Explorar el Código

strongswan: bump to 5.3.5

Signed-off-by: Steven Barth <steven@midlink.org>
Steven Barth hace 9 años
padre
commit
393a788cc0

+ 7
- 3
net/strongswan/Makefile Ver fichero

@@ -8,12 +8,12 @@
8 8
 include $(TOPDIR)/rules.mk
9 9
 
10 10
 PKG_NAME:=strongswan
11
-PKG_VERSION:=5.3.4
12
-PKG_RELEASE:=2
11
+PKG_VERSION:=5.3.5
12
+PKG_RELEASE:=1
13 13
 
14 14
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
15 15
 PKG_SOURCE_URL:=http://download.strongswan.org/ http://download2.strongswan.org/
16
-PKG_MD5SUM:=655a632a515c74a99f2e9cc337ab2f33
16
+PKG_MD5SUM:=a2f9ea185f27e7f8413d4cd2ee61efe4
17 17
 PKG_LICENSE:=GPL-2.0+
18 18
 PKG_MAINTAINER:=Steven Barth <cyrus@openwrt.org>
19 19
 
@@ -28,6 +28,7 @@ PKG_MOD_AVAILABLE:= \
28 28
 	ccm \
29 29
 	cmac \
30 30
 	constraints \
31
+	connmark \
31 32
 	coupling \
32 33
 	ctr \
33 34
 	curl \
@@ -144,6 +145,7 @@ $(call Package/strongswan/Default)
144 145
 	+strongswan-mod-ccm \
145 146
 	+strongswan-mod-cmac \
146 147
 	+strongswan-mod-constraints \
148
+	+strongswan-mod-connmark \
147 149
 	+strongswan-mod-coupling \
148 150
 	+strongswan-mod-ctr \
149 151
 	+strongswan-mod-curl \
@@ -221,6 +223,7 @@ $(call Package/strongswan/Default)
221 223
 	+strongswan-charon \
222 224
 	+strongswan-mod-aes \
223 225
 	+strongswan-mod-attr \
226
+	+strongswan-mod-connmark \
224 227
 	+strongswan-mod-constraints \
225 228
 	+strongswan-mod-des \
226 229
 	+strongswan-mod-dnskey \
@@ -504,6 +507,7 @@ $(eval $(call BuildPlugin,attr-sql,SQL based config,+strongswan-charon))
504 507
 $(eval $(call BuildPlugin,blowfish,Blowfish crypto,))
505 508
 $(eval $(call BuildPlugin,ccm,CCM AEAD wrapper crypto,))
506 509
 $(eval $(call BuildPlugin,cmac,CMAC crypto,))
510
+$(eval $(call BuildPlugin,connmark,netfilter connection marking,))
507 511
 $(eval $(call BuildPlugin,constraints,advanced X509 constraint checking,))
508 512
 $(eval $(call BuildPlugin,coupling,IKEv2 plugin to couple peer certificates permanently to authentication,))
509 513
 $(eval $(call BuildPlugin,ctr,Counter Mode wrapper crypto,))

+ 0
- 216
net/strongswan/patches/001-fix-EINTR-crash.patch Ver fichero

@@ -1,216 +0,0 @@
1
-From ea651877c0bb6e129f52eb592cea3b10b2e3347b Mon Sep 17 00:00:00 2001
2
-From: Tobias Brunner <tobias@strongswan.org>
3
-Date: Thu, 19 Nov 2015 11:21:48 +0100
4
-Subject: [PATCH] sigwaitinfo() may fail with EINTR if an unblocked signal not
5
- in the set is received
6
-
7
- #1213.
8
----
9
- src/charon-cmd/charon-cmd.c               |  9 ++++-----
10
- src/charon-nm/charon-nm.c                 |  9 ++++-----
11
- src/charon-systemd/charon-systemd.c       |  9 ++++-----
12
- src/charon-tkm/src/charon-tkm.c           |  9 ++++-----
13
- src/charon/charon.c                       | 11 +++++------
14
- src/conftest/conftest.c                   |  2 +-
15
- src/frontends/osx/charon-xpc/charon-xpc.c |  7 ++++---
16
- src/libfast/fast_dispatcher.c             |  6 +++++-
17
- src/libstrongswan/utils/utils.c           |  5 ++++-
18
- 9 files changed, 35 insertions(+), 32 deletions(-)
19
-
20
-diff --git a/src/charon-cmd/charon-cmd.c b/src/charon-cmd/charon-cmd.c
21
-index b8f943f..d3b31cc 100644
22
---- a/src/charon-cmd/charon-cmd.c
23
-+++ b/src/charon-cmd/charon-cmd.c
24
-@@ -115,6 +115,10 @@ static int run()
25
-		sig = sigwaitinfo(&set, NULL);
26
-		if (sig == -1)
27
-		{
28
-+			if (errno == EINTR)
29
-+			{	/* ignore signals we didn't wait for */
30
-+				continue;
31
-+			}
32
-			DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno));
33
-			return 1;
34
-		}
35
-@@ -152,11 +156,6 @@ static int run()
36
-				charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
37
-				return 1;
38
-			}
39
--			default:
40
--			{
41
--				DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
42
--				break;
43
--			}
44
-		}
45
-	}
46
- }
47
-diff --git a/src/charon-nm/charon-nm.c b/src/charon-nm/charon-nm.c
48
-index 1773e7c..fb090e5 100644
49
---- a/src/charon-nm/charon-nm.c
50
-+++ b/src/charon-nm/charon-nm.c
51
-@@ -85,6 +85,10 @@ static void run()
52
-		sig = sigwaitinfo(&set, NULL);
53
-		if (sig == -1)
54
-		{
55
-+			if (errno == EINTR)
56
-+			{	/* ignore signals we didn't wait for */
57
-+				continue;
58
-+			}
59
-			DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno));
60
-			return;
61
-		}
62
-@@ -102,11 +106,6 @@ static void run()
63
-				charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
64
-				return;
65
-			}
66
--			default:
67
--			{
68
--				DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
69
--				break;
70
--			}
71
-		}
72
-	}
73
- }
74
-diff --git a/src/charon-systemd/charon-systemd.c b/src/charon-systemd/charon-systemd.c
75
-index f302d45..4286cde 100644
76
---- a/src/charon-systemd/charon-systemd.c
77
-+++ b/src/charon-systemd/charon-systemd.c
78
-@@ -254,6 +254,10 @@ static int run()
79
-		sig = sigwaitinfo(&set, NULL);
80
-		if (sig == -1)
81
-		{
82
-+			if (errno == EINTR)
83
-+			{	/* ignore signals we didn't wait for */
84
-+				continue;
85
-+			}
86
-			DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno));
87
-			return SS_RC_INITIALIZATION_FAILED;
88
-		}
89
-@@ -265,11 +269,6 @@ static int run()
90
-				charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
91
-				return 0;
92
-			}
93
--			default:
94
--			{
95
--				DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
96
--				break;
97
--			}
98
-		}
99
-	}
100
- }
101
-diff --git a/src/charon-tkm/src/charon-tkm.c b/src/charon-tkm/src/charon-tkm.c
102
-index 52d82f3..3923c8a 100644
103
---- a/src/charon-tkm/src/charon-tkm.c
104
-+++ b/src/charon-tkm/src/charon-tkm.c
105
-@@ -104,6 +104,10 @@ static void run()
106
-		sig = sigwaitinfo(&set, NULL);
107
-		if (sig == -1)
108
-		{
109
-+			if (errno == EINTR)
110
-+			{	/* ignore signals we didn't wait for */
111
-+				continue;
112
-+			}
113
-			DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno));
114
-			return;
115
-		}
116
-@@ -121,11 +125,6 @@ static void run()
117
-				charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
118
-				return;
119
-			}
120
--			default:
121
--			{
122
--				DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
123
--				break;
124
--			}
125
-		}
126
-	}
127
- }
128
-diff --git a/src/charon/charon.c b/src/charon/charon.c
129
-index f03b6e1..4c2a9a4 100644
130
---- a/src/charon/charon.c
131
-+++ b/src/charon/charon.c
132
-@@ -98,7 +98,7 @@ static void run()
133
- {
134
-	sigset_t set;
135
-
136
--	/* handle SIGINT, SIGHUP ans SIGTERM in this handler */
137
-+	/* handle SIGINT, SIGHUP and SIGTERM in this handler */
138
-	sigemptyset(&set);
139
-	sigaddset(&set, SIGINT);
140
-	sigaddset(&set, SIGHUP);
141
-@@ -112,6 +112,10 @@ static void run()
142
-		sig = sigwaitinfo(&set, NULL);
143
-		if (sig == -1)
144
-		{
145
-+			if (errno == EINTR)
146
-+			{	/* ignore signals we didn't wait for */
147
-+				continue;
148
-+			}
149
-			DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno));
150
-			return;
151
-		}
152
-@@ -144,11 +148,6 @@ static void run()
153
-				charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
154
-				return;
155
-			}
156
--			default:
157
--			{
158
--				DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
159
--				break;
160
--			}
161
-		}
162
-	}
163
- }
164
-diff --git a/src/conftest/conftest.c b/src/conftest/conftest.c
165
-index 9348b64..edfe0ca 100644
166
---- a/src/conftest/conftest.c
167
-+++ b/src/conftest/conftest.c
168
-@@ -565,7 +565,7 @@ int main(int argc, char *argv[])
169
-	sigaddset(&set, SIGTERM);
170
-	sigprocmask(SIG_BLOCK, &set, NULL);
171
-
172
--	while ((sig = sigwaitinfo(&set, NULL)) != -1)
173
-+	while ((sig = sigwaitinfo(&set, NULL)) != -1 || errno == EINTR)
174
-	{
175
-		switch (sig)
176
-		{
177
-diff --git a/src/libfast/fast_dispatcher.c b/src/libfast/fast_dispatcher.c
178
-index b4c6ce3..66a2ee5 100644
179
---- a/src/libfast/fast_dispatcher.c
180
-+++ b/src/libfast/fast_dispatcher.c
181
-@@ -21,6 +21,7 @@
182
- #include <fcgiapp.h>
183
- #include <signal.h>
184
- #include <unistd.h>
185
-+#include <errno.h>
186
-
187
- #include <utils/debug.h>
188
- #include <threading/thread.h>
189
-@@ -389,7 +390,10 @@ METHOD(fast_dispatcher_t, waitsignal, void,
190
-	sigaddset(&set, SIGTERM);
191
-	sigaddset(&set, SIGHUP);
192
-	sigprocmask(SIG_BLOCK, &set, NULL);
193
--	sigwaitinfo(&set, NULL);
194
-+	while (sigwaitinfo(&set, NULL) == -1 && errno == EINTR)
195
-+	{
196
-+		/* wait for signal */
197
-+	}
198
- }
199
-
200
- METHOD(fast_dispatcher_t, destroy, void,
201
-diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c
202
-index 4e86165..40cb43d 100644
203
---- a/src/libstrongswan/utils/utils.c
204
-+++ b/src/libstrongswan/utils/utils.c
205
-@@ -124,7 +124,10 @@ void wait_sigint()
206
-	sigaddset(&set, SIGTERM);
207
-
208
-	sigprocmask(SIG_BLOCK, &set, NULL);
209
--	sigwaitinfo(&set, NULL);
210
-+	while (sigwaitinfo(&set, NULL) == -1 && errno == EINTR)
211
-+	{
212
-+		/* wait for signal */
213
-+	}
214
- }
215
-
216
- #ifndef HAVE_SIGWAITINFO

+ 6
- 6
net/strongswan/patches/305-minimal_dh_plugin.patch Ver fichero

@@ -8,7 +8,7 @@
8 8
  ARG_DISBL_SET([hmac],           [disable HMAC crypto implementation plugin.])
9 9
  ARG_ENABL_SET([md4],            [enable MD4 software implementation plugin.])
10 10
  ARG_DISBL_SET([md5],            [disable MD5 software implementation plugin.])
11
-@@ -1310,6 +1311,7 @@ ADD_PLUGIN([gcrypt],               [s ch
11
+@@ -1312,6 +1313,7 @@ ADD_PLUGIN([gcrypt],               [s ch
12 12
  ADD_PLUGIN([af-alg],               [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
13 13
  ADD_PLUGIN([fips-prf],             [s charon nm cmd])
14 14
  ADD_PLUGIN([gmp],                  [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
@@ -16,16 +16,16 @@
16 16
  ADD_PLUGIN([agent],                [s charon nm cmd])
17 17
  ADD_PLUGIN([keychain],             [s charon cmd])
18 18
  ADD_PLUGIN([chapoly],              [s charon scripts nm cmd])
19
-@@ -1441,6 +1443,7 @@ AM_CONDITIONAL(USE_SHA1, test x$sha1 = x
20
- AM_CONDITIONAL(USE_SHA2, test x$sha2 = xtrue)
19
+@@ -1444,6 +1446,7 @@ AM_CONDITIONAL(USE_SHA2, test x$sha2 = x
20
+ AM_CONDITIONAL(USE_SHA3, test x$sha3 = xtrue)
21 21
  AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue)
22 22
  AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue)
23 23
 +AM_CONDITIONAL(USE_GMPDH, test x$gmpdh = xtrue)
24 24
  AM_CONDITIONAL(USE_RDRAND, test x$rdrand = xtrue)
25 25
  AM_CONDITIONAL(USE_AESNI, test x$aesni = xtrue)
26 26
  AM_CONDITIONAL(USE_RANDOM, test x$random = xtrue)
27
-@@ -1688,6 +1691,7 @@ AC_CONFIG_FILES([
28
- 	src/libstrongswan/plugins/sha2/Makefile
27
+@@ -1692,6 +1695,7 @@ AC_CONFIG_FILES([
28
+ 	src/libstrongswan/plugins/sha3/Makefile
29 29
  	src/libstrongswan/plugins/fips_prf/Makefile
30 30
  	src/libstrongswan/plugins/gmp/Makefile
31 31
 +	src/libstrongswan/plugins/gmpdh/Makefile
@@ -34,7 +34,7 @@
34 34
  	src/libstrongswan/plugins/random/Makefile
35 35
 --- a/src/libstrongswan/Makefile.am
36 36
 +++ b/src/libstrongswan/Makefile.am
37
-@@ -295,6 +295,13 @@ if MONOLITHIC
37
+@@ -303,6 +303,13 @@ if MONOLITHIC
38 38
  endif
39 39
  endif
40 40