Version bump per security bug #238534.

(Portage version: 2.2_rc8/cvs/Linux 2.6.27-rc1-10246-gca5de40 x86_64)

3 files changed, 123 insertions, 1 deletions

diff --git a/net-misc/strongswan/ChangeLog b/net-misc/strongswan/ChangeLog
index fb9f0625980e..3778ea261bae 100644
--- a/net-misc/strongswan/ChangeLog
+++ b/net-misc/strongswan/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-misc/strongswan
 # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v 1.65 2008/08/23 17:59:58 maekke Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v 1.66 2008/09/24 02:48:51 robbat2 Exp $
+
+*strongswan-4.2.7 (24 Sep 2008)
+
+  24 Sep 2008; Robin H. Johnson <robbat2@gentoo.org>
+  +files/strongswan-4.2.7-install.patch, +strongswan-4.2.7.ebuild:
+  Version bump per security bug #238534.
 
   23 Aug 2008; Markus Meier <maekke@gentoo.org> strongswan-4.1.11.ebuild:
   add ~amd64, bug #215669
diff --git a/net-misc/strongswan/files/strongswan-4.2.7-install.patch b/net-misc/strongswan/files/strongswan-4.2.7-install.patch
new file mode 100644
index 000000000000..d72d12971df3
--- /dev/null
+++ b/net-misc/strongswan/files/strongswan-4.2.7-install.patch
@@ -0,0 +1,12 @@
+diff -Nuar strongswan-4.2.7.orig/src/starter/Makefile.am strongswan-4.2.7/src/starter/Makefile.am
+--- strongswan-4.2.7.orig/src/starter/Makefile.am	2008-09-17 14:10:31.000000000 -0700
++++ strongswan-4.2.7/src/starter/Makefile.am	2008-09-23 19:28:49.085627647 -0700
+@@ -31,7 +31,7 @@
+ 		$(COMPILE) -c -o $@ $<
+ 
+ install-exec-local :	
+-		test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true
++		test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -D -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true
+ 		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true
+ 		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true
+ 		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true
diff --git a/net-misc/strongswan/strongswan-4.2.7.ebuild b/net-misc/strongswan/strongswan-4.2.7.ebuild
new file mode 100644
index 000000000000..4ae91718ed0b
--- /dev/null
+++ b/net-misc/strongswan/strongswan-4.2.7.ebuild
@@ -0,0 +1,104 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-4.2.7.ebuild,v 1.1 2008/09/24 02:48:51 robbat2 Exp $
+
+inherit eutils linux-info
+
+UGID="ipsec"
+
+DESCRIPTION="Open Source implementation of IPsec for the Linux operating system."
+HOMEPAGE="http://www.strongswan.org/"
+SRC_URI="http://download.strongswan.org/${P}.tar.bz2"
+
+LICENSE="GPL-2 RSA-MD2 RSA-MD5 RSA-PKCS11 DES"
+SLOT="0"
+KEYWORDS="~ppc ~sparc ~x86 ~amd64"
+IUSE="cisco curl debug ldap nat smartcard static xml"
+
+COMMON_DEPEND="!net-misc/openswan
+	dev-libs/gmp"
+DEPEND="${COMMON_DEPEND}
+	virtual/linux-sources
+	sys-kernel/linux-headers
+	curl? ( net-misc/curl )
+	ldap? ( net-nds/openldap )
+	smartcard? ( dev-libs/opensc )
+	xml? ( dev-libs/libxml2 )"
+RDEPEND="${COMMON_DEPEND}
+	virtual/logger
+	sys-apps/iproute2"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	epatch "${FILESDIR}"/${P}-install.patch
+}
+
+pkg_setup() {
+	linux-info_pkg_setup
+
+	einfo "Linux kernel is version ${KV_FULL}"
+
+	if kernel_is 2 6; then
+		einfo "This ebuild will set ${P} to use 2.6 native IPsec (KAME)."
+	else
+		eerror "Sorry, no support for your kernel version ${KV_FULL}."
+		die "Install an IPsec enabled 2.6 kernel."
+	fi
+
+	# change to an unprivileged user by default
+	enewgroup ${UGID}
+	enewuser ${UGID} -1 -1 -1 ${UGID}
+}
+
+src_compile() {
+	local myconf=""
+
+	# change to an unprivileged user by default
+	#myconf="${myconf} --with-user=${UGID} --with-group=${UGID}"
+	# strongswan enables both by default; switch to the user's wish
+	if use static; then
+		myconf="${myconf} --enable-static --disable-shared"
+	else
+		myconf="${myconf} --disable-static --enable-shared"
+	fi
+
+	econf \
+		$(use_enable curl http) \
+		$(use_enable ldap) \
+		$(use_enable xml) \
+		$(use_enable smartcard) \
+		$(use_enable cisco cisco-quirks) \
+		$(use_enable debug leak-detective) \
+		$(use_enable nat nat-transport) \
+		${myconf} \
+		|| die "econf failed"
+
+	emake || die "emake failed"
+}
+
+src_install() {
+	einstall || die "einstall failed."
+
+	doinitd "${FILESDIR}"/ipsec
+
+	fowners ipsec:ipsec /etc/ipsec.conf
+}
+
+pkg_postinst() {
+	echo
+	ewarn "Starting with the strongswan-4 branch, the configuration files"
+	ewarn "will be installed into the default directory \"/etc/\""
+	ewarn "instead of the Gentoo-specific directory \"/etc/ipsec/\"."
+	ewarn "Please adjust your configuration!"
+	echo
+	einfo "For your own security we install strongSwan without superuser"
+	einfo "privileges.  If you use iptables, you might want to change that"
+	einfo "setting.  See http://wiki.strongswan.org/wiki/nonRoot for more"
+	einfo "information."
+	echo
+	einfo "The up-to-date configuration manual is available online at"
+	einfo "http://www.strongswan.org/docs/readme.htm"
+	echo
+}