diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2020-05-17 14:32:10 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2020-05-17 14:32:10 +0100 |
| commit | 51c50bd4c895ebf56d81fecae8e45ec3b5fc3efa (patch) | |
| tree | 753b6b08624c34d1ed8414bbe22c45409f7741b9 /net-vpn | |
| parent | be9d77d3ac6af8f4ead98d89706f356b65578c93 (diff) | |
| parent | deba8115d2c2af26df42966b91ef04ff4dd79cde (diff) | |
Merge branch 'edge' into next
Diffstat (limited to 'net-vpn')
51 files changed, 910 insertions, 1184 deletions
diff --git a/net-vpn/Manifest.gz b/net-vpn/Manifest.gz Binary files differindex 27aff08a88f7..e86646b070a2 100644 --- a/net-vpn/Manifest.gz +++ b/net-vpn/Manifest.gz diff --git a/net-vpn/libreswan/Manifest b/net-vpn/libreswan/Manifest index b30326cc96bf..9470d59044f4 100644 --- a/net-vpn/libreswan/Manifest +++ b/net-vpn/libreswan/Manifest @@ -1,6 +1,8 @@ AUX libreswan-3.30-ip-path.patch 563 BLAKE2B 838ae401b4e7c04378e8cbb2561a6d348896883942683682c8ac3b31de56d360460bc2ea2c26f579a6f36078101270167b775579fd2502c72dd680620c12a585 SHA512 a8a391386014cff3b867fb8c0ba8c83ecb93c11d35aea205877b66e3104712311e19f13eb9659ee158833512c199d0104b5a796ebef37a1bc210e254abc6f573 DIST libreswan-3.29.tar.gz 3848730 BLAKE2B 32dc839186fb511534a4959014082f8efe27708da7bc09dc5977532ffc7ea0ccdc92407932b3c3166f14b9ff85933e9a3f76325bbe620e09a5fa5a5c496d1f44 SHA512 4b4d91204d8b1724e0a9ad3ed55fc232c9a526211c3b47b6cc33fd160feb72538ef1661becca250bde815b9d7b75709bf16c7b372476605557b47c785cdf2535 DIST libreswan-3.31.tar.gz 4127675 BLAKE2B 0b773e4cfda761a88e8cb6ed412ecdd50bb52df7a58029141d41c77f959ad06c6cd04625b9094efa8586328381e3c75050ff68c2d8dd6d832ed5dd6e747d9391 SHA512 edaddeb209c4fb974b16790ba843a41f4f1d269dd28333aa02b820801a222435c2ca5622e77558d1e95970b4ef24a663d9c44ef4ede7ff4e66e1f0d9b6e880d2 +DIST libreswan-3.32.tar.gz 4141631 BLAKE2B 37a4cb5c1f52d69b17ba60abd2b7a181d9f5567914a453ab875185110aeda4d33ecdaacfc83e361f153860a1db66faec70e0ad06af65e310af28ae72ce68fc6a SHA512 bb65512351059e2fac6f1c3ed1e291eabd6835faacf6d9c58649dd71dab1bb4fe6d6074178dea6dea01f24d39f3fbefd84c6060e4d8436b5d057fa55ae4467f3 EBUILD libreswan-3.29.ebuild 3062 BLAKE2B 5d6b9ef04607c52c292d0c509129cfb82dc2d8ed2d30b90ecbc81a76de048c45b0c945f22cafbdc3c4fb35511bb9cb5b7992968fccd041cfc06e48f5a3cafef9 SHA512 640827da7fc1e7acce3b53d555e782cf685f0937b1ddab1c89888533fa067b19a9a931fbeb62ece60b474e576401d7a06b1f8fa6893adb748a09260d62716704 EBUILD libreswan-3.31.ebuild 3127 BLAKE2B dfd79e648967070d3a2ae7018873647a03d162bf904f4f70fa7d2baf9969d7912407a56869986f0c83675e65e5f27e5622ffccf4c6b1b3bcecb3200472976372 SHA512 5937f4ee0eba31fa8cbfcb477e19e5d2f74b1fafba9be035cdb64e88e80d5bc0acfd6dd995de54e449be6a8ff01a893ad64d578d4eb7b5e72f42f748fc829333 +EBUILD libreswan-3.32.ebuild 3129 BLAKE2B 898c335ac5250ef25dbf1197799158bea2a8ee562f2dce91eff51086fc0149c49665689a5b27c65eca26cc80b2c35ab1c3c5ef8c403f5b54e48fa9ed9cc643b7 SHA512 b221c0dc62b3326072dd05fda6e6b3dacca223b2fba0f2db38fa1114716b800071f804365c0051653f2b7c24a39cfacb532095d75c8a02216470538715da659e MISC metadata.xml 319 BLAKE2B 6bae0756e29efeb1cf77d60f7e38fe62ffa5f24c3745e07900e6ef5f65194c50f6a479d97fdcc24804ccdcfefd9707b12f08dffe613fcf798afc421826de36e4 SHA512 924161f15c0f7a9666a6d7a422b45da679190e1a0f2859b997ddd753cbf49df9da337e5420040210736f76fa712dca3ec8862480f62bd321de71e74bee7c0865 diff --git a/net-vpn/libreswan/libreswan-3.32.ebuild b/net-vpn/libreswan/libreswan-3.32.ebuild new file mode 100644 index 000000000000..f81f028d3f9b --- /dev/null +++ b/net-vpn/libreswan/libreswan-3.32.ebuild @@ -0,0 +1,117 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit systemd toolchain-funcs + +SRC_URI="https://download.libreswan.org/${P}.tar.gz" +KEYWORDS="~amd64 ~arm ~ppc ~x86" + +DESCRIPTION="IPsec implementation for Linux, fork of Openswan" +HOMEPAGE="https://libreswan.org/" + +LICENSE="GPL-2 BSD-4 RSA DES" +SLOT="0" +IUSE="caps curl dnssec ldap pam seccomp selinux systemd test" +RESTRICT="!test? ( test )" + +DEPEND=" + dev-libs/gmp:0= + dev-libs/libevent:0= + dev-libs/nspr + >=dev-libs/nss-3.42 + >=sys-kernel/linux-headers-4.19 + caps? ( sys-libs/libcap-ng ) + curl? ( net-misc/curl ) + dnssec? ( >=net-dns/unbound-1.9.1-r1:= net-libs/ldns ) + ldap? ( net-nds/openldap ) + pam? ( sys-libs/pam ) + seccomp? ( sys-libs/libseccomp ) + selinux? ( sys-libs/libselinux ) + systemd? ( sys-apps/systemd:0= ) +" +BDEPEND=" + app-text/docbook-xml-dtd:4.1.2 + app-text/xmlto + dev-libs/nss + sys-devel/bison + sys-devel/flex + virtual/pkgconfig + test? ( dev-python/setproctitle ) +" +RDEPEND="${DEPEND} + dev-libs/nss[utils(+)] + sys-apps/iproute2 + !net-vpn/strongswan + selinux? ( sec-policy/selinux-ipsec ) +" + +usetf() { + usex "$1" true false +} + +PATCHES=( "${FILESDIR}/${PN}-3.30-ip-path.patch" ) + +src_prepare() { + sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die + sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die + default +} + +src_configure() { + tc-export AR CC + export INC_USRLOCAL=/usr + export INC_MANDIR=share/man + export FINALEXAMPLECONFDIR=/usr/share/doc/${PF} + export FINALDOCDIR=/usr/share/doc/${PF}/html + export INITSYSTEM=openrc + export INC_RCDIRS= + export INC_RCDEFAULT=/etc/init.d + export USERCOMPILE= + export USERLINK= + export USE_DNSSEC=$(usetf dnssec) + export USE_LABELED_IPSEC=$(usetf selinux) + export USE_LIBCAP_NG=$(usetf caps) + export USE_LIBCURL=$(usetf curl) + export USE_LINUX_AUDIT=$(usetf selinux) + export USE_LDAP=$(usetf ldap) + export USE_SECCOMP=$(usetf seccomp) + export USE_SYSTEMD_WATCHDOG=$(usetf systemd) + export SD_WATCHDOGSEC=$(usex systemd 200 0) + export USE_XAUTHPAM=$(usetf pam) + export DEBUG_CFLAGS= + export OPTIMIZE_CFLAGS= + export WERROR_CFLAGS= +} + +src_compile() { + emake all + emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" all +} + +src_test() { + : # integration tests only that require set of kvms to be set up +} + +src_install() { + default + emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" DESTDIR="${D}" install + + echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets + fperms 0600 /etc/ipsec.secrets + + dodoc -r docs + + find "${D}" -type d -empty -delete || die +} + +pkg_postinst() { + local IPSEC_CONFDIR=${ROOT}/etc/ipsec.d + if [[ ! -f ${IPSEC_CONFDIR}/cert8.db && ! -f ${IPSEC_CONFDIR}/cert9.db ]] ; then + ebegin "Setting up NSS database in ${IPSEC_CONFDIR} with empty password" + certutil -N -d "${IPSEC_CONFDIR}" --empty-password + eend $? + einfo "To set a password: certutil -W -d sql:${IPSEC_CONFDIR}" + fi +} diff --git a/net-vpn/networkmanager-openvpn/Manifest b/net-vpn/networkmanager-openvpn/Manifest index 12f6130615d4..dd678509aa06 100644 --- a/net-vpn/networkmanager-openvpn/Manifest +++ b/net-vpn/networkmanager-openvpn/Manifest @@ -1,4 +1,3 @@ DIST NetworkManager-openvpn-1.8.10.tar.xz 564540 BLAKE2B e117395b91efbd0ee10bdefe0aaff8a39fdd1fe232dc1543224be7dfd9bb18729ad873091301e6348f8955f28579e106f5565c7138309571e06598aa35dc5bba SHA512 f710848fccf21ac4554a2b46e80cf890c011edc6d64d9a49d6d8669f3ff71f7990e11e6f4681bb85d30238ec05f2fc79c4619983f6860c6ab0d714f941a3dfcc -EBUILD networkmanager-openvpn-1.8.10-r1.ebuild 1320 BLAKE2B cf2237f0372112b43d518f96be782b54e9c77a8c200fd27bc2ee6d9e4692ffc441732f5e798e56e6760b5f001f0c37f16a740bdb7a967e0be1a5a4a11ef2e629 SHA512 5d1b387f332881601f1e2a6b782504e3ad2fb0501b7aed85e7dd1c08372fe87caf3a768133f94b371145944b4ebaf4de16ab69087863a3b8c98299d8be494fa0 -EBUILD networkmanager-openvpn-1.8.10-r2.ebuild 1303 BLAKE2B 4edae669bf5d5dfe2ae6e477caa54cb2a00d9174c22cc708fa98ccb48057d1a9a914d91a88e179d2b8de96bea9eef8154ea1ad08b0c5f763cab39b9177717e44 SHA512 3a04136edd3a9cdec7a25f66cc60c4adb8921f6eb91cb0957f4d0de2f082c50fbf5e2bbacb8a8b2cf465283194e821e4286162a64c538ca5c8e71481e077faf0 +EBUILD networkmanager-openvpn-1.8.10-r2.ebuild 1302 BLAKE2B 451a9e8e1e8a1de6a943927529fe439b36fd7048115db948b7fe90698c4730470dc6a73735106c0b7c4b90e892b2ee07a1b993c0397ac1b620062c585a2f7558 SHA512 6f8f1aea4ff54490b07a2d72777d6a5eec0e36de17014703ed0000a4d516966a7f8b4ad8635c988aa9a4b18ae6c8c844b79a85a9fa76d19e9ce89c04c75ed284 MISC metadata.xml 253 BLAKE2B a1efbd3751efaa83ee173f557ec1c8a4497a90b60896cf5a7a07da40b4f94a7a299ca0385477e82b2f5e5dbdf9afa482ccbe21f35ef44214e9c451d764b65529 SHA512 8d59f413993268ca783f7407b676900bb2d964754bf705d4175e2bafbe058a52af74f3928e4bd84d292518f8cf13fab7051486ab7cdc61d02fae6e0188d44442 diff --git a/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.8.10-r1.ebuild b/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.8.10-r1.ebuild deleted file mode 100644 index 58c66c7c02ab..000000000000 --- a/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.8.10-r1.ebuild +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 -GNOME_ORG_MODULE="NetworkManager-${PN##*-}" - -inherit gnome2 user - -DESCRIPTION="NetworkManager OpenVPN plugin" -HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager" - -LICENSE="GPL-2+" -SLOT="0" -KEYWORDS="amd64 ~arm x86" -IUSE="gtk test" -RESTRICT="!test? ( test )" - -RDEPEND=" - >=dev-libs/glib-2.32:2 - >=net-misc/networkmanager-1.7.0:= - >=net-vpn/openvpn-2.1 - gtk? ( - >=app-crypt/libsecret-0.18 - <net-misc/networkmanager-1.19 - >=gnome-extra/nm-applet-1.7.0[gtk] - >=x11-libs/gtk+-3.4:3 - ) -" -DEPEND="${RDEPEND} - dev-libs/libxml2:2 - sys-devel/gettext - >=dev-util/intltool-0.35 - virtual/pkgconfig -" - -pkg_setup() { - enewgroup nm-openvpn - enewuser nm-openvpn -1 -1 -1 nm-openvpn -} - -src_prepare() { - # Test will fail if the machine doesn't have a particular locale installed - # FAIL: (tls-import-data) unexpected 'ca' secret value, upstream bug #742708 - sed '/test_non_utf8_import (plugin, test_dir)/ d' \ - -i properties/tests/test-import-export.c || die "sed failed" - - gnome2_src_prepare -} - -src_configure() { - # --localstatedir=/var needed per bug #536248 - gnome2_src_configure \ - --localstatedir=/var \ - --disable-more-warnings \ - --disable-static \ - --with-dist-version=Gentoo \ - $(use_with gtk gnome) -} diff --git a/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.8.10-r2.ebuild b/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.8.10-r2.ebuild index f8b8700353f5..98147f688619 100644 --- a/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.8.10-r2.ebuild +++ b/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.8.10-r2.ebuild @@ -11,7 +11,7 @@ HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager" LICENSE="GPL-2+" SLOT="0" -KEYWORDS="amd64 ~arm ~x86" +KEYWORDS="amd64 ~arm x86" IUSE="gtk test" RESTRICT="!test? ( test )" diff --git a/net-vpn/networkmanager-pptp/Manifest b/net-vpn/networkmanager-pptp/Manifest index 5625fa07c76c..4f955a03f8b9 100644 --- a/net-vpn/networkmanager-pptp/Manifest +++ b/net-vpn/networkmanager-pptp/Manifest @@ -1,4 +1,3 @@ DIST NetworkManager-pptp-1.2.8.tar.xz 401540 BLAKE2B 64b3fe344a39eb64b462bda9204fb80b95a6cb54988efef9dbd1a5a6b04b3577edee97afabef410488868736d751846bdd98f3965a96806790527434c8207ec8 SHA512 ff1bee257d6aa6750c2fbd302edc3022780e9182fde1d79d4b37246daf01b0a9e5115dd64ec70a4b128e273eff6f9bc22af87fe2b25618008be6f452bbcd41a7 -EBUILD networkmanager-pptp-1.2.8-r1.ebuild 1296 BLAKE2B 3b76312220594f32ec8652edce5c4c80f8ef045d8170b05a5105926c7224483e2b905d13e89bc7a93d2f71a98afcb3b0994abeee9135e85d75426e1830a221ec SHA512 94c9a4ff66f7098e88e647c96b0c7824c017028154de0b09acf7ed1bb730094dba2af021841e489a8c1310c1911ab64ec16e244ac8ca62f5e2d844d0429c2cf0 -EBUILD networkmanager-pptp-1.2.8-r2.ebuild 1279 BLAKE2B cd1492ed7f97a1e0f7dca2849058eff09ceb00590f5b6a9bf9b6a28e6c881842ae7a32145b15498210b916c4e07d2a80d0c4e3f31324c9c241c6a2fe0e6d450c SHA512 4c3445bc13eea26cfab2735ac587f7578633508c315e56997f2cb8e9ea8fd32df8d82a4560c323dbbb81ed12b08b8521fdf20328c8ab509faee7d93d09a3e88e +EBUILD networkmanager-pptp-1.2.8-r2.ebuild 1278 BLAKE2B 6719b10c3226e823cfef615119d30311eb9206e7be7d59eb3be2b56fc35a03a15bcaddb1d0b6a3d91877f5a14d56d7c51c532ec6dbe035a971010bfe3694ac71 SHA512 e33dfe7f0131379699064ca796bc0da09c5287bffe6e6a3cb469866ec82aa6c0a51081ad679580dc5d65ff20aa645918fb92dfedc0d2e413ec44aeff4c9e08d3 MISC metadata.xml 253 BLAKE2B a1efbd3751efaa83ee173f557ec1c8a4497a90b60896cf5a7a07da40b4f94a7a299ca0385477e82b2f5e5dbdf9afa482ccbe21f35ef44214e9c451d764b65529 SHA512 8d59f413993268ca783f7407b676900bb2d964754bf705d4175e2bafbe058a52af74f3928e4bd84d292518f8cf13fab7051486ab7cdc61d02fae6e0188d44442 diff --git a/net-vpn/networkmanager-pptp/networkmanager-pptp-1.2.8-r1.ebuild b/net-vpn/networkmanager-pptp/networkmanager-pptp-1.2.8-r1.ebuild deleted file mode 100644 index f1715f8f01a7..000000000000 --- a/net-vpn/networkmanager-pptp/networkmanager-pptp-1.2.8-r1.ebuild +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 -GNOME_ORG_MODULE="NetworkManager-${PN##*-}" - -inherit gnome2 - -DESCRIPTION="NetworkManager PPTP VPN plugin" -HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager/VPN" - -LICENSE="GPL-2+" -SLOT="0" -KEYWORDS="amd64 ~arm x86" -IUSE="gtk" - -RDEPEND=" - >=net-misc/networkmanager-1.2.0:= - >=dev-libs/dbus-glib-0.74 - >=dev-libs/glib-2.32:2 - net-dialup/ppp:= - net-dialup/pptpclient - gtk? ( - >=app-crypt/libsecret-0.18 - <net-misc/networkmanager-1.19 - >=gnome-extra/nm-applet-1.2.0[gtk] - >=x11-libs/gtk+-3.4:3 - ) -" -# libxml2 required for glib-compile-resources -DEPEND="${RDEPEND} - sys-devel/gettext - dev-libs/libxml2:2 - dev-util/gdbus-codegen - dev-util/intltool - virtual/pkgconfig -" - -src_configure() { - local myconf - # Same hack as net-dialup/pptpd to get proper plugin dir for ppp, bug #519986 - local PPPD_VER=`best_version net-dialup/ppp` - PPPD_VER=${PPPD_VER#*/*-} #reduce it to ${PV}-${PR} - PPPD_VER=${PPPD_VER%%[_-]*} # main version without beta/pre/patch/revision - myconf="${myconf} --with-pppd-plugin-dir=/usr/$(get_libdir)/pppd/${PPPD_VER}" - - gnome2_src_configure \ - --disable-more-warnings \ - --disable-static \ - --with-dist-version=Gentoo \ - $(use_with gtk gnome) \ - ${myconf} -} diff --git a/net-vpn/networkmanager-pptp/networkmanager-pptp-1.2.8-r2.ebuild b/net-vpn/networkmanager-pptp/networkmanager-pptp-1.2.8-r2.ebuild index 276b82f69612..19626ac200af 100644 --- a/net-vpn/networkmanager-pptp/networkmanager-pptp-1.2.8-r2.ebuild +++ b/net-vpn/networkmanager-pptp/networkmanager-pptp-1.2.8-r2.ebuild @@ -11,7 +11,7 @@ HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager/VPN" LICENSE="GPL-2+" SLOT="0" -KEYWORDS="amd64 ~arm ~x86" +KEYWORDS="amd64 ~arm x86" IUSE="gtk" RDEPEND=" diff --git a/net-vpn/networkmanager-sstp/Manifest b/net-vpn/networkmanager-sstp/Manifest index db2506ed3e8d..4ee18ea2c031 100644 --- a/net-vpn/networkmanager-sstp/Manifest +++ b/net-vpn/networkmanager-sstp/Manifest @@ -1,3 +1,3 @@ DIST NetworkManager-sstp-1.2.0.tar.bz2 440695 BLAKE2B 170221842c25945da09f94364642be94993ac4ef7bbaffebefc463e18eeff78f3a58d95607a6f0be9fb5ecdabee244d64abb02eb56deb213ac089019089821f4 SHA512 31c7f61c2d0326c2ddc681690d4a9e0a25f29b3b5f51c44ea196cd74aab1002a6eb66bd06bddd8218961b18e666d5c28e57cfe0b2694a686ea8eb4195fcd9776 -EBUILD networkmanager-sstp-1.2.0.ebuild 1132 BLAKE2B c5f5b15d432a656f310413cbcab1a777eaa5e6a461e4a81c4c626bc89f844d9ea7be919d271409534dda2be0018e9990c687c3b1cc2f26bb1f4a061e5ce65f5c SHA512 ef7458f94cf0a3542d7cc5f296cae087d49858163975f2a8c4e5fc7b56f9d7302a6d403789741852bc85d6867ee407df0f92e0eae14089fa5f632b4070f1e1f8 +EBUILD networkmanager-sstp-1.2.0-r1.ebuild 1218 BLAKE2B 119d67bc269a808cbc0c6c29f90ce8f0de9140376eba85519746903154551ca6475aaebc0360ac044106edcf7e9d51a5652e45c75f984024bb090217ed6cf1be SHA512 fd8156aee6ab86c21f73216b0efc2c910c263149b679ab261533af456579f1929e223cdba29331a321ac4f318d9ad0f818464a654380faf1dc3adbde909363a6 MISC metadata.xml 246 BLAKE2B 44260db10886a6891e62e7d8b799e396e797d165b32782fca4770c5fe3d1bcb14e5f466ac18a631b4a79fd3055dba5cd25f3de6750810af4b2fcbc8a9a3aafb8 SHA512 aa5aca1504443263cd365d72174fb0d6450c41f02710290ae8e523690359be34964f607a9e837756203fdc0d4d4af361a56a2e9c1d4518a34ec9a09486dc100f diff --git a/net-vpn/networkmanager-sstp/networkmanager-sstp-1.2.0.ebuild b/net-vpn/networkmanager-sstp/networkmanager-sstp-1.2.0-r1.ebuild index cfd469aae6bc..e3d6d9c1d49b 100644 --- a/net-vpn/networkmanager-sstp/networkmanager-sstp-1.2.0.ebuild +++ b/net-vpn/networkmanager-sstp/networkmanager-sstp-1.2.0-r1.ebuild @@ -3,8 +3,6 @@ EAPI=6 -inherit eutils ltprune - MY_PN="NetworkManager-sstp" MY_P="${MY_PN}-${PV}" @@ -17,17 +15,20 @@ SLOT="0" KEYWORDS="~amd64 ~x86" IUSE="gtk" -RDEPEND=">=dev-libs/dbus-glib-0.74 +RDEPEND=" + >=dev-libs/glib-2.32:2 net-misc/sstp-client - >=net-misc/networkmanager-${PV} + >=net-misc/networkmanager-1.1.0 net-dialup/ppp:= gtk? ( - x11-libs/gtk+:3 + >=x11-libs/gtk+-3.4:3 + >=net-libs/libnma-1.1.0 app-crypt/libsecret ) " DEPEND="${RDEPEND} + dev-util/gdbus-codegen virtual/pkgconfig sys-devel/gettext dev-util/intltool @@ -42,10 +43,11 @@ src_configure() { --disable-static \ --with-dist-version=Gentoo \ --with-pppd-plugin-dir="${EPREFIX}/usr/$(get_libdir)/pppd/${PPPD_VERSION}" \ - $(use_with gtk gnome) + $(use_with gtk gnome) \ + --without-libnm-glib } src_install() { default - prune_libtool_files + find "${ED}" -type f -name '*.la' -delete || die } diff --git a/net-vpn/networkmanager-strongswan/Manifest b/net-vpn/networkmanager-strongswan/Manifest index 9d40b973dd4c..d88c0aac0493 100644 --- a/net-vpn/networkmanager-strongswan/Manifest +++ b/net-vpn/networkmanager-strongswan/Manifest @@ -1,4 +1,6 @@ +AUX networkmanager-strongswan-1.5.1-change-appdata-location.patch 993 BLAKE2B 9451e326976ab31790868fe8c7e41d458f5e49b069e3e829d207807377f861d70408636bb3c1f7926f2bb978059a7449819b2eb4913d8edf7e8d2b024b55f665 SHA512 aa06591d5b9444d8c0ec7130f39af0f69dbb0a9f59e461caa392874227e0f2dea4967054be0472e9c6c1809d5550538f61c8a1d847dcfbd4061447ae046373fd DIST NetworkManager-strongswan-1.4.5.tar.bz2 306689 BLAKE2B c00a45eede846b927ea63c97d8fec75ceae296fe0f32aa61c87438adbb4bb0108c61c5b6e056dc8973f8bab6a51f8c63443695816a03b9c360565cb880b2d6f5 SHA512 b1c8958ec40065ec251f625ac69707d3e86e2d3b0466bd33a23edbdabefa952582ee066fc7e61bfd5921ed8340a7233353a219cff50fdc279a67c8269920cb86 -EBUILD networkmanager-strongswan-1.4.5-r1.ebuild 1006 BLAKE2B 0a2f15fd65e58d5cc9d6010f173fe522260cfee428a7cf8f45ad8a756c990b508e7fca85c56fb883cfc33a4421fc666d3fec12c96296bcc310fab4146d7a44e3 SHA512 36024d9b44be4eb9dc60470f271a14aa4717d4660af1a47eca1f7d178d63232ace708727811be1a3794aaa63fe1cbe87dd3758eed9d755d325b878930c522368 -EBUILD networkmanager-strongswan-1.4.5-r2.ebuild 918 BLAKE2B aa9fc33976555dcf368f4aac5b0a7bb2bee49bf7be09a4a0e4b91572565bc0950a1e65df0cfca8368bcb106a69edd9d6e526826b84cd80fc86d9bba601a9d095 SHA512 2a3f007fc4c95480deec9174c2e615ef4660a12e72bba3a70ebe5a89b3833c6eb9ee849be2bac6aa4a1bb2dc16276c35a5d66b3332c43523d4dddd5c4851aec3 -MISC metadata.xml 325 BLAKE2B da2fbfdaf5a51c3c6513f31b232b157bffe4864190935c363f54df5389d044b0ed0829db75703a297ef85dd123301e68296d868317d294f9356cd6e9dba94a66 SHA512 74543db61d0c4222e3e36d41d18b0da04b440b2b13e42d78cb202d36366842569c6af971c48d2b97043b4e7c9f37bf12e1d15e074f5b97f31e3a120c614233d9 +DIST NetworkManager-strongswan-1.5.1.tar.bz2 300700 BLAKE2B 543cdf340eafcaa6690f6ecf6ef9c3de944ceb47d867c2b8835285fd324ca2212b824665b194b2589ad8dbb3f3b1e89cdf24d554d2531da1d8bb800d7c0ef41a SHA512 3ef305dd5d95f377784db3069d5af4f60df2ce2fd8459577a20f99fd0cef43a973610acffa5b305c79e7d1754dfa138ea1ba1d59e57b2826ff5f85c97100fb06 +EBUILD networkmanager-strongswan-1.4.5-r2.ebuild 917 BLAKE2B 8163558c167b08e633ef46a30e5b1b664fc7e6121a2724b1fb65f301efe0de10ad4c46b7d7576b1765cd11ff42ba58f2efb2f73300582a64ddf5b1b567e26539 SHA512 83930fd4237db1d9771d6f8e80daab49baaa299d15b95fd7c4bc7bfee263d1a94dadfb86a442667fc629a34fee7a600bf3c96aac82311639c4d5966f5219125c +EBUILD networkmanager-strongswan-1.5.1.ebuild 1038 BLAKE2B a039a8c9f9481529b85fadf243abb4ecc17bd6b1803a4b7b05fefccd144c7a28a9a2f121baf400c75c8e9044048ed9183e0b5706970c0d751fb92b8c67499965 SHA512 7c75556f52d12c65b728704c7f189cc69792e321d0e6f310dad996dd717ea73638729f3d3b01cc782a7546fe412166e7e40f237f8783feaf58e4e32d1e85c347 +MISC metadata.xml 250 BLAKE2B d57634b040c498296655940e3ee580c8580075a4190e2600113cee5548ff44a2025568380f3d5d9f3ca0fcd1ea5d41c9871395ffbcf4bd32d8df6a494852a885 SHA512 c225bdf339347a1768b255d905f3831904cdc375f3d4e90e41c68645b8bcfe2dfdf8e6aa4c67063103f459808a387c8edd9b35b073b8be175f7a3bd490fe3dca diff --git a/net-vpn/networkmanager-strongswan/files/networkmanager-strongswan-1.5.1-change-appdata-location.patch b/net-vpn/networkmanager-strongswan/files/networkmanager-strongswan-1.5.1-change-appdata-location.patch new file mode 100644 index 000000000000..13f329b97e69 --- /dev/null +++ b/net-vpn/networkmanager-strongswan/files/networkmanager-strongswan-1.5.1-change-appdata-location.patch @@ -0,0 +1,29 @@ +From 24791dab2deb6beb064b7c0a2f23de4a37690374 Mon Sep 17 00:00:00 2001 +From: Conrad Kostecki <conrad@kostecki.com> +Date: Sun, 10 May 2020 17:04:41 +0200 +Subject: [PATCH] Makefile.am: store appdata to /usr/share/metainfo + +The path '/usr/share/appdata' is deprecated and +should be changed to '/usr/share/metainfo'. + +See section: 2.1.2. Filesystem locations +https://www.freedesktop.org/software/appstream/docs/chap-Metadata.html + +Signed-off-by: Conrad Kostecki <conrad@kostecki.com> +--- + Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/frontends/gnome/Makefile.am b/src/frontends/gnome/Makefile.am +index 9b8c6765a3..e9fa5ca4af 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -6,7 +6,7 @@ nmvpnservice_DATA = nm-strongswan-service.name + + @INTLTOOL_DESKTOP_RULE@ + +-appdatadir = $(datadir)/appdata ++appdatadir = $(datadir)/metainfo + appdata_DATA = $(appdata_in_files:.xml.in=.xml) + appdata_in_files = NetworkManager-strongswan.appdata.xml.in + @INTLTOOL_XML_RULE@ diff --git a/net-vpn/networkmanager-strongswan/metadata.xml b/net-vpn/networkmanager-strongswan/metadata.xml index c61eaedb88a0..3e3880cf1051 100644 --- a/net-vpn/networkmanager-strongswan/metadata.xml +++ b/net-vpn/networkmanager-strongswan/metadata.xml @@ -5,7 +5,4 @@ <email>conikost@gentoo.org</email> <name>Conrad Kostecki</name> </maintainer> - <use> - <flag name="glib">Enable libnm-glib compatibility.</flag> - </use> </pkgmetadata> diff --git a/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.4.5-r2.ebuild b/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.4.5-r2.ebuild index 186623723a20..334738c79eeb 100644 --- a/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.4.5-r2.ebuild +++ b/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.4.5-r2.ebuild @@ -12,7 +12,7 @@ SRC_URI="https://download.strongswan.org/${MY_PN}/${MY_P}.tar.bz2" LICENSE="GPL-2+" SLOT="0" -KEYWORDS="amd64 ~x86" +KEYWORDS="amd64 x86" IUSE="" RDEPEND=" diff --git a/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.4.5-r1.ebuild b/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.5.1.ebuild index 9946b63c9bba..9392a19c6911 100644 --- a/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.4.5-r1.ebuild +++ b/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.5.1.ebuild @@ -3,6 +3,8 @@ EAPI=7 +inherit autotools + MY_PN="NetworkManager" MY_P="${P/networkmanager/${MY_PN}}" @@ -12,34 +14,39 @@ SRC_URI="https://download.strongswan.org/${MY_PN}/${MY_P}.tar.bz2" LICENSE="GPL-2+" SLOT="0" -KEYWORDS="amd64 x86" -IUSE="+glib" +KEYWORDS="~amd64 ~x86" RDEPEND=" app-crypt/libsecret - gnome-extra/nm-applet + >=net-libs/libnma-1.1.0 net-misc/networkmanager - net-vpn/strongswan[networkmanager] + >=net-vpn/strongswan-5.8.3[networkmanager] x11-libs/gtk+:3 - glib? ( gnome-extra/nm-applet[gtk] - <net-misc/networkmanager-1.19 ) " -DEPEND=" - ${RDEPEND} +DEPEND="${RDEPEND}" + +BDEPEND=" dev-util/intltool + virtual/pkgconfig " -BDEPEND="virtual/pkgconfig" - S="${WORKDIR}/${MY_P}" +PATCHES="${FILESDIR}/${P}-change-appdata-location.patch" + +src_prepare() { + default + + eautoreconf +} + src_configure() { local myeconfargs=( # Don't enable all warnings, as some are treated as errors and the compilation will fail --disable-more-warnings --disable-static - $(usex glib '' --without-libnm-glib) + --without-libnm-glib ) econf "${myeconfargs[@]}" diff --git a/net-vpn/networkmanager-vpnc/Manifest b/net-vpn/networkmanager-vpnc/Manifest index 28642dd764d4..185bf8b88b0e 100644 --- a/net-vpn/networkmanager-vpnc/Manifest +++ b/net-vpn/networkmanager-vpnc/Manifest @@ -1,4 +1,3 @@ DIST NetworkManager-vpnc-1.2.6.tar.xz 417412 BLAKE2B 00072e2f5449687a55ff4dc0382c4ef2bb2042f9b2a4437d1d6790084ff1b88210e45909808048498f315d59ed5408630ae15d09a1d22e4acbf840554e452546 SHA512 4f8adf58d73cef74a950d822c6f17cd813a1e74fcd3c0391f847541c279e448a6353b83984d593fe5e11138a37b7f1c21b9a24a6843c1d35e4cb68bc29bc3eb1 -EBUILD networkmanager-vpnc-1.2.6-r1.ebuild 1128 BLAKE2B afc2a37cf8dd4d4c0064da45ed4cba3b88d63b22c1f153f577104e8a53018dd2f70c38a600cc6b87edb389dc8d9ca455b74def05dcfdc1770fac4f46807f1710 SHA512 5d2ee7a297c4c327e3a6b7c2344b951caa15727dc299b1870bfbac741a9fab53aba211a04b0a74aa9d91e38ab9d950d4cf4bdb82de161b0f44a51e1a9b2360d9 -EBUILD networkmanager-vpnc-1.2.6-r2.ebuild 1111 BLAKE2B ea495819c5873223aad927bb20a5ec025c71ce4d34e4acd939041dcb3f3afd41181cfd992993cb761f03caa57659d9fa1e237cfc189b44038876b509612ebd53 SHA512 b3eb4983d4cd41caf08a5402c6a180ecf94f0b3c1cf8da3ca935b90aad84932d43752062fb2be122d4faad83dea8ec4c2ce343a5dbd67649235eec708e45a1c4 +EBUILD networkmanager-vpnc-1.2.6-r2.ebuild 1110 BLAKE2B 2eca31a7e7539ca8a000c3c2a256c23d106c66d8d68376839c48a7a632c423bcd1c9063910c76c384c811a75328adfccd26f5fb8f32dfb4aa381076767a750a7 SHA512 a655427ecdec2dd22965368e9ff5a1c471c193b713d9129794bda3caabaf723f894b596536fd21d49fea84d2ca7c21d8e74ab3b6fc1b18fb500ef7306e1dc2dc MISC metadata.xml 253 BLAKE2B a1efbd3751efaa83ee173f557ec1c8a4497a90b60896cf5a7a07da40b4f94a7a299ca0385477e82b2f5e5dbdf9afa482ccbe21f35ef44214e9c451d764b65529 SHA512 8d59f413993268ca783f7407b676900bb2d964754bf705d4175e2bafbe058a52af74f3928e4bd84d292518f8cf13fab7051486ab7cdc61d02fae6e0188d44442 diff --git a/net-vpn/networkmanager-vpnc/networkmanager-vpnc-1.2.6-r1.ebuild b/net-vpn/networkmanager-vpnc/networkmanager-vpnc-1.2.6-r1.ebuild deleted file mode 100644 index 1fe48859e722..000000000000 --- a/net-vpn/networkmanager-vpnc/networkmanager-vpnc-1.2.6-r1.ebuild +++ /dev/null @@ -1,51 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 -GNOME_ORG_MODULE="NetworkManager-${PN##*-}" - -inherit gnome2 - -DESCRIPTION="NetworkManager VPNC plugin" -HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager" - -LICENSE="GPL-2+" -SLOT="0" -KEYWORDS="amd64 ~arm x86" -IUSE="gtk test" -RESTRICT="!test? ( test )" - -RDEPEND=" - >=net-misc/networkmanager-1.2.0:= - >=dev-libs/dbus-glib-0.74 - >=dev-libs/glib-2.32:2 - >=net-vpn/vpnc-0.5.3_p550 - gtk? ( - >=app-crypt/libsecret-0.18 - <net-misc/networkmanager-1.19 - >=gnome-extra/nm-applet-1.2.0[gtk] - >=x11-libs/gtk+-3.4:3 - ) -" -DEPEND="${RDEPEND} - sys-devel/gettext - dev-util/intltool - virtual/pkgconfig -" - -src_prepare() { - # Test will fail if the machine doesn't have a particular locale installed - # https://bugzilla.gnome.org/show_bug.cgi?id=742708 - sed '/test_non_utf8_import (plugin/ d' \ - -i properties/tests/test-import-export.c || die "sed failed" - - gnome2_src_prepare -} - -src_configure() { - gnome2_src_configure \ - --disable-more-warnings \ - --disable-static \ - --with-dist-version=Gentoo \ - $(use_with gtk gnome) -} diff --git a/net-vpn/networkmanager-vpnc/networkmanager-vpnc-1.2.6-r2.ebuild b/net-vpn/networkmanager-vpnc/networkmanager-vpnc-1.2.6-r2.ebuild index bc252ba5f8d5..0c2c68f02749 100644 --- a/net-vpn/networkmanager-vpnc/networkmanager-vpnc-1.2.6-r2.ebuild +++ b/net-vpn/networkmanager-vpnc/networkmanager-vpnc-1.2.6-r2.ebuild @@ -11,7 +11,7 @@ HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager" LICENSE="GPL-2+" SLOT="0" -KEYWORDS="amd64 ~arm ~x86" +KEYWORDS="amd64 ~arm x86" IUSE="gtk test" RESTRICT="!test? ( test )" diff --git a/net-vpn/ocserv/Manifest b/net-vpn/ocserv/Manifest index 2a827af77e55..eeacd0a52ffb 100644 --- a/net-vpn/ocserv/Manifest +++ b/net-vpn/ocserv/Manifest @@ -1,4 +1,4 @@ AUX ocserv 182 BLAKE2B b7ea6c381fed7406bda8fae3638445d6cd2e2acaf5f5c310227fc56f62e3286df6bb49063db8d2ab8dce2c6d5e8487b50085875f2af057b662aeb37b5adfe77a SHA512 9e0dcc3668e5e7584b4f01f56c0b48c7a1099b3658ee2387cd899050030328c497e64f9409a1af589ab42f8b6b1e7f13828a50b478906721ccad9d3013f3b06a -DIST ocserv-1.0.0.tar.xz 785020 BLAKE2B 6fff9459a29508e4f0e25f77b28d2c8883b4c3ba43fc758b71f6f0c0a369946287dd810f3af91e037e79f8b4a4085961246f313d2cb982cacba66615c24b0bb9 SHA512 6f396c9180004f8d439e094f9de0490016b085dad6bd7a5d17d3433480b37de65c25fc0c52452f5ea408bb7bc997ddcbfcdd80a3bbe454af3267aa14edbb3df9 -EBUILD ocserv-1.0.0.ebuild 1703 BLAKE2B 6f9ce5f0078af7e1cdefdb6eb460f0f99f4ec400d29c087d0d90313598d70dfee1a2ba93c49db9e829971e504b7e02ccdee1a212e2ff5f0dbb23a0c440746e7b SHA512 b89cca5c3e195e7cc2ef8df9a725e51bd99d44bd876e8388fc0484ee47afb430bfdfd342ba8a8c9fab63743306353349ce8cd985d9c917143a0d9e6af786bbc4 +DIST ocserv-1.0.1.tar.xz 787800 BLAKE2B 655a2a6e1434a5b31b157e0f73df3d6d04011c06fd5a1f39f1152752abdc837974c739bc0694a804a1e96b4e219c78c5cf1a58040bbcdcad3e326d0c9e584c7b SHA512 953e1b6084f68f8627b5383e28b5fcde987881e66feac645a40fa37d895f0711b171c9029c3703773dfbd5432d747f92c71af9240c2df3381599902a7d5fe880 +EBUILD ocserv-1.0.1.ebuild 1746 BLAKE2B ad469392d07f290272849f0c5d47c0f47407fc0447630d8dbdee381db2b182a592baa2343bd0342bd018ab1493a872f02815efcf4769b627ab80f511ab0f629e SHA512 cb8a5c077e27e4b1ea3477509cf64f545cea41a5504e3197aac6f53dcb3a029900aba205bd2dd5e1f732b983ceb47e337077ad25f9c6d7ac54dec8d1e22da076 MISC metadata.xml 325 BLAKE2B 1bb6068aff761fbf40d489d5d60bcbf295a079a2fffbb99af64abfcecaedf7cb5407b3f94b6823b58690912f43dc4427cd8d7a658d2f809b45462702ba5f0aeb SHA512 4fb35360034ac9639198ebd1e0917848b807e0a53ec10eb2d4e1a90a4f3f631b582e6f3d6e3a7d50f2f284ff47dc1a2ec4d362fa73f6b5a1834ef531bb2bc5ca diff --git a/net-vpn/ocserv/ocserv-1.0.0.ebuild b/net-vpn/ocserv/ocserv-1.0.1.ebuild index 069c2334ddd7..19106a233893 100644 --- a/net-vpn/ocserv/ocserv-1.0.0.ebuild +++ b/net-vpn/ocserv/ocserv-1.0.1.ebuild @@ -11,7 +11,7 @@ SRC_URI="ftp://ftp.infradead.org/pub/ocserv/${P}.tar.xz" LICENSE="GPL-2" SLOT="0" -KEYWORDS="~amd64" +KEYWORDS="amd64 ~arm arm64 ppc64 ~x86" IUSE="geoip kerberos +lz4 otp pam radius +seccomp systemd tcpd test" RESTRICT="!test? ( test )" @@ -20,6 +20,7 @@ BDEPEND=" test? ( net-libs/gnutls[tools(+)] net-libs/socket_wrapper + net-vpn/openconnect sys-libs/nss_wrapper sys-libs/uid_wrapper ) diff --git a/net-vpn/openconnect/Manifest b/net-vpn/openconnect/Manifest index 02c9069843b3..c03b54e9a7a7 100644 --- a/net-vpn/openconnect/Manifest +++ b/net-vpn/openconnect/Manifest @@ -1,11 +1,14 @@ +AUX 8.09-gnutls-buffer-overflow.patch 2172 BLAKE2B 6c1251936ad2606c9b68036820e930efc392132b365faa14e690a6df4daa339c24614f856423a2d7d04bcbb3b799e96486dfb18430a6b9d8016eaeaf60a19ee5 SHA512 d74920e6eb5f8ef6ca4dcf03cf8d47a5e2ed480573dfd0c8742851e9b830fc6b379b24e945c5b429a50919a7a5041f007ba76ba93dc22eaecb27e84a84a89011 AUX README.OpenRC.txt 715 BLAKE2B 1f76faac7bf705fc3a4adbb8902e0fbd3354e654f0af59cb59b92fc4188400c9dfeef0267ebe39c8eb4842df8a6421aaf472e7bd20097cdc0d620e10fbafd28a SHA512 172b845cc46465119d14e304a0ea9a13d28497bc9e80688eab3ccce0e14ee17917fb6b8a06dd7e9a4657ef4f51a023045ac45bc5d8823e29b2d0cb9854425f66 AUX openconnect.conf.in 941 BLAKE2B 8cfa197edfe3b3754e45281b33d51bee0dd80746ac129b071710ca9d6f5aa5da16a3c3ad5fa52c6bfdc0ae4a9b1e3cfea2c20909c6164e67e0dba880cf08fc8a SHA512 a689df7141621c80bca77fdd1e01397b98882c7fd8db79b2fe1495916656522234e3af739538002533c003e4243e9af4bf80cd73bae961e15568997ce89ef6d5 AUX openconnect.init.in-r4 1775 BLAKE2B 2237238a2d149532e90c96190829e9ef51afa50487a0fd45c3c4d2e983fb8755bdf0de3eca44df740b286f4d353b03d71fcd2c2a27129f18031b2bd01989f738 SHA512 7b832550ef21ddb4b1c0eae7f3838b925745a5ebbdb74f1583fb8710b75175ebcbc7b1558ce95f59cd78542bec8bc01f7ab6d32ec4a5b168bb8a516a8907d362 AUX openconnect.logrotate 116 BLAKE2B 308d088f7c06239ec68831e415df420362c1825ae279fa6f736f36df0bf2e7efc8ea6a4ab43d9b53680dd0ab5028c92bf70a0597b56a20da06b302457e7d5f07 SHA512 ea1b6caf6278fea515c299072ee799ab3676014784703d7fa8e4f4d7bfc4599650c386d9706a3e6d92c195c9e5e1628fa6efc1124e1ae72875cc9eaab73cb077 DIST openconnect-8.06.tar.gz 2030905 BLAKE2B d9659e4f027e11a0348c1c4358831e5f470f0305e04c22716010c68810ae300a7062ab8f57e3fc80b7d90caf855ce2f1c0af1b04eb7032b70486eee2eacc47e5 SHA512 6319aa6b20bf16994b376c2cc2a7cbf2b26a36f35e9607c1886e8fa7a2e1fe111bfb37f9349693ef52a3d2ce718c37e15fe263664e6c0bcbd33ced5ddb9e31b2 DIST openconnect-8.08.tar.gz 2038269 BLAKE2B 78e76aee1d22179dc1e8fff03e57ee5df0d7a04cf88c5f844ba5b87c9b8a0f89766489e0dcc6b1023c07ea8b2e4da8ea2723470423b3c0c8d4bc47ed1c1e3fa4 SHA512 3bf42e194b88f06bbc6c385002e7b76952964e230fc86ee1d803be72204073ffe41286a3d8e189456fd7b905fa63577e6adc64137e893eccada80419c114eeb8 +DIST openconnect-8.09.tar.gz 2083279 BLAKE2B 4588c693a7a641faad271b034e8713f00fda04a872641e45a8ce3e1a236b8d2f4e1b8d973d20e7a9fc656f9460a0e990cbaada008d4ecf9a46353f20c25ac87a SHA512 f6890f5bce4b36b162e4590bce8a61d65fc0ae803d62a3dd408fbb13e96ce41b6443740132808491093032545aea919f9076e34bc11160c503c5e3c46457e7bd DIST vpnc-scripts-20200226.tar.gz 21460 BLAKE2B 8f00ce3dc49725758abce27f3688946df1bbd4e92769ef02aa9ee66db8b9f41bef3442eaa5405ab1467476899c6d364dfea898ed924ca83497823a85515d48e5 SHA512 3a1eac4ccfaefb0f837189c8cef696b33ab8b8a68cb50a3ad29206b708d0aa479e8eed0c09bef6f60d056cd98d63cc898a1609d734030a63df3be2cfa6c00f9a EBUILD openconnect-8.06.ebuild 2902 BLAKE2B e35780d945d40094ab41e08aa27f026432561734b16bb705f5472e7c8ed20e26e3adfb4c7326aceb8b57244cb7a7c7a34f908e225bdab20b4d6596c921016bd5 SHA512 06960353039c6ae6827c4f661ea32848395ba12dcea7c3067a33ef9a492cfc639a8724cf2282b45a79c0040ac25098998239f5efd41b4d0edb384b90798b37ab -EBUILD openconnect-8.08.ebuild 2993 BLAKE2B 15b25c5bfc81538da3d0107f8b5636a6485221bc9365b48d815c5843070130e35f406ff0f2cdf7b8dd02ef6f4172e27935a0e654d066f0a99b3aaeb5342e05d0 SHA512 a920129fb6bddd45ea4903720676f3536d398a1609818a29c721b96290a07573a1733a8b13b6dcdf6f5af67e6df93a58b9ff13d4ef633fae44ecca2e4365c9c2 -EBUILD openconnect-9999.ebuild 2993 BLAKE2B 15b25c5bfc81538da3d0107f8b5636a6485221bc9365b48d815c5843070130e35f406ff0f2cdf7b8dd02ef6f4172e27935a0e654d066f0a99b3aaeb5342e05d0 SHA512 a920129fb6bddd45ea4903720676f3536d398a1609818a29c721b96290a07573a1733a8b13b6dcdf6f5af67e6df93a58b9ff13d4ef633fae44ecca2e4365c9c2 +EBUILD openconnect-8.08.ebuild 3000 BLAKE2B a5b19466dc4a8f5cfb00520520c9d82044da2bf41011689d73bdc0d08b0665cc475362449ff4408537116ff3de2440163db899404f478e53706b839a357042d3 SHA512 7687a960a30a0438ba5d86e615224900b1095ed289a6349f429d77e9b86ac41bc557360270b73ac2fce0f7106031066eece093cc269250233d82016d46bf0cc6 +EBUILD openconnect-8.09-r1.ebuild 3089 BLAKE2B 8467127dcfed473dbfad66a8ac013353db30a80c89915fc3b111fd842aeebf3cdd01102c57e7fcad41a14d10227e2a2d104cea41774c61c3f59f109105b87531 SHA512 db7f2f027fc6b358ec88352a9a3da6901dd357b98d0e0bb2a4cef85f0023f042857e5940e7765abd5e1d2a973b81adfaaa3ccd3012e55425b2ca34bc32bed24f +EBUILD openconnect-9999.ebuild 3005 BLAKE2B 8c279c574aa355a0c5325d145031623d2dcd11476a9be3f6d30a862b4fa9ee7f4e9faf03332dd2a51345c9f4287f7cc1e0936572005aabbb05fe3e0c497e1db3 SHA512 98734450f88bbeb0b292895ef4b43bcc0d1044df4aa8f02c0f3f09b3c436fbb10401070d3422ab43b474d59fc779aa07c13caecf268679a1845d44f593ed5c92 MISC metadata.xml 523 BLAKE2B c4a4ebc18284b99d3b983740180460ad1c83933860c4d8df14886a740cad0a1dbf363881ffd430adb24feaf49a2a9d02f6d3a80d5bcd96fc36f2cdb1aea2bff5 SHA512 7701ea4b9ed4d0051d915700fbd20eb28ca03024f8c4beecd8e0192e8cfd82c136cec32f29cd1e76a3059913f1b04af8066ee2700cab393bb270a8cbe18214c8 diff --git a/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch b/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch new file mode 100644 index 000000000000..bf8990ae3d3c --- /dev/null +++ b/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch @@ -0,0 +1,62 @@ +From eef4c1f9d24478aa1d2dd9ac7ec32efb2137f474 Mon Sep 17 00:00:00 2001 +From: Sergei Trofimovich <slyfox@gentoo.org> +Date: Fri, 8 May 2020 10:39:41 -0400 +Subject: [PATCH] gnutls: prevent buffer overflow in get_cert_name + +The test suite for ocserv calls openconnect with a certificate that has +a name that is 84 bytes in length. The buffer passed to get_cert_name is +currently 80 bytes. + +The gnutls_x509_crt_get_dn_by_oid function will update the buffer size +parameter if the buffer is too small. + +http://man7.org/linux/man-pages/man3/gnutls_x509_crt_get_dn_by_oid.3.html + +RETURNS + GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long + enough, and in that case the buf_size will be updated with the + required size. GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if there are no + data in the current index. On success 0 is returned. + +Use a temporary variable to avoid clobbering the namelen variable that is +passed to get_cert_name. + +Bug: https://bugs.gentoo.org/721570 +Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> +Signed-off-by: Mike Gilbert <floppym@gentoo.org> +--- + gnutls.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/gnutls.c b/gnutls.c +index 36bc82e0..53bf2a43 100644 +--- a/gnutls.c ++++ b/gnutls.c +@@ -546,12 +546,19 @@ static int count_x509_certificates(gnutls_datum_t *datum) + + static int get_cert_name(gnutls_x509_crt_t cert, char *name, size_t namelen) + { ++ /* When the name buffer is not big enough, gnutls_x509_crt_get_dn*() will ++ * update the length argument to the required size, and return ++ * GNUTLS_E_SHORT_MEMORY_BUFFER. We need to avoid clobbering the original ++ * length variable. */ ++ size_t nl = namelen; + if (gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, +- 0, 0, name, &namelen) && +- gnutls_x509_crt_get_dn(cert, name, &namelen)) { +- name[namelen-1] = 0; +- snprintf(name, namelen-1, "<unknown>"); +- return -EINVAL; ++ 0, 0, name, &nl)) { ++ nl = namelen; ++ if (gnutls_x509_crt_get_dn(cert, name, &nl)) { ++ name[namelen-1] = 0; ++ snprintf(name, namelen-1, "<unknown>"); ++ return -EINVAL; ++ } + } + return 0; + } +-- +2.26.2 + diff --git a/net-vpn/openconnect/openconnect-8.08.ebuild b/net-vpn/openconnect/openconnect-8.08.ebuild index 85ac062266be..cd814ccbd7ec 100644 --- a/net-vpn/openconnect/openconnect-8.08.ebuild +++ b/net-vpn/openconnect/openconnect-8.08.ebuild @@ -13,7 +13,7 @@ if [[ ${PV} == 9999 ]]; then inherit git-r3 autotools else ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz" - KEYWORDS="~amd64" + KEYWORDS="~amd64 ~ppc64" fi VPNC_VER=20200226 SRC_URI="${ARCHIVE_URI} diff --git a/net-vpn/openconnect/openconnect-8.09-r1.ebuild b/net-vpn/openconnect/openconnect-8.09-r1.ebuild new file mode 100644 index 000000000000..26838ebbd2c6 --- /dev/null +++ b/net-vpn/openconnect/openconnect-8.09-r1.ebuild @@ -0,0 +1,150 @@ +# Copyright 2011-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python{3_6,3_7} ) +PYTHON_REQ_USE="xml" + +inherit linux-info python-any-r1 + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git" + inherit git-r3 autotools +else + ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz" + KEYWORDS="amd64 ~arm arm64 ppc64 ~x86" +fi +VPNC_VER=20200226 +SRC_URI="${ARCHIVE_URI} + ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz" + +DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" +HOMEPAGE="http://www.infradead.org/openconnect.html" + +LICENSE="LGPL-2.1 GPL-2" +SLOT="0/5" +IUSE="doc +gnutls gssapi libproxy lz4 nls smartcard static-libs stoken test" +RESTRICT="!test? ( test )" + +DEPEND=" + dev-libs/libxml2 + sys-libs/zlib + !gnutls? ( + >=dev-libs/openssl-1.0.1h:0=[static-libs?] + ) + gnutls? ( + app-crypt/trousers + app-misc/ca-certificates + dev-libs/nettle + >=net-libs/gnutls-3.6.13:0=[static-libs?] + ) + gssapi? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + lz4? ( app-arch/lz4:= ) + nls? ( virtual/libintl ) + smartcard? ( sys-apps/pcsc-lite:0= ) + stoken? ( app-crypt/stoken ) +" +RDEPEND="${DEPEND} + sys-apps/iproute2 +" +BDEPEND=" + virtual/pkgconfig + doc? ( ${PYTHON_DEPS} sys-apps/groff ) + nls? ( sys-devel/gettext ) + test? ( + net-libs/socket_wrapper + net-vpn/ocserv + sys-libs/uid_wrapper + ) +" + +CONFIG_CHECK="~TUN" + +pkg_pretend() { + check_extra_config +} + +pkg_setup() { + : +} + +src_unpack() { + if [[ ${PV} == 9999 ]]; then + git-r3_src_unpack + fi + default +} + +src_prepare() { + local PATCHES=( + "${FILESDIR}"/8.09-gnutls-buffer-overflow.patch + ) + default + if [[ ${PV} == 9999 ]]; then + eautoreconf + fi +} + +src_configure() { + if use doc; then + python_setup + else + export ac_cv_path_PYTHON= + fi + + # Used by tests if userpriv is disabled + addwrite /run/netns + + local myconf=( + --disable-dsa-tests + $(use_enable nls) + $(use_enable static-libs static) + $(use_with !gnutls openssl) + $(use_with gnutls) + $(use_with libproxy) + $(use_with lz4) + $(use_with gssapi) + $(use_with smartcard libpcsclite) + $(use_with stoken) + --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" + --without-java + ) + + econf "${myconf[@]}" +} + +src_test() { + local charset + for charset in UTF-8 ISO8859-2; do + if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then + # If we don't have valid cs_CZ locale data, auth-nonascii will fail. + # Force a test skip by exiting with status 77. + sed -i -e '2i exit 77' tests/auth-nonascii || die + break + fi + done + default +} + +src_install() { + default + + find "${ED}" -name '*.la' -delete || die + + dodoc "${FILESDIR}"/README.OpenRC.txt + + newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect + insinto /etc/openconnect + + newconfd "${FILESDIR}"/openconnect.conf.in openconnect + + exeinto /etc/openconnect + newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh + + insinto /etc/logrotate.d + newins "${FILESDIR}"/openconnect.logrotate openconnect + + keepdir /var/log/openconnect +} diff --git a/net-vpn/openconnect/openconnect-9999.ebuild b/net-vpn/openconnect/openconnect-9999.ebuild index 85ac062266be..bda6b965640b 100644 --- a/net-vpn/openconnect/openconnect-9999.ebuild +++ b/net-vpn/openconnect/openconnect-9999.ebuild @@ -13,7 +13,7 @@ if [[ ${PV} == 9999 ]]; then inherit git-r3 autotools else ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz" - KEYWORDS="~amd64" + KEYWORDS="~amd64 ~ppc64" fi VPNC_VER=20200226 SRC_URI="${ARCHIVE_URI} @@ -37,7 +37,7 @@ DEPEND=" app-crypt/trousers app-misc/ca-certificates dev-libs/nettle - >=net-libs/gnutls-3:0=[static-libs?] + >=net-libs/gnutls-3.6.13:0=[static-libs?] ) gssapi? ( virtual/krb5 ) libproxy? ( net-libs/libproxy ) diff --git a/net-vpn/openfortivpn/Manifest b/net-vpn/openfortivpn/Manifest index 40cbd90b3305..81a907a35f60 100644 --- a/net-vpn/openfortivpn/Manifest +++ b/net-vpn/openfortivpn/Manifest @@ -1,3 +1,5 @@ DIST openfortivpn-1.13.2.tar.gz 82977 BLAKE2B 5daf2fdacaf2f9c3bc0a4bc3fc26543ed0ab424b70d2795e7b3d74b38cba53b1a8a9823564198ea5292b63f872c12f17ed3f65111a7024faee19640fff765cd7 SHA512 6be456784618d0af26190bad4af20a5f7163d3d984e3317fa3aac04b605ddd39f8973b192cf35fc8a371bf5ca4cbff8f644991b0cc031f558bf7881066fe8ec2 +DIST openfortivpn-1.13.3.tar.gz 150681 BLAKE2B 378837373f743c474233e5c7d0f8698a1bbaa5b2b84c89173547e4d0674e4ffe8949bf105462b7d355e603483577008d7ef99315e78a7511dca043426b668885 SHA512 57f87e1f1243b2eb1f4ef17dfacea203c8b11fd0e65440eef4c6b08af0b821c5a087a85d98423540114a7d977d12c4a99d0edcc348f0107fd230f573e3df0fbf EBUILD openfortivpn-1.13.2.ebuild 761 BLAKE2B 8282264a7cba753bb9682a94c04e84781792f7ec69abb18262796eb2e7bee770d8fa8d6405e4f7a84e90d46eb815c883508c9d8c43b15c8bcd3d08a41f934466 SHA512 5ba0d44db4b9275be265a2fcd6cda3f7a8001c90b2bee335eeca98b6c70c054f39b91b61dcc6a5b80a49c873dd498fb0b27987cee581f07d8d62d54a5ddc310f +EBUILD openfortivpn-1.13.3.ebuild 762 BLAKE2B ce26d3b3dc03a3e5ba10d5bd61ab2a360e48d8476f8b232c30b38c2b0977696cb8be99a4773bb3b113dc63c34641d9f710ad60d888937c7f93bea190f47a43ee SHA512 6086c741a67ddd90474724986be6b5687b1f84c7f6c6c62217038af6a1e769e8f26f6927097317a00f7cb8ca35c72874c6541fbdc348d9d7597e0f14157018c5 MISC metadata.xml 334 BLAKE2B f24aad8486bdfc65b3b679b17aee075a53b08cda8e80df8c6119cf224885d6ed25a23b14ca38bda9a1c8a651263d59e42d84719dd27749f25d109e7a6f8a3783 SHA512 383c645edf7e7baa6588a4639ec81290b4260d329f3839e540ecd506d7945a72a35bd039514b377454c0c81f23ecadaa9334c746e96aa91e0408712f112148fd diff --git a/net-vpn/openfortivpn/openfortivpn-1.13.3.ebuild b/net-vpn/openfortivpn/openfortivpn-1.13.3.ebuild new file mode 100644 index 000000000000..2cda60426dcc --- /dev/null +++ b/net-vpn/openfortivpn/openfortivpn-1.13.3.ebuild @@ -0,0 +1,38 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools linux-info + +DESCRIPTION="Fortinet compatible VPN client" +HOMEPAGE="https://github.com/adrienverge/openfortivpn" +SRC_URI="https://github.com/adrienverge/openfortivpn/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-3-with-openssl-exception openssl" +SLOT="0" +KEYWORDS="~amd64" +IUSE="libressl" + +DEPEND=" + net-dialup/ppp + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) +" +RDEPEND="${DEPEND}" + +CONFIG_CHECK="~PPP ~PPP_ASYNC" + +src_prepare() { + default + + sed -i 's/-Werror//g' Makefile.am || die "Failed to remove -Werror from Makefile.am" + + eautoreconf +} + +src_install() { + default + + keepdir /etc/openfortivpn +} diff --git a/net-vpn/openvpn/Manifest b/net-vpn/openvpn/Manifest index 5a7b3a18f636..650a20f1ffd0 100644 --- a/net-vpn/openvpn/Manifest +++ b/net-vpn/openvpn/Manifest @@ -1,20 +1,8 @@ AUX down.sh 943 BLAKE2B 9853748aebd819c46cec0229971375d28922abe91ff6442a572090f300cd901ccd80c04fc3df30a1251492a55e593a4783f7f5a4b380053f27bb387f5417444b SHA512 5defd61edf11cc63f3f8f60bef7fa730c4bcdd2545d664bd94666dd3aea80bd9d190263d8835a555e4287a594f6fce0f52426aed49c60233ff637a2a6164a997 AUX openvpn-2.1.conf 892 BLAKE2B d0ce49ecc6275c9677e56de5d13afcc69169666441cb6d8eb958642786f0ee7ff6acb1830af0001fd1945b666daf5af1d9be211032817fc345e33242e1d86885 SHA512 982ade883afbe2e656a9cbbe36c31c0e8b4f7bbbe5b63df9f7b834f02a9153032fb7445c85d3e91f62c68a7ddd13c3afbf420fb71cdd13d9c4b69f867bdd9f37 AUX openvpn-2.1.init 4187 BLAKE2B 9ab133bda1db2d94afbf1e35840515452029319c38bb796af90b117dcfcd8552da2ea236399c2708a4862de753a8f92cdff80a69cfdcc5d53e206f9f3ffc48d8 SHA512 2d97a41b3998c196c440dcaf43ad8992eae27c5356c94b24f4cc4b20169350f3d6c8d65bb9c2517415ee15637fa60298d9cd8252ad9aa3eec6ae3a847ede0611 -AUX openvpn-2.4.5-libressl-macro-fix.patch 2096 BLAKE2B d3d277c8bd800827ceabc01431c2ff22e78a89921ff2460460e9acdfbfb7466188456557031de2b0bf2c00703a573c05ba1fcbff96da4b5def596c82717ac81a SHA512 77026186911e852e8434b19662026fa5503a389ecc1a7a8fb3a395beeb2397bc75426ca310e7728ac24ec540b59e00fd623324e262276007c772f9a1cda16863 -AUX openvpn-2.4.7-libressl.patch 1929 BLAKE2B 175375bd8f233a0315ee99fb3ff6ca84f77cd850fabe8cf3f53033f56f99e0ce5ee9de4f4970011909a91e940c2665cc65004f5dce987c9545390b698b580676 SHA512 8fab84df8e268e1ec88bff3443e8e35c5228dfabff71b75f64ba29f6ff09523b36a1c8af9c9cbf20bff9d241d5de3136a1278b3f76675c28238d4c3a12ff535c -AUX openvpn-2.5-external-cmocka.patch 2279 BLAKE2B a20cb45170590c332813fa6a0c539b8972ed329fec4ddb644996d5caa32f821dc4be75a9bc525917562e47588f8135b0def65aed9e747609b836d06a9f6ea666 SHA512 5f6d01b7051511e37a8822a0a514cfbdea3118cf52a86bec3addc2de713640842e972346ce598147e354353dd9483ecdbb13efc211e9b74c58598d6c11038f1e -AUX openvpn-external-cmocka.patch 2083 BLAKE2B 4e9f0a2ca509a4c37d2efe061ed7a027ba7e069041d193a237d214c493b839fc36e87898aad160eb8198845306b7910f4d9da0e87671b9310425786fbe676bf4 SHA512 6c34518f626992031735f6433861fafd44e3cf35e95668cf5945aee7b341a049e3b6a73dd9937a0f287e4a750a2415532ae49aac11011767e0c7a3355f8ff6ca AUX up.sh 2865 BLAKE2B f359c0078148a8ec59b68227844f39d784df2271e9640b54f50a9c0b6b67450cf8b397dba8fd735931790648c1d485c149a55ffcbf095623b491b8a827eccab9 SHA512 35201b0e60ad20358080007e595eb4f96d186ba8e88f0485c55d164c28e3d78a12f3e09347ba3d76abb9b8b03fb4a53664bd74ab484be1548090022b956925fd -DIST mock_msg.h 1356 BLAKE2B da7585cfeee89c0a4d3aa6326de6e2324804ed2a57a0e8bf7c2e51b25a91a8e1fcf9d29bba90fe58e40bf0197793a76fc1e83d8b6d677228cdc5e5333253b1a3 SHA512 930775a5837bc7f97a26817ea028782d555e0e71ba06b04c39941f4c01bbc3ca0a5dc63bcf19dc694e0e746b3a382f22daf6a6373a3443c5afd7398cbaaef6ea -DIST openvpn-2.4.6.tar.gz 1431971 BLAKE2B 1ab0746a845fc56bf738c1730cc187c27f61d5bb763df149640978f0bf87450a01e3e40372265440f1aae4e1c58b6d9a1ee1f2aade970d19fd8e8813e0b487a7 SHA512 cdd70bfd03177bc6cb70d0d614e40389df00816b7097740b4cda9d7bee094d1463fdb5afeaf604c52c7b3167d1edb098a2e095e131a8b9fed0ed8b29da90cbe8 -DIST openvpn-2.4.7.tar.gz 998094 BLAKE2B 90f91d74279a547b49704cd14d9ac3dde26c522cd77eb851ea603addb1b220eda9be4de6cf5d74fe7717f34b3ff5fc802ca977a1402c5ed75616139d449fceb0 SHA512 ba9bc08c02fad85ba05c27488b0bfcb3540ba9c625c42334e24cb1d5e253b91c518c02641d755e03b8747ae8c2ebd340c55d51f7aedbbf2550ee4e4b79823c9c -DIST openvpn-2.4.8.tar.gz 997417 BLAKE2B 1c56d25c125039b9f0723d8f498c9cc7233c9da940d961a430c82a3c41448c0c4fc64255adad59513d4e39b8e778cf58ced965e1501793c47bc73d211c339e4e SHA512 6a5f6f6a5cccc5011019e64ed452ad395942b751589893bd6fd3159b20577d734f2fe35d2f51f30303adee3a21e67da6d25369ea4421288ba7c2e09445e2c001 DIST openvpn-2.4.9.tar.gz 1000602 BLAKE2B 4a10ec76d1a816f9184dd33e4384623e011a1af40ea38ad56cc06f70ab2c911b6fd92cf8ffcd2ec3ab4179fef87feb187fc9df61c5bea92b1c69ee4113093866 SHA512 7683dfb93592968459f080a07ea750992b7444708cdb1a5aafc0118ab8528fc488f2b9fbd7d042e57ad1811303208875237ae9decf0bb4977c45cd30da53751b -EBUILD openvpn-2.4.6-r1.ebuild 4497 BLAKE2B 5ca911e21c950e34cb3b5f69a175690c443b6179c0b00afe0a6579c8fa4537b96153134ddfd14776076e324b2cc4be11a94e0ff56da42745f2673aa39431788c SHA512 f0500f9e54769d8bfed7a4e1bf657e7dfb5cad5600ce7de7165eadaf79e528f232595da55cd40fae6304ebd1eaf86a3484e3faa59963ded673d5caf41d0b2260 -EBUILD openvpn-2.4.6.ebuild 4491 BLAKE2B 120448a1525ed205a2ddfb1a0841cb4167cfd6ac7a3db2cdd6ff9d100028090d54c835908062ce6f08da0ff7fe6fce5a9ced21a5d1ba93cdc9f7fe397e651ed8 SHA512 88b5c883e041823672da5c4cd54594054832c4610f793eeb601e0b655b9a1eda0858aa11fe20ec5d5eb3ad2c50b97348ace5965360b79441fe8fbce96d491b58 -EBUILD openvpn-2.4.7-r1.ebuild 4538 BLAKE2B b0b02615e4c1f478078422dacda49f8d5832aa3d201097d245037245c00cd178062b125dd73d386d6a72b357a9ae2d46325d2e72292cf5c1986f22ebd5727b73 SHA512 0e311676afff67fe3da4d5b7a7df15e67af40b9100349b4aca3da9a427f0e414eda39056bd725abeea5504c905db3c80ec9533021cfb8765bb73afe7032a24ce -EBUILD openvpn-2.4.8.ebuild 4013 BLAKE2B 6ce18ef028e85459815792bf315524a1ac71790829d86d6822e5273d93abb35a54813689298573a53a7bc9afdb57ded9002930e637531f86ff63372e3c48838a SHA512 f0c13bd66ac9976a894fabef51b496643ed351c8ca2dd8cb0a98c769918b8458a20cb7bce6909f1472a03dbc7eecfae6e60def81eaf51e8818bf337dabbdfa37 -EBUILD openvpn-2.4.9.ebuild 4008 BLAKE2B 0c0eb93b706fd2eaf22989240f0105f82648b67eb1914cc1e97a5eb407f79650771e8611c678796c8058e16f5f2fab8bb5e7cd71dff7283495afc16bf667a8ab SHA512 83043fca1cf8cfa04dfbef0dabf6f5945d0ee2602931fab1a02209e826e17342e4484438e7b09fb377e1bda4c5c380579bf41513b70a7d0c78b475b586bf6328 +EBUILD openvpn-2.4.9.ebuild 4163 BLAKE2B 74c7a130da53fcfe4aad644534c87dc2f00a1321e55a91d671f20b6afe0d1676135663991f4110d44ae0feea3433a4841d0c5d251f81fc32decefd3b5288f32f SHA512 5382fdc7fe0e8f27311ea4cccba195969666acafc43979ce79268912d628d03d8f09ba5f912db75873d009e6bb869448b88efe452a80ed338c6f7972db8bda55 EBUILD openvpn-9999.ebuild 4148 BLAKE2B d2942eb2659d5cc1cef40143b6cd84e4e869031cc23ac419865db1286c7bf3ec7c66433ed2c3149d654206f74b3db14b3cea17a5d90332e9bfa5cbb6b172fdf5 SHA512 0807ceb96db862c33e42c7b2eb1224cfdb01d32e09048250bb69a05244af9835e805a9a87fb47d8a0a2422c12088ab515389b180d93286093f2089eab2709c8d MISC metadata.xml 998 BLAKE2B 800c147b67d26d0ae3856c3aebfd7bec9326aaa67ffcb16b57e00ad722b8154bcd4cd6daef741ebb0f12032ef986e0b3b5a4cf99014df1fbd54699a98ed13a0c SHA512 d7e07e98986611dc410a3ab1b0bf2bb3925fcc9f3388c9649ce7a01baa2fa076d7766b4e1b9749048aa1d1850cb9053e8822ce7a1870002805c176c6a60e6db8 diff --git a/net-vpn/openvpn/files/openvpn-2.4.5-libressl-macro-fix.patch b/net-vpn/openvpn/files/openvpn-2.4.5-libressl-macro-fix.patch deleted file mode 100644 index 13b976009524..000000000000 --- a/net-vpn/openvpn/files/openvpn-2.4.5-libressl-macro-fix.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index 626b4dd..2a8e87f 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -948,6 +948,18 @@ if test "${with_crypto_library}" = "openssl"; then - EC_GROUP_order_bits - ] - ) -+ AC_CHECK_DECLS( -+ [ -+ SSL_CTX_get_min_proto_version, -+ SSL_CTX_get_max_proto_version, -+ SSL_CTX_set_min_proto_version, -+ SSL_CTX_set_max_proto_version, -+ ], -+ , -+ , -+ [[#include <openssl/ssl.h>]] -+ -+ ) - - CFLAGS="${saved_CFLAGS}" - LIBS="${saved_LIBS}" -diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h -index d375fab..340d452 100644 ---- a/src/openvpn/openssl_compat.h -+++ b/src/openvpn/openssl_compat.h -@@ -661,7 +661,7 @@ EC_GROUP_order_bits(const EC_GROUP *group) - #define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT RSA_F_RSA_EAY_PRIVATE_ENCRYPT - #endif - --#ifndef SSL_CTX_get_min_proto_version -+#if !HAVE_DECL_SSL_CTX_GET_MIN_PROTO_VERSION - /** Return the min SSL protocol version currently enabled in the context. - * If no valid version >= TLS1.0 is found, return 0. */ - static inline int -@@ -684,7 +684,7 @@ SSL_CTX_get_min_proto_version(SSL_CTX *ctx) - } - #endif /* SSL_CTX_get_min_proto_version */ - --#ifndef SSL_CTX_get_max_proto_version -+#if !HAVE_DECL_SSL_CTX_GET_MAX_PROTO_VERSION - /** Return the max SSL protocol version currently enabled in the context. - * If no valid version >= TLS1.0 is found, return 0. */ - static inline int -@@ -707,7 +707,7 @@ SSL_CTX_get_max_proto_version(SSL_CTX *ctx) - } - #endif /* SSL_CTX_get_max_proto_version */ - --#ifndef SSL_CTX_set_min_proto_version -+#if !HAVE_DECL_SSL_CTX_SET_MIN_PROTO_VERSION - /** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */ - static inline int - SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min) -@@ -736,7 +736,7 @@ SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min) - } - #endif /* SSL_CTX_set_min_proto_version */ - --#ifndef SSL_CTX_set_max_proto_version -+#if !HAVE_DECL_SSL_CTX_SET_MAX_PROTO_VERSION - /** Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1 */ - static inline int - SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max) diff --git a/net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch b/net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch deleted file mode 100644 index 210189cd4d4d..000000000000 --- a/net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 4faf695e3c42a81131c2aae96c4a60228aa237a5 Mon Sep 17 00:00:00 2001 -From: Stefan Strogin <stefan.strogin@gmail.com> -Date: Sat, 23 Feb 2019 20:13:41 +0200 -Subject: [PATCH] Fix compilation with LibreSSL - -TLS 1.3 is not ready yet in LibreSSL. -Also SSL_get1_supported_ciphers() has been just added into master (not yet -released). - -Upstream-Status: Submitted [https://github.com/OpenVPN/openvpn/pull/123] -Signed-off-by: Stefan Strogin <stefan.strogin@gmail.com> ---- - src/openvpn/ssl_openssl.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c -index a78dae99..6a8fcef3 100644 ---- a/src/openvpn/ssl_openssl.c -+++ b/src/openvpn/ssl_openssl.c -@@ -459,7 +459,7 @@ tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers) - return; - } - --#if (OPENSSL_VERSION_NUMBER < 0x1010100fL) -+#if (OPENSSL_VERSION_NUMBER < 0x1010100fL) || defined(LIBRESSL_VERSION_NUMBER) - crypto_msg(M_WARN, "Not compiled with OpenSSL 1.1.1 or higher. " - "Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.", - ciphers); -@@ -1846,7 +1846,7 @@ show_available_tls_ciphers_list(const char *cipher_list, - crypto_msg(M_FATAL, "Cannot create SSL_CTX object"); - } - --#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL) -+#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER)) - if (tls13) - { - SSL_CTX_set_min_proto_version(tls_ctx.ctx, TLS1_3_VERSION); -@@ -1867,7 +1867,7 @@ show_available_tls_ciphers_list(const char *cipher_list, - crypto_msg(M_FATAL, "Cannot create SSL object"); - } - --#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) -+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER) - STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl); - #else - STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl); --- -2.20.1 - diff --git a/net-vpn/openvpn/files/openvpn-2.5-external-cmocka.patch b/net-vpn/openvpn/files/openvpn-2.5-external-cmocka.patch deleted file mode 100644 index d339dcd558b1..000000000000 --- a/net-vpn/openvpn/files/openvpn-2.5-external-cmocka.patch +++ /dev/null @@ -1,65 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index 1e6891b1..c801789c 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1312,6 +1312,21 @@ if test "${enable_async_push}" = "yes"; then - ) - fi - -+AC_ARG_ENABLE( -+ [tests], -+ AS_HELP_STRING([--enable-tests], [enable unit tests @<:@default=no@:>@]) -+) -+ -+if test "${enable_tests}" = "yes"; then -+ PKG_CHECK_MODULES([CMOCKA], [cmocka]) -+ TEST_CFLAGS="${CMOCKA_CFLAGS}" -+ TEST_LDFLAGS="${CMOCKA_LIBS}" -+ AC_SUBST([TEST_CFLAGS]) -+ AC_SUBST([TEST_LDFLAGS]) -+fi -+AM_CONDITIONAL([ENABLE_TESTS], [test "${enable_tests}" = "yes"]) -+AM_CONDITIONAL([CMOCKA_INITIALIZED], [false]) -+ - CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`" - AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings]) - -@@ -1360,27 +1375,6 @@ AC_SUBST([VENDOR_SRC_ROOT]) - AC_SUBST([VENDOR_BUILD_ROOT]) - AC_SUBST([VENDOR_DIST_ROOT]) - --TEST_LDFLAGS="${OPTIONAL_CRYPTO_LIBS} ${OPTIONAL_PKCS11_LIBS} -lcmocka -L\$(abs_top_builddir)/vendor/dist/lib -Wl,-rpath,\$(abs_top_builddir)/vendor/dist/lib" --TEST_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${OPTIONAL_PKCS11_CFLAGS} -I\$(top_srcdir)/include -I\$(abs_top_builddir)/vendor/dist/include" -- --AC_SUBST([TEST_LDFLAGS]) --AC_SUBST([TEST_CFLAGS]) -- --# Check if cmake is available and cmocka git submodule is initialized, --# needed for unit testing --AC_CHECK_PROGS([CMAKE], [cmake]) --if test -n "${CMAKE}"; then -- if test -f "${srcdir}/vendor/cmocka/CMakeLists.txt"; then -- AM_CONDITIONAL([CMOCKA_INITIALIZED], [true]) -- else -- AM_CONDITIONAL([CMOCKA_INITIALIZED], [false]) -- AC_MSG_RESULT([!! WARNING !! The cmoka git submodule has not been initialized or updated. Unit testing cannot be performed.]) -- fi --else -- AC_MSG_RESULT([!! WARNING !! CMake is NOT available. Unit testing cannot be performed.]) -- AM_CONDITIONAL([CMOCKA_INITIALIZED], [false]) --fi -- - - AC_CONFIG_FILES([ - version.sh -diff --git a/tests/unit_tests/Makefile.am b/tests/unit_tests/Makefile.am -index 31d37b89..4b7fb41d 100644 ---- a/tests/unit_tests/Makefile.am -+++ b/tests/unit_tests/Makefile.am -@@ -1,5 +1,5 @@ - AUTOMAKE_OPTIONS = foreign - --if CMOCKA_INITIALIZED -+if ENABLE_TESTS - SUBDIRS = example_test openvpn plugins - endif diff --git a/net-vpn/openvpn/files/openvpn-external-cmocka.patch b/net-vpn/openvpn/files/openvpn-external-cmocka.patch deleted file mode 100644 index eecc5076b4e8..000000000000 --- a/net-vpn/openvpn/files/openvpn-external-cmocka.patch +++ /dev/null @@ -1,62 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index f4073d0..9afcc90 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1211,6 +1211,21 @@ if test "${enable_async_push}" = "yes"; then - ) - fi - -+AC_ARG_ENABLE( -+ [tests], -+ AS_HELP_STRING([--enable-tests], [enable unit tests @<:@default=no@:>@]) -+) -+ -+if test "${enable_tests}" = "yes"; then -+ PKG_CHECK_MODULES([CMOCKA], [cmocka]) -+ TEST_CFLAGS="${CMOCKA_CFLAGS}" -+ TEST_LDFLAGS="${CMOCKA_LIBS}" -+ AC_SUBST([TEST_CFLAGS]) -+ AC_SUBST([TEST_LDFLAGS]) -+fi -+AM_CONDITIONAL([ENABLE_TESTS], [test "${enable_tests}" = "yes"]) -+AM_CONDITIONAL([CMOCKA_INITIALIZED], [false]) -+ - CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`" - AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings]) - -@@ -1257,28 +1272,6 @@ AC_SUBST([VENDOR_SRC_ROOT]) - AC_SUBST([VENDOR_BUILD_ROOT]) - AC_SUBST([VENDOR_DIST_ROOT]) - --TEST_LDFLAGS="-lcmocka -L\$(abs_top_builddir)/vendor/dist/lib -Wl,-rpath,\$(abs_top_builddir)/vendor/dist/lib" --TEST_CFLAGS="-I\$(top_srcdir)/include -I\$(abs_top_builddir)/vendor/dist/include" -- --AC_SUBST([TEST_LDFLAGS]) --AC_SUBST([TEST_CFLAGS]) -- --# Check if cmake is available and cmocka git submodule is initialized, --# needed for unit testing --AC_CHECK_PROGS([CMAKE], [cmake]) --if test -n "${CMAKE}"; then -- if test -f "${srcdir}/vendor/cmocka/CMakeLists.txt"; then -- AM_CONDITIONAL([CMOCKA_INITIALIZED], [true]) -- else -- AM_CONDITIONAL([CMOCKA_INITIALIZED], [false]) -- AC_MSG_RESULT([!! WARNING !! The cmoka git submodule has not been initialized or updated. Unit testing cannot be performed.]) -- fi --else -- AC_MSG_RESULT([!! WARNING !! CMake is NOT available. Unit testing cannot be performed.]) -- AM_CONDITIONAL([CMOCKA_INITIALIZED], [false]) --fi -- -- - AC_CONFIG_FILES([ - version.sh - Makefile -diff --git a/tests/unit_tests/Makefile.am b/tests/unit_tests/Makefile.am -index 31d37b8..4b7fb41 100644 ---- a/tests/unit_tests/Makefile.am -+++ b/tests/unit_tests/Makefile.am -@@ -3 +3 @@ AUTOMAKE_OPTIONS = foreign --if CMOCKA_INITIALIZED -+if ENABLE_TESTS diff --git a/net-vpn/openvpn/openvpn-2.4.6-r1.ebuild b/net-vpn/openvpn/openvpn-2.4.6-r1.ebuild deleted file mode 100644 index 3c4d220281f4..000000000000 --- a/net-vpn/openvpn/openvpn-2.4.6-r1.ebuild +++ /dev/null @@ -1,156 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit autotools flag-o-matic user systemd linux-info - -DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes" -SRC_URI="https://swupdate.openvpn.net/community/releases/${P}.tar.gz - test? ( https://raw.githubusercontent.com/OpenVPN/${PN}/v${PV}/tests/unit_tests/${PN}/mock_msg.h )" -HOMEPAGE="https://openvpn.net/" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos" - -IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam" -IUSE+=" pkcs11 +plugins selinux +ssl systemd test userland_BSD" - -RESTRICT="!test? ( test )" -REQUIRED_USE="pkcs11? ( ssl ) - !plugins? ( !pam !down-root ) - inotify? ( plugins )" - -CDEPEND=" - kernel_linux? ( - iproute2? ( sys-apps/iproute2[-minimal] ) - !iproute2? ( >=sys-apps/net-tools-1.60_p20160215155418 ) - ) - pam? ( sys-libs/pam ) - ssl? ( - !mbedtls? ( - !libressl? ( >=dev-libs/openssl-0.9.8:0= ) - libressl? ( dev-libs/libressl:0= ) - ) - mbedtls? ( net-libs/mbedtls ) - ) - lz4? ( app-arch/lz4 ) - lzo? ( >=dev-libs/lzo-1.07 ) - pkcs11? ( >=dev-libs/pkcs11-helper-1.11 ) - systemd? ( sys-apps/systemd )" -DEPEND="${CDEPEND} - test? ( dev-util/cmocka )" -RDEPEND="${CDEPEND} - selinux? ( sec-policy/selinux-openvpn )" - -CONFIG_CHECK="~TUN" - -PATCHES=( - "${FILESDIR}/${PN}-external-cmocka.patch" - "${FILESDIR}/${PN}-2.4.5-libressl-macro-fix.patch" -) - -pkg_setup() { - linux-info_pkg_setup -} - -src_prepare() { - default - eautoreconf - - if use test; then - cp "${DISTDIR}/mock_msg.h" tests/unit_tests/${PN} || die - fi -} - -src_configure() { - SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \ - TMPFILES_DIR="/usr/lib/tmpfiles.d" \ - IFCONFIG=/bin/ifconfig \ - ROUTE=/bin/route \ - econf \ - $(use_enable inotify async-push) \ - $(use_enable ssl crypto) \ - $(use_with ssl crypto-library $(usex mbedtls mbedtls openssl)) \ - $(use_enable lz4) \ - $(use_enable lzo) \ - $(use_enable pkcs11) \ - $(use_enable plugins) \ - $(use_enable iproute2) \ - $(use_enable pam plugin-auth-pam) \ - $(use_enable down-root plugin-down-root) \ - $(use_enable test tests) \ - $(use_enable systemd) -} - -src_test() { - make check || die "top-level tests failed" - pushd tests/unit_tests > /dev/null || die - make check || die "unit tests failed" - popd > /dev/null || die -} - -src_install() { - default - find "${ED}/usr" -name '*.la' -delete - # install documentation - dodoc AUTHORS ChangeLog PORTS README README.IPv6 - - # Install some helper scripts - keepdir /etc/openvpn - exeinto /etc/openvpn - doexe "${FILESDIR}/up.sh" - doexe "${FILESDIR}/down.sh" - - # Install the init script and config file - newinitd "${FILESDIR}/${PN}-2.1.init" openvpn - newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn - - # install examples, controlled by the respective useflag - if use examples ; then - # dodoc does not supportly support directory traversal, #15193 - insinto /usr/share/doc/${PF}/examples - doins -r sample contrib - fi -} - -pkg_postinst() { - # Add openvpn user so openvpn servers can drop privs - # Clients should run as root so they can change ip addresses, - # dns information and other such things. - enewgroup openvpn - enewuser openvpn "" "" "" openvpn - - if use x64-macos; then - elog "You might want to install tuntaposx for TAP interface support:" - elog "http://tuntaposx.sourceforge.net" - fi - - elog "The openvpn init script expects to find the configuration file" - elog "openvpn.conf in /etc/openvpn along with any extra files it may need." - elog "" - elog "To create more VPNs, simply create a new .conf file for it and" - elog "then create a symlink to the openvpn init script from a link called" - elog "openvpn.newconfname - like so" - elog " cd /etc/openvpn" - elog " ${EDITOR##*/} foo.conf" - elog " cd /etc/init.d" - elog " ln -s openvpn openvpn.foo" - elog "" - elog "You can then treat openvpn.foo as any other service, so you can" - elog "stop one vpn and start another if you need to." - - if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then - ewarn "" - ewarn "WARNING: If you use the remote keyword then you are deemed to be" - ewarn "a client by our init script and as such we force up,down scripts." - ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you" - ewarn "can move your scripts to." - fi - - if use plugins ; then - einfo "" - einfo "plugins have been installed into /usr/$(get_libdir)/${PN}/plugins" - fi -} diff --git a/net-vpn/openvpn/openvpn-2.4.6.ebuild b/net-vpn/openvpn/openvpn-2.4.6.ebuild deleted file mode 100644 index eb359996e004..000000000000 --- a/net-vpn/openvpn/openvpn-2.4.6.ebuild +++ /dev/null @@ -1,156 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit autotools flag-o-matic user systemd linux-info - -DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes" -SRC_URI="https://swupdate.openvpn.net/community/releases/${P}.tar.gz - test? ( https://raw.githubusercontent.com/OpenVPN/${PN}/v${PV}/tests/unit_tests/${PN}/mock_msg.h )" -HOMEPAGE="https://openvpn.net/" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x86-macos" - -IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam" -IUSE+=" pkcs11 +plugins selinux +ssl systemd test userland_BSD" - -RESTRICT="!test? ( test )" -REQUIRED_USE="pkcs11? ( ssl ) - !plugins? ( !pam !down-root ) - inotify? ( plugins )" - -CDEPEND=" - kernel_linux? ( - iproute2? ( sys-apps/iproute2[-minimal] ) - !iproute2? ( >=sys-apps/net-tools-1.60_p20160215155418 ) - ) - pam? ( sys-libs/pam ) - ssl? ( - !mbedtls? ( - !libressl? ( >=dev-libs/openssl-0.9.8:0= ) - libressl? ( dev-libs/libressl:0= ) - ) - mbedtls? ( net-libs/mbedtls ) - ) - lz4? ( app-arch/lz4 ) - lzo? ( >=dev-libs/lzo-1.07 ) - pkcs11? ( >=dev-libs/pkcs11-helper-1.11 ) - systemd? ( sys-apps/systemd )" -DEPEND="${CDEPEND} - test? ( dev-util/cmocka )" -RDEPEND="${CDEPEND} - selinux? ( sec-policy/selinux-openvpn )" - -CONFIG_CHECK="~TUN" - -PATCHES=( - "${FILESDIR}/${PN}-external-cmocka.patch" - "${FILESDIR}/${PN}-2.4.5-libressl-macro-fix.patch" -) - -pkg_setup() { - linux-info_pkg_setup -} - -src_prepare() { - default - eautoreconf - - if use test; then - cp "${DISTDIR}/mock_msg.h" tests/unit_tests/${PN} || die - fi -} - -src_configure() { - SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \ - TMPFILES_DIR="/usr/lib/tmpfiles.d" \ - IFCONFIG=/bin/ifconfig \ - ROUTE=/bin/route \ - econf \ - $(use_enable inotify async-push) \ - $(use_enable ssl crypto) \ - $(use_with ssl crypto-library $(usex mbedtls mbedtls openssl)) \ - $(use_enable lz4) \ - $(use_enable lzo) \ - $(use_enable pkcs11) \ - $(use_enable plugins) \ - $(use_enable iproute2) \ - $(use_enable pam plugin-auth-pam) \ - $(use_enable down-root plugin-down-root) \ - $(use_enable test tests) \ - $(use_enable systemd) -} - -src_test() { - make check || die "top-level tests failed" - pushd tests/unit_tests > /dev/null || die - make check || die "unit tests failed" - popd > /dev/null || die -} - -src_install() { - default - find "${ED}/usr" -name '*.la' -delete - # install documentation - dodoc AUTHORS ChangeLog PORTS README README.IPv6 - - # Install some helper scripts - keepdir /etc/openvpn - exeinto /etc/openvpn - doexe "${FILESDIR}/up.sh" - doexe "${FILESDIR}/down.sh" - - # Install the init script and config file - newinitd "${FILESDIR}/${PN}-2.1.init" openvpn - newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn - - # install examples, controlled by the respective useflag - if use examples ; then - # dodoc does not supportly support directory traversal, #15193 - insinto /usr/share/doc/${PF}/examples - doins -r sample contrib - fi -} - -pkg_postinst() { - # Add openvpn user so openvpn servers can drop privs - # Clients should run as root so they can change ip addresses, - # dns information and other such things. - enewgroup openvpn - enewuser openvpn "" "" "" openvpn - - if use x64-macos; then - elog "You might want to install tuntaposx for TAP interface support:" - elog "http://tuntaposx.sourceforge.net" - fi - - elog "The openvpn init script expects to find the configuration file" - elog "openvpn.conf in /etc/openvpn along with any extra files it may need." - elog "" - elog "To create more VPNs, simply create a new .conf file for it and" - elog "then create a symlink to the openvpn init script from a link called" - elog "openvpn.newconfname - like so" - elog " cd /etc/openvpn" - elog " ${EDITOR##*/} foo.conf" - elog " cd /etc/init.d" - elog " ln -s openvpn openvpn.foo" - elog "" - elog "You can then treat openvpn.foo as any other service, so you can" - elog "stop one vpn and start another if you need to." - - if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then - ewarn "" - ewarn "WARNING: If you use the remote keyword then you are deemed to be" - ewarn "a client by our init script and as such we force up,down scripts." - ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you" - ewarn "can move your scripts to." - fi - - if use plugins ; then - einfo "" - einfo "plugins have been installed into /usr/$(get_libdir)/${PN}/plugins" - fi -} diff --git a/net-vpn/openvpn/openvpn-2.4.7-r1.ebuild b/net-vpn/openvpn/openvpn-2.4.7-r1.ebuild deleted file mode 100644 index 845ec4ad7b0f..000000000000 --- a/net-vpn/openvpn/openvpn-2.4.7-r1.ebuild +++ /dev/null @@ -1,157 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit autotools flag-o-matic user systemd linux-info - -DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes" -SRC_URI="https://github.com/OpenVPN/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz - test? ( https://raw.githubusercontent.com/OpenVPN/${PN}/v${PV}/tests/unit_tests/${PN}/mock_msg.h )" -HOMEPAGE="https://openvpn.net/" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x86-macos" - -IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam" -IUSE+=" pkcs11 +plugins selinux +ssl systemd test userland_BSD" - -RESTRICT="!test? ( test )" -REQUIRED_USE="pkcs11? ( ssl ) - !plugins? ( !pam !down-root ) - inotify? ( plugins )" - -CDEPEND=" - kernel_linux? ( - iproute2? ( sys-apps/iproute2[-minimal] ) - !iproute2? ( >=sys-apps/net-tools-1.60_p20160215155418 ) - ) - pam? ( sys-libs/pam ) - ssl? ( - !mbedtls? ( - !libressl? ( >=dev-libs/openssl-0.9.8:0= ) - libressl? ( dev-libs/libressl:0= ) - ) - mbedtls? ( net-libs/mbedtls:= ) - ) - lz4? ( app-arch/lz4 ) - lzo? ( >=dev-libs/lzo-1.07 ) - pkcs11? ( >=dev-libs/pkcs11-helper-1.11 ) - systemd? ( sys-apps/systemd )" -DEPEND="${CDEPEND} - test? ( dev-util/cmocka )" -RDEPEND="${CDEPEND} - selinux? ( sec-policy/selinux-openvpn )" - -CONFIG_CHECK="~TUN" - -PATCHES=( - "${FILESDIR}/${PN}-external-cmocka.patch" - "${FILESDIR}/${PN}-2.4.5-libressl-macro-fix.patch" - "${FILESDIR}/${P}-libressl.patch" -) - -pkg_setup() { - linux-info_pkg_setup -} - -src_prepare() { - default - eautoreconf - - if use test; then - cp "${DISTDIR}/mock_msg.h" tests/unit_tests/${PN} || die - fi -} - -src_configure() { - SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \ - TMPFILES_DIR="/usr/lib/tmpfiles.d" \ - IFCONFIG=/bin/ifconfig \ - ROUTE=/bin/route \ - econf \ - $(use_enable inotify async-push) \ - $(use_enable ssl crypto) \ - $(use_with ssl crypto-library $(usex mbedtls mbedtls openssl)) \ - $(use_enable lz4) \ - $(use_enable lzo) \ - $(use_enable pkcs11) \ - $(use_enable plugins) \ - $(use_enable iproute2) \ - $(use_enable pam plugin-auth-pam) \ - $(use_enable down-root plugin-down-root) \ - $(use_enable test tests) \ - $(use_enable systemd) -} - -src_test() { - make check || die "top-level tests failed" - pushd tests/unit_tests > /dev/null || die - make check || die "unit tests failed" - popd > /dev/null || die -} - -src_install() { - default - find "${ED}/usr" -name '*.la' -delete - # install documentation - dodoc AUTHORS ChangeLog PORTS README README.IPv6 - - # Install some helper scripts - keepdir /etc/openvpn - exeinto /etc/openvpn - doexe "${FILESDIR}/up.sh" - doexe "${FILESDIR}/down.sh" - - # Install the init script and config file - newinitd "${FILESDIR}/${PN}-2.1.init" openvpn - newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn - - # install examples, controlled by the respective useflag - if use examples ; then - # dodoc does not supportly support directory traversal, #15193 - insinto /usr/share/doc/${PF}/examples - doins -r sample contrib - fi -} - -pkg_postinst() { - # Add openvpn user so openvpn servers can drop privs - # Clients should run as root so they can change ip addresses, - # dns information and other such things. - enewgroup openvpn - enewuser openvpn "" "" "" openvpn - - if use x64-macos; then - elog "You might want to install tuntaposx for TAP interface support:" - elog "http://tuntaposx.sourceforge.net" - fi - - elog "The openvpn init script expects to find the configuration file" - elog "openvpn.conf in /etc/openvpn along with any extra files it may need." - elog "" - elog "To create more VPNs, simply create a new .conf file for it and" - elog "then create a symlink to the openvpn init script from a link called" - elog "openvpn.newconfname - like so" - elog " cd /etc/openvpn" - elog " ${EDITOR##*/} foo.conf" - elog " cd /etc/init.d" - elog " ln -s openvpn openvpn.foo" - elog "" - elog "You can then treat openvpn.foo as any other service, so you can" - elog "stop one vpn and start another if you need to." - - if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then - ewarn "" - ewarn "WARNING: If you use the remote keyword then you are deemed to be" - ewarn "a client by our init script and as such we force up,down scripts." - ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you" - ewarn "can move your scripts to." - fi - - if use plugins ; then - einfo "" - einfo "plugins have been installed into /usr/$(get_libdir)/${PN}/plugins" - fi -} diff --git a/net-vpn/openvpn/openvpn-2.4.8.ebuild b/net-vpn/openvpn/openvpn-2.4.8.ebuild deleted file mode 100644 index 0310e511f604..000000000000 --- a/net-vpn/openvpn/openvpn-2.4.8.ebuild +++ /dev/null @@ -1,145 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools flag-o-matic systemd linux-info - -DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes" -SRC_URI="https://github.com/OpenVPN/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" -HOMEPAGE="https://openvpn.net/" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos" - -IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam" -IUSE+=" pkcs11 +plugins selinux +ssl systemd test userland_BSD" - -RESTRICT="!test? ( test )" -REQUIRED_USE="pkcs11? ( ssl ) - !plugins? ( !pam !down-root ) - inotify? ( plugins ) -" - -CDEPEND=" - kernel_linux? ( - iproute2? ( sys-apps/iproute2[-minimal] ) - !iproute2? ( >=sys-apps/net-tools-1.60_p20160215155418 ) - ) - pam? ( sys-libs/pam ) - ssl? ( - !mbedtls? ( - !libressl? ( >=dev-libs/openssl-0.9.8:0= ) - libressl? ( dev-libs/libressl:0= ) - ) - mbedtls? ( net-libs/mbedtls:= ) - ) - lz4? ( app-arch/lz4 ) - lzo? ( >=dev-libs/lzo-1.07 ) - pkcs11? ( >=dev-libs/pkcs11-helper-1.11 ) - systemd? ( sys-apps/systemd ) -" -DEPEND="${CDEPEND} - test? ( dev-util/cmocka ) -" -RDEPEND="${CDEPEND} - acct-group/openvpn - acct-user/openvpn - selinux? ( sec-policy/selinux-openvpn ) -" - -CONFIG_CHECK="~TUN" - -pkg_setup() { - linux-info_pkg_setup -} - -src_prepare() { - default - eautoreconf -} - -src_configure() { - SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \ - TMPFILES_DIR="/usr/lib/tmpfiles.d" \ - IFCONFIG=/bin/ifconfig \ - ROUTE=/bin/route \ - econf \ - $(use_enable inotify async-push) \ - $(use_enable ssl crypto) \ - $(use_with ssl crypto-library $(usex mbedtls mbedtls openssl)) \ - $(use_enable lz4) \ - $(use_enable lzo) \ - $(use_enable pkcs11) \ - $(use_enable plugins) \ - $(use_enable iproute2) \ - $(use_enable pam plugin-auth-pam) \ - $(use_enable down-root plugin-down-root) \ - $(use_enable systemd) -} - -src_test() { - make check || die "top-level tests failed" - pushd tests/unit_tests > /dev/null || die - make check || die "unit tests failed" - popd > /dev/null || die -} - -src_install() { - default - find "${ED}/usr" -name '*.la' -delete - # install documentation - dodoc AUTHORS ChangeLog PORTS README README.IPv6 - - # Install some helper scripts - keepdir /etc/openvpn - exeinto /etc/openvpn - doexe "${FILESDIR}/up.sh" - doexe "${FILESDIR}/down.sh" - - # Install the init script and config file - newinitd "${FILESDIR}/${PN}-2.1.init" openvpn - newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn - - # install examples, controlled by the respective useflag - if use examples ; then - # dodoc does not supportly support directory traversal, #15193 - docinto /usr/share/doc/${PF}/examples - dodoc -r sample contrib - fi -} - -pkg_postinst() { - if use x64-macos; then - elog "You might want to install tuntaposx for TAP interface support:" - elog "http://tuntaposx.sourceforge.net" - fi - - elog "The openvpn init script expects to find the configuration file" - elog "openvpn.conf in /etc/openvpn along with any extra files it may need." - elog "" - elog "To create more VPNs, simply create a new .conf file for it and" - elog "then create a symlink to the openvpn init script from a link called" - elog "openvpn.newconfname - like so" - elog " cd /etc/openvpn" - elog " ${EDITOR##*/} foo.conf" - elog " cd /etc/init.d" - elog " ln -s openvpn openvpn.foo" - elog "" - elog "You can then treat openvpn.foo as any other service, so you can" - elog "stop one vpn and start another if you need to." - - if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then - ewarn "" - ewarn "WARNING: If you use the remote keyword then you are deemed to be" - ewarn "a client by our init script and as such we force up,down scripts." - ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you" - ewarn "can move your scripts to." - fi - - if use plugins ; then - einfo "" - einfo "plugins have been installed into /usr/$(get_libdir)/${PN}/plugins" - fi -} diff --git a/net-vpn/openvpn/openvpn-2.4.9.ebuild b/net-vpn/openvpn/openvpn-2.4.9.ebuild index 684a4871fe82..9e3998296da6 100644 --- a/net-vpn/openvpn/openvpn-2.4.9.ebuild +++ b/net-vpn/openvpn/openvpn-2.4.9.ebuild @@ -11,7 +11,7 @@ HOMEPAGE="https://openvpn.net/" LICENSE="GPL-2" SLOT="0" -KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~mips ppc ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x86-macos" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x86-macos" IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam" IUSE+=" pkcs11 +plugins selinux +ssl systemd test userland_BSD" @@ -61,22 +61,34 @@ src_prepare() { } src_configure() { + local myeconfargs=( + $(use_enable inotify async-push) + $(use_enable ssl crypto) + ) + if use ssl; then + myeconfargs+=( + $(use_with ssl crypto-library $(usex mbedtls mbedtls openssl)) + ) + if use libressl || ! use mbedtls; then + myeconfargs+=( + $(use_enable pkcs11) + ) + fi + fi + myeconfargs+=( + $(use_enable lz4) + $(use_enable lzo) + $(use_enable plugins) + $(use_enable iproute2) + $(use_enable pam plugin-auth-pam) + $(use_enable down-root plugin-down-root) + $(use_enable systemd) + ) SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \ TMPFILES_DIR="/usr/lib/tmpfiles.d" \ IFCONFIG=/bin/ifconfig \ ROUTE=/bin/route \ - econf \ - $(use_enable inotify async-push) \ - $(use_enable ssl crypto) \ - $(use_with ssl crypto-library $(usex mbedtls mbedtls openssl)) \ - $(use_enable lz4) \ - $(use_enable lzo) \ - $(use_enable pkcs11) \ - $(use_enable plugins) \ - $(use_enable iproute2) \ - $(use_enable pam plugin-auth-pam) \ - $(use_enable down-root plugin-down-root) \ - $(use_enable systemd) + econf "${myeconfargs[@]}" } src_test() { diff --git a/net-vpn/peervpn/Manifest b/net-vpn/peervpn/Manifest index 488154f9606d..72f994dc8641 100644 --- a/net-vpn/peervpn/Manifest +++ b/net-vpn/peervpn/Manifest @@ -3,5 +3,5 @@ AUX peervpn.initd 590 BLAKE2B 39a2ec06a71eb99de9a37cd42b05c63fd07af042b8b48652e0 AUX peervpn.logrotated 87 BLAKE2B c6b72aed372a87d766a9ba0e69b48929fd2484743c5576f9d87333be3a241479794f83d201e366483dee30aee48a4e5a2ad9fb7e6864f84bb9e4b47556dfaf67 SHA512 474d2cd0c92786d5b7b45604a235a9102197e9e3520c812db86c1183bc0ab0963dbbb538ff684a44bc47184eb3e87d77e6b2ddab72c52fccca529cc16f56f515 AUX peervpn.service 256 BLAKE2B 51abeea30d4ebe81a7b9acf1ae0e5e8b65ddcaedd4ae2c3f0e6ab3e4524d75d9848328bfed737f8b39effeedd68e7d7ed9f1376ac144ae27c4d77b0603fdd496 SHA512 d2d7336ed77324f30d3a4d83fe47b43bbafc3340525eac862bd7637e3a72a70dba1dc9ea21ed59e1606c8d1c03c3ee5ab9da73b49e71cf70e536369ae9ecf01c DIST peervpn-0.044.tar.gz 81948 BLAKE2B 7fcf4805846b304c8d26ab06a5f56fa7aa281eab05860f192e635ba12173954cd00502328239771b1882b0b74c8f24f796c51e86fd5d39765f51d2aa26953c6b SHA512 5dd8e056287a905f3aaddf93d6dad917047e6f7da30942f412ff7b2846afd26fb9f4e500cfcb76966b4045db2a37096f1aa43b87e777ff31c2e467aa0415cdba -EBUILD peervpn-0.044-r4.ebuild 1612 BLAKE2B 6c8c2aa310a0dc62a44c9b71c39e5fecd82e725bdcba6e45bbcd2adbe482ba2f7d077765a87cfa889a2a03697fb4b7ae9d8ba05400b5db253bd08d16dbb70f2f SHA512 2e3819dbf047301ac4acaa2799cb0c24c1f24f8a7b1df7ab52128df342aeef2ce8742b5b6a6e50deaf1df08ca24b7976340ad4908852194878cf7268b469107e +EBUILD peervpn-0.044-r5.ebuild 1984 BLAKE2B 06f2d9ccae4306a25c09cc6f4e88667cf99512f15bb8e44160e3a4abcb047780dae809b80886719550a5d9726af45ea06d4e76916904b9ce4efcff528a33892a SHA512 aa5dbbe642f80062f87e0696ca24cb6e0b5b6972c6e21ebcca8f1967adc2ab42566b3087f1c370e6c4be9ffe019a09c475a3a09f2af92a106a65091a167ce21a MISC metadata.xml 306 BLAKE2B 23943cc835dbc20f40533bd627de75557c7995bb72195979385903e53834c0961fd4b3e0346aabf10020aa9df18a619e138a1504e9e1f1614fda1a840a0d0f1e SHA512 29286f5271bd2e6cb8aa39d626bc581cdfce7206e3a76e964418b460c20ab844e096a009db6c3ef1f3bc09f56622a2e388bce8aeeedd3be65d936e244915a7db diff --git a/net-vpn/peervpn/peervpn-0.044-r4.ebuild b/net-vpn/peervpn/peervpn-0.044-r5.ebuild index 0415a2741e17..a768d8ee2efb 100644 --- a/net-vpn/peervpn/peervpn-0.044-r4.ebuild +++ b/net-vpn/peervpn/peervpn-0.044-r5.ebuild @@ -1,7 +1,7 @@ -# Copyright 1999-2019 Gentoo Authors +# Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=6 +EAPI=7 inherit systemd toolchain-funcs user @@ -57,12 +57,19 @@ src_install() { pkg_preinst() { if ! has_version '>=net-vpn/peervpn-0.044-r4' && \ - [[ -d ${EROOT}etc/${PN} && - $(find "${EROOT}etc/${PN}" -user "${PN}" ! -type l -print) ]]; then - ewarn "Tightening '${EROOT}etc/${PN}' permissions for bug 629418" + [[ -d ${EROOT}/etc/${PN} && ! -L ${EROOT}/etc/${PN} && + $(find "${EROOT}/etc/${PN}" -maxdepth 1 -user "${PN}" ! -type l -print) ]]; then + ewarn "Tightening '${EROOT}/etc/${PN}' permissions for bug 629418" + # Tighten the parent directory permissions first, in + # order to protect against race conditions involving a + # less-privileged user. + chown root:${PN} "${EROOT}/etc/${PN}" + chmod g+rX-w,o-rwx "${EROOT}/etc/${PN}" + # Don't chown/chmod the referent of a symlink + # owned by a less-privileged user. while read -r -d ''; do chown root:${PN} "${REPLY}" || die chmod g+rX-w,o-rwx "${REPLY}" || die - done < <(find "${EROOT}etc/${PN}" -user "${PN}" ! -type l -print0) + done < <(find "${EROOT}/etc/${PN}" -mindepth 1 -maxdepth 1 -user "${PN}" ! -type l -print0) fi } diff --git a/net-vpn/strongswan/Manifest b/net-vpn/strongswan/Manifest index 0cc1777affef..5edd695fa9e3 100644 --- a/net-vpn/strongswan/Manifest +++ b/net-vpn/strongswan/Manifest @@ -2,6 +2,8 @@ AUX ipsec 451 BLAKE2B deb3fff7043e04c1630119bb0cbbd6fa9b6f15666131ac9744a32d35cf AUX strongswan-5.8.2-gcc-10.patch 1276 BLAKE2B 217fdbc9f858ce01ca13ccc3572d3ea7eae2d059ec6979e5263b919cee6da3eef2681a413265a1b78a267840d06341531d3676b9f5aa58717b577e976beeff5c SHA512 3762446b8bb0acce29882172afb826cc52be94187f28cbdb125be53a7b3c0f1229c1069194be7d96d7315ad056021d9271fe9f8b1d68980df6bc97ddc3d84aa7 DIST strongswan-5.8.1.tar.bz2 4517921 BLAKE2B 07a82309515a054b267a063fc0e2f49fd03d16b221b1ee26a33c8d367df140797320e1ef7007a39074e40c472022d941656b3ae93d2eb860152cdc5a5d3dbc8a SHA512 630d24643b3d61e931bb25cdd083ad3c55f92fe41f3fcd3198012eee486fb3b1a16dc3f80936162afb7da9e471d45d92b7d183a00153a558babb2a79e5f6813f DIST strongswan-5.8.2.tar.bz2 4533402 BLAKE2B edbfa8dbe1ac00c140cfe9e906ac7aa1b6f3ddfd528dec84e7b1799e5ecdd0f6114679168ebcff9185c8abae78b46dfc43ddc4dabecd44f720285bd175d7a249 SHA512 423e7924acfe8a03ad7d4359ae9086fd516798fcf5eb948a27b52ea719f4d8954b83ea30ce94191ea1647616611df8a1215cb4d5c7ec48676624df6c41853e1d +DIST strongswan-5.8.4.tar.bz2 4546240 BLAKE2B f58f53a17c02924a3ad75bfadd5956f62098c41468ec5fe8d51bf0f0465c8936d8ca846a41a0b6ff6ac24ccd2229e726d3ea2b48904abf5743bbe766e5f5f81c SHA512 15e866b0d6cc4ea94f17856b519d926ae08c15d3b62f675f62685d0722ca8fa26b46afb1ad1c866e9d5f347d77a747f57d0c6d7f6bd57762f37d7798f9e28103 EBUILD strongswan-5.8.1.ebuild 9507 BLAKE2B 3912bd097b1c8f7d5b5aed00ff9396b2863ae3165f9f656e4dd6f0793f9b02d321115f23ad3c21558d6b2be13ebd6f14d28513209a703c61870b528cde566ec3 SHA512 17b8df9b5eab7c26425208e3d14d1b2596f3373d88314337cc2d397da574665d94bdca61a35ed6a143e5bc807f4b5514f7066841802a328b18f693c28e434fb9 EBUILD strongswan-5.8.2.ebuild 9554 BLAKE2B 973ba926d32ac8d506925b2cabc0bc131571a4dd49627420bf0b8a528fedad36e2d734db07d66a5e0a24cf01a262398988b1854ad56c494e803622a66be16cb7 SHA512 f1b8267dfd94967a10d159a04c8aa9e1f558be69c30d6f6ce851845b25f6e87e0f788b079409ac2efdad1311b8d4ae7472ef6a9bb09a7fe1fe66a6ef4e16ad52 +EBUILD strongswan-5.8.4.ebuild 9511 BLAKE2B c512f2d683468f13ba7393c20ab1917c1cab56fb3389382bdec3571f0f30282accdd72182f626afd8e3203cbb404f336fa0c4e1b297d4c5a22a465155dd01fe5 SHA512 659a2196f090442a7cb721efc462210e530c089b8f9af319dbad718b3ed60d401e92c0201bddeaafe63dd12bd958e23dcb391198f3ca8e390a9a3d91a45448a5 MISC metadata.xml 4135 BLAKE2B 13739675c455765d7ce73df9744779636d36d3f93eee4567c931fb40e528e56d34912e26a82bd35e377fbd34613c0b7044841ff6c2dc26694187d0de355f8b86 SHA512 e09ef1afdf5002dab542312753cbce56e830b906aa5c5ac8fd5c7b57cbaf021eb0c466241cf810f446693b8dedd90f185f3e2c7a53a0b9a43e14913dcdd83b23 diff --git a/net-vpn/strongswan/strongswan-5.8.4.ebuild b/net-vpn/strongswan/strongswan-5.8.4.ebuild new file mode 100644 index 000000000000..aa83509c3d2d --- /dev/null +++ b/net-vpn/strongswan/strongswan-5.8.4.ebuild @@ -0,0 +1,308 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" +inherit linux-info systemd user + +DESCRIPTION="IPsec-based VPN solution, supporting IKEv1/IKEv2 and MOBIKE" +HOMEPAGE="https://www.strongswan.org/" +SRC_URI="https://download.strongswan.org/${P}.tar.bz2" + +LICENSE="GPL-2 RSA DES" +SLOT="0" +KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86" +IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite systemd pam pkcs11" + +STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici" +STRONGSWAN_PLUGINS_OPT="aesni blowfish ccm chapoly ctr forecast gcm ha ipseckey newhope ntru padlock rdrand save-keys unbound whitelist" +for mod in $STRONGSWAN_PLUGINS_STD; do + IUSE="${IUSE} +strongswan_plugins_${mod}" +done + +for mod in $STRONGSWAN_PLUGINS_OPT; do + IUSE="${IUSE} strongswan_plugins_${mod}" +done + +COMMON_DEPEND="!net-misc/openswan + gmp? ( >=dev-libs/gmp-4.1.5:= ) + gcrypt? ( dev-libs/libgcrypt:0 ) + caps? ( sys-libs/libcap ) + curl? ( net-misc/curl ) + ldap? ( net-nds/openldap ) + openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist] ) + mysql? ( dev-db/mysql-connector-c:= ) + sqlite? ( >=dev-db/sqlite-3.3.1 ) + systemd? ( sys-apps/systemd ) + networkmanager? ( net-misc/networkmanager ) + pam? ( sys-libs/pam ) + strongswan_plugins_unbound? ( net-dns/unbound:= net-libs/ldns )" +DEPEND="${COMMON_DEPEND} + virtual/linux-sources + sys-kernel/linux-headers" +RDEPEND="${COMMON_DEPEND} + virtual/logger + sys-apps/iproute2 + !net-vpn/libreswan + selinux? ( sec-policy/selinux-ipsec )" + +UGID="ipsec" + +pkg_setup() { + linux-info_pkg_setup + + elog "Linux kernel version: ${KV_FULL}" + + if ! kernel_is -ge 2 6 16; then + eerror + eerror "This ebuild currently only supports ${PN} with the" + eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16." + eerror + fi + + if kernel_is -lt 2 6 34; then + ewarn + ewarn "IMPORTANT KERNEL NOTES: Please read carefully..." + ewarn + + if kernel_is -lt 2 6 29; then + ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to" + ewarn "include all required IPv6 modules even if you just intend" + ewarn "to run on IPv4 only." + ewarn + ewarn "This has been fixed with kernels >= 2.6.29." + ewarn + fi + + if kernel_is -lt 2 6 33; then + ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards" + ewarn "compliant implementation for SHA-2 HMAC support in ESP and" + ewarn "miss SHA384 and SHA512 HMAC support altogether." + ewarn + ewarn "If you need any of those features, please use kernel >= 2.6.33." + ewarn + fi + + if kernel_is -lt 2 6 34; then + ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only" + ewarn "ESP cipher is only included in kernels >= 2.6.34." + ewarn + ewarn "If you need it, please use kernel >= 2.6.34." + ewarn + fi + fi + + if use non-root; then + enewgroup ${UGID} + enewuser ${UGID} -1 -1 -1 ${UGID} + fi +} + +src_configure() { + local myconf="" + + if use non-root; then + myconf="${myconf} --with-user=${UGID} --with-group=${UGID}" + fi + + # If a user has already enabled db support, those plugins will + # most likely be desired as well. Besides they don't impose new + # dependencies and come at no cost (except for space). + if use mysql || use sqlite; then + myconf="${myconf} --enable-attr-sql --enable-sql" + fi + + # strongSwan builds and installs static libs by default which are + # useless to the user (and to strongSwan for that matter) because no + # header files or alike get installed... so disabling them is safe. + if use pam && use eap; then + myconf="${myconf} --enable-eap-gtc" + else + myconf="${myconf} --disable-eap-gtc" + fi + + for mod in $STRONGSWAN_PLUGINS_STD; do + if use strongswan_plugins_${mod}; then + myconf+=" --enable-${mod}" + fi + done + + for mod in $STRONGSWAN_PLUGINS_OPT; do + if use strongswan_plugins_${mod}; then + myconf+=" --enable-${mod}" + fi + done + + econf \ + --disable-static \ + --enable-ikev1 \ + --enable-ikev2 \ + --enable-swanctl \ + --enable-socket-dynamic \ + $(use_enable curl) \ + $(use_enable constraints) \ + $(use_enable ldap) \ + $(use_enable debug leak-detective) \ + $(use_enable dhcp) \ + $(use_enable eap eap-sim) \ + $(use_enable eap eap-sim-file) \ + $(use_enable eap eap-simaka-sql) \ + $(use_enable eap eap-simaka-pseudonym) \ + $(use_enable eap eap-simaka-reauth) \ + $(use_enable eap eap-identity) \ + $(use_enable eap eap-md5) \ + $(use_enable eap eap-aka) \ + $(use_enable eap eap-aka-3gpp2) \ + $(use_enable eap md4) \ + $(use_enable eap eap-mschapv2) \ + $(use_enable eap eap-radius) \ + $(use_enable eap eap-tls) \ + $(use_enable eap eap-ttls) \ + $(use_enable eap xauth-eap) \ + $(use_enable eap eap-dynamic) \ + $(use_enable farp) \ + $(use_enable gmp) \ + $(use_enable gcrypt) \ + $(use_enable mysql) \ + $(use_enable networkmanager nm) \ + $(use_enable openssl) \ + $(use_enable pam xauth-pam) \ + $(use_enable pkcs11) \ + $(use_enable sqlite) \ + $(use_enable systemd) \ + $(use_with caps capabilities libcap) \ + --with-piddir=/run \ + --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \ + ${myconf} +} + +src_install() { + emake DESTDIR="${D}" install + + if ! use systemd; then + rm -rf "${ED}"/lib/systemd || die + fi + + doinitd "${FILESDIR}"/ipsec + + local dir_ugid + if use non-root; then + fowners ${UGID}:${UGID} \ + /etc/ipsec.conf \ + /etc/strongswan.conf + + dir_ugid="${UGID}" + else + dir_ugid="root" + fi + + diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid} + dodir /etc/ipsec.d \ + /etc/ipsec.d/aacerts \ + /etc/ipsec.d/acerts \ + /etc/ipsec.d/cacerts \ + /etc/ipsec.d/certs \ + /etc/ipsec.d/crls \ + /etc/ipsec.d/ocspcerts \ + /etc/ipsec.d/private \ + /etc/ipsec.d/reqs + + dodoc NEWS README TODO + + # shared libs are used only internally and there are no static libs, + # so it's safe to get rid of the .la files + find "${D}" -name '*.la' -delete || die "Failed to remove .la files." +} + +pkg_preinst() { + has_version "<net-vpn/strongswan-4.3.6-r1" + upgrade_from_leq_4_3_6=$(( !$? )) + + has_version "<net-vpn/strongswan-4.3.6-r1[-caps]" + previous_4_3_6_with_caps=$(( !$? )) +} + +pkg_postinst() { + if ! use openssl && ! use gcrypt; then + elog + elog "${PN} has been compiled without both OpenSSL and libgcrypt support." + elog "Please note that this might effect availability and speed of some" + elog "cryptographic features. You are advised to enable the OpenSSL plugin." + elif ! use openssl; then + elog + elog "${PN} has been compiled without the OpenSSL plugin. This might effect" + elog "availability and speed of some cryptographic features. There will be" + elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21," + elog "25, 26) and ECDSA." + fi + + if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then + chmod 0750 "${ROOT}"/etc/ipsec.d \ + "${ROOT}"/etc/ipsec.d/aacerts \ + "${ROOT}"/etc/ipsec.d/acerts \ + "${ROOT}"/etc/ipsec.d/cacerts \ + "${ROOT}"/etc/ipsec.d/certs \ + "${ROOT}"/etc/ipsec.d/crls \ + "${ROOT}"/etc/ipsec.d/ocspcerts \ + "${ROOT}"/etc/ipsec.d/private \ + "${ROOT}"/etc/ipsec.d/reqs + + ewarn + ewarn "The default permissions for /etc/ipsec.d/* have been tightened for" + ewarn "security reasons. Your system installed directories have been" + ewarn "updated accordingly. Please check if necessary." + ewarn + + if [[ $previous_4_3_6_with_caps == 1 ]]; then + if ! use non-root; then + ewarn + ewarn "IMPORTANT: You previously had ${PN} installed without root" + ewarn "privileges because it was implied by the 'caps' USE flag." + ewarn "This has been changed. If you want ${PN} with user privileges," + ewarn "you have to re-emerge it with the 'non-root' USE flag enabled." + ewarn + fi + fi + fi + if ! use caps && ! use non-root; then + ewarn + ewarn "You have decided to run ${PN} with root privileges and built it" + ewarn "without support for POSIX capability dropping. It is generally" + ewarn "strongly suggested that you reconsider- especially if you intend" + ewarn "to run ${PN} as server with a public ip address." + ewarn + ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled." + ewarn + fi + if use non-root; then + elog + elog "${PN} has been installed without superuser privileges (USE=non-root)." + elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'" + elog "but also a few to the IKEv2 daemon 'charon'." + elog + elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot" + elog + elog "pluto uses a helper script by default to insert/remove routing and" + elog "policy rules upon connection start/stop which requires superuser" + elog "privileges. charon in contrast does this internally and can do so" + elog "even with reduced (user) privileges." + elog + elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown" + elog "script to pluto or charon which requires superuser privileges, you" + elog "can work around this limitation by using sudo to grant the" + elog "user \"ipsec\" the appropriate rights." + elog "For example (the default case):" + elog "/etc/sudoers:" + elog " ipsec ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/ipsec" + elog "Under the specific connection block in /etc/ipsec.conf:" + elog " leftupdown=\"sudo -E ipsec _updown iptables\"" + elog + fi + elog + elog "Make sure you have _all_ required kernel modules available including" + elog "the appropriate cryptographic algorithms. A list is available at:" + elog " http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules" + elog + elog "The up-to-date manual is available online at:" + elog " http://wiki.strongswan.org/" + elog +} diff --git a/net-vpn/tailscale/Manifest b/net-vpn/tailscale/Manifest index 014dfb548f48..00faa08fef0a 100644 --- a/net-vpn/tailscale/Manifest +++ b/net-vpn/tailscale/Manifest @@ -1,14 +1,9 @@ AUX tailscale.tmpfiles 79 BLAKE2B 8391d38d1ba704d356f894040cf998c42397e567970d285cf0ef82a854b48d534446231597e4e50ef913c03d8540488eb81ef296c8dbd0dc2c61ebd9678ad708 SHA512 9c220d99fae73ef3b8d76d35e137b48254719836087d75859027ae087190e57eaa1de21379efde05cdf285fe4cbd767e2ba9d7280b699695294150d351598c88 AUX tailscaled.confd 147 BLAKE2B abea10fa6d05304a0c953dfd0fa1a4c10054129294d8554846d961457164513a52c551cea2603daffb4cbaeea9c22332dbb32c251dab334e095253ad474206d3 SHA512 db2e0727b84aba6d473a65cee1029fff0058754f1474c1062f37215da51ea85942b5ab3aabfb3f904d47aa5ec5844cab2c7126313dcdca35f10144a7525dd916 AUX tailscaled.initd 416 BLAKE2B b4196852147dad2bf9a948b3d36f2d3b02e18266174d0a1f3b252ceca71132d232fa1de63a1b03992ccb39dcbdbb29b69791bf51e2e130c7192271114887c1e5 SHA512 a65a386715cfd21a02723ec6c7d05f874e0ac370142867c8145a7f9701cce0eacc2861aed69041363ca6e01fa5f87941464c653822ae187f1ea5ab66a1587bd2 -DIST tailscale_0.97-45_386.tgz 11879684 BLAKE2B 690e707e499e6986bd9676875af818f9fc68a7b9a4f66b2384efab4efa0c0d95cabe1a4c816152a7e61d14f33b16f1da00a8e7f9c26950412c2ac971a0ba090b SHA512 c81ae265c20bc2f8e9528b78dd39fd53d74b7a90d354617673912632d6599c9c0b866156ff8032b6a92f8452ae95789fdd0be3db87cf13aca2bb6ecdb13edf28 -DIST tailscale_0.97-45_amd64.tgz 12233156 BLAKE2B 120781c003be7cd244dd8b3659e817aea6567d0c0d4e34f468f2fb584b62a34cadec4e37b5d96076e7b4c9ffc6611b4dd7d41375ce6e54812e89d974af70a558 SHA512 6ed0dc7d847c75b3597deff0febb5a72b07d027e8b4889151c00126d77dd1dc3fd878080a2d0d4737a3b9a5f3b11993e2ff6991fc7e5fde2eed7838239515338 -DIST tailscale_0.97-45_arm.tgz 11328113 BLAKE2B 1ca588dfd8bb2c6e2b79d323b39f919ad2aebbb4c1812330a2875752b102bc461a304fa9c9761bd090d6361a966e04a06128535885383cb5baca0a679013e5b4 SHA512 78d8f44a07365ebc226df9c0a808f8da2a3e1f102db7aae3c9612c5c7e6ed5a32fcf0d43b43f23c507bba7ca4049be7a33c52473cff53d3fd7e9f9ae6b4d84bb -DIST tailscale_0.97-45_arm64.tgz 11321460 BLAKE2B bdaadbb8c384cab4d098b9aabab299767744bc0ada5b31f7510505e5dd83b507b369010ba4d9e96935fbe8cdd9fafe3fd9308d3ccd5aaf829c3aa85887bc144e SHA512 e6a68fe36219024fa01ce0bc5b2ab56614197dade1cdc131ef8f966684fa513e0e51589fc4e7740812f08f05a2b08127a8679de3005b925a613a1bef8675a48f DIST tailscale_0.98-0_386.tgz 11772623 BLAKE2B 085f798bb1aabc8f6e286184428cca84cc552037bb67b503227e7c56acc90b6b9b860d3147498bbdeb5dc39164d472ba4ea441b93a57dd37b5aa4a977f2f1702 SHA512 10bbdbc7da71e018189eb63fe126237bd978cad8169a824f8bf70c065e53bd3d0f2741ce0bf7f810f27f68a273d33caf4cd086acde51956109c0d5317862352e DIST tailscale_0.98-0_amd64.tgz 12080659 BLAKE2B f3935a51c0210930d93c1779022e0e11508a92899fab5ba50c2a14a8670bc03a601de18847c02428971188647b60ba0154b12027c5d4224d47735964fa031ef7 SHA512 119ffa7a7035327b388dbabc118b37cc4af5f0b2bc01a4a757719b37659fefc2363eb48ef68c8009a05bff3cf3caf92a5f918683f49cdb052fc6c618ad08ed45 DIST tailscale_0.98-0_arm.tgz 11276678 BLAKE2B 06e176c8fcd68761b8c3a9399e189b7793d2284315187b77c5c36309d6e5d8ce3a4675531315a47cba54fb402b0f07e02bcf2f9cd4c502f99131d86a1b0e422b SHA512 95913a397d636188d9673d1eca37e3b4fcf87ade0fcf7b69d086b2d05e5d854aba786ace03a1b7f406d02140a0c9197c925a5666c8a3bc1d11e15479f6440deb DIST tailscale_0.98-0_arm64.tgz 11288963 BLAKE2B 4244bcb6ff79dfaece4c82917a39804b6d58ce6a5f0572d19f62d9ba4cd40a0031eb723aee5a12dedc1303fbb8e9926d1b6eb9964080c5f162149dd049f8322b SHA512 b81c90a5a4a999a03c7edeaf65a0a2900771ade17a888ee03c29762c491d9fce605ce77f812949cbc36ad113d8a5ce5d2e21d69e91a7b4b8a87a8fc93129aaf4 -EBUILD tailscale-0.97_p45.ebuild 1148 BLAKE2B 51bdffb3879948dbfa6874f15885d6471bf0f971a3872bf789d49df150458eeacd94b43578f78adb625ee060a1dbf47008fde1229ac90b2f70081e0c6ec3dce1 SHA512 f03e1f52a4cc8893603e9603f38d51bf03a31aa76076c0d521d0cc3e59dc636b2457222343851402283a3dc40ce2417ebc31a799df95f58da3bf11711eba60b1 -EBUILD tailscale-0.98_p0.ebuild 1144 BLAKE2B ab6207222e23e25b2b8a06f228da56d225745326f5435d663b63b02d7fe075988b71b90edff207b857d2997dcd486941f2897472f5372f4c4492d0ae05b40152 SHA512 fd64e1e33fcc11e7b1653f1811368b243fa4eb113e11e281df13118013a39d17380872809611cf75459a7fa08d4e336f628009781d6e07d2bfd1a696fcf1aeb9 +EBUILD tailscale-0.98_p0.ebuild 1149 BLAKE2B 1521c4a30ee1380cb3b0317a0a23d0002a6a6f5ebf9bcc11e719e223d5eb908e4d50dbce367e9a0cac36688e7a83b5f94250c2c5395cac9df8c3a56f7b8db79a SHA512 bfe31ac24857f4840c4c2549256a9ea9567f979f217a4f9c7ce6bedb2e2e30f588074540eacf0ca2b14845eddbca67fabfdd48c8ffa7fe2d7b12ac7736f91f5c MISC metadata.xml 249 BLAKE2B 51ba583d3f040316570785a91020f260c7eacf5a322cc4b905648f547f06f413976d1834f7f010db5b6183aad6d6503f9bccb21e74508b5a5af1a5d96e82c805 SHA512 276a98a5eb50222440ab5bba11bfc895a0f89be2c2f2e561214b97b6138fe7c4341f6ca1fcb29bc03fa5a89844ede7f82a942c20ed649ce3e7da459a1b2481d5 diff --git a/net-vpn/tailscale/tailscale-0.97_p45.ebuild b/net-vpn/tailscale/tailscale-0.97_p45.ebuild deleted file mode 100644 index 42558405f114..000000000000 --- a/net-vpn/tailscale/tailscale-0.97_p45.ebuild +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright 2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit systemd tmpfiles - -DESCRIPTION="Tailscale vpn client" -HOMEPAGE="https://tailscale.com" - -MY_PV="${PV//_p/-}" -MY_P="${PN}_${MY_PV}" -SRC_URI=" - amd64? ( https://pkgs.tailscale.com/stable/${MY_P}_amd64.tgz ) - arm? ( https://pkgs.tailscale.com/stable/${MY_P}_arm.tgz ) - arm64? ( https://pkgs.tailscale.com/stable/${MY_P}_arm64.tgz ) - x86? ( https://pkgs.tailscale.com/stable/${MY_P}_386.tgz ) -" - -LICENSE="MIT" -SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~x86" - -RDEPEND="net-firewall/iptables" - -QA_PRECOMPILED="**" - -src_unpack() { - default - use amd64 && S="${WORKDIR}/${MY_P}_amd64" - use arm && S="${WORKDIR}/${MY_P}_arm" - use arm64 && S="${WORKDIR}/${MY_P}_arm64" - use x86 && S="${WORKDIR}/${MY_P}_386" -} - -src_install() { - dosbin ${PN}d - dobin ${PN} - - systemd_dounit systemd/*.service - insinto /etc/default - newins systemd/tailscaled.defaults ${PN} - keepdir /var/lib/${PN} - fperms 0750 /var/lib/${PN} - - newtmpfiles "${FILESDIR}/${PN}.tmpfiles" ${PN}.conf - - newinitd "${FILESDIR}/${PN}d.initd" ${PN} - newconfd "${FILESDIR}/${PN}d.confd" ${PN} -} diff --git a/net-vpn/tailscale/tailscale-0.98_p0.ebuild b/net-vpn/tailscale/tailscale-0.98_p0.ebuild index 1a9d74fe71a7..4b6378a2c008 100644 --- a/net-vpn/tailscale/tailscale-0.98_p0.ebuild +++ b/net-vpn/tailscale/tailscale-0.98_p0.ebuild @@ -39,7 +39,7 @@ src_install() { systemd_dounit systemd/*.service insinto /etc/default - newins systemd/tailscaled.defaults ${PN} + newins systemd/tailscaled.defaults tailscaled keepdir /var/lib/${PN} fperms 0750 /var/lib/${PN} diff --git a/net-vpn/wireguard-modules/Manifest b/net-vpn/wireguard-modules/Manifest index dd8fa42b1b4e..3ceb6cfce938 100644 --- a/net-vpn/wireguard-modules/Manifest +++ b/net-vpn/wireguard-modules/Manifest @@ -1,5 +1,4 @@ -AUX wireguard-modules-1.0.20200413-sch_generic-header.patch 860 BLAKE2B a3eb14274fd7c9a2d4e04aedb17f6fb87711b4c0d092651137f9b5a1c7aff43894a3a2de88ece6da18c8638a870128d9c61eb5f1fc5b7c9c40d150a95ff046d9 SHA512 2824c822f94c15644b990b1a8c7a9fbe6e752556736eb47e6330a11e7d4bdd1077d922dd41e0f63ef519f427653497014154c1074bd1bfb564fcaeb0ec0b4f6c -DIST wireguard-linux-compat-1.0.20200413.tar.xz 261480 BLAKE2B 4a6e6571ba6e0285b08bb8b08b041cef02fdab99b516dd8717acf0f4cf86308382ed7b4f7333c5a97bd338aa973df83a7c8acd41c7022242700ec8db60f3aa64 SHA512 1df6802bf7bbae9292479b36a0ab54fc486ec0aa97e3c507634e4459b55f6755995ae73758ab169ed279e5d5dcf32bf3f38c18ce156d30f80be8ed77308fa8e8 -EBUILD wireguard-modules-1.0.20200413.ebuild 3499 BLAKE2B e7e3f05f8d854621fbf1ba6f19dbe5bc63c6c8c628b2ffa52594749bb149abc1fd0cc5b693df1422f0ef25a88511d1a203d897f8aa7ffd93b12d9f5d528d22cc SHA512 770a2d3d666560e022de710c0045f9057caa25989119417041d80e479a61628208b4adceb0534494f36ae9acf686b7334f48daca7816765e1e0e2e8acf090b66 +DIST wireguard-linux-compat-1.0.20200506.tar.xz 263228 BLAKE2B cc721009659a64efeab933d25bd901595fee313a0716e8e344d05e51f8458a1cde21b87418a62ad06e94614a28ce0ff26988f1375b74c567e3a827e970b79f15 SHA512 39a27a515919933dbed71624be3f8f3f512073b522e1e16248c9eda749dd72a3db5a02d85d29855160eb182415f489a4c02c1659ef9589507c99dbfe74ea3074 +EBUILD wireguard-modules-1.0.20200506.ebuild 3442 BLAKE2B 81c97ff68c71ce60d343266035852d2128246a3aa1c4ca95d0847904c021c5e4a7bb652d8c531e50be1dcc430fa34e54682462595101fded003af71e97e037e6 SHA512 1979d83d24156acf594edfc23c76e8e30e9a21ef9cd3fd45a06462ba20a30a9c90618852a611793af53424a52e0486a93d9198e18f89b7c57f9e8e06b434c9d5 EBUILD wireguard-modules-9999.ebuild 3442 BLAKE2B 81c97ff68c71ce60d343266035852d2128246a3aa1c4ca95d0847904c021c5e4a7bb652d8c531e50be1dcc430fa34e54682462595101fded003af71e97e037e6 SHA512 1979d83d24156acf594edfc23c76e8e30e9a21ef9cd3fd45a06462ba20a30a9c90618852a611793af53424a52e0486a93d9198e18f89b7c57f9e8e06b434c9d5 MISC metadata.xml 661 BLAKE2B bb9a48b3a4f3162f8ccec522734cbc8ffdc7a92868cc7dc32adc1f7ef89f7b2eab1df573bed421d4b76204f9f38ad4fee45f9db4b41c7dc3b86d9d9bb3120a8f SHA512 e9daa3bb8fa72cc60373a3187610231cf396bc5014f33412b65d069ffd02caa659c426819aa76d46a0dd15e8cb579325b46df5296a3b2136d020ec378e5f98a5 diff --git a/net-vpn/wireguard-modules/files/wireguard-modules-1.0.20200413-sch_generic-header.patch b/net-vpn/wireguard-modules/files/wireguard-modules-1.0.20200413-sch_generic-header.patch deleted file mode 100644 index 8e263e9622a9..000000000000 --- a/net-vpn/wireguard-modules/files/wireguard-modules-1.0.20200413-sch_generic-header.patch +++ /dev/null @@ -1,26 +0,0 @@ -From bd388363a66d67f0e04f9c45b20a9f33dfcf79f6 Mon Sep 17 00:00:00 2001 -From: "Jason A. Donenfeld" <Jason@zx2c4.com> -Date: Thu, 16 Apr 2020 00:27:33 -0600 -Subject: compat: include sch_generic.h header for skb_reset_tc - -Reported-by: King DuckZ <dev00@gmx.it> -Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> ---- - src/compat/compat.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/compat/compat.h b/src/compat/compat.h -index 75bd3b7..bb996b8 100644 ---- a/src/compat/compat.h -+++ b/src/compat/compat.h -@@ -1029,6 +1029,7 @@ out: - - #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 29) || (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 5, 0) && LINUX_VERSION_CODE < KERNEL_VERSION(5, 5, 14)) - #include <linux/skbuff.h> -+#include <net/sch_generic.h> - static inline void skb_reset_redirect(struct sk_buff *skb) - { - #ifdef CONFIG_NET_SCHED --- -cgit v1.2.3-4-ga26e - diff --git a/net-vpn/wireguard-modules/wireguard-modules-1.0.20200413.ebuild b/net-vpn/wireguard-modules/wireguard-modules-1.0.20200506.ebuild index 8a425d4191e6..16df945c1ab1 100644 --- a/net-vpn/wireguard-modules/wireguard-modules-1.0.20200413.ebuild +++ b/net-vpn/wireguard-modules/wireguard-modules-1.0.20200506.ebuild @@ -30,8 +30,6 @@ MODULE_NAMES="wireguard(kernel/drivers/net:src)" BUILD_TARGETS="module" CONFIG_CHECK="NET INET NET_UDP_TUNNEL CRYPTO_ALGAPI" -PATCHES=( "${FILESDIR}/${P}-sch_generic-header.patch" ) - pkg_setup() { if use module; then linux-mod_pkg_setup diff --git a/net-vpn/wireguard-tools/Manifest b/net-vpn/wireguard-tools/Manifest index dcc4afd3a370..a10f93aefc19 100644 --- a/net-vpn/wireguard-tools/Manifest +++ b/net-vpn/wireguard-tools/Manifest @@ -1,3 +1,5 @@ DIST wireguard-tools-1.0.20200319.tar.xz 92324 BLAKE2B 9f514748708ef6a5b7f5b043c9054c954d17bb77de7a354b5a9a4e63cfb5f441237e98b16b288426441a7e709e1874d396cf67b04b38bb0ebbe7822bb32ada57 SHA512 d5bcd153f9b10f184b9a1bf9a81f33a9713ab4863ab5aa190eac60e92919756c8fecbb0d3cfb83bae20ac78fc43fdd7168f37294cdd7c5ee21f2a1b2db5fdf41 -EBUILD wireguard-tools-1.0.20200319.ebuild 3457 BLAKE2B 13c8ba245677c71d0487b7e7752b2ea31d26644520227b5b2aea302b83e953152b9752a608d8b10d23ef1ade89a78b814a20c31136989b2a6ec0cd14d3b63515 SHA512 a50707ab26b9c81b435dbd0edbf08da7ab06674d332818b3f715142adfce4d1ca8f5deba9291ecda4c26e23bc6214cde38114238faee9295163bfa6625f82093 +DIST wireguard-tools-1.0.20200513.tar.xz 94500 BLAKE2B 34a39533018416df382d180da76d6494feec1d40208c9df427c1979817dbe138c217fe4c4f4cf5cecd3c4053e6f73f1863d1e0a9ed2cad41899dda5387c15844 SHA512 4d27b262350b6b47843a323c2e7ab8d2bdd48065c265778abdec85b3f6fc92aa9af77d76e368df9cc8e435eae1c0ce50fed52e1d78db54358c1884d34be08d2c +EBUILD wireguard-tools-1.0.20200319.ebuild 3227 BLAKE2B 28d1a50c5379f54153138c0cca1681cc2ef9c34833ccbb465b15b2cdf4e288235fc1a3beede3059d5c040ccbe1289be7a0c7250491b8fb714db5f158c129fcc1 SHA512 e1afcba37c0270e4e121fe26346314818e51b8fa8a627ec39c69e3014fbd1ea7cc7c44f47a4925ef3086ec60a2fd11b532f8af9102db825856ab34545770ffd2 +EBUILD wireguard-tools-1.0.20200513.ebuild 3234 BLAKE2B 0dcfc0ad5c8f7e893fc8fa7989da618b31025f2e7c28defd22278bf3f0228eb87014e8b32d6787ac257b94bb6ffdb2b2c34dadd06b0375d948a28685bb7698cd SHA512 f2a43c9a53144ef7a8fa7fb62a7fff5126f9422df3b946c54ec36c3637e846533df92e62dd2062ef2e405c44ee6440af5825f929d99779913bb55face199c383 MISC metadata.xml 362 BLAKE2B b6c8384cc5434b65a80b2326df412ca38a96bfd137feb34cea5124eebe13d383851b3ceea17cfc0b937555a0760608e0f3d0a7834da15271e65f669bfbfb8d2a SHA512 bf494cd4c95dbbbf783fc847cdf03f9a83b2673bf3a0a78fa12480abd1e2657f255019cf4f68db5143b11c5c63d6c16e9e18480800115751be9bc3cae910c8ea diff --git a/net-vpn/wireguard-tools/wireguard-tools-1.0.20200319.ebuild b/net-vpn/wireguard-tools/wireguard-tools-1.0.20200319.ebuild index 6d3ad039ded4..252d5e050c21 100644 --- a/net-vpn/wireguard-tools/wireguard-tools-1.0.20200319.ebuild +++ b/net-vpn/wireguard-tools/wireguard-tools-1.0.20200319.ebuild @@ -96,10 +96,6 @@ pkg_postinst() { einfo " \$ chromium http://192.168.4.1" einfo " \$ ping 192.168.4.1" einfo - einfo "If you'd like to redirect your internet traffic, you can run it with the" - einfo "\"default-route\" argument. You may not use this server for any abusive or illegal" - einfo "purposes. It is for quick testing only." - einfo einfo "More info on getting started can be found at: https://www.wireguard.com/quickstart/" einfo } diff --git a/net-vpn/wireguard-tools/wireguard-tools-1.0.20200513.ebuild b/net-vpn/wireguard-tools/wireguard-tools-1.0.20200513.ebuild new file mode 100644 index 000000000000..ab890be7d847 --- /dev/null +++ b/net-vpn/wireguard-tools/wireguard-tools-1.0.20200513.ebuild @@ -0,0 +1,101 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit linux-info bash-completion-r1 systemd toolchain-funcs + +DESCRIPTION="Required tools for WireGuard, such as wg(8) and wg-quick(8)" +HOMEPAGE="https://www.wireguard.com/" + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://git.zx2c4.com/wireguard-tools" + KEYWORDS="" +else + SRC_URI="https://git.zx2c4.com/wireguard-tools/snapshot/wireguard-tools-${PV}.tar.xz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="+wg-quick" + +BDEPEND="virtual/pkgconfig" +DEPEND="" +RDEPEND="${DEPEND} + wg-quick? ( + || ( net-firewall/nftables net-firewall/iptables ) + virtual/resolvconf + ) + !<virtual/wireguard-1 +" + +wg_quick_optional_config_nob() { + CONFIG_CHECK="$CONFIG_CHECK ~$1" + declare -g ERROR_$1="CONFIG_$1: This option is required for automatic routing of default routes inside of wg-quick(8), though it is not required for general WireGuard usage." +} + +pkg_setup() { + use wg-quick || return 0 + wg_quick_optional_config_nob IP_ADVANCED_ROUTER + wg_quick_optional_config_nob IP_MULTIPLE_TABLES + wg_quick_optional_config_nob IPV6_MULTIPLE_TABLES + if has_version net-firewall/nftables; then + wg_quick_optional_config_nob NF_TABLES + wg_quick_optional_config_nob NF_TABLES_IPV4 + wg_quick_optional_config_nob NF_TABLES_IPV6 + wg_quick_optional_config_nob NFT_CT + wg_quick_optional_config_nob NFT_FIB + wg_quick_optional_config_nob NFT_FIB_IPV4 + wg_quick_optional_config_nob NFT_FIB_IPV6 + wg_quick_optional_config_nob NF_CONNTRACK_MARK + elif has_version net-firewall/iptables; then + wg_quick_optional_config_nob NETFILTER_XTABLES + wg_quick_optional_config_nob NETFILTER_XT_MARK + wg_quick_optional_config_nob NETFILTER_XT_CONNMARK + wg_quick_optional_config_nob NETFILTER_XT_MATCH_COMMENT + wg_quick_optional_config_nob IP6_NF_RAW + wg_quick_optional_config_nob IP_NF_RAW + wg_quick_optional_config_nob IP6_NF_FILTER + wg_quick_optional_config_nob IP_NF_FILTER + fi + linux-info_pkg_setup +} + +src_compile() { + emake RUNSTATEDIR="${EPREFIX}/run" -C src CC="$(tc-getCC)" LD="$(tc-getLD)" +} + +src_install() { + dodoc README.md + dodoc -r contrib + emake \ + WITH_BASHCOMPLETION=yes \ + WITH_SYSTEMDUNITS=yes \ + WITH_WGQUICK=$(usex wg-quick) \ + DESTDIR="${D}" \ + BASHCOMPDIR="$(get_bashcompdir)" \ + SYSTEMDUNITDIR="$(systemd_get_systemunitdir)" \ + PREFIX="${EPREFIX}/usr" \ + -C src install +} + +pkg_postinst() { + einfo + einfo "After installing WireGuard, if you'd like to try sending some packets through" + einfo "WireGuard, you may use, for testing purposes only, the insecure client.sh" + einfo "test example script:" + einfo + einfo " \$ bzcat ${ROOT}/usr/share/doc/${PF}/contrib/ncat-client-server/client.sh.bz2 | sudo bash -" + einfo + einfo "This will automatically setup interface wg0, through a very insecure transport" + einfo "that is only suitable for demonstration purposes. You can then try loading the" + einfo "hidden website or sending pings:" + einfo + einfo " \$ chromium http://192.168.4.1" + einfo " \$ ping 192.168.4.1" + einfo + einfo "More info on getting started can be found at: https://www.wireguard.com/quickstart/" + einfo +} |