Revision: 7431 http://sourceforge.net/p/ipcop/svn/7431 Author: owes Date: 2014-04-07 16:00:25 +0000 (Mon, 07 Apr 2014) Log Message: ----------- Update openswan to 2.6.41. Probably need to consider moving to another *swan implementation in one of the next IPCop versions.
Modified Paths: -------------- ipcop/trunk/config/rootfiles/common/openswan ipcop/trunk/lfs/openswan ipcop/trunk/updates/2.1.4/ROOTFILES.i486-2.1.4 ipcop/trunk/updates/2.1.4/information.xml Added Paths: ----------- ipcop/trunk/src/patches/openswan_verify-perl.patch Removed Paths: ------------- ipcop/trunk/src/patches/openswan-2.6.39_remove_CFLAGS_no-error_cpp.patch Modified: ipcop/trunk/config/rootfiles/common/openswan =================================================================== --- ipcop/trunk/config/rootfiles/common/openswan 2014-04-07 15:53:37 UTC (rev 7430) +++ ipcop/trunk/config/rootfiles/common/openswan 2014-04-07 16:00:25 UTC (rev 7431) @@ -24,7 +24,7 @@ #etc/ipsec.d/private etc/ipsec.secrets etc/rc.d/ipsec -usr/lib/ipsec +#usr/lib/ipsec usr/lib/ipsec/_copyright usr/lib/ipsec/_include usr/lib/ipsec/_keycensor @@ -38,13 +38,14 @@ usr/lib/ipsec/_updown.klips usr/lib/ipsec/_updown.mast usr/lib/ipsec/_updown.netkey -usr/libexec/ipsec +#usr/libexec/ipsec usr/libexec/ipsec/_pluto_adns usr/libexec/ipsec/addconn usr/libexec/ipsec/auto usr/libexec/ipsec/barf usr/libexec/ipsec/eroute usr/libexec/ipsec/ikeping +#usr/libexec/ipsec/initnss usr/libexec/ipsec/klipsdebug usr/libexec/ipsec/look usr/libexec/ipsec/newhostkey @@ -152,6 +153,7 @@ #usr/share/man/man8/ipsec_barf.8 #usr/share/man/man8/ipsec_eroute.8 #usr/share/man/man8/ipsec_ikeping.8 +#usr/share/man/man8/ipsec_initnss.8 #usr/share/man/man8/ipsec_klipsdebug.8 #usr/share/man/man8/ipsec_look.8 #usr/share/man/man8/ipsec_newhostkey.8 Modified: ipcop/trunk/lfs/openswan =================================================================== --- ipcop/trunk/lfs/openswan 2014-04-07 15:53:37 UTC (rev 7430) +++ ipcop/trunk/lfs/openswan 2014-04-07 16:00:25 UTC (rev 7431) @@ -33,7 +33,7 @@ include Config PKG_NAME = openswan -VER = 2.6.39 +VER = 2.6.41 HOST_ARCH = all OTHER_SRC = yes KERNEL_MOD = yes @@ -57,7 +57,7 @@ $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 199757597f9f776d85752bb0c713b5ed +$(DL_FILE)_MD5 = da2e8b02ecc30a408cc5766767fef84f install : $(TARGET) @@ -88,8 +88,9 @@ @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)_remove_CFLAGS_no-error_cpp.patch - cd $(DIR_APP) && patch -RNp1 -i $(DIR_PATCHES)/$(THISAPP)_verify-python.patch + # Remove Python verify script and patch in an old Perl version + cd $(DIR_APP) && rm programs/verify/verify.in + cd $(DIR_APP) && patch -p1 -i $(DIR_PATCHES)/$(PKG_NAME)_verify-perl.patch cd $(DIR_APP) && sed -i \ -e 's%^INC_USRLOCAL.*$$%INC_USRLOCAL=/usr%' \ Deleted: ipcop/trunk/src/patches/openswan-2.6.39_remove_CFLAGS_no-error_cpp.patch =================================================================== --- ipcop/trunk/src/patches/openswan-2.6.39_remove_CFLAGS_no-error_cpp.patch 2014-04-07 15:53:37 UTC (rev 7430) +++ ipcop/trunk/src/patches/openswan-2.6.39_remove_CFLAGS_no-error_cpp.patch 2014-04-07 16:00:25 UTC (rev 7431) @@ -1,24 +0,0 @@ -diff -Nur openswan-2.6.39.orig/lib/libopenswan/Makefile openswan-2.6.39/lib/libopenswan/Makefile ---- openswan-2.6.39.orig/lib/libopenswan/Makefile 2013-05-31 19:12:15.000000000 +0200 -+++ openswan-2.6.39/lib/libopenswan/Makefile 2013-07-19 11:09:17.000000000 +0200 -@@ -85,9 +85,6 @@ - # must turn this off due to initsubnet.c - CFLAGS+= -Wno-error=cast-qual - --# some junk left in alg_info.c --CFLAGS+= -Wno-error=cpp -- - #CFLAGS+= -Wmissing-declarations - CFLAGS+= -Wstrict-prototypes - #CFLAGS+= -pedantic -diff -Nur openswan-2.6.39.orig/programs/pluto/Makefile openswan-2.6.39/programs/pluto/Makefile ---- openswan-2.6.39.orig/programs/pluto/Makefile 2013-05-31 19:12:15.000000000 +0200 -+++ openswan-2.6.39/programs/pluto/Makefile 2013-07-19 11:08:28.000000000 +0200 -@@ -47,7 +47,6 @@ - - # must turn this off due to myid.c - CFLAGS+= -Wno-error=cast-qual --CFLAGS+= -Wno-error=cpp - - ifeq ($(HAVE_BROKEN_POPEN),true) - CFLAGS+=-DHAVE_BROKEN_POPEN Added: ipcop/trunk/src/patches/openswan_verify-perl.patch =================================================================== --- ipcop/trunk/src/patches/openswan_verify-perl.patch (rev 0) +++ ipcop/trunk/src/patches/openswan_verify-perl.patch 2014-04-07 16:00:25 UTC (rev 7431) @@ -0,0 +1,570 @@ +This is ipsec verify for Perl instead of Python. +Source from openswan 2.6.39 with 1 patch to use ip instead of ifconfig + +--- a/programs/verify/verify.in 1970-01-01 01:00:00.000000000 +0100 ++++ b/programs/verify/verify.in 2014-04-07 14:39:19.000000000 +0200 +@@ -0,0 +1,564 @@ ++#!/usr/bin/perl ++# ++# Copyright (C) 2003 Sam Sgro <s...@freeswan.org> ++# Copyright (C) 2005-2008 Michael Richardson <m...@xelerance.com> ++# Copyright (C) 2005-2009 Paul Wouters <p...@xelerance.com> ++# ++# Based on "verify" from the FreeS/WAN distribution, (C) 2001 Michael ++# Richardson <m...@freeswan.org> ++# ++# This program is free software; you can redistribute it and/or modify it ++# under the terms of the GNU General Public License as published by the ++# Free Software Foundation; either version 2 of the License, or (at your ++# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. ++# ++# This program is distributed in the hope that it will be useful, but ++# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ++# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++# for more details. ++ ++$reterr = 0; ++$me="ipsec verify"; ++$ENV{'PATH'}="/sbin:/usr/sbin:/usr/bin:/usr/local/sbin:@IPSEC_SBINDIR@:$ENV{'PATH'}"; ++if($ENV{'IPSEC_CONFS'}) { $conf=$ENV{'IPSEC_CONFS'} } else { $conf= `ipsec --confdir`; chomp($conf); } ++ ++$print_deprecated = 1; ++ ++# Should we print in colour by default? ++if ( -e "/sbin/consoletype" ) ++{ ++ $ctype=`/sbin/consoletype`; ++ if ( $ctype && !($ctype eq "serial")) ++ { ++ $colour="1"; ++ } ++} ++else ++{ ++ if ( -e "/usr/bin/tput" ) ++ { ++ $ctype=`/usr/bin/tput colors`; ++ if ( $ctype && ($ctype gt "0")) ++ { ++ $colour="1"; ++ } ++ } ++} ++ ++sub printfun { ++ print sprintf("%-60s",@_); ++} ++ ++# capture STDOUT as @out, STDERR as @err with no temp files. ++sub run { ++ $command=shift; ++ ++ pipe child_read, parent_write; ++ pipe parent_read, child_write; ++ pipe err_read, err_write; ++ ++ $mypid=fork; ++ if($mypid) ++ { ++ close child_write; close err_write; ++ @out=<parent_read>; ++ @err=<err_read>; ++ } ++ else ++ { ++ close parent_read; close parent_write; ++ open STDOUT,">&child_write"; ++ open STDERR,">&err_write"; ++ exec $command; $reterr = 1 ; print STDERR "Cannot execute command \"$command\": $!\n"; ++ } ++} ++ ++# Code to print out [OK], [FAILED]. ++sub errchk { ++ if (!shift(@_)) ++ { ++ print "\t["; ++ if($colour) { print "\e[1;31m"; } ++ if(@_) ++ { ++ print "@_"; ++ } ++ else ++ { ++ print "FAILED"; ++ $reterr = 1; ++ } ++ if($colour) { print "\e[0;39m"; } ++ print "]\n"; ++ if(@err) ++ { ++ print " @err"; ++ $reterr = 1; ++ } ++ } ++ else ++ { ++ print "\t["; ++ if($colour) { print "\e[1;32m"; } ++ print "OK"; ++ if($colour) { print "\e[0;39m"; } ++ print "]\n"; ++ } ++} ++ ++# Code to print out [OK], [FAILED] in warning colours ++sub warnchk { ++ if (!shift(@_)) ++ { ++ print "\t["; ++ if($colour) { print "\e[1;33m"; } ++ if(@_) ++ { ++ print "@_"; ++ } ++ else ++ { ++ print "FAILED"; ++ $reterr = 1; ++ } ++ if($colour) { print "\e[0;39m"; } ++ print "]\n"; ++ if(@err) ++ { ++ print " @err"; ++ $reterr = 1; ++ } ++ } ++ else ++ { ++ print "\t["; ++ if($colour) { print "\e[1;32m"; } ++ print "OK"; ++ if($colour) { print "\e[0;39m"; } ++ print "]\n"; ++ } ++} ++ ++ ++# Code to print out [DEPRECATED] and key restrict message ++sub deprecated { ++ ++ print "\t["; ++ if($colour) { print "\e[1;33m"; } ++ print "DEPRECATED"; ++ if($colour) { print "\e[0;39m"; } ++ print "]\n"; ++} ++ ++# Verification routines begin here... ++# ++# Check DNS Configuration based on a hostname ++# $1 = Hostname (string) ++# eg: checkdnshost oetest.freeswan.org ++sub checkdnshost { ++ run "host -t key $_[0]"; ++ ($keypresent)=grep /(0x4200|16896)/, @out; ++ if($keypresent) ++ { ++ printfun " Looking for KEY in forward dns zone: $_[0]"; ++ deprecated; ++ } ++ ++ ++ printfun " Looking for TXT in forward dns zone: $_[0]"; ++ run "host -t txt $_[0]"; ++ ($txtpresent)=grep /X-IPsec-Server/,@out; ++ errchk "$txtpresent", "MISSING"; ++} ++ ++# Check DNS Configuration based on IP address ++# $1 = IP Address (string) ++# eg: checkdnsip 127.0.0.2 ++sub checkdnsip { ++ $fortxt=$_[0]; ++ $revtxt=join('.',reverse(split(/\./, $fortxt))).".in-addr.arpa."; ++ printfun " Looking for TXT in reverse dns zone: $revtxt"; ++ run "host -t txt $revtxt"; ++ ($txtpresent)=grep /X-IPsec-Server/,@out; ++ errchk "$txtpresent", "MISSING"; ++ ++ if($txtpresent) { ++ $txtpresent=~ s/.*X-IPsec-Server\([0-9].*\)=//; $txtpresent=~ s/[\"\ ].*//; ++ $gwip=$txtpresent; ++ chomp($gwip); ++ $gwrev=join('.',reverse(split(/\./, $gwip))).".in-addr.arpa."; ++ # Check for a KEY record for the indicated IPSec GW. ++ run "host -t key $gwrev"; ++ ($keypresent)=grep /(0x4200|16896)/, @out; ++ if($keypresent) ++ { ++ printfun " Looking for KEY in reverse dns zone: $gwrev"; ++ deprecated; ++ $print_deprecated = 1; ++ ++ } ++ # If the host is its own gateway, then we know we've got a TXT record. ++ if($gwip ne $fortxt) { ++ printfun "Looking for TXT in reverse dns zone: $gwrev"; ++ run "host -t txt $gwrev"; ++ ($txtpresent)=grep /X-IPsec-Server/,@out; ++ errchk "$txtpresent", "MISSING"; ++ } ++ ++ } ++} ++ ++sub udp500check { ++ printfun " Pluto listening for IKE on udp 500"; ++ run "lsof -i UDP:500"; ++ #run "netstat -an"; ++ ($listen)=grep /pluto/, @out; ++ if(!$listen) ++ { ++ errchk "", "FAILED"; ++ $reterr = 1; ++ } ++ else ++ { ++ errchk "1"; ++ } ++} ++ ++sub udp4500check { ++ printfun " Pluto listening for NAT-T on udp 4500"; ++ run "lsof -i UDP:4500"; ++ #run "netstat -an"; ++ ($listen)=grep /pluto/, @out; ++ if(!$listen) ++ { ++ errchk "", "FAILED"; ++ $reterr = 1; ++ } ++ else ++ { ++ errchk "1"; ++ } ++} ++ ++sub checktunnel { ++ $csource=$_[0]; $cdest=$_[1]; $ctun=$_[2]; $all="0.0.0.0/0"; ++ ++ printfun "Checking $ctun from $csource to $cdest"; ++ run "iptables -t nat -L POSTROUTING -n"; ++ @out=grep !/(Chain POSTROUTING|target)/, @out; ++ foreach (@out) { ++ ( $target, $prot, $opt, $source, $dest ) = split(' ',$_); ++ if(((($source eq $csource) || ($source eq $all)) && (($dest eq $cdest) || ($dest = $all))) && $target eq "ACCEPT") ++ { ++ errchk "@out"; ++ $reterr = 1; ++ } ++ else ++ { ++ @err="$target from $source to $dest kills tunnel $source -> $cdest\n"; ++ errchk "","FAILED"; ++ $reterr = 1; ++ } ++ } ++} ++ ++sub installstartcheck { ++ print "Checking your system to see if IPsec got installed and started correctly:\n"; ++ ++ printfun "Version check and ipsec on-path"; ++ run "ipsec --version"; ++ errchk "@out"; ++ print grep /Linux/, @out; ++ ++ printfun "Checking for IPsec support in kernel"; ++ if ( -e "/proc/net/ipsec_eroute" || -e "/proc/net/pfkey" ) { $test="1" } ++ errchk "$test"; ++ ++# This requires KLIPS NAT-T patch > 2.4.x ++ if ( -e "/proc/net/ipsec_eroute") { ++ ++ printfun " KLIPS: checking for NAT Traversal support"; ++ if ( -e "/sys/module/ipsec/parameters/natt_available") { ++ run "cat /sys/module/ipsec/parameters/natt_available"; ++ if("@out" =="1\n") ++ { warnchk "", "OLD STYLE"; } ++ else { ++ if("@out" == "2\n") ++ { errchk "OK"; } ++ else ++ { warnchk "", "UNKNOWN"; } ++ } ++ } else { warnchk "","UNKNOWN"; } ++ ++ printfun " KLIPS: checking for OCF crypto offload support "; ++ if ( -e "/sys/module/ipsec/parameters/ocf_available") { ++ run "cat /sys/module/ipsec/parameters/ocf_available"; ++ if("@out" =="1\n") ++ { errchk "OK"; } ++ else { ++ { warnchk "", "N/A"; } ++ } ++ } else { warnchk "","UNKNOWN"; } ++ ++ } ++ ++# Check for SAref kernel ++ if ( -e "/proc/net/ipsec/saref") { ++ printfun " Kernel: IPsec SAref kernel support"; ++ run "grep 'refinfo patch applied' /proc/net/ipsec/saref"; ++ if("@out" eq "refinfo patch applied\n") ++ { errchk "OK"; } ++ else ++ { warnchk "", "N/A"; } ++ ++ printfun " Kernel: IPsec SAref Bind kernel support"; ++ run "grep 'bindref patch applied' /proc/net/ipsec/saref"; ++ if("@out" eq "bindref patch applied\n") ++ { errchk "OK"; } ++ else ++ { warnchk "", "N/A"; } ++ } else { ++ printfun " SAref kernel support"; ++ { warnchk "", "N/A"; } ++ } ++ ++ if ( -e "/proc/net/pfkey") { ++ printfun " NETKEY: Testing XFRM related proc values"; ++ open("cat", "/proc/sys/net/ipv4/conf/default/send_redirects"); ++ if(<cat> == "1") ++ { ++ errchk ""; ++ $reterr = 1; ++ print "\n Please disable /proc/sys/net/ipv4/conf/*/send_redirects\n or NETKEY will cause the sending of bogus ICMP redirects!\n\n"; ++ } ++ else { errchk "1"; } ++ ++ open("cat", "/proc/sys/net/ipv4/conf/default/accept_redirects"); ++ if(<cat> == "1") ++ { ++ $reterr = 1; ++ errchk ""; ++ print "\n Please disable /proc/sys/net/ipv4/conf/*/accept_redirects\n or NETKEY will accept bogus ICMP redirects!\n\n"; ++ } ++ else { errchk "1"; } ++ ++ open("cat", "/proc/sys/net/core/xfrm_larval_drop"); ++ if(<cat> == "0") ++ { ++ $reterr = 1; ++ errchk ""; ++ print "\n Please enable /proc/sys/net/core/xfrm_larval_drop\n or NETKEY will cause non-POSIX compliant long time-outs\n\n"; ++ } ++ else { errchk "1"; } ++ } ++ ++ if ( -c "/dev/hw_random" || -c "/dev/hwrng" ) { ++ printfun "Hardware RNG detected, testing if used properly"; ++ run "pidof rngd"; ++ ($processid) = @out; ++ chomp($processid); ++ if( $processid eq "" ) { ++ run "pidof clrngd"; ++ ($processid2) = @out; ++ if( $processid2 eq "" ) { ++ errchk ""; ++ print "\n Hardware RNG is present but 'rngd' or 'clrngd' is not running.\n No harware random used!\n\n"; ++ $reterr = 1; ++ } ++ else { errchk "1"; } ++ } ++ else { errchk "1"; } ++ } ++ ++ ++ # Wouldn't this test fail if your mucked up your interface definition? ++ printfun "Checking that pluto is running"; ++ run "ipsec whack --status"; ++ errchk "@out"; ++ if (grep /interface/, @out) ++ { ++ udp500check; ++ udp4500check; ++ } ++} ++ ++sub tunnelchecks { ++ open("dev", "/proc/net/dev"); ++ if((grep !/(ipsec|lo:|Inter|packets)/, <dev>) > 1) ++ { ++ printfun "Two or more interfaces found, checking IP forwarding"; ++ my ($data, $n); ++ open FILE, "/proc/sys/net/ipv4/ip_forward" or die $!; ++ $n = read FILE, $data, 1; ++ if($data == 1) ++ { ++ $reterr = 1; ++ errchk "0"; ++ } ++ ++ printfun "Checking NAT and MASQUERADEing"; ++ # This assumes KLIPS eroute information, we should add support ++ # for NETKEY, but ip xfrm is very annoying to parse ++ if(( -e "/proc/net/nf_conntrack" || -e "/proc/net/ip_conntrack") ++&& -e "/proc/net/ipsec_eroute" ) ++ { ++ run "iptables -t nat -L -n"; ++ if(grep /(NAT|MASQ)/, @out) ++ { ++ printf "\n"; ++ open("cat", "/proc/net/ipsec_eroute"); ++ foreach(grep /tun0x/, <cat>) ++ { ++ @eroute=split(' ',$_); ++ checktunnel $eroute[1], $eroute[3], $eroute[5]; ++ } ++ } ++ else ++ { ++ errchk "1"; ++ } ++ } ++ else ++ { ++ errchk "OK"; ++ } ++ } ++} ++ ++sub cmdchecks { ++ # check for vital commands ++ printfun "Checking for 'ip' command"; ++ run "which ip"; ++ errchk "@out"; ++ ++ printfun "Checking /bin/sh is not /bin/dash"; ++ if (-e "/bin/dash") { ++ run "cmp /bin/sh /bin/dash"; ++ ($dash)=grep(/differ/, @out); ++ if(!$dash) { ++ warnchk "", "WARNING"; ++ } else { ++ errchk "OK"; ++ } ++ } else { ++ errchk "OK"; ++ } ++ ++ printfun "Checking for 'iptables' command"; ++ run "which iptables"; ++ errchk "@out"; ++ ++ ++ open("cat","$conf/ipsec.conf"); ++ foreach(grep /crlcheckinterval/,<cat>) ++ { ++ if(!$curlcheckdone) { ++ $curlcheckdone=1; ++ printfun "Checking for 'curl' command for CRL fetching"; ++ run "which curl"; ++ errchk "@out"; ++ } ++ } ++# perhaps check for ip xfrm support, but forget about setkey. ++# if ( -e "/proc/net/pfkey") { ++# printfun "Checking for 'setkey' command for NETKEY IPsec stack support"; ++# run "which setkey"; ++# errchk "@out"; ++# } ++} ++ ++sub dnschecks { ++ # Check the running hostname. ++ printf "\nOpportunistic Encryption DNS checks:\n"; ++ run "hostname"; ++ ($hostname)=@out; chomp $hostname; ++ checkdnshost $hostname; ++ ++ # Check all the public IP addresses... ++ run "ip -4 -o addr show"; ++ for (@out) ++ { ++ @temp=split(/[\/\ ]+/, $_); ++ push(@address,$temp[3]); ++ } ++ # Purge all non-routeable IPs... ++ @address=grep !/^(127.*|10.*|172.1[6789]+.*.*|172.2+.*.*|172.3[01]+.*.*|192.168.*.*|169.254.*.*)/,@address; ++ printfun " Does the machine have at least one non-private address?"; ++ errchk @address; ++ foreach(@address=grep !$check{$_}++,@address) ++ { ++ checkdnsip $_; ++ } ++} ++ ++# Main function begins here! ++# Harvest options, ensure they're valid. ++use Getopt::Long; ++%optctl = ("host" => \$hostname,"ip" => \$ip, "colour" => \$colour); ++GetOptions(\%optctl, "host=s" ,"ip=s", "colour!"); ++ ++# Exit if we get passed an option we don't recognize. ++if($Getopt::Long::error) { exit 1; } ++ ++ ++# If you've passed --host or --ip, do only those checks. ++if($hostname || $ip) ++{ ++# Check this --host for OE. ++ if($hostname) ++ { ++ printf "Checking $hostname for Opportunistic Encryption:\n"; ++ checkdnshost $hostname; ++ run "host -t A $hostname"; ++ if(($ipaddr) = grep (/address/i, @out)) ++ { ++ $ipaddr=~ s/.*address\ //; ++ chomp $ipaddr; ++ checkdnsip $ipaddr; ++ } ++ else ++ { ++ printf "$hostname does not resolve to an IP, no reverse lookup tests possible.\n"; ++ } ++ } ++# Check this IP for OE. ++ if($ip) ++ { ++ printf "Checking IP $ip for Opportunistic Encryption:\n"; ++ checkdnsip $ip; ++ } ++} ++else ++{ ++ # Call the default routines... ++ # Root check... ++ if($> != "0") ++ { ++ print "To check this machine, you need to run \"$me\" as root.\n"; exit; ++ } ++ else ++ { ++ installstartcheck; ++ tunnelchecks; ++ cmdchecks; ++ run "ipsec addconn --configsetup"; ++ ($oe)=grep(/oe=\'yes\'/, @out); ++ if( $oe) { ++ dnschecks; ++ if($print_deprecated) ++ { ++ print " ++ ++ RFC 3445 restricts the use of the KEY RR to DNSSEC applications. The use of ++ a KEY record sub-type for Opporunistic Encryption (OE) has been deprecated. ++ TXT records are used to provide all OE functionality.\n"; ++ } ++ } else { ++ printfun "Opportunistic Encryption Support"; ++ warnchk "", "DISABLED"; ++ } ++ } ++ # finally, run the config file through the parser checks ++ run "ipsec auto addconn --checkconfig"; ++} ++exit $reterr Modified: ipcop/trunk/updates/2.1.4/ROOTFILES.i486-2.1.4 =================================================================== --- ipcop/trunk/updates/2.1.4/ROOTFILES.i486-2.1.4 2014-04-07 15:53:37 UTC (rev 7430) +++ ipcop/trunk/updates/2.1.4/ROOTFILES.i486-2.1.4 2014-04-07 16:00:25 UTC (rev 7431) @@ -40,6 +40,29 @@ /lib/modules/3.4-2/extra/solos-pci.ko.gz /lib/modules/3.4-2/kernel ## +## openswan-2.6.41 +/etc/rc.d/ipsec +/usr/lib/ipsec/_copyright +/usr/lib/ipsec/_plutoload +/usr/lib/ipsec/_plutorun +/usr/lib/ipsec/_realsetup +/usr/lib/ipsec/_updown.netkey +/usr/libexec/ipsec/_pluto_adns +/usr/libexec/ipsec/addconn +/usr/libexec/ipsec/eroute +/usr/libexec/ipsec/ikeping +/usr/libexec/ipsec/klipsdebug +/usr/libexec/ipsec/pf_key +/usr/libexec/ipsec/pluto +/usr/libexec/ipsec/ranbits +/usr/libexec/ipsec/rsasigkey +/usr/libexec/ipsec/showhostkey +/usr/libexec/ipsec/spi +/usr/libexec/ipsec/spigrp +/usr/libexec/ipsec/tncfg +/usr/libexec/ipsec/whack +/usr/sbin/ipsec +## ## perl DBD-SQLite-1.42 /usr/lib/perl5/site_perl/5.14.2/i486-linux/DBD/SQLite.pm /usr/lib/perl5/site_perl/5.14.2/i486-linux/auto/DBD/SQLite/SQLite.so Modified: ipcop/trunk/updates/2.1.4/information.xml =================================================================== --- ipcop/trunk/updates/2.1.4/information.xml 2014-04-07 15:53:37 UTC (rev 7430) +++ ipcop/trunk/updates/2.1.4/information.xml 2014-04-07 16:00:25 UTC (rev 7431) @@ -7,7 +7,7 @@ <description>Language updates.<br /> Upgrade conntrack-tools to 1.4.2, e1000e network driver to 3.0.4.1, igb network driver to 5.2.5, linux kernel to 3.4.86, - ppp to 2.4.6, pptp to 1.8.0, rrdtool to 1.4.8, + openswan to 2.6.41, ppp to 2.4.6, pptp to 1.8.0, rrdtool to 1.4.8, sqlite to 3.8.4.3, usb-modeswitch to 2.1.1, usb-modeswitch-data to 20140327. <br /> Upgrade Perl modules DBD-SQLite to 1.42, DBI to 1.631. This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees_APR _______________________________________________ Ipcop-svn mailing list Ipcop-svn@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ipcop-svn