From 85992dc3755fa246f3131ad339ddfaf52c86703f Mon Sep 17 00:00:00 2001 From: hauke Date: Thu, 1 May 2014 13:33:42 +0000 Subject: [PATCH] openswan: update openswan to version 2.6.41 This still does not fix the problems with kernel 3.10 and up. Signed-off-by: Hauke Mehrtens git-svn-id: svn://svn.openwrt.org/openwrt/packages@40620 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- net/openswan/Makefile | 7 +- net/openswan/patches/100-cross_compile.patch | 2 +- net/openswan/patches/120-no_manpages.patch | 2 +- net/openswan/patches/140-generated_autoconf.patch | 365 --------------------- .../patches/150-linux-3.7-kuid-compat.patch | 41 --- 5 files changed, 6 insertions(+), 411 deletions(-) delete mode 100644 net/openswan/patches/140-generated_autoconf.patch delete mode 100644 net/openswan/patches/150-linux-3.7-kuid-compat.patch diff --git a/net/openswan/Makefile b/net/openswan/Makefile index b71ec18de..05ae1f8bb 100644 --- a/net/openswan/Makefile +++ b/net/openswan/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=openswan -PKG_VERSION:=2.6.38 -PKG_RELEASE:=2 +PKG_VERSION:=2.6.41 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.openswan.org/download -PKG_MD5SUM:=13073eb5314b83a31be88e4117e8bbcd +PKG_MD5SUM:=da2e8b02ecc30a408cc5766767fef84f PKG_BUILD_PARALLEL:=1 PKG_INSTALL:=1 @@ -58,6 +58,7 @@ $(call Package/openswan/Default/description) endef TARGET_CPPFLAGS += -I$(LINUX_DIR)/$(LINUX_UAPI_DIR)include -D__EXPORTED_HEADERS__ +TARGET_CFLAGS += $(FPIC) OPENSWAN_MAKEFLAGS:= \ -C $(PKG_BUILD_DIR) \ diff --git a/net/openswan/patches/100-cross_compile.patch b/net/openswan/patches/100-cross_compile.patch index 87783ce6e..72bf8ef3c 100644 --- a/net/openswan/patches/100-cross_compile.patch +++ b/net/openswan/patches/100-cross_compile.patch @@ -1,6 +1,6 @@ --- a/programs/pluto/Makefile +++ b/programs/pluto/Makefile -@@ -58,10 +58,6 @@ CFLAGS+=-DALLOW_MICROSOFT_BAD_PROPOSAL +@@ -66,10 +66,6 @@ CFLAGS+=-DALLOW_MICROSOFT_BAD_PROPOSAL ALLFLAGS = $(CPPFLAGS) $(CFLAGS) ${CROSSFLAGS} diff --git a/net/openswan/patches/120-no_manpages.patch b/net/openswan/patches/120-no_manpages.patch index ea3e1c66a..258f50327 100644 --- a/net/openswan/patches/120-no_manpages.patch +++ b/net/openswan/patches/120-no_manpages.patch @@ -22,7 +22,7 @@ - --- a/programs/pluto/Makefile +++ b/programs/pluto/Makefile -@@ -192,35 +192,11 @@ doinstall: all +@@ -200,35 +200,11 @@ doinstall: all $(INSTALL) $(INSTBINFLAGS) $(BINNAMEPLUTO) $(BINNAMEWHACK) $(LIBEXECDIR) #$(INSTALL) $(INSTSUIDFLAGS) $(BINNAMEWHACKINIT) $(LIBEXECDIR) if $(USE_ADNS) ; then $(INSTALL) $(INSTBINFLAGS) $(BINNAMEADNS) $(LIBEXECDIR) ; fi diff --git a/net/openswan/patches/140-generated_autoconf.patch b/net/openswan/patches/140-generated_autoconf.patch deleted file mode 100644 index 11ddcc59f..000000000 --- a/net/openswan/patches/140-generated_autoconf.patch +++ /dev/null @@ -1,365 +0,0 @@ ---- a/linux/include/ocf-compat.h -+++ b/linux/include/ocf-compat.h -@@ -35,10 +35,11 @@ - /****************************************************************************/ - #ifdef __KERNEL__ - #include --#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) --#include -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -+#include -+#else -+#include - #endif -- - /* - * fake some BSD driver interface stuff specifically for OCF use - */ ---- a/linux/include/openswan/ipsec_kversion.h -+++ b/linux/include/openswan/ipsec_kversion.h -@@ -57,8 +57,10 @@ - * We use a lot of config defines, on older kernels that means we - * need to include config.h - */ --#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) --# include -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -+#include -+#else -+#include - #endif - - #if !defined(RHEL_RELEASE_CODE) ---- a/linux/net/ipsec/aes/ipsec_alg_aes.c -+++ b/linux/net/ipsec/aes/ipsec_alg_aes.c -@@ -22,8 +22,10 @@ - * - */ - #include --#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) --#include -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -+#include -+#else -+#include - #endif - #include - ---- a/linux/net/ipsec/des/ipsec_alg_3des.c -+++ b/linux/net/ipsec/des/ipsec_alg_3des.c -@@ -19,8 +19,10 @@ - * - */ - #include --#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) --#include -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -+#include -+#else -+#include - #endif - #include - ---- a/linux/net/ipsec/ipcomp.c -+++ b/linux/net/ipsec/ipcomp.c -@@ -19,10 +19,11 @@ - /* SSS */ - - #include --#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) --#include -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -+#include -+#else -+#include - #endif -- - #define __NO_VERSION__ - #include - #include /* printk() */ ---- a/linux/net/ipsec/ipsec_ah.c -+++ b/linux/net/ipsec/ipsec_ah.c -@@ -14,10 +14,11 @@ - */ - - #include --#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) --#include -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -+#include -+#else -+#include - #endif -- - #define __NO_VERSION__ - #include - #include /* printk() */ ---- a/linux/net/ipsec/ipsec_alg.c -+++ b/linux/net/ipsec/ipsec_alg.c -@@ -19,10 +19,11 @@ - * - */ - #include --#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) --#include -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -+#include -+#else -+#include - #endif -- - #define __NO_VERSION__ - #include - #include /* printk() */ ---- a/linux/net/ipsec/ipsec_alg_cryptoapi.c -+++ b/linux/net/ipsec/ipsec_alg_cryptoapi.c -@@ -26,10 +26,11 @@ - * modprobe ipsec_cryptoapi des_ede3=0 (everything but 3DES) - */ - #include --#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) --#include -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -+#include -+#else -+#include - #endif -- - /* - * special case: ipsec core modular with this static algo inside: - * must avoid MODULE magic for this file ---- a/linux/net/ipsec/ipsec_esp.c -+++ b/linux/net/ipsec/ipsec_esp.c -@@ -14,10 +14,11 @@ - */ - - #include --#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) --#include -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -+#include -+#else -+#include - #endif -- - #define __NO_VERSION__ - #include - #include /* printk() */ ---- a/linux/net/ipsec/ipsec_init.c -+++ b/linux/net/ipsec/ipsec_init.c -@@ -19,8 +19,10 @@ - */ - - #include --#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) --#include -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -+#include -+#else -+#include - #endif - #include - #include /* printk() */ ---- a/linux/net/ipsec/ipsec_ipcomp.c -+++ b/linux/net/ipsec/ipsec_ipcomp.c -@@ -14,10 +14,11 @@ - */ - - #include --#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) --#include -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -+#include -+#else -+#include - #endif -- - #define __NO_VERSION__ - #include - #include /* printk() */ ---- a/linux/net/ipsec/ipsec_ipip.c -+++ b/linux/net/ipsec/ipsec_ipip.c -@@ -14,10 +14,11 @@ - */ - - #include --#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) --#include -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -+#include -+#else -+#include - #endif -- - #define __NO_VERSION__ - #include - #include /* printk() */ ---- a/linux/net/ipsec/ipsec_ocf.c -+++ b/linux/net/ipsec/ipsec_ocf.c -@@ -16,10 +16,11 @@ - */ - - #include --#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) --#include -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -+#include -+#else -+#include - #endif -- - #define __NO_VERSION__ - #include - #include /* printk() */ ---- a/linux/net/ipsec/ipsec_ocf.h -+++ b/linux/net/ipsec/ipsec_ocf.h -@@ -19,8 +19,10 @@ - */ - - #include --#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) --#include -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -+#include -+#else -+#include - #endif - #include - ---- a/linux/net/ipsec/ipsec_radij.c -+++ b/linux/net/ipsec/ipsec_radij.c -@@ -21,8 +21,10 @@ - */ - - #include --#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) --#include -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -+#include -+#else -+#include - #endif - #include /* printk() */ - ---- a/linux/net/ipsec/ipsec_rcv.c -+++ b/linux/net/ipsec/ipsec_rcv.c -@@ -21,10 +21,11 @@ - */ - - #include --#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) --#include -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -+#include -+#else -+#include - #endif -- - #define __NO_VERSION__ - #include - #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,26) ---- a/linux/net/ipsec/ipsec_sa.c -+++ b/linux/net/ipsec/ipsec_sa.c -@@ -19,8 +19,10 @@ - */ - - #include --#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) --#include -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -+#include -+#else -+#include - #endif - #include /* printk() */ - ---- a/linux/net/ipsec/ipsec_snprintf.c -+++ b/linux/net/ipsec/ipsec_snprintf.c -@@ -19,8 +19,10 @@ - */ - - #include --#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) --#include -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -+#include -+#else -+#include - #endif - #define __NO_VERSION__ - #include ---- a/linux/net/ipsec/ipsec_tunnel.c -+++ b/linux/net/ipsec/ipsec_tunnel.c -@@ -24,8 +24,10 @@ - #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,26) - # include - #endif --#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) --#include -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -+#include -+#else -+#include - #endif - #include /* printk() */ - ---- a/linux/net/ipsec/ipsec_xform.c -+++ b/linux/net/ipsec/ipsec_xform.c -@@ -15,8 +15,10 @@ - */ - - #include --#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) --#include -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -+#include -+#else -+#include - #endif - #include /* printk() */ - ---- a/linux/net/ipsec/pfkey_v2_ext_process.c -+++ b/linux/net/ipsec/pfkey_v2_ext_process.c -@@ -20,8 +20,10 @@ - */ - - #include --#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) --#include -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -+#include -+#else -+#include - #endif - #include /* printk() */ - ---- a/linux/net/ipsec/pfkey_v2_parser.c -+++ b/linux/net/ipsec/pfkey_v2_parser.c -@@ -23,8 +23,10 @@ - - - #include --#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) --#include -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -+#include -+#else -+#include - #endif - #include /* printk() */ - ---- a/linux/net/ipsec/radij.c -+++ b/linux/net/ipsec/radij.c -@@ -54,8 +54,10 @@ - */ - - #include --#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) --#include -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -+#include -+#else -+#include - #endif - #include /* printk() */ - diff --git a/net/openswan/patches/150-linux-3.7-kuid-compat.patch b/net/openswan/patches/150-linux-3.7-kuid-compat.patch deleted file mode 100644 index 14d5367e6..000000000 --- a/net/openswan/patches/150-linux-3.7-kuid-compat.patch +++ /dev/null @@ -1,41 +0,0 @@ ---- a/linux/net/ipsec/pfkey_v2.c -+++ b/linux/net/ipsec/pfkey_v2.c -@@ -738,7 +738,7 @@ pfkey_create(struct socket *sock, int pr - sk->sk_family = PF_KEY; - /* sk->num = protocol; */ - sk->sk_protocol = protocol; -- key_pid(sk) = current_uid(); -+ key_pid(sk) = IPSEC_FROM_KUIDT(current_uid()); - - #ifdef HAVE_SOCKET_WQ - KLIPS_PRINT(debug_pfkey, ---- a/linux/include/openswan/ipsec_kversion.h -+++ b/linux/include/openswan/ipsec_kversion.h -@@ -614,6 +614,16 @@ - # define DEFINE_RWLOCK(x) rwlock_t x = RW_LOCK_UNLOCKED - #endif - -+/* -+ * kuid_t <=> uint32_t conversion -+ */ -+ -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,7,0) -+# define IPSEC_FROM_KUIDT(x) from_kuid(current_user_ns(), x) -+#else -+# define IPSEC_FROM_KUIDT(x) (x) -+#endif -+ - - #endif /* _OPENSWAN_KVERSIONS_H */ - ---- a/linux/net/ipsec/pfkey_v2_parser.c -+++ b/linux/net/ipsec/pfkey_v2_parser.c -@@ -1481,7 +1481,7 @@ pfkey_register_reply(int satype, struct - satype, - 0, - sadb_msg? sadb_msg->sadb_msg_seq : ++pfkey_msg_seq, -- sadb_msg? sadb_msg->sadb_msg_pid: current_uid()), -+ sadb_msg? sadb_msg->sadb_msg_pid: IPSEC_FROM_KUIDT(current_uid())), - extensions_reply) && - (alg_num_a ? pfkey_safe_build(error = pfkey_supported_build(&extensions_reply[K_SADB_EXT_SUPPORTED_AUTH], - K_SADB_EXT_SUPPORTED_AUTH, -- 2.11.0