizing overlay network for TCP +After=syslog.target network.target nss-lookup.target + +[Service] +Type=notify +NotifyAccess=all +ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config +ExecStart=/usr/bin/tor -f /etc/tor/torrc +ExecReload=/bin/kill -HUP ${MAINPID} +KillSignal=SIGINT +TimeoutSec=60 +Restart=on-failure +WatchdogSec=1m +LimitNOFILE=32768 + +# Hardening +Group=tor +RuntimeDirectory=tor +RuntimeDirectoryMode=0770 +PrivateTmp=yes +PrivateDevices=yes +ProtectHome=yes +ProtectSystem=full +ReadOnlyDirectories=/ +ReadWriteDirectories=-/var/lib/tor +ReadWriteDirectories=-/var/log/tor +NoNewPrivileges=yes +CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE + +[Install] +WantedBy=multi-user.target diff --git a/net-vpn/tor/tor-0.4.4.5.ebuild b/net-vpn/tor/tor-0.4.4.5.ebuild index 75110bc4eea4..5077faa6cb30 100644 --- a/net-vpn/tor/tor-0.4.4.5.ebuild +++ b/net-vpn/tor/tor-0.4.4.5.ebuild @@ -15,7 +15,7 @@ S="${WORKDIR}/${MY_PF}" LICENSE="BSD GPL-2" SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~mips ~ppc ~ppc64 ~x86 ~ppc-macos" +KEYWORDS="amd64 arm arm64 ~mips ppc ppc64 x86 ~ppc-macos" IUSE="caps doc libressl lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd" DEPEND=" diff --git a/net-vpn/tor/tor-0.4.3.6.ebuild b/net-vpn/tor/tor-0.4.4.6.ebuild index cb87e6f0fc37..5077faa6cb30 100644 --- a/net-vpn/tor/tor-0.4.3.6.ebuild +++ b/net-vpn/tor/tor-0.4.4.6.ebuild @@ -50,6 +50,7 @@ src_configure() { export ac_cv_lib_cap_cap_init=$(usex caps) econf \ --localstatedir="${EPREFIX}/var" \ + --disable-all-bugs-are-fatal \ --enable-system-torrc \ --disable-android \ --disable-html-manual \ diff --git a/net-vpn/tor/tor-0.4.5.1_alpha.ebuild b/net-vpn/tor/tor-0.4.5.1_alpha.ebuild new file mode 100644 index 000000000000..689cf47c9f83 --- /dev/null +++ b/net-vpn/tor/tor-0.4.5.1_alpha.ebuild @@ -0,0 +1,92 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +inherit flag-o-matic readme.gentoo-r1 systemd + +MY_PV="$(ver_rs 4 -)" +MY_PF="${PN}-${MY_PV}" +DESCRIPTION="Anonymizing overlay network for TCP" +HOMEPAGE="http://www.torproject.org/" +SRC_URI="https://www.torproject.org/dist/${MY_PF}.tar.gz + https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz" +S="${WORKDIR}/${MY_PF}" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~mips ~ppc ~ppc64 ~x86 ~ppc-macos" +IUSE="caps doc libressl lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd" + +DEPEND=" + dev-libs/libevent:=[ssl] + sys-libs/zlib + caps? ( sys-libs/libcap ) + man? ( app-text/asciidoc ) + !libressl? ( dev-libs/openssl:0=[-bindist] ) + libressl? ( dev-libs/libressl:0= ) + lzma? ( app-arch/xz-utils ) + scrypt? ( app-crypt/libscrypt ) + seccomp? ( >=sys-libs/libseccomp-2.4.1 ) + systemd? ( sys-apps/systemd ) + zstd? ( app-arch/zstd )" +RDEPEND=" + acct-user/tor + acct-group/tor + ${DEPEND} + selinux? ( sec-policy/selinux-tor )" + +PATCHES=( + "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch +) + +DOCS=() + +RESTRICT="!test? ( test )" + +src_configure() { + use doc && DOCS+=( README ChangeLog ReleaseNotes doc/HACKING ) + export ac_cv_lib_cap_cap_init=$(usex caps) + econf \ + --localstatedir="${EPREFIX}/var" \ + --disable-all-bugs-are-fatal \ + --enable-system-torrc \ + --disable-android \ + --disable-html-manual \ + --disable-libfuzzer \ + --enable-missing-doc-warnings \ + --disable-module-dirauth \ + --enable-pic \ + --disable-rust \ + --disable-restart-debugging \ + --disable-zstd-advanced-apis \ + $(use_enable man asciidoc) \ + $(use_enable man manpage) \ + $(use_enable lzma) \ + $(use_enable scrypt libscrypt) \ + $(use_enable seccomp) \ + $(use_enable server module-relay) \ + $(use_enable systemd) \ + $(use_enable tor-hardening gcc-hardening) \ + $(use_enable tor-hardening linker-hardening) \ + $(use_enable test unittests) \ + $(use_enable test coverage) \ + $(use_enable zstd) +} + +src_install() { + default + readme.gentoo_create_doc + + newconfd "${FILESDIR}"/tor.confd tor + newinitd "${FILESDIR}"/tor.initd-r9 tor + systemd_dounit "${FILESDIR}"/tor.service + + keepdir /var/lib/tor + + fperms 750 /var/lib/tor + fowners tor:tor /var/lib/tor + + insinto /etc/tor/ + newins "${FILESDIR}"/torrc-r2 torrc +} diff --git a/net-vpn/wireguard-modules/Manifest b/net-vpn/wireguard-modules/Manifest index 703ec38b3ec5..0e47ab11d15e 100644 --- a/net-vpn/wireguard-modules/Manifest +++ b/net-vpn/wireguard-modules/Manifest @@ -1,3 +1,3 @@ -DIST wireguard-linux-compat-1.0.20200908.tar.xz 262708 BLAKE2B e1621237c6a76a6b8111eb26d2547c7335d87f8e11110db29fd6d7b8c56993d0998383a2beab682c75caa0de183f17e345b0f96794a7c9e5b2cd04281d558ce0 SHA512 e13f243a7a72a4d4bd326af40439b7760b6ea8b452e67ddff1c844dc62bc53e2dc2c1738f98c7a45b6b24566d0ed9dc0dc3e9006fcb668f0314aac2ab9eaeb87 -EBUILD wireguard-modules-1.0.20200908.ebuild 3486 BLAKE2B 2a201c656281cd4a83df1129776c0ec17800683c0f844373cbd05fe2153fff4f9d91e4464d532951294ff7ef1ef52cd6de3802a74aa0fe6c34ffe6a585913e5f SHA512 aafd74e5c34c5f92dea25f45d8a5220cf8a620c5b30b1360e622f3c1e3e4dd9de793a1413a868a4cc4547f68eade0a373a6e47f15636f37237097125c69eddb2 +DIST wireguard-linux-compat-1.0.20201112.tar.xz 262220 BLAKE2B 2bbcce294c7d0578e820b285074bdbff2c96908ccc10294e05aa846a6f0b614930ca71536cb954233480c9e294692df1f4954b8f11db86deecdc93373b6e1d4f SHA512 c3ad6611d1d8abf163e6626ceeb1329b8b4a745159021473fee134858e22f6a5d3418b39f165f2f2f0bde1891d560f773cdb4d1f4fb60d61b35aff01d59aee54 +EBUILD wireguard-modules-1.0.20201112.ebuild 3471 BLAKE2B 9c49d59f13b7c8a6e4260e8a9696af455bdd26113c016cad92c57d08aba7d4ef7b2e3f626eb1c612ecdb3a2455e07c13b153992380a7f1f874fbb61ba3cfc0bd SHA512 7d0d4e11e30e2ba19f5116d79cdaacb542c42884f1ccefdd2c3516645609452cd066785c22f86e705eb4ea76052fd7d3f8a2426869c8d4f8a65200d781a82f05 MISC metadata.xml 661 BLAKE2B bb9a48b3a4f3162f8ccec522734cbc8ffdc7a92868cc7dc32adc1f7ef89f7b2eab1df573bed421d4b76204f9f38ad4fee45f9db4b41c7dc3b86d9d9bb3120a8f SHA512 e9daa3bb8fa72cc60373a3187610231cf396bc5014f33412b65d069ffd02caa659c426819aa76d46a0dd15e8cb579325b46df5296a3b2136d020ec378e5f98a5 diff --git a/net-vpn/wireguard-modules/wireguard-modules-1.0.20200908.ebuild b/net-vpn/wireguard-modules/wireguard-modules-1.0.20201112.ebuild index 198636c9d9a4..a3aea3fe6a50 100644 --- a/net-vpn/wireguard-modules/wireguard-modules-1.0.20200908.ebuild +++ b/net-vpn/wireguard-modules/wireguard-modules-1.0.20201112.ebuild @@ -12,11 +12,10 @@ HOMEPAGE="https://www.wireguard.com/" if [[ ${PV} == 9999 ]]; then inherit git-r3 EGIT_REPO_URI="https://git.zx2c4.com/wireguard-linux-compat" - KEYWORDS="" else SRC_URI="https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-${PV}.tar.xz" S="${WORKDIR}/wireguard-linux-compat-${PV}" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" + KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86" fi LICENSE="GPL-2" |