Hello community, here is the log from the commit of package openswan checked in at Fri Sep 1 13:22:39 CEST 2006. -------- --- openswan/openswan.changes 2006-03-16 12:32:59.000000000 +0100 +++ openswan/openswan.changes 2006-08-30 14:47:40.000000000 +0200 @@ -1,0 +2,7 @@ +Wed Aug 30 14:47:36 CEST 2006 - mt@suse.de + +- updated to openswan-2.4.6, adopted patches. Now, the default + ipsec.conf file contains "nhelpers=0" to avoid "failed to find + any available worker" problems -- see also Bug #186061. + +------------------------------------------------------------------- Old: ---- openswan-2.4.4.tar.gz openswan-2.4.4.tar.gz.asc New: ---- openswan-2.4.6.tar.gz openswan-2.4.6.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openswan.spec ++++++ --- /var/tmp/diff_new_pack.0MsEXb/_old 2006-09-01 13:20:28.000000000 +0200 +++ /var/tmp/diff_new_pack.0MsEXb/_new 2006-09-01 13:20:28.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package openswan (Version 2.4.4) +# spec file for package openswan (Version 2.4.6) # # Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -12,9 +12,9 @@ Name: openswan BuildRequires: curl-devel gmp-devel htmldoc libjpeg-devel libpcap lynx xorg-x11-devel -Version: 2.4.4 -Release: 11 -%define irel 2.4.4 +Version: 2.4.6 +Release: 2 +%define irel 2.4.6 License: GPL Group: Productivity/Networking/Security Summary: IPsec Implementation which Allows Building of VPNs @@ -252,6 +252,10 @@ %{insserv_cleanup} %changelog -n openswan +* Wed Aug 30 2006 - mt@suse.de +- updated to openswan-2.4.6, adopted patches. Now, the default + ipsec.conf file contains "nhelpers=0" to avoid "failed to find + any available worker" problems -- see also Bug #186061. * Thu Mar 16 2006 - mt@suse.de - Bug #148385, fixed further documentation inconsistence pointed out by Martin Mrazik. ++++++ openswan-2.4.4.tar.gz -> openswan-2.4.6.tar.gz ++++++ ++++ 6506 lines of diff (skipped) ++++++ openswan_02_paths-lib64.dif ++++++ --- /var/tmp/diff_new_pack.0MsEXb/_old 2006-09-01 13:20:38.000000000 +0200 +++ /var/tmp/diff_new_pack.0MsEXb/_new 2006-09-01 13:20:38.000000000 +0200 @@ -1,5 +1,5 @@ --- Makefile -+++ Makefile 2005/07/15 12:47:24 ++++ Makefile 2006/08/30 10:18:39 @@ -18,6 +18,8 @@ OPENSWANSRCDIR?=$(shell pwd) export OPENSWANSRCDIR @@ -9,8 +9,8 @@ include ${OPENSWANSRCDIR}/Makefile.inc srcdir?=$(shell pwd) -@@ -182,7 +184,7 @@ ifeq ($(strip $(OBJDIR)),.) - programs install clean checkprograms:: +@@ -193,7 +195,7 @@ + programs install clean:: @for d in $(SUBDIRS) ; \ do \ - (cd $$d && $(MAKE) srcdir=${OPENSWANSRCDIR}/$$d/ OPENSWANSRCDIR=${OPENSWANSRCDIR} $@ ) || exit 1; \ @@ -19,8 +19,8 @@ else --- Makefile.inc -+++ Makefile.inc 2005/07/15 12:47:24 -@@ -55,7 +55,7 @@ PUBDIR=$(DESTDIR)$(INC_USRLOCAL)/sbin ++++ Makefile.inc 2006/08/30 10:18:39 +@@ -55,7 +55,7 @@ # BINDIR is where sub-commands get put, FINALBINDIR is where the "ipsec" # command will look for them when it is run. Also called LIBEXECDIR. @@ -29,7 +29,7 @@ LIBEXECDIR=$(DESTDIR)$(FINALBINDIR) FINALBINDIR=${FINALLIBEXECDIR} -@@ -239,7 +239,7 @@ RH_KERNELSRC?=/lib/modules/2.6.9-1.681_F +@@ -239,7 +239,7 @@ # installed one in RH 7.2, won't work - you wind up depending upon # openssl. @@ -39,8 +39,8 @@ # if you install elsewere, you may need to point the include files to it. #BIND9STATICLIBDIR?=/sandel/lib --- Makefile.top -+++ Makefile.top 2005/07/15 12:47:24 -@@ -41,7 +41,7 @@ distclean: clean ++++ Makefile.top 2006/08/30 10:18:39 +@@ -41,7 +41,7 @@ install_file_list: @for d in $(SUBDIRS) ; \ do \ @@ -49,7 +49,7 @@ done; # uninstall, as much as possible -@@ -80,13 +80,13 @@ check: uml Makefile.ver +@@ -80,13 +80,13 @@ ifneq ($(strip(${REGRESSRESULTS})),) mkdir -p ${REGRESSRESULTS} endif ++++++ openswan_07_doc-install.dif ++++++ --- /var/tmp/diff_new_pack.0MsEXb/_old 2006-09-01 13:20:38.000000000 +0200 +++ /var/tmp/diff_new_pack.0MsEXb/_new 2006-09-01 13:20:38.000000000 +0200 @@ -1,7 +1,7 @@ --- doc/Makefile -+++ doc/Makefile 2005/10/27 16:47:05 ++++ doc/Makefile 2006/08/30 12:06:40 @@ -48,7 +48,16 @@ - quickstart.html umltesting.html makecheck.html nightly.html \ + quickstart.html makecheck.html nightly.html \ upgrading.html policygroups.html -alldocs=${seperate} index.html @@ -18,7 +18,19 @@ # where are scripts SCRIPTDIR=${OPENSWANSRCDIR}/doc/utils -@@ -85,13 +94,13 @@ +@@ -69,6 +78,11 @@ + index.html: manpages ${OPENSWANSRCDIR}/doc/src/index.html + cp ${OPENSWANSRCDIR}/doc/src/index.html index.html + ++rfc.html: ${OPENSWANSRCDIR}/doc/src/rfc.html.head ${OPENSWANSRCDIR}/doc/src/rfc.html.tail ${OPENSWANSRCDIR}/doc/rfc.txt ++ cat ${OPENSWANSRCDIR}/doc/src/rfc.html.head > rfc.html ++ cat ${OPENSWANSRCDIR}/doc/rfc.txt >>rfc.html ++ cat ${OPENSWANSRCDIR}/doc/src/rfc.html.tail >>rfc.html ++ + manpages: manp + + manp: $(SCRIPTDIR)/mkhtmlman +@@ -85,13 +99,13 @@ @echo nothing here anymore install: ${alldocs} manpages ++++++ openswan_09_doc-fixes.dif ++++++ --- /var/tmp/diff_new_pack.0MsEXb/_old 2006-09-01 13:20:38.000000000 +0200 +++ /var/tmp/diff_new_pack.0MsEXb/_new 2006-09-01 13:20:38.000000000 +0200 @@ -1,5 +1,5 @@ --- doc/config.html -+++ doc/config.html 2006/03/16 11:29:34 ++++ doc/config.html 2006/08/30 11:57:11 @@ -206,7 +206,7 @@ information you've gathered for our example data.</P> <PRE>conn road @@ -21,8 +21,57 @@ 106 "road" #301: STATE_MAIN_I2: sent MI2, expecting MR2 108 "road" #301: STATE_MAIN_I3: sent MI3, expecting MR3 004 "road" #301: STATE_MAIN_I4: ISAKMP SA established +--- doc/glossary.html ++++ doc/glossary.html 2006/08/30 12:10:51 +@@ -985,7 +985,7 @@ + <DD><A href="http://www.ietf.org">Internet Engineering Task Force</A>, + the umbrella organisation whose various working groups make most of the + technical decisions for the Internet. The IETF<A href="http://www.ietf.org/html.charters/ipsec-charter.html"> +- IPsec working group</A> wrote the<A href="rfc.html#RFC"> RFCs</A> we ++ IPsec working group</A> wrote the<A href="rfc.html"> RFCs</A> we + are implementing.</DD> + <DT><A name="IKE">IKE</A></DT> + <DD><B>I</B>nternet<B> K</B>ey<B> E</B>xchange, based on the<A href="#DH"> +@@ -1030,7 +1030,7 @@ + IPv6</A>. + <P>This is the standard<A href="web.html#FreeSWAN"> Linux FreeS/WAN</A> + is implementing. For more details, see our<A href="ipsec.html"> IPsec +- Overview</A>. For the standards, see RFCs listed in our<A href="rfc.html#RFC"> ++ Overview</A>. For the standards, see RFCs listed in our<A href="rfc.html"> + RFCs document</A>.</P> + </DD> + <DT><A name="IPX">IPX</A></DT> +@@ -1660,7 +1660,7 @@ + <DD><B>R</B>equest<B> F</B>or<B> C</B>omments, an Internet document. + Some RFCs are just informative. Others are standards. + <P>Our list of<A href="#IPSEC"> IPsec</A> and other security-related +- RFCs is<A href="rfc.html#RFC"> here</A>, along with information on ++ RFCs is<A href="rfc.html"> here</A>, along with information on + methods of obtaining them.</P> + </DD> + <DT><A name="rijndael">Rijndael</A></DT> +@@ -2053,7 +2053,7 @@ + communication uses insecure connections. All traffic on those + connections is encrypted. + <P><A href="#IPSEC">IPsec</A> is not the only technique available for +- building VPNs, but it is the only method defined by<A href="rfc.html#RFC"> ++ building VPNs, but it is the only method defined by<A href="rfc.html"> + RFCs</A> and supported by many vendors. VPNs are by no means the only + thing you can do with IPsec, but they may be the most important + application for many users.</P> +--- doc/intro.html ++++ doc/intro.html 2006/08/30 12:11:23 +@@ -74,7 +74,7 @@ + stack has<A href="compat.html#ipv6"> started</A>.</P> + <P>For more information on IPsec, see our<A href="ipsec.html#ipsec.detail"> + IPsec protocols</A> section, our collection of<A href="web.html#ipsec.link"> +- IPsec links</A> or the<A href="rfc.html#RFC"> RFCs</A> which are the ++ IPsec links</A> or the<A href="rfc.html"> RFCs</A> which are the + official definitions of these protocols.</P> + <H3><A name="intro.interop">Interoperating with other IPsec + implementations</A></H3> --- doc/src/config.html -+++ doc/src/config.html 2006/03/16 11:23:17 ++++ doc/src/config.html 2006/08/30 11:57:11 @@ -301,7 +301,7 @@ <P>You must start the connection from the Road Warrior side. On your laptop, @@ -33,7 +82,7 @@ <P>You should see:</P> <PRE>104 "net-net" #223: STATE_MAIN_I1: initiate --- doc/src/index.html -+++ doc/src/index.html 2006/03/16 11:23:17 ++++ doc/src/index.html 2006/08/30 11:57:11 @@ -43,7 +43,7 @@ <ul> @@ -44,7 +93,7 @@ <p>For technical support and other questions, use our type) --- programs/pluto/id.c -+++ programs/pluto/id.c 2005/08/19 10:11:45 ++++ programs/pluto/id.c 2006/08/30 10:28:25 @@ -160,10 +160,10 @@ */ #define MAX_BUF 6 @@ -260,7 +260,7 @@ case ID_DER_ASN1_DN: --- programs/pluto/id.h -+++ programs/pluto/id.h 2005/08/19 09:14:39 ++++ programs/pluto/id.h 2006/08/30 10:28:25 @@ -42,7 +42,7 @@ extern err_t atoid(char *src, struct id *id, bool myid_ok); @@ -271,7 +271,7 @@ #define IDTOA_BUF 512 extern void escape_metachar(const char *src, char *dst, size_t dstlen); --- programs/pluto/ikev1_quick.c -+++ programs/pluto/ikev1_quick.c 2005/08/19 09:30:28 ++++ programs/pluto/ikev1_quick.c 2006/08/30 10:28:25 @@ -604,7 +604,7 @@ struct hmac_ctx ctx; @@ -282,7 +282,7 @@ hmac_update_chunk(&ctx, st->st_ni); hmac_update_chunk(&ctx, st->st_nr); --- programs/pluto/ipsec_doi.c -+++ programs/pluto/ipsec_doi.c 2005/08/19 09:28:03 ++++ programs/pluto/ipsec_doi.c 2006/08/30 10:28:25 @@ -113,7 +113,7 @@ { MD5_CTX hc; @@ -304,7 +304,7 @@ osMD5Final(hash, &hc); --- programs/pluto/keys.c -+++ programs/pluto/keys.c 2005/08/19 09:44:11 ++++ programs/pluto/keys.c 2006/08/30 10:28:25 @@ -371,7 +371,7 @@ match_him = 02, match_me = 04 @@ -333,26 +333,17 @@ { /* in RSA key, ttodata didn't like */ --- programs/pluto/nat_traversal.c -+++ programs/pluto/nat_traversal.c 2005/08/19 09:59:01 -@@ -117,7 +117,7 @@ ++++ programs/pluto/nat_traversal.c 2006/08/30 10:31:00 +@@ -132,7 +132,7 @@ } } -static void _natd_hash(const struct hash_desc *hasher, char *hash, +static void _natd_hash(const struct hash_desc *hasher, unsigned char *hash, u_int8_t *icookie, u_int8_t *rcookie, - const ip_address *ip, u_int16_t port) + const ip_address *ip, u_int16_t port /* network order */) { -@@ -213,7 +213,7 @@ - - void nat_traversal_natd_lookup(struct msg_digest *md) - { -- char hash[MAX_DIGEST_LEN]; -+ unsigned char hash[MAX_DIGEST_LEN]; - struct payload_digest *p; - struct state *st = md->st; - int i; -@@ -304,7 +304,7 @@ +@@ -334,7 +334,7 @@ bool nat_traversal_add_natd(u_int8_t np, pb_stream *outs, struct msg_digest *md) { @@ -362,8 +353,8 @@ unsigned int nat_np; --- programs/pluto/spdb_struct.c -+++ programs/pluto/spdb_struct.c 2005/08/19 09:53:32 -@@ -1749,6 +1749,10 @@ ++++ programs/pluto/spdb_struct.c 2006/08/30 10:32:40 +@@ -1763,6 +1763,10 @@ esp_spi = 0; ah_spi = 0; @@ -375,8 +366,8 @@ do { --- programs/pluto/vendor.c -+++ programs/pluto/vendor.c 2005/08/19 09:56:09 -@@ -312,10 +312,10 @@ ++++ programs/pluto/vendor.c 2006/08/30 10:36:25 +@@ -319,10 +319,10 @@ } else if (vid->flags & VID_MD5HASH) { /** VendorID is a string to hash with MD5 **/ @@ -390,7 +381,7 @@ osMD5Init(&ctx); osMD5Update(&ctx, d, strlen(vid->data)); osMD5Final(vidm, &ctx); -@@ -330,7 +330,7 @@ +@@ -337,7 +337,7 @@ vid->vid = vidm; if (vidm) { osMD5Init(&ctx); @@ -400,7 +391,7 @@ vidm[0] = 'O'; vidm[1] = 'E'; --- programs/pluto/xauth.c -+++ programs/pluto/xauth.c 2005/08/19 10:02:58 ++++ programs/pluto/xauth.c 2006/08/30 10:43:31 @@ -467,7 +467,7 @@ stf_status modecfg_send_set(struct state *st) { ++++++ openswan_12_gcc4sign.dif ++++++ --- /var/tmp/diff_new_pack.0MsEXb/_old 2006-09-01 13:20:38.000000000 +0200 +++ /var/tmp/diff_new_pack.0MsEXb/_new 2006-09-01 13:20:38.000000000 +0200 @@ -1,5 +1,5 @@ --- programs/pluto/demux.c -+++ programs/pluto/demux.c 2005/08/19 09:41:57 ++++ programs/pluto/demux.c 2006/08/30 10:45:20 @@ -710,9 +710,7 @@ struct sockaddr_in6 sa_in6; } from; @@ -19,7 +19,7 @@ emh.msg_name = &from.sa; /* ??? filled in? */ emh.msg_namelen = sizeof(from); -@@ -1246,8 +1243,8 @@ +@@ -1251,8 +1248,8 @@ struct sockaddr_in sa_in4; struct sockaddr_in6 sa_in6; } from,to; @@ -30,7 +30,7 @@ err_t from_ugh = NULL; static const char undisclosed[] = "unknown source"; -@@ -1271,7 +1268,7 @@ +@@ -1276,7 +1273,7 @@ from_ugh = undisclosed; } else if (from_len @@ -39,7 +39,7 @@ { from_ugh = "truncated"; } -@@ -1283,7 +1280,7 @@ +@@ -1288,7 +1285,7 @@ { from_ugh = "unexpected Address Family"; } @@ -49,7 +49,7 @@ from_ugh = "wrong length"; } --- programs/pluto/dnskey.c -+++ programs/pluto/dnskey.c 2005/08/19 09:50:06 ++++ programs/pluto/dnskey.c 2006/08/30 10:45:20 @@ -1047,7 +1047,7 @@ if (rrf.type == type && rrf.class == C_IN) @@ -60,7 +60,7 @@ switch (type) { --- programs/pluto/rcv_whack.c -+++ programs/pluto/rcv_whack.c 2005/08/19 09:36:24 ++++ programs/pluto/rcv_whack.c 2006/08/30 10:45:20 @@ -237,7 +237,7 @@ { struct whack_message msg; @@ -71,7 +71,7 @@ /* Note: actual value in n should fit in int. To print, cast to int. */ ssize_t n; --- programs/rsasigkey/rsasigkey.c -+++ programs/rsasigkey/rsasigkey.c 2005/08/19 08:56:26 ++++ programs/rsasigkey/rsasigkey.c 2006/08/30 10:45:20 @@ -446,7 +446,7 @@ { size_t ndone; ++++++ openswan_22_send-notifications.dif ++++++ --- /var/tmp/diff_new_pack.0MsEXb/_old 2006-09-01 13:20:38.000000000 +0200 +++ /var/tmp/diff_new_pack.0MsEXb/_new 2006-09-01 13:20:38.000000000 +0200 @@ -1,6 +1,6 @@ --- programs/pluto/demux.c -+++ programs/pluto/demux.c 2005/07/15 15:15:34 -@@ -1448,6 +1448,7 @@ process_packet(struct msg_digest **mdp) ++++ programs/pluto/demux.c 2006/08/30 10:47:15 +@@ -1453,6 +1453,7 @@ { openswan_log("size (%u) differs from size specified in ISAKMP HDR (%u)" , (unsigned) pbs_room(&md->packet_pbs), md->hdr.isa_length); @@ -9,8 +9,8 @@ } --- programs/pluto/ipsec_doi.c -+++ programs/pluto/ipsec_doi.c 2005/07/15 15:15:34 -@@ -723,7 +723,7 @@ accept_delete(struct state *st, struct m ++++ programs/pluto/ipsec_doi.c 2006/08/30 10:47:15 +@@ -723,7 +723,7 @@ if (d->isad_spisize != sizespi) { loglog(RC_LOG_SERIOUS ++++++ openswan_23_msl2tp-payload-malformed-workaround.dif ++++++ --- /var/tmp/diff_new_pack.0MsEXb/_old 2006-09-01 13:20:38.000000000 +0200 +++ /var/tmp/diff_new_pack.0MsEXb/_new 2006-09-01 13:20:38.000000000 +0200 @@ -1,6 +1,6 @@ --- programs/pluto/demux.c -+++ programs/pluto/demux.c 2005/07/15 15:17:39 -@@ -2073,7 +2073,23 @@ process_packet(struct msg_digest **mdp) ++++ programs/pluto/demux.c 2006/08/30 10:48:21 +@@ -2079,7 +2079,23 @@ while (np != ISAKMP_NEXT_NONE) { ++++++ openswan_31_autoleft.dif ++++++ --- /var/tmp/diff_new_pack.0MsEXb/_old 2006-09-01 13:20:38.000000000 +0200 +++ /var/tmp/diff_new_pack.0MsEXb/_new 2006-09-01 13:20:38.000000000 +0200 @@ -1,5 +1,5 @@ --- programs/auto/auto.in -+++ programs/auto/auto.in 2005/07/15 15:28:46 ++++ programs/auto/auto.in 2006/08/30 10:50:06 @@ -17,7 +17,7 @@ me='ipsec auto' usage="Usage: @@ -9,7 +9,7 @@ $me [--showonly] --{route|unroute} connectionname $me [--showonly] --{ready|status|rereadsecrets|rereadgroups} $me [--showonly] --{rereadcacerts|rereadaacerts|rereadocspcerts} -@@ -40,6 +40,7 @@ logfilter='$1 != "002"' +@@ -40,6 +40,7 @@ op= argc= utc= @@ -17,7 +17,7 @@ for dummy do -@@ -78,6 +79,7 @@ do +@@ -78,6 +79,7 @@ op="$1" argc=0 ;; @@ -25,7 +25,7 @@ --) shift ; break ;; -*) echo "$me: unknown option \`$1'" >&2 ; exit 2 ;; *) break ;; -@@ -174,6 +176,7 @@ awk ' BEGIN { +@@ -174,6 +176,7 @@ err = "cat >&2" draddr = "'"$defaultrouteaddr"'" drnexthop = "'"$defaultroutenexthop"'" @@ -33,7 +33,7 @@ failed = 0 s[""] = "" init() -@@ -348,6 +351,13 @@ awk ' BEGIN { +@@ -341,6 +344,13 @@ need("left") need("right") ++++++ openswan_32_updown-nexthop.dif ++++++ --- /var/tmp/diff_new_pack.0MsEXb/_old 2006-09-01 13:20:38.000000000 +0200 +++ /var/tmp/diff_new_pack.0MsEXb/_new 2006-09-01 13:20:38.000000000 +0200 @@ -1,6 +1,6 @@ --- programs/_updown/_updown.in -+++ programs/_updown/_updown.in 2005/07/29 19:37:47 -@@ -323,10 +323,39 @@ ++++ programs/_updown/_updown.in 2006/08/30 10:51:53 +@@ -349,10 +349,39 @@ st=0 parms="$PLUTO_PEER_CLIENT" parms2= @@ -41,7 +41,7 @@ parms2="$parms2 dev ${PLUTO_INTERFACE%:*}" parms3="$IPROUTEARGS" if [ -n "$IPROUTETABLE" ] -@@ -334,11 +363,6 @@ +@@ -360,11 +389,6 @@ parms3="$parms3 table $IPROUTETABLE" fi ++++++ openswan_33_updown-srcmask.dif ++++++ --- /var/tmp/diff_new_pack.0MsEXb/_old 2006-09-01 13:20:38.000000000 +0200 +++ /var/tmp/diff_new_pack.0MsEXb/_new 2006-09-01 13:20:38.000000000 +0200 @@ -1,6 +1,6 @@ --- programs/_updown/_updown.in -+++ programs/_updown/_updown.in 2005/09/07 09:48:42 -@@ -204,9 +204,26 @@ ++++ programs/_updown/_updown.in 2006/08/30 10:54:30 +@@ -206,9 +206,26 @@ addsource() { st=0 # check if given sourceip is local and add as alias if not ++++++ openswan_37_aes_insmod.dif ++++++ --- /var/tmp/diff_new_pack.0MsEXb/_old 2006-09-01 13:20:38.000000000 +0200 +++ /var/tmp/diff_new_pack.0MsEXb/_new 2006-09-01 13:20:38.000000000 +0200 @@ -1,19 +1,6 @@ - -On i?86 the aes module is in - arch/i386/crypto/aes-i586.ko -but there may be a "aes" alias pointing to it. - -On x86_64 the aes module is in - kernel/arch/x86_64/crypto/aes-x86_64.ko -without any alias. - -On other archs (ppc, s390, ia64), it is in - kernel/crypto/aes.ko -like all other crypto modules. - --- programs/_startklips/_startklips.in -+++ programs/_startklips/_startklips.in 2005/08/03 08:47:06 -@@ -289,7 +289,11 @@ ++++ programs/_startklips/_startklips.in 2006/08/30 10:56:32 +@@ -296,7 +296,11 @@ modprobe -qv sha1 modprobe -qv md5 modprobe -qv des ++++++ openswan_40_rcscript.dif ++++++ --- /var/tmp/diff_new_pack.0MsEXb/_old 2006-09-01 13:20:38.000000000 +0200 +++ /var/tmp/diff_new_pack.0MsEXb/_new 2006-09-01 13:20:38.000000000 +0200 @@ -1,6 +1,6 @@ --- programs/_realsetup/_realsetup.in -+++ programs/_realsetup/_realsetup.in 2005/09/07 09:56:25 -@@ -173,7 +173,7 @@ ++++ programs/_realsetup/_realsetup.in 2006/08/30 10:57:36 +@@ -178,7 +178,7 @@ # First, does it seem to be going already? perform test ! -f $lock "||" "{" \ echo "\"Openswan IPsec apparently already running, start aborted\"" ";" \ @@ -9,7 +9,7 @@ "}" # announcement -@@ -294,7 +294,7 @@ +@@ -291,7 +291,7 @@ stop|--stop|_autostop) # _autostop is same as stop # Shut things down. @@ -18,7 +18,7 @@ perform \ if test -r $lock ";" \ then \ -@@ -303,7 +303,7 @@ +@@ -300,7 +300,7 @@ else \ echo "\"stop ordered, but IPsec does not appear to be running!\"" ";" \ echo "\"doing cleanup anyway...\"" ";" \ @@ -27,7 +27,7 @@ fi if test " $IPSECforwardcontrol" = " yes" then -@@ -358,7 +358,7 @@ +@@ -355,7 +355,7 @@ if test " $IPSEC_setupflags" != " " then echo "$me $1 does not support $IPSEC_setupflags" @@ -36,7 +36,7 @@ fi if test -f $info -@@ -392,6 +392,7 @@ +@@ -389,6 +389,7 @@ plutokind=no fi @@ -44,7 +44,7 @@ if test -r /proc/net/ipsec_eroute then if test " `wc -l < /proc/net/ipsec_eroute 2> /dev/null `" -gt 0 -@@ -420,65 +421,66 @@ +@@ -417,65 +418,66 @@ if test "$haslock" then @@ -135,7 +135,7 @@ ;; --version) -@@ -489,7 +491,6 @@ +@@ -486,7 +488,6 @@ fi echo "$me $IPSEC_VERSION" @@ -143,7 +143,7 @@ ;; --help) -@@ -500,7 +501,6 @@ +@@ -497,7 +498,6 @@ fi echo "Usage: $me {--start|--stop|--restart|--status}" @@ -152,7 +152,7 @@ *) --- programs/setup/setup.in -+++ programs/setup/setup.in 2005/09/07 09:51:48 ++++ programs/setup/setup.in 2006/08/30 10:57:36 @@ -31,6 +31,23 @@ # description: IPsec provides encrypted and authenticated communications; \ # KLIPS is the kernel half of it, Pluto is the user-level management daemon. ++++++ openswan_41_preconfig.dif ++++++ --- /var/tmp/diff_new_pack.0MsEXb/_old 2006-09-01 13:20:38.000000000 +0200 +++ /var/tmp/diff_new_pack.0MsEXb/_new 2006-09-01 13:20:38.000000000 +0200 @@ -1,10 +1,9 @@ --- programs/_confread/ipsec.conf.in -+++ programs/_confread/ipsec.conf.in 2005/08/15 14:32:00 -@@ -20,6 +20,28 @@ - # NAT-TRAVERSAL support, see README.NAT-Traversal - # nat_traversal=yes - # virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12 -+ # ++++ programs/_confread/ipsec.conf.in 2006/08/30 11:04:23 +@@ -21,11 +21,31 @@ + nat_traversal=yes + # virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 + # + # Certificate Revocation List handling: + #crlcheckinterval=600 + #strictcrlpolicy=yes @@ -12,7 +11,13 @@ + # Change rp_filter setting? (default is 0, disabled) + # See also setting in the /etc/sysctl.conf file! + #rp_filter=%unchanged -+ ++ # + # enable this if you see "failed to find any available worker" + nhelpers=0 + +-# Add connections here +- +-# sample VPN connections, see /etc/ipsec.d/examples/ +# default settings for connections +conn %default + # keyingtries default to %forever @@ -24,13 +29,9 @@ + #ikelifetime=20m + #keylife=1h + #rekeymargin=8m -+ -+@OE_FLAG@ - # Add connections here - -@@ -37,4 +59,3 @@ - # # at startup, uncomment this. - # #auto=start - --@OE_FLAG@ + @OE_FLAG@ ++ ++# For sample VPN connections, see /etc/ipsec.d/examples/ ++# Add connections here ++ ++++++ openswan_42_plutowait-yes.dif ++++++ --- /var/tmp/diff_new_pack.0MsEXb/_old 2006-09-01 13:20:38.000000000 +0200 +++ /var/tmp/diff_new_pack.0MsEXb/_new 2006-09-01 13:20:38.000000000 +0200 @@ -1,16 +1,17 @@ --- programs/_confread/ipsec.conf.in -+++ programs/_confread/ipsec.conf.in 2005/08/26 17:06:28 -@@ -28,6 +28,13 @@ - # Change rp_filter setting? (default is 0, disabled) ++++ programs/_confread/ipsec.conf.in 2006/08/30 11:11:55 +@@ -29,6 +29,14 @@ # See also setting in the /etc/sysctl.conf file! #rp_filter=%unchanged -+ # + # + # Workaround to setup all tunnels immediately, since the new default + # of "plutowait=no" causes "Resource temporarily unavailable" errors + # for the first connect attempt over each tunnel, that is delayed to + # be established later / on demand. -+ # ++ # With "plutowait=yes" plutio waits for each negotiation attempt ++ # that is part of startup to finish, before proceeding with the next. + plutowait=yes ++ # + # enable this if you see "failed to find any available worker" + nhelpers=0 - # default settings for connections - conn %default ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org