diff options
-rw-r--r-- | net-vpn/libreswan/files/libreswan-3.28-barf-syntax.patch | 23 | ||||
-rw-r--r-- | net-vpn/libreswan/files/libreswan-3.28-xfrm-detection.patch | 200 |
2 files changed, 0 insertions, 223 deletions
diff --git a/net-vpn/libreswan/files/libreswan-3.28-barf-syntax.patch b/net-vpn/libreswan/files/libreswan-3.28-barf-syntax.patch deleted file mode 100644 index 69786bba99f0..000000000000 --- a/net-vpn/libreswan/files/libreswan-3.28-barf-syntax.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 8c3ba6a5f73ae64aa5171252f54c15d65c9930db Mon Sep 17 00:00:00 2001 -From: Tuomo Soini <tis@foobar.fi> -Date: Fri, 24 May 2019 19:19:12 +0300 -Subject: [PATCH] barf: fix syntax error caused by removing pfkey checks - -Fixes problem introduced in beccfe9f7a40816a9ec663e4076ff051bf4c91cb ---- - programs/barf/barf.in | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/programs/barf/barf.in b/programs/barf/barf.in -index fce05994cf..9cb92ffc58 100755 ---- a/programs/barf/barf.in -+++ b/programs/barf/barf.in -@@ -170,6 +170,8 @@ if test -r /proc/net/ipsec_tncfg - then - cat /proc/net/ipsec_tncfg - fi -+if test -r /proc/net/xfrm_stat -+then - _________________________ ip-xfrm-state - ip xfrm state - _________________________ ip-xfrm-policy diff --git a/net-vpn/libreswan/files/libreswan-3.28-xfrm-detection.patch b/net-vpn/libreswan/files/libreswan-3.28-xfrm-detection.patch deleted file mode 100644 index 7cda675af776..000000000000 --- a/net-vpn/libreswan/files/libreswan-3.28-xfrm-detection.patch +++ /dev/null @@ -1,200 +0,0 @@ -From 716f4b712724c6698469563e531dea3667507ceb Mon Sep 17 00:00:00 2001 -From: Paul Wouters <pwouters@redhat.com> -Date: Tue, 28 May 2019 00:24:30 -0400 -Subject: [PATCH] programs: Change to use /proc/sys/net/core/xfrm_acq_expires - to detect XFRM - -Apparently, not all kernels with XFRM support also enable support for -CONFIG_XFRM_STATISTICS, causing XFRM auto-detection to fail. - -This affected openwrt and also some other distribution/custom kernels. ---- - programs/_realsetup.bsd/_realsetup.in | 2 +- - programs/_stackmanager/_stackmanager.in | 2 +- - programs/barf/barf.in | 6 +++--- - programs/eroute/eroute.c | 2 +- - programs/ipsec/ipsec.in | 2 +- - programs/look/look.in | 2 +- - programs/pluto/kernel.c | 2 +- - programs/setup/setup.in | 2 +- - programs/spi/spi.c | 2 +- - programs/spigrp/spigrp.c | 2 +- - programs/tncfg/tncfg.c | 2 +- - programs/verify/verify.in | 2 +- - 12 files changed, 14 insertions(+), 14 deletions(-) - -diff --git a/programs/_realsetup.bsd/_realsetup.in b/programs/_realsetup.bsd/_realsetup.in -index 91cca98ac8..4a783772f6 100755 ---- a/programs/_realsetup.bsd/_realsetup.in -+++ b/programs/_realsetup.bsd/_realsetup.in -@@ -28,7 +28,7 @@ plutoctl=/var/run/pluto/pluto.ctl - subsyslock=/var/lock/subsys/ipsec - lock=/var/run/pluto/ipsec_setup.pid - --xfrm_stat=/proc/net/xfrm_stat -+xfrm_stat=/proc/sys/net/core/xfrm_acq_expires - - # defaults for "config setup" items - IPSECuniqueids=${IPSECuniqueids:-yes} -diff --git a/programs/_stackmanager/_stackmanager.in b/programs/_stackmanager/_stackmanager.in -index 4d41c5ad51..21616a31c9 100644 ---- a/programs/_stackmanager/_stackmanager.in -+++ b/programs/_stackmanager/_stackmanager.in -@@ -29,7 +29,7 @@ eval $(ASAN_OPTIONS=detect_leaks=0 ipsec addconn --configsetup | grep -v "#" | - test ${IPSEC_INIT_SCRIPT_DEBUG} && set -v -x - MODPROBE="@MODPROBEBIN@ @MODPROBEARGS@" - --xfrm_stat=/proc/net/xfrm_stat -+xfrm_stat=/proc/sys/net/core/xfrm_acq_expires - klipsstack=/proc/net/ipsec/version - action="${1}" - -diff --git a/programs/barf/barf.in b/programs/barf/barf.in -index 17f830d4a3..15eb252f11 100755 ---- a/programs/barf/barf.in -+++ b/programs/barf/barf.in -@@ -174,14 +174,13 @@ _________________________ /proc/net/ipsec_tncfg - if test -r /proc/net/ipsec_tncfg - then - cat /proc/net/ipsec_tncfg - fi --if test -r /proc/net/xfrm_stat --then -+if [ -r /proc/sys/net/core/xfrm_acq_expires ]; then - _________________________ ip-xfrm-state - ip xfrm state - _________________________ ip-xfrm-policy - ip xfrm policy --_________________________ ip-xfrm-stats -+_________________________ cat-proc-net-xfrm_stat - cat /proc/net/xfrm_stat - fi - _________________________ ip-l2tp-tunnel -@@ -283,9 +283,8 @@ _________________________ /proc/net/ipsec_version - if test -r /proc/net/ipsec_version - then - cat /proc/net/ipsec_version - else -- if test -r /proc/net/xfrm_stat -- then -+ if [ -r /proc/sys/net/core/xfrm_acq_expires ]; then - echo "NETKEY (`uname -r`) support detected " - else - echo "no KLIPS or NETKEY support detected" -diff --git a/programs/eroute/eroute.c b/programs/eroute/eroute.c -index c33234c194..6f058d9232 100644 ---- a/programs/eroute/eroute.c -+++ b/programs/eroute/eroute.c -@@ -495,7 +495,7 @@ int main(int argc, char **argv) - if (argcount == 1) { - struct stat sts; - -- if (stat("/proc/net/xfrm_stat", &sts) == 0) { -+ if (stat("/proc/sys/net/core/xfrm_acq_expires", &sts) == 0) { - fprintf(stderr, - "%s: NETKEY does not support eroute table.\n", - progname); -diff --git a/programs/ipsec/ipsec.in b/programs/ipsec/ipsec.in -index 401a596628..06bec21632 100755 ---- a/programs/ipsec/ipsec.in -+++ b/programs/ipsec/ipsec.in -@@ -61,7 +61,7 @@ fixversion() { - stack=" (klips)" - kv="$(awk '{print $NF}' /proc/net/ipsec_version)" - else -- if [ -f /proc/net/xfrm_stat ]; then -+ if [ -f /proc/sys/net/core/xfrm_acq_expires ]; then - stack=" (netkey)" - kv="${version}" - else -diff --git a/programs/look/look.in b/programs/look/look.in -index bb55e8eda2..192856c630 100755 ---- a/programs/look/look.in -+++ b/programs/look/look.in -@@ -72,7 +72,7 @@ if [ -f /proc/net/ipsec_spi ]; then - fi - - # xfrm --if [ -f /proc/net/xfrm_stat ]; then -+if [ -f /proc/sys/net/core/xfrm_acq_expires ]; then - echo "XFRM state:" - ip xfrm state - echo "XFRM policy:" -diff --git a/programs/pluto/kernel.c b/programs/pluto/kernel.c -index 39b1e32389..5c71c04af3 100644 ---- a/programs/pluto/kernel.c -+++ b/programs/pluto/kernel.c -@@ -2666,7 +2666,7 @@ void init_kernel(void) - switch (kern_interface) { - #if defined(NETKEY_SUPPORT) - case USE_NETKEY: -- if (stat("/proc/net/xfrm_stat", &buf) != 0) { -+ if (stat("/proc/sys/net/core/xfrm_acq_expires", &buf) != 0) { - libreswan_log("No XFRM kernel interface detected"); - exit_pluto(PLUTO_EXIT_KERNEL_FAIL); - } -diff --git a/programs/setup/setup.in b/programs/setup/setup.in -index 8c28b0e157..1933089459 100755 ---- a/programs/setup/setup.in -+++ b/programs/setup/setup.in -@@ -110,7 +110,7 @@ case "$1" in - - # If stack is non-modular, we want to force clean too - [ -f /proc/net/pf_key ] && ipsec eroute --clear -- [ -f /proc/net/xfrm_stat ] && ip xfrm state flush && ip xfrm policy flush -+ [ -f /proc/sys/net/core/xfrm_acq_expires ] && ip xfrm state flush && ip xfrm policy flush - - # Cleaning up backup resolv.conf - if [ -e ${LIBRESWAN_RESOLV_CONF} ]; then -diff --git a/programs/spi/spi.c b/programs/spi/spi.c -index c45fe6a517..742898a86f 100644 ---- a/programs/spi/spi.c -+++ b/programs/spi/spi.c -@@ -1135,7 +1135,7 @@ int main(int argc, char *argv[]) - progname); - } - -- if (stat("/proc/net/xfrm_stat", &sts) == 0) { -+ if (stat("/proc/sys/net/core/xfrm_acq_expires", &sts) == 0) { - fprintf(stderr, - "%s: XFRM does not use the ipsec spi command. Use 'ip xfrm' instead.\n", - progname); -diff --git a/programs/spigrp/spigrp.c b/programs/spigrp/spigrp.c -index 79d6c50e5e..fe0942325d 100644 ---- a/programs/spigrp/spigrp.c -+++ b/programs/spigrp/spigrp.c -@@ -151,7 +151,7 @@ int main(int argc, char **argv) - if (debug) - fprintf(stdout, "...After check for --label option.\n"); - -- if (stat("/proc/net/xfrm_stat", &sts) == 0) { -+ if (stat("/proc/sys/net/core/xfrm_acq_expires", &sts) == 0) { - fprintf(stderr, - "%s: XFRM does not use the ipsec spigrp command. Use 'ip xfrm' instead.\n", - progname); -diff --git a/programs/tncfg/tncfg.c b/programs/tncfg/tncfg.c -index 55de83b1ef..5a9f2e9aee 100644 ---- a/programs/tncfg/tncfg.c -+++ b/programs/tncfg/tncfg.c -@@ -259,7 +259,7 @@ int main(int argc, char *argv[]) - } - } - -- if (stat("/proc/net/xfrm_stat", &sts) == 0) { -+ if (stat("/proc/sys/net/core/xfrm_acq_expires", &sts) == 0) { - fprintf(stderr, - "%s: XFRM does not support virtual interfaces.\n", - progname); -diff --git a/programs/verify/verify.in b/programs/verify/verify.in -index 9321631931..81ae1d32fe 100755 ---- a/programs/verify/verify.in -+++ b/programs/verify/verify.in -@@ -223,7 +223,7 @@ def installstartcheck(): - print_result("FAIL","FAILED") - - printfun("Checking for IPsec support in kernel") -- if not os.path.isfile("/proc/net/ipsec_eroute") and not os.path.isfile("/proc/net/xfrm_stat"): -+ if not os.path.isfile("/proc/net/ipsec_eroute") and not os.path.isfile("/proc/sys/net/core/xfrm_acq_expires"): - print_result("FAIL","FAILED") - if "no kernel code presently loaded" in output: - print("\n The ipsec service should be started before running 'ipsec verify'\n") |