Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Jakov Smolić" <jsmolic@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: profiles/, net-vpn/ipsec-tools/, net-vpn/ipsec-tools/files/
Date: Tue, 28 Sep 2021 14:32:08
Message-Id: 1632839354.ee8b389b8cabe9cbe8fcc0360f2062708974297d.jsmolic@gentoo
1 commit: ee8b389b8cabe9cbe8fcc0360f2062708974297d
2 Author: Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
3 AuthorDate: Tue Sep 28 14:29:14 2021 +0000
4 Commit: Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
5 CommitDate: Tue Sep 28 14:29:14 2021 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ee8b389b
7
8 net-vpn/ipsec-tools: Remove last-rited package
9
10 Signed-off-by: Jakov Smolić <jsmolic <AT> gentoo.org>
11
12 net-vpn/ipsec-tools/Manifest | 2 -
13 .../files/ipsec-tools-0.8.0-sysctl.patch | 22 --
14 .../files/ipsec-tools-CVE-2015-4047.patch | 16 --
15 .../files/ipsec-tools-CVE-2016-10396.patch | 201 ---------------
16 .../ipsec-tools/files/ipsec-tools-def-psk.patch | 25 --
17 .../files/ipsec-tools-include-vendoridh.patch | 11 -
18 net-vpn/ipsec-tools/files/ipsec-tools.conf | 26 --
19 net-vpn/ipsec-tools/files/ipsec-tools.service | 12 -
20 net-vpn/ipsec-tools/files/psk.txt | 10 -
21 net-vpn/ipsec-tools/files/racoon.conf | 33 ---
22 net-vpn/ipsec-tools/files/racoon.conf.d-r2 | 29 ---
23 net-vpn/ipsec-tools/files/racoon.init.d-r3 | 57 -----
24 net-vpn/ipsec-tools/files/racoon.pam.d | 4 -
25 net-vpn/ipsec-tools/files/racoon.service | 11 -
26 net-vpn/ipsec-tools/ipsec-tools-0.8.2-r8.ebuild | 284 ---------------------
27 net-vpn/ipsec-tools/metadata.xml | 17 --
28 profiles/package.mask | 4 -
29 17 files changed, 764 deletions(-)
30
31 diff --git a/net-vpn/ipsec-tools/Manifest b/net-vpn/ipsec-tools/Manifest
32 deleted file mode 100644
33 index 2490dbc0ab0..00000000000
34 --- a/net-vpn/ipsec-tools/Manifest
35 +++ /dev/null
36 @@ -1,2 +0,0 @@
37 -DIST ipsec-tools-0.8.2.tar.bz2 866465 BLAKE2B cf8c9175d96326fc5c74e6b1921bc66911256e289e6fe9cef77f26c197546902be3ebd5696af39c749a2abaac3f42010c9e2a281fd208122cd59222044b9dd4c SHA512 2b7d0efa908d3a699be7ef8b2b126a3809956cb7add50e8efb1cfdfc2d9b70c39ef517379cb9a4fad9e5f0c25937e98535b06c32bd3e729f5129da4ab133e30f
38 -DIST ipsec-tools-add-openssl-1.1.x-support.patch 32066 BLAKE2B b8380408c90bb93f0b95938de2efc61c80d727ae61a1417134583a8c74055fcfe1f7f75893f1f701b0f301a16d8b4d14f1b8a09d1e81d238821bcc122dfe183f SHA512 f2bd85f1c51226da6fc50d3473129e4c2e3c0e46107337f8d676029b7072b98bf164b6813a16de7dd4481f80038453b55a5ff56e7f5ec08ab07641034258e778
39
40 diff --git a/net-vpn/ipsec-tools/files/ipsec-tools-0.8.0-sysctl.patch b/net-vpn/ipsec-tools/files/ipsec-tools-0.8.0-sysctl.patch
41 deleted file mode 100644
42 index 5c69bbb2fa6..00000000000
43 --- a/net-vpn/ipsec-tools/files/ipsec-tools-0.8.0-sysctl.patch
44 +++ /dev/null
45 @@ -1,22 +0,0 @@
46 -https://bugs.gentoo.org/425770
47 -
48 ---- a/src/racoon/pfkey.c
49 -+++ b/src/racoon/pfkey.c
50 -@@ -59,7 +59,6 @@
51 - #include <sys/param.h>
52 - #include <sys/socket.h>
53 - #include <sys/queue.h>
54 --#include <sys/sysctl.h>
55 -
56 - #include <net/route.h>
57 - #include <net/pfkeyv2.h>
58 ---- a/src/setkey/setkey.c
59 -+++ b/src/setkey/setkey.c
60 -@@ -40,7 +40,6 @@
61 - #include <sys/socket.h>
62 - #include <sys/time.h>
63 - #include <sys/stat.h>
64 --#include <sys/sysctl.h>
65 - #include <err.h>
66 - #include <netinet/in.h>
67 - #include <net/pfkeyv2.h>
68
69 diff --git a/net-vpn/ipsec-tools/files/ipsec-tools-CVE-2015-4047.patch b/net-vpn/ipsec-tools/files/ipsec-tools-CVE-2015-4047.patch
70 deleted file mode 100644
71 index 58f72e109c4..00000000000
72 --- a/net-vpn/ipsec-tools/files/ipsec-tools-CVE-2015-4047.patch
73 +++ /dev/null
74 @@ -1,16 +0,0 @@
75 -See: https://bugs.gentoo.org/show_bug.cgi?id=550118
76 -
77 ---- ./src/racoon/gssapi.c 9 Sep 2006 16:22:09 -0000 1.4
78 -+++ ./src/racoon/gssapi.c 19 May 2015 15:16:00 -0000 1.6
79 -@@ -192,6 +192,11 @@
80 - gss_name_t princ, canon_princ;
81 - OM_uint32 maj_stat, min_stat;
82 -
83 -+ if (iph1->rmconf == NULL) {
84 -+ plog(LLV_ERROR, LOCATION, NULL, "no remote config\n");
85 -+ return -1;
86 -+ }
87 -+
88 - gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state));
89 - if (gps == NULL) {
90 - plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n");
91
92 diff --git a/net-vpn/ipsec-tools/files/ipsec-tools-CVE-2016-10396.patch b/net-vpn/ipsec-tools/files/ipsec-tools-CVE-2016-10396.patch
93 deleted file mode 100644
94 index e123007bb59..00000000000
95 --- a/net-vpn/ipsec-tools/files/ipsec-tools-CVE-2016-10396.patch
96 +++ /dev/null
97 @@ -1,201 +0,0 @@
98 -Description: Fix remotely exploitable DoS. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10396
99 -Source: vendor; https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682
100 -Bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867986
101 -
102 -Index: pkg-ipsec-tools/src/racoon/isakmp_frag.c
103 -===================================================================
104 ---- pkg-ipsec-tools.orig/src/racoon/isakmp_frag.c
105 -+++ pkg-ipsec-tools/src/racoon/isakmp_frag.c
106 -@@ -1,4 +1,4 @@
107 --/* $NetBSD: isakmp_frag.c,v 1.5 2009/04/22 11:24:20 tteras Exp $ */
108 -+/* $NetBSD: isakmp_frag.c,v 1.5.36.1 2017/04/21 16:50:42 bouyer Exp $ */
109 -
110 - /* Id: isakmp_frag.c,v 1.4 2004/11/13 17:31:36 manubsd Exp */
111 -
112 -@@ -173,6 +173,43 @@ vendorid_frag_cap(gen)
113 - return ntohl(hp[MD5_DIGEST_LENGTH / sizeof(*hp)]);
114 - }
115 -
116 -+static int
117 -+isakmp_frag_insert(struct ph1handle *iph1, struct isakmp_frag_item *item)
118 -+{
119 -+ struct isakmp_frag_item *pitem = NULL;
120 -+ struct isakmp_frag_item *citem = iph1->frag_chain;
121 -+
122 -+ /* no frag yet, just insert at beginning of list */
123 -+ if (iph1->frag_chain == NULL) {
124 -+ iph1->frag_chain = item;
125 -+ return 0;
126 -+ }
127 -+
128 -+ do {
129 -+ /* duplicate fragment number, abort (CVE-2016-10396) */
130 -+ if (citem->frag_num == item->frag_num)
131 -+ return -1;
132 -+
133 -+ /* need to insert before current item */
134 -+ if (citem->frag_num > item->frag_num) {
135 -+ if (pitem != NULL)
136 -+ pitem->frag_next = item;
137 -+ else
138 -+ /* insert at the beginning of the list */
139 -+ iph1->frag_chain = item;
140 -+ item->frag_next = citem;
141 -+ return 0;
142 -+ }
143 -+
144 -+ pitem = citem;
145 -+ citem = citem->frag_next;
146 -+ } while (citem != NULL);
147 -+
148 -+ /* we reached the end of the list, insert */
149 -+ pitem->frag_next = item;
150 -+ return 0;
151 -+}
152 -+
153 - int
154 - isakmp_frag_extract(iph1, msg)
155 - struct ph1handle *iph1;
156 -@@ -224,39 +261,43 @@ isakmp_frag_extract(iph1, msg)
157 - item->frag_next = NULL;
158 - item->frag_packet = buf;
159 -
160 -- /* Look for the last frag while inserting the new item in the chain */
161 -- if (item->frag_last)
162 -- last_frag = item->frag_num;
163 -+ /* Check for the last frag before inserting the new item in the chain */
164 -+ if (item->frag_last) {
165 -+ /* if we have the last fragment, indices must match */
166 -+ if (iph1->frag_last_index != 0 &&
167 -+ item->frag_last != iph1->frag_last_index) {
168 -+ plog(LLV_ERROR, LOCATION, NULL,
169 -+ "Repeated last fragment index mismatch\n");
170 -+ racoon_free(item);
171 -+ vfree(buf);
172 -+ return -1;
173 -+ }
174 -
175 -- if (iph1->frag_chain == NULL) {
176 -- iph1->frag_chain = item;
177 -- } else {
178 -- struct isakmp_frag_item *current;
179 -+ last_frag = iph1->frag_last_index = item->frag_num;
180 -+ }
181 -
182 -- current = iph1->frag_chain;
183 -- while (current->frag_next) {
184 -- if (current->frag_last)
185 -- last_frag = item->frag_num;
186 -- current = current->frag_next;
187 -- }
188 -- current->frag_next = item;
189 -+ /* insert fragment into chain */
190 -+ if (isakmp_frag_insert(iph1, item) == -1) {
191 -+ plog(LLV_ERROR, LOCATION, NULL,
192 -+ "Repeated fragment index mismatch\n");
193 -+ racoon_free(item);
194 -+ vfree(buf);
195 -+ return -1;
196 - }
197 -
198 -- /* If we saw the last frag, check if the chain is complete */
199 -+ /* If we saw the last frag, check if the chain is complete
200 -+ * we have a sorted list now, so just walk through */
201 - if (last_frag != 0) {
202 -+ item = iph1->frag_chain;
203 - for (i = 1; i <= last_frag; i++) {
204 -- item = iph1->frag_chain;
205 -- do {
206 -- if (item->frag_num == i)
207 -- break;
208 -- item = item->frag_next;
209 -- } while (item != NULL);
210 --
211 -+ if (item->frag_num != i)
212 -+ break;
213 -+ item = item->frag_next;
214 - if (item == NULL) /* Not found */
215 - break;
216 - }
217 -
218 -- if (item != NULL) /* It is complete */
219 -+ if (i > last_frag) /* It is complete */
220 - return 1;
221 - }
222 -
223 -@@ -291,15 +332,9 @@ isakmp_frag_reassembly(iph1)
224 - }
225 - data = buf->v;
226 -
227 -+ item = iph1->frag_chain;
228 - for (i = 1; i <= frag_count; i++) {
229 -- item = iph1->frag_chain;
230 -- do {
231 -- if (item->frag_num == i)
232 -- break;
233 -- item = item->frag_next;
234 -- } while (item != NULL);
235 --
236 -- if (item == NULL) {
237 -+ if (item->frag_num != i) {
238 - plog(LLV_ERROR, LOCATION, NULL,
239 - "Missing fragment #%d\n", i);
240 - vfree(buf);
241 -@@ -308,6 +343,7 @@ isakmp_frag_reassembly(iph1)
242 - }
243 - memcpy(data, item->frag_packet->v, item->frag_packet->l);
244 - data += item->frag_packet->l;
245 -+ item = item->frag_next;
246 - }
247 -
248 - out:
249 -Index: pkg-ipsec-tools/src/racoon/isakmp_inf.c
250 -===================================================================
251 ---- pkg-ipsec-tools.orig/src/racoon/isakmp_inf.c
252 -+++ pkg-ipsec-tools/src/racoon/isakmp_inf.c
253 -@@ -720,6 +720,7 @@ isakmp_info_send_nx(isakmp, remote, loca
254 - #endif
255 - #ifdef ENABLE_FRAG
256 - iph1->frag = 0;
257 -+ iph1->frag_last_index = 0;
258 - iph1->frag_chain = NULL;
259 - #endif
260 -
261 -Index: pkg-ipsec-tools/src/racoon/isakmp.c
262 -===================================================================
263 ---- pkg-ipsec-tools.orig/src/racoon/isakmp.c
264 -+++ pkg-ipsec-tools/src/racoon/isakmp.c
265 -@@ -1072,6 +1072,7 @@ isakmp_ph1begin_i(rmconf, remote, local)
266 - iph1->frag = 1;
267 - else
268 - iph1->frag = 0;
269 -+ iph1->frag_last_index = 0;
270 - iph1->frag_chain = NULL;
271 - #endif
272 - iph1->approval = NULL;
273 -@@ -1176,6 +1177,7 @@ isakmp_ph1begin_r(msg, remote, local, et
274 - #endif
275 - #ifdef ENABLE_FRAG
276 - iph1->frag = 0;
277 -+ iph1->frag_last_index = 0;
278 - iph1->frag_chain = NULL;
279 - #endif
280 - iph1->approval = NULL;
281 -Index: pkg-ipsec-tools/src/racoon/handler.h
282 -===================================================================
283 ---- pkg-ipsec-tools.orig/src/racoon/handler.h
284 -+++ pkg-ipsec-tools/src/racoon/handler.h
285 -@@ -1,4 +1,4 @@
286 --/* $NetBSD: handler.h,v 1.25 2010/11/17 10:40:41 tteras Exp $ */
287 -+/* $NetBSD: handler.h,v 1.26 2017/01/24 19:23:56 christos Exp $ */
288 -
289 - /* Id: handler.h,v 1.19 2006/02/25 08:25:12 manubsd Exp */
290 -
291 -@@ -141,6 +141,7 @@ struct ph1handle {
292 - #endif
293 - #ifdef ENABLE_FRAG
294 - int frag; /* IKE phase 1 fragmentation */
295 -+ int frag_last_index;
296 - struct isakmp_frag_item *frag_chain; /* Received fragments */
297 - #endif
298 -
299
300 diff --git a/net-vpn/ipsec-tools/files/ipsec-tools-def-psk.patch b/net-vpn/ipsec-tools/files/ipsec-tools-def-psk.patch
301 deleted file mode 100644
302 index f351860a84e..00000000000
303 --- a/net-vpn/ipsec-tools/files/ipsec-tools-def-psk.patch
304 +++ /dev/null
305 @@ -1,25 +0,0 @@
306 -diff -brau ipsec-tools-0.7.3.o/src/racoon/oakley.c ipsec-tools-0.7.3/src/racoon/oakley.c
307 ---- ipsec-tools-0.7.3.o/src/racoon/oakley.c 2009-08-13 11:18:45.000000000 +0200
308 -+++ ipsec-tools-0.7.3/src/racoon/oakley.c 2011-06-06 09:36:11.000000000 +0200
309 -@@ -2498,8 +2498,21 @@
310 - plog(LLV_ERROR, LOCATION, iph1->remote,
311 - "couldn't find the pskey for %s.\n",
312 - saddrwop2str(iph1->remote));
313 -+ }
314 -+ }
315 -+ if (iph1->authstr == NULL) {
316 -+ /*
317 -+ * If we could not locate a psk above try and locate
318 -+ * the default psk, ie, "*".
319 -+ */
320 -+ iph1->authstr = privsep_getpsk("*", 1);
321 -+ if (iph1->authstr == NULL) {
322 -+ plog(LLV_ERROR, LOCATION, iph1->remote,
323 -+ "couldn't find the the default pskey either.\n");
324 - goto end;
325 - }
326 -+ plog(LLV_NOTIFY, LOCATION, iph1->remote,
327 -+ "Using default PSK.\n");
328 - }
329 - plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n");
330 - /* should be secret PSK */
331
332 diff --git a/net-vpn/ipsec-tools/files/ipsec-tools-include-vendoridh.patch b/net-vpn/ipsec-tools/files/ipsec-tools-include-vendoridh.patch
333 deleted file mode 100644
334 index 2e22c82db47..00000000000
335 --- a/net-vpn/ipsec-tools/files/ipsec-tools-include-vendoridh.patch
336 +++ /dev/null
337 @@ -1,11 +0,0 @@
338 -diff -Naur ipsec-tools-0.8.0.orig//src/racoon/ipsec_doi.c ipsec-tools-0.8.0/src/racoon/ipsec_doi.c
339 ---- ipsec-tools-0.8.0.orig//src/racoon/ipsec_doi.c 2012-02-28 13:42:24.000000000 -0500
340 -+++ ipsec-tools-0.8.0/src/racoon/ipsec_doi.c 2012-02-28 13:41:22.000000000 -0500
341 -@@ -87,6 +87,7 @@
342 - #ifdef HAVE_GSSAPI
343 - #include <iconv.h>
344 - #include "gssapi.h"
345 -+#include "vendorid.h"
346 - #ifdef HAVE_ICONV_2ND_CONST
347 - #define __iconv_const const
348 - #else
349
350 diff --git a/net-vpn/ipsec-tools/files/ipsec-tools.conf b/net-vpn/ipsec-tools/files/ipsec-tools.conf
351 deleted file mode 100644
352 index bfff04af069..00000000000
353 --- a/net-vpn/ipsec-tools/files/ipsec-tools.conf
354 +++ /dev/null
355 @@ -1,26 +0,0 @@
356 -#!/usr/sbin/setkey -f
357 -#
358 -# THIS IS A SAMPLE FILE!
359 -#
360 -# This is a sample file to test Gentoo's ipsec-tools out of the box.
361 -# Do not use it in production. See: http://www.ipsec-howto.org/
362 -#
363 -flush;
364 -spdflush;
365 -
366 -#
367 -# Uncomment the following if you want to do manual keying, ie, you want to run IPsec without racoon.
368 -# Do not switch 192.168.3.21 <-> 192.168.3.25 on the peer
369 -#
370 -#add 192.168.3.25 192.168.3.21 ah 0x200 -A hmac-md5 0xc0291ff014dccdd03874d9e8e4cdf3e6;
371 -#add 192.168.3.21 192.168.3.25 ah 0x300 -A hmac-md5 0x96358c90783bbfa3d7b196ceabe0536b;
372 -#add 192.168.3.25 192.168.3.21 esp 0x201 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831;
373 -#add 192.168.3.21 192.168.3.25 esp 0x301 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df;
374 -
375 -#
376 -# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
377 -#
378 -#spdadd 192.168.3.21 192.168.3.25 any -P out ipsec esp/transport//require ah/transport//require;
379 -#spdadd 192.168.3.25 192.168.3.21 any -P in ipsec esp/transport//require ah/transport//require;
380 -spdadd 192.168.3.25 192.168.3.21 any -P out ipsec esp/transport//require ah/transport//require;
381 -spdadd 192.168.3.21 192.168.3.25 any -P in ipsec esp/transport//require ah/transport//require;
382
383 diff --git a/net-vpn/ipsec-tools/files/ipsec-tools.service b/net-vpn/ipsec-tools/files/ipsec-tools.service
384 deleted file mode 100644
385 index 0341aa7e4ed..00000000000
386 --- a/net-vpn/ipsec-tools/files/ipsec-tools.service
387 +++ /dev/null
388 @@ -1,12 +0,0 @@
389 -[Unit]
390 -Description=Load IPSec Security Policy Database
391 -After=syslog.target network.target
392 -
393 -[Service]
394 -Type=oneshot
395 -RemainAfterExit=true
396 -ExecStart=/usr/sbin/setkey -k -f /etc/ipsec-tools.conf
397 -ExecStop=/usr/sbin/setkey -F -P ; /usr/sbin/setkey -F
398 -
399 -[Install]
400 -WantedBy=multi-user.target
401
402 diff --git a/net-vpn/ipsec-tools/files/psk.txt b/net-vpn/ipsec-tools/files/psk.txt
403 deleted file mode 100644
404 index 97f5180f5ae..00000000000
405 --- a/net-vpn/ipsec-tools/files/psk.txt
406 +++ /dev/null
407 @@ -1,10 +0,0 @@
408 -# THIS IS A SAMPLE FILE!
409 -#
410 -# This is a sample file to test Gentoo's ipsec-tools out of the box.
411 -# Do not use it in production. See: http://www.ipsec-howto.org/
412 -#
413 -# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
414 -#
415 -# Peer IP/FQDN Secret
416 -# 192.168.3.25 sample
417 -192.168.3.21 sample
418
419 diff --git a/net-vpn/ipsec-tools/files/racoon.conf b/net-vpn/ipsec-tools/files/racoon.conf
420 deleted file mode 100644
421 index 2e9206db950..00000000000
422 --- a/net-vpn/ipsec-tools/files/racoon.conf
423 +++ /dev/null
424 @@ -1,33 +0,0 @@
425 -# THIS IS A SAMPLE FILE!
426 -#
427 -# This is a sample file to test Gentoo's ipsec-tools out of the box.
428 -# Do not use it in production. See: http://www.ipsec-howto.org/
429 -#
430 -path pre_shared_key "/etc/racoon/psk.txt";
431 -
432 -#
433 -# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
434 -#
435 -#remote 192.168.3.25
436 -remote 192.168.3.21
437 -{
438 - exchange_mode main;
439 - proposal {
440 - encryption_algorithm 3des;
441 - hash_algorithm md5;
442 - authentication_method pre_shared_key;
443 - dh_group modp1024;
444 - }
445 -}
446 -
447 -#
448 -# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
449 -#
450 -#sainfo address 192.168.3.21 any address 192.168.3.25 any
451 -sainfo address 192.168.3.25 any address 192.168.3.21 any
452 -{
453 - pfs_group modp768;
454 - encryption_algorithm 3des;
455 - authentication_algorithm hmac_md5;
456 - compression_algorithm deflate;
457 -}
458
459 diff --git a/net-vpn/ipsec-tools/files/racoon.conf.d-r2 b/net-vpn/ipsec-tools/files/racoon.conf.d-r2
460 deleted file mode 100644
461 index c592d358496..00000000000
462 --- a/net-vpn/ipsec-tools/files/racoon.conf.d-r2
463 +++ /dev/null
464 @@ -1,29 +0,0 @@
465 -# Copyright 1999-2014 Gentoo Foundation
466 -# Distributed under the terms of the GNU General Public License v2
467 -
468 -# Config file for /etc/init.d/racoon
469 -
470 -# See the man page or run `racoon --help` for valid command-line options
471 -# RACOON_OPTS="-d"
472 -
473 -RACOON_CONF="/etc/racoon/racoon.conf"
474 -RACOON_PSK_FILE="/etc/racoon/psk.txt"
475 -
476 -# The amount of time in ms for start-stop-daemon to wait before a timeout
477 -# Racoon can sometimes be slow. We'll wait 1 sec. Bug #435398.
478 -
479 -RACOON_WAIT="1000"
480 -
481 -# The setkey config file. Don't name it ipsec.conf as this clashes
482 -# with strongswan. We'll follow debian's naming. Bug #436144.
483 -
484 -SETKEY_CONF="/etc/ipsec-tools.conf"
485 -
486 -# Comment or remove the following if you don't want the policy tables
487 -# to be flushed when racoon is stopped.
488 -
489 -RACOON_RESET_TABLES="true"
490 -
491 -# If you need to set custom options to the setkey command when loading rules, use this
492 -# more info in the setkey mangage (example below sets kernel mode instead of RFC mode):
493 -#SETKEY_OPTS="-k"
494
495 diff --git a/net-vpn/ipsec-tools/files/racoon.init.d-r3 b/net-vpn/ipsec-tools/files/racoon.init.d-r3
496 deleted file mode 100644
497 index 66e10bb84d4..00000000000
498 --- a/net-vpn/ipsec-tools/files/racoon.init.d-r3
499 +++ /dev/null
500 @@ -1,57 +0,0 @@
501 -#!/sbin/openrc-run
502 -# Copyright 1999-2014 Gentoo Foundation
503 -# Distributed under the terms of the GNU General Public License v2
504 -
505 -depend() {
506 - before netmount
507 - use net
508 -}
509 -
510 -checkconfig() {
511 - if [ ! -e ${SETKEY_CONF} ] ; then
512 - eerror "You need to configure setkey before starting racoon."
513 - return 1
514 - fi
515 - if [ ! -e ${RACOON_CONF} ] ; then
516 - eerror "You need a configuration file to start racoon."
517 - return 1
518 - fi
519 - if [ ! -z ${RACOON_PSK_FILE} ] ; then
520 - if [ ! -f ${RACOON_PSK_FILE} ] ; then
521 - eerror "PSK file not found as specified."
522 - eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon."
523 - return 1
524 - fi
525 - case "`ls -Lldn ${RACOON_PSK_FILE}`" in
526 - -r--------*)
527 - ;;
528 - *)
529 - eerror "Your defined PSK file should be mode 400 for security!"
530 - return 1
531 - ;;
532 - esac
533 - fi
534 -}
535 -
536 -command=/usr/sbin/racoon
537 -command_args="-f ${RACOON_CONF} ${RACOON_OPTS}"
538 -pidfile=/var/run/racoon.pid
539 -start_stop_daemon_args="--wait ${RACOON_WAIT}"
540 -
541 -start_pre() {
542 - checkconfig || return 1
543 - einfo "Loading ipsec policies from ${SETKEY_CONF}."
544 - /usr/sbin/setkey ${SETKEY_OPTS} -f ${SETKEY_CONF}
545 - if [ $? -eq 1 ] ; then
546 - eerror "Error while loading ipsec policies"
547 - fi
548 -}
549 -
550 -stop_post() {
551 - if [ -n "${RACOON_RESET_TABLES}" ]; then
552 - ebegin "Flushing policy entries"
553 - /usr/sbin/setkey -F
554 - /usr/sbin/setkey -FP
555 - eend $?
556 - fi
557 -}
558
559 diff --git a/net-vpn/ipsec-tools/files/racoon.pam.d b/net-vpn/ipsec-tools/files/racoon.pam.d
560 deleted file mode 100644
561 index b801aaafa0f..00000000000
562 --- a/net-vpn/ipsec-tools/files/racoon.pam.d
563 +++ /dev/null
564 @@ -1,4 +0,0 @@
565 -auth include system-remote-login
566 -account include system-remote-login
567 -password include system-remote-login
568 -session include system-remote-login
569
570 diff --git a/net-vpn/ipsec-tools/files/racoon.service b/net-vpn/ipsec-tools/files/racoon.service
571 deleted file mode 100644
572 index df7f1bb8f8c..00000000000
573 --- a/net-vpn/ipsec-tools/files/racoon.service
574 +++ /dev/null
575 @@ -1,11 +0,0 @@
576 -[Unit]
577 -Description=Racoon IKEv1 key management daemon for IPSEC
578 -After=syslog.target network.target
579 -Requires=ipsec-tools.service
580 -
581 -[Service]
582 -Type=forking
583 -ExecStart=/usr/sbin/racoon -f /etc/racoon/racoon.conf
584 -
585 -[Install]
586 -WantedBy=multi-user.target
587
588 diff --git a/net-vpn/ipsec-tools/ipsec-tools-0.8.2-r8.ebuild b/net-vpn/ipsec-tools/ipsec-tools-0.8.2-r8.ebuild
589 deleted file mode 100644
590 index f5bcdfcd4ab..00000000000
591 --- a/net-vpn/ipsec-tools/ipsec-tools-0.8.2-r8.ebuild
592 +++ /dev/null
593 @@ -1,284 +0,0 @@
594 -# Copyright 1999-2021 Gentoo Authors
595 -# Distributed under the terms of the GNU General Public License v2
596 -
597 -EAPI="6"
598 -
599 -inherit flag-o-matic autotools linux-info pam systemd
600 -
601 -DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
602 -HOMEPAGE="http://ipsec-tools.sourceforge.net/"
603 -SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2
604 - https://dev.gentoo.org/~juippis/distfiles/tmp/ipsec-tools-add-openssl-1.1.x-support.patch"
605 -
606 -LICENSE="BSD GPL-2"
607 -SLOT="0"
608 -KEYWORDS="amd64 arm ~ia64 ~mips ppc ppc64 x86"
609 -IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats"
610 -
611 -CDEPEND="
612 - dev-libs/openssl:0=
613 - virtual/libcrypt:=
614 - kerberos? ( virtual/krb5 )
615 - ldap? ( net-nds/openldap )
616 - pam? ( sys-libs/pam )
617 - readline? ( sys-libs/readline:0= )
618 - selinux? ( sys-libs/libselinux )"
619 -
620 -DEPEND="${CDEPEND}
621 - >=sys-kernel/linux-headers-2.6.30"
622 -
623 -RDEPEND="${CDEPEND}
624 - selinux? ( sec-policy/selinux-ipsec )
625 -"
626 -
627 -pkg_preinst() {
628 - if has_version "<${CATEGORY}/${PN}-0.8.0-r5" ; then
629 - ewarn
630 - ewarn "\033[1;33m**************************************************\033[00m"
631 - ewarn
632 - if ! has_version "net-vpn/strongswan" &&
633 - ! has_version "net-misc/openswan" &&
634 - ! has_version "net-vpn/libreswan"; then
635 - ewarn "We found an earlier version of ${PN} installed."
636 - ewarn "As of ${PN}-0.8.0-r5, the old configuration file,"
637 - ewarn "ipsec.conf, has been changed to ipsec-tools.conf to avoid"
638 - ewarn "a conflict with net-vpn/strongswan; bug #436144. We will"
639 - ewarn "rename this file for you with this upgrade. However, if"
640 - ewarn "you later downgrade, you'll have to rename the file to"
641 - ewarn "its orignal manually or change /etc/conf.d/racoon to point"
642 - ewarn "to the new file."
643 -
644 - if [[ -f /etc/ipsec.conf && ! -f /etc/ipsec-tools.conf ]] ; then
645 - mv /etc/ipsec.conf /etc/ipsec-tools.conf
646 - else
647 - ewarn
648 - ewarn "Oops! I can't move ipsec.conf to ipsec-tools.conf!"
649 - ewarn "Either the former doesn't exist or the later does and"
650 - ewarn "I won't clobber it. Please fix this situation manually."
651 - fi
652 - else
653 - ewarn "You had both an earlier version of ${PN} and"
654 - ewarn "net-vpn/strongswan installed. I can't tell whether"
655 - ewarn "the configuration file, ipsec.conf, belongs to one"
656 - ewarn "package or the other due to a file conflict; bug #436144."
657 - ewarn "The current version of ${PN} uses ipsec-tools.conf"
658 - ewarn "as its configuration file, as will future versions."
659 - ewarn "Please fix this situation manually."
660 - fi
661 - ewarn
662 - ewarn "\033[1;33m**************************************************\033[00m"
663 - ewarn
664 - fi
665 -}
666 -
667 -pkg_setup() {
668 - linux-info_pkg_setup
669 -
670 - get_version
671 -
672 - if linux_config_exists && kernel_is -ge 2 6 19; then
673 - ewarn
674 - ewarn "\033[1;33m**************************************************\033[00m"
675 - ewarn
676 - ewarn "Checking kernel configuration in /usr/src/linux or"
677 - ewarn "or /proc/config.gz for compatibility with ${PN}."
678 - ewarn "Here are the potential problems:"
679 - ewarn
680 -
681 - local nothing="1"
682 -
683 - # Check options for all flavors of IPSec
684 - local msg=""
685 - for i in XFRM_USER NET_KEY; do
686 - if ! linux_chkconfig_present ${i}; then
687 - msg="${msg} ${i}"
688 - fi
689 - done
690 - if [[ ! -z "$msg" ]]; then
691 - nothing="0"
692 - ewarn
693 - ewarn "ALL IPSec may fail. CHECK:"
694 - ewarn "${msg}"
695 - fi
696 -
697 - # Check unencrypted IPSec
698 - if ! linux_chkconfig_present CRYPTO_NULL; then
699 - nothing="0"
700 - ewarn
701 - ewarn "Unencrypted IPSec may fail. CHECK:"
702 - ewarn " CRYPTO_NULL"
703 - fi
704 -
705 - # Check IPv4 IPSec
706 - msg=""
707 - for i in \
708 - INET_IPCOMP INET_AH INET_ESP \
709 - INET_XFRM_MODE_TRANSPORT \
710 - INET_XFRM_MODE_TUNNEL \
711 - INET_XFRM_MODE_BEET
712 - do
713 - if ! linux_chkconfig_present ${i}; then
714 - msg="${msg} ${i}"
715 - fi
716 - done
717 - if [[ ! -z "$msg" ]]; then
718 - nothing="0"
719 - ewarn
720 - ewarn "IPv4 IPSec may fail. CHECK:"
721 - ewarn "${msg}"
722 - fi
723 -
724 - # Check IPv6 IPSec
725 - if use ipv6; then
726 - msg=""
727 - for i in INET6_IPCOMP INET6_AH INET6_ESP \
728 - INET6_XFRM_MODE_TRANSPORT \
729 - INET6_XFRM_MODE_TUNNEL \
730 - INET6_XFRM_MODE_BEET
731 - do
732 - if ! linux_chkconfig_present ${i}; then
733 - msg="${msg} ${i}"
734 - fi
735 - done
736 - if [[ ! -z "$msg" ]]; then
737 - nothing="0"
738 - ewarn
739 - ewarn "IPv6 IPSec may fail. CHECK:"
740 - ewarn "${msg}"
741 - fi
742 - fi
743 -
744 - # Check IPSec behind NAT
745 - if use nat; then
746 - if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then
747 - nothing="0"
748 - ewarn
749 - ewarn "IPSec behind NAT may fail. CHECK:"
750 - ewarn " NETFILTER_XT_MATCH_POLICY"
751 - fi
752 - fi
753 -
754 - if [[ $nothing == "1" ]]; then
755 - ewarn "NO PROBLEMS FOUND"
756 - fi
757 -
758 - ewarn
759 - ewarn "WARNING: If your *configured* and *running* kernel"
760 - ewarn "differ either now or in the future, then these checks"
761 - ewarn "may lead to misleading results."
762 - ewarn
763 - ewarn "\033[1;33m**************************************************\033[00m"
764 - ewarn
765 - else
766 - eerror
767 - eerror "\033[1;31m**************************************************\033[00m"
768 - eerror "Make sure that your *running* kernel is/will be >=2.6.19."
769 - eerror "Building ${PN} now, assuming that you know what you're doing."
770 - eerror "\033[1;31m**************************************************\033[00m"
771 - eerror
772 - fi
773 -}
774 -
775 -src_prepare() {
776 - # fix for bug #124813
777 - sed -i 's:-Werror::g' "${S}"/configure.ac || die
778 - # fix for building with gcc-4.6
779 - sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die
780 -
781 - eapply "${FILESDIR}/${PN}-def-psk.patch"
782 - eapply "${FILESDIR}/${PN}-include-vendoridh.patch"
783 - eapply "${FILESDIR}"/${PN}-0.8.0-sysctl.patch #425770
784 - eapply "${FILESDIR}"/${PN}-CVE-2015-4047.patch
785 - eapply "${DISTDIR}"/${PN}-add-openssl-1.1.x-support.patch
786 - eapply "${FILESDIR}"/${PN}-CVE-2016-10396.patch
787 - AT_M4DIR="${S}" eautoreconf
788 -
789 - eapply_user
790 -}
791 -
792 -src_configure() {
793 - #--with-{libiconv,libradius} lead to "Broken getaddrinfo()"
794 - #--enable-samode-unspec is not supported in linux
795 - local myconf
796 - myconf="--with-kernel-headers=/usr/include \
797 - --enable-adminport \
798 - --enable-dependency-tracking \
799 - --enable-dpd \
800 - --enable-frag \
801 - --without-libiconv \
802 - --without-libradius \
803 - --disable-samode-unspec \
804 - $(use_enable idea) \
805 - $(use_enable ipv6) \
806 - $(use_enable kerberos gssapi) \
807 - $(use_with ldap libldap) \
808 - $(use_enable nat natt) \
809 - $(use_with pam libpam) \
810 - $(use_enable rc5) \
811 - $(use_with readline) \
812 - $(use_enable selinux security-context) \
813 - $(use_enable stats)"
814 -
815 - use nat && myconf="${myconf} --enable-natt-versions=yes"
816 -
817 - # enable mode-cfg and xauth support
818 - if use pam; then
819 - myconf="${myconf} --enable-hybrid"
820 - else
821 - myconf="${myconf} $(use_enable hybrid)"
822 - fi
823 -
824 - econf ${myconf}
825 -}
826 -
827 -src_install() {
828 - emake DESTDIR="${D}" install
829 - keepdir /var/lib/racoon
830 - newconfd "${FILESDIR}"/racoon.conf.d-r2 racoon
831 - newinitd "${FILESDIR}"/racoon.init.d-r3 racoon
832 - systemd_dounit "${FILESDIR}/ipsec-tools.service"
833 - systemd_dounit "${FILESDIR}/racoon.service"
834 - use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon
835 -
836 - insinto /etc
837 - doins "${FILESDIR}"/ipsec-tools.conf
838 - insinto /etc/racoon
839 - doins "${FILESDIR}"/racoon.conf
840 - doins "${FILESDIR}"/psk.txt
841 - chmod 400 "${D}"/etc/racoon/psk.txt
842 -
843 - dodoc ChangeLog README NEWS
844 - dodoc -r src/racoon/samples
845 - dodoc -r src/racoon/doc
846 - docinto samples
847 - newdoc src/setkey/sample.cf ipsec-tools.conf
848 -}
849 -
850 -pkg_postinst() {
851 - if use nat; then
852 - elog
853 - elog "You have enabled the nat traversal functionnality."
854 - elog "Nat versions wich are enabled by default are 00,02,rfc"
855 - elog "you can find those drafts in the CVS repository:"
856 - elog "cvs -d anoncvs@××××××××××××××.org:/cvsroot co ipsec-tools"
857 - elog
858 - elog "If you feel brave enough and you know what you are"
859 - elog "doing, you can consider emerging this ebuild with"
860 - elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
861 - elog
862 - fi
863 -
864 - if use ldap; then
865 - elog
866 - elog "You have enabled ldap support with ${PN}."
867 - elog "The man page does NOT contain any information on it yet."
868 - elog "Consider using a more recent version or CVS."
869 - elog
870 - fi
871 -
872 - elog
873 - elog "Please have a look in /usr/share/doc/${P} and visit"
874 - elog "http://www.netbsd.org/Documentation/network/ipsec/"
875 - elog "to find more information on how to configure this tool."
876 - elog
877 -}
878
879 diff --git a/net-vpn/ipsec-tools/metadata.xml b/net-vpn/ipsec-tools/metadata.xml
880 deleted file mode 100644
881 index ebfe94eecee..00000000000
882 --- a/net-vpn/ipsec-tools/metadata.xml
883 +++ /dev/null
884 @@ -1,17 +0,0 @@
885 -<?xml version="1.0" encoding="UTF-8"?>
886 -<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
887 -<pkgmetadata>
888 - <maintainer type="person">
889 - <email>blueness@g.o</email>
890 - </maintainer>
891 - <use>
892 - <flag name="hybrid">Makes available both mode-cfg and xauth support</flag>
893 - <flag name="idea">Enable support for the IDEA algorithm</flag>
894 - <flag name="nat">Enable NAT-Traversal</flag>
895 - <flag name="rc5">Enable support for the patented RC5 algorithm</flag>
896 - <flag name="stats">Enable statistics reporting</flag>
897 - </use>
898 - <upstream>
899 - <remote-id type="sourceforge">ipsec-tools</remote-id>
900 - </upstream>
901 -</pkgmetadata>
902
903 diff --git a/profiles/package.mask b/profiles/package.mask
904 index 4e9189e86f1..ce047751e24 100644
905 --- a/profiles/package.mask
906 +++ b/profiles/package.mask
907 @@ -257,10 +257,6 @@ games-puzzle/gnudoku
908 # and accept a more unstable release.
909 >=www-client/chromium-96
910
911 -# Anthony G. Basile <blueness@g.o> (2021-08-27)
912 -# Masked for removal in 30 days. Deprecated upstream.
913 -net-vpn/ipsec-tools
914 -
915 # Bernard Cafarelli <voyageur@g.o> (2021-08-26)
916 # Preparing for final 5.0.0 release
917 >=app-text/tesseract-5.0.0_beta
Report Message
Find on MARC Find on Google Groups