From 1e8e3cd07074918ade00686fec474176d6d88b6c Mon Sep 17 00:00:00 2001 From: luka Date: Thu, 23 Jan 2014 16:12:01 +0000 Subject: [PATCH] [packages] strongswan: upgrade to 5.1.1 Signed-off-by: Luka Perkov git-svn-id: svn://svn.openwrt.org/openwrt/packages@39377 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- net/strongswan/Makefile | 21 ++++++---- .../patches/001-upstream-runtime-fix.patch | 39 ------------------- ...no-modprobe.patch => 201-kmodloader.patch} | 12 +++--- 3 files changed, 20 insertions(+), 52 deletions(-) delete mode 100644 net/strongswan/patches/001-upstream-runtime-fix.patch rename net/strongswan/patches/{201-no-modprobe.patch => 201-kmodloader.patch} (66%) diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile index de8bccaf4..6ea62f967 100644 --- a/net/strongswan/Makefile +++ b/net/strongswan/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2012-2013 OpenWrt.org +# Copyright (C) 2012-2014 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=strongswan -PKG_VERSION:=5.0.4 +PKG_VERSION:=5.1.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=http://download.strongswan.org/ http://download2.strongswan.org/ -PKG_MD5SUM:=0ab0397b44b197febfd0f89148344035 +PKG_MD5SUM:=e3af3d493d22286be3cd794533a8966a PKG_MOD_AVAILABLE:= \ addrblock \ @@ -45,8 +45,10 @@ PKG_MOD_AVAILABLE:= \ ha \ hmac \ kernel-klips \ + kernel-libipsec \ kernel-netlink \ kernel-pfkey \ + kernel-pfroute \ ldap \ led \ load-tester \ @@ -81,7 +83,7 @@ PKG_MOD_AVAILABLE:= \ x509 \ xauth-eap \ xauth-generic \ - xcbc \ + xcbc PKG_CONFIG_DEPENDS:= \ CONFIG_STRONGSWAN_DEVICE_RANDOM \ @@ -201,8 +203,9 @@ endef define Package/strongswan-full/description $(call Package/strongswan/description/Default) This meta-package contains dependencies for all of the strongswan plugins - except kernel-klips, kernel-pfkey, socket-dynamic and which are - ommitted in favor of the kernel-netlink and socket-default plugins. + except kernel-klips, kernel-libipsec, kernel-pfkey, kernel-pfroute, + socket-dynamic and which are ommitted in favor of the kernel-netlink and + socket-default plugins. endef @@ -386,8 +389,10 @@ endef define Package/strongswan-utils/install $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/pki $(1)/usr/bin/ $(INSTALL_DIR) $(1)/usr/lib/ipsec - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{openac,pki,scepclient} $(1)/usr/lib/ipsec/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{openac,scepclient} $(1)/usr/lib/ipsec/ endef define Plugin/duplicheck/install @@ -474,8 +479,10 @@ $(eval $(call BuildPlugin,gmp,libgmp,+PACKAGE_strongswan-mod-gmp:libgmp)) $(eval $(call BuildPlugin,ha,high availability cluster,)) $(eval $(call BuildPlugin,hmac,HMAC crypto,)) $(eval $(call BuildPlugin,kernel-klips,KLIPS kernel interface,)) +$(eval $(call BuildPlugin,kernel-libipsec,libipsec kernel interface,)) $(eval $(call BuildPlugin,kernel-netlink,netlink kernel interface,)) $(eval $(call BuildPlugin,kernel-pfkey,PK_KEY kernel interface,)) +$(eval $(call BuildPlugin,kernel-pfroute,PF_ROUTE kernel interface,)) $(eval $(call BuildPlugin,ldap,LDAP,+PACKAGE_strongswan-mod-ldap:libopenldap)) $(eval $(call BuildPlugin,led,LED blink on IKE activity,)) $(eval $(call BuildPlugin,load-tester,load testing,)) diff --git a/net/strongswan/patches/001-upstream-runtime-fix.patch b/net/strongswan/patches/001-upstream-runtime-fix.patch deleted file mode 100644 index b11c9e3ae..000000000 --- a/net/strongswan/patches/001-upstream-runtime-fix.patch +++ /dev/null @@ -1,39 +0,0 @@ -From: Martin Willi -Date: Fri, 3 May 2013 12:17:37 +0000 (+0200) -Subject: In memwipe_check(), don't put magic on stack when calling do_magic() -X-Git-Url: http://git.strongswan.org/?p=strongswan.git;a=commitdiff_plain;h=9312fbc7 - -In memwipe_check(), don't put magic on stack when calling do_magic() - -Otherwise the magic might be on the stack while checking it. ---- - ---- a/src/libstrongswan/library.c -+++ b/src/libstrongswan/library.c -@@ -154,7 +154,7 @@ static bool equals(char *a, char *b) - * Write magic to memory, and try to clear it with memwipe() - */ - __attribute__((noinline)) --static void do_magic(int magic, int **stack) -+static void do_magic(int *magic, int **stack) - { - int buf[32], i; - -@@ -162,7 +162,7 @@ static void do_magic(int magic, int **st - *stack = &i; - for (i = 0; i < countof(buf); i++) - { -- buf[i] = magic; -+ buf[i] = *magic; - } - /* passing buf to dbg should make sure the compiler can't optimize out buf. - * we use directly dbg(3), as DBG3() might be stripped with DEBUG_LEVEL. */ -@@ -177,7 +177,7 @@ static bool check_memwipe() - { - int magic = 0xCAFEBABE, *ptr, *deeper, i, stackdir = 1; - -- do_magic(magic, &deeper); -+ do_magic(&magic, &deeper); - - ptr = &magic; - if (deeper < ptr) diff --git a/net/strongswan/patches/201-no-modprobe.patch b/net/strongswan/patches/201-kmodloader.patch similarity index 66% rename from net/strongswan/patches/201-no-modprobe.patch rename to net/strongswan/patches/201-kmodloader.patch index 5dee45e97..7d4615638 100644 --- a/net/strongswan/patches/201-no-modprobe.patch +++ b/net/strongswan/patches/201-kmodloader.patch @@ -5,7 +5,7 @@ if (stat(PROC_MODULES, &stb) == 0) { - ignore_result(system("modprobe -qv af_key")); -+ ignore_result(system("insmod -qv af_key")); ++ ignore_result(system("modprobe af_key 2>&1 >/dev/null")); } /* now test again */ @@ -18,11 +18,11 @@ - ignore_result(system("modprobe -qv ipcomp")); - ignore_result(system("modprobe -qv xfrm4_tunnel")); - ignore_result(system("modprobe -qv xfrm_user")); -+ ignore_result(system("insmod -qv ah4")); -+ ignore_result(system("insmod -qv esp4")); -+ ignore_result(system("insmod -qv ipcomp")); -+ ignore_result(system("insmod -qv xfrm4_tunnel")); -+ ignore_result(system("insmod -qv xfrm_user")); ++ ignore_result(system("modprobe ah4 2>&1 >/dev/null")); ++ ignore_result(system("modprobe esp4 2>&1 >/dev/null")); ++ ignore_result(system("modprobe ipcomp 2>&1 >/dev/null")); ++ ignore_result(system("modprobe xfrm4_tunnel 2>&1 >/dev/null")); ++ ignore_result(system("modprobe xfrm_user 2>&1 >/dev/null")); } DBG2(DBG_APP, "found netkey IPsec stack");