Version bumps wrt to security bug #264346. Remove -Werror from compiler options (#260927).

Package-Manager: portage-2.1.6.7/cvs/Linux x86_64

7 files changed, 625 insertions, 6 deletions

diff --git a/net-misc/openswan/ChangeLog b/net-misc/openswan/ChangeLog
index 6ee1a2ad1597..ba0f4432a444 100644
--- a/net-misc/openswan/ChangeLog
+++ b/net-misc/openswan/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for net-misc/openswan
 # Copyright 2002-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/ChangeLog,v 1.57 2009/01/11 11:01:51 mrness Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/ChangeLog,v 1.58 2009/04/08 23:30:46 mrness Exp $
+
+*openswan-2.6.21 (08 Apr 2009)
+*openswan-2.4.14 (08 Apr 2009)
+
+  08 Apr 2009; Alin Năstac <mrness@gentoo.org>
+  +files/openswan-2.4.14-deprecated-ldap.patch,
+  +files/openswan-2.4.14-gentoo.patch, +files/openswan-2.6.21-gentoo.patch,
+  +openswan-2.4.14.ebuild, +openswan-2.6.21.ebuild:
+  Version bumps wrt to security bug #264346. Remove -Werror from compiler
+  options (#260927).
 
   11 Jan 2009; Alin Năstac <mrness@gentoo.org>
   -files/openswan-2.6.18-gentoo.patch, files/openswan-2.6.19-gentoo.patch,
diff --git a/net-misc/openswan/Manifest b/net-misc/openswan/Manifest
index ccbc10006485..ca675b751c3c 100644
--- a/net-misc/openswan/Manifest
+++ b/net-misc/openswan/Manifest
@@ -5,18 +5,25 @@ AUX ipsec 1551 RMD160 9f2480ebfb7549df1cbe3cf5c62575acd78a986a SHA1 53c1826bea6a
 AUX ipsec-initd 487 RMD160 23d9d7be6000fb95fdb142bc948964d6050b7864 SHA1 55a4c3ab2523f265e314c9048c0552699564fc4d SHA256 e86140b6e596a0b0d6e52ca521adb891eb3b9cc4ad8e6f28041fb773f9f60347
 AUX openswan-2.4.13-deprecated-ldap.patch 371 RMD160 4fb852b20240b9c2b22db5d2ca5b75ac7c4ca2f0 SHA1 8d70c48e525467e26cdf5f1f6fb36d49a03d8a20 SHA256 9d406ba127eca56ba5e64517fe107e1785c07cad9e7a770d8481d7998c4e1709
 AUX openswan-2.4.13-gentoo-fixed.patch 6724 RMD160 5714afc4819bf8be7929601d8702e8d7099e81ad SHA1 6ff4183bda05b3cd2e94b8ca9214cfa3be9ea130 SHA256 866ec2c50c050c34425d12f7f12d12b9fe9ccdd1f5ca8ce6a0a76bec0002bf58
+AUX openswan-2.4.14-deprecated-ldap.patch 372 RMD160 7ec7ef91ad9712026be01e5f896f829c6d9bd179 SHA1 1904c14f089ad92ab57e5ac1c0abdc89413280a0 SHA256 ad71a9bf6692f7fe7252cbd8642176fe1b14234944cd5a8a5916f61926519c53
+AUX openswan-2.4.14-gentoo.patch 7770 RMD160 37fbaa4cb4d292fa6e94cc1075284a1d673e34b5 SHA1 4d7896a40c3dac75c7730c8b6b8e1a1e8662c7de SHA256 0074b7c8fbd21d6ca5ff98cd5253253bf607949644f13a003fbdb59036fa934a
 AUX openswan-2.6.19-gentoo.patch 2761 RMD160 f34ce06ee3ef5a01dfe16ae040c84299c9cd5b9b SHA1 9af75e2d2f3c4667627daf6ada5d4be84c9f14d1 SHA256 b6bb07509a154811602c710a577eb3238fb7c6d2c4ecfc3ed20ce26dcfccbad6
 AUX openswan-2.6.19-qa-fixes.patch 408 RMD160 89bbae8456a33fb7297c9d242f24ca13de1512f9 SHA1 d6d215e5429a0ded2b0aee49e4ea2e2b6846fdcc SHA256 bad4f78c2c55e3cb815d0fd241e59adf9725875b0ed989722e2756af0155e8c9
+AUX openswan-2.6.21-gentoo.patch 5139 RMD160 ecb01703bf276384baecf24674e1acf0290e3558 SHA1 d1776b67978e3cb2b9a56c8c7fe5f8f4ff165ac0 SHA256 f8af9881e4d109757e78deaa05f6b464c9bed14f97b1df714a57a0d11f3c249f
 DIST openswan-2.4.13.tar.gz 3761840 RMD160 cc22c2d838d33fe2a08173aa1602ec39cfde3a80 SHA1 ad314d22f08c8de08624b1a7f69120eae23fad4b SHA256 1dcf1ebcc8b974def51b09e791de267ec9813b6af086337aa06909e27ccff5f6
+DIST openswan-2.4.14.tar.gz 3762031 RMD160 c3165fa58d540d30a5adfbc1070a21ca6762c17b SHA1 6f79c969164f80ae7d2b5a436bd798c428615687 SHA256 5c5886c026f79a85bee0ac2888fc3c7da87b8f8c493f02a51a5ce6b8675a4ddf
 DIST openswan-2.6.19.tar.gz 6547468 RMD160 844d4f0eaf8a3165c4a1195fb7f874f384c46424 SHA1 532df8f907d89637a83b8bc1cb5032f929209ed0 SHA256 44547bde3cb603e31b7aa251bcbfb02c1fecbaa73acada6f95f38f99e7b7d7a2
+DIST openswan-2.6.21.tar.gz 6201306 RMD160 d94fcd50a55ae6bb28787b2fc1966c9c43927fbe SHA1 b43fd73e8a10b00b08a4b1784730f2656430f977 SHA256 e773aa22f86ef12999f9a78c98ad5ba09980ccd1d14ab16361e9f21e40742fe7
 EBUILD openswan-2.4.13-r2.ebuild 3539 RMD160 da78299a3284f09f52b12dabab71d1b562062caf SHA1 6ac95439aca2c0043a9ede05d4d8ed6a7052602c SHA256 e4df8b3da5a63524f5d8ff92057e1fbbcec7e3f8e93c4853f81ceacfa22f6c4c
+EBUILD openswan-2.4.14.ebuild 3518 RMD160 8d807ec196801ba086ec25fba17bf7bc1fd3c605 SHA1 d3cd2ad92f7afd6e74a2af6fa404dca7d815fc5e SHA256 f743a45ec82642510e3e38c826102ef29e19933dcbe9998fecf583f3c13e61b2
 EBUILD openswan-2.6.19.ebuild 4588 RMD160 309ccb8e1d73a32941e7e490efffe894e615a135 SHA1 7cdfa5b2b6f8df31e2ce31cb55819c6a4f04cd92 SHA256 e5cedd98dabc8dc3d9b5453629828b0822598f4baea64ea4ae96d0da274d8d57
-MISC ChangeLog 10918 RMD160 81f2e78d7af3de98e2918aff6db04f9a185ac954 SHA1 dbbfd3744f57d99b15553b90759b7bc4554bac49 SHA256 94909e501e8a49c1458fcec038b00db684593f957d1f738ed3db0972ae61ab13
+EBUILD openswan-2.6.21.ebuild 4524 RMD160 18b47f36e2cbf19d96c71c0ce1b31b1878fb2cf8 SHA1 a87161d7099aaea0b5eaa9968d34df40a5fd3ca3 SHA256 d7b7c9295d41f279c863b7283129889741f89b932c1cf1903193e6c557706bfb
+MISC ChangeLog 11301 RMD160 3918e63034f219bdb75a6ac454170a76f1569e80 SHA1 09e0786067f7e9763d489fc54f3520ff04063001 SHA256 99e801bbf1ec47892ff1658a3d3dca572b6e34f65cd7c2c5b4996d451a13ee27
 MISC metadata.xml 1084 RMD160 7cf6387beefc2f3837b1a89b1998455b2d4719c0 SHA1 a3fdcf876700e8497a5a326cf3c0d8bb94601e9d SHA256 a16ca55eac2181ef69fce35e53a92cded04dc188f52a60410b670d8c2d50284e
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.9 (GNU/Linux)
+Version: GnuPG v2.0.10 (GNU/Linux)
 
-iEYEARECAAYFAklp0bIACgkQts85UDFmaOW1ZwCePYorbB74UMIcTxwoSySbUVwH
-AHUAni+uvUWZq+z7M3l1/2Me41Lt3y0Q
-=1LAm
+iEYEARECAAYFAkndM70ACgkQts85UDFmaOWyCgCeIV0e8wyxGFdb8Kpj5J2B1L1R
+hdsAn2tvFUxHNybOlf/+Vc/71s5VA8EU
+=CYXz
 -----END PGP SIGNATURE-----
diff --git a/net-misc/openswan/files/openswan-2.4.14-deprecated-ldap.patch b/net-misc/openswan/files/openswan-2.4.14-deprecated-ldap.patch
new file mode 100644
index 000000000000..8ec0d38d4872
--- /dev/null
+++ b/net-misc/openswan/files/openswan-2.4.14-deprecated-ldap.patch
@@ -0,0 +1,11 @@
+diff -Nru openswan-2.4.14.orig/programs/pluto/fetch.c openswan-2.4.14/programs/pluto/fetch.c
+--- openswan-2.4.14.orig/programs/pluto/fetch.c	2004-06-14 02:01:32.000000000 +0000
++++ openswan-2.4.14/programs/pluto/fetch.c	2009-04-08 23:14:29.000000000 +0000
+@@ -28,6 +28,7 @@
+ #include <openswan.h>
+ 
+ #ifdef LDAP_VER
++#define LDAP_DEPRECATED 1
+ #include <ldap.h>
+ #endif
+ 
diff --git a/net-misc/openswan/files/openswan-2.4.14-gentoo.patch b/net-misc/openswan/files/openswan-2.4.14-gentoo.patch
new file mode 100644
index 000000000000..63c310fd9513
--- /dev/null
+++ b/net-misc/openswan/files/openswan-2.4.14-gentoo.patch
@@ -0,0 +1,175 @@
+diff -Nru openswan-2.4.14.orig/lib/liblwres/Makefile openswan-2.4.14/lib/liblwres/Makefile
+--- openswan-2.4.14.orig/lib/liblwres/Makefile	2007-10-22 14:33:11.000000000 +0000
++++ openswan-2.4.14/lib/liblwres/Makefile	2009-04-08 23:07:06.000000000 +0000
+@@ -17,8 +17,8 @@
+ 
+ CINCLUDES =	-I${srcdir}/unix/include \
+ 		-I. -I./include -I${srcdir}/include 
+-CDEFINES = -g
+-CWARNINGS = -Werror
++CDEFINES =
++CWARNINGS =
+ 
+ CFLAGS+=${CINCLUDES} ${CDEFINES} ${CWARNINGS}
+ 
+diff -Nru openswan-2.4.14.orig/Makefile.inc openswan-2.4.14/Makefile.inc
+--- openswan-2.4.14.orig/Makefile.inc	2009-03-30 13:55:24.000000000 +0000
++++ openswan-2.4.14/Makefile.inc	2009-04-08 23:06:04.000000000 +0000
+@@ -46,7 +46,7 @@
+ DESTDIR?=
+ 
+ # "local" part of tree, used in building other pathnames
+-INC_USRLOCAL=/usr/local
++INC_USRLOCAL?=/usr
+ 
+ # PUBDIR is where the "ipsec" command goes; beware, many things define PATH
+ # settings which are assumed to include it (or at least, to include *some*
+@@ -91,7 +91,7 @@
+ 
+ # sample configuration files go into
+ INC_DOCDIR?=share/doc
+-FINALEXAMPLECONFDIR=${INC_USRLOCAL}/${INC_DOCDIR}/openswan
++FINALEXAMPLECONFDIR?=${INC_USRLOCAL}/${INC_DOCDIR}/openswan
+ EXAMPLECONFDIR=${DESTDIR}${FINALEXAMPLECONFDIR}
+ 
+ FINALDOCDIR?=${INC_USRLOCAL}/${INC_DOCDIR}/openswan
+diff -Nru openswan-2.4.14.orig/programs/_confread/_confread.in openswan-2.4.14/programs/_confread/_confread.in
+--- openswan-2.4.14.orig/programs/_confread/_confread.in	2006-04-12 19:55:42.000000000 +0000
++++ openswan-2.4.14/programs/_confread/_confread.in	2009-04-08 23:06:04.000000000 +0000
+@@ -14,7 +14,7 @@
+ #
+ # RCSID $Id: openswan-2.4.14-gentoo.patch,v 1.1 2009/04/08 23:30:45 mrness Exp $
+ #
+-# Extract configuration info from /etc/ipsec.conf, repackage as assignments
++# Extract configuration info from /etc/ipsec/ipsec.conf, repackage as assignments
+ # to shell variables or tab-delimited fields.  Success or failure is reported
+ # inline, as extra data, due to the vagaries of shell backquote handling.
+ # In the absence of --varprefix, output is tab-separated fields, like:
+diff -Nru openswan-2.4.14.orig/programs/_confread/ipsec.conf.in openswan-2.4.14/programs/_confread/ipsec.conf.in
+--- openswan-2.4.14.orig/programs/_confread/ipsec.conf.in	2006-10-19 03:49:46.000000000 +0000
++++ openswan-2.4.14/programs/_confread/ipsec.conf.in	2009-04-08 23:06:04.000000000 +0000
+@@ -1,4 +1,4 @@
+-# /etc/ipsec.conf - Openswan IPsec configuration file
++# /etc/ipsec/ipsec.conf - Openswan IPsec configuration file
+ # RCSID $Id: openswan-2.4.14-gentoo.patch,v 1.1 2009/04/08 23:30:45 mrness Exp $
+ 
+ # This file:  @FINALEXAMPLECONFDIR@/ipsec.conf-sample
+diff -Nru openswan-2.4.14.orig/programs/examples/l2tp-psk.conf.in openswan-2.4.14/programs/examples/l2tp-psk.conf.in
+--- openswan-2.4.14.orig/programs/examples/l2tp-psk.conf.in	2007-11-02 01:49:40.000000000 +0000
++++ openswan-2.4.14/programs/examples/l2tp-psk.conf.in	2009-04-08 23:06:04.000000000 +0000
+@@ -11,7 +11,7 @@
+ 	#
+ 	# Use a Preshared Key. Disable Perfect Forward Secrecy.
+ 	#
+-	# PreSharedSecret needs to be specified in /etc/ipsec.secrets as
++	# PreSharedSecret needs to be specified in /etc/ipsec/ipsec.secrets as
+ 	# YourIPAddress  %any: "sharedsecret"
+ 	authby=secret
+ 	pfs=no
+diff -Nru openswan-2.4.14.orig/programs/_include/_include.in openswan-2.4.14/programs/_include/_include.in
+--- openswan-2.4.14.orig/programs/_include/_include.in	2003-01-06 21:44:04.000000000 +0000
++++ openswan-2.4.14/programs/_include/_include.in	2009-04-08 23:06:04.000000000 +0000
+@@ -47,10 +47,10 @@
+ do
+ 	if test ! -r "$f"
+ 	then
+-		if test ! "$f" = "/etc/ipsec.conf"
++		if test ! "$f" = "/etc/ipsec/ipsec.conf"
+ 		then
+ 			echo "#:cannot open configuration file \'$f\'"
+-			if test "$f" = "/etc/ipsec.secrets"
++			if test "$f" = "/etc/ipsec/ipsec.secrets"
+ 			then
+ 				echo "#:Your secrets file will be created when you start FreeS/WAN for the first time."
+ 			fi
+diff -Nru openswan-2.4.14.orig/programs/mailkey/mailkey.in openswan-2.4.14/programs/mailkey/mailkey.in
+--- openswan-2.4.14.orig/programs/mailkey/mailkey.in	2006-10-28 23:49:23.000000000 +0000
++++ openswan-2.4.14/programs/mailkey/mailkey.in	2009-04-08 23:06:04.000000000 +0000
+@@ -60,7 +60,7 @@
+ 
+ "$test1st"
+ 
+-Common concerns: This account must be able to read /etc/ipsec.secrets. 
++Common concerns: This account must be able to read /etc/ipsec/ipsec.secrets. 
+ If you haven't generated your key yet, please run 'ipsec newhostkey'." 
+ exit 0
+ }
+diff -Nru openswan-2.4.14.orig/programs/Makefile.program openswan-2.4.14/programs/Makefile.program
+--- openswan-2.4.14.orig/programs/Makefile.program	2007-06-19 14:49:19.000000000 +0000
++++ openswan-2.4.14/programs/Makefile.program	2009-04-08 23:08:31.000000000 +0000
+@@ -34,7 +34,6 @@
+ WERROR:= -Werror
+ endif
+ 
+-CFLAGS+= ${WERROR}
+ 
+ ifneq ($(LD_LIBRARY_PATH),)
+ LDFLAGS=-L$(LD_LIBRARY_PATH)
+diff -Nru openswan-2.4.14.orig/programs/pluto/Makefile openswan-2.4.14/programs/pluto/Makefile
+--- openswan-2.4.14.orig/programs/pluto/Makefile	2007-11-06 18:56:26.000000000 +0000
++++ openswan-2.4.14/programs/pluto/Makefile	2009-04-08 23:06:04.000000000 +0000
+@@ -210,7 +210,7 @@
+ endif
+ 
+ ifeq ($(USE_WEAKSTUFF),true)
+-WEAK_DEFS=-DUSE_VERYWEAK_DH1=1 #-DUSE_1DES
++WEAK_DEFS=-DUSE_VERYWEAK_DH1=1 -DUSE_1DES
+ endif
+ 
+ ifeq ($(USE_EXTRACRYPTO),true)
+diff -Nru openswan-2.4.14.orig/programs/setup/Makefile openswan-2.4.14/programs/setup/Makefile
+--- openswan-2.4.14.orig/programs/setup/Makefile	2004-12-18 18:13:43.000000000 +0000
++++ openswan-2.4.14/programs/setup/Makefile	2009-04-08 23:06:04.000000000 +0000
+@@ -33,25 +33,10 @@
+ 	@rm -f $(BINDIR)/setup
+ 	@$(INSTALL) $(INSTBINFLAGS) setup $(RCDIR)/ipsec
+ 	@ln -s $(FINALRCDIR)/ipsec $(BINDIR)/setup
+-	-@for i in 0 1 2 3 4 5 6; do mkdir -p $(RCDIR)/../rc$$i.d; done
+-	-@cd $(RCDIR)/../rc0.d && ln -f -s ../init.d/ipsec K76ipsec
+-	-@cd $(RCDIR)/../rc1.d && ln -f -s ../init.d/ipsec K76ipsec
+-	-@cd $(RCDIR)/../rc2.d && ln -f -s ../init.d/ipsec S47ipsec
+-	-@cd $(RCDIR)/../rc3.d && ln -f -s ../init.d/ipsec S47ipsec
+-	-@cd $(RCDIR)/../rc4.d && ln -f -s ../init.d/ipsec S47ipsec
+-	-@cd $(RCDIR)/../rc5.d && ln -f -s ../init.d/ipsec S47ipsec
+-	-@cd $(RCDIR)/../rc6.d && ln -f -s ../init.d/ipsec K76ipsec
+ 
+ install_file_list::
+ 	@echo $(RCDIR)/ipsec
+ 	@echo $(BINDIR)/setup
+-	@echo $(RCDIR)/../rc0.d/K76ipsec
+-	@echo $(RCDIR)/../rc1.d/K76ipsec
+-	@echo $(RCDIR)/../rc2.d/S47ipsec
+-	@echo $(RCDIR)/../rc3.d/S47ipsec
+-	@echo $(RCDIR)/../rc4.d/S47ipsec
+-	@echo $(RCDIR)/../rc5.d/S47ipsec
+-	@echo $(RCDIR)/../rc6.d/K76ipsec
+ 
+ clean::
+ 	@rm -f setup
+diff -Nru openswan-2.4.14.orig/programs/showhostkey/showhostkey.in openswan-2.4.14/programs/showhostkey/showhostkey.in
+--- openswan-2.4.14.orig/programs/showhostkey/showhostkey.in	2007-06-19 15:27:27.000000000 +0000
++++ openswan-2.4.14/programs/showhostkey/showhostkey.in	2009-04-08 23:06:04.000000000 +0000
+@@ -18,7 +18,7 @@
+ usage="Usage: $me [--file secrets] [--left] [--right] [--txt gateway] [--id id]
+                   [--dhclient] [--ipseckey]"
+ 
+-file=/etc/ipsec.secrets
++file=/etc/ipsec/ipsec.secrets
+ fmt=""
+ gw=
+ id=
+diff -Nru openswan-2.4.14.orig/testing/utils/ikeping/Makefile openswan-2.4.14/testing/utils/ikeping/Makefile
+--- openswan-2.4.14.orig/testing/utils/ikeping/Makefile	2004-04-03 19:44:52.000000000 +0000
++++ openswan-2.4.14/testing/utils/ikeping/Makefile	2009-04-08 23:09:18.000000000 +0000
+@@ -27,10 +27,9 @@
+ FREESWANINCLS= -I$(FREESWANLIBDIR) -I${OPENSWANSRCDIR}
+ FREESWANLIB=$(FREESWANLIBDIR)/libfreeswan.a
+ 
+-CFLAGS = -g -Wall -W -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast \
++CFLAGS = -Wall -W -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast \
+ 	-Wcast-qual -Wmissing-declarations -Wwrite-strings 
+ CFLAGS+= -Wstrict-prototypes 
+-CFLAGS+= -Werror
+ #CFLAGS+= -Wundef
+ 
+ HDRDIRS =  $(FREESWANINCLS)
diff --git a/net-misc/openswan/files/openswan-2.6.21-gentoo.patch b/net-misc/openswan/files/openswan-2.6.21-gentoo.patch
new file mode 100644
index 000000000000..6bd054e27e22
--- /dev/null
+++ b/net-misc/openswan/files/openswan-2.6.21-gentoo.patch
@@ -0,0 +1,130 @@
+diff -Nru openswan-2.6.21.orig/lib/libdns/Makefile openswan-2.6.21/lib/libdns/Makefile
+--- openswan-2.6.21.orig/lib/libdns/Makefile	2009-03-30 13:11:28.000000000 +0000
++++ openswan-2.6.21/lib/libdns/Makefile	2009-04-08 23:23:13.000000000 +0000
+@@ -30,8 +30,8 @@
+ 		-I${srcdir}../libisc/nothreads/include \
+ 		-I. -I./include -I${srcdir}include \
+ 		-I${srcdir}../libisc/include
+-CDEFINES = -g ${USERCOMPILE} ${PORTINCLUDE}
+-CWARNINGS = -Werror
++CDEFINES = ${USERCOMPILE} ${PORTINCLUDE}
++CWARNINGS = 
+ 
+ CFLAGS+=${CINCLUDES} ${CDEFINES} ${CWARNINGS}
+ 
+diff -Nru openswan-2.6.21.orig/lib/libisc/Makefile openswan-2.6.21/lib/libisc/Makefile
+--- openswan-2.6.21.orig/lib/libisc/Makefile	2009-03-30 13:11:28.000000000 +0000
++++ openswan-2.6.21/lib/libisc/Makefile	2009-04-08 23:23:01.000000000 +0000
+@@ -22,8 +22,8 @@
+ 		-I${srcdir}nothreads/include \
+ 		-I. -I./include -I${srcdir}include \
+ 		$(PORTINCLUDE) -I${OPENSWANSRCDIR}/include
+-CDEFINES = -g -DHAVE_STRERROR ${USERCOMPILE} ${PORTINCLUDE}
+-# CWARNINGS = -Werror
++CDEFINES = -DHAVE_STRERROR ${USERCOMPILE} ${PORTINCLUDE}
++# CWARNINGS = 
+ 
+ CFLAGS+=${CINCLUDES} ${CDEFINES} ${CWARNINGS}
+ 
+diff -Nru openswan-2.6.21.orig/lib/liblwres/Makefile openswan-2.6.21/lib/liblwres/Makefile
+--- openswan-2.6.21.orig/lib/liblwres/Makefile	2009-03-30 13:11:28.000000000 +0000
++++ openswan-2.6.21/lib/liblwres/Makefile	2009-04-08 23:22:53.000000000 +0000
+@@ -22,8 +22,8 @@
+ 		-I${srcdir}../libisc/${ISCARCH}/include \
+ 		-I${srcdir}../libisc/include \
+ 		-I. -I./include -I${srcdir}include 
+-CDEFINES = -g
+-CWARNINGS = -Werror
++CDEFINES = 
++CWARNINGS = 
+ 
+ CFLAGS+=${USERCOMPILE} ${PORTINCLUDE} ${CINCLUDES} ${CDEFINES} ${CWARNINGS} 
+ 
+diff -Nru openswan-2.6.21.orig/Makefile.inc openswan-2.6.21/Makefile.inc
+--- openswan-2.6.21.orig/Makefile.inc	2009-03-30 13:11:28.000000000 +0000
++++ openswan-2.6.21/Makefile.inc	2009-04-08 23:21:42.000000000 +0000
+@@ -49,7 +49,7 @@
+ DESTDIR?=
+ 
+ # "local" part of tree, used in building other pathnames
+-INC_USRLOCAL=/usr/local
++INC_USRLOCAL?=/usr
+ 
+ # PUBDIR is where the "ipsec" command goes; beware, many things define PATH
+ # settings which are assumed to include it (or at least, to include *some*
+@@ -94,7 +94,7 @@
+ 
+ # sample configuration files go into
+ INC_DOCDIR?=share/doc
+-FINALEXAMPLECONFDIR=${INC_USRLOCAL}/${INC_DOCDIR}/openswan
++FINALEXAMPLECONFDIR?=${INC_USRLOCAL}/${INC_DOCDIR}/openswan
+ EXAMPLECONFDIR=${DESTDIR}${FINALEXAMPLECONFDIR}
+ 
+ FINALDOCDIR?=${INC_USRLOCAL}/${INC_DOCDIR}/openswan
+diff -Nru openswan-2.6.21.orig/programs/Makefile.program openswan-2.6.21/programs/Makefile.program
+--- openswan-2.6.21.orig/programs/Makefile.program	2009-03-30 13:11:28.000000000 +0000
++++ openswan-2.6.21/programs/Makefile.program	2009-04-08 23:23:28.000000000 +0000
+@@ -53,7 +53,6 @@
+ WERROR:= -Werror
+ endif
+ 
+-CFLAGS+= ${WERROR}
+ 
+ ifneq ($(LD_LIBRARY_PATH),)
+ LDFLAGS=-L$(LD_LIBRARY_PATH)
+diff -Nru openswan-2.6.21.orig/programs/setup/Makefile openswan-2.6.21/programs/setup/Makefile
+--- openswan-2.6.21.orig/programs/setup/Makefile	2009-03-30 13:11:28.000000000 +0000
++++ openswan-2.6.21/programs/setup/Makefile	2009-04-08 23:21:42.000000000 +0000
+@@ -18,7 +18,6 @@
+ 
+ # this dance is because setup has to get installed as /etc/rc.d/init.d/ipsec
+ # not as /etc/rc.d/init.d/setup.
+-PROGRAMDIR=$(RCDIR)
+ PROGRAM=setup
+ EXTRA8MAN=setup.8
+ 
+@@ -29,32 +28,6 @@
+ # into the $BINDIR.
+ #
+ # the priorities match those in setup's chkconfig line
+-doinstall:: setup
+-	@rm -f $(BINDIR)/setup
+-	@$(INSTALL) $(INSTBINFLAGS) setup $(RCDIR)/ipsec
+-	@ln -s $(FINALRCDIR)/ipsec $(BINDIR)/setup
+-	-@for i in 0 1 2 3 4 5 6; do mkdir -p $(RCDIR)/../rc$$i.d; done
+-	-@cd $(RCDIR)/../rc0.d && ln -f -s ../init.d/ipsec K76ipsec
+-	-@cd $(RCDIR)/../rc1.d && ln -f -s ../init.d/ipsec K76ipsec
+-	-@cd $(RCDIR)/../rc2.d && ln -f -s ../init.d/ipsec S47ipsec
+-	-@cd $(RCDIR)/../rc3.d && ln -f -s ../init.d/ipsec S47ipsec
+-	-@cd $(RCDIR)/../rc4.d && ln -f -s ../init.d/ipsec S47ipsec
+-	-@cd $(RCDIR)/../rc5.d && ln -f -s ../init.d/ipsec S47ipsec
+-	-@cd $(RCDIR)/../rc6.d && ln -f -s ../init.d/ipsec K76ipsec
+-
+-install_file_list::
+-	@echo $(RCDIR)/ipsec
+-	@echo $(BINDIR)/setup
+-	@echo $(RCDIR)/../rc0.d/K76ipsec
+-	@echo $(RCDIR)/../rc1.d/K76ipsec
+-	@echo $(RCDIR)/../rc2.d/S47ipsec
+-	@echo $(RCDIR)/../rc3.d/S47ipsec
+-	@echo $(RCDIR)/../rc4.d/S47ipsec
+-	@echo $(RCDIR)/../rc5.d/S47ipsec
+-	@echo $(RCDIR)/../rc6.d/K76ipsec
+-
+-cleanall::
+-	@rm -f setup
+ 
+ #
+ # $Log: not supported by cvs2svn $
+diff -Nru openswan-2.6.21.orig/testing/utils/make-uml.sh openswan-2.6.21/testing/utils/make-uml.sh
+--- openswan-2.6.21.orig/testing/utils/make-uml.sh	2009-03-30 13:11:28.000000000 +0000
++++ openswan-2.6.21/testing/utils/make-uml.sh	2009-04-08 23:23:48.000000000 +0000
+@@ -262,7 +262,7 @@
+ 
+ cd $OPENSWANSRCDIR || exit 1
+ 
+-make WERROR=-Werror USE_OBJDIR=true programs
++make USE_OBJDIR=true programs
+ 
+ # now, execute the Makefile that we have created!
+ cd $POOLSPACE && make $OPENSWANHOSTS 
diff --git a/net-misc/openswan/openswan-2.4.14.ebuild b/net-misc/openswan/openswan-2.4.14.ebuild
new file mode 100644
index 000000000000..816964d021a8
--- /dev/null
+++ b/net-misc/openswan/openswan-2.4.14.ebuild
@@ -0,0 +1,125 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/openswan-2.4.14.ebuild,v 1.1 2009/04/08 23:30:46 mrness Exp $
+
+EAPI="2"
+
+inherit eutils linux-info
+
+DESCRIPTION="Open Source implementation of IPsec for the Linux operating system (was SuperFreeS/WAN)."
+HOMEPAGE="http://www.openswan.org/"
+SRC_URI="http://www.openswan.org/download/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~sparc ~x86"
+IUSE="curl ldap smartcard extra-algorithms weak-algorithms"
+
+COMMON_DEPEND="!net-misc/strongswan
+	dev-libs/gmp
+	dev-lang/perl
+	smartcard? ( dev-libs/opensc )
+	curl? ( net-misc/curl )
+	ldap? ( net-nds/openldap )"
+DEPEND="${COMMON_DEPEND}
+	virtual/linux-sources"
+RDEPEND="${COMMON_DEPEND}
+	virtual/logger
+	sys-apps/iproute2"
+
+pkg_setup() {
+	linux-info_pkg_setup
+
+	if kernel_is 2 6; then
+		einfo "This ebuild will set ${P} to use 2.6 native IPsec (KAME)."
+		einfo "KLIPS will not be compiled/installed."
+		MYMAKE="programs"
+
+	elif kernel_is 2 4; then
+		if ! [[ -d "${KERNEL_DIR}/net/ipsec" ]]; then
+			eerror "You need to have an IPsec enabled 2.4.x kernel."
+			eerror "Ensure you have one running and make a symlink to it in /usr/src/linux"
+			die
+		fi
+
+		einfo "Using patched-in IPsec code for kernel 2.4"
+		einfo "Your kernel only supports KLIPS for kernel level IPsec."
+		MYMAKE="confcheck programs"
+
+	else
+		die "Unsupported kernel version"
+	fi
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-gentoo.patch
+	epatch "${FILESDIR}"/${P}-deprecated-ldap.patch
+
+	find . -regex '.*[.][1-8]' -exec sed -i \
+	    -e s:/usr/local:/usr:g \
+	    -e s:/etc/ipsec[.]conf:/etc/ipsec/ipsec.conf:g \
+	    -e s:/etc/ipsec[.]secrets:/etc/ipsec/ipsec.secrets:g '{}' \; ||
+	    die "failed to replace text in xml docs"
+}
+
+get_make_options() {
+	echo KERNELSRC=\"${KERNEL_DIR}\" \
+		FINALCONFDIR=/etc/ipsec \
+		FINALCONFFILE=/etc/ipsec/ipsec.conf \
+		FINALEXAMPLECONFDIR=/usr/share/doc/${PF} \
+		INC_RCDEFAULT=/etc/init.d \
+		INC_USRLOCAL=/usr \
+		INC_MANDIR=share/man \
+		FINALDOCDIR=/usr/share/doc/${PF} \
+		DESTDIR=\"${D}\" \
+		USERCOMPILE=\"${CFLAGS}\"
+	if use smartcard ; then
+		echo USE_SMARTCARD=true
+	fi
+	if use extra-algorithms ; then
+		echo USE_EXTRACRYPTO=true
+	fi
+	if use weak-algorithms ; then
+		echo USE_WEAKSTUFF=true
+	fi
+	echo USE_OE=false # by default, turn off Opportunistic Encryption
+	echo USE_LWRES=false # needs bind9 with lwres support
+	local USETHREADS=false
+	if use curl; then
+		echo USE_LIBCURL=true
+		USETHREADS=true
+	fi
+	if use ldap; then
+		echo USE_LDAP=true
+		USETHREADS=true
+	fi
+	echo HAVE_THREADS=${USETHREADS}
+}
+
+src_compile() {
+	eval set -- $(get_make_options)
+	emake "$@" \
+		${MYMAKE} || die "emake failed"
+}
+
+src_install() {
+	eval set -- $(get_make_options)
+	emake "$@" \
+		install || die "emake install failed"
+
+	dosym /etc/ipsec/ipsec.d /etc/ipsec.d
+
+	doinitd "${FILESDIR}"/ipsec || die "failed to install init script"
+
+	dodir /var/run/pluto || die "failed to create /var/run/pluto"
+}
+
+pkg_postinst() {
+	if kernel_is 2 6; then
+		CONFIG_CHECK="~NET_KEY ~INET_XFRM_MODE_TRANSPORT ~INET_XFRM_MODE_TUNNEL ~INET_AH ~INET_ESP ~INET_IPCOMP"
+		WARNING_INET_AH="CONFIG_INET_AH:\tmissing IPsec AH support (needed if you want only authentication)"
+		WARNING_INET_ESP="CONFIG_INET_ESP:\tmissing IPsec ESP support (needed if you want authentication and encryption)"
+		WARNING_INET_IPCOMP="CONFIG_INET_IPCOMP:\tmissing IPsec Payload Compression (required for compress=yes)"
+		check_extra_config
+	fi
+}
diff --git a/net-misc/openswan/openswan-2.6.21.ebuild b/net-misc/openswan/openswan-2.6.21.ebuild
new file mode 100644
index 000000000000..35387e073328
--- /dev/null
+++ b/net-misc/openswan/openswan-2.6.21.ebuild
@@ -0,0 +1,161 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/openswan-2.6.21.ebuild,v 1.1 2009/04/08 23:30:46 mrness Exp $
+
+EAPI="2"
+
+inherit eutils linux-info
+
+DESCRIPTION="Open Source implementation of IPsec for the Linux operating system (was SuperFreeS/WAN)."
+HOMEPAGE="http://www.openswan.org/"
+SRC_URI="http://www.openswan.org/download/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~sparc ~x86"
+IUSE="curl ldap smartcard extra-algorithms weak-algorithms nocrypto-algorithms"
+
+COMMON_DEPEND="!net-misc/strongswan
+	dev-libs/gmp
+	dev-lang/perl
+	smartcard? ( dev-libs/opensc )
+	curl? ( net-misc/curl )
+	ldap? ( net-nds/openldap )"
+DEPEND="${COMMON_DEPEND}
+	virtual/linux-sources
+	app-text/xmlto
+	app-text/docbook-xml-dtd:4.1.2" # see bug 237132
+RDEPEND="${COMMON_DEPEND}
+	virtual/logger
+	sys-apps/iproute2"
+
+pkg_setup() {
+	if use nocrypto-algorithms && ! use weak-algorithms; then
+		ewarn "Enabling nocrypto-algorithms USE flag has no effect when"
+		ewarn "weak-algorithms USE flag is disabled"
+	fi
+
+	linux-info_pkg_setup
+
+	if kernel_is 2 6; then
+		einfo "This ebuild will set ${P} to use 2.6 native IPsec (KAME)."
+		einfo "KLIPS will not be compiled/installed."
+		MYMAKE="programs"
+
+	elif kernel_is 2 4; then
+		if ! [[ -d "${KERNEL_DIR}/net/ipsec" ]]; then
+			eerror "You need to have an IPsec enabled 2.4.x kernel."
+			eerror "Ensure you have one running and make a symlink to it in /usr/src/linux"
+			die
+		fi
+
+		einfo "Using patched-in IPsec code for kernel 2.4"
+		einfo "Your kernel only supports KLIPS for kernel level IPsec."
+		MYMAKE="confcheck programs"
+
+	else
+		die "Unsupported kernel version"
+	fi
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-gentoo.patch
+
+	find . -regex '.*[.][1-8]' -exec sed -i \
+	    -e s:/usr/local:/usr:g '{}' \; ||
+	    die "failed to replace text in xml docs"
+}
+
+get_make_options() {
+	echo KERNELSRC=\"${KERNEL_DIR}\" \
+		FINALEXAMPLECONFDIR=/usr/share/doc/${PF} \
+		INC_RCDEFAULT=/etc/init.d \
+		INC_USRLOCAL=/usr \
+		INC_MANDIR=share/man \
+		FINALDOCDIR=/usr/share/doc/${PF}/html \
+		DESTDIR=\"${D}\" \
+		USERCOMPILE=\"${CFLAGS}\"
+	if use smartcard ; then
+		echo USE_SMARTCARD=true
+	fi
+	if use extra-algorithms ; then
+		echo USE_EXTRACRYPTO=true
+	else
+		echo USE_EXTRACRYPTO=false
+	fi
+	if use weak-algorithms ; then
+		echo USE_WEAKSTUFF=true
+		if use nocrypto-algorithms; then
+			echo USE_NOCRYPTO=true
+		fi
+	fi
+	echo USE_LWRES=false # needs bind9 with lwres support
+	local USETHREADS=false
+	if use curl; then
+		echo USE_LIBCURL=true
+		USETHREADS=true
+	fi
+	if use ldap; then
+		echo USE_LDAP=true
+		USETHREADS=true
+	fi
+	echo HAVE_THREADS=${USETHREADS}
+}
+
+src_compile() {
+	eval set -- $(get_make_options)
+	emake "$@" \
+		${MYMAKE} || die "emake failed"
+}
+
+src_install() {
+	eval set -- $(get_make_options)
+	emake "$@" \
+		install || die "emake install failed"
+
+	newinitd "${FILESDIR}"/ipsec-initd ipsec || die "failed to install init script"
+
+	dodir /var/run/pluto || die "failed to create /var/run/pluto"
+}
+
+pkg_preinst() {
+	if has_version "<net-misc/openswan-2.6.14" && pushd "${ROOT}etc/ipsec"; then
+		ewarn "Following files and directories were moved from '${ROOT}etc/ipsec' to '${ROOT}etc':"
+		local i err=0
+		if [ -h "../ipsec.d" ]; then
+			rm "../ipsec.d" || die "failed to remove ../ipsec.d symlink"
+		fi
+		for i in *; do
+			if [ -e "../$i" ]; then
+				eerror "  $i NOT MOVED, ../$i already exists!"
+				err=1
+			elif [ -d "$i" ]; then
+				mv "$i" .. || die "failed to move $i directory"
+				ewarn "  directory $i"
+			elif [ -f "$i" ]; then
+				sed -i -e 's:/etc/ipsec/:/etc/:g' "$i" && \
+					mv "$i" .. && ewarn "  file $i" || \
+					die "failed to move $i file"
+			else
+				eerror "  $i NOT MOVED, it is not a file nor a directory!"
+				err=1
+			fi
+		done
+		popd
+		if [ $err -eq 0 ]; then
+			rmdir "${ROOT}etc/ipsec" || eerror "Failed to remove ${ROOT}etc/ipsec"
+		else
+			ewarn "${ROOT}etc/ipsec is not empty, you will have to remove it yourself"
+		fi
+	fi
+}
+
+pkg_postinst() {
+	if kernel_is 2 6; then
+		CONFIG_CHECK="~NET_KEY ~INET_XFRM_MODE_TRANSPORT ~INET_XFRM_MODE_TUNNEL ~INET_AH ~INET_ESP ~INET_IPCOMP"
+		WARNING_INET_AH="CONFIG_INET_AH:\tmissing IPsec AH support (needed if you want only authentication)"
+		WARNING_INET_ESP="CONFIG_INET_ESP:\tmissing IPsec ESP support (needed if you want authentication and encryption)"
+		WARNING_INET_IPCOMP="CONFIG_INET_IPCOMP:\tmissing IPsec Payload Compression (required for compress=yes)"
+		check_extra_config
+	fi
+}