Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 134484
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Alin Năstac <mrness@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Alexandre Ghisoli <alex@ghisoli.ch>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
openswan-2.4.5-gentoo.patch openswan-2.4.5-gentoo.patch patch Alexandre Ghisoli 2006-05-27 02:04 0000 16.54 KB Details | Diff
openswan-2.4.7-gentoo.patch openswan-2.4.7-gentoo.patch patch Michael, A. Toth 2006-11-29 01:19 0000 14.79 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 134484 depends on: Show dependency tree
Bug 134484 blocks: 149197
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-05-27 02:03 0000 
April 7th, Openswan 2.4.5

New ebuild is needed

ChangeLog :
* Fix for prefering RFC3947 over OSX-workaround by Jacco de Leeuw
* Fix for openswan as l2tp server behind NAT by Bernd Galonska
* Fix for compiling + working on SMP (including HyperThreaded) machines
* Fix for arp_broken_ops relocation in 2.6.16
* Fix for compiling on 2.6.14 kernels 
* Fix patching against 2.6.15 kernels (NAT-T Patch)
* Fix patching against 2.6.14 kernels
* Fix for strict mode
* Fix for ipsec module unload. Fix by Ankit Desai <ankit@elitecore.com>
* Fix for ipsec: Unknown symbol sysctl_ip_default_ttl
* Fix for AH hash by Ronen Shitrit <rshitrit@marvell.com>
* Additions to barf and verify commands for various kernel internals
* load hw_random and padlock modules before aes module so hardware routines
  are prefered over software routines.
* allow rightsubnet= with type=transport for L2TP behind NAT.
* Refactored natd_lookup / hash code, probably fixes lot of NAT related bugs
* Fix for interop with Cisco devices which propose port 0 (eg: VPN3000)
* When DPD rcookie is invalid, just warn instead of ignoring entirely
* Redid all the DPD log messages
* Fix for manual.in to not use a complicated sed line that some embedded
  sed versions (busybox?) cannot handle.
* Fix for NAT-T detection when Openswan is the initiator
  #401 l2tp connection is not work with 2.6 build in IPSEC
  #442 Pluto uses wrong port in NAT-D calculation
  #450 macosx (possible generic PSK+NAT-T rekey bug: eroute already in use.
  #454 klips module refcount bug (found by Matthias Haas)
       (prevented klips from unloading on 2.4 kernels)
  #462 updated patch for Openswan and OS X with NAT-T
  #509 KLIPS compilation fail with kernel-2.6.14.2 
  #518 Incorrect physical interface MTU detection
  #521 KLIPS module crash for kernel 2.6.12+
  #545 unnecessary warnings from _updown script, remove weird control
character.
  #558 two machines using incompatible ike= settings still establish a
       connection. (fix by Matthias Haas <mh@pompase.net>)
  #560 Pluto crash (memory leak fixes in pluto by Ilia Sotnikov)
  #563 Error when unload ipsec.ko module "rmmod ipsec" [dupl bug]
  #568 uninitialized struct in ipsec_tunnel.c coud break routing under 2.6
       kernels
  #569 ipsec module unload crasher
  #573 Openswan fails to compile with NAT_TRAVERSAL=false
  #574 Openswan fails to compile with NAT_TRAVERSAL=false #2
  #581 _Updown script installs direct (scope link) routes even for remote
       peers/subnets
  #589 userspace with USE_EXTRACRYPTO won't compile without kernel sourcecode

------- Comment #1 From Alexandre Ghisoli 2006-05-27 02:04:41 0000 ------- 
Created an attachment (id=87619) [details]
openswan-2.4.5-gentoo.patch

This is the file/openswan-2.4.5-gentoo.patch

bumbed version against Openswan 2.4.5

------- Comment #2 From Natanael Copa 2006-06-29 07:05:01 0000 ------- 
It would be nice to have a patch for this one too:
http://bugs.xelerance.com/view.php?id=627

(according the LEAF-devel ml its still an issue in 2.4.5)

------- Comment #3 From Theodore Vaida 2006-08-16 16:53:00 0000 ------- 
Checked ebuild, copied and renamed the 2.4.4 ebuild file and ran ebuild digest
on the result in portage overlay.

Compiles cleanly, runs as expected. Fixes and issue with L2TPD i've been having
with remote Windows machines accessing the VPN.

------- Comment #4 From Jakub Moc (RETIRED) 2006-09-01 04:37:23 0000 ------- 
*** Bug 145832 has been marked as a duplicate of this bug. ***

------- Comment #5 From Linus van Geuns 2006-09-04 01:18:30 0000 ------- 
(In reply to comment #4)
> *** Bug 145832 has been marked as a duplicate of this bug. ***
> 

v2.4.6
* Fix for VIA Nehemiah to use /dev/hw_random to generate new rsakey
  (using /dev/random on these chips caused it to block too long)
* Various CryptoAPI related fixes.
* Removed support for HIPPI which broke compilation on 2.6.16.*
* Pull up of fix for rightnexthop->leftnexthop
* Added logging when we don't find the right hash bucket
* Changed a few x509 log messages to make automatic parsing easier
* Unload KLIPS at shutdown again to prevent lingering IPs on ipsecX,
  also in case KLIPS is inline, and the ipsecX interfaces do not go away,
  remove IP addresses from IP aliases bound to ipsecX devices.
* Fixed typo in ipsec.conf's virtual_private example
* Improved protocol detection in ipsec_print_ip() [bart]
* Fixed minimum skb lenght requried for ipsec decompression [bart]
  (This is probably bug #609)
* Fix a 64bit bug in compression code [bart]
* Removing a left over '#else' that split another '#if/#endif' block in two 
  in ipsec_xmit.c [bart]
* MODULE_PARM has been obsoleted for module_param on 2.6.17+ [paul]
* skb_linearize API changed in 2.6.18+ [paul]
* bugtracker bugs fixed:
  #452: dpdaction=restart doesn't clear or restart quick mode SAs
  #537: Compilation will fail with kernel 2.6.14 and klips and CONFIG_HIPPI=y
  #636: KLIPS and vanilla-2.6.17 compilation error
  #642: ipsec_xmit.c and CONFIG_KLIPS_DEBUG on 2.4 compile issue
  #647: compile fails with version 2.4.6-rc2 + vanilla kernel linux-2.6.17.6    
  #631: KLIPS module does not build with 2.6.17-rc6 kernel
  #646: NATT + IPCOMP fails on rcv in KLIPS [bart]
        (This is a generic NATT+ESP bug, not just an ipcomp bug)

Why is file/openswan-2.4.5-gentoo.patch not mentioned in
http://sources.gentoo.org/viewcvs.py/*checkout*/gentoo-x86/net-misc/openswan/ChangeLog?
And why dont you change the version number according to upstream? (just
curious)

------- Comment #6 From Jan Schubert 2006-11-09 01:53:05 0000 ------- 
2.4.7 is out already

------- Comment #7 From Michael, A. Toth 2006-11-29 01:19:31 0000 ------- 
Created an attachment (id=102968) [details]
openswan-2.4.7-gentoo.patch

------- Comment #8 From Alin Năstac 2006-12-06 12:10:34 0000 ------- 
I've assumed the maintainer position.

------- Comment #9 From Alin Năstac 2006-12-07 11:52:44 0000 ------- 
openswan-2.4.7 has been commited the tree.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug