Revision: 7431
http://sourceforge.net/p/ipcop/svn/7431
Author: owes
Date: 2014-04-07 16:00:25 +0000 (Mon, 07 Apr 2014)
Log Message:
-----------
Update openswan to 2.6.41. Probably need to consider moving to another *swan
implementation in one of the next IPCop versions.
Modified Paths:
--------------
ipcop/trunk/config/rootfiles/common/openswan
ipcop/trunk/lfs/openswan
ipcop/trunk/updates/2.1.4/ROOTFILES.i486-2.1.4
ipcop/trunk/updates/2.1.4/information.xml
Added Paths:
-----------
ipcop/trunk/src/patches/openswan_verify-perl.patch
Removed Paths:
-------------
ipcop/trunk/src/patches/openswan-2.6.39_remove_CFLAGS_no-error_cpp.patch
Modified: ipcop/trunk/config/rootfiles/common/openswan
===================================================================
--- ipcop/trunk/config/rootfiles/common/openswan 2014-04-07 15:53:37 UTC
(rev 7430)
+++ ipcop/trunk/config/rootfiles/common/openswan 2014-04-07 16:00:25 UTC
(rev 7431)
@@ -24,7 +24,7 @@
#etc/ipsec.d/private
etc/ipsec.secrets
etc/rc.d/ipsec
-usr/lib/ipsec
+#usr/lib/ipsec
usr/lib/ipsec/_copyright
usr/lib/ipsec/_include
usr/lib/ipsec/_keycensor
@@ -38,13 +38,14 @@
usr/lib/ipsec/_updown.klips
usr/lib/ipsec/_updown.mast
usr/lib/ipsec/_updown.netkey
-usr/libexec/ipsec
+#usr/libexec/ipsec
usr/libexec/ipsec/_pluto_adns
usr/libexec/ipsec/addconn
usr/libexec/ipsec/auto
usr/libexec/ipsec/barf
usr/libexec/ipsec/eroute
usr/libexec/ipsec/ikeping
+#usr/libexec/ipsec/initnss
usr/libexec/ipsec/klipsdebug
usr/libexec/ipsec/look
usr/libexec/ipsec/newhostkey
@@ -152,6 +153,7 @@
#usr/share/man/man8/ipsec_barf.8
#usr/share/man/man8/ipsec_eroute.8
#usr/share/man/man8/ipsec_ikeping.8
+#usr/share/man/man8/ipsec_initnss.8
#usr/share/man/man8/ipsec_klipsdebug.8
#usr/share/man/man8/ipsec_look.8
#usr/share/man/man8/ipsec_newhostkey.8
Modified: ipcop/trunk/lfs/openswan
===================================================================
--- ipcop/trunk/lfs/openswan 2014-04-07 15:53:37 UTC (rev 7430)
+++ ipcop/trunk/lfs/openswan 2014-04-07 16:00:25 UTC (rev 7431)
@@ -33,7 +33,7 @@
include Config
PKG_NAME = openswan
-VER = 2.6.39
+VER = 2.6.41
HOST_ARCH = all
OTHER_SRC = yes
KERNEL_MOD = yes
@@ -57,7 +57,7 @@
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 199757597f9f776d85752bb0c713b5ed
+$(DL_FILE)_MD5 = da2e8b02ecc30a408cc5766767fef84f
install : $(TARGET)
@@ -88,8 +88,9 @@
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 -i
$(DIR_PATCHES)/$(THISAPP)_remove_CFLAGS_no-error_cpp.patch
- cd $(DIR_APP) && patch -RNp1 -i
$(DIR_PATCHES)/$(THISAPP)_verify-python.patch
+ # Remove Python verify script and patch in an old Perl version
+ cd $(DIR_APP) && rm programs/verify/verify.in
+ cd $(DIR_APP) && patch -p1 -i
$(DIR_PATCHES)/$(PKG_NAME)_verify-perl.patch
cd $(DIR_APP) && sed -i \
-e 's%^INC_USRLOCAL.*$$%INC_USRLOCAL=/usr%' \
Deleted:
ipcop/trunk/src/patches/openswan-2.6.39_remove_CFLAGS_no-error_cpp.patch
===================================================================
--- ipcop/trunk/src/patches/openswan-2.6.39_remove_CFLAGS_no-error_cpp.patch
2014-04-07 15:53:37 UTC (rev 7430)
+++ ipcop/trunk/src/patches/openswan-2.6.39_remove_CFLAGS_no-error_cpp.patch
2014-04-07 16:00:25 UTC (rev 7431)
@@ -1,24 +0,0 @@
-diff -Nur openswan-2.6.39.orig/lib/libopenswan/Makefile
openswan-2.6.39/lib/libopenswan/Makefile
---- openswan-2.6.39.orig/lib/libopenswan/Makefile 2013-05-31
19:12:15.000000000 +0200
-+++ openswan-2.6.39/lib/libopenswan/Makefile 2013-07-19 11:09:17.000000000
+0200
-@@ -85,9 +85,6 @@
- # must turn this off due to initsubnet.c
- CFLAGS+= -Wno-error=cast-qual
-
--# some junk left in alg_info.c
--CFLAGS+= -Wno-error=cpp
--
- #CFLAGS+= -Wmissing-declarations
- CFLAGS+= -Wstrict-prototypes
- #CFLAGS+= -pedantic
-diff -Nur openswan-2.6.39.orig/programs/pluto/Makefile
openswan-2.6.39/programs/pluto/Makefile
---- openswan-2.6.39.orig/programs/pluto/Makefile 2013-05-31
19:12:15.000000000 +0200
-+++ openswan-2.6.39/programs/pluto/Makefile 2013-07-19 11:08:28.000000000
+0200
-@@ -47,7 +47,6 @@
-
- # must turn this off due to myid.c
- CFLAGS+= -Wno-error=cast-qual
--CFLAGS+= -Wno-error=cpp
-
- ifeq ($(HAVE_BROKEN_POPEN),true)
- CFLAGS+=-DHAVE_BROKEN_POPEN
Added: ipcop/trunk/src/patches/openswan_verify-perl.patch
===================================================================
--- ipcop/trunk/src/patches/openswan_verify-perl.patch
(rev 0)
+++ ipcop/trunk/src/patches/openswan_verify-perl.patch 2014-04-07 16:00:25 UTC
(rev 7431)
@@ -0,0 +1,570 @@
+This is ipsec verify for Perl instead of Python.
+Source from openswan 2.6.39 with 1 patch to use ip instead of ifconfig
+
+--- a/programs/verify/verify.in 1970-01-01 01:00:00.000000000 +0100
++++ b/programs/verify/verify.in 2014-04-07 14:39:19.000000000 +0200
+@@ -0,0 +1,564 @@
++#!/usr/bin/perl
++#
++# Copyright (C) 2003 Sam Sgro <[email protected]>
++# Copyright (C) 2005-2008 Michael Richardson <[email protected]>
++# Copyright (C) 2005-2009 Paul Wouters <[email protected]>
++#
++# Based on "verify" from the FreeS/WAN distribution, (C) 2001 Michael
++# Richardson <[email protected]>
++#
++# This program is free software; you can redistribute it and/or modify it
++# under the terms of the GNU General Public License as published by the
++# Free Software Foundation; either version 2 of the License, or (at your
++# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++# for more details.
++
++$reterr = 0;
++$me="ipsec verify";
++$ENV{'PATH'}="/sbin:/usr/sbin:/usr/bin:/usr/local/sbin:@IPSEC_SBINDIR@:$ENV{'PATH'}";
++if($ENV{'IPSEC_CONFS'}) { $conf=$ENV{'IPSEC_CONFS'} } else { $conf= `ipsec
--confdir`; chomp($conf); }
++
++$print_deprecated = 1;
++
++# Should we print in colour by default?
++if ( -e "/sbin/consoletype" )
++{
++ $ctype=`/sbin/consoletype`;
++ if ( $ctype && !($ctype eq "serial"))
++ {
++ $colour="1";
++ }
++}
++else
++{
++ if ( -e "/usr/bin/tput" )
++ {
++ $ctype=`/usr/bin/tput colors`;
++ if ( $ctype && ($ctype gt "0"))
++ {
++ $colour="1";
++ }
++ }
++}
++
++sub printfun {
++ print sprintf("%-60s",@_);
++}
++
++# capture STDOUT as @out, STDERR as @err with no temp files.
++sub run {
++ $command=shift;
++
++ pipe child_read, parent_write;
++ pipe parent_read, child_write;
++ pipe err_read, err_write;
++
++ $mypid=fork;
++ if($mypid)
++ {
++ close child_write; close err_write;
++ @out=<parent_read>;
++ @err=<err_read>;
++ }
++ else
++ {
++ close parent_read; close parent_write;
++ open STDOUT,">&child_write";
++ open STDERR,">&err_write";
++ exec $command; $reterr = 1 ; print STDERR "Cannot execute command
\"$command\": $!\n";
++ }
++}
++
++# Code to print out [OK], [FAILED].
++sub errchk {
++ if (!shift(@_))
++ {
++ print "\t[";
++ if($colour) { print "\e[1;31m"; }
++ if(@_)
++ {
++ print "@_";
++ }
++ else
++ {
++ print "FAILED";
++ $reterr = 1;
++ }
++ if($colour) { print "\e[0;39m"; }
++ print "]\n";
++ if(@err)
++ {
++ print " @err";
++ $reterr = 1;
++ }
++ }
++ else
++ {
++ print "\t[";
++ if($colour) { print "\e[1;32m"; }
++ print "OK";
++ if($colour) { print "\e[0;39m"; }
++ print "]\n";
++ }
++}
++
++# Code to print out [OK], [FAILED] in warning colours
++sub warnchk {
++ if (!shift(@_))
++ {
++ print "\t[";
++ if($colour) { print "\e[1;33m"; }
++ if(@_)
++ {
++ print "@_";
++ }
++ else
++ {
++ print "FAILED";
++ $reterr = 1;
++ }
++ if($colour) { print "\e[0;39m"; }
++ print "]\n";
++ if(@err)
++ {
++ print " @err";
++ $reterr = 1;
++ }
++ }
++ else
++ {
++ print "\t[";
++ if($colour) { print "\e[1;32m"; }
++ print "OK";
++ if($colour) { print "\e[0;39m"; }
++ print "]\n";
++ }
++}
++
++
++# Code to print out [DEPRECATED] and key restrict message
++sub deprecated {
++
++ print "\t[";
++ if($colour) { print "\e[1;33m"; }
++ print "DEPRECATED";
++ if($colour) { print "\e[0;39m"; }
++ print "]\n";
++}
++
++# Verification routines begin here...
++#
++# Check DNS Configuration based on a hostname
++# $1 = Hostname (string)
++# eg: checkdnshost oetest.freeswan.org
++sub checkdnshost {
++ run "host -t key $_[0]";
++ ($keypresent)=grep /(0x4200|16896)/, @out;
++ if($keypresent)
++ {
++ printfun " Looking for KEY in forward dns zone: $_[0]";
++ deprecated;
++ }
++
++
++ printfun " Looking for TXT in forward dns zone: $_[0]";
++ run "host -t txt $_[0]";
++ ($txtpresent)=grep /X-IPsec-Server/,@out;
++ errchk "$txtpresent", "MISSING";
++}
++
++# Check DNS Configuration based on IP address
++# $1 = IP Address (string)
++# eg: checkdnsip 127.0.0.2
++sub checkdnsip {
++ $fortxt=$_[0];
++ $revtxt=join('.',reverse(split(/\./, $fortxt))).".in-addr.arpa.";
++ printfun " Looking for TXT in reverse dns zone: $revtxt";
++ run "host -t txt $revtxt";
++ ($txtpresent)=grep /X-IPsec-Server/,@out;
++ errchk "$txtpresent", "MISSING";
++
++ if($txtpresent) {
++ $txtpresent=~ s/.*X-IPsec-Server\([0-9].*\)=//; $txtpresent=~ s/[\"\
].*//;
++ $gwip=$txtpresent;
++ chomp($gwip);
++ $gwrev=join('.',reverse(split(/\./, $gwip))).".in-addr.arpa.";
++ # Check for a KEY record for the indicated IPSec GW.
++ run "host -t key $gwrev";
++ ($keypresent)=grep /(0x4200|16896)/, @out;
++ if($keypresent)
++ {
++ printfun " Looking for KEY in reverse dns zone: $gwrev";
++ deprecated;
++ $print_deprecated = 1;
++
++ }
++ # If the host is its own gateway, then we know we've got a TXT record.
++ if($gwip ne $fortxt) {
++ printfun "Looking for TXT in reverse dns zone: $gwrev";
++ run "host -t txt $gwrev";
++ ($txtpresent)=grep /X-IPsec-Server/,@out;
++ errchk "$txtpresent", "MISSING";
++ }
++
++ }
++}
++
++sub udp500check {
++ printfun " Pluto listening for IKE on udp 500";
++ run "lsof -i UDP:500";
++ #run "netstat -an";
++ ($listen)=grep /pluto/, @out;
++ if(!$listen)
++ {
++ errchk "", "FAILED";
++ $reterr = 1;
++ }
++ else
++ {
++ errchk "1";
++ }
++}
++
++sub udp4500check {
++ printfun " Pluto listening for NAT-T on udp 4500";
++ run "lsof -i UDP:4500";
++ #run "netstat -an";
++ ($listen)=grep /pluto/, @out;
++ if(!$listen)
++ {
++ errchk "", "FAILED";
++ $reterr = 1;
++ }
++ else
++ {
++ errchk "1";
++ }
++}
++
++sub checktunnel {
++ $csource=$_[0]; $cdest=$_[1]; $ctun=$_[2]; $all="0.0.0.0/0";
++
++ printfun "Checking $ctun from $csource to $cdest";
++ run "iptables -t nat -L POSTROUTING -n";
++ @out=grep !/(Chain POSTROUTING|target)/, @out;
++ foreach (@out) {
++ ( $target, $prot, $opt, $source, $dest ) = split(' ',$_);
++ if(((($source eq $csource) || ($source eq $all)) && (($dest eq $cdest)
|| ($dest = $all))) && $target eq "ACCEPT")
++ {
++ errchk "@out";
++ $reterr = 1;
++ }
++ else
++ {
++ @err="$target from $source to $dest kills tunnel $source ->
$cdest\n";
++ errchk "","FAILED";
++ $reterr = 1;
++ }
++ }
++}
++
++sub installstartcheck {
++ print "Checking your system to see if IPsec got installed and started
correctly:\n";
++
++ printfun "Version check and ipsec on-path";
++ run "ipsec --version";
++ errchk "@out";
++ print grep /Linux/, @out;
++
++ printfun "Checking for IPsec support in kernel";
++ if ( -e "/proc/net/ipsec_eroute" || -e "/proc/net/pfkey" ) { $test="1" }
++ errchk "$test";
++
++# This requires KLIPS NAT-T patch > 2.4.x
++ if ( -e "/proc/net/ipsec_eroute") {
++
++ printfun " KLIPS: checking for NAT Traversal support";
++ if ( -e "/sys/module/ipsec/parameters/natt_available") {
++ run "cat /sys/module/ipsec/parameters/natt_available";
++ if("@out" =="1\n")
++ { warnchk "", "OLD STYLE"; }
++ else {
++ if("@out" == "2\n")
++ { errchk "OK"; }
++ else
++ { warnchk "", "UNKNOWN"; }
++ }
++ } else { warnchk "","UNKNOWN"; }
++
++ printfun " KLIPS: checking for OCF crypto offload support ";
++ if ( -e "/sys/module/ipsec/parameters/ocf_available") {
++ run "cat /sys/module/ipsec/parameters/ocf_available";
++ if("@out" =="1\n")
++ { errchk "OK"; }
++ else {
++ { warnchk "", "N/A"; }
++ }
++ } else { warnchk "","UNKNOWN"; }
++
++ }
++
++# Check for SAref kernel
++ if ( -e "/proc/net/ipsec/saref") {
++ printfun " Kernel: IPsec SAref kernel support";
++ run "grep 'refinfo patch applied' /proc/net/ipsec/saref";
++ if("@out" eq "refinfo patch applied\n")
++ { errchk "OK"; }
++ else
++ { warnchk "", "N/A"; }
++
++ printfun " Kernel: IPsec SAref Bind kernel support";
++ run "grep 'bindref patch applied' /proc/net/ipsec/saref";
++ if("@out" eq "bindref patch applied\n")
++ { errchk "OK"; }
++ else
++ { warnchk "", "N/A"; }
++ } else {
++ printfun " SAref kernel support";
++ { warnchk "", "N/A"; }
++ }
++
++ if ( -e "/proc/net/pfkey") {
++ printfun " NETKEY: Testing XFRM related proc values";
++ open("cat", "/proc/sys/net/ipv4/conf/default/send_redirects");
++ if(<cat> == "1")
++ {
++ errchk "";
++ $reterr = 1;
++ print "\n Please disable
/proc/sys/net/ipv4/conf/*/send_redirects\n or NETKEY will cause the sending of
bogus ICMP redirects!\n\n";
++ }
++ else { errchk "1"; }
++
++ open("cat", "/proc/sys/net/ipv4/conf/default/accept_redirects");
++ if(<cat> == "1")
++ {
++ $reterr = 1;
++ errchk "";
++ print "\n Please disable
/proc/sys/net/ipv4/conf/*/accept_redirects\n or NETKEY will accept bogus ICMP
redirects!\n\n";
++ }
++ else { errchk "1"; }
++
++ open("cat", "/proc/sys/net/core/xfrm_larval_drop");
++ if(<cat> == "0")
++ {
++ $reterr = 1;
++ errchk "";
++ print "\n Please enable /proc/sys/net/core/xfrm_larval_drop\n
or NETKEY will cause non-POSIX compliant long time-outs\n\n";
++ }
++ else { errchk "1"; }
++ }
++
++ if ( -c "/dev/hw_random" || -c "/dev/hwrng" ) {
++ printfun "Hardware RNG detected, testing if used properly";
++ run "pidof rngd";
++ ($processid) = @out;
++ chomp($processid);
++ if( $processid eq "" ) {
++ run "pidof clrngd";
++ ($processid2) = @out;
++ if( $processid2 eq "" ) {
++ errchk "";
++ print "\n Hardware RNG is present but 'rngd' or
'clrngd' is not running.\n No harware random used!\n\n";
++ $reterr = 1;
++ }
++ else { errchk "1"; }
++ }
++ else { errchk "1"; }
++ }
++
++
++ # Wouldn't this test fail if your mucked up your interface definition?
++ printfun "Checking that pluto is running";
++ run "ipsec whack --status";
++ errchk "@out";
++ if (grep /interface/, @out)
++ {
++ udp500check;
++ udp4500check;
++ }
++}
++
++sub tunnelchecks {
++ open("dev", "/proc/net/dev");
++ if((grep !/(ipsec|lo:|Inter|packets)/, <dev>) > 1)
++ {
++ printfun "Two or more interfaces found, checking IP forwarding";
++ my ($data, $n);
++ open FILE, "/proc/sys/net/ipv4/ip_forward" or die $!;
++ $n = read FILE, $data, 1;
++ if($data == 1)
++ {
++ $reterr = 1;
++ errchk "0";
++ }
++
++ printfun "Checking NAT and MASQUERADEing";
++ # This assumes KLIPS eroute information, we should add support
++ # for NETKEY, but ip xfrm is very annoying to parse
++ if(( -e "/proc/net/nf_conntrack" || -e "/proc/net/ip_conntrack")
++&& -e "/proc/net/ipsec_eroute" )
++ {
++ run "iptables -t nat -L -n";
++ if(grep /(NAT|MASQ)/, @out)
++ {
++ printf "\n";
++ open("cat", "/proc/net/ipsec_eroute");
++ foreach(grep /tun0x/, <cat>)
++ {
++ @eroute=split(' ',$_);
++ checktunnel $eroute[1], $eroute[3], $eroute[5];
++ }
++ }
++ else
++ {
++ errchk "1";
++ }
++ }
++ else
++ {
++ errchk "OK";
++ }
++ }
++}
++
++sub cmdchecks {
++ # check for vital commands
++ printfun "Checking for 'ip' command";
++ run "which ip";
++ errchk "@out";
++
++ printfun "Checking /bin/sh is not /bin/dash";
++ if (-e "/bin/dash") {
++ run "cmp /bin/sh /bin/dash";
++ ($dash)=grep(/differ/, @out);
++ if(!$dash) {
++ warnchk "", "WARNING";
++ } else {
++ errchk "OK";
++ }
++ } else {
++ errchk "OK";
++ }
++
++ printfun "Checking for 'iptables' command";
++ run "which iptables";
++ errchk "@out";
++
++
++ open("cat","$conf/ipsec.conf");
++ foreach(grep /crlcheckinterval/,<cat>)
++ {
++ if(!$curlcheckdone) {
++ $curlcheckdone=1;
++ printfun "Checking for 'curl' command for CRL fetching";
++ run "which curl";
++ errchk "@out";
++ }
++ }
++# perhaps check for ip xfrm support, but forget about setkey.
++# if ( -e "/proc/net/pfkey") {
++# printfun "Checking for 'setkey' command for NETKEY IPsec stack
support";
++# run "which setkey";
++# errchk "@out";
++# }
++}
++
++sub dnschecks {
++ # Check the running hostname.
++ printf "\nOpportunistic Encryption DNS checks:\n";
++ run "hostname";
++ ($hostname)=@out; chomp $hostname;
++ checkdnshost $hostname;
++
++ # Check all the public IP addresses...
++ run "ip -4 -o addr show";
++ for (@out)
++ {
++ @temp=split(/[\/\ ]+/, $_);
++ push(@address,$temp[3]);
++ }
++ # Purge all non-routeable IPs...
++ @address=grep
!/^(127.*|10.*|172.1[6789]+.*.*|172.2+.*.*|172.3[01]+.*.*|192.168.*.*|169.254.*.*)/,@address;
++ printfun " Does the machine have at least one non-private address?";
++ errchk @address;
++ foreach(@address=grep !$check{$_}++,@address)
++ {
++ checkdnsip $_;
++ }
++}
++
++# Main function begins here!
++# Harvest options, ensure they're valid.
++use Getopt::Long;
++%optctl = ("host" => \$hostname,"ip" => \$ip, "colour" => \$colour);
++GetOptions(\%optctl, "host=s" ,"ip=s", "colour!");
++
++# Exit if we get passed an option we don't recognize.
++if($Getopt::Long::error) { exit 1; }
++
++
++# If you've passed --host or --ip, do only those checks.
++if($hostname || $ip)
++{
++# Check this --host for OE.
++ if($hostname)
++ {
++ printf "Checking $hostname for Opportunistic Encryption:\n";
++ checkdnshost $hostname;
++ run "host -t A $hostname";
++ if(($ipaddr) = grep (/address/i, @out))
++ {
++ $ipaddr=~ s/.*address\ //;
++ chomp $ipaddr;
++ checkdnsip $ipaddr;
++ }
++ else
++ {
++ printf "$hostname does not resolve to an IP, no reverse lookup
tests possible.\n";
++ }
++ }
++# Check this IP for OE.
++ if($ip)
++ {
++ printf "Checking IP $ip for Opportunistic Encryption:\n";
++ checkdnsip $ip;
++ }
++}
++else
++{
++ # Call the default routines...
++ # Root check...
++ if($> != "0")
++ {
++ print "To check this machine, you need to run \"$me\" as root.\n"; exit;
++ }
++ else
++ {
++ installstartcheck;
++ tunnelchecks;
++ cmdchecks;
++ run "ipsec addconn --configsetup";
++ ($oe)=grep(/oe=\'yes\'/, @out);
++ if( $oe) {
++ dnschecks;
++ if($print_deprecated)
++ {
++ print "
++
++ RFC 3445 restricts the use of the KEY RR to DNSSEC applications. The use
of
++ a KEY record sub-type for Opporunistic Encryption (OE) has been deprecated.
++ TXT records are used to provide all OE functionality.\n";
++ }
++ } else {
++ printfun "Opportunistic Encryption Support";
++ warnchk "", "DISABLED";
++ }
++ }
++ # finally, run the config file through the parser checks
++ run "ipsec auto addconn --checkconfig";
++}
++exit $reterr
Modified: ipcop/trunk/updates/2.1.4/ROOTFILES.i486-2.1.4
===================================================================
--- ipcop/trunk/updates/2.1.4/ROOTFILES.i486-2.1.4 2014-04-07 15:53:37 UTC
(rev 7430)
+++ ipcop/trunk/updates/2.1.4/ROOTFILES.i486-2.1.4 2014-04-07 16:00:25 UTC
(rev 7431)
@@ -40,6 +40,29 @@
/lib/modules/3.4-2/extra/solos-pci.ko.gz
/lib/modules/3.4-2/kernel
##
+## openswan-2.6.41
+/etc/rc.d/ipsec
+/usr/lib/ipsec/_copyright
+/usr/lib/ipsec/_plutoload
+/usr/lib/ipsec/_plutorun
+/usr/lib/ipsec/_realsetup
+/usr/lib/ipsec/_updown.netkey
+/usr/libexec/ipsec/_pluto_adns
+/usr/libexec/ipsec/addconn
+/usr/libexec/ipsec/eroute
+/usr/libexec/ipsec/ikeping
+/usr/libexec/ipsec/klipsdebug
+/usr/libexec/ipsec/pf_key
+/usr/libexec/ipsec/pluto
+/usr/libexec/ipsec/ranbits
+/usr/libexec/ipsec/rsasigkey
+/usr/libexec/ipsec/showhostkey
+/usr/libexec/ipsec/spi
+/usr/libexec/ipsec/spigrp
+/usr/libexec/ipsec/tncfg
+/usr/libexec/ipsec/whack
+/usr/sbin/ipsec
+##
## perl DBD-SQLite-1.42
/usr/lib/perl5/site_perl/5.14.2/i486-linux/DBD/SQLite.pm
/usr/lib/perl5/site_perl/5.14.2/i486-linux/auto/DBD/SQLite/SQLite.so
Modified: ipcop/trunk/updates/2.1.4/information.xml
===================================================================
--- ipcop/trunk/updates/2.1.4/information.xml 2014-04-07 15:53:37 UTC (rev
7430)
+++ ipcop/trunk/updates/2.1.4/information.xml 2014-04-07 16:00:25 UTC (rev
7431)
@@ -7,7 +7,7 @@
<description>Language updates.<br />
Upgrade conntrack-tools to 1.4.2,
e1000e network driver to 3.0.4.1, igb network driver to 5.2.5, linux
kernel to 3.4.86,
- ppp to 2.4.6, pptp to 1.8.0, rrdtool to 1.4.8,
+ openswan to 2.6.41, ppp to 2.4.6, pptp to 1.8.0, rrdtool to 1.4.8,
sqlite to 3.8.4.3, usb-modeswitch to 2.1.1, usb-modeswitch-data to
20140327.
<br />
Upgrade Perl modules DBD-SQLite to 1.42, DBI to 1.631.
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees_APR
_______________________________________________
Ipcop-svn mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
