Added some custom patches for openswan

tagged rc2 fixed red and cleanfs by arne git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@1002 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
2026-05-10 17:28:26 +02:00 · 2007-10-26 22:26:23 +00:00
parent a609bfb075
commit 7f5fdd04d2
7 changed files with 84 additions and 11 deletions
--- a/src/patches/openswan-2.4.9-clear-1.patch
+++ b/src/patches/openswan-2.4.9-clear-1.patch
@@ -0,0 +1,19 @@
+--- /etc/ipsec.d/policies/clear	2007-10-14 00:56:14.000000000 +0200
+++ /etc/ipsec.d/policies/clear	2007-10-27 00:14:46.000000000 +0200
+@@ -14,16 +14,3 @@
+ #       This file holds the information on root name servers needed to
+ #       last update:    Jan 29, 2004
+ #       related version of root zone:   2004012900
+-198.41.0.4/32
+-192.228.79.201/32
+-192.33.4.12/32
+-128.8.10.90/32
+-192.203.230.10/32
+-192.5.5.241/32
+-192.112.36.4/32
+-128.63.2.53/32
+-192.36.148.17/32
+-192.58.128.30/32
+-193.0.14.129/32
+-198.32.64.12/32
+-202.12.27.33/32
--- a/src/patches/openswan-2.4.9-updown-1.patch
+++ b/src/patches/openswan-2.4.9-updown-1.patch
@@ -0,0 +1,30 @@
+--- /usr/lib/ipsec/_updown	2007-10-14 00:56:15.000000000 +0200
+++ /usr/lib/ipsec/_updown	2007-10-27 00:00:26.000000000 +0200
+@@ -376,8 +376,8 @@
+ 		# opportunistic encryption work around
+ 		# need to provide route that eclipses default, without 
+ 		# replacing it.
+-		it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
+-			ip route $1 128.0.0.0/1 $parms2 $parms3"
+		#it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
+	#		ip route $1 128.0.0.0/1 $parms2 $parms3"
+ 		;;
+ 	*)	it="ip route $1 $parms $parms2 $parms3"
+ 		;;
+@@ -401,13 +401,13 @@
+ prepare-host:*|prepare-client:*)
+ 	# delete possibly-existing route (preliminary to adding a route)
+ 	case "$PLUTO_PEER_CLIENT" in
+-	"0.0.0.0/0")
+  "0.0.0.0/0")
+ 		# need to provide route that eclipses default, without 
+ 		# replacing it.
+ 		parms1="0.0.0.0/1"
+ 		parms2="128.0.0.0/1"
+-		it="ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1"
+-		oops="`ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1`"
+	#	it="ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1"
+	#	oops="`ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1`"
+ 		;;
+ 	*)
+ 		parms="$PLUTO_PEER_CLIENT $IPROUTEARGS"
--- a/src/patches/openswan-2.4.9-updown_x509-1.patch
+++ b/src/patches/openswan-2.4.9-updown_x509-1.patch
@@ -0,0 +1,24 @@
+--- /usr/lib/ipsec/_updown_x509	2007-10-14 00:56:15.000000000 +0200
+++ /usr/lib/ipsec/_updown_x509	2007-10-27 00:00:26.000000000 +0200
+@@ -359,8 +359,8 @@
+ 		# opportunistic encryption work around
+ 		# need to provide route that eclipses default, without 
+ 		# replacing it.
+-		it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
+-			ip route $1 128.0.0.0/1 $parms2 $parms3"
+		#it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
+		#	ip route $1 128.0.0.0/1 $parms2 $parms3"
+ 		;;
+ 	*)	it="ip route $1 $parms $parms2 $parms3"
+ 		;;
+@@ -389,8 +389,8 @@
+ 		# replacing it.
+ 		parms1="0.0.0.0/1"
+ 		parms2="128.0.0.0/1"
+-		it="ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1"
+-		oops="`ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1`"
+		#it="ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1"
+		#oops="`ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1`"
+ 		;;
+ 	*)
+ 		parms="$PLUTO_PEER_CLIENT $IPROUTEARGS"