Revision: 7431
          http://sourceforge.net/p/ipcop/svn/7431
Author:   owes
Date:     2014-04-07 16:00:25 +0000 (Mon, 07 Apr 2014)
Log Message:
-----------
Update openswan to 2.6.41. Probably need to consider moving to another *swan 
implementation in one of the next IPCop versions.

Modified Paths:
--------------
    ipcop/trunk/config/rootfiles/common/openswan
    ipcop/trunk/lfs/openswan
    ipcop/trunk/updates/2.1.4/ROOTFILES.i486-2.1.4
    ipcop/trunk/updates/2.1.4/information.xml

Added Paths:
-----------
    ipcop/trunk/src/patches/openswan_verify-perl.patch

Removed Paths:
-------------
    ipcop/trunk/src/patches/openswan-2.6.39_remove_CFLAGS_no-error_cpp.patch

Modified: ipcop/trunk/config/rootfiles/common/openswan
===================================================================
--- ipcop/trunk/config/rootfiles/common/openswan        2014-04-07 15:53:37 UTC 
(rev 7430)
+++ ipcop/trunk/config/rootfiles/common/openswan        2014-04-07 16:00:25 UTC 
(rev 7431)
@@ -24,7 +24,7 @@
 #etc/ipsec.d/private
 etc/ipsec.secrets
 etc/rc.d/ipsec
-usr/lib/ipsec
+#usr/lib/ipsec
 usr/lib/ipsec/_copyright
 usr/lib/ipsec/_include
 usr/lib/ipsec/_keycensor
@@ -38,13 +38,14 @@
 usr/lib/ipsec/_updown.klips
 usr/lib/ipsec/_updown.mast
 usr/lib/ipsec/_updown.netkey
-usr/libexec/ipsec
+#usr/libexec/ipsec
 usr/libexec/ipsec/_pluto_adns
 usr/libexec/ipsec/addconn
 usr/libexec/ipsec/auto
 usr/libexec/ipsec/barf
 usr/libexec/ipsec/eroute
 usr/libexec/ipsec/ikeping
+#usr/libexec/ipsec/initnss
 usr/libexec/ipsec/klipsdebug
 usr/libexec/ipsec/look
 usr/libexec/ipsec/newhostkey
@@ -152,6 +153,7 @@
 #usr/share/man/man8/ipsec_barf.8
 #usr/share/man/man8/ipsec_eroute.8
 #usr/share/man/man8/ipsec_ikeping.8
+#usr/share/man/man8/ipsec_initnss.8
 #usr/share/man/man8/ipsec_klipsdebug.8
 #usr/share/man/man8/ipsec_look.8
 #usr/share/man/man8/ipsec_newhostkey.8

Modified: ipcop/trunk/lfs/openswan
===================================================================
--- ipcop/trunk/lfs/openswan    2014-04-07 15:53:37 UTC (rev 7430)
+++ ipcop/trunk/lfs/openswan    2014-04-07 16:00:25 UTC (rev 7431)
@@ -33,7 +33,7 @@
 include Config
 
 PKG_NAME   = openswan
-VER        = 2.6.39
+VER        = 2.6.41
 HOST_ARCH  = all
 OTHER_SRC  = yes
 KERNEL_MOD = yes
@@ -57,7 +57,7 @@
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 199757597f9f776d85752bb0c713b5ed
+$(DL_FILE)_MD5 = da2e8b02ecc30a408cc5766767fef84f
 
 install : $(TARGET)
 
@@ -88,8 +88,9 @@
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
 
-       cd $(DIR_APP) && patch -Np1 -i 
$(DIR_PATCHES)/$(THISAPP)_remove_CFLAGS_no-error_cpp.patch
-       cd $(DIR_APP) && patch -RNp1 -i 
$(DIR_PATCHES)/$(THISAPP)_verify-python.patch
+       # Remove Python verify script and patch in an old Perl version 
+       cd $(DIR_APP) && rm programs/verify/verify.in
+       cd $(DIR_APP) && patch -p1 -i 
$(DIR_PATCHES)/$(PKG_NAME)_verify-perl.patch
 
        cd $(DIR_APP) && sed -i \
                -e 's%^INC_USRLOCAL.*$$%INC_USRLOCAL=/usr%' \

Deleted: 
ipcop/trunk/src/patches/openswan-2.6.39_remove_CFLAGS_no-error_cpp.patch
===================================================================
--- ipcop/trunk/src/patches/openswan-2.6.39_remove_CFLAGS_no-error_cpp.patch    
2014-04-07 15:53:37 UTC (rev 7430)
+++ ipcop/trunk/src/patches/openswan-2.6.39_remove_CFLAGS_no-error_cpp.patch    
2014-04-07 16:00:25 UTC (rev 7431)
@@ -1,24 +0,0 @@
-diff -Nur openswan-2.6.39.orig/lib/libopenswan/Makefile 
openswan-2.6.39/lib/libopenswan/Makefile
---- openswan-2.6.39.orig/lib/libopenswan/Makefile      2013-05-31 
19:12:15.000000000 +0200
-+++ openswan-2.6.39/lib/libopenswan/Makefile   2013-07-19 11:09:17.000000000 
+0200
-@@ -85,9 +85,6 @@
- # must turn this off due to initsubnet.c
- CFLAGS+= -Wno-error=cast-qual
- 
--# some junk left in alg_info.c
--CFLAGS+= -Wno-error=cpp
--
- #CFLAGS+= -Wmissing-declarations
- CFLAGS+= -Wstrict-prototypes
- #CFLAGS+= -pedantic
-diff -Nur openswan-2.6.39.orig/programs/pluto/Makefile 
openswan-2.6.39/programs/pluto/Makefile
---- openswan-2.6.39.orig/programs/pluto/Makefile       2013-05-31 
19:12:15.000000000 +0200
-+++ openswan-2.6.39/programs/pluto/Makefile    2013-07-19 11:08:28.000000000 
+0200
-@@ -47,7 +47,6 @@
- 
- # must turn this off due to myid.c
- CFLAGS+= -Wno-error=cast-qual
--CFLAGS+= -Wno-error=cpp
- 
- ifeq ($(HAVE_BROKEN_POPEN),true)
- CFLAGS+=-DHAVE_BROKEN_POPEN

Added: ipcop/trunk/src/patches/openswan_verify-perl.patch
===================================================================
--- ipcop/trunk/src/patches/openswan_verify-perl.patch                          
(rev 0)
+++ ipcop/trunk/src/patches/openswan_verify-perl.patch  2014-04-07 16:00:25 UTC 
(rev 7431)
@@ -0,0 +1,570 @@
+This is ipsec verify for Perl instead of Python.
+Source from openswan 2.6.39 with 1 patch to use ip instead of ifconfig
+
+--- a/programs/verify/verify.in        1970-01-01 01:00:00.000000000 +0100
++++ b/programs/verify/verify.in        2014-04-07 14:39:19.000000000 +0200
+@@ -0,0 +1,564 @@
++#!/usr/bin/perl
++#
++# Copyright (C) 2003 Sam Sgro <s...@freeswan.org> 
++# Copyright (C) 2005-2008 Michael Richardson <m...@xelerance.com>
++# Copyright (C) 2005-2009 Paul Wouters <p...@xelerance.com>
++#
++# Based on "verify" from the FreeS/WAN distribution, (C) 2001 Michael 
++# Richardson <m...@freeswan.org>
++#
++# This program is free software; you can redistribute it and/or modify it
++# under the terms of the GNU General Public License as published by the
++# Free Software Foundation; either version 2 of the License, or (at your
++# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
++# for more details.
++
++$reterr = 0;
++$me="ipsec verify";
++$ENV{'PATH'}="/sbin:/usr/sbin:/usr/bin:/usr/local/sbin:@IPSEC_SBINDIR@:$ENV{'PATH'}";
++if($ENV{'IPSEC_CONFS'}) { $conf=$ENV{'IPSEC_CONFS'} } else { $conf= `ipsec 
--confdir`; chomp($conf); }
++
++$print_deprecated = 1;
++
++# Should we print in colour by default?
++if ( -e "/sbin/consoletype" )
++{
++    $ctype=`/sbin/consoletype`;
++    if ( $ctype && !($ctype eq "serial"))
++    {
++        $colour="1";
++    }
++}
++else
++{
++    if ( -e "/usr/bin/tput" )
++    {
++        $ctype=`/usr/bin/tput colors`;
++        if ( $ctype && ($ctype gt "0"))
++        {
++            $colour="1";
++        }
++    }
++}
++
++sub printfun {
++  print sprintf("%-60s",@_);
++}
++
++# capture STDOUT as @out, STDERR as @err with no temp files.
++sub run {
++    $command=shift;
++
++    pipe child_read, parent_write; 
++    pipe parent_read, child_write;
++    pipe err_read, err_write; 
++    
++    $mypid=fork;
++    if($mypid)
++    {
++      close child_write; close err_write;
++      @out=<parent_read>;
++      @err=<err_read>;
++    }
++    else 
++    { 
++        close parent_read; close parent_write;
++      open STDOUT,">&child_write"; 
++        open STDERR,">&err_write";
++        exec $command; $reterr = 1 ; print STDERR "Cannot execute command 
\"$command\": $!\n";
++    }
++}
++
++# Code to print out [OK], [FAILED].
++sub errchk {
++      if (!shift(@_)) 
++      {
++          print "\t[";
++          if($colour) { print "\e[1;31m"; } 
++          if(@_) 
++          { 
++              print "@_"; 
++          } 
++          else 
++          { 
++              print "FAILED"; 
++              $reterr = 1;
++          }
++          if($colour) { print "\e[0;39m"; } 
++          print "]\n";
++          if(@err) 
++          { 
++              print "  @err"; 
++              $reterr = 1;
++          }
++      }
++      else
++      {           
++          print "\t[";
++          if($colour) { print "\e[1;32m"; } 
++          print "OK";
++          if($colour) { print "\e[0;39m"; } 
++          print "]\n";
++        }
++}
++
++# Code to print out [OK], [FAILED] in warning colours
++sub warnchk {
++        if (!shift(@_))
++        {
++            print "\t[";
++            if($colour) { print "\e[1;33m"; }
++            if(@_)
++            {
++                print "@_";
++            }
++            else
++            {
++                print "FAILED";
++              $reterr = 1;
++            }
++            if($colour) { print "\e[0;39m"; }
++            print "]\n";
++            if(@err)
++            {
++                print "  @err";
++              $reterr = 1;
++            }
++        }
++        else
++        {
++            print "\t[";
++            if($colour) { print "\e[1;32m"; }
++            print "OK";
++            if($colour) { print "\e[0;39m"; }
++            print "]\n";
++        }
++}
++
++
++# Code to print out [DEPRECATED] and key restrict message
++sub deprecated {
++
++    print "\t[";
++    if($colour) { print "\e[1;33m"; } 
++    print "DEPRECATED";
++    if($colour) { print "\e[0;39m"; } 
++    print "]\n";
++}
++
++# Verification routines begin here...
++#
++# Check DNS Configuration based on a hostname
++# $1 = Hostname (string)
++# eg: checkdnshost oetest.freeswan.org
++sub checkdnshost {
++    run "host -t key $_[0]";
++    ($keypresent)=grep /(0x4200|16896)/, @out;
++    if($keypresent) 
++    { 
++      printfun "   Looking for KEY in forward dns zone: $_[0]";
++      deprecated; 
++    }
++
++
++    printfun "   Looking for TXT in forward dns zone: $_[0]";
++    run "host -t txt $_[0]";
++    ($txtpresent)=grep /X-IPsec-Server/,@out;
++    errchk "$txtpresent", "MISSING";
++}
++
++# Check DNS Configuration based on IP address
++# $1 = IP Address (string)
++# eg: checkdnsip 127.0.0.2
++sub checkdnsip {
++    $fortxt=$_[0];
++    $revtxt=join('.',reverse(split(/\./, $fortxt))).".in-addr.arpa.";
++    printfun "   Looking for TXT in reverse dns zone: $revtxt";
++    run "host -t txt $revtxt";
++    ($txtpresent)=grep /X-IPsec-Server/,@out;
++    errchk "$txtpresent", "MISSING";
++
++    if($txtpresent) {
++      $txtpresent=~ s/.*X-IPsec-Server\([0-9].*\)=//; $txtpresent=~ s/[\"\ 
].*//;
++      $gwip=$txtpresent;
++      chomp($gwip);
++      $gwrev=join('.',reverse(split(/\./, $gwip))).".in-addr.arpa.";
++      # Check for a KEY record for the indicated IPSec GW.
++      run "host -t key $gwrev";
++      ($keypresent)=grep /(0x4200|16896)/, @out;
++      if($keypresent) 
++      { 
++          printfun "   Looking for KEY in reverse dns zone: $gwrev";
++          deprecated; 
++          $print_deprecated = 1; 
++
++      }
++      # If the host is its own gateway, then we know we've got a TXT record.
++      if($gwip ne $fortxt) {  
++          printfun "Looking for TXT in reverse dns zone: $gwrev";
++          run "host -t txt $gwrev";
++          ($txtpresent)=grep /X-IPsec-Server/,@out;
++          errchk "$txtpresent", "MISSING";
++      }
++
++    }
++}
++
++sub udp500check {
++    printfun " Pluto listening for IKE on udp 500";
++    run "lsof -i UDP:500";
++    #run "netstat -an";
++    ($listen)=grep /pluto/, @out;
++    if(!$listen)
++    { 
++      errchk "", "FAILED";
++      $reterr = 1;
++    }
++    else
++    {
++      errchk "1";
++    }
++}
++
++sub udp4500check {
++    printfun " Pluto listening for NAT-T on udp 4500";
++    run "lsof -i UDP:4500";
++    #run "netstat -an";
++    ($listen)=grep /pluto/, @out;
++    if(!$listen)
++    { 
++      errchk "", "FAILED";
++      $reterr = 1;
++    }
++    else
++    {
++      errchk "1";
++    }
++}
++
++sub checktunnel {
++    $csource=$_[0]; $cdest=$_[1]; $ctun=$_[2]; $all="0.0.0.0/0";
++
++    printfun "Checking $ctun from $csource to $cdest";
++    run "iptables -t nat -L POSTROUTING -n";
++    @out=grep !/(Chain POSTROUTING|target)/, @out;
++    foreach (@out) {
++      ( $target, $prot, $opt, $source, $dest ) = split(' ',$_);
++      if(((($source eq $csource) || ($source eq $all)) && (($dest eq $cdest) 
|| ($dest = $all))) && $target eq "ACCEPT")
++      { 
++          errchk "@out";
++          $reterr = 1;
++      }
++      else
++      {
++          @err="$target from $source to $dest kills tunnel $source -> 
$cdest\n";
++          errchk "","FAILED";
++          $reterr = 1;
++      }
++    }
++}
++
++sub installstartcheck {
++      print "Checking your system to see if IPsec got installed and started 
correctly:\n";
++
++      printfun "Version check and ipsec on-path";
++      run "ipsec --version";
++      errchk "@out";
++      print grep /Linux/, @out;
++
++        printfun "Checking for IPsec support in kernel";
++      if ( -e "/proc/net/ipsec_eroute" || -e "/proc/net/pfkey" ) { $test="1" }
++      errchk "$test";
++
++# This requires KLIPS NAT-T patch > 2.4.x
++      if ( -e "/proc/net/ipsec_eroute") {
++
++        printfun " KLIPS: checking for NAT Traversal support";
++        if ( -e "/sys/module/ipsec/parameters/natt_available") {
++              run "cat /sys/module/ipsec/parameters/natt_available";
++              if("@out" =="1\n")
++                 { warnchk "", "OLD STYLE"; }
++              else {
++                 if("@out" == "2\n")
++                      { errchk "OK"; }
++                 else
++                      { warnchk "", "UNKNOWN"; }
++              }
++         } else { warnchk "","UNKNOWN"; }
++
++        printfun " KLIPS: checking for OCF crypto offload support ";
++        if ( -e "/sys/module/ipsec/parameters/ocf_available") {
++              run "cat /sys/module/ipsec/parameters/ocf_available";
++              if("@out" =="1\n")
++                 { errchk "OK"; }
++              else {
++                      { warnchk "", "N/A"; }
++              }
++         } else { warnchk "","UNKNOWN"; }
++
++      }
++
++# Check for SAref kernel
++        if ( -e "/proc/net/ipsec/saref") {
++              printfun " Kernel: IPsec SAref kernel support";
++              run "grep 'refinfo patch applied' /proc/net/ipsec/saref";
++              if("@out" eq "refinfo patch applied\n")
++                      { errchk "OK"; }
++              else
++                      { warnchk "", "N/A"; }
++
++              printfun " Kernel: IPsec SAref Bind kernel support";
++              run "grep 'bindref patch applied' /proc/net/ipsec/saref";
++              if("@out" eq "bindref patch applied\n")
++                      { errchk "OK"; }
++              else
++                      { warnchk "", "N/A"; }
++         } else {
++              printfun " SAref kernel support";
++                      { warnchk "", "N/A"; }
++         }
++
++        if ( -e "/proc/net/pfkey") {
++        printfun " NETKEY:  Testing XFRM related proc values";
++        open("cat", "/proc/sys/net/ipv4/conf/default/send_redirects");
++      if(<cat> == "1")
++          {
++              errchk "";
++              $reterr = 1;
++              print "\n  Please disable 
/proc/sys/net/ipv4/conf/*/send_redirects\n  or NETKEY will cause the sending of 
bogus ICMP redirects!\n\n"; 
++          }
++      else { errchk "1"; } 
++      
++        open("cat", "/proc/sys/net/ipv4/conf/default/accept_redirects");
++      if(<cat> == "1")
++          {
++              $reterr = 1;
++              errchk "";
++              print "\n  Please disable 
/proc/sys/net/ipv4/conf/*/accept_redirects\n  or NETKEY will accept bogus ICMP 
redirects!\n\n"; 
++          }
++      else { errchk "1"; } 
++
++        open("cat", "/proc/sys/net/core/xfrm_larval_drop");
++      if(<cat> == "0")
++          {
++              $reterr = 1;
++              errchk "";
++              print "\n  Please enable /proc/sys/net/core/xfrm_larval_drop\n  
or NETKEY will cause non-POSIX compliant long time-outs\n\n"; 
++          }
++      else { errchk "1"; } 
++      }
++
++        if ( -c "/dev/hw_random" || -c "/dev/hwrng" ) {
++        printfun "Hardware RNG detected, testing if used properly";
++        run "pidof rngd";
++        ($processid) = @out;
++        chomp($processid);
++        if( $processid eq ""  ) {
++              run "pidof clrngd";
++              ($processid2) = @out;
++              if( $processid2 eq ""  ) {
++                      errchk "";
++                      print "\n  Hardware RNG is present but 'rngd' or 
'clrngd' is not running.\n  No harware random used!\n\n";
++                      $reterr = 1;
++                      }
++              else { errchk "1"; }
++      }
++      else { errchk "1"; }
++      }
++
++
++      # Wouldn't this test fail if your mucked up your interface definition?
++      printfun "Checking that pluto is running";
++      run "ipsec whack --status";
++      errchk "@out";
++      if (grep /interface/, @out)
++      {
++          udp500check;
++          udp4500check;
++      }
++}
++
++sub tunnelchecks {
++    open("dev", "/proc/net/dev");
++    if((grep !/(ipsec|lo:|Inter|packets)/, <dev>) > 1) 
++    {
++      printfun "Two or more interfaces found, checking IP forwarding";
++        my ($data, $n);
++      open FILE, "/proc/sys/net/ipv4/ip_forward" or die $!;
++      $n = read FILE, $data, 1;
++      if($data == 1)
++      { 
++          $reterr = 1;
++          errchk "0"; 
++      } 
++
++      printfun "Checking NAT and MASQUERADEing";
++      # This assumes KLIPS eroute information, we should add support
++      # for NETKEY, but ip xfrm is very annoying to parse
++      if(( -e "/proc/net/nf_conntrack" || -e "/proc/net/ip_conntrack")
++&& -e "/proc/net/ipsec_eroute" )
++      {
++              run "iptables -t nat -L -n";
++              if(grep /(NAT|MASQ)/, @out)
++              {
++                  printf "\n";
++                  open("cat", "/proc/net/ipsec_eroute");
++                  foreach(grep /tun0x/, <cat>)
++                  {      
++                      @eroute=split(' ',$_);
++                      checktunnel $eroute[1], $eroute[3], $eroute[5];
++                  }
++              }
++              else
++              {
++                  errchk "1";
++              }
++      }
++          else
++      { 
++              errchk "OK";
++      }
++    }
++}
++
++sub cmdchecks {
++    # check for vital commands
++    printfun "Checking for 'ip' command";
++    run "which ip";
++    errchk "@out";
++
++    printfun "Checking /bin/sh is not /bin/dash";
++    if (-e "/bin/dash") {
++      run "cmp /bin/sh /bin/dash";
++      ($dash)=grep(/differ/, @out);
++      if(!$dash) {
++              warnchk "", "WARNING";
++      } else {
++              errchk "OK";
++      }
++    } else {
++              errchk "OK";
++    }
++
++    printfun "Checking for 'iptables' command";
++    run "which iptables";
++    errchk "@out";
++
++
++    open("cat","$conf/ipsec.conf");
++    foreach(grep /crlcheckinterval/,<cat>)
++     {
++      if(!$curlcheckdone) {
++              $curlcheckdone=1;
++              printfun "Checking for 'curl' command for CRL fetching";
++              run "which curl";
++              errchk "@out";
++             }
++     }
++# perhaps check for ip xfrm support, but forget about setkey.
++#    if ( -e "/proc/net/pfkey") {
++#       printfun "Checking for 'setkey' command for NETKEY IPsec stack 
support";
++#       run "which setkey";
++#       errchk "@out";
++#    }
++}
++    
++sub dnschecks {
++    # Check the running hostname.
++    printf "\nOpportunistic Encryption DNS checks:\n";
++    run "hostname"; 
++    ($hostname)=@out; chomp $hostname;
++    checkdnshost $hostname;
++    
++    # Check all the public IP addresses...
++    run "ip -4 -o addr show";
++    for (@out)
++    {
++        @temp=split(/[\/\ ]+/, $_);
++        push(@address,$temp[3]);
++    }
++    # Purge all non-routeable IPs...
++    @address=grep 
!/^(127.*|10.*|172.1[6789]+.*.*|172.2+.*.*|172.3[01]+.*.*|192.168.*.*|169.254.*.*)/,@address;
++    printfun "   Does the machine have at least one non-private address?";
++    errchk @address;
++    foreach(@address=grep !$check{$_}++,@address)
++    {
++      checkdnsip $_;
++    }
++}
++
++# Main function begins here!
++# Harvest options, ensure they're valid.
++use Getopt::Long;
++%optctl = ("host" => \$hostname,"ip" => \$ip, "colour" => \$colour);
++GetOptions(\%optctl, "host=s" ,"ip=s", "colour!");
++
++# Exit if we get passed an option we don't recognize.
++if($Getopt::Long::error) { exit 1; }
++
++
++# If you've passed --host or --ip, do only those checks.
++if($hostname || $ip)
++{
++# Check this --host for OE.
++    if($hostname)
++    {
++      printf "Checking $hostname for Opportunistic Encryption:\n";
++      checkdnshost $hostname;
++      run "host -t A $hostname";
++      if(($ipaddr) = grep (/address/i, @out))
++      {
++          $ipaddr=~ s/.*address\ //;
++          chomp $ipaddr;
++          checkdnsip $ipaddr;
++      }
++      else
++      {
++          printf "$hostname does not resolve to an IP, no reverse lookup 
tests possible.\n";
++      }
++    }
++# Check this IP for OE.
++    if($ip)
++    {
++      printf "Checking IP $ip for Opportunistic Encryption:\n";
++      checkdnsip $ip;
++    }
++}
++else
++{
++    # Call the default routines...
++    # Root check...
++    if($> != "0") 
++    {
++      print "To check this machine, you need to run \"$me\" as root.\n"; exit;
++    }
++    else
++    {
++      installstartcheck;
++      tunnelchecks;
++      cmdchecks;
++      run "ipsec addconn --configsetup";
++        ($oe)=grep(/oe=\'yes\'/, @out);
++      if( $oe) {
++              dnschecks;
++              if($print_deprecated)
++              {
++              print "
++
++   RFC 3445 restricts the use of the KEY RR to DNSSEC applications. The use 
of 
++   a KEY record sub-type for Opporunistic Encryption (OE) has been deprecated.
++   TXT records are used to provide all OE functionality.\n";
++              }
++      } else {
++              printfun "Opportunistic Encryption Support";
++              warnchk "", "DISABLED";
++        }
++    }
++    # finally, run the config file through the parser checks
++    run "ipsec auto addconn --checkconfig";
++}
++exit $reterr

Modified: ipcop/trunk/updates/2.1.4/ROOTFILES.i486-2.1.4
===================================================================
--- ipcop/trunk/updates/2.1.4/ROOTFILES.i486-2.1.4      2014-04-07 15:53:37 UTC 
(rev 7430)
+++ ipcop/trunk/updates/2.1.4/ROOTFILES.i486-2.1.4      2014-04-07 16:00:25 UTC 
(rev 7431)
@@ -40,6 +40,29 @@
 /lib/modules/3.4-2/extra/solos-pci.ko.gz
 /lib/modules/3.4-2/kernel
 ##
+## openswan-2.6.41
+/etc/rc.d/ipsec
+/usr/lib/ipsec/_copyright
+/usr/lib/ipsec/_plutoload
+/usr/lib/ipsec/_plutorun
+/usr/lib/ipsec/_realsetup
+/usr/lib/ipsec/_updown.netkey
+/usr/libexec/ipsec/_pluto_adns
+/usr/libexec/ipsec/addconn
+/usr/libexec/ipsec/eroute
+/usr/libexec/ipsec/ikeping
+/usr/libexec/ipsec/klipsdebug
+/usr/libexec/ipsec/pf_key
+/usr/libexec/ipsec/pluto
+/usr/libexec/ipsec/ranbits
+/usr/libexec/ipsec/rsasigkey
+/usr/libexec/ipsec/showhostkey
+/usr/libexec/ipsec/spi
+/usr/libexec/ipsec/spigrp
+/usr/libexec/ipsec/tncfg
+/usr/libexec/ipsec/whack
+/usr/sbin/ipsec
+##
 ## perl DBD-SQLite-1.42
 /usr/lib/perl5/site_perl/5.14.2/i486-linux/DBD/SQLite.pm
 /usr/lib/perl5/site_perl/5.14.2/i486-linux/auto/DBD/SQLite/SQLite.so

Modified: ipcop/trunk/updates/2.1.4/information.xml
===================================================================
--- ipcop/trunk/updates/2.1.4/information.xml   2014-04-07 15:53:37 UTC (rev 
7430)
+++ ipcop/trunk/updates/2.1.4/information.xml   2014-04-07 16:00:25 UTC (rev 
7431)
@@ -7,7 +7,7 @@
         <description>Language updates.&lt;br /&gt;
         Upgrade conntrack-tools to 1.4.2, 
         e1000e network driver to 3.0.4.1, igb network driver to 5.2.5, linux 
kernel to 3.4.86,
-        ppp to 2.4.6, pptp to 1.8.0, rrdtool to 1.4.8,
+        openswan to 2.6.41, ppp to 2.4.6, pptp to 1.8.0, rrdtool to 1.4.8,
         sqlite to 3.8.4.3, usb-modeswitch to 2.1.1, usb-modeswitch-data to 
20140327.
         &lt;br /&gt;
         Upgrade Perl modules DBD-SQLite to 1.42, DBI to 1.631.

This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.


------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees_APR
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn

Reply via email to