gentoo resync : 04.05.2019

5 files changed, 40 insertions, 305 deletions

diff --git a/net-vpn/Manifest.gz b/net-vpn/Manifest.gz
index 9230027aae0b..843fc2e62e55 100644
--- a/net-vpn/Manifest.gz
+++ b/net-vpn/Manifest.gz
diff --git a/net-vpn/openfortivpn/Manifest b/net-vpn/openfortivpn/Manifest
index 0d45e9e3a9ba..c1a7335d4287 100644
--- a/net-vpn/openfortivpn/Manifest
+++ b/net-vpn/openfortivpn/Manifest
@@ -1,5 +1,7 @@
 DIST openfortivpn-1.7.1.tar.gz 61236 BLAKE2B b382ceac577e63ebb7a92ee3ca80c45e94f77eb95f8ea75f91a4c2ca2fb006f4d2e5e4c7bdf3974875cfb3611f34ef249218d194d58f66f3b51b30c8b90a3f82 SHA512 9c151ce3f914a7cba13be3e3b98e35d49329ac2c04410b653ce40dfb9fe1912c2e51d0322f9e37d5ed47bb28a46203a19ce87ab2fa670229f2b5ccf5b9bb6fc1
 DIST openfortivpn-1.8.1.tar.gz 70521 BLAKE2B 5451ab9937e0f6ba1c2601f9ad8a44d5b9954b9798f4a4aa81675d561f5aa95890946a5623af9a57db6e20fe074e65b0578655ca538c20751e7e1363df01ab68 SHA512 0c2f26e744c266125bf35a643bc2510d782c9c7b4e3324cef53cc7e9a350df3c968c4d0d34256a64cf6b7d1cad2ffc95019a39586786238481dda20030e524a9
+DIST openfortivpn-1.9.0.tar.gz 71903 BLAKE2B 0f37b782944e96ba043b82bb172cdd90badf501a31f4ef253cdfc2ea59f4d478ccb4de15514df279059ad41ff3d872e2521ebc64af56844e5d3dd719e8965e18 SHA512 bea07d173f84562e37bbd925fc9ca1ffc4b91442792d29dd5f78849a44df7f4f677f306bb9020ca3ebdc4da1d5635bb4e746455c4ccf9ef1598c8100dcb2df7a
 EBUILD openfortivpn-1.7.1.ebuild 766 BLAKE2B 59675dd6afd568ef60fc345e96c401e462063bb570c4e5c094c4a2c5f4061e862e6b185763af143d34a79d817fbe61ff1783180a981611e9405875c19d8bbece SHA512 19abaec0e7981787d4f2995bfe905a0d24643d17cfdb651dec7d2dc4be2c80af6042876ef06d5196c953d3209c90bd8d9bea2650bfab650d2608609d211bd048
 EBUILD openfortivpn-1.8.1.ebuild 764 BLAKE2B 41d9b1a2d531317f54089e0cab337c50480b0698b55ecc81bf685084ff626bc79532415735d00a431e73c078b70746e14ddeb154fe69a750d7c0169bbb115537 SHA512 9ca560c229901eb4919265cabef86e7dfe106bd4ff7c7b9d4e2cb2fd79ff468d69e66c5c81abb142bc274bdfcbeea0d48b5583268b3395f289680b869df27896
+EBUILD openfortivpn-1.9.0.ebuild 764 BLAKE2B 41d9b1a2d531317f54089e0cab337c50480b0698b55ecc81bf685084ff626bc79532415735d00a431e73c078b70746e14ddeb154fe69a750d7c0169bbb115537 SHA512 9ca560c229901eb4919265cabef86e7dfe106bd4ff7c7b9d4e2cb2fd79ff468d69e66c5c81abb142bc274bdfcbeea0d48b5583268b3395f289680b869df27896
 MISC metadata.xml 334 BLAKE2B f24aad8486bdfc65b3b679b17aee075a53b08cda8e80df8c6119cf224885d6ed25a23b14ca38bda9a1c8a651263d59e42d84719dd27749f25d109e7a6f8a3783 SHA512 383c645edf7e7baa6588a4639ec81290b4260d329f3839e540ecd506d7945a72a35bd039514b377454c0c81f23ecadaa9334c746e96aa91e0408712f112148fd
diff --git a/net-vpn/openfortivpn/openfortivpn-1.9.0.ebuild b/net-vpn/openfortivpn/openfortivpn-1.9.0.ebuild
new file mode 100644
index 000000000000..a0280e748daa
--- /dev/null
+++ b/net-vpn/openfortivpn/openfortivpn-1.9.0.ebuild
@@ -0,0 +1,38 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools linux-info
+
+DESCRIPTION="A Fortinet compatible VPN client"
+HOMEPAGE="https://github.com/adrienverge/openfortivpn"
+SRC_URI="https://github.com/adrienverge/openfortivpn/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-3-with-openssl-exception openssl"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE="libressl"
+
+DEPEND="
+	net-dialup/ppp
+	!libressl? ( dev-libs/openssl:0= )
+	libressl? ( dev-libs/libressl:0= )
+"
+RDEPEND="${DEPEND}"
+
+CONFIG_CHECK="~PPP ~PPP_ASYNC"
+
+src_prepare() {
+	default
+
+	sed -i 's/-Werror//g' Makefile.am || die "Failed to remove -Werror from Makefile.am"
+
+	eautoreconf
+}
+
+src_install() {
+	default
+
+	keepdir /etc/openfortivpn
+}
diff --git a/net-vpn/strongswan/Manifest b/net-vpn/strongswan/Manifest
index 76c2275ca630..314384bb04b3 100644
--- a/net-vpn/strongswan/Manifest
+++ b/net-vpn/strongswan/Manifest
@@ -1,6 +1,4 @@
 AUX ipsec 451 BLAKE2B deb3fff7043e04c1630119bb0cbbd6fa9b6f15666131ac9744a32d35cf3bc0629fe99cf9936b9cdb464627c1a8c121b8485f164166efda428825a55aab557d18 SHA512 d11ccc36ee89df5974547441fdb6c539dd3a7a5e235e318c1beddca7d4f5cace857f2dc75752e6fa913177eec9c3afcbed52de5bc08e8c314096d439cbc3bc6c
-DIST strongswan-5.7.1.tar.bz2 4967533 BLAKE2B e438d1b44a997eb0e012586b18604bd35ac6f53cce1c34ff89192a760bbd0d6a9aaa7b90b389ff1a5e7c6d2356ff5cc74b40daad1d6579fa5026f4878489bf66 SHA512 43102814434bee7c27a5956be59099cc4ffb9bb5b0d6382ce4c6a80d1d82ed6639f698f5f5544b9ca563554a344638c953525b0e2d39bc6b71b19055c80e07fc
 DIST strongswan-5.7.2.tar.bz2 4997818 BLAKE2B e5a160ea8d31ae14c9731e414e42653ecb12f259fbe76ec7289f44afe5687f4123d89750a8f57c9ea006aec7f0be28e0f0c56d6c0a4bc96f0e1ba69c29da904f SHA512 e2169dbbc0c03737e34af90d7bc07e444408c5e2ac1f81764eeccbac8b142b984ce9ed512a89071075a930e0997632267f6912aa5b352eee2edbd551b5a64e7e
-EBUILD strongswan-5.7.1.ebuild 9426 BLAKE2B 48d770e14d7e08bd9baf7294fa3b8ffbdaff26347918a2b411dd2b958a71fdc20379d8659fee066d9d01a3680dbd040fa9421d9483a542b3c690792b12e70964 SHA512 412a269f27723601813d8145bbc2263bf627298197e8c50a76368e07530c04799c6149976c424ceddd6ccd48eee8b39ae845c8bec1100598c1a40b4bff9c478b
 EBUILD strongswan-5.7.2.ebuild 9449 BLAKE2B 41d9e5addd32f8fdc21cf241b0d5b6203b1d7d30d15e018a7f3aa432c9a177426316d6d67da50e6bcb4c06f0d2fef7f03a6868803524e44e5e327e53d45b6594 SHA512 dc7c9ef870d7d9945fea138d31b861ffc9eba28503734a70e8105fe0e50a970ac71d5ce6d8096268bb331c60d386f9cdba40832c81373b00e92d2f5533a10783
 MISC metadata.xml 4135 BLAKE2B 13739675c455765d7ce73df9744779636d36d3f93eee4567c931fb40e528e56d34912e26a82bd35e377fbd34613c0b7044841ff6c2dc26694187d0de355f8b86 SHA512 e09ef1afdf5002dab542312753cbce56e830b906aa5c5ac8fd5c7b57cbaf021eb0c466241cf810f446693b8dedd90f185f3e2c7a53a0b9a43e14913dcdd83b23
diff --git a/net-vpn/strongswan/strongswan-5.7.1.ebuild b/net-vpn/strongswan/strongswan-5.7.1.ebuild
deleted file mode 100644
index b536b1a8534f..000000000000
--- a/net-vpn/strongswan/strongswan-5.7.1.ebuild
+++ /dev/null
@@ -1,303 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-inherit linux-info systemd user
-
-DESCRIPTION="IPsec-based VPN solution, supporting IKEv1/IKEv2 and MOBIKE"
-HOMEPAGE="https://www.strongswan.org/"
-SRC_URI="https://download.strongswan.org/${P}.tar.bz2"
-
-LICENSE="GPL-2 RSA DES"
-SLOT="0"
-KEYWORDS="amd64 arm ppc ~ppc64 x86"
-IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite systemd pam pkcs11"
-
-STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici"
-STRONGSWAN_PLUGINS_OPT="aesni blowfish ccm chapoly ctr forecast gcm ha ipseckey newhope ntru padlock rdrand save-keys unbound whitelist"
-for mod in $STRONGSWAN_PLUGINS_STD; do
-	IUSE="${IUSE} +strongswan_plugins_${mod}"
-done
-
-for mod in $STRONGSWAN_PLUGINS_OPT; do
-	IUSE="${IUSE} strongswan_plugins_${mod}"
-done
-
-COMMON_DEPEND="!net-misc/openswan
-	gmp? ( >=dev-libs/gmp-4.1.5:= )
-	gcrypt? ( dev-libs/libgcrypt:0 )
-	caps? ( sys-libs/libcap )
-	curl? ( net-misc/curl )
-	ldap? ( net-nds/openldap )
-	openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist] )
-	mysql? ( dev-db/mysql-connector-c:= )
-	sqlite? ( >=dev-db/sqlite-3.3.1 )
-	systemd? ( sys-apps/systemd )
-	networkmanager? ( net-misc/networkmanager )
-	pam? ( sys-libs/pam )
-	strongswan_plugins_unbound? ( net-dns/unbound:= net-libs/ldns )"
-DEPEND="${COMMON_DEPEND}
-	virtual/linux-sources
-	sys-kernel/linux-headers"
-RDEPEND="${COMMON_DEPEND}
-	virtual/logger
-	sys-apps/iproute2
-	!net-vpn/libreswan
-	selinux? ( sec-policy/selinux-ipsec )"
-
-UGID="ipsec"
-
-pkg_setup() {
-	linux-info_pkg_setup
-
-	elog "Linux kernel version: ${KV_FULL}"
-
-	if ! kernel_is -ge 2 6 16; then
-		eerror
-		eerror "This ebuild currently only supports ${PN} with the"
-		eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16."
-		eerror
-	fi
-
-	if kernel_is -lt 2 6 34; then
-		ewarn
-		ewarn "IMPORTANT KERNEL NOTES: Please read carefully..."
-		ewarn
-
-		if kernel_is -lt 2 6 29; then
-			ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to"
-			ewarn "include all required IPv6 modules even if you just intend"
-			ewarn "to run on IPv4 only."
-			ewarn
-			ewarn "This has been fixed with kernels >= 2.6.29."
-			ewarn
-		fi
-
-		if kernel_is -lt 2 6 33; then
-			ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards"
-			ewarn "compliant implementation for SHA-2 HMAC support in ESP and"
-			ewarn "miss SHA384 and SHA512 HMAC support altogether."
-			ewarn
-			ewarn "If you need any of those features, please use kernel >= 2.6.33."
-			ewarn
-		fi
-
-		if kernel_is -lt 2 6 34; then
-			ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only"
-			ewarn "ESP cipher is only included in kernels >= 2.6.34."
-			ewarn
-			ewarn "If you need it, please use kernel >= 2.6.34."
-			ewarn
-		fi
-	fi
-
-	if use non-root; then
-		enewgroup ${UGID}
-		enewuser ${UGID} -1 -1 -1 ${UGID}
-	fi
-}
-
-src_configure() {
-	local myconf=""
-
-	if use non-root; then
-		myconf="${myconf} --with-user=${UGID} --with-group=${UGID}"
-	fi
-
-	# If a user has already enabled db support, those plugins will
-	# most likely be desired as well. Besides they don't impose new
-	# dependencies and come at no cost (except for space).
-	if use mysql || use sqlite; then
-		myconf="${myconf} --enable-attr-sql --enable-sql"
-	fi
-
-	# strongSwan builds and installs static libs by default which are
-	# useless to the user (and to strongSwan for that matter) because no
-	# header files or alike get installed... so disabling them is safe.
-	if use pam && use eap; then
-		myconf="${myconf} --enable-eap-gtc"
-	else
-		myconf="${myconf} --disable-eap-gtc"
-	fi
-
-	for mod in $STRONGSWAN_PLUGINS_STD; do
-		if use strongswan_plugins_${mod}; then
-			myconf+=" --enable-${mod}"
-		fi
-	done
-
-	for mod in $STRONGSWAN_PLUGINS_OPT; do
-		if use strongswan_plugins_${mod}; then
-			myconf+=" --enable-${mod}"
-		fi
-	done
-
-	econf \
-		--disable-static \
-		--enable-ikev1 \
-		--enable-ikev2 \
-		--enable-swanctl \
-		--enable-socket-dynamic \
-		$(use_enable curl) \
-		$(use_enable constraints) \
-		$(use_enable ldap) \
-		$(use_enable debug leak-detective) \
-		$(use_enable dhcp) \
-		$(use_enable eap eap-sim) \
-		$(use_enable eap eap-sim-file) \
-		$(use_enable eap eap-simaka-sql) \
-		$(use_enable eap eap-simaka-pseudonym) \
-		$(use_enable eap eap-simaka-reauth) \
-		$(use_enable eap eap-identity) \
-		$(use_enable eap eap-md5) \
-		$(use_enable eap eap-aka) \
-		$(use_enable eap eap-aka-3gpp2) \
-		$(use_enable eap md4) \
-		$(use_enable eap eap-mschapv2) \
-		$(use_enable eap eap-radius) \
-		$(use_enable eap eap-tls) \
-		$(use_enable eap eap-ttls) \
-		$(use_enable eap xauth-eap) \
-		$(use_enable eap eap-dynamic) \
-		$(use_enable farp) \
-		$(use_enable gmp) \
-		$(use_enable gcrypt) \
-		$(use_enable mysql) \
-		$(use_enable networkmanager nm) \
-		$(use_enable openssl) \
-		$(use_enable pam xauth-pam) \
-		$(use_enable pkcs11) \
-		$(use_enable sqlite) \
-		$(use_enable systemd) \
-		$(use_with caps capabilities libcap) \
-		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \
-		${myconf}
-}
-
-src_install() {
-	emake DESTDIR="${D}" install
-
-	doinitd "${FILESDIR}"/ipsec
-
-	local dir_ugid
-	if use non-root; then
-		fowners ${UGID}:${UGID} \
-			/etc/ipsec.conf \
-			/etc/strongswan.conf
-
-		dir_ugid="${UGID}"
-	else
-		dir_ugid="root"
-	fi
-
-	diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid}
-	dodir /etc/ipsec.d \
-		/etc/ipsec.d/aacerts \
-		/etc/ipsec.d/acerts \
-		/etc/ipsec.d/cacerts \
-		/etc/ipsec.d/certs \
-		/etc/ipsec.d/crls \
-		/etc/ipsec.d/ocspcerts \
-		/etc/ipsec.d/private \
-		/etc/ipsec.d/reqs
-
-	dodoc NEWS README TODO || die
-
-	# shared libs are used only internally and there are no static libs,
-	# so it's safe to get rid of the .la files
-	find "${D}" -name '*.la' -delete || die "Failed to remove .la files."
-}
-
-pkg_preinst() {
-	has_version "<net-vpn/strongswan-4.3.6-r1"
-	upgrade_from_leq_4_3_6=$(( !$? ))
-
-	has_version "<net-vpn/strongswan-4.3.6-r1[-caps]"
-	previous_4_3_6_with_caps=$(( !$? ))
-}
-
-pkg_postinst() {
-	if ! use openssl && ! use gcrypt; then
-		elog
-		elog "${PN} has been compiled without both OpenSSL and libgcrypt support."
-		elog "Please note that this might effect availability and speed of some"
-		elog "cryptographic features. You are advised to enable the OpenSSL plugin."
-	elif ! use openssl; then
-		elog
-		elog "${PN} has been compiled without the OpenSSL plugin. This might effect"
-		elog "availability and speed of some cryptographic features. There will be"
-		elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21,"
-		elog "25, 26) and ECDSA."
-	fi
-
-	if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then
-		chmod 0750 "${ROOT}"/etc/ipsec.d \
-			"${ROOT}"/etc/ipsec.d/aacerts \
-			"${ROOT}"/etc/ipsec.d/acerts \
-			"${ROOT}"/etc/ipsec.d/cacerts \
-			"${ROOT}"/etc/ipsec.d/certs \
-			"${ROOT}"/etc/ipsec.d/crls \
-			"${ROOT}"/etc/ipsec.d/ocspcerts \
-			"${ROOT}"/etc/ipsec.d/private \
-			"${ROOT}"/etc/ipsec.d/reqs
-
-		ewarn
-		ewarn "The default permissions for /etc/ipsec.d/* have been tightened for"
-		ewarn "security reasons. Your system installed directories have been"
-		ewarn "updated accordingly. Please check if necessary."
-		ewarn
-
-		if [[ $previous_4_3_6_with_caps == 1 ]]; then
-			if ! use non-root; then
-				ewarn
-				ewarn "IMPORTANT: You previously had ${PN} installed without root"
-				ewarn "privileges because it was implied by the 'caps' USE flag."
-				ewarn "This has been changed. If you want ${PN} with user privileges,"
-				ewarn "you have to re-emerge it with the 'non-root' USE flag enabled."
-				ewarn
-			fi
-		fi
-	fi
-	if ! use caps && ! use non-root; then
-		ewarn
-		ewarn "You have decided to run ${PN} with root privileges and built it"
-		ewarn "without support for POSIX capability dropping. It is generally"
-		ewarn "strongly suggested that you reconsider- especially if you intend"
-		ewarn "to run ${PN} as server with a public ip address."
-		ewarn
-		ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled."
-		ewarn
-	fi
-	if use non-root; then
-		elog
-		elog "${PN} has been installed without superuser privileges (USE=non-root)."
-		elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'"
-		elog "but also a few to the IKEv2 daemon 'charon'."
-		elog
-		elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot"
-		elog
-		elog "pluto uses a helper script by default to insert/remove routing and"
-		elog "policy rules upon connection start/stop which requires superuser"
-		elog "privileges. charon in contrast does this internally and can do so"
-		elog "even with reduced (user) privileges."
-		elog
-		elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown"
-		elog "script to pluto or charon which requires superuser privileges, you"
-		elog "can work around this limitation by using sudo to grant the"
-		elog "user \"ipsec\" the appropriate rights."
-		elog "For example (the default case):"
-		elog "/etc/sudoers:"
-		elog "  ipsec ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/ipsec"
-		elog "Under the specific connection block in /etc/ipsec.conf:"
-		elog "  leftupdown=\"sudo -E ipsec _updown iptables\""
-		elog
-	fi
-	elog
-	elog "Make sure you have _all_ required kernel modules available including"
-	elog "the appropriate cryptographic algorithms. A list is available at:"
-	elog "  http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules"
-	elog
-	elog "The up-to-date manual is available online at:"
-	elog "  http://wiki.strongswan.org/"
-	elog
-}