Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #2437 from stintel/strongswan

Browse source 
strongswan: update to 5.4, add plugins, fixes
This commit is contained in:
champtar 2016-07-12 17:18:06 +02:00 committed by GitHub
commit 153e4f6276
5 changed files with 30 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
net/strongswan/Makefile
View file

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=strongswan PKG_NAME:=strongswan
PKG_VERSION:=5.3.5 PKG_VERSION:=5.4.0
PKG_RELEASE:=1 PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://download.strongswan.org/ http://download2.strongswan.org/ PKG_SOURCE_URL:=http://download.strongswan.org/ http://download2.strongswan.org/
PKG_MD5SUM:=a2f9ea185f27e7f8413d4cd2ee61efe4 PKG_MD5SUM:=9d7c77b0da9b69f859624897e5e9ebbf
PKG_LICENSE:=GPL-2.0+ PKG_LICENSE:=GPL-2.0+
PKG_MAINTAINER:=Steven Barth <cyrus@openwrt.org> PKG_MAINTAINER:=Steven Barth <cyrus@openwrt.org>
@ -43,6 +43,7 @@ PKG_MOD_AVAILABLE:= \
eap-tls \ eap-tls \
farp \ farp \
fips-prf \ fips-prf \
forecast \
gcm \ gcm \
gcrypt \ gcrypt \
gmp \ gmp \
@ -160,6 +161,7 @@ $(call Package/strongswan/Default)
+strongswan-mod-eap-tls \ +strongswan-mod-eap-tls \
+strongswan-mod-farp \ +strongswan-mod-farp \
+strongswan-mod-fips-prf \ +strongswan-mod-fips-prf \
+strongswan-mod-forecast \
+strongswan-mod-gcm \ +strongswan-mod-gcm \
+strongswan-mod-gcrypt \ +strongswan-mod-gcrypt \
+strongswan-mod-gmp \ +strongswan-mod-gmp \
@ -397,7 +399,7 @@ define Package/strongswan/install
$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/ipsec.conf $(1)/etc/ $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/ipsec.conf $(1)/etc/
$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/strongswan.conf $(1)/etc/ $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/strongswan.conf $(1)/etc/
$(INSTALL_DIR) $(1)/usr/lib/ipsec $(INSTALL_DIR) $(1)/usr/lib/ipsec
$(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{libstrongswan.so.*,libhydra.so.*} $(1)/usr/lib/ipsec/ $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libstrongswan.so.* $(1)/usr/lib/ipsec/
$(INSTALL_CONF) ./files/ipsec.secrets $(1)/etc/ $(INSTALL_CONF) ./files/ipsec.secrets $(1)/etc/
$(INSTALL_CONF) ./files/ipsec.user $(1)/etc/ $(INSTALL_CONF) ./files/ipsec.user $(1)/etc/
$(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_DIR) $(1)/etc/init.d
@ -523,6 +525,7 @@ $(eval $(call BuildPlugin,eap-radius,EAP RADIUS auth,))
$(eval $(call BuildPlugin,eap-tls,EAP TLS auth,+strongswan-libtls)) $(eval $(call BuildPlugin,eap-tls,EAP TLS auth,+strongswan-libtls))
$(eval $(call BuildPlugin,farp,fake arp respsonses,)) $(eval $(call BuildPlugin,farp,fake arp respsonses,))
$(eval $(call BuildPlugin,fips-prf,FIPS PRF crypto,+strongswan-mod-sha1)) $(eval $(call BuildPlugin,fips-prf,FIPS PRF crypto,+strongswan-mod-sha1))
$(eval $(call BuildPlugin,forecast,forward multi/broadcast traffic,+kmod-ipt-conntrack-extra))
$(eval $(call BuildPlugin,gcm,GCM AEAD wrapper crypto,)) $(eval $(call BuildPlugin,gcm,GCM AEAD wrapper crypto,))
$(eval $(call BuildPlugin,gcrypt,libgcrypt,+PACKAGE_strongswan-mod-gcrypt:libgcrypt)) $(eval $(call BuildPlugin,gcrypt,libgcrypt,+PACKAGE_strongswan-mod-gcrypt:libgcrypt))
$(eval $(call BuildPlugin,gmp,libgmp,+PACKAGE_strongswan-mod-gmp:libgmp)) $(eval $(call BuildPlugin,gmp,libgmp,+PACKAGE_strongswan-mod-gmp:libgmp))
@ -559,7 +562,7 @@ $(eval $(call BuildPlugin,socket-dynamic,dynamic socket implementation for charo
$(eval $(call BuildPlugin,sql,SQL database interface,)) $(eval $(call BuildPlugin,sql,SQL database interface,))
$(eval $(call BuildPlugin,sqlite,SQLite database interface,+strongswan-mod-sql +PACKAGE_strongswan-mod-sqlite:libsqlite3)) $(eval $(call BuildPlugin,sqlite,SQLite database interface,+strongswan-mod-sql +PACKAGE_strongswan-mod-sqlite:libsqlite3))
$(eval $(call BuildPlugin,sshkey,SSH key decoding,)) $(eval $(call BuildPlugin,sshkey,SSH key decoding,))
$(eval $(call BuildPlugin,stroke,Stroke,+strongswan-utils)) $(eval $(call BuildPlugin,stroke,Stroke,+strongswan-charon +strongswan-utils))
$(eval $(call BuildPlugin,test-vectors,crypto test vectors,)) $(eval $(call BuildPlugin,test-vectors,crypto test vectors,))
$(eval $(call BuildPlugin,uci,UCI config interface,+PACKAGE_strongswan-mod-uci:libuci)) $(eval $(call BuildPlugin,uci,UCI config interface,+PACKAGE_strongswan-mod-uci:libuci))
$(eval $(call BuildPlugin,unity,Cisco Unity extension,)) $(eval $(call BuildPlugin,unity,Cisco Unity extension,))

12
net/strongswan/patches/101-musl-fixes.patch
View file

@ -50,8 +50,8 @@
+#undef blkcnt_t +#undef blkcnt_t
+#undef crypt +#undef crypt
+#undef encrypt +#undef encrypt
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -18,6 +18,8 @@ @@ -18,6 +18,8 @@
* for more details. * for more details.
*/ */
@ -61,8 +61,8 @@
#include <sys/types.h> #include <sys/types.h>
#include <sys/socket.h> #include <sys/socket.h>
#include <stdint.h> #include <stdint.h>
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
@@ -37,6 +37,8 @@ @@ -37,6 +37,8 @@
* THE SOFTWARE. * THE SOFTWARE.
*/ */
@ -72,8 +72,8 @@
#include <sys/socket.h> #include <sys/socket.h>
#include <sys/utsname.h> #include <sys/utsname.h>
#include <linux/netlink.h> #include <linux/netlink.h>
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
@@ -15,6 +15,8 @@ @@ -15,6 +15,8 @@
* for more details. * for more details.
*/ */

4
net/strongswan/patches/201-kmodloader.patch
View file

@ -1,6 +1,6 @@
--- a/src/starter/netkey.c --- a/src/starter/netkey.c
+++ b/src/starter/netkey.c +++ b/src/starter/netkey.c
@@ -31,7 +31,7 @@ bool starter_netkey_init(void) @@ -30,7 +30,7 @@ bool starter_netkey_init(void)
/* af_key module makes the netkey proc interface visible */ /* af_key module makes the netkey proc interface visible */
if (stat(PROC_MODULES, &stb) == 0) if (stat(PROC_MODULES, &stb) == 0)
{ {
@ -9,7 +9,7 @@
} }
/* now test again */ /* now test again */
@@ -45,11 +45,11 @@ bool starter_netkey_init(void) @@ -44,11 +44,11 @@ bool starter_netkey_init(void)
/* make sure that all required IPsec modules are loaded */ /* make sure that all required IPsec modules are loaded */
if (stat(PROC_MODULES, &stb) == 0) if (stat(PROC_MODULES, &stb) == 0)
{ {

11
net/strongswan/patches/210-sleep.patch Normal file
View file

@ -0,0 +1,11 @@
--- a/src/ipsec/_ipsec.in
+++ b/src/ipsec/_ipsec.in
@@ -259,7 +259,7 @@ stop)
loop=110
while [ $loop -gt 0 ] ; do
kill -0 $spid 2>/dev/null || break
- sleep 0.1 2>/dev/null
+ sleep 1 2>/dev/null
if [ $? -ne 0 ]
then
sleep 1

8
net/strongswan/patches/305-minimal_dh_plugin.patch
View file

@ -8,7 +8,7 @@
ARG_DISBL_SET([hmac], [disable HMAC crypto implementation plugin.]) ARG_DISBL_SET([hmac], [disable HMAC crypto implementation plugin.])
ARG_ENABL_SET([md4], [enable MD4 software implementation plugin.]) ARG_ENABL_SET([md4], [enable MD4 software implementation plugin.])
ARG_DISBL_SET([md5], [disable MD5 software implementation plugin.]) ARG_DISBL_SET([md5], [disable MD5 software implementation plugin.])
@@ -1312,6 +1313,7 @@ ADD_PLUGIN([gcrypt], [s ch @@ -1325,6 +1326,7 @@ ADD_PLUGIN([gcrypt], [s ch
ADD_PLUGIN([af-alg], [s charon scepclient pki scripts medsrv attest nm cmd aikgen]) ADD_PLUGIN([af-alg], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
ADD_PLUGIN([fips-prf], [s charon nm cmd]) ADD_PLUGIN([fips-prf], [s charon nm cmd])
ADD_PLUGIN([gmp], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen]) ADD_PLUGIN([gmp], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
@ -16,7 +16,7 @@
ADD_PLUGIN([agent], [s charon nm cmd]) ADD_PLUGIN([agent], [s charon nm cmd])
ADD_PLUGIN([keychain], [s charon cmd]) ADD_PLUGIN([keychain], [s charon cmd])
ADD_PLUGIN([chapoly], [s charon scripts nm cmd]) ADD_PLUGIN([chapoly], [s charon scripts nm cmd])
@@ -1444,6 +1446,7 @@ AM_CONDITIONAL(USE_SHA2, test x$sha2 = x @@ -1458,6 +1460,7 @@ AM_CONDITIONAL(USE_SHA2, test x$sha2 = x
AM_CONDITIONAL(USE_SHA3, test x$sha3 = xtrue) AM_CONDITIONAL(USE_SHA3, test x$sha3 = xtrue)
AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue) AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue)
AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue) AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue)
@ -24,7 +24,7 @@
AM_CONDITIONAL(USE_RDRAND, test x$rdrand = xtrue) AM_CONDITIONAL(USE_RDRAND, test x$rdrand = xtrue)
AM_CONDITIONAL(USE_AESNI, test x$aesni = xtrue) AM_CONDITIONAL(USE_AESNI, test x$aesni = xtrue)
AM_CONDITIONAL(USE_RANDOM, test x$random = xtrue) AM_CONDITIONAL(USE_RANDOM, test x$random = xtrue)
@@ -1692,6 +1695,7 @@ AC_CONFIG_FILES([ @@ -1707,6 +1710,7 @@ AC_CONFIG_FILES([
src/libstrongswan/plugins/sha3/Makefile src/libstrongswan/plugins/sha3/Makefile
src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/fips_prf/Makefile
src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/gmp/Makefile
@ -34,7 +34,7 @@
src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/random/Makefile
--- a/src/libstrongswan/Makefile.am --- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am
@@ -303,6 +303,13 @@ if MONOLITHIC @@ -305,6 +305,13 @@ if MONOLITHIC
endif endif
endif endif