Portage is a package management system used by Gentoo Linux
# ChangeLog for net-firewall/ipsec-tools
# Copyright 2000-2008 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ChangeLog,v 1.61 2008/06/07 00:11:37 swegener Exp $
06 Jun 2008; Sven Wegener
Cleanup.
06 Jun 2008; Sven Wegener
Use KV_DIR instead of relying on the /lib/modules build symlink pointing
to the source, which is broken behaviour.
13 Mar 2008; Wolfram Schlich
ipsec-tools-0.6.7.ebuild:
filter parallel make (bug #176998)
12 Mar 2008; Christian Heim
Removing Peter Johanson (latexer, #206688) from metadata.xml.
24 Jun 2007; Piotr Jaroszyński
ipsec-tools-0.6.7.ebuild:
(QA) Add missing flag to IUSE. bug #177003.
03 May 2007; Tobias Scherbaum
ipsec-tools-0.6.7.ebuild:
ppc stable, bug #173219
02 May 2007; Gustavo Zacarias
ipsec-tools-0.6.7.ebuild:
Stable on sparc wrt security #173219
01 May 2007; Raúl Porcel
x86 stable wrt security bug 173219
30 Apr 2007; Steve Dibb
amd64 stable, security bug 173219
30 Apr 2007; Daniel Black
ipsec-tools-0.6.7.ebuild:
virtual/krb5 usage as suggest by Bill Merriam - bug #173219 comment #7
22 Apr 2007; Daniel Black
ipsec-tools-0.6.7.ebuild:
qa fixes - bug #174266
*ipsec-tools-0.6.7 (21 Apr 2007)
21 Apr 2007; Daniel Black
-files/ipsec-tools-0.4-dos-fix.diff, -files/ipsec-tools-0.4-gcc34.diff,
-files/ipsec-tools-0.5-ipv6.diff,
-files/ipsec-tools-0.5-isakmp-underrun.diff,
-files/ipsec-tools-0.6.2-dos-fix.diff, -files/ipsec.conf.sample,
files/racoon.init.d, -ipsec-tools-0.4-r2.ebuild,
-ipsec-tools-0.6.2-r1.ebuild, -ipsec-tools-0.6.3.ebuild,
+ipsec-tools-0.6.7.ebuild:
security version bump as per bug #173219. Init script enhancement as per bug
#151375 thanks Hopeless. Big thanks to Kalin KOZHUHAROV bug #152971 comment
23 and Cyrius for the major enhancements to this ebuild. Cleaned out old
ebuilds too
12 Mar 2007; Raúl Porcel
x86 stable
13 Jan 2007; Steve Dibb
Remove vuln version, bug 140517
21 Nov 2006; Matti Bickel
Stable on ppc (bug #146478)
05 Nov 2006;
stable on amd64
25 Oct 2006; Simon Stelling
stable on amd64
14 Oct 2006; Jason Wever
Stable on SPARC wrt bug #146478.
07 Oct 2006; Peter Johanson
Stabalise 0.6.3 on x86. See bug #146478.
29 May 2006; Daniel Black
-ipsec-tools-0.2.5.ebuild, -ipsec-tools-0.3.1.ebuild:
punt security vulnerable versions
27 Apr 2006; Alec Warner
files/digest-ipsec-tools-0.2.5, files/digest-ipsec-tools-0.3.1,
files/digest-ipsec-tools-0.3.3, files/digest-ipsec-tools-0.6.2-r1,
Manifest:
Fixing SHA256 digest, pass four
24 Apr 2006; Jason Wever
Added ~sparc keyword again as we now have profiles with 2.6 kernel headers,
hooray
*ipsec-tools-0.6.5 (20 Apr 2006)
20 Apr 2006; Peter Johanson
+ipsec-tools-0.6.5.ebuild:
Bump. Includes fixes for bug #124813.
08 Apr 2006; Peter Johanson
Switch to using !
04 Dec 2005; Peter Johanson
-ipsec-tools-0.4-r1.ebuild, -ipsec-tools-0.5.ebuild,
-ipsec-tools-0.5-r1.ebuild, -ipsec-tools-0.5-r2.ebuild,
-ipsec-tools-0.5.2.ebuild, -ipsec-tools-0.6.2.ebuild:
Clean house.
04 Dec 2005; Peter Johanson
ipsec-tools-0.6.2-r1.ebuild:
Marking stable on x86 for bug #113201, at Halcy0n's request.
04 Dec 2005; Jason Wever
Marked 0.4-r2 stable on SPARC wrt bug #113201.
04 Dec 2005; Simon Stelling
ipsec-tools-0.6.2-r1.ebuild:
stable on amd64 wrt bug 113201
*ipsec-tools-0.4-r2 (03 Dec 2005)
03 Dec 2005; Peter Johanson
+files/ipsec-tools-0.4-dos-fix.diff, +ipsec-tools-0.4-r2.ebuild:
Bump the 0.4 release with the fix for bug #113201.
03 Dec 2005; Peter Johanson
files/ipsec-tools-0.6.2-dos-fix.diff:
Fix patch borked by the CVS commit. Argh.
*ipsec-tools-0.6.2-r1 (02 Dec 2005)
02 Dec 2005; Peter Johanson
+files/ipsec-tools-0.6.2-dos-fix.diff, +ipsec-tools-0.6.2-r1.ebuild:
Revision bump for bug #113201.
*ipsec-tools-0.6.3 (02 Dec 2005)
02 Dec 2005; Peter Johanson
+ipsec-tools-0.6.3.ebuild:
Bump. See bug #113201.
*ipsec-tools-0.6.2 (26 Oct 2005)
26 Oct 2005; Peter Johanson
+ipsec-tools-0.6.2.ebuild:
Bump.
25 Jun 2005; Sven Wegener
ipsec-tools-0.5-r1.ebuild, ipsec-tools-0.5-r2.ebuild,
ipsec-tools-0.5.2.ebuild:
Removed useless || dependency.
*ipsec-tools-0.5.2 (21 Jun 2005)
*ipsec-tools-0.5-r2 (21 Jun 2005)
21 Jun 2005; Peter Johanson
+files/ipsec-tools-0.5-ipv6.diff, +ipsec-tools-0.5-r2.ebuild,
+ipsec-tools-0.5.2.ebuild:
Revision bump with fix for IPV6 problem (bug #87920), and bump version (bug
#92363).
15 Apr 2005; Joseph Jezak
Marked ~ppc.
23 Mar 2005; Peter Johanson
Marking stable on x86, see bug #84479
20 Mar 2005; Jason Wever
Stable on SPARC wrt security bug #84479.
20 Mar 2005; Jan Brinkmann
stable on amd64 wrt bug #84479
*ipsec-tools-0.4-r1 (14 Mar 2005)
14 Mar 2005; Peter Johanson
+files/ipsec-tools-0.5-isakmp-underrun.diff, +ipsec-tools-0.4-r1.ebuild,
+ipsec-tools-0.5-r1.ebuild:
Security bump for buffer underrun. See bug #84479.
10 Mar 2005; Peter Johanson
-ipsec-tools-0.5_rc1.ebuild:
Remove broken release candidate.
10 Mar 2005; Peter Johanson
Fix problem on VIA C3 processors. See bug #77369.
*ipsec-tools-0.5 (08 Mar 2005)
08 Mar 2005; Peter Johanson
Bump. Removed --enable-samode-unspec per bug #77369.
11 Jan 2005; John Mylchreest
ipsec-tools-0.5_rc1.ebuild:
fixing linux-headers DEPEND for 2005.0. can we get away with a virtual?
*ipsec-tools-0.5_rc1 (10 Jan 2005)
10 Jan 2005; Peter Johanson
+ipsec-tools-0.5_rc1.ebuild:
Bump. Includes the fixes for bug #76741. Also fix the headers for the
copyright date.
*ipsec-tools-0.4 (16 Dec 2004)
16 Dec 2004; Peter Johanson
+files/ipsec-tools-0.4-gcc34.diff, +ipsec-tools-0.4.ebuild:
Bump to new release. Add my self to the maintainers list.
06 Sep 2004;
ipsec-tools-0.3.1.ebuild, ipsec-tools-0.3.3.ebuild:
Added an RDEPEND for sec-policy/selinux-ipsec-tools for SELinux USE flag
users, bug #62902.
01 Jul 2004; Jeremy Huddleston
ipsec-tools-0.2.5.ebuild, ipsec-tools-0.3.1.ebuild,
ipsec-tools-0.3.3.ebuild:
virtual/glibc -> virtual/libc
29 Jun 2004; Jason Wever
Stable on sparc.
21 Jun 2004;
Marking stable on x86, closes bug #51416.
21 Jun 2004; Danny van Dyk
Marked stable on amd64.
*ipsec-tools-0.3.3 (15 Jun 2004)
15 Jun 2004;
Version bump for a security vulnerability; please see bug #53915 for more
details.
24 Apr 2004; Peter Johanson
Marking ~sparc, see bug #48847
*ipsec-tools-0.3.1 (24 Apr 2004)
24 Apr 2004; Peter Johanson
Bump, fix for ISAKMP vulnerability. See bug #48847
12 Apr 2004;
files/racoon.init.d:
Changed the initialization scripts to flush the tables when racoon is
stopped - closes bug #47089.
09 Apr 2004; Jason Wever
It only takes a ~sparc, to get an ipsec tunnel going...
*ipsec-tools-0.2.5 (06 Apr 2004)
06 Apr 2004; Peter Johanson
ipsec-tools-0.2.3.ebuild, ipsec-tools-0.2.4.ebuild,
ipsec-tools-0.2.5.ebuild:
Bump and remove all old versions. Issue in all previous versions with x.509
certificate handling. See
http://sourceforge.net/mailarchive/forum.php?thread_id=4180505&forum_id=32000
*ipsec-tools-0.2.4 (01 Feb 2004)
*ipsec-tools-0.2.3 (01 Feb 2004)
01 Feb 2004;
ipsec-tools-0.2.3.ebuild, ipsec-tools-0.2.4.ebuild:
Version bumps to 0.2.3 and 0.2.4 and I also fixed the configure scripts to use
the /usr/src/linux includes rather than those of the current kernel. Closes
bug #38807.
*ipsec-tools-0.2.2 (16 Dec 2003)
16 Dec 2003;
files/ipsec.conf.sample, files/racoon.conf.d, files/racoon.init.d:
This is the initial commit of ipsec-tools. Thanks for this ebuild go to all
those involved in testing and developing it, please see Gentoo bug #26796 for
details.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
AUX racoon.conf.d 621 RMD160 773a21f70bd4786eb6758f052bb54cc40273c259 SHA1 1291dbe1639cbb72a161e3af727c9c65c6ae0132 SHA256 bc7cf9c0fe8bd5f99c9353aa3c19e3314b3da21a7a2138fc6e901375be21b109
AUX racoon.init.d 1314 RMD160 14fd9ea02fdb20d13a0e3284e1f1e468117247f2 SHA1 41cb71c0354d632ad35565dbf98a26364b592d56 SHA256 7c9447197032b30a2cb76a62179a3b0ef3768870c340adf4743976e7d65eba75
DIST ipsec-tools-0.6.7.tar.bz2 723032 RMD160 97c27922f5be941fd6c69e35e69bed921b9f13e7 SHA1 ed3a6566409c506d5a7cd82cf263a5b8df3fad55 SHA256 4239f836dc610a2443ded7ba35cb3b87de9d582c800e5d9eb5eed37defd61ef2
EBUILD ipsec-tools-0.6.7.ebuild 8292 RMD160 858e01df1a89602ebd7bdec89248817b0793bd10 SHA1 17532d5fe99d32258872f0ec664dfa8a68d5479e SHA256 4412ca3d2c4ce34e4838f9be4b5bc7a0fe81bd49d84b2bbd7163638a3c3d6e89
MISC ChangeLog 10023 RMD160 e6edfe63112caf5b17ae7539a59d1a0e98363767 SHA1 9b6c34b2299a7361c6d56653223f121bbf70e28c SHA256 e1155da6307b818266db6eb93f638c3540b3ea409f3e84b84236e824446a4be7
MISC metadata.xml 236 RMD160 92f49f8275e75caf57b88a3172d5204eaa4e33ae SHA1 dd1a8550a514e55ab0ed6190ab4794bb090994f8 SHA256 56075995f83836ae824c7cb01931b98d6745f6d5a7764299c8262e801486b829
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)
iD8DBQFISdI+I1lqEGTUzyQRAjIdAJ9V36SgH5bK1zICcHO89dD/G+CEjwCcDCCj
0uw5tERQj1BZZnS5Ntt8IDc=
=vXvP
-----END PGP SIGNATURE-----
# Copyright 1999-2008 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.6.7.ebuild,v 1.13 2008/06/06 23:53:31 swegener Exp $
inherit eutils flag-o-matic autotools linux-info
DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
HOMEPAGE="http://ipsec-tools.sourceforge.net/"
SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
LICENSE="BSD"
SLOT="0"
KEYWORDS="amd64 ppc sparc x86"
IUSE="idea ipv6 pam rc5 readline selinux ldap kerberos nat hybrid iconv"
# FIXME: what is the correct syntax for ~sparc ???
DEPEND="!sparc? ( >=sys-kernel/linux-headers-2.6 )
readline? ( sys-libs/readline )
pam? ( sys-libs/pam )
ldap? ( net-nds/openldap )
kerberos? ( virtual/krb5 )
>=dev-libs/openssl-0.9.8
iconv? ( virtual/libiconv )"
# radius? ( net-dialup/gnuradius )
RDEPEND="${DEPEND}
selinux? ( sec-policy/selinux-ipsec-tools )"
# {{{ kernel_check()
kernel_check() {
get_version
if kernel_is 2 6 ; then
if test "${KV_PATCH}" -ge 19 ; then
# Just for kernel >=2.6.19
ebegin "Checking for suitable kernel configuration (Networking | Networking support | Networking options)"
if use nat ; then
if ! { linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; } ; then
ewarn "[NETFILTER_XT_MATCH_POLICY] IPsec policy match support is NOT enabled"
eerror "${P} won't compile with use nat traversal (USE=nat) until you enable NETFILTER_XT_MATCH_POLICY in your kernel"
die
else
einfo "....[NETFILTER_XT_MATCH_POLICY] IPsec policy match support is enabled :-)"
fi
fi
# {{{ general stuff
if ! { linux_chkconfig_present XFRM_USER; }; then
ewarn "[XFRM_USER] Transformation user configuration interface is NOT enabled."
else
einfo "....[XFRM_USER] Transformation user configuration interface is enabled :-)"
fi
if ! { linux_chkconfig_present NET_KEY; }; then
ewarn "[NET_KEY] PF_KEY sockets is NOT enabled."
else
einfo "....[NET_KEY] PF_KEY sockets is enabled :-)"
fi
# }}}
# {{{ IPv4 stuff
if ! { linux_chkconfig_present INET_IPCOMP; }; then
ewarn "[INET_IPCOMP] IP: IPComp transformation is NOT enabled"
else
einfo "....[INET_IPCOMP] IP: IPComp transformation is enabled :-)"
fi
if ! { linux_chkconfig_present INET_AH; }; then
ewarn "[INET_AH] AH Transformation is NOT enabled."
else
einfo "....[INET_AH] AH Transformation is enabled :-)"
fi
if ! { linux_chkconfig_present INET_ESP; }; then
ewarn "[INET_ESP] ESP Transformation is NOT enabled."
else
einfo "....[INET_ESP] ESP Transformation is enabled :-)"
fi
if ! { linux_chkconfig_present INET_XFRM_MODE_TRANSPORT; }; then
ewarn "[INET_XFRM_MODE_TRANSPORT] IP: IPsec transport mode is NOT enabled."
else
einfo "....[INET_XFRM_MODE_TRANSPORT] IP: IPsec transport mode is enabled :-)"
fi
if ! { linux_chkconfig_present INET_XFRM_MODE_TUNNEL; }; then
ewarn "[INET_XFRM_MODE_TUNNEL] IP: IPsec tunnel mode is NOT enabled."
else
einfo "....[INET_XFRM_MODE_TUNNEL] IP: IPsec tunnel mode is enabled :-)"
fi
if ! { linux_chkconfig_present INET_XFRM_MODE_BEET; }; then
ewarn "[INET_XFRM_MODE_BEET] IP: IPsec BEET mode is NOT enabled."
else
einfo "....[INET_XFRM_MODE_BEET] IP: IPsec BEET mode is enabled :-)"
fi
# }}}
# {{{ IPv6 stuff
if use ipv6 ; then
if ! { linux_chkconfig_present INET6_IPCOMP; }; then
ewarn "[INET6_IPCOMP] IPv6: IPComp transformation is NOT enabled"
else
einfo "....[INET6_IPCOMP] IPv6: IPComp transformation is enabled :-)"
fi
if ! { linux_chkconfig_present INET6_AH; }; then
ewarn "[INET6_AH] IPv6: AH Transformation is NOT enabled."
else
einfo "....[INET6_AH] IPv6: AH Transformation is enabled :-)"
fi
if ! { linux_chkconfig_present INET6_ESP; }; then
ewarn "[INET6_ESP] IPv6: ESP Transformation is NOT enabled."
else
einfo "....[INET6_ESP] IPv6: ESP Transformation is enabled :-)"
fi
if ! { linux_chkconfig_present INET6_XFRM_MODE_TRANSPORT; }; then
ewarn "[INET6_XFRM_MODE_TRANSPORT] IPv6: IPsec transport mode is NOT enabled."
else
einfo "....[INET6_XFRM_MODE_TRANSPORT] IPv6: IPsec transport mode is enabled :-)"
fi
if ! { linux_chkconfig_present INET6_XFRM_MODE_TUNNEL; }; then
ewarn "[INET6_XFRM_MODE_TUNNEL] IPv6: IPsec tunnel mode is NOT enabled."
else
einfo "....[INET6_XFRM_MODE_TUNNEL] IPv6: IPsec tunnel mode is enabled :-)"
fi
if ! { linux_chkconfig_present INET6_XFRM_MODE_BEET; }; then
ewarn "[INET6_XFRM_MODE_BEET] IPv6: IPsec BEET mode is NOT enabled."
else
einfo "....[INET6_XFRM_MODE_BEET] IPv6: IPsec BEET mode is enabled :-)"
fi
fi
# }}}
eend $?
fi
fi
}
# }}}
src_unpack() {
unpack ${A}
cd "${S}"
# fix for bug #76741
sed -i 's:#include
# fix for bug #124813
sed -i 's:-Werror::g' "${S}"/configure.ac
AT_M4DIR="${S}" eautoreconf
epunt_cxx
}
src_compile() {
# fix for bug #61025
filter-flags -march=c3
kernel_check
myconf="${myconf} --with-kernel-headers=${KV_DIR}/include"
use nat && myconf="${myconf} --enable-natt --enable-natt-versions=yes"
# myconf="${myconf} $(use_enable broken-natt)"
myconf="${myconf} --enable-dependency-tracking $(use_enable ipv6)"
# myconf="${myconf} $(use_enable adminport)"
myconf="${myconf} $(use_enable rc5)"
if use pam; then
myconf="${myconf} --enable-hybrid"
else
myconf="${myconf} $(use_enable hybrid)"
fi;
# myconf="${myconf} $(use_enable dpd)"
# myconf="${myconf} $(use_enable frag)"
# myconf="${myconf} $(use_enable stats)"
# myconf="${myconf} $(use_enable fastquit)"
# myconf="${myconf} $(use_enable security-context)"
myconf="${myconf} --enable-dpd --enable-frag --enable-stats --enable-fastquit"
myconf="${myconf} --enable-adminport --enable-security-context"
myconf="${myconf} $(use_enable idea)"
myconf="${myconf} $(use_enable kerberos gssapi)"
# dev-libs/libiconv is hard masked
#use iconv && myconf="${myconf} $(use_with iconv libiconv)"
myconf="${myconf} $(use_with ldap libldap)"
myconf="${myconf} $(use_with pam libpam)"
# the default (/usr/include/openssl/) is OK for Gentoo, leave it
# myconf="${myconf} $(use_with ssl openssl )"
# No way to get it compiling with freeradius or gnuradius
# We need libradius wich only exist on FreeBSD
#use radius && myconf="${myconf} $(use_with radius libradius )"
use readline && myconf="${myconf} $(use_with readline )"
# See bug #77369
#myconf="${myconf} --enable-samode-unspec"
econf ${myconf} || die
emake -j1 || die
}
src_install() {
emake DESTDIR="${D}" install || die
keepdir /var/lib/racoon
newconfd "${FILESDIR}"/racoon.conf.d racoon
newinitd "${FILESDIR}"/racoon.init.d racoon
dodoc ChangeLog README NEWS
dodoc src/racoon/samples/*
dodoc src/racoon/doc/*
docinto roadwarrior
dodoc src/racoon/samples/roadwarrior/*
docinto roadwarrior/client
dodoc src/racoon/samples/roadwarrior/client/*
docinto roadwarrior/server
dodoc src/racoon/samples/roadwarrior/server/*
docinto setkey
dodoc src/setkey/sample.cf
dodir /etc/racoon
# RFC are only available from CVS for the moment, see einfo below
#docinto "rfc"
#dodoc ${S}/src/racoon/rfc/*
}
pkg_postinst() {
if use nat; then
elog
elog " You have enabled the nat traversal functionnality."
elog " Nat versions wich are enabled by default are 00,02,rfc"
elog " you can find those drafts in the CVS repository:"
elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools"
elog
elog "If you feel brave enough and you know what you are"
elog "doing, you can consider emerging this ebuild"
elog "with"
elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
elog
fi;
if use ldap; then
elog
elog " You have enabled ldap support with {$PN}."
elog " The man page does NOT contain any information on it yet."
elog " Consider to use a more recent version or CVS"
elog
fi;
elog
elog "Please have a look in /usr/share/doc/${P} and visit"
elog "http://www.netbsd.org/Documentation/network/ipsec/"
elog "to find a lot of information on how to configure this great tool."
elog
}
# vim: set foldmethod=marker nowrap :