git.99rst.org / openwrt-packages.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side (parent: ac00fff)
strongswan: bump to 5.3.5
authorSteven Barth <redacted>
Wed, 20 Jan 2016 13:45:46 +0000 (14:45 +0100)
committerSteven Barth <redacted>
Wed, 20 Jan 2016 13:45:46 +0000 (14:45 +0100)
Signed-off-by: Steven Barth <redacted>
net/strongswan/Makefile patch | blob | history
net/strongswan/patches/001-fix-EINTR-crash.patch [deleted file] patch | blob | history
net/strongswan/patches/305-minimal_dh_plugin.patch patch | blob | history

diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile
index 91f72947cc76b0398124371706a36e1caeccf39d..6865499f008cdc3ea35a4763e2621ec6e587ba89 100644 (file)
--- a/net/strongswan/Makefile
+++ b/net/strongswan/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=strongswan
-PKG_VERSION:=5.3.4
-PKG_RELEASE:=2
+PKG_VERSION:=5.3.5
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=http://download.strongswan.org/ http://download2.strongswan.org/
-PKG_MD5SUM:=655a632a515c74a99f2e9cc337ab2f33
+PKG_MD5SUM:=a2f9ea185f27e7f8413d4cd2ee61efe4
 PKG_LICENSE:=GPL-2.0+
 PKG_MAINTAINER:=Steven Barth <cyrus@openwrt.org>
 
@@ -28,6 +28,7 @@ PKG_MOD_AVAILABLE:= \
        ccm \
        cmac \
        constraints \
+       connmark \
        coupling \
        ctr \
        curl \
@@ -144,6 +145,7 @@ $(call Package/strongswan/Default)
        +strongswan-mod-ccm \
        +strongswan-mod-cmac \
        +strongswan-mod-constraints \
+       +strongswan-mod-connmark \
        +strongswan-mod-coupling \
        +strongswan-mod-ctr \
        +strongswan-mod-curl \
@@ -221,6 +223,7 @@ $(call Package/strongswan/Default)
        +strongswan-charon \
        +strongswan-mod-aes \
        +strongswan-mod-attr \
+       +strongswan-mod-connmark \
        +strongswan-mod-constraints \
        +strongswan-mod-des \
        +strongswan-mod-dnskey \
@@ -504,6 +507,7 @@ $(eval $(call BuildPlugin,attr-sql,SQL based config,+strongswan-charon))
 $(eval $(call BuildPlugin,blowfish,Blowfish crypto,))
 $(eval $(call BuildPlugin,ccm,CCM AEAD wrapper crypto,))
 $(eval $(call BuildPlugin,cmac,CMAC crypto,))
+$(eval $(call BuildPlugin,connmark,netfilter connection marking,))
 $(eval $(call BuildPlugin,constraints,advanced X509 constraint checking,))
 $(eval $(call BuildPlugin,coupling,IKEv2 plugin to couple peer certificates permanently to authentication,))
 $(eval $(call BuildPlugin,ctr,Counter Mode wrapper crypto,))
diff --git a/net/strongswan/patches/001-fix-EINTR-crash.patch b/net/strongswan/patches/001-fix-EINTR-crash.patch
deleted file mode 100644 (file)
index ff4d949..0000000
--- a/net/strongswan/patches/001-fix-EINTR-crash.patch
+++ /dev/null
@@ -1,216 +0,0 @@
-From ea651877c0bb6e129f52eb592cea3b10b2e3347b Mon Sep 17 00:00:00 2001
-From: Tobias Brunner <tobias@strongswan.org>
-Date: Thu, 19 Nov 2015 11:21:48 +0100
-Subject: [PATCH] sigwaitinfo() may fail with EINTR if an unblocked signal not
- in the set is received
-
- #1213.
----
- src/charon-cmd/charon-cmd.c               |  9 ++++-----
- src/charon-nm/charon-nm.c                 |  9 ++++-----
- src/charon-systemd/charon-systemd.c       |  9 ++++-----
- src/charon-tkm/src/charon-tkm.c           |  9 ++++-----
- src/charon/charon.c                       | 11 +++++------
- src/conftest/conftest.c                   |  2 +-
- src/frontends/osx/charon-xpc/charon-xpc.c |  7 ++++---
- src/libfast/fast_dispatcher.c             |  6 +++++-
- src/libstrongswan/utils/utils.c           |  5 ++++-
- 9 files changed, 35 insertions(+), 32 deletions(-)
-
-diff --git a/src/charon-cmd/charon-cmd.c b/src/charon-cmd/charon-cmd.c
-index b8f943f..d3b31cc 100644
---- a/src/charon-cmd/charon-cmd.c
-+++ b/src/charon-cmd/charon-cmd.c
-@@ -115,6 +115,10 @@ static int run()
-               sig = sigwaitinfo(&set, NULL);
-               if (sig == -1)
-               {
-+                      if (errno == EINTR)
-+                      {       /* ignore signals we didn't wait for */
-+                              continue;
-+                      }
-                       DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno));
-                       return 1;
-               }
-@@ -152,11 +156,6 @@ static int run()
-                               charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
-                               return 1;
-                       }
--                      default:
--                      {
--                              DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
--                              break;
--                      }
-               }
-       }
- }
-diff --git a/src/charon-nm/charon-nm.c b/src/charon-nm/charon-nm.c
-index 1773e7c..fb090e5 100644
---- a/src/charon-nm/charon-nm.c
-+++ b/src/charon-nm/charon-nm.c
-@@ -85,6 +85,10 @@ static void run()
-               sig = sigwaitinfo(&set, NULL);
-               if (sig == -1)
-               {
-+                      if (errno == EINTR)
-+                      {       /* ignore signals we didn't wait for */
-+                              continue;
-+                      }
-                       DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno));
-                       return;
-               }
-@@ -102,11 +106,6 @@ static void run()
-                               charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
-                               return;
-                       }
--                      default:
--                      {
--                              DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
--                              break;
--                      }
-               }
-       }
- }
-diff --git a/src/charon-systemd/charon-systemd.c b/src/charon-systemd/charon-systemd.c
-index f302d45..4286cde 100644
---- a/src/charon-systemd/charon-systemd.c
-+++ b/src/charon-systemd/charon-systemd.c
-@@ -254,6 +254,10 @@ static int run()
-               sig = sigwaitinfo(&set, NULL);
-               if (sig == -1)
-               {
-+                      if (errno == EINTR)
-+                      {       /* ignore signals we didn't wait for */
-+                              continue;
-+                      }
-                       DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno));
-                       return SS_RC_INITIALIZATION_FAILED;
-               }
-@@ -265,11 +269,6 @@ static int run()
-                               charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
-                               return 0;
-                       }
--                      default:
--                      {
--                              DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
--                              break;
--                      }
-               }
-       }
- }
-diff --git a/src/charon-tkm/src/charon-tkm.c b/src/charon-tkm/src/charon-tkm.c
-index 52d82f3..3923c8a 100644
---- a/src/charon-tkm/src/charon-tkm.c
-+++ b/src/charon-tkm/src/charon-tkm.c
-@@ -104,6 +104,10 @@ static void run()
-               sig = sigwaitinfo(&set, NULL);
-               if (sig == -1)
-               {
-+                      if (errno == EINTR)
-+                      {       /* ignore signals we didn't wait for */
-+                              continue;
-+                      }
-                       DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno));
-                       return;
-               }
-@@ -121,11 +125,6 @@ static void run()
-                               charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
-                               return;
-                       }
--                      default:
--                      {
--                              DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
--                              break;
--                      }
-               }
-       }
- }
-diff --git a/src/charon/charon.c b/src/charon/charon.c
-index f03b6e1..4c2a9a4 100644
---- a/src/charon/charon.c
-+++ b/src/charon/charon.c
-@@ -98,7 +98,7 @@ static void run()
- {
-       sigset_t set;
-
--      /* handle SIGINT, SIGHUP ans SIGTERM in this handler */
-+      /* handle SIGINT, SIGHUP and SIGTERM in this handler */
-       sigemptyset(&set);
-       sigaddset(&set, SIGINT);
-       sigaddset(&set, SIGHUP);
-@@ -112,6 +112,10 @@ static void run()
-               sig = sigwaitinfo(&set, NULL);
-               if (sig == -1)
-               {
-+                      if (errno == EINTR)
-+                      {       /* ignore signals we didn't wait for */
-+                              continue;
-+                      }
-                       DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno));
-                       return;
-               }
-@@ -144,11 +148,6 @@ static void run()
-                               charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
-                               return;
-                       }
--                      default:
--                      {
--                              DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
--                              break;
--                      }
-               }
-       }
- }
-diff --git a/src/conftest/conftest.c b/src/conftest/conftest.c
-index 9348b64..edfe0ca 100644
---- a/src/conftest/conftest.c
-+++ b/src/conftest/conftest.c
-@@ -565,7 +565,7 @@ int main(int argc, char *argv[])
-       sigaddset(&set, SIGTERM);
-       sigprocmask(SIG_BLOCK, &set, NULL);
-
--      while ((sig = sigwaitinfo(&set, NULL)) != -1)
-+      while ((sig = sigwaitinfo(&set, NULL)) != -1 || errno == EINTR)
-       {
-               switch (sig)
-               {
-diff --git a/src/libfast/fast_dispatcher.c b/src/libfast/fast_dispatcher.c
-index b4c6ce3..66a2ee5 100644
---- a/src/libfast/fast_dispatcher.c
-+++ b/src/libfast/fast_dispatcher.c
-@@ -21,6 +21,7 @@
- #include <fcgiapp.h>
- #include <signal.h>
- #include <unistd.h>
-+#include <errno.h>
-
- #include <utils/debug.h>
- #include <threading/thread.h>
-@@ -389,7 +390,10 @@ METHOD(fast_dispatcher_t, waitsignal, void,
-       sigaddset(&set, SIGTERM);
-       sigaddset(&set, SIGHUP);
-       sigprocmask(SIG_BLOCK, &set, NULL);
--      sigwaitinfo(&set, NULL);
-+      while (sigwaitinfo(&set, NULL) == -1 && errno == EINTR)
-+      {
-+              /* wait for signal */
-+      }
- }
-
- METHOD(fast_dispatcher_t, destroy, void,
-diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c
-index 4e86165..40cb43d 100644
---- a/src/libstrongswan/utils/utils.c
-+++ b/src/libstrongswan/utils/utils.c
-@@ -124,7 +124,10 @@ void wait_sigint()
-       sigaddset(&set, SIGTERM);
-
-       sigprocmask(SIG_BLOCK, &set, NULL);
--      sigwaitinfo(&set, NULL);
-+      while (sigwaitinfo(&set, NULL) == -1 && errno == EINTR)
-+      {
-+              /* wait for signal */
-+      }
- }
-
- #ifndef HAVE_SIGWAITINFO
diff --git a/net/strongswan/patches/305-minimal_dh_plugin.patch b/net/strongswan/patches/305-minimal_dh_plugin.patch
index d143c1610abea83bea4aaae83cd025fd0cf248a9..e060ec36cfb7def2f7c1d3709fc4c9a3ee1da828 100644 (file)
--- a/net/strongswan/patches/305-minimal_dh_plugin.patch
+++ b/net/strongswan/patches/305-minimal_dh_plugin.patch
@@ -8,7 +8,7 @@
  ARG_DISBL_SET([hmac],           [disable HMAC crypto implementation plugin.])
  ARG_ENABL_SET([md4],            [enable MD4 software implementation plugin.])
  ARG_DISBL_SET([md5],            [disable MD5 software implementation plugin.])
-@@ -1310,6 +1311,7 @@ ADD_PLUGIN([gcrypt],               [s ch
+@@ -1312,6 +1313,7 @@ ADD_PLUGIN([gcrypt],               [s ch
  ADD_PLUGIN([af-alg],               [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
  ADD_PLUGIN([fips-prf],             [s charon nm cmd])
  ADD_PLUGIN([gmp],                  [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
@@ -16,16 +16,16 @@
  ADD_PLUGIN([agent],                [s charon nm cmd])
  ADD_PLUGIN([keychain],             [s charon cmd])
  ADD_PLUGIN([chapoly],              [s charon scripts nm cmd])
-@@ -1441,6 +1443,7 @@ AM_CONDITIONAL(USE_SHA1, test x$sha1 = x
- AM_CONDITIONAL(USE_SHA2, test x$sha2 = xtrue)
+@@ -1444,6 +1446,7 @@ AM_CONDITIONAL(USE_SHA2, test x$sha2 = x
+ AM_CONDITIONAL(USE_SHA3, test x$sha3 = xtrue)
  AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue)
  AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue)
 +AM_CONDITIONAL(USE_GMPDH, test x$gmpdh = xtrue)
  AM_CONDITIONAL(USE_RDRAND, test x$rdrand = xtrue)
  AM_CONDITIONAL(USE_AESNI, test x$aesni = xtrue)
  AM_CONDITIONAL(USE_RANDOM, test x$random = xtrue)
-@@ -1688,6 +1691,7 @@ AC_CONFIG_FILES([
-       src/libstrongswan/plugins/sha2/Makefile
+@@ -1692,6 +1695,7 @@ AC_CONFIG_FILES([
+       src/libstrongswan/plugins/sha3/Makefile
        src/libstrongswan/plugins/fips_prf/Makefile
        src/libstrongswan/plugins/gmp/Makefile
 +      src/libstrongswan/plugins/gmpdh/Makefile
@@ -34,7 +34,7 @@
        src/libstrongswan/plugins/random/Makefile
 --- a/src/libstrongswan/Makefile.am
 +++ b/src/libstrongswan/Makefile.am
-@@ -295,6 +295,13 @@ if MONOLITHIC
+@@ -303,6 +303,13 @@ if MONOLITHIC
  endif
  endif
  
git clone https://git.99rst.org/PROJECT