[Openswan dev] Openswan 2.6.39 released, fixes CVE-2013-2053

[Patrick Naubert]

On 2013-06-04, at 2:42 AM, Gilles Espinasse <g.esp at free.fr> wrote:

> Openswan 2.6.39 released to the community
> 
Thank for the release

Bienvenue.

>> v2.6.39 (May 31, 2013)
> ...
>> 	• Fixed ipsec verify to avoid perl and use python instead. It helps
>> 	during minimum install so that openswan does not have to pull perl
>> 	packages, and it keeps minimal install really minimum. Also Removed
>> 	compilation of ipsec policy subprogram as it is not needed with
>> 	NETKEY. [Paul]
> 
> This change is problematic for minimal distrib that do not install python at all.
> Only bash and perl are installed for scripting.
> Adding python just for a small script is a non-sense for us.

Understood, I will see what I can do.  At the very worse, I can have both versions there and have soft dependancies.

Hmmm, the more I look at that script, the more it looks like all kinds of broken, in perl and python.  It just prints out your configuration and checks certain elements.  The reason that perl or python is used is in the pretty-printing of the info.  Colours…

I could: 

- Re-write it in shell, with no colours in the output.
- Pull it out completely, and make sure that all of the files it analyzes are in "barf", and code a Xelerance-side "barf" analyzer like we've had planned for over 7 years.

Anyone have an opinion ?

Patrick