strongswan: Update to 5.9.7
authorPhilip Prindeville <philipp@redfish-solutions.com>
Sun, 7 Aug 2022 21:06:16 +0000 (15:06 -0600)
committerPhilip Prindeville <philipp@redfish-solutions.com>
Mon, 8 Aug 2022 16:30:08 +0000 (10:30 -0600)
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
net/strongswan/Makefile
net/strongswan/patches/010-enum-Fix-compiler-warnings.patch [deleted file]
net/strongswan/patches/0900-src-Patch-for-building-with-musl-on-openwrt-taken-ve.patch
net/strongswan/patches/0901-uci-verbatim-patch-from-openwrt-package-sources.patch
net/strongswan/patches/0904-gmpdh-Plugin-that-implements-gmp-DH-functions-in-an-.patch

index 641e142a05b36137560494f02cbb44084bb28ed6..ddd94a1dfc62687fb8766dffa9a71ff0b2a296a1 100644 (file)
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=strongswan
-PKG_VERSION:=5.9.6
+PKG_VERSION:=5.9.7
 PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/
-PKG_HASH:=91d0978ac448912759b85452d8ff0d578aafd4507aaf4f1c1719f9d0c7318ab7
+PKG_HASH:=9e64a2ba62efeac81abff1d962522404ebc6ed6c0d352a23ab7c0b2c639e3fcf
 PKG_LICENSE:=GPL-2.0-or-later
 PKG_MAINTAINER:=Philip Prindeville <philipp@redfish-solutions.com>, Noel Kuntze <noel.kuntze@thermi.consulting>
 PKG_CPE_ID:=cpe:/a:strongswan:strongswan
@@ -171,6 +171,7 @@ $(call Package/strongswan/Default)
        +strongswan-mod-des \
        +strongswan-mod-dhcp \
        +strongswan-mod-dnskey \
+       +strongswan-mod-drbg \
        +strongswan-mod-duplicheck \
        +strongswan-mod-eap-identity \
        +strongswan-mod-eap-md5 \
@@ -185,6 +186,7 @@ $(call Package/strongswan/Default)
        +strongswan-mod-gmp \
        +strongswan-mod-ha \
        +strongswan-mod-hmac \
+       +strongswan-mod-kdf \
        +strongswan-mod-kernel-netlink \
        +strongswan-mod-ldap \
        +strongswan-mod-led \
@@ -465,6 +467,7 @@ CONFIGURE_ARGS+= \
        --disable-scripts \
        --disable-static \
        --disable-fast \
+       --enable-mgf1 \
        --enable-mediation \
        --with-systemdsystemunitdir=no \
        $(if $(CONFIG_PACKAGE_strongswan-charon-cmd),--enable-cmd,--disable-cmd) \
@@ -681,6 +684,7 @@ $(eval $(call BuildPlugin,curve25519,Curve25519 Diffie-Hellman,))
 $(eval $(call BuildPlugin,des,DES crypto,))
 $(eval $(call BuildPlugin,dhcp,DHCP based attribute provider,))
 $(eval $(call BuildPlugin,dnskey,DNS RR key decoding,))
+$(eval $(call BuildPlugin,drbg,Deterministic random bit generator,,))
 $(eval $(call BuildPlugin,duplicheck,advanced duplicate checking,))
 $(eval $(call BuildPlugin,eap-identity,EAP identity helper,))
 $(eval $(call BuildPlugin,eap-md5,EAP MD5 (CHAP) EAP auth,))
@@ -696,6 +700,7 @@ $(eval $(call BuildPlugin,gmp,libgmp,+PACKAGE_strongswan-mod-gmp:libgmp))
 $(eval $(call BuildPlugin,gmpdh,DH-Groups; no libgmp dep,))
 $(eval $(call BuildPlugin,ha,high availability cluster,))
 $(eval $(call BuildPlugin,hmac,HMAC crypto,))
+$(eval $(call BuildPlugin,kdf,KDF/PRF+,))
 $(eval $(call BuildPlugin,kernel-libipsec,libipsec kernel interface,))
 $(eval $(call BuildPlugin,kernel-netlink,netlink kernel interface,))
 $(eval $(call BuildPlugin,ldap,LDAP,+PACKAGE_strongswan-mod-ldap:libopenldap))
diff --git a/net/strongswan/patches/010-enum-Fix-compiler-warnings.patch b/net/strongswan/patches/010-enum-Fix-compiler-warnings.patch
deleted file mode 100644 (file)
index 3172ada..0000000
+++ /dev/null
@@ -1,19 +0,0 @@
-commit d23c0ea81e630af3cfda89aeeb52146c0c84c960
-Author: Tobias Brunner <tobias@strongswan.org>
-Date:   Mon May 2 09:31:49 2022 +0200
-
-    enum: Fix compiler warning
-    
-    Closes strongswan/strongswan#1025
-
---- a/src/libstrongswan/utils/enum.c
-+++ b/src/libstrongswan/utils/enum.c
-@@ -97,7 +97,7 @@ char *enum_flags_to_string(enum_name_t *
-               return buf;
-       }
--      if (snprintf(buf, len, e->names[0]) >= len)
-+      if (snprintf(buf, len, "%s", e->names[0]) >= len)
-       {
-               return NULL;
-       }
index da96d8da618ce3dac2aaf13e6d40260f3af47e1f..4323cd56348af049165dc54584a47a966197efaa 100644 (file)
@@ -16,7 +16,7 @@ Subject: [PATCH 900/904] src: Patch for building with musl on openwrt (taken
 
 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
 +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
-@@ -40,6 +40,7 @@
+@@ -41,6 +41,7 @@
   */
  
  #define _GNU_SOURCE
@@ -37,7 +37,7 @@ Subject: [PATCH 900/904] src: Patch for building with musl on openwrt (taken
  #include <linux/netlink.h>
 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
 +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
-@@ -39,6 +39,8 @@
+@@ -37,6 +37,8 @@
   * THE SOFTWARE.
   */
  
@@ -48,7 +48,7 @@ Subject: [PATCH 900/904] src: Patch for building with musl on openwrt (taken
  #include <linux/rtnetlink.h>
 --- a/src/libstrongswan/library.h
 +++ b/src/libstrongswan/library.h
-@@ -119,6 +119,7 @@
+@@ -120,6 +120,7 @@
  #include "utils/leak_detective.h"
  #include "plugins/plugin_loader.h"
  #include "settings/settings.h"
@@ -99,7 +99,7 @@ Subject: [PATCH 900/904] src: Patch for building with musl on openwrt (taken
 +#undef encrypt
 --- a/src/libstrongswan/plugins/bliss/bliss_huffman.c
 +++ b/src/libstrongswan/plugins/bliss/bliss_huffman.c
-@@ -17,6 +17,8 @@
+@@ -18,6 +18,8 @@
  #include "bliss_param_set.h"
  
  #include <library.h>
index 4056fe3450e44944ed6a75c032cc173ea4d0d189..f4d00f28fdcffa9ff79e5a9ac7e7d3c99f44717a 100644 (file)
@@ -9,7 +9,7 @@ Subject: [PATCH 901/904] uci: verbatim patch from openwrt package sources
 
 --- a/src/libcharon/plugins/uci/uci_parser.c
 +++ b/src/libcharon/plugins/uci/uci_parser.c
-@@ -75,7 +75,7 @@ METHOD(enumerator_t, section_enumerator_
+@@ -76,7 +76,7 @@ METHOD(enumerator_t, section_enumerator_
                if (uci_lookup(this->ctx, &element, this->package,
                                           this->current->name, "name") == UCI_OK)
                {       /* use "name" attribute as config name if available ... */
@@ -18,7 +18,7 @@ Subject: [PATCH 901/904] uci: verbatim patch from openwrt package sources
                }
                else
                {       /* ... or the section name becomes config name */
-@@ -90,7 +90,7 @@ METHOD(enumerator_t, section_enumerator_
+@@ -91,7 +91,7 @@ METHOD(enumerator_t, section_enumerator_
                if (value && uci_lookup(this->ctx, &element, this->package,
                                                  this->current->name, this->keywords[i]) == UCI_OK)
                {
index d9da1b623bf56a266ca760813983923c3ed85fc0..bd203bcb6987f4230dbd5a8277b8f3cb7c05f833 100644 (file)
@@ -18,7 +18,7 @@ Subject: [PATCH 904/904] gmpdh: Plugin that implements gmp DH functions in an
 
 --- a/configure.ac
 +++ b/configure.ac
-@@ -146,6 +146,7 @@ ARG_DISBL_SET([fips-prf],       [disable
+@@ -147,6 +147,7 @@ ARG_DISBL_SET([fips-prf],       [disable
  ARG_ENABL_SET([gcm],            [enables the GCM AEAD wrapper crypto plugin.])
  ARG_ENABL_SET([gcrypt],         [enables the libgcrypt plugin.])
  ARG_DISBL_SET([gmp],            [disable GNU MP (libgmp) based crypto implementation plugin.])
@@ -26,7 +26,7 @@ Subject: [PATCH 904/904] gmpdh: Plugin that implements gmp DH functions in an
  ARG_DISBL_SET([curve25519],     [disable Curve25519 Diffie-Hellman plugin.])
  ARG_DISBL_SET([hmac],           [disable HMAC crypto implementation plugin.])
  ARG_DISBL_SET([kdf],            [disable KDF (prf+) implementation plugin.])
-@@ -1496,6 +1497,7 @@ ADD_PLUGIN([pkcs8],                [s ch
+@@ -1542,6 +1543,7 @@ ADD_PLUGIN([pkcs8],                [s ch
  ADD_PLUGIN([af-alg],               [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
  ADD_PLUGIN([fips-prf],             [s charon nm cmd])
  ADD_PLUGIN([gmp],                  [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
@@ -34,7 +34,7 @@ Subject: [PATCH 904/904] gmpdh: Plugin that implements gmp DH functions in an
  ADD_PLUGIN([curve25519],           [s charon pki scripts nm cmd])
  ADD_PLUGIN([agent],                [s charon nm cmd])
  ADD_PLUGIN([keychain],             [s charon cmd])
-@@ -1639,6 +1641,7 @@ AM_CONDITIONAL(USE_SHA3, test x$sha3 = x
+@@ -1685,6 +1687,7 @@ AM_CONDITIONAL(USE_SHA3, test x$sha3 = x
  AM_CONDITIONAL(USE_MGF1, test x$mgf1 = xtrue)
  AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue)
  AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue)
@@ -42,7 +42,7 @@ Subject: [PATCH 904/904] gmpdh: Plugin that implements gmp DH functions in an
  AM_CONDITIONAL(USE_CURVE25519, test x$curve25519 = xtrue)
  AM_CONDITIONAL(USE_RDRAND, test x$rdrand = xtrue)
  AM_CONDITIONAL(USE_AESNI, test x$aesni = xtrue)
-@@ -1918,6 +1921,7 @@ AC_CONFIG_FILES([
+@@ -1964,6 +1967,7 @@ AC_CONFIG_FILES([
        src/libstrongswan/plugins/mgf1/Makefile
        src/libstrongswan/plugins/fips_prf/Makefile
        src/libstrongswan/plugins/gmp/Makefile
@@ -135,31 +135,31 @@ Subject: [PATCH 904/904] gmpdh: Plugin that implements gmp DH functions in an
 +{
 +      static plugin_feature_t f[] = {
 +              /* DH groups */
-+              PLUGIN_REGISTER(DH, gmp_diffie_hellman_create),
-+                      PLUGIN_PROVIDE(DH, MODP_2048_BIT),
++              PLUGIN_REGISTER(KE, gmp_diffie_hellman_create),
++                      PLUGIN_PROVIDE(KE, MODP_2048_BIT),
 +                              PLUGIN_DEPENDS(RNG, RNG_STRONG),
-+                      PLUGIN_PROVIDE(DH, MODP_2048_224),
++                      PLUGIN_PROVIDE(KE, MODP_2048_224),
 +                              PLUGIN_DEPENDS(RNG, RNG_STRONG),
-+                      PLUGIN_PROVIDE(DH, MODP_2048_256),
++                      PLUGIN_PROVIDE(KE, MODP_2048_256),
 +                              PLUGIN_DEPENDS(RNG, RNG_STRONG),
-+                      PLUGIN_PROVIDE(DH, MODP_1536_BIT),
++                      PLUGIN_PROVIDE(KE, MODP_1536_BIT),
 +                              PLUGIN_DEPENDS(RNG, RNG_STRONG),
-+                      PLUGIN_PROVIDE(DH, MODP_3072_BIT),
++                      PLUGIN_PROVIDE(KE, MODP_3072_BIT),
 +                              PLUGIN_DEPENDS(RNG, RNG_STRONG),
-+                      PLUGIN_PROVIDE(DH, MODP_4096_BIT),
++                      PLUGIN_PROVIDE(KE, MODP_4096_BIT),
 +                              PLUGIN_DEPENDS(RNG, RNG_STRONG),
-+                      PLUGIN_PROVIDE(DH, MODP_6144_BIT),
++                      PLUGIN_PROVIDE(KE, MODP_6144_BIT),
 +                              PLUGIN_DEPENDS(RNG, RNG_STRONG),
-+                      PLUGIN_PROVIDE(DH, MODP_8192_BIT),
++                      PLUGIN_PROVIDE(KE, MODP_8192_BIT),
 +                              PLUGIN_DEPENDS(RNG, RNG_STRONG),
-+                      PLUGIN_PROVIDE(DH, MODP_1024_BIT),
++                      PLUGIN_PROVIDE(KE, MODP_1024_BIT),
 +                              PLUGIN_DEPENDS(RNG, RNG_STRONG),
-+                      PLUGIN_PROVIDE(DH, MODP_1024_160),
++                      PLUGIN_PROVIDE(KE, MODP_1024_160),
 +                              PLUGIN_DEPENDS(RNG, RNG_STRONG),
-+                      PLUGIN_PROVIDE(DH, MODP_768_BIT),
++                      PLUGIN_PROVIDE(KE, MODP_768_BIT),
 +                              PLUGIN_DEPENDS(RNG, RNG_STRONG),
-+              PLUGIN_REGISTER(DH, gmp_diffie_hellman_create_custom),
-+                      PLUGIN_PROVIDE(DH, MODP_CUSTOM),
++              PLUGIN_REGISTER(KE, gmp_diffie_hellman_create_custom),
++                      PLUGIN_PROVIDE(KE, MODP_CUSTOM),
 +                              PLUGIN_DEPENDS(RNG, RNG_STRONG),
 +      };
 +      *features = f;