[packages] strongswan: upgrade to 5.1.1

Signed-off-by: Luka Perkov <luka@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/packages@39377 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-01-23 16:12:01 +00:00 · 2014-01-23 16:12:01 +00:00 · 1e8e3cd070
commit 1e8e3cd070
parent d40f0f4555
3 changed files with 20 additions and 52 deletions
--- a/net/strongswan/Makefile
+++ b/net/strongswan/Makefile
@ -1,5 +1,5 @@
 # 
-# Copyright (C) 2012-2013 OpenWrt.org
+# Copyright (C) 2012-2014 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=strongswan
-PKG_VERSION:=5.0.4
+PKG_VERSION:=5.1.1
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=http://download.strongswan.org/ http://download2.strongswan.org/
-PKG_MD5SUM:=0ab0397b44b197febfd0f89148344035
+PKG_MD5SUM:=e3af3d493d22286be3cd794533a8966a

 PKG_MOD_AVAILABLE:= \
 	addrblock \
@ -45,8 +45,10 @@ PKG_MOD_AVAILABLE:= \
 	ha \
 	hmac \
 	kernel-klips \
+	kernel-libipsec \
 	kernel-netlink \
 	kernel-pfkey \
+	kernel-pfroute \
 	ldap \
 	led \
 	load-tester \
@ -81,7 +83,7 @@ PKG_MOD_AVAILABLE:= \
 	x509 \
 	xauth-eap \
 	xauth-generic \
-	xcbc \
+	xcbc

 PKG_CONFIG_DEPENDS:= \
 	CONFIG_STRONGSWAN_DEVICE_RANDOM \
@ -201,8 +203,9 @@ endef
 define Package/strongswan-full/description
 $(call Package/strongswan/description/Default)
 This meta-package contains dependencies for all of the strongswan plugins
- except kernel-klips, kernel-pfkey, socket-dynamic and which are
- ommitted in favor of the kernel-netlink and socket-default plugins.
+ except kernel-klips, kernel-libipsec, kernel-pfkey, kernel-pfroute,
+ socket-dynamic and which are ommitted in favor of the kernel-netlink and
+ socket-default plugins.
 endef


@ -386,8 +389,10 @@ endef
 define Package/strongswan-utils/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/pki $(1)/usr/bin/
 	$(INSTALL_DIR) $(1)/usr/lib/ipsec
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{openac,pki,scepclient} $(1)/usr/lib/ipsec/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{openac,scepclient} $(1)/usr/lib/ipsec/
 endef

 define Plugin/duplicheck/install
@ -474,8 +479,10 @@ $(eval $(call BuildPlugin,gmp,libgmp,+PACKAGE_strongswan-mod-gmp:libgmp))
 $(eval $(call BuildPlugin,ha,high availability cluster,))
 $(eval $(call BuildPlugin,hmac,HMAC crypto,))
 $(eval $(call BuildPlugin,kernel-klips,KLIPS kernel interface,))
+$(eval $(call BuildPlugin,kernel-libipsec,libipsec kernel interface,))
 $(eval $(call BuildPlugin,kernel-netlink,netlink kernel interface,))
 $(eval $(call BuildPlugin,kernel-pfkey,PK_KEY kernel interface,))
+$(eval $(call BuildPlugin,kernel-pfroute,PF_ROUTE kernel interface,))
 $(eval $(call BuildPlugin,ldap,LDAP,+PACKAGE_strongswan-mod-ldap:libopenldap))
 $(eval $(call BuildPlugin,led,LED blink on IKE activity,))
 $(eval $(call BuildPlugin,load-tester,load testing,))
--- a/net/strongswan/patches/001-upstream-runtime-fix.patch
+++ b/net/strongswan/patches/001-upstream-runtime-fix.patch
@ -1,39 +0,0 @@
-From: Martin Willi <martin@revosec.ch>
-Date: Fri, 3 May 2013 12:17:37 +0000 (+0200)
-Subject: In memwipe_check(), don't put magic on stack when calling do_magic()
-X-Git-Url: http://git.strongswan.org/?p=strongswan.git;a=commitdiff_plain;h=9312fbc7
-
-In memwipe_check(), don't put magic on stack when calling do_magic()
-
-Otherwise the magic might be on the stack while checking it.
---
-
--- a/src/libstrongswan/library.c
-+++ b/src/libstrongswan/library.c
-@@ -154,7 +154,7 @@ static bool equals(char *a, char *b)
-  * Write magic to memory, and try to clear it with memwipe()
-  */
- __attribute__((noinline))
-static void do_magic(int magic, int **stack)
-+static void do_magic(int *magic, int **stack)
- {
- 	int buf[32], i;
- 
-@@ -162,7 +162,7 @@ static void do_magic(int magic, int **st
- 	*stack = &i;
- 	for (i = 0; i < countof(buf); i++)
- 	{
-		buf[i] = magic;
-+		buf[i] = *magic;
- 	}
- 	/* passing buf to dbg should make sure the compiler can't optimize out buf.
- 	 * we use directly dbg(3), as DBG3() might be stripped with DEBUG_LEVEL. */
-@@ -177,7 +177,7 @@ static bool check_memwipe()
- {
- 	int magic = 0xCAFEBABE, *ptr, *deeper, i, stackdir = 1;
- 
-	do_magic(magic, &deeper);
-+	do_magic(&magic, &deeper);
- 
- 	ptr = &magic;
- 	if (deeper < ptr)
--- a/net/strongswan/patches/201-no-modprobe.patch
+++ b/net/strongswan/patches/201-no-modprobe.patch
@ -5,7 +5,7 @@
 		if (stat(PROC_MODULES, &stb) == 0)
 		{
 -			ignore_result(system("modprobe -qv af_key"));
-+			ignore_result(system("insmod -qv af_key"));
+			ignore_result(system("modprobe af_key 2>&1 >/dev/null"));
 		}
 
 		/* now test again */
@ -18,11 +18,11 @@
 -		ignore_result(system("modprobe -qv ipcomp"));
 -		ignore_result(system("modprobe -qv xfrm4_tunnel"));
 -		ignore_result(system("modprobe -qv xfrm_user"));
-+		ignore_result(system("insmod -qv ah4"));
-+		ignore_result(system("insmod -qv esp4"));
-+		ignore_result(system("insmod -qv ipcomp"));
-+		ignore_result(system("insmod -qv xfrm4_tunnel"));
-+		ignore_result(system("insmod -qv xfrm_user"));
+		ignore_result(system("modprobe ah4 2>&1 >/dev/null"));
+		ignore_result(system("modprobe esp4 2>&1 >/dev/null"));
+		ignore_result(system("modprobe ipcomp 2>&1 >/dev/null"));
+		ignore_result(system("modprobe xfrm4_tunnel 2>&1 >/dev/null"));
+		ignore_result(system("modprobe xfrm_user 2>&1 >/dev/null"));
 	}
 
 	DBG2(DBG_APP, "found netkey IPsec stack");